Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
182#BrokenSesame: Accidental write’ permissions to private registry allowed potential RCE to Alibaba Cloud Database Services Cloud RCE Container escape Kubernetes Privilege escalation Lateral movement Supply chain attack Cross-tenant vulnerability Alibaba Ronen Shustin (@ronenshh) Bug Bounty2023-04-192023-06-13
180Breaking Docker Named Pipes SYSTEMatically: Docker Desktop Privilege Escalation – Part 2 Local Privilege Escalation TOCTOU Arbitrary file write Docker Eviatar Gerzi Bug Bounty2023-04-192023-06-13
178Vulnerability Spotlight: CVE-2023-0264 OpenID Connect OAuth Authentication flaw Privilege escalation Security code review Keycloack Timo Müller (@mtimo44) Bug Bounty2023-04-192023-06-13
173The Fuzzing Guide to the Galaxy: An Attempt with Android System Services Android Fuzzing Heap overflow Integer overflow Out-of-bounds Write Memory corruption Local Privilege Escalation Samsung Anthony Remy Bug Bounty2023-04-202023-06-13
169CVE-2023-23525: Get Root via A Fake Installer Local Privilege Escalation Apple (macOS) Mickey Jin (@patch1t) Bug Bounty2023-04-202023-06-13
164Stealing GitHub staff%27s access token via GitHub Actions CI/CD Token leak Privilege escalation Supply chain attack GitHub RyotaK (@ryotkak) Bug Bounty2023-04-222023-06-13
150Avast Anti-Virus privileged arbitrary file create on virus quarantine (CVE-2023-1585 and CVE-2023-1587) TOCTOU NULL pointer dereference Arbitrary file write Local Privilege Escalation Avast Denis Skvortcov (@Denis_Skvortcov) Bug Bounty2023-04-262023-06-13
146Privilege Escalation in Microsoft Windows Local Privilege Escalation Microsoft (Windows) Tobias Neitzel (@qtc_de) Bug Bounty2023-04-282023-06-13
136AWS Identity Center (formerly known as AWS SSO): A Guide to Privilege Escalation and Identity and Access Management Privilege escalation Cloud AWS Jason Kao Bug Bounty2023-05-012023-06-13
132Securing Databricks cluster init scripts Privilege escalation Cloud Databricks Elia Florio Bug Bounty2023-05-022023-06-13
126CVE-2023-25394 - VideoStream Local Privilege Escalation Local Privilege Escalation Videostream Dan Revah (@danrevah) Bug Bounty2023-05-032023-06-13
124Privilege Escalations through Integrations Privilege escalation Amazon cognito misconfiguration JWT Account takeover NA Colin McQueen Bug Bounty2023-05-042023-06-13
120Bullied by Bugcrowd over Kape CyberGhost disclosure Local Privilege Escalation OS command injection Security code review Kape (CyberGhost) Ceri Coburn (@_ethicalchaos_) Bug Bounty2023-05-052023-06-13
111Escaping Parallels Desktop with Plist Injection Local Privilege Escalation Plist injection TOCTOU Parallels kn32 Bug Bounty2023-05-082023-06-13
105From One Vulnerability to Another: Outlook Patch Analysis Reveals Important Flaw in Windows API Privilege escalation NTLM Microsoft (Outlook) Ben Barnea (@nachoskrnl) Bug Bounty2023-05-102023-06-13
103What is kong & why we’re relying on it RCE Sandbox escape Authentication bypass Hardcoded credentials Broken Access Control Privilege escalation JWT Konga Laluka (@TheLaluka) Bug Bounty2023-05-102023-06-13
102Hacking Chess.com: My Journey to Unlock Premium Bots on the Android App Android Privilege Escalation Chess.com Fr4 (@_icebre4ker_) Bug Bounty2023-05-102023-06-13
96CS:GO: From Zero to 0-day Game hacking RCE Memory corruption Arbitrary file download Arbitrary file write DLL Hijacking Privilege Escalation Valve (CS:GO) Felipe Bug Bounty2023-05-132023-06-13
95CVE-2023-26818 - Bypass TCC with Telegram in macOS TCC bypass Local Privilege Escalation Apple (macOS) Dan Revah (@danrevah) Bug Bounty2023-05-152023-06-13
92Finding and reporting a Gatekeeper bypass exploit with help from Mac Monitor GateKeeper bypass Local Privilege Escalation MacOS Apple (macOS) Brandon Dalton (@PartyD0lphin) Bug Bounty2023-05-152023-06-13
90Avast Anti-Virus privileged arbitrary file create on virus restore (CVE-2023-1586) TOCTOU Arbitrary file write Local Privilege Escalation Avast NortonLifeLock Denis Skvortcov (@Denis_Skvortcov) Bug Bounty2023-05-152023-06-13
84From DA to EA with ESC5 Active Directory Privilege Escalation Internal pentest NA Andy Robbins (@_wald0) Bug Bounty2023-05-172023-06-13
82LOLBINed — Finding “LOLBINs” In AV Uninstallers Local Privilege Escalation Kaspersky F-Secure Trend Micro McAfee Nasreddine Bencherchali (@nas_bench) Bug Bounty2023-05-172023-06-13
81DLL Hijacking Strikes Back: Exploiting Windows on ARM RDP Client (CVE-2023-24905) DLL Hijacking Local Privilege Escalation Microsoft (Windows) Dor Dali Bug Bounty2023-05-172023-06-13
62Tampering with Conditional Access Policies Using Azure AD Graph API Cloud Privilege escalation Microsoft (Azure) Secureworks Counter Threat Unit (@Secureworks) Bug Bounty2023-05-232023-06-13