| 4444 | Story of Stored Xss |
XSS |
NA |
Walid Hossain (@NoobWalid) |
Bug Bounty | 2018-11-28 | 2023-06-13 |
| 4443 | Exploiting post message to steal and replace user’s cookies |
postMessage |
NA |
Yasser Gersy (@yassergersy) |
Bug Bounty | 2018-11-30 | 2023-06-13 |
| 4441 | Love Story Of A Account Takeover (Chaining Host Header Injection To Takeover Someones Account) |
Host header injection |
NA |
Logical Bimboo |
Bug Bounty | 2018-11-30 | 2023-06-13 |
| 4435 | Taking over Google calendar of a company |
Subdomain takeover |
NA |
Daniel V. (@d4niel_v) |
Bug Bounty | 2018-12-04 | 2023-06-13 |
| 4433 | XSS to XXE in Prince v10 and below (CVE-2018-19858) |
XSS
XXE |
NA |
Corben Leo (@hacker_) |
Bug Bounty | 2018-12-05 | 2023-06-13 |
| 4429 | How I was Able To Bypass Email Verification |
Information disclosure |
NA |
Muzammil Kayani (@muzammilabbas2) |
Bug Bounty | 2018-12-08 | 2023-06-13 |
| 4427 | Change Anyone’s profile picture-Exploiting IDOR |
IDOR |
NA |
Rupika Luhach (@Rup_Ki_Rani) |
Bug Bounty | 2018-12-09 | 2023-06-13 |
| 4425 | Token Brute-Force to Account Take-over to Privilege Escalation to Organization Take-Over |
Account takeover
Privilege escalation
Bruteforce |
NA |
Plenum (@plenumlab) |
Bug Bounty | 2018-12-10 | 2023-06-13 |
| 4421 | How i was able to pwned application by Bypassing Cloudflare WAF |
WAF bypass |
NA |
gujjuboy10x00 (@vis_hacker) |
Bug Bounty | 2018-12-12 | 2023-06-13 |
| 4418 | [Open redirect] Developers are lazy(or maybe busy) |
Open redirect |
NA |
KatsuragiCSL (@ZuuitterE) |
Bug Bounty | 2018-12-12 | 2023-06-13 |
| 4417 | Exploiting XXE with local DTD files |
XXE |
NA |
Arseniy Sharoglazov (@_mohemiv) |
Bug Bounty | 2018-12-13 | 2023-06-13 |
| 4416 | #BugBounty — “User Account Takeover-I just need your email id to login into your shopping portal account” |
OAuth
Authentication bypass
Account takeover |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2018-12-13 | 2023-06-13 |
| 4415 | Chaining Two Vulnerabilities to Break Facebook Appointment Times For the Second Time |
Logic flaw
Application-level DoS |
Meta / Facebook |
Max Pasqua |
Bug Bounty | 2018-12-14 | 2023-06-13 |
| 4413 | $3k Bug Bounty - Twitter%27s OAuth Mistakes |
OAuth |
Twitter |
Terence Eden (@edent) |
Bug Bounty | 2018-12-14 | 2023-06-13 |
| 4412 | XSSing Google Code-in thanks to improperly escaped JSON data |
XSS |
Google |
Thomas Orlita (@ThomasOrlita) |
Bug Bounty | 2018-12-14 | 2023-06-13 |
| 4410 | CVE-2018-20139 - Daikin Emura Series - Arbitrary Remote Control via DNS Rebinding |
DNS rebinding |
Daikin Europe |
void (@voidz0r) |
Bug Bounty | 2018-12-14 | 2023-06-13 |
| 4409 | Self XSS to Interesting Stored XSS |
Stored XSS |
NA |
Rohan aggarwal (@nahoragg) |
Bug Bounty | 2018-12-15 | 2023-06-13 |
| 4408 | Accessing VoIP Internal service via Port 8009: Routing traffic through local Apache proxy |
Information disclosure |
NA |
Ahmed A. Sherif |
Bug Bounty | 2018-12-16 | 2023-06-13 |
| 4407 | Reading ASP secrets for $17,000 |
Local file disclosure (LFD) |
NA |
Sam Curry (@samwcyo) |
Bug Bounty | 2018-12-16 | 2023-06-13 |
| 4406 | Subdomain Takeover — New Level |
Subdomain takeover |
NA |
Valeriy Shevchenko (@Krevetk0Valeriy) |
Bug Bounty | 2018-12-17 | 2023-06-13 |
| 4403 | Exploiting Two Endpoints to get Account Takeover |
Authorization flaw
Privilege escalation |
NA |
Hritik Sharma |
Bug Bounty | 2018-12-19 | 2023-06-13 |
| 4401 | Facebook BugBounty - Disclosing page members |
Information disclosure |
Meta / Facebook |
Nirmal Thapa / mpz (@tnirmalz) |
Bug Bounty | 2018-12-20 | 2023-06-13 |
| 4397 | Client side validation strikes again: PIN code bypass ! |
Client-side enforcement of server-side security
Authentication bypass
Authorization flaw |
Netflix
Linxo |
Davy (@RandoriSec) |
Bug Bounty | 2018-12-22 | 2023-06-13 |
| 4396 | Server-side Request Forgery in OpenID support |
SSRF |
Liberapay |
Putra Adhari |
Bug Bounty | 2018-12-24 | 2023-06-13 |
| 4391 | Reflected XSS on ws-na.amazon-adsystem.com(Amazon) |
Reflected XSS |
Amazon |
ssid (@newp_th) |
Bug Bounty | 2018-12-27 | 2023-06-13 |
