| 1339 | Write-up: BlogEngine .NET - 0day Discovery |
Path traversal
XXE |
BlogEngine .NET |
Jake McCallum (@0xLanks) |
Bug Bounty | 2022-07-19 | 2023-06-13 |
| 1338 | Riding The Inforail To Exploit Ivanti Avalanche |
RCE
Insecure deserialization
Race condition
Authentication bypass |
Ivanti |
Piotr Bazydło (@chudyPB) |
Bug Bounty | 2022-07-19 | 2023-06-13 |
| 1337 | React debug.keystore key was trusted by Meta(Facebook) which caused to Instagram account takeover by malicious apps. |
Account takeover
Android |
Meta / Facebook |
Dzmitry Lukyanenka (@vulnano) |
Bug Bounty | 2022-07-19 | 2023-06-13 |
| 1336 | [CVE-2022-34918] A crack in the Linux firewall |
Memory corruption
Local Privilege Escalation |
Linux Kernel Organization |
Arthur Mongodin |
Bug Bounty | 2022-07-20 | 2023-06-13 |
| 1335 | Abusing the Replicator: Silently Exfiltrating Data with the AWS S3 Replication Service |
Security Logging and Monitoring Failure |
AWS |
Kat Traxler (@NightmareJS) |
Bug Bounty | 2022-07-20 | 2023-06-13 |
| 1334 | Gitlab Project Import RCE Analysis (CVE-2022-2185) |
RCE |
GitLab |
Nguyễn Tiến Giang (@testanull) |
Bug Bounty | 2022-07-21 | 2023-06-13 |
| 1333 | How I Test For Web Cache Vulnerabilities + Tips And Tricks |
Web cache poisoning
Web cache deception |
NA |
Kevin (@bxmbn) |
Bug Bounty | 2022-07-21 | 2023-06-13 |
| 1332 | I mean, IDOR is NOT only about others ID |
IDOR |
NA |
can1337 (@canmustdie) |
Bug Bounty | 2022-07-22 | 2023-06-13 |
| 1331 | Pwn2Own Miami 2022: Inductive Automation Remote Code Execution |
RCE
Authentication bypass |
Inductive Automation Ignition |
Sector 7 (@sector7_nl) |
Bug Bounty | 2022-07-22 | 2023-06-13 |
| 1330 | How I was able to Take over a support chat using leaked Keys |
Information disclosure |
NA |
Pliskin |
Bug Bounty | 2022-07-22 | 2023-06-13 |
| 1329 | Permanent Crash Instagram Followers. |
DoS |
Meta / Facebook |
Naveen (@NaveenHax) |
Bug Bounty | 2022-07-22 | 2023-06-13 |
| 1328 | WordPress Transposh: Exploiting a Blind SQL Injection via XSS - RCE Security |
SQL injection
XSS
Account takeover |
WordPress |
Julien Ahrens (@MrTuxracer) |
Bug Bounty | 2022-07-22 | 2023-06-13 |
| 1327 | SecStory: How I Found Multiple P1 Vulnerabilities without Recon |
Authentication flaw |
NA |
rvdt (@rival_rvdt) |
Bug Bounty | 2022-07-23 | 2023-06-13 |
| 1326 | Un3xpected DoS Attack on Profile Pictur3 |
DoS |
NA |
Roxst4r (@mveswar98) |
Bug Bounty | 2022-07-23 | 2023-06-13 |
| 1325 | $$$ bounty in less 3 minutes from a google dork |
Information disclosure |
NA |
Steiner254 (@steiner254) |
Bug Bounty | 2022-07-23 | 2023-06-13 |
| 1324 | How I made 300 GitHub repos point to my blog using Azure subdomains takeover |
Subdomain takeover |
NA |
0xPwN (@msd0s7) |
Bug Bounty | 2022-07-23 | 2023-06-13 |
| 1323 | A Developer’s Nightmare: Story of a simple IDOR and some poor fixes worth $1125 |
IDOR |
NA |
Marcos IAF (@marcos_iaf) |
Bug Bounty | 2022-07-24 | 2023-06-13 |
| 1322 | How I Gained Access To A Finance Company’s Accounts (Session Hijacking) |
Session fixation
Weak crypto |
NA |
Talha Karakumru |
Bug Bounty | 2022-07-25 | 2023-06-13 |
| 1321 | Technical Advisory – Multiple vulnerabilities in Nuki smart locks (CVE-2022-32509, CVE-2022-32504, CVE-2022-32502, CVE-2022-32507, CVE-2022-32503, CVE-2022-32510, CVE-2022-32506, CVE-2022-32508, CVE-2022-32505) |
Memory corruption
DoS
Broken Access Control
Sensitive Information Sent Over an Unencrypted Channel |
Nuki |
Daniel Romero (@daniel_rome) |
Bug Bounty | 2022-07-25 | 2023-06-13 |
| 1320 | Deep understand ASPX file handling and some related attack vectors |
Local Privilege Escalation
WAF bypass |
Microsoft |
Rskvp93 (@rskvp93) |
Bug Bounty | 2022-07-25 | 2023-06-13 |
| 1319 | With Management Comes Risk: Finding Flaws in FileWave MDM |
Authentication bypass
Hardcoded credentials
Information disclosure |
Filewave |
Claroty%27s Team82 (@Claroty) |
Bug Bounty | 2022-07-25 | 2023-06-13 |
| 1318 | Mail Server Misconfiguration leads to sending a fax from anyone’s account on HelloFax (Dropbox BBP) for a bounty of $4,913 |
Email spoofing |
Dropbox |
Sayaan Alam (@ehsayaan) |
Bug Bounty | 2022-07-25 | 2023-06-13 |
| 1317 | DoS worth $650 ? Interesting right! |
DoS
Pixel flood attack |
NA |
Sagar Sajeev (@Sagar__Sajeev) |
Bug Bounty | 2022-07-25 | 2023-06-13 |
| 1316 | Outdated PHP Version leads to RCE |
RCE
Old components with known vulnerabilities |
NA |
iamdevansharya (@iamdevansharya) |
Bug Bounty | 2022-07-25 | 2023-06-13 |
| 1315 | Digging JS files to find BUGs |
IDOR
Information disclosure |
NA |
Adnan Malik (@adnanmalikinfo) |
Bug Bounty | 2022-07-25 | 2023-06-13 |
