Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1314CVE-2022–36446 — Webmin 1.996 — Remote Code Execution (RCE — Authenticated) During Install New Packages RCE OS command injection Webmin Emir Polat (@devilsgrins) Bug Bounty2022-07-262023-06-13
1313CVE-2022-26712: The POC for SIP-Bypass Is Even Tweetable MacOS SIP bypass Apple Mickey Jin (@patch1t) Bug Bounty2022-07-262023-06-13
1311Advisory | Roxy-WI Unauthenticated Remote Code Executions CVE-2022-31137 RCE Authentication bypass Roxy-WI Nuri Çilengir (@ncilengir) Bug Bounty2022-07-262023-06-13
1310Hunting For Mass Assignment Vulnerabilities Using GitHub CodeSearch and grep.app Mass assignment freeCodeCamp Laurence Tennant Bug Bounty2022-07-262023-06-13
1309Disclosing information with a side-channel in Django Side channel attack Django Dennis Brinkrolf (@DBrinkrolf) Bug Bounty2022-07-262023-06-13
1308CVE-2022-31813: Forwarding Addresses Is Hard Host header injection DoS IP address spoofing Internet Bug Bounty (Apache HTTPD) Gaetan Ferry (@_mabote_) Bug Bounty2022-07-262023-06-13
1307HTTP Parameter Pollution - It’s Contaminated Again HTTP parameter pollution Rate limiting bypass NA Jerry Shah (@Jerry) Bug Bounty2022-07-262023-06-13
1306Google XSS XSS Google NDevTK (@ndevtk) Bug Bounty2022-07-262023-06-13
1305Exploiting GitHub Actions on open source projects RCE Elastic Rojan Rijal (@uraniumhacker) Bug Bounty2022-07-262023-06-13
1303SSD Advisory – Apple Safari IDN URL Spoofing URL spoofing Apple Dohyun Lee (@l33d0hyun) Bug Bounty2022-07-272023-06-13
1302Corrupting memory without memory corruption Memory corruption Google Man Yue Mo (@mmolgtm) Bug Bounty2022-07-272023-06-13
1301Vulnerability in Dahua’s ONVIF Implementation Threatens IP Camera Security MiTM Dahua Nozomi Networks Labs (@nozominetworks) Bug Bounty2022-07-282023-06-13
1300Researching Open Source apps for XSS to RCE flaws XSS RCE NA Aleksey Solovev Bug Bounty2022-07-282023-06-13
1299“ParseThru” – Exploiting HTTP Parameter Smuggling in Golang HTTP Parameter Smuggling Harbor Traefik Skipper Daniel Abeles (@Daniel_Abeles) Bug Bounty2022-07-282023-06-13
1298Reading Message from Microsoft’s Private Yammer Group Authorization flaw Microsoft Meareg Bug Bounty2022-07-282023-06-13
1297Arris / Arris-variant DSL/Fiber router critical vulnerability exposure Path traversal Memory corruption ARRIS Derek Abdine (@dabdine) Bug Bounty2022-07-292023-06-13
1296Business logic vulnerabilities Logic flaw Payment tampering NA Sagar Sajeev (@Sagar__Sajeev) Bug Bounty2022-07-292023-06-13
1295Discord Desktop - Remote Code Execution RCE XSS Sandbox bypass CSP bypass Discord s1r1us (@s1r1u5_) Bug Bounty2022-07-292023-06-13
1293My Second CVE (CVE-2022-31855) OS command injection Local Privilege Escalation RStudio y0ung_dst (@Y0ung_MA) Bug Bounty2022-07-302023-06-13
1292How I Earned €150 in 2 Minutes | HTML injection in email HTML injection NA Thillai Raj Bug Bounty2022-07-302023-06-13
1291How I get Full Account Takeover via stealing action’s login form | XSS XSS Account takeover NA Mohamed Tarek (@timooon107) Bug Bounty2022-08-012023-06-13
1290Analysis of Adobe Acrobat Reader Javascript Doc.print() Use-After-Free Vulnerability (CVE-2022-34233) Memory corruption Adobe ThreatLabz (@Threatlabz) Bug Bounty2022-08-012023-06-13
1289How I earned $10,000 within the last 7 months — a 17y/o Edition Authorization flaw NA Gowtham Naidu Ponnana (@gowtham_ponnana) Bug Bounty2022-08-012023-06-13
1288Stored XSS to Account Takeover : Going beyond document.cookie | Stealing Session Data from IndexedDB Stored XSS Account takeover NA Syed Mushfik Hasan Tahsin (@SMHTahsin33) Bug Bounty2022-08-022023-06-13
1287Instagram photo was present in data backup nearly after two years being deleted. Privacy issue Meta / Facebook Jeewan Bhatta (@thenullkid) Bug Bounty2022-08-022023-06-13