Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1261The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I) Memory corruption Race condition Local Privilege Escalation Android Linux Kernel Organization Google Samsung Xingyu Jin Bug Bounty2022-08-102023-06-13
1260iOS Privacy: Instagram and Facebook can track anything you do on any website in their in-app browser Privacy issue Meta / Facebook Felix Krause (@KrauseFx) Bug Bounty2022-08-102023-06-13
1259Defeat the HttpOnly flag to achieve Account Takeover | RXSS Reflected XSS Account takeover NA Mohamed Tarek (@timooon107) Bug Bounty2022-08-102023-06-13
1258403 Forbidden Bypass Leading to Admin Endpoint Access. 403 bypass Information disclosure NA Christian Dray (@G0ds0nXY) Bug Bounty2022-08-102023-06-13
1257Google Cloud Shell - Command Injection OS command injection RCE Cloud Google Bugra Eskici (@bugraeskici) Bug Bounty2022-08-102023-06-13
1256How I earned a $6000 bug bounty from Cloudflare Path traversal Cloudflare ANDRI Bug Bounty2022-08-102023-06-13
1255Email Confirmation bypass at Instagram Email verification bypass Logic flaw Meta / Facebook Avinash Kumar (@itsavinash_) Bug Bounty2022-08-102023-06-13
1254Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling HTTP Request Smuggling Desync attack AWS Amazon Akamai Cisco Verisign Pulse Secure Varnish James Kettle (@albinowax) Bug Bounty2022-08-102023-06-13
1253Advanced Inter-Process Desynchronization in SAP’s HTTP Server Memory corruption RCE HTTP Request Smuggling Web cache poisoning Desync attack SAP Martin Doyhenard (@tincho_508) Bug Bounty2022-08-102023-06-13
1252Web Cache Deception Escalates! Web cache deception NA Seyed Ali Mirheidari Bug Bounty2022-08-102023-06-13
1251Mining Node.js Vulnerabilities via Object Dependence Graph and Query RCE OS command injection Prototype pollution Path traversal NA Song Li Bug Bounty2022-08-102023-06-13
1250Identity Confusion in WebView-based Mobile App-in-app Ecosystems Android iOS Alipay Lei Zhang, Zhibo Zhang, Ancong Liu, Yinzhi Cao, Xiaohan Zhang, Yanjun Chen, Yuan Zhang, Guangliang Yang & Min Yang Bug Bounty2022-08-112023-06-13
1249Rapid7 Discovered Vulnerabilities in Cisco ASA, ASDM, and FirePOWER Services Software RCE OS command injection Local Privilege Escalation MiTM Cisco Jake Baines (@Junior_Baines) Bug Bounty2022-08-112023-06-13
1248My Experience on Hacking the Dutch Government XSS Open redirect CSRF Account takeover Dutch Government Jefferson Gonzales (@gonzxph) Bug Bounty2022-08-112023-06-13
1247Attacking Titan M with Only One Byte Memory corruption Local Privilege Escalation Google Damiano Melotti (@DamianoMelotti) Bug Bounty2022-08-112023-06-13
1246The cloud has an isolation problem: PostgreSQL vulnerabilities affect multiple cloud vendors Privilege escalation Cross-tenant vulnerability OS command injection Local Privilege Escalation Cloud Google Microsoft Aiven Shir Tamari (@shirtamari) Bug Bounty2022-08-112023-06-13
1245IAM Whoever I Say IAM :: Infiltrating VMWare Workspace ONE Access Using a 0-Click Exploit Authentication bypass Information disclosure CSRF RCE Local Privilege Escalation VMware Steven Seeley (@steventseeley) Bug Bounty2022-08-112023-06-13
1244FRAMESHIFTER: Security Implications of HTTP/2-to-HTTP/1 Conversion Anomalies HTTP Request Smuggling DoS NA Bahruz Jabiyev (@BahruzJabiyev) Bug Bounty2022-08-112023-06-13
1243Amazon Cognito misconfiguration lead to account takeover Account takeover NA Hossam Ahmed (@iknowhatodo0x01) Bug Bounty2022-08-122023-06-13
1242File Upload Bypass to RCE == $$$$ Unrestricted file upload RCE NA Sagar Sajeev (@Sagar__Sajeev) Bug Bounty2022-08-122023-06-13
1241Process injection: breaking all macOS security layers with a single vulnerability Local Privilege Escalation Process injection vulnerability Apple Thijs Alkemade (@xnyhps) Bug Bounty2022-08-122023-06-13
1240Researching Xiaomi’s TEE to get to Chinese money Payment bypass Android Memory corruption Xiaomi Slava Makkaveev Bug Bounty2022-08-122023-06-13
1239How I found an XSS vulnerability via using emojis XSS Swisscom Patrik Fabian Bug Bounty2022-08-122023-06-13
1238Exploiting CVE-2022-24816: A Code Injection In The Jt-jiffle Extension Of Geoserver RCE Code injection NA Remsio (@_remsio_) Bug Bounty2022-08-122023-06-13
1237DOM Cross-Site Scripting Via postMessage in AnnounceKit DOM XSS Announcekit Lorenzo Stella (@lorenzostella) Bug Bounty2022-08-122023-06-13