Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1184Securing Developer Tools: Argument Injection in Visual Studio Code Argument injection RCE Microsoft Thomas Chauchefoin (@swapgs) Bug Bounty2022-08-232023-06-13
1183Oracle SBC: Multiple Security Vulnerabilities Leading to Unauthorized Access and Denial of Service IDOR Path traversal DoS Oracle Harold Zang Bug Bounty2022-08-232023-06-13
1182Break the Logic: Insecure Parameters (€300) Parameter manipulation Logic flaw Mass assignment NA can1337 (@canmustdie) Bug Bounty2022-08-242023-06-13
11812-byte DoS in freebsd-telnetd / netbsd-telnetd / netkit-telnetd / inetutils-telnetd / telnetd in Kerberos Version 5 Applications - Binary Golf Grand Prix 3 DoS FreeBSD Security Team Pierre Kim (@PierreKimSec) Bug Bounty2022-08-242023-06-13
1180“GIFShell” — Covert Attack Chain and C2 Utilizing Microsoft Teams GIFs Phishing Microsoft Bobby Rauch Bug Bounty2022-08-242023-06-13
1179Crashing Industrial Control Systems at Pwn2Own Miami 2022 DoS Memory corruption RCE Unified Automation JFrog Security Research Team (@JFrogSecurity) Bug Bounty2022-08-252023-06-13
1178SATisfying our way into remote code execution in the OPC UA industrial stack Memory corruption RCE Unified Automation JFrog Security Research Team (@JFrogSecurity) Bug Bounty2022-08-252023-06-13
1177Chaining Telegram bugs to steal session-related files. Arbitrary file read Android Telegram Sayed Abdelhafiz (@dPhoeniixx) Bug Bounty2022-08-252023-06-13
1176Command Injection in the GitHub Pages Build Pipeline RCE OS command injection GitHub Joren Vrancken Bug Bounty2022-08-252023-06-13
1175SSD Advisory – VhdmpiValidateVirtualDiskSurface LPE Local Privilege Escalation Windows Sana Oshika (@bigshika) Bug Bounty2022-08-262023-06-13
1174ASP.NET Boilerplate Multiple Vulnerabilities Authentication flaw Hardcoded credentials JWT Padding oracle attack Cryptographic issues Volosoft (ASP.NET Boilerplate) Sana Oshika (@bigshika) Bug Bounty2022-08-262023-06-13
1173Break the Logic: 5 Different Perspectives in Single Page (€1500) Client-side enforcement of server-side security IDOR Authorization flaw NA can1337 (@canmustdie) Bug Bounty2022-08-262023-06-13
1172Zimbra Open Bucket Data Leak – Responsible Disclosure AWS misconfiguration Zimbra Raffaele Forte (@raffaele_forte) Bug Bounty2022-08-262023-06-13
1171Tetsuji: Remote Code Execution on a GameBoy Colour 22 Years Later RCE Nintendo xcellerator (@TheXcellerator) Bug Bounty2022-08-272023-06-13
1170My Hall of Fame at United Nations Success Story XSS United Nations Joshua Arulsamy (@Joshua_Arulsamy) Bug Bounty2022-08-272023-06-13
1169Improper Input Validation Leads To Email Spamming Email content injection NA Akshay Ravi (@AKSHAYC09YC47) Bug Bounty2022-08-272023-06-13
1168SSRF leads to access AWS metadata. SSRF NA Akash Patil (@skypatil98) Bug Bounty2022-08-272023-06-13
1167The Million Dollar IDOR IDOR Race condition GraphQL NA Monish Basaniwal Bug Bounty2022-08-272023-06-13
1166CSRF Vulnerability In The NodeJS Ecosystem CSRF Node.js third-party modules (csurf) Adrian Tiron (@adrian__t) Bug Bounty2022-08-282023-06-13
1165Unsubscribe any user’s e-mail notifications via IDOR IDOR NA Sagar Sajeev (@Sagar__Sajeev) Bug Bounty2022-08-282023-06-13
1164How I found reflected XSS on IDFC Bank with burp-suite Intruder Reflected XSS IDFC Bank Santosh Kumar Sha (@killmongar1996) Bug Bounty2022-08-282023-06-13
1163Out-Of-Bond Remote code Execution(RCE) on De Nederlandsche Bank N.V. with burp-suite collaborator OS command injection RCE De Nederlandsche Bank Santosh Kumar Sha (@killmongar1996) Bug Bounty2022-08-282023-06-13
1162How I bypassed Reflected XSS in well-known platform XSS NA Iori Yagami Bug Bounty2022-08-292023-06-13
1161Bypassing Amazon WAF to pop an alert() WAF bypass XSS NA Manash (@manash036) Bug Bounty2022-08-292023-06-13
1160Blind Exploits To Rule Watchguard Firewalls XPath injection Memory corruption Local Privilege Escalation RCE WatchGuard Charles Fol (@cfreal_) Bug Bounty2022-08-292023-06-13