Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
903SSD Advisory – Galaxy Store Applications Installation/Launching without User Interaction XSS Samsung - Bug Bounty2022-10-262023-06-13
902Attacking The Software Supply Chain With A Simple Rename Repojacking Supply chain attack GitHub Aviad Gershon (@aviadgershon) Bug Bounty2022-10-262023-06-13
901SiriSpy - iOS bug allowed apps to eavesdrop on your conversations with Siri iOS MacOS Bluetooth Local Privilege Escalation TCC bypass Apple Guilherme Rambo (@_inside) Bug Bounty2022-10-262023-06-13
900Client Side Desync Attack (CL.0 Request Smuggling) — Bounty of $150 HTTP Request Smuggling Client-Side Desync attack NA Bodhendu Panda Bug Bounty2022-10-262023-06-13
899Hijacking AUR Packages by Searching for Expired Domains Subdomain takeover Supply chain attack NA Joren Vrancken Bug Bounty2022-10-262023-06-13
898RC4 Is Still Considered Harmful Kerberos MiTM Local Privilege Escalation Downgrade attack Microsoft (Windows) James Forshaw (@tiraniddo) Bug Bounty2022-10-272023-06-13
897Misconfigured AWS S3 Bucket (Information Disclosure & Subdomain Takeover) AWS misconfiguration NA Gokhan Guzelkokar (@gkhck_) Bug Bounty2022-10-272023-06-13
896A 250$ CSS Injection — My First Finding on Hackerone! CSS injection NA Dsonbacker Bug Bounty2022-10-272023-06-13
895Visual Studio Code Jupyter Notebook RCE RCE XSS Arbitrary file read Electron Microsoft Luca Carettoni (@lucacarettoni) Bug Bounty2022-10-272023-06-13
894AWS SSRF to Root on production instance — A bug worth 1.75Lacs SSRF RCE Password reset NA Avinash Jain (@logicbomb_1) Bug Bounty2022-10-272023-06-13
893Abusing Windows’ tokens to compromise Active Directory without touching LSASS Local Privilege Escalation Windows Active Directory Privilege Escalation NA Aurélien Chalot (@Defte_) Bug Bounty2022-10-272023-06-13
892RCE docker api, but … RCE Docker daemon misconfiguration NA nanwn Bug Bounty2022-10-282023-06-13
891Blind SSRF in Skype (Microsoft) Blind SSRF Microsoft Jayateertha Guruprasad (@JayateerthaG) Bug Bounty2022-10-282023-06-13
890CVE-2022-22241: Juniper SSLVPN / JunOS RCE and Multiple Vulnerabilities RCE Phar deserialization Reflected XSS XPATH injection Path traversal LFI Juniper Paulos Yibelo (@PaulosYibelo) Bug Bounty2022-10-282023-06-13
889Technical Analysis of Windows CLFS Zero-Day Vulnerability CVE-2022-37969 - Part 1: Root Cause Analysis Local Privilege Escalation Windows Microsoft Zscaler Threatlabz (@Threatlabz) Bug Bounty2022-10-282023-06-13
888How i was able to get free money via sending negative tokens Logic flaw Payment tampering NA Mohamed Anani (@0xM5awy) Bug Bounty2022-10-282023-06-13
887Exploiting Static Site Generators: When Static Is Not Actually Static SSRF XSS Security code review Netlify Gatsby Shubham Shah (@infosec_au) Bug Bounty2022-10-282023-06-13
886Old RCE worth $3362. RCE NA nanwn Bug Bounty2022-10-302023-06-13
8852FA Bypass due to information disclosure & Improper access control. DoS MFA bypass NA Akash Hamal (@AkashHamal0x01) Bug Bounty2022-10-312023-06-13
884Vulnerabilities In Apache Batik Default Security Controls – SSRF And RCE Through Remote Class Loading SSRF RCE Apache Batik Piotr Bazydło (@chudypb) Bug Bounty2022-10-312023-06-13
883A tale of a simple Apple kernel bug Out-of-bounds Read Memory corruption MacOS iOS Apple Jordy Zomer (@pwningsystems) Bug Bounty2022-10-312023-06-13
882Blind SQL Injection on Delete Request Blind SQL injection NA Jawad Mahdi (@hunter0x1) Bug Bounty2022-10-302023-06-13
881Safari is hot-linking images to semi-random websites Browser hacking XSS Apple Gareth Heyes (@garethheyes) Bug Bounty2022-10-312023-06-13
880urlscan.io%27s SOAR spot: Chatty security tools leaking private data Information disclosure NA Fabian Bräunlein Bug Bounty2022-11-012023-06-13
879CVE−2022-3602: Punycode buffer overflow in OpenSSL Memory corruption DoS OpenSSL Colm MacCárthaigh (@colmmacc) Bug Bounty2022-11-012023-06-13