Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
591YAFPC — Unauthenticated Remote Code Execution Authentication bypass Hardcoded credentials RCE NA Luke Paris Bug Bounty2023-01-142023-06-13
590XSS using postMessage in Google Cloud Theia notebooks [Google VRP] XSS postMessage Google Sreeram KL (@kl_sree) Bug Bounty2023-01-152023-06-13
589Critical Vulnerability through OSINT only Information disclosure NA Viktor Mares Bug Bounty2023-01-152023-06-13
588thisclosed_#2 - PostgreSQL Database Exfiltration through the abuse of PostgREST requests SQL injection NA Samuele Gugliotta (@indevi0us) Bug Bounty2023-01-162023-06-13
587Account Take Over Due To AWS Cognito Misconfiguration Amazon cognito misconfiguration Account takeover NA Deshine Bug Bounty2023-01-162023-06-13
586Full Account Take Over by very simple trick. Account takeover Broken Access Control NA XeRox01 (@xerox0x1) Bug Bounty2023-01-162023-06-13
585CVE-2022-21587 (Oracle E-Business Suite Unauthenticated RCE) RCE Unrestricted file upload Zip Slip attack Oracle @vudq16 Bug Bounty2023-01-162023-06-13
5842022 Microsoft Teams RCE RCE Insecure deeplink Webview Microsoft @adm1nkyj1 Bug Bounty2023-01-162023-06-13
583Unauthenticated Configuration Export in Multiple WAGO Products Path traversal Security code review WAGO ONEKEY (@onekey_sec) Bug Bounty2023-02-162023-06-13
582AWS CloudTrail vulnerability: Undocumented API allows CloudTrail bypass Cloud Logic flaw CloudTrail bypass AWS Nick Frichette (@frichette_n) Bug Bounty2023-01-172023-06-13
581DOM-Based XSS for fun and profit $$$! | Bug Bounty POC DOM XSS NA Haroon Hameed (@HaroonHameed40) Bug Bounty2023-01-172023-06-13
580How Orca Found Server-Side Request Forgery (SSRF) Vulnerabilities in Four Different Azure Services SSRF Cloud Microsoft (Azure) Lidor Ben Shitrit Bug Bounty2023-01-172023-06-13
579Centreon map vulnerability Authentication bypass Centreon Vladimir Bug Bounty2023-01-172023-06-13
578XML Security in Java XXE Billion laugh attack DoS NA Pieter De Cremer (@0xDC0DE) Bug Bounty2023-01-172023-06-13
577Security Audit of Git Memory corruption Out-of-bounds Write Out-of-bounds Read Git Markus Vervier (@marver) Bug Bounty2023-01-172023-06-13
576From Error_Log File(P4) To Company Account Takeover(P1) and Unauthorized Actions On API Information disclosure NA Muhanad Israiwi (@IsrewyMohand) Bug Bounty2023-01-172023-06-13
575Sudoedit bypass in Sudo <= 1.9.12p1 (CVE-2023-22809) Local Privilege Escalation Sudo Matthieu Barjole (@aevy__) Bug Bounty2023-01-182023-06-13
574How I identified and reported vulnerabilities in Oracle and the rewards of responsible disclosure:From Backup Leak to Hall of Fame Information disclosure Oracle ParagBagul Bug Bounty2023-01-182023-06-13
573The MarkdownTime Vulnerability: How to Avoid This DoS Attack on Business Critical Services DoS GitLab GitHub commonmarker RubyGem Tor Beer (@tor19951) Bug Bounty2023-01-182023-06-13
572Nothing new under the Sun – Discovering and exploiting a CDE bug chain Printer hacking Local Privilege Escalation Memory corruption Buffer Overflow Oracle Marco Ivaldi / Raptor (@0xdea) Bug Bounty2023-01-182023-06-13
571Azure Active Directory Flaw Allowed SAML Persistence Azure AD SAML SSO Microsoft (Azure) Secureworks Counter Threat Unit (@Secureworks) Bug Bounty2023-01-182023-06-13
570API Misconfiguration - No Swag of SwaggerUI Security misconfiguration Privilege escalation NA Jerry Shah (@Jerry) Bug Bounty2023-01-192023-06-13
569EmojiDeploy: Smile! Your Azure web service just got RCE’d ._. RCE Cloud CSRF CORS misconfiguration Microsoft (Azure) Liv Matan (@terminatorLM) Bug Bounty2023-01-192023-06-13
568The easiest way I used to bypass an admin panel HTTP request smuggling Account takeover NA Sirat Sami (@siratsami71) Bug Bounty2023-01-192023-06-13
567CVE-2022-47966 SAML ShowStopper SAML XSLT injection Zoho (ManageEngine) Khoa Dinh (@_l0gg) Bug Bounty2023-01-192023-06-13