Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
566CVE-2022-35690: Unauthenticated RCE In Adobe ColdFusion RCE Adobe rgod Bug Bounty2023-01-192023-06-13
565AWS Cognito pitfalls: Default settings attackers love (and you should know about) Amazon cognito misconfiguration NA Lorenzo Vogelsang (@ptrac3) Bug Bounty2023-01-192023-06-13
564Two Factor Authentication Bypass On Facebook MFA bypass Meta / Facebook Gtm Mänôz (@Gtm0x01) Bug Bounty2023-01-202023-06-13
563Technical Advisory – Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434) Android Insecure intent Insecure deeplink URL validation bypass Samsung Ken Gannon (@Yogehi) Bug Bounty2023-01-202023-06-13
562Bypassing E2E encryption leads to multiple high vulnerabilities. IDOR SSRF NA Asem Eleraky (@melotover) Bug Bounty2023-01-202023-06-13
561CSRF + Stored XSS Leading to Full Account Takeover Stored XSS CSRF Account takeover NA Fares Walid (@SirBagoza) Bug Bounty2023-01-202023-06-13
560Vulnerabilities in ManageEngine ADSelfService Plus 6.1 build 6117 RCE OS command injection Broken Access Control Zoho (ManageEngine) Antoine Cervoise (@acervoise) Bug Bounty2023-01-202023-06-13
559Dissecting and Exploiting TCP/IP RCE Vulnerability “EvilESP” Kernel hacking Windows RCE Memory corruption Buffer Overflow Microsoft (Windows) Valentina Palmiotti (@chompie1337) Bug Bounty2023-01-202023-06-13
558Bypassing Cloudflare WAF: XSS via SQL Injection Reflected XSS SQL injection WAF bypass NA Uku Sõrmus Bug Bounty2023-01-212023-06-13
557How I found XSS on Admin Page without login! Reflected XSS NA Abdelrhman Allam (@sl4x0) Bug Bounty2023-01-222023-06-13
556Reflected XSS Leads to 3,000$ Bug Bounty Rewards from Microsoft Forms Reflected XSS Microsoft Supakiad S. (@Supakiad_Mee) Bug Bounty2023-01-222023-06-13
555How i was able to get critical bug on google by get full access on [Google Cloud BI Hackathon] Information disclosure Google Orwa Atyat (@GodfatherOrwa) Bug Bounty2023-01-222023-06-13
554CVE-2023-24068 && CVE-2023-24069: Abusing Signal Desktop Client for fun and for Espionage Thick client Insecure data storage Local Privilege Escalation Signal John Jackson (@johnjhacking) Bug Bounty2023-01-222023-06-13
553How i Hacked Scopely with “Sign in with Google” Account takeover CORS misconfiguration Client-side enforcement of server-side security OAuth Scopely Ph.Hitachi Bug Bounty2023-01-232023-06-13
552Activation Context Cache Poisoning: Exploiting CSRSS For Privilege Escalation Local Privilege Escalation Windows Microsoft Simon Zuckerbraun Bug Bounty2023-01-232023-06-13
551CVE from 2018 Strikes Again RCE Insecure deserialization Thick client NA Colin McQueen Bug Bounty2023-01-232023-06-13
550CrossTalk and Secret Agent: Two Attack Vectors on Okta%27s Identity Suite Insecure storage of sensitive information Phishing Okta Tal Peleg Bug Bounty2023-01-232023-06-13
549Using 0days to Protect the United Nations RCE Authentication bypass Path traversal United Nations Florian Hauser (@frycos) Bug Bounty2023-01-242023-06-13
548Exploiting Hardcoded Keys to achieve RCE in Yellowfin BI RCE Authentication bypass Security code review JWT Yellowfin BI Maxwell Garrett (@TheGrandPew) Bug Bounty2023-01-242023-06-13
547Jumping into SOCKS Lateral movement NA Jacques Coertze (@JCoertze) Bug Bounty2023-01-242023-06-13
546Unleashing the power of CSS injection: The access key to an internal API CSS injection NA Sander Wind (@SanderWind) Bug Bounty2023-01-242023-06-13
545Easy 2000$ Race Condition Race condition NA Deshine Bug Bounty2023-01-252023-06-13
544MyBB <= 1.8.31: Remote Code Execution Chain RCE SQL injection Stored XSS MyBB Aleksey Solovev Bug Bounty2023-01-252023-06-13
543Exploiting a Critical Spoofing Vulnerability in Windows CryptoAPI Windows Cryptographic issues Microsoft Tomer Peled Bug Bounty2023-01-252023-06-13
542Kamailio’s exec module considered harmful OS command injection SIP Kamailio Ali Norouzi Bug Bounty2023-01-262023-06-13