Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
436Readline crime: exploiting a SUID logic bug Local Privilege Escalation Arch Linux util-linux roddux Bug Bounty2023-02-162023-06-13
435Hacking the Search Bar: The Story of Discovering and Reporting an XSS Vulnerability on Bing.com XSS Microsoft (Bing) Niraj Mahajan Bug Bounty2023-02-182023-06-13
434Found an URL in the android application source code which lead to an IDOR Android Information disclosure IDOR NA Vengeance Bug Bounty2023-02-182023-06-13
433Disabling ClamAV as an Unprivileged User Local Privilege Escalation ClamAV Arch Cloud Labs (@DLL_Cool_J) Bug Bounty2023-02-192023-06-13
432[1500$ Worth — Slack] vulnerability, bypass invite accept process Broken Access Control Logic flaw Slack Sirat Sami (@siratsami71) Bug Bounty2023-02-202023-06-13
431Reflected Cross Site Scripting (Awards 3500$ bounty) Reflected XSS Shopify ShuttlerTech Bug Bounty2023-02-202023-06-13
430Exposing 185M+ Indians’ Personal Information and much more Broken Access Control IDOR Information disclosure Aadhaar CERT-In Robin Justin (@_robinjustin_) Bug Bounty2023-02-202023-06-13
429Bypassing SSO Authentication from the Login Without Password Feature Lead to Account Takeover Account takeover SSO OTP Authentication bypass NA Aidil Arief Bug Bounty2023-02-202023-06-13
428Bypassing Akamai’s Web Application Firewall Using an Injected Content-Encoding Header WAF bypass CRLF injection XSS Akamai Adam Crosser Bug Bounty2023-02-212023-06-13
427Escaping misconfigured VSCode extensions Path traversal DNS rebinding XSS HTML injection Webview CSP bypass Microsoft (SARIF viewer & Live Preview) Vasco Franco Bug Bounty2023-02-212023-06-13
426Reflected Cross site scripting on reddit website (bounty awards $5000) Reflected XSS Reddit ShuttlerTech Bug Bounty2023-02-212023-06-13
425Multiple vulnerabilities in Nokia BTS Airscale ASIKA Base transceiver station Path traversal Hardcoded private key Local Privilege Escalation Security misconfiguration Nokia Geoffrey Bertoli (@YofBalibump) Bug Bounty2023-02-212023-06-13
424ClamAV Critical Patch Review RCE Memory corruption Buffer Overflow XXE Security code review ClamAV ONEKEY (@onekey_sec) Bug Bounty2023-02-212023-06-13
423What the Vuln: Zimbra Zip Slip attack Path traversal NA Carlos Yanez Bug Bounty2023-02-212023-06-13
422Trellix Advanced Research Center Discovers a New Privilege Escalation Bug Class on macOS and iOS Local Privilege Escalation Apple (macOS) Austin Emmitt (@alkalinesec) Bug Bounty2023-02-212023-06-13
421Multiple vulnerabilities in Dell Unisphere for PowerMax vApp, VASA Provider vApp and Solutions Enabler vApp CVE-2022-45103 / CVE-2022-45104 Parameter injection Arbitrary file read RCE Dell Antoine Carrincazeaux Bug Bounty2023-02-212023-06-13
420Exploiting an HTML injection with dangling markup HTML injection Dangling Markup Injection NA Yoan Montoya Bug Bounty2023-02-212023-06-13
419Taking over “Google Cloud Shell” by utilizing capabilities and Kubelet Container escape RCE Kubernetes NA Chen Shiri (@ChenShiri73) Bug Bounty2023-02-212023-06-13
416With a single request, you can kill any Gitea server Application-level DoS Gitea Khaled Nassar (@knassar702) Bug Bounty2023-02-222023-06-13
415Exploiting Parameter Pollution in Golang Web Apps Authorization flaw HTTP parameter pollution Concourse VMware Rick Ramgattie (@RRamgattie) Bug Bounty2023-02-222023-06-13
414Vulnerability write-up - "Dangerous assumptions" Prototype pollution SQL injection Security code review DIVD Thomas Rinsma (@thomasrinsma) Bug Bounty2023-02-222023-06-13
413Unauthenticated RCE in Goanywhere Insecure deserialization RCE Security code review Fortra (GoAnywhere) Youssef Muhammad (@yosef0x1) Bug Bounty2023-02-222023-06-13
412Insufficient GraphQL API vulnerability due to lack of validation of Authorization Bearer token GraphQL IDOR NA Int (@intlulz) Bug Bounty2023-02-222023-06-13
411How I got into Nokia HOF in 5 Mins Information disclosure Nokia Abdelrhman Allam (@sl4x0) Bug Bounty2023-02-222023-06-13
410Decoding BlazorPack Websockets NA Rogan Dawes (@RoganDawes) Bug Bounty2023-02-222023-06-13