Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
232Holiday Hunting With Aquatone SSRF Missing authentication Information disclosure NA Kuldeep Pandya (@kuldeepdotexe) Bug Bounty2023-04-032023-06-13
231Pentah0wnage: Pre-Auth RCE in Pentaho Business Analytics Server RCE SSTI Authorization bypass Groovy scripting Hitachi Vantara (Pentaho) Harry Withington Bug Bounty2023-04-042023-06-13
230Bypassing Amazon Kids+ Parental Controls Logic flaw Amazon n00py (@n00py1) Bug Bounty2023-04-042023-06-13
229Post Account Takeover? Account Takeover of Internal Tesla Accounts Account takeover SSO Tesla Evan Connelly (@Evan_Connelly) Bug Bounty2023-04-042023-06-13
228Windows Task Scheduler Application, Version 19044.1706 Advisory Unquoted search path Local Privilege Escalation Microsoft (Windows) Ben Lincoln (@0x00C651E0) Bug Bounty2023-04-042023-06-13
227Microsoft Intune, Version 1.55.48.0 Advisory Unquoted search path Local Privilege Escalation Microsoft (Intune) Ben Lincoln (@0x00C651E0) Bug Bounty2023-04-042023-06-13
226Discovering Headroll (CVE-2023–0704) in Chromium SOP bypass Browser hacking Google (Chromium) Rhys Elsmore (@rhyselsmore) Bug Bounty2023-04-052023-06-13
225Exploiting insecure exception logging Blind XSS NA Bogdan Calin Bug Bounty2023-04-052023-06-13
224Bash Privileged-mode Vulnerabilities In Parallels Desktop And CDPATH Handling In MacOS MacoS Local Privilege Escalation Parallels Reno Robert (@renorobertr) Bug Bounty2023-04-062023-06-13
223Simple Bugs 0x02: Overwritting Uploaded Files Normalization NA Vitor Falcao (@egl_falcao) Bug Bounty2023-04-062023-06-13
222Let me Unmask my next 👻 IDOR Payment bypass Tinder g30rgy th3 d4rk (@Crypt0g30rgy) Bug Bounty2023-04-062023-06-13
221Escaping Adobe Sandbox: Exploiting an Integer Overflow in Microsoft Windows Crypto Provider Integer overflow Memory corruption Microsoft Michele Campa (@s1ckb017) Bug Bounty2023-04-062023-06-13
220A web security story from 2008: silently securing JSON.parse Parsing issue XSS Arbitrary Code Execution JSON.parse Mike Samuel (@mvsamuel) Bug Bounty2023-04-062023-06-13
219SharePoint Webpart Property Traversal Vulnerability Analysis (CVE-2022–38053, CVE-2023–21742, CVE-2023–21717) Property traversal Microsoft (Sharepoint) Nguyễn Tiến Giang (@testanull) Bug Bounty2023-04-062023-06-13
218Stored Cross-Site Scripting (XSS) in Zimbra version 8.8.15_GA_4059 CVE-2022-41348 Stored XSS Zimbra Guillaume Jacques Bug Bounty2023-04-072023-06-13
217SQL Wildcard DoS - Hang Till Death DoS File upload NA Jerry Shah (@Jerry) Bug Bounty2023-04-082023-06-13
216Steal authentication token with one-click on misconfigured WebView. Android Webview Account takeover NA Kerolos A. Saber (@0xWise) Bug Bounty2023-04-082023-06-13
215How I was able to change password of any corporate user Account takeover Password reset Authentication bypass NA CH3TAN Bug Bounty2023-04-092023-06-13
214A successful prototype pollution chained to a DOM XSS Prototype pollution DOM XSS NA Allam Rachid (@blank_cold) Bug Bounty2023-04-102023-06-13
213Account Take Over (Via an API) Account takeover Information disclosure Broken Access Control Cryptographic issues NA Thabiso Mokoena Bug Bounty2023-04-102023-06-13
212Hijacking Arch Linux Packages by Repo Jacking GitHub Repositories Repojacking Supply chain attack NA Joren Vrancken Bug Bounty2023-04-102023-06-13
211CVE-2023-1767 - Stored XSS on Snyk Advisor service can allow full fabrication of npm packages health score Stored XSS Markdown XSS Supply chain attack Snyk Gal Weizman (@WeizmanGal) Bug Bounty2023-04-102023-06-13
210From listKeys to Glory: How We Achieved a Subscription Privilege Escalation and RCE by Abusing Azure Storage Account Keys Cloud Privilege escalation Microsoft (Azure) Roi Nisimi (@) Bug Bounty2023-04-112023-06-13
209Shell in the Ghost: Ghostscript CVE-2023-28879 writeup Buffer Overflow Memory corruption RCE Ghostscript sigabrt9 (@sigabrt9) Bug Bounty2023-04-112023-06-13
208Pretalx Vulnerabilities: How to get accepted at every conference Arbitrary file read Arbitrary file write RCE Security code review Pretalx Stefan Schiller (@scryh_) Bug Bounty2023-04-112023-06-13