| 828 | Checkmk: Remote Code Execution by Chaining Multiple Bugs (1/3) |
RCE
Code injection
SSRF
Line Feed injection
Arbitrary file read
Authentication bypass
Security code review |
Checkmk |
Stefan Schiller (@scryh_) |
Bug Bounty | 2022-11-15 | 2023-06-13 |
| 808 | Remote Command Execution in a Bank Server |
RCE
Arbitrary file read
Unrestricted file upload |
NA |
Bipin Jitiya (@win3zz) |
Bug Bounty | 2022-11-18 | 2023-06-13 |
| 783 | Multiple vulnerabilities in H2O ≤ 3.32.1.3 |
Insecure deserialization
RCE
Arbitrary file read
Security code review |
H2O |
Clément Amic |
Bug Bounty | 2022-11-23 | 2023-06-13 |
| 742 | Multiple Vulnerabilities in Proxmox VE & Proxmox Mail Gateway |
XSS
CRLF injection
SSRF
LFI
Local Privilege Escalation
Arbitrary file read |
Proxmox |
JianTao Li (@cursered) |
Bug Bounty | 2022-12-02 | 2023-06-13 |
| 697 | Doing it the researcher’s way: How I Managed to Get SSTI (Server Side Template Injection) which lead to arbitrary file reading on One of the Leading Payment Systems in Asia |
SSTI
WAF bypass |
NA |
JzeeRx |
Bug Bounty | 2022-12-13 | 2023-06-13 |
| 541 | OpenEMR - Remote Code Execution in your Healthcare System |
RCE
XSS
LFI
Arbitrary file read
Security code review |
OpenEMR |
Dennis Brinkrolf (@DBrinkrolf) |
Bug Bounty | 2023-01-26 | 2023-06-13 |
| 512 | ImageMagick: The hidden vulnerability behind your online images |
Application-level DoS
Arbitrary file read
Security code review |
ImageMagick |
Bryan Gonzalez |
Bug Bounty | 2023-02-01 | 2023-06-13 |
| 421 | Multiple vulnerabilities in Dell Unisphere for PowerMax vApp, VASA Provider vApp and Solutions Enabler vApp CVE-2022-45103 / CVE-2022-45104 |
Parameter injection
Arbitrary file read
RCE |
Dell |
Antoine Carrincazeaux |
Bug Bounty | 2023-02-21 | 2023-06-13 |
| 339 | Attacking .NET Web Services |
Security code review
Arbitrary file read
Arbitrary file write
SSRF |
Siemens |
b0yd (@rwincey) |
Bug Bounty | 2023-03-06 | 2023-06-13 |
| 275 | PHP Filter Chains: File Read From Error-based Oracle |
Arbitrary file read
LFI
PHP filter chain |
NA |
Rémi Matasse (@_remsio_) |
Bug Bounty | 2023-03-21 | 2023-06-13 |
| 208 | Pretalx Vulnerabilities: How to get accepted at every conference |
Arbitrary file read
Arbitrary file write
RCE
Security code review |
Pretalx |
Stefan Schiller (@scryh_) |
Bug Bounty | 2023-04-11 | 2023-06-13 |
| 40 | Kramer VIA GO² – Multiple issues |
RCE
SQL injection
Arbitrary file upload
Arbitrary file read |
Kramer |
Jim Rush (@JimSRush) |
Bug Bounty | 2023-05-31 | 2023-06-13 |
