| 4873 | Internal IPs disclosure |
Information disclosure |
Nokia |
Omar Espino (@omespino) |
Bug Bounty | 2018-02-02 | 2023-06-13 |
| 4866 | Bug bounty left over (and rant) Part III (Google and Twitter) |
OAuth
Authentication flaw
Information disclosure |
Google
Twitter |
Antonio Sanso (@asanso) |
Bug Bounty | 2018-02-06 | 2023-06-13 |
| 4865 | Taking over Facebook accounts using Free Basics partner portal |
Information disclosure
IDOR |
Meta / Facebook |
Josip Franjkovic (@josipfranjkovic) |
Bug Bounty | 2018-02-07 | 2023-06-13 |
| 4844 | The 2.5mins or 2.5k$ hawk-eye bug – A Facebook Pages Admins Disclosure Vulnerability! |
Information disclosure |
Meta / Facebook |
Mohamed A. Baset |
Bug Bounty | 2018-02-25 | 2023-06-13 |
| 4841 | Facebook Bug Bounty Reports |
Authorization flaw
Logic flaw
Information disclosure |
Meta / Facebook |
Raushan Raj (@raushan_rajj) |
Bug Bounty | 2018-03-06 | 2023-06-13 |
| 4838 | Getting any Facebook user%27s friend list and partial payment card details |
Information disclosure
IDOR |
Meta / Facebook |
Josip Franjkovic (@josipfranjkovic) |
Bug Bounty | 2018-03-09 | 2023-06-13 |
| 4794 | Whatsapp user’s IP disclosure with Link Preview feature |
Information disclosure |
Meta / Facebook |
Rahul Kankrale (@RahulKankrale) |
Bug Bounty | 2018-04-18 | 2023-06-13 |
| 4771 | Asus Control Center – An Information Disclosure and a database connection Clear-Text password leakage Vulnerability |
Authorization flaw
Information disclosure |
Asus |
Mohamed A. Baset |
Bug Bounty | 2018-05-08 | 2023-06-13 |
| 4769 | How I used a simple Google query to mine passwords from dozens of public Trello boards |
Authorization flaw
Information disclosure |
Trello |
Kushagra Pathak (@xKushagra) |
Bug Bounty | 2018-05-09 | 2023-06-13 |
| 4762 | How i got 100$ from one private website |
Information disclosure |
NA |
Aayush Pokhrel (@aayushpok) |
Bug Bounty | 2018-05-19 | 2023-06-13 |
| 4734 | How I was able to list some internal information from PayPal #BugBounty |
Expression Language Injection (JSTL)
Information disclosure |
Paypal |
Adrien Jeanneau (@adrien_jeanneau) |
Bug Bounty | 2018-06-07 | 2023-06-13 |
| 4720 | Manage Engine OpManager Multiple Authenticated RCE Vulnerabilities |
RCE
Path traversal
Unrestricted file upload
Information disclosure
Arbitrary file write |
Zoho (ManageEngine) |
Denis Andzakovic |
Bug Bounty | 2018-06-18 | 2023-06-13 |
| 4708 | This popular Facebook app publicly exposed your data for years |
Information disclosure
Authorization flaw |
Meta / Facebook
Nametests.com |
Inti De Ceukelaire (@securinti) |
Bug Bounty | 2018-06-28 | 2023-06-13 |
| 4706 | https://leigh-annegalloway.com/tumblr/ |
Captcha bypass
Username enumeration
Information disclosure |
Automattic |
Leigh-Anne Galloway (@L_AGalloway) |
Bug Bounty | 2018-06-29 | 2023-06-13 |
| 4695 | Should this be public though? |
Information disclosure |
Shopify
Uber |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2018-07-13 | 2023-06-13 |
| 4688 | Hey Developer, Give me your API keys.!! |
Information disclosure |
Crowdin |
Devansh batham (@devanshwolf) |
Bug Bounty | 2018-07-18 | 2023-06-13 |
| 4682 | RCE due to ShowExceptions |
RCE
Information disclosure
Debugging enabled |
NA |
Harsh Jaiswal (@rootxharsh) |
Bug Bounty | 2018-07-20 | 2023-06-13 |
| 4678 | Finding hidden gems vol. 1: forging OAuth tokens using discovered client id and client secret |
Information disclosure |
NA |
Mateusz Olejarka (@molejarka) |
Bug Bounty | 2018-07-23 | 2023-06-13 |
| 4668 | Hacking Imgur for Fun and Profit |
Outdated component with a known vulnerability
Information disclosure |
Imgur |
Nathan (@NathOnSecurity) |
Bug Bounty | 2018-07-29 | 2023-06-13 |
| 4652 | How I gained commit access to Homebrew in 30 minutes |
Information disclosure |
Homebrew |
Eric Holmes (@vesirin) |
Bug Bounty | 2018-08-07 | 2023-06-13 |
| 4651 | From data leak to account takeover |
Account takeover
Information disclosure
Password reset |
NA |
Antony Garand (@AntoGarand) |
Bug Bounty | 2018-08-07 | 2023-06-13 |
| 4647 | My Disclosed Report about Basic auth Api details at Reverb.com |
Information disclosure |
Reverb |
Mohamed Haron (@m7mdharon) |
Bug Bounty | 2018-08-09 | 2023-06-13 |
| 4643 | [Twitter Bug Bounty] Misconfigured JSON endpoint on ads.twitter.com lead to Access control issue and Information Disclosure of role privileged users. |
Authorization flaw
Information disclosure |
Twitter |
Peerzada Fawaz Ahmad Qureshi |
Bug Bounty | 2018-08-10 | 2023-06-13 |
| 4642 | Misconfigured JIRA setting - Apigee |
Information disclosure |
Google
Atlassian |
Tutorgeeks |
Bug Bounty | 2018-08-10 | 2023-06-13 |
| 4629 | API key: The real goldmine |
Information disclosure |
NA |
Yumi |
Bug Bounty | 2018-08-19 | 2023-06-13 |
