Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2145Exploitation of file’s download parameters to create potential risk of malware delivery: $200 bug! CSRF RCE NA Muhammad Aamir (@Muhammad__Aamir) Bug Bounty2021-10-172023-06-13
2139A Scientific Notation Bug in MySQL left AWS WAF Clients Vulnerable to SQL Injection SQL injection WAF bypass AWS Marc Olivier Bergeron Bug Bounty2021-10-192023-06-13
2071Keybase App Vulnerability: Incomplete Cleanup of Messages In Keybase for Android/iOS, CVE-2021-34421 Information disclosure Keybase Olivia O’Hara (@oliviaohara) Bug Bounty2021-11-172023-06-13
1855HigherLogic Community RCE Vulnerability Insecure deserialization RCE 8x8 IBM 0daystolive (@0daystolive) Bug Bounty2022-02-032023-06-13
1837SpoolFool: Windows Print Spooler Privilege Escalation (CVE-2022-21999) Local Privilege Escalation Microsoft Olivier Lyak (@ly4k_) Bug Bounty2022-02-082023-06-13
1817Trim private live videos and access them (Meta bug bounty) IDOR Meta / Facebook abdellah yaala (@yaalaab) Bug Bounty2022-02-152023-06-13
1753Demographic Misconfiguration on Facebook live Logic flaw Authorization flaw Meta / Facebook Prajwol Dhungana (@PrajwolDhunga14) Bug Bounty2022-03-092023-06-13
1677Pwning a Cisco RV340 with a 4 bug chain exploit Local Privilege Escalation OS command injection RCE Session management issue Cisco Liv (@terminatorLM) Bug Bounty2022-04-012023-06-13
1676Small bugs are more dangerous than you think Self-XSS Stored XSS Open redirect CSRF NA Liv Matan (@terminatorLM) Bug Bounty2022-04-012023-06-13
1561Certifried: Active Directory Domain Privilege Escalation (CVE-2022–26923) Active Directory Privilege Escalation Microsoft Oliver Lyak (@ly4k_) Bug Bounty2022-05-102023-06-13
1507Abusing Facebook’s feature for a permanent account confusion(logic vulnerability) MFA bypass DoS Logic flaw Meta / Facebook Liv Bug Bounty2022-05-312023-06-13
1444XSS Vulnerability in IBM Content Navigator (CVE-2020-4757) XSS IBM Olivier Laflamme (@olivier_boschko) Bug Bounty2022-06-212023-06-13
1138Viewing Instagram live streams anonymously without notifying the host IDOR Logic flaw Privacy issue Meta / Facebook David Schütz (@xdavidhu) Bug Bounty2022-09-022023-06-13
1090LiveHelperChat - Remote Code Execution via Vulnerable Theme Upload Function RCE Live Helper Chat Arben Shala (@arbennsh) Bug Bounty2022-09-132023-06-13
967Compromising a Backup System by iSCSI Interface During a Routine Penetration Test Missing authentication NA Bruno Oliveira Bug Bounty2022-10-132023-06-13
945CVE 2022–24082, RCE in the PEGA Platform — Discovery, Remediation & Technical Details (Long Live JMX!!!) RCE JMX PEGA Marcin Wolak Bug Bounty2022-10-172023-06-13
939Vulnerabilities in Tenda%27s W15Ev2 AC1200 Router OS command injection Buffer Overflow Memory corruption Stored XSS Authorization flaw Information disclosure Tenda Olivier Laflamme (@olivier_boschko) Bug Bounty2022-10-192023-06-13
906GL.iNET GL-MT300N-V2 Router Vulnerabilities and Hardware Teardown OS command injection Arbitrary file read Information disclosure Account takeover Stored XSS Lack of rate limiting Weak credentials Password policy bypass GL.iNet Olivier Laflamme (@olivier_boschko) Bug Bounty2022-10-262023-06-13
725How we breached ZDFheute live on television Information disclosure Zweites Deutsches Fernsehen CyberCitizen Bug Bounty2022-12-062023-06-13
723Cool Vulns Don%27t Live Long - Netgear And Pwn2Own Code injection RCE Security code review Netgear Kevin Denis Bug Bounty2022-12-062023-06-13
716STRIPE Live Key Exposed:: Bounty: $1000 Information disclosure NA Vipul Sahu Bug Bounty2022-12-092023-06-13
615I scanned every package on PyPi and found 57 live AWS keys Information disclosure Amazon Intel Stanford The Australian Government Tom Forbes Bug Bounty2023-01-062023-06-13
569EmojiDeploy: Smile! Your Azure web service just got RCE’d ._. RCE Cloud CSRF CORS misconfiguration Microsoft (Azure) Liv Matan (@terminatorLM) Bug Bounty2023-01-192023-06-13
427Escaping misconfigured VSCode extensions Path traversal DNS rebinding XSS HTML injection Webview CSP bypass Microsoft (SARIF viewer & Live Preview) Vasco Franco Bug Bounty2023-02-212023-06-13
154Never Connect to RDP Servers Over Untrusted Networks RDP Microsoft Olivier Bilodeau (@obilodeau) Bug Bounty2023-04-262023-06-13