Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1467Zimbra Email - Stealing Clear-Text Credentials via Memcache injection Memcache injection CRLF injection Zimbra Sonar (@SonarSource) Bug Bounty2022-06-142023-06-13
1463[BugTales] UnZiploc: From 0-click To Platform Compromise Memory corruption Logic flaw RCE Local Privilege Escalation Huawei Daniel Komaromy (@kutyacica) Bug Bounty2022-06-142023-06-13
1459CVE-2022-23088: Exploiting A Heap Overflow In The Freebsd Wi-fi Stack Memory corruption RCE FreeBSD Security Team m00nbsd (@m00nbsd) Bug Bounty2022-06-162023-06-13
1453That Pipe is Still Leaking: Revisiting the RDP Named Pipe Vulnerability RCE Microsoft Gabriel Sztejnworcel (@sztejnworcel) Bug Bounty2022-06-162023-06-13
1448Account Takeover by OTP bypass Information disclosure Client-side enforcement of server-side security OTP bypass Account takeover NA Vaibhav Kumar Srivastava Bug Bounty2022-06-192023-06-13
1442Exploiting vulnerabilities in iOS Application IDOR Bruteforce Lack of rate limiting Account takeover iOS NA Raj Singh Chauhan (@raj_singh_ch) Bug Bounty2022-06-222023-06-13
1439Exploiting Bitdefender Antivirus: RCE from any website RCE Command injection Bitdefender Wladimir Palant (@WPalant) Bug Bounty2022-06-222023-06-13
1435Pwn2Own 2021 Microsoft Exchange Exploit Chain SSRF RCE Microsoft Rskvp93 (@rskvp93) Bug Bounty2022-06-232023-06-13
1434Miracle - One Vulnerability To Rule Them All Insecure deserialization SSRF RCE Oracle Nguyễn Tiến Giang (@testanull) Bug Bounty2022-06-232023-06-13
1431mysqlnd/pdo password buffer overflow leading to RCE (CVE 2022-31626) Buffer Overflow Memory corruption PHP Charles Fol (@cfreal_) Bug Bounty2022-06-252023-06-13
1418Bypassing .NET Serialization Binders Insecure deserialization RCE Microsoft Markus Wulftange (@mwulftange) Bug Bounty2022-06-282023-06-13
1417Unrar Path Traversal Vulnerability affects Zimbra Mail Path traversal Arbitrary file write RCE Zimbra Sonar (@SonarSource) Bug Bounty2022-06-282023-06-13
1416Pwning ManageEngine — From PoC to Exploit: A deep dive into CVE-2020–11531 and CVE-2020–11532 Path traversal RCE Authentication bypass Zoho Erik Wynter (@WynterErik) Bug Bounty2022-06-282023-06-13
1411CVE-2022-28219: Unauthenticated XXE to RCE and Domain Compromise in ManageEngine ADAudit Plus XXE SSRF RCE Zoho Naveen Sunkavally Bug Bounty2022-06-292023-06-13
1409Visual Studio Code - Remote Code Execution in Restricted Mode (CVE-2021-43908) RCE XSS Microsoft s1r1us (@s1r1u5_) Bug Bounty2022-06-292023-06-13
1391PII Disclosure of Apple Users ($10k) IDOR Lack of rate limiting Bruteforce Information disclosure Apple Ahmad Halabi (@Ahmad_Halabi_) Bug Bounty2022-07-072023-06-13
1388Advisory | GLPI Service Management Software Multiple Vulnerabilities and Remote Code Execution SQL injection RCE LFI GLPI Nuri Çilengir (@ncilengir) Bug Bounty2022-07-082023-06-13
1381How we have pwned Root-Me in 2022 XSS CSRF RCE SPIP SpawnZii (@SpawnZii) Bug Bounty2022-07-122023-06-13
1380Remote Code Execution via Prototype Pollution in Blitz.js Prototype pollution RCE Blitz.js Paul Gerste Bug Bounty2022-07-122023-06-13
1372Hacking on a Private Program (Salseforce crm) RCE OS command injection NA Maruf Hosan (@thinkermaruff) Bug Bounty2022-07-132023-06-13
1368CVE-2022-30136: Microsoft Windows Network File System V4 Remote Code Execution Vulnerability RCE DoS Memory corruption Microsoft Yuki Chen (@guhe120) Bug Bounty2022-07-142023-06-13
1366Tableau Server Leaks Sensitive Information From Reflected XSS Reflected XSS Salesforce Simon Bouchard (@SimTwisted) Bug Bounty2022-07-142023-06-13
1365Exploiting Arbitrary Object Instantiations in PHP without Custom Classes RCE Arbitrary Object Instantiation Bruteforce LDAP injection NA Arseniy Sharoglazov (@_mohemiv) Bug Bounty2022-07-142023-06-13
1347MyBB 0day Authenticated Remote code execution RCE Argument injection MyBB Anna / 416e6e61 (@AnnaViolet20) Bug Bounty2022-07-192023-06-13
1342SSD Advisory – Microsoft SharePoint Server WizardConnectToDataStep4 Deserialization Of Untrusted Data RCE Insecure deserialization RCE Microsoft Alex Birnberg (@alexbirnberg) Bug Bounty2022-07-192023-06-13