Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1110Groovy Template Engine Exploitation – Notes from a real case scenario RCE Code injection NA Gianluca Baldi (@0x_nope) Bug Bounty2022-09-072023-06-13
1107Baxter SIGMA Spectrum Infusion Pumps: Multiple Vulnerabilities (FIXED) Hardcoded credentials Memory corruption MiTM Information disclosure Baxter Healthcare Deral Heiland (@Percent_X) Bug Bounty2022-09-082023-06-13
1105QUEST KACE Desktop Authority Pre-Auth Remote Code Execution (CVE-2021-44031) RCE Path traversal Quest Tom Ellson (@tde_sec) Bug Bounty2022-09-082023-06-13
1100Riding The Inforail To Exploit Ivanti Avalanche Part 2 RCE Insecure deserialization Path traversal Authentication bypass Unrestricted file upload Arbitrary file write Arbitrary file read Ivanti Piotr Bazydło (@chudyPB) Bug Bounty2021-09-082023-06-13
1091How I DIDN’T get an RCE in a $200 Billion company — Bug Bounty RCE Components with known vulnerabilities NA nynan (@_nynan) Bug Bounty2022-09-122023-06-13
1090LiveHelperChat - Remote Code Execution via Vulnerable Theme Upload Function RCE Live Helper Chat Arben Shala (@arbennsh) Bug Bounty2022-09-132023-06-13
1088Hacking Unity Games with Malicious GameObjects Arbitrary code execution RCE Unity Jason Kielpinski (@f2jason) Bug Bounty2022-09-132023-06-13
1080Security Advisory: NETGEAR Routers FunJSQ Vulnerabilities OS command injection RCE MiTM Netgear Quentin Kaiser (@QKaiser) Bug Bounty2022-09-142023-06-13
1079Breaking Bitbucket: Pre Auth Remote Command Execution (CVE-2022-36804) RCE OS command injection Atlassian Maxwell Garrett (@TheGrandPew) Bug Bounty2022-09-142023-06-13
1071How i Found Unauthorized Bypass RCE RCE Old components with known vulnerabilities NA Yashshirke Bug Bounty2022-09-182023-06-13
1058Securing Developer Tools: OneDev Remote Code Execution RCE SSRF Broken Access Control Container escape OneDev Paul Gerste Bug Bounty2022-09-202023-06-13
1041Pre-Auth Remote Code Execution - Web Page Test RCE SSRF CatchPoint Laluka (@TheLaluka) Bug Bounty2022-09-232023-06-13
1028Discovering The Less-known Vulnerability In Oracle Peoplesoft TockenChpoken Privilege escalation Bruteforce Cookie manipulation NA RE:HACK (@rehackxyz) Bug Bounty2022-09-262023-06-13
1024Two RCEs are better than one: write-up of an interesting lateral movement Local Privilege Escalation RCE NA Riccardo Malatesta (@seeu_inspace) Bug Bounty2022-09-282023-06-13
1015Orange Arbitrary Command Execution RCE Docker daemon misconfiguration Missing authentication Orange Omar Hashem (@OmarHashem666) Bug Bounty2022-09-292023-06-13
1013Security vs Compliance-Cloudflare Password Policy Restriction Bypass Client-side enforcement of server-side security Cloudflare Lohith Gowda M (@lohigowda_in) Bug Bounty2022-09-292023-06-13
1012How Scanning Your Projects for Security Issues Can Lead to Remote Code Execution RCE OS command injection Snyk Ron Masas (@RonMasas) Bug Bounty2022-09-292023-06-13
1011Two Lines Of JScript For $20,000 – Pwn2Own Miami 2022 RCE ICONICS Ben McBride (@bdmcbri) Bug Bounty2022-09-292023-06-13
1009Tale of Easy P1 Bugs in Wild Forced browsing 403 bypass Information disclosure NA Harsh Tandel Bug Bounty2022-10-012023-06-13
1002Securing Developer Tools: A New Supply Chain Attack on PHP Argument injection RCE Supply chain attack Security code review Packagist Thomas Chauchefoin (@swapgs) Bug Bounty2022-10-042023-06-13
1001Hacking TMNF: Part 1 - Fuzzing the game server RCE Memory corruption Format string vulnerability Ubisoft - Bug Bounty2022-10-052023-06-13
994CVE-2022-41343 RCE Insecure deserialization Phar deserialization dompdf Tanto Security team (@TantoSecurity) Bug Bounty2022-10-062023-06-13
992SSD Advisory – pfSense Post Auth RCE RCE Privilege escalation pfSense 이예랑 (@yelang123x) Bug Bounty2022-10-062023-06-13
989CVE-2022–36635 — A SQL Injection in ZKSecurityBio to RCE SQL injection ZKTeco Caio Burgardt (@CaioBurgardt) Bug Bounty2022-10-062023-06-13
984Persistent PHP Payloads In PNGs: How To Inject PHP Code In An Image – And Keep It There ! Unrestricted file upload Code injection RCE NA Quentin Roland (@ROLANDQuentin2) Bug Bounty2022-10-102023-06-13