Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
873Gregor Samsa: Exploiting Java%27s XML Signature Verification Integer truncation RCE SAML OpenJDK Apache Commons BCEL Felix Wilhelm (@_fel1x) Bug Bounty2022-11-022023-06-13
868Case of Admin Bypass for RCE, XSS, and Information Disclosure RCE Unrestricted file upload Stored XSS Information disclosure NA Sam Paredes (@caffeinevulns) Bug Bounty2022-11-032023-06-13
867How I hacked into a Cambridge’s server and got appreciation letter. Unrestricted file upload RCE Cambridge Prathamrajgor Bug Bounty2022-11-042023-06-13
861CVE-2022-26730 | ColorSync | Hoyt LLC MacOS Memory corruption RCE Apple David Hoyt (@h02332) Bug Bounty2022-11-052023-06-13
844Unit 42 Finds Three Vulnerabilities in OpenLiteSpeed Web Server RCE OS command injection Path traversal Local Privilege Escalation LiteSpeed Artur Avetisyan (@3v1LMonk3y) Bug Bounty2022-11-102023-06-13
840Security and Privacy Failures in Popular 2FA Apps Cryptographic issues LastPass Google Twilio Microsoft Duo Salesforce Latch Zoho Conor Gilsenan Bug Bounty2022-11-112023-06-13
838Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js RCE Prototype pollution DoS Rocket.Chat NPM CLI Parse Server Node.js Mikhail Shcherbakov Bug Bounty2022-11-112023-06-13
832SSD Advisory – Cisco Secure Manager Appliance remediation_request_utils SQL Injection Remote Code Execution SQL injection RCE Security code review Cisco - Bug Bounty2022-11-142023-06-13
828Checkmk: Remote Code Execution by Chaining Multiple Bugs (1/3) RCE Code injection SSRF Line Feed injection Arbitrary file read Authentication bypass Security code review Checkmk Stefan Schiller (@scryh_) Bug Bounty2022-11-152023-06-13
825Remote Code Execution in Spotify’s Backstage via vm2 Sandbox Escape (CVSS Score of 9.8) RCE VM sandbox escape Spotify Gal Goldsthein (@G4lGo89) Bug Bounty2022-11-152023-06-13
823Control Your Types Or Get Pwned: Remote Code Execution In Exchange Powershell Backend RCE Windows Checkmk Piotr Bazydło (@chudyPB) Bug Bounty2022-11-162023-06-13
821CVE-2022-41622 and CVE-2022-41800 (FIXED): F5 BIG-IP and iControl REST Vulnerabilities and Exposures CSRF RCE RPM Spec Injection F5 Ron Bowes (@iagox86) Bug Bounty2022-11-162023-06-13
808Remote Command Execution in a Bank Server RCE Arbitrary file read Unrestricted file upload NA Bipin Jitiya (@win3zz) Bug Bounty2022-11-182023-06-13
800My Account Takeover Writeup: $5000 Lack of rate limiting Bruteforce NA MRD7 (@_mrd7_) Bug Bounty2022-11-212023-06-13
792CVE-2022-41924 - RCE in Tailscale, DNS Rebinding, and You RCE DNS rebinding Information disclosure Tailscale Jamie McClymont (@JJJollyjim) Bug Bounty2022-11-222023-06-13
791CVE-2021-40662 Chamilo LMS 1.11.14 RCE Stored XSS CSRF RCE Chamilo LMS Febin Bug Bounty2021-11-232023-06-13
784From Zero to Hero Part 1: Bypassing Intel DCM’s Authentication by Spoofing Kerberos and LDAP Responses (CVE-2022-33942) Authentication bypass Kerberos RCE Privilege escalation Security code review Intel Julien Ahrens (@MrTuxracer) Bug Bounty2022-11-232023-06-13
783Multiple vulnerabilities in H2O ≤ 3.32.1.3 Insecure deserialization RCE Arbitrary file read Security code review H2O Clément Amic Bug Bounty2022-11-232023-06-13
782Contrast discovers zero-day flaw in popular Quarkus Java framework Drive-by attack CSRF RCE Quarkus Joseph Beeton Bug Bounty2022-11-232023-06-13
781Legally hacking a Government Satellite? Missing authentication OS command injection RCE NA RiotSecTeam (@RiotSecTeam) Bug Bounty2022-11-242023-06-13
779CVE-2022–43781 OS command injection RCE Atlassian Petrus Viet (@VietPetrus) Bug Bounty2022-11-252023-06-13
770A Real World Example Of Classic Remote Command Execution (RCE) OS command injection XSS RCE NA Bhashit Pandya (@x30r_) Bug Bounty2022-11-262023-06-13
755Unrestricted file upload in Rocket TRUfusion Enterprise <= 7.9.6.0 Unrestricted file upload Security code review RCE Rocket Software Mehdi Elyassa Bug Bounty2022-11-302023-06-13
747How I found my first RCE! RCE Components with known vulnerabilities WSO2 SSRF NA 302Found Bug Bounty2022-12-012023-06-13
746From Zero to Hero Part 2: From SQL Injection to RCE on Intel DCM (CVE-2022-21225) SQL injection Kerberos RCE Privilege escalation Security code review Intel Julien Ahrens (@MrTuxracer) Bug Bounty2022-12-012023-06-13