Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
745Command Injection in Asus M25 NAS OS command injection Source code disclosure Asus Quentin Kaiser (@QKaiser) Bug Bounty2022-12-012023-06-13
740Pre-Auth RCE with CodeQL in Under 20 Minutes Security code review RCE Command injection Authorization flaw pgAdmin Florian Hauser (@frycos) Bug Bounty2022-12-022023-06-13
733Drupal H5P Module <= 2.0.0 (isValidPackage) Zip Slip Vulnerability Zip Slip attack Path traversal Source code disclosure Drupal Egidio Romano / EgiX Bug Bounty2022-12-032023-06-13
729Bug Writeup: RCE via SSTI on Spring Boot Error Page with Akamai WAF Bypass SSTI RCE WAF bypass GitHub Peter M (@h1pmnh) Bug Bounty2022-12-042023-06-13
726TheHole New World - how a small leak will sink a great browser (CVE-2021-38003) Memory corruption RCE Google (Chrome) Bruce Chen (@bruce30262) Bug Bounty2022-12-062023-06-13
724The Last Breath of Our Netgear RAX30 Bugs - A Tragic Tale before Pwn2Own Toronto 2022 Command injection RCE Security code review Netgear Vu Thi Lan (@lanleft_) Bug Bounty2022-12-062023-06-13
723Cool Vulns Don%27t Live Long - Netgear And Pwn2Own Code injection RCE Security code review Netgear Kevin Denis Bug Bounty2022-12-062023-06-13
720DataBinding2Shell: Novel Pathways to RCE Web Frameworks RCE Spring4Shell Spring Grails Haowen Mu (@meizjm3i) Bug Bounty2022-12-072023-06-13
696How I Hacked A Company (My First Red Team Engagement 🚩)Permalink SQL injection NA Monish Kumar (@aidenpearce369) Bug Bounty2022-12-132023-06-13
693CVE-2021-43444 to 43449: Exploiting ONLYOFFICE Web Sockets for Unauthenticated Remote Code Execution Websockets RCE Arbitrary file write Path traversal OnlyOffice Iain Wallace (@strawp) Bug Bounty2022-12-142023-06-13
691CVE-2021-43444 to 43449: Exploiting ONLYOFFICE Web Sockets for Unauthenticated Remote Code Execution Websockets XSS RCE Arbitrary file write Path traversal OnlyOffice Iain Wallace (@strawp) Bug Bounty2022-12-142023-06-13
673From PostAuth RCE to PreAuth RCE on Liferay Portal RCE Insecure deserialization NA RV Sharma Bug Bounty2022-12-202023-06-13
667RCE on admin panel of web3 website RCE Components with known vulnerabilities NA T VAMSHI Bug Bounty2022-12-212023-06-13
658ENLBufferPwn (CVE-2022-47949) Buffer Overflow Memory corruption RCE Nintendo PabloMK7 (@Pablomf6) Bug Bounty2022-12-222023-06-13
657$350 XSS in 15 minutes DOM XSS JSONP NA Anton (@therceman) Bug Bounty2022-12-232023-06-13
648How I found multiple critical bugs in Red Bull Authentication bypass HTTP response manipulation Path traversal LFI XSS SQL injection RCE Unrestricted file upload RFI Security code review Red Bull Bartłomiej Bergier (@_bergee_) Bug Bounty2022-12-262023-06-13
630India’s Aadhar card source code disclosure via exposed .svn/wc.db Source code disclosure .svn folder disclosure Aadhaar 0xLittleSpidy (@0xLittleSpidy) Bug Bounty2023-01-022023-06-13
621Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More Account takeover SSO RCE Authorization bypass SQL injection Mass assignment Information disclosure Kia Honda Infiniti Nissan Acura Mercedes-Benz Hyundai Genesis BMW Rolls Royce Ferrari Spireon Ford Reviver Porsche Toyota Jaguar Land Rover SiriusXM Sam Curry (@samwcyo) Bug Bounty2023-01-032023-06-13
620Cacti: Unauthenticated Remote Code Execution RCE Authentication bypass OS command injection Security code review Cacti Stefan Schiller (@scryh_) Bug Bounty2023-01-032023-06-13
616PandoraFMS - Pre-Auth Remote Code Execution RCE Path traversal Arbitrary file upload LFI Security code review PandoraFMS esj4y (@esj4y) Bug Bounty2023-01-062023-06-13
607Lexmark MC3224adwe RCE exploit RCE SSRF Printer hacking Unrestricted file upload Local Privilege Escalation Lexmark blasty (@bl4sty) Bug Bounty2023-01-092023-06-13
596SSH key injection in Google Cloud Compute Engine [Google VRP] OS command injection RCE Google Sivanesh Ashok (@sivaneshashok) Bug Bounty2023-01-122023-06-13
592How Browser’s Save As Feature might lead to Code Execution (CVE-2022–45415) RCE Browser hacking Mozilla (Firefox) Jayateertha Guruprasad (@JayateerthaG) Bug Bounty2023-01-142023-06-13
591YAFPC — Unauthenticated Remote Code Execution Authentication bypass Hardcoded credentials RCE NA Luke Paris Bug Bounty2023-01-142023-06-13
585CVE-2022-21587 (Oracle E-Business Suite Unauthenticated RCE) RCE Unrestricted file upload Zip Slip attack Oracle @vudq16 Bug Bounty2023-01-162023-06-13