| 4637 | IDOR leads to getting Access tokens of users linked to Google Drive on Edmodo |
IDOR |
Edmodo |
Aagam shah (@neutrinoguy) |
Bug Bounty | 2018-08-12 | 2023-06-13 |
| 4636 | XSS at Hubspot and XSS in email areas. |
XSS |
HubSpot |
Friendly (@SkeletorKeys) |
Bug Bounty | 2018-08-13 | 2023-06-13 |
| 4635 | Another "TicketTrick" story |
Ticket Trick
Logic flaw |
Uber |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2018-08-14 | 2023-06-13 |
| 4634 | IDOR leads to account takeover |
IDOR |
NA |
s0cket7 (@s0cket7) |
Bug Bounty | 2018-08-16 | 2023-06-13 |
| 4633 | 3 Minutes & XSS! |
XSS |
Edmodo |
Ashish Jha |
Bug Bounty | 2018-08-17 | 2023-06-13 |
| 4632 | YAHOO IDOR -elimination of any comment |
IDOR |
Yahoo! / Verizon Media |
Bada Diaz (@bada77) |
Bug Bounty | 2018-08-17 | 2023-06-13 |
| 4631 | User credential are sent in clear text in Whatsapp web— FIXED | Facebook Bug Bounty |
Credentials sent over unencrypted channel |
Meta / Facebook |
Thuvarakan Nakarajah |
Bug Bounty | 2018-08-18 | 2023-06-13 |
| 4630 | https://www.updatelap.com/2018/08/privileged-escalation-in-facebook-rooms.html |
Authorization flaw
Privilege escalation |
Meta / Facebook |
Jafar Abo Nada (@Jafar_Abo_Nada) |
Bug Bounty | 2018-08-18 | 2023-06-13 |
| 4629 | API key: The real goldmine |
Information disclosure |
NA |
Yumi |
Bug Bounty | 2018-08-19 | 2023-06-13 |
| 4628 | Liking GitHub repositories on behalf of other users — Stored XSS in WebComponents.org |
Stored XSS |
Webcomponents.org |
Thomas Orlita (@ThomasOrlita) |
Bug Bounty | 2018-08-23 | 2023-06-13 |
| 4627 | SQL Injection Vulnerability In University Of Cambridge |
SQL injection |
Cambridge |
Adesh Nandkishor kolte (@AdeshKolte) |
Bug Bounty | 2018-08-24 | 2023-06-13 |
| 4626 | Privileged Escalation in Facebook Messenger Rooms |
Privilege escalation
IDOR |
Meta / Facebook |
Jafar Abo Nada (@Jafar_Abo_Nada) |
Bug Bounty | 2018-08-24 | 2023-06-13 |
| 4625 | Remote Code Execution on a Facebook server |
RCE |
Meta / Facebook |
Daniel Le Gall (@Blaklis_) |
Bug Bounty | 2018-08-24 | 2023-06-13 |
| 4624 | My first valid xss(@Hackerone) |
XSS |
NA |
Jatin Aesthetic (@techyfreakk) |
Bug Bounty | 2018-08-25 | 2023-06-13 |
| 4623 | Traversing the Path to RCE |
Path traversal
RCE |
NA |
hawkinsecurity |
Bug Bounty | 2018-08-27 | 2023-06-13 |
| 4622 | IDOR FACEBOOK: malicious person add people to the “Top Fans” |
IDOR |
Meta / Facebook |
Jafar Abo Nada (@Jafar_Abo_Nada) |
Bug Bounty | 2018-08-28 | 2023-06-13 |
| 4621 | How i found a 1500$ worth Deserialization vulnerability |
Misconfigured JSF ViewState
Insecure deserialization |
NA |
Ashish Kunwar (@D0rkerDevil) |
Bug Bounty | 2018-08-28 | 2023-06-13 |
| 4620 | Reflected Swf XSS at ( https://plugins.svn.wordpress.org ) |
Flash XSS
Reflected XSS |
WordPress |
Mohamed Haron (@m7mdharon) |
Bug Bounty | 2018-09-07 | 2023-06-13 |
| 4618 | A Infinite Loop Story. |
DoS |
NA |
Ashish Kunwar (@D0rkerDevil) |
Bug Bounty | 2018-08-29 | 2023-06-13 |
| 4617 | Finding hidden gems vol. 2: REAMDE.md, the story of a bit too helpful readme file |
Information disclosure |
NA |
Mateusz Olejarka (@molejarka) |
Bug Bounty | 2018-08-29 | 2023-06-13 |
| 4616 | Reflected XSS in Django REST Framework Api at MapBox Subdomain |
Reflected XSS |
Mapbox |
Mohamed Haron (@m7mdharon) |
Bug Bounty | 2018-08-29 | 2023-06-13 |
| 4615 | $100 Bounty in 300 seconds isn’t bad !!! |
Stored XSS |
Zoho |
Rohan Chavan (@rohanchavan1918) |
Bug Bounty | 2018-08-31 | 2023-06-13 |
| 4614 | Pwned Together: Hacking dev.to |
Stored XSS |
Dev.to |
Antony Garand (@AntoGarand) |
Bug Bounty | 2018-08-31 | 2023-06-13 |
| 4613 | https://medium.com/@mahitman1/i-own-your-customers-22e965761abd |
Information disclosure
Hardcoded credentials
AWS misconfiguration |
NA |
Muhammad Abdullah |
Bug Bounty | 2018-09-01 | 2023-06-13 |
| 4612 | Send request to Martians. Earthlings are already your friends. |
CSRF |
Google |
Sagar VD |
Bug Bounty | 2018-09-01 | 2023-06-13 |
