| 5248 | Magix Bug Bounty: magix.com (RCE, SQLi) and xara.com (LFI, XSS) |
RCE
SQL injection
LFI
XSS |
Magix |
Julien Ahrens (@MrTuxracer) |
Bug Bounty | 2014-04-26 | 2023-06-13 |
| 5247 | Google Docs %27ClickJacking%27 (Information Disclosure) |
Clickjacking |
Google |
Matt Austin (@mattaustin) |
Bug Bounty | 2014-05-13 | 2023-06-13 |
| 5246 | Prezi (map.prezi.com) Path Traversal |
Path traversal |
Prezi |
Patrik Fehrenbach (@ITSecurityguard) |
Bug Bounty | 2014-05-21 | 2023-06-13 |
| 5245 | ebay bug bounty |
Reflected XSS |
Ebay |
Matthew Bryant (@IAmMandatory) |
Bug Bounty | 2014-06-06 | 2023-06-13 |
| 5244 | Facebook – Stored Cross-Site Scripting (XSS) – Badges |
Stored XSS |
Meta / Facebook |
Brett Buerhaus (@bbuerhaus) |
Bug Bounty | 2014-06-16 | 2023-06-13 |
| 5243 | Flickr XSRF to Change Photo Details |
XSRF |
Flickr |
Abdullah Hussam (@Abdulahhusam) |
Bug Bounty | 2014-08-06 | 2023-06-13 |
| 5242 | Popping a shell on the Oculus developer portal |
SQL injection
CSRF
RCE
IDOR |
Meta / Facebook |
Bitquark (@bitquark) |
Bug Bounty | 2014-08-31 | 2023-06-13 |
| 5241 | Step-by-step: exploiting SQL injection(s) in Oculus%27 website. |
SQL injection |
Meta / Facebook |
Josip Franjkovic (@josipfranjkovic) |
Bug Bounty | 2014-09-05 | 2023-06-13 |
| 5240 | Yahoo phpinfo.php disclosure |
Information disclosure |
Yahoo! / Verizon Media |
Patrik Fehrenbach (@ITSecurityguard) |
Bug Bounty | 2014-10-16 | 2023-06-13 |
| 5238 | The 5000$ Google XSS |
XSS |
Google |
Patrik Fehrenbach (@ITSecurityguard) |
Bug Bounty | 2014-10-31 | 2023-06-13 |
| 5237 | Paypal DOM XSS main domain |
DOM XSS |
Paypal |
Patrik Fehrenbach (@ITSecurityguard) |
Bug Bounty | 2014-11-05 | 2023-06-13 |
| 5236 | Paypal stored XSS + Security bypass |
Stored XSS |
Paypal |
Patrik Fehrenbach (@ITSecurityguard) |
Bug Bounty | 2014-11-11 | 2023-06-13 |
| 5235 | Reflected Cross Site Scripting BillMeLater |
Reflected XSS |
BillMeLater |
Patrik Fehrenbach (@ITSecurityguard) |
Bug Bounty | 2014-11-17 | 2023-06-13 |
| 5234 | Google Bug Bounty: Nice Catch on Google Cloud Platform Live |
Reflected XSS |
Google |
Julien Ahrens (@MrTuxracer) |
Bug Bounty | 2014-11-20 | 2023-06-13 |
| 5233 | Reading local files from Facebook%27s server (fixed) |
LFI
Unrestricted file upload |
Meta / Facebook |
Josip Franjkovic (@josipfranjkovic) |
Bug Bounty | 2014-12-06 | 2023-06-13 |
| 5232 | AliExpress XSS vulnerability - take over any seller account |
XSS |
Alibaba |
Barak Tawily (@quitten11) |
Bug Bounty | 2014-12-10 | 2023-06-13 |
| 5231 | Malicious redirect on mailroom.prezi.com |
Open redirect |
Prezi |
Patrik Fehrenbach (@ITSecurityguard) |
Bug Bounty | 2014-12-10 | 2023-06-13 |
| 5230 | Reflected Cross Site Scripting at Paypal.com |
Reflected XSS |
Paypal |
Patrik Fehrenbach (@ITSecurityguard) |
Bug Bounty | 2014-12-15 | 2023-06-13 |
| 5229 | How I discovered a 1000$ open redirect in Facebook |
Open redirect |
Meta / Facebook |
Yassine Aboukir (@Yassineaboukir) |
Bug Bounty | 2014-12-30 | 2023-06-13 |
| 5228 | Papyal XML Upload Cross Site Scripting Vulnerability |
XSS |
Paypal |
Patrik Fehrenbach (@ITSecurityguard) |
Bug Bounty | 2015-01-07 | 2023-06-13 |
| 5227 | Yahoo – Root Access SQL Injection – tw.yahoo.com |
SQL injection |
Yahoo! / Verizon Media |
Brett Buerhaus (@bbuerhaus) |
Bug Bounty | 2015-01-15 | 2023-06-13 |
| 5226 | vimeo IDOR ( buying pro membership & ondemand videos for 0.1$ ) |
IDOR |
Vimeo |
N B Sri Harsha (@nbsriharsha) |
Bug Bounty | 2015-01-16 | 2023-06-13 |
| 5225 | admin.google.com Reflected Cross-Site Scripting (XSS) |
Reflected XSS |
Google |
Brett Buerhaus (@bbuerhaus) |
Bug Bounty | 2015-01-21 | 2023-06-13 |
| 5224 | Flickr API Explorer – Force users to execute any API request. |
CSRF |
Flickr |
Brett Buerhaus (@bbuerhaus) |
Bug Bounty | 2015-02-03 | 2023-06-13 |
| 5223 | Google.com – Mobile Feedback URL Redirect Regex/Validation Flaw |
Open redirect |
Google |
Brett Buerhaus (@bbuerhaus) |
Bug Bounty | 2015-02-03 | 2023-06-13 |
