| 1012 | How Scanning Your Projects for Security Issues Can Lead to Remote Code Execution |
RCE
OS command injection |
Snyk |
Ron Masas (@RonMasas) |
Bug Bounty | 2022-09-29 | 2023-06-13 |
| 943 | Basic recon to RCE III |
RCE
OS command injection |
NA |
Joshua Martinelle (@J0_mart) |
Bug Bounty | 2022-10-18 | 2023-06-13 |
| 939 | Vulnerabilities in Tenda%27s W15Ev2 AC1200 Router |
OS command injection
Buffer Overflow
Memory corruption
Stored XSS
Authorization flaw
Information disclosure |
Tenda |
Olivier Laflamme (@olivier_boschko) |
Bug Bounty | 2022-10-19 | 2023-06-13 |
| 906 | GL.iNET GL-MT300N-V2 Router Vulnerabilities and Hardware Teardown |
OS command injection
Arbitrary file read
Information disclosure
Account takeover
Stored XSS
Lack of rate limiting
Weak credentials
Password policy bypass |
GL.iNet |
Olivier Laflamme (@olivier_boschko) |
Bug Bounty | 2022-10-26 | 2023-06-13 |
| 844 | Unit 42 Finds Three Vulnerabilities in OpenLiteSpeed Web Server |
RCE
OS command injection
Path traversal
Local Privilege Escalation |
LiteSpeed |
Artur Avetisyan (@3v1LMonk3y) |
Bug Bounty | 2022-11-10 | 2023-06-13 |
| 781 | Legally hacking a Government Satellite? |
Missing authentication
OS command injection
RCE |
NA |
RiotSecTeam (@RiotSecTeam) |
Bug Bounty | 2022-11-24 | 2023-06-13 |
| 779 | CVE-2022–43781 |
OS command injection
RCE |
Atlassian |
Petrus Viet (@VietPetrus) |
Bug Bounty | 2022-11-25 | 2023-06-13 |
| 770 | A Real World Example Of Classic Remote Command Execution (RCE) |
OS command injection
XSS
RCE |
NA |
Bhashit Pandya (@x30r_) |
Bug Bounty | 2022-11-26 | 2023-06-13 |
| 745 | Command Injection in Asus M25 NAS |
OS command injection
Source code disclosure |
Asus |
Quentin Kaiser (@QKaiser) |
Bug Bounty | 2022-12-01 | 2023-06-13 |
| 740 | Pre-Auth RCE with CodeQL in Under 20 Minutes |
Security code review
RCE
Command injection
Authorization flaw |
pgAdmin |
Florian Hauser (@frycos) |
Bug Bounty | 2022-12-02 | 2023-06-13 |
| 724 | The Last Breath of Our Netgear RAX30 Bugs - A Tragic Tale before Pwn2Own Toronto 2022 |
Command injection
RCE
Security code review |
Netgear |
Vu Thi Lan (@lanleft_) |
Bug Bounty | 2022-12-06 | 2023-06-13 |
| 714 | The first step to PWN2OWN - A sad one |
Command injection |
Netgear |
Vương Quốc Huy |
Bug Bounty | 2022-12-09 | 2023-06-13 |
| 660 | Puckungfu: A NETGEAR WAN Command Injection |
OS command injection
Security code review |
Netgear |
McCaulay Hudson (@_mccaulay) |
Bug Bounty | 2022-12-22 | 2023-06-13 |
| 620 | Cacti: Unauthenticated Remote Code Execution |
RCE
Authentication bypass
OS command injection
Security code review |
Cacti |
Stefan Schiller (@scryh_) |
Bug Bounty | 2023-01-03 | 2023-06-13 |
| 596 | SSH key injection in Google Cloud Compute Engine [Google VRP] |
OS command injection
RCE |
Google |
Sivanesh Ashok (@sivaneshashok) |
Bug Bounty | 2023-01-12 | 2023-06-13 |
| 560 | Vulnerabilities in ManageEngine ADSelfService Plus 6.1 build 6117 |
RCE
OS command injection
Broken Access Control |
Zoho (ManageEngine) |
Antoine Cervoise (@acervoise) |
Bug Bounty | 2023-01-20 | 2023-06-13 |
| 542 | Kamailio’s exec module considered harmful |
OS command injection
SIP |
Kamailio |
Ali Norouzi |
Bug Bounty | 2023-01-26 | 2023-06-13 |
| 437 | Facebook bug: A Journey from Code Execution to S3 Data Leak |
RCE
OS command injection |
Meta / Facebook |
Bipin Jitiya (@win3zz) |
Bug Bounty | 2023-02-16 | 2023-06-13 |
| 407 | LogicalDOC Vulnerability Disclosure |
XXE
RCE
Command injection
Privilege escalation |
LogicalDOC |
Brett DeWall (@xbadbiddyx) |
Bug Bounty | 2023-02-23 | 2023-06-13 |
| 390 | The Tale of a Command Injection by Changing the Logo |
RCE
OS command injection
Unrestricted file upload
Directory listing
HTTP response manipulation |
NA |
0xrz (@omidxrz) |
Bug Bounty | 2023-02-26 | 2023-06-13 |
| 385 | $10.000 bounty for exposed .git to RCE |
.git folder disclosure
RCE
OS command injection |
NA |
Lev Shmelev |
Bug Bounty | 2023-02-27 | 2023-06-13 |
| 359 | CS-Cart PDF Plugin Unauthenticated Command Injection |
RCE
OS command injection
Security code review |
CS-Cart |
Ngo Wei Lin (@Creastery) |
Bug Bounty | 2023-03-03 | 2023-06-13 |
| 332 | PwnAgent: A One-Click WAN-side RCE in Netgear RAX Routers with CVE-2023-24749 |
RCE
OS command injection
Security code review |
Netgear |
Zion Basque (@mahal0z) |
Bug Bounty | 2023-03-08 | 2023-06-13 |
| 328 | The Silent Spy Among Us: Modern Attacks Against Smart Intercoms |
IoT
OS command injection
Missing authentication
MiTM
SIP |
Akuvox |
Claroty%27s Team82 (@Claroty) |
Bug Bounty | 2023-03-09 | 2023-06-13 |
| 314 | The story of how I was able to chain SSRF with Command Injection Vulnerability |
SSRF
OS command injection
RCE |
NA |
Raj Qureshi (@RajQureshi9) |
Bug Bounty | 2023-03-12 | 2023-06-13 |
