Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
583Unauthenticated Configuration Export in Multiple WAGO Products Path traversal Security code review WAGO ONEKEY (@onekey_sec) Bug Bounty2023-02-162023-06-13
548Exploiting Hardcoded Keys to achieve RCE in Yellowfin BI RCE Authentication bypass Security code review JWT Yellowfin BI Maxwell Garrett (@TheGrandPew) Bug Bounty2023-01-242023-06-13
541OpenEMR - Remote Code Execution in your Healthcare System RCE XSS LFI Arbitrary file read Security code review OpenEMR Dennis Brinkrolf (@DBrinkrolf) Bug Bounty2023-01-262023-06-13
536PHP Development Server <= 7.4.21 - Remote Source Disclosure Source code disclosure Information disclosure Security code review PHP Rahul Maini (@iamnoooob) Bug Bounty2023-01-282023-06-13
535CVE-2022-44789 Memory corruption Use-After-Free RCE Security code review Artifex MuJS Alvin Ng (@alngpwn) Bug Bounty2023-01-282023-06-13
532Froxlor v2.0.6 Remote Command Execution (CVE-2023-0315) RCE Arbitrary file write SSTI Security code review Froxlor Askar (@mohammadaskar2) Bug Bounty2023-01-292023-06-13
521Unserializable, But Unreachable: Remote Code Execution On vBulletin RCE Insecure deserialization Security code review vBulletin Charles Fol (@cfreal_) Bug Bounty2023-01-312023-06-13
519Remote Command Execution in binwalk RCE Path traversal Security code review ReFirm Labs (binwalk) ubi_reader jefferson yaffshiv Quentin Kaiser (@QKaiser) Bug Bounty2023-01-312023-06-13
514RCE in Avaya Aura Device Services RCE Security code review XSS WebDAV Avaya Dylan Pindur Bug Bounty2023-02-012023-06-13
512ImageMagick: The hidden vulnerability behind your online images Application-level DoS Arbitrary file read Security code review ImageMagick Bryan Gonzalez Bug Bounty2023-02-012023-06-13
508Pre-Auth RCE in Aspera Faspex: Case Guide for Auditing Ruby on Rails RCE Security code review Missing authentication Insecure deserialization IBM Maxwell Garrett (@TheGrandPew) Bug Bounty2023-02-022023-06-13
502WEEKEND DESTROYER - RCE in Western Digital PR4100 NAS RCE Hardcoded credentials Privilege escalation Cryptographic issues Security code review Western Digital Pedro Ribeiro (@pedrib1337) Bug Bounty2023-02-022023-06-13
499Authentication Bypass in Izanami Docker image 1.10.22 CVE-2023-22495 Authentication bypass JWT Security code review Container security Izanami Raphaël Lob Bug Bounty2023-02-032023-06-13
493GoAnywhere MFT - A Forgotten Bug Insecure deserialization Security code review Fortra (GoAnywhere) Florian Hauser (@frycos) Bug Bounty2023-02-062023-06-13
492Apache SCXML Remote Code Execution RCE Security code review Apache SCXML pyn3rd (@pyn3rd) Bug Bounty2023-02-062023-06-13
485[CVE-2023-22855] Kardex MLOG - Insecure path join to RCE via SSTI RCE SSTI Security code review NA Patrick Hener (@C1sc01) Bug Bounty2023-02-072023-06-13
479Pwn2Owning Two Hosts At The Same Time: Abusing Inductive Automation Ignition’s Custom Deserialization Insecure deserialization RCE Security code review Inductive Automation Ignition Piotr Bazydło (@chudyPB) Bug Bounty2023-02-082023-06-13
463XXE with Auto-Update in install4j XXE Security code review Prosys OPC Florian Hauser (@frycos) Bug Bounty2023-02-122023-06-13
424ClamAV Critical Patch Review RCE Memory corruption Buffer Overflow XXE Security code review ClamAV ONEKEY (@onekey_sec) Bug Bounty2023-02-212023-06-13
414Vulnerability write-up - "Dangerous assumptions" Prototype pollution SQL injection Security code review DIVD Thomas Rinsma (@thomasrinsma) Bug Bounty2023-02-222023-06-13
413Unauthenticated RCE in Goanywhere Insecure deserialization RCE Security code review Fortra (GoAnywhere) Youssef Muhammad (@yosef0x1) Bug Bounty2023-02-222023-06-13
398draw.io CVEs SSRF OAuth Open redirect Token leak Security code review draw.io @caioluders Bug Bounty2023-02-242023-06-13
383VMware Workspace One Access RCE Java Beans Security code review VMware Steven Seeley (@steventseeley) Bug Bounty2023-02-272023-06-13
378CVE-2022-38108: RCE In Solarwinds Network Performance Monitor Insecure deserialization RCE Security code review SolarWinds Piotr Bazydło (@chudyPB) Bug Bounty2023-02-282023-06-13
359CS-Cart PDF Plugin Unauthenticated Command Injection RCE OS command injection Security code review CS-Cart Ngo Wei Lin (@Creastery) Bug Bounty2023-03-032023-06-13