| 5080 | AWS S3 bucket misconfiguration - Paytm |
AWS misconfiguration |
Paytm |
Tutorgeeks (@tutorgeeks) |
Bug Bounty | 2017-04-18 | 2023-06-13 |
| 5073 | Pivoting from blind SSRF to RCE with HashiCorp Consul |
Blind XSS
RCE |
NA |
Peter Adkins (@darkarnium) |
Bug Bounty | 2017-05-29 | 2023-06-13 |
| 5072 | XSS on Google{5.000$}-Google Vulnerability Reward Program (VRP) |
Stored XSS |
Google |
- |
Bug Bounty | 2017-05-30 | 2023-06-13 |
| 5071 | Android Browser All Versions - Address Bar Spoofing Vulnerability - CVE-2015-3830 |
Address Bar Spoofing |
Google |
Rafay Baloch (@rafaybaloch) |
Bug Bounty | 2017-06-01 | 2023-06-13 |
| 5067 | Android Browser Same Origin Policy Bypass < 4.4 - CVE-2014-6041 |
SOP bypass |
Google |
Rafay Baloch (@rafaybaloch) |
Bug Bounty | 2017-06-01 | 2023-06-13 |
| 5064 | Django Privilege Escalation – Zero To Superuser |
Privilege escalation |
NA |
Sean Melia (@seanmeals) |
Bug Bounty | 2017-06-01 | 2023-06-13 |
| 5062 | From JS to another JS files lead to authentication bypass |
Authentication bypass |
NA |
yappare (@yappare) |
Bug Bounty | 2017-06-06 | 2023-06-13 |
| 5058 | Vulnerability in Metasploit Project aka CVE-2017-5244 |
CSRF |
Rapid7 |
Mohamed A. Baset |
Bug Bounty | 2017-06-12 | 2023-06-13 |
| 5053 | Yahoo Small Business (Luminate) and the Not-So-Secret Keys |
Blind SSRF |
Yahoo! / Verizon Media |
Tommy DeVoss / dawgyg (@thedawgyg) |
Bug Bounty | 2017-06-23 | 2023-06-13 |
| 5051 | Authentication bypass on Uber’s Single Sign-On via subdomain takeover |
Subdomain takeover
Authentication bypass |
Uber |
Arne Swinnen (@ArneSwinnen) |
Bug Bounty | 2017-06-25 | 2023-06-13 |
| 5049 | CVE-2017-10711: Reflected XSS vulnerability in SimpleRisk – Open Source Risk Management System |
Reflected XSS |
SimpleRisk |
Mohamed A. Baset |
Bug Bounty | 2017-06-28 | 2023-06-13 |
| 5048 | Escalating XSS in PhantomJS Image Rendering to SSRF/Local-File Read |
XSS
SSRF
LFI |
NA |
Brett Buerhaus (@bbuerhaus) |
Bug Bounty | 2017-06-29 | 2023-06-13 |
| 5046 | OpenProject Session Management Security Vulnerability aka CVE-2017-11667 |
Session management issue |
OpenProject |
Mohamed A. Baset |
Bug Bounty | 2017-06-30 | 2023-06-13 |
| 5039 | How a simple IDOR become a $4K User Impersonation vulnerability |
IDOR |
NA |
Shahmeer Amir (@Shahmeer_Amir) |
Bug Bounty | 2017-07-08 | 2023-06-13 |
| 5035 | Hey UserID x, what’s your secret token? Broken API enables me to leak/modify any users personal information |
IDOR
Account takeover |
NA |
Zseano (@zseano) |
Bug Bounty | 2017-07-13 | 2023-06-13 |
| 5033 | ctrl+c & ctrl+v to Steal SESSIONID |
Clickjacking |
NA |
Arbaz Hussain (@ArbazKiraak) |
Bug Bounty | 2017-07-18 | 2023-06-13 |
| 5031 | Stealing Access Token of One-drive Integration By Chaining CSRF Vulnerability |
OAuth
CSRF |
NA |
Arbaz Hussain (@ArbazKiraak) |
Bug Bounty | 2017-07-18 | 2023-06-13 |
| 5030 | Exploiting Misconfigured CORS on popular BTC Site |
CORS misconfiguration |
NA |
Arbaz Hussain (@ArbazKiraak) |
Bug Bounty | 2017-07-19 | 2023-06-13 |
| 5029 | Xss using dynamically generated js file |
XSS |
NA |
Arbaz Hussain (@ArbazKiraak) |
Bug Bounty | 2017-07-19 | 2023-06-13 |
| 5028 | That Escalated Quickly : From partial CSRF to reflected XSS to complete CSRF to Stored XSS |
CSRF
Reflected XSS
Stored XSS |
NA |
Mandeep Jadon (@1337tr0lls) |
Bug Bounty | 2017-07-19 | 2023-06-13 |
| 5026 | Self XSS to Good XSS Clickjacking |
XSS
Clickjacking |
NA |
Arbaz Hussain (@ArbazKiraak) |
Bug Bounty | 2017-07-20 | 2023-06-13 |
| 5025 | Race Condition bypassing team limit |
Race condition |
NA |
Arbaz Hussain (@ArbazKiraak) |
Bug Bounty | 2017-07-20 | 2023-06-13 |
| 5022 | May the Shells be with You - A Star Wars RCE Adventure! |
RCE |
NA |
Andy Gill (@ZephrFish) |
Bug Bounty | 2017-07-22 | 2023-06-13 |
| 5016 | Cracking the lens: targeting HTTP%27s hidden attack-surface |
Reflected XSS
SSRF |
Yahoo! / Verizon Media
BT
New Relic |
James Kettle (@albinowax) |
Bug Bounty | 2017-07-27 | 2023-06-13 |
| 5014 | Referer Based XSS |
XSS |
NA |
Arbaz Hussain (@ArbazKiraak) |
Bug Bounty | 2017-07-30 | 2023-06-13 |
