| 3449 | A Long Overdue Write-up: How I got into the Oppo Hall of Fame |
Login screen bypass
Authentication bypass |
oppo |
Shibin B. Shaji (@shibinbshaji06) |
Bug Bounty | 2020-05-28 | 2023-06-13 |
| 3298 | Android pin bypass with rate limiting |
Lack of rate limiting
Authentication bypass |
NA |
Baluz (@t3chman) |
Bug Bounty | 2020-07-18 | 2023-06-13 |
| 3297 | Creative Android pin bypass with Race conditon |
Race condition
Authentication bypass |
NA |
Baluz (@t3chman) |
Bug Bounty | 2020-07-18 | 2023-06-13 |
| 3273 | Authentication Token Leads To IDOR |
Authentication bypass |
NA |
mohit (@mohit29295572) |
Bug Bounty | 2020-07-28 | 2023-06-13 |
| 3234 | Bypassing 403 |
Authentication bypass |
NA |
Michael Hyndman (@michaelhyndman) |
Bug Bounty | 2020-08-09 | 2023-06-13 |
| 3189 | Auth bypass: Leaking Google Cloud service accounts and projects |
Authentication bypass |
Google |
Ezequiel Pereira (@epereiralopez) |
Bug Bounty | 2020-08-26 | 2023-06-13 |
| 3146 | How I By-pass the login page and 2FA authentication….. |
Authentication bypass
OTP bypass
MFA bypass |
NA |
Harsh |
Bug Bounty | 2020-09-20 | 2023-06-13 |
| 3125 | Story of a weird vulnerability I found on Facebook |
Authentication bypass
Information disclosure |
Meta / Facebook |
Amine Aboud (@amineaboud) |
Bug Bounty | 2020-09-30 | 2023-06-13 |
| 3121 | Journey Of My First Bug Bounty (Nov 2018) |
Authentication bypass |
Samsung |
Harsh Tyagi (@harshtya9i) |
Bug Bounty | 2020-10-02 | 2023-06-13 |
| 3109 | We Hacked Apple for 3 Months: Here’s What We Found |
RCE
Authentication bypass
Authorization bypass
SSRF
XXE
Blind XSS
IDOR
OS command injection
SQL injection |
Apple |
Sam Curry (@samwcyo) |
Bug Bounty | 2020-10-07 | 2023-06-13 |
| 3101 | Unauthorized access to all the user’s account. |
Account takeover
Authentication bypass
JWT |
NA |
Rahul Naidu |
Bug Bounty | 2020-10-12 | 2023-06-13 |
| 3090 | Multiple Address Bar Spoofing Vulnerabilities In Mobile Browsers |
Authentication bypass
JWT
Android |
NHS COVID-19 App |
James Sanderson (@zofrex) |
Bug Bounty | 2020-10-20 | 2023-06-13 |
| 3071 | Weblogic RCE by only one GET request — CVE-2020–14882 Analysis |
RCE
Authentication bypass
Security code review |
Oracle (WebLogic) |
Nguyễn Tiến Giang (@testanull) |
Bug Bounty | 2020-10-28 | 2023-06-13 |
| 3048 | Silver Peak Unity Orchestrator RCE |
RCE
Authentication bypass
Path traversal
SQL injection |
Silver Peak |
Realmode Labs (@RealmodeLabs) |
Bug Bounty | 2020-11-08 | 2023-06-13 |
| 3030 | SD-PWN Part 2 — Citrix SD-WAN Center — Another Network Takeover |
RCE
Authentication bypass
Path traversal
OS command injection
Local Privilege Escalation |
Citrix Systems |
Realmode Labs (@RealmodeLabs) |
Bug Bounty | 2020-11-15 | 2023-06-13 |
| 3004 | SD-PWN Part 4 — VMware VeloCloud — The Last Takeover |
RCE
Authentication bypass
Default credentials
SQL injection
Path traversal
LFI |
VMware |
Realmode Labs (@RealmodeLabs) |
Bug Bounty | 2020-11-26 | 2023-06-13 |
| 2970 | How I hacked Facebook: Part One |
Missing authentication
Authentication bypass
Account takeover |
Meta / Facebook |
Alaa Abdulridha (@alaa0x2) |
Bug Bounty | 2020-12-11 | 2023-06-13 |
| 2962 | D-Link: Multiple Security Vulnerabilities Leading to RCE |
RCE
Authentication bypass
Information disclosure |
D-Link |
Harold Zang |
Bug Bounty | 2020-12-17 | 2023-06-13 |
| 2888 | Strange Admin Panel Bypass Story | | Bug Bounty |
Authentication bypass
Account takeover |
NA |
Ranjeet Kumar Singh (@geekboyranjeet) |
Bug Bounty | 2021-01-17 | 2023-06-13 |
| 2848 | An Account Takeover Vulnerability Due to Response Manipulation. |
Authentication bypass
Account takeover |
NA |
Avanish Pathak (@avanish46) |
Bug Bounty | 2021-01-31 | 2023-06-13 |
| 2782 | Account Take Over by Response Manipulation |
Authentication bypass
Account takeover |
NA |
Naveen J (@thevillagehackr) |
Bug Bounty | 2021-02-17 | 2023-06-13 |
| 2779 | Account Takeover via Response Manipulation worth 1800$.. |
Authentication bypass
OTP bypass
Account takeover |
NA |
Ashutosh mishra (@ashutoshmish_ra) |
Bug Bounty | 2021-02-20 | 2023-06-13 |
| 2756 | Jira Auth Bypass bug in Google Acquisition (Apigee) |
Authentication bypass |
Google |
Jayateertha Guruprasad (@JayateerthaG) |
Bug Bounty | 2021-02-28 | 2023-06-13 |
| 2660 | Weird and very easy authentication bypass found with Google dorking |
Authentication bypass |
NA |
GrumpinouT (@RVerwilghen) |
Bug Bounty | 2021-04-05 | 2023-06-13 |
| 2645 | Advisory: Cisco RV34X Series – Authentication Bypass and Remote Command Execution |
Authentication bypass
OS command injection
RCE |
Cisco |
T. Shiomitsu |
Bug Bounty | 2021-04-13 | 2023-06-13 |
