| 4534 | Microsoft Edge Remote Code Execution |
RCE |
Microsoft |
Abdulrahman Alqabandi (@Qab) |
Bug Bounty | 2018-10-11 | 2023-06-13 |
| 4533 | Add description to Instagram Posts on behalf of other users - 6500$ |
IDOR |
Meta / Facebook |
Sarmad Hassan (@JubaBaghdad) |
Bug Bounty | 2018-10-12 | 2023-06-13 |
| 4532 | Magic XSS with two parameters |
XSS |
NA |
Mahmood Shahabi (@m4shahab1) |
Bug Bounty | 2018-10-12 | 2023-06-13 |
| 4531 | [Bug bounty | mail.ru] Access to the admin panel of the partner site and data disclosure of 2 million users |
Authentication bypass
Blind XSS |
Mail.ru |
Max (@iSecMax) |
Bug Bounty | 2018-10-12 | 2023-06-13 |
| 4530 | Microsoft CSRF Vulnerability |
CSRF |
Microsoft |
Adesh Nandkishor kolte (@AdeshKolte) |
Bug Bounty | 2018-10-12 | 2023-06-13 |
| 4529 | Brave Browser Script Blocker Bypass Vulnerability |
Browser hacking |
Brave Software |
Xiaoyin Liu |
Bug Bounty | 2018-10-13 | 2023-06-13 |
| 4528 | Path traversal while uploading results in RCE |
Path traversal
RCE |
NA |
Harsh Jaiswal (@rootxharsh) |
Bug Bounty | 2018-10-15 | 2023-06-13 |
| 4527 | XXE in IBM’s MaaS360 Platform |
XXE |
IBM |
Cody Wass |
Bug Bounty | 2018-10-16 | 2023-06-13 |
| 4526 | Security teams Internal attachments can be exported via "Export as .zip" feature on HackerOne |
Logic flaw |
HackerOne |
Japz Divino (@japzdivino) |
Bug Bounty | 2018-10-17 | 2023-06-13 |
| 4525 | Add comment on a private Oculus Developer bug report |
IDOR
Authorization flaw |
Meta / Facebook |
Sarmad Hassan (@JubaBaghdad) |
Bug Bounty | 2018-10-18 | 2023-06-13 |
| 4524 | XSS with PUT in Ghost Blog |
XSS |
Ghost |
Derek (@StackCrash) |
Bug Bounty | 2018-10-19 | 2023-06-13 |
| 4523 | A Story of mishandling the Chunked Data (CVE-2018-17082) |
XSS |
PHP |
Prashanth Varma (@cymtrick) |
Bug Bounty | 2018-10-20 | 2023-06-13 |
| 4522 | A possibility of Account Takeover in Medium |
Account takeover
Logic flaw |
Medium |
Prashant Kumar (@notsoshant) |
Bug Bounty | 2018-10-20 | 2023-06-13 |
| 4521 | Harvesting all private invites using leave program fast-tracked invitation and security@ email forwarding feature |
Logic flaw |
HackerOne |
Japz Divino (@japzdivino) |
Bug Bounty | 2018-10-22 | 2023-06-13 |
| 4520 | Cookie-based-injection XSS making exploitable with-out exploiting other Vulns |
XSS |
NA |
Utkarsh Agrawal (@agrawalsmart7) |
Bug Bounty | 2018-10-22 | 2023-06-13 |
| 4519 | Google sites and exploiting same origin policy |
SOP bypass |
Google |
Raushan Raj (@raushan_rajj) |
Bug Bounty | 2018-10-22 | 2023-06-13 |
| 4518 | XSS with HTML and how to convert the HTML into charcode() |
XSS |
Purinar Logistics |
Arif-ITSEC111 |
Bug Bounty | 2018-10-22 | 2023-06-13 |
| 4517 | Facebook hidden redirection vulnerability |
Open redirect |
Meta / Facebook |
Ege Ken |
Bug Bounty | 2018-10-24 | 2023-06-13 |
| 4516 | SOAP- Based Unauthenticated Out-of-Band XML External Entity (OOB-XXE) in a Help Desk Software |
XXE |
NA |
Nikhil (niks) (@niksthehacker) |
Bug Bounty | 2018-10-24 | 2023-06-13 |
| 4515 | DoS on Facebook Android app using 65530 characters of ZERO WIDTH NO-BREAK SPACE. |
DoS |
Meta / Facebook |
Rahul Kankrale (@RahulKankrale) |
Bug Bounty | 2018-10-25 | 2023-06-13 |
| 4514 | Subdomain takeover dew to missconfigured project settings for Custom domain . |
Subdomain takeover |
Flock |
Prial Islam Khan (@prial261) |
Bug Bounty | 2018-10-25 | 2023-06-13 |
| 4513 | CSRF account takeover Explained Automated/Manual — Bug Bounty |
CSRF
Account takeover |
OpenMenu |
Vulnerables |
Bug Bounty | 2018-10-26 | 2023-06-13 |
| 4512 | A very useful technique to bypass the CSRF protection for fun and profit. |
CSRF |
NA |
Yeasir Arafat |
Bug Bounty | 2018-10-26 | 2023-06-13 |
| 4511 | How Misconfigured API leaked user private information? |
IDOR
Authorization flaw |
NA |
Yeasir Arafat |
Bug Bounty | 2018-10-26 | 2023-06-13 |
| 4510 | Privilege Escalation like a Boss |
IDOR |
NA |
Jay Jani (@JayJani007) |
Bug Bounty | 2018-10-27 | 2023-06-13 |
