| 5222 | Neglected DNS records exploited to takeover subdomains |
Subdomain takeover |
Heroku |
Yassine Aboukir (@Yassineaboukir) |
Bug Bounty | 2015-02-20 | 2023-06-13 |
| 5221 | Telegram App Store Secret-Chat Messages in Plain-Text Database |
Privacy issue
Information disclosure |
Telegram |
Jon Paterson (@shellprompt) |
Bug Bounty | 2015-02-23 | 2023-06-13 |
| 5220 | How I bypassed Facebook CSRF Protection |
CSRF |
Meta / Facebook |
Pouya Darabi (@Pouyadarabi) |
Bug Bounty | 2015-09-04 | 2023-06-13 |
| 5219 | Race conditions on Facebook, DigitalOcean and others (fixed) |
Race condition |
Meta / Facebook
DigitalOcean
LastPass |
Josip Franjkovic (@josipfranjkovic) |
Bug Bounty | 2015-04-27 | 2023-06-13 |
| 5218 | Bypass ad account roles vulnerability 2015 |
Authorization flaw |
Meta / Facebook |
Pouya Darabi (@Pouyadarabi) |
Bug Bounty | 2015-05-15 | 2023-06-13 |
| 5217 | [Responsible disclosure] How I could have hacked 62.5 million Zomato Users |
IDOR |
Zomato |
Anand Prakash (@anandpraka_sh) |
Bug Bounty | 2015-06-04 | 2023-06-13 |
| 5216 | The easiest bug bounties I have ever won |
IDOR |
Meta / Facebook |
Josip Franjkovic (@josipfranjkovic) |
Bug Bounty | 2015-07-13 | 2023-06-13 |
| 5215 | Bypassing Google Authentication on Periscope%27s Administration Panel |
Authentication bypass |
Google |
Jack Whitton (@fin1te) |
Bug Bounty | 2015-07-20 | 2023-06-13 |
| 5214 | Blind SQL Inejction [Hootsuite] |
Blind SQL injection |
Hootsuite |
Abdullah Hussam (@Abdulahhusam) |
Bug Bounty | 2015-08-01 | 2023-06-13 |
| 5213 | One Payload to XSS Them All! |
Flash XSS |
Adobe |
Abdullah Hussam (@Abdulahhusam) |
Bug Bounty | 2015-08-03 | 2023-06-13 |
| 5212 | Hacking Facebook Pages |
Authorization flaw
Privilege escalation
Broken Access Control |
Meta / Facebook |
Laxman Muthiyah (@LaxmanMuthiyah) |
Bug Bounty | 2015-08-26 | 2023-06-13 |
| 5211 | CVE-2014-7216: A Journey Through Yahoo’s Bug Bounty Program |
Buffer Overflow
Memory corruption |
Yahoo! / Verizon Media |
Julien Ahrens (@MrTuxracer) |
Bug Bounty | 2015-09-03 | 2023-06-13 |
| 5210 | XSS to RCE in ... |
XSS
RCE |
NA |
Neil Hakuna Matatall (@ndm) |
Bug Bounty | 2015-09-08 | 2023-06-13 |
| 5209 | XSS vulnerability in Google image search |
XSS |
Google |
Mahmoud Gamal (@Zombiehelp54) |
Bug Bounty | 2015-09-18 | 2023-06-13 |
| 5208 | Open Redirect in Linkedin and Yahoo |
Open redirect |
LinkedIn
Yahoo! / Verizon Media |
Vitor “r0t” Oliveira (@r0t1v) |
Bug Bounty | 2015-09-24 | 2023-06-13 |
| 5207 | XSS to RCE in Atlassian Hipchat |
XSS
RCE |
Atlassian |
Matt Austin (@mattaustin) |
Bug Bounty | 2015-11-15 | 2023-06-13 |
| 5206 | Cloudflare WAF XSS |
XSS |
Cloudflare |
Abdullah Hussam (@Abdulahhusam) |
Bug Bounty | 2015-11-16 | 2023-06-13 |
| 5205 | How To Hack PayU – And Buy 10x More For The Same Price |
RCE |
PayU |
Rick Harris (@codel10n) |
Bug Bounty | 2015-12-18 | 2023-06-13 |
| 5204 | Arbitary File Upload Vulnerability in Google Nest (Write Up) |
Unrestricted file upload
Stored XSS |
Google |
Evan Ricafort (@evanricafort) |
Bug Bounty | 2015-12-21 | 2023-06-13 |
| 5203 | Local File XSS Vulnerability in Wordpress.com (Write Up) |
XSS |
WordPress |
Evan Ricafort (@evanricafort) |
Bug Bounty | 2015-12-21 | 2023-06-13 |
| 5202 | Instagram%27s Million Dollar Bug |
RCE |
Meta / Facebook |
Wesley Wineberg |
Bug Bounty | 2015-12-27 | 2023-06-13 |
| 5201 | Leaking API keys in Bing Maps Portal |
IDOR |
Microsoft |
Sai Krishna Kothapalli (@kmskrishna) |
Bug Bounty | 2015-12-31 | 2023-06-13 |
| 5200 | Broken Access Control in bingmapsportal !!! |
Broken Access Control |
Microsoft |
Sai Krishna Kothapalli (@kmskrishna) |
Bug Bounty | 2016-01-23 | 2023-06-13 |
| 5199 | [manager.paypal.com] Remote Code Execution Vulnerability |
RCE |
Paypal |
Michael Stepankin (@artsploit) |
Bug Bounty | 2016-01-25 | 2023-06-13 |
| 5198 | An XSS on Facebook via PNGs & Wonky Content Types |
XSS |
Meta / Facebook |
Jack Whitton (@fin1te) |
Bug Bounty | 2016-01-27 | 2023-06-13 |
