Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
865Practical Client Side Path Traversal Attacks Path traversal Client-side Path Traversal Open redirect CSS injection Acronis Medi (@medi_0ne) Bug Bounty2022-11-042023-06-13
863Directory traversal in PDF viewing application. Leading to full database takeover Path traversal NA Tom Wrinn Bug Bounty2022-11-052023-06-13
849Chaining Path Traversal with SSRF to disclose internal git repo data in a Bank Asset SSRF Path traversal NA Nikhil (niks) (@niksthehacker) Bug Bounty2021-11-092023-06-13
844Unit 42 Finds Three Vulnerabilities in OpenLiteSpeed Web Server RCE OS command injection Path traversal Local Privilege Escalation LiteSpeed Artur Avetisyan (@3v1LMonk3y) Bug Bounty2022-11-102023-06-13
834Path Traversal Vulnerability in Payara Platform Path traversal Payara Michael Baer Bug Bounty2022-11-142023-06-13
733Drupal H5P Module <= 2.0.0 (isValidPackage) Zip Slip Vulnerability Zip Slip attack Path traversal Source code disclosure Drupal Egidio Romano / EgiX Bug Bounty2022-12-032023-06-13
693CVE-2021-43444 to 43449: Exploiting ONLYOFFICE Web Sockets for Unauthenticated Remote Code Execution Websockets RCE Arbitrary file write Path traversal OnlyOffice Iain Wallace (@strawp) Bug Bounty2022-12-142023-06-13
691CVE-2021-43444 to 43449: Exploiting ONLYOFFICE Web Sockets for Unauthenticated Remote Code Execution Websockets XSS RCE Arbitrary file write Path traversal OnlyOffice Iain Wallace (@strawp) Bug Bounty2022-12-142023-06-13
680Directory Traversal Vulnerability in Huawei HG255s Products Path traversal Huawei Ismail Tasdelen Bug Bounty2022-12-172023-06-13
648How I found multiple critical bugs in Red Bull Authentication bypass HTTP response manipulation Path traversal LFI XSS SQL injection RCE Unrestricted file upload RFI Security code review Red Bull Bartłomiej Bergier (@_bergee_) Bug Bounty2022-12-262023-06-13
646The OWASSRF + TabShell exploit chain SSRF Path traversal Sandbox escape Microsoft Rskvp93 (@rskvp93) Bug Bounty2022-12-262023-06-13
616PandoraFMS - Pre-Auth Remote Code Execution RCE Path traversal Arbitrary file upload LFI Security code review PandoraFMS esj4y (@esj4y) Bug Bounty2023-01-062023-06-13
603Practical Example Of Client Side Path Manipulation Client-side Path Traversal NA Antoine Roly (@aroly) Bug Bounty2023-01-092023-06-13
583Unauthenticated Configuration Export in Multiple WAGO Products Path traversal Security code review WAGO ONEKEY (@onekey_sec) Bug Bounty2023-02-162023-06-13
549Using 0days to Protect the United Nations RCE Authentication bypass Path traversal United Nations Florian Hauser (@frycos) Bug Bounty2023-01-242023-06-13
519Remote Command Execution in binwalk RCE Path traversal Security code review ReFirm Labs (binwalk) ubi_reader jefferson yaffshiv Quentin Kaiser (@QKaiser) Bug Bounty2023-01-312023-06-13
427Escaping misconfigured VSCode extensions Path traversal DNS rebinding XSS HTML injection Webview CSP bypass Microsoft (SARIF viewer & Live Preview) Vasco Franco Bug Bounty2023-02-212023-06-13
425Multiple vulnerabilities in Nokia BTS Airscale ASIKA Base transceiver station Path traversal Hardcoded private key Local Privilege Escalation Security misconfiguration Nokia Geoffrey Bertoli (@YofBalibump) Bug Bounty2023-02-212023-06-13
423What the Vuln: Zimbra Zip Slip attack Path traversal NA Carlos Yanez Bug Bounty2023-02-212023-06-13
403Escaping well-configured VSCode extensions (for profit) Electron Webview Path traversal Microsoft Vasco Franco Bug Bounty2023-02-232023-06-13
362How I Earned $$$ for Excessive Data Exposure Through Directory Traversal Leads to Product Price Manipulation Path traversal Information disclosure Payment bypass NA Mohamed Shibil Bug Bounty2023-03-032023-06-13
288Directory Traversal and LFI worth $400 Path traversal NA Hritik Thapa Bug Bounty2023-03-172023-06-13
279Parallels Desktop Toolgate Vulnerability Path traversal Arbitrary file write Security code review Thick client Parallels Alexandre Adamski (@NeatMonster_) Bug Bounty2023-03-202023-06-13
205Losing control over Schneider%27s EcoStruxure Control Expert RCE Path traversal Security code review Schneider Electric Ruben Santamarta (@reversemode) Bug Bounty2023-04-112023-06-13
160Vocera Report Server Pwnage RCE Arbitrary file upload Path traversal Zip Slip attack Stryker b0yd (@rwincey) Bug Bounty2023-04-242023-06-13