| 4201 | Google Groups Authorization Bypass |
Authorization flaw |
Google |
Daniel Marad |
Bug Bounty | 2019-04-15 | 2023-06-13 |
| 4192 | Responsible disclosure: improper access control in Gitlab private project. |
Authorization flaw |
GitLab |
Riccardo Padovani (@rpadovani93) |
Bug Bounty | 2019-04-19 | 2023-06-13 |
| 4178 | Missing Authorization check while deleting App Review for Marketing API |
Authorization flaw |
Meta / Facebook |
Family guy |
Bug Bounty | 2019-04-25 | 2023-06-13 |
| 4172 | Broken Access: Posting to Google private groups through any user in the group |
Authorization flaw |
Google |
Elber Andre (@Elber333) |
Bug Bounty | 2019-04-27 | 2023-06-13 |
| 4168 | Reply To Instagram Stories where privacy of who can reply is set to Nobody’. |
Authorization flaw |
Meta / Facebook |
Baibhav Anand (@SpongeBhav) |
Bug Bounty | 2019-04-30 | 2023-06-13 |
| 4142 | Google Adwords(Privilege Escalation): Read-only user able to add YouTube channels via Linked accounts |
Privilege escalation
Authorization flaw |
Google |
Family guy |
Bug Bounty | 2019-05-21 | 2023-06-13 |
| 4135 | Multiple API issues due to Fixed Authorization token. |
Authorization flaw |
NA |
Mustafa Khan (@by6153) |
Bug Bounty | 2019-05-24 | 2023-06-13 |
| 4125 | Missing access control at play store |
Authorization flaw |
Google |
Vishwaraj Bhattrai (@vishwaraj101) |
Bug Bounty | 2019-06-03 | 2023-06-13 |
| 4111 | Chaining Improper Authorization To Race Condition To Harvest Credit Card Details : A Bug Bounty Story |
Authorization flaw
Race condition |
NA |
Mandeep Jadon (@1337tr0lls) |
Bug Bounty | 2019-06-13 | 2023-06-13 |
| 4093 | Business user Employees could have applied block list to all ad accounts listed in the business manager. |
Authorization flaw
Logic flaw |
Meta / Facebook |
Rohit kumar (@rohitcoder) |
Bug Bounty | 2019-06-17 | 2023-06-13 |
| 4081 | Page Admin Disclosure | Facebook Bug Bounty 2019 |
Authorization flaw |
Meta / Facebook |
Ajay Gautam (@evilboyajay) |
Bug Bounty | 2019-06-22 | 2023-06-13 |
| 4069 | Facebook BugBounty : Short story on Page admin disclosure |
Authorization flaw
Privilege escalation |
Meta / Facebook |
Bijan Murmu (@0xBijan) |
Bug Bounty | 2019-06-28 | 2023-06-13 |
| 4053 | A malicious editor of a page can support to a community action which can’t be unsupported by the admin! |
Authorization flaw |
Meta / Facebook |
mAshraf |
Bug Bounty | 2019-07-09 | 2023-06-13 |
| 4045 | Hacking intoTinder’s Premium Model |
Authorization flaw |
Tinder |
Sanskar Jethi (@sansyrox) |
Bug Bounty | 2019-07-14 | 2023-06-13 |
| 4041 | Facebook Bug : Sending messages as a page with jobmanager permission |
Authorization flaw
Privilege escalation |
Meta / Facebook |
Devansh batham (@devanshwolf) |
Bug Bounty | 2019-07-15 | 2023-06-13 |
| 4004 | Reposted [2019]: Hacking YouTube for #fun and #profit |
Authorization flaw |
Google |
Alexandru Coltuneac (@dekeeu) |
Bug Bounty | 2019-07-30 | 2023-06-13 |
| 3971 | ByPassing fix of Domain Blocking feature in Business Manager |
Authorization flaw
Logic flaw |
Meta / Facebook |
Rohit kumar (@rohitcoder) |
Bug Bounty | 2019-08-15 | 2023-06-13 |
| 3966 | Facebook Bug Bounty: Reading WhatsApp contacts list without unlocking the device |
Authorization flaw |
Meta / Facebook |
Arvind (@ar_arv1nd) |
Bug Bounty | 2019-08-19 | 2023-06-13 |
| 3963 | How I made my first $$$ from finding a bug in Facebook |
Authorization flaw |
Meta / Facebook |
Aayush Pokhrel (@aayushpok) |
Bug Bounty | 2019-08-21 | 2023-06-13 |
| 3962 | Sending Message as page being an analyst/ advertiser? |
Authorization flaw |
Meta / Facebook |
Baibhav Anand (@SpongeBhav) |
Bug Bounty | 2019-08-21 | 2023-06-13 |
| 3943 | Add new user with Admin permission and takeover the organization |
Authorization flaw
Privilege escalation |
NA |
Tarek Mohamed (@Conan0x3) |
Bug Bounty | 2019-09-04 | 2023-06-13 |
| 3882 | Whitehat test accounts can act as Hidden Admin with Business manager / Ad Accounts. |
Authorization flaw |
Meta / Facebook |
Rohit kumar (@rohitcoder) |
Bug Bounty | 2019-10-12 | 2023-06-13 |
| 3841 | Bug Bounty: Broken API Authorization |
Authorization flaw |
NA |
Th3hidd3nmist (@th3_hidd3n_mist) |
Bug Bounty | 2019-11-12 | 2023-06-13 |
| 3829 | Bypassing the patch for my previous Instagram bug. |
Authorization flaw
Logic flaw |
Meta / Facebook |
Baibhav Anand (@SpongeBhav) |
Bug Bounty | 2019-11-18 | 2023-06-13 |
| 3818 | Reply To Instagram Stories where privacy of who can reply is set to Nobody’. (Part 2) |
Authorization flaw |
Meta / Facebook |
Baibhav Anand (@SpongeBhav) |
Bug Bounty | 2019-11-21 | 2023-06-13 |
