| 4226 | How I was able to get your facebook private friend list [Responsible Disclosure] |
Information disclosure |
Meta / Facebook |
Raja Sekar Durairaj |
Bug Bounty | 2019-04-01 | 2023-06-13 |
| 4225 | FileZilla Untrusted Search Path |
RCE |
FileZilla (EU-FOSSA 2) |
Chris Lyne (@lynerc) |
Bug Bounty | 2019-04-02 | 2023-06-13 |
| 4224 | Facebook Vulnerability: Hiding from Facebook Page Admin(s) in /hacked workflow |
Logic flaw |
Meta / Facebook |
Ritish Kumar Singh |
Bug Bounty | 2019-04-02 | 2023-06-13 |
| 4223 | How I am able to hijack you. |
Logic flaw |
Google |
Terjanq (@terjanq) |
Bug Bounty | 2019-04-03 | 2023-06-13 |
| 4222 | DownNotifier SSRF |
SSRF |
DownNotifier |
_m_q_t (@_m_q_t) |
Bug Bounty | 2019-04-04 | 2023-06-13 |
| 4221 | Leaked Salesforce API access token at IKEA.com |
Information disclosure
Salesforce |
Ikea |
Jonathan Bouman (@JonathanBouman) |
Bug Bounty | 2019-04-04 | 2023-06-13 |
| 4220 | Handlebars template injection and RCE in a Shopify app |
SSTI
RCE |
Shopify |
Mahmoud Gamal (@Zombiehelp54) |
Bug Bounty | 2019-04-04 | 2023-06-13 |
| 4219 | Google Ads — Information Disclosure via null pointer exception |
Information disclosure |
Google |
Valerio brussani (@val_brux) |
Bug Bounty | 2019-04-04 | 2023-06-13 |
| 4218 | Same-Origin Policy: From birth until today |
SOP bypass
Browser hacking
CSRF
CORS |
Mozilla
Google (Chrome)
Opera |
Alex Nikolova (@AaylaSecura1138) |
Bug Bounty | 2019-04-04 | 2023-06-13 |
| 4217 | Scary Bug in Burp Suite Upstream Proxy Allows Hackers to Hack Hackers |
MiTM |
PortSwigger |
Armaan Pathan (@armaancrockroax) |
Bug Bounty | 2019-04-06 | 2023-06-13 |
| 4216 | Edmodo — IDOR to view private files of any class |
IDOR |
Edmodo |
Rohan Pagey (@rohan_x3) |
Bug Bounty | 2019-04-06 | 2023-06-13 |
| 4215 | Email content spoofing at IKEA.com |
Email content spoofing |
Ikea |
Jonathan Bouman (@JonathanBouman) |
Bug Bounty | 2019-04-06 | 2023-06-13 |
| 4214 | Old but GOLD Dot Dot Slash to Get the Flag — Uber Microservice |
SSRF
Path traversal
Account takeover |
Uber |
Ron Chan (@ngalongc) |
Bug Bounty | 2019-04-07 | 2023-06-13 |
| 4213 | How I got a trip to amsterdam through bug bounty |
Bruteforce |
NA |
Ninad Mathpati (@ninad_mathpati) |
Bug Bounty | 2019-04-07 | 2023-06-13 |
| 4212 | Obtaining XSS Using Moodle Features and Minor Bugs |
Login CSRF
XSS |
Moodle |
Daniel Thatcher (@_danielthatcher) |
Bug Bounty | 2019-04-09 | 2023-06-13 |
| 4211 | SSRF Tips: SSRF/XSPA in Microsoft’s Bing Webmaster Central |
SSRF
XSPA |
Microsoft |
Elber Andre (@Elber333) |
Bug Bounty | 2019-04-09 | 2023-06-13 |
| 4210 | Dell KACE K1000 Remote Code Execution — the Story of Bug K1–18652 |
RCE |
Dropbox |
Julien Ahrens (@MrTuxracer) |
Bug Bounty | 2019-04-09 | 2023-06-13 |
| 4209 | Spokeo Bug bounty Experience |
XSS |
Spokeo |
Nur A Alam Dipu (@Dipu1A) |
Bug Bounty | 2019-04-10 | 2023-06-13 |
| 4208 | Multiple xss in *.skype.com |
XSS |
Microsoft |
Jayateertha Guruprasad (@JayateerthaG) |
Bug Bounty | 2019-04-10 | 2023-06-13 |
| 4207 | Account Takeover by chaining two vulnerabilities. |
CSRF
Open redirect
Account takeover |
NA |
Sheraz Khalid |
Bug Bounty | 2019-04-10 | 2023-06-13 |
| 4206 | Unauthenticated Account Takeover Through HTTP Leak |
HTML injection
HTTP Leak
Account takeover |
NA |
Nikhil (niks) (@niksthehacker) |
Bug Bounty | 2019-04-11 | 2023-06-13 |
| 4205 | [RCE] Remote code execution at api.PrivateProgram.com (CVE-2017-5638) |
RCE |
NA |
Mohamed Haron (@m7mdharon) |
Bug Bounty | 2019-04-12 | 2023-06-13 |
| 4204 | Web Cache Deception to API endpoint attack using cached token header |
Web cache deception |
NA |
Kunal pandey (@kunalp94) |
Bug Bounty | 2019-04-13 | 2023-06-13 |
| 4203 | How I gained access to revenue and traffic data of thousands of Shopify stores |
IDOR |
Shopify |
Ayoub Fathi (@_ayoubfathi_) |
Bug Bounty | 2019-04-15 | 2023-06-13 |
| 4202 | The Outlook Winner is Dash |
Authorization flaw |
Microsoft |
marcan2020 (@marcan2020) |
Bug Bounty | 2019-04-15 | 2023-06-13 |
