| 4093 | Business user Employees could have applied block list to all ad accounts listed in the business manager. |
Authorization flaw
Logic flaw |
Meta / Facebook |
Rohit kumar (@rohitcoder) |
Bug Bounty | 2019-06-17 | 2023-06-13 |
| 4092 | XSS Filter Evasion |
XSS |
NA |
m0z (@LooseSecurity) |
Bug Bounty | 2019-06-17 | 2023-06-13 |
| 4091 | Account Takeover with Clickjacking |
Clickjacking |
NA |
Osama Avvan (@osamaavvan) |
Bug Bounty | 2019-06-19 | 2023-06-13 |
| 4090 | Facebook Vulnerability: Unremovable Co-Host in facebook group events |
Logic flaw |
Meta / Facebook |
Ritish Kumar Singh |
Bug Bounty | 2019-06-19 | 2023-06-13 |
| 4089 | How a classical XSS can lead to persistent ATO Vulnerability? |
XSS
Account takeover |
NA |
Milind Purswani (@MilindPurswani) |
Bug Bounty | 2019-06-19 | 2023-06-13 |
| 4088 | A Fight For Duplicate Marked Bug: Story of BBC Hall Of Fame |
XSS |
BBC |
Wasim Shaikh (@Wa_sim_sim) |
Bug Bounty | 2019-06-20 | 2023-06-13 |
| 4087 | Self XSS To Evil XSS |
XSS |
NA |
Saad Ahmed (@XSaadAhmedX) |
Bug Bounty | 2019-06-20 | 2023-06-13 |
| 4086 | IDOR: Payment Fraud |
IDOR
Payment tampering |
NA |
Vibhurushi Chotaliya (@_Vibhurushi_) |
Bug Bounty | 2019-06-20 | 2023-06-13 |
| 4085 | About a Sucuri RCE...and How Not to Handle Bug Bounty Reports |
RCE |
Sucuri |
Julien Ahrens (@MrTuxracer) |
Bug Bounty | 2019-06-20 | 2023-06-13 |
| 4084 | $1800 worth Clickjacking |
Clickjacking |
NA |
Osama Avvan (@osamaavvan) |
Bug Bounty | 2019-06-21 | 2023-06-13 |
| 4083 | Catching support emails from my internet service provider |
Logic flaw |
T-Mobile |
Sander Lentink |
Bug Bounty | 2019-06-21 | 2023-06-13 |
| 4082 | How I Hacked the Microsoft Outlook Android App and Found CVE-2019-1105 |
XSS |
Microsoft |
Bryan Appleby (@bryapp)< |
Bug Bounty | 2019-06-21 | 2023-06-13 |
| 4081 | Page Admin Disclosure | Facebook Bug Bounty 2019 |
Authorization flaw |
Meta / Facebook |
Ajay Gautam (@evilboyajay) |
Bug Bounty | 2019-06-22 | 2023-06-13 |
| 4080 | Password Reset Vulnerability — Full Account takeover (Insecure Direct Object Reference) |
Password reset
IDOR
Account takeover |
NA |
Muhammad Asim Shahzad (@protector47) |
Bug Bounty | 2019-06-22 | 2023-06-13 |
| 4079 | CSV injection at Comment Section. |
CSV injection |
NA |
Navneet (@na5n33t) |
Bug Bounty | 2019-06-24 | 2023-06-13 |
| 4077 | F5 Networks Endpoint Inspector – Browser-to-RCE? |
RCE |
F5 |
Dave U. Ramdon |
Bug Bounty | 2019-06-26 | 2023-06-13 |
| 4076 | Sensitive Information Disclosure: Web Cache Deception Attack |
Information disclosure |
Intuit |
Wasim Shaikh (@Wa_sim_sim) |
Bug Bounty | 2019-06-26 | 2023-06-13 |
| 4074 | CORS To CSRF Attack |
CORS misconfiguration
CSRF |
NA |
Osama Avvan (@osamaavvan) |
Bug Bounty | 2019-06-27 | 2023-06-13 |
| 4073 | 1-Click Account Takeover in Virgool.io — a Nice Case Study |
Account takeover
Open redirect |
NA |
Yashar Shahinzadeh (@YShahinzadeh) |
Bug Bounty | 2019-06-27 | 2023-06-13 |
| 4071 | Gain adfly SMTP access with SSRF via Gopher Protocol |
SSRF |
Adf.ly |
Zerb0a |
Bug Bounty | 2019-06-27 | 2023-06-13 |
| 4070 | Nuget/Squirrel uncontrolled endpoints leads to arbitrary code execution |
RCE |
Microsoft |
Reegun J (@reegun21) |
Bug Bounty | 2019-06-28 | 2023-06-13 |
| 4069 | Facebook BugBounty : Short story on Page admin disclosure |
Authorization flaw
Privilege escalation |
Meta / Facebook |
Bijan Murmu (@0xBijan) |
Bug Bounty | 2019-06-28 | 2023-06-13 |
| 4068 | One more Parameter manipulation bug (🤑) |
Parameter tampering |
NA |
Kanchan Singh Yadav (@KanchanSingh0) |
Bug Bounty | 2019-06-28 | 2023-06-13 |
| 4067 | Stored XSS on Indeed |
Stored XSS |
Indeed |
Tirtha Mandal (@tirtha_mandal) |
Bug Bounty | 2019-06-30 | 2023-06-13 |
| 4066 | Accidental IDOR |
IDOR |
NA |
Saad Ahmed (@XSaadAhmedX) |
Bug Bounty | 2019-07-01 | 2023-06-13 |
