| 2345 | Do you like to read? I can take over your Kindle with an e-book |
Memory corruption
RCE
Local Privilege Escalation |
Amazon |
Slava Makkaveev |
Bug Bounty | 2021-08-06 | 2023-06-13 |
| 2340 | Size Matters — CVE-2021–0485 (High) |
Local Privilege Escalation
Android |
Google |
Dimitrios Valsamaras (@Ch0pin) |
Bug Bounty | 2021-08-07 | 2023-06-13 |
| 2339 | CVE-2021-0090: Intel Driver & Support Assistant (DSA) Elevation Of Privilege (EOP) |
Local Privilege Escalation |
Intel |
bohops (@bohops) |
Bug Bounty | 2021-08-07 | 2023-06-13 |
| 2335 | Multiple Vulnerabilities In cPanel/WHM |
XXE
Stored XSS
Privilege escalation
CSRF
Cross-Site WebSocket Hijacking (CSWH) |
cPanel |
Adrian Tiron (@adrian__t) |
Bug Bounty | 2021-08-10 | 2023-06-13 |
| 2328 | How we was able to takeover whole organization via Privilege Escalation |
Privilege escalation
Authorization flaw |
NA |
Yasser Mohammed (@boomneroli) |
Bug Bounty | 2021-08-13 | 2023-06-13 |
| 2314 | A New Attack Surface on MS Exchange Part 1 - ProxyLogon! |
RCE
Privilege escalation |
Microsoft |
Orange Tsai (@orange_8361) |
Bug Bounty | 2021-08-18 | 2023-06-13 |
| 2289 | ChaosDB: Critical Vulnerability in Microsoft Azure Cosmos DB |
Account takeover
Local Privilege Escalation |
Microsoft |
Nir Ohfeld (@nirohfeld) |
Bug Bounty | 2021-08-26 | 2023-06-13 |
| 2288 | How did I earned 6000$ from tokens and scopes in one day |
Authorization flaw
Privilege escalation |
NA |
Corraldev (@javier_corralg) |
Bug Bounty | 2021-08-27 | 2023-06-13 |
| 2277 | Two account takeover bugs worth $4300 🎁 |
Account takeover
Privilege escalation
403 bypass
IDOR |
NA |
Usama Varikkottil (@usama_dev) |
Bug Bounty | 2021-08-29 | 2023-06-13 |
| 2273 | Broken Access Control Leads To Change Of Admin Details |
Privilege escalation
Client-side enforcement of server-side security |
NA |
V3D (@v3d_bug) |
Bug Bounty | 2021-08-31 | 2023-06-13 |
| 2270 | Full PoC | Metasploit Pro Trial License Request Limit Bypass |
Privilege escalation
Logic flaw |
Rapid7 |
ChooK |
Bug Bounty | 2021-08-31 | 2023-06-13 |
| 2243 | 5 Different Vulnerabilities in Google’s Threadit |
DOM XSS
Clickjacking
Privilege escalation
Information disclosure |
Google |
Thomas Orlita (@ThomasOrlita) |
Bug Bounty | 2021-09-07 | 2023-06-13 |
| 2235 | Finding Azurescape – Cross-Account Container Takeover in Azure Container Instances |
Container takeover
Container escape
Privilege escalation
Cloud |
Microsoft |
Unit 42 (@Unit42_Intel) |
Bug Bounty | 2021-09-09 | 2023-06-13 |
| 2224 | OMIGOD: Critical Vulnerabilities in OMI Affecting Countless Azure Customers |
Local Privilege Escalation
RCE |
Microsoft |
Nir Ohfeld (@nirohfeld) |
Bug Bounty | 2021-09-14 | 2023-06-13 |
| 2210 | Admin access !! |
Privilege escalation
Broken Access Control |
NA |
th3.d1p4k (@DipakPanchal05) |
Bug Bounty | 2021-09-19 | 2023-06-13 |
| 2197 | Bug-Bounty | FASTMAIL [topicbox.com: Privileges Escalation > Organization Takeover] |
Privilege escalation
Logic flaw |
Fastmail |
Mohammed ELdawody |
Bug Bounty | 2021-09-24 | 2023-06-13 |
| 2194 | Disclosure of three 0-day iOS vulnerabilities and critique of Apple Security Bounty program |
Information disclosure
Local Privilege Escalation
Privacy issue |
Apple |
Denis Tokarev / illusionofchaos |
Bug Bounty | 2021-09-24 | 2023-06-13 |
| 2187 | DeepSurface Security Advisory: LPE in Firefox on Windows |
Local Privilege Escalation |
Mozilla |
Robert Chen |
Bug Bounty | 2021-09-28 | 2023-06-13 |
| 2178 | vScalation (CVE-2021-22015)- Local Privilege Escalation in VMware vCenter |
Local Privilege Escalation |
VMware |
Yuval Lazar |
Bug Bounty | 2021-11-30 | 2023-06-13 |
| 2177 | Privilege Escalation to stored XSS |
Privilege escalation
HTTP response manipulation
Stored XSS |
NA |
Rohit Kumar (Rohit_443) |
Bug Bounty | 2021-10-01 | 2023-06-13 |
| 2152 | Stealing all your secrets using IPFS Mounts |
Web3 hacking
Local Privilege Escalation |
Filecoin Security |
Joran Honig (@joranhonig) |
Bug Bounty | 2021-10-12 | 2023-06-13 |
| 2151 | Bypassing required reviews using GitHub Actions |
Privilege escalation
Logic flaw |
GitHub |
Omer Gil (@omer_gil) |
Bug Bounty | 2021-10-12 | 2023-06-13 |
| 2124 | Zimbra “nginx” Local Root Exploit |
Local Privilege Escalation |
Zimbra |
Darren Martyn (@_darrenmartyn) |
Bug Bounty | 2021-10-25 | 2023-06-13 |
| 2122 | Zimbra “zmslapd” Local Root Exploit. |
Local Privilege Escalation |
Zimbra |
Darren Martyn (@_darrenmartyn) |
Bug Bounty | 2021-10-27 | 2023-06-13 |
| 2113 | Microsoft finds new macOS vulnerability, Shrootless, that could bypass System Integrity Protection |
SIP bypass
Local Privilege Escalation |
Apple |
Microsoft Security Vulnerability Research (MSVR) |
Bug Bounty | 2021-10-28 | 2023-06-13 |
