| 4333 | Protonmail XSS — Stored |
Stored XSS
Bruteforce |
ProtonMail |
Chand Singh (@Chand_42) |
Bug Bounty | 2019-01-29 | 2023-06-13 |
| 4320 | Remote Code Execution via Path Traversal in the Device Metadata Authoring Wizard |
Path traversal
RCE |
Microsoft |
Lee Christensen (@tifkin_) |
Bug Bounty | 2019-02-06 | 2023-06-13 |
| 4313 | How I hacked ASUS? |
Unrestricted file upload
RCE |
Asus |
Mustafa Kemal Can (@muskecan) |
Bug Bounty | 2019-02-09 | 2023-06-13 |
| 4285 | Swiss_E-Voting_Publications |
XSS
XXE
RCE
Missing authentication
Authentication flaw
Hardcoded credentials |
Swiss E-Voting |
setuid0 (@_setuid0_) |
Bug Bounty | 2019-02-21 | 2023-06-13 |
| 4281 | Bug Bounty 101 — Always Check The Source Code |
Lack of rate limiting
Information disclosure |
NA |
Spazzy |
Bug Bounty | 2019-02-23 | 2023-06-13 |
| 4273 | Bypassing a restrictive JS sandbox |
JS sandbox breakout
RCE |
NA |
Licencia para Hackear |
Bug Bounty | 2019-03-01 | 2023-06-13 |
| 4268 | Fixed : Brute-force Instagram account’s passwords |
Bruteforce
Rate limiting bypass |
Meta / Facebook |
Sameer Rao |
Bug Bounty | 2019-03-05 | 2023-06-13 |
| 4258 | Escalating SSRF to RCE |
SSRF
RCE |
NA |
Youssef A. Mohamed (@GeneralEG64) |
Bug Bounty | 2019-03-25 | 2023-06-13 |
| 4257 | Brute Forcing User IDS via CSRF To Delete all Users with CSRF attack. |
CSRF
Bruteforce |
NA |
Armaan Pathan (@armaancrockroax) |
Bug Bounty | 2019-03-12 | 2023-06-13 |
| 4252 | WordPress 5.1 CSRF to Remote Code Execution |
CSRF
RCE
HTML injection |
WordPress |
Simon Scannell (@scannell_simon) |
Bug Bounty | 2019-03-13 | 2023-06-13 |
| 4242 | Discovering a zero day and getting code execution on Mozilla%27s AWS Network |
RCE |
Mozilla |
Shubham Shah (@infosec_au) |
Bug Bounty | 2019-03-19 | 2023-06-13 |
| 4225 | FileZilla Untrusted Search Path |
RCE |
FileZilla (EU-FOSSA 2) |
Chris Lyne (@lynerc) |
Bug Bounty | 2019-04-02 | 2023-06-13 |
| 4221 | Leaked Salesforce API access token at IKEA.com |
Information disclosure
Salesforce |
Ikea |
Jonathan Bouman (@JonathanBouman) |
Bug Bounty | 2019-04-04 | 2023-06-13 |
| 4220 | Handlebars template injection and RCE in a Shopify app |
SSTI
RCE |
Shopify |
Mahmoud Gamal (@Zombiehelp54) |
Bug Bounty | 2019-04-04 | 2023-06-13 |
| 4213 | How I got a trip to amsterdam through bug bounty |
Bruteforce |
NA |
Ninad Mathpati (@ninad_mathpati) |
Bug Bounty | 2019-04-07 | 2023-06-13 |
| 4210 | Dell KACE K1000 Remote Code Execution — the Story of Bug K1–18652 |
RCE |
Dropbox |
Julien Ahrens (@MrTuxracer) |
Bug Bounty | 2019-04-09 | 2023-06-13 |
| 4205 | [RCE] Remote code execution at api.PrivateProgram.com (CVE-2017-5638) |
RCE |
NA |
Mohamed Haron (@m7mdharon) |
Bug Bounty | 2019-04-12 | 2023-06-13 |
| 4195 | Code execution - Evernote |
RCE
Path traversal |
Evernote |
Dhiraj (@mishradhiraj_) |
Bug Bounty | 2019-04-17 | 2023-06-13 |
| 4194 | PDFReacter SSRF to ROOT Level Local File Read which led to RCE |
SSRF
RCE |
NA |
Armaan Pathan (@armaancrockroax) |
Bug Bounty | 2019-04-18 | 2023-06-13 |
| 4166 | Remote code execution On Microsoft edge using URL Protocol |
RCE |
Microsoft |
Matt harr0ey (@harr0ey) |
Bug Bounty | 2019-05-01 | 2023-06-13 |
| 4162 | ESI Injection Part 2: Abusing specific implementations |
ESI injection
RCE
SSRF
HTTP header injection |
NA |
Philippe Arteau (@h3xstream) |
Bug Bounty | 2019-05-02 | 2023-06-13 |
| 4133 | How did I bypass a Custom Brute Force protection and why that solution is not a good idea? |
Bruteforce
Authentication flaw |
NA |
dortz |
Bug Bounty | 2019-05-25 | 2023-06-13 |
| 4122 | REMOTE CODE EXECUTION ! 😜 Recon Wins |
RCE |
NA |
Vishnuraj |
Bug Bounty | 2019-06-04 | 2023-06-13 |
| 4107 | Admin Account total Information Disclosure |
Source code disclosure
Information disclosure |
NA |
Nishant Saurav (@inishantsinha) |
Bug Bounty | 2019-06-15 | 2023-06-13 |
| 4104 | Complete Web Server Access |
Unrestricted file upload
RCE |
NA |
Saad Ahmed (@XSaadAhmedX) |
Bug Bounty | 2019-06-15 | 2023-06-13 |
