| 3952 | Private bug bounty $$,$$$ USD: “RCE as root on Marathon-Mesos instance” |
RCE |
NA |
Omar Espino (@omespino) |
Bug Bounty | 2019-08-27 | 2023-06-13 |
| 3951 | How to look for JS files Vulnerability for fun and profit? |
Information disclosure |
NA |
Yeasir Arafat |
Bug Bounty | 2019-08-27 | 2023-06-13 |
| 3950 | Address bar spoofing in Firefox Lite for Android ...and the idiocy that followed |
Address Bar Spoofing
URL spoofing |
Mozilla |
Piyush Raj (@0x48piraj) |
Bug Bounty | 2019-08-01 | 2023-06-13 |
| 3949 | Shodan is your friend!!! If you ignore him you will lose many… |
SQL injection
Authentication bypass |
NA |
Vijaysimha Reddy Bathini (@fatratfatrat) |
Bug Bounty | 2019-08-28 | 2023-06-13 |
| 3948 | My First LFI |
LFI |
NA |
Tirtha Mandal (@tirtha_mandal) |
Bug Bounty | 2019-08-31 | 2023-06-13 |
| 3947 | Graphql Bug to Steal Anyone’s Address |
Information disclosure
GraphQL |
NA |
Pratik Yadav (@PratikY9967) |
Bug Bounty | 2019-09-01 | 2023-06-13 |
| 3946 | Google Cloud Blog platform vulnerability |
XSS |
Google |
Alexandru Coltuneac (@dekeeu) |
Bug Bounty | 2019-09-01 | 2023-06-13 |
| 3944 | RCE using Path Traversal |
RCE
Path traversal |
NA |
inc0gbyt3 (@incogbyte) |
Bug Bounty | 2019-09-02 | 2023-06-13 |
| 3943 | Add new user with Admin permission and takeover the organization |
Authorization flaw
Privilege escalation |
NA |
Tarek Mohamed (@Conan0x3) |
Bug Bounty | 2019-09-04 | 2023-06-13 |
| 3942 | Exposed Jenkins to RCE on 8 Adobe Experience Managers |
RCE
Exposed Jenkins instance |
NA |
Corben Leo (@hacker_) |
Bug Bounty | 2019-09-04 | 2023-06-13 |
| 3941 | Readme.com Account Takeover |
Password reset |
Readme.com |
Ankush Goel (@0xankush) |
Bug Bounty | 2019-09-05 | 2023-06-13 |
| 3940 | DOM Based XSS in Private Program |
DOM XSS |
NA |
Mohamed Haron (@m7mdharon) |
Bug Bounty | 2019-09-05 | 2023-06-13 |
| 3939 | Super Glamorous Recon with Intended Functionalities |
SSTI
XSS |
NA |
hateshape (@hateshaped) |
Bug Bounty | 2019-09-06 | 2023-06-13 |
| 3938 | Finding Gem in Someone’s Report: Instant $500USD at HackerOne Platform |
Information disclosure |
NA |
Hisoka Morou |
Bug Bounty | 2019-09-07 | 2023-06-13 |
| 3937 | Write up of two HTTP Requests Smuggling |
HTTP request smuggling |
NA |
C1h2e1 (@C1h2e11) |
Bug Bounty | 2019-09-07 | 2023-06-13 |
| 3936 | Exploiting JSONP and Bypassing Referer Check |
Information disclosure
JSONP |
NA |
Osama Avvan (@osamaavvan) |
Bug Bounty | 2019-09-07 | 2023-06-13 |
| 3935 | XSS in Zoho Mail |
XSS |
Zoho |
Anas Mahmood (@AnasIsHere) |
Bug Bounty | 2019-09-08 | 2023-06-13 |
| 3934 | Oculus identity verification bypass through brute-force |
OTP bypass
Lack of rate limiting |
Meta / Facebook |
karthik kumar reddy (@karthiksunny007) |
Bug Bounty | 2019-09-09 | 2023-06-13 |
| 3933 | Accessing 2 million Verizon Pay Monthly contracts |
Information disclosure
Authentication bypass
IDOR |
Yahoo! / Verizon Media |
Daley Bee (@daley) |
Bug Bounty | 2019-09-09 | 2023-06-13 |
| 3932 | Telegram addresses another privacy issue |
Logic flaw
Privacy issue |
Telegram |
Dhiraj (@RandomDhiraj) |
Bug Bounty | 2019-09-09 | 2023-06-13 |
| 3931 | H1-4420: From Quiz to Admin - Chaining Two 0-Days to Compromise An Uber Wordpress |
Stored XSS
SQL injection |
Uber |
Julien Ahrens (@MrTuxracer) |
Bug Bounty | 2019-09-10 | 2023-06-13 |
| 3929 | Pwn Them All #BugBounty |
Host header injection
Password reset |
NA |
Bilal Khan (@bilalmerokhel) |
Bug Bounty | 2019-09-11 | 2023-06-13 |
| 3927 | How does my recon win $250 in 15 minutes |
Open redirect |
NA |
Hein Thant Zin (@H3Lowr) |
Bug Bounty | 2019-09-12 | 2023-06-13 |
| 3925 | Exploiting File Uploads Pt. 2 – A Tale of a $3k worth RCE. |
Unrestricted file upload
RCE |
NA |
HackerOn2Wheels (@HackerOn2Wheels) |
Bug Bounty | 2019-09-13 | 2023-06-13 |
| 3924 | HTTP Request Smuggling CL.TE |
HTTP request smuggling |
NA |
memN0ps (@memN0ps) |
Bug Bounty | 2019-09-13 | 2023-06-13 |
