| 3923 | Unauthorized access to all user information leaks |
Information disclosure |
NA |
C1h2e1 (@C1h2e11) |
Bug Bounty | 2019-09-13 | 2023-06-13 |
| 3922 | How two dead accounts allowed remote crash of any instagram android user |
DoS |
Meta / Facebook |
Valerio brussani (@val_brux) |
Bug Bounty | 2019-09-13 | 2023-06-13 |
| 3921 | I Could Have Hacked All Uber Accounts- But I Chose to Report it Instead |
Information disclosure |
Uber |
Anand Prakash (@anandpraka_sh) |
Bug Bounty | 2019-09-13 | 2023-06-13 |
| 3920 | Race Condition that could Result to RCE - (A story with an App that temporary stored an uploaded file within 2 seconds before moving it to Amazon S3) |
Race condition
RCE
Unrestricted file upload |
NA |
YoKo Kho (@YokoAcc) |
Bug Bounty | 2019-09-14 | 2023-06-13 |
| 3919 | OTP Manipulation |
OTP bypass |
NA |
Kishan choudhary (@choudhary_1337) |
Bug Bounty | 2019-09-14 | 2023-06-13 |
| 3918 | How I found a simple and weird Account takeover bug |
Account takeover
Missing authentication |
NA |
Bijan Murmu (@0xBijan) |
Bug Bounty | 2019-09-14 | 2023-06-13 |
| 3917 | Google Referer Leak Bug |
Referer leakage
Information disclosure |
Google |
Jayateertha Guruprasad (@JayateerthaG) |
Bug Bounty | 2019-09-15 | 2023-06-13 |
| 3916 | Client, not client! |
LFI |
NA |
Tung Pun |
Bug Bounty | 2019-09-15 | 2023-06-13 |
| 3915 | RCE with Flask Jinja Template Injection |
SSTI
RCE |
NA |
AkShAy KaTkAr (@AkShAy KaTkAr) |
Bug Bounty | 2019-09-17 | 2023-06-13 |
| 3914 | SSRF | Reading Local Files from DownNotifier server |
SSRF |
NA |
Dr.FarFar (@3XS0) |
Bug Bounty | 2019-09-18 | 2023-06-13 |
| 3911 | How I able to Takeover 10 subdomains in a Private Program ? |
Subdomain takeover |
NA |
Mohamed Haron (@m7mdharon) |
Bug Bounty | 2019-09-20 | 2023-06-13 |
| 3910 | Stored XSS on Zendesk via Macro’s PART 2 |
Stored XSS |
Zendesk |
Hariharan.s (@DJHARIZ1) |
Bug Bounty | 2019-09-20 | 2023-06-13 |
| 3909 | Bug or Feature? GitHub Adventure #001 |
OAuth
Open redirect |
NA |
Dominik Opyd (@oad_earth) |
Bug Bounty | 2019-09-21 | 2023-06-13 |
| 3908 | A Simple bypass of Registration Activation that Lead to many Bug - |
Information disclosure
IDOR
CSRF |
NA |
YoKo Kho (@YokoAcc) |
Bug Bounty | 2019-09-21 | 2023-06-13 |
| 3907 | Facebook Workplace Privilege Escalation Vulnerability To Change The Post Privacy As Public |
Privilege escalation |
Meta / Facebook |
Guhan Raja (@havocgwen) |
Bug Bounty | 2019-09-21 | 2023-06-13 |
| 3906 | [Case Study] OAuth Misconfiguration leads to Account Takeover |
OAuth
Account takeover |
NA |
Gaurang Bhatnagar (@0xgaurang) |
Bug Bounty | 2019-09-21 | 2023-06-13 |
| 3905 | [Bug Bounty] Exploiting Cookie Based XSS by Finding RCE |
Information disclosure
SQL injection
Authentication bypass
Unrestricted file upload
RCE
XSS |
NA |
Tomi (@noobe_io) |
Bug Bounty | 2019-09-22 | 2023-06-13 |
| 3904 | Broken Link Hijacking - s3 buckets |
Broken link hijacking |
Google |
Tutorgeeks (@tutorgeeks) |
Bug Bounty | 2019-09-22 | 2023-06-13 |
| 3903 | Fuzzing {{7*7}} Till {{P1}} |
SSTI |
NA |
Verneet (@err0rrrrr) |
Bug Bounty | 2019-09-23 | 2023-06-13 |
| 3902 | ONEPLUS XSS vulnerability in Customer Support Portal |
XSS |
OnePLus |
Mainak Sadhukhan |
Bug Bounty | 2019-09-24 | 2023-06-13 |
| 3901 | Information Disclosure at PayPal and Xoom (PayPal Acquisition) via Simple Google Dork - 1,000 USD |
Information disclosure |
Paypal |
YoKo Kho (@YokoAcc) |
Bug Bounty | 2019-09-24 | 2023-06-13 |
| 3900 | Analysis of CVE-2019-14994 – Jira Service Desk Path Traversal leads to Massive Information Disclosure |
Path traversal |
Atlassian |
Sam Curry (@samwcyo) |
Bug Bounty | 2019-09-25 | 2023-06-13 |
| 3899 | OnePlus Open/Unvalidated Redirects & Forwards |
Open redirect |
OnePLus |
Mainak Sadhukhan |
Bug Bounty | 2019-09-26 | 2023-06-13 |
| 3898 | Stories Of IDOR |
IDOR |
NA |
Shivbihari Pandey (@ninja_pandit_) |
Bug Bounty | 2019-09-28 | 2023-06-13 |
| 3897 | Spear texting via parameter injection |
Parameter tampering |
NA |
Kyle (@B3nac) |
Bug Bounty | 2019-09-29 | 2023-06-13 |
