2587 | Chaining CSRF with XSS to deactivate Mass user accounts by single click |
CSRF
XSS |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-05-02 | 2023-06-13 |
2586 | Basic recon to RCE |
Insecure deserialization
RCE |
NA |
Joshua Martinelle (@J0_mart) |
Bug Bounty | 2021-05-02 | 2023-06-13 |
2584 | Finding known exploits for bugbounties. |
RCE |
NA |
ipanda (@ipanda915) |
Bug Bounty | 2021-05-03 | 2023-06-13 |
2583 | Deep Dive into Open Source Bug Bounty |
CSRF |
NA |
Ritik Sahni (@ritiksahni22) |
Bug Bounty | 2021-05-03 | 2023-06-13 |
2582 | Exploiting the Source Engine (Part 2) - Full-Chain Client RCE in Source using Frida |
RCE |
Valve |
Geebz (@Gbps111) |
Bug Bounty | 2021-05-04 | 2023-06-13 |
2581 | ExifTool CVE-2021-22204 - Arbitrary Code Execution |
RCE |
GitLab |
William Bowling / vakzz (@wcbowling) |
Bug Bounty | 2021-05-04 | 2023-06-13 |
2580 | XSS Through Parameter Pollution |
XSS
HTTP parameter pollution |
NA |
Saajan Bhujel (@saajanbhujel) |
Bug Bounty | 2021-05-05 | 2023-06-13 |
2578 | XSS Through Parameter Pollution |
Open redirect
XSS
HTTP parameter pollution |
NA |
Saajan Bhujel (@saajanbhujel11) |
Bug Bounty | 2021-05-05 | 2023-06-13 |
2575 | How I Hacked Google App Engine: Anatomy of a Java Bytecode Exploit |
RCE |
Google |
- |
Bug Bounty | 2021-05-05 | 2023-06-13 |
2574 | CVE-2021-1815 – MacOS Local Privilege Escalation Via Preferences |
Local Privilege Escalation |
Apple |
Offensive Security (@offsectraining) |
Bug Bounty | 2021-05-06 | 2023-06-13 |
2569 | Unauthorized access to Django Admin Dashboard by endpoint leaked on GitHub |
Missing authentication
Forced browsing |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-05-10 | 2023-06-13 |
2566 | Stored XSS to Organisation Takeover |
Stored XSS |
NA |
Zaid Bhat (@zaidozaid) |
Bug Bounty | 2021-05-10 | 2023-06-13 |
2564 | CVE-2021-27075: Microsoft Azure Vulnerability Allows Privilege Escalation and Leak of Private Data |
Privilege escalation |
Microsoft |
Intezer |
Bug Bounty | 2021-05-11 | 2023-06-13 |
2563 | CVE-2020-35580 |
LFI |
NA |
hateshape (@hateshaped) |
Bug Bounty | 2021-05-11 | 2023-06-13 |
2561 | How I find my first Stored XSS |
Stored XSS |
NA |
Filipe Azevedo (@filipaze_) |
Bug Bounty | 2021-05-13 | 2023-06-13 |
2560 | Counter-Strike Global Offsets: reliable remote code execution |
RCE |
Valve |
brymko (@brymko) |
Bug Bounty | 2021-05-13 | 2023-06-13 |
2557 | Mass Assignment exploitation in the wild - Escalating privileges in style |
Mass assignment
Privilege escalation |
NA |
Gal Nagli (@naglinagli) |
Bug Bounty | 2021-05-14 | 2023-06-13 |
2556 | 2FA Bypass via Forced Browsing |
MFA bypass |
NA |
Akhil |
Bug Bounty | 2021-05-15 | 2023-06-13 |
2553 | MSSQL Injection In JSON Request |
SQL injection |
NA |
Kailash (@Corrupted_brain) |
Bug Bounty | 2021-05-16 | 2023-06-13 |
2552 | Auth Bypass in https://nearbydevices-pa.googleapis.com |
Broken Access Control |
Google |
David Schütz (@xdavidhu) |
Bug Bounty | 2021-05-16 | 2023-06-13 |
2551 | How i hijacked 12 Subdomains in one Program |
Subdomain takeover |
NA |
Naveen kumawat (@nvk0x) |
Bug Bounty | 2021-05-17 | 2023-06-13 |
2550 | My Fourth Account takeover through password reset |
Account takeover
Password reset |
NA |
Omar Hamdy (@seaman00o) |
Bug Bounty | 2021-05-17 | 2023-06-13 |
2548 | Just Gopher It: Escalating a Blind SSRF to RCE for $15k |
SSRF
RCE |
NA |
SirLeeroyJenkins (@SirLeeroyJenkin) |
Bug Bounty | 2021-05-17 | 2023-06-13 |
2545 | Finding my First Critical Web Cache Poisoning |
Web cache poisoning |
NA |
Yasser Khan (@N3T_hunt3r) |
Bug Bounty | 2021-05-18 | 2023-06-13 |
2544 | DOS & Stored HTML Injection Bug Bounty Writeup |
DoS
HTML injection |
NA |
RiotSecurityTeam (@RiotSecTeam) |
Bug Bounty | 2021-05-19 | 2023-06-13 |