| 3817 | 700$ Denial of Service(DoS) vulnerability in script-loader.php (CVE-2018-6389) |
DoS |
NA |
Pankaj Thakur (@Nep_1337_1998) |
Bug Bounty | 2019-11-21 | 2023-06-13 |
| 3816 | Disable Any Unconfirmed Account in Facebook |
Bruteforce |
Meta / Facebook |
Lokesh Kumar (@lokeshdlk77) |
Bug Bounty | 2019-11-21 | 2023-06-13 |
| 3815 | Stories Of IDOR-Part 2 |
IDOR |
NA |
Shivbihari Pandey (@ninja_pandit_) |
Bug Bounty | 2019-11-21 | 2023-06-13 |
| 3814 | IDOR via Websockets |
IDOR |
NA |
Shuaib Oladigbolu (@_sawzeeyy) |
Bug Bounty | 2019-11-23 | 2023-06-13 |
| 3813 | Exploiting padding oracles with fixed IVs |
Padding oracle attack
Account takeover |
NA |
Teddy Katz (@not_aardvark) |
Bug Bounty | 2019-11-23 | 2023-06-13 |
| 3812 | The AccountTakeOver Killing Chain |
Account takeover
CSRF
Self-XSS |
NA |
أنس روبي (@xhzeem) |
Bug Bounty | 2019-11-23 | 2023-06-13 |
| 3811 | CORS Misconfiguration to Account TakeOver [Out of scope to grab items In-Scope] |
CORS misconfiguration
Open redirect
Reflected XSS
Session management issue |
NA |
Mashoud1122 (@mashoud1122) |
Bug Bounty | 2019-11-24 | 2023-06-13 |
| 3810 | Finding a security bug in Discord and what it taught me |
OAuth |
Discord |
Tristan Farkas (@TristanAtFarkas) |
Bug Bounty | 2019-11-24 | 2023-06-13 |
| 3809 | How Did Tons of People Like Me on Tinder? |
HTTP request smuggling |
NA |
Mustafa iran (@Mustafaran) |
Bug Bounty | 2019-11-25 | 2023-06-13 |
| 3808 | Getting access to disabled/hidden features with the help of Burpsuite Match and Replace settings |
Authorization flaw |
NA |
Johns Simon (@Johnssimon22) |
Bug Bounty | 2019-11-27 | 2023-06-13 |
| 3807 | Site Isolation bypass via Chrome extension |
Site Isolation bypass
Browser hacking |
Google |
Anthony Weems |
Bug Bounty | 2019-11-27 | 2023-06-13 |
| 3806 | Reflected XSS in graph.facebook.com leads to account takeover in IE/Edge |
Reflected XSS
Account takeover |
Meta / Facebook |
Youssef Sammouda (@samm0uda) |
Bug Bounty | 2019-11-27 | 2023-06-13 |
| 3805 | XSS Stored On [ Outlook Web — Outlook Android App ] |
Stored XSS |
Microsoft |
ElMahdi Mrhassel (@ElMrhassel) |
Bug Bounty | 2019-11-28 | 2023-06-13 |
| 3804 | Hacking GitHub with Unicode%27s dotless %27i%27 |
Logic flaw |
GitHub |
John Gracey (@jagracey) |
Bug Bounty | 2019-11-28 | 2023-06-13 |
| 3803 | How I turned Self XSS to Stored via CSRF |
Self-XSS
CSRF |
NA |
Abhishek Yadav (@abhishake100) |
Bug Bounty | 2019-11-29 | 2023-06-13 |
| 3802 | My first RCE: a tale of good ideas and good friends |
RCE
ImageTragick |
NA |
rez0 (@rez0__) |
Bug Bounty | 2019-11-29 | 2023-06-13 |
| 3801 | Dank Writeup On Broken Access Control On An Indian Startup |
Unrestricted file upload
Authorization flaw |
NA |
Divyanshu Shukla (@justm0rph3u5) |
Bug Bounty | 2019-11-30 | 2023-06-13 |
| 3800 | XSS like a Pro |
XSS |
NA |
Anas Mahmood (@AnasIsHere) |
Bug Bounty | 2019-12-05 | 2023-06-13 |
| 3799 | HTTP Request Smuggling + IDOR |
HTTP request smuggling
IDOR |
NA |
hipotermia (@_hipotermia_) |
Bug Bounty | 2019-12-05 | 2023-06-13 |
| 3798 | Google Chrome portal element fuzzing |
RCE
Memory corruption
Buffer Overflow
Use-After-Free |
Google |
Pawel Wylecial (@h0wlu) |
Bug Bounty | 2019-12-06 | 2023-06-13 |
| 3797 | $150 XSS at Error Page of Respository Code |
Reflected XSS |
NA |
Navneet (@na5n33t) |
Bug Bounty | 2019-12-07 | 2023-06-13 |
| 3796 | HTML Injection to XSS bypass in [REDACTED.com] |
Reflected XSS |
NA |
Evan Ricafort (@evanricafort) |
Bug Bounty | 2019-12-07 | 2023-06-13 |
| 3795 | Reusing Cookies |
Session management issue |
NA |
Ricardo Iramar dos Santos |
Bug Bounty | 2019-12-07 | 2023-06-13 |
| 3794 | Spilling Local Files via XXE when HTTP OOB fails |
XXE |
NA |
Rahul Maini (@iamnoooob) |
Bug Bounty | 2019-12-07 | 2023-06-13 |
| 3793 | Telegram (v4.9.155353) was rendering file:// links + opening them via NSWorkspace.open -> code execution. |
RCE |
Telegram |
Vladimir Metnew (@vladimir_metnew) |
Bug Bounty | 2019-12-08 | 2023-06-13 |
