| 3741 | Bypass 2FA in a website |
MFA bypass |
NA |
Sourav Sahana (@kernel_rider) |
Bug Bounty | 2020-01-01 | 2023-06-13 |
| 3740 | Admin capabilities around your ears |
Local Privilege Escalation |
Poly (Plantronics) |
Markus Krell (@MarkusKrell) |
Bug Bounty | 2020-01-02 | 2023-06-13 |
| 3739 | Exploiting Wi-Fi Stack on Tesla Model S |
Wifi hacking
Driver hacking
RCE
Memory corruption |
Tesla |
Tencent Keen Security Lab |
Bug Bounty | 2020-01-02 | 2023-06-13 |
| 3738 | Account takeover via HTTP Request Smuggling |
HTTP request smuggling
Account takeover
Open redirect
Internal header disclosure |
NA |
hipotermia (@_hipotermia_) |
Bug Bounty | 2020-01-03 | 2023-06-13 |
| 3737 | From . in regex to SSRF — part 1 |
SSRF |
NA |
Niemiec Marcin (@xvnpw) |
Bug Bounty | 2020-01-05 | 2023-06-13 |
| 3736 | XSS on Sony subdomain |
Reflected XSS |
Sony |
Gökhan Güzelkokar (@gkhck_) |
Bug Bounty | 2020-01-06 | 2023-06-13 |
| 3735 | How I found a Privilege Escalation Bug in a private Ecommerce? |
Privilege escalation |
NA |
Baibhav Anand (@SpongeBhav) |
Bug Bounty | 2020-01-06 | 2023-06-13 |
| 3733 | HTML Injection(Unique Exploitation) |
HTML injection |
NA |
Pratik Yadav (@PratikY9967) |
Bug Bounty | 2020-01-07 | 2023-06-13 |
| 3732 | Update: Want to take over the Java ecosystem? All you need is a MITM! |
MiTM
Insecure communications |
Github |
Jonathan Leitschuh (@jlleitschuh) |
Bug Bounty | 2020-01-08 | 2023-06-13 |
| 3731 | The Bug That Exposed Your PayPal Password |
XSSI |
Paypal |
Alex Birsan (@alxbrsn) |
Bug Bounty | 2020-01-08 | 2023-06-13 |
| 3730 | Google Chrome display locking fuzzing |
Use-After-Free
Memory corruption |
Google |
Pawel Wylecial (@h0wlu) |
Bug Bounty | 2020-01-08 | 2023-06-13 |
| 3729 | Hunting Good Bugs with only <HTML> |
Open redirect
HTML injection
SSRF |
NA |
Ak1T4 (@akita_zen) |
Bug Bounty | 2020-01-10 | 2023-06-13 |
| 3728 | My First RCE (Stressed Employee gets me 2x bounty) |
Unrestricted file upload
RCE |
NA |
Abhishek Yadav (@abhishake100) |
Bug Bounty | 2020-01-10 | 2023-06-13 |
| 3727 | How I earn $500 from Razer open S3 bucket |
AWS misconfiguration |
Razer |
Sourav Sahana (@kernel_rider) |
Bug Bounty | 2020-01-12 | 2023-06-13 |
| 3726 | No Rate Limit - 2K Bounty |
Lack of rate limiting |
Yahoo! / Verizon Media |
Shrey Shah (@ShreySh43332033) |
Bug Bounty | 2020-01-12 | 2023-06-13 |
| 3725 | In Cloud we “Trust”: Wrong Kubernetes implementation by Google Cloud Platform & Microsoft Azure affecting customers |
Old components with known vulnerabilities |
Microsoft
Google |
Chen Cohen (@chencococococo) |
Bug Bounty | 2020-01-12 | 2023-06-13 |
| 3724 | Pwning Avast Secure Browser for fun and profit |
RCE
Command injection |
Avast |
Wladimir Palant (@WPalant) |
Bug Bounty | 2020-01-13 | 2023-06-13 |
| 3723 | How I discovered an interesting account takeover flaw? |
Account takeover
Password reset
Lack of rate limiting |
NA |
Akash Methani (@0xAkash) |
Bug Bounty | 2020-01-14 | 2023-06-13 |
| 3722 | From . in regex to SSRF — part 2 |
SSRF |
NA |
Niemiec Marcin (@xvnpw) |
Bug Bounty | 2020-01-14 | 2023-06-13 |
| 3721 | The trouble with Microsoft’s Troubleshooters |
RCE
MiTM |
Microsoft |
Imre Rad (@ImreRad) |
Bug Bounty | 2020-01-15 | 2023-06-13 |
| 3720 | Adding a malicious notebook to be treated like a trusted notebook in Google Colab — 1337$ |
Authorization flaw
Logic flaw |
Google |
Raushan Raj (@raushan_rajj) |
Bug Bounty | 2020-01-17 | 2023-06-13 |
| 3719 | How I accidentally found Bug in Google Search Console |
Logic flaw
Authorization flaw |
Google |
Tomi (@noobe_io) |
Bug Bounty | 2020-01-18 | 2023-06-13 |
| 3718 | GGvulnz — How I hacked hundreds of companies through Google Groups |
Logic flaw |
Google |
Milan Magyar |
Bug Bounty | 2020-01-20 | 2023-06-13 |
| 3717 | How i bought my way to subdomain takeover on Tokopedia |
Subdomain takeover |
Tokopedia |
wis4nggeni |
Bug Bounty | 2020-01-20 | 2023-06-13 |
| 3716 | Cross Site Request Forgery vulnerability Leads to User Profile Change in Microsoft Express Logic |
CSRF |
Microsoft |
Adesh Nandkishor kolte (@AdeshKolte) |
Bug Bounty | 2020-01-21 | 2023-06-13 |
