2429 | Kaspersky Password Manager: All your passwords are belong to us |
Weak crypto |
Kaspersky |
Jean-Baptiste Bédrune |
Bug Bounty | 2021-07-06 | 2023-06-13 |
2428 | Let’s cancel the subscription (informative) |
Logic flaw
Payment tampering |
NA |
Adnan Malik (@adnanmalikinfo) |
Bug Bounty | 2021-07-07 | 2023-06-13 |
2427 | CVE-2021-22555: Turning x00x00 into 10000$ |
Memory corruption
Local Privilege Escalation |
Google |
Andy Nguyen (@theflow0) |
Bug Bounty | 2021-07-07 | 2023-06-13 |
2425 | Discovering Zero-Day Vulnerabilities in McAfee Products |
Local Privilege Escalation |
McAfee |
mr.d0x (@mrd0x) |
Bug Bounty | 2021-07-09 | 2023-06-13 |
2423 | Account Takeovers — Believe the Unbelievable |
Account takeover
Session management issue
Weak credentials
Components with known vulnerabilities
Password reset |
NA |
Nikhil (niks) (@niksthehacker) |
Bug Bounty | 2021-07-09 | 2023-06-13 |
2421 | Reflected XSS Through Insecure Dynamic Loading |
XSS |
NA |
Greg Gibson |
Bug Bounty | 2021-07-11 | 2023-06-13 |
2420 | Critical Bug Bounty Reports: Part 1 |
Account takeover
Password reset
RCE
Information disclosure |
NA |
Greg Gibson |
Bug Bounty | 2021-07-11 | 2023-06-13 |
2419 | Pre-Denial Of Service (set-up 2FA on unverified account) |
Application-level DoS |
NA |
Vikash Maurya |
Bug Bounty | 2021-07-11 | 2023-06-13 |
2418 | Trick to bypass rate limit of password reset functionality |
Rate limiting bypass |
NA |
Abdulrahman-Kamel |
Bug Bounty | 2021-07-12 | 2023-06-13 |
2417 | Broken Access control bug : Bypassing 403’s by finding another endpoint that do the same thing. |
Broken Access Control
403 bypass |
NA |
tomorrowisnew (@tomorrowisnew_) |
Bug Bounty | 2021-07-12 | 2023-06-13 |
2413 | Forced Browsing to Access Admin Panel |
Forced browsing |
NA |
the_unluck_guy (@7he_unlucky_guy) |
Bug Bounty | 2021-07-13 | 2023-06-13 |
2411 | Credential stuffing in Bug bounty hunting |
Credential stuffing |
NA |
Valeriy Shevchenko (@Krevetk0Valeriy) |
Bug Bounty | 2021-07-14 | 2023-06-13 |
2410 | How I found Blind SQL Injection just by browsing and getting a unique URL |
SQL injection |
NA |
Jawad Mahdi (@hunter0x1) |
Bug Bounty | 2021-07-14 | 2023-06-13 |
2408 | RFD Vulnerability And Content-Disposition Header Bypass Story! |
Reflected File Download |
NA |
Kabilan S (@kabilan1290) |
Bug Bounty | 2021-07-14 | 2023-06-13 |
2407 | How i was able to bypass Cloudflare for XSS! |
XSS |
NA |
hosein vita (@HoseinVita) |
Bug Bounty | 2021-07-16 | 2023-06-13 |
2406 | Logical Flaw Resulting Path Hijacking |
Namespace attack |
NA |
Veshraj Ghimire (@GhimireVeshraj) |
Bug Bounty | 2021-07-16 | 2023-06-13 |
2404 | IIS-Default-Page-to-Information-Disclosure |
Information disclosure |
NA |
0xdln (@0xdln) |
Bug Bounty | 2021-07-17 | 2023-06-13 |
2403 | RCE via WebDav - Power Of PUT |
Default credentials
RCE |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2021-07-18 | 2023-06-13 |
2402 | Account Takeover + A Bonus Vulnerability |
Account takeover
Session fixation |
NA |
Vikash Maurya |
Bug Bounty | 2021-07-18 | 2023-06-13 |
2400 | How I Bypassed a tough WAF to steal user cookies using XSS! |
XSS
WAF bypass |
NA |
Asem Eleraky (@melotover) |
Bug Bounty | 2021-07-19 | 2023-06-13 |
2399 | Hacking Xiaomi%27S Android Apps - Part 1 |
Android
Information disclosure
Open redirect
Privacy issue |
Xiaomi |
Ameya (@iamTakeMyHand) |
Bug Bounty | 2021-07-19 | 2023-06-13 |
2398 | IBM HMC Exploit CVE-2021-29707 |
Local Privilege Escalation |
IBM |
Thomas Cope |
Bug Bounty | 2020-10-21 | 2023-06-13 |
2397 | How I was able Find mass leaked AWS s3 bucket from js File |
AWS misconfiguration |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-07-20 | 2023-06-13 |
2396 | XSS-Through-Fuzzing-Default-IIS |
Reflected XSS |
NA |
0xdln (@0xdln) |
Bug Bounty | 2021-07-20 | 2023-06-13 |
2395 | Guest Blog Post - Attacking the DevTools |
Browser hacking |
Microsoft |
David Erceg (@david_erceg) |
Bug Bounty | 2021-07-21 | 2023-06-13 |