2143 | How I Escalated a Time-Based SQL Injection to RCE |
SQL injection
RCE |
Sony |
JM Sanchez / 0xEchidonut (@jmrcsnchz) |
Bug Bounty | 2021-10-17 | 2023-06-13 |
2142 | Independently Secure, Together Not So Much β A Story Of 2 WP Plugins |
RCE
Race condition
Unrestricted file upload
Security code review |
NA |
Adrian Tiron (@Adrian__T) |
Bug Bounty | 2021-10-17 | 2023-06-13 |
2136 | CVE-2021-2471 MySQL JDBC XXE |
XXE |
Oracle (MySQL) |
pyn3rd (@pyn3rd) |
Bug Bounty | 2021-10-21 | 2023-06-13 |
2134 | All Your (d)Base Are Belong To Us, Part 2: Code Execution in Microsoft Office (CVE-2021-38646) |
RCE
Memory corruption |
Microsoft |
Eugene Lim (@spaceraccoonsec) |
Bug Bounty | 2021-10-22 | 2023-06-13 |
2133 | Moodle - Stored XSS and blind SSRF possible via feedback answer text |
Stored XSS
SSRF |
Moodle |
rekter0 (@rekter0) |
Bug Bounty | 2021-10-22 | 2023-06-13 |
2132 | A story of another awesome old school hacking that lead to a cool P1 bug |
403 bypass |
NA |
Vuk Ivanovic |
Bug Bounty | 2021-10-22 | 2023-06-13 |
2131 | How i Got 3 SQL injection in just 10 minutes. |
SQL injection |
NA |
Ahmed Fatouh (@XDev05) |
Bug Bounty | 2021-10-23 | 2023-06-13 |
2128 | Google Chrome Vulnerability Worth for $6K: Use After Free (CVE-2021-30573) |
Memory corruption |
Google |
Security For Everyone / S4E Team (@secforeveryone) |
Bug Bounty | 2021-10-23 | 2023-06-13 |
2123 | An Effective 5 min recon leads to a Hall of Fame |
Information disclosure |
NA |
Renganathan (@IamRenganathan) |
Bug Bounty | 2021-10-26 | 2023-06-13 |
2121 | Use-After-Free in Voice Control: CVE-2021-30902 Write-up |
Memory corruption |
Apple |
08Tc3wBB (@08Tc3wBB) |
Bug Bounty | 2021-10-27 | 2023-06-13 |
2120 | Easy SSRF from Wayback Machine |
SSRF |
NA |
Khaled Mohamed (@0xElkomy) |
Bug Bounty | 2021-10-27 | 2023-06-13 |
2119 | Agent 007: Pre-Auth Takeover of Build Pipelines in GoCD |
Broken authentication
Authentication flaw |
GoCD |
Sonar (@SonarSource) |
Bug Bounty | 2021-10-27 | 2023-06-13 |
2118 | Unauthorized access to any userβs account. |
IDOR
Authentication bypass
Account takeover |
NA |
vikram naidu (@ImVikram7msd) |
Bug Bounty | 2021-10-28 | 2023-06-13 |
2116 | Apple XAR β Arbitrary File Write (CVE-2021-30833) |
Arbitrary file write |
Apple |
Richard Warren (@buffaloverflow) |
Bug Bounty | 2021-10-28 | 2023-06-13 |
2115 | A journey from XML External Entity (XXE) to NTLM hashes! |
XXE |
NA |
Shubham Chaskar (@chaskar_shubham) |
Bug Bounty | 2021-10-28 | 2023-06-13 |
2112 | How I was able to access a properly Configured S3 Bucket |
Leaked AWS keys
Information disclosure |
NA |
Pawan Chhabria (@heybenchmarkkk) |
Bug Bounty | 2021-10-28 | 2023-06-13 |
2111 | One misconfiguration to rule them all |
Information disclosure
Debug mode enabled |
NA |
Sushant Soni (@sushantsoni5392) |
Bug Bounty | 2021-10-29 | 2023-06-13 |
2110 | How I found Command Injection via Obsolete PHPThumb |
OS command injection
RCE |
NA |
Sushant Kamble |
Bug Bounty | 2021-10-30 | 2023-06-13 |
2109 | This is how i was able to Permanently Crash all Mapillary users within minutes |
Application-level DoS |
Meta / Facebook |
Abhishek Pathak (@pathleax) |
Bug Bounty | 2021-10-31 | 2023-06-13 |
2107 | How i made 500$ with XSS |
XSS
Account takeover |
NA |
Nassim Chami (@nvccim) |
Bug Bounty | 2021-11-01 | 2023-06-13 |
2106 | Sitecore Experience Platform Pre-Auth RCE - CVE-2021-42237 |
RCE
Insecure deserialization
Security code review |
Sitecore |
Shubham Shah (@infosec_au) |
Bug Bounty | 2021-11-01 | 2023-06-13 |
2105 | A Technical Analysis of CVE-2021-30864: Bypassing App Sandbox Restrictions |
Local Privilege Escalation
MacOS |
Apple |
Perception Point (@PerceptionPo1nt) |
Bug Bounty | 2021-11-03 | 2023-06-13 |
2101 | Unauthenticated Access To Cloud Portal β A πͺ Without ποΈ |
Authentication bypass |
NA |
Yukesh Kumar (@3th1c_yuk1) |
Bug Bounty | 2021-11-05 | 2023-06-13 |
2099 | 4 Crits in 48 hours: Unicorn Programs |
Privilege escalation
Information disclosure
IDOR |
NA |
Monke (@pmofcats) |
Bug Bounty | 2021-11-06 | 2023-06-13 |
2096 | How I Found multiple SQL Injection with FFUF and Sqlmap in a few minutes |
SQL injection |
NA |
Mahmoud Youssef (@0xmahmoudjo0) |
Bug Bounty | 2021-11-07 | 2023-06-13 |