| 5147 | [demo.paypal.com] Node.js code injection (RCE) |
RCE |
Paypal |
Michael Stepankin (@artsploit) |
Bug Bounty | 2016-08-19 | 2023-06-13 |
| 5146 | Floating Domains – Taking Over 20K DigitalOcean Domains via a Lax Domain Import System |
Subdomain takeover |
DigitalOcean |
Matthew Bryant (@IAmMandatory) |
Bug Bounty | 2016-08-25 | 2023-06-13 |
| 5145 | Turning Self-XSS into Good XSS v2: Challenge Completed but Not Rewarded |
XSS |
Uber |
- |
Bug Bounty | 2016-08-29 | 2023-06-13 |
| 5144 | PornHub: Email Confirmation Bypass |
Email verification bypass |
PornHub |
Vaxo Dai (@___0x00) |
Bug Bounty | 2016-09-04 | 2023-06-13 |
| 5143 | RCE In AddThis |
RCE |
AddThis |
whitehatnepal |
Bug Bounty | 2016-09-04 | 2023-06-13 |
| 5142 | Reading Uber’s Internal Emails [Uber Bug Bounty report worth $10,000] |
Subdomain takeover |
Uber |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2016-09-05 | 2023-06-13 |
| 5141 | Internet Explorer has a URL problem |
OAuth
RPO
XSS |
GitHub
Google |
File Descriptor (@filedescriptor) |
Bug Bounty | 2016-09-06 | 2023-06-13 |
| 5140 | Decoding a $😱,000.00 htpasswd bounty |
.htpasswd misconfiguration |
NA |
Patrik Fehrenbach (@ITSecurityguard) |
Bug Bounty | 2016-09-08 | 2023-06-13 |
| 5139 | How I snooped into your private Slack messages [Slack Bug bounty worth $2,500] |
Subdomain takeover |
Slack |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2016-09-13 | 2023-06-13 |
| 5138 | Bug Bounty : Account Takeover Vulnerability POC |
OAuth
Account takeover
XSS |
NA |
Rakesh Mane (@RakeshMane10) |
Bug Bounty | 2016-09-16 | 2023-06-13 |
| 5137 | CSRF in partners.facebook.com |
CSRF |
Meta / Facebook |
Prashanth Varma (@cymtrick) |
Bug Bounty | 2016-09-20 | 2023-06-13 |
| 5136 | Vine Re-auth Bypass [Twitter Bug Bounty] |
Authentication flaw |
Twitter |
Abdullah Hussam (@Abdulahhusam) |
Bug Bounty | 2016-09-21 | 2023-06-13 |
| 5135 | Link Injection Manipulation at admin.google.com |
Hyperlink injection |
Google |
Ak1T4 (@akita_zen) |
Bug Bounty | 2016-09-23 | 2023-06-13 |
| 5134 | Persisting on Pornhub |
Stored XSS |
PornHub |
Andy Gill (@ZephrFish) |
Bug Bounty | 2016-09-23 | 2023-06-13 |
| 5133 | XSS Vulnerability in Twitter [https://twitter.com] (Write Up) |
XSS |
Twitter |
Evan Ricafort (@evanricafort) |
Bug Bounty | 2016-09-26 | 2023-06-13 |
| 5132 | gif it time it%27ll come to you - Finding More Holes in The Hub |
XSS |
PornHub |
Andy Gill (@ZephrFish) |
Bug Bounty | 2016-10-01 | 2023-06-13 |
| 5131 | Command Injection Without Spaces |
OS command injection |
NA |
Fyoorer (@ƒyoorer) |
Bug Bounty | 2016-10-02 | 2023-06-13 |
| 5130 | Open Redirect Scanner with Uber.com |
Open redirect |
Uber |
Ak1T4 (@akita_zen) |
Bug Bounty | 2016-10-10 | 2023-06-13 |
| 5129 | Parameter pollution bug at twitter |
HTTP parameter pollution |
Twitter |
Mert (@mertistaken) |
Bug Bounty | 2016-10-12 | 2023-06-13 |
| 5128 | Exploiting CORS misconfigurations for Bitcoins and bounties |
CORS misconfiguration |
NA |
James Kettle (@albinowax) |
Bug Bounty | 2016-10-12 | 2023-06-13 |
| 5127 | Hacking JasperReports – The Hidden Shell Feature |
RCE |
NA |
Steve Breen (@breenmachine) |
Bug Bounty | 2016-10-14 | 2023-06-13 |
| 5126 | Leak Private Videos [Vimeo Bug Bounty] |
Logic flaw
Authorization flaw |
Vimeo |
Abdullah Hussam (@Abdulahhusam) |
Bug Bounty | 2016-10-23 | 2023-06-13 |
| 5124 | Backslash Powered Scanning: hunting unknown vulnerability classes |
- |
NA |
James Kettle (@albinowax) |
Bug Bounty | 2016-11-04 | 2023-06-13 |
| 5123 | Stored XSS in UniFi v4.8.12 Controller |
Stored XSS |
Ubiquity Networks |
Shubham Gupta (@hackerspider1) |
Bug Bounty | 2016-11-12 | 2023-06-13 |
| 5122 | Svg XSS in Unifi v5.0.2 |
Stored XSS |
Ubiquity Networks |
Shubham Gupta (@hackerspider1) |
Bug Bounty | 2016-11-13 | 2023-06-13 |
