1947 | How i was able to bypass a Pin code Protection |
Authorization flaw |
NA |
Kerolos sameh (@xko2xx) |
Bug Bounty | 2022-01-03 | 2023-06-13 |
1946 | IDOR leads to leak Private Details |
IDOR |
NA |
annonymous |
Bug Bounty | 2022-01-03 | 2023-06-13 |
1945 | P5 to P1: Interesting Account Takeover |
Account takeover
Session expiration issue
Password reset |
NA |
Tushar Sharma (@tusharSharma_0) |
Bug Bounty | 2022-01-03 | 2023-06-13 |
1942 | SQL Injection - The File Upload Playground |
Unrestricted file upload
SQL injection |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2022-01-04 | 2023-06-13 |
1941 | thisclosed_#1 - Full Account Takeover of ANY user via Insecure Direct Object Reference (IDOR) on reset password functionality |
IDOR
Password reset
Account takeover |
NA |
Samuele Gugliotta (@indevi0us) |
Bug Bounty | 2022-01-04 | 2023-06-13 |
1940 | Breaking Parser Logic: Gain Access To NGINX Plus API — Read/Write Upstreams. |
Path traversal |
NA |
zoid (@z0idsec) |
Bug Bounty | 2022-01-05 | 2023-06-13 |
1936 | Exploiting Redash instances with CVE-2021-41192 |
Privilege escalation
Session management issue
SSRF |
NA |
Ian Carroll (@iangcarroll) |
Bug Bounty | 2022-01-06 | 2023-06-13 |
1934 | A Tale Of 5250$: How I Accessed Millions Of User’s Data Including Their National ID’s |
AWS misconfiguration
Information disclosure |
NA |
Sam (@__Sam0_0) |
Bug Bounty | 2022-01-07 | 2023-06-13 |
1933 | 2FA bypass by reading the documentation |
MFA bypass |
NA |
tomorrowisnew (@tomorrowisnew_) |
Bug Bounty | 2022-01-09 | 2023-06-13 |
1932 | Host Header Injection Lead To Account Takeovers |
Host header injection
Password reset
Account takeover |
NA |
M7.Arman (@ArmanSecurity) |
Bug Bounty | 2022-01-09 | 2023-06-13 |
1931 | How did I find Log4j vulnerability via Static Code Analysis and receive €€€ bounty? |
Log4shell
RCE |
NA |
Pranav Gajjar (@Pranav_Gajjar_) |
Bug Bounty | 2022-01-10 | 2023-06-13 |
1929 | Pre-Auth RCE in Moodle Part II - Session Hijack in Moodle%27s Shibboleth |
Session hijacking
Session management issue
Account takeover
RCE |
Moodle |
Johannes Moritz |
Bug Bounty | 2022-01-10 | 2023-06-13 |
1928 | Cross-Origin Resource Sharing (CORS) Misconfiguration leads to User’s PII leaks. |
CORS misconfiguration |
NA |
Tarikul Islam (@sa1tama0) |
Bug Bounty | 2022-01-10 | 2023-06-13 |
1927 | Exploiting URL Parsers: The Good, Bad, And Inconsistent |
URL parsing issue |
NA |
Noam Moshe |
Bug Bounty | 2022-01-10 | 2023-06-13 |
1926 | Attacking RDP from Inside: How we abused named pipes for smart-card hijacking, unauthorized file system access to client machines and more |
RCE |
Microsoft |
Gabriel Sztejnworcel (@sztejnworcel) |
Bug Bounty | 2022-01-11 | 2023-06-13 |
1924 | Pwning the portal: from database dump to session hijacking |
SQL injection
XSS
CSRF |
NA |
Bitcrack (@bitcrack_cyber) |
Bug Bounty | 2022-01-12 | 2023-06-13 |
1923 | C.S.T.I Lead To Account Takeover $$$ |
CSTI
Account takeover |
NA |
M7.Arman (@ArmanSecurity) |
Bug Bounty | 2022-01-13 | 2023-06-13 |
1922 | Searching for Deserialization Protection Bypasses in Microsoft Exchange (CVE-2022–21969) |
Insecure deserialization |
Microsoft |
Florian Hauser (@frycos) |
Bug Bounty | 2022-01-13 | 2023-06-13 |
1920 | XSS Filter Evasion + IDOR |
XSS
IDOR |
NA |
JM Sanchez / 0xEchidonut (@jmrcsnchz) |
Bug Bounty | 2022-01-13 | 2023-06-13 |
1918 | RCE In Adobe Acrobat Reader For Android(CVE-2021-40724) |
RCE
Path traversal
Android |
Google
Adobe |
sunny (@hulkvision) |
Bug Bounty | 2022-01-14 | 2023-06-13 |
1917 | 120 Days of High Frequency Hunting |
SSRF
LFI
Information disclosure
Broken Access Control
Authentication bypass
XSS
SQL injection |
NA |
Kuldeep Pandya (@kuldeepdotexe) |
Bug Bounty | 2022-01-15 | 2023-06-13 |
1916 | Moodle: Blind SQL Injection (CVE-2021-36393) and Broken Access Control (CVE-2021-36397) |
SQL injection
Broken Access Control |
Moodle |
0xkasper (@0xkasper) |
Bug Bounty | 2022-01-15 | 2023-06-13 |
1915 | XXE in SAML SSO Writeup - Bug Bounty |
XXE |
NA |
Aditya Singh / rook1337 (@imrook1337) |
Bug Bounty | 2022-01-16 | 2023-06-13 |
1914 | How i found “Broken Access Control Through out-of-sync setup” and got $1000 |
Broken Access Control
Authorization flaw |
NA |
Mr Robert | Ahmed M Hassan (@Mr_Robert20) |
Bug Bounty | 2022-01-16 | 2023-06-13 |
1913 | Critical XSS in chrome extension |
XSS
postMessage |
NA |
p3rr0 (@Hperalta89) |
Bug Bounty | 2022-01-17 | 2023-06-13 |