1875 | XSS via X-Forwarded-Host header |
XSS
Host header injection |
Omise |
Abhijeet Biswas (@abhijeetbiswas_) |
Bug Bounty | 2022-01-30 | 2023-06-13 |
1874 | Access Control Violation – Wiki Page Creation |
Authorization flaw |
NA |
Nick Berrie (@machevalia) |
Bug Bounty | 2022-01-30 | 2023-06-13 |
1873 | Stored Cross-Site Scripting in MediaWiki |
Stored XSS |
NA |
Nick Berrie (@machevalia) |
Bug Bounty | 2022-01-28 | 2023-06-13 |
1872 | Remote Code Execution in .tgz File Upload |
RCE
Unrestricted file upload |
NA |
Nick Berrie (@machevalia) |
Bug Bounty | 2022-01-30 | 2023-06-13 |
1871 | Missing rate-limiting. How I was able to add any unowned phone number to my Facebook account? (Bounty: 5000 USD) |
OTP bruteforce
Lack of rate limiting |
Meta / Facebook |
Shubham Bhamare (@theshubh77) |
Bug Bounty | 2022-01-31 | 2023-06-13 |
1868 | How I approached Dependency Confusion! |
Dependency confusion |
NA |
Aditya Soni (@hetroublemakr) |
Bug Bounty | 2022-02-01 | 2023-06-13 |
1865 | CVE-2021-44142: Details On A Samba Code Execution Bug Demonstrated At Pwn2Own Austin |
Memory corruption
RCE |
NA |
Nguyễn Hoàng Thạch (@hi_im_d4rkn3ss) |
Bug Bounty | 2022-02-01 | 2023-06-13 |
1864 | IDOR vulnerability on invoice and weak password reset leads to account take over |
IDOR
Password reset
Account takeover
Payment tampering
Logic flaw |
NA |
Damaidec |
Bug Bounty | 2022-02-01 | 2023-06-13 |
1863 | No Rate Limiting on OTP sending |
Bruteforce
Lack of rate limiting |
NA |
nOOb_mAsTeR |
Bug Bounty | 2022-02-02 | 2023-06-13 |
1861 | A misconfigured Apache Airflow to AWS Account Compromise |
Outdated component with a known vulnerability
Privilege escalation
Information disclosure |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2022-02-02 | 2023-06-13 |
1860 | My first bounty, IDOR + Self XSS [€3000] |
Self-XSS
IDOR |
Intigriti |
Ladecruze (@ladecruze) |
Bug Bounty | 2022-02-02 | 2023-06-13 |
1857 | A technique to semi-automatically find vulnerabilities in WordPress plugins |
XSS
SQL injection
Open redirect
CSRF |
NA |
kazet (@kazet1234) |
Bug Bounty | 2022-02-03 | 2023-06-13 |
1854 | Solving DOM XSS Puzzles |
DOM XSS |
NA |
Eugene Lim (@spaceraccoonsec) |
Bug Bounty | 2022-02-03 | 2023-06-13 |
1853 | Write Up – Private Bug Bounty: RCE In EC2 Instance Via SSH With Private Key Exposed On Public Github Repository – $xx,000 USD |
Information disclosure |
NA |
Omar Espino (@omespino) |
Bug Bounty | 2022-02-03 | 2023-06-13 |
1851 | How I bypassed PHP functions to read sensitive files on server |
Components with known vulnerabilities
RCE |
NA |
Kailash (@corrupted_brain) |
Bug Bounty | 2022-02-04 | 2023-06-13 |
1850 | What Bypassing Razer%27s DOM-based XSS Patch Can Teach Us |
DOM XSS |
Razer |
EdOverflow (@EdOverflow) |
Bug Bounty | 2022-02-05 | 2023-06-13 |
1848 | How I found a critical P1 bug in 5 minutes using a cellphone — Bug Bounty |
SQL injection |
NA |
Mr Empy (@mr_empy) |
Bug Bounty | 2022-02-06 | 2023-06-13 |
1844 | How can I access the members-only video comment? | YouTube ($5,000) |
Broken Access Control |
Google |
R ando (@Rando02355205) |
Bug Bounty | 2022-02-07 | 2023-06-13 |
1841 | Full Account takeover (ATO) — a tale of two bugs 🐛 |
IDOR
Account takeover |
NA |
Kwadwo Amoako |
Bug Bounty | 2022-02-08 | 2023-06-13 |
1840 | SQL Injection, Reflected XSS and Information Disclosure in one subdomain in just 10 minutes |
SQL injection
XSS
Information disclosure |
NA |
Mahmoud Hamed (@7odamo_) |
Bug Bounty | 2022-02-08 | 2023-06-13 |
1839 | CVE-2022-21703: cross-origin request forgery against Grafana |
CSRF
SSRF |
Grafana Labs |
Julien Cretel (@jub0bs) |
Bug Bounty | 2022-02-08 | 2023-06-13 |
1837 | SpoolFool: Windows Print Spooler Privilege Escalation (CVE-2022-21999) |
Local Privilege Escalation |
Microsoft |
Olivier Lyak (@ly4k_) |
Bug Bounty | 2022-02-08 | 2023-06-13 |
1836 | WordPress < 5.8.3 - Object Injection Vulnerability |
Object injection
RCE |
WordPress |
Simon Scannell (@scannell_simon) |
Bug Bounty | 2022-02-08 | 2023-06-13 |
1833 | ICMAD SAP Vulnerabilities (CVE-2022-22536, CVE-2022-22532 & CVE-2022-22533) |
HTTP request smuggling
Memory leak
DoS
Memory corruption |
SAP |
SAP Product Security Response team |
Bug Bounty | 2022-02-08 | 2023-06-13 |
1827 | QRCDR ZeroDay Path Traversal Vulnerability |
Path traversal |
NA |
Farhad Karimi (@n0lsec) |
Bug Bounty | 2022-02-11 | 2023-06-13 |