1740 | How I bypassed disable_functions in php to get a remote shell |
RCE |
NA |
Asem Eleraky (@melotover) |
Bug Bounty | 2022-03-13 | 2023-06-13 |
1735 | Achieving Remote Code Execution via Unrestricted File Upload |
Unrestricted file upload
RCE |
NA |
Haroon Hameed (@HaroonHameed40) |
Bug Bounty | 2022-03-14 | 2023-06-13 |
1734 | From Recon via Censys and DNSdumpster, to Getting P1 by Login Using Weak Password – “password” |
WAF bypass
Weak credentials |
NA |
YoKo Kho (@YokoAcc) |
Bug Bounty | 2022-03-14 | 2023-06-13 |
1732 | My First Bug on VDP & BBP - Bug Bounty |
Stored XSS |
NA |
Aditya Singh / rook1337 (@imrook1337) |
Bug Bounty | 2022-03-15 | 2023-06-13 |
1731 | CVE-2020-24427: Adobe Reader CJK Codecs Memory Disclosure Vulnerability |
Memory disclosure |
Adobe |
Haboob Research Team (@HaboobSa) |
Bug Bounty | 2022-03-15 | 2023-06-13 |
1730 | CVE-2022-22616: Simple way to bypass GateKeeper, hidden for years |
Local Privilege Escalation
GateKeeper bypass
MacOS |
Apple |
Mickey Jin (@patch1t) |
Bug Bounty | 2022-03-15 | 2023-06-13 |
1729 | How I managed to trigger XSS automatically to get critical account takeover |
Stored XSS |
NA |
c4rrilat0r (@c4rrilat0r) |
Bug Bounty | 2022-03-15 | 2023-06-13 |
1728 | Technical Advisory – Apple macOS XAR – Arbitrary File Write (CVE-2022-22582) |
Arbitrary file write |
Apple |
Richard Warren (@buffaloverflow) |
Bug Bounty | 2022-03-15 | 2023-06-13 |
1725 | How I was able to find 50+ Cross-site scripting (XSS) Security Vulnerabilities on Bugcrowd Public Program? |
XSS |
NA |
akshal(tojojo) |
Bug Bounty | 2022-03-16 | 2023-06-13 |
1723 | From XSS to RCE (dompdf 0day) |
XSS
RCE |
NA |
Positive Security (@positive_sec) |
Bug Bounty | 2022-03-16 | 2023-06-13 |
1722 | Parameter Pollution - Zero Day |
HTTP parameter pollution |
Discourse |
Jerry Shah (@Jerry) |
Bug Bounty | 2022-03-17 | 2023-06-13 |
1721 | My First Blind SQL Injection |
SQL injection |
NA |
T VAMSHI |
Bug Bounty | 2022-03-17 | 2023-06-13 |
1718 | Bypass confirmation to add payment method. |
Email verification bypass
Logic flaw |
NA |
Yaj Desu |
Bug Bounty | 2022-03-18 | 2023-06-13 |
1717 | For the first Bounty, it takes a few challenging months, but only a few days for the second. |
Old components with known vulnerabilities |
NA |
Aneesha D (@interc3pt3r) |
Bug Bounty | 2022-03-18 | 2023-06-13 |
1713 | CVE-2022-0337 System environment variables leak on Google Chrome, Microsoft Edge and Opera |
Browser hacking |
Google
Microsoft
Opera |
Maciej Pulikowski (@pulik_io) |
Bug Bounty | 2022-03-19 | 2023-06-13 |
1712 | Bug Bounty catches part -1 |
Authentication bypass
Information disclosure
Broken Access Control |
NA |
Bijan Murmu (@0xBijan) |
Bug Bounty | 2022-03-20 | 2023-06-13 |
1710 | ($$$) Broken Authentication and IDOR at [REDACTED] |
IDOR |
NA |
Rizaldi Wahaz (@wah_haz) |
Bug Bounty | 2022-03-21 | 2023-06-13 |
1707 | Google Maps API Key Unauthorized Use Case |
Information disclosure |
NA |
Dan Barros |
Bug Bounty | 2022-03-22 | 2023-06-13 |
1705 | Basic recon to RCE II |
RCE |
NA |
Joshua Martinelle (@J0_mart) |
Bug Bounty | 2022-03-22 | 2023-06-13 |
1704 | Authentication bypass using root array |
Authentication bypass
Information disclosure |
NA |
Eslam Akl (@eslam3kll) |
Bug Bounty | 2022-03-22 | 2023-06-13 |
1703 | When Equal is Not, Another WebView Takeover Story |
Android |
NA |
Dimitrios Valsamaras (@Ch0pin) |
Bug Bounty | 2022-03-22 | 2023-06-13 |
1701 | Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121) |
RCE |
Western Digital |
Alex Plaskett (@alexjplaskett) |
Bug Bounty | 2022-03-23 | 2023-06-13 |
1698 | Finding bugs to trigger Unauthenticated Command Injection in a NETGEAR router (PSV-2022–0044) |
XSS
Arbitrary file read
Authentication bypass
OS command injection
RCE |
Netgear |
stypr (@stereotype32) |
Bug Bounty | 2022-03-25 | 2023-06-13 |
1696 | Bug Bounty Adventures: A NodeBB 0-day |
CSRF
Account takeover
SSO
Authentication flaw |
Opera |
Marouane Mouhtadi (@Mar0_0uane) |
Bug Bounty | 2022-03-25 | 2023-06-13 |
1695 | Broken Access Control - IDOR |
IDOR |
NA |
Nick Berrie (@machevalia) |
Bug Bounty | 2022-03-25 | 2023-06-13 |