| 3180 | Denial of Service in the protection service provided by Avast Security Premium. |
DoS |
Avast |
Silton Santos |
Bug Bounty | 2020-09-01 | 2023-06-13 |
| 3179 | Cloud firewall management API SNAFU put 500k SonicWall customers at risk |
IDOR |
SonicWall |
Vangelis Stykas (@evstykas) |
Bug Bounty | 2020-09-02 | 2023-06-13 |
| 3178 | CVE-2020-6519 - Chromium 83 Zero Day Full CSP Bypass Cross Platforms |
CSP bypass |
Google (Chrome & Chromium) |
Gal Weizman (@WeizmanGal) |
Bug Bounty | 2022-09-02 | 2023-06-13 |
| 3177 | My Story With XSS |
XSS |
NA |
Soufiane Habti (@wld_basha) |
Bug Bounty | 2020-09-03 | 2023-06-13 |
| 3176 | Account Takeover via IDOR |
IDOR
Account takeover |
NA |
Roma Ramazanoff (@r0hack) |
Bug Bounty | 2020-09-04 | 2023-06-13 |
| 3175 | How_i_was_able_to_pawned_website_via_escilating_webcache deception to rce |
Web cache deception
SSRF
RCE |
NA |
mohit (@mohit29295572) |
Bug Bounty | 2020-09-05 | 2023-06-13 |
| 3174 | XSS that can pay your Bills :) |
Reflected XSS |
NA |
Smile Hacker (@_smile_hacker_) |
Bug Bounty | 2020-09-05 | 2023-06-13 |
| 3173 | Never Give Up, The Story Behind a Dupe-To-Triaged |
XSS
OAuth
Account takeover |
NA |
Alan Brian (@soyelmago) |
Bug Bounty | 2020-09-06 | 2023-06-13 |
| 3172 | How response Manipulation got me a little, but sweet Bounty |
MFA bypass |
NA |
Tommaso De Ponti (@heytdep) |
Bug Bounty | 2020-09-07 | 2023-06-13 |
| 3171 | My first bug in google and how i got CSRF token for victim account rather than bypass it ($1337)! |
CSRF |
Google |
Oday Alhalbe |
Bug Bounty | 2020-09-07 | 2023-06-13 |
| 3170 | From Android Static Analysis to RCE on Prod |
RCE
Directory listing
Missing authentication |
NA |
Aditya Dixit (@zombie007o) |
Bug Bounty | 2020-09-07 | 2023-06-13 |
| 3169 | XSS->Fix->Bypass: 10000$ bounty in Google Maps |
XSS |
Google |
Zohar Shachar |
Bug Bounty | 2020-09-07 | 2023-06-13 |
| 3168 | CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze |
RCE
Local Privilege Escalation |
Backblaze |
Jason Geffner (@JasonGeffner) |
Bug Bounty | 2020-09-09 | 2023-06-13 |
| 3167 | How often do we overlook vulnerabilities? |
Information disclosure |
HackerOne |
Baibhav Anand (@SpongeBhav) |
Bug Bounty | 2020-09-09 | 2023-06-13 |
| 3166 | Unintended Behaviour of domain got me P4 |
Logic flaw |
NA |
Takester (@dhiraj_ramteke) |
Bug Bounty | 2020-09-10 | 2023-06-13 |
| 3165 | Universal XSS in Android WebView (CVE-2020-6506) |
Universal XSS |
Google
Microsoft
Twitter |
Alesandro Ortiz (@AlesandroOrtizR) |
Bug Bounty | 2020-09-10 | 2023-06-13 |
| 3164 | How I Hacked Facebook Again! Unauthenticated RCE on MobileIron MDM |
RCE
JNDI Injection |
Meta / Facebook |
Orange Tsai (@orange_8361) |
Bug Bounty | 2020-09-12 | 2023-06-13 |
| 3163 | How I hacked redbus [An online bus-ticketing application] |
LFI
SSRF |
redBus |
Sangeetha Rajesh S (@rajesh_sangi12) |
Bug Bounty | 2020-09-12 | 2023-06-13 |
| 3162 | SQL Injection & Remote Code Execution - Double P1 |
SQL injection
RCE |
NA |
Shrey Shah (@ShreySh43332033) |
Bug Bounty | 2020-09-13 | 2023-06-13 |
| 3161 | Business logic vulnerabilities — Low-level logic flaw |
Logic flaw |
NA |
Harry D |
Bug Bounty | 2020-09-13 | 2023-06-13 |
| 3160 | Account takeover by OTP bypass |
OTP bypass |
NA |
Bhavarth Kandoria |
Bug Bounty | 2020-09-13 | 2023-06-13 |
| 3159 | Firefox for Android: LAN Based Intent Triggering |
Insecure intent
Android |
Mozilla |
initstring (@init_string) |
Bug Bounty | 2020-09-15 | 2023-06-13 |
| 3158 | How I Accidentally Got My First Bounty From Facebook |
Logic flaw |
Meta / Facebook |
Bishal Shrestha (@bishal0x01) |
Bug Bounty | 2020-09-15 | 2023-06-13 |
| 3157 | Exploiting a "Useless" Cookie-Based XSS and Making it Useful |
XSS |
NA |
Daniel Thatcher (@_danielthatcher) |
Bug Bounty | 2020-09-16 | 2023-06-13 |
| 3156 | Res-block: Extension Resources Block Attack on Chrome’s Incognito Mode |
Browser hacking |
Google |
Piyush Raj (@0x48piraj) |
Bug Bounty | 2020-09-16 | 2023-06-13 |
