1428 | Abusing functionality to exploit a super SSRF in Jira Server (CVE-2022-26135) |
SSRF |
Atlassian |
Shubham Shah (@infosec_au) |
Bug Bounty | 2022-06-26 | 2023-06-13 |
1427 | CVE-2022-32205: Set-Cookie denial of service |
DoS |
Internet Bug Bounty (curl) |
Harry Sintonen |
Bug Bounty | 2022-06-27 | 2023-06-13 |
1426 | CVE-2022-32206: HTTP compression denial of service |
DoS |
Internet Bug Bounty (curl) |
Harry Sintonen |
Bug Bounty | 2022-06-27 | 2023-06-13 |
1425 | CVE-2022-32207: Unpreserved file permissions |
Improper Preservation of Permissions |
Internet Bug Bounty (curl) |
Harry Sintonen |
Bug Bounty | 2022-06-27 | 2023-06-13 |
1424 | CVE-2022-32208: FTP-KRB bad message verification |
MiTM |
Internet Bug Bounty (curl) |
Harry Sintonen |
Bug Bounty | 2022-06-27 | 2023-06-13 |
1422 | CVE-2022-30522 – Denial of Service (DoS) Vulnerability in Apache httpd “mod_sed” filter |
DoS |
Internet Bug Bounty |
JFrog Security Research Team (@JFrogSecurity) |
Bug Bounty | 2022-06-28 | 2023-06-13 |
1421 | CVE-2021-3779: Ruby-MySQL Gem Client File Read (FIXED) |
Client File Read |
Rapid7 |
Hans-Martin Münch (@h0ng10) |
Bug Bounty | 2022-06-28 | 2023-06-13 |
1420 | Access control worth $2000 (everyone missed this IDOR+Access control between two admins.) |
IDOR
Broken Access Control |
NA |
dhakal_bibek (@dhakal__bibek) |
Bug Bounty | 2022-06-28 | 2023-06-13 |
1419 | FabricScape: Escaping Service Fabric and Taking Over the Cluster |
Container escape
Local Privilege Escalation
Cross-tenant vulnerability |
Microsoft |
Unit 42 (@Unit42_Intel) |
Bug Bounty | 2022-06-28 | 2023-06-13 |
1416 | Pwning ManageEngine — From PoC to Exploit: A deep dive into CVE-2020–11531 and CVE-2020–11532 |
Path traversal
RCE
Authentication bypass |
Zoho |
Erik Wynter (@WynterErik) |
Bug Bounty | 2022-06-28 | 2023-06-13 |
1414 | [BugBounty] how do I get a premium tier account without paying a penny |
Mass assignment
Payment bypass |
NA |
Marzuki (@aizack_ma) |
Bug Bounty | 2022-06-29 | 2023-06-13 |
1411 | CVE-2022-28219: Unauthenticated XXE to RCE and Domain Compromise in ManageEngine ADAudit Plus |
XXE
SSRF
RCE |
Zoho |
Naveen Sunkavally |
Bug Bounty | 2022-06-29 | 2023-06-13 |
1409 | Visual Studio Code - Remote Code Execution in Restricted Mode (CVE-2021-43908) |
RCE
XSS |
Microsoft |
s1r1us (@s1r1u5_) |
Bug Bounty | 2022-06-29 | 2023-06-13 |
1406 | Get root on macOS 12.3.1: proof-of-concepts for Linus Henze%27s CoreTrust and DriverKit bugs (CVE-2022-26766, CVE-2022-26763) |
Signature validation bypass
Memory corruption
Local Privilege Escalation
MacOS |
Apple |
Zhuowei Zhang (@zhuowei) |
Bug Bounty | 2022-07-02 | 2023-06-13 |
1405 | Admin account takeover via weird Password Reset Functionality |
Account takeover
Authentication bypass
Password reset |
NA |
Mahmoud Youssef (@0xmahmoudjo0) |
Bug Bounty | 2022-07-02 | 2023-06-13 |
1404 | A swag for a Open Redirect — Google Dork — Bug Bounty |
Open redirect |
NA |
Proviesec (@proviesec) |
Bug Bounty | 2022-07-02 | 2023-06-13 |
1403 | Vertical Privilege Escalation: The user can takeover an admin account via response manipulation |
Privilege escalation
HTTP response manipulation |
NA |
Jan Muhammad Zaidi (@hasanakajan) |
Bug Bounty | 2022-07-02 | 2023-06-13 |
1402 | ($$$) Origin ip to account takeover |
WAF bypass
Password reset
Host header injection
Account takeover |
NA |
Hemant Kumar |
Bug Bounty | 2022-07-02 | 2023-06-13 |
1401 | Penetration Testing Firebase Web Applications |
Firebase
Information disclosure |
NA |
Bhashit Pandya (@x30r_) |
Bug Bounty | 2022-07-03 | 2023-06-13 |
1399 | Rediscovering Epic Games 0-Days (Forever Unpatched?) |
Local Privilege Escalation |
Epic Games |
Christopher Vella (@Kharosx0) |
Bug Bounty | 2022-07-06 | 2023-06-13 |
1398 | Exposing Millions of Voter ID card users’ details. |
IDOR
OTP bypass
Account takeover
Logic flaw |
CERT-In |
Aziz Al Aman (@nxtexploit) |
Bug Bounty | 2022-07-06 | 2023-06-13 |
1397 | How I found Open redirect on Bug crowd public program in 2 day |
Open redirect |
NA |
Ittipatjitrada (@IttipatJitrada) |
Bug Bounty | 2022-07-06 | 2023-06-13 |
1396 | CVE-2022-34265 |
SQL injection |
Django |
Takuto Yoshikai (@TakutoYoshikai) |
Bug Bounty | 2022-07-07 | 2023-06-13 |
1395 | Account hijacking using "dirty dancing" in sign-in OAuth-flows |
OAuth
Account takeover |
NA |
Frans Rosén (@fransrosen) |
Bug Bounty | 2022-07-07 | 2023-06-13 |
1394 | Interesting Privilege Escalation In an Old Private Program |
Privilege escalation |
NA |
Zunaid Mahmud (@SZ_Mahmud_7) |
Bug Bounty | 2022-07-07 | 2023-06-13 |