1352 | FFUF-ing RECON, or how to get to P1–P3 from a slightly different recon |
vHost misconfiguration
403 bypass
Information disclosure |
NA |
Vuk Ivanovic |
Bug Bounty | 2022-07-17 | 2023-06-13 |
1351 | CVE-2022–35909 / CVE-2022–35910, Incorrect Access Control and XSS Stored to Jellyfin |
Broken Access Control
XSS |
jellyfin |
Dan Barros |
Bug Bounty | 2022-07-18 | 2023-06-13 |
1350 | Good things takes time | Story of my first “valid” critical bug! |
Missing authentication
Exposed administrative interface |
NA |
Kr1shna 4garwal (@Kr1shna4garwal) |
Bug Bounty | 2022-07-18 | 2023-06-13 |
1344 | How i was able to bypass Open Redirect 3 times on same program. |
Open redirect |
NA |
himanshu pdy (@himanshu_pdy) |
Bug Bounty | 2022-07-19 | 2023-06-13 |
1341 | CVE-2022-30526 (Fixed): Zyxel Firewall Local Privilege Escalation |
Local Privilege Escalation |
Zyxel |
Jake Baines (@Junior_Baines) |
Bug Bounty | 2022-07-19 | 2023-06-13 |
1340 | Local File Inclusion (interesting method) |
LFI |
NA |
Captain hook |
Bug Bounty | 2022-07-19 | 2023-06-13 |
1339 | Write-up: BlogEngine .NET - 0day Discovery |
Path traversal
XXE |
BlogEngine .NET |
Jake McCallum (@0xLanks) |
Bug Bounty | 2022-07-19 | 2023-06-13 |
1336 | [CVE-2022-34918] A crack in the Linux firewall |
Memory corruption
Local Privilege Escalation |
Linux Kernel Organization |
Arthur Mongodin |
Bug Bounty | 2022-07-20 | 2023-06-13 |
1334 | Gitlab Project Import RCE Analysis (CVE-2022-2185) |
RCE |
GitLab |
Nguyễn Tiến Giang (@testanull) |
Bug Bounty | 2022-07-21 | 2023-06-13 |
1333 | How I Test For Web Cache Vulnerabilities + Tips And Tricks |
Web cache poisoning
Web cache deception |
NA |
Kevin (@bxmbn) |
Bug Bounty | 2022-07-21 | 2023-06-13 |
1332 | I mean, IDOR is NOT only about others ID |
IDOR |
NA |
can1337 (@canmustdie) |
Bug Bounty | 2022-07-22 | 2023-06-13 |
1330 | How I was able to Take over a support chat using leaked Keys |
Information disclosure |
NA |
Pliskin |
Bug Bounty | 2022-07-22 | 2023-06-13 |
1328 | WordPress Transposh: Exploiting a Blind SQL Injection via XSS - RCE Security |
SQL injection
XSS
Account takeover |
WordPress |
Julien Ahrens (@MrTuxracer) |
Bug Bounty | 2022-07-22 | 2023-06-13 |
1327 | SecStory: How I Found Multiple P1 Vulnerabilities without Recon |
Authentication flaw |
NA |
rvdt (@rival_rvdt) |
Bug Bounty | 2022-07-23 | 2023-06-13 |
1326 | Un3xpected DoS Attack on Profile Pictur3 |
DoS |
NA |
Roxst4r (@mveswar98) |
Bug Bounty | 2022-07-23 | 2023-06-13 |
1325 | $$$ bounty in less 3 minutes from a google dork |
Information disclosure |
NA |
Steiner254 (@steiner254) |
Bug Bounty | 2022-07-23 | 2023-06-13 |
1324 | How I made 300 GitHub repos point to my blog using Azure subdomains takeover |
Subdomain takeover |
NA |
0xPwN (@msd0s7) |
Bug Bounty | 2022-07-23 | 2023-06-13 |
1323 | A Developer’s Nightmare: Story of a simple IDOR and some poor fixes worth $1125 |
IDOR |
NA |
Marcos IAF (@marcos_iaf) |
Bug Bounty | 2022-07-24 | 2023-06-13 |
1322 | How I Gained Access To A Finance Company’s Accounts (Session Hijacking) |
Session fixation
Weak crypto |
NA |
Talha Karakumru |
Bug Bounty | 2022-07-25 | 2023-06-13 |
1321 | Technical Advisory – Multiple vulnerabilities in Nuki smart locks (CVE-2022-32509, CVE-2022-32504, CVE-2022-32502, CVE-2022-32507, CVE-2022-32503, CVE-2022-32510, CVE-2022-32506, CVE-2022-32508, CVE-2022-32505) |
Memory corruption
DoS
Broken Access Control
Sensitive Information Sent Over an Unencrypted Channel |
Nuki |
Daniel Romero (@daniel_rome) |
Bug Bounty | 2022-07-25 | 2023-06-13 |
1317 | DoS worth $650 ? Interesting right! |
DoS
Pixel flood attack |
NA |
Sagar Sajeev (@Sagar__Sajeev) |
Bug Bounty | 2022-07-25 | 2023-06-13 |
1316 | Outdated PHP Version leads to RCE |
RCE
Old components with known vulnerabilities |
NA |
iamdevansharya (@iamdevansharya) |
Bug Bounty | 2022-07-25 | 2023-06-13 |
1315 | Digging JS files to find BUGs |
IDOR
Information disclosure |
NA |
Adnan Malik (@adnanmalikinfo) |
Bug Bounty | 2022-07-25 | 2023-06-13 |
1314 | CVE-2022–36446 — Webmin 1.996 — Remote Code Execution (RCE — Authenticated) During Install New Packages |
RCE
OS command injection |
Webmin |
Emir Polat (@devilsgrins) |
Bug Bounty | 2022-07-26 | 2023-06-13 |
1313 | CVE-2022-26712: The POC for SIP-Bypass Is Even Tweetable |
MacOS
SIP bypass |
Apple |
Mickey Jin (@patch1t) |
Bug Bounty | 2022-07-26 | 2023-06-13 |