1311 | Advisory | Roxy-WI Unauthenticated Remote Code Executions CVE-2022-31137 |
RCE
Authentication bypass |
Roxy-WI |
Nuri Çilengir (@ncilengir) |
Bug Bounty | 2022-07-26 | 2023-06-13 |
1309 | Disclosing information with a side-channel in Django |
Side channel attack |
Django |
Dennis Brinkrolf (@DBrinkrolf) |
Bug Bounty | 2022-07-26 | 2023-06-13 |
1308 | CVE-2022-31813: Forwarding Addresses Is Hard |
Host header injection
DoS
IP address spoofing |
Internet Bug Bounty (Apache HTTPD) |
Gaetan Ferry (@_mabote_) |
Bug Bounty | 2022-07-26 | 2023-06-13 |
1307 | HTTP Parameter Pollution - It’s Contaminated Again |
HTTP parameter pollution
Rate limiting bypass |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2022-07-26 | 2023-06-13 |
1300 | Researching Open Source apps for XSS to RCE flaws |
XSS
RCE |
NA |
Aleksey Solovev |
Bug Bounty | 2022-07-28 | 2023-06-13 |
1297 | Arris / Arris-variant DSL/Fiber router critical vulnerability exposure |
Path traversal
Memory corruption |
ARRIS |
Derek Abdine (@dabdine) |
Bug Bounty | 2022-07-29 | 2023-06-13 |
1296 | Business logic vulnerabilities |
Logic flaw
Payment tampering |
NA |
Sagar Sajeev (@Sagar__Sajeev) |
Bug Bounty | 2022-07-29 | 2023-06-13 |
1295 | Discord Desktop - Remote Code Execution |
RCE
XSS
Sandbox bypass
CSP bypass |
Discord |
s1r1us (@s1r1u5_) |
Bug Bounty | 2022-07-29 | 2023-06-13 |
1293 | My Second CVE (CVE-2022-31855) |
OS command injection
Local Privilege Escalation |
RStudio |
y0ung_dst (@Y0ung_MA) |
Bug Bounty | 2022-07-30 | 2023-06-13 |
1292 | How I Earned €150 in 2 Minutes | HTML injection in email |
HTML injection |
NA |
Thillai Raj |
Bug Bounty | 2022-07-30 | 2023-06-13 |
1291 | How I get Full Account Takeover via stealing action’s login form | XSS |
XSS
Account takeover |
NA |
Mohamed Tarek (@timooon107) |
Bug Bounty | 2022-08-01 | 2023-06-13 |
1290 | Analysis of Adobe Acrobat Reader Javascript Doc.print() Use-After-Free Vulnerability (CVE-2022-34233) |
Memory corruption |
Adobe |
ThreatLabz (@Threatlabz) |
Bug Bounty | 2022-08-01 | 2023-06-13 |
1289 | How I earned $10,000 within the last 7 months — a 17y/o Edition |
Authorization flaw |
NA |
Gowtham Naidu Ponnana (@gowtham_ponnana) |
Bug Bounty | 2022-08-01 | 2023-06-13 |
1288 | Stored XSS to Account Takeover : Going beyond document.cookie | Stealing Session Data from IndexedDB |
Stored XSS
Account takeover |
NA |
Syed Mushfik Hasan Tahsin (@SMHTahsin33) |
Bug Bounty | 2022-08-02 | 2023-06-13 |
1286 | How I earned 500$ by uploading a file: write-up of one of my first bug bounty |
Unrestricted file upload |
Semrush |
Riccardo Malatesta (@seeu_inspace) |
Bug Bounty | 2022-08-02 | 2023-06-13 |
1285 | Multiple bugs in one program leads to 1500€ |
Privilege escalation
IDOR
Authorization flaw |
NA |
can1337 (@canmustdie) |
Bug Bounty | 2022-08-02 | 2023-06-13 |
1282 | Elasticsearch A Easy Win For Bug Bounty Hunters || How To Find and Report |
Information disclosure |
NA |
Tamim Hasan (@tamimhasan404) |
Bug Bounty | 2022-08-03 | 2023-06-13 |
1281 | Hijacking email with Cloudflare Email Routing |
HTTP response manipulation
Privilege escalation |
NA |
Albert Pedersen (@AlbertSPedersen) |
Bug Bounty | 2022-08-03 | 2023-06-13 |
1280 | Came looking for SSRF and found XSS |
XSS
WAF bypass |
NA |
Ibrahim Radi (@ibraradi9) |
Bug Bounty | 2022-08-04 | 2023-06-13 |
1277 | CVE-2022-31660 and CVE-2022-31661 (FIXED): VMware Workspace ONE Access, Identity Manager, and vRealize Automation LPE |
Local Privilege Escalation |
VMware |
Spencer McIntyre (@zeroSteiner) |
Bug Bounty | 2022-08-05 | 2023-06-13 |
1276 | Revisiting OMI: Analysis of CVE-2022-29149, a privilege escalation vulnerability in Azure OMI |
Local Privilege Escalation
Cloud |
Microsoft |
Nir Ohfeld (@nirohfeld) |
Bug Bounty | 2022-08-05 | 2023-06-13 |
1275 | How i was able to get 29 free products. | Bug Bounty |
Race condition |
NA |
Fırat |
Bug Bounty | 2022-08-06 | 2023-06-13 |
1274 | CVE-2022-29582 - An io_uring vulnerability |
Memory corruption |
Google |
Jayden (@Awarau1) |
Bug Bounty | 2022-08-06 | 2023-06-13 |
1272 | Liferay revisited: A tale of 20k$ |
RCE |
NA |
VNG Security Response Center (@vngsecresponse) |
Bug Bounty | 2022-08-06 | 2023-06-13 |
1271 | 2FA Bypass via Google Identity & OAuth Login |
MFA bypass
Account takeover |
NA |
Sharat Kaikolamthuruthil (@sharp488) |
Bug Bounty | 2022-08-07 | 2023-06-13 |