Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1270SSD Advisory – Apple Safari ICU Out-Of-Bounds Write Memory corruption Out-of-bounds Write Apple Dohyun Lee (@l33d0hyun) Bug Bounty2022-08-072023-06-13
1268From Shodan to RCE: That one time I hacked a Fortune 500 company. Missing authentication Arbitrary file read RCE Exposed Jenkins instance NA vimanari_ (@vimanari_) Bug Bounty2022-08-082023-06-13
1267Simple Open Redirect Bypass. Open redirect NA Harshad Gaikwad (@h4rsh4d) Bug Bounty2022-08-092023-06-13
1266Bypassed Cloudflare’s Web Application Firewall (WAF) XSS HTML injection WAF bypass NA Ansh Vaid (@anshvaid4) Bug Bounty2022-08-092023-06-13
1264From Shared Dash to Root Bash :: Pre-Authenticated RCE in VMWare vRealize Operations Manager Authentication bypass Information disclosure Local Privilege Escalation VMware Steven Seeley (@steventseeley) Bug Bounty2022-08-092023-06-13
1261The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I) Memory corruption Race condition Local Privilege Escalation Android Linux Kernel Organization Google Samsung Xingyu Jin Bug Bounty2022-08-102023-06-13
1260iOS Privacy: Instagram and Facebook can track anything you do on any website in their in-app browser Privacy issue Meta / Facebook Felix Krause (@KrauseFx) Bug Bounty2022-08-102023-06-13
1259Defeat the HttpOnly flag to achieve Account Takeover | RXSS Reflected XSS Account takeover NA Mohamed Tarek (@timooon107) Bug Bounty2022-08-102023-06-13
1258403 Forbidden Bypass Leading to Admin Endpoint Access. 403 bypass Information disclosure NA Christian Dray (@G0ds0nXY) Bug Bounty2022-08-102023-06-13
1257Google Cloud Shell - Command Injection OS command injection RCE Cloud Google Bugra Eskici (@bugraeskici) Bug Bounty2022-08-102023-06-13
1254Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling HTTP Request Smuggling Desync attack AWS Amazon Akamai Cisco Verisign Pulse Secure Varnish James Kettle (@albinowax) Bug Bounty2022-08-102023-06-13
1253Advanced Inter-Process Desynchronization in SAP’s HTTP Server Memory corruption RCE HTTP Request Smuggling Web cache poisoning Desync attack SAP Martin Doyhenard (@tincho_508) Bug Bounty2022-08-102023-06-13
1252Web Cache Deception Escalates! Web cache deception NA Seyed Ali Mirheidari Bug Bounty2022-08-102023-06-13
1251Mining Node.js Vulnerabilities via Object Dependence Graph and Query RCE OS command injection Prototype pollution Path traversal NA Song Li Bug Bounty2022-08-102023-06-13
1250Identity Confusion in WebView-based Mobile App-in-app Ecosystems Android iOS Alipay Lei Zhang, Zhibo Zhang, Ancong Liu, Yinzhi Cao, Xiaohan Zhang, Yanjun Chen, Yuan Zhang, Guangliang Yang & Min Yang Bug Bounty2022-08-112023-06-13
1246The cloud has an isolation problem: PostgreSQL vulnerabilities affect multiple cloud vendors Privilege escalation Cross-tenant vulnerability OS command injection Local Privilege Escalation Cloud Google Microsoft Aiven Shir Tamari (@shirtamari) Bug Bounty2022-08-112023-06-13
1245IAM Whoever I Say IAM :: Infiltrating VMWare Workspace ONE Access Using a 0-Click Exploit Authentication bypass Information disclosure CSRF RCE Local Privilege Escalation VMware Steven Seeley (@steventseeley) Bug Bounty2022-08-112023-06-13
1244FRAMESHIFTER: Security Implications of HTTP/2-to-HTTP/1 Conversion Anomalies HTTP Request Smuggling DoS NA Bahruz Jabiyev (@BahruzJabiyev) Bug Bounty2022-08-112023-06-13
1243Amazon Cognito misconfiguration lead to account takeover Account takeover NA Hossam Ahmed (@iknowhatodo0x01) Bug Bounty2022-08-122023-06-13
1242File Upload Bypass to RCE == $$$$ Unrestricted file upload RCE NA Sagar Sajeev (@Sagar__Sajeev) Bug Bounty2022-08-122023-06-13
1238Exploiting CVE-2022-24816: A Code Injection In The Jt-jiffle Extension Of Geoserver RCE Code injection NA Remsio (@_remsio_) Bug Bounty2022-08-122023-06-13
1237DOM Cross-Site Scripting Via postMessage in AnnounceKit DOM XSS Announcekit Lorenzo Stella (@lorenzostella) Bug Bounty2022-08-122023-06-13
1235Bypassing unexpected IDOR IDOR 40x bypass NA Bharatsingh Bug Bounty2022-08-132023-06-13
1234An Unusual Tale of Email Verification Bypass Email verification bypass Bruteforce Rate limiting bypass NA Sagar Sajeev (@Sagar__Sajeev) Bug Bounty2022-08-132023-06-13
1233Escalating Open Redirect to XSS Open redirect XSS NA Sagar Sajeev (@Sagar__Sajeev) Bug Bounty2022-08-132023-06-13