| 2999 | Chaining Multiple Requests to Achieve Rate Limiting Vulnerabilities |
Rate limiting bypass |
NA |
Ahmad Halabi (@Ahmad_Halabi_) |
Bug Bounty | 2020-11-29 | 2023-06-13 |
| 2998 | WonderCMS 3.1.3 - Authenticated RCE & Blind SSRF Vulnerability |
Blind SSRF
RCE |
WonderCMS |
Mas Zet (@zetc0de) |
Bug Bounty | 2020-11-29 | 2023-06-13 |
| 2997 | AliExpress Captcha Reuse |
Captcha bypass |
Aliexpress |
Unicorn Security |
Bug Bounty | 2020-11-30 | 2023-06-13 |
| 2996 | Exploiting Blind Postgresql Injection And Exfiltrating Data In Psycopg2 |
SQL injection |
NA |
Shawar Khan (@ShawarkOFFICIAL) |
Bug Bounty | 2020-11-30 | 2023-06-13 |
| 2995 | Chaining vulnerabilities lead to account takeover |
Account takeover
Password reset
Open redirect
Lack of rate limiting |
NA |
Ahmed (@ahzsec) |
Bug Bounty | 2020-12-01 | 2023-06-13 |
| 2994 | An iOS zero-click radio proximity exploit odyssey |
iOS
Memory corruption
Buffer Overflow |
Apple |
Ian Beer (@i41nbeer) |
Bug Bounty | 2020-12-01 | 2023-06-13 |
| 2993 | Hacking — Always check out the Images |
Information disclosure |
GitLab |
Jack |
Bug Bounty | 2020-12-02 | 2023-06-13 |
| 2992 | SSTI to Local File Read |
SSTI
LFI |
NA |
Demon (@R29k_) |
Bug Bounty | 2020-12-02 | 2023-06-13 |
| 2991 | Leaking Browser URL/Protocol Handlers |
Information disclosure |
Google
Microsoft
Mozilla |
Tabahi (@_tabahi) |
Bug Bounty | 2020-12-03 | 2023-06-13 |
| 2990 | Site Wide CSRF On Glassdoor |
CSRF |
Glassdoor |
Tabahi (@_tabahi) |
Bug Bounty | 2020-12-03 | 2023-06-13 |
| 2989 | Cross Site Scripting (XSS) Reflected in one of the subdomains of “General Motors”(Bugbounty) |
Reflected XSS |
General Motors |
- |
Bug Bounty | 2020-12-03 | 2023-06-13 |
| 2988 | Leaking Credit card Activity in logs? Yes Sir! |
Information disclosure |
NA |
Rody Shahnazarian (@Komradz86) |
Bug Bounty | 2020-12-03 | 2023-06-13 |
| 2987 | $10000 Facebook SSRF (Bug Bounty) |
SSRF |
Meta / Facebook |
Amine Aboud (@amineaboud) |
Bug Bounty | 2020-12-03 | 2023-06-13 |
| 2986 | Opera Browser Cross Site Scripting (XSS) |
XSS
Android |
Opera |
Neil Mark Ochea (@nmochea) |
Bug Bounty | 2020-12-05 | 2023-06-13 |
| 2985 | How Redirects work on Facebook? Technical breakdown |
Open redirect |
Meta / Facebook |
Abhisek R (@abh1sek_r) |
Bug Bounty | 2020-12-06 | 2023-06-13 |
| 2984 | RCE via LFI Log Poisoning - The Death Potion |
RCE
LFI
Log poisoning |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2020-12-06 | 2023-06-13 |
| 2983 | [CVE-2019-17674 & CVE-2020-11025] Stored XSS through navigation menu item edited in Customizer in Wordpress (Write Up) |
Stored XSS |
WordPress |
Evan Ricafort (@evanricafort) |
Bug Bounty | 2020-12-06 | 2023-06-13 |
| 2982 | Story of the best vulnerability I’ve found so far… |
Self-XSS
Blind XSS
Account takeover |
NA |
Vedant Tekale (@_justYnot) |
Bug Bounty | 2020-12-07 | 2023-06-13 |
| 2981 | "Important, Spoofing" - zero-click, wormable, cross-platform remote code execution in Microsoft Teams |
RCE
Stored XSS
CSP bypass
CSTI |
Microsoft |
Oskars Vegeris |
Bug Bounty | 2020-12-07 | 2023-06-13 |
| 2980 | Facebook push notification linkshim bypassed |
Open redirect |
Meta / Facebook |
Neil Mark Ochea (@nmochea) |
Bug Bounty | 2020-12-07 | 2023-06-13 |
| 2979 | How I Was Able To Take Over One Of Dell’s Subdomains |
Subdomain takeover |
Dell |
Taha Bıyıklı (@tahabykl) |
Bug Bounty | 2020-12-08 | 2023-06-13 |
| 2978 | Facebook leak referrer data |
Open redirect |
Meta / Facebook |
Neil Mark Ochea (@nmochea) |
Bug Bounty | 2020-12-08 | 2023-06-13 |
| 2977 | Hacking — Tamper with the URL Parameters, especially if they modify the page |
HTTP parameter pollution |
NA |
Jack |
Bug Bounty | 2020-12-09 | 2023-06-13 |
| 2976 | Content-Security-Policy Bypass to perform XSS using MIME sniffing |
XSS
CSP bypass |
NA |
Kleiton Kurti (@kleiton0x7e) |
Bug Bounty | 2020-12-10 | 2023-06-13 |
| 2975 | Game On – Finding vulnerabilities in Valve’s “Steam Sockets” |
Memory corruption |
Valve |
Eyal Itkin (@EyalItkin) |
Bug Bounty | 2020-12-10 | 2023-06-13 |
