1187 | Break Me Out Of Sandbox In Old Pipe - CVE-2022-22715 Windows Dirty Pipe |
Local Privilege Escalation |
Microsoft |
k0shl (@KeyZ3r0) |
Bug Bounty | 2022-08-23 | 2023-06-13 |
1185 | [CVE-2020-2733] JD Edwards EnterpriseOne Tools admin password not adequately protected |
Information disclosure |
Oracle |
Vahagn Vardanyan (@vah_13) |
Bug Bounty | 2022-08-23 | 2023-06-13 |
1182 | Break the Logic: Insecure Parameters (€300) |
Parameter manipulation
Logic flaw
Mass assignment |
NA |
can1337 (@canmustdie) |
Bug Bounty | 2022-08-24 | 2023-06-13 |
1181 | 2-byte DoS in freebsd-telnetd / netbsd-telnetd / netkit-telnetd / inetutils-telnetd / telnetd in Kerberos Version 5 Applications - Binary Golf Grand Prix 3 |
DoS |
FreeBSD Security Team |
Pierre Kim (@PierreKimSec) |
Bug Bounty | 2022-08-24 | 2023-06-13 |
1177 | Chaining Telegram bugs to steal session-related files. |
Arbitrary file read
Android |
Telegram |
Sayed Abdelhafiz (@dPhoeniixx) |
Bug Bounty | 2022-08-25 | 2023-06-13 |
1173 | Break the Logic: 5 Different Perspectives in Single Page (€1500) |
Client-side enforcement of server-side security
IDOR
Authorization flaw |
NA |
can1337 (@canmustdie) |
Bug Bounty | 2022-08-26 | 2023-06-13 |
1169 | Improper Input Validation Leads To Email Spamming |
Email content injection |
NA |
Akshay Ravi (@AKSHAYC09YC47) |
Bug Bounty | 2022-08-27 | 2023-06-13 |
1168 | SSRF leads to access AWS metadata. |
SSRF |
NA |
Akash Patil (@skypatil98) |
Bug Bounty | 2022-08-27 | 2023-06-13 |
1167 | The Million Dollar IDOR |
IDOR
Race condition
GraphQL |
NA |
Monish Basaniwal |
Bug Bounty | 2022-08-27 | 2023-06-13 |
1166 | CSRF Vulnerability In The NodeJS Ecosystem |
CSRF |
Node.js third-party modules (csurf) |
Adrian Tiron (@adrian__t) |
Bug Bounty | 2022-08-28 | 2023-06-13 |
1165 | Unsubscribe any user’s e-mail notifications via IDOR |
IDOR |
NA |
Sagar Sajeev (@Sagar__Sajeev) |
Bug Bounty | 2022-08-28 | 2023-06-13 |
1164 | How I found reflected XSS on IDFC Bank with burp-suite Intruder |
Reflected XSS |
IDFC Bank |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2022-08-28 | 2023-06-13 |
1163 | Out-Of-Bond Remote code Execution(RCE) on De Nederlandsche Bank N.V. with burp-suite collaborator |
OS command injection
RCE |
De Nederlandsche Bank |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2022-08-28 | 2023-06-13 |
1162 | How I bypassed Reflected XSS in well-known platform |
XSS |
NA |
Iori Yagami |
Bug Bounty | 2022-08-29 | 2023-06-13 |
1161 | Bypassing Amazon WAF to pop an alert() |
WAF bypass
XSS |
NA |
Manash (@manash036) |
Bug Bounty | 2022-08-29 | 2023-06-13 |
1157 | CVE-2021-38297 – Analysis of a Go Web Assembly vulnerability |
Memory corruption |
NA |
Uriya Yavnieli (@uriya_yavniely) |
Bug Bounty | 2022-08-30 | 2023-06-13 |
1156 | Found SQL Injection Vulnerability on Government Organization Website! |
SQL injection |
NA |
mehedishakeel (@mehedishakeel) |
Bug Bounty | 2022-08-30 | 2023-06-13 |
1154 | IDOR at Login function leads to leak user’s PII data |
IDOR
Information disclosure |
NA |
Eslam Akl (@eslam3kll) |
Bug Bounty | 2022-08-30 | 2023-06-13 |
1153 | mfa bypass in private program, the abdulsec way |
MFA bypass |
NA |
abdulsec (@moodiAbdoul) |
Bug Bounty | 2022-08-30 | 2023-06-13 |
1152 | CVE-2022-26113: FortiClient Arbitrary File Write As SYSTEM |
Arbitrary file write
Local Privilege Escalation |
Fortinet |
David Yesland (@daveysec) |
Bug Bounty | 2022-08-30 | 2023-06-13 |
1151 | HTMLI/XSS - Crafting a better PoC |
XSS
HTML injection |
NA |
RiotSecurityTeam (@RiotSecTeam) |
Bug Bounty | 2022-08-30 | 2023-06-13 |
1149 | Vulnerability in TikTok Android app could lead to one-click account hijacking |
Insecure deeplink
Android |
TikTok |
Microsoft 365 Defender Research Team |
Bug Bounty | 2022-08-31 | 2023-06-13 |
1148 | How reading robots.txt file got me 4 XSS reports ? |
XSS |
NA |
Ahmed Qaramany (@c0nqr0r) |
Bug Bounty | 2022-08-31 | 2023-06-13 |
1146 | SETTLERS OF NETLINK: Exploiting a limited UAF in nf_tables (CVE-2022-32250) |
Memory corruption
Local Privilege Escalation |
Ubuntu
Linux Kernel Organization |
Cedric Halbronn (@saidelike) |
Bug Bounty | 2022-09-01 | 2023-06-13 |
1142 | AngularJS Client-Side Template Injection: The orderBy Filter. |
CSTI |
NA |
Jay |
Bug Bounty | 2022-09-01 | 2023-06-13 |