1140 | How can i get SQL Injection |
SQL injection |
NA |
Mohamed Abdelhady |
Bug Bounty | 2022-09-02 | 2023-06-13 |
1139 | The Database Handover | A Dumb Mistake | Critical BUG |
Information disclosure |
NA |
Saransh Saraf (@mr23r0) |
Bug Bounty | 2022-09-02 | 2023-06-13 |
1137 | Caching the Un-cacheables - Abusing URL Parser Confusions (Web Cache Poisoning Technique) |
Web cache poisoning
XSS
DoS |
Glassdoor |
Harel (@h4r3l) |
Bug Bounty | 2022-09-02 | 2023-06-13 |
1136 | Discovery of CVE-2022-35406 |
Logic flaw
Referer leakage |
PortSwigger |
Mr. Vrushabh (@doshi_vrushabh) |
Bug Bounty | 2022-09-03 | 2023-06-13 |
1135 | How I found my first SSRF to RCE! |
IDOR
SSRF
RCE |
NA |
Md. Asif Hossain (@0x0asif) |
Bug Bounty | 2022-09-04 | 2023-06-13 |
1133 | Simple IBM I (AS/400) Hacking |
Local Privilege Escalation
Midrange system
Menu security |
NA |
pz |
Bug Bounty | 2022-09-05 | 2023-06-13 |
1132 | SSD Advisory – Linux CONFIG_WATCH_QUEUE LPE |
Memory corruption
Race condition
Local Privilege Escalation |
Ubuntu
Linux Kernel Organization |
- |
Bug Bounty | 2022-09-05 | 2023-06-13 |
1129 | IDOR “Insecure direct object references”, my first P1 in Bugbounty |
IDOR |
NA |
jedus0r |
Bug Bounty | 2022-09-05 | 2023-06-13 |
1128 | How to Decrypt Manage Engine PMP Passwords for Fun and Domain Admin - a Red Teaming Tale |
Cryptographic issues |
Zoho (ManageEngine) |
smaury (@smaury92) |
Bug Bounty | 2022-09-05 | 2023-06-13 |
1127 | CVE-2022-34715: More Microsoft Windows NFS V4 Remote Code Execution |
RCE
Memory corruption |
Microsoft |
Quintin Crist |
Bug Bounty | 2022-09-06 | 2023-06-13 |
1126 | Bug Bounty { How I found an SSRF ( Reconnaissance ) } |
SSRF |
NA |
S Rahul (@7srambo) |
Bug Bounty | 2022-09-06 | 2023-06-13 |
1125 | CVE-2022-35405 Manage engines RCE (Password Manager Pro, PAM360 and Access Manager Plus) |
RCE |
Zoho |
Vinicius Pereira (@big0x75) |
Bug Bounty | 2022-09-08 | 2023-06-13 |
1123 | WordPress Core - Unauthenticated Blind SSRF |
SSRF |
WordPress |
Simon Scannell (@scannell_simon) |
Bug Bounty | 2022-09-06 | 2023-06-13 |
1122 | Exploiting Out-of-Band XXE in the Wild |
XXE
SSRF |
NA |
Mahmoud Youssef (@0xmahmoudjo0) |
Bug Bounty | 2022-09-06 | 2023-06-13 |
1121 | How to turn security research into profit: a CL.0 case study |
HTTP request smuggling
Desync attack |
NA |
James Kettle (@albinowax) |
Bug Bounty | 2022-09-08 | 2023-06-13 |
1116 | Zuckerpunch - Abusing Self Hosted Github Runners at Facebook |
CI/CD |
Meta / Facebook |
Marcus Young |
Bug Bounty | 2022-09-06 | 2023-06-13 |
1114 | Groovy Template Engine Exploitation – Notes from a real case scenario |
RCE |
NA |
Gianluca Baldi (@0x_nope) |
Bug Bounty | 2022-09-07 | 2023-06-13 |
1112 | Exploiting Laravel based applications with leaked APP_KEYs and Queues |
RCE |
NA |
Timo Müller (@mtimo44) |
Bug Bounty | 2022-09-07 | 2023-06-13 |
1111 | $900 Blind XSS |
Blind XSS |
NA |
ѕнín (@shinchina_) |
Bug Bounty | 2022-09-07 | 2023-06-13 |
1110 | Groovy Template Engine Exploitation – Notes from a real case scenario |
RCE
Code injection |
NA |
Gianluca Baldi (@0x_nope) |
Bug Bounty | 2022-09-07 | 2023-06-13 |
1109 | Step-by-Step Walkthrough of CVE-2022-32792 - WebKit B3ReduceStrength Out-of-Bounds Write |
Memory corruption
Browser hacking
Out-of-bounds Write |
Apple |
Daniel Lim (@daniellimws) |
Bug Bounty | 2022-09-08 | 2023-06-13 |
1105 | QUEST KACE Desktop Authority Pre-Auth Remote Code Execution (CVE-2021-44031) |
RCE
Path traversal |
Quest |
Tom Ellson (@tde_sec) |
Bug Bounty | 2022-09-08 | 2023-06-13 |
1104 | Fun With CORS |
CORS misconfiguration
Token leak |
NA |
Talis Ozols |
Bug Bounty | 2022-09-08 | 2023-06-13 |
1096 | How I found 3 rare security bug in a day |
Session expiration issue
Payment bypass
Lack of rate limiting |
NA |
zer0d |
Bug Bounty | 2022-09-10 | 2023-06-13 |
1095 | Privacy Violation In Chat System |
Privacy issue |
NA |
Inderjeet Singh - rashahacks |
Bug Bounty | 2022-09-12 | 2023-06-13 |