1050 | Tarfile: Exploiting the World With a 15-Year-Old Vulnerability |
Path traversal |
Python |
Kasimir Schulz (@Abraxus7331) |
Bug Bounty | 2022-09-21 | 2023-06-13 |
1049 | How I Found Multiple SQL Injections in 5 Minutes in Bug Bounty |
SQL injection |
NA |
Omar Hashem (@OmarHashem666) |
Bug Bounty | 2022-09-22 | 2023-06-13 |
1048 | Making HTTP header injection critical via response queue poisoning |
HTTP header injection
HTTP request smuggling |
NA |
James Kettle (@albinowax) |
Bug Bounty | 2022-09-22 | 2023-06-13 |
1047 | Skype for Business Audit Part 1 - SKYPErsistence |
Local Privilege Escalation
Windows
Security code review |
Microsoft |
Florian Hauser (@frycos) |
Bug Bounty | 2022-09-22 | 2023-06-13 |
1045 | My First XSS |
Open redirect
XSS |
NA |
Avyukt Syrine (@AvyuktSyrine) |
Bug Bounty | 2022-09-23 | 2023-06-13 |
1044 | My First Valid Bug “Bypass the Admin Panel” |
Authentication bypass |
NA |
Digant Prajapati |
Bug Bounty | 2022-09-23 | 2023-06-13 |
1043 | Arbitrary File Corruption: End - to - End Encrypted Messaging Application |
Insecure intent
Android |
NA |
Neil Mark Ochea (@nmochea) |
Bug Bounty | 2022-09-23 | 2023-06-13 |
1042 | WAF bypasses via 0days |
WAF bypass
Content-type confusion
Charset confusion |
ModSecurity |
Terjanq (@terjanq) |
Bug Bounty | 2022-09-23 | 2023-06-13 |
1041 | Pre-Auth Remote Code Execution - Web Page Test |
RCE
SSRF |
CatchPoint |
Laluka (@TheLaluka) |
Bug Bounty | 2022-09-23 | 2023-06-13 |
1040 | CVE-2022-35256 - HTTP Request Smuggling in NodeJS |
HTTP request smuggling |
Node.js |
VVX7 (@VV_X_7) |
Bug Bounty | 2022-09-23 | 2023-06-13 |
1039 | Complete take-over of Cisco Unified Communications Manager due consecutively misconfigurations |
Security misconfiguration
VoIP hacking |
NA |
hackthebox |
Bug Bounty | 2022-09-24 | 2023-06-13 |
1037 | Blind XSS on Admin Portal Leads to Information Disclosure |
Blind XSS |
NA |
Rohit Kumar (Rohit_443) |
Bug Bounty | 2022-09-24 | 2023-06-13 |
1036 | Escalating SSTI to Reflected XSS using curly braces {} |
SSTI
XSS |
NA |
Sagar Sajeev (@Sagar__Sajeev) |
Bug Bounty | 2022-09-24 | 2023-06-13 |
1034 | Shopping App Deeplink Arbitrary URLs |
Insecure deeplink
Android |
NA |
Neil Mark Ochea (@nmochea) |
Bug Bounty | 2022-09-25 | 2023-06-13 |
1032 | Blind account takeover |
Account takeover |
NA |
Bartłomiej Bergier (@_bergee_) |
Bug Bounty | 2022-09-25 | 2023-06-13 |
1030 | Skype for Business Audit Part 2 - SKYPErimeterleak |
SSRF
Security code review |
Microsoft |
Florian Hauser (@frycos) |
Bug Bounty | 2022-09-26 | 2023-06-13 |
1029 | “Hey Siri, follow that car!” - How traffic cameras expose your location through parking apps. |
Information disclosure
Session hijacking |
NA |
Inti De Ceukelaire (@securinti) |
Bug Bounty | 2022-09-26 | 2023-06-13 |
1028 | Discovering The Less-known Vulnerability In Oracle Peoplesoft |
TockenChpoken
Privilege escalation
Bruteforce
Cookie manipulation |
NA |
RE:HACK (@rehackxyz) |
Bug Bounty | 2022-09-26 | 2023-06-13 |
1026 | From nothing to AWS credentials |
SSRF |
NA |
(@darkandroider) |
Bug Bounty | 2022-09-27 | 2023-06-13 |
1025 | Another Tale Of IBM I (AS/400) Hacking |
Local Privilege Escalation
Midrange system
Menu security |
NA |
pz |
Bug Bounty | 2022-09-28 | 2023-06-13 |
1024 | Two RCEs are better than one: write-up of an interesting lateral movement |
Local Privilege Escalation
RCE |
NA |
Riccardo Malatesta (@seeu_inspace) |
Bug Bounty | 2022-09-28 | 2023-06-13 |
1023 | Exploits Explained: 5 Unusual Authentication Bypass Techniques |
Authentication bypass
JWT
CMS
SSO |
NA |
Ozgur Alp (@ozgur_bbh) |
Bug Bounty | 2022-09-28 | 2023-06-13 |
1022 | Practically-exploitable Cryptographic Vulnerabilities in Matrix |
Cryptographic issues |
Matrix |
Martin Albrecht (@martinralbrecht) |
Bug Bounty | 2022-09-28 | 2023-06-13 |
1020 | Apple CoreText - An Unexpected Journey to Learn about Failure |
Memory corruption |
Apple |
Daniel Lim Wee Soong (@daniellimws) |
Bug Bounty | 2022-09-29 | 2023-06-13 |
1019 | CVE-2022-37461: Two Reflected XSS Vulnerabilities in Canon Medical’s Vitrea View |
Reflected XSS |
Canon |
Jordan Hedges |
Bug Bounty | 2022-09-29 | 2023-06-13 |