2775 | Web Cache Poisoning to Account Takeover |
Web cache poisoning
Account takeover |
NA |
Josh Fam (@Pullerze) |
Bug Bounty | 2021-02-21 | 2023-06-13 |
2774 | Grafana Admin Panel bypass in Google Acquisition(VirusTotal) |
Default credentials |
Google |
Jayateertha Guruprasad (@JayateerthaG) |
Bug Bounty | 2021-02-22 | 2023-06-13 |
2773 | CVE-2021-23827: Sakura Samurai discover cleartext pictures in Keybase Desktop Client; Windows, macOS, Linux |
Unencrypted storage |
Keybase |
John Jackson (@johnjhacking) |
Bug Bounty | 2021-02-22 | 2023-06-13 |
2772 | Security and Privacy of Social Logins (II): PostMessage Security in Single Sign-On |
DOM XSS
postMessage
DOM XSS |
SAP
The New York Times
CNET |
Louis Jannett (@iphoneintosh) |
Bug Bounty | 2021-02-22 | 2023-06-13 |
2771 | CSRF through URL with # tag parameter |
CSRF |
NA |
Tommysuriel |
Bug Bounty | 2021-02-25 | 2023-06-13 |
2770 | Hijacking Reset Password Link in https://www.niteflirt.com/ via Host Header Poising (Write Up) |
Host header injection
Account takeover
Password reset |
Niteflirt |
Evan Ricafort (@evanricafort) |
Bug Bounty | 2021-02-25 | 2023-06-13 |
2769 | Poisoning your Cache for 1000$ - Approach to Exploitation Walkthrough |
Web cache poisoning
Stored XSS |
NA |
Gal Nagli (@naglinagli) |
Bug Bounty | 2021-02-25 | 2023-06-13 |
2768 | Stealing user passwords through a VPN’s SSO |
Open redirect
SSTI |
NA |
Alain Mowat (@plopz0r) |
Bug Bounty | 2021-02-25 | 2023-06-13 |
2767 | Password Reset Token Leak via X-Forwarded-Host |
Host header injection
Account takeover
Password reset |
NA |
Saajan Bhujel (@saajanbhujel) |
Bug Bounty | 2021-02-26 | 2023-06-13 |
2766 | Account Takeover - Smoking with null’ |
Account takeover
Authentication flaw |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2021-02-26 | 2023-06-13 |
2765 | SSRF: Bypassing hostname restrictions with fuzzing |
SSRF |
Elastic |
Dominic (@dee__see) |
Bug Bounty | 2021-02-26 | 2023-06-13 |
2764 | IDOR which allowed me to view Personal Email Addresses of More than 50K Users! |
IDOR
Password reset |
NA |
Savir Suda (@savxiety) |
Bug Bounty | 2021-02-26 | 2023-06-13 |
2763 | CVE-2020–13956 |
Blind SSRF
URL parsing issue |
Apache HttpClient |
Priyank (@Rev_Octo) |
Bug Bounty | 2021-02-26 | 2023-06-13 |
2762 | Somebody Call The Plumber, GraphQL is Leaking Again… |
Information disclosure
GraphQL |
NA |
N0ur5 |
Bug Bounty | 2021-02-27 | 2023-06-13 |
2761 | Story About Stop 10000+ users to get Their job notification |
Logic flaw |
NA |
PJBorah |
Bug Bounty | 2021-02-27 | 2023-06-13 |
2760 | Host MITM attack via IPv6 rogue router advertisements (K8S CVE-2020-10749 / Docker CVE-2020-13401 / LXD / WSL2 / ...) |
MiTM |
Kubernetes |
Etienne Champetier / champtar |
Bug Bounty | 2021-02-28 | 2023-06-13 |
2759 | Kubernetes man in the middle using LoadBalancer or ExternalIPs (CVE-2020-8554) |
MiTM |
Kubernetes |
Etienne Champetier / champtar |
Bug Bounty | 2021-02-28 | 2023-06-13 |
2758 | Any Account Takeover Through Privilege Escalation |
Privilege escalation
Account takeover |
NA |
Shubham Chaskar (@chaskar_shubham) |
Bug Bounty | 2021-02-28 | 2023-06-13 |
2757 | Somebody Call The Plumber, GraphQL is Leaking Again… |
Information disclosure
GraphQL |
NA |
N0ur5 |
Bug Bounty | 2021-02-28 | 2023-06-13 |
2756 | Jira Auth Bypass bug in Google Acquisition (Apigee) |
Authentication bypass |
Google |
Jayateertha Guruprasad (@JayateerthaG) |
Bug Bounty | 2021-02-28 | 2023-06-13 |
2755 | Bragging Rights: Killing File Uploads softly |
Unrestricted file upload
Stored XSS |
NA |
Manas Harsh (@ManasH4rsh) |
Bug Bounty | 2021-02-28 | 2023-06-13 |
2754 | Admin Panel Accessed Via SQL Injection… (Ezy Boooom…😅) |
SQL injection |
NA |
Ratnadip Gajbhiye (@scspcommunity) |
Bug Bounty | 2021-02-28 | 2023-06-13 |
2753 | Big Bugs: Bitbucket Pipelines Kata Containers Build Container Escape |
RCE |
NA |
Alex Chapman (@ajxchapman) |
Bug Bounty | 2021-02-28 | 2023-06-13 |
2752 | SSRF to fetch AWS credentials with full access to multiple services |
SSRF |
NA |
Zonduhackerone (@zonduu1) |
Bug Bounty | 2021-02-28 | 2023-06-13 |
2751 | RocketChat - Unauthenticated access to messages |
Authorization flaw |
Rocket.Chat |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2021-03-01 | 2023-06-13 |