899 | Hijacking AUR Packages by Searching for Expired Domains |
Subdomain takeover
Supply chain attack |
NA |
Joren Vrancken |
Bug Bounty | 2022-10-26 | 2023-06-13 |
897 | Misconfigured AWS S3 Bucket (Information Disclosure & Subdomain Takeover) |
AWS misconfiguration |
NA |
Gokhan Guzelkokar (@gkhck_) |
Bug Bounty | 2022-10-27 | 2023-06-13 |
896 | A 250$ CSS Injection — My First Finding on Hackerone! |
CSS injection |
NA |
Dsonbacker |
Bug Bounty | 2022-10-27 | 2023-06-13 |
894 | AWS SSRF to Root on production instance — A bug worth 1.75Lacs |
SSRF
RCE
Password reset |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2022-10-27 | 2023-06-13 |
893 | Abusing Windows’ tokens to compromise Active Directory without touching LSASS |
Local Privilege Escalation
Windows
Active Directory Privilege Escalation |
NA |
Aurélien Chalot (@Defte_) |
Bug Bounty | 2022-10-27 | 2023-06-13 |
892 | RCE docker api, but … |
RCE
Docker daemon misconfiguration |
NA |
nanwn |
Bug Bounty | 2022-10-28 | 2023-06-13 |
890 | CVE-2022-22241: Juniper SSLVPN / JunOS RCE and Multiple Vulnerabilities |
RCE
Phar deserialization
Reflected XSS
XPATH injection
Path traversal
LFI |
Juniper |
Paulos Yibelo (@PaulosYibelo) |
Bug Bounty | 2022-10-28 | 2023-06-13 |
889 | Technical Analysis of Windows CLFS Zero-Day Vulnerability CVE-2022-37969 - Part 1: Root Cause Analysis |
Local Privilege Escalation
Windows |
Microsoft |
Zscaler Threatlabz (@Threatlabz) |
Bug Bounty | 2022-10-28 | 2023-06-13 |
888 | How i was able to get free money via sending negative tokens |
Logic flaw
Payment tampering |
NA |
Mohamed Anani (@0xM5awy) |
Bug Bounty | 2022-10-28 | 2023-06-13 |
886 | Old RCE worth $3362. |
RCE |
NA |
nanwn |
Bug Bounty | 2022-10-30 | 2023-06-13 |
885 | 2FA Bypass due to information disclosure & Improper access control. |
DoS
MFA bypass |
NA |
Akash Hamal (@AkashHamal0x01) |
Bug Bounty | 2022-10-31 | 2023-06-13 |
883 | A tale of a simple Apple kernel bug |
Out-of-bounds Read
Memory corruption
MacOS
iOS |
Apple |
Jordy Zomer (@pwningsystems) |
Bug Bounty | 2022-10-31 | 2023-06-13 |
882 | Blind SQL Injection on Delete Request |
Blind SQL injection |
NA |
Jawad Mahdi (@hunter0x1) |
Bug Bounty | 2022-10-30 | 2023-06-13 |
881 | Safari is hot-linking images to semi-random websites |
Browser hacking
XSS |
Apple |
Gareth Heyes (@garethheyes) |
Bug Bounty | 2022-10-31 | 2023-06-13 |
880 | urlscan.io%27s SOAR spot: Chatty security tools leaking private data |
Information disclosure |
NA |
Fabian Bräunlein |
Bug Bounty | 2022-11-01 | 2023-06-13 |
879 | CVE−2022-3602: Punycode buffer overflow in OpenSSL |
Memory corruption
DoS |
OpenSSL |
Colm MacCárthaigh (@colmmacc) |
Bug Bounty | 2022-11-01 | 2023-06-13 |
876 | Improper Access Control — My Third Finding on Hackerone! |
HTML injection
Broken Access Control |
NA |
mehedishakeel (@mehedishakeel) |
Bug Bounty | 2022-11-02 | 2023-06-13 |
875 | Fuzzing For Hidden Params |
SQL injection |
NA |
calfcrusher |
Bug Bounty | 2022-11-02 | 2023-06-13 |
874 | Chaining Multiple Vulnerabilities Leads to Remote Code Execution (RCE) on One of the Payment Service Companies. |
Exposed registration page
Exposed Jenkins instance
Weak credentials
RCE |
NA |
Rohit Soni (@streetofhacker) |
Bug Bounty | 2022-11-02 | 2023-06-13 |
871 | Get Blind XSS within 5 Minutes — $100 |
Blind XSS |
NA |
Narayanan M |
Bug Bounty | 2022-11-03 | 2023-06-13 |
870 | The power of adaptability through experience. |
Lateral movement
Active Directory Privilege Escalation |
NA |
Mike Saunders (@hardwaterhacker) |
Bug Bounty | 2022-11-03 | 2023-06-13 |
869 | Invitation Hijacking |
Authorization flaw
Privilege escalation |
NA |
vFlexo (@vflexo) |
Bug Bounty | 2022-11-03 | 2023-06-13 |
868 | Case of Admin Bypass for RCE, XSS, and Information Disclosure |
RCE
Unrestricted file upload
Stored XSS
Information disclosure |
NA |
Sam Paredes (@caffeinevulns) |
Bug Bounty | 2022-11-03 | 2023-06-13 |
866 | CSRF Leads to Delete User Account |
CSRF |
NA |
Omarbakrey |
Bug Bounty | 2022-11-04 | 2023-06-13 |
865 | Practical Client Side Path Traversal Attacks |
Path traversal
Client-side Path Traversal
Open redirect
CSS injection |
Acronis |
Medi (@medi_0ne) |
Bug Bounty | 2022-11-04 | 2023-06-13 |