864 | PENTEST TALES: EXIF Data Manipulation |
Unrestricted file upload
Stored XSS |
NA |
Armand Jasharaj |
Bug Bounty | 2022-11-05 | 2023-06-13 |
863 | Directory traversal in PDF viewing application. Leading to full database takeover |
Path traversal |
NA |
Tom Wrinn |
Bug Bounty | 2022-11-05 | 2023-06-13 |
862 | Story of a $1k bounty β SSRF to leaking access token and other sensitive information |
SSRF |
NA |
Faique (@imfaiqu3) |
Bug Bounty | 2022-11-05 | 2023-06-13 |
861 | CVE-2022-26730 | ColorSync | Hoyt LLC |
MacOS
Memory corruption
RCE |
Apple |
David Hoyt (@h02332) |
Bug Bounty | 2022-11-05 | 2023-06-13 |
860 | Exploit Feature To Get High Bug impact |
Logic flaw |
NA |
Mohamed Anani (@0xm5awy) |
Bug Bounty | 2022-11-05 | 2023-06-13 |
859 | IDOR on Unsubscribe emails to $200 bounty. |
IDOR |
NA |
shbugger1 |
Bug Bounty | 2022-11-06 | 2023-06-13 |
856 | Exploring ZIP Mark-of-the-Web Bypass Vulnerability (CVE-2022-41049) |
Local Privilege Escalation
Windows |
Microsoft |
Kuba Gretzky (@mrgretzky) |
Bug Bounty | 2022-11-08 | 2023-06-13 |
853 | Some Tips to Finding IDORs more easily and Fixing them |
IDOR |
NA |
Xenon |
Bug Bounty | 2022-11-08 | 2023-06-13 |
852 | Netgear Nighthawk R7000P AWS_JSON Unauthenticated Double Stack Overflow Vulnerability |
Memory corruption |
Netgear |
Jean-Jamil Khalife |
Bug Bounty | 2022-11-09 | 2023-06-13 |
851 | My First Account Takeover |
Account takeover
Logic flaw |
NA |
JAI NIRESH J |
Bug Bounty | 2022-11-09 | 2023-06-13 |
850 | Jit-Picking: Differential Fuzzing of JavaScript Engines |
Browser hacking |
Mozilla |
Lukas Bernhard (@bernhl) |
Bug Bounty | 2022-11-09 | 2023-06-13 |
849 | Chaining Path Traversal with SSRF to disclose internal git repo data in a Bank Asset |
SSRF
Path traversal |
NA |
Nikhil (niks) (@niksthehacker) |
Bug Bounty | 2021-11-09 | 2023-06-13 |
848 | Sleep SQL injection on Name Parameter While Updating Profile |
SQL injection |
NA |
Umer Yousuf |
Bug Bounty | 2022-11-10 | 2023-06-13 |
843 | Discovering vendor-specific vulnerabilities in Android |
Android |
Samsung
Google |
Oversecured (@OversecuredInc) |
Bug Bounty | 2022-11-10 | 2023-06-13 |
842 | Windows Kernel: Exploit CVE-2022-35803 in Common Log File System |
Windows
Local Privilege Escalation
Type confusion |
Microsoft |
luckyu (@uuulucky) |
Bug Bounty | 2022-11-11 | 2023-06-13 |
841 | From Shodan Dork to Grafana πLocal File Inclusion |
LFI
Old components with known vulnerabilities |
NA |
Anurag__Verma |
Bug Bounty | 2022-11-11 | 2023-06-13 |
837 | CVE-2019-8561: A Hard-to-Banish PackageKit Framework Vulnerability in macOS |
MacOS
Local Privilege Escalation
SIP bypass |
Apple |
Mickey Jin (@patch1t) |
Bug Bounty | 2022-11-11 | 2023-06-13 |
836 | Finding Reflected XSS In A Strange Way |
XSS |
NA |
Raymond Lind |
Bug Bounty | 2022-11-11 | 2023-06-13 |
835 | How i get $100 in just 10 minutes ! |
Race condition |
NA |
Jody ritonga |
Bug Bounty | 2022-11-13 | 2023-06-13 |
833 | CVE-2022-32929 - Bypass iOS backup%27s TCC protection |
Local Privilege Escalation
TCC bypass
MacoS
iOS |
Apple |
Csaba Fitzl (@theevilbit) |
Bug Bounty | 2022-11-14 | 2023-06-13 |
832 | SSD Advisory β Cisco Secure Manager Appliance remediation_request_utils SQL Injection Remote Code Execution |
SQL injection
RCE
Security code review |
Cisco |
- |
Bug Bounty | 2022-11-14 | 2023-06-13 |
831 | SSD Advisory β Cisco Secure Manager Appliance jwt_api_impl Hardcoded JWT Secret Elevation of Privilege |
Hardcoded credentials
Security code review
JWT
Privilege escalation |
Cisco |
- |
Bug Bounty | 2022-11-14 | 2023-06-13 |
829 | Winning QR with DOM-Based XSS | Bug Bounty POC |
DOM XSS |
NA |
Haroon Hameed (@HaroonHameed40) |
Bug Bounty | 2022-11-15 | 2023-06-13 |
826 | Stealing passwords from infosec Mastodon - without bypassing CSP |
HTML injection |
Mastodon
infosec.exchange |
Gareth Heyes (@garethheyes) |
Bug Bounty | 2022-11-15 | 2023-06-13 |
824 | Relaying to AD Certificate Services over RPC |
Active Directory
ADCS
Windows |
NA |
Sylvain Heiniger (@sploutchy) |
Bug Bounty | 2022-11-16 | 2023-06-13 |