821 | CVE-2022-41622 and CVE-2022-41800 (FIXED): F5 BIG-IP and iControl REST Vulnerabilities and Exposures |
CSRF
RCE
RPM Spec Injection |
F5 |
Ron Bowes (@iagox86) |
Bug Bounty | 2022-11-16 | 2023-06-13 |
820 | The Story Of A Strange / Stored IDOR. |
IDOR |
NA |
Hassan Farooq |
Bug Bounty | 2022-11-16 | 2023-06-13 |
819 | Account Takeover Worth of $2500 |
Account takeover
IDOR |
NA |
Jefferson Gonzales (@gonzxph) |
Bug Bounty | 2022-11-16 | 2023-06-13 |
818 | Information Exposure — My Fourth Finding on Hackerone! |
Directory listing
Information disclosure |
NA |
mehedishakeel (@mehedishakeel) |
Bug Bounty | 2022-11-17 | 2023-06-13 |
817 | Got Another XSS using Double Encoding |
XSS |
NA |
ag3n7 |
Bug Bounty | 2022-11-17 | 2023-06-13 |
816 | Security concerns with the e-Tugra certificate authority |
Default credentials
Exposed registration page |
e-Tugra |
Ian Carroll (@iangcarroll) |
Bug Bounty | 2022-11-17 | 2023-06-13 |
814 | [RE:SCRUTINY] Delay Then Migrate Your Meterpreter |
Internal pentest
Lateral movement |
NA |
RE:HACK (@rehackxyz) |
Bug Bounty | 2022-11-17 | 2023-06-13 |
813 | Bypassing XSS filters using Double Encoding |
XSS
WAF bypass |
NA |
ag3n7 (@ag3n7apk) |
Bug Bounty | 2022-11-18 | 2023-06-13 |
812 | How i found 8 vulnerabilities in 24h? |
Logic flaw |
NA |
Mohamed Anani (@0xM5awy) |
Bug Bounty | 2022-11-18 | 2023-06-13 |
811 | $250 for Email account enumeration using “NameToMail” tool |
Username enumeration |
NA |
snoopy (@snoopy101101) |
Bug Bounty | 2022-11-18 | 2023-06-13 |
808 | Remote Command Execution in a Bank Server |
RCE
Arbitrary file read
Unrestricted file upload |
NA |
Bipin Jitiya (@win3zz) |
Bug Bounty | 2022-11-18 | 2023-06-13 |
807 | From Static domain to Account Takeover |
Account takeover
Logic flaw |
NA |
Demon (@R29k_) |
Bug Bounty | 2022-11-18 | 2023-06-13 |
806 | Remediation Archeology — Finding and Decoding an Ancient XSS |
XSS |
NA |
Bend Theory (@bendtheory) |
Bug Bounty | 2022-11-18 | 2023-06-13 |
805 | Russian roulette XSS |
Blind XSS |
NA |
Splintersec (@splint3rsec) |
Bug Bounty | 2022-11-19 | 2023-06-13 |
803 | How i found 29 stored XSS in modern framework |
Stored XSS |
NA |
Dewanand Vishal (@dewcode91) |
Bug Bounty | 2022-11-20 | 2023-06-13 |
801 | Hacking Smartwatches for Spear Phishing |
IoT
Phishing
Android |
NA |
Cybervelia (@cybervelia) |
Bug Bounty | 2022-11-20 | 2023-06-13 |
800 | My Account Takeover Writeup: $5000 |
Lack of rate limiting
Bruteforce |
NA |
MRD7 (@_mrd7_) |
Bug Bounty | 2022-11-21 | 2023-06-13 |
799 | Fastly Subdomain Takeover $2000 |
Subdomain takeover |
NA |
ValluvarSploit (@ValluvarSploit) |
Bug Bounty | 2022-11-21 | 2023-06-13 |
795 | SSD Advisory – NETGEAR R7800 AFPD PreAuth |
Memory corruption
Buffer Overflow |
Netgear |
- |
Bug Bounty | 2022-11-22 | 2023-06-13 |
794 | Interesting Stored XSS via meta data |
Stored XSS |
NA |
Veshraj Ghimire (@GhimireVeshraj) |
Bug Bounty | 2022-11-22 | 2023-06-13 |
793 | SSRF via DNS Rebinding (CVE-2022–4096) |
SSRF
DNS rebinding
TOCTOU |
Appsmith |
Basavaraj Banakar (@basu_banakar) |
Bug Bounty | 2022-11-22 | 2023-06-13 |
792 | CVE-2022-41924 - RCE in Tailscale, DNS Rebinding, and You |
RCE
DNS rebinding
Information disclosure |
Tailscale |
Jamie McClymont (@JJJollyjim) |
Bug Bounty | 2022-11-22 | 2023-06-13 |
791 | CVE-2021-40662 Chamilo LMS 1.11.14 RCE |
Stored XSS
CSRF
RCE |
Chamilo LMS |
Febin |
Bug Bounty | 2021-11-23 | 2023-06-13 |
789 | CVE-2022-32898: ANE_ProgramCreate() multiple kernel memory corruption |
Memory corruption
iOS
Kernel hacking |
Apple |
simo (@_simo36) |
Bug Bounty | 2022-11-23 | 2023-06-13 |
788 | How I get +10 SQLi and +30 XSS via Automation Tool |
SQL injection
XSS |
NA |
Mahmoud Attia (@0xElkot) |
Bug Bounty | 2022-11-23 | 2023-06-13 |