| 4208 | Multiple xss in *.skype.com |
XSS |
Microsoft |
Jayateertha Guruprasad (@JayateerthaG) |
Bug Bounty | 2019-04-10 | 2023-06-13 |
| 3965 | Kaspersky in the Middle – what could possibly go wrong? |
Clickjacking
Universal XSS
MiTM |
Kaspersky |
Wladimir Palant (@WPalant) |
Bug Bounty | 2019-08-19 | 2023-06-13 |
| 2845 | Spoofing and Attacking With Skype |
Spoofing |
Microsoft |
mr.d0x (@mrd0x) |
Bug Bounty | 2021-02-02 | 2023-06-13 |
| 2429 | Kaspersky Password Manager: All your passwords are belong to us |
Weak crypto |
Kaspersky |
Jean-Baptiste Bédrune |
Bug Bounty | 2021-07-06 | 2023-06-13 |
| 1881 | Command Injection in Google Cloud Shell |
RCE
OS command injection |
Google |
Ademar Nowasky Junior |
Bug Bounty | 2022-01-28 | 2023-06-13 |
| 1773 | Skype extension: All functionality broken? Still exploitable! |
Information disclosure
Privacy issue |
Microsoft |
Wladimir Palant (@WPalant) |
Bug Bounty | 2022-03-01 | 2023-06-13 |
| 1168 | SSRF leads to access AWS metadata. |
SSRF |
NA |
Akash Patil (@skypatil98) |
Bug Bounty | 2022-08-27 | 2023-06-13 |
| 1047 | Skype for Business Audit Part 1 - SKYPErsistence |
Local Privilege Escalation
Windows
Security code review |
Microsoft |
Florian Hauser (@frycos) |
Bug Bounty | 2022-09-22 | 2023-06-13 |
| 1030 | Skype for Business Audit Part 2 - SKYPErimeterleak |
SSRF
Security code review |
Microsoft |
Florian Hauser (@frycos) |
Bug Bounty | 2022-09-26 | 2023-06-13 |
| 995 | Melting the DNS Iceberg: Taking over your infrastructure Kaminsky style |
DNS cache poisoning
Kaminsky attack |
NA |
Timo Longin |
Bug Bounty | 2022-10-06 | 2023-06-13 |
| 891 | Blind SSRF in Skype (Microsoft) |
Blind SSRF |
Microsoft |
Jayateertha Guruprasad (@JayateerthaG) |
Bug Bounty | 2022-10-28 | 2023-06-13 |
| 318 | CVE-2022-36413 Unauthorized Reset Password of Zoho ManageEngine ADSelfService Plus |
Password reset
OTP bruteforce
Account takeover
Authentication bypass |
Zoho (ManageEngine) |
Sky |
Bug Bounty | 2023-03-10 | 2023-06-13 |
| 308 | Microsoft Defender for Cloud Management Port Exposure Confusion |
Cloud
Security misconfiguration |
Microsoft |
Aaron Sawitsky |
Bug Bounty | 2023-03-14 | 2023-06-13 |
| 168 | XS-Leak: Deanonymize Microsoft Skype Users by any 3rd-party websites |
XSLeaks |
Microsoft (Skype) |
Jayateertha Guruprasad (@JayateerthaG) |
Bug Bounty | 2023-04-21 | 2023-06-13 |
| 82 | LOLBINed — Finding “LOLBINs” In AV Uninstallers |
Local Privilege Escalation |
Kaspersky
F-Secure
Trend Micro
McAfee |
Nasreddine Bencherchali (@nas_bench) |
Bug Bounty | 2023-05-17 | 2023-06-13 |
