| 3798 | Google Chrome portal element fuzzing |
RCE
Memory corruption
Buffer Overflow
Use-After-Free |
Google |
Pawel Wylecial (@h0wlu) |
Bug Bounty | 2019-12-06 | 2023-06-13 |
| 3797 | $150 XSS at Error Page of Respository Code |
Reflected XSS |
NA |
Navneet (@na5n33t) |
Bug Bounty | 2019-12-07 | 2023-06-13 |
| 3796 | HTML Injection to XSS bypass in [REDACTED.com] |
Reflected XSS |
NA |
Evan Ricafort (@evanricafort) |
Bug Bounty | 2019-12-07 | 2023-06-13 |
| 3795 | Reusing Cookies |
Session management issue |
NA |
Ricardo Iramar dos Santos |
Bug Bounty | 2019-12-07 | 2023-06-13 |
| 3794 | Spilling Local Files via XXE when HTTP OOB fails |
XXE |
NA |
Rahul Maini (@iamnoooob) |
Bug Bounty | 2019-12-07 | 2023-06-13 |
| 3793 | Telegram (v4.9.155353) was rendering file:// links + opening them via NSWorkspace.open -> code execution. |
RCE |
Telegram |
Vladimir Metnew (@vladimir_metnew) |
Bug Bounty | 2019-12-08 | 2023-06-13 |
| 3791 | Authentication Bypass |
MFA bypass |
NA |
Rushiikesh (@u1tran00b) |
Bug Bounty | 2019-12-09 | 2023-06-13 |
| 3788 | Blind XSS (A mind game to win the battle) |
Blind XSS |
NA |
Dirtycoder (@dirtycoder0124) |
Bug Bounty | 2019-12-11 | 2023-06-13 |
| 3787 | SSRF via FFmpeg HLS processing |
SSRF |
NA |
Pflash Punk (@PflashPunk) |
Bug Bounty | 2019-12-11 | 2023-06-13 |
| 3786 | A $25 Easy Bug. |
Session management issue |
NA |
Navneet (@na5n33t) |
Bug Bounty | 2019-12-12 | 2023-06-13 |
| 3784 | Multiple Host Header Attacks after bypassing protection with… a Header Attack |
Host header injection |
NA |
vict0ni (@vict0ni) |
Bug Bounty | 2019-12-12 | 2023-06-13 |
| 3781 | Vimeo upload function SSRF |
SSRF |
NA |
Sayed Abdelhafiz (@dPhoeniixx) |
Bug Bounty | 2019-12-15 | 2023-06-13 |
| 3780 | Authorization bug that every bug hunter missed on a popular program |
Authorization flaw |
NA |
Ajinkya Pathare (@fellchase) |
Bug Bounty | 2019-12-15 | 2023-06-13 |
| 3778 | How I Took Over 2 Subdomains with Azure CDN Profiles |
Subdomain takeover |
NA |
m0chan (@m0chan98) |
Bug Bounty | 2019-12-16 | 2023-06-13 |
| 3777 | Stored Iframe Injection + CSRF = Account Takeover 😎😎 |
HTML injection
CSRF |
NA |
Rounak Dhadiwal (@XploiteR_D) |
Bug Bounty | 2019-12-16 | 2023-06-13 |
| 3776 | Inf0rM@tion Disclosure via IDOR |
IDOR |
NA |
Pratyush Anjan Sarangi |
Bug Bounty | 2019-12-16 | 2023-06-13 |
| 3774 | Abusing feature to steal your tokens |
OAuth |
NA |
Harsh Jaiswal (@rootxharsh) |
Bug Bounty | 2019-12-17 | 2023-06-13 |
| 3773 | Javascript Anti Debugging - Abusing SourceMappingURL |
Browser hacking |
Google (Chromium) |
Gal Weizman (@WeizmanGal) |
Bug Bounty | 2019-12-17 | 2023-06-13 |
| 3771 | #BugBounty — How Snapdeal (India’s Popular E-commerce Website) Kept their Users Data at Risk! |
Insecure storage of sensitive information |
Snapdeal |
Nanda Kumar (@nk00_nk) |
Bug Bounty | 2019-12-19 | 2023-06-13 |
| 3770 | Account Takeover Through Password Reset Poisoning |
Password reset
Account takeover |
NA |
Vishal Bharad |
Bug Bounty | 2019-12-19 | 2023-06-13 |
| 3769 | Bypassing Captcha ! |
Captcha bypass |
NA |
Abhishek Yadav (@abhishake100) |
Bug Bounty | 2019-12-20 | 2023-06-13 |
| 3768 | Full Account Takeover (Android Application) |
Information disclosure
Account takeover |
NA |
Vishal Bharad |
Bug Bounty | 2019-12-21 | 2023-06-13 |
| 3764 | CSRF Token Bypasss — A Tale of my $2k bug |
CSRF
Account takeover |
NA |
Adeyefa Oluwatoba (@adeyefa_codes) |
Bug Bounty | 2019-12-23 | 2023-06-13 |
| 3763 | GraphQL IDOR leads to information disclosure |
IDOR |
NA |
Eshan Singh (@R0X4R) |
Bug Bounty | 2019-12-24 | 2023-06-13 |
| 3762 | Bugbounty | A DOM XSS |
DOM XSS |
NA |
Jinone (@jinonehk) |
Bug Bounty | 2019-12-24 | 2023-06-13 |
