Found 6171 resources related to

ID Title Tags Programs Authors Bounty Publication Date
1 Encoding Differentials: Why Charset Matters XSS - Stefan Schiller (@scryh_) - 2024-07-15
2 SSD Advisory – SonicWall SMA100 Stored XSS To RCE RCE, OS command injection, Stored XSS SonicWall SeongJoon Cho - 2024-07-12
3 Bidding Like a Billionaire - Stealing NFTs With 4-Char CSTIs CSTI - Matan Berson (@MtnBer) - 2024-07-11
4 Chaining Three Bugs to Access All Your ServiceNow Data RCE, SSTI, Security code review ServiceNow Adam Kues (@hash_kitten) - 2024-07-11
5 A Race to the Bottom - Database Transactions Undermining Your AppSec Race condition - Viktor Chuchurski (@viktorot) - 2024-07-11
6 Dynamics 365 Business Central - A Journey With Ups and Downs Insecure deserialization, Missing authentication Microsoft Florian Hauser (@frycos) - 2024-07-10
7 Evernote RCE: From PDF.js font-injection to All-platform Electron exposed ipcRenderer with listened BrokerBridge Remote-Code Execution RCE, XSS, Electron, Thick client Evernote Patrick Peng (@retr0reg) - 2024-07-10
8 GitHub Actions Exploitation: Repo Jacking And Environment Manipulation Repojacking, Supply chain attack Microsoft (Azure), Swagger, Google (Firebase), Alibaba Hugo Vincent (@hugow_vincent) - 2024-07-10
9 Lessons Learned From Exposing Unusual XSS Vulnerabilities DOM XSS, postMessage, Chatbot Replicate, ZoomInfo Ron Masas (@RonMasas) - 2024-07-09
10 CVE-2024-29511 – Abusing Ghostscript’s OCR device Arbitrary file read, Arbitrary file write, Security code review Ghostscript Thomas Rinsma (@thomasrinsma) - 2024-07-09
11 WhatsUp Gold SetAdminPassword Privilege Escalation (CVE-2024-5009) Local Privilege Escalation, Security code review Progress (WhatsUp Gold) Sina Kheirkhah (@SinSinology) - 2024-07-08
12 WhatsUp Gold Pre-Auth RCE WriteDataFile Primitive (CVE-2024-4883) RCE, Path traversal, Security code review Progress (WhatsUp Gold) Sina Kheirkhah (@SinSinology) - 2024-07-08
13 WhatsUp Gold Pre-Auth RCE GetFileWithoutZip Primitive (CVE-2024-4885) RCE, Path traversal, Security code review Progress (WhatsUp Gold) Sina Kheirkhah (@SinSinology) - 2024-07-08
14 Plormbing Your Prisma ORM With Time-based Attacks ORM Leak, ReDoS, Timing attack - Alex Brown - 2024-07-08
15 $500 for Cracking Invitation Code For Unauthorized Access & Account Takeover OTP bruteforce, Account takeover - Abhi Sharma (@a13h1_) $500 2024-07-07
16 Universal Code Execution by Chaining Messages in Browser Extensions Universal XSS, SOP bypass, postMessage, RCE, Browser extension hacking - Eugene Lim (@spaceraccoonsec) - 2024-07-07
17 How I Discovered Authentication Bypass That Blocks Users from Accessing the Website ? Application-level DoS, Privilege escalation - Mohamed Sayed (@Sayed_v2) - 2024-07-04
18 SSD Advisory – Foscam R4M UDTMediaServer Buffer Overflow Buffer Overflow, Memory corruption, Security code review Foscam Yoseop Kim - 2024-07-04
19 Dumping LSA secrets: a story about task decorrelation EDR bypass, Windows, Internal pentest, Red team - Aurélien Chalot (@Defte_) $ 2024-07-03
20 A story of a nice SSRF vulnerability. SSRF, DNS rebinding - oXnoOneXo, Ahmed Elmorsi (@0Xhunterx) $500 2024-07-03
21 From AngularJS CSTI to credentials theft CSTI - Bartłomiej Bergier (@_bergee_) - 2024-07-03
22 Exploiting Client-Side Path Traversal to Perform Cross-Site Request Forgery - Introducing CSPT2CSRF Client-side Path Traversal, CSRF - Maxence Schmitt (@maxenceschmitt) - 2024-07-02
23 Github Actions Exploitation: Untrusted Input CI/CD, Supply chain attack, Security code review Microsoft, Excalidraw, FreeRDP, Angular, AutoGPT, Ant-Design, Cypress, Apache Doris Hugo Vincent (@hugow_vincent) - 2024-07-02
24 The Dark Side of Contact Forms: How I Identified 7 CVEs in WordPress Plugins Blind XSS, Stored XSS, HTML injection Wordfence Pedro Paniago (@dropn0w) $2,500 2024-07-02
25 CVE-2024-29510 – Exploiting Ghostscript using format strings RCE, Format string vulnerability, Memory corruption Ghostscript Thomas Rinsma (@thomasrinsma) - 2024-07-02