eval.blog

Tag: #Bug Bounty

To all tags

Stealing OAuth tokens of connected Microsoft accounts via open redirect in Harvest App

October 21, 2023 ◦ 4 min ◦

CraftCMS Zero-day Chain: XSS to SSTI triggering RCE

Public Disclosure of CVE-2021-27902 and CVE-2021-27903
July 29, 2021 ◦ 14 min ◦

FILTER_VALIDATE_URL bypass in PHP 8

July 16, 2021 ◦ 1 min ◦

Untrusted code execution in PHPMailer

July 10, 2021 ◦ 1 min ◦

active_url validation check bypass in Laravel

June 12, 2021 ◦ 1 min ◦

POP Gadget using function injection in RequiredIf

June 12, 2021 ◦ 1 min ◦

Code Execution via Cross Site Scripting in Tagspaces (A file manager)

June 11, 2021 ◦ 1 min ◦

Relative Path Traversal in Flarum using fake OAuth Provider

June 11, 2021 ◦ 1 min ◦

XSS in Unified Transform (A school management software)

May 18, 2021 ◦ 1 min ◦

Stored Cross Site Scripting in October CMS

April 3, 2021 ◦ 1 min ◦

Cross Site Scripting in digidocu

March 30, 2021 ◦ 1 min ◦

Unrestricted access to any "connected pack" in docs in coda.io

June 24, 2020 ◦ 1 min ◦

Account Takeover on unverified emails in File Sync & Share in Acronis

June 24, 2020 ◦ 1 min ◦

Open Redirect in Flattr

June 11, 2020 ◦ 1 min ◦