Eaton Z. (@XeEaton) | writeups.xyz

Title	Vulnerabilities	Programs	Authors
How 1 Exposed Honeywell API Gave us Control Over an Internal Engineering System	Missing Authentication Information Disclosure Broken Authorization Account Takeover	Honeywell	Eaton Z. (@XeEaton)
Plug Security Holes in React Apps That Can Lead to API Exploitation	SSO JWT Broken Authentication Missing Authentication	Siemens	Eaton Z. (@XeEaton)
Hacking into a Toyota/Eicher Motors insurance company by exploiting their premium calculator website	Information Disclosure Android Missing Authentication	Toyota	Eaton Z. (@XeEaton)
CVE-2023-6483: Improper/missing API authentication in ADiTaaS v5.1	Missing Authentication Broken Access Control	ADiTaaS	Eaton Z. (@XeEaton)
Tapping into a telecommunications company’s office cameras	Missing Authentication Privacy Issue	Undisclosed	Eaton Z. (@XeEaton)
Compromising Honda’s power equipment / marine / lawn & garden dealer eCommerce platform through a vulnerable password reset API	Password Reset Broken Access Control Account Takeover	Honda	Eaton Z. (@XeEaton)
Insecure Toyota CRM exposed Mexican customer information	Authentication Bypass	Toyota	Eaton Z. (@XeEaton)
Hacking into Toyota’s global supplier management network	Authentication Bypass Backdoor	Toyota	Eaton Z. (@XeEaton)
Hacking into the worldwide Jacuzzi SmartTub network	SPA Android JWT Privilege Escalation Mass Assignment	Jacuzzi Group SmartTub	Eaton Z. (@XeEaton)
Microsoft accidentally exposed their private Xbox game developer forums	Missing Authentication	Microsoft (Xbox)	Eaton Z. (@XeEaton)
An experience with Daimler’s vulnerability reporting program	Information Disclosure	Daimler	Eaton Z. (@XeEaton)

Page 1 of 1