Ian Carroll (@Iangcarroll)

Title	Vulnerabilities	Programs	Authors
Bypassing airport security via SQL injection	SQL Injection	Undisclosed	Ian Carroll (@Iangcarroll)
Leaked Secrets and Unlimited Miles: Hacking the Largest Airline and Hotel Rewards Platform	Path Traversal Authorization Bypass Hardcoded Credentials Weak Flask Session Secret Account Takeover	Points.com United Airlines Virgin	Ian Carroll (@Iangcarroll) Shubham Shah (@Infosec_au) Sam Curry (@Samwcyo)
Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More	Account Takeover SSO RCE Authorization Bypass SQL Injection Mass Assignment Information Disclosure	Kia Honda Infiniti Nissan Acura Mercedes-Benz Hyundai Genesis BMW Rolls Royce Ferrari Spireon Ford Reviver Porsche Toyota Jaguar Land Rover SiriusXM	Sam Curry (@Samwcyo) Neiko Rivera (@_Specters) Brett Buerhaus (@Bbuerhaus) Maik Robert (@XEHLE_) Ian Carroll (@Iangcarroll) Justin Rhinehart (@Sshell_) Shubham Shah (@Infosec_au)
Security concerns with the e-Tugra certificate authority	Default Credentials Exposed Registration Page	E-Tugra	Ian Carroll (@Iangcarroll)
Exploiting Redash instances with CVE-2021-41192	Privilege Escalation Session Management Issue SSRF	Undisclosed	Ian Carroll (@Iangcarroll) Tuan Anh Nguyen (@Haxor31337) Gal Nagli (@Naglinagli)
How MarkMonitor left >60,000 domains for the taking	Subdomain Takeover	Undisclosed	Ian Carroll (@Iangcarroll)
Exploiting outdated Apache Airflow instances	Session Management Issue	Undisclosed	Ian Carroll (@Iangcarroll)

Page 1 of 1