Information Disclosure | writeups.xyz

Title	Vulnerabilities	Programs	Authors
PII at Your Fingertips: How I Stumbled Upon an Easy-to-Find Data Leakage Vulnerability @ Swisscom	Information Disclosure	Swisscom	Hussein Ayoub
Google Extensions (Awarded $18833.7)	RCE Information Disclosure SOP Bypass PostMessage XSS Universal XSS	Google Proton AG	NDevTK (@Ndevtk)
Privilege Escalation In Ibm Spectrum Virtualize	Privilege Escalation Information Disclosure	IBM	Wolfgang Ettlinger
Chained to hit: Discovering new vectors to gain remote and root access in SAP Enterprise Software	SAP Java RMI RCE JNDI Injection SQL Injection DoS SSRF Missing Authentication HTTP Header Injection Privilege Escalation Information Disclosure Memory Corruption	SAP	Pablo Artuso (@Lmkalg) Yvan Genuer
HackerOne redacted usernames disclosure in “Export as .pdf” feature	Information Disclosure	Undisclosed	Japz Divino (@Japzdivino)
Thirteen Years On: Advancing the Understanding of IIS Short File Name (SFN) Disclosure!	Information Disclosure	Undisclosed	Soroush Dalili (@Irsdl)
How I was Able To Bypass The Admin Panel	Information Disclosure Authentication Bypass	Undisclosed	Mohamed Ibrahim (@MOhamedd7w)
Major Security Flaws in Popular QuickBlox Chat And Video Framework Expose Sensitive Data Of Millions	IDOR Information Disclosure Authentication Bypass	QuickBlox	Amir Preminger Sharon Brizinov Itay Cohen Oleg Ilushin
[REL] A Journey Into Hacking Google Search Appliance	RCE Line Feed Injection Path Traversal Arbitrary File Read Information Disclosure Security Code Review	Google	DEVCORE (@D3vc0r3)
Recon only bugs are sweet!	Information Disclosure Local File Disclosure (LFD) Stored XSS Self-XSS VHost Misconfiguration	Undisclosed	Hazem Hussien (@_Bughunter)
Getting email address of any HackerOne user worth $7,500	Information Disclosure	HackerOne	Japz Divino (@Japzdivino)
How Abusing AWS CloudFormation Led to a Total Takeover of an AWS Environment	Cloud Information Disclosure Privilege Escalation Account Takeover	Undisclosed	Matthew Keeley (@Nightbanes)
How did I get 200$ with WordPress vulnerability!!!	Information Disclosure	Undisclosed	Nguhuynh
Laravel debug mode left on at Zouikwatzeggen.nl leaks admin credentials & potentially submitted reports of improper behaviour at Amsterdam University Medical Centers	Debug Mode Enabled Android Email Spoofing Information Disclosure	AmsterdamUMC	Jonathan Bouman (@JonathanBouman)
iOS App Pentesting and Security with Real-World Case Studies Part 2	IOS Hardcoded Credentials Information Disclosure	Undisclosed	Swaroop Yermalkar (@Swaroopsy)
Multiple Vulnerabilities in Fortra Globalscape EFT Administration Server [FIXED]	Out-of-Bounds Read Memory Corruption DoS Information Disclosure Credentials Sent Over Unencrypted Channel	Fortra (Globalscape)	Ron Bowes (@Iagox86)
How I Unveiled a Critical Vulnerability: Exposing All Buyers’ Invoices PII with a Single Trick	Information Disclosure Hardcoded API Keys	Undisclosed	Ayman
PII Data Leakage and US$1500 Bounty	Information Disclosure IDOR	Undisclosed	Ferferof (@Ferferof_)
Hunting for Bitwarden master passwords stored in memory	Information Disclosure Memory Leak Local Privilege Escalation	Bitwarden	Naz Markuta (@NazMarkuta)
How a misconfigured Lotus Domino Server can lead to Disclosure of PII Data of Employees, Configuration Details about the Active Directory, etc	Lotus Domino Security Misconfiguration Information Disclosure	Undisclosed	Aayush Vishnoi (@AayushVishnoi10)
Critical vulnerability on TP-Link service or how I got 0$	Account Verification Bypass IDOR Information Disclosure Account Takeover	TP-Link	Serj Novoselov (@Novoselov_s)
Find out the IP address through a call to Telegram…	Privacy Issue Information Disclosure	Telegram	Igor S. Bederov
Ericsson Sensitive Data Exposure via Trace.axd	Information Disclosure	Ericsson	David Sopas (@Dsopas)
Exposing iCloud user’s Name, phone numbers, and email addresses.	Information Disclosure	Apple (ICloud)	Renganathan (@IamRenganathan)
Why You Should Always Check The Audit Log [Medium] — $500	Information Disclosure	Undisclosed	Emanuel Beni Harijanto

Page 3 of 26