| AEM Bug in Adobe |
|
|
|
| Holiday Hunting With Aquatone |
|
|
|
| The Silent Spy Among Us: Modern Attacks Against Smart Intercoms |
|
|
|
| Unauthorized Access To Admin Panel via Swagger |
|
|
|
| Unauthenticated GraphQL Introspection and API calls |
|
|
|
| Exploit Airlines that use T-Mobile for Free WiFi |
|
|
|
| Assumed Breach Assessment Case Study: Uncovering WeSecureApp’s Approach |
|
|
|
| Information disclosure or GDPR breach? A Google tale… |
|
|
|
| Pre-Auth RCE in Aspera Faspex: Case Guide for Auditing Ruby on Rails |
|
|
|
| Unprotected API endpoint at HAwebsso.nl leads to data leak of +15k medical doctor usernames & password hashes |
|
|
|
| Legally hacking a Government Satellite? |
|
|
|
| Missing Authentication in ZKTeco ZEM/ZMM Web Interface |
|
|
|
| Compromising a Backup System by iSCSI Interface During a Routine Penetration Test |
|
|
|
| Orange Arbitrary Command Execution |
|
|
|
| Hacking My Helium Crypto Miner |
|
|
|
| My findings on Hack U.S Program |
|
|
|
| How a Port scan got me Nokia Hall of Fame |
|
|
|
| Monitoring Linux host metrics with the Node Exporter information disclosure $350 |
|
|
|
| Hacking Zyxel IP cameras to gain a root shell |
|
|
|
| How I got into the United Nations’ Hall of Fame |
|
|
|
| Story of 5000$ bounty for Grafana Panel Access in Apple |
|
|
|
| From Shodan to RCE: That one time I hacked a Fortune 500 company. |
|
|
|
| Good things takes time | Story of my first “valid” critical bug! |
|
|
|
| Microsoft accidentally exposed their private Xbox game developer forums |
|
|
|
| From Google Dorking to Information Disclosure |
|
|
|
writeups.xyz
/
Missing Authentication