| Multiple vulnerabilities in UCOPIA <= 6.0.7 (CVE-2022-44719 / CVE-2022-44720) |
|
|
|
| Gaps in Azure Service Fabric’s Security Call for User Vigilance |
|
|
|
| AWS Chain Attack- Thousands of Vulnerable EKS Clusters |
|
|
|
| How a misconfigured Lotus Domino Server can lead to Disclosure of PII Data of Employees, Configuration Details about the Active Directory, etc |
|
|
|
| Ghost Sites: Stealing Data From Deactivated Salesforce Communities |
|
|
|
| AEM Bug in Adobe |
|
|
|
| A $1,000,000 bounty? The KuCoin User Information Leak |
|
|
|
| No Portals Needed |
|
|
|
| Exploits Explained: Permission misconfiguration within Salesforce JavaScript Remoting tokens used for Apex Controllers |
|
|
|
| How I got RCE in + 10 websites… |
|
|
|
| Microsoft Defender for Cloud Management Port Exposure Confusion |
|
|
|
| Multiple vulnerabilities in Nokia BTS Airscale ASIKA |
|
|
|
| Hacking Apple: Two Successful Exploits and Positive Thoughts on their Bug Bounty Program |
|
|
|
| Hacking our way into internal DBs with hardcoded authentication keys |
|
|
|
| A-Salt: attacking SaltStack |
|
|
|
| How we made $120k bug bounty in a year with good automation |
|
|
|
| Azure security — Internal recon leveraging lack of access control |
|
|
|
| API Misconfiguration - No Swag of SwaggerUI |
|
|
|
| Firebase Exploit bug bounty |
|
|
|
| Dodging OAuth origin restrictions for Firebase spelunking |
|
|
|
| Header spoofing via a hidden parameter in Facebook Batch GraphQL APIs |
|
|
|
| System misconfiguration is the number one vulnerability, at least for Mastodon |
|
|
|
| The Danger of Falling to System Role in AWS SDK Client |
|
|
|
| Complete take-over of Cisco Unified Communications Manager due consecutively misconfigurations |
|
|
|
| NotLegit: Azure App Service vulnerability exposed hundreds of source code repositories |
|
|
|
writeups.xyz
/
Security Misconfiguration