My research and contribution in infosec below is the glimpse of a few, start from 2016.
Bug Type: Authentication Flaw - 2017 & Privacy Violation - 2019
2. BBC
Bug Type: Account Takeover
3. Facebook (2017, 2018)
Bug Type: Authentication Flaw - 2017 & SSRF - 2018
4. ISC2 & Bugcrowd
Bug Type: Account Takeover
5. Parrot Sec, Kaspersky Lab, Department Of Defense, PuTTY [HackerOne]
Bug Type: Improper Session Management, DNS IP Leak, Memory leak.
6. RedHat & DELL
Bug Type: Cross-Site Scripting
7. Evernote
Bug Type: Directory traversal in Evernote for macOS
8. AT&T
Bug Type: Server Misconfiguration
9. Google
Bug Type: Android Webview Address bar spoofing
12. CVE-2019-10038 for Evernote
Local file inclusion
13. CVE-2019-12329 for DuckDuckGo
Address bar spoofing via setInterval.
14. CVE-2019-12477 for Supra Smart Cloud TV.
Remote file inclusion.
15. CVE-2019-16248 for Telegram
The "delete for" feature in Telegram before 5.11 on Android does not delete shared media files from the Telegram Images directory.
Bug Bounty.
1. Offensive Security (2017, 2019)Bug Type: Authentication Flaw - 2017 & Privacy Violation - 2019
2. BBC
Bug Type: Account Takeover
3. Facebook (2017, 2018)
Bug Type: Authentication Flaw - 2017 & SSRF - 2018
4. ISC2 & Bugcrowd
Bug Type: Account Takeover
5. Parrot Sec, Kaspersky Lab, Department Of Defense, PuTTY [HackerOne]
Bug Type: Improper Session Management, DNS IP Leak, Memory leak.
6. RedHat & DELL
Bug Type: Cross-Site Scripting
7. Evernote
Bug Type: Directory traversal in Evernote for macOS
8. AT&T
Bug Type: Server Misconfiguration
9. Google
Bug Type: Android Webview Address bar spoofing
Product Security.
1. CVE-2018-18334 from TrendMicro
Same origin policy bypass in Dr. Safety for Android (Consumer) browser.
2. CVE-2018-19825 from Opera (RESERVED)
Lack of filtering of certain HTTP headers could lead to fraudulent VAS activation via opera turbo servers.
3. CVE-2018-17780 from Telegram
Telegram for desktop leaks private and public IP address in P2P.
4. CVE-2018-6849 from DuckDuckGo
The browser can disclose a private IP address in a STUN request.
5. CVE-2018-2715 from Oracle
An attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition.
6. CVE-2017-17692 from Samsung (Was a 0day) [1]
Same origin policy bypass in Samsung browser.
7. CVE-2017-15084 (R7-2017-22) from Rapid7
The web UI in Rapid7 Metasploit was vulnerable to CSRF.
8. CVE-2017-6328 from Symantec
The Symantec messaging gateway was vulnerable to CSRF.
9. CVE-2016-10405 from DLink
Session hijack in D-Link DIR-600L routers.
10. CVE-2019-0186 from Apache
Stored XSS in Apache Pluto.
11. CVE-2019-11879 from Ruby WEBrick (Disputed)
Path traversal in WEBrick via a symlink
10. CVE-2019-0186 from Apache
Stored XSS in Apache Pluto.
11. CVE-2019-11879 from Ruby WEBrick (Disputed)
Path traversal in WEBrick via a symlink
12. CVE-2019-10038 for Evernote
Local file inclusion
13. CVE-2019-12329 for DuckDuckGo
Address bar spoofing via setInterval.
14. CVE-2019-12477 for Supra Smart Cloud TV.
Remote file inclusion.
15. CVE-2019-16248 for Telegram
The "delete for" feature in Telegram before 5.11 on Android does not delete shared media files from the Telegram Images directory.
and many more ...
Fuzzing.
1. CVE-2018-11396 for epiphany browser
Denial of service (application crash) via JavaScript code that triggers access to access to a NULL URI
2. CVE-2018-11646 for epiphany browser
Mishandle an unset pageURL, leading to an application crash
3. CVE-2019-6439 for wolfSSL
Heap-based buffer overflow
4. CVE-2019-8375 for WebKit
DoS, buffer-overflow or possibly have unspecified other impacts
5. CVE-2019-6498 for GattLib 0.2
Stack Buffer Overflow
6. CVE-2018-18957 for libiec61850
5. CVE-2019-6498 for GattLib 0.2
Stack Buffer Overflow
6. CVE-2018-18957 for libiec61850
Stack-based buffer overflow
7. CVE-2018-3123 for Oracle MySQL
Unauthenticated access to MySQL Server (This issue was identified while source code review in libmysqld)
8. CVE-2019-16088 for Xpdf
Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc
9. CVE-2019-16249 for opencv
OpenCV 4.1.1 has an out-of-bounds read in hal_baseline::v_load in core/hal/intrin_sse.hpp when called from computeSSDMeanNorm in modules/video/src/dis_flow.cpp.
10. CVE-2019-17064 for Xpdf
Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor.
11. CVE-2019-20079 in VIM
The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory. (UAF)
12. nullptr dereference in VIM
7. CVE-2018-3123 for Oracle MySQL
Unauthenticated access to MySQL Server (This issue was identified while source code review in libmysqld)
8. CVE-2019-16088 for Xpdf
Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc
9. CVE-2019-16249 for opencv
OpenCV 4.1.1 has an out-of-bounds read in hal_baseline::v_load in core/hal/intrin_sse.hpp when called from computeSSDMeanNorm in modules/video/src/dis_flow.cpp.
10. CVE-2019-17064 for Xpdf
Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor.
11. CVE-2019-20079 in VIM
The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory. (UAF)
12. nullptr dereference in VIM
Opensource Contribution.
1. SQLMap
Wrote a module in WAF detection for IBM Webseal.
2. Emipre
Added support for "Host-Recon" module in Empire.
3. Metasploit
Wrote multiple modules in MSF start from auxiliary scanners to privilege escalation such as (CVE-2018-8120)- A Win32k Elevation of Privilege Vulnerability
4. CrackMapExec
Added support for "Get-ComputerDetails" module in CrackMapExec.
5. SpiderFoot
Wrote a module which queries the unofficial HackerOne disclosure timeline database to see if our target appears.
0 coment�rios:
Post a Comment