Full Passcode bypass on Nextcloud App iOS
Nextcloud bugbounty CVE-2023-28647
It’s possible to fully access the user’s nextcloud files on Nextcloud App iOS by using the Files app on iPhone.
Ability to read any emails through IDOR on Nextcloud Mail
Nextcloud bugbounty CVE-2023-25160
An attacker can access the mail box by ID getting the subjects and the first characters of the emails.
Messages can still be seen on conversation after expiring when cron is misconfigured
Nextcloud bugbounty CVE-2023-26041
Nextcloud talk has a feature called Message Expiration, Chat messages can be expired after a certain time. In order for messages to be removed from the database, the cron jobs need to be executed. However what would be the failover if in some cases the cron did not execute?
Ability to control the filename when uploading a logo or favicon on theming
Nextcloud bugbounty CVE-2023-28833
When uploading a logo or favicon the filename can be controlled by attacker since the key can be modified which serves as the filename.
Passcode bypass on Talk Android app
Nextcloud bugbounty CVE-2023-22473
It is possible to bypass the passcode protection in nextcloud android talk by clicking the notification of a message.
File and Chat disclosure by calling the device while its in locked state
Nextcloud bugbounty CVE-2021-41181
Talk app allows access to sensitive chat messages on lockscreen during a call
Nextcloud Talk ObjectId in share location can be set to open arbitrary URL or Deeplinks
Nextcloud bugbounty CVE-2021-41180
It is possible to control the geolocation preview in the Nextcloud Talk app to point to a domain or deeplink which results to open-redirect.
Sophos Secure Workspace App Password Bypass using Race Condition
Sophos bugbounty race condition Sophos Secure Workspace CVE-2021-36808
A race condition in Sophos Secure Workspace (Android) version 9.7.3081 that bypassed the App Password.
Breaking the Doors: Paypal 2-Factor Bypass
Paypal bugbounty Two Factor Authentication Bypass Paypal 2FA Bypass
Two-Factor Authentication bypass on Paypal
404 Not Found: Vulnerability Disclosure in the Philippines
Opinion Vulnerability Disclosure Philippines
We could have avoided the biggest data breaches in the country if there is a platform or channel where Security Researchers can report Vulnerabilities, frankly we don’t have one.
Wordpress CVE-2020-12832 Path Traversal
WordPress Plugin Simple File List is prone to a vulnerability that lets attackers delete arbitrary files because the application fails to properly verify user-supplied input.
Non-Verified User can Submit Report,View Disclosed Reports | Secuna bug bounty
I was able to find a bug that lets me submit report,edit profile and view disclosed reports in secuna while using a rejected or non-verified account.
Exposed S3 Credentials of QuadX
quadx vdp hardcoded credentials
I found a exposed sensitive credential in the website and was able to access the Amazon S3 Bucket of Paylink, One of the digital platforms of QuadX. This allowed me to retrieve, upload and remove all files in the S3 Bucket.
Rootcon CTF 2019 | Kahl Dereta Write Up
rootcon Capture The Flag
The First Time CTF Experience with Jonelle H. Castañeda and Aeruc Maquilang was Really Good! Hats off to Pwn De Manila for Organizing this awesome Capture the Flag at Rootcon 13.
Insufficient Rate Limitting on Facebook Fundraisers
facebook bugbounty Insufficient Rate Limit
Facebook Fundraisers Lacks Rate Limiting Protection. Malicious actors can bruteforce this by sending different random credit or debit card numbers.
Nextcloud android bbp
Some basic HTML tags were rendered as Markup in directory names.
vlc ios vdp
A local, authenticated attacker can bypass the passcode in the VideoLAN VLC media player app before 3.1.5 for iOS by opening a URL and turning the phone.