bug-bounty622
facebook468
xss316
google162
microsoft106
rce105
apple69
csrf61
web354
account-takeover54
writeup51
exploit43
sqli41
cve37
ssrf35
dos33
cloudflare33
malware30
privilege-escalation29
defi28
smart-contract-vulnerability25
node24
idor24
subdomain-takeover24
smart-contract23
clickjacking23
ethereum23
access-control21
vulnerability-disclosure21
browser20
auth-bypass20
lfi19
aws19
remote-code-execution18
docker17
reverse-engineering17
react17
cloud17
oauth16
cors16
race-condition16
info-disclosure15
solidity14
authentication-bypass14
phishing13
supply-chain13
wordpress12
denial-of-service11
delegatecall11
sql-injection11
0
bug-bounty
A critical remote code execution vulnerability was discovered in PayPal's manager.paypal.com through unsafe Java object deserialization in the 'oldFormData' parameter, exploitable via the Commons Collections gadget chain and ysoserial tool to execute arbitrary OS commands and access production databases. The vulnerability was reported in December 2015 and patched by PayPal's security team.
remote-code-execution
java-deserialization
unsafe-deserialization
object-deserialization
commons-collections
ysoserial
paypal
bug-bounty
web-application
post-parameter-injection
gadget-chain
arbitrary-command-execution
PayPal
manager.paypal.com
Michael Stepankin
artsploit
Chris Frohoff
Gabriel Lawrence
Mark Litchfield
FoxGlove Security
ysoserial
Commons Collections
0
bug-bounty
An IDOR vulnerability in Facebook's video poll feature allows attackers to delete polls from other users' videos by manipulating the deleted_poll_ids parameter in POST requests to the video editing endpoint.
idor
insecure-direct-object-references
authorization-bypass
facebook
web-application
video-poll
bug-bounty
parameter-manipulation
burpsuite
Dan Melamed
Facebook
Burpsuite