Jump to content
Sign in to follow this  
kandykidd

Top 25 RCE Bug Bounty Reports

Recommended Posts

Top 25 RCE Bug Bounty Reports

The reports were disclosed through the HackerOne platform and were selected according to their upvotes, bounty, severity level, complexity, and uniqueness.

#1

Title: Potential pre-auth RCE on Twitter VPN

Company: Twitter

Bounty: $20,160

Link: https://hackerone.com/reports/591295

#2

Title: RCE on Steam Client via buffer overflow in Server Info

Company: Valve

Bounty: $18,000

Link: https://hackerone.com/reports/470520

#3

Title: Struct type confusion RCE

Company: Shopify

Bounty: $18,000

Link: https://hackerone.com/reports/181879

#4

Title: Malformed .BSP Access Violation in CS:GO can lead to Remote Code Execution

Company: Valve

Bounty: $12,500

Link: https://hackerone.com/reports/351014

#5

Title: Git flag injection — local file overwrite to remote code execution

Company: GitLab

Bounty: $12,000

Link: https://hackerone.com/reports/658013

#6

Title: Remote Code Execution on www.semrush.com/my_reports on Logo upload

Company: SEMrush

Bounty: $10,000

Link: https://hackerone.com/reports/403417

#7

Title: Panorama UI XSS leads to Remote Code Execution via Kick/Disconnect Message

Company: Valve

Bounty: $9,000

Link: https://hackerone.com/reports/631956

#8

Title: RCE using bash command injection on /system/images (toimitilat.lahitapiola.fi)

Company: LocalTapiola

Bounty: $6,800

Link: https://hackerone.com/reports/303061

#9

Title: Remote Code Execution at http://tw.corp.ubnt.com

Company: Ubiquiti Inc.

Bounty: $5,000

Link: https://hackerone.com/reports/269066

#10

Title: Adobe Flash Player Regular Expression UAF Remote Code Execution Vulnerability

Company: Flash (IBB)

Bounty: $5,000

Link: https://hackerone.com/reports/139879

#11

Title: RCE by command line argument injection to `gm convert` in `/edit/process?a=crop`

Company: Imgur

Bounty: $5,000

Link: https://hackerone.com/reports/212696

#12

Title: RCE and Complete Server Takeover of http://www.█████.starbucks.com.sg/

Company: Starbucks

Bounty: $4,000

Link: https://hackerone.com/reports/502758

#13

Title: [ RCE ] Through stopping the redirect in /admin/* the attacker able to bypass Authentication And Upload Malicious File

Company: Mail.ru

Bounty: $4,000

Link: https://hackerone.com/reports/683957

#14

Title: Blind SQLi leading to RCE, from Unauthenticated access to a test API Webservice

Company: Starbucks

Bounty: $4,000

Link: https://hackerone.com/reports/592400

#15

Title: Attention! Remote Code Execution at http://wpt.ec2.shopify.com/

Company: Shopify

Bounty: $3,000

Link: https://hackerone.com/reports/73567

#16

Title: Unchecked weapon id in WeaponList message parser on client leads to RCE

Company: Valve

Bounty: $3,000

Link: https://hackerone.com/reports/513154

#17

Title: Drupal 7 pre auth sql injection and remote code execution

Company: The Internet Bug Bounty Program

Bounty: $3,000

Link: https://hackerone.com/reports/31756

#18

Title: RCE via ssh:// URIs in multiple VCS

Company: The Internet Bug Bounty Program

Bounty: $3,000

Link: https://hackerone.com/reports/260005

#19

Title: Remote Code Execution on Git.imgur-dev.com

Company: Imgur

Bounty: $2,500

Link: https://hackerone.com/reports/206227

#20

Title: GMP Deserialization Type Confusion Vulnerability [MyBB <= 1.8.3 RCE Vulnerability]

Company: PHP (IBB)

Bounty: $1,500

Link: https://hackerone.com/reports/198734

#21

Title: Old WebKit HTML agent in Template Preview function has multiple known vulnerabilities leading to RCE

Company: Lob

Bounty: $1,500

Link: https://hackerone.com/reports/520717

#22

Title: Remote code execution using render :inline

Company: Ruby on Rails

Bounty: $1,500

Link: https://hackerone.com/reports/113928

#23

Title: RCE which may occur due to `ActiveSupport::MessageVerifier` or `ActiveSupport::MessageEncryptor` (especially Active storage)

Company: Ruby on Rails

Bounty: $1,500

Link: https://hackerone.com/reports/473888

#24

Title: Remote code execution on rubygems.org

Company: RubyGems

Bounty: $1,500

Link: https://hackerone.com/reports/274990

#25

Title: WordPress SOME bug in plupload.flash.swf leading to RCE

Company: Automattic

Bounty: $1,337

Link: https://hackerone.com/reports/134738

Bonus: 10 Zero Dollars RCE Reports

#1 Bonus

Title: Read files on application server, leads to RCE

Company: GitLab

Bounty: $0

Link: https://hackerone.com/reports/178152

#2 Bonus

Title: XXE in DoD website that may lead to RCE

Company: U.S. D.o.D.

Bounty: $0

Link: https://hackerone.com/reports/227880

#3 Bonus

Title: Remote Code Execution (RCE) in a DoD website

Company: U.S. D.o.D.

Bounty: $0

Link: https://hackerone.com/reports/248116

#4 Bonus

Title: Remote Unrestricted file Creation/Deletion and Possible RCE.

Company: Twitter

Bounty: $0

Link: https://hackerone.com/reports/191884

#5 Bonus

Title: RCE on via CVE-2017–10271

Company: U.S. D.o.D.

Bounty: $0

Link: https://hackerone.com/reports/576887

#6 Bonus

Title: Ability to access all user authentication tokens, leads to RCE

Company: GitLab

Bounty: $0

Link: https://hackerone.com/reports/158330

#7 Bonus

Title: Remote Code Execution via Extract App Plugin

Company: Nextcloud

Bounty: $0

Link: https://hackerone.com/reports/546753

#8 Bonus

Title: Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://███

Company: U.S. D.o.D.

Bounty: $0

Link: https://hackerone.com/reports/678496

#9 Bonus

Title: Remote Code Execution in Rocket.Chat Desktop

Company: Rocket.chat

Bounty: $0

Link: https://hackerone.com/reports/276031

#10 Bonus

Title: [npm-git-publish] RCE via insecure command formatting

Company: Node.js third-party modules

Bounty: $0

Link: https://hackerone.com/reports/730121

Source

  • Upvote 3

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...