Wall Of Sheep

Target	Vulnerability	Date	Advisory
Chef/Knife	Yaml Deserialization	2024-08-29	https://snoopysecurity.github.io/posts/chef-unsafe-deserialization/
Hackney	URL Confusion	2024-05-22	https://security.snyk.io/vuln/SNYK-HEX-HACKNEY-6516131
@fluentui/styles	Prototype Pollution	2024-03-13	https://snyk.io/vuln/SNYK-JS-FLUENTUISTYLES-5708087
Cocoapods	Yaml Deserialization	2023-07-03	https://github.com/CocoaPods/CocoaPods/pull/11974
SMTPMail-drogon	SMTP Injection	2023-05-09	https://github.com/ihmc3jn09hk/SMTPMail-drogon#updates
Rancher	Command Arg Injection	2023-01-25	https://github.com/advisories/GHSA-34p5-jp77-fcrc
Snapd	Zip Traversal	2022-11-01	https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSNAPCORESNAPDOVERLORDSNAPSHOTSTATEBACKEND-3172910
SonicJS	Path Traversal	2022-10-10	https://nvd.nist.gov/vuln/detail/CVE-2022-42002
aiosmtplib	SMTP Injection	2022-09-14	https://security.snyk.io/vuln/SNYK-PYTHON-AIOSMTPLIB-3042406
smtp-client	SMTP Injection	2022-09-14	https://snoopysecurity.github.io/posts/avoiding-smtp-injection/
Email::MIME	SMTP Injection	2022-09-14	https://snoopysecurity.github.io/posts/avoiding-smtp-injection/
Net::SMTP	SMTP Injection	2022-09-14	https://snoopysecurity.github.io/posts/avoiding-smtp-injection/
async-zip	Zip Traversal	2022-01-05	https://gist.github.com/snoopysecurity/007503097536b557bc22a7ef24f4d11d
mevn-cli	DoS through Nested GraphQL Queries	2021-12-12	https://github.com/madlabsinc/mevn-cli/commit/5f88c24dfe9825349401a4c0b009f57ac31a9099
cypress	Insecure Electron Settings	2021-04-28	https://snyk.io/vuln/SNYK-JS-CYPRESS-1255446
OpenCATS	Object Injection	2021-03-19	https://nvd.nist.gov/vuln/detail/CVE-2021-25294
OpenCATS	Cross-site Scripting (XSS)	2021-03-19	https://nvd.nist.gov/vuln/detail/CVE-2021-25295
github.com/pterodactyl/wings/router/downloader	Server-side Request Forgery (SSRF)	2021-03-03	https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPTERODACTYLWINGSROUTERDOWNLOADER-1083290
iniparserjs	Prototype Pollution	2021-02-03	https://snyk.io/vuln/SNYK-JS-INIPARSERJS-1065989
@sdscoep/web-review	Arbitrary File Read	2021-01-20	https://snyk.io/vuln/SNYK-JS-SDSCOEPWEBREVIEW-1053230
inireader	Prototype Pollution	2021-01-20	https://snyk.io/vuln/SNYK-JS-INIREADER-1054843
rxdb	Prototype Pollution	2021-01-19	https://snyk.io/vuln/SNYK-JS-RXDB-1050985
@firebase/util	Prototype Pollution	2021-01-07	https://snyk.io/vuln/SNYK-JS-FIREBASEUTIL-1038324
browserless-chrome	Path Traversal	2020-12-15	https://snyk.io/vuln/SNYK-JS-BROWSERLESSCHROME-1023657
droppy	Path Traversal	2020-12-15	https://snyk.io/vuln/SNYK-JS-DROPPY-1023656
@tsed/core	Prototype Pollution	2020-12-02	https://snyk.io/vuln/SNYK-JS-TSEDCORE-1019382
lightning-server	Cross-site Scripting (XSS)	2020-12-02	https://snyk.io/vuln/SNYK-JS-LIGHTNINGSERVER-1019381
tiny-http	HTTP Request Smuggling	2020-06-16	https://github.com/tiny-http/tiny-http/issues/173
fine-uploader	Prototype Pollution	2020-06-09	https://snyk.io/vuln/SNYK-JS-FINEUPLOADER-585902
i18next	Prototype Pollution	2020-06-09	https://snyk.io/vuln/SNYK-JS-I18NEXT-585930
github.com/helm/helm/pkg/plugin/installer	Arbitrary File Write (Zip Slip)	2020-05-06	https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMHELMHELMPKGPLUGININSTALLER-572401
@uifabric/utilities	Prototype Pollution	2020-04-26	https://snyk.io/vuln/SNYK-JS-UIFABRICUTILITIES-571487
Workerman/Workerman	Improper Input Validation	2020-04-08	https://snyk.io/vuln/SNYK-PHP-WORKERMANWORKERMAN-569105
netius	HTTP Request Smuggling	2020-04-07	https://snyk.io/vuln/SNYK-PYTHON-NETIUS-569141
reel	HTTP Request Smuggling	2020-04-07	https://snyk.io/vuln/SNYK-RUBY-REEL-569135
meinheld	HTTP Request Smuggling	2020-04-07	https://snyk.io/vuln/SNYK-PYTHON-MEINHELD-569140
goliath	HTTP Request Smuggling	2020-04-07	https://snyk.io/vuln/SNYK-RUBY-GOLIATH-569136
agoo	HTTP Request Smuggling	2020-04-07	https://snyk.io/vuln/SNYK-RUBY-AGOO-569137
iodine	HTTP Request Smuggling	2020-04-07	https://snyk.io/vuln/SNYK-RUBY-IODINE-569134
benchmark.js	ReDoS	2020-03-27	https://github.com/bestiejs/benchmark.js/issues/229
utils-extend	ProtoType Pollution	2020-03-17	https://snyk.io/vuln/SNYK-JS-UTILSEXTEND-560385
markdown	ReDoS	2020-03-17	https://snyk.io/vuln/SNYK-JS-MARKDOWN-560793
vega-util	Prototype Pollution	2020-03-11	https://snyk.io/vuln/SNYK-JS-VEGAUTIL-559223
github.com/artdarek/go-unzip	Zip Traversal	2020-03-11	https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMARTDAREKGOUNZIP-559505
markdown-editor	Cross-site Scripting (XSS)	2020-03-11	https://snyk.io/vuln/SNYK-PYTHON-MARKDOWNEDITOR-559226
dojox	Prototype Pollution	2020-03-11	https://snyk.io/vuln/SNYK-JS-DOJOX-559225
dojo	Prototype Pollution	2020-03-11	https://snyk.io/vuln/SNYK-JS-DOJO-559224
utilitify	Prototype Pollution	2020-03-11	https://snyk.io/vuln/SNYK-JS-UTILITIFY-559497
github.com/yi-ge/unzip	Zip Traversal	2020-03-05	https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMYIGEUNZIP-559345
dariusiii/zipper	Zip Traversal	2020-02-25	https://snyk.io/vuln/SNYK-PHP-DARIUSIIIZIPPER-552163
madnest/madzipper	Zip Traversal	2020-02-25	https://snyk.io/vuln/SNYK-PHP-MADNESTMADZIPPER-552164
chumper/zipper	Zip Traversal	2020-02-25	https://snyk.io/vuln/SNYK-PHP-CHUMPERZIPPER-552162
codecov	Command Injection	2020-02-25	https://snyk.io/vuln/SNYK-PYTHON-CODECOV-552149
written	Cross-site Scripting (XSS)	2020-01-28	https://snyk.io/vuln/SNYK-RUBY-WRITTEN-548685
phppgadmin/phppgadmin	Cross-site Request Forgery (CSRF)	2020-01-07	https://snyk.io/vuln/SNYK-PHP-PHPPGADMINPHPPGADMIN-543885
im-metadata	Command Injection	2020-01-07	https://snyk.io/vuln/SNYK-JS-IMMETADATA-544184
verot/class.upload.php	Arbitary File Upload	2019-12-16	https://snyk.io/vuln/SNYK-PHP-VEROTCLASSUPLOADPHP-538304
enshrined/svg-sanitize	Sanitizer Bypass	2019-12-13	https://snyk.io/vuln/SNYK-PHP-ENSHRINEDSVGSANITIZE-536969
simplito/elliptic-php	Timing Attack	2019-12-11	https://snyk.io/vuln/SNYK-PHP-SIMPLITOELLIPTICPHP-534576
kubernetes-sigs/release-sdk	Git Arg Injection	TBD	https://hackerone.com/reports/1763704
objutil	ProtoType Pollution	TBD	https://snyk.io/vuln/SNYK-JS-OBJUTIL-559496
mquery	Prototype Pollution	TBD	https://snyk.io/vuln/SNYK-JS-MQUERY-1050858
node-ini	Prototype Pollution	TBD	https://snyk.io/vuln/SNYK-JS-NODEINI-1054844
suitecrm	Phar Deserialization	TBD	https://snyk.io/vuln/SNYK-PHP-JAKUBPASSUITECRM-1277522
comrak	Zip Traversal	TBD	https://snyk.io/vuln/SNYK-JS-CALIPSO-1300555
nestie	Prototype Pollution	TBD	https://snyk.io/vuln/SNYK-JS-NESTIE-1300518

Web Application Bug Bounty (2014-2016)

• HackerOne Profile
• Magix AG Hall of Fame
• AT&T Hall of Fame
• Checkpoint Hall of Fame
• Bosch Hall of Fame
• OLX Hall of Fame
• Nokia Hall of Fame
• Infosec Institute CTF Practical Web Hacking Hall of Fame
• OWASP Scripting Competition Winner