Friday, December 13, 2019
Posted by Editorial_Staff_Team
Reader's rate:
5
Whitehat Hackers in Aktion discover Kiosk Escape... + continue reading
Saturday, November 23, 2019
Posted by Editorial_Staff_Team
Reader's rate:
5
Last month, security researcher and founder of the vulnerability lab Benjamin Kunz Mejri discovered a new Microsoft Skype vulnerability. The problem has a local and a remote attack vector that can be exploited. Surprisingly, the way the attack takes place is via the client infrastructure to an... + continue reading
Monday, September 9, 2019
Posted by Editorial_Staff_Team
Reader's rate:
5
Undocumented Telnetd... + continue reading
Monday, September 2, 2019
Posted by Editorial_Staff_Team
Reader's rate:
5
GPSRP pays researchers for reporting abusiv google playstore apps Adam Bacchus, Sebastian Porst, and Patrick Mutchler  of the  Android Security... + continue reading
Friday, August 9, 2019
Posted by Editorial_Staff_Team
Reader's rate:
5
Apple Updates Bug Bounty Program Q4 In recent years, Apple and the company around cupertino have received massive criticism about the current Bug Bounty program. Among other things, well-known security researchers from the scene have criticized Apple for a faulty program, which attracts others but... + continue reading
Thursday, March 7, 2019
Posted by Editorial_Staff_Team
Reader's rate:
5
Telekom Magenta Musik 360 - CERT Coordinates The videos shows the reproduce for the german telekom in a new service they did publish in 2019 Q1. The vulnerabilities are persistent and non-persistent cross site scripting issues within the front / backend of the online service. Remote attackers... + continue reading
Friday, February 15, 2019
Posted by Editorial_Staff_Team
Reader's rate:
5
Internation Bug Bounty Program to PenTest E-Voting System The federal government of switzerland offers hackers who can uncover vulnerabilities, privacy issues or simple bugs in its e-voting system up to 44,000 euros. International White Hat or ethics hackers are given the opportunity to... + continue reading
Monday, December 24, 2018
Posted by Editorial_Staff_Team
Reader's rate:
5
Yes, we did it again! Due to the last few years we have discovered several problems that bypass the password protection mechanism of ios. In recent weeks we have discovered a new problem affecting the latest ios versions 12.1 and 12.1.1.1. The vulnerability allows password protection to be... + continue reading
Friday, November 16, 2018
Posted by Editorial_Staff_Team
Reader's rate:
5
Open Redirect in Microsoft BingPlaces Business uncovered Security researchers of the vulnerability laboratory uncovered this week an open redirect vulnerability in the famous microsoft bingplaces business web-application. The issue allows to redirect users by client-side get method request to... + continue reading

Featured Cooperative Security Articles

Friday, 13/12/19 - 0 comment(s)
Whitehat Hackers in Aktion discover Kiosk Escape... + continue reading
Saturday, 23/11/19 - 2 comment(s)
Last month, security researcher and founder of the vulnerability lab Benjamin Kunz Mejri discovered a new Microsoft Skype vulnerability. The problem has a local and a remote attack vector that can be exploited. Surprisingly, the way the attack takes place is via the client infrastructure to an export function for an older version of Skype.... + continue reading

VULNERABILITIES & BUGS

Saturday, 23/11/19 - 2 comment(s)
Last month, security researcher and founder of the vulnerability lab Benjamin Kunz Mejri discovered a new Microsoft Skype vulnerability. The problem has a local and a remote attack vector that can be... + continue reading

BEST SECURITY VIDEOS

Thursday, 07/03/19 - 1 comment(s)
Telekom Magenta Musik 360 - CERT Coordinates The videos shows the reproduce for the german telekom in a new service they did publish in 2019 Q1. The vulnerabilities are persistent and non-... + continue reading

LAB MAGAZINE ISSUES

Wednesday, 12/03/14 - 1 comment(s)
Vulnerability Magazine Welcome to the Vulnerability Magazine! The the vulnerability magazine, publishes the latest vulnerabilities and security informations from our laboratory infrastructure.... + continue reading

IT-SECURITY EVENTS

Friday, 24/11/17 - 2 comment(s)
Legendary free speech - You are the Key! In the last weeks we got invited to the very famous JBFone Conference organized by the Fiducia & GAD IT AG. The Fiducia & GAD IT AG is a public... + continue reading
Fri
16
Nov
Editorial_Staff_Team's picture

Microsoft BingPlaces Business - (url) Redirect Vulnerability

Open Redirect in Microsoft BingPlaces Business uncovered

Security researchers of the vulnerability laboratory uncovered this week an open redirect vulnerability in the famous microsoft bingplaces business web-application. The issue allows to redirect users by client-side get method request to external malformed or malicious sources.

The open redirect security vulnerability is located in the `url` parameter of the `TrackEmailOpen` function in the `StatsTracker` module. The `url` parameter has no restriction to the requested url content. Remote attackers are able to redirect client-side get method requests because of a non restricted url parameter. The attack vector of the vulnerability is non-persistent and the request method to execute is get. The vulnerability is a classic open redirect web vulnerability.

Vulnerable Module(s):
[+] StatsTracker

Mon
20
Aug
Editorial_Staff_Team's picture

Google Expands Vulnerability Reward Program - Combat Platform Abuse in 2018

Google Expands Existing Bug Bounty Program in 2018

Google now wants to reward security researchers who are able to report methods of misuse of googles product series.

Google has expanded its bug bounty program to include rewards that go beyond reporting specific vulnerabilities. Security researchers now also get rewards when they report methods and techniques that hackers could use to abuse google products and services.

This could be a starting point for enumeration attacks, compromises or a way to circumvent security mechanisms, google employees explains in a blog entry. Rewards of up to $5,000 are waiting researchers on valid submits. In a more detailed blog post the google security team explains about the extended bug bounty program conditions of the program.

Pages

Subscribe to Vulnerability Magazine - Bug Bounties, Acknoweldgements & Security Research RSS