Tuesday, May 16, 2017
Posted by Editorial_Staff_Team
Reader's rate:
5
PayPal Inc - New Scope & Program Guidelines It was a bit silent around the independent paypal inc bug bounty program within the last year, because the developers were silently programming and designing new stable updates. Today in the morning the paypal inc company announced several new... + continue reading
Tuesday, January 3, 2017
Posted by Editorial_Staff_Team
Reader's rate:
4.142855
Telekom Cloud - MyworkPlace Business Frontend & Backend Vulnerabilities Researchers of the vulnerability laboratory core team discovered multiple persistent cross site scripting web vulnerabilities to the telekom cert team in mid december 2016. The security vulnerabilities was located in... + continue reading
Friday, December 23, 2016
Posted by Editorial_Staff_Team
Reader's rate:
3.76923
How Super Mario Run helped a Security Research to identify a Vulnerability In september we got the first information about the new notify function within the new iOS 10.x version. The new notify function was mainly a secret to all the users until november 2016. Apple did not revealed  how... + continue reading
Tuesday, November 15, 2016
Posted by Editorial_Staff_Team
Reader's rate:
4.5
New Cloud Services, High Severity Issues & Invitation Only In the last 6 years the public bug bounty program of barracuda networks helped to improve the security of their active product series. At the beginning the program was running independently but about 1 and  a half year ago the... + continue reading
Monday, November 14, 2016
Posted by Editorial_Staff_Team
Reader's rate:
5
US Military starts official "Hack the Army" Bug Bounty Program Due to the last days "Eric Fanning" secretary of the us army announced, that the new "Hack the Army" Bug Bounty Program will start soon. In 2016 the "Hack the Pentagon" Program was disclosing... + continue reading
Thursday, November 10, 2016
Posted by Editorial_Staff_Team
Reader's rate:
3.4
Adobe Connect v9.5.6 - (CVE-2016-7851) Persistent Cross Site Vulnerability About some month ago the pentester and security researcher Benjamin Kunz Mejri was pentesting for the adobe security department the actual upcoming "Connect" web services and web-application. Due to his active... + continue reading
Thursday, October 27, 2016
Posted by Editorial_Staff_Team
Reader's rate:
5
Wickr Inc Secret Messenger - Bug Bounty Program Vulnerabilities by Design Today we would like to talk about the security of the american secret messenger called "Wickr - Secret Messenger". The company of the product is located in the united states and encrypts messaging context with... + continue reading
Friday, October 14, 2016
Posted by Editorial_Staff_Team
Reader's rate:
4.333335
Mobidea - New Platforms & Mobile Applications in Scope Today we would like to present the security community a fresh and new partner "Mobidea" of our advanced network. Mobidea is a mobile programmatic affiliate network for media buyers and webmasters. The team of the... + continue reading
Monday, October 10, 2016
Posted by Editorial_Staff_Team
Reader's rate:
5
Facebook API v2.1 hit by RFC6749 Open Redirect Attack Vulnerability The vulnerability laboratory core team researcher "SaifAllah benMassaoud" discovered a zero-day RFC6749 Open Redirector Attack in Facebook API v2.1. The RFC6749 Open Redirector Attack vulnerability allows remote... + continue reading

Featured Cooperative Security Articles

Tuesday, 16/05/17 - 0 comment(s)
PayPal Inc - New Scope & Program Guidelines It was a bit silent around the independent paypal inc bug bounty program within the last year, because the developers were silently programming and designing new stable updates. Today in the morning the paypal inc company announced several new updates regarding the guidelines and scopes. The... + continue reading
Tuesday, 03/01/17 - 0 comment(s)
Telekom Cloud - MyworkPlace Business Frontend & Backend Vulnerabilities Researchers of the vulnerability laboratory core team discovered multiple persistent cross site scripting web vulnerabilities to the telekom cert team in mid december 2016. The security vulnerabilities was located in the new telekom cloud business service and... + continue reading

BUG BOUNTY ISSUES

Tuesday, 16/05/17 - 0 comment(s)
PayPal Inc - New Scope & Program Guidelines It was a bit silent around the independent paypal inc bug bounty program within the last year, because the developers were silently programming and... + continue reading

VULNERABILITIES & BUGS

BEST SECURITY VIDEOS

Tuesday, 25/08/15 - 0 comment(s)
PayPal Inc patched medium severity Cross Site Request Forgery Issue The independent and individual vulnerability laboratory researcher paresh parmar discovered during the participate in the... + continue reading

IT-SECURITY EVENTS

Tuesday, 05/07/16 - 0 comment(s)
Manchester City - Football Club hosts first Hackathon in July 2016 The city of football club ManchesterCity had organized a new event #HackMCFC, which will provide participants with access to... + continue reading
Fri
16
May
Editorial_Staff_Team's picture

Remote Code Execution Vulnerability discovered in Yahoo, Microsoft MSN & Orange - Bug Bounty Ebrahim Hegazy

Ebrahim Hegazy (Bug Bounty) - Remote Code Execution in Yahoo, Microsoft MSN & Orange

Today I will be talking about a “Unauthorized Admin Access” that led to “Remote Code Injection” on many domains of “Yahoo“, “Microsoft MSN“ and “Orange“.

Excited? Good, now let’s dive into the details.

During my researches in #Yahoo Bug Bounty Program, I found myself in a Yahoo.net domain:
http://mx.horoscopo.yahoo.net/ymx/
I tried to find the admin panel for that domain name, so I found myself in below page:
http://mx.horoscopo.yahoo.net/ymx/editor/

Thu
15
May
Editorial_Staff_Team's picture

PayPal Inc Bug Bounty - Researcher discovered filter bypass & persistent input validation issue 2014Q2

The famous pakistani vulnerability researcher and security consultant Ateeq ur Rehman Khan (vulnerability lab core team) discovered a high severity issue in the paypal shipping application api. PayPal MultiOrder Shipping (MOS) is a tool that helps eBay businesses save time by allowing them to print up to 50 US Postal Service shipping labels at a time directly from their PayPal accounts.

The vulnerability has been reported by Ateeq ur Rehman in 2013 Q4 via Vulnerability Laboratory to the official PayPal Inc bug bounty program. The program provides a responsible disclosure policy to individuals and researchers.

Mon
14
Apr
Editorial_Staff_Team's picture

German Telekom Bug Bounty Program - Scope changes! Exclude of 3 Bug Types

The official Telekom Bug Bounty Program announced since december 2013 that in 2014 the vulnerability scope guidlines became a persistent upgrade.

A lot of unauthorized individuals have submitted a lot of client-side cross site scripting vulnerabilities by usage of public security scanners software/scripts.

The reports overflowed the telekom program and as consequence a major update to change came up by exclude of several "small" attacks vectors.

They do not block to receive client-side cross site issues because they also need to patch them but the main scope has been changed to major security issues in 2014.

The german telekom decided to disallow to reward the following categories of bugs:

Pages

Subscribe to VULNERABILITY MAGAZINE - Bug Bounties, Acknoweldgements & Security Research RSS