Friday, October 20, 2017
Posted by Editorial_Staff_Team
Reader's rate:
5
Google Play Store starts Bug Bounty Program for Apps Today the google security team announced to startup a new bug bounty program for the google play store android application. The program is open to random developers and chosen constituents of researchers. In a public blogpost the company... + continue reading
Friday, September 22, 2017
Posted by Editorial_Staff_Team
Reader's rate:
5
German security experts speech in front of 31,000 people The german security expert and ceo of the evolution security gmbh and founder of the vulnerability laboratory was invited as keynote speaker to the official internet security conference 2017 in beijing china. In 2017 the official topic of... + continue reading
Monday, August 14, 2017
Posted by Editorial_Staff_Team
Reader's rate:
5
Apple iOS v10.2 & v10.3 - SMS Reply & Answer Function During the last months we had setup a mobile forensic laboratory in our office to reproduce and uncover more new mobile zero-day vulnerabilities. Our first investigation was in a code lock functions of the settings - passcode module... + continue reading
Sunday, May 28, 2017
Posted by Editorial_Staff_Team
Reader's rate:
5
Stack Buffer Overflow Vulnerability in Skype v7.2, v7.35 & v7.36 Security researchers of the vulnerability laboratory core research team uncovered a critical vulnerability in skype v7.2, v7.35 & v7.36 for microsoft windows. The vulnerability was discovered during a team conference in... + continue reading
Tuesday, May 16, 2017
Posted by Editorial_Staff_Team
Reader's rate:
5
PayPal Inc - New Scope & Program Guidelines It was a bit silent around the independent paypal inc bug bounty program within the last year, because the developers were silently programming and designing new stable updates. Today in the morning the paypal inc company announced several new... + continue reading
Tuesday, January 3, 2017
Posted by Editorial_Staff_Team
Reader's rate:
4.25
Telekom Cloud - MyworkPlace Business Frontend & Backend Vulnerabilities Researchers of the vulnerability laboratory core team discovered multiple persistent cross site scripting web vulnerabilities to the telekom cert team in mid december 2016. The security vulnerabilities was located in... + continue reading
Friday, December 23, 2016
Posted by Editorial_Staff_Team
Reader's rate:
3.76923
How Super Mario Run helped a Security Research to identify a Vulnerability In september we got the first information about the new notify function within the new iOS 10.x version. The new notify function was mainly a secret to all the users until november 2016. Apple did not revealed  how... + continue reading
Tuesday, November 15, 2016
Posted by Editorial_Staff_Team
Reader's rate:
4.5
New Cloud Services, High Severity Issues & Invitation Only In the last 6 years the public bug bounty program of barracuda networks helped to improve the security of their active product series. At the beginning the program was running independently but about 1 and  a half year ago the... + continue reading
Monday, November 14, 2016
Posted by Editorial_Staff_Team
Reader's rate:
5
US Military starts official "Hack the Army" Bug Bounty Program Due to the last days "Eric Fanning" secretary of the us army announced, that the new "Hack the Army" Bug Bounty Program will start soon. In 2016 the "Hack the Pentagon" Program was disclosing... + continue reading

Featured Cooperative Security Articles

Friday, 20/10/17 - 0 comment(s)
Google Play Store starts Bug Bounty Program for Apps Today the google security team announced to startup a new bug bounty program for the google play store android application. The program is open to random developers and chosen constituents of researchers. In a public blogpost the company announced "The goal of the program is to further... + continue reading
Friday, 22/09/17 - 0 comment(s)
German security experts speech in front of 31,000 people The german security expert and ceo of the evolution security gmbh and founder of the vulnerability laboratory was invited as keynote speaker to the official internet security conference 2017 in beijing china. In 2017 the official topic of the internet security conference is as follows... + continue reading

BUG BOUNTY ISSUES

Friday, 20/10/17 - 0 comment(s)
Google Play Store starts Bug Bounty Program for Apps Today the google security team announced to startup a new bug bounty program for the google play store android application. The program is... + continue reading

BEST SECURITY VIDEOS

Tuesday, 25/08/15 - 0 comment(s)
PayPal Inc patched medium severity Cross Site Request Forgery Issue The independent and individual vulnerability laboratory researcher paresh parmar discovered during the participate in the... + continue reading

IT-SECURITY EVENTS

Friday, 22/09/17 - 0 comment(s)
German security experts speech in front of 31,000 people The german security expert and ceo of the evolution security gmbh and founder of the vulnerability laboratory was invited as keynote... + continue reading
Tue
06
Sep
Editorial_Staff_Team's picture

Critical Vulnerabilities in Sparkassen Bank Server discovered by Researchers

Critical Vulnerabilities in the Sparkassen Newsletter, Emails & Paydirect

The core research team of the vulnerability laboratory is helping the german sparkasse to identify new threats of security for the "finance informatik gmbh team" in frankfurt. During the last year we discovered several vulnerabilities in the bank infrastructure, which were silently patched but responsible and safe resolved case. Savings banks in german-speaking countries are called Sparkasse. They do work as commercial banks in a decentralized structure, that is connected on different points. Today we would like to talk about the last resolved security vulnerabilities in the official german sparkasse bank web infrastructure.

Sat
03
Sep
Editorial_Staff_Team's picture

Parse HTTP Host Header Attack - Redirect Bug

Parse HTTP Host Header Attack - Redirect Bug

The vulnerability laboratory core research team (SaifAllah benMassaoud) discovered a HTTP HOST Header attack (Injection & Redirection) via X-Forwarded-Host in the official Parse online service web-application. The host header can be changed to something outside the target domain and cause it to redirect to an attackers malicious site. The HTTP HOST Header attack (Injection & Redirection ) via X-Forwarded-Host vulnerability is located in the `/user_session/new/` and "/account/plan/" modules GET method request.
 
Mon
08
Aug
Editorial_Staff_Team's picture

Fortinet Patches Series of Remote Vulnerabilities in Appliance Products

Affected FortiManager, FortiAnalyzer, FortiVoice & FortiCloud

The Fortinet  company has released several security fixes and patches for different appliance products. The vulnerabilities was disclosed by the core research team of the vulnerability laboratory. The Fortinet Security Team coordinated with PSIRT multiple patches for all discovered issues for  the FortiManager, FortiAnalyzer, FortiVoice and FortiCloud appliance web-applications. Lets move deeper into to explain more about our new findings, locations and exploitation.

Pages

Subscribe to VULNERABILITY MAGAZINE - Bug Bounties, Acknoweldgements & Security Research RSS