Monday, July 23, 2018
Posted by Editorial_Staff_Team
Reader's rate:
4.5
Mozilla's New ASan Nightly Build Project Bug Bounty Program 2018 A new solution of the Nightly Build was opened with a bug bounty program from Mozilla Corporation in the last days. With a special variant of the Nightly Builds of the Firefox browser, users can search for memory errors... + continue reading
Thursday, July 19, 2018
Posted by Editorial_Staff_Team
Reader's rate:
3.75
Vulnerability Affecting Main Lead Database of Adobe Systems Within the last years the vulnerability lab core research team and individuals around the lab infrastructure discovered a lot of zero-day vulnerabilities to the psirt team of adobe system. More and more issues was resolved during the... + continue reading
Wednesday, July 18, 2018
Posted by Editorial_Staff_Team
Reader's rate:
5
Microsoft Starts New & Unique Identity Bug Bounty Program Today the microsoft corporation started a new bug bounty program for the microsoft online identity server technology. To further increase the safety of its customers, the tech giant has launched a completely new and independent bug... + continue reading
Wednesday, July 11, 2018
Posted by Editorial_Staff_Team
Reader's rate:
5
New HackRF Case Available (ABS & PLA) HackRF One first version is part of great scott gadgets which is a software defined radio peripheral capable of transmission or reception of radio signals from 1 MHz to 6 GHz. The HackRF One can send and receive almost any radio signal. This allows... + continue reading
Thursday, July 5, 2018
Posted by Editorial_Staff_Team
Reader's rate:
5
AT&T BizCircle - Frontend & Backend Vulnerabilities Last month, researchers in our laboratory conducted in-depth safety tests on the AT&T BizCircle Platform. This has identified a number of security holes that AT&T has now eliminated. The core researchers in the laboratory go... + continue reading
Tuesday, March 13, 2018
Posted by Editorial_Staff_Team
Reader's rate:
5
Bug Bounty Program increases payments for researchers in 2018 Today in the morning the paypal inc bug bounty program updated again within one month the official bug bounty program conditions. The newst update of j.p. morgan increases the payment amounts to a new stage for participating security... + continue reading
Tuesday, February 27, 2018
Posted by Editorial_Staff_Team
Reader's rate:
5
PayPal Inc - Venmo Bug Bounty Program Today in the morning paypal inc announced its newst updates of the bug bounty program. The new service is called "Venmo" and became to today official part of the bug bounty program. For the program the official terms and process for submitting... + continue reading
Saturday, February 24, 2018
Posted by Editorial_Staff_Team
Reader's rate:
5
Intel Bug Bounty Program for Public Researchers Intel decided latly after the incident of the last year with meltdown, spectre and other security issues that the bug bounty program will expand and be opened to other international security researchers. The upcoming updates are announced in a web... + continue reading
Monday, January 29, 2018
Posted by Editorial_Staff_Team
Reader's rate:
3.6
Banknotes Misproduction security & biometric weakness In the last months vulnerability lab team reviewed the new 20€ & 50€ banknotes of the european central bank. One of our core team researchers identified that for the security sign of the holograms are different components in... + continue reading

Featured Cooperative Security Articles

Monday, 23/07/18 - 0 comment(s)
Mozilla's New ASan Nightly Build Project Bug Bounty Program 2018 A new solution of the Nightly Build was opened with a bug bounty program from Mozilla Corporation in the last days. With a special variant of the Nightly Builds of the Firefox browser, users can search for memory errors completely automatically. Mozilla even wants to... + continue reading
Thursday, 19/07/18 - 0 comment(s)
Vulnerability Affecting Main Lead Database of Adobe Systems Within the last years the vulnerability lab core research team and individuals around the lab infrastructure discovered a lot of zero-day vulnerabilities to the psirt team of adobe system. More and more issues was resolved during the time from 2012 since 2018. The uncovered... + continue reading

TOP SECURITY STORIES

Monday, 23/07/18 - 0 comment(s)
Mozilla's New ASan Nightly Build Project Bug Bounty Program 2018 A new solution of the Nightly Build was opened with a bug bounty program from Mozilla Corporation in the last days. With a... + continue reading

BUG BOUNTY ISSUES

Wednesday, 18/07/18 - 0 comment(s)
Microsoft Starts New & Unique Identity Bug Bounty Program Today the microsoft corporation started a new bug bounty program for the microsoft online identity server technology. To further... + continue reading

VULNERABILITIES & BUGS

BEST SECURITY VIDEOS

Tuesday, 25/08/15 - 0 comment(s)
PayPal Inc patched medium severity Cross Site Request Forgery Issue The independent and individual vulnerability laboratory researcher paresh parmar discovered during the participate in the... + continue reading

LAB MAGAZINE ISSUES

Wednesday, 12/03/14 - 1 comment(s)
Vulnerability Magazine Welcome to the Vulnerability Magazine! The the vulnerability magazine, publishes the latest vulnerabilities and security informations from our laboratory infrastructure.... + continue reading

IT-SECURITY EVENTS

Friday, 24/11/17 - 1 comment(s)
Legendary free speech - You are the Key! In the last weeks we got invited to the very famous JBFone Conference organized by the Fiducia & GAD IT AG. The Fiducia & GAD IT AG is a public... + continue reading
Tue
10
Jun
Editorial_Staff_Team's picture

List of Bug Bounty Programs & Security Reward Programs became available in April! (NEW UPDATES!)

List of Bug Bounty Programs & Security Reward Programs became available in April! (NEW UPDATES!)

2 weeks ago we updated the main static header of the laboratory to provide all visitors and members a new (up2date) security program list. The listing has been implemented to provide researchers a trusted place and point for exchange and work-share.

The list provides different categories like vendor, bug bounty/reward, gift/benefit/swag but also security acknowledgements. As special category we also a review of the public and silent security programs. 

The list gets an update every 48h - 74h to become a stable, trusted and free resource. On top of the website are the `Last 5 - New Security Programs` as items to review. A count of the public and silent security program entries is also available to all members and public visitors.

Fri
16
May
Editorial_Staff_Team's picture

Remote Code Execution Vulnerability discovered in Yahoo, Microsoft MSN & Orange - Bug Bounty Ebrahim Hegazy

Ebrahim Hegazy (Bug Bounty) - Remote Code Execution in Yahoo, Microsoft MSN & Orange

Today I will be talking about a “Unauthorized Admin Access” that led to “Remote Code Injection” on many domains of “Yahoo“, “Microsoft MSN“ and “Orange“.

Excited? Good, now let’s dive into the details.

During my researches in #Yahoo Bug Bounty Program, I found myself in a Yahoo.net domain:
http://mx.horoscopo.yahoo.net/ymx/
I tried to find the admin panel for that domain name, so I found myself in below page:
http://mx.horoscopo.yahoo.net/ymx/editor/

Pages

Subscribe to Vulnerability Magazine - Bug Bounties, Acknoweldgements & Security Research RSS