Thursday, October 22, 2020
Posted by Editorial_Staff_Team
Reader's rate:
5
Bundeswehr Responsible Disclosure Program (VDPBw) Today, on october 22, the German Armed Forces "Bundeswehr" officially launched the new Responsible Disclosure Program for reporting vulnerabilities and security vulnerabilities. Preparations have been underway for a few weeks now and can be... + continue reading
Wednesday, September 16, 2020
Posted by Editorial_Staff_Team
Reader's rate:
4
Bypassing using Exchange of Session Credentials In recent weeks, a new application has been released at the sparkasse in germany. This is the "secure safe" for documents... + continue reading
Thursday, May 7, 2020
Posted by Editorial_Staff_Team
Reader's rate:
5
LANCOM Systems Wireless Controller Series (Public Spot) - Several Patches Released by Support Today Security researchers of the vulnerability laboratory core research team uncovered about 3 weeks ago a new vulnerability in the LANCOM Systems wireless controller product series. With WLAN... + continue reading
Thursday, April 30, 2020
Posted by Editorial_Staff_Team
Reader's rate:
5
The Digital Bank Robbery of the Year 2020 - APT "Golden_hands" (Government Emergency Aid) In last 4-5 weeks our company Evolution Security GmbH and all around us were affected by the economy crisis that came cold from the back. This is a story about advanced persistent threats in Germany and the... + continue reading
Wednesday, April 29, 2020
Posted by Editorial_Staff_Team
Reader's rate:
5
Pointer Issue crashs local mmc.exe process on Microsoft Windows 2012 R2 x64 Due to a test in a staging-system that was fresh setup with a windows 2012 r2 release the researcher of the vulnerability lab identified a serious local denial of service vulnerability affecting different other microsoft... + continue reading
Saturday, April 4, 2020
Posted by Editorial_Staff_Team
Reader's rate:
5
Security gap in search function of Bundeswehr web application patched About some time ago, we had a look at the latest Bundeswehr website (https://www.bundeswehrkarriere.de/) in our lab. We noticed an error in the output of the validation of an application. We then investigated this error in... + continue reading
Tuesday, February 11, 2020
Posted by Editorial_Staff_Team
Reader's rate:
5
Microsoft starts Xbox... + continue reading
Friday, December 20, 2019
Posted by Editorial_Staff_Team
Reader's rate:
5
Apples Whitehat Hacker gift for Xmas Due to a longer period of time (January) we have stopped our Responsible Disclosure Bug Bounty Program at Apple. The reason was that Apple's security department made many mistakes in dealing with independent security researchers and did not seriously reward... + continue reading
Friday, December 13, 2019
Posted by Editorial_Staff_Team
Reader's rate:
5
Whitehat in action discovers Kiosk Escape... + continue reading

Featured Cooperative Security Articles

Thursday, 22/10/20 - 0 comment(s)
Bundeswehr Responsible Disclosure Program (VDPBw) Today, on october 22, the German Armed Forces "Bundeswehr" officially launched the new Responsible Disclosure Program for reporting vulnerabilities and security vulnerabilities. Preparations have been underway for a few weeks now and can be clearly seen on the domain in the updates of the... + continue reading
Wednesday, 16/09/20 - 0 comment(s)
Bypassing using Exchange of Session Credentials In recent weeks, a new application has been released at the sparkasse in germany. This is the "secure safe" for documents... + continue reading

TOP SECURITY STORIES

VULNERABILITIES & BUGS

Wednesday, 16/09/20 - 0 comment(s)
Bypassing using Exchange of Session Credentials In recent weeks, a new application has been released at the sparkasse in germany. This is the "secure safe" for documents... + continue reading

BEST SECURITY VIDEOS

Thursday, 07/03/19 - 2 comment(s)
Telekom Magenta Musik 360 - CERT Coordinates The videos shows the reproduce for the german telekom in a new service they did publish in 2019 Q1. The vulnerabilities are persistent and non-... + continue reading

LAB MAGAZINE ISSUES

Tuesday, 11/03/14 - 1 comment(s)
Vulnerability Magazine Welcome to the Vulnerability Magazine! The the vulnerability magazine, publishes the latest vulnerabilities and security informations from our laboratory infrastructure.... + continue reading

IT-SECURITY EVENTS

Thursday, 23/11/17 - 2 comment(s)
Legendary free speech - You are the Key! In the last weeks we got invited to the very famous JBFone Conference organized by the Fiducia & GAD IT AG. The Fiducia & GAD IT AG is a public... + continue reading
Wed
15
Oct

Parallels Plesk v11.5.x - URL Protection Filter Bypass (Video Demonstration)

Parallels Plesk v11.5.x - URL Protection Filter Bypass Vulnerability

The video has been recorded during the pentest session of ismail kaleem in the official parallels plesk hosting panel application. The video demonstrates how to bypass the url filter protection for malicious requests to execute malicious urls. The vulnerability is already patched by the parallels dev team.

The advisory of the vulnerability is not publicly available because the team participated in a silent security program of the laboratory.

Mon
13
Oct

Vulnerability Laboratory - Evolution Security announced to become a GmbH

Vulnerability Laboratory - Evolution Security announced to become a GmbH

During the last week we are proud to announce that the background company evolution security becomes a `GmbH`. Since the beginning of the program we are glad to say that everything went successful to the vulnerability laboratory in 2014. We did a big investment by our own to forward the background company and laboratory in the right direction.

The reason why we made the investment is that we want to develop new modules to the laboratory and extend the running services. We want to disclose more issues and finalize the template of reports.

Another good reason for the investment was that we want to hire people with stable employment contracts to join the laboratory infrastructure throught he evolution security company.

Pages

Subscribe to Vulnerability Magazine - Acknoweldgements, Bug Bounties & Security Research RSS