Friday, December 20, 2019
Posted by Editorial_Staff_Team
Reader's rate:
5
Apples Whitehat Hacker gift for Xmas Due to a longer period of time (January) we have stopped our Responsible Disclosure Bug Bounty Program at Apple. The reason was that Apple's security department made many mistakes in dealing with independent security researchers and did not seriously reward... + continue reading
Friday, December 13, 2019
Posted by Editorial_Staff_Team
Reader's rate:
5
Whitehat in action discovers Kiosk Escape... + continue reading
Saturday, November 23, 2019
Posted by Editorial_Staff_Team
Reader's rate:
5
Last month, security researcher and founder of the vulnerability lab Benjamin Kunz Mejri discovered a new Microsoft Skype vulnerability. The problem has a local and a remote attack vector that can be exploited. Surprisingly, the way the attack takes place is via the client infrastructure to an... + continue reading
Monday, September 9, 2019
Posted by Editorial_Staff_Team
Reader's rate:
5
Undocumented Telnetd... + continue reading
Monday, September 2, 2019
Posted by Editorial_Staff_Team
Reader's rate:
5
GPSRP pays researchers for reporting abusiv google playstore apps Adam Bacchus, Sebastian Porst, and Patrick Mutchler  of the  Android Security... + continue reading
Friday, August 9, 2019
Posted by Editorial_Staff_Team
Reader's rate:
5
Apple Updates Bug Bounty Program Q4 In recent years, Apple and the company around cupertino have received massive criticism about the current Bug Bounty program. Among other things, well-known security researchers from the scene have criticized Apple for a faulty program, which attracts others but... + continue reading
Thursday, March 7, 2019
Posted by Editorial_Staff_Team
Reader's rate:
5
Telekom Magenta Musik 360 - CERT Coordinates The videos shows the reproduce for the german telekom in a new service they did publish in 2019 Q1. The vulnerabilities are persistent and non-persistent cross site scripting issues within the front / backend of the online service. Remote attackers... + continue reading
Friday, February 15, 2019
Posted by Editorial_Staff_Team
Reader's rate:
5
Internation Bug Bounty Program to PenTest E-Voting System The federal government of switzerland offers hackers who can uncover vulnerabilities, privacy issues or simple bugs in its e-voting system up to 44,000 euros. International White Hat or ethics hackers are given the opportunity to... + continue reading
Monday, December 24, 2018
Posted by Editorial_Staff_Team
Reader's rate:
5
Yes, we did it again! Due to the last few years we have discovered several problems that bypass the password protection mechanism of ios. In recent weeks we have discovered a new problem affecting the latest ios versions 12.1 and 12.1.1.1. The vulnerability allows password protection to be... + continue reading

Featured Cooperative Security Articles

Friday, 20/12/19 - 2 comment(s)
Apples Whitehat Hacker gift for Xmas Due to a longer period of time (January) we have stopped our Responsible Disclosure Bug Bounty Program at Apple. The reason was that Apple's security department made many mistakes in dealing with independent security researchers and did not seriously reward them. In October, we had a meeting in Abu Dhabi (HITB... + continue reading

TOP SECURITY STORIES

Friday, 09/08/19 - 2 comment(s)
Apple Updates Bug Bounty Program Q4 In recent years, Apple and the company around cupertino have received massive criticism about the current Bug Bounty program. Among other things, well-known... + continue reading

BUG BOUNTY ISSUES

Friday, 20/12/19 - 2 comment(s)
Apples Whitehat Hacker gift for Xmas Due to a longer period of time (January) we have stopped our Responsible Disclosure Bug Bounty Program at Apple. The reason was that Apple's security department... + continue reading

BEST SECURITY VIDEOS

Thursday, 07/03/19 - 1 comment(s)
Telekom Magenta Musik 360 - CERT Coordinates The videos shows the reproduce for the german telekom in a new service they did publish in 2019 Q1. The vulnerabilities are persistent and non-... + continue reading

LAB MAGAZINE ISSUES

Wednesday, 12/03/14 - 1 comment(s)
Vulnerability Magazine Welcome to the Vulnerability Magazine! The the vulnerability magazine, publishes the latest vulnerabilities and security informations from our laboratory infrastructure.... + continue reading

IT-SECURITY EVENTS

Friday, 24/11/17 - 2 comment(s)
Legendary free speech - You are the Key! In the last weeks we got invited to the very famous JBFone Conference organized by the Fiducia & GAD IT AG. The Fiducia & GAD IT AG is a public... + continue reading
Thu
15
May
Editorial_Staff_Team's picture

PayPal Inc Bug Bounty - Researcher discovered filter bypass & persistent input validation issue 2014Q2

The famous pakistani vulnerability researcher and security consultant Ateeq ur Rehman Khan (vulnerability lab core team) discovered a high severity issue in the paypal shipping application api. PayPal MultiOrder Shipping (MOS) is a tool that helps eBay businesses save time by allowing them to print up to 50 US Postal Service shipping labels at a time directly from their PayPal accounts.

The vulnerability has been reported by Ateeq ur Rehman in 2013 Q4 via Vulnerability Laboratory to the official PayPal Inc bug bounty program. The program provides a responsible disclosure policy to individuals and researchers.

Mon
14
Apr
Editorial_Staff_Team's picture

German Telekom Bug Bounty Program - Scope changes! Exclude of 3 Bug Types

The official Telekom Bug Bounty Program announced since december 2013 that in 2014 the vulnerability scope guidlines became a persistent upgrade.

A lot of unauthorized individuals have submitted a lot of client-side cross site scripting vulnerabilities by usage of public security scanners software/scripts.

The reports overflowed the telekom program and as consequence a major update to change came up by exclude of several "small" attacks vectors.

They do not block to receive client-side cross site issues because they also need to patch them but the main scope has been changed to major security issues in 2014.

The german telekom decided to disallow to reward the following categories of bugs:

Pages

Subscribe to Vulnerability Magazine - Acknoweldgements, Bug Bounties & Security Research RSS