Wednesday, July 28, 2021
Posted by Editorial_Staff_Team
Reader's rate:
5
New Style, Functions... + continue reading
Tuesday, April 6, 2021
Posted by Editorial_Staff_Team
Reader's rate:
5
New Teams Desktop Client Bug Bounty Program Microsoft Teams is a platform developed by Microsoft that combines chat, meetings, notes and attachments. The service is integrated into the Microsoft 365 suite with Microsoft Office and Skype/Skype for Business. In recent weeks, microsoft's msrc... + continue reading
Friday, January 15, 2021
Posted by Editorial_Staff_Team
Reader's rate:
5
New Ebay Inc Identity Security Check Default PIN in 2021 In the last weeks we have reviewed several identity security check mechanisms of large coporates. Due to that we figured out a funny case with ebay inc. Ebay inc owns a new security identity check function that uses a algorithm to... + continue reading
Thursday, October 22, 2020
Posted by Editorial_Staff_Team
Reader's rate:
5
Bundeswehr Responsible Disclosure Program (VDPBw) Today, on october 22, the German Armed Forces "Bundeswehr" officially launched the new Responsible Disclosure Program for reporting vulnerabilities and security vulnerabilities. Preparations have been underway for a few weeks now and can be... + continue reading
Wednesday, September 16, 2020
Posted by Editorial_Staff_Team
Reader's rate:
4
Bypassing using Exchange of Session Credentials In recent weeks, a new application has been released at the sparkasse in germany. This is the "secure safe" for documents... + continue reading
Thursday, May 7, 2020
Posted by Editorial_Staff_Team
Reader's rate:
5
LANCOM Systems Wireless Controller Series (Public Spot) - Several Patches Released by Support Today Security researchers of the vulnerability laboratory core research team uncovered about 3 weeks ago a new vulnerability in the LANCOM Systems wireless controller product series. With WLAN... + continue reading
Thursday, April 30, 2020
Posted by Editorial_Staff_Team
Reader's rate:
5
The Digital Bank Robbery of the Year 2020 - APT "Golden_hands" (Government Emergency Aid) In last 4-5 weeks our company Evolution Security GmbH and all around us were affected by the economy crisis that came cold from the back. This is a story about advanced persistent threats in Germany and the... + continue reading
Wednesday, April 29, 2020
Posted by Editorial_Staff_Team
Reader's rate:
5
Pointer Issue crashs local mmc.exe process on Microsoft Windows 2012 R2 x64 Due to a test in a staging-system that was fresh setup with a windows 2012 r2 release the researcher of the vulnerability lab identified a serious local denial of service vulnerability affecting different other microsoft... + continue reading
Saturday, April 4, 2020
Posted by Editorial_Staff_Team
Reader's rate:
5
Security gap in search function of Bundeswehr web application patched About some time ago, we had a look at the latest Bundeswehr website (https://www.bundeswehrkarriere.de/) in our lab. We noticed an error in the output of the validation of an application. We then investigated this error in... + continue reading

Featured Cooperative Security Articles

Wednesday, 28/07/21 - 0 comment(s)
New Style, Functions... + continue reading
Tuesday, 06/04/21 - 0 comment(s)
New Teams Desktop Client Bug Bounty Program Microsoft Teams is a platform developed by Microsoft that combines chat, meetings, notes and attachments. The service is integrated into the Microsoft 365 suite with Microsoft Office and Skype/Skype for Business. In recent weeks, microsoft's msrc team has added the Microsoft Teams application to... + continue reading

TOP SECURITY STORIES

VULNERABILITIES & BUGS

Friday, 15/01/21 - 3 comment(s)
New Ebay Inc Identity Security Check Default PIN in 2021 In the last weeks we have reviewed several identity security check mechanisms of large coporates. Due to that we figured out a funny case... + continue reading

BEST SECURITY VIDEOS

Thursday, 07/03/19 - 2 comment(s)
Telekom Magenta Musik 360 - CERT Coordinates The videos shows the reproduce for the german telekom in a new service they did publish in 2019 Q1. The vulnerabilities are persistent and non-... + continue reading

LAB MAGAZINE ISSUES

Tuesday, 11/03/14 - 1 comment(s)
Vulnerability Magazine Welcome to the Vulnerability Magazine! The the vulnerability magazine, publishes the latest vulnerabilities and security informations from our laboratory infrastructure.... + continue reading

IT-SECURITY EVENTS

Thursday, 23/11/17 - 2 comment(s)
Legendary free speech - You are the Key! In the last weeks we got invited to the very famous JBFone Conference organized by the Fiducia & GAD IT AG. The Fiducia & GAD IT AG is a public... + continue reading
Tue
10
Jun

List of Bug Bounty Programs & Security Reward Programs became available in April! (NEW UPDATES!)

List of Bug Bounty Programs & Security Reward Programs became available in April! (NEW UPDATES!)

2 weeks ago we updated the main static header of the laboratory to provide all visitors and members a new (up2date) security program list. The listing has been implemented to provide researchers a trusted place and point for exchange and work-share.

The list provides different categories like vendor, bug bounty/reward, gift/benefit/swag but also security acknowledgements. As special category we also a review of the public and silent security programs. 

The list gets an update every 48h - 74h to become a stable, trusted and free resource. On top of the website are the `Last 5 - New Security Programs` as items to review. A count of the public and silent security program entries is also available to all members and public visitors.

Fri
16
May

Remote Code Execution Vulnerability discovered in Yahoo, Microsoft MSN & Orange - Bug Bounty Ebrahim Hegazy

Ebrahim Hegazy (Bug Bounty) - Remote Code Execution in Yahoo, Microsoft MSN & Orange

Today I will be talking about a “Unauthorized Admin Access” that led to “Remote Code Injection” on many domains of “Yahoo“, “Microsoft MSN“ and “Orange“.

Excited? Good, now let’s dive into the details.

During my researches in #Yahoo Bug Bounty Program, I found myself in a Yahoo.net domain:
http://mx.horoscopo.yahoo.net/ymx/
I tried to find the admin panel for that domain name, so I found myself in below page:
http://mx.horoscopo.yahoo.net/ymx/editor/

Pages

Subscribe to Vulnerability Magazine - Acknoweldgements, Bug Bounties & Security Research RSS