Tuesday, September 6, 2016
Posted by Editorial_Staff_Team
Reader's rate:
2
Critical Vulnerabilities in the Sparkassen Newsletter, Emails & Paydirect The core research team of the vulnerability laboratory is helping the german sparkasse to identify new threats of security for the "finance informatik gmbh team" in frankfurt. During the last year we... + continue reading
Saturday, September 3, 2016
Posted by Editorial_Staff_Team
Reader's rate:
2.75
Parse HTTP Host Header Attack - Redirect Bug The vulnerability laboratory core research team (SaifAllah benMassaoud) discovered a HTTP HOST Header attack (Injection & Redirection) via X-Forwarded-Host in the official Parse online service web-application. The host header can be changed to... + continue reading
Monday, August 8, 2016
Posted by Editorial_Staff_Team
Reader's rate:
2.6
Affected FortiManager, FortiAnalyzer, FortiVoice & FortiCloud The Fortinet  company has released several security fixes and patches for different appliance products. The vulnerabilities was disclosed by the core research team of the vulnerability laboratory. The Fortinet Security Team... + continue reading
Friday, August 5, 2016
Posted by Editorial_Staff_Team
Reader's rate:
5
New Apple (Cipertino) Bug Bounty Program Upcoming in 2016 As part of a security presentation given at this year's Black Hat conferences, Apple announced that it would be starting up a new bug bounty program for cupertino products. The offical bug bounty program will reward security... + continue reading
Thursday, July 7, 2016
Posted by Editorial_Staff_Team
Reader's rate:
4.166665
BMW Core Web Portal & ConnectedDrive vulnerable Today we will talk about  two vulnerabilities that was discovered by Vulnerability Laboratory core team member "Benjamin Kunz Mejri", the vulnerabilities which are not patched yet! There are two main bugs both related to... + continue reading

Featured Cooperative Security Articles

Tuesday, 06/09/16 - 0 comment(s)
Critical Vulnerabilities in the Sparkassen Newsletter, Emails & Paydirect The core research team of the vulnerability laboratory is helping the german sparkasse to identify new threats of security for the "finance informatik gmbh team" in frankfurt. During the last year we discovered several vulnerabilities in the bank... + continue reading
Saturday, 03/09/16 - 1 comment(s)
Parse HTTP Host Header Attack - Redirect Bug The vulnerability laboratory core research team (SaifAllah benMassaoud) discovered a HTTP HOST Header attack (Injection & Redirection) via X-Forwarded-Host in the official Parse online service web-application. The host header can be changed to something outside the target domain and cause it... + continue reading

BUG BOUNTY ISSUES

Saturday, 03/09/16 - 1 comment(s)
Parse HTTP Host Header Attack - Redirect Bug The vulnerability laboratory core research team (SaifAllah benMassaoud) discovered a HTTP HOST Header attack (Injection & Redirection) via X-... + continue reading

VULNERABILITIES & BUGS

0DAY SECURITY VIDEOS

Tuesday, 25/08/15 - 0 comment(s)
PayPal Inc patched medium severity Cross Site Request Forgery Issue The independent and individual vulnerability laboratory researcher paresh parmar discovered during the participate in the... + continue reading

IT-SECURITY EVENTS

Tuesday, 05/07/16 - 0 comment(s)
Manchester City - Football Club hosts first Hackathon in July 2016 The city of football club ManchesterCity had organized a new event #HackMCFC, which will provide participants with access to... + continue reading
Tue
06
Sep
Editorial_Staff_Team's picture

Critical Vulnerabilities in Sparkassen Bank Server discovered by Researchers

Critical Vulnerabilities in the Sparkassen Newsletter, Emails & Paydirect

The core research team of the vulnerability laboratory is helping the german sparkasse to identify new threats of security for the "finance informatik gmbh team" in frankfurt. During the last year we discovered several vulnerabilities in the bank infrastructure, which were silently patched but responsible and safe resolved case. Savings banks in german-speaking countries are called Sparkasse. They do work as commercial banks in a decentralized structure, that is connected on different points. Today we would like to talk about the last resolved security vulnerabilities in the official german sparkasse bank web infrastructure.

Sat
03
Sep
Editorial_Staff_Team's picture

Parse HTTP Host Header Attack - Redirect Bug

Parse HTTP Host Header Attack - Redirect Bug

The vulnerability laboratory core research team (SaifAllah benMassaoud) discovered a HTTP HOST Header attack (Injection & Redirection) via X-Forwarded-Host in the official Parse online service web-application. The host header can be changed to something outside the target domain and cause it to redirect to an attackers malicious site. The HTTP HOST Header attack (Injection & Redirection ) via X-Forwarded-Host vulnerability is located in the `/user_session/new/` and "/account/plan/" modules GET method request.
 
Mon
08
Aug
Editorial_Staff_Team's picture

Fortinet Patches Series of Remote Vulnerabilities in Appliance Products

Affected FortiManager, FortiAnalyzer, FortiVoice & FortiCloud

The Fortinet  company has released several security fixes and patches for different appliance products. The vulnerabilities was disclosed by the core research team of the vulnerability laboratory. The Fortinet Security Team coordinated with PSIRT multiple patches for all discovered issues for  the FortiManager, FortiAnalyzer, FortiVoice and FortiCloud appliance web-applications. Lets move deeper into to explain more about our new findings, locations and exploitation.

Fri
05
Aug
Editorial_Staff_Team's picture

Apple Cupertino announces to startup official Bug Bounty Program in 2016

New Apple (Cipertino) Bug Bounty Program Upcoming in 2016

As part of a security presentation given at this year's Black Hat conferences, Apple announced that it would be starting up a new bug bounty program for cupertino products. The offical bug bounty program will reward security researchers who uncover vulnerabilities in Apple's products and bring them to the company's attention. The scopes of the bug bounty programs are clearly defined by the apple product security team in the public ahead to the basic start-up of the full program.

Thu
07
Jul
Editorial_Staff_Team's picture

BMW Core Web Portal & ConnectedDrive - Exploitation of Car Configurations

BMW Core Web Portal & ConnectedDrive vulnerable

Today we will talk about  two vulnerabilities that was discovered by Vulnerability Laboratory core team member "Benjamin Kunz Mejri", the vulnerabilities which are not patched yet! There are two main bugs both related to the BMW online service and web app for ConnectedDrive .

Tue
05
Jul
Editorial_Staff_Team's picture

Manchester City - Football Club hosts first Hackathon in July 2016

Manchester City - Football Club hosts first Hackathon in July 2016

The city of football club ManchesterCity had organized a new event #HackMCFC, which will provide participants with access to the world  leading performances including  match data associated with  players to help them to uncover detailed sight , students who are interested  in fields like (tech,  data , Digital Product Design ) are invited to participates in this event for a weekend of hacking. The Event is supported by  Premier League, OptaPro and ChyronHego,  which will take place from 29 - 31 July at the City Football Academy. Participants will be able to access rarely released data sets provided by OptaPro and ChyronHego to help them catalyst new ideas and insights about player and team performance.
 
Wed
15
Jun
Editorial_Staff_Team's picture

Hack the Pentagon - More then 120 valid Security Vulnerabilities uncovered

Hack the Pentagon - More then 120 valid Vulnerabilities uncovered

Today the washington-post published the first article after the "Hack the Pentagon" Program was finished. Over 121 security vulnerabilities was discovered and verified during the bug bounty contest. One unnamed member of the vulnerability laboratory was successful accepted to participate in the program. The core team researcher discovered about 21 security vulnerabilities at the startup of the government bug bounty program.

The Defense Secretary "Ashton Carter" confirmed “Hack the Pentagon program launched in March exceeded the military’s expectations by uncovering dozens of previously unnoticed security issues affecting the Department of Defense’s public, non-classified computer systems.” at the public tech forum conference in Washington, D.C.

Thu
26
May
Editorial_Staff_Team's picture

Hacking the Bugcrowd - Core Researcher scores in Main Program Site

Hacking the Bugcrowd - Evading the Filter Validation of Bugcrowd

Today we would like to talk about a vulnerability that was located in the main bugcrowd web-application. Normally we do hack in regular and public bug bounty programs, but in case of the issue we exploited the manufacturers official program site web-application to score.

Mon
25
Apr
Editorial_Staff_Team's picture

MIT Security - Alpha Phase of Bug Bounty Program in April 2016

MIT Security - Alpha Phase of Bug Bounty Program in April 2016

In april 2016 the well known MIT EDU started a new official bug bounty program. The MIT Bug Bounty program is an experimental program aiming to improve MIT's online security and foster a community for students to research and test the limits of cyber security in a responsible fashion.

In- Scope Domains

In-Scope Vulnerabilities

Wed
20
Apr
Editorial_Staff_Team's picture

Bug Bounty Program Award Winners 2015 - Exclusive Interview by United Airlines & Facebook

Announcement of the Bug Bounty Program Award Winners 2015 - Exclusive Interviews with United Airlines & Facebook

We worked hard to represent the winners of 2015 after the nicely solved first award ceremonie in 2014. This year we exclusivly release the winners of the international "Bug Bounty Awards". The award is nominated twice for the "Best Upcoming Bug Bounty Program" and the "Best Bug Bounty Program" of the year.

The winners of the award are nominated via email vote by 100 vulnerability laboratory researchers and 101 independent or individual security researchers. The voting results will be multiplied to finally discover the winners. Be welcome to visit the new awards module in the vulnerability laboratory infrastructure with archive.

Pages

Subscribe to VULNERABILITY MAGAZINE - Bug Bounties, Acknoweldgements & Security Research RSS