Citrix Gateway & Cloud MFA - Insufficient Session Validation Vulnerability

Monday, July 3, 2023
Posted by Editorial_Staff_Team
Published Vulnerabilities
2 comment(s)
Reader's rate:
3.32487
Citrix Gateway... + continue reading

Rhein Ruhr Express (RRX) - DNS Cache Snooping Vulnerability on Wifi Hotspot

Tuesday, October 11, 2022
Posted by Editorial_Staff_Team
Top Stories
0 comment(s)
Reader's rate:
5
DNS Cache Snooping Vulnerability on Wifi Hotspots by Siemens The Rhein-Ruhr-Express (RRX) is a program currently being implemented to provide regional transport on the core route of the Ruhr area and the central Rhineland from Dortmund via Essen, Duisburg and Düsseldorf to Cologne. The RXX is... + continue reading

Bundeswehr Generalmajor officially acknowledges Whitehat for Responsible Disclosure Activities

Monday, October 25, 2021
Posted by Editorial_Staff_Team
Top Stories
8 comment(s)
Reader's rate:
3.333335
Responsible Disclosure Program (VDPBW) 2021 One year has now passed since the Bundeswehr made public the first vulnerability disclosure policy (vdpbw) for a responsible disclosure program. Since our security researchers always like to be the first to test and actively participate in a bug bounty... + continue reading

BMW Mail - Persistent Validation Vulnerability

Tuesday, October 19, 2021
Posted by Editorial_Staff_Team
Published Vulnerabilities
1 comment(s)
Reader's rate:
5
A vulnerability researcher of the vulnerability lab team disclosed a simple but effective technique that was used against microsoft and adobe some years ago. A persistent input validation web vulnerability has been discovered in the official BMW online service portal web-application. The... + continue reading

Google Upgrades VRP Bug Bounty Platform

Wednesday, July 28, 2021
Posted by Editorial_Staff_Team
Bug Bounty
0 comment(s)
Reader's rate:
5
10th Anniversary - VRP Upgrade Google announced this week on its official security blog that the current bug bounty program will be rebranded for its anniversary. As with other vulnerability disclosure platforms, a gamification model will be used to further motivate the research community.... + continue reading

MSRC extends Bug Bounty Program for Microsoft Teams

Tuesday, April 6, 2021
Posted by Editorial_Staff_Team
Bug Bounty
1 comment(s)
Reader's rate:
3.5
New Teams Desktop Client Bug Bounty Program Microsoft Teams is a platform developed by Microsoft that combines chat, meetings, notes and attachments. The service is integrated into the Microsoft 365 suite with Microsoft Office and Skype/Skype for Business. In recent weeks, microsoft's msrc... + continue reading

Ebay Inc Identity Security Check Default PIN in 2021

Friday, January 15, 2021
Posted by Editorial_Staff_Team
Published Vulnerabilities
3 comment(s)
Reader's rate:
5
New Ebay Inc Identity Security Check Default PIN in 2021 In the last weeks we have reviewed several identity security check mechanisms of large coporates. Due to that we figured out a funny case with ebay inc. Ebay inc owns a new security identity check function that uses a algorithm to... + continue reading

German Bundeswehr starts own Responsible Disclosure Program (VDPBw)

Thursday, October 22, 2020
Posted by Editorial_Staff_Team
Top Stories
4 comment(s)
Reader's rate:
4.76923
Bundeswehr Responsible Disclosure Program (VDPBw) Today, on october 22, the German Armed Forces "Bundeswehr" officially launched the new Responsible Disclosure Program for reporting vulnerabilities and security vulnerabilities. Preparations have been underway for a few weeks now and can be... + continue reading

Sparkasse Safe - Two Functions One Token to Go

Wednesday, September 16, 2020
Posted by Editorial_Staff_Team
Published Vulnerabilities
0 comment(s)
Reader's rate:
4
Bypassing using Exchange of Session Credentials In recent weeks, a new application has been released at the sparkasse in germany. This is the "secure safe" for documents... + continue reading

Featured Cooperative Security Articles

Citrix Gateway & Cloud MFA - Insufficient Session Validation Vulnerability

Monday, 03/07/23 - 2 comment(s)
Citrix Gateway... + continue reading

Rhein Ruhr Express (RRX) - DNS Cache Snooping Vulnerability on Wifi Hotspot

Tuesday, 11/10/22 - 0 comment(s)
DNS Cache Snooping Vulnerability on Wifi Hotspots by Siemens The Rhein-Ruhr-Express (RRX) is a program currently being implemented to provide regional transport on the core route of the Ruhr area and the central Rhineland from Dortmund via Essen, Duisburg and Düsseldorf to Cologne. The RXX is from the company "Abello". The vehicles of the RRX... + continue reading

Jump back to navigation

TOP SECURITY STORIES

Rhein Ruhr Express (RRX) - DNS Cache Snooping Vulnerability on Wifi Hotspot

Tuesday, 11/10/22 - 0 comment(s)
DNS Cache Snooping Vulnerability on Wifi Hotspots by Siemens The Rhein-Ruhr-Express (RRX) is a program currently being implemented to provide regional transport on the core route of the Ruhr area... + continue reading

Bundeswehr Generalmajor officially acknowledges Whitehat for Responsible Disclosure Activities

25/10/21 - 8 comment(s)

German Bundeswehr starts own Responsible Disclosure Program (VDPBw)

22/10/20 - 4 comment(s)

Vulnerability in LANCOM Systems Wireless Controller Series uncovered

07/05/20 - 2 comment(s)

+ View all
Jump back to navigation

BUG BOUNTY ISSUES

Google Upgrades VRP Bug Bounty Platform

Wednesday, 28/07/21 - 0 comment(s)
10th Anniversary - VRP Upgrade Google announced this week on its official security blog that the current bug bounty program will be rebranded for its anniversary. As with other vulnerability... + continue reading

MSRC extends Bug Bounty Program for Microsoft Teams

06/04/21 - 1 comment(s)

Microsoft starts Xbox & Xbox Live Bug Bounty Program

11/02/20 - 3 comment(s)

Apple launches public Bug Bounty Program and delights Security Community

20/12/19 - 3 comment(s)

+ View all
Jump back to navigation

BEST SECURITY VIDEOS

Telekom Magenta Musik 360 - Multiple Cross Site Scripting Vulnerabilities

Thursday, 07/03/19 - 2 comment(s)
Telekom Magenta Musik 360 - CERT Coordinates The videos shows the reproduce for the german telekom in a new service they did publish in 2019 Q1. The vulnerabilities are persistent and non-... + continue reading

PayPal Inc patched medium severity Cross Site Request Forgery Issue

25/08/15 - 0 comment(s)

Shopify | Buy Button | Persistent Embed POST Inject Vulnerability

13/08/15 - 8 comment(s)
UBNT Bug Bounty #3 - Persistent Filename Vulnerability

UBNT Bug Bounty #3 - Persistent Filename Vulnerability

11/08/15 - 0 comment(s)

+ View all
Jump back to navigation

IT-SECURITY EVENTS

Edward Snowden free speech at JBFone - Data Security & Privacy

Thursday, 23/11/17 - 2 comment(s)
Legendary free speech - You are the Key! In the last weeks we got invited to the very famous JBFone Conference organized by the Fiducia & GAD IT AG. The Fiducia & GAD IT AG is a public... + continue reading

Internet Security Conference 2017 by Qihoo 360

22/09/17 - 0 comment(s)

Manchester City - Football Club hosts first Hackathon in July 2016

05/07/16 - 0 comment(s)

Hack in the Box | Amsterdam 2015 | HITB

30/05/15 - 3 comment(s)

+ View all
Jump back to navigation

Wed
22
Apr

Researcher discovers Zero-Day Vulnerability in Wordpress Plugin of Exploit DB

Submitted by Editorial_Staff_Team on Wed, 04/22/2015 - 11:53

Researcher discovers Zero-Day Vulnerability in Wordpress Plugin of Exploit DB

The young security researcher paulos yibleo discovered a remote vulnerability in the offensive security exploit-db community.

The vulnerability occured in the blog service of the community. The offensive security team installed an application plugin for wordpress called "wp-rocket". The "wp-rocket" (wp-rocket.me) plugin is well known for unsecure programming mythology.

The security vulnerability that is remotly exploitable was located in the /wp-content/wprocketfolder/inc/front/process.php application file. The process.php file allows to request without authorization (pre-auth) $host controlled inputs.

Wed
22
Apr

Magento split up the Bug Bounty Program of Ebay - Begin 1st May!

Submitted by Editorial_Staff_Team on Wed, 04/22/2015 - 10:55

Magento split up the Bug Bounty Program of Ebay - Begin 1st May

Today in the morning we received a mail message by the representatives of the magento bug bounty program.

The mail is send to all active security researchers in the official ebay inc and magento bug bounty program.

In the message the magento team announces that the active researchers should send the new reports (begin 1st may) to the official magento bug bounty source. Reason for that is a cooperative split of both programs.

"Hello Magento Researchers, beginning on May 1, Magento submissions should be directed to security@magento.com . For messages with sensitive content, please encrypt your email with our encryption key which can be found on the security center page, https://magento.com/security.”

Pages

Subscribe to Vulnerability Magazine - Acknoweldgements, Bug Bounties & Security Research RSS

Syndicate

Subscribe to Syndicate