Lucene search
K

67 matches found

Packet Storm
Packet Storm
added 2020/06/12 12:0 a.m.466 views

OX App Suite / OX Documents 7.10.3 XSS / SSRF / Improper Validation

Dear subscribers, we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs for OX AppSuite, Dovecot and PowerDNS at HackerOne. Yours sincerely, Martin Heiland, Open-Xchange GmbH...

4CVSS0.4AI score0.02029EPSS
Exploits5
Hacker One
Hacker One
added 2020/05/16 8:43 a.m.12 views

Mail.ru: User session access due to Oauth whitelist host bypass and postMessage

A destination for postMessage was not properly restricted on connect.mail.ru allowing crossite access to session, as was shown for 3k.mail.ru application session. Both connect.mail.ru and 3k.mail.ru belong to Ext.B scope, this scope does not offer a bounty for attacks with clientside vectors on t...

Exploits0
ThreatPost
ThreatPost
added 2020/02/12 2:37 p.m.50 views

Katie Moussouris: The Bug Bounty Conflict of Interest

Since the launch of the Hack the Pentagon program in 2016, bug bounty programs continue to increase in popularity – however, as more programs are created, some companies are forgetting the real reason behind bug bounties. Instead of aiming to make their systems more secure, companies are viewing...

7.1AI score
Exploits0References3
ThreatPost
ThreatPost
added 2019/12/02 4:46 p.m.91 views

CISA Pushing U.S. Agencies to Adopt Vulnerability Disclosure Policies

The U.S. government’s cybersecurity agency has issued a draft directive mandating all agencies to develop vulnerability disclosure policies, which would give ethical hackers clear guidelines for submitting bugs found in government systems. Security experts hope that the directive will light a fir...

7.1AI score
Exploits0References12
ThreatPost
ThreatPost
added 2019/10/29 1:0 p.m.44 views

ThreatList: Most Retail Hardware Bug Bounty Flaws Are Critical

Almost all of hardware vulnerabilities – 90 percent – that were submitted to retail bug bounty programs so far this year were categorized as critical, showing that Point of Sale systems and other retail hardware assets remain a serious security issue. That’s due to the fact that retail hardware...

7.4AI score
Exploits0References10
MSRC
MSRC
added 2019/09/23 7:0 a.m.7 views

MSRC is going to ROOTCON!

The Microsoft Security Response Center MSRC works with partners all over the world to protect Microsoft customers. This week we’re headed to the Philippines to meet security researchers and bounty hunters at ROOTCON 13! Planning on attending ROOTCON? If you want to learn more about how you can ea...

1.4AI score
Exploits0
MSRC
MSRC
added 2019/09/23 7:0 a.m.8 views

MSRC is going to ROOTCON!

The Microsoft Security Response Center MSRC works with partners all over the world to protect Microsoft customers. This week we’re headed to the Philippines to meet security researchers and bounty hunters at ROOTCON 13! Planning on attending ROOTCON? If you want to learn more about how you can ea...

7AI score
Exploits0
ThreatPost
ThreatPost
added 2019/08/30 3:47 p.m.51 views

Six Hackers Have Now Pocketed $1M From Bug Bounty Programs

Six hackers in total have each now pocketed more than $1 million from finding vulnerabilities in bug-bounty programs – including one from the U.S. That figure comes as more bug-bounty programs bump up their rewards due to participants finding more high-severity vulnerabilities in their platforms,...

7.3AI score
Exploits0References10
Kitploit
Kitploit
added 2019/08/18 1:6 p.m.1795 views

"Can I Take Over XYZ?" - A List Of Services And How To Claim (Sub)Domains With Dangling DNS Records

What is asubdomain takeover? Subdomain takeover vulnerabilities occur when a subdomain subdomain.example.com is pointing to a service e.g. GitHub pages, Heroku, etc. that has been removed or deleted. This allows an attacker to set up a page on the service that was being used and point their page ...

6.8AI score
Exploits0References30
Packet Storm
Packet Storm
added 2019/08/16 12:0 a.m.272 views

Open-Xchange OX Guard Cross Site Scripting / Signature Validation

Dear subscribers, we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs appsuite, dovecot, powerdns at HackerOne. Yours sincerely, Martin Heiland, Open-Xchange GmbH Product: OX...

4.3CVSS6.7AI score0.01867EPSS
Exploits4
Packet Storm
Packet Storm
added 2019/08/16 12:0 a.m.349 views

Open-Xchange OX App Suite Content Spoofing / Cross Site Scripting

Dear subscribers, we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs appsuite, dovecot, powerdns at HackerOne. Yours sincerely, Martin Heiland, Open-Xchange GmbH Product: OX...

5.2AI score0.01683EPSS
Exploits4
MSRC
MSRC
added 2019/07/29 7:0 a.m.10 views

It’s Official – The Way We Recognize Our Security Researchers

We deeply appreciate the partnership of the many talented security researchers who report vulnerabilities to Microsoft through Coordinated Vulnerability Disclosure. We pay bounties for research in key areas, and each year at Black Hat USA, we’ve recognized the most impactful researchers helping t...

1.5AI score
Exploits0
MSRC
MSRC
added 2019/05/29 7:0 a.m.10 views

Time travel debugging: It’s a blast! (from the past)

The Microsoft Security Response Center MSRC works to assess vulnerabilities that are externally reported to us as quickly as possible, but time can be lost if we have to confirm details of the repro steps or environment with the researcher to reproduce the vulnerability. Microsoft has made our...

7AI score
Exploits0
MSRC
MSRC
added 2019/01/17 4:0 p.m.85 views

Announcing the Microsoft Azure DevOps Bounty program

The Microsoft Security Response Center MSRC is pleased to announce the launch of the Azure DevOps Bounty program, a program dedicated to providing rock-solid security for our DevOps customers. Starting January 17, 2019, we’re excited to offer rewards up to US$20,000 for eligible vulnerabilities i...

7.2AI score
Exploits0
Packet Storm
Packet Storm
added 2019/01/07 12:0 a.m.81 views

Ox App Suite 7.8.4 / 7.8.3 XSS / CSRF / Information Disclosure

Dear subscribers, we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs open-xchange, dovecot, powerdns at HackerOne. Yours sincerely, Martin Heiland, Open-Xchange GmbH Product:...

5.7AI score0.01219EPSS
Exploits4
ThreatPost
ThreatPost
added 2018/11/30 2:30 p.m.16 views

Newsmaker Interview: Katie Moussouris on Improving Bug Bounty Programs

Bug bounty programs continue to increase in popularity – but that popularity has its downsides. Since the launch of the Hack the Pentagon program in 2016, bug bounty programs have quickly grown in popularity. Bugcrowd’s State of Bug Bounty report this year found that the number of programs launch...

7.8AI score
Exploits0References3
MSRC
MSRC
added 2018/10/02 11:4 p.m.59 views

Standing behind “MSRC Listens”

Last week at BlueHat’s “MSRC Listens” session, I took the stage with Mechele Gruhn, manager of the Vulnerability Response PM team, to explain how MSRC is changing our communication, workflows, and tooling to deliver an improved user experience for our partners in the security research community. ...

7.2AI score
Exploits0
ThreatPost
ThreatPost
added 2018/09/05 5:3 p.m.10 views

The Vulnerability Disclosure Process: Still Broken

Despite huge progress in the vulnerability disclosure process, things remain broken when it comes to vendor-researcher relationships. Case in point: Last year when Leigh-Anne Galloway a cybersecurity resilience lead at Positive Technologies found a gaping hole in the Myspace website, she reported...

7.2AI score
Exploits0References19
MSRC
MSRC
added 2018/07/26 8:56 p.m.42 views

Recognizing Q4 Top 5 Bounty Hunters

We have tabulated the results from April-June 2018. The Top 5 Bounty Hunters for Q4 are now in. As with our list from Q3, we want to recognize both the leaders in payouts and in number of successful submissions. We appreciate the hard work and dedication of the following individuals and companies...

6.8AI score
Exploits0
ThreatPost
ThreatPost
added 2018/07/13 4:30 p.m.15 views

ThreatList: Bug Bounty Payouts Increase Six Percent for Critical Vulnerabilities

The average payout price for critical vulnerabilities are up six percent and now average $2,041 compared to the prior year. The numbers are from HackerOne’s 2018 Hacker-Powered Security Report, published Wednesday. The study looked at data derived from the HackerOne community between May 2017 and...

0.1AI score
Exploits0References4
Rows per page
Query Builder