Exploit for Code Injection in Vmware Spring_Cloud_Gateway

CVE-2022-22947 SpringCloudGatewayRCE Code by: Junsh...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

CVE-2021-26084 Confluence remote code execution RCE...

Marc Rogers: Success of Anonymous Bug Submission Program 'Takes A Village'

A global anonymous bug submission platform, announced at DEF CON in August, aims to help encourage ethical hackers to submit high-level bugs anonymously that might otherwise trigger a barrage of questions or put researchers in legal hot water. DEF CON conference founder Jeff Moss said the goal wa...

News Wrap: DejaBlue Bugs and Biometrics Data Breaches

On the heels of Black Hat USA 2019 and DEF CON, Threatpost editors break down the biggest news of this past week ended Aug. 16, from Patch Tuesday craziness to publicly-exposed databases. That includes: Microsoft’s August Patch Tuesday release featuring four BlueKeep-like critical remote...

HackerOne: Team Member███ associated with a Custom Group Created with 'Program Managment' only permissions can Comments on Bug Reports

Hi Team, Legend ====== AppSecBounty = Bug ProgramSandbox Program Hacker1001 = Bug Reporter BugAdmin = Program Admin BugMember = Team Member associated ProgramManagement Group ProgramManagement Group = Custom Group created with "Program Management Permission" Steps: 1. Hacker1001 reports a Bug to...

Yahoo Formally Launches Bug Bounty Program

As promised, Yahoo formally kicked off its bug bounty program late last week, aiming to correct what many in the security industry viewed as misstep after it handed out a paltry $12.50 credit to a researcher for discovering a cross-site scripting error. The company caught flak when in September...