Mystery Company Offers $250,000 Bounty for VM Escape Vulnerabilities

An unnamed company will start an eight-week, invite-only bug bounty program in September that offers a $250,000 payout for virtual-machine escape vulnerabilities tied to an unreleased product. Bugcrowd announced the program today, and said the high-priced bounty is the largest advertised bounty o...

The Time Has Arrived to Embrace Hackers

BOSTON—More than ever, hackers are getting a welcoming embrace from law enforcement, governments and business. Bug bounties and vulnerability disclosure programs are becoming the norm across industry, and hackers are no longer universally viewed as a pariah. Simultaneously, however, groups such a...

Netgear launches Bug Bounty Program for Hacker; Offering up to $15,000 in Rewards

It might be the easiest bug bounty program ever. Netgear launched on Thursday a bug bounty program to offer up to $15,000 in rewards to hackers who will find security flaws in its products. Since criminals have taken aim at a rapidly growing threat surface created by millions of new Internet of...

Telegram BBBot - Telegram Bug Bounty Bot

Telegram Bug Bounty Bot https://telegram.me/bugbountychannel History This bot adopted special for deploying to Heroku General purposes of this got - "Be helpful for infosec community!" Bot use https://github.com/maddevsio/bbcrawler for fetching information Used heroku...

Avira Antivirus 15.0.21.86 - '.zip' Directory Traversal / Command Execution Exploit

Exploit for windows platform in category local exploits Title : Avira Antivirus = 15.0.21.86 Command Execution SYSTEM Date : 08/11/2016 Author : R-73eN Tested on: Avira Antivirus 15.0.21.86 in Windows 7 Vendor : https://www.avira.com/ Disclosure Timeline: 2016-06-28 - Reported to Vendor through...

Avira Antivirus 15.0.21.86 - .zip Directory Traversal Command Execution

Avira Antivirus 15.0.21.86 - .zip Directory Traversal Command Execution Title : Avira Antivirus = 15.0.21.86 Command Execution SYSTEM Date : 08/11/2016 Author : R-73eN Tested on: Avira Antivirus 15.0.21.86 in Windows 7 Vendor : https://www.avira.com/ Disclosure Timeline: 2016-06-28 - Reported to...

Avira Antivirus 15.0.21.86 - '.zip' Directory Traversal / Command Execution

Title : Avira Antivirus = 15.0.21.86 Command Execution SYSTEM Date : 08/11/2016 Author : R-73eN Tested on: Avira Antivirus 15.0.21.86 in Windows 7 Vendor : https://www.avira.com/ Disclosure Timeline: 2016-06-28 - Reported to Vendor through Bugcrowd. 2016-06-29 - Vendor Replied. 2016-07-05 - Vendo...

Facebook Fixes Vulnerability That Led to Account Takeover, Pays Researcher $16K

Facebook quickly resolved a vulnerability in its Business Manager tool late last month that could have let an attacker take over any Facebook page. Arun Sureshkumar, a security researcher in India, disclosed the vulnerability Aug. 29; a member of Facebook’s security team, Neal Poole, informed him...

Fiat Chrysler Launches Bug Bounty with $1.5K Payout Cap

Hacking Jeeps is about to get a lot more competitive. That’s because Jeep maker Fiat Chrysler Automobiles has launched a bug bounty program in conjunction with Bugcrowd that will payout as much as $1,500 per bug. Fiat Chrysler, the world’s No. 7 automaker, claims it will be the first Detroit...

Bugcrowd Persistent Script Injection / Filter Bypass

Document Title: =============== Bugcrowd Bug Bounty 7 - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1830 ID: b40f63ed19074014df808599e44684f6a18bb6f4f51cf21948ef78df2f56c13b Release Date: ============= 2016-05-10...

Bugcrowd Bug Bounty #7 - Persistent Web Vulnerability

Document Title: =============== Bugcrowd Bug Bounty 7 - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1830 ID: b40f63ed19074014df808599e44684f6a18bb6f4f51cf21948ef78df2f56c13b Release Date: ============= 2016-05-10...

Bugcrowd Bug Bounty #7 - Persistent Web Vulnerability

Document Title: =============== Bugcrowd Bug Bounty 7 - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1830 ID: b40f63ed19074014df808599e44684f6a18bb6f4f51cf21948ef78df2f56c13b Release Date: ============= 2016-05-09...

ownCloud: owncloud.help: Text Injection

Hello i want to report a text injection and a missconfiguration of the 404 page which can be used in phishing Text injection can be used in phishing 404 page should not include attacker text The bug exists at :...

Drupal 8.0.0 Beta 14 Cross Site Scripting Vulnerability

Drupal version 8.0.0 Beta 14 suffers from a cross site scripting vulnerability. Drupal's sad fix was to simply throw an .htaccess file in place to block access to the file. Overview Recently, I was playing around with the Drupal CMS application code. Drupal is an open source CMS application widel...

Pinterest Fixes Validation Vulnerability in API

Pinterest recently fixed an issue in the API of its web app that could have allowed remote attackers to compromise emails and carry out session hijacking and phishing attacks. Vulnerability Lab researcher Benjamin Kunz Mejri discovered the issue, which is a persistent mail encoding and validation...

Burp Suite Tutorial

Ребята из bugcrowd начали записывать видео-руководство по использованию программы Burp Suite Видео ENG: Hacking with Burp Suite - Tutorial 1 Вопросы по курсу...

Non-Nexus Devices and the Android Security Rewards Program

Google’s decision to limit its Android Security Rewards program to newer Nexus devices clearly puts the Google phones on the top tier of secure mobile devices. It also could ultimately have the effect of putting non-Nexus devices in the line of fire. For now, limiting the rewards program to Nexus...

Wassenaar, Bug Bounties and Vulnerability Rewards Programs

Bug bounties have gone from novelty to necessity, not only for enterprises looking to take advantage of the skills of an organized pool of vulnerability hunters, but also for a slew of independent researchers who make a living contributing to various vendor and independent bounty and reward...

Tesla Motors Starts Bug Bounty--But Not For Its Cars

Tesla Motors has started a bug bounty program that will pay researchers up to $1,000 for disclosing vulnerabilities. However, the rewards don’t apply to bugs found in the company’s vehicles. The program’s scope is quite narrow, with only the main teslamotors.com domain and other domains owned by...

Aruba ClearPass Policy Manager Stored XSS Vulnerability

Exploit for php platform in category web applications =============================================================================== title: ClearPass Policy Manager Stored XSS case id: CM-2014-01 product: Aruba ClearPass Policy Manager vulnerability type: Stored cross-site script severity: Mediu...