31 matches found
Introducing the Microsoft AI Bug Bounty Program featuring the AI-powered Bing experience
Today at BlueHat we announced the new Microsoft AI bug bounty program with awards up to $15,000. This new bounty program features the AI-powered Bing experience as the first in scope product. The following products and integrations are eligible for bounty awards: AI-powered Bing experiences on...
Flashloan excess debt is not sent to user
Lines of code Vulnerability details Impact These vulnerabilities can have the following impacts: 1. Liquidators may lose their eligible funds due to missing transfers of excess debt assets. 2. Excess debt TR tokens could remain in the contract after LP.flashloan claim back borrowed funds, which c...
AirdropBroker.sol#L442 : _participatePhase3 - PHASE_3_AMOUNT_PER_USER should be multiplied by 1e18
Lines of code Vulnerability details Impact Incorrect eligibleAmount is minted to the user. Proof of Concept An eligible user can call the participatePhase3 function and mint the aToken to them. function participatePhase3 bytes calldata data internal returns uint256 oTAPTokenID uint256 tokenID =...
Expanding High Impact Scenario Awards for Microsoft Bug Bounty Programs
We are excited to announce the addition of scenario-based bounty awards to the Dynamics 365 and Power Platform Bounty Program and M365 Bounty Program. Through these new scenario-based bounty awards, we encourage researchers to focus their research on vulnerabilities that have the highest potentia...
Introducing Bounty Awards for Teams Mobile Applications Security Research
We are pleased to announce the addition of Microsoft Teams mobile applications to the Microsoft Applications Bounty Program. Through the expanded program we welcome researchers from across the globe to seek out and disclose any high impact security vulnerabilities they may find in Teams mobile...
Apple Opens Its Invite-Only Bug Bounty Program to All Researchers
As promised by Apple in August this year, the company today finally opened its bug bounty program to all security researchers, offering monetary rewards to anyone for reporting vulnerabilities in the iOS, macOS, watchOS, tvOS, iPadOS, and iCloud to the company. Since its launch three years ago,...
Practical advice for earning higher Microsoft bounty awards
This year at the Nullcon International Security Conference I shared practical advice for how security researchers can maximize the impact of their security vulnerability submissions and earn higher bounty awards under the Microsoft Bounty Program. For those who couldn’t be there, I had two core...
HackerOne: HackerOne Private Programs users disclosure and de-anonymous-ize
Hi HackerOne Team, I have found a bug in HackerOne Platform allows any attacker to deanonymousize any security researcher using the platform and the most wild usage is to disclose some information about this security researcher if he is invited to a private program or not. Unfortunately HackerOne...
ESUEditions_Server2012R2_08022022
Detetcoid that verifies if a machine has ESU eligible Editions...
ESUEditions_Win7_01032020
Detetcoid that verifies if a machine has ESU eligible Editions...
ESUEditions_Server2K8_2K8R2_01032020
Detectoid that evaluates to true for ESU eligible editions on Server 2008 and Server 2008 R2...