| [MAGAZINE][HACKTIVITY][BUG BOUNTY]
Account [Registration]   Lab Role [Anonymous] Researcher: 565 Advisories: 686 Documents: 29 Videos: 127 Date: 31.10.2014 TZ: 05:01

[ Home ] [ Upcoming ] [ Mobile ] [ Vendor ] [ Web-Application ] [ Remote ] [ Local ] [ Websites ] [ Documents ] [ Videos ] [ ? ]

Submit to Vulnerability Lab - Advisories, Vulnerabilities, Exploits & PoC

The Vulnerability-Lab Security Team verifies security reports & vulnerabilities. Note that the policy of the laboratory can be changed without public user notify. Use the following information mask to submit security issues. Please fill in as much as possible to speed up the verify procedure.

*required -- Vulnerable Product(s):
*required -- Affected Version(s):
*required -- Vulnerability Typus:

*required -- Description:
*required -- Technical Details:

*required -- PoC or Exploitcode:
*required -- Author/Group:

*optional -- Vendor-URL:
*optional -- Product-URL:
*optional -- Demo-URL:
*optional -- Fix or Patch:

Note: The vulnerabilities will be published as advisory or bulletin with the following format as (Example)


Please, respect our submit Rules!

No issues with specific target exploitation or destructive live hacks, links/ips (censor it or don't send!)
Non
persistent vulnerabilities can just be published when the vendors service is very famous!
No
3'rd or 2'nd party publishment of advisories, videos, vulnerabilities & documents!
Bad
detailed vulnerabilities, papers, videos & advisories!
No
publishment of stolen, ripped or grabbed documents/advisories/vulnerabilities!
No website vulnerability submission. Only allowed for trusted core team of the labs with vendor coordination

What Vulnerability-Lab do with Issues (Vulnerabilities/Advisories)?

We verify the vulnerability & send the complete advisory to the product vendor. After the notification & the patch work around we drop the advisory as a stable reference with your own author credits. When a vulnerability have a specific & marked level we request CVE/CWE-ID for the authors & try to publish it over different news-sites, security appliance services, magazines, rss & dev-sites.

Secure Vulnerability Discovery Process Policy


We detect the following type of Vulnerabilities & Design flows

Note: Vulnerabilities (CVE)

Cross Site Scripting (Persistent) Vulnerabilities
Cross Site Request Forgery
Click-Jacking & Cam-Jacking
Unrestricted & unauthorized Local/Remote File Include
Directory Traversal / Path Traversal
Auth, Filter or Exception Bypass
SQL Injection & Blind SQL Injection
Input Validation Vulnerabilities (Persistent/Non-Persistent)
Stack / Buffer / Heap / Integer / Unicode -Overflows
Local/Remote Privilege Escalation
Format Strings
Memory Corruption
Division/Devide by Zer0 Bugs
Pointer Vulnerabilities (... Null Pointer, Access Violation, Read, Write ;)
Local/Remote Command Execution
Local/Remote Code Execution
Denial of Service & stable Firmware Freeze + Blocks
Information Leaking & Information Disclosure

Weak Algorythm, weak Encryption & weak Chiffre
Misconfiguration of OS, Systems & Applications
Structure & Design Errors/Flows
Kernel Panic / Black & Blue Screens
Stable Application- & Software- Crashs


Why you should publish 0day vulnerabilities in the Vulnerability-Lab?

You have stable + checked/secure public references with own credits or profile
Our team can help to verify vulnerabilities and security reports (advisory), presentations or security tests
We request CVE/CWE-ID from a pool & inform the vendor via encrypted exchange
Fresh lab news & team + partner mailinglist notification
Members(researcher/analysts) with publications get free access to the zero-day sections with ressources
Service is 24/7h remote available with Forum, IRC, Magazine, Dev-News, Laboratory & other modules
The role system of the V-Lab allows to give advanced researcher more access to issue details & lab services
Active researchers can also get free access to partner security events & private anonymous security meetings
The individual that identifies a vulnerability can be interact in the vendor communication & payment process
Stable payout, cash, rewards- & prize ceremony for commercial bugs & bug bounty

Note: We also organize a special benefit project for researchers, analysts, exploiters and security hackers.

Contact Details & Information

Submit to Vulnerability Research Team ... submit[A|T]vulnerability-lab.com
Encrypt Communication:
[ PGP KEY ]
Note: Only submit of vulnerabilities, 0day bugs or full advisory documents with resources

How can i earn clean and secure money with my vulnerabilities ?

We provide you fair benefits using the Vulnerability Lab for the disclosure and vendor communication processes. We charge 0% commission on the vendor's payment for vulnerabilities. The remaining 100% is your own payout. Please note that the percentage distribution of the benefits is after taxes following european (german) law. We provide you with the vendor communication & verifications of the payment to ensure that you will have the complete overview about the transactions in addition to ensuring just and reasonable business for every partner, analyst or researcher.

Questions & Information: support[A|T]vulnerability-lab.com

Payment Restrictions, Law Policy & Conditions!

No payments via westbank union transfer agency
No
debit cards with unofficial registered non-business account users
No
transfer of money to third party -mullies, -companies or -family members
No
payments via paypal, bitcoin wallet or online wire transfer
No
cashout researchers if the discovered issue or reward violates a manufacturer or vendor contratcs/signs

Note: We provide regular and official banking transfers only to registered verified international accounts.
Only under the above listed conditions we are able to cooperate and reward researchers with payments. The payment terms has been integrated & updated to prevent fraud, researcher ident theft & money laundering.

Next to a payment an in-depth examination have noticed researcher and individuals who act by negative undergo, spam or criminal activities. The laboratory infrastructure will not pay received credits to criminals, spammers, forcers or cheaters. The credit will be paid to a legal non-profit Oragnisation in the above case. Reason for the action are current conflicts of the security laws in Germany and the EU.

[ Search ] [ News ] [ Submit ] [ Stats ] [ Team ] [ Partner ] [ Talks & Workshop ] [ Subscribe ] [ Customer ] [ Contact ] [ Impressum ]


[Statistics] [Hacktivity] [October] 26 Critical: 3 High: 5 Medium: 18 Low: 0 Best Researcher: [Ehsan Vahab] Efficiency

© EVOLUTION SECURITY GmbH ™