| | | [FORUM] [NEWS] [VIDEO]
Account [Registration]   Role [Anonymous] Researcher: 232 Advisories: 322 Documents: 17 Videos: 65 Date: 18.05.2012 TZ: 22:41

[ Home ] [ Upcoming ] [ Web-Application ] [ Vendor ] [ Remote ] [ Local ] [ Mobile ] [ Websites ] [ Documents ] [ Videos ] [ ? ]

Submit to Vulnerability Lab - Advisories, Vulnerabilities, Exploits & PoC

The Vulnerability-Lab Security Team verifies submitted advisories & vulnerabilities. Use the following information mask to submit security issues. Please fill in as much as possible to speed up the verification ...

*required -- Vulnerable Product(s):
*required -- Affected Version(s):
*required -- Vulnerability Typus:

*required -- Description:
*required -- Technical Details:

*required -- PoC or Exploitcode:
*required -- Author/Group:

*optional -- Vendor-URL:
*optional -- Product-URL:
*optional -- Demo-URL:
*optional -- Fix or Patch:

Notice: The published advisories got droped in the following format ... (Example)


Please, respect our submit Rules

No issues with specific target exploitation or destructive live hacks, links/ips (censor it or don't send!)
Non persistent vulnerabilities can just be published when the vendors service is very famous!
No 3'rd or 2'nd party publishment of advisories, videos, vulnerabilities & documents!
Bad detailed Vulnerabilities, Papers, Videos & Advisories!
No publishment of stolen, ripped or grabbed Documents/Advisories/Vulnerabilities!
No website vulnerability submission. Only allowed for trusted core team of the labs with vendor coordination

What Vulnerability-Lab do with Issues (Vulnerabilities/Advisories)?

We verify the vulnerability & send the complete advisory to the product vendor. After the notification & the patch work around we drop the advisory as a stable reference with your own author credits. When a vulnerability have a specific & marked level we request CVE/CWE-ID for the authors & try to publish it over different news-sites, security appliance services, magazines, rss & dev-sites.

Secure Vulnerability Discovery Process Policy

Notice: A vendor has ever the option to disallow the vulnerability release. We can also restrict specific information on discovered vulnerabilities to protect the vendor companies.


We detect the following type of Vulnerabilities & Design flows

Notice: Vulnerabilities (CVE|CWE)
Cross Site Scripting (Persistent) Vulnerabilities
Cross Site Request Forgery
Click-Jacking & Cam-Jacking
Unrestricted & unauthorized Local/Remote File Include
Directory Traversal / Path Traversal
Auth, Filter or Exception Bypass
SQL Injection & Blind SQL Injection
Input Validation Vulnerabilities (Persistent/Non-Persistent)
Stack / Buffer / Heap / Integer / Unicode -Overflows
Local/Remote Privilege Escalation
Format Strings
Memory Corruption
Division/Devide by Zer0 Bugs
Pointer Vulnerabilities (... Null Pointer, Access Violation, Read, Write ;)
Local/Remote Command Execution
Local/Remote Code Execution
Denial of Service & stable Firmware Freeze + Blocks
Information Leaking & Information Disclosure

Weak Algorythm, weak Encryption & weak Chiffre
Misconfiguration of OS, Systems & Applications
Structure & Design Errors/Flows
Kernel Panic / Black & Blue Screens
Stable Application- & Software- Crashs


Why you should publish Vulnerabilities on our Vulnerability-Lab?

You have stable + checked/secure public references with own credits or profile
Our team can help on vulnerability/advisory verification, presentations or security tests
We request CVE/CWE-ID from a pool & inform the vendor on a secure base via encrypted exchange
Fresh lab news & team + partner mailinglist notification
Members(researcher/analysts) with publications get free access to the zero-day sections with ressources
Service is 24/7h remote available with Forum, IRC, Blog, Dev-News & other Modules
The role system of the V-Lab allows to give advanced researcher more access to issue details & lab services
Active researchers can also get free access to partner security events & private anonymous security meetings
The founder who identified a vulnerability can be involved in the vendor notification & payment process
Stable payout, awards- & prize ceremony for commercial bugs

Notice: We also work on a special benefit project for researchers, analysts & hackers out there!

Contact Details & Information

Submit to Vulnerability Research Team ... submit[at]vulnerability-lab.com
Key 4 Encryption: [ PGP ]
Notice: Verification, Publication of Vulnerabilities & Advisory Management
[ Search ] [ News ] [ Submit ] [ Reward ] [ Stats ] [ Team ] [ Partner ] [ Subscribe ] [ Customer ] [ Contact ] [ Impressum ] [ Dev ]


Advisories [May]: 24 Critical: 9 High: 7 Medium: 8 Low: 0 Best Researcher [the storm] Productivity: