Submit to Vulnerability Lab - Advisories, Vulnerabilities, Exploits & PoC
The Vulnerability-Lab Security Team verifies submitted advisories & vulnerabilities. Note that the policy of the laboratory can be changed without public notifiation. Use the following information mask to submit security issues. Please fill in as much as possible to speed up the verification ...
*required -- Vulnerable Product(s):
*required -- Affected Version(s):
*required -- Vulnerability Typus:
*required -- Description:
*required -- Technical Details:
*required -- PoC or Exploitcode:
*required -- Author/Group:
*optional -- Vendor-URL:
*optional -- Product-URL:
*optional -- Demo-URL:
*optional -- Fix or Patch:
Note: The vulnerabilities will be published as advisory or bulletin with the following format as (Example)
Please, respect our submit Rules!
No issues with specific target exploitation or destructive live hacks, links/ips (censor it or don't send!)
Non persistent vulnerabilities can just be published when the vendors service is very famous!
No 3'rd or 2'nd party publishment of advisories, videos, vulnerabilities & documents!
Bad detailed vulnerabilities, papers, videos & advisories!
No publishment of stolen, ripped or grabbed documents/advisories/vulnerabilities!
No website vulnerability submission. Only allowed for trusted core team of the labs with vendor coordination
What Vulnerability-Lab do with Issues (Vulnerabilities/Advisories)?
We verify the vulnerability & send the complete advisory to the product vendor. After the notification & the patch work around we drop the advisory as a stable reference with your own author credits. When a vulnerability have a specific & marked level we request CVE/CWE-ID for the authors & try to publish it over different news-sites, security appliance services, magazines, rss & dev-sites.
Secure Vulnerability Discovery Process Policy
We detect the following type of Vulnerabilities & Design flows
Note: Vulnerabilities (CVE)
Cross Site Scripting (Persistent) Vulnerabilities
Cross Site Request Forgery
Click-Jacking & Cam-Jacking
Unrestricted & unauthorized Local/Remote File Include
Directory Traversal / Path Traversal
Auth, Filter or Exception Bypass
SQL Injection & Blind SQL Injection
Input Validation Vulnerabilities (Persistent/Non-Persistent)
Stack / Buffer / Heap / Integer / Unicode -Overflows
Local/Remote Privilege Escalation
Division/Devide by Zer0 Bugs
Pointer Vulnerabilities (... Null Pointer, Access Violation, Read, Write ;)
Local/Remote Command Execution
Local/Remote Code Execution
Denial of Service & stable Firmware Freeze + Blocks
Information Leaking & Information Disclosure
Weak Algorythm, weak Encryption & weak Chiffre
Misconfiguration of OS, Systems & Applications
Structure & Design Errors/Flows
Kernel Panic / Black & Blue Screens
Stable Application- & Software- Crashs
Why you should publish 0day vulnerabilities in the Vulnerability-Lab?
You have stable + checked/secure public references with own credits or profile
Our team can help on vulnerability/advisory verification, presentations or security tests
We request CVE/CWE-ID from a pool & inform the vendor on a secure base via encrypted exchange
Fresh lab news & team + partner mailinglist notification
Members(researcher/analysts) with publications get free access to the zero-day sections with ressources
Service is 24/7h remote available with Forum, IRC, Blog, Dev-News & other modules
The role system of the V-Lab allows to give advanced researcher more access to issue details & lab services
Active researchers can also get free access to partner security events & private anonymous security meetings
The founder who identified a vulnerability can be involved in the vendor notification & payment process
Stable payout, cash, rewards- & prize ceremony for commercial bugs
Note: We also organize a special benefit project for researchers, analysts & exploiters and security hackers.
Contact Details & Information
Payment Restrictions, Law Policy & Conditions!
No payments via westbank union transfer agency
No debit cards with unofficial registered non-business account users
No transfer of money to third party -mullies, -companies or -family members
No payments via paypal, bitcoin wallet or online wire transfer
No cashout researchers if the discovered issue or reward violates a manufacturer or vendor contratcs/signs
Note: We provide regular and official banking transfers only to registered verified international accounts.
Only under the above listed conditions we are able to cooperate and reward researchers with payments. The payment terms has been integrated & updated to prevent fraud, researcher ident theft & money laundering.
Next to a payment an in-depth examination have noticed researcher and individuals who act by negative undergo, spam or criminal activities. The laboratory infrastructure will not pay received credits to criminals, spammers, forcers or cheaters. The credit will be paid to a legal non-profit Oragnisation in the above case. Reason for the action are current conflicts of the security laws in Germany and the EU.