[EXCLUSIVE PROGRAMS] [BUG BOUNTY LIST ] [HACKTIVITY] | |
Account [RegistrationRole [Anonymous] Researcher: 1118 Advisories: 914 Documents: 34 Videos: 179 Date: 01.10.2016 TZ: 15:46

[ Home ] [ Mobile ] [ Vendor ] [ Web-Application ] [ Remote ] [ Local ] [ Websites ] [ Documents ] [ Videos ] [ Search ] [ FAQ ]

Submit to Vulnerability Labs - Advisories, Zero-Day Vulnerabilities, Exploits & PoC

Welcome to the submission guidelines page of the vulnerability labs. The vulnerability laboratory security team verifies security reports & zero-day vulnerabilities. Note that the policy of the laboratory can be changed without public user notify. Researchers can use the following information lines to submit own security issues. Please fill in as much information as possible to speed up the security analysis, vulnerability verification or reproduce procedure.

*required -- Vulnerable Product(s):
*required -- Affected Version(s):
*required -- Vulnerability Typus:

*required -- Description:
*required -- Technical Details:

*required -- PoC or Exploitcode:
*required -- Author/Group:

*optional -- Vendor-URL:
*optional -- Product-URL:
*optional -- Demo-URL:
*optional -- Fix or Patch:

Note: The vulnerabilities will be published as advisory or bulletin with the following format as (Example)


Please, Respect the official Rules of Submission

No issues with specific target exploitation or destructive live hacks, links/ips (censor it or don't send!)
Non
client-side vulnerabilities can only be published when the manufacturer service or firm is popular
No
3'rd or 2'nd party publishment of advisories, videos, vulnerabilities & documents
Bad
detailed vulnerabilities, security papers, security videos & security advisories or buletins
No
publishment of stolen, ripped or grabbed documents, advisories, vulnerabilities details
No website vulnerability submission. Only allowed for trusted and verified core team members

What Vulnerability-Lab do with Issues (Vulnerabilities/Advisories)?

We verify the vulnerability & send the complete advisory to the product manufacturer or vendor. We publish the advisory report or vulnerability as a stable reference with your author credentials, after the vendor notify & development team patch. When a vulnerability has a specific level of severity, we request the CVE-ID or CWE-ID for the authors. After that we do attach the reference information with ids and links to the undisclosed advisory. Then we process to publish the vulnerability or report by usage of different news-sites, partner-portals, security appliance services, magazines, rss feeds & dev communities..

Secure Vulnerability Discovery Process Policy


We detect the following type of vulnerabilities ...

Note: Vulnerabilities (CVE)

Cross Site Scripting (Persistent) Vulnerabilities
Cross Site Request Forgery
Click-Jacking & Cam-Jacking
Unrestricted & unauthorized Local/Remote File Include
Directory Traversal / Path Traversal
Auth, Filter or Exception Bypass
SQL Injection & Blind SQL Injection
Input Validation Vulnerabilities (Persistent/Non-Persistent)
Stack / Buffer / Heap / Integer / Unicode -Overflows
Local/Remote Privilege Escalation
Format Strings
Memory Corruption
Division/Devide by zero bugs & vulnerabilities
Pointer Vulnerabilities (Null Pointer, Access Violation, Read, Write)
Local/Remote Command Execution
Local/Remote Code Execution
Denial of Service - Firmware Freeze, Service Blocks or Shutdown
Information Leaking & Information Disclosure

Weak Algorythm, weak Encryption & weak Chiffre
Misconfiguration of OS, Systems & Applications
Structure & Design Errors/Flows
Kernel Panic / Black & Blue Screens
Stable Application- & Software- Crashs

In the following available issue classes ...

Web Application Vulnerabilities (Open Source) (Remote)
Web Application Vulnerabilities (Closed Source) (Remote)
Web Application Online Services Vulnerabilities (Remote)

Local Software Vulnerabilities (Open Source) (Windows & Linux)
Local Software Vulnerabilities (Closed Source)(Windows & Linux)
Local OS Vulnerabilities (Closed Source) (Windows)
Local Kernel Vulnerabilities (Open Source) (Linux)
Local Device & Controls Vulnerabilities (Hardware)

Remote Software Vulnerabilities (Open Source)
Remote Software Vulnerabilities (Closed Source)
Remote OS Vulnerabilities (Closed Source) (Windows)
Remote Kernel Vulnerabilities (Open Source) (Linux)
Remote Device & Controls Vulnerabilities (Hardware)

Why you should publish zero-day vulnerabilities in the Vulnerability-Lab?

- Researchers can store a stable public reference profile with own credits or credentials
- The core team can help researchers to verify vulnerabilities in security reports (advisories) or analysis
- We request CVE/CWE-ID or other tracking ids from a pool
- Our core team informs the vendor via encrypted communication for a secure exchange of details
- Representative and responsible team and partners with active mailinglist news notify
- Service is 24/7h remote available - IRC, Magazine, Lab-News, Hacktivity, Programs & other modules
- The role system of the lab allows to give advanced researcher more access to issue details & services
- Active researchers can also get free access to partner security events & private security meetings
- The individual that identifies a vulnerability can interact in the vendor communication & payment process
- Stable payouts, valuable prizes, commercial rewards- & award nomination ceremony for bug bounties

Note: We also do organize a special benefit project with a shared monitoring database for active core team members, security researchers and as well our daily customers or clients.

Contact Details & Information

Submit to Vulnerability Research Team ... Submit Vulnerability
Encrypt Communication: PGP KEY


Note: Please submit only individual zero-day vulnerabilities, non-disclosed bugs or full advisory documents with resources for analysis or preview.

How can i earn clean and secure money with my reported vulnerabilities?

We provide you as researcher fair benefits using the vulnerability lab for the disclosure and vendor communication processes. We charge 0% commission on the vendors or manufacturers payment for zero-day vulnerabilities. The remaining 100% is your own personal payout as individual. Please note that the percentage distribution of the benefits is after taxes following european (german) law. We are able to provide security researchers with the full manufacturer communication & verify details during the payment-cycle. This process is available to ensure, that you will have the complete transparent overview about the transactions and communication, in addition to just personal ensure a clean process and of course a reasonable business for every partner, analyst or researcher.

Questions & Information: Support Team

Payment Process Restrictions, Law Policy & Conditions

We provide regular and banking transfers only to registered verified international accounts. We are able to cooperate and reward researchers with payments only under the below listed conditions. The payment terms and process has been integrated to prevent fraud, researcher ident theft & money laundering.

No payments via westbank union transfer agency
No
debit cards with unofficial registered non-business account users
No
transfer of money to third party -mullies, -companies or -family members
No
payments via paypal, bitcoin wallet or online wire transfer
No
cashout for researchers that do violate a manufacturer or vendor contratcs/signs

Next to a payment an in-depth examination have noticed researcher and individuals who act by negative undergo, spam or criminal activities. The laboratory infrastructure will not pay received credits to criminals, spammers, forcers or cheaters. The credit will be paid to a legal non-profit oragnization in the case above. Reason for the action are current conflicts of the laws in germany and the european union.


[MAGAZINE] [CHAT] [October] 0 Critical: 0 High: 0 Medium: 0 Low: 0 Best Researcher: [ZwX] Threat:

© EVOLUTION SECURITY GmbH ™