Hall Of Fame

Here is the list of the individuals and organizations that explicitly helped us in improving the security of the EU Institutions, Agencies, and Bodies by reporting security issues and vulnerabilities discovered. Anybody interested in reporting, should read the CERT-EU Responsible Disclosure Policy first.


Sweepatic (info@sweepatic.com, https://www.sweepatic.com, @sweepatic)

Reported a subdomain takeover

  Monday, December 4, 2017 2:04:00 PM CET

Yassine Nafiai (www.facebook.com/yassine.nafiai.1 | twitter.com/YNafiai)

Reported multiple vulnerabilities.

  Monday, November 20, 2017 9:00:00 AM CET

Suresh Narvaneni (https://www.linkedin.com/in/mrreboot/)

Reported a server misconfiguration which allows files and folders enumeration in the server side.

  Tuesday, October 31, 2017 11:17:00 AM CET

Chandrashekar Masapaka (https://www.facebook.com/Chandrashekar.Mas)

Reported a SQL injection vulnerability

  Monday, October 30, 2017 6:25:00 PM CET

Lacroute Serge (https://twitter.com/fakessh)

Reported an XSS vulnerability

  Monday, October 30, 2017 7:18:00 PM CET

Akash Labade (https://twitter.com/AkashLabde3, https://www.linkedin.com/in/akash-labade-9463a8111)

Reported a number of XSS vulnerabilities

  Monday, October 30, 2017 6:22:00 PM CET

Rohit Dalvi Twitter :- twitter.com/dalvia62

Reported a XSS vulnerability

  Wednesday, October 18, 2017 5:04:00 PM CEST

Aamir Rehman Yousafzai Lead Penetration Tester @ JAZZ HQ Islamabad. fb: https://web.facebook.com/yousafzian2

Reported an number of vulnerabilities (FPD, application)

  Wednesday, October 18, 2017 5:00:00 PM CEST

Himanshu rahi <hunny.rahi55@gmail.com>

Reported an XSS vulnerability which allows account take over.

  Thursday, September 28, 2017 3:20:00 PM CEST

SHWETABH SUMAN ( @SHWETABHSUMAN11 ) - https://www.facebook.com/profile.php?id=100011024580051

Reported a Cross-Site Script (XSS) vulnerability.

  Thursday, September 28, 2017 3:19:00 PM CEST

Lewis, https://twitter.com/LewisBugBounty

Reported a number of XSS vulnerabilities

  Thursday, September 28, 2017 11:15:00 AM CEST

Athul Jayaram (@athuljayaram) - https://www.linkedin.com/in/athuljayaram - http://athuljayaram.com

Reported several misconfigurations and information disclosure vulnerabilities

  Friday, September 15, 2017 6:04:00 PM CEST

SHWETABH SUMAN ( @SHWETABHSUMAN11 ) - https://www.facebook.com/profile.php?id=100011024580051

Reported a link injection vulnerability

  Friday, September 15, 2017 6:01:00 PM CEST

MOHAMMED ADEL - https://www.facebook.com/xXalreshyxX

Reported an Open Redirection and an Authentication Bypass Vulnerabilities.

  Thursday, September 14, 2017 5:20:00 PM CEST

Akshay Prashant Borase <mr.akshayborase@gmail.com>

Reported a Cross-Site Script (XSS) vulnerability

  Tuesday, August 29, 2017 10:03:00 AM CEST

Zvi Dolgov ENGINEER, NETWORK CONSULTING zdolgov@cisco.com

Reported a Cross-Site Script (XSS) vulnerability

  Tuesday, August 29, 2017 9:56:00 AM CEST

Piyush Soni

Reported a Cross-Site Script (XSS) vulnerability

  Wednesday, August 23, 2017 2:28:00 PM CEST

Sajibe Kanti - @Sajibekantibd

Reported a Cross-Site Script (XSS) vulnerability

  Wednesday, August 23, 2017 2:21:00 PM CEST

Zvi Dolgov

Reported a Cross-Site Script (XSS) vulnerability

  Thursday, August 17, 2017 2:04:00 PM CEST

İsmail BÜLBÜL (Uluslararası Siber Güvenlik Federasyonu - www.usgf.org.tr)

Reported a Cross-Site Script (XSS) vulnerability and Time-based SQL injection

  Thursday, August 17, 2017 2:01:00 PM CEST

Luigi Gubello - twitter.com/1005458

Reported a number of Cross-Site Script (XSS) Vulnerabilities

  Monday, July 3, 2017 3:43:00 PM CEST

Vasim Shaikh - https://www.linkedin.com/in/vasim-shaikh-094507110?trk=hp-identity-name

Reported a Cross-Site Script (XSS) vulnerability

  Wednesday, July 12, 2017 4:32:00 PM CEST

Richard Alviarez (@Queseguridad)

Reported a number of Cross-Site Script (XSS) Vulnerabilities

  Wednesday, July 5, 2017 2:08:00 PM CEST

Tansel ÇETIN

Reported a Cross-Site Script (XSS) vulnerability

  Tuesday, June 20, 2017 3:23:00 PM CEST

Silvia Väli (https://www.clarifiedsecurity.com/silvia-vali/)

Reported a Cross-Site Script (XSS) vulnerability

  Tuesday, June 20, 2017 8:52:00 AM CEST

Cameron Dawe

Reported a number of Cross-Site Script (XSS) Vulnerabilities

  Tuesday, May 31, 2016 4:59:00 PM CEST

Wen Bin KONG - (@kongwenbin - https://linkedin.com/in/kongwenbin)

Reported Content injection and Insecure Captcha Implementation vulnerabilities

  Friday, June 9, 2017 7:09:00 PM CEST

Martin Thirup Christensen - https://twitter.com/Mthirup

Reported Cross Site Scripting vulnerability.

  Wednesday, June 7, 2017 2:24:00 PM CEST

Liam Somerville - https://www.linkedin.com/in/liamsomerville/

Reported a XSS vulnerabilty.

  Tuesday, May 23, 2017 3:30:00 PM CEST

Steven (@Keritzy)

Reported a XSS and an Information Disclosure vulnerabilities.

  Monday, May 22, 2017 4:50:00 PM CEST

Anti Räis - Clarified Security

Reported several Cross-Site Scripting (XSS) Vulnerabilities

  Friday, June 17, 2016 4:34:00 PM CEST

Sadik Shaikh - https://www.extremehacking.org

Reported a Full Path Disclosure vulnerability

  Monday, May 22, 2017 4:27:00 PM CEST

Dardan Prebreza

Reported various vulnerabilities

  Friday, May 12, 2017 2:47:00 PM CEST

Florian Charbonneau - https://twitter.com/DrStache_

Reported several XSS vulnerabilities.

  Monday, May 22, 2017 4:31:00 PM CEST

Nitesh Sharma - https://www.linkedin.com/in/niteshusharma

Reported a cookie based XSS

  Monday, May 8, 2017 3:42:00 PM CEST

Adesh Nandkishor Kolte facebook.com/kolteadesh

Reported a number of XSS vulnerabilities

  Thursday, December 15, 2016 1:26:00 PM CET

Harsh Joshi https://www.facebook.com/harshjoshi.85

Reported a XSS vulnerability

  Friday, April 28, 2017 10:16:00 AM CEST

Doğukan Karaciğer https://twitter.com/ <https://twitter.com/Karacigerdogu>

Reported a number of XSS vulnerabilities

  Friday, April 28, 2017 2:31:00 PM CEST

Sadik Shaikh https://www.extremehacking.org

Reported an HTML injection

  Friday, April 28, 2017 9:36:00 AM CEST

Jolan Saluria

Reported an open redirect

  Wednesday, April 26, 2017 4:56:00 PM CEST

Fidan Hakaj - (@fdnhkj - https://www.linkedin.com/in/fidan-hakaj/)

Reported a critical vulnerability

  Wednesday, April 26, 2017 7:58:00 AM CEST

Damian Ebelties

Reported a Full Path Disclosure and Cross-Site Script (XSS) Vulnerabilities

  Tuesday, May 31, 2016 5:08:00 PM CEST

CDL (@sxcurity of Project Insecurity - https://insecurity.zone/)

Reported a XSS vulnerability

  Monday, April 24, 2017 5:07:00 PM CEST

Alyssa Herrera (https://www.linkedin.com/in/Alyssa-O-Herrera)

Reported a XSS and several software outdated version vulnerabilities

  Monday, April 24, 2017 4:57:00 PM CEST

Vipin Chaudhary (@vipinxsec )

Reported XSS Vulnerability

  Monday, April 24, 2017 4:53:00 PM CEST

Nagaraju Repala (@nagarockshard)

Reported a Cross-Site Scripting (XSS) vulnerability

  Monday, April 24, 2017 4:20:00 PM CEST

Konduru Jashwanth

Reported a XSS vulnerability

  Monday, April 24, 2017 4:21:00 PM CEST

Lewis Wildgoose (@LewisWildgoose)

Reported several Cross-Site Scripting (XSS) vulnerabilities

  Friday, April 14, 2017 1:54:00 PM CEST

David Castro (SadFud) - https://www.linkedin.com/in/david-castro-valdeolmillos-a0048311a/

Reported SQL injection vulnerability (SQLi) and Cross-Site Scripting vulnerability (XSS)

  Wednesday, April 12, 2017 10:57:00 AM CEST

Hamit Abiş

Reported SQL injection vulnerability

  Thursday, April 6, 2017 2:29:00 PM CEST

Robert Wiggins - https://xsses.rocks/blog/

Reported several Cross-Site Scripting (XSS) vulnerabilities

  Thursday, April 6, 2017 11:16:00 AM CEST

Cem Onat Karagün (@cemonatk)

Reported a Cross-Site Scripting (XSS) vulnerability

  Thursday, April 6, 2017 11:15:00 AM CEST

Sander Van Dooren

Reported a Cross-Site Scripting (XSS) vulnerability

  Monday, February 20, 2017 4:23:00 PM CET

Amine Hm (facebook.com/AMiN3.HM)

Reported SQL injection and Cross-Site Scripting (XSS) Vulnerabilities

  Tuesday, August 16, 2016 3:57:00 PM CEST

Honc - honcbb@gmail.com

Reported an Information Disclosure and a number of Cross-Site Scripting (XSS) vulnerabilities

  Thursday, January 12, 2017 5:31:00 PM CET

Anas Laabab - @ANAS_L44B4B

Reported a XSS vulnerability

  Thursday, December 15, 2016 2:05:00 PM CET

Suhas Gaikwad

Reported a XSS vulnerability

  Thursday, December 15, 2016 8:17:00 AM CET

Marko Belzetski of Clarified Security

Reported multiple reflected HTML injections.

  Wednesday, December 14, 2016 8:26:00 AM CET

Sreedeep.Ck Alavil Kerala Police Cyber Dome Volunteers Commander www.facebook.com/Hacker.Sreedeep.Ck

Reported a XSS vulnerability

  Wednesday, December 14, 2016 8:29:00 AM CET

Vishal Shukla https://www.facebook.com/shukla304

Reported a XSS vulnerability

  Wednesday, December 14, 2016 8:32:00 AM CET

Alec Blance (blancealec1@gmail.com) www.facebook.com/alec.blance

Reported a XSS Vulnerability

  Friday, December 2, 2016 3:02:00 PM CET

SaifAllah benMassaoud « FB/WhiteHatSecuri & @benmassaou »

Reported a number of Cross-Site Scripting (XSS) and Active Content Attacks

  Friday, December 2, 2016 3:01:00 PM CET

Evan Ricafort (@evanricafort) www.evanricafort.com

Reported a XSS vulnerability

  Wednesday, November 23, 2016 4:51:00 PM CET

Md. Nur A Alam Dipu (depu1994@gmail.com)

Reported a XSS vulnerabiliity

  Friday, November 18, 2016 8:57:00 AM CET

Taavi Sonets (taavi@clarifiedsecurity.com) CLARIFIEDSECURITY

Reported a XSS vulnerability.

  Monday, December 5, 2016 10:26:00 AM CET

Nirmal Thapa (twitter.com/nirmal_4n_)

XSS and CSRF vulnerabiliites

  Tuesday, November 15, 2016 10:25:00 AM CET

Aamir Rehman Lead Penetration Tester @Mobilink HQ Islamabad. fb: https://web.facebook.com/yousafzian2

Reported a number of Cross-Site Scripting (XSS) Vulnerabilities

  Monday, November 14, 2016 3:19:00 PM CET

Vishal Shukla https://www.facebook.com/shukla304

Reported a XSS vulnerability

  Wednesday, December 14, 2016 8:31:00 AM CET

Elar Lang / Clarified Security

Reported a number of Cross-Site Scripting (XSS), XML External Entity (XXE) and also some critical SQL injection Vulnerabilities

  Friday, June 10, 2016 11:53:00 AM CEST

Max Derrick (twitter.com/Max1noz)

XSS and Open redirect vulnerabiliites

  Monday, October 24, 2016 10:36:00 AM CEST

Mohd Aqeel Ahmed (www.fb.com/Ciph3r00t)

Reported a Remote Code Execution Vulnerability and a Weak Session Management Vulnerability

  Thursday, October 27, 2016 1:44:00 PM CEST

Raad Firas Haddad (Contact information : @raadfhaddad - raadfhaddad@gmail.com)

Reported Host Header Injection, Content Spoofing and Session Takeover vulnerabilities

  Friday, October 7, 2016 3:17:00 PM CEST

Jayson Vasquez Rubio

Reported Cross-Site Scripting (XSS) Vulnerabilities

  Monday, October 3, 2016 12:29:00 PM CEST

Antonio Cannito (ant.cannito[@]gmail.com - https://www.facebook.com/antonio.cannito.banzi)

Reported Cross-Site Scripting (XSS) and Open Redirect Vulnerabilities

  Monday, September 12, 2016 10:19:00 AM CEST

Squnity (squnity.com)

Reported several Cross-Site Scripting (XSS) Vulnerabilities

  Monday, August 22, 2016 4:33:00 PM CEST

Kyaw Thiha (https://www.linkedin.com/in/kyawthiha89)

Reported HTML Injection Vulnerability

  Thursday, August 18, 2016 1:39:00 PM CEST

Cristian Joseph D. Legacion - Web Security Researcher (https://www.facebook.com/cj.legacion10)

Reported Clickjacking Vulnerability

  Tuesday, August 16, 2016 3:24:00 PM CEST

Yassine Algangaf - Attack prevention mechanisms Reseacher and proof of concepts developer

Reported Cross-Site Scripting (XSS) Vulnerability

  Thursday, August 11, 2016 9:49:00 AM CEST

Karl Kristjan Raik - Clarified Security

Reported a number of Cross-Site Scripting (XSS) Vulnerabilities

  Tuesday, August 9, 2016 5:26:00 PM CEST

Georges Taupin - Security Consultant @Synetis (www.synetis.com)

Reported a number of DNS Zone Transfer Vulnerabilities

  Tuesday, August 9, 2016 12:01:00 PM CEST

Arbin Godar

Reported Cross-Site Scripting (XSS) Vulnerability

  Tuesday, August 9, 2016 11:53:00 AM CEST

Ahmad Amjad Alfoqha'a

Reported Cross-Site Scripting (XSS) and Information Disclosure vulnerabilities

  Wednesday, July 20, 2016 5:33:00 PM CEST

Mohamed Osman Saeed - DTS Solution

Reported LFI, misconfigurations and Cross-Site Scripting (XSS) Vulnerabilities

  Monday, July 18, 2016 6:01:00 PM CEST

Mert Tasci

Reported XSS Vulnerability

  Friday, July 15, 2016 10:09:00 AM CEST

Mohamed Abdelbaset Elnoby - Seekurity Inc.

Reported Clickjacking Vulnerability

  Friday, July 8, 2016 11:53:00 AM CEST

Jaanus Kääp

Reported XSS Vulnerability

  Wednesday, July 6, 2016 4:57:00 PM CEST

Mohammed Chamli - Government Laboratory

Reported Information Disclosure

  Wednesday, July 6, 2016 3:27:00 PM CEST

Ayoub Ait Elmokhtar

Reported XSS Vulnerability

  Monday, July 4, 2016 2:42:00 PM CEST

Fabien Dromas - Security Consultant @Synetis

Reported DNS Zone Transfer

  Friday, June 24, 2016 10:29:00 AM CEST

Adria Romero from Enxampat

Reported several vulnerabilities like SQL injections, Cross-Site Scripting (XSS), Open Redirects, Full path disclosure, Path traversal and more

  Monday, June 20, 2016 2:02:00 PM CEST

Rio Sherri (Infogen AL)

Reported a number of stored XSS and an unrestricted file upload vulnerability

  Monday, June 20, 2016 2:33:00 PM CEST

Yann CAM - Security Consultant @ASafety - Synetis

reported a XSS vulnerability

  Monday, June 20, 2016 2:34:00 PM CEST

Djaballah Mohamed Taher

Reported a number of SQL injection, XSS and directory traversal vulnerabilities

  Monday, June 20, 2016 2:42:00 PM CEST

Hamza Bachikh (Alhamdulillah) (@miZo_Rayk)

reported an XSS vulnerability

  Monday, June 20, 2016 2:56:00 PM CEST

Maximilian Kretschmer D.S.K Datensicherheit Kretschmer UG

Reported SQL Injections

  Friday, June 17, 2016 4:36:00 PM CEST

Michal Koczwara and Siavosh Zarrasvand

Reported XSS Vulnerabilities

  Friday, June 17, 2016 4:36:00 PM CEST

Ricardo Almeida

Reported XXE Vulnerability

  Friday, June 17, 2016 4:37:00 PM CEST

Ketankumar B. Godhani (@KBGodhani)

Reported ClickJacking vulnerability

  Monday, June 6, 2016 4:22:00 PM CEST

Benjamin Kunz Mejri

Reported SQL Injections

  Friday, June 3, 2016 12:01:00 PM CEST

Lawrence Amer from Vulnerability Lab (www.vulnerability-lab.com)

Reported Cross-Site Scripting (XSS) vulnerability

  Thursday, June 2, 2016 10:09:00 AM CEST

Jose Carlos Exposito Bueno from Internet Security Auditors

Reported a number of Cross-Site Script (XSS) Vulnerabilities and a SQL injection Vulnerability

  Wednesday, June 1, 2016 10:13:00 AM CEST

Marcin Szydlowski

Reported SQL Injection and XSS Vulnerabilities

  Tuesday, May 31, 2016 10:19:00 AM CEST

Vincent Malguy

Reported a Denial Of Service Vulnerability

  Tuesday, May 31, 2016 5:24:00 PM CEST

Florian Kunushevci

Reported a number of Cross-Site Script (XSS) Vulnerabilities and a Local File Inclusion Vulnerability

  Tuesday, May 31, 2016 5:32:00 PM CEST

Roberto Zanga

Reported Cross-Site Script (XSS) Vulnerability

  Tuesday, May 31, 2016 5:39:00 PM CEST

Rahul Kankrale

Reported XSS Vulnerability

  Thursday, May 26, 2016 10:34:00 AM CEST

Ahmed Adel Abdelfattah

Reported Information Leakage

  Thursday, May 19, 2016 10:34:00 AM CEST

Ali Tabish

Reported Clickjacking

  Thursday, May 19, 2016 10:36:00 AM CEST

Ahmet Omeroglu

Reported XSS Vulnerability

  Thursday, May 19, 2016 10:41:00 AM CEST

Mahmoud Abdal Azez

Reported Version Disclosure Vulnerability

  Thursday, May 19, 2016 2:01:00 PM CEST

Mustafa Hasan

Reported XSS vulnerability

  Thursday, May 12, 2016 3:39:00 PM CEST

Karol Celiński from Immunity Systems Sp. z o.o.

Reported Cross-Site Scripting (XSS) and other Vulnerabilities

  Thursday, May 12, 2016 3:13:00 PM CEST

BALAJI P R from infoseclabs.in

Reported Cross-Site Script (XSS) Vulnerability

  Thursday, May 12, 2016 3:42:00 PM CEST

Hadji Samir from Vulnerability Lab (www.vulnerability-lab.com)

Reported Cross-Site Scripting (XSS) vulnerabilities and a Version Disclosure vulnerability

  Thursday, May 12, 2016 3:46:00 PM CEST

Roy Jansen

Reported Cross-Site Scripting (XSS) vulnerability

  Monday, March 7, 2016 12:09:00 PM CET


CERT-EU Responsible Disclosure Policy

What to report to CERT-EU:

Security Incidents and Vulnerabilities, which occur in software components, protocols, or hardware of websites or systems of EU Institutions Agencies or Bodies, and may affect significant number of users and/or critical infrastructure.

Vulnerability reporting policy:

CERT-EU reserves the right to accept or reject any vulnerability disclosure report at its discretion, based on the following general criteria:

  1. Pre-disclosure handling of the potentially sensitive vulnerability details:
    • The vulnerability should have not already been publicly disclosed.
    • It is important to report the vulnerability as quickly as possible after its discovery.
    • Even after reporting the vulnerability, no information on the security problem should be shared with others until the incident has been processed and resolved. Failure to comply with this requirement may result in the reported being removed from the CERT-EU Hall of Fame.
  2. The vulnerability finding must be new and severe enough to be considered as eligible for a mention in the Hall of Fame of CERT-EU. The severity of a vulnerability finding is assessed by CERT-EU at its own discretion. CERT-EU reserves the right to reject reports of vulnerabilities, which have already been previously reported.

Vulnerability reporting instructions:

  • E-mail your findings to reports (at) cert.europa.eu.
  • Encrypt your email using the PGP key available on CERT-EU website
  • Provide as much information as possible regarding the finding, in order for CERT-EU to handle the incident as efficiently as possible.

If more information is required, CERT-EU will contact the reporter, therefore any contact details (email address and telephone number) should be valid.

If the previously mentioned conditions are satisfied, CERT-EU will proceed with notification to the impacted party. Once the issue has been fixed or no later than 3 months since the initial report, the reporter may be mentioned (at his own discretion) in the Hall of Fame of CERT-EU (this page) with a short description of the type of vulnerability reported.

Info

This website is managed by CERT-EU. Find out more about us.

 

 

For questions or comments, please contact us at:

email: cert-eu@ec.europa.eu

PGP Fingerprint:  D894 7318 0495 62AB 9DE8 41DC B3F8 FCC1 B607 5AB8

Emergency phone: +3222990005

 

 

Tools

Load latest edition

Sunday, December 17, 2017

4:56:00 AM CET

Subscribe
RSS
EMM for iPadEMM for Android

Edition

Edition: 1