CERT-EU News Monitor

HallOfFame

Hall Of Fame

Here is the list of the individuals and organizations that explicitly helped us in improving the security of the EU Institutions, Agencies, and Bodies by reporting security issues and vulnerabilities discovered. Anybody interested in reporting, should read the CERT-EU Responsible Disclosure Policy first.

Tansel ÇETIN

Reported a Cross-Site Script (XSS) vulnerability

Tuesday, June 20, 2017 3:23:00 PM CEST

Silvia Väli (https://www.clarifiedsecurity.com/silvia-vali/)

Reported a Cross-Site Script (XSS) vulnerability

Tuesday, June 20, 2017 8:52:00 AM CEST

Cameron Dawe

Reported a number of Cross-Site Script (XSS) Vulnerabilities

Tuesday, May 31, 2016 4:59:00 PM CEST

Wen Bin KONG - (@kongwenbin - https://linkedin.com/in/kongwenbin)

Reported Content injection and Insecure Captcha Implementation vulnerabilities

Friday, June 9, 2017 7:09:00 PM CEST

Martin Thirup Christensen - https://twitter.com/Mthirup

Reported Cross Site Scripting vulnerability.

Wednesday, June 7, 2017 2:24:00 PM CEST

Liam Somerville - https://www.linkedin.com/in/liamsomerville/

Reported a XSS vulnerabilty.

Tuesday, May 23, 2017 3:30:00 PM CEST

Steven (@Keritzy)

Reported a XSS and an Information Disclosure vulnerabilities.

Monday, May 22, 2017 4:50:00 PM CEST

Anti Räis - Clarified Security

Reported several Cross-Site Scripting (XSS) Vulnerabilities

Friday, June 17, 2016 4:34:00 PM CEST

Sadik Shaikh - https://www.extremehacking.org

Reported a Full Path Disclosure vulnerability

Monday, May 22, 2017 4:27:00 PM CEST

Dardan Prebreza

Reported various vulnerabilities

Friday, May 12, 2017 2:47:00 PM CEST

Florian Charbonneau - https://twitter.com/DrStache_

Reported several XSS vulnerabilities.

Monday, May 22, 2017 4:31:00 PM CEST

Nitesh Sharma - https://www.linkedin.com/in/niteshusharma

Reported a cookie based XSS

Monday, May 8, 2017 3:42:00 PM CEST

Adesh Nandkishor Kolte facebook.com/kolteadesh

Reported a number of XSS vulnerabilities

Thursday, December 15, 2016 1:26:00 PM CET

Harsh Joshi https://www.facebook.com/harshjoshi.85

Reported a XSS vulnerability

Friday, April 28, 2017 10:16:00 AM CEST

Doğukan Karaciğer https://twitter.com/ <https://twitter.com/Karacigerdogu>

Reported a number of XSS vulnerabilities

Friday, April 28, 2017 2:31:00 PM CEST

Sadik Shaikh https://www.extremehacking.org

Reported an HTML injection

Friday, April 28, 2017 9:36:00 AM CEST

Jolan Saluria

Reported an open redirect

Wednesday, April 26, 2017 4:56:00 PM CEST

Fidan Hakaj - (@fdnhkj - https://www.linkedin.com/in/fidan-hakaj/)

Reported a critical vulnerability

Wednesday, April 26, 2017 7:58:00 AM CEST

Damian Ebelties

Reported a Full Path Disclosure and Cross-Site Script (XSS) Vulnerabilities

Tuesday, May 31, 2016 5:08:00 PM CEST

CDL (@sxcurity of Project Insecurity - https://insecurity.zone/)

Reported a XSS vulnerability

Monday, April 24, 2017 5:07:00 PM CEST

Alyssa Herrera (https://www.linkedin.com/in/Alyssa-O-Herrera)

Reported a XSS and several software outdated version vulnerabilities

Monday, April 24, 2017 4:57:00 PM CEST

Vipin Chaudhary (@vipinxsec )

Reported XSS Vulnerability

Monday, April 24, 2017 4:53:00 PM CEST

Nagaraju Repala (@nagarockshard)

Reported a Cross-Site Scripting (XSS) vulnerability

Monday, April 24, 2017 4:20:00 PM CEST

Konduru Jashwanth

Reported a XSS vulnerability

Monday, April 24, 2017 4:21:00 PM CEST

Lewis Wildgoose (@LewisWildgoose)

Reported several Cross-Site Scripting (XSS) vulnerabilities

Friday, April 14, 2017 1:54:00 PM CEST

David Castro (SadFud) - https://www.linkedin.com/in/david-castro-valdeolmillos-a0048311a/

Reported SQL injection vulnerability (SQLi) and Cross-Site Scripting vulnerability (XSS)

Wednesday, April 12, 2017 10:57:00 AM CEST

Hamit Abiş

Reported SQL injection vulnerability

Thursday, April 6, 2017 2:29:00 PM CEST

Robert Wiggins - https://xsses.rocks/blog/

Reported several Cross-Site Scripting (XSS) vulnerabilities

Thursday, April 6, 2017 11:16:00 AM CEST

Cem Onat Karagün (@cemonatk)

Reported a Cross-Site Scripting (XSS) vulnerability

Thursday, April 6, 2017 11:15:00 AM CEST

Sander Van Dooren

Reported a Cross-Site Scripting (XSS) vulnerability

Monday, February 20, 2017 4:23:00 PM CET

Amine Hm (facebook.com/AMiN3.HM)

Reported SQL injection and Cross-Site Scripting (XSS) Vulnerabilities

Tuesday, August 16, 2016 3:57:00 PM CEST

Honc - honcbb@gmail.com

Reported an Information Disclosure and a number of Cross-Site Scripting (XSS) vulnerabilities

Thursday, January 12, 2017 5:31:00 PM CET

Anas Laabab - @ANAS_L44B4B

Reported a XSS vulnerability

Thursday, December 15, 2016 2:05:00 PM CET

Suhas Gaikwad

Reported a XSS vulnerability

Thursday, December 15, 2016 8:17:00 AM CET

Marko Belzetski of Clarified Security

Reported multiple reflected HTML injections.

Wednesday, December 14, 2016 8:26:00 AM CET

Sreedeep.Ck Alavil Kerala Police Cyber Dome Volunteers Commander www.facebook.com/Hacker.Sreedeep.Ck

Reported a XSS vulnerability

Wednesday, December 14, 2016 8:29:00 AM CET

Vishal Shukla https://www.facebook.com/shukla304

Reported a XSS vulnerability

Wednesday, December 14, 2016 8:32:00 AM CET

Alec Blance (blancealec1@gmail.com) www.facebook.com/alec.blance

Reported a XSS Vulnerability

Friday, December 2, 2016 3:02:00 PM CET

SaifAllah benMassaoud « FB/WhiteHatSecuri & @benmassaou »

Reported a number of Cross-Site Scripting (XSS) and Active Content Attacks

Friday, December 2, 2016 3:01:00 PM CET

Evan Ricafort (@evanricafort) www.evanricafort.com

Reported a XSS vulnerability

Wednesday, November 23, 2016 4:51:00 PM CET

Md. Nur A Alam Dipu (depu1994@gmail.com)

Reported a XSS vulnerabiliity

Friday, November 18, 2016 8:57:00 AM CET

Taavi Sonets (taavi@clarifiedsecurity.com) CLARIFIEDSECURITY

Reported a XSS vulnerability.

Monday, December 5, 2016 10:26:00 AM CET

Nirmal Thapa (twitter.com/nirmal_4n_)

XSS and CSRF vulnerabiliites

Tuesday, November 15, 2016 10:25:00 AM CET

Aamir Rehman Lead Penetration Tester @Mobilink HQ Islamabad. fb: https://web.facebook.com/yousafzian2

Reported a number of Cross-Site Scripting (XSS) Vulnerabilities

Monday, November 14, 2016 3:19:00 PM CET

Vishal Shukla https://www.facebook.com/shukla304

Reported a XSS vulnerability

Wednesday, December 14, 2016 8:31:00 AM CET

Elar Lang / Clarified Security

Reported a number of Cross-Site Scripting (XSS), XML External Entity (XXE) and also some critical SQL injection Vulnerabilities

Friday, June 10, 2016 11:53:00 AM CEST

Max Derrick (twitter.com/Max1noz)

XSS and Open redirect vulnerabiliites

Monday, October 24, 2016 10:36:00 AM CEST

Mohd Aqeel Ahmed (www.fb.com/Ciph3r00t)

Reported a Remote Code Execution Vulnerability and a Weak Session Management Vulnerability

Thursday, October 27, 2016 1:44:00 PM CEST

Raad Firas Haddad (Contact information : @raadfhaddad - raadfhaddad@gmail.com)

Reported Host Header Injection, Content Spoofing and Session Takeover vulnerabilities

Friday, October 7, 2016 3:17:00 PM CEST

Jayson Vasquez Rubio

Reported Cross-Site Scripting (XSS) Vulnerabilities

Monday, October 3, 2016 12:29:00 PM CEST

Antonio Cannito (ant.cannito[@]gmail.com - https://www.facebook.com/antonio.cannito.banzi)

Reported Cross-Site Scripting (XSS) and Open Redirect Vulnerabilities

Monday, September 12, 2016 10:19:00 AM CEST

Squnity (squnity.com)

Reported several Cross-Site Scripting (XSS) Vulnerabilities

Monday, August 22, 2016 4:33:00 PM CEST

Kyaw Thiha (https://www.linkedin.com/in/kyawthiha89)

Reported HTML Injection Vulnerability

Thursday, August 18, 2016 1:39:00 PM CEST

Cristian Joseph D. Legacion - Web Security Researcher (https://www.facebook.com/cj.legacion10)

Reported Clickjacking Vulnerability

Tuesday, August 16, 2016 3:24:00 PM CEST

Yassine Algangaf - Attack prevention mechanisms Reseacher and proof of concepts developer

Reported Cross-Site Scripting (XSS) Vulnerability

Thursday, August 11, 2016 9:49:00 AM CEST

Karl Kristjan Raik - Clarified Security

Reported a number of Cross-Site Scripting (XSS) Vulnerabilities

Tuesday, August 9, 2016 5:26:00 PM CEST

Georges Taupin - Security Consultant @Synetis (www.synetis.com)

Reported a number of DNS Zone Transfer Vulnerabilities

Tuesday, August 9, 2016 12:01:00 PM CEST

Arbin Godar

Reported Cross-Site Scripting (XSS) Vulnerability

Tuesday, August 9, 2016 11:53:00 AM CEST

Ahmad Amjad Alfoqha'a

Reported Cross-Site Scripting (XSS) and Information Disclosure vulnerabilities

Wednesday, July 20, 2016 5:33:00 PM CEST

Mohamed Osman Saeed - DTS Solution

Reported LFI, misconfigurations and Cross-Site Scripting (XSS) Vulnerabilities

Monday, July 18, 2016 6:01:00 PM CEST

Mert Tasci

Reported XSS Vulnerability

Friday, July 15, 2016 10:09:00 AM CEST

Mohamed Abdelbaset Elnoby - Seekurity Inc.

Reported Clickjacking Vulnerability

Friday, July 8, 2016 11:53:00 AM CEST

Jaanus Kääp

Reported XSS Vulnerability

Wednesday, July 6, 2016 4:57:00 PM CEST

Mohammed Chamli - Government Laboratory

Reported Information Disclosure

Wednesday, July 6, 2016 3:27:00 PM CEST

Ayoub Ait Elmokhtar

Reported XSS Vulnerability

Monday, July 4, 2016 2:42:00 PM CEST

Fabien Dromas - Security Consultant @Synetis

Reported DNS Zone Transfer

Friday, June 24, 2016 10:29:00 AM CEST

Adria Romero from Enxampat

Reported several vulnerabilities like SQL injections, Cross-Site Scripting (XSS), Open Redirects, Full path disclosure, Path traversal and more

Monday, June 20, 2016 2:02:00 PM CEST

Rio Sherri (Infogen AL)

Reported a number of stored XSS and an unrestricted file upload vulnerability

Monday, June 20, 2016 2:33:00 PM CEST

Yann CAM - Security Consultant @ASafety - Synetis

reported a XSS vulnerability

Monday, June 20, 2016 2:34:00 PM CEST

Djaballah Mohamed Taher

Reported a number of SQL injection, XSS and directory traversal vulnerabilities

Monday, June 20, 2016 2:42:00 PM CEST

Hamza Bachikh (Alhamdulillah) (@miZo_Rayk)

reported an XSS vulnerability

Monday, June 20, 2016 2:56:00 PM CEST

Maximilian Kretschmer D.S.K Datensicherheit Kretschmer UG

Reported SQL Injections

Friday, June 17, 2016 4:36:00 PM CEST

Michal Koczwara and Siavosh Zarrasvand

Reported XSS Vulnerabilities

Friday, June 17, 2016 4:36:00 PM CEST

Ricardo Almeida

Reported XXE Vulnerability

Friday, June 17, 2016 4:37:00 PM CEST

Ketankumar B. Godhani (@KBGodhani)

Reported ClickJacking vulnerability

Monday, June 6, 2016 4:22:00 PM CEST

Benjamin Kunz Mejri

Reported SQL Injections

Friday, June 3, 2016 12:01:00 PM CEST

Lawrence Amer from Vulnerability Lab (www.vulnerability-lab.com)

Reported Cross-Site Scripting (XSS) vulnerability

Thursday, June 2, 2016 10:09:00 AM CEST

Jose Carlos Exposito Bueno from Internet Security Auditors

Reported a number of Cross-Site Script (XSS) Vulnerabilities and a SQL injection Vulnerability

Wednesday, June 1, 2016 10:13:00 AM CEST

Marcin Szydlowski

Reported SQL Injection and XSS Vulnerabilities

Tuesday, May 31, 2016 10:19:00 AM CEST

Vincent Malguy

Reported a Denial Of Service Vulnerability

Tuesday, May 31, 2016 5:24:00 PM CEST

Florian Kunushevci

Reported a number of Cross-Site Script (XSS) Vulnerabilities and a Local File Inclusion Vulnerability

Tuesday, May 31, 2016 5:32:00 PM CEST

Roberto Zanga

Reported Cross-Site Script (XSS) Vulnerability

Tuesday, May 31, 2016 5:39:00 PM CEST

Rahul Kankrale

Reported XSS Vulnerability

Thursday, May 26, 2016 10:34:00 AM CEST

Ahmed Adel Abdelfattah

Reported Information Leakage

Thursday, May 19, 2016 10:34:00 AM CEST

Ali Tabish

Reported Clickjacking

Thursday, May 19, 2016 10:36:00 AM CEST

Ahmet Omeroglu

Reported XSS Vulnerability

Thursday, May 19, 2016 10:41:00 AM CEST

Mahmoud Abdal Azez

Reported Version Disclosure Vulnerability

Thursday, May 19, 2016 2:01:00 PM CEST

Mustafa Hasan

Reported XSS vulnerability

Thursday, May 12, 2016 3:39:00 PM CEST

Karol Celiński from Immunity Systems Sp. z o.o.

Reported Cross-Site Scripting (XSS) and other Vulnerabilities

Thursday, May 12, 2016 3:13:00 PM CEST

BALAJI P R from infoseclabs.in

Reported Cross-Site Script (XSS) Vulnerability

Thursday, May 12, 2016 3:42:00 PM CEST

Hadji Samir from Vulnerability Lab (www.vulnerability-lab.com)

Reported Cross-Site Scripting (XSS) vulnerabilities and a Version Disclosure vulnerability

Thursday, May 12, 2016 3:46:00 PM CEST

Roy Jansen

Reported Cross-Site Scripting (XSS) vulnerability

Monday, March 7, 2016 12:09:00 PM CET

CERT-EU Responsible Disclosure Policy

What to report to CERT-EU:

Security Incidents and Vulnerabilities, which occur in software components, protocols, or hardware of websites or systems of EU Institutions Agencies or Bodies, and may affect significant number of users and/or critical infrastructure.

Vulnerability reporting policy:

CERT-EU reserves the right to accept or reject any vulnerability disclosure report at its discretion, based on the following general criteria:

Pre-disclosure handling of the potentially sensitive vulnerability details:
- The vulnerability should have not already been publicly disclosed.
- It is important to report the vulnerability as quickly as possible after its discovery.
- Even after reporting the vulnerability, no information on the security problem should be shared with others until the incident has been processed and resolved. Failure to comply with this requirement may result in the reported being removed from the CERT-EU Hall of Fame.
The vulnerability finding must be new and severe enough to be considered as eligible for a mention in the Hall of Fame of CERT-EU. The severity of a vulnerability finding is assessed by CERT-EU at its own discretion. CERT-EU reserves the right to reject reports of vulnerabilities, which have already been previously reported.

Vulnerability reporting instructions:

E-mail your findings to reports (at) cert.europa.eu.
Encrypt your email using the PGP key available on CERT-EU website
Provide as much information as possible regarding the finding, in order for CERT-EU to handle the incident as efficiently as possible.

If more information is required, CERT-EU will contact the reporter, therefore any contact details (email address and telephone number) should be valid.

If the previously mentioned conditions are satisfied, CERT-EU will proceed with notification to the impacted party. Once the issue has been fixed or no later than 3 months since the initial report, the reporter may be mentioned (at his own discretion) in the Hall of Fame of CERT-EU (this page) with a short description of the type of vulnerability reported.

Info

This website is managed by CERT-EU. Find out more about us.

For questions or comments, please contact us at:

email: cert-eu@ec.europa.eu

PGP Fingerprint: D894 7318 0495 62AB 9DE8 41DC B3F8 FCC1 B607 5AB8

Emergency phone: +3222990005

Tools