Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security VulnWatch
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] iDefense Q2 2006 Vulnerability Challenge

from [labs-no-reply@idefense.com] Network Security [Permanent Link]
Subject: [Full-disclosure] iDefense Q2 2006 Vulnerability Challenge
Date: Wed, 17 May 2006 01:15:29 -0400 
iDefense Labs is pleased to announce the launch of next installment in
our quarterly vulnerability challenge. Last quarter's challenge focused
on critical vulnerabilities in Microsoft products and was a great
success. We would like to thank everyone that forwarded submissions
prior to the deadline on March 31, 2006. We look forward to announcing
award winners once public advisories become available for the
vulnerabilities.

For the second quarter of 2006, we're shifting the focus from vendor to
technology. This time around, we're focusing on database
vulnerabilities. For submissions received before June 30, 2006, iDefense
Labs will pay $10,000 for each vulnerability submission that results in
the discovery of a remotely exploitable database vulnerability that
meets the following criteria.

- Technologies:
 - Oracle Database 10G
 - Microsoft SQL Server 2005
 - IBM DB Universal Database 8.2
 - MySQL 5.0
 - PostgreSQL 8.1
- The vulnerability must be original and not previously disclosed either
 publicly or to the vendor by another party
- The vulnerability must be remotely exploitable in a default
 installation of one of the targeted technologies
- The vulnerability must exist in the latest version of the affected
 technology with all current patches/upgrades applied
- The vulnerability cannot be caused by or require third party software
- The vulnerability must result in root access on the target machine
- The vulnerability must not require the use of authentication
 credentials
- The vulnerability must receive the vendor's maximum severity ranking
 when the advisory is published (if applicable).

In order to qualify, the submission must be sent during the current
quarter and be received by midnight EST on June 30, 2006. The $10,000
prizes will be paid out following confirmation with the affected vendor
and will be paid in addition to any amount paid for the vulnerability
when it is first accepted. Only the initial submission for a given
vulnerability will qualify for the reward and a maximum of six awards
will be paid out. Should more than six submissions qualify, the first
six submissions will receive the reward.

Further details on the iDefense Vulnerability Contributor Program (VCP)
can be found at:

 http://labs.idefense.com/vcp.php

Michael Sutton
Director, iDefense Labs


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] iDefense Q2 2006 Vulnerability Challenge, labs-no-reply@idefense.com <=
Previous by Date:  [VulnWatch] Cisco Security Advisory: AVS TCP Relay Vulnerability, Cisco Systems Product Security Incident Response Team
Next by Date:  [VulnWatch] Caucho Resin Windows Directory Traversal Vulnerability, advisory
Previous by Thread:  [VulnWatch] Cisco Security Advisory: AVS TCP Relay Vulnerability, Cisco Systems Product Security Incident Response Team
Next by Thread:  [VulnWatch] Caucho Resin Windows Directory Traversal Vulnerability, advisory
Indexes:  [Date] [Thread] [Top] [All Lists]