laphil.blogg.se - Lansweeper agent license

Vulnerabilities that are limited to non-current browsers (older than 3 versions) will not be accepted.

DoS/DDoS attacks or brute force attacks.

Spam, social engineering and physical intrusion.

Theoretical security issues with no realistic exploit scenario(s) or attack surfaces, or issues that would require complex end user interactions to be exploited, may be excluded or be lowered in severity.

In case that a reported vulnerability was already known to the company from their own tests, it will be flagged as a duplicate.

Arbitrary file upload without proof of the existence of the uploaded file.

Subdomain takeover without taken over the subdomain.

Disclosing API keys without proven impact.

Weak SSL configurations and SSL/TLS scan reports.

Open ports without an accompanying proof-of-concept demonstrating vulnerability.

HTTP Request smuggling without any proven impact.

Anything related to email spoofing, SPF, DMARC or DKIM.

Sessions not being invalidated (logout, enabling 2FA.

Disclosed and/or misconfigured Google API key (including maps).

Blind SSRF without proven business impact (DNS pingback only is not sufficient).

Host header injection without proven business impact.Clickjacking on pages with no sensitive actions.Best practices violations (password complexity, expiration, re-use, etc.).Bypassing rate-limits or the non-existence of rate-limits.Presence of autocomplete attribute on web forms.Cross-site Request Forgery with no or low impact.CORS misconfiguration on non-sensitive endpoints.Verbose messages/files/directory listings without disclosing any sensitive information.Self-XSS that cannot be used to exploit other users.Pre-auth account takeover / oauth squatting.Old versions of the on-premises software.Third party services or plugins on the in-scope domains, such as:.The usage of Lansweeper licenses is only to be used for the purpose of ethical hacking, and not to manage your own IT estate.

Scanners also won't improve your skills, and can cause a high server load (we'd like to put our time in thanking researchers rather than blocking their IP's 😉) Please do not use automatic scanners -be creative and do it yourself! We cannot accept any submissions found by using automatic scanners. Please do not register public CVEs without our consent Please do not discuss or post metadata about vulnerabilities or the company name without our consent. Please do not discuss or post vulnerabilities without our consent (including PoC's on YouTube and Vimeo) Provide detailed but to-the point reproduction steps We are happy to respond to any questions, please use the button in the right top corner for this.We will respond to reports as soon as possible.