http://forum.geizhals.at/feed.jsp?id=836538 Geizhals-Forum http://forum.geizhals.at/t836538,7504762.html#7504762 So artet es bei uns nicht aus. Wir sind ja keine Hochschule mit einigen hunderten Meme begeisterten Personen. <img src="teeth.gif" width="16" height="19" align="absmiddle" alt="|-D"/><br/> Wed, 05 Aug 2015 05:54:59 GMT http://forum.geizhals.at/t836538,7504762.html#7504762 Instar 2015-08-05T05:54:59Z http://forum.geizhals.at/t836538,7504760.html#7504760 Hallo,<br><br>die Apps werden von einem getrennten Team betreut.&nbsp;&nbsp;Für User nicht sichtbar wird daran gearbeitet. <img src="smile.gif" width="16" height="19" align="absmiddle" alt=":-)"/><br/> Wed, 05 Aug 2015 05:52:59 GMT http://forum.geizhals.at/t836538,7504760.html#7504760 Instar 2015-08-05T05:52:59Z http://forum.geizhals.at/t836538,7504683.html#7504683 <br>ist eigentlich die neue android app und die interfaces jetzt auch im scope? lg<br/> Tue, 04 Aug 2015 17:31:51 GMT http://forum.geizhals.at/t836538,7504683.html#7504683 *patrick star* 2015-08-04T17:31:51Z http://forum.geizhals.at/t836538,7504595.html#7504595 Techniker ist informiert <img src="hornsmile.gif" width="16" height="26" align="absmiddle" alt="&gt;&#58;-&#41;"/><br><a href="http://www.kraftfuttermischwerk.de/blogg/wp-content/uploads2/2015/01/XwdPXVi.jpg" target="_blank"><img src="http://www.kraftfuttermischwerk.de/blogg/wp-content/uploads2/2015/01/XwdPXVi.jpg" width="550px"/></a><br><br>mfg<br>m3xx <img src="hornsmile.gif" width="16" height="26" align="absmiddle" alt="&gt;&#58;-&#41;"/><br/> Tue, 04 Aug 2015 14:46:21 GMT http://forum.geizhals.at/t836538,7504595.html#7504595 m3xx 2015-08-04T14:46:21Z http://forum.geizhals.at/t836538,7503976.html#7503976 Bitte, kein Problem. Wäre noch schneller gegangen wenn ich nicht nachfragen hätte müssen. <img src="zwinker.gif" width="16" height="19" align="absmiddle" alt=";-)"/> <img src="smile.gif" width="16" height="19" align="absmiddle" alt=":-)"/><br/> Mon, 03 Aug 2015 09:37:09 GMT http://forum.geizhals.at/t836538,7503976.html#7503976 Instar 2015-08-03T09:37:09Z http://forum.geizhals.at/t836538,7503975.html#7503975 Kein Problem! Danke für die schnelle Antwort <img src="smile.gif" width="16" height="19" align="absmiddle" alt=":-)"/> <br/> Mon, 03 Aug 2015 09:34:44 GMT http://forum.geizhals.at/t836538,7503975.html#7503975 x264 2015-08-03T09:34:44Z http://forum.geizhals.at/t836538,7503971.html#7503971 Hallo,<br><br>einer unserer Techniker sitzt an dem Problem und du wirst heute im laufe des Tages eine Antwort bekommen.<br><br>Entschuldigung für die Verzögerung vorige Woche hatten die Herren einige dringende Deadlines. <img src="cry.gif" width="16" height="19" align="absmiddle" alt=":~("/><br/> Mon, 03 Aug 2015 09:29:34 GMT http://forum.geizhals.at/t836538,7503971.html#7503971 Instar 2015-08-03T09:29:34Z http://forum.geizhals.at/t836538,7503918.html#7503918 Schaut sich die Emails noch wer an? Ist jetzt fast eine Woche her...und gefixt ist auch noch nix <img src="schief.gif" width="16" height="19" align="absmiddle" alt=":-/"/><br/> Mon, 03 Aug 2015 07:36:48 GMT http://forum.geizhals.at/t836538,7503918.html#7503918 x264 2015-08-03T07:36:48Z http://forum.geizhals.at/t836538,7330061.html#7330061 Nein, bisher maximal XSS, XSRF ... Also für die User unsicher.<br><br><br/> Fri, 15 Aug 2014 08:36:31 GMT http://forum.geizhals.at/t836538,7330061.html#7330061 mjy@geizhals.at 2014-08-15T08:36:31Z http://forum.geizhals.at/t836538,7330062.html#7330062 Nein, bisher maximal XSS, CSRF ... Also für die User unsicher.<br><br><br/> Fri, 15 Aug 2014 08:36:31 GMT http://forum.geizhals.at/t836538,7330062.html#7330062 mjy@geizhals.at 2014-08-15T08:36:31Z http://forum.geizhals.at/t836538,7330055.html#7330055 War denn bis jetzt ein richtiger "Bock" dabei? Also eine Zugriffsmöglichkeit aufs System o. ä. ? <br/> Fri, 15 Aug 2014 08:16:00 GMT http://forum.geizhals.at/t836538,7330055.html#7330055 MotzTussy 2014-08-15T08:16:00Z http://forum.geizhals.at/t836538,7329987.html#7329987 Ist nicht vollständig (war zu faul <img src="schief.gif" width="16" height="19" align="absmiddle" alt=":-/"/>), in Summe grob ca. 5000 EUR oder so bisher...<br><br/> Thu, 14 Aug 2014 23:35:41 GMT http://forum.geizhals.at/t836538,7329987.html#7329987 mjy@geizhals.at 2014-08-14T23:35:41Z http://forum.geizhals.at/t836538,7329877.html#7329877 <a href="https://forum.geizhals.at/t836538,7207987.html#7207987" rel="noopener" target="_blank">https:/<wbr/>/<wbr/>forum.geizhals.at/<wbr/>t836538,7207987.html#7207987</a> <br/> Thu, 14 Aug 2014 18:07:10 GMT http://forum.geizhals.at/t836538,7329877.html#7329877 TuxTux 2014-08-14T18:07:10Z http://forum.geizhals.at/t836538,7329874.html#7329874 Darf man fragen, wie viel ihr schon auszahlen durftet?<br/> Thu, 14 Aug 2014 18:03:20 GMT http://forum.geizhals.at/t836538,7329874.html#7329874 zeddicus 2014-08-14T18:03:20Z http://forum.geizhals.at/t836538,7192623.html#7192623 kruzefix musst du alles verraten <img src="angry.gif" width="16" height="19" align="absmiddle" alt="&gt;-("/><br><br>wer weiß was der chefe springen hät lassen <img src="teeth.gif" width="16" height="19" align="absmiddle" alt="|-D"/><br/> Thu, 12 Dec 2013 09:13:44 GMT http://forum.geizhals.at/t836538,7192623.html#7192623 bono_d70 2013-12-12T09:13:44Z http://forum.geizhals.at/t836538,7192622.html#7192622 <blockquote><em> Hast du das jetzt extra dafür gemalt?<br></em></blockquote><br><br>was bekomm ich wenn ich ja dagen würd als belohnung? <img src="glasses.gif" width="16" height="19" align="absmiddle" alt="8-)"/><br><br>(kleiner tipp: ein roomba ist immer was nützliches <img src="hornteeth.gif" width="16" height="26" align="absmiddle" alt="&gt;&#58;-D"/> ) <br><br><br/> Thu, 12 Dec 2013 09:13:14 GMT http://forum.geizhals.at/t836538,7192622.html#7192622 bono_d70 2013-12-12T09:13:14Z http://forum.geizhals.at/t836538,7192620.html#7192620 <a href="http://www.elektrojournal.at/cartoons-20269.html" rel="noopener" target="_blank">http:/<wbr/>/<wbr/>www.elektrojournal.at/<wbr/>cartoons-20269.html</a> <br/> Thu, 12 Dec 2013 09:11:11 GMT http://forum.geizhals.at/t836538,7192620.html#7192620 hellbringer 2013-12-12T09:11:11Z http://forum.geizhals.at/t836538,7192616.html#7192616 Hast du das jetzt extra dafür gemalt?<br><br/> Thu, 12 Dec 2013 09:05:09 GMT http://forum.geizhals.at/t836538,7192616.html#7192616 mjy@geizhals.at 2013-12-12T09:05:09Z http://forum.geizhals.at/t836538,7192611.html#7192611 Geht schon! Bin bereit einzuhacken&nbsp;&nbsp;<img src="teeth.gif" width="16" height="19" align="absmiddle" alt="|-D"/><br><br><br><img src="files/111014/030924_geizhals.jpg"/><br/> Thu, 12 Dec 2013 09:00:07 GMT http://forum.geizhals.at/t836538,7192611.html#7192611 bono_d70 2013-12-12T09:00:07Z http://forum.geizhals.at/t836538,7192456.html#7192456 vom Inhalt versteh nur soviel, als daß Bugs an GH reported werden sollen.<br><br>Aber 50€ für einen Bug scheint mir wirklich SEHR GEIZhals<br/> Wed, 11 Dec 2013 21:26:16 GMT http://forum.geizhals.at/t836538,7192456.html#7192456 AVS_reloaded 2013-12-11T21:26:16Z http://forum.geizhals.at/t836538,7193389.html#7193389 2013-12-13: <br>* Forum: XSS in 404-Google-search JS (@christypriory)<br>* Forum: XSS #2 (@christypriory)<br>* Forum: XSS #3 (-"-)<br>* Forum: XSS #4 (-"-)<br>* Forum: CSRF 1-4 (-"-)<br>* Forum: Clickjacking (-"-)<br>* Geizhals: XSS #1 (-"-)<br>* unternehmen.geizhals.at XSS #1 (-"-)<br>* sensitive HTTP information disclosure #1 (-"-)<br><br><br><br/> Wed, 11 Dec 2013 18:52:59 GMT http://forum.geizhals.at/t836538,7193389.html#7193389 mjy@geizhals.at 2013-12-11T18:52:59Z http://forum.geizhals.at/t836538,7200663.html#7200663 2013-12-13: <br>* Forum: XSS in 404-Google-search JS (@christypriory)<br>* Forum: XSS #2 (@christypriory)<br>* Forum: XSS #3 (-"-)<br>* Forum: XSS #4 (-"-)<br>* Forum: CSRF 1-4 (-"-)<br>* Forum: Clickjacking (-"-)<br>* Geizhals: XSS #1 (-"-)<br>* unternehmen.geizhals.at XSS #1 (-"-)<br>* sensitive HTTP information disclosure #1 (-"-)<br>* gewinnspiel/cenowarka/konkurs XSS&nbsp;&nbsp;(-"-)<br>* Forum: tomcat example servlets possible session manipulation (-"-)<br>* Forum: URL redirection (-"-)<br><br>2013-12-15: <br>* Geizhals: CSRF Wishlist creation (was known, but still ...) (@christypriory)<br><br>2013-12-26:<br>* Forum: XSS at file rename (file manager) (@christypriory)<br>* Metashop: XSS in search function (@christypriory)<br><br><br><br/> Wed, 11 Dec 2013 18:52:59 GMT http://forum.geizhals.at/t836538,7200663.html#7200663 mjy@geizhals.at 2013-12-11T18:52:59Z http://forum.geizhals.at/t836538,7193339.html#7193339 2013-12-13: <br>* Forum: XSS in 404-Google-search JS (@christypriory)<br>* Forum: XSS #2 (@christypriory)<br>* Forum: XSS #3 (-"-)<br>* Forum: XSS #4 (-"-)<br>* Forum: CSRF 1-4 (-"-)<br>* Forum: Clickjacking (-"-)<br>* Geizhals: XSS #1 (-"-)<br>* unternehmen.geizhals.at XSS #1 (-"-)<br><br><br><br/> Wed, 11 Dec 2013 18:52:59 GMT http://forum.geizhals.at/t836538,7193339.html#7193339 mjy@geizhals.at 2013-12-11T18:52:59Z http://forum.geizhals.at/t836538,7193271.html#7193271 2013-12-13: <br>* Forum: XSS in 404-Google-search JS (@christypriory)<br>* Forum: XSS #2 (@christypriory)<br>* Forum: XSS #3 (-"-)<br>* Forum: XSS #4 (-"-)<br>* Forum: CSRF 1-4 (-"-)<br>* Forum: Clickjacking (-"-)<br>* Geizhals: XSS #1 (-"-)<br><br><br/> Wed, 11 Dec 2013 18:52:59 GMT http://forum.geizhals.at/t836538,7193271.html#7193271 mjy@geizhals.at 2013-12-11T18:52:59Z http://forum.geizhals.at/t836538,7193268.html#7193268 2013-12-13: <br>* Forum: XSS in 404-Google-search JS (@christypriory)<br>* Forum: XSS #2 (@christypriory)<br>* Forum: XSS #3 (-"-)<br>* Forum: CSRF 1-4 (-"-)<br>* Forum: Clickjacking (-"-)<br>* Geizhals: XSS #1 (-"-)<br><br><br/> Wed, 11 Dec 2013 18:52:59 GMT http://forum.geizhals.at/t836538,7193268.html#7193268 mjy@geizhals.at 2013-12-11T18:52:59Z http://forum.geizhals.at/t836538,7192344.html#7192344 TBD<br><br/> Wed, 11 Dec 2013 18:52:59 GMT http://forum.geizhals.at/t836538,7192344.html#7192344 mjy@geizhals.at 2013-12-11T18:52:59Z http://forum.geizhals.at/t836538,7193730.html#7193730 2013-12-13: <br>* Forum: XSS in 404-Google-search JS (@christypriory)<br>* Forum: XSS #2 (@christypriory)<br>* Forum: XSS #3 (-"-)<br>* Forum: XSS #4 (-"-)<br>* Forum: CSRF 1-4 (-"-)<br>* Forum: Clickjacking (-"-)<br>* Geizhals: XSS #1 (-"-)<br>* unternehmen.geizhals.at XSS #1 (-"-)<br>* sensitive HTTP information disclosure #1 (-"-)<br>* gewinnspiel/cenowarka/konkurs XSS&nbsp;&nbsp;(-"-)<br><br><br><br/> Wed, 11 Dec 2013 18:52:59 GMT http://forum.geizhals.at/t836538,7193730.html#7193730 mjy@geizhals.at 2013-12-11T18:52:59Z http://forum.geizhals.at/t836538,7193743.html#7193743 2013-12-13: <br>* Forum: XSS in 404-Google-search JS (@christypriory)<br>* Forum: XSS #2 (@christypriory)<br>* Forum: XSS #3 (-"-)<br>* Forum: XSS #4 (-"-)<br>* Forum: CSRF 1-4 (-"-)<br>* Forum: Clickjacking (-"-)<br>* Geizhals: XSS #1 (-"-)<br>* unternehmen.geizhals.at XSS #1 (-"-)<br>* sensitive HTTP information disclosure #1 (-"-)<br>* gewinnspiel/cenowarka/konkurs XSS&nbsp;&nbsp;(-"-)<br>* Forum: tomcat example servlets possible session manipulation (-"-)<br>* Forum: URL redirection (-"-)<br><br><br><br><br/> Wed, 11 Dec 2013 18:52:59 GMT http://forum.geizhals.at/t836538,7193743.html#7193743 mjy@geizhals.at 2013-12-11T18:52:59Z http://forum.geizhals.at/t836538,7195015.html#7195015 2013-12-13: <br>* Forum: XSS in 404-Google-search JS (@christypriory)<br>* Forum: XSS #2 (@christypriory)<br>* Forum: XSS #3 (-"-)<br>* Forum: XSS #4 (-"-)<br>* Forum: CSRF 1-4 (-"-)<br>* Forum: Clickjacking (-"-)<br>* Geizhals: XSS #1 (-"-)<br>* unternehmen.geizhals.at XSS #1 (-"-)<br>* sensitive HTTP information disclosure #1 (-"-)<br>* gewinnspiel/cenowarka/konkurs XSS&nbsp;&nbsp;(-"-)<br>* Forum: tomcat example servlets possible session manipulation (-"-)<br>* Forum: URL redirection (-"-)<br>2013-12-15: <br>* Geizhals: CSRF Wishlist creation (was known, but still ...)<br><br><br><br><br/> Wed, 11 Dec 2013 18:52:59 GMT http://forum.geizhals.at/t836538,7195015.html#7195015 mjy@geizhals.at 2013-12-11T18:52:59Z http://forum.geizhals.at/t836538,7200662.html#7200662 2013-12-13: <br>* Forum: XSS in 404-Google-search JS (@christypriory)<br>* Forum: XSS #2 (@christypriory)<br>* Forum: XSS #3 (-"-)<br>* Forum: XSS #4 (-"-)<br>* Forum: CSRF 1-4 (-"-)<br>* Forum: Clickjacking (-"-)<br>* Geizhals: XSS #1 (-"-)<br>* unternehmen.geizhals.at XSS #1 (-"-)<br>* sensitive HTTP information disclosure #1 (-"-)<br>* gewinnspiel/cenowarka/konkurs XSS&nbsp;&nbsp;(-"-)<br>* Forum: tomcat example servlets possible session manipulation (-"-)<br>* Forum: URL redirection (-"-)<br><br>2013-12-15: <br>* Geizhals: CSRF Wishlist creation (was known, but still ...)<br><br>2013-12-26:<br>* Forum: XSS at file rename (file manager)<br>* Metashop: XSS in search function<br><br><br><br/> Wed, 11 Dec 2013 18:52:59 GMT http://forum.geizhals.at/t836538,7200662.html#7200662 mjy@geizhals.at 2013-12-11T18:52:59Z http://forum.geizhals.at/t836538,7207983.html#7207983 2013-12-13: <br>* Forum: XSS in 404-Google-search JS (@christypriory)<br>* Forum: XSS #2 (@christypriory)<br>* Forum: XSS #3 (-"-)<br>* Forum: XSS #4 (-"-)<br>* Forum: CSRF 1-4 (-"-)<br>* Forum: Clickjacking (-"-)<br>* Geizhals: XSS #1 (-"-)<br>* unternehmen.geizhals.at XSS #1 (-"-)<br>* sensitive HTTP information disclosure #1 (-"-)<br>* gewinnspiel/cenowarka/konkurs XSS&nbsp;&nbsp;(-"-)<br>* Forum: tomcat example servlets possible session manipulation (-"-)<br>* Forum: URL redirection (-"-)<br><br>2013-12-15: <br>* Geizhals: CSRF Wishlist creation (was known, but still ...) (@christypriory)<br><br>2013-12-26:<br>* Forum: XSS at file rename (file manager) (@christypriory)<br>* Metashop: XSS in search function (@christypriory)<br>* Metashop: stored XSS (-"-)<br>* Metashop: Clickjacking (-"-)<br>* Metashop: internal path disclosure (-"-)<br><br>2013-12-27:<br>* bepixelung: verify any e-mail address (@christypriory)<br>* bepixelung: stored XSS "Meine Bilder" (-"-)<br><br>2013-01-06:<br>* bepixelung: CSRF delete any image (-"-)<br>* bepixelung: CSRF e-mail address change (-"-)<br>* bepixelung: CSRF delete account (-"-)<br>* bepixelung: clickjacking (-"-)<br>* bepixelung: XSS filter (-"-)<br>* bepixelung: XSS artikel (-"-)<br>* Kleinanzeigen: XSS (-"-)<br>* forum: XSS (-"-)<br>* Kleinanzeigen: directory listings (*patrick star*)<br>* forum: XSS Richtlinien (-"-)<br>* forum: SVG-Files auf forum.geizhals.at statt geizhalsforum.666kb.at (-"-)<br>* Metashop: XSS Bemerkungen bei Bestellung (-"-)<br><br><br><br><br/> Wed, 11 Dec 2013 18:52:59 GMT http://forum.geizhals.at/t836538,7207983.html#7207983 mjy@geizhals.at 2013-12-11T18:52:59Z http://forum.geizhals.at/t836538,7207986.html#7207986 2013-12-13: <br>* Forum: XSS in 404-Google-search JS (@christypriory)<br>* Forum: XSS #2 (@christypriory)<br>* Forum: XSS #3 (-"-)<br>* Forum: XSS #4 (-"-)<br>* Forum: CSRF 1-4 (-"-)<br>* Forum: Clickjacking (-"-)<br>* Geizhals: XSS #1 (-"-)<br>* unternehmen.geizhals.at XSS #1 (-"-)<br>* sensitive HTTP information disclosure #1 (-"-)<br>* gewinnspiel/cenowarka/konkurs XSS&nbsp;&nbsp;(-"-)<br>* Forum: tomcat example servlets possible session manipulation (-"-)<br>* Forum: URL redirection (-"-)<br><br>2013-12-15: <br>* Geizhals: CSRF Wishlist creation (was known, but still ...) (@christypriory)<br><br>2013-12-26:<br>* Forum: XSS at file rename (file manager) (@christypriory)<br>* Metashop: XSS in search function (@christypriory)<br>* Metashop: stored XSS (-"-)<br>* Metashop: Clickjacking (-"-)<br>* Metashop: internal path disclosure (-"-)<br><br>2013-12-27:<br>* bepixelung: verify any e-mail address (@christypriory)<br>* bepixelung: stored XSS "Meine Bilder" (-"-)<br><br>2013-01-06:<br>* bepixelung: CSRF delete any image (-"-)<br>* bepixelung: CSRF e-mail address change (-"-)<br>* bepixelung: CSRF delete account (-"-)<br>* bepixelung: clickjacking (-"-)<br>* bepixelung: XSS filter (-"-)<br>* bepixelung: XSS artikel (-"-)<br>* Kleinanzeigen: XSS (-"-)<br>* forum: XSS (-"-)<br>* Kleinanzeigen: directory listings (*patrick star*)<br>* forum: XSS Richtlinien (-"-)<br>* forum: SVG-Files auf forum.geizhals.at statt geizhalsforum.666kb.at (-"-)<br>* Metashop: XSS Bemerkungen bei Bestellung (-"-)<br><br><br><br><hr/><br><b>2014-01-08: 36 issues acknowledged; 32 bounties paid.</b><br><br><br><br/> Wed, 11 Dec 2013 18:52:59 GMT http://forum.geizhals.at/t836538,7207986.html#7207986 mjy@geizhals.at 2013-12-11T18:52:59Z http://forum.geizhals.at/t836538,7207987.html#7207987 2013-12-13: <br>* Forum: XSS in 404-Google-search JS (@christypriory)<br>* Forum: XSS #2 (@christypriory)<br>* Forum: XSS #3 (-"-)<br>* Forum: XSS #4 (-"-)<br>* Forum: CSRF 1-4 (-"-)<br>* Forum: Clickjacking (-"-)<br>* Geizhals: XSS #1 (-"-)<br>* unternehmen.geizhals.at XSS #1 (-"-)<br>* sensitive HTTP information disclosure #1 (-"-)<br>* gewinnspiel/cenowarka/konkurs XSS&nbsp;&nbsp;(-"-)<br>* Forum: tomcat example servlets possible session manipulation (-"-)<br>* Forum: URL redirection (-"-)<br><br>2013-12-15: <br>* Geizhals: CSRF Wishlist creation (was known, but still ...) (@christypriory)<br><br>2013-12-26:<br>* Forum: XSS at file rename (file manager) (@christypriory)<br>* Metashop: XSS in search function (@christypriory)<br>* Metashop: stored XSS (-"-)<br>* Metashop: Clickjacking (-"-)<br>* Metashop: internal path disclosure (-"-)<br><br>2013-12-27:<br>* bepixelung: verify any e-mail address (@christypriory)<br>* bepixelung: stored XSS "Meine Bilder" (-"-)<br><br>2013-01-06:<br>* bepixelung: CSRF delete any image (-"-)<br>* bepixelung: CSRF e-mail address change (-"-)<br>* bepixelung: CSRF delete account (-"-)<br>* bepixelung: clickjacking (-"-)<br>* bepixelung: XSS filter (-"-)<br>* bepixelung: XSS artikel (-"-)<br>* Kleinanzeigen: XSS (-"-)<br>* forum: XSS (-"-)<br>* Kleinanzeigen: directory listings (*patrick star*)<br>* forum: XSS Richtlinien (-"-)<br>* forum: SVG-Files auf forum.geizhals.at statt geizhalsforum.666kb.at (-"-)<br>* Metashop: XSS Bemerkungen bei Bestellung (-"-)<br><br><br><br><hr/><br><b>2014-01-08: 37 issues acknowledged; 32 bounties paid.</b><br><br><br><br/> Wed, 11 Dec 2013 18:52:59 GMT http://forum.geizhals.at/t836538,7207987.html#7207987 mjy@geizhals.at 2013-12-11T18:52:59Z http://forum.geizhals.at/t836538,7259451.html#7259451 <blockquote><br><br>Geizhals Bug Bounty Program<br>===========================================<br>DRAFT, valid from 21.12.2013 as published at that date.<br><br><br>General terms:<br><br><ul><br><li/> applies to websites using the domains: geizhals.at, geizhals.de, geizhals.eu, compare.eu, skinflint.co.uk, cenowarka.pl, bepixelung.org, metashop.at<br><li/>in some cases, multiple reports for seemingly different websites might refer to the exact same problem / piece of code, because e.g. skinflint.co.uk uses the same code as geizhals.at etc. - here we will consider these multiple reports as one at our discretion. Specifically, this is true for Forum HTML filtering in multiple places (guestbook, posts, signature ...)<br><li/>we may offer to pay bounties in the form of Amazon vouchers (we will let you choose from Amazon.de, Amazon.co.uk and possibly others if we can pay them without tax issues)<br><li/>we will publish information about submissions with as much detail as we choose to<br><li/>first come, first serve - bounties are paid to first submitter only and only once per type of vulnerability (not for different ways of exploiting the same or for each account compromised etc.)<br><li/>damages caused unnecessarily will be subtracted from bounties (we'll be fair). If too much avoidable damage was caused, we may refuse to pay bounties (please don't do it, this bug bounty program does not exist in order to invite people to cause damage to us)<br><li/>known vulnerabilities we are trying to fix and published by us already, are excluded<br><li/>if multiple cases below apply, the highest is paid, except for vulnerable 3rd party code (i.e. Debian packages), where we pay only the bounty for that category (the best matching)<br><li/>all submissions must be sent to bugbounty@geizhals.at and readable with MUAs without HTML support<br><li/>exploit details must not be published elsewhere before we've had reasonable time to fix the problem<br><li/>we may update the terms / bounties however we wish at any time without prior notice, however for submitted bugs sent before new terms are announced, the old terms will apply<br><li/>we must be able to reproduce reported bugs without an unusual/exotic platform/configuration<br><li/>we will try to be as fair and objective as possible, however if we cannot afford some bounties or&nbsp;&nbsp;if we made stupid mistakes in the terms published that allow exploitation in an unintended way, we&nbsp;&nbsp;reserve the right to refuse bounties. Please be fair and reasonable too!<br></ul><br><br>SEVERITY&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; BOUNTY&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;EXTRA TERMS<br>-------------------------------------------------------------------------<br>XSS&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€100&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br><br>CSRF&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; €100&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if user data can be manipulated through 3rd party websites<br><br>SQL Injection&nbsp;&nbsp; €200<br><br>Capturing a user<br>account&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€150&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Brute-forcing, phishing or MITM are not applicable. Using XSS: <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; XSS bounty above will apply.<br><br>Severe DoS<br>opportunity&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€200&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;When a particular request/URL causes effective DoS with <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1 hit per 60 seconds (yes we know about forum search and<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; best merchant combination calculations, they are slow...)<br><br>Remote code<br>execution/login&nbsp;&nbsp;&nbsp;&nbsp;€500<br><br>Remote code exec.<br>as root&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€1000<br><br>Any of the above <br>when caused by 3rd<br>party bug with fix<br>available for 48h<br>or longer&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€200<br><br>Any of the above <br>when caused by 3rd<br>party bug with fix<br>available for &lt;48h €0 (because we'll hopefully fix it automatically)<br><br>Any of the above<br>when caused by 3rd<br>party bug with NO<br>fix available yet&nbsp;&nbsp;CONTACT DEBIAN/appropriate authorities urgently!<br><br></blockquote><br><br><hr/><br>2013-12-19: increased bounties<br>2013-12-26: added bepixelung.org, metashop.at<br><br/> Wed, 11 Dec 2013 18:34:48 GMT http://forum.geizhals.at/t836538,7259451.html#7259451 mjy@geizhals.at 2013-12-11T18:34:48Z http://forum.geizhals.at/t836538,7259450.html#7259450 <blockquote><br><br>Geizhals Bug Bounty Program<br>===========================================<br>DRAFT, valid from 21.12.2013 as published at that date.<br><br><br>General terms:<br><br><ul><br><li/> applies to websites using the domains: geizhals.at, geizhals.de, geizhals.eu, compare.eu, skinflint.co.uk, cenowarka.pl, bepixelung.org, metashop.at<br><li/>in some cases, multiple reports for seemingly different websites might refer to the exact same problem / piece of code, because e.g. skinflint.co.uk uses the same code as geizhals.at etc. - here we will consider these multiple reports as one at our discretion. Specifically, this is true for Forum HTML filtering.<br><li/>we may offer to pay bounties in the form of Amazon vouchers (we will let you choose from Amazon.de, Amazon.co.uk and possibly others if we can pay them without tax issues)<br><li/>we will publish information about submissions with as much detail as we choose to<br><li/>first come, first serve - bounties are paid to first submitter only and only once per type of vulnerability (not for different ways of exploiting the same or for each account compromised etc.)<br><li/>damages caused unnecessarily will be subtracted from bounties (we'll be fair). If too much avoidable damage was caused, we may refuse to pay bounties (please don't do it, this bug bounty program does not exist in order to invite people to cause damage to us)<br><li/>known vulnerabilities we are trying to fix and published by us already, are excluded<br><li/>if multiple cases below apply, the highest is paid, except for vulnerable 3rd party code (i.e. Debian packages), where we pay only the bounty for that category (the best matching)<br><li/>all submissions must be sent to bugbounty@geizhals.at and readable with MUAs without HTML support<br><li/>exploit details must not be published elsewhere before we've had reasonable time to fix the problem<br><li/>we may update the terms / bounties however we wish at any time without prior notice, however for submitted bugs sent before new terms are announced, the old terms will apply<br><li/>we must be able to reproduce reported bugs without an unusual/exotic platform/configuration<br><li/>we will try to be as fair and objective as possible, however if we cannot afford some bounties or&nbsp;&nbsp;if we made stupid mistakes in the terms published that allow exploitation in an unintended way, we&nbsp;&nbsp;reserve the right to refuse bounties. Please be fair and reasonable too!<br></ul><br><br>SEVERITY&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; BOUNTY&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;EXTRA TERMS<br>-------------------------------------------------------------------------<br>XSS&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€100&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br><br>CSRF&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; €100&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if user data can be manipulated through 3rd party websites<br><br>SQL Injection&nbsp;&nbsp; €200<br><br>Capturing a user<br>account&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€150&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Brute-forcing, phishing or MITM are not applicable. Using XSS: <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; XSS bounty above will apply.<br><br>Severe DoS<br>opportunity&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€200&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;When a particular request/URL causes effective DoS with <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1 hit per 60 seconds (yes we know about forum search and<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; best merchant combination calculations, they are slow...)<br><br>Remote code<br>execution/login&nbsp;&nbsp;&nbsp;&nbsp;€500<br><br>Remote code exec.<br>as root&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€1000<br><br>Any of the above <br>when caused by 3rd<br>party bug with fix<br>available for 48h<br>or longer&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€200<br><br>Any of the above <br>when caused by 3rd<br>party bug with fix<br>available for &lt;48h €0 (because we'll hopefully fix it automatically)<br><br>Any of the above<br>when caused by 3rd<br>party bug with NO<br>fix available yet&nbsp;&nbsp;CONTACT DEBIAN/appropriate authorities urgently!<br><br></blockquote><br><br><hr/><br>2013-12-19: increased bounties<br>2013-12-26: added bepixelung.org, metashop.at<br><br/> Wed, 11 Dec 2013 18:34:48 GMT http://forum.geizhals.at/t836538,7259450.html#7259450 mjy@geizhals.at 2013-12-11T18:34:48Z http://forum.geizhals.at/t836538,7200644.html#7200644 <blockquote><br><br>Geizhals Bug Bounty Program<br>===========================================<br>DRAFT, valid from 21.12.2013 as published at that date.<br><br><br>General terms:<br><br><ul><br><li/> applies to websites using the domains: geizhals.at, geizhals.de, geizhals.eu, compare.eu, skinflint.co.uk, cenowarka.pl, bepixelung.org, metashop.at<br><li/>in some cases, multiple reports for seemingly different websites might refer to the exact same problem / piece of code, because e.g. skinflint.co.uk uses the same code as geizhals.at etc. - here we will consider these multiple reports as one at our discretion.<br><li/>we may offer to pay bounties in the form of Amazon vouchers (we will let you choose from Amazon.de, Amazon.co.uk and possibly others if we can pay them without tax issues)<br><li/>we will publish information about submissions with as much detail as we choose to<br><li/>first come, first serve - bounties are paid to first submitter only and only once per type of vulnerability (not for different ways of exploiting the same or for each account compromised etc.)<br><li/>damages caused unnecessarily will be subtracted from bounties (we'll be fair). If too much avoidable damage was caused, we may refuse to pay bounties (please don't do it, this bug bounty program does not exist in order to invite people to cause damage to us)<br><li/>known vulnerabilities we are trying to fix and published by us already, are excluded<br><li/>if multiple cases below apply, the highest is paid, except for vulnerable 3rd party code (i.e. Debian packages), where we pay only the bounty for that category (the best matching)<br><li/>all submissions must be sent to bugbounty@geizhals.at and readable with MUAs without HTML support<br><li/>exploit details must not be published elsewhere before we've had reasonable time to fix the problem<br><li/>we may update the terms / bounties however we wish at any time without prior notice, however for submitted bugs sent before new terms are announced, the old terms will apply<br><li/>we must be able to reproduce reported bugs without an unusual/exotic platform/configuration<br><li/>we will try to be as fair and objective as possible, however if we cannot afford some bounties or&nbsp;&nbsp;if we made stupid mistakes in the terms published that allow exploitation in an unintended way, we&nbsp;&nbsp;reserve the right to refuse bounties. Please be fair and reasonable too!<br></ul><br><br>SEVERITY&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; BOUNTY&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;EXTRA TERMS<br>-------------------------------------------------------------------------<br>XSS&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€100&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br><br>CSRF&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; €100&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if user data can be manipulated through 3rd party websites<br><br>SQL Injection&nbsp;&nbsp; €200<br><br>Capturing a user<br>account&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€150&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Brute-forcing, phishing or MITM are not applicable. Using XSS: <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; XSS bounty above will apply.<br><br>Severe DoS<br>opportunity&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€200&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;When a particular request/URL causes effective DoS with <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1 hit per 60 seconds (yes we know about forum search and<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; best merchant combination calculations, they are slow...)<br><br>Remote code<br>execution/login&nbsp;&nbsp;&nbsp;&nbsp;€500<br><br>Remote code exec.<br>as root&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€1000<br><br>Any of the above <br>when caused by 3rd<br>party bug with fix<br>available for 48h<br>or longer&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€200<br><br>Any of the above <br>when caused by 3rd<br>party bug with fix<br>available for &lt;48h €0 (because we'll hopefully fix it automatically)<br><br>Any of the above<br>when caused by 3rd<br>party bug with NO<br>fix available yet&nbsp;&nbsp;CONTACT DEBIAN/appropriate authorities urgently!<br><br></blockquote><br><br><hr/><br>2013-12-19: increased bounties<br>2013-12-26: added bepixelung.org, metashop.at<br><br/> Wed, 11 Dec 2013 18:34:48 GMT http://forum.geizhals.at/t836538,7200644.html#7200644 mjy@geizhals.at 2013-12-11T18:34:48Z http://forum.geizhals.at/t836538,7196898.html#7196898 <blockquote><br><br>Geizhals Bug Bounty Program<br>===========================================<br>DRAFT, valid from 21.12.2013 as published at that date.<br><br><br>General terms:<br><br><ul><br><li/> applies to websites using the domains: geizhals.at, geizhals.de, geizhals.eu, compare.eu, skinflint.co.uk, cenowarka.pl<br><li/>in some cases, multiple reports for seemingly different websites might refer to the exact same problem / piece of code, because e.g. skinflint.co.uk uses the same code as geizhals.at etc. - here we will consider these multiple reports as one at our discretion.<br><li/>we may offer to pay bounties in the form of Amazon vouchers (we will let you choose from Amazon.de, Amazon.co.uk and possibly others if we can pay them without tax issues)<br><li/>we will publish information about submissions with as much detail as we choose to<br><li/>first come, first serve - bounties are paid to first submitter only and only once per type of vulnerability (not for different ways of exploiting the same or for each account compromised etc.)<br><li/>damages caused unnecessarily will be subtracted from bounties (we'll be fair). If too much avoidable damage was caused, we may refuse to pay bounties (please don't do it, this bug bounty program does not exist in order to invite people to cause damage to us)<br><li/>known vulnerabilities we are trying to fix and published by us already, are excluded<br><li/>if multiple cases below apply, the highest is paid, except for vulnerable 3rd party code (i.e. Debian packages), where we pay only the bounty for that category (the best matching)<br><li/>all submissions must be sent to bugbounty@geizhals.at and readable with MUAs without HTML support<br><li/>exploit details must not be published elsewhere before we've had reasonable time to fix the problem<br><li/>we may update the terms / bounties however we wish at any time without prior notice, however for submitted bugs sent before new terms are announced, the old terms will apply<br><li/>we must be able to reproduce reported bugs without an unusual/exotic platform/configuration<br><li/>we will try to be as fair and objective as possible, however if we cannot afford some bounties or&nbsp;&nbsp;if we made stupid mistakes in the terms published that allow exploitation in an unintended way, we&nbsp;&nbsp;reserve the right to refuse bounties. Please be fair and reasonable too!<br></ul><br><br>SEVERITY&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; BOUNTY&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;EXTRA TERMS<br>-------------------------------------------------------------------------<br>XSS&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€100&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br><br>CSRF&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; €100&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if user data can be manipulated through 3rd party websites<br><br>SQL Injection&nbsp;&nbsp; €200<br><br>Capturing a user<br>account&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€150&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Brute-forcing, phishing or MITM are not applicable. Using XSS: <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; XSS bounty above will apply.<br><br>Severe DoS<br>opportunity&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€200&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;When a particular request/URL causes effective DoS with <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1 hit per 60 seconds (yes we know about forum search and<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; best merchant combination calculations, they are slow...)<br><br>Remote code<br>execution/login&nbsp;&nbsp;&nbsp;&nbsp;€500<br><br>Remote code exec.<br>as root&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€1000<br><br>Any of the above <br>when caused by 3rd<br>party bug with fix<br>available for 48h<br>or longer&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€200<br><br>Any of the above <br>when caused by 3rd<br>party bug with fix<br>available for &lt;48h €0 (because we'll hopefully fix it automatically)<br><br>Any of the above<br>when caused by 3rd<br>party bug with NO<br>fix available yet&nbsp;&nbsp;CONTACT DEBIAN/appropriate authorities urgently!<br><br></blockquote><br><br/> Wed, 11 Dec 2013 18:34:48 GMT http://forum.geizhals.at/t836538,7196898.html#7196898 mjy@geizhals.at 2013-12-11T18:34:48Z http://forum.geizhals.at/t836538,7387622.html#7387622 <blockquote><br><br>Geizhals Bug Bounty Program<br>===========================================<br>DRAFT, valid from 27.11.2014 as published at that date.<br><br><br>General terms:<br><br><ul><br><li/> applies to websites explicitly and directly using the domains: geizhals.at, geizhals.de, geizhals.eu, compare.eu, skinflint.co.uk, cenowarka.pl, bepixelung.org, metashop.at<br><li/>in some cases, multiple reports for seemingly different websites might refer to the exact same problem / piece of code, because e.g. skinflint.co.uk uses the same code as geizhals.at etc. - here we will consider these multiple reports as one at our discretion. Specifically, this is true for Forum HTML filtering in multiple places (guestbook, posts, signature ...)<br><li/>we may offer to pay bounties in the form of Amazon vouchers (we will let you choose from Amazon.de, Amazon.co.uk and possibly others if we can pay them without tax issues)<br><li/>we will publish information about submissions with as much detail as we choose to<br><li/>first come, first serve - bounties are paid to first submitter only and only once per type of vulnerability (not for different ways of exploiting the same or for each account compromised etc.)<br><li/>damages caused unnecessarily will be subtracted from bounties (we'll be fair). If too much avoidable damage was caused, we may refuse to pay bounties (please don't do it, this bug bounty program does not exist in order to invite people to cause damage to us)<br><li/>known vulnerabilities we are trying to fix and published by us already, are excluded<br><li/>if multiple cases below apply, the highest is paid, except for vulnerable 3rd party code (i.e. Debian packages), where we pay only the bounty for that category (the best matching)<br><li/>all submissions must be sent to bugbounty@geizhals.at and readable with MUAs without HTML support<br><li/>exploit details must not be published elsewhere before we've had reasonable time to fix the problem<br><li/>we may update the terms / bounties however we wish at any time without prior notice, however for submitted bugs sent before new terms are announced, the old terms will apply<br><li/>we must be able to reproduce reported bugs without an unusual/exotic platform/configuration<br><li/>we will try to be as fair and objective as possible, however if we cannot afford some bounties or&nbsp;&nbsp;if we made stupid mistakes in the terms published that allow exploitation in an unintended way, we&nbsp;&nbsp;reserve the right to refuse bounties. Please be fair and reasonable too!<br></ul><br><br>SEVERITY&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; BOUNTY&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;EXTRA TERMS<br>-------------------------------------------------------------------------<br>XSS&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€100&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br><br>CSRF&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; €100&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if user data can be manipulated through 3rd party websites<br><br>SQL Injection&nbsp;&nbsp; €200<br><br>Capturing a user<br>account&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€150&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Brute-forcing, phishing or MITM are not applicable. Using XSS: <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; XSS bounty above will apply.<br><br>Severe DoS<br>opportunity&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€200&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;When a particular request/URL causes effective DoS with <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1 hit per 60 seconds (yes we know about forum search and<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; best merchant combination calculations, they are slow...)<br><br>Remote code<br>execution/login&nbsp;&nbsp;&nbsp;&nbsp;€500<br><br>Remote code exec.<br>as root&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€1000<br><br>Any of the above <br>when caused by 3rd<br>party bug with fix<br>available for 48h<br>or longer&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€200<br><br>Any of the above <br>when caused by 3rd<br>party bug with fix<br>available for &lt;48h €0 (because we'll hopefully fix it automatically)<br><br>Any of the above<br>when caused by 3rd<br>party bug with NO<br>fix available yet&nbsp;&nbsp;CONTACT DEBIAN/appropriate authorities urgently!<br><br></blockquote><br><br><hr/><br>2013-12-19: increased bounties<br>2013-12-26: added bepixelung.org, metashop.at<br><br/> Wed, 11 Dec 2013 18:34:48 GMT http://forum.geizhals.at/t836538,7387622.html#7387622 mjy@geizhals.at 2013-12-11T18:34:48Z http://forum.geizhals.at/t836538,7193729.html#7193729 <blockquote><br><br>Geizhals Bug Bounty Program<br>===========================================<br>DRAFT, valid from 21.12.2013 as published at that date.<br><br><br>General terms:<br><br><ul><br><li/> applies to websites using the domains: geizhals.at, geizhals.de, geizhals.eu, compare.eu, skinflint.co.uk, cenowarka.pl<br><li/>in some cases, multiple reports for seemingly different websites might refer to the exact same problem / piece of code, because e.g. skinflint.co.uk uses the same code as geizhals.at etc. - here we will consider these multiple reports as one at our discretion.<br><li/>we may offer to pay bounties in the form of Amazon vouchers (we will let you choose from Amazon.de, Amazon.co.uk and possibly others if we can pay them without tax issues)<br><li/>we will publish information about submissions with as much detail as we choose to<br><li/>first come, first serve - bounties are paid to first submitter only and only once per type of vulnerability (not for different ways of exploiting the same or for each account compromised etc.)<br><li/>damages caused unnecessarily will be subtracted from bounties (we'll be fair). If too much avoidable damage was caused, we may refuse to pay bounties (please don't do it, this bug bounty program does not exist in order to invite people to cause damage to us)<br><li/>known vulnerabilities we are trying to fix and published by us already, are excluded<br><li/>if multiple cases below apply, the highest is paid, except for vulnerable 3rd party code (i.e. Debian packages), where we pay only the bounty for that category (the best matching)<br><li/>all submissions must be sent to bugbounty@geizhals.at and readable with MUAs without HTML support<br><li/>exploit details must not be published elsewhere before we've had reasonable time to fix the problem<br><li/>we may update the terms / bounties however we wish at any time without prior notice, however for submitted bugs sent before new terms are announced, the old terms will apply<br><li/>we must be able to reproduce reported bugs without an unusual/exotic platform/configuration<br><li/>we will try to be as fair and objective as possible, however if we cannot afford some bounties or&nbsp;&nbsp;if we made stupid mistakes in the terms published that allow exploitation in an unintended way, we&nbsp;&nbsp;reserve the right to refuse bounties. Please be fair and reasonable too!<br></ul><br><br>SEVERITY&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; BOUNTY&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;EXTRA TERMS<br>-------------------------------------------------------------------------<br>XSS&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€50&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br><br>CSRF&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; €50&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if user data can be manipulated through 3rd party websites<br><br>SQL Injection&nbsp;&nbsp; €100<br><br>Capturing a user<br>account&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€150&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Brute-forcing, phishing or MITM are not applicable. Using XSS: <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; XSS bounty above will apply.<br><br>Severe DoS<br>opportunity&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€100&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;When a particular request/URL causes effective DoS with <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1 hit per 60 seconds (yes we know about forum search and<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; best merchant combination calculations, they are slow...)<br><br>Remote code<br>execution/login&nbsp;&nbsp;&nbsp;&nbsp;€300<br><br>Remote code exec.<br>as root&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€1000<br><br>Any of the above <br>when caused by 3rd<br>party bug with fix<br>available for 48h<br>or longer&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€200<br><br>Any of the above <br>when caused by 3rd<br>party bug with fix<br>available for &lt;48h €0 (because we'll hopefully fix it automatically)<br><br>Any of the above<br>when caused by 3rd<br>party bug with NO<br>fix available yet&nbsp;&nbsp;CONTACT DEBIAN/appropriate authorities urgently!<br><br></blockquote><br><br/> Wed, 11 Dec 2013 18:34:48 GMT http://forum.geizhals.at/t836538,7193729.html#7193729 mjy@geizhals.at 2013-12-11T18:34:48Z http://forum.geizhals.at/t836538,7192343.html#7192343 <blockquote><br><br>Geizhals Bug Bounty Program<br>===========================================<br>DRAFT, valid from 21.12.2013 as published at that date.<br><br><br>General terms:<br><br><ul><br><li/> applies to websites using the domains: geizhals.at, geizhals.de, geizhals.eu, compare.eu, skinflint.co.uk, cenowarka.pl<br><li/>we may offer to pay bounties in the form of Amazon vouchers (we will let you choose from Amazon.de, Amazon.co.uk and possibly others if we can pay them without tax issues)<br><li/>we will publish information about submissions with as much detail as we choose to<br><li/>first come, first serve - bounties are paid to first submitter only and only once per type of vulnerability (not for different ways of exploiting the same or for each account compromised etc.)<br><li/>damages caused unnecessarily will be subtracted from bounties (we'll be fair). If too much avoidable damage was caused, we may refuse to pay bounties (please don't do it, this bug bounty program does not exist in order to invite people to cause damage to us)<br><li/>known vulnerabilities we are trying to fix and published by us already, are excluded<br><li/>if multiple cases below apply, the highest is paid, except for vulnerable 3rd party code (i.e. Debian packages), where we pay only the bounty for that category (the best matching)<br><li/>all submissions must be sent to bugbounty@geizhals.at and readable with MUAs without HTML support<br><li/>exploit details must not be published elsewhere before we've had reasonable time to fix the problem<br><li/>we may update the terms / bounties however we wish at any time without prior notice, however for submitted bugs sent before new terms are announced, the old terms will apply<br><li/>we must be able to reproduce reported bugs without an unusual/exotic platform/configuration<br><li/>we will try to be as fair and objective as possible, however if we cannot afford some bounties or&nbsp;&nbsp;if we made stupid mistakes in the terms published that allow exploitation in an unintended way, we&nbsp;&nbsp;reserve the right to refuse bounties. Please be fair and reasonable too!<br></ul><br><br>SEVERITY&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; BOUNTY&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;EXTRA TERMS<br>-------------------------------------------------------------------------<br>XSS&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€50&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br><br>CSRF&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; €50&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if user data can be manipulated through 3rd party websites<br><br>SQL Injection&nbsp;&nbsp; €100<br><br>Capturing a user<br>account&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€150&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Brute-forcing, phishing or MITM are not applicable. Using XSS: <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; XSS bounty above will apply.<br><br>Severe DoS<br>opportunity&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€100&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;When a particular request/URL causes effective DoS with <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1 hit per 60 seconds (yes we know about forum search and<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; best merchant combination calculations, they are slow...)<br><br>Remote code<br>execution/login&nbsp;&nbsp;&nbsp;&nbsp;€300<br><br>Remote code exec.<br>as root&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€1000<br><br>Any of the above <br>when caused by 3rd<br>party bug with fix<br>available for 48h<br>or longer&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€200<br><br>Any of the above <br>when caused by 3rd<br>party bug with fix<br>available for &lt;48h €0 (because we'll hopefully fix it automatically)<br><br>Any of the above<br>when caused by 3rd<br>party bug with NO<br>fix available yet&nbsp;&nbsp;CONTACT DEBIAN/appropriate authorities urgently!<br><br></blockquote><br><br/> Wed, 11 Dec 2013 18:34:48 GMT http://forum.geizhals.at/t836538,7192343.html#7192343 mjy@geizhals.at 2013-12-11T18:34:48Z http://forum.geizhals.at/t836538,7192337.html#7192337 <blockquote><br><br>Geizhals Bug Bounty Program<br>===========================================<br>DRAFT, valid from 21.12.2013 as published at that date.<br><br><br>General terms:<br><br>* applies to websites using the domains: geizhals.at, geizhals.de, geizhals.eu, compare.eu, skinflint.co.uk, cenowarka.pl<br>* we may offer to pay bounties in the form of Amazon vouchers (we will let you choose from Amazon.de, Amazon.co.uk and possibly others if we can pay them without tax issues)<br>* we will publish information about submissions with as much detail as we choose to<br>* first come, first serve - bounties are paid to first submitter only and only once per type of vulnerability (not for different ways of exploiting the same or for each account compromised etc.)<br>* damages caused unnecessarily will be subtracted from bounties (we'll be fair). If too much avoidable damage was caused, we may refuse to pay bounties (please don't do it, this bug bounty program does not exist in order to invite people to cause damage to us)<br>* known vulnerabilities we are trying to fix and published by us already, are excluded<br>* if multiple cases below apply, the highest is paid, except for vulnerable 3rd party code (i.e. Debian packages), where we pay only the bounty for that category (the best matching)<br>* all submissions must be sent to bugbounty@geizhals.at and readable with MUAs without HTML support<br>* we may update the terms / bounties however we wish at any time without prior notice, however for submitted<br>&nbsp;&nbsp;bugs sent before new terms are announced, the old terms will apply<br>* we must be able to reproduce reported bugs without an unusual/exotic platform/configuration<br>* we will try to be as fair and objective as possible, however if we cannot afford some bounties or&nbsp;&nbsp;if we made stupid mistakes in the terms published that allow exploitation in an unintended way, we&nbsp;&nbsp;reserve the right to refuse bounties. Please be fair and reasonable too!<br><br>SEVERITY&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; BOUNTY&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;EXTRA TERMS<br>-------------------------------------------------------------------------<br>XSS&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€50&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br><br>CSRF&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; €50&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if user data can be manipulated through 3rd party websites<br><br>SQL Injection&nbsp;&nbsp; €100<br><br>Capturing a user<br>account&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€150&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Brute-forcing, phishing or MITM are not applicable. Using XSS: <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; XSS bounty above will apply.<br><br>Severe DoS<br>opportunity&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€100&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;When a particular request/URL causes effective DoS with <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1 hit per 60 seconds (yes we know about forum search and<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; best merchant combination calculations, they are slow...)<br><br>Remote code<br>execution/login&nbsp;&nbsp;&nbsp;&nbsp;€300<br><br>Remote code exec.<br>as root&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€1000<br><br>Any of the above <br>when caused by 3rd<br>party bug with fix<br>available for 48h<br>or longer&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€200<br><br>Any of the above <br>when caused by 3rd<br>party bug with fix<br>available for &lt;48h €0 (because we'll hopefully fix it automatically)<br><br>Any of the above<br>when caused by 3rd<br>party bug with NO<br>fix available yet&nbsp;&nbsp;CONTACT DEBIAN/appropriate authorities urgently!<br><br></blockquote><br><br/> Wed, 11 Dec 2013 18:34:48 GMT http://forum.geizhals.at/t836538,7192337.html#7192337 mjy@geizhals.at 2013-12-11T18:34:48Z http://forum.geizhals.at/t836538,7192336.html#7192336 <br><div class=code><pre> Geizhals Bug Bounty Program =========================================== DRAFT, valid from 21.12.2013 as published at that date. General terms: * applies to websites using the domains: geizhals.at, geizhals.de, geizhals.eu, compare.eu, skinflint.co.uk, cenowarka.pl * we may offer to pay bounties in the form of Amazon vouchers (we will let you choose from Amazon.de, Amazon.co.uk and possibly others if we can pay them without tax issues) * we will publish information about submissions with as much detail as we choose to * first come, first serve - bounties are paid to first submitter only and only once per type of vulnerability (not for different ways of exploiting the same or for each account compromised etc.) * damages caused unnecessarily will be subtracted from bounties (we'll be fair). If too much avoidable damage was caused, we may refuse to pay bounties (please don't do it, this bug bounty program does not exist in order to invite people to cause damage to us) * known vulnerabilities we are trying to fix and published by us already, are excluded * if multiple cases below apply, the highest is paid, except for vulnerable 3rd party code (i.e. Debian packages), where we pay only the bounty for that category (the best matching) * all submissions must be sent to bugbounty@geizhals.at and readable with MUAs without HTML support * we may update the terms / bounties however we wish at any time without prior notice, however for submitted bugs sent before new terms are announced, the old terms will apply * we must be able to reproduce reported bugs without an unusual/exotic platform/configuration * we will try to be as fair and objective as possible, however if we cannot afford some bounties or if we made stupid mistakes in the terms published that allow exploitation in an unintended way, we reserve the right to refuse bounties. Please be fair and reasonable too! SEVERITY BOUNTY EXTRA TERMS ------------------------------------------------------------------------- XSS €50 CSRF €50 if user data can be manipulated through 3rd party websites SQL Injection €100 Capturing a user account €150 Brute-forcing, phishing or MITM are not applicable. Using XSS: XSS bounty above will apply. Severe DoS opportunity €100 When a particular request/URL causes effective DoS with 1 hit per 60 seconds (yes we know about forum search and best merchant combination calculations, they are slow...) Remote code execution/login €300 Remote code exec. as root €1000 Any of the above when caused by 3rd party bug with fix available for 48h or longer €200 Any of the above when caused by 3rd party bug with fix available for &lt;48h €0 (because we'll hopefully fix it automatically) Any of the above when caused by 3rd party bug with NO fix available yet CONTACT DEBIAN/appropriate authorities urgently! </pre></div><br><br/> Wed, 11 Dec 2013 18:34:48 GMT http://forum.geizhals.at/t836538,7192336.html#7192336 mjy@geizhals.at 2013-12-11T18:34:48Z http://forum.geizhals.at/t836538,7192338.html#7192338 <blockquote><br><br>Geizhals Bug Bounty Program<br>===========================================<br>DRAFT, valid from 21.12.2013 as published at that date.<br><br><br>General terms:<br><br><ul><br><li/> applies to websites using the domains: geizhals.at, geizhals.de, geizhals.eu, compare.eu, skinflint.co.uk, cenowarka.pl<br><li/>we may offer to pay bounties in the form of Amazon vouchers (we will let you choose from Amazon.de, Amazon.co.uk and possibly others if we can pay them without tax issues)<br><li/>we will publish information about submissions with as much detail as we choose to<br><li/>first come, first serve - bounties are paid to first submitter only and only once per type of vulnerability (not for different ways of exploiting the same or for each account compromised etc.)<br><li/>damages caused unnecessarily will be subtracted from bounties (we'll be fair). If too much avoidable damage was caused, we may refuse to pay bounties (please don't do it, this bug bounty program does not exist in order to invite people to cause damage to us)<br><li/>known vulnerabilities we are trying to fix and published by us already, are excluded<br><li/>if multiple cases below apply, the highest is paid, except for vulnerable 3rd party code (i.e. Debian packages), where we pay only the bounty for that category (the best matching)<br><li/>all submissions must be sent to bugbounty@geizhals.at and readable with MUAs without HTML support<br><li/>we may update the terms / bounties however we wish at any time without prior notice, however for submitted bugs sent before new terms are announced, the old terms will apply<br><li/>we must be able to reproduce reported bugs without an unusual/exotic platform/configuration<br><li/>we will try to be as fair and objective as possible, however if we cannot afford some bounties or&nbsp;&nbsp;if we made stupid mistakes in the terms published that allow exploitation in an unintended way, we&nbsp;&nbsp;reserve the right to refuse bounties. Please be fair and reasonable too!<br></ul><br><br>SEVERITY&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; BOUNTY&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;EXTRA TERMS<br>-------------------------------------------------------------------------<br>XSS&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€50&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br><br>CSRF&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; €50&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if user data can be manipulated through 3rd party websites<br><br>SQL Injection&nbsp;&nbsp; €100<br><br>Capturing a user<br>account&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€150&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Brute-forcing, phishing or MITM are not applicable. Using XSS: <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; XSS bounty above will apply.<br><br>Severe DoS<br>opportunity&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€100&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;When a particular request/URL causes effective DoS with <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1 hit per 60 seconds (yes we know about forum search and<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; best merchant combination calculations, they are slow...)<br><br>Remote code<br>execution/login&nbsp;&nbsp;&nbsp;&nbsp;€300<br><br>Remote code exec.<br>as root&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€1000<br><br>Any of the above <br>when caused by 3rd<br>party bug with fix<br>available for 48h<br>or longer&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€200<br><br>Any of the above <br>when caused by 3rd<br>party bug with fix<br>available for &lt;48h €0 (because we'll hopefully fix it automatically)<br><br>Any of the above<br>when caused by 3rd<br>party bug with NO<br>fix available yet&nbsp;&nbsp;CONTACT DEBIAN/appropriate authorities urgently!<br><br></blockquote><br><br/> Wed, 11 Dec 2013 18:34:48 GMT http://forum.geizhals.at/t836538,7192338.html#7192338 mjy@geizhals.at 2013-12-11T18:34:48Z http://forum.geizhals.at/t836538,7387623.html#7387623 <blockquote><br><br>Geizhals Bug Bounty Program<br>===========================================<br>DRAFT, valid from 27.11.2014 as published at that date.<br><br><br>General terms:<br><br><ul><br><li/> applies to websites explicitly and directly using the domains: geizhals.at, geizhals.de, geizhals.eu, compare.eu, skinflint.co.uk, cenowarka.pl, bepixelung.org, metashop.at<br><li/>in some cases, multiple reports for seemingly different websites might refer to the exact same problem / piece of code, because e.g. skinflint.co.uk uses the same code as geizhals.at etc. - here we will consider these multiple reports as one at our discretion. Specifically, this is true for Forum HTML filtering in multiple places (guestbook, posts, signature ...)<br><li/>we may offer to pay bounties in the form of Amazon vouchers (we will let you choose from Amazon.de, Amazon.co.uk and possibly others if we can pay them without tax issues)<br><li/>we will publish information about submissions with as much detail as we choose to<br><li/>first come, first serve - bounties are paid to first submitter only and only once per type of vulnerability (not for different ways of exploiting the same or for each account compromised etc.)<br><li/>damages caused unnecessarily will be subtracted from bounties (we'll be fair). If too much avoidable damage was caused, we may refuse to pay bounties (please don't do it, this bug bounty program does not exist in order to invite people to cause damage to us)<br><li/>known vulnerabilities we are trying to fix and published by us already, are excluded<br><li/>if multiple cases below apply, the highest is paid, except for vulnerable 3rd party code (i.e. Debian packages), where we pay only the bounty for that category (the best matching)<br><li/>all submissions must be sent to bugbounty@geizhals.at and readable with MUAs without HTML support<br><li/>exploit details must not be published elsewhere before we've had reasonable time to fix the problem<br><li/>we may update the terms / bounties however we wish at any time without prior notice, however for submitted bugs sent before new terms are announced, the old terms will apply<br><li/>we must be able to reproduce reported bugs without an unusual/exotic platform/configuration<br><li/>we will try to be as fair and objective as possible, however if we cannot afford some bounties or&nbsp;&nbsp;if we made stupid mistakes in the terms published that allow exploitation in an unintended way, we&nbsp;&nbsp;reserve the right to refuse bounties. Please be fair and reasonable too!<br></ul><br><br>SEVERITY&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; BOUNTY&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;EXTRA TERMS<br>-------------------------------------------------------------------------<br>XSS&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€100&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br><br>CSRF&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; €100&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if user data can be manipulated through 3rd party websites<br><br>SQL Injection&nbsp;&nbsp; €200<br><br>Capturing a user<br>account&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€150&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Brute-forcing, phishing or MITM are not applicable. Using XSS: <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; XSS bounty above will apply.<br><br>Severe DoS<br>opportunity&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€200&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;When a particular request/URL causes effective DoS with <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1 hit per 60 seconds (yes we know about forum search and<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; best merchant combination calculations, they are slow...)<br><br>Remote code<br>execution/login&nbsp;&nbsp;&nbsp;&nbsp;€500<br><br>Remote code exec.<br>as root&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€1000<br><br>Any of the above <br>when caused by 3rd<br>party bug with fix<br>available for 48h<br>or longer&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;€200<br><br>Any of the above <br>when caused by 3rd<br>party bug with fix<br>available for &lt;48h €0 (because we'll hopefully fix it automatically)<br><br>Any of the above<br>when caused by 3rd<br>party bug with NO<br>fix available yet&nbsp;&nbsp;CONTACT DEBIAN/appropriate authorities urgently!<br><br></blockquote><br><br><hr/><br>2014-11-27: more explicit wording regarding the domain/URL scope<br>2013-12-26: added bepixelung.org, metashop.at<br>2013-12-19: increased bounties<br><br><br/> Wed, 11 Dec 2013 18:34:48 GMT http://forum.geizhals.at/t836538,7387623.html#7387623 mjy@geizhals.at 2013-12-11T18:34:48Z http://forum.geizhals.at/t836538,7996855.html#7996855 The Geizhals Bug Bounty Program page has moved to <a href="http://unternehmen.geizhals.at/about/en/info/bugbounty-program/" rel="noopener" target="_blank">http:/<wbr/>/<wbr/>unternehmen.geizhals.at/<wbr/>about/<wbr/>en/<wbr/>info/<wbr/>bugbounty-program/<wbr/></a> <br/> Wed, 11 Dec 2013 18:34:48 GMT http://forum.geizhals.at/t836538,7996855.html#7996855 mjy@geizhals.at 2013-12-11T18:34:48Z http://forum.geizhals.at/t836538,7996856.html#7996856 <strong><br>The Geizhals Bug Bounty Program page has moved to <a href="http://unternehmen.geizhals.at/about/en/info/bugbounty-program/" rel="noopener" target="_blank">http:/<wbr/>/<wbr/>unternehmen.geizhals.at/<wbr/>about/<wbr/>en/<wbr/>info/<wbr/>bugbounty-program/<wbr/></a> <br></strong></p><br/> Wed, 11 Dec 2013 18:34:48 GMT http://forum.geizhals.at/t836538,7996856.html#7996856 mjy@geizhals.at 2013-12-11T18:34:48Z http://forum.geizhals.at/t836538,7996857.html#7996857 <strong><br>The Geizhals Bug Bounty Program page has moved to <a href="https://unternehmen.geizhals.at/about/en/info/bugbounty-program/" rel="noopener" target="_blank">https:/<wbr/>/<wbr/>unternehmen.geizhals.at/<wbr/>about/<wbr/>en/<wbr/>info/<wbr/>bugbounty-program/<wbr/></a> <br></strong></p><br/> Wed, 11 Dec 2013 18:34:48 GMT http://forum.geizhals.at/t836538,7996857.html#7996857 mjy@geizhals.at 2013-12-11T18:34:48Z