September 2015 – RCE Security

CVE-2015-5956: Bypassing the TYPO3 Core XSS Filter

TYPO3 is the most widely used enterprise content management system with more than 500.000 installations. I have recently discovered a Non-Persistent Cross-Site Scripting vulnerability in its core and disclosed the details of the vulnerability publicly as CVE-2015-5956. This blog article should give you

CVE-2014-7216: A Journey Through Yahoo’s Bug Bounty Program

I have published another security advisory about a vulnerability, which I have “recently” reported to Yahoo! via their Bug-Bounty program hosted by HackerOne. So this blog post is about the technical details of the CVE-2014-7216 (which is not very thrilling), but