whoami

My name is Julien Ahrens (also known as @MrTuxracer), I’m a 35-years full-time bug bounty hunter, exploit developer and freelancer. I founded this blog in 2011, when I started to get interested in security topics. My goal has always been to reflect my very own learning curve and to give back my very personal contribution to the security community.

Online publications about myself

I have also profiles on all major bug bounty platforms:

A complete overview of all coordinated/disclosed vulnerabilities can be found on the following sites:

CVE Track Record

Vendor/Product Type CVE(s)
Framer Preview Arbitrary URL Loading CVE-2020-25203
Acronis Cyber Backup Unauthenticated SSRF CVE-2020-16171
o2 Business App for Android Open Redirect CVE-2020-11882
Mailgun MJML Local File Inclusion CVE-2020-12827
Oracle Undisclosed CVE-2020-2870, CVE-2020-2871, CVE-2020-2872, CVE-2020-2873, CVE-2020-2874, CVE-2020-2876, CVE-2020-2877, CVE-2020-2878, CVE-2020-2879, CVE-2020-2880, CVE-2020-2881
WordPress SlickQuiz Stored Cross Site Scripting CVE-2019-12517
WordPress SlickQuiz SQL Injection CVE-2019-12516
Quest XSS CVE-2019-11604
Schneider Electric Remote Code Execution CVE-2018-7841
AlienVault Cross-Site Request Forgery CVE-2017-14956
Check_mk Information Disclosure CVE-2017-14955
Ubiquiti Privileges Escalation CVE-2016-6914
AlienVault Cross-Site Scripting CVE-2016-6913
Apache Archiva Cross-Site Scripting CVE-2016-5005
Apache Archiva Cross-Site Request Forgery CVE-2016-4469
Typo3 Cross-Site Scripting CVE-2015-5956
Yahoo Remote Code Execution CVE-2014-7216
Free Download Manager Remote Code Execution CVE-2014-2087
GetGo Download Manager Remote Code Execution CVE-2014-2206
Watchguard Cross-Site Scripting CVE-2013-5702
Watchguard Privileges Escalation CVE-2013-5701
Nullsoft WinAmp Denial of Service CVE-2013-4694
Ricoh Remote Code Execution CVE-2012-5002
C4B Xphone UC Cross-Site Scripting CVE-2012-4259
Lan Messenger Denial of Service CVE-2012-3845
GpsMadpEdit Denial of Service CVE-2012-6042
Astaro (now Sophos) Cross-Site Scripting CVE-2012-3238

About Disclosures!

Another important part of my work has always been (and will always be) the coordination of security vulnerabilities with vendors of all kinds. I think that especially the open source community, which is not backed up by a multi-billion dollar industry, deserves the free contribution of vulnerability information. Whenever possible, I’ll therefore try to follow my disclosure policy.

Lorem Ipsum

If you like to contribute something: info [a.t] rcesecurity [d.o.t] com

For an additional level of privacy: PGP-Key.

All data and information provided on this site is for informational purposes only. rcesecurity.com makes no representations as to accuracy, completeness, currentness, suitability, or validity of any information on this site and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use either directly or indirectly. All information is provided on an as-is basis.