by Julien Ahrens | Saturday, January 26, 2013 | Exploit
After my last advisory about the ProShow Producer application by Photodex and the nice Metasploit module created by mr.pr0n, I decided to dig deeper into this application, because the vendor does not care about his product security! The application is...
by Julien Ahrens | Tuesday, January 15, 2013 | General
Last year while playing with the famous peach fuzzer for the first time, I discovered two Remote Denial of Service vulnerabilities in the DNS and HTTP modules of the handy all-in-one server “Serva”. The root cause for both DoS conditions are standard...
by Julien Ahrens | Wednesday, January 9, 2013 | Advisory
Another day, some new XSS flaws. At first the big fashion label Marc O’Polo fixed a major Cross-Site Scripting issue in their online shop system. Good news, because a malicious attacker was able to use this security hole to hijack (and steal) every account...
by Julien Ahrens | Sunday, December 30, 2012 | Conferences, General
The 29th annual Chaos Communication Congress under the slogan “Not my Department” arrived again in the most beautiful city in the world: Hamburg! The Congress moved from the Congress Center in Berlin, where people had to sit stacked (according to some...
by Julien Ahrens | Tuesday, November 27, 2012 | Advisory
In early November, I found several Cross-Site Scripting vulnerabilites on the official website of the bavarian social democrats (also called “SPD” – which is the oldest political party in Germany) and immediately notified the official press office...
