• |

    Smuggling an (Un)exploitable XSS


  • |

    H1-212 CTF: Breaking the Teapot!

  • |

    CVE-2017-14955: Win a Race Against Check_mk to Dump All Your Login Data

  • |

    CVE-2017-14956: AlienVault USM Leaks Sensitive Compliance Information via CSRF


  • VideoCharge Studio v2.12.3.685 GetHttpResponse() Remote Code Execution

    I’m focusing on exploit development at the moment and it’s time to raise the level to my personal next challenge: I’ve rm -rf’ed my Windows XP virtual machine! Now I’m happy to announce and document my first full VirtualProtect() ROP Remote Code Execution Exploit, which bypasses all known security mechanisms on Windows 7 – like SafeSEH, […]

    /

  • Mandriva, Netcup, Teamdrive and Wallstreet-Online Fix XSS Vulnerabilities

    It’s 2014 and I have to tidy up my discovery archive a bit 😉 . Before joining the Internetwache.org project I have coordinated all found vulnerabilities by myself and these are the last ones which have been fixed in late 2013. All further website-based vulnerabilities will be released over at our project page – because […]

    /

  • All About Surveillance: My Impressions of the #30C3

    Hello Readers, The rocket landed in Hamburg again 🙂 ! I’ve attended the last Chaos Communication Congress in December and need to say thank you to the organizers of the congress who did a really awesome job (again) on bringing together geeks, freaks, hackers and activists of all kind! Another thanks go directly to my […]

    /

  • CVE-2013-3934: Kingsoft Office Writer v2012 8.1.0.3385 Buffer Overflow SafeSEH Bypass Exploit

    Hello readers, Pop a calculator here, pop one there! I’m focusing on exploit development at the moment, because I love calculators ;-). My exploit targets the vulnerability described in CVE-2013-3934: Stack-based buffer overflow in Kingsoft Writer 2012 8.1.0.3030, as used in Kingsoft Office 2013 before 9.1.0.4256, allows remote attackers to execute arbitrary code via a […]

    /

  • CVE-2013-6356: Avira Secure Backup v1.0.0.1 Buffer Overflow – Anatomy of a Vulnerability

    Hello Followers, Avira is one of the leading Anti-Virus vendors and also the biggest one in Germany. Security is their daily business and they’ve done a quite nice job in hardening their products. But even the toughest software may be broken sometimes ;-). So, this time I’d like to present a common vulnerability with a […]

    /

  • CVE-2013-5702: Watchguard Server Center v11.7.4 Multiple XSS Vulnerabilities

    Great news from the vulnerability front! I’m happy to see that the quality of vulnerability coordination with Watchguard evolved to my satisfaction during the past few months and the following new vulnerability disclosure proves that. Reported –> ACK’ed –> bypassed –> fixed –> Update v 11.8 released, which fixes the XSS issues! The vulnerabilities are standard […]

    /

  • PayPal Bug Bounty: PayPaltech.com E-Mail Injection’

    Bag the bug! I’ve reported another interesting vulnerability to the PayPal site security team in May 2013 affecting their domain www.paypaltech.com, which is in scope of the official Bug Bounty program. But this time, it’s not one of the common web vulnerabilities! I’m talking about a quite hazardous E-Mail Injection vulnerability paired with a less interesting […]

    /

  • CVE-2013-5701: Watchguard Server Center v11.7.4 wgpr.dll Local Privileges Escalation Vulnerability

    Hello readers, this is my first article in a series about vulnerabilities in Watchguard products. Watchguard is a self-proclaimed NextGen Security vendor building security appliances for complete network protection. As I am working with Watchguard products for around 2 years now, I have to say that their firewall products are useable – especially if you’re […]

    /

  • Inshell Goes RCE – Upgraded and Rebooted

    I am happy to announce some really awesome changes! Do you quit while you’re ahead?I’ve been blogging on Inshell.net for about 1,5 years now, and during this time I constantly received more and more positive feedbacks from different vendors, I’ve worked with in a responsible disclosure manner. That led to some really challenging paid freelance […]

    /