by Julien Ahrens | Saturday, January 26, 2013 | Exploit
After my last advisory about the ProShow Producer application by Photodex and the nice Metasploit module created by mr.pr0n, I decided to dig deeper into this application, because the vendor does not care about his product security! The application is...
by Julien Ahrens | Tuesday, January 15, 2013 | General
Last year while playing with the famous peach fuzzer for the first time, I discovered two Remote Denial of Service vulnerabilities in the DNS and HTTP modules of the handy all-in-one server “Serva”. The root cause for both DoS conditions are standard...
by Julien Ahrens | Wednesday, January 9, 2013 | Advisory
Another day, some new XSS flaws. At first the big fashion label Marc O’Polo fixed a major Cross-Site Scripting issue in their online shop system. Good news, because a malicious attacker was able to use this security hole to hijack (and steal) every account...
by Julien Ahrens | Sunday, December 30, 2012 | Conferences, General
The 29th annual Chaos Communication Congress under the slogan “Not my Department” arrived again in the most beautiful city in the world: Hamburg! The Congress moved from the Congress Center in Berlin, where people had to sit stacked (according to some...
by Julien Ahrens | Tuesday, November 27, 2012 | Advisory
In early November, I found several Cross-Site Scripting vulnerabilites on the official website of the bavarian social democrats (also called “SPD” – which is the oldest political party in Germany) and immediately notified the official press office...
by Julien Ahrens | Wednesday, November 21, 2012 | General
Happy Birthday! Remember, remember, last year in November…My first post “Hello world” was born exactly one year ago, and many things have changed during the past 365 days. I have learned a lot on interesting security topics (and probably...
by Julien Ahrens | Monday, November 19, 2012 | Exploit
Here’s a working exploit for an already disclosed bug – including SafeSEH Bypass – and for the actual version, which is still vulnerable. Sadly. #!/usr/bin/python # Exploit Title: Format Factory v3.0.1 Profile File Handling Buffer Overflow...
by Julien Ahrens | Friday, November 9, 2012 | Advisory
Inshell Security Advisory Inshell Security Advisory Home 1\. ADVISORY INFORMATION ———————– Product: Zoner Photo Studio Vendor URL: www.zoner.com Type: Stack-based Buffer Overflow [CWE-121] Date found: 2012-10-17 Date...
by Julien Ahrens | Friday, November 9, 2012 | Exploit
My last advisory IA42 “Zoner Photo Studio v15 Build3 (Zps.exe) Registry Value Parsing Local Buffer Overflow” looks like a general exploitable vulnerability, but it is quite interesting to exploit because there is a major memory protection in use: SafeSEH....
by Julien Ahrens | Wednesday, October 10, 2012 | Bug Bounty
Great news! A few months ago I submitted a Cross-Site Scripting Vulnerability to the official Bug Bounty program of PayPal: It was accepted, fixed, and fully paid out, and I was very excited about the nice bounty :-). Additionally this has been my first participation...
