RCE Security

Julien Ahrens

Vulnerability Intel, ROP Gadget Hunter, Privacy Enthusiast, Full-time BugBounty hunter, @Hacker0x01 MVH, @SynackRedTeam member

OSCP Course and Exam Review

6 minute read

As you may have noticed - it went quiet on my blog in the last few weeks. I was heavily working on the challenging Offensive-Security Labs to obtain my Offen...

PayPal Bug Bounty: PayPaltech.com XSS

less than 1 minute read

Great news! Today I received the second payment for another valid Cross-Site Scripting vulnerability covered by PayPal’s bug bounty program. This time the d...

Bezirk-Niederbayern.de Fixes Critical SQL-Injection Flaw After 8 Months - Are We Ready For CyberWar?

2 minute read

That’s amazing bad. Where should I start? In July 2012 I’ve reported a critical SQL - Injection flaw on the official website of Lower Bavaria alongside anoth...

Photodex ProShow Producer Vulnerability #6: ScsiAccess Local Privilege Escalation

1 minute read

OK…honestly… I promise (!)… this is the last advisory about the ProShow Producer application, but also the most dangerous one with a CVSS Score of 7,2 and ex...

TÜV-Nord Fixes Multiple XSS Flaws after Consulting the Data Security Officer of Niedersachsen