by Julien Ahrens | Friday, October 13, 2017 | Advisory, CVE
I usually try to avoid blogging about Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities, just because they are basically everywhere – except if they can be used to achieve something cool 😉 In this specific case I have found a particularly...
by Julien Ahrens | Wednesday, March 1, 2017 | Advisory, Bug Bounty
In late January, I have found and reported a Server-Side Request Forgery (SSRF) vulnerability on toolbox.googleapps.com to Google’s VRP, which could be used to discover and query internal Google DNS servers to extract all kinds of corporate...
by Julien Ahrens | Monday, January 23, 2017 | Advisory, CVE
I’m quite busy with bug bounties lately, but sometimes I still discover stuff, which might also be interesting for the rest of you ;-). So here’s quick writeup about a quite interesting vulnerability in the open source...
by Julien Ahrens | Wednesday, September 16, 2015 | Advisory, CVE
by Julien Ahrens | Thursday, September 3, 2015 | Advisory, CVE
I have published another security advisory about a vulnerability, which I have “recently” reported to Yahoo! via their Bug-Bounty program hosted by HackerOne. So this blog post is about the technical details of the CVE-2014-7216 (which is not very...
by Julien Ahrens | Saturday, April 26, 2014 | Advisory
The German Magix Software GmbH rewarded me with a Hall of Fame listing and a free Magix Music Maker 2014 Premium license for my reports of several serious security issues in the online infrastructures of magix.com and xara.com, which...
