by Julien Ahrens | Monday, May 13, 2019 | CVE, Exploit
I came across an unauthenticated Remote Code Execution vulnerability (called CVE-2018-7841) on an IoT device which was apparently using a component provided by Schneider Electric called U.Motion Builder. While I’ve found it using my usual BurpSuite foo, I later...
by Julien Ahrens | Wednesday, October 18, 2017 | Advisory, CVE
by Julien Ahrens | Friday, October 13, 2017 | Advisory, CVE
I usually try to avoid blogging about Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities, just because they are basically everywhere – except if they can be used to achieve something cool 😉 In this specific case I have found a particularly...
by Julien Ahrens | Monday, January 23, 2017 | Advisory, CVE
I’m quite busy with bug bounties lately, but sometimes I still discover stuff, which might also be interesting for the rest of you ;-). So here’s quick writeup about a quite interesting vulnerability in the open source...
by Julien Ahrens | Wednesday, September 16, 2015 | Advisory, CVE
by Julien Ahrens | Thursday, September 3, 2015 | Advisory, CVE
I have published another security advisory about a vulnerability, which I have “recently” reported to Yahoo! via their Bug-Bounty program hosted by HackerOne. So this blog post is about the technical details of the CVE-2014-7216 (which is not very...
