Home The main page of the site Security Computer and network security stuff Projects Projects on which I spend some of my time Epifaq The famous Epita-Epitech FAQ

Security Advisories

Independent Security Research

Here are the security advisories that I have released, or plan to release in the near future. The naming convention is ASA-nnnn where ASA stands for "After" Security Advisory.

• ASA-0001: OpenBSD chpass/chfn/chsh file content leak
• ASA-0000: GV Execution of Arbitrary Shell Commands

Rapid7

I spend some of my time at Rapid7 doing security research and had the occasion to publish those as well (see below). The scariest one is probably R7-0022 because it demonstrates even security software vendors can make the most basic mistakes when implementing cryptography.

• R7-0033: Apache HTTP Server mod_proxy_ftp Wildcard Characters Cross-Site Scripting
• R7-0026: HTTP Header Injection Vulnerabilities in the Flash Player Plugin
• R7-0022: Symantec Scan Engine Known Immutable DSA Private Key
• R7-0021: Symantec Scan Engine Authentication Fundamental Design Error