Hello, I’m Howard, an athlete and cyber security researcher.
I am a Technical Manager for Aon’s Cyber Solutions, where I primarily perform red teams, web application testing and pretty much everything else… I spend my spare time running, hiking and researching.
Accolades / CVEs / Stuff
A list of my CVEs :)
CVE-2021-20595
Mitsubishi XXE / DoS
CVE-2021-20698
Sharp / NEC Buffer Overflow (RCE / Command Injection)
CVE-2021-20699
Sharp / NEC Buffer Overflow (RCE / Command Injection)
CVE-2021-40144
Command Injection in Araknis Networks AN-210 Network Switches
CVE-2021-40844
Command Injection in Araknis Networks AN-810 Access Points
CVE-2021-42661
Command Injection in Araknis Networks AN-700-O Access Points
Asus Stuff
CVE-2022-26673
Stored XSS in Asus Routers
CVE-2022-26674
Authenticated Format String RCE in Asus httpd (dope)
CVE-2023-34358
Unauthenticated DoS Condition in Asus httpd
CVE-2023-34359
Unauthenticated DoS Condition in Asus httpd
CVE-2023-34360
Stored XSS in Asus httpd
CVE-2023-41349
Format String DoS / Memory Leak (ASLR / PIE Bypass)
CVE-2024-31159
Reflected XSS in Asus Download Master
CVE-2024-31160
Stored XSS in Asus Download Master
CVE-2024-31161
Arbitrary file upload / directory traversal in Asus Download Master
CVE-2024-31162
Command injections in Asus Download Master
CVE-2024-31163
Buffer overflows in Asus Download Master
Jitbit CVEs
XSS, Reflected and Stored
Publishing: TBD
- CVE-2023-29648
- CVE-2023-29649
- CVE-2023-29650
- CVE-2023-34555
- CVE-2023-34556
- CVE-2023-34557
- CVE-2023-34558
- CVE-2023-34559
- CVE-2023-34560
Microsoft
Feb 29, 2024 “acknowledgement” in online services for Teams SSRF
More incoming from MS.