Explore >> Select a destination
|
You are here 
|
labanskoller.se | ||
| | | | |
alexsci.com
|
|
| | | | | A review of HSTS and HSTS preload list growth | |
| | | | |
educatedguesswork.org
|
|
| | | | | ||
| | | | |
nv1t.github.io
|
|
| | | | | I've identified a security concern within the self-hosted file sharing tool ProjectSend in the current version r1605. By exploiting a chain of vulnerabilities - including Cross-Site Scripting (XSS), Insecure Direct Object Reference (IDOR), and weaknesses in its change password implementation - an authenticated attacker can force a logged-in user to unknowingly change their account password, by clicking a link. But let me explain the attack in detail. | |
| | | | |
www.wired.com
|
|
| | | Plus: The US Marshals disclose a "major" cybersecurity incident, T-Mobile has gotten pwned so much, and more. | ||
