Explore >> Select a destination

You are here

 labanskoller.se
Laban Sköllermark | Man-in-The-Middle Session Fixation in Securitas Direct My Pages
| | www.geekboy.ninja
Exploiting Misconfigured CORS via Wildcard Subdomains | Geekboy | Security Researcher
4.0 parsecs away

Travel
| |
| | educatedguesswork.org
Understanding The Web Security Model, Part II: Web Applications
4.5 parsecs away

Travel
| | [AI summary] The post explains how web applications like shopping carts and chat interfaces are built using HTML forms, cookies for state management, JavaScript for dynamic updates, and JSON-based APIs.
| | nv1t.github.io
ProjectSend - Stored XSS to Account Takeover
4.5 parsecs away

Travel
| | I've identified a security concern within the self-hosted file sharing tool ProjectSend in the current version r1605. By exploiting a chain of vulnerabilities - including Cross-Site Scripting (XSS), Insecure Direct Object Reference (IDOR), and weaknesses in its change password implementation - an authenticated attacker can force a logged-in user to unknowingly change their account password, by clicking a link. But let me explain the attack in detail.
| | www.itechpost.com
F5 BIG-IP in Big Trouble With CVE-2022-1388 Vulnerability - Patch ASAP!
22.6 parsecs away

Travel
| A critical vulnerability CVE-2022-1388 creates great concern for F5 BIG-IP products. Will patching make life better for the admins?