Explore >> Select a destination
|
You are here 
|
pentesting.dhound.io | ||
| | | | |
malgregator.com
|
|
| | | | | 35-year-old vulnerability has been discovered in the SCP file transfer utility. According to the advisory impact section, 'Malicious scp server can write arbitrary files to scp target directory, change the target directory permissions and to spoof the client output.' | |
| | | | |
notsosecure.com
|
|
| | | | | Cryptography has various advantages including confidentiality of information. However overzealous reliance on cryptography for securing applications is a bad idea. In this blog Sunil Yadav our lead trainer for "Appsec for Developers" training class, will discuss a case study where a SQL injection vulnerability was identified and exploited via an encrypted payload. Note: We are | |
| | | | |
claroty.com
|
|
| | | | | Team82 uncovered eight vulnerabilities that not only bypassed the authentication and authorization features in Unitronics UniStream PLCs, but also were able to chain to gain remote code execution on the device. | |
| | | | |
mathieu.fenniak.net
|
|
| | | Cross-site request forgery (CSRF) is a type of security exploit where a user's web browser is tricked by a third-party site into performing actions on websites that the user is logged into. It is often a difficult attack to pull off, as it requires a number of factors to line up at once. Protecting against it requires good discipline and good design practices, especially when it comes to protecting Web APIs. Here's a brief example of a fictitious CSRF attack against a bank: | ||
