Explore >> Select a destination
|
You are here 
|
blog.kotowicz.net | ||
| | | | |
nv1t.github.io
|
|
| | | | | I've identified a security concern within the self-hosted file sharing tool ProjectSend in the current version r1605. By exploiting a chain of vulnerabilities - including Cross-Site Scripting (XSS), Insecure Direct Object Reference (IDOR), and weaknesses in its change password implementation - an authenticated attacker can force a logged-in user to unknowingly change their account password, by clicking a link. But let me explain the attack in detail. | |
| | | | |
zhero-web-sec.github.io
|
|
| | | | | [AI summary] A security researcher details exploitable cache poisoning and stored XSS vulnerabilities in Next.js versions 13.5.1 through 14.2.9, quantifying the six-figure bug bounty rewards earned from discovering these flaws. | |
| | | | |
statuscode.ch
|
|
| | | | | We're constantly working on adding more security features and hardenings to Nextcloud, after all it's your data and it has to be protected properly. While the Nextcloud 9 release fixes a critical security issue (we have informed upstream about this but in the meanwhile recommend upgrading as soon as possible) it also adds another new... | |
| | | | |
blog.doyensec.com
|
|
| | | Exploiting Client-Side Path Traversal to Perform Cross-Site Request Forgery - Introducing CSPT2CSRF | ||
