Outer Web | Explore

Explore >> Select a destination

You are here		blog.kotowicz.net How to upload arbitrary file contents cross-domain
\|	\|	bogs.io bogs.io \| Complete Guide to CSRF	4.6 parsecs away Travel
\|	\|	CSRF stands for Cross-Site Request Forgery and is one of the most "popular" web application vulnerabilities	4.6 parsecs away Travel
\|	\|	nv1t.github.io ProjectSend - Stored XSS to Account Takeover	4.6 parsecs away Travel
\|	\|	I've identified a security concern within the self-hosted file sharing tool ProjectSend in the current version r1605. By exploiting a chain of vulnerabilities - including Cross-Site Scripting (XSS), Insecure Direct Object Reference (IDOR), and weaknesses in its change password implementation - an authenticated attacker can force a logged-in user to unknowingly change their account password, by clicking a link. But let me explain the attack in detail.	4.6 parsecs away Travel
\|	\|	statuscode.ch Security and Nextcloud 9 - Lukas' Random Thoughts	4.4 parsecs away Travel
\|	\|	We're constantly working on adding more security features and hardenings to Nextcloud, after all it's your data and it has to be protected properly. While the Nextcloud 9 release fixes a critical security issue (we have informed upstream about this but in the meanwhile recommend upgrading as soon as possible) it also adds another new...	4.4 parsecs away Travel
\|	\|	dgroshev.com I don't want to know IPs: encryption in TORRENTDYNE \| Dan Groshev	25.2 parsecs away Travel
\|		[AI summary] The author discusses the challenges and solutions for implementing a secure, privacy-preserving BitTorrent connectivity testing tool using cryptographic techniques like asymmetric encryption and HMAC to protect user IP addresses.	25.2 parsecs away Travel