|
You are here |
positive.security | ||
| | | | |
evilpacket.net
|
|
| | | | | a blog about my security research, development, and other things. | |
| | | | |
alesandroortiz.com
|
|
| | | | | Alesandro Ortiz: Software Engineer. Security Researcher. | |
| | | | |
nv1t.github.io
|
|
| | | | | I've identified a security concern within the self-hosted file sharing tool ProjectSend in the current version r1605. By exploiting a chain of vulnerabilities - including Cross-Site Scripting (XSS), Insecure Direct Object Reference (IDOR), and weaknesses in its change password implementation - an authenticated attacker can force a logged-in user to unknowingly change their account password, by clicking a link. But let me explain the attack in detail. | |
| | | | |
www.cyberkendra.com
|
|
| | | SOCKS5 heap buffer overflow vulnerability in Curl lead to arbitrary remote code execution. | ||