Outer Web | Explore

Explore >> Select a destination

You are here		positive.security From XSS to RCE (dompdf 0day) \| Positive Security
\|	\|	evilpacket.net CVE / Vulnerabilities / Advisories	5.4 parsecs away Travel
\|	\|	a blog about my security research, development, and other things.	5.4 parsecs away Travel
\|	\|	nv1t.github.io ProjectSend - Stored XSS to Account Takeover	4.8 parsecs away Travel
\|	\|	I've identified a security concern within the self-hosted file sharing tool ProjectSend in the current version r1605. By exploiting a chain of vulnerabilities - including Cross-Site Scripting (XSS), Insecure Direct Object Reference (IDOR), and weaknesses in its change password implementation - an authenticated attacker can force a logged-in user to unknowingly change their account password, by clicking a link. But let me explain the attack in detail.	4.8 parsecs away Travel
\|	\|	statuscode.ch From Markdown to RCE in Atom - Lukas' Random Thoughts	4.4 parsecs away Travel
\|	\|	Recently I took a look atAtom, a text editor by GitHub. With a little bit of work, I was able to chain multiple vulnerabilities in Atom into an actual Remote Code Execution. The vulnerabilities have been fixed in the1.21.1 release on October 12th, 2017after I reported it via theirHackerOne program. In case you want to...	4.4 parsecs away Travel
\|	\|	www.juanfernandes.uk Improving Website Security - Blog - Juan Fernandes - Freelance Web Designer	19.9 parsecs away Travel
\|		Since WebPageTest.org started testing website security, I wanted to learn more about it & figure out how to improve my website security using headers on Netlify	19.9 parsecs away Travel