Outer Web | Explore

Explore >> Select a destination

You are here		positive.security From XSS to RCE (dompdf 0day) \| Positive Security
\|	\|	nv1t.github.io ProjectSend - Stored XSS to Account Takeover	4.8 parsecs away Travel
\|	\|	I've identified a security concern within the self-hosted file sharing tool ProjectSend in the current version r1605. By exploiting a chain of vulnerabilities - including Cross-Site Scripting (XSS), Insecure Direct Object Reference (IDOR), and weaknesses in its change password implementation - an authenticated attacker can force a logged-in user to unknowingly change their account password, by clicking a link. But let me explain the attack in detail.	4.8 parsecs away Travel
\|	\|	alesandroortiz.com Web servers in mobile apps leak sensitive data · Alesandro Ortiz	3.9 parsecs away Travel
\|	\|	Alesandro Ortiz: Software Engineer. Security Researcher.	3.9 parsecs away Travel
\|	\|	statuscode.ch From Markdown to RCE in Atom - Lukas' Random Thoughts	4.4 parsecs away Travel
\|	\|	Recently I took a look atAtom, a text editor by GitHub. With a little bit of work, I was able to chain multiple vulnerabilities in Atom into an actual Remote Code Execution. The vulnerabilities have been fixed in the1.21.1 release on October 12th, 2017after I reported it via theirHackerOne program. In case you want to...	4.4 parsecs away Travel
\|	\|	www.markloveless.net Mastodon and Self-Hosting - Mark Loveless	24.3 parsecs away Travel
\|		Hosting your own Mastodon instance isn't for everyone, but if you decide to do it, it's probably easier than you think.	24.3 parsecs away Travel