|
You are here |
mike.sherov.com | ||
| | | | |
labanskoller.se
|
|
| | | | | During 2021 I had access to a facility equipped with an alarm system from Securitas Direct. I had access as a regular user to Securitas Direct's My Pages at mypages-pro.securitas-direct.com, which is used to administer some aspects of one's security alarm installation. That web application suffered a CWE-384 Session Fixation vulnerability which can be used by an attacker in a so-called Man-In-The-Middle (MiTM) position. Home page of Securitas Direct My Pages In summary, if an attacker is on the same netw... | |
| | | | |
tom.vg
|
|
| | | | | [AI summary] This article explains cross-site and browser-based timing attacks that allow attackers to infer sensitive information from response sizes using side-channel leaks in web browsers. | |
| | | | |
adsecurity.org
|
|
| | | | | [AI summary] The article discusses the POODLE vulnerability in SSL 3.0, explaining its risks, exploitation scenarios, and mitigation strategies such as disabling SSL 3.0 and implementing TLS_FALLBACK_SCSV. | |
| | | | |
blog.doyensec.com
|
|
| | | Exploiting Client-Side Path Traversal to Perform Cross-Site Request Forgery - Introducing CSPT2CSRF | ||