Outer Web | Explore

Explore >> Select a destination

You are here		zhero-web-sec.github.io Next.js, cache, and chains: the stale elixir - zhero_web_security
\|	\|	labanskoller.se Laban Sköllermark \| Man-in-The-Middle Session Fixation in Securitas Direct My Pages	3.1 parsecs away Travel
\|	\|	During 2021 I had access to a facility equipped with an alarm system from Securitas Direct. I had access as a regular user to Securitas Direct's My Pages at mypages-pro.securitas-direct.com, which is used to administer some aspects of one's security alarm installation. That web application suffered a CWE-384 Session Fixation vulnerability which can be used by an attacker in a so-called Man-In-The-Middle (MiTM) position. Home page of Securitas Direct My Pages In summary, if an attacker is on the same netw...	3.1 parsecs away Travel
\|	\|	positive.security From XSS to RCE (dompdf 0day) \| Positive Security	3.9 parsecs away Travel
\|	\|	Using a still unpatched vulnerability in the PHP library dompdf (used for rendering PDFs from HTML), we achieved RCE on a web server with merely a reflected XSS vulnerability as entry point.	3.9 parsecs away Travel
\|	\|	blog.kotowicz.net How to upload arbitrary file contents cross-domain	3.3 parsecs away Travel
\|	\|	A blog on security, malware, cryptography, pentesting, javascript, php and whatnots	3.3 parsecs away Travel
\|	\|	hidde.blog Photo blogging with Sanity and Eleventy \| hidde.blog	43.6 parsecs away Travel
\|		Hidde's blog about web accessibility, standards, HTML, CSS, JavaScript and more.	43.6 parsecs away Travel