/explore

Click through on any links that interest you or select the planets on the right to continue exploring the Outer Web.
You are here

zhero-web-sec.github.io
| | labanskoller.se
3.1 parsecs away

Travel
| | During 2021 I had access to a facility equipped with an alarm system from Securitas Direct. I had access as a regular user to Securitas Direct's My Pages at mypages-pro.securitas-direct.com, which is used to administer some aspects of one's security alarm installation. That web application suffered a CWE-384 Session Fixation vulnerability which can be used by an attacker in a so-called Man-In-The-Middle (MiTM) position. Home page of Securitas Direct My Pages In summary, if an attacker is on the same netw...
| | tom.vg
5.0 parsecs away

Travel
| | [AI summary] This article explains cross-site and browser-based timing attacks that allow attackers to infer sensitive information from response sizes using side-channel leaks in web browsers.
| | positive.security
4.0 parsecs away

Travel
| | Using a still unpatched vulnerability in the PHP library dompdf (used for rendering PDFs from HTML), we achieved RCE on a web server with merely a reflected XSS vulnerability as entry point.
| | www.commonplaces.com
27.9 parsecs away

Travel
| Ensuring that your website is secure should be a priority. Here are 8 essential things that you can do to safeguard your website right now.