Outer Web | Explore

Explore >> Select a destination

You are here		zhero-web-sec.github.io Next.js, cache, and chains: the stale elixir - zhero_web_security
\|	\|	positive.security From XSS to RCE (dompdf 0day) \| Positive Security	13.3 parsecs away Travel
\|	\|	Using a still unpatched vulnerability in the PHP library dompdf (used for rendering PDFs from HTML), we achieved RCE on a web server with merely a reflected XSS vulnerability as entry point.	13.3 parsecs away Travel
\|	\|	labanskoller.se Laban Sköllermark \| Man-in-The-Middle Session Fixation in Securitas Direct My Pages	13.8 parsecs away Travel
\|	\|	During 2021 I had access to a facility equipped with an alarm system from Securitas Direct. I had access as a regular user to Securitas Direct's My Pages at mypages-pro.securitas-direct.com, which is used to administer some aspects of one's security alarm installation. That web application suffered a CWE-384 Session Fixation vulnerability which can be used by an attacker in a so-called Man-In-The-Middle (MiTM) position. Home page of Securitas Direct My Pages In summary, if an attacker is on the same netw...	13.8 parsecs away Travel
\|	\|	blog.kotowicz.net How to upload arbitrary file contents cross-domain	12.6 parsecs away Travel
\|	\|	A blog on security, malware, cryptography, pentesting, javascript, php and whatnots	12.6 parsecs away Travel
\|	\|	devopsian.net A deep dive to Canary Deployments with Flagger, NGINX and Linkerd on Kubernetes	113.9 parsecs away Travel
\|		A deep-dive into progressive deployments, specifically Canary, on Kubernetes with Flagger using ingress-controller or a service mesh. How it works? I ran into some pitfalls and wrote about it, so you don't need to solve it too.	113.9 parsecs away Travel