TSEC NEWS: 06.05.21 Cron-Job Fehlerhaft nach PHP Update + PWA mobile + Desktop / 04.05.21 - Android App von TSECURITY 28.04.21 - NEUER SERVER // 26.04.21 ++ Download the Electron-App für tsecurity.de // Über 550 Feed-Quellen


❈ [Events] "vBeer v2" online Party! - 7th May at 3PM UTC

Linux Tipps reddit.com

Dear friends, on behalf of 3mdeb I invite you to a fresh "vBeer v2"! Let's discuss the open/libre firmware/hardware and other nice embedded things you have in mind. To join us go to http://vpub.3mdeb.com/may7th on 7th May at 3PM UTC

at "v1" there was a great discussion with 50 firmware masters from all over the world! Here's my blogpost about it. And this time - together with your surprise suggestions (you're welcome!) - we could explore:

- and much more! There'd be a productive talk with a cosy atmosphere and good vibes - so, feel invited and take your beer! ;) http://vpub.3mdeb.com/may7th , 7th May at 3PM UTC

submitted by /u/Mike-Banon1
[link] [comments]...


Kompletten Artikel lesen (externe Quelle: https://www.reddit.com/r/linux/comments/n4i72l/events_vbeer_v2_online_party_7th_may_at_3pm_utc/)

Zur Startseite

➤ Weitere Beiträge von Team Security | IT Sicherheit (tsecurity.de)

Automattic: [intensedebate.com] SQL Injection Time Based On /js/commentAction/

vom 520.23 Punkte
[intensedebate.com] SQLi Time Based On /js/commentAction/ Summary: Hello, I have found a SQLI Injection Time Based on /js/commentAction/. When a user want to submit/reply to a comment, a JSON payload was send by a GET request. GET /js/commentAction/?data

HackerOne: Pentester can obtain information about other pentesters who applied for the same test, but weren't accepted

vom 486.78 Punkte
Hi team, I don't know your policy about pentesters(about their visibility on the platform), But I couldn't find any other pentesters before. 1) For example: GraphQL has the h1_pentester attribute that would explicitly point us to th

Movierulz 2020 | Download Watch Telugu Bollywood and Hollywood Full Movies Online Free

vom 401.98 Punkte
Movierulz - Download watch latest Bollywood Hollywood Hindi English Telugu Tamil Malayalam Dubbed Kannada Marathi Punjabi movies online free movierulz torrent8Movierulz.ws- Download Watch Telugu Bollywood and Hollywood Full Movies Online FreeThe torre

h1-ctf: [H1-2006 2020] "Swiss Cheese" design style leads to helping Mårten Mickos pay poor hackers

vom 371.59 Punkte
Summary: Several vulnerabilities in the bountypay application leads to unauthorised access, information disclosure, SSRF and other fun stuff. Steps To Reproduce: This is how I helped Mårten Mickos pay the poor hackers who had been waiting so long fo

Keybase: SOP bypass using browser cache

vom 349.3 Punkte
Summary An attacker has the ability to extract sensitive information from user's accounts, due to a CORS issue. On a minor note, this also is a cross-site leak as we can fingerprint what exact keybase user has accessed the attacker'

NordVPN: Disclosure of User Information

vom 304.7 Punkte
Hi Team, We can get information about the users registered (such as: id, name, login name, etc.) and employees of NordVPN without authentication on https://www.nordvpn.com Vulnerable URL: https://nordvpn.com/wp-json/wp/v2/users/ Vulnerable URL: https://nordvpn.com/?rest

Apple presents the best of 2018

vom 297.27 Punkte
Apple presents the best of 2018<br/>The Apps, Games, Music, Movies, TV Shows, Podcasts and More That Shaped Entertainment and Culture Around the World This Year<br/>As the year comes to a close there are so many unanswered questions: Who is

Apple presents the best of 2018

vom 297.27 Punkte
Apple presents the best of 2018<br/>The Apps, Games, Music, Movies, TV Shows, Podcasts and More That Shaped Entertainment and Culture Around the World This Year<br/>As the year comes to a close there are so many unanswered questions: Who is

CS Money: ReDoS at wiki.cs.money graphQL endpoint (AND probably a kind of command injection)

vom 289.84 Punkte
Summary: The endpoint /graphql has a vulnerable query operation named &quot;search&quot;, that can I send a Regex malformed parameter, in order to trick the original regular expression to a regex bomb expression. Payload with a &quot;com

Agoric: Improper Input Validation allows an attacker to "double spend" or "respend", violating the integrity of the message command history or causing DoS

vom 286.12 Punkte
Summary: Improper Input Validation allows an attacker to &quot;double spend&quot; or &quot;respend&quot;, violating the integrity of the message command history or causing DoS Steps To Reproduce: I was curling random integers and found

HackerOne: Unauthorized user can obtain `report_sources` attribute through Team GraphQL object

vom 274.98 Punkte
Summary: Hi team. And Happy New Year! Description: If I am not mistaken, then through this parameter we can define private programs with an external link. If this parameter is not empty, then the program is private. - [&quot;HackerOne Platform&qu

U.S. Dept Of Defense: Self XSS + CSRF Leads to Reflected XSS in https://████/

vom 274.98 Punkte
Hi Security Team, The form inputs in https://███/ Vulnerable to Self XSS Either the form was vulnerable to CSRF When these two bugs available and attacker could combine them to Perform a Reflected XSS Attack Impact Reflected XSS Execute JS Code

Team Security Diskussion über [Events] "vBeer v2" online Party! - 7th May at 3PM UTC