Collaborate Disseminate
I’m interested in CVE-2022-0801, however the report is evasive.
Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS preventions via a crafted HTML page.
Is there any … Continue reading What was the root cause of CVE-2022-0801? [closed]
I might have found a way to highjack an Oauth Flow, but the source server is responding with 403 errors when the Oauth request is sent with a Sec-Fetch-Dest HTTP header.
Is there a way to alter or disable such headers like the referer poli… Continue reading Is it possible to disable or change sec-fetch-* HTTP headers?
In circom, Num2bits() from circomlib is primarily intended for converting an Integer into an array of bits.
But because of it’s optional parameter, it can be used to prevent overflows such as :
inp = Num2bits(120);
inp.in = (3);
would che… Continue reading Can Num2bits be used to guard against underflows?
The following kind of article about a data leak becoming free https://www.bleepingcomputer.com/news/security/533-million-facebook-users-phone-numbers-leaked-on-hacker-forum/ is making the headlines.
The problem is such data don t contains … Continue reading Over 533 millions Facebook s linked phone numbers leaked with 1 user out of 2 affected in my country. How to find out if I m affected?
This is about a semi decentralized full open source casino running on the Ethereum blockchain.
For me when I audited the code as for the staff, everything was clear: the gambling games being run should be a profitable operation for the cas… Continue reading How that guy is currently robbing the dice2win casino? (ongoing attack) [closed]
Serpent was way to fetch Diesel prices from the oraclize api at fixed intervals.
On GitHub, it s written audits proved the code to be flawed, but where are such audits? I m meaning, why is it flawed?
Continue reading Why is Serpent (Etherium assembly language) considered insecure? [closed]
I just stumbled over those 2 contracts.
While they maintain their own chain, they refer to the same smart contract’s address for proving keys.
Beside privacy problems, are there other security problems that can arise ?
Looking for an example of such vulnerability in Actionscript 3, I quickly found cve‑2014‑0580 ; cve‑2014‑0531 ; cve‑2014‑0533 ; ᴄᴠᴇ‑2016‑7890 ; and cve‑2015‑7628
In each case I was unable to gather further details other than… Continue reading What are the lasts same origin bypass in Flash Player about?
Simple question but hard to understand how web browsers make the distinction between legitimate and malicious code when mode=block is enabled?
Of course, I would like to know how each rendering engine works.
If you get an Oauth2 client_id along a matching secret, you can in theory impersonate the target website in such way :
You attract user on ᴜʀʟ.
Through the client_id and the matching Oauth2 secret you log in him/her the bac… Continue reading Found how to get Oauth2 client_id along matching secret but redirect_uri is whitelisted as requirement. Is it still safe?