-
Hello,
**Context:**
I work as a penetration tester and when we finish an audit we have to hand in a report. In such report we aim a lesser technical profile (managers) and a more technical profile…
-
Link to the tool: https://... (minimum 1 required):
[link]https://github.com/casterbyte/Above[/link]
List of tags separated by comma: tag1,tag2,tag3... (required):
[tags] sniffer, protocol, netwo…
-
Pentesters had fun with JQAjax>>#callback:json: while feeding it invalid json. Shouldn't it catch the json parsing error and respond with a bad request response or provide a hook for this or something…
-
* https://www.reddit.com/r/ObsidianMD/comments/t3s8ek/i_turned_my_task_management_system_into_a/
* Bryan Jenks has one if you sign up for his newsletter
* the LYT kit
* the PARA kit
* https://gith…
-
We run a platform which allows users to add LESS to a page.
We've recently had a pentest which highlighted the ability to exploit the use of `@plugin` and `@import` to do malicious things. The belo…
-
Hi.
Our pentesters discovered a Cross Site Scripting vulnerability that I was able to trace back to pqselect.
If you set one of the option's names in multiselect to something like that:
```
somevalu…
-
This is a great plugin and it would be awesome if the interface and functionality is updated. The Version & Vulnerability section of the application does not work correctly anymore. This was a game ch…
-
There are other publicly known attack methods in Kubernetes, would be great to see documented and automated.
Cred Access:
* Call token request `POST /api/v1/namespaces/$NS/serviceaccounts/$SA/to…
-
### Description
Synapse server implementations do not parse usernames and allow arbitrary Unicode characters to be inserted into the username field.
As per the [Matrix spec v1.11](https://spec.mat…
-
I'll share top search engines used for recon.