Search
1000 results for “bug”
-
Охота на CVE в Cursor IDE: полный технический разбор безопасности AI-редактора
Cursor — AI-powered IDE на базе VS Code, которая обрабатывает миллионы строк кода разработчиков через свои серверы. Когда я задумался о безопасности этого продукта, возник вопрос: насколько надёжна серверная модель авторизации, которая стоит между бесплатным пользователем и Claude 4 Opus?
https://habr.com/ru/articles/1028196/
#cursor_ide #security_research #prototype_pollution #protobuf #grpc #connectrpc #cve #reverse_engineering #ai_security #bug_bounty
-
🎶 Pour la meilleure bande originale, Ludwig Göransson devrait selon toute probabilité remporter son troisième Oscar pour #Sinners, après #Oppenheimer en 2024, et #BlackPanther en 2019 — déjà de Ryan Coogler.
Pour ma part, peu impressionné par la partition d’Alexandre Desplat pour #Frankenstein, et “On the Nature of Daylight” n’étant pas une composition originale, je remettrais ma statuette au travail de Jerskin Fendrix sur #Bugonia.
-
"Ceux qui luttent ne sont pas sûrs de gagner, mais ceux qui ne luttent pas ont déjà perdu"
Bertolt Brecht#Erreur404 #WorkInProgress #PageNotFound #Bug
#OuvreLesYeux #AbreLosOjos #OpenYourEyes
#NeverGiveUp #AnarchieEcologieRadicale
#FairePeterLeSysteme #Anarchie
#Liberte #Go #FeminismeRadical
#AnotherWorld #OtroMundo #UnAutreMonde
#LutteAntifasciste #LutteDesClasses #LutteContreRacisme #Luttes #Lutte #Antifa -
I just found an almost 0-day exploit in software with over 800 stars on GitHub. However, the exploit only works after fixing a bug. So is it a -1-day exploit?
#BugSecurity #Exploit #0day #-1day #Security #Cybersecurity #GitHub
-
🚀 Ah, just what the world needs: yet another overfunded YC #alum #peddling the digital equivalent of a bloodhound for your buggy web app. 🤖🐜 Because why hire humans when you can throw money at a script that breaks faster than it "QA's"? 😂
https://app.propolis.tech/#/launch #overfundedYC #automation #digitaltools #buggywebapp #laughabletech #HackerNews #ngated -
‘Bugonia’ Writer Will Tracy On ‘Succession’ Inspiration And His ‘Invasion Of The Body Snatchers’ Tech Bro Remake Idea
#News #Awardsdialogue #Bugonia #EmmaStone #InvasionoftheBodySnatchers #JessePlemons #Succession #WillTracy #YorgosLanthimoshttps://deadline.com/2026/01/bugonia-will-tracy-yorgos-lanthimos-interview-1236677804/
-
East meets West! 🇹🇷
Explore ancient history in Istanbul 🕌float above Cappadocia🎈 relax on Mediterranean beaches 🏖️ sample delicious cuisine 🍢🥙
Now with digital nomad visa! 💻✈️
-
3D Camera Tracker in #Aftereffects 26 stuck forever on Initializing. Working fine on the same footage in 25.
-
Bugs et erreurs : coup d'arrêt pour l'assistant administratif #Albert
La Direction interministérielle du numérique (Dinum) a officialisé cette décision. L'outil ne serait pas généralisé "dans sa forme actuelle".
-
Saw this extremely convincing wasp-mimicking hoverfly, _Spilomyia_ (https://bugguide.net/node/view/3288), on the goldenrod in the garden today! Then on the way to the store saw plenty of the "model", _Ancistrocerus_ wasps (https://bugguide.net/node/view/6812), also on goldenrod.
#bugstodon #insects #wasps #flies #mimicry #Hymenoptera #Vespidae #Eumeninae #Diptera #Syrphidae #Eristalinae
-
"I have lost control of my life"
~ Buggy The Genius JesterAnime Quote source: One Piece
Episode: 1086
Arc: Egghead
English Dub#buggytheclown #onepiece #buggy #BuggyTheGeniusJester #anime #onepieceanime #buggyonepiece #onepiecenetflix #onepiecefan #animequotes #otaku #animefan #animelover #shonen #Egghead #Eggheadarc #OnePieceEgghead #OnePieceQuote
-
"I have lost control of my life"
~ Buggy The Genius JesterAnime Quote source: One Piece
Episode: 1086
Arc: Egghead
English Dub#buggytheclown #onepiece #buggy #BuggyTheGeniusJester #anime #onepieceanime #buggyonepiece #onepiecenetflix #onepiecefan #animequotes #otaku #animefan #animelover #shonen #Egghead #Eggheadarc #OnePieceEgghead #OnePieceQuote
-
Day 5 — CSRF Token Bypass using GET Request
This article discusses a Cross-Site Request Forgery (CSRF) vulnerability where an attacker can bypass CSRF tokens by manipulating GET requests. The root cause is inconsistent validation of CSRF tokens across HTTP methods, particularly on GET requests. In this case, the application incorrectly validated CSRF tokens for GET requests but did so correctly for POST requests. By modifying a legitimate request to use the GET method and moving parameters into the URL, the researcher discovered that the server did not validate the CSRF token. The attack involves creating an HTML PoC (proof-of-concept) with JavaScript to automatically submit the modified request, exploiting the victim without their interaction. This vulnerability emphasizes the importance of consistent validation for CSRF tokens across all HTTP methods. Key lesson: Validate CSRF tokens consistently regardless of HTTP method to maintain security. #BugBounty #WebSecurity #CSRF #VulnerabilityResearchhttps://smartpicks4u.medium.com/day-5-csrf-token-bypass-using-get-request-791cba29812d?source=rss
-
Day 5 — CSRF Token Bypass using GET Request
This article discusses a Cross-Site Request Forgery (CSRF) vulnerability where an attacker can bypass CSRF tokens by manipulating GET requests. The root cause is inconsistent validation of CSRF tokens across HTTP methods, particularly on GET requests. In this case, the application incorrectly validated CSRF tokens for GET requests but did so correctly for POST requests. By modifying a legitimate request to use the GET method and moving parameters into the URL, the researcher discovered that the server did not validate the CSRF token. The attack involves creating an HTML PoC (proof-of-concept) with JavaScript to automatically submit the modified request, exploiting the victim without their interaction. This vulnerability emphasizes the importance of consistent validation for CSRF tokens across all HTTP methods. Key lesson: Validate CSRF tokens consistently regardless of HTTP method to maintain security. #BugBounty #WebSecurity #CSRF #VulnerabilityResearchhttps://smartpicks4u.medium.com/day-5-csrf-token-bypass-using-get-request-791cba29812d?source=rss
-
How I Found a CSRF Vulnerability That Could Take Over Student Accounts on an Educational Platform
This vulnerability was a Cross-Site Request Forgery (CSRF) attack, allowing malicious users to hijack student accounts on an educational platform by manipulating a sensitive account management action (changing passwords) through an unsuspecting victim's browser session. The application failed to verify that the origin of the request was the legitimate user, instead relying on session cookies for authentication without additional CSRF protection. By using a crafted payload within a link, the researcher exploited the flawed security mechanism by forcing the victim's browser to make a password change request on behalf of the attacker. The impact was significant as unauthorized individuals could gain access to sensitive student accounts. The researcher received $500 as part of the bug bounty program, and the platform responded by implementing CSRF tokens for account management actions to prevent future attacks. Key lesson: Always implement CSRF tokens to protect sensitive user actions. #BugBounty #Cybersecurity #WebSecurity #CSRF -
How I Found a CSRF Vulnerability That Could Take Over Student Accounts on an Educational Platform
This vulnerability was a Cross-Site Request Forgery (CSRF) attack, allowing malicious users to hijack student accounts on an educational platform by manipulating a sensitive account management action (changing passwords) through an unsuspecting victim's browser session. The application failed to verify that the origin of the request was the legitimate user, instead relying on session cookies for authentication without additional CSRF protection. By using a crafted payload within a link, the researcher exploited the flawed security mechanism by forcing the victim's browser to make a password change request on behalf of the attacker. The impact was significant as unauthorized individuals could gain access to sensitive student accounts. The researcher received $500 as part of the bug bounty program, and the platform responded by implementing CSRF tokens for account management actions to prevent future attacks. Key lesson: Always implement CSRF tokens to protect sensitive user actions. #BugBounty #Cybersecurity #WebSecurity #CSRF -
How I Found a CSRF Vulnerability That Could Take Over Student Accounts on an Educational Platform
This vulnerability was a Cross-Site Request Forgery (CSRF) attack, allowing malicious users to hijack student accounts on an educational platform by manipulating a sensitive account management action (changing passwords) through an unsuspecting victim's browser session. The application failed to verify that the origin of the request was the legitimate user, instead relying on session cookies for authentication without additional CSRF protection. By using a crafted payload within a link, the researcher exploited the flawed security mechanism by forcing the victim's browser to make a password change request on behalf of the attacker. The impact was significant as unauthorized individuals could gain access to sensitive student accounts. The researcher received $500 as part of the bug bounty program, and the platform responded by implementing CSRF tokens for account management actions to prevent future attacks. Key lesson: Always implement CSRF tokens to protect sensitive user actions. #BugBounty #Cybersecurity #WebSecurity #CSRF -
How I Found a CSRF Vulnerability That Could Take Over Student Accounts on an Educational Platform
This vulnerability was a Cross-Site Request Forgery (CSRF) attack, allowing malicious users to hijack student accounts on an educational platform by manipulating a sensitive account management action (changing passwords) through an unsuspecting victim's browser session. The application failed to verify that the origin of the request was the legitimate user, instead relying on session cookies for authentication without additional CSRF protection. By using a crafted payload within a link, the researcher exploited the flawed security mechanism by forcing the victim's browser to make a password change request on behalf of the attacker. The impact was significant as unauthorized individuals could gain access to sensitive student accounts. The researcher received $500 as part of the bug bounty program, and the platform responded by implementing CSRF tokens for account management actions to prevent future attacks. Key lesson: Always implement CSRF tokens to protect sensitive user actions. #BugBounty #Cybersecurity #WebSecurity #CSRF -
How I Found a CSRF Vulnerability That Could Take Over Student Accounts on an Educational Platform
This vulnerability was a Cross-Site Request Forgery (CSRF) attack, allowing malicious users to hijack student accounts on an educational platform by manipulating a sensitive account management action (changing passwords) through an unsuspecting victim's browser session. The application failed to verify that the origin of the request was the legitimate user, instead relying on session cookies for authentication without additional CSRF protection. By using a crafted payload within a link, the researcher exploited the flawed security mechanism by forcing the victim's browser to make a password change request on behalf of the attacker. The impact was significant as unauthorized individuals could gain access to sensitive student accounts. The researcher received $500 as part of the bug bounty program, and the platform responded by implementing CSRF tokens for account management actions to prevent future attacks. Key lesson: Always implement CSRF tokens to protect sensitive user actions. #BugBounty #Cybersecurity #WebSecurity #CSRF -
Let me share one of my #SmallWonders that I met in the Jungle. how gorgeous is that shade of red? #Photography #Nature #Dragonfly 📸📸 #虫 🌿 #NatureJournal #BugSky
RE: https://bsky.app/profile/did:plc:ylvjkvcjyosjqhn7lsoxbf3x/post/3laeq3fzw2v2n -
CW: vore
-
Buggeration. I've managed to subscribe my tiny ActivityPub server to a Lemmy community and I'm now being inundated with messages about who liked what, which communities have been blocked, downvotes etc.
When I send an #Undo message in #ActivityPub, does it need to contain the same ID as the follow request?
-
#FCPX 11.1.1 on Sequoia 15.6.1 started hanging on every launch, regardless which library is getting open (even completely newly created ones). Sometimes it helps to open the library file while holding Optinstead of launching the app, but not always.
Resetting prefs, reinstalling FCPX or revalidating AUs don't help.
