Search
1000 results for “bug”
-
[Перевод] IDOR в cookie-сессии, приводящий к массовому захвату аккаунтов
Если вы знакомы с концепцией IDOR (Insecure Direct Object Reference), то знаете, что эта уязвимость может быть где угодно: в URL, теле запроса, запросах GET или POST, а также в cookie . Я участвовал в одной приватной программе. начала, я начал изучать логику работы приложения. Обычно это дает возможность ( но не всегда ), обнаружить много уязвимостей. Именно это и произошло у меня … В итоге я занял место в рейтинге программы, сразу за несколькими известными хакерами. :)
-
FWIW this double-post happened via the web app (4.5.9), not a third party API client @MastodonEngineering
(I've now deleted one of them)
-
🚨 Oh no, not another "all versions" #bug in FreeBSD! 🎉 Apparently, executing a program in your own system is now a privilege escalation 🧙♂️✨ Bravo to FreeBSD's stellar security team for fixing a problem that they didn't know existed until Ryan from Calif.io came along to enlighten them. 🙃🔒
https://www.freebsd.org/security/advisories/FreeBSD-SA-26:13.exec.asc #FreeBSD #PrivilegeEscalation #SecurityFix #HackerNews #Califio #HackerNews #ngated -
🚨 Oh no, not another "all versions" #bug in FreeBSD! 🎉 Apparently, executing a program in your own system is now a privilege escalation 🧙♂️✨ Bravo to FreeBSD's stellar security team for fixing a problem that they didn't know existed until Ryan from Calif.io came along to enlighten them. 🙃🔒
https://www.freebsd.org/security/advisories/FreeBSD-SA-26:13.exec.asc #FreeBSD #PrivilegeEscalation #SecurityFix #HackerNews #Califio #HackerNews #ngated -
🚨 Oh no, not another "all versions" #bug in FreeBSD! 🎉 Apparently, executing a program in your own system is now a privilege escalation 🧙♂️✨ Bravo to FreeBSD's stellar security team for fixing a problem that they didn't know existed until Ryan from Calif.io came along to enlighten them. 🙃🔒
https://www.freebsd.org/security/advisories/FreeBSD-SA-26:13.exec.asc #FreeBSD #PrivilegeEscalation #SecurityFix #HackerNews #Califio #HackerNews #ngated -
🚨 Oh no, not another "all versions" #bug in FreeBSD! 🎉 Apparently, executing a program in your own system is now a privilege escalation 🧙♂️✨ Bravo to FreeBSD's stellar security team for fixing a problem that they didn't know existed until Ryan from Calif.io came along to enlighten them. 🙃🔒
https://www.freebsd.org/security/advisories/FreeBSD-SA-26:13.exec.asc #FreeBSD #PrivilegeEscalation #SecurityFix #HackerNews #Califio #HackerNews #ngated -
Advanced Subdomain Discovery with Amass and Cheat Sheet
In this cheat sheet, I cover essential Amass commands, enumeration techniques, and practical workflows for effective recon.
https://denizhalil.com/2026/05/02/owasp-amass-subdomain-enumeration-cheat-sheet/#CyberSecurity #OWASP #Amass #SubdomainEnumeration #Recon #OSINT #AttackSurface #BugBounty
-
When Old Breaches Meet New Code: Why Historical Leaks Still Matter
This vulnerability demonstrates the persistence of historical breaches in current systems due to a lack of code updates or inadequate data sanitization. In this instance, the application used email addresses from an old data breach in its password recovery feature, allowing attackers to obtain user credentials by matching leaked emails to hashed passwords in a rainbow table (a precomputed table of hashed passwords). The attacker was able to bypass rate-limiting and CAPTCHA protections by using a Python script to automate the process. The mechanism relied on a combination of brute force and dictionary attacks, taking advantage of weak password choices by some users. The impact was significant, as attackers could gain unauthorized access to user accounts. No bounty amount was disclosed, but the platform addressed the issue by implementing a more secure password recovery process that no longer relies on leaked email addresses. Key takeaway: Keep your code updated and data secure by regularly sanitizing and rotating credentials from historical breaches. #BugBounty #Cybersecurity #WebSecurity #PasswordRecovery #DataBreach -
When Old Breaches Meet New Code: Why Historical Leaks Still Matter
This vulnerability demonstrates the persistence of historical breaches in current systems due to a lack of code updates or inadequate data sanitization. In this instance, the application used email addresses from an old data breach in its password recovery feature, allowing attackers to obtain user credentials by matching leaked emails to hashed passwords in a rainbow table (a precomputed table of hashed passwords). The attacker was able to bypass rate-limiting and CAPTCHA protections by using a Python script to automate the process. The mechanism relied on a combination of brute force and dictionary attacks, taking advantage of weak password choices by some users. The impact was significant, as attackers could gain unauthorized access to user accounts. No bounty amount was disclosed, but the platform addressed the issue by implementing a more secure password recovery process that no longer relies on leaked email addresses. Key takeaway: Keep your code updated and data secure by regularly sanitizing and rotating credentials from historical breaches. #BugBounty #Cybersecurity #WebSecurity #PasswordRecovery #DataBreach -
Atualização do HyperOS deixa o Redmi Pad 2 sem som: Xiaomi confirma bug crítico
🔗 https://tugatech.com.pt/t76867-atualizacao-do-hyperos-deixa-o-redmi-pad-2-sem-som-xiaomi-confirma-bug-critico -
Most #bug reports don’t fail because of #complexity…
They fail because of a lack of clarity.A well-written bug report = #faster fixes + better product #quality.
Read More: https://www.testrigtechnologies.com/how-to-write-a-better-bug-report/
-
Bugonia
2025
Nur käuflichIrish:
Wenn ein CEO entführt wird und die Täter mit den Alienanführer telefonieren wollen. Es hat mehr von einem Kammerspiel. Gute Kamera, gute Einstellung und gutes Schauspiel. Er geht zu lang, das letzte Drittel fand ick stark, als der Gore kam war ick überrascht. Wie ekelig kann ein Polizist sein und Mode zum Schluß könnte vom Hobby Nazi Kayne West sein. Ja hat mir gefallen.
4%vol von 5
#molleundaction #filmkritik #horror #horrorfilm #Bugonia -
#BugOfTheDay darf heute mal wieder eine spinne sein, eine ganz kleine, versprochen
Rindenkrabbenspinne
Ozyptila praticola
https://en.wikipedia.org/wiki/Ozyptila_praticola#spinne #spider #krabbeltierchen #nature #biodiversity #arachnology
-
#BugOfTheDay darf heute mal wieder eine spinne sein, eine ganz kleine, versprochen
Rindenkrabbenspinne
Ozyptila praticola
https://en.wikipedia.org/wiki/Ozyptila_praticola#spinne #spider #krabbeltierchen #nature #biodiversity #arachnology
-
#BugOfTheDay darf heute mal wieder eine spinne sein, eine ganz kleine, versprochen
Rindenkrabbenspinne
Ozyptila praticola
https://en.wikipedia.org/wiki/Ozyptila_praticola#spinne #spider #krabbeltierchen #nature #biodiversity #arachnology
-
#BugOfTheDay darf heute mal wieder eine spinne sein, eine ganz kleine, versprochen
Rindenkrabbenspinne
Ozyptila praticola
https://en.wikipedia.org/wiki/Ozyptila_praticola#spinne #spider #krabbeltierchen #nature #biodiversity #arachnology
-
#BugOfTheDay darf heute mal wieder eine spinne sein, eine ganz kleine, versprochen
Rindenkrabbenspinne
Ozyptila praticola
https://en.wikipedia.org/wiki/Ozyptila_praticola#spinne #spider #krabbeltierchen #nature #biodiversity #arachnology
-
Volevo raccontarvi quest’altro #software in modo un po’ più felice di come dovrò ora, ma, ahimè, io sono sempre la solita calamita per i bug… e ok, quelli sono fastidiosi ma spesso ci si può passare sopra… Peccato che stavolta, oltre agli insetti, ho trovato pure una bella svista che, secondo la scala CVSS, è critica con un punteggio di 9.9/10… evviva… non ho granché voglia di mettere le mani io a sistemarla, quindi pure stavolta ho scritto il rapporto, e le mani me le sono lavate; quando sarà risolto, sarà pubblicato all’URL github.com/usememos/memos/security/advisories/GHSA-543v-59rr-mmf7 (credo, è la prima volta che uso le CVE di GitHub). 😤️
Il servizio comunque è Memos, app di note veramente inusuale, che da un po’ conoscevo e stamane ho deciso di selfhostare per provare. Spero che l’approccio sbarazzino possa aiutarmi ad annotare quelle cose per cui il sistema rigido della TiddlyWiki ha iniziato a starmi stetto; questo coso è fatto proprio per creare tantissimi memo piccoli, più veloci da comporre non richiedendo neanche un titolo, gestiti a mo’ di flusso social. Tutti i miei post pubblici sono visibili su https://memos.octt.eu.org/explore! 😻️Il sistema è potente, ma non va a scapito della UX. Si possono caricare file, e addirittura sono visualizzati iframe e CSS (ma immagino non sui client Android e iOS, solo quello web?). Ci sono ovviamente i tag, ma la ricerca è ottima, quindi possono non servire. Ogni utente ha il suo profilo e può scrivere in privato, pubblico, o restringendo ai soli utenti dell’istanza. Tutti i memo che si ha il permesso di vedere escono in diverse timeline, oltre che sulle pagine profilo, e si può commentare o reagire a questi… praticamente come se fosse Misskey (lo menziono in particolare per la sua essenza uguale ma opposta; Misskey è un social orientato alle note, e Memos una app di note con funzioni social). 🌋️
Purtroppo, questo non è federato, quindi per godermi questa mistica esperienza devo invitare anche voi (e magari voi i vostri amici) ad annotare qualsiasi cosa sul mio server… ed appunto, volevo farlo, ma poi ho sgamato quella vulnerabilità, sfruttabile però solo da utenti registrati; per fortuna, perché intanto io posso continuare a provare la #piattaforma per conto mio, ma purtroppo, perché ho dovuto chiudere le registrazioni per ora. Vi inviterò di nuovo a registrarvi quando il bucio del culo sarà tappato (su cui non elaboro oltre, perché non si fa, il robo lì sta ancora in Triage). 🔺️
https://octospacc.altervista.org/2024/05/31/app-note-con-buco-sorpresa/
#Memocto #veloce #agile #rapid #inusuale #prova #approccio #promemoria #selfhost #vulnerability #rapporto #report #CVSS #incidente #svista #mistico #usememos #Memos #exploit #CVE #vulnerabilità #appunti #social #interessante #note #selfhosting #piattaforma #software #applicazione #app #bug
-
Время, деньги и чистая математика: как мы оцениваем киберустойчивость компании
Становясь старше и опытнее, понимаешь, что если есть возможность купить время, это нужно обязательно сделать. То же самое можно применить и к бизнесу. Если компания зрелая, если руководство понимает ценность бизнеса, как он устроен, как работает и как приносит деньги, то оно также понимает, что вынужденный простой обойдется компании гораздо дороже, чем средства, затраченные на ИТ-инфраструктуру. Всем привет! Меня зовут Артем Мелёхин, я занимаюсь продвижением нового направления Positive Technologies, а именно методологией расчета достижимости целевой системы. В этой статье я расскажу, как мы определяем время атаки и вероятные маршруты хакеров и о том, что нужно предпринять с точки зрения ИТ-инфраструктуры, чтобы максимально усложнить путь атакующему. Как исследовать киберзащищенность?
https://habr.com/ru/companies/pt/articles/840266/
#cybersecurity #исследование_защищенности #взломы #методология_тестирования #детектирование #недопустимое_событие #maxpatrol #киберустойчивость #bugbounty
-
‘Bugonia’: novo filme de Yorgos Lanthimos ganha trailer
A Universal Pictures lançou o segundo trailer e o pôster oficial de Bugonia, novo filme do diretor Yorgos Lanthimos, protagonizado por Emma Stone. A produção é a quarta parceria entre a atriz e o diretor, que já trabalharam juntos em A Favorita, Tipos de Gentileza e Pobres Criaturas, que rendeu à artista o Oscar de melhor atriz.
https://www.youtube.com/watch?v=giAMydh9_4I
Bugonia conta com sua primeira exibição mundial no Festival de Veneza, na Itália, e tem lançamento marcado para 30 de outubro nos cinemas brasileiros. O filme tem roteiro assinado por Will Tracy, de Succession, e traz um elenco estelar, com Jesse Plemons, que também participou de Tipos de Gentileza, Alicia Silverstone, Aidan Delbis e Stavros Halkias. A história acompanha dois jovens obcecados por conspirações, que sequestram a poderosa CEO de uma grande empresa, convencidos de que ela é uma extraterrestre que pretende destruir o planeta Terra.
O longa tem distribuição da Universal Pictures e estará disponível nos cinemas a partir de 30 de outubro também em versões acessíveis.
Comprar ingressosAvalie isto:
#AFavorita #AidanDelbis #AliciaSilverstone #Bugonia #CEO #Cinema #conspirações #EmmaStone #extraterrestres #FestivalDeVeneza #JessePlemons #lançamento #melhorAtriz #Oscar #pôsterOficial #planetaTerra #PobresCriaturas #sequestro #StavrosHalkias #Succession #TiposDeGentileza #trailer #UniversalPictures #WillTracy #YorgosLanthimos
-
Went to a couple of beaches by Lake Huron this past weekend. Spotted these two bugs while looking for cool rocks and fossils. Not sure what the greenish one is.
-
Тонкости импортозамещения CMS. Собираем Bug Bounty и БДУ по реестру отечественного ПО
Привет, Хабр! Меня зовут Дмитрий Прохоров, я cпециалист по тестированию на проникновение из команды CyberOK. Исследуя просторы Рунета и собирая фингерпринты для различных CMS, я заметил, что присутствует большое множество различных веб-сайтов на CMS отечественной разработки. И да, это не Битрикс! Тут и родилась идея пополнить базу БДУ новыми уязвимостями и найти заветное bounty. Но как трудно найти уязвимость в CMS, имеющей столь серьезный статус? Спустя две недели стало понятно, что это практически невозможно, если ты ни разу не играл в студенческий CTF. В противном случае есть нюансы...
https://habr.com/ru/companies/cyberok/articles/820217/
#cms #whitebox #фстэк #nuclei #blackbox #burpsuite #уязвимость #bugbounty
-
Bug Bus Piano – Passing Through All Happy Dreams Like Hallways
#Ambient #ambient #bowl #hole #hypnagogia #insomnia #lullaby #sleepmusic #Seattle
CC BY (#CreativeCommons Attribution) #ccmusic
https://bugbuspiano.bandcamp.com/album/passing-through-all-happy-dreams-like-hallways-2 -
Bugs Bunny wearing Jordans and a backwards baseball cap is a more integral part of the Mexican identity than the virgin of Guadalupe
-
Another colorful garden pic.
