Bug hellotalk question [closed]
I was using an application called hellotalk today when a stranger told me my real name and i am putting a nickname in the app ,my password contained my name .Idk much about the domain but that was confusing
I was using an application called hellotalk today when a stranger told me my real name and i am putting a nickname in the app ,my password contained my name .Idk much about the domain but that was confusing
A vulnerability was found in POPS Rebel Bluetooth Glucose Monitoring System 5.0 on Android. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component App. The manipulation leads to cleartext transm…
A vulnerability was found in FreeRDP up to 2.11.4/3.1.x. It has been classified as critical. Affected is the function freerdp_bitmap_planar_context_reset of the file libfreerdp/codec/planar.c. The manipulation leads to heap-based buffer overflow.
This…
A nonprofit study claims that Google is failing to delete location history that reveals users’ physical trips to abortion clinics.
gssapi-abuse was released as part of my DEF CON 31 talk. A full write up on the abuse vector can be found here: A Broken Marriage: Abusing Mixed Vendor Kerberos Stacks The tool has two features. The first is the ability to enumerate non Windows h…
An advanced China-nexus cyber espionage group previously linked to the exploitation of security flaws in VMware and Fortinet appliances has been linked to the abuse of a critical vulnerability in VMware vCenter Server as a zero-day since late 2021.
“UN…
mTLS where the client and the server authenticate each other.
How do the client and the server know whether they should use TLS or mTLS? Is that part of the handshake?
Where I work, this is the passwordless registration/login flow for our Mobile App
A user registers with a username and a phone number. An SMS OTP is sent to the phone number to verify it.
Initial login: The user logs in to the mobile app …
A vulnerability was found in FileBird Plugin up to 5.6.0 on WordPress and classified as problematic. This issue affects some unknown processing of the component Folder Import. The manipulation leads to cross site scripting.
The identification of this …
A vulnerability has been found in WPForms Pro up to 1.8.5.3 on WordPress and classified as problematic. This vulnerability affects unknown code of the component Form Submission Handler. The manipulation leads to cross site scripting.
This vulnerabilit…