並び順

ブックマーク数

期間指定

  • から
  • まで

1 - 19 件 / 19件

新着順 人気順

" disclosure"の検索結果1 - 19 件 / 19件

タグ検索の該当結果が少ないため、タイトル検索結果を表示しています。

" disclosure"に関するエントリは19件あります。 securityセキュリティ資料 などが関連タグです。 人気エントリには 『Disclosure of a vulnerability that allows the theft of visitors' email addresses using Medium's custom domain feature / Mediumの独自ドメインプランを使って訪問者のメールアドレスが窃取できる脆弱性の開示』などがあります。
  • Disclosure of a vulnerability that allows the theft of visitors' email addresses using Medium's custom domain feature / Mediumの独自ドメインプランを使って訪問者のメールアドレスが窃取できる脆弱性の開示

    0_medium_vuln_en.md Disclosure of a vulnerability that allows the theft of visitors' email addresses using Medium's custom domain feature Author: mala Introduction This article describes a vulnerability in a web service called Medium that allows you to steal visitors' e-mail addresses by using custom domain plan of Medium. This is done as my personal activity and is not related to my organization.

      Disclosure of a vulnerability that allows the theft of visitors' email addresses using Medium's custom domain feature / Mediumの独自ドメインプランを使って訪問者のメールアドレスが窃取できる脆弱性の開示
    • RFC 9116: A File Format to Aid in Security Vulnerability Disclosure

      Stream: Internet Engineering Task Force (IETF) RFC: 9116 Category: Informational Published: April 2022 ISSN: 2070-1721 Authors: RFC 9116 A File Format to Aid in Security Vulnerability Disclosure Abstract When security vulnerabilities are discovered by researchers, proper reporting channels are often lacking. As a result, vulnerabilities may be left unreported. This document defines a machine-parsa

      • Ridiculous vulnerability disclosure process with CrowdStrike Falcon Sensor | mod%log

        Ridiculous vulnerability disclosure process with CrowdStrike Falcon Sensor Today, we publish a new advisory for a vulnerability in the CrowdStrike Falcon Sensor, that was found by our team-mate Pascal Zenker as part of a recent red-teaming engagement. The vulnerability is a case of insufficient control flow management, that allows an attacker with administrative privileges to bypass the Falcon Age

        • A File Format to Aid in Security Vulnerability Disclosure - 正しくつながる第一歩 - JPCERT/CC Eyes

          Top > “標準・ガイド”の一覧 > A File Format to Aid in Security Vulnerability Disclosure - 正しくつながる第一歩 早期警戒グループの戸塚です。早期警戒グループでは、注意喚起や早期警戒情報といったセキュリティ情報や、JVNアドバイザリの発信を行っています。私は、脆弱性コーディネーターとして、セキュリティ研究者などの脆弱性発見者からJPCERT/CCに報告された脆弱性関連情報に基づいて、対象製品の開発者と対策策定などの調整をし、JVNアドバイザリの公表に至る一連のコーディネーション業務を担当しています。この記事では、脆弱性コーディネーターの視点から、脆弱性調整を行う機関や脆弱性発見者が開発者との連携をしやすくするために、開発者組織が実施可能な対策の一つとして、今年、2022年4月に正式公開された「RFC 9116:A File

            A File Format to Aid in Security Vulnerability Disclosure - 正しくつながる第一歩 - JPCERT/CC Eyes
          • Security Incident Disclosure

            On 18th April 2021, a security researcher identified a vulnerability in our review-cask-pr GitHub Action used on the homebrew-cask and all homebrew-cask-* taps (non-default repositories) in the Homebrew organization and reported it on our HackerOne. Whenever an affected cask tap received a pull request to change only the version of a cask, the review-cask-pr GitHub Action would automatically revie

              Security Incident Disclosure
            • Disclosure - Bhopinder Kumar Sharma

              Disclosure Information (updated 0n 15/08/22) The following information provides you with an important overview of Bhopinder Kumar Sharma (B.K.), my duties to you, fees and how complaints are managed. Licence Status and Conditions Bhopinder Kumar Sharma, FSP92301, is a licensed Financial Adviser that gives advice on behalf of Fundagroup Insurance Brokers who is a licensed Financial Advice Provider

              • www-chapter-japan/skillmap_project/Vulnerability_Disclosure_Cheat_Sheet_ja.md at master · OWASP/www-chapter-japan

                You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert

                  www-chapter-japan/skillmap_project/Vulnerability_Disclosure_Cheat_Sheet_ja.md at master · OWASP/www-chapter-japan
                • RFC 9116: A File Format to Aid in Security Vulnerability Disclosure

                  Stream: Internet Engineering Task Force (IETF) RFC: 9116 Category: Informational Published: April 2022 ISSN: 2070-1721 Authors: RFC 9116 A File Format to Aid in Security Vulnerability Disclosure Abstract When security vulnerabilities are discovered by researchers, proper reporting channels are often lacking. As a result, vulnerabilities may be left unreported. This document defines a machine-parsa

                  • PHP Development Server <= 7.4.21 - Remote Source Disclosure

                    IntroductionWhile testing request pipelining on multiple programming language built-in servers, we observed strange behavior with PHP’s. As we delved deeper, we discovered a security bug in PHP that could expose the source code of PHP files as if they were static files rather than executing them as intended. Upon further testing, we found that the vulnerability was not present in the latest PHP re

                      PHP Development Server <= 7.4.21 - Remote Source Disclosure
                    • Disclosure of three 0-day iOS vulnerabilities and critique of Apple Security Bounty program

                      Disclosure of three 0-day iOS vulnerabilities and critique of Apple Security Bounty program I want to share my frustrating experience participating in Apple Security Bounty program. I've reported four 0-day vulnerabilities this year between March 10 and May 4, as of now three of them are still present in the latest iOS version (15.0) and one was fixed in 14.7, but Apple decided to cover it up and

                        Disclosure of three 0-day iOS vulnerabilities and critique of Apple Security Bounty program
                      • Disclosure, Fatoumata Diawara - Douha (Mali Mali)

                        ‘Douha (Mali Mali)’ taken from the new album ‘ENERGY’, out now: https://disclosure.lnk.to/ENERGY_AlbumID Follow Disclosure: https://Disclosure.lnk.to/FollowID Sign Up To the Disclosure Mailing List: https://disclosure.lnk.to/signup2020ID New limited edition merch available via Disclosure Store: https://Disclosure.lnk.to/OfficalStoreID CREDITS: Production Company: CR8TIVE ROW Executive Pro

                          Disclosure, Fatoumata Diawara - Douha (Mali Mali)
                        • SSD Advisory – macOS Finder RCE - SSD Secure Disclosure

                          TL;DR Find out how a vulnerability in macOS Finder system allows remote attackers to trick users into running arbitrary commands. Vulnerability Summary A vulnerability in macOS Finder allows files whose extension is inetloc to execute arbitrary commands, these files can be embedded inside emails which if the user clicks on them will execute the commands embedded inside them without providing a pro

                            SSD Advisory – macOS Finder RCE - SSD Secure Disclosure
                          • Disclosure | ele-king

                            コロナ禍におけるUKではハウス・ミュージックがかかる違法レイヴ──いまどきの別称でいえば“隔離(quarantine)レイヴ”が頻発していることはもはやよく知られたところで、当局が30人以上のレイヴを見つけた場合は主催者に1万ポンド、参加者にも100ポンドの罰金、二回目以降は3200ポンドの罰金を科すなど政府も取り締まりに躍起になっている。まさにアナーキー・イン・ザ・UKというか、なんでも7月末には3000人規模のレイヴがあり、8月のある週末にはわかっているだけでも200件を越えるイベントがあったそうで、8月22日の電子版『ガーディアン』によれば6月以降すでに1000件の違法レイヴが発覚しているそうだ。30年ぶりのレイヴ爆発である。 それにしても……1992年~93年のクリミナル・ジャスティスのときとは違った意味で警官(ただしフェイスガードしている)に囲まれているレイヴァーたちの写真を見て

                              Disclosure | ele-king
                            • Coordinated Disclosure: 1-Click RCE on GNOME (CVE-2023-43641)

                              SecurityCoordinated Disclosure: 1-Click RCE on GNOME (CVE-2023-43641)CVE-2023-43641 is a vulnerability in libcue, which can lead to code execution by downloading a file on GNOME. Today, in coordination with Ilya Lipnitskiy (the maintainer of libcue) and the distros mailing list, the GitHub Security Lab is disclosing CVE-2023-43641, a memory corruption vulnerability in libcue. We have also sent a t

                                Coordinated Disclosure: 1-Click RCE on GNOME (CVE-2023-43641)
                              • Zero-Day Disclosure: PAN GlobalProtect CVE-2021-3064

                                Zero-Day Disclosure: Palo Alto Networks GlobalProtect VPN CVE-2021-3064 Overview: CVE-2021-3064 On November 10, 2021 Palo Alto Networks (PAN) provided an update that patched CVE-2021-3064 which was discovered and disclosed by Randori. This vulnerability affects PAN firewalls using the GlobalProtect Portal VPN and allows for unauthenticated remote code execution on vulnerable installations of the p

                                  Zero-Day Disclosure: PAN GlobalProtect CVE-2021-3064
                                • Disclosure at Plitvice Lakes National Park, in Croatia for Cercle

                                  Disclosure playing an exclusive DJ set at Plitvice Lakes National Park in Croatia for Cercle. ☞ Join Cercle Odyssey immersive events: https://Cercle.lnk.to/CercleOdysseyID ☞ Join our next events: https://Cercle.lnk.to/Members ☞ Listen to our playlists, tracks & sets: https://Cercle.lnk.to/Playlists ☞ Disclosure Listen to Disclosure's new album Energy on Amazon Music: https://amzn.to/DISCLOSURE-o

                                    Disclosure at Plitvice Lakes National Park, in Croatia for Cercle
                                  • Full disclosure: 0day vulnerability (backdoor) in firmware for Xiaongmai-based DVRs, NVRs and IP cameras

                                    These passwords can be recovered from firmware as well by bruteforce of hash in /etc/passwd file. Modern consumer-grade GPGPU with hashcat is capable to find pre-image for hash in a matter of hours. Debug port 9527 accepts same login/password as Web UI and it also provides some shell access and functions to control the device. Speaking of Web UI accounts, attacker may reset password or grab passwo

                                      Full disclosure: 0day vulnerability (backdoor) in firmware for Xiaongmai-based DVRs, NVRs and IP cameras
                                    • Disclosure トランスジェンダーとハリウッド: 過去、現在、そして — Normal Screen

                                      Disclosure トランスジェンダーとハリウッド: 過去、現在、そして Friday, June 19, 2020 5:00 PM 17:00 Friday, July 31, 2020 6:00 PM 18:00 Google Calendar ICS 質問応募フォーム:https://forms.gle/AmuZ5QoNKMux8N9T8 『オレンジ・イズ・ニュー・ブラック』のラヴァーン・コックスがエグゼクティブプロデューサーをつとめ出演もしている『Disclosure トランスジェンダーとハリウッド: 過去、現在、そして』。この作品は2020年1月のサンダンス映画祭で初上映され、高評価をうけ、6月19日よりNetflixによりグローバル配信されるトランスジェンダーの監督サム・フェダー(発音はフェイダー)によるドキュメンタリーです。 1914年の映画『A Florida Encha

                                        Disclosure トランスジェンダーとハリウッド: 過去、現在、そして — Normal Screen
                                      • CheatSheetSeries/cheatsheets/Vulnerability_Disclosure_Cheat_Sheet.md at master · OWASP/CheatSheetSeries

                                        You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert

                                          CheatSheetSeries/cheatsheets/Vulnerability_Disclosure_Cheat_Sheet.md at master · OWASP/CheatSheetSeries
                                        1

                                        新着記事