The #BHASIA Call for Papers closes on November 13! This year I am on the review committee and I am so thrilled to be checking all the cool tools! Submit your proposal >> bit.ly/3TBThxZ

🔐 CVE-2024-50340: Ability to change environment from query
➡️ https://symfony.com/blog/cve-2024-50340-ability-to-change-environment-from-query
#symfony

"The moment of discovery" does not always exist: the scientist's work is too tenuous, too divided, for the certainty of success to crackle out suddenly in the midst of his laborious toil like a stroke of lightening, dazzling him by its fire.

Marie Curie was born #OTD in 1867.

#physics #WomenInSTEM

@tdpauw Free canary generator tool: https://canarytokens.org/

[RSS] Breaking Down Multipart Parsers: File upload validation bypass

https://blog.sicuranext.com/breaking-down-multipart-parsers-validation-bypass/

[RSS] Sanitize Client-Side: Why Server-Side HTML Sanitization is Doomed to Fail

https://www.sonarsource.com/blog/sanitize-client-side-why-server-side-html-sanitization-is-doomed-to-fail/

Today is World Digital Preservation Day - time for my annual reminder that digitisation is not digital preservation. Whether a digital photograph is born-digital or a digitised copy of a physical object, it requires continued care to be made accessible over time. Digitisation needs digital preservation #WDPD2024

> Euler’s work touched upon so many fields that he is often the earliest written reference on a given matter. In an effort to avoid naming everything after Euler, some discoveries and theorems are attributed to the first person to have proved them after Euler.

https://en.wikipedia.org/wiki/List_of_things_named_after_Leonhard_Euler

#euler #til

In 2009, 3 years before starting with #radare2 I wrote an article for the #Phrack messing around with r1, still fun to read and see how command syntax didnt changed much in 15 years https://phrack.org/issues/66/14.html

[RSS] Finding Vulnerabilities in Firmware with Static Analysis Platform QueryX

https://blog.theori.io/finding-vulnerabilities-in-firmware-with-static-analysis-platform-queryx-ff9d02a3c349?source=rss-4b564abdafa3------2

New assessment for topic: CVE-2024-34102

Topic description: "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution ..."

"Note: This write up will focus on the impact that CVE-2024-34102 can have when combined with CVE-2024-2961 and how the two bugs can be used to achieve RCE ..."

Link: https://attackerkb.com/assessments/fd4b6425-8316-441d-bd58-b14f022873c9

Microsoft could have kept WordPad and extended its functionality, instead of increasing the complexity (and attack surface) of Notepad.

Notepad being braindead -- including having no recovery / history -- was a feature.

https://www.bleepingcomputer.com/news/microsoft/microsoft-notepad-to-get-ai-powered-rewriting-tool-on-windows-11/

@sassdawe @Viss I think we'd have a great time ;)

Remember America!

https://youtu.be/32iCWzpDpKs

@cR0w command injection so this is in fact an "Ultra-Reliable" RCE!

@cR0w Thank you!

@cR0w I'm sorry but ActivityPub is...could you just post that link in a reply?

@cR0w link plz!

@Viss the more time I spend in this profession (or on this planet?) the more I recognize how rare those moments are

it is always a pleasure talking with sharp people who know what they're doing