First of a few remote code execution flaws in various popular torrent clients, here is a DNS rebinding vulnerability Transmission, resulting in arbitrary remote code execution.https://github.com/transmission/transmission/pull/468 …
-
-
Hehe, nice! I found the same vuln 5 years ago. I tried to report it, but never heard back.
-
I had to really push, I think the project is in maintenance mode.
End of conversation
New conversation -
-
-
The category of issue that yet again could be avoided if the browser would just forbid connectivity to local (on-host) IP endpoints if root page resource is not also via a local (on-host) IP endpoint. We just need to murder the legit use cases as being too dangerous to live.
-
Easier said than done, even if we require strict pre-flight checks, developers will just opt-in. If we ban them completely, RFC1918 would still work, and killing that seems really impossible.
- 3 more replies
New conversation -
-
-
are you sure? because you don't seem to know much about computer security??? hahahahahahaha (sorry i go out ->[])
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
If there isn’t a badge for twitter troll baiting, someone internally needs to make one and award you that badge ;)
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Any suggestions on how to fix this? And please keep in mind that this is done like this for easy setup. Demanding ssl certs will complicate the installation alot, only thing I would have changed is removing the default password and maybe a bruteforce protection.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
As a complete non-expert: How does one secure a local DNS usage? if the router resolves foomachine.local properly, how does one secure the connection to it? (self signed tls? yip)
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I appreciated the change from http to https on the wikipedia link to CSRF
-
That makes it safe.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

