15
2
Ruby Array Pack Bleed – Impacts Ruby 1.6.7 to 4.0.0 (nastystereo.com)
1
Inline Style Exfiltration: leaking data with chained CSS conditionals (portswigger.net)
5
Marshal madness: A brief history of Ruby deserialization exploits (trailofbits.com)
26
Breaking the Sorting Barrier for Directed Single-Source Shortest Paths (arxiv.org)
1
New Method to Leverage Unsafe Reflection and Deserialisation to RCE on Rails (elttam.com)
1
Escaping Ruby's Gem:SafeMarshal Sandbox (nastystereo.com)
2
Escaping Ruby's Gem:SafeMarshal Sandbox (nastystereo.com)
1
RubyGem's Gem:SafeMarshal buffer overrun with length larger than fit into a byte (github.com/rubygems)
1
CORS Vulnerabilities in Go: Vulnerable Patterns and Lessons (pentesterlab.com)
1
Shiny Vulnerabilities in R's Most Popular Web Framework (nastystereo.com)
1
PentesterLab: Web Hacking and Security Code Review 600 exercises and 700 videos (pentesterlab.com)
2
Cross-Site Post Requests Without a Content-Type Header – CSRF Attack (nastystereo.com)
2
Execute commands by sending JSON? Ruby deserialization vulnerabilities (github.blog)
2
JWT Libraries Block Algorithm Confusion: Key Lessons for Code Review (pentesterlab.com)
2
Chosen-Prefix Collisions on AES-Like Hashing (iacr.org)
3
Ruby 3.4 Universal RCE Deserialization Gadget Chain (nastystereo.com)
4
Ruby's String Slice is Broken (nastystereo.com)
8
Evaluate Markdown code blocks within Vim (github.com/gpanders)
1
SQL Injection Polyglot Payloads (nastystereo.com)
2
Insecurity Through Censorship: Vulnerabilities Caused by the Great Firewall (assetnote.io)
2
Insecurity Through Censorship: Vulnerabilities Caused by the Great Firewall (assetnote.io)
1
Fuzz Map – fuzzer for GUIs that automatically builds a visual map (fuzzmap.io)
1
nastystereo.com (nastystereo.com)
1
A Single File Ruby on Rails Application (molnar.io)
2
Devfile file write vulnerability in Gitlab – walkthrough finding CVE-2024-0402 (gitlab-com.gitlab.io)
1
Judge0 Sandbox Escape – allows obtaining root permissions (tantosec.com)
1
Discovering Deserialization Gadget Chains in Rubyland (includesecurity.com)
1
Blind CSS Exfiltration: exfiltrate unknown web pages (portswigger.net)
1
Talkback: Keeping up with the pwnses, a next gen infosec resource aggregator (elttam.com)
2
Talkback – infosec resource aggregator of news and research (talkback.sh)
1
PHP filter chains: file read from error-based oracle (synacktiv.com)
1
PHP Development Server <= 7.4.21 – Remote Source Disclosure (projectdiscovery.io)
2
Viewing Secrecy Through “Blank Spots on the Map” (2009) (fas.org)
1
The search for the “perfect” Advent Calendar (2018) (jgc.org)
1
RCE via SSTI on Spring Boot Error Page with Akamai WAF Bypass (h1pmnh.github.io)
2
Reverse Branch Target Buffer Poisoning – New ASLR Bypass via CPU Vulns [pdf] (cos.ufrj.br)
79
The latest OpenSSL vulns were added fairly recently (twitter.com/hanno)
3
Ask HN: How are you, a dev/programmer, preparing for climate change?
2
It Pays to Be Circomspect
53