Dave
@cydave.bsky.social
Security Engineer doing Web Application Security 🇨🇭🐈⬛ @ cyllective.com
Rarely blogging: https://0dave.ch/
Rarely blogging: https://0dave.ch/
Did a thing www.cve.org/CVERecord?id... 🥳
No clue why people would rate this as medium tho :)
#cve #sqli
No clue why people would rate this as medium tho :)
#cve #sqli
www.cve.org
March 29, 2025 at 4:17 PM
Did a thing www.cve.org/CVERecord?id... 🥳
No clue why people would rate this as medium tho :)
#cve #sqli
No clue why people would rate this as medium tho :)
#cve #sqli
@incredincomp.com Hey, you might wanna strip html markup from the data you use for posting alerts - looks bad 😘
February 18, 2025 at 10:20 AM
@incredincomp.com Hey, you might wanna strip html markup from the data you use for posting alerts - looks bad 😘
Reposted by Dave
The first CVEs of 2025 are live!🚨
We discovered ~10 vulnerabilities in Cordaware bestinformed, leading to 4 CVEs. They can be chained for an unauthenticated compromise of the server and all connected clients.👾 CVE-2025-042{2..5}
cyllective.com/blog/posts/c...
#blogpost #cybersecurity #CVE #infosec
We discovered ~10 vulnerabilities in Cordaware bestinformed, leading to 4 CVEs. They can be chained for an unauthenticated compromise of the server and all connected clients.👾 CVE-2025-042{2..5}
cyllective.com/blog/posts/c...
#blogpost #cybersecurity #CVE #infosec
Vulnerabilities in Cordaware bestinformed
A write-up of CVE-2025-0422, CVE-2025-0423, CVE-2025-0424, and CVE-2025-0425
cyllective.com
February 18, 2025 at 10:02 AM
The first CVEs of 2025 are live!🚨
We discovered ~10 vulnerabilities in Cordaware bestinformed, leading to 4 CVEs. They can be chained for an unauthenticated compromise of the server and all connected clients.👾 CVE-2025-042{2..5}
cyllective.com/blog/posts/c...
#blogpost #cybersecurity #CVE #infosec
We discovered ~10 vulnerabilities in Cordaware bestinformed, leading to 4 CVEs. They can be chained for an unauthenticated compromise of the server and all connected clients.👾 CVE-2025-042{2..5}
cyllective.com/blog/posts/c...
#blogpost #cybersecurity #CVE #infosec
Wrote about a funny little vulnerability in goreportcard I encountered just before publishing oauth-labs.
Give it a read if you have some time to kill :)
0dave.ch/posts/gorepo...
#infosec #writeup
Give it a read if you have some time to kill :)
0dave.ch/posts/gorepo...
#infosec #writeup
go report "a vulnerability" card
While publishing oauth-labs I stumbled upon a vulnerability in goreportcard
0dave.ch
December 7, 2024 at 2:58 PM
Wrote about a funny little vulnerability in goreportcard I encountered just before publishing oauth-labs.
Give it a read if you have some time to kill :)
0dave.ch/posts/gorepo...
#infosec #writeup
Give it a read if you have some time to kill :)
0dave.ch/posts/gorepo...
#infosec #writeup
#hv24 not enough for you?
Go check out this little fun-box :)
Go check out this little fun-box :)
🚀 New from cyllective: 𝐎𝐀𝐮𝐭𝐡 𝐋𝐚𝐛𝐬 🔒
🔑 Master OAuth 2.0 with hands-on Docker-based labs:
- JWT signature flaws
- Open redirect risks
- Claim validation issues
💻 Devs & pentesters: sharpen your skills!
👉 cyllective.com/blog/posts/o...
#OAuth #Cybersecurity #Training #InfoSec #Security
🔑 Master OAuth 2.0 with hands-on Docker-based labs:
- JWT signature flaws
- Open redirect risks
- Claim validation issues
💻 Devs & pentesters: sharpen your skills!
👉 cyllective.com/blog/posts/o...
#OAuth #Cybersecurity #Training #InfoSec #Security
OAuth Labs: OAuth 2.0 Vulnerabilites
Introducing our latest project: the OAuth Labs. A hands-on approach to OAuth 2.0 vulnerabilities
cyllective.com
December 3, 2024 at 2:23 PM
#hv24 not enough for you?
Go check out this little fun-box :)
Go check out this little fun-box :)