Living off the land, GPO style

TL;DR The ability to edit Group Policy Object GPOs from non-domain joined computers using the native Group Policy editor has been on my list for a long time. This blog post takes a deep dive into what steps were taken to find out why domain joined machines are needed in the first place and what...

deep-object-diff vulnerable to Prototype Pollution

deep-object-diff before version 1.1.6 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited. This issue was fixed in version 1.1.9...

GHSA-653V-RQX9-J85P deep-object-diff vulnerable to Prototype Pollution

deep-object-diff before version 1.1.6 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited. This issue was fixed in version 1.1.9...

CVE-2008-1469

Gallarific Free Edition 1.1 does not require authentication for 1 photos.php, 2 comments.php, and 3 gallery.php in gadmin/, which allows remote attackers to edit objects via a direct request, different vectors than CVE-2008-1327. NOTE: the provenance of this information is unknown; the details ar...