38 matches found
CVE-2022-21694
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. The website mode of the onionshare allows to use a hardened CSP, which will block any scripts and external resources. It is not possible to configure...
How Much Does It Cost To Host A Website?
Host a website effortlessly with the right hosting plan. From shared to cloud hosting, explore affordable options tailored…...
Experts Uncover Chinese Cybercrime Network Behind Gambling and Human Trafficking
--- The relationship between various TDSs and DNS associated with Vigorish Viper and the final landing experience for the user A Chinese organized crime syndicate with links to money laundering and human trafficking across Southeast Asia has been using an advanced "technology suite" that runs the...
Account Takeover
Description A malicious actor can setup a website on vercel.app with the vercel.app domain, after that, they can change the subdomain to something containing modrinth, This will allow a open redirect on https://api.modrinth.com/v2/auth/init?url=ATTACKERURL, allowing stealing the github token whic...
OnionShare has an unspecified vulnerability (CNVD-2022-06477)
OnionShare is an open source tool used to securely and anonymously share files, host websites, and chat with friends using the Tor network. Used to securely and anonymously share files, host websites, and chat with friends using the Tor network, a security vulnerability exists in OnionShare that...
OnionShare has an unspecified vulnerability (CNVD-2022-06479)
OnionShare is an open source tool for securely and anonymously sharing files, hosting websites, and chatting with friends using the Tor network. OnionShare has a security vulnerability, and no details of the vulnerability are available...
OnionShare out-of-bounds read vulnerability
OnionShare is an open source tool for securely and anonymously sharing files, hosting websites, and chatting with friends using the Tor network. OnionShare is vulnerable to an out-of-bounds read vulnerability that could be exploited by attackers to conduct denial-of-service attacks...
CVE-2022-21694
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. The website mode of the onionshare allows to use a hardened CSP, which will block any scripts and external resources. It is not possible to configure...
PYSEC-2022-43
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions anyone with access to the chat environment can write messages disguised as another chat participant...
PYSEC-2022-45
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. The website mode of the onionshare allows to use a hardened CSP, which will block any scripts and external resources. It is not possible to configure...
CVE-2022-21694
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. The website mode of the onionshare allows to use a hardened CSP, which will block any scripts and external resources. It is not possible to configure...
CVE-2022-21694
CVE-2022-21694 affects OnionShare’s website mode CSP configuration. The hardened Content Security Policy blocks scripts and external resources, but cannot be configured on a per-page basis, meaning the CSP cannot be tailored for individual sites. Consequently, websites using JavaScript or externa...
CVE-2022-21694 OTF-006: Broken Website Hardening Control: The CSP can be turned on or off but not configured for the specific needs of the website
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. The website mode of the onionshare allows to use a hardened CSP, which will block any scripts and external resources. It is not possible to configure...
CVE-2022-21693
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions an adversary with a primitive that allows for filesystem access from the context of the Onionshare process can access sensitive...
CVE-2022-21691
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions chat participants can spoof their channel leave message, tricking others into assuming they left the chatroom...
Design/Logic Flaw
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions chat participants can spoof their channel leave message, tricking others into assuming they left the chatroom...
PYSEC-2022-46
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions authenticated users or unauthenticated in public mode can send messages without being visible in the list of chat participants. Th...
PYSEC-2022-42
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions chat participants can spoof their channel leave message, tricking others into assuming they left the chatroom...
PYSEC-2022-44
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions an adversary with a primitive that allows for filesystem access from the context of the Onionshare process can access sensitive...
CVE-2022-21689
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions the receive mode limits concurrent uploads to 100 per second and blocks other uploads in the same second, which can be triggered b...