You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Instantly share code, notes, and snippets.
♾️
{"amount":1,"amount":-1}
Bipin Jitiya
win3zz
♾️
{"amount":1,"amount":-1}
Hi, I'm Bipin Jitiya, I build random things. I love hacking.
Compare Stock Performance Over Multiple Time Frames with Yahoo Finance API and Matplotlib
Compare Stock Performance Over Multiple Time Frames with Yahoo Finance API and Matplotlib
How to Use
Compare the performance of a stock across two or more time frames using the Yahoo Finance API and the Matplotlib Python library. Adjust the stock symbol and time frames according to your requirements and save the content in a file named script.py.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Reflected Cross-Site Scripting (XSS) and Absent HttpOnly Flag in Ursalink Industrial Cellular Router Admin Panel Leads to Account Takeover
Vulnerability Details
Cross-Site Scripting (XSS) and Absent HttpOnly Flag vulnerabilities in Ursalink Industrial Cellular Router admin panel could allow remote attackers to execute arbitrary scripts and hijack user sessions, potentially leading to account takeover.
The admin panel does not properly validate and sanitize user inputs, allowing malicious scripts to be injected into the page's content. The "td" session cookie lacks the HttpOnly flag (and also Secure Flag), enabling client-side scripts to access it, leading to session hijacking and unauthorized access. Attackers can steal sensitive information, impersonate users, or perform unauthorized actions.
Affected Products: UR5X, UR32L, UR32, UR35, UR41 and there might be other Industrial Cellular Routers could also be vulnerable.
Task Hijacking Vulnerability in WhatsApp - Android
Task Hijacking Vulnerability in WhatsApp - Android
Around a year ago, I discovered a long-standing vulnerability in WhatsApp and other popular Android applications. Despite its existence for years, this vulnerability remained largely theoretical. To demonstrate its real-world impact, I successfully exploited it in WhatsApp, Facebook, and Facebook Lite. I promptly reported my findings to Facebook's Whitehat program. In this post, I'll share the details I provided to Facebook.
While reviewing the WhatsApp Android application we have identified a misconfiguration in AndroidManifest.xml related to task control features. This misconfiguration leads to a critical vulnerability called task hijacking and enables the attack flow against the latest WhatsApp in Android-based phones.
In successful exploitation of the vulnerability, the malicious
Vulnerability Summary:
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specifie