Discrepency of behaviour between Discord's preview bot and URL detection allows clickjacking

Fake embeds can be generated, using a markdown special char and a deprecated way of passing credentials through an URL (RFC1738 Section 3.1). Chained with the permissive formating of Markdown, the bug can be used to create very convincing phishing links.

Posted on Jan. 29, 2024, 1:56 a.m. by lenoctambule

CVE-2024-22733 : DoS of Web Admin Panel through unchecked return value to NULL pointer dereference on TP-Link MR200 V4 routers

Login CGI Script in TP-Link Archer MR200 V4->V5.3 Firmware ver. 210201 does not check null input, which allows attacker to crash the Web Admin Panel through a crafted http POST request.

Posted on March 6, 2023, 7 a.m. by lenoctambule