security-audit

security-audit A Claude Code skill + plugin marketplace for a...

TikTok: Exploitable live argument in onClick Function leads to Data Leakage of Inactive/Suspended Products

The "Search Product" function in the TikTok Shop Seller API contained a vulnerability that allowed access to inactive or suspended products by manipulating the "live" parameter in the API request. The vulnerability was reported to the team and remediated...

SA40107 - Response to Juniper ScreenOS security advisory JSA10713 (CVE-2015-7755 and CVE-2015-7756)

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Juniper announced a security advisory for their Netscreen Firewall ScreenOS product portfolio. The Juniper ScreenOS advisory can be found here: JSA10713 Related Links JSA10713...

MacOS again appeared vulnerability, known as unbreakable system also has weaknesses-vulnerability warning-the black bar safety net

For convenience of expression, this article will use the first-person manner described. This article describes my in Apple's macOS system kernel found several stack and buffer overflow vulnerabilities, Apple will this several vulnerabilities categorized as the kernel of remote code execution...

youke365_SQL_Injection#1

优客365 v2.9版本 后台存在SQL注入，可导致获取后台管理员账号密码 1，一个单引号引发的血案 爆出了表名dirusers和一些列名 2，源码审计，问题代码在.\module\login.php 代码处理不严谨。根据上图，经测试，用户名可以用1' or '1'='1进行绕过 密码进行了md5加密，所以不能进行简单绕过 3，sql注入 将爆破后的密码进行md5解密，即可得到管理员密码。当然，也可以顺便爆破管理员账号。（所以通过管理员账号认证是有两种姿势） 4，愉快地登陆后台 最后附上payload payload = ' and select 1 fromselect...

[MajorSecurity SA-079]PHPKIT WCMS - Multiple stored Cross Site Scripting Issues

MajorSecurity SA-079PHPKIT WCMS - Multiple stored Cross Site Scripting Issues Details ============= Product: PHPKIT WCMS Security-Risk: low Remote-Exploit: yes Vendor-URL: http://www.phpkit.com/ Advisory-Status: published Credits ============= Discovered by: David Vieira-Kurz of MajorSecurity...

PHPKIT WCMS 1.6.5 Reflected Cross Site Scripting

MajorSecurity SA-078PHPKIT WCMS - Reflected Cross Site Scripting Issue Details ============= Product: PHPKIT WCMS Security-Risk: low Remote-Exploit: yes Vendor-URL: http://www.phpkit.com/ Advisory-Status: published Credits ============= Discovered by: David Vieira-Kurz of MajorSecurity Original...

PHPKIT WCMS 1.6.5 Cross Site Scripting

MajorSecurity SA-079PHPKIT WCMS - Multiple stored Cross Site Scripting Issues Details ============= Product: PHPKIT WCMS Security-Risk: low Remote-Exploit: yes Vendor-URL: http://www.phpkit.com/ Advisory-Status: published Credits ============= Discovered by: David Vieira-Kurz of MajorSecurity...

SUSE-SA:2006:044: libtiff

The remote host is missing the patch for the advisory SUSE-SA:2006:044 libtiff. This update of libtiff is the result of a source-code audit done by Tavis Ormandy, Google Security Team. It fixes various bugs that can lead to denial-of-service conditions as well as to remote code execution while...

WEB vulnerabilities mining techniques-vulnerability warning-the black bar safety net

Source: security focus Author: 7all sgh81at163.com WEB vulnerability Mining Technology |=---------------= WEB vulnerability Mining Technology=-----------------------------=| |=-----------------------------------------------------------------=| |=---------------= 7all7all7at163. com...

Important: Red Hat Security Advisory: kdelibs security update

Updated kdelibs packages that fix a flaw in kimgio input validation are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. KDE is a graphical desktop environment for the X Window System. Konqueror is...

kdegraphics security update

CentOS Errata and Security Advisory CESA-2005:021-01 Updated kdegraphics packages that resolve multiple security issues in kfax are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team The kdegraphics package contains graphics...

results of semi-automatic source code audit

/ results of semi-automatic source code audit of a majority of php based open-source projects registered at Freshmeat.net or Sourceforge.net release date: 2001-10-02 authors: atil [email protected] genetics [email protected] yaht@ircnet, Yet Another Hacker Team / --=introduction=-- ph...