-
feelereth
high
# _socialize() function is vulnerable to being gamed by attackers
## Summary
The _socialize() function could be gamed by attackers by carefully controlling deposit/redeem amounts.
##…
-
# 每日安全资讯(2023-07-24)
- SecWiki News
- [ ] [SecWiki News 2023-07-23 Review](http://www.sec-wiki.com/?2023-07-23)
- Sploitus.com Exploits RSS Feed
- [ ] [Exploit for Vulnerability in Imagemagick ex…
-
This ticket is meant as supplement to #315 as well as a place where ideas can be discussed in more detail and outside of the scheduled meeting(s). As far as I can see, we basically have these options:…
-
# 每日安全资讯(2023-07-27)
- HackerOne Hacker Activity
- [ ] [CSRF in seller-us.tiktok.com/profile/account-setting/delegation-login](https://hackerone.com/reports/2002352)
- 渊龙Sec安全团队博客
- [ ] [近期团队系列网站…
-
### Describe the feature request
Some Web Security Scanners (like the Qualys - Web Application Scans) point out that the login fields (which are sensitive fields) allow autocompleting. These scanners…
-
This issue was created in response to a report to our security mailer.
Internal reference for this disclosure is NAUTOBOT-735.
In the belief of strong transparency, we record this here to public…
-
## CVE-2021-43616 - High Severity Vulnerability
Vulnerable Library - npm-7.20.6.tgz
a package manager for JavaScript
Library home page: https://registry.npmjs.org/npm/-/npm-7.20.6.tgz
Path to depend…
-
# 每日安全资讯(2023-08-26)
- Sec-News 安全文摘
- [ ] [深入浅出Joern(三)Joern和Neo4j常用语法大全](https://govuln.com/news/url/ZQom)
- [ ] [盲判断目标的fastjson版本](https://govuln.com/news/url/3J0X)
- Security Boulevard
- [ …
-
### Preliminary checklist
- [X] I have read the [README](https://github.com/uazo/cromite/blob/master/README.md).
- [X] I have searched the existing issues for my problem. This is a new ticket, NOT a …
-
# 每日安全资讯(2023-06-09)
- HackerOne Hacker Activity
- [ ] [Open redirect due to scanning QR code via brave browser](https://hackerone.com/reports/1946534)
- ZAWX_NETSTARSEC的博客
- [ ] [集权攻防——身份认证协议之NT…