TSEC NEWS: 06.05.21 Cron-Job Fehlerhaft nach PHP Update + PWA mobile + Desktop / 04.05.21 - Android App von TSECURITY 28.04.21 - NEUER SERVER // 26.04.21 ++ Download the Electron-App für tsecurity.de // Über 550 Feed-Quellen

❈ Tiki up to 21.1 Admin Password tiki-login.php improper authentication

Sicherheitslücken / Exploits vuldb.com

A vulnerability classified as critical was found in Tiki up to 21.1. Affected by this vulnerability is an unknown part of the file tiki-login.php of the component Admin Password Handler. Upgrading to version 21.2 eliminates this vulnerability....

Kompletten Artikel lesen (externe Quelle: https://vuldb.com/?id.163495)

Zur Startseite

➤ Weitere Beiträge von Team Security | IT Sicherheit (tsecurity.de)

SharpDPAPI - A C# Port Of Some Mimikatz DPAPI Functionality

vom 242.1 Punkte
SharpDPAPI is a C# port of some DPAPI functionality from @gentilkiwi's Mimikatz project.I did not come up with this logic, it is simply a port from Mimikatz in order to better understand the process and operationalize it to fit our workflow. The SharpChrome subproject is an adaptation of work from @gentilkiwi and @djhohnstein, specifically his SharpChrome project. However, this version of SharpChrome

Password Storage Using Java

vom 238.23 Punkte
This is the eighth entry in the blog series on using Java Cryptography securely. The first few entries talked about architectural details, Cryptographically Secure Random Number Generators, encryption/decryption, and message digests. Later we looked at

SQL Injection Payload List

vom 218.95 Punkte
SQL InjectionIn this section, we'll explain what SQL injection is, describe some common examples, explain how to find and exploit various kinds of SQL injection vulnerabilities, and summarize how to prevent SQL injection.What is SQL injection (SQLi)?SQL

PMapper - A Tool For Quickly Evaluating IAM Permissions In AWS

vom 201.4 Punkte
A project to speed up the process of reviewing an AWS account's IAM configuration. Purpose The goal of the AWS IAM auth system is to apply and enforce access controls on actions and resources in AWS. This tool helps identify if the policies in place will ac

How you can share passwords safely with friends and family

vom 184.41 Punkte
http://bit.ly/366dCkG How you can share passwords safely with friends and family we’ve all been informed infinite instances to by no means proportion your passwords. now not even together with your nearest and dearest. this is tremendous recommen

Hydra 9.0 - Fast and Flexible Network Login Hacker

vom 180.67 Punkte
Number one of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a s

HiddenEye - Modern Phishing Tool With Advanced Functionality (Android-Support-Available)

vom 174.67 Punkte

Docker-Inurlbr - Advanced Search In Search Engines, Enables Analysis Provided To Exploit GET / POST Capturing Emails & Urls

vom 167.91 Punkte
Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found.How to buildgit clone https://github.com/gmdutra/docker-inurlbr.gitc

Solarflare - SolarWinds Orion Account Audit / Password Dumping Utility

vom 165.54 Punkte
Credential Dumping Tool for SolarWinds Orion Blog post: https://malicious.link/post/2020/solarflare-release-password-dumper-for-solarwinds-orion/Credit to @asolino, @gentilkiwi, and @skelsec for helping me figuring out DPAPI. ============================

SharpSploitConsole - Console Application Designed To Interact With SharpSploit

vom 164.81 Punkte
Console Application designed to interact with SharpSploit released by @cobbr_ioSharpSploit is a tool written by @cobbr_io that combines many techniques/C# code from the infosec community and combines it into one sweet DLL. It's awesome so check it out!DescriptionSharp

Sish - HTTP(S)/WS(S)/TCP Tunnels To Localhost Using Only SSH

vom 152.68 Punkte
An open source serveo/ngrok alternative.Deploy Builds are made automatically for each commit to the repo and are pushed to Dockerhub. Builds are tagged using a commit sha, branch name, tag, latest if released on main. You can find a list here. Eac

Tiki bis 12.12/15.5/17.1/18.0 Cross Site Scripting [CVE-2018-7290]

vom 148.83 Punkte
In Tiki bis 12.12/15.5/17.1/18.0 wurde eine problematische Schwachstelle entdeckt. Betroffen ist eine unbekannte Funktion. Durch die Manipulation mit einer unbekannten Eingabe kann eine Cross Site Scripting-Schwachstelle ausgenutzt werden. CWE definiert da

Team Security Diskussion über Tiki up to 21.1 Admin Password tiki-login.php improper authentication