kazet

Results 66 issues of kazet

Security vulnerability disclosure

6 comment

Hello, CERT PL found a security vulnerability in this repository. How can we report this privately? We don't see any security policy describing how such vulnerabilities should be reported.

enhancement
security

Mixed-active-content: fewer FPs

1 comment

### Template / PR Information There are some sites which download scripts using an unencrypted connection (e.g. http://html5shiv.googlecode.com/svn/trunk/html5.js) to the users of old browsers. This rule filters such sites so...

Please bump cryptography requirement upper bound as there are known vulnerabilities in cryptography <42

1 comment

**Describe the bug** Please bump cryptography requirement upper bound as there are known vulnerabilities in cryptography

fix ready

Discuss whether translations (e.g. for Nuclei messages) could be at least partly automated

2 comment

E.g. a bot can submit PRs for missing translations

Improve artemis/modules/data/nuclei_templates_custom/error-based-sql-injection.yaml

2 comment

Currently, this Nuclei template detects SQL errors. We should ensure that on page without injections no error appears to filter out false positives where an error appears always, so there's...

Detect that a site got hacked (having a list of known payloads that are put on hacked websites)

4 comment

new vulnerabilities or interesting findings

Debug why the wordpress_bruter test is flaky

1 comment

Should we report old versions of Javascript libraries? How frequently are they exploitable?

3 comment

Check outgoing links: whether they work (no 404), whether the destination uses SSL, whether no bad reputation sites are linked

4 comment

new vulnerabilities or interesting findings

Research integrating nikto (perhaps into Artemis-modules-extra for license reasons) - what benefits would it bring?

1 comment