Surprising an alert character

My character with alert feat was attacked and received damage pre-combat. Specifically, our party was walking through dark cave, and on the ceiling there was a swarm of insects (that none of the PCs noticed). Suddenly, DM describes that a swarm of insects lunges at my character and immediately attacks him dealing x damage. I asked him why the moment the swarm tried to attack me he didn’t ask us to roll initiative to see who goes first. He said that was because the swarm noticed us and readied its action to attack me when I come in range. Can an alert character be surprised in such a way? Can an enemy who wants to get the drop on a party bypass rolling for initiative versus alert character by reading attack action?

Popup alert even when a site deletes the alert function | bypass

A website fully filter the alert function from his website, and replace it with an empty string, but I want to bypass it and still popup an alert, I am trying to solve an XSS challenge, and I figure out that the site identify the double "l" char, and fully removes the string.

http://alertmywebsite.com/2.php?xss=<script>allert(1)</script>

the output is <script>allert(1)</script>, and when I remove the second "l", the output is <script></script>, Only the "l" is still showing the alert function, any other double char is fully removes the string How can I bypass it ?

False positive security alert from Google?

I just had this security alert about one of my Google accounts:

  • Device : Unknown device
  • Time : 25 minutes ago
  • Place : United States
  • IP Address : 2a00:1450:4864:20::51b

Someone just used your password to try to connect to your account from an application not belonging to Google, we have blocked this person.

This alert arrived 30 minutes after I had made some security modifications and checks on my account. Moreover, I verified this IPV6 address, and it belongs to Google (I am using a VPN). Is it a false positive? 🤔

Is it too strong to allow a pc with alert feat to alert his friends?

Assume the following situation: The party has been surprised by an ambush. Every PC is surprised except PC Bob because he has the alert feat. Thanks to his high initiative bonus Bob gets to go first. He shouts “look out” to alert his party members of the imminent threat. The idea is that his party members are no longer surprised because he warned them.

While I think that this makes sense from a story telling perspective I am afraid this would be too strong as it allows one PC with the alert feat to give the “not surprised” part to other members of his party for pretty much free.

Is this allowed? Is there a RAW ruling or similar on this?

If not, do you have any experience with this situation and how did it play out in your games?

How to resolve the Format String Error alert in OWASP ZAP for a web application (ASP.NET C#)?

I have a web application with a log in page. In the log in page, I’ve set maxlength for the username input and the password input, which looks like the code below.

@Html.TextBoxFor(m => m.Username, new { @maxlength="30"}) 

When I run OWASP ZAP, it gives me an alert with the following description.

A Format String error occurs when the submitted data of an input string is evaluated as a command by the application

Potential Format String Error. The script closed the connection on a /%s

But when I remove @maxlength="30", the alert goes away.

I’ve been trying to find the remediation for this alert, but I’ve read that Format String vulnerability doesn’t really exist in C#: Do format string vulnerabilities exist in C# or Java? .

Is it just a “potential” error and nothing to worry about because it’s in C#? Or.. if this is something that needs to be taken care of, what can be done to resolve this alert from OWASP ZAP? (I’d believe removing @maxlength is not a solution).

AlienVault Alert – What is this event saying?

Title: ALA4747 - AV Policy violation, Tor anonymity network usage on 172.30.0.11 (172.30.0.11:64689 -> 8.8.8.8:53) Extra info:  Source IPs: 172.30.0.11  Source Ports: 64689  Dest. IPs: 8.8.8.8  Dest. Ports: 53  Ticket details  Description:  Event Type: AlienVault NIDS    Event Description: AlienVault NIDS: "ET POLICY DNS Query for TOR Hidden Domain .onion Accessible Via TOR"    Ocurrences: 2 First Ocurrence: 2019-12-17 17:56:50    Last Ocurrence: 2019-12-17 17:56:50 Number of different sources: 2 Number of different destinations: 2 Source: 172.30.2.250 Dest: 172.30.0.11Shape   Description:  Event Type: directive_alert Event Description: directive_event: AV Policy violation, Tor anonymity network usage on SRC_IP  Occurrences: 2  First Occurrence: 2019-12-17 17:58:45  Last Occurrence: 2019-12-17 17:58:45   Number of different sources: 2  Number of different destinations: 2   Source: 172.30.2.250   Dest: 172.30.0.11  

How can I create a alert through SharePoint REST API?

Is there any REST API which can create the alert on a SharePoint List?

We have a customized website which user can view files on SharePoint, but when user want to subscribe to a folder or file changes, I couldn’t find any REST API to do so. Currently user can only go to SharePoint site, select the file or folder and click “Alert me” to create a new alert. Can I do this for user through a REST API call?

I found there are some information of CSOM API, but I can’t find any REST API related to alerts.