X CLOSE

Enter your email below to sign up for latest updates from Appcheck NG.

placeholder+image
CLOSE

Simply complete the info below and we'll send you all you need to activate AppCheck NG and undertake your FREE scan.

Please enter individual IP addresses or ranges

Please enter full URLs for your web applications, and both http and https where appropriate

Apache Struts (CVE-2017-9805)

Apache Struts (CVE-2017-9805) Security researchers announced (https://lgtm.com/blog/apache_struts_CVE-2017-9805_announcement), on 05 September 2017, a critical remote code execution vulnerability in Apache Struts. All Struts versions from 2008 are affected making web applications using the REST plugin vulnerable. It is recommended to upgrade to Apache Struts version 2.5.13 or 2.3.34. Exploitation of the vulnerability allows an attacker to […]

Read More

Petya Ransomware: The Basics

Petya Ransomware: The Basics A little over two months on since WannaCry set the internet on fire, a new release of ransomware is spreading around the world, as experts unfortunately warned might happen. While the speed at which WannaCry spread was alarming, it was ultimately flawed by a botched sandbox evasion that acted as a […]

Read More

Critical Joomla 3.7 SQL Injection Vulnerability Patched

On the 17th of May 2017, the Joomla team issued a patch for a high severity security flaw that could allow a remote unauthenticated attacker to execute arbitrary SQL queries on the target system. A malicious attacker could exploit this flaw to read, create, modify and delete data stored within the database. It is also […]

Read More

WanaCrypt0r – Ransom Attack

WanaCrypt0r – Ransom Attack With the global spread of this particular malware on Friday and the media coverage it has received, it is understandable that many customers are wanting to know more about this threat and what they can do to protect against it. WannCrypt0r was an interesting step up in previous ransom ware for […]

Read More

New Apache Struts Zero Day Vulnerability Discovered

New Apache Struts Zero Day Vulnerability Discovered On the 6th March 2017 information security researchers have discovered a Zero-Day vulnerability in Apache Struts web application framework, which is being actively exploited in the wild and is under active attack. Apache Struts is a free, open-source, Model-View-Controller (MVC) framework for creating elegant, modern Java web applications, […]

Read More

Detecting and Exploiting the PHPMailer RCE

On the 25th of December 2016, a security researcher disclosed a critical security flaw within a popular PHP library used to send emails. The PHPMailer library is used by more than 9 million websites worldwide and is bundled with popular open source PHP content management systems such as WordPress. At worst the flaw could be […]

Read More

Scan & Secure WordPress with AppCheck

WordPress WordPress is the worlds leading Content Management System (CMS) accounting for approximately 27% of all websites on the Internet. As such, WordPress is a common target for malicious attackers and malware authors aiming to propagate malicious software by compromising websites. Almost all studies into the most commonly compromised CMS based websites list WordPress as […]

Read More

High Severity Joomla Vulnerability Patched

On the 25th of October 2016, the Joomla team issued a patch for a high severity security flaw that could allow a remote unauthenticated attacker to create administrative accounts on the target system. AppCheck was updated on the same day to detect and safely exploit the vulnerability. Our security researchers observed scanning for this flaw […]

Read More

Hunting HTML 5 PostMessage Vulnerabilities

Download Paper: Hunting postMessage Vulnerabilities Download Sample Code: sample code AppCheck partnered with Sec-1 Ltd (http://www.sec-1.com) to undertake a research project investigating the security challenges posed by next generation web applications. The project included an investigation of Cross-Origin communication mechanisms provided via HTML5 including postMessage and CORS. One of the key findings from the research […]

Read More

WordPress 4.5.1 Cross-Site Scripting (CVE-2016-4566)

WordPress versions 4.5.1 and earlier are affected by a XSS vulnerability through Plupload,the third-party library WordPress uses for uploading files. WordPress versions 4.2 through 4.5.1 are vulnerable to reflected XSS using specially crafted URIs through MediaElement.js, the third-party library used for media players. MediaElement.js and Plupload have also released updates fixing these issues. Scanning WordPress AppCheck NG includes […]

Read More
1 2 3