X CLOSE

Enter your email below to sign up for latest updates from Appcheck NG.

News

Critical Joomla 3.7 SQL Injection Vulnerability Patched

On the 17th of May 2017, the Joomla team issued a patch for a high severity security flaw that could allow a remote unauthenticated attacker to execute arbitrary SQL queries on the target system. A malicious attacker could exploit this flaw to read, create, modify and delete data stored within the database. It is also […]

Read More

Detecting and Exploiting the PHPMailer RCE

On the 25th of December 2016, a security researcher disclosed a critical security flaw within a popular PHP library used to send emails. The PHPMailer library is used by more than 9 million websites worldwide and is bundled with popular open source PHP content management systems such as WordPress. At worst the flaw could be […]

Read More

Scan & Secure WordPress with AppCheck

WordPress WordPress is the worlds leading Content Management System (CMS) accounting for approximately 27% of all websites on the Internet. As such, WordPress is a common target for malicious attackers and malware authors aiming to propagate malicious software by compromising websites. Almost all studies into the most commonly compromised CMS based websites list WordPress as […]

Read More

High Severity Joomla Vulnerability Patched

On the 25th of October 2016, the Joomla team issued a patch for a high severity security flaw that could allow a remote unauthenticated attacker to create administrative accounts on the target system. AppCheck was updated on the same day to detect and safely exploit the vulnerability. Our security researchers observed scanning for this flaw […]

Read More

Hunting HTML 5 PostMessage Vulnerabilities

Download Paper: Hunting postMessage Vulnerabilities Download Sample Code: sample code AppCheck partnered with Sec-1 Ltd (http://www.sec-1.com) to undertake a research project investigating the security challenges posed by next generation web applications. The project included an investigation of Cross-Origin communication mechanisms provided via HTML5 including postMessage and CORS. One of the key findings from the research […]

Read More

Adobe Fixes HTML5 PostMessage Security Flaw

AppCheck NG has identified a significant security flaw affecting a common JavaScript component provided as part of the Adobe Marketing Cloud. The flaw affected many high profile applications including several banking sites and well known .com organisations, and has now been fixed by the vendor. When imported, the affected JavaScript components adds a vulnerable postMessage […]

Read More

Critical Security Flaw Patched in Magento Blog Extension (CVE-2015-3428)

Background The aheadWorks Blog extension for Magento prior to version 1.3.10 is vulnerable to a critical SQL Injection security flaw. A remote unauthenticated attacker could exploit this vulnerability to take complete control of the affected Magento server and database. With almost 80,000 downloads at the time of writing, the affected component is the most popular […]

Read More

Critical Microsoft Web Services (IIS) Flaw Patched (MS15-034)

Microsoft has released a patch for a critical remote code execution vulnerability in the Windows HTTP Stack for all supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2. The flaw could allow an unauthenticated attacker to take complete control of the affected web […]

Read More

AppCheck NG Acknowledged by Microsoft, EBay, AT&T and Adobe

Advanced Vulnerability Detection The Appcheck NG Web Application scanner is developed in conjunction with a team of around 20 experienced penetration testers and as such deploys the very latest techniques in vulnerability detection from the front lines. Included in those techniques is our ability to detect DOM Based Cross Site Scripting vulnerabilities using a combination […]

Read More

Security Flaw Fixed in Popular Joomla Extension VirtueMart (CVE-2015-2193)

On the 10th of February 2015 Appcheck reported several security flaws in the popular VirtueMart eCommerce extension for Joomla (Version 3.0.2). A fix has since been made available via http://virtuemart.net/ although no official announcement was released by the vendor. Cross Site Scripting (XSS) Cross Site Scripting (XSS) vulnerabilities occur when data submitted to the application […]

Read More