Enter your email below to sign up for latest updates from Appcheck NG.

Monthly Archives: October 2015

Critical: Remote Command Execution in WordPress Form Manager Plugin (CVE-2015-7806)

On the 9th October researchers at AppCheck NG discovered a critical Remote Command Execution (RCE) in the popular WordPress plugin Form Manager which allows an attacker with an unprivileged account (including a self-registered account) to execute arbitrary commands on the host.  The vulnerability was reported and fixed on the 12th October. Demonstration Video See details and […]

Read More

Detecting Delayed Execution Vulnerabilities

AppCheck Sentinel Blind XSS Video Demo AppCheck Sentinel is an external monitoring system designed to detect Out-of-Band events such as DNS Lookups and HTTP requests. Its’ function in Web Application scanning is to aid the detection of vulnerabilities that cannot be identified through the use of conventional scanning techniques. Traditional Scanning Techniques Traditionally, vulnerabilities such […]

Read More