AppCheck Security Blog
Featured post
AppCheck Scan Template for Pulse Secure CVE-2019-11510
/ Posted January 09, 2020
AppCheck have released a scan template which will run a quicker scan and check for the above vulnerability. Specifically, the module will look to detect a critical security flaw in Pulse Secure’s Zero Trust Remote Access VPN.
read moreFilter by:
AppCheck Scan Template for Pulse Secure CVE-2019-11510
Product Research Security Alerts / Posted January 09, 2020
AppCheck have released a scan template which will run a quicker scan and check for the above vulnerability. Specifically, the module will look to detect a critical security flaw in Pulse Secure’s Zero Trust Remote Access VPN.
Read moreAppCheck Scan Template for Citrix Vulnerability CVE-2019-19781
Product Research Security Alerts / Posted January 09, 2020
AppCheck have released a scan template to detect a remote code execution flaw in Citrix appliances.
Read moreAppCheck Plug-in for Citrix Vulnerability CVE-2019-19781
Product Research Security Alerts / Posted December 18, 2019
AppCheck have released a plug-in to detect a remote code execution flaw in Citrix appliances.
Read moreUnicode Normalization Vulnerabilities & the Special K Polyglot
Research / Posted September 02, 2019
Many applications and systems have adopted Unicode as a method of encoding and storing string data. This blog post looks at some of the security flaws that can arise due to Unicode Normalization in modern web applications.
Read moreNew feature announcement: Subdomain takeover audit
Product Research Security Alerts / Posted June 18, 2019
AppCheck has released a new detection module available to all customers to scan for subdomain takeover vulnerabilities.
Read moreSAP Hybris Commerce CVE-2018-2505 Vulnerability Discovered
News Research Security Alerts / Posted March 18, 2019
The AppCheck research team identified a security flaw (CVE-2018-2505) within SAP Hybris affecting many large online retailers. The security flaw was due to an insecure JavaScript library that allows malicious JavaScript to be injected into a user’s session with the affected Hybris application.
Read moreAdvisory: Remote Code Execution Traccar Server <=4.0 (AC-2018-10-8-1)
Research Security Alerts / Posted December 04, 2018
Our security team discovered a Remote Code Execution (RCE) vulnerability in the GPS vehicle tracking system Traccar (version <= 4.0). This allows an attacker to compromise the server’s host via a self-registered user account.
Read moreAppCheck Discovers Vulnerability in Auth0 Library (CVE-2017-17068)
Research Security Alerts / Posted December 13, 2017
AppCheck discovered a security flaw within the auth0.js JavaScript library that could be exploited by a malicious website to read sensitive access tokens cross-domain.
Read moreDetecting and Exploiting the PHPMailer RCE
Research Security Alerts / Posted January 04, 2017
On the 25th of December 2016, a security researcher disclosed a critical security flaw within a popular PHP library used to send emails. The PHPMailer library is used by more than 9 million websites worldwide and is bundled with popular open source PHP content management systems such as WordPress. At worst the flaw could be exploited to execute arbitrary PHP code on the affected system. This would allow the remote attacker to take complete control of the application and launch further attacks against the system and internal network. PHPMailer versions below 5.2.20 are affected along with a number of other libraries that include the vulnerable code; such as SwiftMail and the Zend Framework.
Read moreHunting HTML 5 PostMessage Vulnerabilities
News Product Research / Posted August 10, 2016
AppCheck partnered with Sec-1 Ltd to undertake a research project investigating the security challenges posed by next generation web applications. The project included an investigation of Cross-Origin communication mechanisms provided via HTML5 including postMessage and CORS.
One of the key findings from the research shows that vulnerabilities introduced through an insecure postMessage implementation are frequently missed by security scanners and consultants performing manual review.
Read more- 1
- 2