AppCheck Security Blog
Featured post
Advisory: CVE-2020-29045 - Unauthenticated RCE via Arbitrary Object Deserialisation in Five Star Restaurant Menu - WordPress Ordering Plugin
/ Posted March 10, 2021
It is possible to gain Unauthenticated Remote Code Execution (RCE) on any WordPress instance that is using this plugin, due to the unsafe use of unserialize for the parsing of unsanitised user input, via the cookie fdm_cart used within includes/class-cart-manager.php
read moreFilter by:
Advisory: CVE-2020-29045 - Unauthenticated RCE via Arbitrary Object Deserialisation in Five Star Restaurant Menu - WordPress Ordering Plugin
Research Security Alerts / Posted March 10, 2021
It is possible to gain Unauthenticated Remote Code Execution (RCE) on any WordPress instance that is using this plugin, due to the unsafe use of unserialize for the parsing of unsanitised user input, via the cookie fdm_cart used within includes/class-cart-manager.php
Read moreAdvisory: CVE-2020-29047 - Unauthenticated RCE via Arbitrary Object Deserialisation in WordPress Hotel Booking Plugin
Research Security Alerts / Posted March 03, 2021
CVE: CVE-2020-29047
Severity: HIGH
Vulnerability Type: CWE-502: Deserialization of Untrusted Data
Requires Authentication: No
vBulletin Zero Day Details & Plug-in
News Product Security Alerts / Posted August 10, 2020
Security researcher Amir Etemadieh has released a pre-authentication zero-day remote command execution (RCE) exploit in vBulletin. This exploit is bypasses the patch for a previous RCE in vBulletin 5.0 through 5.4 and has since been assigned CVE-2019-16759.
Read moreSaltStack scanning tool to detect CVE-2020-11651 & CVE-2020-11652
Product Research Security Alerts / Posted May 05, 2020
These CVE's are now being actively exploited in the wild and so we have created a free standalone scanner to detect and report on these.
Read moreCritical Vulnerabilities in SaltStack CVE-2020-11651 & CVE-2020-11652
Security Alerts / Posted May 01, 2020
Vulnerabilities within SaltStack infrastructure automation software may lead to RCE attacks and full system takeover. According to security researchers who found these vulnerabilities, attacks are expected in the wild as soon as today.
Read moreGhostCat Vulnerability - CVE-2020-1938
Security Alerts / Posted February 27, 2020
Aside from being a – by all accounts truly terrible – direct-to-TV movie about a recently deceased cat who comes back from the dead to try and stop scammers and wealthy businessmen from making unnecessary land-development deals, “Ghostcat” is also the fond nickname for vulnerability CVE-2020-1938.
Read moreAppCheck Scan Template for Pulse Secure CVE-2019-11510
Product Research Security Alerts / Posted January 09, 2020
AppCheck have released a scan template which will run a quicker scan and check for the above vulnerability. Specifically, the module will look to detect a critical security flaw in Pulse Secure’s Zero Trust Remote Access VPN.
Read moreAppCheck Scan Template for Citrix Vulnerability CVE-2019-19781
Product Research Security Alerts / Posted January 09, 2020
AppCheck have released a scan template to detect a remote code execution flaw in Citrix appliances.
Read moreAppCheck Plug-in for Citrix Vulnerability CVE-2019-19781
Product Research Security Alerts / Posted December 18, 2019
AppCheck have released a plug-in to detect a remote code execution flaw in Citrix appliances.
Read moreMacy's falls victim to hack exposing customer data
Security Alerts / Posted November 20, 2019
Popular department store Macy's looks to have been hit with a card skimming hack.
The hack appears very similar to those conducted by hacking group Magecart who have historically targeted Airline giants British Airways as well as online ticket sales company Ticketmaster, amongst others.