AppCheck Security Blog

FEATURED POST

AppCheck & The OWASP Top 10 Privacy Risks

read more
Filter by:
View all
Case Studies
Events
General
News
Product
Research
Security Alerts
Appcheck - icons

**CRITICAL RISK** CVE-2023-26369 Being Actively Exploited: Adobe Acrobat (Multiple Versions) – Unauthorised Execution of Arbitrary Code via Out-of-Bounds Write

Adobe Acrobat is a family of application software and Web services developed by Adobe Inc. to view, create, manipulate, print and manage Portable Document Format (PDF) files. The family comprises Acrobat Reader (formerly Reader), Acrobat (formerly Exchange) and Acrobat.com. The basic Acrobat Reader, available for several desktop and mobile platforms, is freeware; it supports viewing, printing, scaling or resizing and annotating of PDF files. It is currently available for Windows, macOS, iOS, and Android users only.
Read More
Appcheck - icons

**CRITICAL RISK** CVE-2023-20269 Being Actively Exploited: Brute Force of Authentication Mechanism via Exploit of Improper Control of Interaction Frequency

A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or an authenticated, remote attacker to establish a clientless SSL VPN session with an unauthorized user.
Read More
Appcheck - icons

CVE-2023-36761: Microsoft Word (Multiple Versions) – Disclosure of Sensitive NTLM Hashes to Unauthorised Actors via Preview Pane

Microsoft Word is a word processor developed by Microsoft. It was first released on October 25, 1983, under the name Multi-Tool Word for Xenix systems. Commercial versions of Word are licensed as a standalone product or as a component of Microsoft 365 suite of software, which can be purchased either with a perpetual license or as part of a Microsoft 365 subscription, respectively.
Read More
Appcheck - icons

**CRITICAL RISK** CVE-2023-33246 Apache RocketMQ < v4.9.6 / 5.1.1 – Unauthorised Remote Execution of Arbitrary Commands via Code Injection in Update Configuration Function

Apache RocketMQ is a distributed messaging and streaming platform with low latency, high performance and reliability, trillion-level capacity and flexible scalability. It is the third generation distributed messaging middleware open sourced by Alibaba in 2012. On November 21, 2016, Alibaba donated RocketMQ to the Apache Software Foundation. Apache RocketMQ is one of the most popular and widely used distributed messaging and streaming platforms.
Read More
Appcheck - icons

What are Unvalidated Redirects, and why are they a security issue?

In this blog post we look at what vulnerabilities can occur when web applications fail to validate redirect URLS, and the impact should these be exploited, as well as how they can best be protected against.
Read More
Appcheck - icons

**CRITICAL RISK** CVE-2023-26359 Adobe Coldfusion 2018 / 2021 – Arbitrary Code Execution via Unsafe Deserialization of Untrusted Data

Adobe ColdFusion is a commercial rapid web-application development computing platform (The programming language used with that platform is also commonly called ColdFusion, though is more accurately known as CFML.) ColdFusion was originally designed to make it easier to connect simple HTML pages to a database. By version 2 (1996) it had become a full platform that included an IDE in addition to a full scripting language.
Read More

Get in touch

Start your free trial

Simply complete the form and we’ll send you all you need to activate AppCheck and undertake your FREE scan.
Your details
IP Addresses
URLs