Product update: Dynamic API Scanning, Recommendations & Classifications, and more
We know the importance of staying ahead of threats. At Detectify, we’re committed to providing you with the tools you need to secure your applications …
New security tests, November 15, 2017: Image Resizer Exposure in .NET
Detectify
Another update, another batch of vulnerabilities. We have an interesting mix of new security test this week, including Sitecore, HashiCorp Consul and WordPress vulnerabilities. As always, don’t forget to run a scan to check if you’re vulnerable.
- Image Resizer Exposure in .NET (information finding that affects Sitecore and Episerver, among others)
- Exposure of /.mysql_history
- Exposure of /.pgsql_history
- CVE-2017-14619: phpMyFAQ XSS
- WordPress simple-login-log SQL Injection
- WordPress invite-anyone Object Injection
- WordPress hrm Authenticated SQL Injection
- WordPress userpro Authentication Bypass
- WordPress wp-support-plus-responsive-ticket-system CSRF/RCE
- WordPress qards SSRF
- WordPress wp-all-import XSS
- WordPress buddypress Authenticated Open Redirect
- WordPress caldera-forms Authenticated XSS
- WordPress wp-custom-fields-search XSS
- HasiCorp Consul Exposure
Check out more content
Infinite payloads? The future of API Testing with dynamic fuzzing
What if we told you that our newly released API Scanner has 922 quintillion payloads for a single type of vulnerability test? A quintillion is …
