Introducing Dynamic API Scanning
Application environments are more complex than ever, with APIs forming the critical connective tissue. But this proliferation has created a vast, often invisible, attack surface. …
New security tests, November 15, 2017: Image Resizer Exposure in .NET
Detectify
Another update, another batch of vulnerabilities. We have an interesting mix of new security test this week, including Sitecore, HashiCorp Consul and WordPress vulnerabilities. As always, don’t forget to run a scan to check if you’re vulnerable.
- Image Resizer Exposure in .NET (information finding that affects Sitecore and Episerver, among others)
- Exposure of /.mysql_history
- Exposure of /.pgsql_history
- CVE-2017-14619: phpMyFAQ XSS
- WordPress simple-login-log SQL Injection
- WordPress invite-anyone Object Injection
- WordPress hrm Authenticated SQL Injection
- WordPress userpro Authentication Bypass
- WordPress wp-support-plus-responsive-ticket-system CSRF/RCE
- WordPress qards SSRF
- WordPress wp-all-import XSS
- WordPress buddypress Authenticated Open Redirect
- WordPress caldera-forms Authenticated XSS
- WordPress wp-custom-fields-search XSS
- HasiCorp Consul Exposure
Check out more content
Redefining AppSec Testing with Intelligent Scan Recommendations and Asset Classification
The average organization is missing testing 9 out of 10 of their complex web apps that are attacker-attractive targets. To address this, we’re launching new …
