How Internal Scanning works: Q&A with Detectify’s product expert
Security doesn’t stop at the perimeter. The “inside” of your network often harbors many overlooked risks. To address this, ealier this year we launched Detectify Internal …
New security tests, November 15, 2017: Image Resizer Exposure in .NET
Detectify
Another update, another batch of vulnerabilities. We have an interesting mix of new security test this week, including Sitecore, HashiCorp Consul and WordPress vulnerabilities. As always, don’t forget to run a scan to check if you’re vulnerable.
- Image Resizer Exposure in .NET (information finding that affects Sitecore and Episerver, among others)
- Exposure of /.mysql_history
- Exposure of /.pgsql_history
- CVE-2017-14619: phpMyFAQ XSS
- WordPress simple-login-log SQL Injection
- WordPress invite-anyone Object Injection
- WordPress hrm Authenticated SQL Injection
- WordPress userpro Authentication Bypass
- WordPress wp-support-plus-responsive-ticket-system CSRF/RCE
- WordPress qards SSRF
- WordPress wp-all-import XSS
- WordPress buddypress Authenticated Open Redirect
- WordPress caldera-forms Authenticated XSS
- WordPress wp-custom-fields-search XSS
- HasiCorp Consul Exposure
Check out more content
Introducing PCI ASV Scanning: Continuous attack surface compliance in partnership with Clone Systems
Maintaining a secure external attack surface is no longer just about finding vulnerabilities; it’s about proving your resilience to partners, auditors, and regulatory bodies. Today, …
