The End of False Positives for Web and API Security Scanning?

July may positively disrupt and adrenalize the old-fashioned Dynamic Application Security Scanning DAST market, despite the coming holiday season. The pathbreaking innovation comes from ImmuniWeb, a global application security company, well known for, among other things, its free Community Editio...

4 Free Online Cyber Security Testing Tools For 2021

Set of must-have online security tools that we believe may make a real difference to your cybersecurity program and improve your 2021 budget planning. In September, Gartner published a list of "Top 9 Security and Risk Trends for 2020" putting a bold emphasis on the growing complexity and size of...

Free High-Tech Bridge ImmuniWeb Application Discovery service

Today I would like to talk about another service for application security analysis by High-Tech Bridge. It's called ImmuniWeb Application Discovery. This service can get information about your web and mobile applications available from the Internet. Believe me, this is not so obvious for a large...

Vulnerability Management for Network Perimeter

Network Perimeter is like a door to your organization. It is accessible to everyone and vulnerability exploitation does not require any human interactions, unlike, for example, phishing attacks. Potential attacker can automate most of his actions searching for an easy target. It's important not t...

WeBid 1.1.2P2 SQL Injection

Advisory ID: HTB23292 Product: WeBid Vendor: WeBid Vulnerable Versions: 1.1.2P2 and probably prior Tested Version: 1.1.2P2 Advisory Publication: January 22, 2016 without technical details Vendor Notification: January 22, 2016 Vendor Patch: February 4, 2016 Public Disclosure: February 17, 2016...

TestLink 1.9.14 SQL Injection

Advisory ID: HTB23288 Product: TestLink Vendor: TestLink Development Team Vulnerable Versions: 1.9.14 and probably prior Tested Version: 1.9.14 Advisory Publication: January 7, 2016 without technical details Vendor Notification: January 7, 2016 Vendor Patch: January 9, 2016 Public Disclosure:...

Oxwall 1.7.4 - Cross-Site Request Forgery

Oxwall 1.7.4 - Cross-Site Request Forgery Advisory ID: HTB23266 Product: Oxwall Vendor: http://www.oxwall.org Vulnerable Versions: 1.7.4 and probably prior Tested Version: 1.7.4 Advisory Publication: July 1, 2015 without technical details Vendor Notification: July 1, 2015 Vendor Patch: September ...

Oxwall 1.7.4 Cross Site Request Forgery

Advisory ID: HTB23266 Product: Oxwall Vendor: http://www.oxwall.org Vulnerable Versions: 1.7.4 and probably prior Tested Version: 1.7.4 Advisory Publication: July 1, 2015 without technical details Vendor Notification: July 1, 2015 Vendor Patch: September 8, 2015 Public Disclosure: October 22, 201...

SourceBans 1.4.11 Cross Site Scripting

Advisory ID: HTB23273 Product: SourceBans Vendor: Sourcebans team Vulnerable Versions: 1.4.11 and probably prior Tested Version: 1.4.11 Advisory Publication: October 2, 2015 without technical details Vendor Notification: October 2, 2015 Public Disclosure: October 22, 2015 Vulnerability Type:...

Reflected Cross-Site Scripting (XSS) in SourceBans

High-Tech Bridge Security Research Lab discovered vulnerability in SourceBans, which can be exploited to perform Cross-Site Scripting XSS attacks against web application users. The vulnerability exists due to insufficient filtration of input-data passed via the "advSearch" HTTP GET parameter to...

Reflected Cross-Site Scripting (XSS) in iTop

High-Tech Bridge Security Research Lab discovered vulnerability in iTop, which can be exploited to perform Cross-Site Scripting XSS attacks against web application users. iTop is a critical application, which is used to cover the entire set of ITIL processes. Successful attack on this web...

Cross-Site Scripting (XSS) in qTranslate WordPress Plugin

High-Tech Bridge Security Research Lab discovered vulnerability in qTranslate WordPress plugin, which can be exploited to perform Cross-Site Scripting XSS attacks against website administrators. Successful exploitation of this vulnerability may allow a remote attacker to gain complete control ove...

Arbitrary Variable Overwrite in eShop WordPress Plugin

Advisory ID: HTB23255 Product: eShop WordPress plugin Vendor: Rich Pedley Vulnerable Versions: 6.3.11 and probably prior Tested Version: 6.3.11 Advisory Publication: April 15, 2015 without technical details Vendor Notification: April 15, 2015 Public Disclosure: May 6, 2015 Vulnerability Type: Cod...

Revive Adserver 3.0.5 Cross Site Scripting

Advisory ID: HTB23242 Product: Revive Adserver Vendor: http://www.revive-adserver.com/ Vulnerable Versions: 3.0.5 and probably prior Tested Version: 3.0.5 Advisory Publication: November 12, 2014 without technical details Vendor Notification: November 12, 2014 Vendor Patch: December 17, 2014 Publi...

WordPress MaxButtons 1.26.0 Cross Site Scripting

Advisory ID: HTB23237 Product: MaxButtons WordPress plugin Vendor: Max Foundry Vulnerable Versions: 1.26.0 and probably prior Tested Version: 1.26.0 Advisory Publication: September 24, 2014 without technical details Vendor Notification: September 24, 2014 Vendor Patch: October 2, 2014 Public...

Reflected Cross-Site Scripting (XSS) in Textpattern

Advisory ID: HTB23223 Product: Textpattern Vendor: http://textpattern.com/ Vulnerable Versions: 4.5.5 and probably prior Tested Version: 4.5.5 Advisory Publication: July 9, 2014 without technical details Vendor Notification: July 9, 2014 Vendor Patch: September 20, 2014 Public Disclosure: October...

webEdition 6.3.8.0 (SVN-Revision: 6985) - Path Traversal

No description provided by source. Advisory ID: HTB23227 Product: webEdition Vendor: webEdition e.V. Vulnerable Versions: 6.3.8.0 SVN-Revision: 6985 and probably prior Tested Version: 6.3.8.0 SVN-Revision: 6985 Advisory Publication: August 6, 2014 without technical details Vendor Notification:...

webEdition 6.3.8.0 (SVN-Revision: 6985) - Directory Traversal

Advisory ID: HTB23227 Product: webEdition Vendor: webEdition e.V. Vulnerable Versions: 6.3.8.0 SVN-Revision: 6985 and probably prior Tested Version: 6.3.8.0 SVN-Revision: 6985 Advisory Publication: August 6, 2014 without technical details Vendor Notification: August 6, 2014 Vendor Patch: Septembe...

Reflected Cross-Site Scripting (XSS) in MaxButtons WordPress Plugin

High-Tech Bridge Security Research Lab discovered vulnerability in MaxButtons WordPress plugin, which can be exploited to perform Cross-Site Scripting XSS attacks against logged-in administrator. 1 Reflected Cross-Site Scripting XSS in MaxButtons wordpress plugin: CVE-2014-7181 Input passed via t...

Ilch CMS跨站脚本漏洞

CVE ID：CVE-2014-1944 Ilch CMS是一款内容管理系统。 由于传递到“/index.php/guestbook/index/newentry”URL的“text”的HTTP POST参数的用户数据没有充分过滤。远程未经认证的用户可以发送特制的HTTP POST请求，允许永久注入并执行任意HTML和脚本代码。 0 Ilch CMS 2.0 厂商补丁： Ilch CMS ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...