107 matches found
EUVD-2025-21745
Malicious code in bioql PyPI...
CVE-2025-34126
A path traversal vulnerability exists in RIPS Scanner version 0.54. The vulnerability allows remote attackers to read arbitrary files on the system with the privileges of the web server by sending crafted HTTP GET requests to the 'windows/code.php' script with a manipulated 'file' parameter. This...
CVE-2025-34126
A path traversal vulnerability exists in RIPS Scanner version 0.54. The vulnerability allows remote attackers to read arbitrary files on the system with the privileges of the web server by sending crafted HTTP GET requests to the 'windows/code.php' script with a manipulated 'file' parameter. This...
CVE-2025-34126
The connected sources confirm CVE-2025-34126 is a path-traversal flaw in RIPS Scanner v0.54 that allows remote attackers to read arbitrary files via the windows/code.php?file= parameter. Impact is information disclosure with network access and no privileges required per the CVSS data (AV:N/AC:L/P...
CVE-2025-34126 RIPS Scanner v0.54 Path Traversal
A path traversal vulnerability exists in RIPS Scanner version 0.54. The vulnerability allows remote attackers to read arbitrary files on the system with the privileges of the web server by sending crafted HTTP GET requests to the 'windows/code.php' script with a manipulated 'file' parameter. This...
CVE-2025-34126 RIPS Scanner v0.54 Path Traversal
A path traversal vulnerability exists in RIPS Scanner version 0.54. The vulnerability allows remote attackers to read arbitrary files on the system with the privileges of the web server by sending crafted HTTP GET requests to the 'windows/code.php' script with a manipulated 'file' parameter. This...
RIPS 安全漏洞
RIPS is a static code analysis tool from the RIPS open source. A security vulnerability exists in RIPS version 0.54, which stems from a path traversal attack that could lead to reading arbitrary files on the system...
PT-2025-29888 · Unknown · Rips Scanner
Name of the Vulnerable Software and Affected Versions: RIPS Scanner version 0.54 Description: A path traversal vulnerability exists that allows remote attackers to read arbitrary files on the system with the privileges of the web server. This is achieved by sending crafted HTTP GET requests to th...
RIPS Scanner Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'RIPS Scanner Directory Traversal', 'Description' = %q This module exploits a directory traversal vulnerability in the RIPS Scanner v0.54, allowin...
WordPress < 5.5.2 - Stored XSS in Post Slugs
Description The release notes state: "Thanks to Karim El Ouerghemmi from RIPS who disclosed a method to store XSS in post slugs."...
WordPress < 5.4.2 - Misuse of set-screen-option Leading to Privilege Escalation
Description Props to Simon Scannell of RIPS Technologies for finding an issue where set-screen-option can be misused by plugins leading to privilege escalation...
RIPS and SonarSource are Joining Forces
You can read the official announcement here. This acquisition reinforces our journey of pioneering in the field of static analysis and honours the work of our passionate team in Bochum. What started out 10 years ago as an open source project evolved into a state-of-the-art security solution that...
RIPS Scores a Perfect 100% at OWASP Benchmark
Comparing different SAST solutions with one another is no trivial task. Indeed, beyond some straightforward criteria such as a tools speed, usability, or integration options, the quintessential question is: How well does it perform in detecting actual vulnerabilities in your code? Benchmark Metri...
RIPS 3.4 Supports Node.js Security Analysis
Node.js Support Over the last year, our engineers worked hard to apply our static code analysis algorithms from Java and PHP to a new JavaScript engine. The result is our third language specific analysis engine which accounts for all code features, characteristics, and flavors of the highly dynam...
Integrate Security Testing with GitHub Actions
GitHub Actions GitHub announced their own CI/CD system which is integrated into the user interface and called Github Actions. We added RIPS to the GitHub marketplace which enables you to integrate our leading code analysis directly into your GitHub workflow. It works as a security gateway and fai...
RIPS 3.3: Scaling Security Testing to Large Teams
Data Center Edition Automated security testing with RIPS is typically performed when a new code feature is merged into the development branch. But when security scanning is shifted left to the developers who scan every single code commit, the total amount of scans increases significantly. As a...
Official Code Analysis Partner for TYPO3
RIPS Technologies and TYPO3 are proud to announce their new technical partnership. TYPO3 will be using RIPS industry-leading code analysis solution to continuously scan the TYPO3 code base for security vulnerabilities and weaknesses. CEO Johannes Dahse explains: “This partnership represents anoth...
Drive By RCE Exploit in Pimcore 6.2.0
We have scanned Pimcore 6.2.0 and identified multiple critical vulnerabilities including a command injection vulnerability and SQL injection vulnerability which both can be exploited into a full remote code execution. Both vulnerabilities were fixed in Pimcore 6.2.1. The truncated analysis result...
Critical Flaws in 'OXID eShop' Software Expose eCommerce Sites to Hacking
If your e-commerce website runs on the OXID eShop platform, you need to update it immediately to prevent your site from becoming compromised. Cybersecurity researchers have discovered a pair of critical vulnerabilities in OXID eShop e-commerce software that could allow unauthenticated attackers t...
WARNING: Pre-Auth Takeover of OXID eShops
OXID eShop is an e-commerce shop software originating from Germany and its enterprise edition is used by industry leaders such as Mercedes, BitBurger and Edeka. In this technical blog post we will show you how an unauthenticated attacker gains Remote Code Execution in OXID eShop running the lates...