WARNING: Pre-Auth Takeover of OXID eShops

OXID eShop is an e-commerce shop software originating from Germany and its enterprise edition is used by industry leaders such as Mercedes, BitBurger and Edeka. In this technical blog post we will show you how an unauthenticated attacker gains Remote Code Execution in OXID eShop running the lates...

Pydio 8.2.1 Unauthenticated Remote Code Execution

Impact The vulnerability, a PHP object injection, was fixed in the latest security release of Pydio. Affected are all installations below version 8.2.2 with default settings. The vulnerability allowed remote attackers to perform a full takeover of the filesharing system, leading to remote access ...

Scan, Verify and Patch in Minutes: TikiWiki 17.1 SQLi

TikiWiki is an open source software that offers a wiki-style based content management system. It has more than 1.25 million downloads and a large code base of around 1.7 million lines of code. In this blog post, we demonstrate step by step how we used our leading RIPS Code Analysis solution to...

Security Analysis with SonarQube Plugin

SonarQube Figure 1: The SonarQube dashboard lists security vulnerabilities detected by RIPS code analysis. Global organizations use SonarQube to concentrate different quality analysis tools in one place for easy management, maintenance, and learning potential of findings. Seasoned developers are...