Security Research

CVE Research

Apache Wicket: Defeating Encrypted And Stateful URLs

Apache Wicket is an open-source, server-side, Java web application framework and used by quite a few big sites. It is discovered that the ‘encrypted url feature‘ is expected to protect from CSRF (Cross-Site Request Forgery) attacks, but it fails to provide enough protection against CSRF attacks Apac...

CVE Research

Adobe Security Updates for September 2017

Adobe has released four security updates for Adobe Flash Player (APSB17-28), Adobe RoboHelp(APSB17-28), and Adobe Cold Fusion (APSB17-30) which covers a total of 8 CVE’s.

CVE Research

APACHE STRUTS2 Remote Code Execution (CVE-2017-9805)

CVE Research

Foxit Critical Zero Day RCE Vulnerabilities

CVE Research

SMBLoris – An SMB DoS Vulnerability

SMBLoris is a remote, unauthenticated application-level denial of service (DoS) attack against Microsoft Windows operating systems. A vulnerability of this kind can be tracked using an appropriate vulnerability management tool. The Server Message Block (SMB) network protocol implementation causes it...

CVE Research

Patch Tuesday: Microsoft Security Bulletin Summary for August 2017

Microsoft August 2017 Patch Tuesday addresses 48 security vulnerabilities in six of it’s main product categories. Amoung these 25 CVE’s are rated as Critical, 21 are rated as Important and 2 are rated as Moderate. However, a vulnerability management tool can help detect these vulnerabilities.

CVE Research

Adobe Security Updates for August 2017

CVE Research

SCAP Feed Release : 01-Aug-2017

The following SCAP Release August 2017 content has been released to SCAP Repo and SecPod ANCOR. SecPod Saner will automatically pull the relevant content on its next scheduled update.

CVE Research

Adobe Security Updates for July 2017