DefenseCode ThunderScan SAST Advisory
SugarCRM Community Edition Multiple SQL Injection Vulnerabilities
Advisory ID: DC-2018-01-011
Advisory Title: SugarCRM Community Edition Multiple SQL Injection
Vulnerabilities
Advisory URL: http://www.defensecode.com/advisories.php
Software
DefenseCode ThunderScan SAST Advisory: WordPress Testimonial Slider
Plugin SQL injection Security Vulnerability
Advisory ID: DC-2018-01-005
Advisory Title: WordPress Testimonial Slider Plugin SQL injection
Security Vulnerability
Advisory URL: http://www.defensecode.com
DefenseCode ThunderScan SAST Advisory: WordPress Smooth Slider Plugin
SQL injection Security Vulnerability
Advisory ID: DC-2018-01-004
Advisory Title: WordPress Smooth Slider Plugin SQL injection
Security Vulnerability
Advisory URL: http://www.defensecode.com/advisories.php
DefenseCode ThunderScan SAST Advisory: WordPress Dbox 3D Slider Lite
Multiple SQL injection Security Vulnerabilities
Advisory ID: DC-2017-01-003
Advisory Title: WordPress Dbox 3D Slider Lite Plugin Multiple
SQL injection Security Vulnerabilities
Advisory URL: http
DefenseCode ThunderScan SAST Advisory: WordPress Booking Calendar
Multiple Security Vulnerabilities
Advisory ID: DC-2017-12-005
Advisory Title: WordPress Booking Calendar Plugin Multiple Vulnerabilities
Advisory URL: http://www.defensecode.com/advisories.php
Software
DefenseCode ThunderScan SAST Advisory: WordPress Clean Up Optimizer
Plugin Security Vulnerability
Advisory ID: DC-2017-12-004
Advisory Title: WordPress Clean Up Optimizer Plugin Security Vulnerability
Advisory URL: http://www.defensecode.com/advisories.php
Software
DefenseCode ThunderScan SAST Advisory: WordPress Top-10 Plugin
SQL Injection Security Vulnerability
Advisory ID: DC-2017-12-003
Advisory Title: WordPress Top-10 Plugin SQL Injection Security Vulnerability
Advisory URL: http://www.defensecode.com/advisories.php
Software
DefenseCode ThunderScan SAST Advisory
WordPress Ad Widget Plugin Local File Inclusion
Security Vulnerability
Advisory ID: DC-2017-01-001
Advisory Title: WordPress Ad Widget Plugin Local file Inclusion
Security Vulnerability
Advisory URL: http
DefenseCode ThunderScan SAST Advisory
WordPress Simple Login Log Plugin Multiple SQL Injection
Security Vulnerabilities
Advisory ID: DC-2017-01-013
Advisory Title: WordPress Simple Login Log Plugin Multiple SQL
Injection Security Vulnerabilities
Advisory
DefenseCode Security Advisory
Magento Commerce CSRF, Stored Cross Site Scripting
Advisory ID: DC-2017-09-002
Advisory Title: Magento CSRF, Stored Cross Site Scripting
Advisory URL:
http://www.defensecode.com/advisories/DC-2017-09-002_Magento_CSRF_Stored_Cross_Site_Scripting.pdf
DefenseCode Security Advisory
Magento Commerce CSRF, Stored Cross Site Scripting
Advisory ID: DC-2017-09-001
Advisory Title: Magento CSRF, Stored Cross Site Scripting
Advisory URL:
http://www.defensecode.com/advisories/DC-2017-09-001_Magento_CSRF_Stored_Cross_Site_Scripting.pdf
DefenseCode ThunderScan SAST Advisory
WordPress Easy Modal Plugin
Multiple Security Vulnerabilities
Advisory ID:DC-2017-01-007
Advisory Title: WordPress Easy Modal Plugin Multiple Vulnerabilities
Advisory URL: http://www.defensecode.com
DefenseCode Security Advisory
IBM Informix DB-Access Buffer Overflow
Advisory ID: DC-2017-04-001
Advisory Title: IBM Informix DB-Access Buffer Overflow
Advisory URL:
http://www.defensecode.com/advisories/DC-2017-04-001_IBM_Informix_DB-Access_Buffer_Overflow.pdf
Software: IBM
DefenseCode Security Advisory
IBM DB2 Command Line Processor Buffer Overflow
Advisory ID: DC-2017-04-002
Advisory Title: IBM DB2 Command Line Processor Buffer Overflow
Advisory URL:
http://www.defensecode.com/advisories/IBM_DB2_Command_Line_Processor_Buffer_Overflow.pdf
Software
DefenseCode ThunderScan SAST Advisory
WordPress No External Links Plugin
Security Vulnerability
Advisory ID:DC-2017-01-022
Advisory Title: WordPress No External Links Plugin Security
Vulnerability
Advisory URL: http://www.defensecode.com
DefenseCode ThunderScan SAST Advisory
WordPress Simple Slideshow Manager Plugin
Multiple Security Vulnerabilities
Advisory ID:DC-2017-02-016
Advisory Title: WordPress Simple Slideshow Manager Plugin Multiple
Vulnerabilities
Advisory URL: http
DefenseCode ThunderScan SAST Advisory
WordPress AffiliateWP Plugin
Security Vulnerability
Advisory ID:DC-2017-05-05
Advisory Title: WordPress AffiliateWP Plugin Security Vulnerability
Advisory URL: http://www.defensecode.com
DefenseCode ThunderScan SAST Advisory
WordPress Huge-IT Video Gallery Plugin
Security Vulnerability
Advisory ID:DC-2017-01-009
Advisory Title: WordPress Huge-IT Video Gallery plugin SQL injection
vulnerability
Advisory URL: http
theft, affecting the default configuration of the most popular
browser in the world today, Google Chrome, as well as all Windows versions
supporting it.
Full paper URL:
http://www.defensecode.com/news_article.php?id=21
Regards,
DefenseCode Team
http://www.defensecode.com/
https://twitter.com
DefenseCode ThunderScan SAST Advisory
GOOGLE google-api-php-client
Multiple Security Vulnerabilities
Advisory ID: DC-2017-04-012
Advisory Title: google-api-php-client Multiple XSS Vulnerabilities
Advisory URL:
http://defensecode.com/advisories/DC-2017-04
DefenseCode WebScanner DAST Advisory
WordPress User Access Manager Plugin
Security Vulnerability
Advisory ID: DC-2017-01-021
Advisory Title: WordPress User Access Manager Plugin Cross Site
Scripting vulnerability
Advisory URL:
http
DefenseCode ThunderScan SAST Advisory
WordPress Tracking Code Manager Plugin
Multiple Security Vulnerabilities
Advisory ID: DC-2017-01-020
Advisory Title: WordPress Tracking Code Manager Plugin Multiple
Vulnerabilities
Advisory URL:
http://www.defensecode.com
DefenseCode ThunderScan SAST Advisory
WordPress WebDorado Gallery Plugin
SQL Injection Vulnerability
Advisory ID: DC-2017-02-011
Software: WordPress WebDorado Gallery Plugin
Software Language: PHP
Version: 1.3.29 and below
Vendor Status: Vendor contacted
DefenseCode ThunderScan SAST Advisory
WordPress Spider Event Calendar Plugin
SQL Injection Vulnerability
Advisory ID: DC-2017-01-017
Software: WordPress Spider Event Calendar Plugin
Software Language: PHP
Version: 1.5.49 and below
Vendor Status: Vendor
DefenseCode ThunderScan SAST Advisory
WordPress Facebook Plugin
SQL Injection Vulnerability
Advisory ID: DC-2017-04-011
Software: WordPress Facebook Plugin
Software Language: PHP
Version: 1.0.13 and below
Vendor Status: Vendor contacted
DefenseCode ThunderScan SAST Advisory
Ultimate Form Builder
Cross-Site Scripting (XSS) Vulnerability
Advisory ID: DC-2017-01-027
Software: Ultimate Form Builder WordPress plugin
Software Language: PHP
Version: Various
Vendor Status: Vendor contacted
DefenseCode ThunderScan SAST Advisory
WordPress AccessPress Social Icons Plugin
Multiple SQL injection Security Vulnerabilities
Advisory ID: DC-2017-03-005
Software: WordPress AccessPress Social Icons plugin
Software Language: PHP
Version: 1.6.6 and below
Vendor
DefenseCode Security Advisory
Magento 0day Arbitrary File Upload Vulnerability
(Remote Code Execution, CSRF)
Advisory ID: DC-2017-04-003
Software: Magento CE
Software Language: PHP
Version: 2.1.6 and below
Vendor Status: Vendor contacted / Not fixed
Release
DefenseCode ThunderScan SAST Advisory
53+ WordPress plugins by BestWebSoft Multiple
Cross-Site Scripting (XSS) Vulnerabilities
Advisory ID: DC-2017-02-014
Software: 53+ WordPress plugins by BestWebSoft
Software Language: PHP
Version: Various
Vendor Status: Vendor contacted
DefenseCode ThunderScan SAST Advisory
WordPress Tribulant Slideshow Gallery Plugin - Cross-Site Scripting
Vulnerabilities
Advisory ID: DC-2017-01-014
Software: WordPress Tribulant Slideshow Gallery plugin
Software Language: PHP
Version: 1.6.4 and below
Vendor Status: Vendor
lenty unpatched routers out there.
# About DefenseCode
DefenseCode L.L.C. delivers products and services designed to analyze
and test web, desktop and mobile applications for security vulnerabilities.
DefenseCode ThunderScan is a SAST (Static Application Security Testing,
WhiteBox Testing) sol
DefenseCode ThunderScan SAST Advisory
Apache Tomcat Directory/Path Traversal
Advisory ID: DC-2017-03-001
Software: Apache Tomcat
Software Language:Java
Version:7.0.76 (probably 9, 8 and 6 branches also)
Vendor Status: Vendor contacted
Hi,
We wanted to inform all major *nix distributions via our responsible
disclosure policy about this problem before posting it, because it is
highly likely that this problem could lead to local root access on many
distributions. But, since part of this research contained in the document
was menti
33 matches
Mail list logo
