Author Archives: Gary O'leary-Steele

Hunting HTML 5 postMessage Vulnerabilities

Download Paper: Hunting postMessage Vulnerabilities Download Sample Code: sample code Sec-1 Ltd partnered with AppCheck.com to undertake a research project investigating the security challenges posed by next generation web applications. The project included an investigation of Cross-Origin communication mechanisms provided … Continue reading

Posted in News, Tools, White Papers | Comments Off on Hunting HTML 5 postMessage Vulnerabilities

Critical: Remote Command Execution in WordPress Form Manager Plugin (CVE-2015-7806)

Sec-1 Security Advisory Advisory Name : Critical: Remote Command Execution in WordPress Form Manager Plugin Discovery Date : 09/10/2015 Release Date : 12/10/2015 Application :

Posted in Advisories | Comments Off on Critical: Remote Command Execution in WordPress Form Manager Plugin (CVE-2015-7806)

Critical Vulnerability in Magento Platform

Researchers have identified a serious vulnerability in Magento, the popular e-commerce platform owned by eBay. This critical flaw in the Magento eCommerce platform exposes online shops to serious risk by allowing malicious hackers to access credit card data or execute … Continue reading

Posted in Advisories, News | Comments Off on Critical Vulnerability in Magento Platform

50,000 Websites Hacked Through Critical WordPress Vulnerability.

Over 50,000 websites have been compromised within the first three weeks following the disclosure of a critical vulnerability in the MailPoet plugin (formerly known as Wysija Newsletter) for WordPress. The vulnerability allows the attacker to upload any content including PHP script … Continue reading

Posted in Uncategorized | Comments Off on 50,000 Websites Hacked Through Critical WordPress Vulnerability.

Apache Struts vulnerability – use AppCheck NG to discover if you are affected.

Appcheck NG Scan Sign-up Background Apache Struts 2 is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model–view–controller (MVC) architecture. On April 24th … Continue reading

Posted in Advisories, News | Comments Off on Apache Struts vulnerability – use AppCheck NG to discover if you are affected.

ShareCheck Windows Enumeration Tool v2.0

Sec-1 ShareCheck was written during a penetration test to assess a given IP Address range for weak file share permissions Continue reading

Posted in Tools | 2 Comments