Genericons DOM-based XSS Vulnerability

Hundreds of WordPress themes and plugins that make use of the Genericons package, could be vulnerable to a DOM-based XSS vulnerability affecting millions of WordPress installations. Genericons are versatile vector icons embedded in a webfont from Automattic (the creators of WordPress). The vulnerability resides in the examples.html file included in the Genericons package by default. […]

Read More →

How to configure a Free Scan Target in Acunetix OVS

Acunetix OVS users can configure Free Scan Targets which can be scanned for network vulnerabilities. These can be easily added to your Acunetix OVS account. Login to Acunetix OVS from https://ovs.acunetix.com From Scan Targets, select Add Scan Target Configure the new scan target If you are a customer, select “Free Scan Target (Network Scans Only)” […]

Read More →

What is a “Free Scan Target”?

A “Free Scan Target” is a network server that can be configured in Acunetix OVS and which can be scanned for network vulnerabilities. During the trial, Acunetix OVS users can configure up to 3 scan targets to test Acunetix. These Scan Targets will be automatically converted to Free Scan Targets after the Acunetix OVS trial […]

Read More →

What the Verizon Report 2015 tells us about web app attacks

Verizon’s annual report, now in its eighth year, analyzes breach intelligence and data from multiple sources, including customers of Verizon’s forensics response division and customers of FireEye, the firm that investigated the recent hack of Sony Pictures Entertainment. It also examines data from cases investigated by law enforcement agencies, and from government and industry computer […]

Read More →

WordPress 4.2.1 Security Release addresses yet another XSS vulnerability

Yesterday, WordPress announced another security release, urging all users to update all WordPress installations immediately. WordPress Security Release 4.2.1 fixes yet another Stored Cross Site Scripting (XSS) vulnerability, which allows an unauthenticated user to inject JavaScript in WordPress comments. The injected script can be affect both WordPress users and WordPress administrators, and therefore this vulnerability is […]

Read More →