July ‘18 Coverage of Detectify Executive summary This is an overview of the tests that Detectify will perfom during a security scan. 500+ 380+ 50+ fuzzed tests passive tests other tests Fuzzed tests ACME-Challenge Path Reflection XSS CVE-2017-11460: SAP NetWeaver SWF-Upload Open-Redirect DataArchivingService servlet Reflected XSS Apache Superset RCE Unix Arbitrary Command Execution CVE-2017-12615: Tomcat RCE Apache Tomcat Open Redirect User-Agent / XSS CVE-2017-12650: WordPress plugin-loganizer Apereo CAS XSS Windows HTTP-based NTLM Information Blind SQL Injection Exposure Atlassian Confluence ShareLinks SSRF CVE-2017-14619: phpMyFAQ XSS WordPress buddypress Authenticated Open Composr Plupload Flash XSS CVE-2017-15946: Joomla! com_tag SQL Injection Redirect CORS Bypass CVE-2017-17671: vBulletin routeString LFI/RCE WordPress cta XSS CVE-2006-3916: Apache Expect-Header XSS CVE-2017-8514: SharePoint XSS WordPress flashmediaelement Flash XSS CVE-2009-1975: WebLogic XSS CVE-2017-8917: Joomla! SQL Injection WordPress formidable Reflected XSS CVE-2009-2163: SiteCore XSS CVE-2017-9356: SiteCore Reflected XSS WordPress mediaelement Flash XSS CVE-2011-4106: TimThumb RCE CVE-2017-9506: Jira OAuth SSRF WWW Authenticate Bypass CVE-2012-3414: SWF-Upload Flash XSS CVE-2018-6389: WordPress Denial-of-Service Access Control Bypass CVE-2012-4000: CKEditor XSS File Upload using PUT-verb Adobe AEM DAM swfupload XSS CVE-2013-4939: Yahoo! YUI IO Flash XSS Host / XSS Adobe AEM External Entities Injection (XXE) via CVE-2014-100004: SiteCore Reflected XSS Apache JackRabbit Image Resize Denial-of-Service CVE-2014-4161: SAP NetWeaver SRM Reflected Adobe AEM Foundation player-flv-maxi XSS Jira SAML/SSO XSS XSS Adobe AEM Foundation slideshow XSS Joomla! joomanager Path Traversal CVE-2015-2065: WordPress wordpress-video- Adobe AEM Foundation strobemediaplayback gallery SQL Injection LUA Injection XSS CVE-2015-5608: Joomla! com_user Open Redirect Magento MLX extension RCE Adobe AEM Mobile User-Agent Test XSS CVE-2016-10134: Zabbix SQL Injection Microsoft Windows Arbitrary Command Adobe AEM S7SDK 2.11 XSS Execution CVE-2016-2386: SAP NetWeaver UDDI SQL Adobe AEM S7SDK 2.9 XSS Injection NGINX / WordPress HTTP Response Splitting Adobe AEM Server-Side Request Forgery (SSRF) CVE-2016-2387: SAP NetWeaver ProxyServer- NGINX Alias Path Traversal via OpenSocial Servlet Reflected XSS NGINX Path Traversal Adobe AEM swfupload XSS CVE-2016-2389: SAP xMII Path Traversal phpMyFAQ Authenticated XSS Amazon S3 Takeover CVE-2016-3976: SAP NetWeaver Directory Referer / XSS Traversal AmCharts Reflected XSS SAP NetWeaver CAFAdapterTest servlet Reflected CVE-2016-9263: XSF in FlashMediaElement AngularJS Template Injection XSS CVE-2017-10106: Oracle PeopleSoft TestServlet Apache .htaccess Exposure SAP NetWeaver ConfigServlet Arbitrary XSS Command Execution Apache AXIS Information Disclosure CVE-2017-10271: WebLogic RCE Spring Boot Actuator SSTI Apache HTTP Server /server-info Exposure Detectify AB, Långholmsgatan 34, 117 33 / Stockholm,Sweden. 1 Mail: [email protected] / Twitter: @detectify / Facebook: Detectify / Org number: 556985-9084 Apache HTTP Server /server-status Exposure CVE-2014-3704: Drupalgeddon Java Remote Code Execution Apache HTTP Server Icon Leakage CVE-2014-6271: Shellshock JBoss Unauthenticated Console Apache HTTP Server VHOST Disclosure CVE-2015-0235: GHOST check in WordPress Jira XSS via SAML SSO plugin pingback Apache Maven Disclosure Jobportals XSS CVE-2015-1397: Magento Shoplift SQL Injection Apache Struts actionErrors XSS Joomla! Backup Disclosure CVE-2015-1427: ElasticSearch RCE Apache Struts OGNL Command Injection Joomla! com_advertisementboard SQL Injection CVE-2015-2080: Jetleak Apache Struts setup in Debug-Mode Joomla! com_extrasearch SQL Injection CVE-2015-3429: WordPress Twenty Fifteen DOM Apache Tomcat Examples Cookie Disclosure Joomla! com_filecabinet SQL Injection XSS Apache Tomcat Examples Request Disclosure Joomla! com_frontpage SQL Injection CVE-2015-7297: Joomla! Unauthenticated SQL Apache Velocity XSS Injection Joomla! com_jcart SQL Injection APPSEC-1378: Magento Web API allows CVE-2015-7808: vBulletin 5.1.2 Unserialize Code Joomla! com_jdownloads SQL Injection anonymous access Execution Joomla! com_news SQL Injection ASP.NET in Debug Mode CVE-2015-8103: Jenkins Deserialization RCE Joomla! com_opencart SQL Injection Atom /.ftpconfig Information Disclosure CVE-2015-8562: Joomla! Unauthenticated RCE Joomla! com_phocadownload SQL Injection Bitrix Site Manager Log Disclosure CVE-2016-0957: Adobe AEM Felix Console Joomla! com_publication SQL Injection Blind Server Side JavaScript injection (SSJI) Exposure Joomla! com_simplemembership SQL Injection Blind SQL Injection in Microsoft SQL Server CVE-2016-10033: WordPress RCE Joomla! com_vikrentcar SQL Injection Blind SQL Injection in MySQL CVE-2016-4566: WordPress plupload.swf Flash Joomla! com_vikrentitems SQL Injection XSS Blind SQL Injection in PostgreSQL Joomla! com_webgrouper SQL Injection CVE-2016-5110: LiteSpeed HTTP Header Injection BookContent Flash XSS Joomla! Flash XSS in flashmediaelement.swf CVE-2016-6195: vBulletin SQL Injection Bower Disclosure Joomla! Security Check SQL Injection CVE-2016-8869 &amp: CVE-2016-8870: Joomla! CGIEmail: Path Traversal Privilege Escalation Joomla! vik SQL Injection CKEditor Samples API DOM XSS CVE-2017-5611: WordPress Content Injection Joomla! Xtec XSS CKEditor Samples Posted-Data XSS CVE-2017-5614: CGIEmail Open Redirect Jplayer XSS CKEditor Spellchecker XSS CVE-2017-5615: CGIEmail HTTP Response JWPlayer Reflected XSS CKEditor wiris Plugin XSS Splitting LDAP Injection CKFinder Disclosure CVE-2017-5616: CGIEmail XSS Local File Inclusion (LFI) Command Injection CVE-2017-5638: Apache Struts Content-Type RCE Local Username Disclosure in entropysearch.cgi Concerto XSS CVE-2017-7269: Microsoft IIS RCE Locomotive CMS XSS Core Dump Disclosure CVE-2017-8295: WordPress Unauthorized Magento Admin Panel XSS Password Reset cPanel Open Redirect Magento Admin Path Disclosure CVE-2017-9791: Apache Struts RCE CSRF Token Leakage via IFRAME Covert Channel Magento Admin Uploader XSS CVS Entries Exposure CSS based XSS &amp: UI-redressing Magento Backup Disclosure Django Tastypie XXE CVE-2001-1013: Apache HTTP Server Local Magento Configuration Disclosure Username Enumeration Dockerfile Disclosure Magento Customer Information Leak via RSS and CVE-2005-3299: phpMyAdmin LFI DOM based Open-Redirect Privilege Escalation CVE-2006-3918: Apache HTTP Server Expect DOM based XSS Magento Downloader / Connect Manager Header XSS DOM XSS in Grafana Disclosure CVE-2008-0252: CherryPy Path Traversal Dot PHPS Source Code Disclosure Magento Downloader XSS CVE-2009-1151: phpMyAdmin RCE Drupal Backup Disclosure Magento MAGMI Config XSS CVE-2010-2861: Adobe ColdFusion Path Traversal Drupal Database Disclosure Magento Stored XSS CVE-2011-2505: phpMyAdmin RCE Drupal error_log Disclosure Magento Unrestricted Cron Script CVE-2011-4107: phpMyAdmin XXE Eclipse build.properties Disclosure MediaWiki Backup Disclosure CVE-2012-0053: Apache HttpOnly Cookie Eclipse build.xml Disclosure Microsoft ASP.NET Remote Code Execution Disclosure EdgeCast CDN XSS Microsoft IIS Tilde File Enumeration CVE-2012-1823: Remote Code Execution Fontlist Flash XSS Microsoft IIS Tilde File Enumeration CVE-2012-1823: Remote Code Execution (Kingcope) Form Upload accept PHP Microsoft Windows Remote Command Execution CVE-2012-3414: SWFUpload Flash XSS Ganglia Open Redirect MongoDB Operator Injection CVE-2012-4000: FCKEditor XSS HelpJuice XSS Moodle Block-Accessability Open-Redirect CVE-2012-5159: phpMyAdmin server_sync Host-header XSS Moodle Flowplayer Flash XSS Backdoor HTML Injection Movable Type Backup Disclosure CVE-2013-0156: Ruby on Rails RCE HTTP OPTIONS Moxieplayer Open Redirect CVE-2013-0235: WordPress Pingback SSRF Index Backup Disclosure MyBB &lt:= 1.8.3 Remote Code Execution CVE-2013-0262: Rack File Disclosure Information Disclosure in unzip.php Nagios Authentication Bypass CVE-2013-1808: ZeroClipboard Flash XSS Internal IP Disclosure NextJS XSS Detectify AB, Långholmsgatan 34, 117 33 / Stockholm,Sweden. 2 Mail: [email protected] / Twitter: @detectify / Facebook: Detectify / Org number: 556985-9084 NTOPNG Reflected XSS URL based HTTP Response Splitting (HRS) WordPress instalinker XSS Open Redirect in awstats.pl URL based Open-Redirect WordPress jetpack Reflected XSS Open Redirect in TenderApp URL based SQL injection WordPress js-appointment SQL Injection OpenVPN Access Server CRLF Injection User-Agent-header XSS WordPress loco-translate Authenticated XSS OSVDB-83814: Magento XXE VBS based XSS WordPress mainwp XSS Parameter based HTTP Response Splitting (HRS) Web Cache Deception WordPress max-mega-menu Authenticated XSS Parameter based Open-Redirect WordPress ad-inserter LFI WordPress media-library-categories SQL Injection Parameter based SQL Injection WordPress adrotate SQL Injection WordPress multi-device-switcher Open Redirect Path based XSS WordPress adrotate XSS WordPress my-tickets Authenticated XSS Path Traversal WordPress all-in-one-schemaorg-rich-snippets XSS WordPress my-wp-translate Authenticated XSS Perl Remote Code Execution WordPress all-in-one-seo-pack XSS WordPress mydbr XSS Pharmacy Hack WordPress allow-php-in-posts-and-pages SQL WordPress myflash LFI Injection PHP based RCE with malicious URL rewrites WordPress myflash RFI WordPress appointments Object Injection PHP Null Session WordPress mygallery RFI WordPress apptha-slider-gallery LFI PHP Object Injection WordPress nelio-ab-testing Path