September 4, 2015

Drupal 8.0.0-beta14 Vendor Script Vulnerable to XSS

Overview Recently, I was playing around with the Drupal CMS application code. Drupal is an open source CMS application widely used for the purpose of blog […]
September 1, 2015

Malware Detection : Adding glastopf juice to maldet engine

At SecureLayer7, we continuously try to keep our customers updated with the latest threats which could affect their infrastructure and help them secure their perimeter. More […]
July 15, 2015

CVE-2015-2652 – Unauthenticated File Upload in Oracle E-business Suite.

During my regular penetration testing job, I unravelled an interesting vulnerability of Unauthenticated File Upload in Oracle E-business Suite 0-day vulnerability. This particular Upload Bug can be […]
March 27, 2015
WordPress Plugin – Revslider update captions CSS file critical vulnerability
Today was another day at work for SecureLayer7 to recover our client’s defaced website. And bang!! I think I hit upon a nasty vulnerability of a […]
March 13, 2015

Reason Why Companies should Outsource Vulnerability & Penetration Testing Services

If you are looking to manage everything that relates to web security of your company on your own, then this blog is not for you. On […]
March 9, 2015

Malware Cleanup: Analysis of an Undetectable web-shell code uploaded via RevSlider Vulnerability

I started my day with my regular Malware Cleanup activity when I came across an interesting backdoor web shell file on the server.  The server is not specific […]
March 7, 2015

Google OAuth Target URL and Domain Description Vulnerable to UI redress attack

Over last 3 years, I’ve participated in the Google Reward Program and found some relatively serious vulnerability. Google OAuth Target URL, Upload X.509 Cert and Domain […]
January 31, 2015

SecureLayer7 Launches Information Security Testing Services

We are excited to announce the launch of SecureLaye7 Information Security Testing Services. Securelayer7 bring it all together SecureLayer7 provide bunch of comprehensive security services including […]
January 29, 2015

CVE-2015-0235 – How to secure against Glibc Ghost Vulnerability

CVE-2015-0235 Ghost (glibc gethostbyname buffer overflow) Vulnerability is serious cause for all Linux servers. In effect, this vulnerability is leveraged to execute remote end code execution […]
Enable Notifications    Ok No thanks