CVE-2020-35774: twitter-server XSS Vulnerability Discovered

According to its official documentation, “twitter-server” is a Twitter OSS project used to provide a template from which servers at Twitter are built. It provides common application components such as an administrative HTTP server, tracing, stats, and … Continue reading CVE-2020-35774: twitter-server XSS Vulnerability Discovered

Drupal Core: Behind the Vulnerability

As you may recall, back in June, Checkmarx disclosed multiple cross-site scripting (XSS) vulnerabilities impacting Drupal Core, listed as CVE-2020-13663, followed by a more technical breakdown of the findings in late November. Today, we’re releasing de… Continue reading Drupal Core: Behind the Vulnerability

Drupal Core: Behind the Vulnerability

Earlier this year, the Checkmarx Security Research Team conducted an investigation of the new version of Drupal Core (Drupal 9) – a content management system (CMS) written in PHP – uncovering several interesting issues whose technical details are worth… Continue reading Drupal Core: Behind the Vulnerability

Privilege Escalation on Meetup.com Enabled Redirection of Payments

The Checkmarx Security Research Team recently audited the security of several high-profile websites, including Meetup.com. For those who are not familiar with Meetup.com, it allows users to create an event where people with similar interests gather. Ev… Continue reading Privilege Escalation on Meetup.com Enabled Redirection of Payments

Checkmarx Research: SoundCloud API Security Advisory

Recently, the Checkmarx Security Research team investigated the online music platform SoundCloud. According to their website, “As the world’s largest music and audio platform, SoundCloud lets people discover and enjoy the greatest selection… Continue reading Checkmarx Research: SoundCloud API Security Advisory

Checkmarx Research: Solidity and Smart Contracts from a Security Standpoint

This research was provided by Paulo Silva and Guillaume Lopes, who are members of the Checkmarx Security Research Team. Quoting the official documentation, Solidity “is a contract-oriented, high-level language for implementing smart contracts.&#8… Continue reading Checkmarx Research: Solidity and Smart Contracts from a Security Standpoint

2019 – Checkmarx Research Roundup

Discovering vulnerabilities like the ones mentioned below is why the Checkmarx Security Research team performs investigations. This type of research activity is part of their ongoing efforts to drive the necessary changes in software security practices… Continue reading 2019 – Checkmarx Research Roundup

How Attackers Could Hijack Your Android Camera to Spy on You

This blog was co-authored by Pedro Umbelino, Senior Security Researcher, Checkmarx. Introduction In today’s digitally-connected society, smartphones have become an extension of us. Advanced camera and video capabilities in particular are playing … Continue reading How Attackers Could Hijack Your Android Camera to Spy on You