BigTree is a small content management system which does not depend on many frameworks and advertises itself as user friendly and developer ready. In this blog post, we will take a look at a few vulnerabilities we have detected in the codebase of BigTree.

TYPO3, one of the most widely used enterprise-level CMS with over 9 million downloads and over 15 years of experience in the content management market, announced today its partnership with RIPS, the technology leader for static application security testing of web applications.

In this technical blog post we will examine how a drive by exploit in the Pimcore release 6.2.0 allows an attacker to execute OS commands by tricking an authenticated administrator into exploiting a command injection vulnerability.

WooCommerce is the most popular e-commerce plugin for WordPress with over 5 million installations. A flaw in the way WooCommerce handles imports of products results in a stored cross-site scripting vulnerability (XSS) that can be exploited through cross-site request forgery (CSRF).

Bitbucket is one of the worlds leading version control software allowing millions of developers to manage Git repositories and collaborate on source code. Bitbucket is developed by the Australian software company Atlassian which is also kown for Confluence and Jira. In this blog post we will analyse how a common but often overseen security issue found by RIPS Code Analysis leads to a critical vulnerability in Bitbucket (CVE-2019-3397). The issue is caused by the insecure extraction of a compressed TAR archive.