Showing 16 results for: 2011 ×Advisories ×

TWSL2011-019: Cross-Site Scripting Vulnerability in phpMyAdmin

The Spiderlabs team at Trustwave published a new advisory for a Cross-Side-Scripting (XSS) found in phpMyAdmin 3.4.8 and previous versions. phpMyAdmin is an open source tool developed in PHP to manage and administer MySQL databases remotely. The vulnerability was discovered...

Microsoft Patch Tuesday, December 2011

This Patch Tuesday, there are 3 new Critical and 10 new Important Bulletins. With this many high-urgency bulletins, it's tough to get a handle on which ones to tackle first. Of course, "all of them" is the standard answer, but...

TWSL2011-013: Multiple Vulnerabilities in IceWarp Mail Server

The Spiderlabs team at Trustwave published a new advisory today which detail issues discovered in the IceWarp Mail Server. IceWarp Mail Server solution supports SMTP, POP & IMAP standards and integrates anti-virus and anti-spam protection for email users. Administrators can...

What Do Bug Bounties Cover?

Over the past few days in the UK we have been bombarded with arguments and debates over the use of Facebook and other social networking sites due to the riots that we witnessed all over the country. However, in the...

TWSL2011-008: Focus Stealing Vulnerability in Android

The SpiderLabs team at Trustwave published a new advisory today, which details an issue identified in Android. Android is an open-source software stack for mobile devices which includes an operating system, key applications, and middleware. The vulnerability was discovered by...

A whole lot of Spiders at DEF CON 19

Next week members of Trustwave's SpiderLabs team will be headed to Las Vegas to attend DEF CON 19. Members of the team from every corner of the planet will be attendance. We are fortunate this year to have 15 members...

TWSL2011-006: IBM Web Application Firewall Bypass

The SpiderLabs team at Trustwave published a new advisory today, which details an issue identified in the IBM Web Application Firewall (WAF). The IBM Web Application Firewall capabilities, inside IBM IPS products, complement IBM Security's portfolio of web application security...

National Cyber Safety Awareness Day is May 17th

We're taking a short break from our normal technical posts to write about "National Cyber Safety Awareness Day". This day is more about the prevention of "cyber bullying", but people have been asking questions about general online safety/security as well....

Reaching Trustwave's WebDefend Minus World

So my inbox lit up today with a Full Disclosure note about a vulnerability in Trustwave's WebDefend. The thing is, while it's an interesting way to get a shell on the box, it's really not "Privilege Escalation" as the poster...