Showing 82 results for: Advisories ×

SAP Sybase ASE 15.7 security updates

SAP Sybase Adaptive Server Enterprise is a relational database management product used to store financial, statistical, and virtually any other type of data. It is supported on many platforms including Solaris, Linux, and Windows. Recently SAP released security updates to...

DaumGame ActiveX 0day

One might think that vulnerabilities in ActiveX controls are a thing of the past, but we continue to find evidence that they have not. Just this year, dozens of vulnerabilities have been discovered. In some cases an ActiveX exploit is...

Vulnerability in RiskNet Acquirer (TWSL2013-031)

Last week we released an advisory for a vulnerability discovered in the RiskNet Acquirer application. This software is a fraud management solution developed to protect major financial institutions including banks and payment processors. RiskNet Acquirer is what we often refer...

Vino VNC Server Remote Persistent DoS Vulnerability

Last week, I was making some performance enhancements to the VNC protocol implementations in the TrustKeeper Scanning Engine. Unfortunately, in my mission to "Go Fast!", I managed to trigger a Denial of Service (DoS) vulnerability in Vino. Vino is the...

Fun with 'Active Defense'

Active Defense is steadily becoming a popular trend in the security field, both in a theoretical and practical approach. From its humble beginnings it has made its way to a fully functional software implementations that aim at making your attacker's...

XSS, SQLi in OpenEMR 4.1.1

A few tests ago, I came across an OpenEMR install with a weak password for a 'Guest' level account. Using the guest access, mixed with some application issues I found along the way, I was able to eventually compromise the...

TWSL2013-006: Cross-Site Scripting Vulnerability in Coldbox

Trustwave SpiderLabs has published a new advisory yesterday for a reflective cross-site scripting vulnerability discovered in Coldbox, which is developed by Ortus Solutions. Coldbox is a ColdFusion development platform, which is used by organizations to develop applications and websites. In...

TWSL2013-002: Multiple XSS Vulnerabilities in The Bug Genie

Trustwave SpiderLabs has published a new security advisory for multiple Cross-Site Scripting (XSS) vulnerabilities in The Bug Genie, an open source issue tracking and project management PHP application. The findings include both reflective and persistent XSS vulnerabilities in input parameters...

Cracking IKE Mission:Improbable (Part 2)

A couple of weeks ago I posted Part 1 of Cracking IKE, detailing some useful techniques when cracking Aggressive Mode PSK hashes. In that post we saw that a hash is not always 'crackable' and additional steps are required in...

TWSL2012-016: Multiple Vulnerabilities in Bitweaver

The Trustwave SpiderLabs team has published a new advisory for multiple vulnerabilities in Bitweaver. Bitweaver is a Content Management System (CMS) developed in PHP that can be used with a Firebird DB back-end. David Aaron and Jonathan Claudius from the...

TWSL2012-004: Multiple Vulnerabilities in Zen Cart

The SpiderLabs team at Trustwave published a new advisory yesterday, which details multiple vulnerabilities identified in Zen Cart (version 1.5.0). These findings include two Local File Inclusion (LFI) vulnerabilities and a Cross-Site Scripting (XSS) in the installation scripts. All of...

WordPress 3.3.2 Addresses Setup XSS Vulnerabilities

Back in January we released a security advisory for WordPress, which included four vulnerabilities in the installation scripts. After discussing these issues with the WordPress team, it was decided that the vulnerabilities were not going to be fixed immediately in...