Showing 62 results for: Advisories ×

Bopup Communications Server Remote Buffer Overflow Vulnerability

Trustwave recently discovered a remotely exploitable issue in all current versions of "B Labs" Bopup Communications Server. The issues were discovered and confirmed to exist in version 4.5.1.12872 as detailed in the recently posted Trustwave advisory. Bopup Communications Server runs...

Turning Up The Heat on IoT: TRANE Comfortlink XL850

The Internet of Things (IoT) continues to explode in the consumer market as demand for network connected devices has spread to all kinds non-traditional network connected systems from toasters to toilets and from refrigerators to lamps. Unfortunately this rush to...

TWSL2016-006: Multiple XSS Vulnerabilities reported for Zen Cart

Today Trustwave released a vulnerability advisory in conjunction with Zen Cart. Researchers from the SpiderLabs Research team at Trustwave recently found multiple Cross-Site Scripting (XSS) vulnerabilities in the popular online open source shopping cart application. The vulnerabilities affect Zen Cart...

Tsar Team Microsoft Office Zero Day CVE-2015-2424

After the publication of Flash and IE zero days following the Hacking Team leak, researchers have discovered the use of another zero-day vulnerability by the Tsar Team sometimes referred to as the APT28 and Operation Pawn Storm. iSIGHT Partners discovered...

Microsoft Patch Tuesday July 2015

July's Patch Tuesday is here and brings with it a rather large 14 bulletins with 4 Critical and 10 Important rated patches. All combined this month's release patches 59 vulnerabilities 29 of which are in the old stalwart Internet Explorer....

About SAP security notice 2113333

SAP published security notice 2113333 "Multiple SQL injection vulnerabilities in SAP ASE" on January 12, 2015 that describes security fixes available for Adaptive Server Enterprise 15.0, 15.5, 15.7, and 16.0. The highest CVSS score is 8.5. These fixes resolve two...

CVE-2014-2120 – A Tale of Cisco ASA “Zero-Day”

A few months ago I was trying to PoC a known cross-site scripting vulnerability in the Cisco ASA WebVPN portal (CVE-2013-3414) for inclusion in the TrustKeeper Scan Engine. I tried a number of different techniques on multiple different ASA versions/branches...

SAP Sybase ASE 15.7 security updates

SAP Sybase Adaptive Server Enterprise is a relational database management product used to store financial, statistical, and virtually any other type of data. It is supported on many platforms including Solaris, Linux, and Windows. Recently SAP released security updates to...