Showing 60 results for: Advisories ×

TWSL2016-006: Multiple XSS Vulnerabilities reported for Zen Cart

Today Trustwave released a vulnerability advisory in conjunction with Zen Cart. Researchers from the SpiderLabs Research team at Trustwave recently found multiple Cross-Site Scripting (XSS) vulnerabilities in the popular online open source shopping cart application. The vulnerabilities affect Zen Cart...

Tsar Team Microsoft Office Zero Day CVE-2015-2424

After the publication of Flash and IE zero days following the Hacking Team leak, researchers have discovered the use of another zero-day vulnerability by the Tsar Team sometimes referred to as the APT28 and Operation Pawn Storm. iSIGHT Partners discovered...

Microsoft Patch Tuesday July 2015

July's Patch Tuesday is here and brings with it a rather large 14 bulletins with 4 Critical and 10 Important rated patches. All combined this month's release patches 59 vulnerabilities 29 of which are in the old stalwart Internet Explorer....

About SAP security notice 2113333

SAP published security notice 2113333 "Multiple SQL injection vulnerabilities in SAP ASE" on January 12, 2015 that describes security fixes available for Adaptive Server Enterprise 15.0, 15.5, 15.7, and 16.0. The highest CVSS score is 8.5. These fixes resolve two...

CVE-2014-2120 – A Tale of Cisco ASA “Zero-Day”

A few months ago I was trying to PoC a known cross-site scripting vulnerability in the Cisco ASA WebVPN portal (CVE-2013-3414) for inclusion in the TrustKeeper Scan Engine. I tried a number of different techniques on multiple different ASA versions/branches...

SAP Sybase ASE 15.7 security updates

SAP Sybase Adaptive Server Enterprise is a relational database management product used to store financial, statistical, and virtually any other type of data. It is supported on many platforms including Solaris, Linux, and Windows. Recently SAP released security updates to...

DaumGame ActiveX 0day

One might think that vulnerabilities in ActiveX controls are a thing of the past, but we continue to find evidence that they have not. Just this year, dozens of vulnerabilities have been discovered. In some cases an ActiveX exploit is...

Vulnerability in RiskNet Acquirer (TWSL2013-031)

Last week we released an advisory for a vulnerability discovered in the RiskNet Acquirer application. This software is a fraud management solution developed to protect major financial institutions including banks and payment processors. RiskNet Acquirer is what we often refer...