TrustKeeper Scan Engine Update - October 29, 2013

Just in time for All Hallows' Eve, we're thrilled to announce the latest update to the TrustKeeper Scan Engine. This update includes 12 spooky new vulns in WordPress and phpMyAdmin.

This update also includes the second half of OS fingerprint enhancements that improve the overall top-level OS guess for a number of Linux-based operating systems as mentioned in our last TrustKeeper Scan Engine Update .

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

WordPress

phpMyAdmin

  • phpMyAdmin Cross-site Scripting Vulnerability in Create View Page (CVE-2013-3742)
  • phpMyAdmin Cross-site Scripting vulnerability via Export Relation Schema class (CVE-2013-5002)
  • phpMyAdmin Cross-site Scripting vulnerability via TextLinkTransformationPlugin link (CVE-2013-5001)
  • phpMyAdmin Global variables injection vulnerability via import.php (CVE-2013-4729)
  • phpMyAdmin SQL Injection Vulnerability via scale parameter (CVE-2013-5003)
  • phpMyAdmin Clickjacking Protection Bypass Vulnerability (CVE-2013-5029)
  • phpMyAdmin Cross-site Scripting Vulnerability in SQL Row Display (CVE-2013-4995)
  • phpMyAdmin Local Path Disclosure Vulnerabilities in Libraries (CVE-2013-4998, CVE-2013-4999, CVE-2013-5000)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.

Trustwave reserves the right to review all comments in the discussion below. Please note that for security and other reasons, we may not approve comments containing links.