CrypKey License Service Allows Privilege Escalation

November 04, 2021 | Martin Rakhmanov

Hunter
Read More

Stay Informed

Sign up to receive the latest security news and trends straight to your inbox from Trustwave, A LevelBlue Company.

Vulnerability in ON24 Plugin for macOS Shares More Than Just Your Screen

July 21, 2021 | Martin Rakhmanov

ON24 presenter mode requires you to install a plugin that is used to share your ...

Read More

Huawei LTE USB Stick E3372: From File Overwrite to Code Execution

June 02, 2021 | Martin Rakhmanov

In today's world, more and more devices are connected to the Internet for ...

Read More

Full System Control with New SolarWinds Orion-based and Serv-U FTP Vulnerabilities

February 04, 2021 | Martin Rakhmanov

Updates: This blog post was updated Feb. 9 to include Proof-of-Concept (PoC) ...

Read More

Insecure Communication in WinZip 24 Could Lead to Malware

December 10, 2020 | Martin Rakhmanov

Overview During observation of WinZip 24 network communications, I've noticed ...

Read More

SAP ASE Information Leaks: CVE-2020-6295 and CVE-2020-6317

September 24, 2020 | Martin Rakhmanov

Introduction Today I'd like to discuss two information disclosure ...

Read More

IBM Db2 Shared Memory Vulnerability (CVE-2020-4414)

August 20, 2020 | Martin Rakhmanov

I’ve recently blogged about a shared memory vulnerability in Cisco WebEx ...

Read More

ASUS Router Vulnerable to Fake Updates and XSS (CVE-2020-15498 & CVE-2020-15499)

July 23, 2020 | Martin Rakhmanov

Recently ASUS patched two issues I discovered in the RT-AC1900P router firmware ...

Read More

Cisco WebEx Memory for the Taking: CVE-2020-3347

June 18, 2020 | Martin Rakhmanov

Overview Due to the global pandemic of COVID-19, there’s been an explosion of ...

Read More

System Takeover Through New SAP ASE Vulnerabilities

June 03, 2020 | Martin Rakhmanov

For the last several years there have been relatively few security patches for ...

Read More

SanDisk SSD Dashboard Vulnerabilities: CVE-2019-13466 & CVE-2019-13467

July 31, 2019 | Martin Rakhmanov

While recently upgrading my laptop with a new Solid State Drive (SSD), I ...

Read More

Exploring and Modifying Android and Java Applications for Security Research

November 27, 2018 | Martin Rakhmanov

Sometimes pentesters and security researchers need to modify existing Java ...

Read More

WD My Cloud EX2 Serves Your Files to Anyone

October 22, 2018 | Martin Rakhmanov

Western Digital's My Cloud is a popular storage/backup device that lets users ...

Read More

Multiple Vulnerabilities in NETGEAR Routers

February 07, 2018 | Martin Rakhmanov

Last year I discovered multiple vulnerabilities in NETGEAR products. Now that ...

Read More

Multiple Vulnerabilities in WD MyCloud

February 01, 2018 | Martin Rakhmanov

While performing security research on personal storage I found some ...

Read More

Using Buildroot for Security Research of IoT and Other Embedded Systems

November 22, 2017 | Martin Rakhmanov

These days many vendors, like IoT vendors, use Linux running on top of ARM CPU ...

Read More

Multiple Vulnerabilities in Avast Antivirus

April 25, 2017 | Martin Rakhmanov

Last year I decided to do some security research on an antivirus product. Avast ...

Read More

Two Privilege Escalation Vulnerabilities in McAfee Security Scan Plus

January 23, 2017 | Martin Rakhmanov

This post will discuss two separate Local Privilege Escalation vulnerabilities ...

Read More

About SAP Adaptive Server Enterprise dbcc import_sproc SQL injection vulnerability (CVE-2016-7402)

October 20, 2016 | Martin Rakhmanov

This vulnerability was introduced in SAP Adaptive Server Enterprise 16.0 SP02 ...

Read More

SAP ASE file creation vulnerability (CVE-2016-6196)

August 02, 2016 | Martin Rakhmanov

Recently SAP released a patch for an Adaptive Server Enterprise vulnerability ...

Read More

About Lenovo Solution Center 3.3.002 Vulnerabilities (CVE-2016-5249)

June 23, 2016 | Martin Rakhmanov

After patching set of issues reported by Trustwave SpiderLabs last month, ...

Read More

About SAP ASE DSAM SQL Injection (CVE-2016-4013)

May 11, 2016 | Martin Rakhmanov

SAP introduced a new feature in SP02 for Adaptive Server Enterprise 16.0 that ...

Read More

Privilege Escalation Vulnerability In Lenovo Solution Center (CVE-2016-1876)

May 10, 2016 | Martin Rakhmanov

Trustwave has reported several issues in Lenovo software in the past. Last week ...

Read More

TWSL2016-005: Memory corruption in a third-party component: how to find what’s wrong

March 10, 2016 | Martin Rakhmanov

In continuation of this post: ...

Read More

TWSL2016-003: Sophos Anti-Virus Mac OS X Version Update File Unlinking Vulnerability

March 10, 2016 | Martin Rakhmanov

While researching inter-process communication on Mac OS X, I found a small ...

Read More

About CVE-2015-8518: SAP Adaptive Server Enterprise Extended Stored Procedure Unauthorized Invocation

January 07, 2016 | Martin Rakhmanov

SAP released an update for SAP ASE 16.0 and 15.7 that addresses a serious ...

Read More

Oracle Database 11.2 SQLi in XML index statistics processing (CVE-2015-4900)

November 06, 2015 | Martin Rakhmanov

In the October 2015 'Critical Patch Update' Oracle fixed a flaw in XML index ...

Read More

About Lenovo System Update Vulnerabilities and CVE-2015-6971

October 26, 2015 | Martin Rakhmanov

Over the past seven months, a number of vulnerabilities in Lenovo System Update ...

Read More