This update also includes the second half of OS fingerprint enhancements that improve the overall top-level OS guess for a number of Linux-based operating systems as mentioned in our last TrustKeeper Scan Engine Update .
New Vulnerability Test Highlights
Some of the more interesting vulnerability tests we added recently are as follows:
- Wordpress XMLRPC Pingback SSRF (CVE-2013-0235)
- Cross-site Scripting Vulnerability in Wordpress (CVE-2013-2205)
- Multiple Cross-site Scripting Vulnerabilities in Wordpress (CVE-2013-2201)
- Multiple Cross-site Scripting Vulnerabilities in Wordpress (CVE-2013-0236)
- phpMyAdmin Cross-site Scripting Vulnerability in Create View Page (CVE-2013-3742)
- phpMyAdmin Cross-site Scripting vulnerability via Export Relation Schema class (CVE-2013-5002)
- phpMyAdmin Cross-site Scripting vulnerability via TextLinkTransformationPlugin link (CVE-2013-5001)
- phpMyAdmin Global variables injection vulnerability via import.php (CVE-2013-4729)
- phpMyAdmin SQL Injection Vulnerability via scale parameter (CVE-2013-5003)
- phpMyAdmin Clickjacking Protection Bypass Vulnerability (CVE-2013-5029)
- phpMyAdmin Cross-site Scripting Vulnerability in SQL Row Display (CVE-2013-4995)
- phpMyAdmin Local Path Disclosure Vulnerabilities in Libraries (CVE-2013-4998, CVE-2013-4999, CVE-2013-5000)
How to Update?
All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.