Just in time for All Hallows' Eve, we're thrilled to announce the latest update to the TrustKeeper Scan Engine. This update includes 12 spooky new vulns in WordPress and phpMyAdmin.
This update also includes the second half of OS fingerprint enhancements that improve the overall top-level OS guess for a number of Linux-based operating systems as mentioned in our last TrustKeeper Scan Engine Update .
New Vulnerability Test Highlights
Some of the more interesting vulnerability tests we added recently are as follows:
WordPress
- Wordpress XMLRPC Pingback SSRF (CVE-2013-0235)
- Cross-site Scripting Vulnerability in Wordpress (CVE-2013-2205)
- Multiple Cross-site Scripting Vulnerabilities in Wordpress (CVE-2013-2201)
- Multiple Cross-site Scripting Vulnerabilities in Wordpress (CVE-2013-0236)
phpMyAdmin
- phpMyAdmin Cross-site Scripting Vulnerability in Create View Page (CVE-2013-3742)
- phpMyAdmin Cross-site Scripting vulnerability via Export Relation Schema class (CVE-2013-5002)
- phpMyAdmin Cross-site Scripting vulnerability via TextLinkTransformationPlugin link (CVE-2013-5001)
- phpMyAdmin Global variables injection vulnerability via import.php (CVE-2013-4729)
- phpMyAdmin SQL Injection Vulnerability via scale parameter (CVE-2013-5003)
- phpMyAdmin Clickjacking Protection Bypass Vulnerability (CVE-2013-5029)
- phpMyAdmin Cross-site Scripting Vulnerability in SQL Row Display (CVE-2013-4995)
- phpMyAdmin Local Path Disclosure Vulnerabilities in Libraries (CVE-2013-4998, CVE-2013-4999, CVE-2013-5000)
How to Update?
All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.