Trustwave-SpiderLabs Security Advisories

TWSL2013-002.txt - Multiple XSS Vulnerabilities in The Bug Genie

Tue, 14 May 2013 13:00:00 UT

CHICAGO (May 14, 2013) - Multiple XSS Vulnerabilities in The Bug Genie.

TWSL2013-004.txt - Group Name Enumeration Vulnerability in Cisco IKE Implementation

Thu, 18 Apr 2013 13:00:00 UT

CHICAGO (April 18, 2013) - Group Name Enumeration Vulnerability in Cisco IKE Implementation.

TWSL2012-023.txt - Oracle Application Framework Diagnostic Mode Bypass Vulnerability

Tue, 15 Jan 2013 13:00:00 UT

CHICAGO (Jan 15, 2013) - Oracle Application Framework Diagnostic Mode Bypass Vulnerability.

TWSL2012-016.txt - Multiple Vulnerabilities in Bitweaver

Tue, 23 Oct 2012 13:00:00 UT

CHICAGO (Oct 23, 2012) - Multiple Vulnerabilities in Bitweaver.

TWSL2012-019 - Cross-Site Scripting Vulnerability in Support Incident Tracker

Wed, 29 Aug 2012 13:00:00 UT

CHICAGO (Aug 29, 2012) - Cross-Site Scripting Vulnerability in Support Incident Tracker.

TWSL2012-014 - Multiple Vulnerabilities in Scrutinizer NetFlow and sFlow Analyzer

Fri, 27 Jul 2012 17:00:00 UT

CHICAGO (July 27, 2012) - Multiple Vulnerabilities in Scrutinizer NetFlow and sFlow Analyzer.

TWSL2012-004 - Multiple Vulnerabilities in Zen Cart

Thu, 3 May 2012 15:50:00 UT

CHICAGO (May 3, 2012) - Multiple Vulnerabilities in Zen Cart. This advisory includes LFI vulnerabilities and XSS in the installation scripts.

TWSL2012-012 - Cross-Site Scripting Vulnerability in Support Incident Tracker

Fri, 20 Apr 2012 15:50:00 UT

CHICAGO (April 20, 2012) - Cross-Site Scripting Vulnerability in Support Incident Tracker.

TWSL2012-008 - Multiple Vulnerabilities in Scrutinizer NetFlow

Tue, 10 Apr 2012 15:50:00 UT

CHICAGO (April 10, 2012) - Multiple Vulnerabilities in Scrutinizer NetFlow.

TWSL2012-005 - Cross-Site Scripting Vulnerability in osCommerce Platform

Fri, 23 Mar 2012 15:50:00 UT

CHICAGO (March 23, 2012) - Cross-Site Scripting Vulnerability in osCommerce Platform.

TWSL2012-003 - Cross-Site Scripting Vulnerability in Movable Type Publishing Platform

Fri, 24 Feb 2012 18:50:00 UT

CHICAGO (February 24, 2012) - Cross-Site Scripting Vulnerability in Movable Type Publishing Platform.

TWSL2012-002 - Multiple Vulnerabilities in WordPress

Tue, 24 Jan 2012 18:50:00 UT

CHICAGO (January 24, 2012) - After the successful installation of WordPress, a malicious user can inject malicious PHP code via the WordPress Themes editor. In addition, with control of the database store, malicious Javascript can be injected into the content of WordPress yielding persistent Cross Site Scripting.

TWSL2012-001 - Cross-Site Scripting Vulnerability in Textpattern Content Management System

Tue, 3 Jan 2012 20:00:00 UT

CHICAGO (January 3, 2012) - After extracting the Textpattern source files on to a web server, but before the application is fully installed, cross-site scripting vulnerabilities are present in the '/textpattern/setup/index.php'.

TWSL2011-019 - Cross-Site Scripting Vulnerability in phpMyAdmin

Thu, 22 Dec 2011 18:00:00 UT

CHICAGO (December 22, 2011) - Cross-Site Scripting Vulnerability in phpMyAdmin. Affected versions of phpMyAdmin do not sanitize user-supplied server names before displaying them in its Setup Overview. This allows remote attackers to execute arbitrary web scripts or HTML via a crafted request.

TWSL2011-018 - Authentication Bypass Vulnerability in IBM TS3100/TS3200 Web User Interface

Tue, 20 Dec 2011 19:00:00 UT

CHICAGO (December 20, 2011) - Authentication Bypass Vulnerability in IBM TS3100/TS3200 Web User Interface

TWSL2011-017 - Multiple Vulnerabilities in Merethis Centreon

Fri, 4 Nov 2011 16:00:00 UT

CHICAGO (November 04, 2011) - Multiple Vulnerabilities in Merethis Centreon

TWSL2011-014 - Vulnerability in Pantech Web Browser SSL Implementation

Fri, 23 Sep 2011 16:00:00 UT

CHICAGO (September 23, 2011) - Vulnerability in Pantech Web Browser SSL Implementation.

TWSL2011-013 - Multiple Vulnerabilities in IceWarp Mail Server

Fri, 23 Sep 2011 16:00:00 UT

CHICAGO (September 23, 2011) - Multiple Vulnerabilities in IceWarp Mail Server

TWSL2011-008 - Focus Stealing Vulnerability in Android

Sun, 7 Aug 2011 03:00:00 UT

CHICAGO (August 6, 2011) - Android has vulnerabilities that allow a malicious developer to run a service that looks for apps it knows how to attack, and display a login screen to the user when those apps run. Android gives no indication that the login screen actually belongs to a different app.

TWSL2011-007 - iOS SSL Implementation Does Not Validate Certificate Chain

Mon, 25 Jul 2011 19:45:00 UT

CHICAGO (July 25, 2011) - iOS's SSL certificate parsing contains a flaw where it fails to check the basicConstraints parameter of certificates in the chain. By signing a new certificate using a legitimate end entity certificate, an attacker can obtain a "valid" certificate for any domain.

TWSL2011-006 - IBM Web Application Firewall Bypass

Tue, 21 Jun 2011 17:15:00 UT

CHICAGO (June 21, 2011) - The IBM Web Application Firewall can be evaded, allowing an attacker to exploit web vulnerabilities that the product intends to protect.

TWSL2011-005 - Directory Traversal in Trustwave WebDefend Enterprise

Fri, 17 Jun 2011 17:15:00 UT

CHICAGO (June 17, 2011) - In WebDefend, users with administrative access to the local system in which the client software is executed can modify 'download file' function calls in order to obtain arbitrary files from the management server. These files may contain sensitive data that are above the privilege level of the current user.

TWSL2011-004 - Cross-Site Scripting Vulnerability in ZyXEL ZyWALL 70 Firewall

Fri, 10 Jun 2011 17:15:00 UT

CHICAGO (June 10, 2011) - A cross-site scripting (XSS) vulnerability was discovered in the ZyWALL 70 firewall login process that can be used to inject malicious scripts into a browser, which appear to be genuine content from the original site.

TWSL2011-003 - Vulnerabilities discovered in Avocent Cyclades ACS Web Manager

Fri, 11 Mar 2011 17:15:00 UT

CHICAGO (March 11, 2011) - The session management and authentication framework on the application's web-based console contains a systemic flaw. Information is leaked concerning pages which should only be accessible subsequent to authentication within anonymously available content.

TWSL2011-001 - Vulnerabilities in Trustwave WebDefend Enterprise. Read the latest news about this Trustwave WebDefend vulnerability on the SpiderLabs Blog

Tue, 15 Feb 2011 22:15:00 UT

CHICAGO (February 15, 2011) - A static username and password is present in versions of WebDefend Enterprise prior to 5.0. Customers should upgrade to version 5.0 version 7.01.903-1.4 in order to remediate both vulnerabilities.

TWSL2011-002 - Vulnerabilities in Comcast DOCSIS 3.0 Business Gateways (SMCD3G-CCR)

Fri, 4 Feb 2011 22:15:00 UT

CHICAGO (February 4, 2011) - All SMCD3G-CCR gateways provided by Comcast have an administrative login of 'mso' with the password of 'D0nt4g3tme'. These passwords are not provided as a part of the installation of the device and are not recommended to be changed, thus the majority of users are unaware of the default configuration.

TWSL2010-008 - Clear iSpot/Clearspot CSRF Vulnerabilities

Fri, 10 Dec 2010 22:15:00 UT

CHICAGO (December 10, 2010) - Vulnerabilities will allow an attacker to enable remote access to the iSpot and ClearSpot 4G, and add their own account to the device. This level of access also provides a device's client-side SSL certificates, which are used to perform device authentication. This could lead to a compromise of ClearWire accounts as well as other personal information.

TWSL2010-007 - Passlogix v-GO Self-Service Password Reset Bypass via Invalid SSL Certificate

Fri, 10 Dec 2010 22:15:00 UT

CHICAGO (December 10, 2010) - Passlogix v-GO SSPR provides users with a fast, secure way to regain access to their computer by automating Windows password reset. Users can reset their password or unlock their Windows account directly from their locked out workstation, so that they can get to their applications within seconds - without having to pick up the telephone or go to another workstation.

TWSL2010-006 - Multiple Vulnerabilities in Camtron CMNC-200 IP Camera

Fri, 12 Nov 2010 22:15:00 UT

CHICAGO (November 12, 2010) - The CMNC-200 IP Camera has a built-in web server that is enabled by default. The server is vulnerable to directory transversal attacks, allowing access to any file on the camera file system.

TWSL2010-005 - FreePBX recordings interface allows remote code execution

Thu, 23 Sep 2010 22:15:00 UT

CHICAGO (September 23, 2010) - The configuration interface for FreePBX is prone to a remote arbitrary code execution on the system recordings menu. FreePBX doesn't handle file uploads in a secure manner, allowing an attacker to manipulate the file extension and the beginning of the uploaded file name.

TWSL2010-003 - Unauthorized access to root NFS export on EMC Celerra Network Attached Storage(NAS) appliance

Thu, 29 Jul 2010 22:15:00 UT

CHICAGO (July 29, 2010) - The Celerra appliance's NFS server freely exports its "/" file system and enforces access using a factory-defined list of authorized IP addresses. The addresses found on a recent model are listed in the showmount example below,however this list may differ depending on product version. The IP addresses are intended for communication internal to the appliance, but are still accepted from external sources. An attacker can mount this file system by spoofing an authorized IP address.

TWSL2010-002 - Web Service Hijacking in VMWare WebAccess

Tue, 30 Mar 2010 22:00:00 UT

CHICAGO (March 30, 2010) - The Struts-based web application uses the server-side session attribute "context_vmdirect" to store various settings, including the URL to the XML web service backend. By default, the URL is http://localhost/sdk, but the web service URL can be manually set from a client browser in several locations. One location is /ui/vmDirect.do, by passing a base64-encoded value to in the "view" parameter.

TWSL2010-001 - View state tampering vulnerabilities in products from Microsoft, Apache, and Sun Microsystems

Wed, 3 Feb 2010 22:00:00 UT

CHICAGO (February 3, 2010) - SpiderLabs has documented view state tampering vulnerabilities in three products from separate vendors. View states are used by some web application frameworks to store the state of HTML GUI controls. View states are typically stored in hidden client-side input fields,although server-side storage is widely supported.

TWSL2009-002 - Cisco's Adaptive Security Appliance (ASA) Web VPN Multiple Vulnerabilities

Wed, 24 Jun 2009 22:00:00 UT

CHICAGO (June 24, 2009) - Cisco's Adaptive Security Appliance (ASA) provides a number of security related features, including "Web VPN" functionality that allows authenticated users to access a variety of content through a web interface. This includes other web content, FTP servers, and CIFS file servers.

TWSL2009-001 - Profense Web Application Firewall and Load Balancer multiple vulnerabilities

Tue, 19 May 2009 22:00:00 UT

CHICAGO (May 19, 2009) - Profense is a web application firewall and load balancer designed to help organizations become compliant. it features scalability and acceleration of complex SSL-enabled web applications. A Cross-Site Scripting (XSS) vulnerability can be reproduced by injecting a common XSS attack in a vulnerable application protected by Profense Web Application Firewall. Inserting extra characters in the JavaScript close tag will bypass the XSS protection mechanisms.