Vulnerability in ON24 Plugin for macOS Shares More Than Just Your Screen
ON24 presenter mode requires you to install a plugin that is used to share your screen. For the ...
Read MoreStay Informed
Sign up to receive the latest security news and trends straight to your inbox from Trustwave.
Huawei LTE USB Stick E3372: From File Overwrite to Code Execution
In today's world, more and more devices are connected to the Internet for on-the-go connectivity. ...
Read MoreFull System Control with New SolarWinds Orion-based and Serv-U FTP Vulnerabilities
Updates: This blog post was updated Feb. 9 to include Proof-of-Concept (PoC) code.
Read MoreInsecure Communication in WinZip 24 Could Lead to Malware
Overview During observation of WinZip 24 network communications, I've noticed that it sends update ...
Read MoreSAP ASE Information Leaks: CVE-2020-6295 and CVE-2020-6317
Introduction Today I'd like to discuss two information disclosure vulnerabilities that occur in SAP ...
Read MoreIBM Db2 Shared Memory Vulnerability (CVE-2020-4414)
I’ve recently blogged about a shared memory vulnerability in Cisco WebEx Meetings Client on Windows ...
Read MoreASUS Router Vulnerable to Fake Updates and XSS (CVE-2020-15498 & CVE-2020-15499)
Recently ASUS patched two issues I discovered in the RT-AC1900P router firmware update ...
Read MoreCisco WebEx Memory for the Taking: CVE-2020-3347
Overview Due to the global pandemic of COVID-19, there’s been an explosion of video conferencing ...
Read MoreSystem Takeover Through New SAP ASE Vulnerabilities
For the last several years there have been relatively few security patches for SAP Adaptive Server ...
Read MoreSanDisk SSD Dashboard Vulnerabilities: CVE-2019-13466 & CVE-2019-13467
While recently upgrading my laptop with a new Solid State Drive (SSD), I installed a management ...
Read MoreExploring and Modifying Android and Java Applications for Security Research
Sometimes pentesters and security researchers need to modify existing Java application but have no ...
Read MoreWD My Cloud EX2 Serves Your Files to Anyone
Western Digital's My Cloud is a popular storage/backup device that lets users backup and store ...
Read MoreMultiple Vulnerabilities in NETGEAR Routers
Last year I discovered multiple vulnerabilities in NETGEAR products. Now that these vulnerabilities ...
Read MoreMultiple Vulnerabilities in WD MyCloud
While performing security research on personal storage I found some vulnerabilities in the WD ...
Read MoreUsing Buildroot for Security Research of IoT and Other Embedded Systems
These days many vendors, like IoT vendors, use Linux running on top of ARM CPU for their embedded ...
Read MoreMultiple Vulnerabilities in Avast Antivirus
Last year I decided to do some security research on an antivirus product. Avast seemed a good ...
Read MoreTwo Privilege Escalation Vulnerabilities in McAfee Security Scan Plus
This post will discuss two separate Local Privilege Escalation vulnerabilities in the McAfee ...
Read MoreAbout SAP Adaptive Server Enterprise dbcc import_sproc SQL injection vulnerability (CVE-2016-7402)
This vulnerability was introduced in SAP Adaptive Server Enterprise 16.0 SP02 PL03: prior versions ...
Read MoreSAP ASE file creation vulnerability (CVE-2016-6196)
Recently SAP released a patch for an Adaptive Server Enterprise vulnerability that allows ...
Read MoreAbout Lenovo Solution Center 3.3.002 Vulnerabilities (CVE-2016-5249)
After patching set of issues reported by Trustwave SpiderLabs last month, Lenovo released another ...
Read MoreAbout SAP ASE DSAM SQL Injection (CVE-2016-4013)
SAP introduced a new feature in SP02 for Adaptive Server Enterprise 16.0 that provides support for ...
Read MorePrivilege Escalation Vulnerability In Lenovo Solution Center (CVE-2016-1876)
Trustwave has reported several issues in Lenovo software in the past. Last week Lenovo published an ...
Read MoreTWSL2016-005: Memory corruption in a third-party component: how to find what’s wrong
In continuation of this post: ...
Read MoreTWSL2016-003: Sophos Anti-Virus Mac OS X Version Update File Unlinking Vulnerability
While researching inter-process communication on Mac OS X, I found a small security issue with ...
Read MoreAbout CVE-2015-8518: SAP Adaptive Server Enterprise Extended Stored Procedure Unauthorized Invocation
SAP released an update for SAP ASE 16.0 and 15.7 that addresses a serious security flaw discovered ...
Read MoreOracle Database 11.2 SQLi in XML index statistics processing (CVE-2015-4900)
In the October 2015 'Critical Patch Update' Oracle fixed a flaw in XML index support code: namely ...
Read MoreAbout Lenovo System Update Vulnerabilities and CVE-2015-6971
Over the past seven months, a number of vulnerabilities in Lenovo System Update software have come ...
Read More