New Vulnerability Test Highlights
Some of the more interesting vulnerability tests we added recently are as follows:
jQuery
-
- jQuery anti-pattern for the text() and after() methods Cross-site Scripting Vulnerability ( CVE-2014-6071)
-
- jQuery Core rquickExpr variable with Cross-Site Scripting Vulnerability ( CVE-2012-6708)
-
- jQuery Cross-Domain Asynchronous JavaScript and Extensible Markup Language Request Cross-site Scripting Vulnerability ( CVE-2015-9251)
Nginx
-
- Nginx ngx_http_range_parse Integer Overflow Vunlerability ( CVE-2017-7529)
phpMyAdmin
-
- phpMyAdmin db_central_columns.php Cross-Site Scripting Vulnerability. PMASA-2018-1 ( CVE-2018-7260)
FreeBSD
Joomla
-
- Joomla Chromes Module Cross-Site Scripting Vulnerability [20180101] ( CVE-2018-6380)
-
- Joomla Coms_fields Cross-Site Scripting Vulnerabilities [20180102] ( CVE-2018-6377)
-
- Joomla Hathor Postinstall Message SQL Injection [20180104] ( CVE-2018-6376)
-
- Joomla URI Class Cross-Site Scripting Vulnerability [20180103] ( CVE-2018-6379)
NTP
PHP
-
- PHP phar_extract_file Code Execution Vulnerability ( CVE-2016-4473)
-
- PHP stream_get_meta_data Improper Input Validation Vulnerability ( CVE-2016-10712)
-
- PHP Zend OpCache Incorrect Code Permission Vulnerability ( CVE-2015-8994)
Samba
How to Update?
All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.