Tripwire Vert

Combat the Latest Threats

Tripwire's Vulnerability and Exposure Research Team (VERT) gives you the expert, in-depth support you need.

 

Committed

A dedicated team of security experts focused solely on research. Security is a moving object. We keep you equipped for change with our proactive solutions.

Accurate and Relevant

Get coverage for the vulnerabilities that matter to the enterprise. We provide threat defense intelligence for the devices and applications present in modern enterprise environments.

Responsive

For every Patch Tuesday and critical Microsoft Security Bulletin, we guarantee a 24 hour response time—a first in the industry.

Latest Alerts

SSL V3 – POODLE Attacks
 
VERT Alert

Nov 11, 2014 VERT Alert - November 11, 2014

Patch Priority Index

Sep 29, 2014 Patch Priority Index for September 2014

 
ShellShock Bash Bug research and info
Featured Resources

 Friends Don’t Let Friends Mix XSS And CSRF

Read Article

 Heal Heartbleed

The most extensive Heartbleed coverage in the industry Read Coverage


Original Research

Product CVE Version Tested Description
Microsoft RDP
  CVE-2014-0296 Windows 8.1 MAC Signature Validation Issue
Linksys WRT110
  CVE-2013-3568 1.0.07 Basic CSRF
  CVE-2013-3568 1.0.07 Root command injection via CSRF
VT2442 Router / ATA (Vonage/Motorola)
  CVE-2013-3545 ??? Basic CSRF
  CVE-2013-3546 ??? IP-based authentication
Arcor EasyBox A 300 WLAN
  CVE-2013-3682 1.00.624 Basic CSRF
  CVE-2013-3683 1.00.624 IP-Based Authentication
  CVE-2013-3682 1.00.624 Persistent XSS via XSRF
Loftek Nexus 543 IP Camera
  CVE-2013-3311 21.35.2.43  Unauthenticated directory traversal discloses /proc/kcore (all passwords for UI, FTP, email servers disclosed in plaintext)
  CVE-2013-3312 21.35.2.43  GET Request CSRF (can reset all passwords and firewall settings)
  CVE-2013-3313 21.35.2.43  Passwords stored in plaintext
  CVE-2013-3314 21.35.2.43  Multiple unauthenticated information disclosures (reveal wifi password, firmware details, 'real ip', etc)
NETGEAR WNDR3700v2 
  CVE-2013-3291 1.0.0.36 Wireless password disclosure via unauthenticated GET /BRS_success.html
  CVE-2013-3292 1.0.0.36 Auth bypass via GET /BRS_03B_haveBackupFile_fileRestore.html 
  CVE-2013-3293 1.0.0.36 Root command injection via /ping6_traceroute6_hidden_info.htm (ex: ';utelnetd -p 24' binds a root shell to tcp/24)
NETGEAR ReadyNAS FrontView
  CVE-2013-2751 4.2.22 Remote command injection via unauthenticated GET results in complete system compromise (eval in /frontview/lib/np_handler.pl)
  CVE-2013-2752 4.2.22 Basic CSRF
MiniDLNA
  CVE-2013-2745 1.0.25 (SRC) SQL Injection via GET Request / CSRF
  CVE-2013-2738 1.0.25 (NETGEAR/SRC) SQL Injection via crafted SOAP requests
  CVE-2013-2739 1.0.25 (NETGEAR/SRC) Heap-based buffer overflow (exploitable via SQLi)
  CVE-2012-6294 RAIDiator 4.2.19 Arbitrary file-disclosure via unauthenticated GET requests
  CVE-2012-6295 RAIDiator 4.2.19 DoS via long GET request
  CVE-2012-6296 RAIDiator 4.2.19 Remote code execution via stack-buffer overflow via SQL injection (Zach Cutlip / BH12 reported for WNDR routers)
MiniUPNPd
  CVE-2013-2600 1.8 and earlier Information disclosure due to improper handling of snprintf return
CloudShark
  CVE-2013-6455 v1.6 (1065) Multiple Persistent XSS
  CVE-2013-6456 v1.6 (1065) XSRF (Ian)
phpScheduleIt
  CVE-2012-6457 v2.3.6 Basic CSRF -- password resets/etc
SilverStripe e-commerce Module
  CVE-2012-6458 0.9, 1.0, 3.x Multiple persistent XSS while handling user data
FireFly Media Server (mt-daapd) 
  CVE-2012-6292 1.0.3 (RAIDiator 4.2.22) / svn-1676 Persistent XSS in 'Smart Playlists'
  CVE-2012-6293 1.0.3 (RAIDiator 4.2.22) / svn-1676 DoS via unauthenticated GET or CSRF
DD-WRT
  CVE-2012-6297 v24-sp2 Root command-injection via XSRF
IBM WebSphere
  CVE-2013-0542 8.5.0.1 Basic XSS in administration console
  CVE-2013-0543 8.5.0.1 Persistent XSS (Directory Traversal according to IBM)