Loading...

Security Advisories

Spending each day immersed in penetration tests and research into the latest threats, our SpiderLabs® experts occasionally discover new vulnerabilities as a part of their work. When that happens, we follow our established disclosure policy which results in published advisories such as these.

Learn more about our disclosure policy chevron_right

Latest Advisory


  • Threat Advisory Icon

    TWSL2023-004

    Improper input validation in shadow-utils package utility chfn

    Apr 12, 2023 - chfn (change finger) - change a user's finger information (stored in the /etc/passwd file).

    Read | Download

Advisory Archive


Advisory Title Date
TWSL2023-003 Information Disclosure Vulnerabilities in MoneyLover Feb 07, 2023 Read | Download
TWSL2023-002 Input validation Vulnerability in CRUSHFTP Feb 02, 2023 Read | Download
TWSL2023-001 Capture-Replay Vulnerability in Sinilink Wifi Remote Thermostat Jan 20, 2023 Read | Download
TWSL2022-003 Vulnerabilities in Canon Medical Vitrea View Sep 29, 2022 Read | Download
TWSL2022-002 Multiple Vulnerabilities in Oracle Communications Session Border Controller (SBC) Aug 23, 2022 Read | Download
TWSL2022-001 Authentication Bypass by Capture-replay in DingTian 2 Channel Relay Board/Relay Card Jul 12, 2022 Read | Download
TWSL2021-019 Privilege Escalation in CrypKey License Software Licensing System Nov 04, 2021 Read | Download
TWSL2021-018 Authenticated Stored XSS in WordPress Plugin Age Gate Oct 06, 2021 Read | Download
TWSL2021-017 Multiple Authenticated Stored XSS in WordPress Plugin Inline Related Posts Oct 06, 2021 Read | Download
TWSL2021-016 Stored XSS in WordPress Plugin Timetable and Event Schedule by MotoPress Aug 31, 2021 Read | Download
TWSL2021-015 CSRF Vulnerability in WordPress Plugin Comment Link Remove and Other Comment Tools Aug 20, 2021 Read | Download
TWSL2021-014 Authenticated SQL Injection in WordPress Plugin WP Simple Booking Calendar Aug 06, 2021 Read | Download
TWSL2021-013 Authenticated SQL Injection in WordPress Plugin Stop Bad Bots Aug 06, 2021 Read | Download
TWSL2021-012 Vulnerabilities in WordPress Plugin Membership & Content Restriction - Paid Member Subscriptions Aug 06, 2021 Read | Download
TWSL2021-011 Privacy Issues in Telegram Self-Destruct Feature on macOS Aug 05, 2021 Read | Download
TWSL2021-010 Remote File Access Vulnerability in ON24 ScreenShare Plugin for macOS Jul 21, 2021 Read | Download
TWSL2021-009 Persistent Cross-Site Scripting in SolarWinds Serv-U FTP Server Jul 06, 2021 Read | Download
TWSL2021-008 Code Execution Vulnerability in Huawei Mobile Broadband HL Service Jun 02, 2021 Read | Download
TWSL2021-007 Multiple Vulnerabilities in AURALL REC MONITOR Apr 22, 2021 Read | Download
TWSL2021-006 SQLi in WordPress Plugin Simple Membership Apr 05, 2021 Read | Download
TWSL2021-005 Privilege Escalation Vulnerability in Umbraco Apr 01, 2021 Read | Download
TWSL2021-004 Stored Authenticated XSS in WordPress Plugin Virtual Robots.txt Mar 31, 2021 Read | Download
TWSL2021-003 Incorrect SSLv2 rollback protection Vulnerability in OpenSSL Feb 18, 2021 Read | Download
TWSL2021-002 Weak ACLs Vulnerability in SolarWinds Serv-U FTP Server 15.2.1 on Windows Feb 03, 2021 Read | Download
TWSL2021-001 Multiple Vulnerabilities in SolarWinds Orion Feb 03, 2021 Read | Download
TWSL2020-011 Multiple Vulnerabilities in D-Link DSL-2888A Dec 17, 2020 Read | Download
TWSL2020-010 Multiple Vulnerabilities in Magic Home Pro Mobile Application Dec 15, 2020 Read | Download
TWSL2020-009 Multiple Cleartext Protocol Vulnerabilities in WinZip Dec 10, 2020 Read | Download
TWSL2020-008 Lack of Access Control in GO SMS Pro Nov 19, 2020 Read | Download
TWSL2020-007 Multiple Vulnerabilities in Modicon M221 controllers and EcoStruxure Machine Expert - Basic Programming Software Nov 12, 2020 Read | Download
TWSL2020-006 Multiple Vulnerabilities in SAP Adaptive Server Enterprise Sep 24, 2020 Read | Download
TWSL2020-005 Information Disclosure and Denial of Service Vulnerability in IBM Db2 Aug 20, 2020 Read | Download
TWSL2020-004 Multiple Vulnerabilities in ASUS RT-AC1900P router Jul 23, 2020 Read | Download
TWSL2020-003 Memory information leakage vulnerability in Cisco Webex Meetings Windows Client Jun 18, 2020 Read | Download
TWSL2020-002 Multiple Vulnerabilities in SAP Adaptive Server Enterprise Jun 02, 2020 Read | Download
TWSL2020-001 Multiple Vulnerabilities in Schneider Electric Products May 07, 2020 Read | Download
TWSL2019-010 Multiple Vulnerabilities in SatLink VSAT Modem Units (vmu) Nov 21, 2019 Read | Download
TWSL2019-009 Insufficiently Protected Credentials in Shelter Manager ASM 2 Series Oct 25, 2019 Read | Download
TWSL2019-008 Vulnerabilities in D-Link Products Sep 10, 2019 Read | Download
TWSL2019-007 Vulnerabilities in Comba Products Sep 10, 2019 Read | Download
TWSL2019-006 Multiple Vulnerabilities in SanDisk SSD Dashboard Jul 31, 2019 Read | Download
TWSL2019-005 Hardcoded credentials in Uniguest Kiosks Jul 11, 2019 Read | Download
TWSL2019-004 Expression Injection Vulnerability in Qlik Products Jun 04, 2019 Read | Download
TWSL2019-003 Multiple Vulnerabilities in Grandstream Products Mar 21, 2019 Read | Download
TWSL2019-002 Vulnerabilities in SolarWinds Database Performance Analyzer Mar 21, 2019 Read | Download
TWSL2019-001 OS Command Injection Vulnerabilities in LifeSize Products Feb 07, 2019 Read | Download
TWSL2018-012 Kernel Buffer Overflow in IBM Trusteer Rapport Dec 20, 2018 Read | Download
TWSL2018-011 Use after free vulnerability in QFX Software KeyScrambler Oct 02, 2018 Read | Download
TWSL2018-010 Credential Leak Flaws in Windows PureVPN Client Sep 27, 2018 Read | Download
TWSL2018-009 CVE-2018-16962: Webroot SecureAnywhere macOS Kernel Level Memory Corruption Sep 13, 2018 Read | Download
TWSL2018-008 CVE-2018-8006 - Cross-Site Scripting (XSS) Vulnerability in Apache ActiveMQ Aug 24, 2018 Read | Download
TWSL2018-007 CVE-2018-2892 - Kernel Level Privilege Escalation in Oracle Solaris Jul 24, 2018 Read | Download
TWSL2018-006 Unpatched Remote Code Execution in Reprise License Manager Jul 18, 2018 Read | Download
TWSL2018-005 Vulnerability in WD My Cloud personal cloud storage Oct 29, 2018 Read | Download
TWSL2018-004 Vulnerabilities in NETGEAR Nighthawk X4S router (R7800) Feb 07, 2018 Read | Download
TWSL2018-003 Vulnerabilities in NETGEAR R8500 router firmware Feb 07, 2018 Read | Download
TWSL2018-002 Vulnerabilities in NETGEAR R8500 router firmware Feb 07, 2018 Read | Download
TWSL2018-001 Multiple Vulnerabilities in WD My Cloud personal cloud storage Feb 01, 2018 Read | Download
TWSL2017-017 Remote Unauthenticated DoS in Debut embedded httpd server used by Brother printers. Nov 17, 2017 Read | Download
TWSL2017-016 Local kernel heap buffer overflow Vulnerability in ESET DESLock+ client application Aug 15, 2017 Read | Download
TWSL2017-015 Multiple Vulnerabilities in ManageEngine Applications Manager Aug 09, 2017 Read | Download
TWSL2017-014 Multiple Vulnerabilities in ManageEngine OpManager Jul 26, 2017 Read | Download
TWSL2017-013 Multiple Authentication Bypass Vulnerabilities in ManageEngine Applications Manager Jul 26, 2017 Read | Download
TWSL2017-012 Remote un-authenticated DoS in IPsec-Tools Racoon Jul 09, 2017 Read | Download
TWSL2017-011 Lockscreen Lockout Bypass in Elephone P9000 Android Smartphone Jun 28, 2017 Read | Download
TWSL2017-010 Multiple Vulnerabilities in Humax Routers Jun 28, 2017 Read | Download
TWSL2017-009 Multiple Vulnerabilities in Avast Antivirus Mar 31, 2017 Read | Download
TWSL2017-008 Unauthenticated Privilege Escalation Vulnerability in Serv-U FTP/MFT Server Mar 22, 2017 Read | Download
TWSL2017-007 Undocumented Backdoor Account in DBLTek GoIP Mar 02, 2017 Read | Download
TWSL2017-006 Multiple Vulnerabilities in Polystar Jupiter Feb 22, 2017 Read | Download
TWSL2017-005 Improper Input Validation Vulnerability in SAP Adaptive Server Enterprise Feb 13, 2017 Read | Download
TWSL2017-004 Unauthenticated Backdoor Access in Unanet Feb 08, 2017 Read | Download
TWSL2017-003 Multiple Vulnerabilities in NETGEAR Routers Jan 30, 2017 Read | Download
TWSL2017-002 Multiple Vulnerabilities in McAfee Security Scan Plus Jan 23, 2017 Read | Download
TWSL2017-001 Multiple Vulnerabilities in Digitech Systems PaperVision Enterprise Jan 11, 2017 Read | Download
TWSL2016-021 Plugin authentication by-pass Vulnerability in Microsoft Skype for Mac OS-X Dec 13, 2016 Read | Download
TWSL2016-020 Buffer Overflow Vulnerability in B Labs Bopup Communication Server Nov 03, 2016 Read | Download
TWSL2016-019 Multiple XSS Vulnerabilities in Zeuscart Sep 21, 2016 Read | Download
TWSL2016-018 Multiple Persistent XSS Vulnerabilities in D-Link DSL-2740E ADSL Router Sep 16, 2016 Read | Download
TWSL2016-017 SQL Injection Vulnerability in SAP Adaptive Server Enterprise Sep 16, 2016 Read | Download
TWSL2016-016 Multiple Vulnerabilities in Opsview Monitor Pro Sep 01, 2016 Read | Download
TWSL2016-015 Password Disclosure Vulnerability in Cisco Connected Streaming Analytics Aug 11, 2016 Read | Download
TWSL2016-014 Vulnerabilities in ComfortLink™ II XL850 Aug 11, 2016 Read | Download
TWSL2016-013 Unrestricted File Creation vulnerability in SAP Adaptive Server Enterprise Aug 02, 2016 Read | Download
TWSL2016-012 Multiple Vulnerabilities in Lenovo Solution Center Jun 23, 2016 Read | Download
TWSL2016-011 Multiple Vulnerabilities in Oracle GlassFish Server Open Source Edition 3.0.1 Jun 08, 2016 Read | Download
TWSL2016-010 Information Disclosure vulnerability in SAP ASE Installer May 26, 2016 Read | Download
TWSL2016-009 Privilege Escalation Vulnerability in Lenovo Solution Center May 11, 2016 Read | Download
TWSL2016-008 SQL injection vulnerability in SAP ASE May 09, 2016 Read | Download
TWSL2016-007 Multiple Vulnerabilities in Cacti Apr 20, 2016 Read | Download
TWSL2016-006 Multiple Vulnerabilities in Zen Cart Mar 25, 2016 Read | Download
TWSL2016-005 Vulnerabilities in DevArt dotConnect for Oracle Mar 10, 2016 Read | Download
TWSL2016-004 Multiple Vulnerabilities in Magnolia CMS Mar 09, 2016 Read | Download
TWSL2016-003 Unsafe unlinking of files in Sophos Antivirus Mar 09, 2016 Read | Download
TWSL2016-002 Multiple Vulnerabilities in iNovah Feb 18, 2016 Read | Download
TWSL2016-001 Multiple Vulnerabilities in Cisco Meraki Jan 13, 2016 Read | Download
TWSL2015-024 Multiple Vulnerabilities in Proxmox Mail Gateway Dec 30, 2015 Read | Download
TWSL2015-023 Missing authorization check in SAP Adaptive Server Enterprise Dec 09, 2015 Read | Download
TWSL2015-022 Cross-Site Scripting in VMware Virtual Center Appliance (vCSA) Web Application Console Nov 17, 2015 Read | Download
TWSL2015-021 Joomla SQL Injection Vulnerability Oct 22, 2015 Read | Download
TWSL2015-020 Unauthenticated Local File Inclusion Vulnerability in Oracle Open Commerce Platform 3.4 Oct 20, 2015 Read | Download
TWSL2015-019 Privilege escalation vulnerability in Oracle Database Oct 20, 2015 Read | Download
TWSL2015-018 Service Privilege Elevation in Lenovo System Update 5 Oct 15, 2015 Read | Download
TWSL2015-017 Reflected File Download in Red Hat Feedhenry Oct 09, 2015 Read | Download
TWSL2015-016 Path Traversal in Oracle GlassFish Server Open Source Edition Aug 27, 2015 Read | Download
TWSL2015-015 Multiple Vulnerabilities in SAP Adaptive Server Enterprise Jul 17, 2015 Read | Download
TWSL2015-014 Account Probing Vulnerability in Oracle Database Jul 15, 2015 Read | Download
TWSL2015-013 Buffer Overflow Vulnerability in Oracle MySQL Jul 15, 2015 Read | Download
TWSL2015-012 XSS in Oracle Java Server Faces Jul 15, 2015 Read | Download
TWSL2015-011 Vulnerability in the pam_unix module in Linux-PAM Jun 26, 2015 Read | Download
TWSL2015-010 Reflected Cross-site Scripting Vulnerabilities in codeBeamer Jun 09, 2015 Read | Download
TWSL2015-009 Request Hijacking Bypass Vulnerability In RubyGems Jun 08, 2015 Read | Download
TWSL2015-008 Multiple Vulnerabilities in SAP Adaptive Server Enterprise May 22, 2015 Read | Download
TWSL2015-007 Request Hijacking Vulnerability In RubyGems May 18, 2015 Read | Download
TWSL2015-006 Multiple Vulnerabilities in QlikView May 13, 2015 Read | Download
TWSL2015-005 Blind SQL injection in XpanceNET Apr 24, 2015 Read | Download
TWSL2015-004 "Probe" login access vulnerability in SAP ASE Apr 23, 2015 Read | Download
TWSL2015-003 Multiple Vulnerabilities in SAP Adaptive Server Enterprise Mar 19, 2015 Read | Download
TWSL2015-002 Cross-Site Scripting in Magnolia CMS Feb 12, 2015 Read | Download
TWSL2015-001 Multiple Vulnerabilities in IceWarp Mail Server Feb 12, 2015 Read | Download
TWSL2014-016 Reflected Cross-Site Scripting Vulnerability in VMware Virtual Center Appliance (vCSA) Web Application Console Dec 05, 2014 Read | Download
TWSL2014-015 Cross Site Scripting Vulnerability in Gizmox WebGui Oct 29, 2014 Read | Download
TWSL2014-014 Multiple Vulnerabilities in Gerber WebPDM Product Data Management System Oct 24, 2014 Read | Download
TWSL2014-013 Privilege Escalation Vulnerability and Potential Remote Code Execution in SAP Adaptive Server Enterprise Sep 12, 2014 Read | Download
TWSL2014-012 Secure Desktop Protection Bypass in 1Password for Windows Aug 05, 2014 Read | Download
TWSL2014-011 Secure Desktop Protection Bypass in Keepass Aug 05, 2014 Read | Download
TWSL2014-010 Multiple Vulnerabilities in Wing FTP Server Jul 02, 2014 Read | Download
TWSL2014-009 Multiple Vulnerabilities in BSS Company Software Jul 01, 2014 Read | Download
TWSL2014-008 Cross Site Scripting Vulnerability in Cisco ASA May 28, 2014 Read | Download
TWSL2014-007 Multiple Vulnerabilities in Y-Cam May 01, 2014 Read | Download
TWSL2014-006 NetSupport Manager Information Disclosure Vulnerability Apr 17, 2014 Read | Download
TWSL2014-005 VPN Privilege Escalation Vulnerability in Cisco ASA Apr 09, 2014 Read | Download
TWSL2014-004 Information Disclosure in the BC Collected Information Export Extension for eZ Publish CMS Mar 20, 2014 Read | Download
TWSL2014-003 Blind SQL Injection Vulnerability in Tableau Server Jan 24, 2014 Read | Download
TWSL2014-002 Buffer Overflow Vulnerability in DaumGame ActiveX Jan 06, 2014 Read | Download
TWSL2014-001 Multiple Vulnerabilities in Franklin Fueling's TS-550 evo Jan 03, 2014 Read | Download
TWSL2013-034 Path Traversal Vulnerability in WiFi HD Free Nov 20, 2013 Read | Download
TWSL2013-033 Multiple Vulnerabilities in Easy File Manager Nov 20, 2013 Read | Download
TWSL2013-032 Path Traversal Vulnerability in FTPDrive Nov 20, 2013 Read | Download
TWSL2013-031 Information Disclosure Vulnerability in RiskNet Acquirer Nov 07, 2013 Read | Download
TWSL2013-030 Multiple Vulnerabilities in Quixplorer Nov 06, 2013 Read | Download
TWSL2013-029 Information Disclosure Vulnerability in QNAP Photo Station Sep 27, 2013 Read | Download
TWSL2013-028 Persistent Denial of Service Vulnerability in Vino VNC Server Sep 16, 2013 Read | Download
TWSL2013-027 Multiple Vulnerabilities in ajaXplorer Sep 05, 2013 Read | Download
TWSL2013-026 Multiple Web Application Vulnerabilities in RockMongo Aug 16, 2013 Read | Download
TWSL2013-025 Arbitrary File Upload Vulnerability in Official Nmap Aug 02, 2013 Read | Download
TWSL2013-024 Cross Site Scripting (XSS) vulnerability in McAfee Superscan 4.0 Aug 02, 2013 Read | Download
TWSL2013-023 Lack of Web and API AuthenticationVulnerability in INSTEON Hub Aug 01, 2013 Read | Download
TWSL2013-022 No Authentication Vulnerability in Radio Thermostat Aug 01, 2013 Read | Download
TWSL2013-021 Multiple Vulnerabilities in Karotz Smart Rabbit Aug 01, 2013 Read | Download
TWSL2013-020 Hard-Coded Bluetooth PIN Vulnerability in LIXIL Satis Toilet Aug 01, 2013 Read | Download
TWSL2013-018 Multiple Vulnerabilities in OpenEMR Jul 12, 2013 Read | Download
TWSL2013-008 Command Injection Vulnerabilities in Linksys Routers. May 31, 2013 Read | Download
TWSL2013-007 Multiple Vulnerabilities in VLC Media Player - Web Interface. Jun 10, 2013 Read | Download
TWSL2013-006 Cross-Site Scripting Vulnerability in Coldbox. Jun 10, 2013 Read | Download
TWSL2013-004 Group Name Enumeration Vulnerability in Cisco IKE Implementation. Apr 18, 2013 Read | Download
TWSL2013-002 Multiple XSS Vulnerabilities in The Bug Genie. May 09, 2013 Read | Download
TWSL2012-019 Cross-Site Scripting Vulnerability in Support Incident Tracker Aug 29, 2012 Read | Download
TWSL2012-016 Multiple Vulnerabilities in Bitweaver Oct 23, 2012 Read | Download
TWSL2012-014 Multiple Vulnerabilities in Scrutinizer NetFlow and sFlow Analyzer Jul 27, 2012 Read | Download
TWSL2012-012 Cross-Site Scripting Vulnerability in Support Incident Tracker Apr 20, 2012 Read | Download
TWSL2012-008 Multiple Vulnerabilities in Scrutinizer NetFlow Apr 10, 2012 Read | Download
TWSL2012-005 Cross-Site Scripting Vulnerability in osCommerce Platform Mar 23, 2012 Read | Download
TWSL2012-004 Multiple Vulnerabilities in Zen Cart May 03, 2012 Read | Download
TWSL2012-003 Cross-Site Scripting Vulnerability in Movable Type Publishing Platform Feb 24, 2012 Read | Download
TWSL2012-002 Multiple Vulnerabilities in WordPress Jan 24, 2012 Read | Download
TWSL2012-001 Cross-Site Scripting Vulnerability in Textpattern Content Management System Jan 03, 2012 Read | Download
TWSL2011-019 Cross-Site Scripting Vulnerability in phpMyAdmin Dec 22, 2011 Read | Download
TWSL2011-018 Authentication Bypass Vulnerability in IBM TS3100/TS3200 Web User Interface Dec 20, 2011 Read | Download
TWSL2011-017 Multiple Vulnerabilities in Merethis Centreon Nov 04, 2011 Read | Download
TWSL2011-014 Vulnerability in Pantech Web Browser SSL Implementation Sep 23, 2011 Read | Download
TWSL2011-013 Multiple Vulnerabilities in IceWarp Mail Server Sep 23, 2011 Read | Download
TWSL2011-008 Focus Stealing Vulnerability in Android Aug 06, 2011 Read | Download
TWSL2011-007 iOS SSL Implementation Does Not Validate Certificate Chain Jul 25, 2011 Read | Download
TWSL2011-006 IBM Web Application Firewall Bypass Jun 21, 2011 Read | Download
TWSL2011-005 Directory Traversal in Trustwave WebDefend Enterprise Jun 17, 2011 Read | Download
TWSL2011-004 Cross-Site Scripting Vulnerability in ZyXEL ZyWALL 70 Firewall Jun 10, 2011 Read | Download
TWSL2011-003 Vulnerabilities discovered in Avocent Cyclades ACS Web Manager Mar 11, 2011 Read | Download
TWSL2011-002 Vulnerabilities in Comcast DOCSIS 3.0 Business Gateways (SMCD3G-CCR) Feb 04, 2011 Read | Download
TWSL2011-001 Vulnerabilities in Trustwave WebDefend Enterprise Feb 15, 2011 Read | Download
TWSL2010-008 Clear iSpot/Clearspot CSRF Vulnerabilities Dec 10, 2010 Read | Download
TWSL2010-007 Passlogix v-GO Self-Service Password Reset Bypass via Invalid SSL Certificate Dec 10, 2010 Read | Download
TWSL2010-006 Multiple Vulnerabilities in Camtron CMNC-200 IP Camera Nov 12, 2010 Read | Download
TWSL2010-005 FreePBX recordings interface allows remote code execution Sep 23, 2010 Read | Download
TWSL2010-003 Unauthorized access to root NFS export on EMC Celerra Network Attached Storage(NAS) appliance Jul 29, 2010 Read | Download
TWSL2010-002 Web Service Hijacking in VMWare WebAccess Mar 30, 2010 Read | Download
TWSL2010-001 View state tampering vulnerabilities in products from Microsoft, Apache, and Sun Microsystems Feb 03, 2010 Read | Download
TWSL2009-002 Cisco's Adaptive Security Appliance (ASA) Web VPN Multiple Vulnerabilities Jun 24, 2009 Read | Download
TWSL2009-001 Profense Web Application Firewall and Load Balancer multiple vulnerabilities May 19, 2009 Read | Download