Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
trustwave vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2011-1906
Trustwave WebDefend Enterprise prior to 5.0 7.01.903-1.4 stores specific user-account credentials in a MySQL database, which makes it easier for remote malicious users to read the event collection table via requests to the management port, a different vulnerability than CVE-2011-...
Trustwave Webdefend 2.0
Trustwave Webdefend
Trustwave Webdefend 3.0
NA
CVE-2011-0756
The application server in Trustwave WebDefend Enterprise prior to 5.0 uses hardcoded console credentials, which makes it easier for remote malicious users to read security-event data by using the remote console GUI to connect to the management port.
Trustwave Webdefend 2.0
Trustwave Webdefend
9.8
CVSSv3
CVE-2014-2727
The STARTTLS implementation in MailMarshal prior to 7.2 allows plaintext command injection.
Trustwave Mailmarshal
7.5
CVSSv3
CVE-2023-38285
Trustwave ModSecurity 3.x prior to 3.0.10 has Inefficient Algorithmic Complexity.
Trustwave Modsecurity
7.5
CVSSv3
CVE-2023-28882
Trustwave ModSecurity 3.0.5 up to and including 3.0.8 prior to 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations.
Trustwave Modsecurity
5.3
CVSSv3
CVE-2019-25043
ModSecurity 3.x prior to 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header.
Trustwave Modsecurity
8.6
CVSSv3
CVE-2024-1019
ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional qu...
Trustwave Modsecurity
1 Github repository
6.1
CVSSv3
CVE-2018-13065
ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this issue because it may only apply to environments without a Core Rule Set configured
Trustwave Modsecurity 3.0.0
9.8
CVSSv3
CVE-2017-18001
Trustwave Secure Web Gateway (SWG) up to and including 11.8.0.27 allows remote malicious users to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI.
Trustwave Secure Web Gateway
1 EDB exploit
7.5
CVSSv3
CVE-2020-15598
Trustwave ModSecurity 3.x up to and including 3.0.4 allows denial of service via a special request. NOTE: The discoverer reports "Trustwave has signaled they are disputing our claims." The CVE suggests that there is a security issue with how ModSecurity handles regular ...
Trustwave Modsecurity
Debian Debian Linux 10.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »