Affiliation/Organization: Trustwave's SpiderLabs


Time to Patch Stats

For vulnerabilities disclosed through this affiliation where we have sufficient data to calculate the time to patch (4 vulns), the following statistics apply:

Min Time To Patch:55 days
Avg Time To Patch:121 days
Max Time To Patch:144 days

Other Affiliations

Creditees Affiliated with Trustwave's SpiderLabs have also affiliated with:

Website: https://www.trustwave.com/spiderLabs.php

Creditees currently or formerly associated with Trustwave's SpiderLabs (6):
(ordered by association date)

Known SinceNameVulns Through Affiliation
2010-11-12Wendel G. Henrique5
2010-12-10Trustwave's SpiderLabs7
2011-09-29David Aaron5
2011-09-29Jonathan Claudius18
2012-04-11Tanya Secker13
2013-03-21David Kirkpatrick2

Disclosed Vulnerabilities (43):

Discl. DateOSVDB IDCVE IDCrediteesTitle
2013-06-10 94140 2013-3564 Tanya Secker
 VLC Media Player Web Interface XML Services Remote Command Execution
2013-06-10 94139 2013-3564
2013-3565		 Tanya Secker
 VLC Media Player Web Interface XML Services XSS
2013-04-17 92545 2013-1194 Trustwave's SpiderLabs
 Cisco Adaptive Security Appliances (ASA) ISAKMP Implementation VPN Group Enumeration
2013-03-21 91717 David Kirkpatrick
 MongoDB Default Unpassworded Administrator Account
2013-03-21 91716 David Kirkpatrick
 MongoDB Plaintext Data Local Disclosure
2013-02-20 90544 Trustwave's SpiderLabs
 Geeklog admin/plugins/polls/index.php Multiple Parameter XSS
2013-02-20 90545 Trustwave's SpiderLabs
 Geeklog admin/topic.php Topic Parameter XSS
2012-10-23 86609 David Aaron
Jonathan Claudius
 bitweaver users/register.php login Parameter XSS
2012-10-23 86599 2012-5193 David Aaron
Jonathan Claudius
 bitweaver stats/index.php days Parameter XSS
2012-10-23 86600 2012-5193 David Aaron
Jonathan Claudius
 bitweaver users/remind_password.php username Parameter XSS
2012-10-23 86706 2012-5192 David Aaron
Jonathan Claudius
 bitweaver gmap/view_overlay.php overlay_type Parameter Traversal Arbitrary File Access
2012-07-27 84317 2012-3951 Mario Ceballos
Jonathan Claudius
Tanya Secker
 Scrutinizer NetFlow and sFlow Analyzer Default Hardcoded Admin Credentials
2012-07-27 84321 2012-3848 Mario Ceballos
Jonathan Claudius
Tanya Secker
 Scrutinizer NetFlow and sFlow Analyzer /d4d/exporters.php Multiple Parameter XSS
2012-07-27 84318 2012-2626 Mario Ceballos
Jonathan Claudius
Tanya Secker
 Scrutinizer NetFlow and sFlow Analyzer HTTP Request Parsing Authentication Bypass
2012-07-27 84320 2012-3848 Mario Ceballos
Jonathan Claudius
Tanya Secker
 Scrutinizer NetFlow and sFlow Analyzer /d4d/contextMenu.php Multiple Parameter XSS
2012-07-27 84319 2012-2627 Mario Ceballos
Jonathan Claudius
Tanya Secker
 Scrutinizer NetFlow and sFlow Analyzer HTTP Request Parsing Arbitrary File Upload
2012-05-07 82448 2012-2433
2012-2434		 Jonathan Claudius
 Zen Cart zc_install/index.php Multiple Parameter Traversal Arbitrary File Access
2012-05-07 82393 2012-1413 Jonathan Claudius
 Zen Cart zc_install/index.php db_username Parameter XSS
2012-04-20 82408 2012-2235 Jonathan Claudius
 Support Incident Tracker (SiT!) index.php id Parameter XSS
2012-04-11 81117 2012-1258 Tanya Secker
 Scrutinizer NetFlow and sFlow Analyzer cgi-bin/userprefs.cgi Admin User Creation
2012-04-11 81118 2012-1259 Tanya Secker
 Scrutinizer NetFlow and sFlow Analyzer cgi-bin/scrut_fa_exclusions.cgi addip Parameter SQL Injection
2012-04-11 81119 2012-1259 Tanya Secker
 Scrutinizer NetFlow and sFlow Analyzer d4d/alarms.php search_str Parameter SQL Injection
2012-04-11 81120 2012-1259 Tanya Secker
 Scrutinizer NetFlow and sFlow Analyzer cgi-bin/login.cgi getPermissionsAndPreferences Parameter SQL Injection
2012-04-11 81122 2012-1260 Tanya Secker
 Scrutinizer NetFlow and sFlow Analyzer cgi-bin/userprefs.cgi newUser Parameter XSS
2012-04-11 81121 2012-1261 Tanya Secker
 Scrutinizer NetFlow and sFlow Analyzer cgi-bin/scrut_fa_exclusions.cgi standalone Parameter XSS
2012-03-23 82470 2012-1792 Jonathan Claudius
 OSCommerce Online Merchant DBCheck.php name Parameter XSS
2012-02-23 79470 2012-0318
2012-1262		 Jonathan Claudius
 Movable Type /cgi-bin/mt/mt-wizard.cgi dbuser Parameter XSS
2012-01-24 78708 2011-4899 Trustwave's SpiderLabs
 WordPress wp-admin/setup-config.php MySQL Database Verification Code Injection Weakness
2012-01-24 78709 2012-0782 Trustwave's SpiderLabs
 WordPress wp-admin/setup-config.php Multiple Parameter XSS
2012-01-24 78710 2012-0937 Jonathan Claudius
 WordPress wp-admin/setup-config.php MySQL Query Saturation Brute-Force Proxy Weakness
2012-01-24 78707 2011-4898 Jonathan Claudius
 WordPress wp-admin/setup-config.php MySQL Credentials Error Message Brute-Force Weakness
2012-01-03 78133 2011-5019 Jonathan Claudius
 Textpattern textpattern/setup/index.php ddb Parameter XSS
2011-09-29 86703 David Aaron
Jonathan Claudius
 bitweaver users/register.php Multiple Parameter XSS
2011-02-04 72434 2011-0885 SMC / Comcast DOCSIS Business Gateways Default Account
2011-02-04 72435 2011-0886 SMC / Comcast DOCSIS Business Gateways Multiple Management Page Administrative Action CSRF
2011-02-04 72436 2011-0887 SMC / Comcast DOCSIS Business Gateways Web Management Portal Session Generation Weakness
2010-12-10 70214 2010-4507 Trustwave's SpiderLabs
 iSpot/Clearspot webmain.cgi Multiple Admin Function CSRF
2010-12-10 70280 2010-4507 Trustwave's SpiderLabs
 iSpot/Clearspot upgrademain.cgi FILE_PATH Parameter Multiple Admin Function CSRF
2010-11-12 69334 2010-4234 Wendel G. Henrique
 Camtron / TecVoz CMNC-200 IP Camera Web Server Request Saturation Remote DoS
2010-11-12 69330 2010-4230 Wendel G. Henrique
 Camtron / TecVoz CMNC-200 IP Camera TVSLiveControl ActiveX connect Method Overflow
2010-11-12 69331 2010-4231 Wendel G. Henrique
 Camtron / TecVoz CMNC-200 IP Camera Admin Interface URI Traversal Arbitrary File Access
2010-11-12 69332 2010-4232 Wendel G. Henrique
 Camtron / TecVoz CMNC-200 IP Camera Admin Interface URI Double Slash Remote Authentication Bypass
2010-11-12 69333 2010-4233 Wendel G. Henrique
 Camtron / TecVoz CMNC-200 IP Camera on Linux Multiple Account Default Password

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

© Copyright 2002 - 2013 Open Sourced Vulnerability Database (OSVDB), All Rights Reserved.
Privacy Statement - Terms of Use