Tripwire Vert

Combat the Latest Threats

Tripwire's Vulnerability and Exposure Research Team (VERT) gives you the expert, in-depth support you need.



A dedicated team of security experts focused solely on research. Security is a moving object. We keep you equipped for change with our proactive solutions.

Accurate and Relevant

Get coverage for the vulnerabilities that matter to the enterprise. We provide threat defense intelligence for the devices and applications present in modern enterprise environments.


Tripwire generally responds within 24 hours to security updates released by Microsoft on Patch Tuesday.

Latest Alerts

VERT Threat Alert - March 14, 2017

Patch Priority Index for March 2017

Featured Resources

 Friends Don’t Let Friends Mix XSS And CSRF

Read Article

 Heal Heartbleed

The most extensive Heartbleed coverage in the industry Read Coverage

Original Research

Product CVE Version Tested Description
Microsoft RDP
  CVE-2014-0296 Windows 8.1 MAC Signature Validation Issue
Linksys WRT110
  CVE-2013-3568 1.0.07 Basic CSRF
  CVE-2013-3568 1.0.07 Root command injection via CSRF
VT2442 Router / ATA (Vonage/Motorola)
  CVE-2013-3545 ??? Basic CSRF
  CVE-2013-3546 ??? IP-based authentication
Arcor EasyBox A 300 WLAN
  CVE-2013-3682 1.00.624 Basic CSRF
  CVE-2013-3683 1.00.624 IP-Based Authentication
  CVE-2013-3682 1.00.624 Persistent XSS via XSRF
Loftek Nexus 543 IP Camera
  CVE-2013-3311  Unauthenticated directory traversal discloses /proc/kcore (all passwords for UI, FTP, email servers disclosed in plaintext)
  CVE-2013-3312  GET Request CSRF (can reset all passwords and firewall settings)
  CVE-2013-3313  Passwords stored in plaintext
  CVE-2013-3314  Multiple unauthenticated information disclosures (reveal wifi password, firmware details, 'real ip', etc)
  CVE-2013-3291 Wireless password disclosure via unauthenticated GET /BRS_success.html
  CVE-2013-3292 Auth bypass via GET /BRS_03B_haveBackupFile_fileRestore.html 
  CVE-2013-3293 Root command injection via /ping6_traceroute6_hidden_info.htm (ex: ';utelnetd -p 24' binds a root shell to tcp/24)
NETGEAR ReadyNAS FrontView
  CVE-2013-2751 4.2.22 Remote command injection via unauthenticated GET results in complete system compromise (eval in /frontview/lib/
  CVE-2013-2752 4.2.22 Basic CSRF
  CVE-2013-2745 1.0.25 (SRC) SQL Injection via GET Request / CSRF
  CVE-2013-2738 1.0.25 (NETGEAR/SRC) SQL Injection via crafted SOAP requests
  CVE-2013-2739 1.0.25 (NETGEAR/SRC) Heap-based buffer overflow (exploitable via SQLi)
  CVE-2012-6294 RAIDiator 4.2.19 Arbitrary file-disclosure via unauthenticated GET requests
  CVE-2012-6295 RAIDiator 4.2.19 DoS via long GET request
  CVE-2012-6296 RAIDiator 4.2.19 Remote code execution via stack-buffer overflow via SQL injection (Zach Cutlip / BH12 reported for WNDR routers)
  CVE-2013-2600 1.8 and earlier Information disclosure due to improper handling of snprintf return
  CVE-2013-6455 v1.6 (1065) Multiple Persistent XSS
  CVE-2013-6456 v1.6 (1065) XSRF (Ian)
  CVE-2012-6457 v2.3.6 Basic CSRF -- password resets/etc
SilverStripe e-commerce Module
  CVE-2012-6458 0.9, 1.0, 3.x Multiple persistent XSS while handling user data
FireFly Media Server (mt-daapd) 
  CVE-2012-6292 1.0.3 (RAIDiator 4.2.22) / svn-1676 Persistent XSS in 'Smart Playlists'
  CVE-2012-6293 1.0.3 (RAIDiator 4.2.22) / svn-1676 DoS via unauthenticated GET or CSRF
  CVE-2012-6297 v24-sp2 Root command-injection via XSRF
IBM WebSphere
  CVE-2013-0542 Basic XSS in administration console
  CVE-2013-0543 Persistent XSS (Directory Traversal according to IBM)