Nmap Development mailing list archives
New VA Modules: NSE: 2, OpenVAS: 11, MSF: 12, Nessus: 29
From: New VA Module Alert Service <postmaster () insecure org>
Date: Thu, 20 Oct 2011 10:01:24 -0700 (PDT)
This report describes any new scripts/modules/exploits added to Nmap, OpenVAS, Metasploit, and Nessus since yesterday. == Nmap Scripting Engine scripts (2) == r26914 http-put http://nmap.org/nsedoc/scripts/http-put.html Uploads a local file to a remote web server using the HTTP PUT method. r26916 krb5-enum-users http://nmap.org/nsedoc/scripts/krb5-enum-users.html Discovers valid usernames by querying the Kerberos service for a TGT. When an invalid username is requested the server will responde using the Kerberos error code KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN, allowing us to determine that the user name was invalid. Valid user names will illicit either the TGT in a AS-REP response or the error KRB5KDC_ERR_PREAUTH_REQUIRED, signaling that the user is required to perform pre authentication. == OpenVAS plugins (11) == r11828 802041 gb_promotic_scada_hmi_server_dir_trav_vuln.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_promotic_scada_hmi_server_dir_trav_vuln.nasl?root=openvas&view=markup PROMOTIC SCADA/HMI Webserver Directory Traversal Vulnerability r11828 802258 gb_webmin_login_xss_vuln.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_webmin_login_xss_vuln.nasl?root=openvas&view=markup Webmin / Usermin Login Cross Site Scripting Vulnerability r11828 801990 gb_eclime_mult_sql_inj_n_xss_vuln.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_eclime_mult_sql_inj_n_xss_vuln.nasl?root=openvas&view=markup Eclime Multiple SQL Injection and Cross-site Scripting Vulnerabilities r11828 802193 gb_apple_itunes_mult_vuln_oct11_win.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_apple_itunes_mult_vuln_oct11_win.nasl?root=openvas&view=markup Apple iTunes Multiple Vulnerabilities - Oct 11 r11828 802192 gb_safari_mult_vuln_macosx.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_safari_mult_vuln_macosx.nasl?root=openvas&view=markup Apple MAC OS X v10.6.8 Safari Multiple Vulnerabilities r11828 802259 gb_macosx_i386_set_ldt_prv_esc_vuln.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_macosx_i386_set_ldt_prv_esc_vuln.nasl?root=openvas&view=markup Apple Mac OS X 'i386_set_ldt()' Privilege Escalation Vulnerability r11828 802336 gb_macosx_su11-006.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_macosx_su11-006.nasl?root=openvas&view=markup Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006) r11830 103307 gb_1024_cms_50275.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_1024_cms_50275.nasl?root=openvas&view=markup 1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability r11830 103308 gb_joomla_50191.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_joomla_50191.nasl?root=openvas&view=markup Joomla NoNumber! Extension Manager Plugin Local File Include and PHP code Injection Vulnerabilities r11830 103305 gb_WHMCompleteSolution.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_WHMCompleteSolution.nasl?root=openvas&view=markup WHMCompleteSolution 'cart.php' Local File Disclosure Vulnerability r11830 103306 gb_dolphin_50286.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_dolphin_50286.nasl?root=openvas&view=markup Boonex Dolphin 'xml/get_list.php' SQL Injection Vulnerability == Metasploit modules (12) == r13939 http://metasploit.com/redmine/projects/framework/repository/entry/modules/auxiliary/dos/windows/smb/ms11_019_electbowser.rb Microsoft Windows Browser Pool DoS r13952 http://metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/fileformat/real_networks_netzip_bof.rb Real Networks Netzip Classic 7.5.1 86 File Parsing Buffer Overflow Vulnerability r13956 http://metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/osx/browser/safari_file_policy.rb Apple Safari file:// Arbitrary Code Execution r13985 http://metasploit.com/redmine/projects/framework/repository/entry/modules/auxiliary/scanner/http/cisco_nac_manager_traversal.rb Cisco Network Access Manager Directory Traversal Vulnerability r13987 http://metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/safari_xslt_output.rb Apple Safari Webkit libxslt Arbitrary File Creation r13994 http://metasploit.com/redmine/projects/framework/repository/entry/modules/auxiliary/server/webkit_xslt_dropper.rb Cross Platform Webkit File Dropper r14000 http://metasploit.com/redmine/projects/framework/repository/entry/modules/post/windows/gather/credentials/enum_cred_store.rb Windows Credential Store Enumeration and Decryption Module r14001 http://metasploit.com/redmine/projects/framework/repository/entry/modules/post/multi/manage/system_session.rb Multi Manage System Remote TCP Shell Session r14003 http://metasploit.com/redmine/projects/framework/repository/entry/modules/post/multi/gather/dns_bruteforce.rb Multi Gather DNS Forward Lookup Bruteforce r14003 http://metasploit.com/redmine/projects/framework/repository/entry/modules/post/multi/gather/dns_srv_lookup.rb Multi Gather DNS Service Record Lookup Scan r14010 http://metasploit.com/redmine/projects/framework/repository/entry/modules/post/windows/manage/persistence.rb Windows Manage Persistent Payload Installer r14011 http://metasploit.com/redmine/projects/framework/repository/entry/modules/post/multi/manage/multi_post.rb Multi Manage Post Module Macro Execition == Nessus plugins (29) == 56563 ubuntu_USN-1232-2.nasl http://nessus.org/plugins/index.php?view=single&id=56563 USN-1232-2 : xorg-server regression 56562 ubuntu_USN-1192-3.nasl http://nessus.org/plugins/index.php?view=single&id=56562 USN-1192-3 : libvoikko regression 56561 redhat-RHSA-2011-1385.nasl http://nessus.org/plugins/index.php?view=single&id=56561 RHSA-2011-1385: kdelibs 56560 redhat-RHSA-2011-1384.nasl http://nessus.org/plugins/index.php?view=single&id=56560 RHSA-2011-1384: java 56559 centos_RHSA-2011-1385.nasl http://nessus.org/plugins/index.php?view=single&id=56559 CentOS : RHSA-2011-1385 56558 centos_RHSA-2011-1380.nasl http://nessus.org/plugins/index.php?view=single&id=56558 CentOS : RHSA-2011-1380 56557 macosx_thunderbird_installed.nasl http://nessus.org/plugins/index.php?view=single&id=56557 Thunderbird Installed (Mac OS X) 56556 ubuntu_USN-1233-1.nasl http://nessus.org/plugins/index.php?view=single&id=56556 USN-1233-1 : krb5 vulnerabilities 56555 ubuntu_USN-1232-1.nasl http://nessus.org/plugins/index.php?view=single&id=56555 USN-1232-1 : xorg-server vulnerabilities 56554 ubuntu_USN-1231-1.nasl http://nessus.org/plugins/index.php?view=single&id=56554 USN-1231-1 : php5 vulnerabilities 56553 redhat-RHSA-2011-1380.nasl http://nessus.org/plugins/index.php?view=single&id=56553 RHSA-2011-1380: java 56552 redhat-RHSA-2011-1379.nasl http://nessus.org/plugins/index.php?view=single&id=56552 RHSA-2011-1379: krb5-debuginfo 56551 mandriva_MDVSA-2011-156.nasl http://nessus.org/plugins/index.php?view=single&id=56551 MDVSA-2011:156 : tomcat5 56550 mandriva_MDVA-2011-058.nasl http://nessus.org/plugins/index.php?view=single&id=56550 MDVA-2011:058 : timezone 56549 gentoo_GLSA-201110-13.nasl http://nessus.org/plugins/index.php?view=single&id=56549 GLSA-201110-13 : Tor: Multiple vulnerabilities 56548 freebsd_pkg_8441957cf9b411e0a78abcaec565249c.nasl http://nessus.org/plugins/index.php?view=single&id=56548 FreeBSD : Xorg server -- two vulnerabilities in X server lock handling code (8441957c-f9b4-11e0-a78a-bcaec565249c) 56547 fedora_2011-14049.nasl http://nessus.org/plugins/index.php?view=single&id=56547 Fedora 14 2011-14049 56546 fedora_2011-14036.nasl http://nessus.org/plugins/index.php?view=single&id=56546 Fedora 15 2011-14036 56545 fedora_2011-14025.nasl http://nessus.org/plugins/index.php?view=single&id=56545 Fedora 14 2011-14025 56544 fedora_2011-13999.nasl http://nessus.org/plugins/index.php?view=single&id=56544 Fedora 15 2011-13999 56543 fedora_2011-13947.nasl http://nessus.org/plugins/index.php?view=single&id=56543 Fedora 16 2011-13947 56542 fedora_2011-13929.nasl http://nessus.org/plugins/index.php?view=single&id=56542 Fedora 15 2011-13929 56541 fedora_2011-13915.nasl http://nessus.org/plugins/index.php?view=single&id=56541 Fedora 14 2011-13915 56540 fedora_2011-13504.nasl http://nessus.org/plugins/index.php?view=single&id=56540 Fedora 15 2011-13504 56539 fedora_2011-13499.nasl http://nessus.org/plugins/index.php?view=single&id=56539 Fedora 14 2011-13499 56538 fedora_2011-13492.nasl http://nessus.org/plugins/index.php?view=single&id=56538 Fedora 16 2011-13492 56537 fedora_2011-13426.nasl http://nessus.org/plugins/index.php?view=single&id=56537 Fedora 16 2011-13426 56536 centos_RHSA-2011-1378.nasl http://nessus.org/plugins/index.php?view=single&id=56536 CentOS : RHSA-2011-1378 56535 centos_RHSA-2011-1377.nasl http://nessus.org/plugins/index.php?view=single&id=56535 CentOS : RHSA-2011-1377 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- New VA Modules: NSE: 2, OpenVAS: 11, MSF: 12, Nessus: 29 New VA Module Alert Service (Oct 20)