Nmap Development mailing list archives
New VA Modules: NSE: 3, OpenVAS: 32, MSF: 2
From: New VA Module Alert Service <postmaster () insecure org>
Date: Fri, 18 Nov 2011 10:05:56 -0800 (PST)
This report describes any new scripts/modules/exploits added to Nmap, OpenVAS, Metasploit, and Nessus since yesterday. == Nmap Scripting Engine scripts (3) == r27108 http-vuln-cve2011-3368 http://nmap.org/nsedoc/scripts/http-vuln-cve2011-3368.html Check against CVE-2011-3368 "Reverse Proxy Bypass", as described by http://www.contextis.com/research/blog/reverseproxybypass/ The script will run 3 tests: o the loopback test, with 3 payloads to handle different rewrite rules o the internal hosts test. According to Contextis, we expect a delay before a server error. o The external website test. This does not mean that you can reach a LAN ip, but this is a relevant issue anyway. r27109 nexpose-brute http://nmap.org/nsedoc/scripts/nexpose-brute.html Performs brute force password auditing against a Nexpose vulnerability scanner using the API 1.1. r27110 maxdb-info http://nmap.org/nsedoc/scripts/maxdb-info.html Retrieves version and database information from a SAP Max DB database. == OpenVAS plugins (32) == r12134 863621 gb_fedora_2011_14673_krb5_fc15.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_fedora_2011_14673_krb5_fc15.nasl?root=openvas&view=markup Fedora Update for krb5 FEDORA-2011-14673 r12134 870515 gb_RHSA-2011_1458-01_bind.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_RHSA-2011_1458-01_bind.nasl?root=openvas&view=markup RedHat Update for bind RHSA-2011:1458-01 r12134 902749 secpod_ocs_inventory_ng_xss_vuln.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/secpod_ocs_inventory_ng_xss_vuln.nasl?root=openvas&view=markup OCS Inventory NG Persistent Cross-site Scripting Vulnerability r12134 902587 secpod_herberlin_bremsserver_dir_trav_vuln.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/secpod_herberlin_bremsserver_dir_trav_vuln.nasl?root=openvas&view=markup Herberlin Bremsserver Directory Traversal Vulnerability r12134 802515 gb_mozilla_prdts_mult_unspecified_vuln_macosx.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_unspecified_vuln_macosx.nasl?root=openvas&view=markup Mozilla Products Multiple Unspecified Vulnerabilities (MAC OS X r12134 802518 gb_mozilla_prdts_xss_n_mem_crptn_vuln_win.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_mozilla_prdts_xss_n_mem_crptn_vuln_win.nasl?root=openvas&view=markup Mozilla Products XSS and Memory Corruption Vulnerabilities (Windows) r12134 863624 gb_fedora_2011_15256_squid_fc14.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_fedora_2011_15256_squid_fc14.nasl?root=openvas&view=markup Fedora Update for squid FEDORA-2011-15256 r12134 863625 gb_fedora_2011_15856_kernel_fc15.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_fedora_2011_15856_kernel_fc15.nasl?root=openvas&view=markup Fedora Update for kernel FEDORA-2011-15856 r12134 831494 gb_mandriva_MDVSA_2011_175.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2011_175.nasl?root=openvas&view=markup Mandriva Update for poppler MDVSA-2011:175 (poppler) r12134 802513 gb_mozilla_prdts_wrapper_priv_esc_vuln_macosx.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_mozilla_prdts_wrapper_priv_esc_vuln_macosx.nasl?root=openvas&view=markup Mozilla Products 'NoWaiverWrapper' Privilege Escalation Vulnerability (Windows) r12134 802517 gb_mozilla_prdts_priv_esc_vuln_win.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_mozilla_prdts_priv_esc_vuln_win.nasl?root=openvas&view=markup Mozilla Products Privilege Escalation Vulnerabily (Windows) r12134 802510 gb_mozilla_prdts_browser_engine_dos_vuln_win.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_mozilla_prdts_browser_engine_dos_vuln_win.nasl?root=openvas&view=markup Mozilla Products Browser Engine Denial of Service Vulnerabilities (Windows) r12134 840809 gb_ubuntu_USN_1264_1.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_ubuntu_USN_1264_1.nasl?root=openvas&view=markup Ubuntu Update for bind9 USN-1264-1 r12134 840808 gb_ubuntu_USN_1266_1.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_ubuntu_USN_1266_1.nasl?root=openvas&view=markup Ubuntu Update for openldap USN-1266-1 r12134 831496 gb_mandriva_MDVSA_2011_176_1.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2011_176_1.nasl?root=openvas&view=markup Mandriva Update for bind MDVSA-2011:176-1 (bind) r12134 870517 gb_RHSA-2011_1455-01_freetype.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_RHSA-2011_1455-01_freetype.nasl?root=openvas&view=markup RedHat Update for freetype RHSA-2011:1455-01 r12134 802516 gb_mozilla_prdts_xss_n_mem_crptn_vuln_macosx.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_mozilla_prdts_xss_n_mem_crptn_vuln_macosx.nasl?root=openvas&view=markup Mozilla Products XSS and Memory Corruption Vulnerabilities (MAC OS X) r12134 902586 secpod_adobe_coldfusion_multiple_path_disc_vuln.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/secpod_adobe_coldfusion_multiple_path_disc_vuln.nasl?root=openvas&view=markup Adobe ColdFusion Multiple Path Disclosure Vulnerabilities r12134 863626 gb_fedora_2011_15233_squid_fc15.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_fedora_2011_15233_squid_fc15.nasl?root=openvas&view=markup Fedora Update for squid FEDORA-2011-15233 r12134 802514 gb_mozilla_prdts_mult_vuln_nov11_macosx.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_nov11_macosx.nasl?root=openvas&view=markup Mozilla Products Multiple Vulnerabilities (MAC OS X) r12134 802511 gb_mozilla_prdts_mult_vuln_nov11_win.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_nov11_win.nasl?root=openvas&view=markup Mozilla Products Multiple Vulnerabilities (Windows) r12134 870516 gb_RHSA-2011_1459-01_bind97.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_RHSA-2011_1459-01_bind97.nasl?root=openvas&view=markup RedHat Update for bind97 RHSA-2011:1459-01 r12134 831495 gb_mandriva_MDVSA_2011_176.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2011_176.nasl?root=openvas&view=markup Mandriva Update for bind MDVSA-2011:176 (bind) r12134 802512 gb_mozilla_prdts_priv_esc_vuln_macosx.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_mozilla_prdts_priv_esc_vuln_macosx.nasl?root=openvas&view=markup Mozilla Products Privilege Escalation Vulnerabily (MAC OS X) r12134 802509 gb_mozilla_prdts_wrapper_priv_esc_vuln_win.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_mozilla_prdts_wrapper_priv_esc_vuln_win.nasl?root=openvas&view=markup Mozilla Products 'NoWaiverWrapper' Privilege Escalation Vulnerability (Windows) r12134 840806 gb_ubuntu_USN_1261_1.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_ubuntu_USN_1261_1.nasl?root=openvas&view=markup Ubuntu Update for quagga USN-1261-1 r12134 863623 gb_fedora_2011_15338_wireshark_fc14.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_fedora_2011_15338_wireshark_fc14.nasl?root=openvas&view=markup Fedora Update for wireshark FEDORA-2011-15338 r12134 863622 gb_fedora_2011_15328_wireshark_fc15.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_fedora_2011_15328_wireshark_fc15.nasl?root=openvas&view=markup Fedora Update for wireshark FEDORA-2011-15328 r12134 863620 gb_fedora_2011_14650_krb5_fc14.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_fedora_2011_14650_krb5_fc14.nasl?root=openvas&view=markup Fedora Update for krb5 FEDORA-2011-14650 r12134 840805 gb_ubuntu_USN_1263_1.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_ubuntu_USN_1263_1.nasl?root=openvas&view=markup Ubuntu Update for icedtea-web USN-1263-1 r12134 902755 secpod_wordpress_mult_plugins_sql_inj_vuln.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/secpod_wordpress_mult_plugins_sql_inj_vuln.nasl?root=openvas&view=markup WordPress Multiple Plugins SQL Injection Vulnerabilities r12134 840807 gb_ubuntu_USN_1265_1.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_ubuntu_USN_1265_1.nasl?root=openvas&view=markup Ubuntu Update for system-config-printer USN-1265-1 == Metasploit modules (2) == r14278 http://metasploit.com/redmine/projects/framework/repository/entry/modules/post/linux/manage/sudo.rb Linux Post Sudo Upgrade Shell r14280 http://metasploit.com/redmine/projects/framework/repository/entry/modules/post/multi/manage/sudo.rb Linux Post Sudo Upgrade Shell _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- New VA Modules: NSE: 3, OpenVAS: 32, MSF: 2 New VA Module Alert Service (Nov 18)