Nmap Development mailing list archives
New VA Modules: NSE: 1, OpenVAS: 2, MSF: 1, Nessus: 4
From: New VA Module Alert Service <postmaster () insecure org>
Date: Thu, 15 Dec 2011 10:00:31 -0800 (PST)
This report describes any new scripts/modules/exploits added to Nmap, OpenVAS, Metasploit, and Nessus since yesterday. == Nmap Scripting Engine scripts (1) == r27488 http-unsafe-output-escaping http://nmap.org/nsedoc/scripts/http-unsafe-output-escaping.html Spiders a website and attempts to identify and issues with output escaping where content is reflected back to the user. This script locates all parameters, ?x=foo&y=bar and checks if the values are reflected on the page. If they are indeed reflected, the script will try to insert ghz>hzx"zxc'xcv and check which (if any) characters were reflected back onto the page without proper html escaping. This is an indication of potential XSS issues. == OpenVAS plugins (2) == r12326 103367 gb_xvworks_debugging_service_42158.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_xvworks_debugging_service_42158.nasl?root=openvas&view=markup VxWorks Debugging Service Security-Bypass Vulnerability r12326 103366 gb_schneider_quantum_ethernet_module_hardcoded_credentials_ftp_51046.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_schneider_quantum_ethernet_module_hardcoded_credentials_ftp_51046.nasl?root=openvas&view=markup Schneider Electric Quantum Ethernet Module Hardcoded Credentials Authentication Bypass Vulnerability == Metasploit modules (1) == r14415 http://metasploit.com/redmine/projects/framework/repository/entry/modules/post/windows/gather/credentials/razorsql.rb Windows Gather RazorSQL credentials == Nessus plugins (4) == 57290 oracle_java6_update30.nasl http://nessus.org/plugins/index.php?view=single&id=57290 Oracle Java JDK / JRE 6 < Update 30 Multiple Vulnerabilities 57289 asterisk_ast_2011_014.nasl http://nessus.org/plugins/index.php?view=single&id=57289 Asterisk Multiple Vulnerabilities (AST-2011-013 / AST-2011-014) 57288 google_chrome_16_0_912_63.nasl http://nessus.org/plugins/index.php?view=single&id=57288 Google Chrome < 16.0.912.63 Multiple Vulnerabilities 57287 squid_3_1_16.nasl http://nessus.org/plugins/index.php?view=single&id=57287 Squid 3.1.x < 3.1.16 / 3.2.x < 3.2.0.13 DNS Replies CName Record Parsing Remote DoS _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- New VA Modules: NSE: 1, OpenVAS: 2, MSF: 1, Nessus: 4 New VA Module Alert Service (Dec 15)