Home page logo
/

nmap-dev logo Nmap Development mailing list archives

New VA Modules: NSE: 2, OpenVAS: 11, MSF: 12, Nessus: 29
From: New VA Module Alert Service <postmaster () insecure org>
Date: Thu, 20 Oct 2011 10:01:24 -0700 (PDT)

This report describes any new scripts/modules/exploits added to Nmap,
OpenVAS, Metasploit, and Nessus since yesterday.

== Nmap Scripting Engine scripts (2) ==

r26914 http-put http://nmap.org/nsedoc/scripts/http-put.html
Uploads a local file to a remote web server using the HTTP PUT method.

r26916 krb5-enum-users http://nmap.org/nsedoc/scripts/krb5-enum-users.html
Discovers valid usernames by querying the Kerberos service for a TGT.
When an invalid username is requested the server will responde using the
Kerberos error code KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN, allowing us to
determine that the user name was invalid. Valid user names will illicit
either the TGT in a AS-REP response or the error
KRB5KDC_ERR_PREAUTH_REQUIRED, signaling that the user is required to
perform pre authentication.

== OpenVAS plugins (11) ==

r11828 802041 gb_promotic_scada_hmi_server_dir_trav_vuln.nasl
http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_promotic_scada_hmi_server_dir_trav_vuln.nasl?root=openvas&view=markup
PROMOTIC SCADA/HMI Webserver Directory Traversal Vulnerability

r11828 802258 gb_webmin_login_xss_vuln.nasl
http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_webmin_login_xss_vuln.nasl?root=openvas&view=markup
Webmin / Usermin Login Cross Site Scripting Vulnerability

r11828 801990 gb_eclime_mult_sql_inj_n_xss_vuln.nasl
http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_eclime_mult_sql_inj_n_xss_vuln.nasl?root=openvas&view=markup
Eclime Multiple SQL Injection and Cross-site Scripting Vulnerabilities

r11828 802193 gb_apple_itunes_mult_vuln_oct11_win.nasl
http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_apple_itunes_mult_vuln_oct11_win.nasl?root=openvas&view=markup
Apple iTunes Multiple Vulnerabilities - Oct 11

r11828 802192 gb_safari_mult_vuln_macosx.nasl
http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_safari_mult_vuln_macosx.nasl?root=openvas&view=markup
Apple MAC OS X v10.6.8 Safari Multiple Vulnerabilities

r11828 802259 gb_macosx_i386_set_ldt_prv_esc_vuln.nasl
http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_macosx_i386_set_ldt_prv_esc_vuln.nasl?root=openvas&view=markup
Apple Mac OS X 'i386_set_ldt()' Privilege Escalation Vulnerability

r11828 802336 gb_macosx_su11-006.nasl
http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_macosx_su11-006.nasl?root=openvas&view=markup
Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)

r11830 103307 gb_1024_cms_50275.nasl
http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_1024_cms_50275.nasl?root=openvas&view=markup
1024 CMS 1.1.0 Beta 'force_download.php' Local File Include
Vulnerability

r11830 103308 gb_joomla_50191.nasl
http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_joomla_50191.nasl?root=openvas&view=markup
Joomla NoNumber! Extension Manager Plugin Local File Include and PHP
code Injection Vulnerabilities

r11830 103305 gb_WHMCompleteSolution.nasl
http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_WHMCompleteSolution.nasl?root=openvas&view=markup
WHMCompleteSolution 'cart.php' Local File Disclosure Vulnerability

r11830 103306 gb_dolphin_50286.nasl
http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_dolphin_50286.nasl?root=openvas&view=markup
Boonex Dolphin 'xml/get_list.php' SQL Injection Vulnerability

== Metasploit modules (12) ==

r13939 
http://metasploit.com/redmine/projects/framework/repository/entry/modules/auxiliary/dos/windows/smb/ms11_019_electbowser.rb
Microsoft Windows Browser Pool DoS

r13952 
http://metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/fileformat/real_networks_netzip_bof.rb
Real Networks Netzip Classic 7.5.1 86 File Parsing Buffer Overflow
Vulnerability

r13956 
http://metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/osx/browser/safari_file_policy.rb
Apple Safari file:// Arbitrary Code Execution

r13985 
http://metasploit.com/redmine/projects/framework/repository/entry/modules/auxiliary/scanner/http/cisco_nac_manager_traversal.rb
Cisco Network Access Manager Directory Traversal Vulnerability

r13987 
http://metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/safari_xslt_output.rb
Apple Safari Webkit libxslt Arbitrary File Creation

r13994 http://metasploit.com/redmine/projects/framework/repository/entry/modules/auxiliary/server/webkit_xslt_dropper.rb
Cross Platform Webkit File Dropper

r14000 
http://metasploit.com/redmine/projects/framework/repository/entry/modules/post/windows/gather/credentials/enum_cred_store.rb
Windows Credential Store Enumeration and Decryption Module

r14001 http://metasploit.com/redmine/projects/framework/repository/entry/modules/post/multi/manage/system_session.rb
Multi Manage System Remote TCP Shell Session

r14003 http://metasploit.com/redmine/projects/framework/repository/entry/modules/post/multi/gather/dns_bruteforce.rb
Multi Gather DNS Forward Lookup Bruteforce

r14003 http://metasploit.com/redmine/projects/framework/repository/entry/modules/post/multi/gather/dns_srv_lookup.rb
Multi Gather DNS Service Record Lookup Scan

r14010 http://metasploit.com/redmine/projects/framework/repository/entry/modules/post/windows/manage/persistence.rb
Windows Manage Persistent Payload Installer

r14011 http://metasploit.com/redmine/projects/framework/repository/entry/modules/post/multi/manage/multi_post.rb
Multi Manage Post Module Macro Execition

== Nessus plugins (29) ==

56563 ubuntu_USN-1232-2.nasl
http://nessus.org/plugins/index.php?view=single&id=56563
USN-1232-2 : xorg-server regression

56562 ubuntu_USN-1192-3.nasl
http://nessus.org/plugins/index.php?view=single&id=56562
USN-1192-3 : libvoikko regression

56561 redhat-RHSA-2011-1385.nasl
http://nessus.org/plugins/index.php?view=single&id=56561
RHSA-2011-1385: kdelibs

56560 redhat-RHSA-2011-1384.nasl
http://nessus.org/plugins/index.php?view=single&id=56560
RHSA-2011-1384: java

56559 centos_RHSA-2011-1385.nasl
http://nessus.org/plugins/index.php?view=single&id=56559
CentOS : RHSA-2011-1385

56558 centos_RHSA-2011-1380.nasl
http://nessus.org/plugins/index.php?view=single&id=56558
CentOS : RHSA-2011-1380

56557 macosx_thunderbird_installed.nasl
http://nessus.org/plugins/index.php?view=single&id=56557
Thunderbird Installed (Mac OS X)

56556 ubuntu_USN-1233-1.nasl
http://nessus.org/plugins/index.php?view=single&id=56556
USN-1233-1 : krb5 vulnerabilities

56555 ubuntu_USN-1232-1.nasl
http://nessus.org/plugins/index.php?view=single&id=56555
USN-1232-1 : xorg-server vulnerabilities

56554 ubuntu_USN-1231-1.nasl
http://nessus.org/plugins/index.php?view=single&id=56554
USN-1231-1 : php5 vulnerabilities

56553 redhat-RHSA-2011-1380.nasl
http://nessus.org/plugins/index.php?view=single&id=56553
RHSA-2011-1380: java

56552 redhat-RHSA-2011-1379.nasl
http://nessus.org/plugins/index.php?view=single&id=56552
RHSA-2011-1379: krb5-debuginfo

56551 mandriva_MDVSA-2011-156.nasl
http://nessus.org/plugins/index.php?view=single&id=56551
MDVSA-2011:156 : tomcat5

56550 mandriva_MDVA-2011-058.nasl
http://nessus.org/plugins/index.php?view=single&id=56550
MDVA-2011:058 : timezone

56549 gentoo_GLSA-201110-13.nasl
http://nessus.org/plugins/index.php?view=single&id=56549
GLSA-201110-13 : Tor: Multiple vulnerabilities

56548 freebsd_pkg_8441957cf9b411e0a78abcaec565249c.nasl
http://nessus.org/plugins/index.php?view=single&id=56548
FreeBSD : Xorg server -- two vulnerabilities in X server lock handling
code (8441957c-f9b4-11e0-a78a-bcaec565249c)

56547 fedora_2011-14049.nasl
http://nessus.org/plugins/index.php?view=single&id=56547
Fedora 14 2011-14049

56546 fedora_2011-14036.nasl
http://nessus.org/plugins/index.php?view=single&id=56546
Fedora 15 2011-14036

56545 fedora_2011-14025.nasl
http://nessus.org/plugins/index.php?view=single&id=56545
Fedora 14 2011-14025

56544 fedora_2011-13999.nasl
http://nessus.org/plugins/index.php?view=single&id=56544
Fedora 15 2011-13999

56543 fedora_2011-13947.nasl
http://nessus.org/plugins/index.php?view=single&id=56543
Fedora 16 2011-13947

56542 fedora_2011-13929.nasl
http://nessus.org/plugins/index.php?view=single&id=56542
Fedora 15 2011-13929

56541 fedora_2011-13915.nasl
http://nessus.org/plugins/index.php?view=single&id=56541
Fedora 14 2011-13915

56540 fedora_2011-13504.nasl
http://nessus.org/plugins/index.php?view=single&id=56540
Fedora 15 2011-13504

56539 fedora_2011-13499.nasl
http://nessus.org/plugins/index.php?view=single&id=56539
Fedora 14 2011-13499

56538 fedora_2011-13492.nasl
http://nessus.org/plugins/index.php?view=single&id=56538
Fedora 16 2011-13492

56537 fedora_2011-13426.nasl
http://nessus.org/plugins/index.php?view=single&id=56537
Fedora 16 2011-13426

56536 centos_RHSA-2011-1378.nasl
http://nessus.org/plugins/index.php?view=single&id=56536
CentOS : RHSA-2011-1378

56535 centos_RHSA-2011-1377.nasl
http://nessus.org/plugins/index.php?view=single&id=56535
CentOS : RHSA-2011-1377
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
  • New VA Modules: NSE: 2, OpenVAS: 11, MSF: 12, Nessus: 29 New VA Module Alert Service (Oct 20)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]