Home page logo
/

nmap-dev logo Nmap Development mailing list archives

New VA Modules: NSE: 1, OpenVAS: 2, MSF: 1, Nessus: 4
From: New VA Module Alert Service <postmaster () insecure org>
Date: Thu, 15 Dec 2011 10:00:31 -0800 (PST)

This report describes any new scripts/modules/exploits added to Nmap,
OpenVAS, Metasploit, and Nessus since yesterday.

== Nmap Scripting Engine scripts (1) ==

r27488 http-unsafe-output-escaping http://nmap.org/nsedoc/scripts/http-unsafe-output-escaping.html
Spiders a website and attempts to identify and issues with output
escaping where content is reflected back to the user. This script
locates all parameters, ?x=foo&y=bar and checks if the values are
reflected on the page. If they are indeed reflected, the script will try
to insert ghz>hzx"zxc'xcv and check which (if any) characters were
reflected back onto the page without proper html escaping. This is an
indication of potential XSS issues.

== OpenVAS plugins (2) ==

r12326 103367 gb_xvworks_debugging_service_42158.nasl
http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_xvworks_debugging_service_42158.nasl?root=openvas&view=markup
VxWorks Debugging Service Security-Bypass Vulnerability

r12326 103366 gb_schneider_quantum_ethernet_module_hardcoded_credentials_ftp_51046.nasl
http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_schneider_quantum_ethernet_module_hardcoded_credentials_ftp_51046.nasl?root=openvas&view=markup
Schneider Electric Quantum Ethernet Module Hardcoded Credentials
Authentication Bypass Vulnerability

== Metasploit modules (1) ==

r14415 
http://metasploit.com/redmine/projects/framework/repository/entry/modules/post/windows/gather/credentials/razorsql.rb
Windows Gather RazorSQL credentials

== Nessus plugins (4) ==

57290 oracle_java6_update30.nasl
http://nessus.org/plugins/index.php?view=single&id=57290
Oracle Java JDK / JRE 6 < Update 30 Multiple Vulnerabilities

57289 asterisk_ast_2011_014.nasl
http://nessus.org/plugins/index.php?view=single&id=57289
Asterisk Multiple Vulnerabilities (AST-2011-013 / AST-2011-014)

57288 google_chrome_16_0_912_63.nasl
http://nessus.org/plugins/index.php?view=single&id=57288
Google Chrome < 16.0.912.63 Multiple Vulnerabilities

57287 squid_3_1_16.nasl
http://nessus.org/plugins/index.php?view=single&id=57287
Squid 3.1.x < 3.1.16 / 3.2.x < 3.2.0.13 DNS Replies CName Record Parsing
Remote DoS
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
  • New VA Modules: NSE: 1, OpenVAS: 2, MSF: 1, Nessus: 4 New VA Module Alert Service (Dec 15)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]