Home page logo

nmap-dev logo Nmap Development mailing list archives

New VA Modules: NSE: 1, OpenVAS: 2, MSF: 1, Nessus: 4
From: New VA Module Alert Service <postmaster () insecure org>
Date: Thu, 15 Dec 2011 10:00:31 -0800 (PST)

This report describes any new scripts/modules/exploits added to Nmap,
OpenVAS, Metasploit, and Nessus since yesterday.

== Nmap Scripting Engine scripts (1) ==

r27488 http-unsafe-output-escaping http://nmap.org/nsedoc/scripts/http-unsafe-output-escaping.html
Spiders a website and attempts to identify and issues with output
escaping where content is reflected back to the user. This script
locates all parameters, ?x=foo&y=bar and checks if the values are
reflected on the page. If they are indeed reflected, the script will try
to insert ghz>hzx"zxc'xcv and check which (if any) characters were
reflected back onto the page without proper html escaping. This is an
indication of potential XSS issues.

== OpenVAS plugins (2) ==

r12326 103367 gb_xvworks_debugging_service_42158.nasl
VxWorks Debugging Service Security-Bypass Vulnerability

r12326 103366 gb_schneider_quantum_ethernet_module_hardcoded_credentials_ftp_51046.nasl
Schneider Electric Quantum Ethernet Module Hardcoded Credentials
Authentication Bypass Vulnerability

== Metasploit modules (1) ==

Windows Gather RazorSQL credentials

== Nessus plugins (4) ==

57290 oracle_java6_update30.nasl
Oracle Java JDK / JRE 6 < Update 30 Multiple Vulnerabilities

57289 asterisk_ast_2011_014.nasl
Asterisk Multiple Vulnerabilities (AST-2011-013 / AST-2011-014)

57288 google_chrome_16_0_912_63.nasl
Google Chrome < 16.0.912.63 Multiple Vulnerabilities

57287 squid_3_1_16.nasl
Squid 3.1.x < 3.1.16 / 3.2.x < DNS Replies CName Record Parsing
Remote DoS
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
  • New VA Modules: NSE: 1, OpenVAS: 2, MSF: 1, Nessus: 4 New VA Module Alert Service (Dec 15)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]