The Passive Vulnerability Scanner (PVS) Plugins
http://www.tenablesecurity.com/tenable_plugins.pdf
All the newest security checks for the Tenable Passive Vulnerability Scanner (PVS)PVS Pluginshttp://www.tenablesecurity.com/images/RssLogo.jpg
http://www.tenablesecurity.com/
ClamAV memcpy() flaw in versions < 0.94.0
Synopsis :
The remote host is vulnerable to a Denial of Service (DoS) attack
The remote host is running ClamAV version: %L
This version of ClamAV is vulnerable to a flaw within the 'libclamav/chmunpack.c' file. Specifically, when handling malformed '.chm' files, the application fails to adequately parse the file. An attacker, sending a malformed .chm to a server running ClamAV, would be able to crash the service.
CVSS Base Score : 5.0 CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
The remote host is vulnerable to multiple attack vectors
The remote host is running the Novell eDirectory LDAP server. The reported version is: %L
This version of Novell eDirectory LDAP server is vulnerable to several flaws. First, the server is vulnerable to four (4) heap overflows. The flaw is due to insufficient content parsing in a number of HTTP headers. Successful exploitation of this first vulnerability would result in the atacker executing arbitrary code.
Second, the server is vulnerable to a cross-site-scripting flaw. An attacker, exploiting this flaw, would be able to execute script code within the browser of eDirectory HTTP users.
CVSS Base Score : 10.0 CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Copyright Tenable Network Security Inc. 2007]]>2008-09-07T14:54:00-05:00
http://www.tenablesecurity.com/4641.html
Invision Power Board multiple flaws in versions 2.2.2 and 2.3.5
Synopsis :
The remote host is vulnerable to multiple attack vectors
The remote host is running Invision Board, a CGI suite designed to set up a bulletin board system on the remote web server. This version of Invision Board is vulnerable to several SQL injection attacks due to a lack of parsing on the 'act' and 'name' variables of the index.php script. There is an information disclosure flaw wherein authentication materials can be retrieved from 'ipb_stronghold' cookies. There is a vulnerability which allows attackers to hijack Administrative sessions. There is a denial of service vulnerability due to a lack of parsing to the 'clean_globals()' function. There is a flaw in the 'source/action_admin/languages.php' wherein an attacker can inject code which is later executed via an 'eval()' function. Finally, there is a flaw in the way that the application handles data sent to the 'INFO[base_url]' parameter of the 'admin.php' script. A remote attacker can invoke arbitrary PHP script code.
CVSS Base Score : 7.5 CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Copyright Tenable Network Security Inc. 2007]]>2008-09-07T14:54:00-05:00
http://www.tenablesecurity.com/4640.html
Sharity detection
The remote host is running the Sharity service for Unix. Sharity is a service which allows Unix computers to access SMB/CIFS servers.
The remote database server is affected by an unspecified vulnerability.
The installation of DB2 9.5 on the remote host does not have Fix Pack 2 applied, and hence it is affected by an unspecified vulnerability in the way it deploys 'CLR Stored Procedures' for Visual Studio from IBM database add-ins (JR28431).
CVSS Base Score : 7.5 CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
The remote web server contains a PHP application affected by several vulnerabilities.
The remote host is running Kayako SupportSuite, a web-based electronic support portal written in PHP. According to its banner, the version of Kayako installed on the remote host is earlier than 3.30.01 and, as such, affected by several issues:
- There is a blind SQL injection issue in the staff panel that enables a staff user to gain administrative access. - A user may be able to inject arbitrary script into a user's browser by opening a ticket or requesting a chat if they include the script in the 'Full Name' field associated with their account. - There are numerous cross-site scripting issues. For your information, the reported version of SupportSuite is: %L
CVSS Base Score : 4.3 CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
Copyright Tenable Network Security Inc. 2007]]>2008-09-07T14:54:00-05:00
http://www.tenablesecurity.com/4637.html
Kayako SupportSuite version detection
The remote host is running Kayako SupportSuite version: %L
The remote host has been compromised and is running a 'Backdoor' program
The remote host appears to be infected with a SQL worm. The worm is attempting to spread via other web servers. The observed network traffic from this machine was: %L
CVSS Base Score : 10.0 CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Solution :
Manually examine and clean the host.
Risk factor :
HIGH
Copyright Tenable Network Security Inc. 2007]]>2008-09-07T14:54:00-05:00
http://www.tenablesecurity.com/4635.html
Opera < 9.52 Multiple Vulnerabilities
Synopsis :
The remote host contains a web browser that is affected by several issues.
The version of Opera installed on the remote host is earlier than 9.52 and thus reportedly affected by several issues :
- Specially-crafted URLs could start Opera in a way that would allow execution of arbitrary code. - Invalid checking of what frames a site can change, allowing a website to open pages from other sites. - An unspecified cross-site scripting issue. - Custom shortcuts and menu commands may pass parameters created from uninitialized memory. - Secure sites loading insecure content in a frame will cause Opera to incorrectly display the padlock icon. - Feed sources can link to a user's local disk, and appropriate javascript can detect if these files exist or not. - The page address may be changed when a user subscribes to a newsfeed subscription using the feed subscription button.
CVSS Base Score : 9.3 CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Copyright Tenable Network Security Inc. 2007]]>2008-09-07T14:54:00-05:00
http://www.tenablesecurity.com/4634.html
Cisco Secure Access Control Server Detection
Synopsis :
The remote web server is part of an access policy control platform.
The remote host appears to be running Cisco Secure Access Control Server, an access policy control platform, on this port. It is used to centrally manage access to network resources.