(PVS) Signatures - Tenable Network Security

Passive Vulnerability Scanner (PVS) Signatures

Passive Vulnerability Scanner (PVS) Signatures 

Table of Contents 

Introduction.........................................................................................................................................................1 

PVS PLUGIN FAMILIES..................................................................................................................................2 

Family Backdoors..............................................................................................................................................4 

Family CGI.........................................................................................................................................................8 

Family Database...............................................................................................................................................33 

Family DNS Servers.........................................................................................................................................44 

Family Finger...................................................................................................................................................47 

Family FTP Servers.........................................................................................................................................48 

Family FTP Clients..........................................................................................................................................53 

Family Generic.................................................................................................................................................55 

Family Operating System Detection...............................................................................................................80 

Family IMAP Servers......................................................................................................................................85 

Family Internet Messengers............................................................................................................................88 

Family IRC Clients..........................................................................................................................................94 

Family IRC Servers.........................................................................................................................................96 

Family Peer-To-Peer File Sharing..................................................................................................................97 

Family POP Server........................................................................................................................................100 

Family RPC....................................................................................................................................................102 

Family Samba.................................................................................................................................................105 

Family SMTP Clients....................................................................................................................................107 

Family SMTP Servers....................................................................................................................................116 

Family SNMP Traps......................................................................................................................................124 

Family SSH.....................................................................................................................................................133 

i


Table of Contents 

Family Web Clients........................................................................................................................................136 

Family Web Servers.......................................................................................................................................176 

Family Abuse..................................................................................................................................................230 

Family Policy..................................................................................................................................................231 

Family Data Leakage.....................................................................................................................................239 

Family SCADA...............................................................................................................................................247 

Family Mobile Devices...................................................................................................................................251 

Family Internet Services................................................................................................................................254 

ii

Introduction 

PVS is a passive vulnerability scanner. Do you know what happens between the last time a vulnerability scan 

is completed and the next time a scan is completed? New hosts, new ports, new services, and new 

vulnerabilities can arrive on your networks faster than you may be allowed to scan for them. The PVS 

vulnerability monitor can find out what is happening on your network without actively scanning it. As PVS 

monitors your network, it also watches for potential application compromises, trust relationships, and open or 

browsed network protocols. 

A single PVS sensor can be placed in front of a network of 25,000 systems and continuously monitor the 

traffic for a variety of security related information including: 

• Keeping track of all client and server application vulnerabilities 

• Detecting when an application is compromised or subverted 

• Detecting when new hosts are added to the network 

• Detecting when an internal system begins to port scan other systems 

• Highlighting all interactive and encrypted network sessions 

• Tracking exactly which systems communicate with other internal systems 

• Detecting which ports are served and which ports are browsed for each individual system 

• Passively determining the type of operating system of each active host 

This PDF is automatically generated as new plugins are made available for download from the Tenable 

Network Security Corporate Web Server. This PDF is organized into several sections. Initially, you have this 

introduction followed by an overview of plugin count for each plugin family. Finally, the PDF details specific 

information for each of the different plugin modules. This information includes a brief description, plugin ID, 

CVE cross-reference, Bugtraq ID cross-reference, Nessus cross-reference, and several other descriptive 

entries. For more information regarding PVS, please visit: 

http://www.tenablesecurity.com/products/tenable-passive-vulnerability-scanner 

Copyright 2013 Tenable Network Security 

Introduction 1

PVS PLUGIN FAMILIES 

COUNT FAMILY NAME 

93 Backdoors 

744 CGI 

302 Database 

45 DNS Servers 

7 Finger 

138 FTP Servers 

21 FTP Clients 

764 Generic 

41 IMAP Servers 

94 Internet Messengers 

23 IRC Servers 

44 IRC Clients 

84 

45 

Operating System 

Detection 

Peer-To-Peer File 

Sharing 

47 POP Server 

67 RPC 

39 Samba 

169 SMTP Clients 

141 SMTP Servers 

159 SNMP Traps 

75 SSH 

759 Web Clients 

1039 Web Servers 

Abuse 

220 Policy 

146 Data Leakage 

89 SCADA 

51 Mobile Devices 

103 Internet Services 

PVS PLUGIN FAMILIES 2


PVS PLUGIN FAMILIES 3

Family Backdoors 

PVS ID PLUGIN NAME FAMILY NESSUS 

ID 

1141 Trojan/Backdoor - W32/Bagle Virus Detection Backdoors N/A 

1143 Trojan/Backdoor - MyDOOM/NoVarg Detection Backdoors 12029 

1183 Policy - iroffer Software Detection Backdoors N/A 



1207 Trojan/Backdoor - Agobot.FO Detection Backdoors 12128 

1215 Trojan/Backdoor Detection - Sasser Worm Backdoors 12219 

1229 Trojan/Backdoor - JS.Scob.Trojan/Download.Ject Detection Backdoors N/A 

1230 Policy - GATOR Software Detection Backdoors 11998 

1231 Policy - ALEXA Software Detection Backdoors N/A 

1232 Policy - BARGAINBUDDY Software Detection Backdoors 12010 

1233 Policy - HOTBAR Software Detection Backdoors N/A 

1234 Policy - EZULA Software Detection Backdoors N/A 

1235 Policy - HOTBAR Software Detection Backdoors N/A 

1236 Policy - Cydoor Topicks Sofware Detection Backdoors N/A 

1240 Trojan/Backdoor - MyDoom.M Detection Backdoors N/A 

1241 Trojan/Backdoor - BackDoor.Zincite.A Detection Backdoors 14184 

1883 Trojan/Backdoor - 4553 Detection Backdoors 11187 

1884 RemotelyAnywhere SSH Detection Backdoors 10921 

1885 RemotelyAnywhere WWW Detection Backdoors 10920 

1909 ClarkConnect Linux clarkconnectd Information Disclosure Backdoors 11277 

1910 Trojan/Backdoor - DeepThroat Detection Backdoors 10053 

1911 Trojan/Backdoor - NetSphere Detection Backdoors 10005 

1912 Trojan/Backdoor - GateCrasher Detection Backdoors 10093 

1913 Trojan/Backdoor - Portal of Doom Detection Backdoors 10186 

1914 Trojan/Backdoor - GirlFriend Detection Backdoors 10094 

1915 Trojan/Backdoor - EvilFTP Detection Backdoors N/A 

1916 Trojan/Backdoor - Phase Zero Detection Backdoors N/A 

1917 Trojan/Backdoor - SubSeven Detection Backdoors 10409 

Family Backdoors 4


1918 Trojan/Backdoor - SyGate Detection Backdoors 10274 

1919 SETI@HOME Client Detection Backdoors N/A 

1920 WinGate Telnet Proxy Server Detection Backdoors N/A 

1921 GnoCatan Remote Overflow Backdoors 11736 

2045 GoToMyPC Detection Backdoors N/A 

2542 Tor Tunnel Detection Backdoors N/A 

2815 Hydrogen Server Detection Backdoors 18039 

3117 Generic Botnet Client Detection Backdoors N/A 

3164 Zotob Worm Infection Backdoors 19429 

3804 SQLYog MySQL HTTP Tunnel Detection Backdoors N/A 

4334 Malicious Website - JavaScript Files Linked on Web Site Backdoors 29871 


4401 Generic Botnet Server Detection Backdoors N/A 


4441 Generic Botnet Server Detection Backdoors N/A 

4470 Malicious Website - Embedded Iframe Detection Backdoors N/A 

4471 Malware Payload Code Detection Backdoors 31854 

4476 Trojan Horse Client Detection Backdoors N/A 






4487 Malicious Website - Embedded Javascript Detection Backdoors N/A 

4500 Possible Keylogger Software Installation Detection Backdoors N/A 

4520 Possible Keylogger software installation detection Backdoors N/A 

4657 Dns2TCP Service Detection Backdoors N/A 

4977 Trojan/Backdoor Detection - Conficker Detection Backdoors 36036 

4978 Trojan/Backdoor Detection - Conficker Detection Backdoors 36036 

5357 Trojan/Backdoor - Arugizer Detection Backdoors 45006 

5526 Trojan/Backdoor - Storm/Pecoan.AG Worm Detection Backdoors N/A 

5549 Trojan/Backdoor - Warbot Detection Backdoors N/A 

Family Backdoors 5

5721 Stuxnet Traffic Detection Backdoors N/A 

5738 Stuxnet Infected Host Detection Backdoors N/A 

5834 SSL Revoked Certificate Detection Backdoors N/A 








5974 MetaSploit Exploited Machine Detection Backdoors N/A 

5975 MetaSploit Exploited Machine Detection Backdoors N/A 

5976 MetaSploit Server Detection Backdoors N/A 

6218 Trojan/Backdoor Detection - BACKDOOR Infector.1.x Backdoors N/A 

6219 

Trojan/Backdoor Detection - BACKDOOR 

SatansBackdoor.2.0.Beta 

Backdoors N/A 

6220 Trojan/Backdoor Detection - GateCrasher Backdoors N/A 

6221 

Trojan/Backdoor Detection - BACKDOOR Matrix 2.0 

Client 

Backdoors N/A 

6222 Trojan/Backdoor Detection - win-trin00 Backdoors N/A 

6223 Trojan/Backdoor Detection - QAZ Worm Backdoors N/A 

6224 Trojan/Backdoor Detection - Doly 2.0 Backdoors N/A 

6225 Trojan/Backdoor Detection - netbus Backdoors N/A 

6226 Trojan/Backdoor Detection - Subseven Backdoors N/A 

6227 

6228 

6229 

Trojan/Backdoor Detection - RXBOT / RBOT Exploit 

Report 

Trojan/Backdoor Detection - RXBOT / RBOT Vulnerability 

Scan 

Trojan/Backdoor Detection - Windows Command Shell as 

Service 

Backdoors N/A 

Backdoors N/A 

Backdoors N/A 

6230 Windows Command Shell as Service Backdoors N/A 

6231 SMTP Proxy Traffic Detected Backdoors N/A 

6232 


Trojan/Backdoor Detection - WinEggDrop Infected Host 

Detection 

Backdoors N/A 

6246 FTP Client Initiated from an SMTP Server Backdoors N/A 

Family Backdoors 6


6492 Flame Worm Detection Backdoors N/A 

6579 Pushdo botnet detection Backdoors N/A 

6639 Samsung / Dell Printer SNMP Backdoor Backdoors 63136 

Family Backdoors 7

Family CGI 

PVS 

ID 

PLUGIN NAME FAMILY NESSUS 

ID 

1217 SquirrelMail < 1.4.3 Multiple Vulnerabilities CGI N/A 

1528 miniPortail admin.php Cookie Manipulation Admin Access CGI 11623 

1530 Snitz Forums < 3.4.03 register.asp Email Parameter SQL Injection CGI 11621 

1532 Horde and IMP Test Script Disclosure CGI 11617 

1533 PHP Topsites counter.php Arbitrary File Overwrite CGI 11611 

1534 mod_survey < 3.0.14e / 3.0.15pre6 ENV tags SQL Injection CGI 11609 

1537 IkonBoard FUNC.pm lang Cookie Arbitrary Command Execution CGI 11605 

1539 HappyMall normal_html.cgi Remote Command Execution CGI 11603 

1540 CGI Script Path Disclosure CGI N/A 

1542 12Planet Chat Server Path Disclosure CGI 11592 

1543 12Planet Chat Server ClearText Password Remote Disclosure CGI 11591 

1548 

TrueGalerie admin.php loggedin Parameter Admin Authentication 

Bypass 

CGI 11582 

1549 album.pl < 6.2 Remote Command Execution CGI 11581 

1551 StockMan Shopping Cart < 7.9 shop.plx Command Execution CGI 11569 

1553 Coppermine Gallery < 1.1 beta 3 SQL Injection CGI N/A 

1555 Bugzilla XSS / Insecure Temporary File Names CGI 11462 

1557 OpenBB Multiple SQL Injection CGI 11550 

1558 

Nokia IPSO Voyager WebGUI readfile.tcl file Parameter Arbitrary File 

Access 

CGI 11549 

1559 bttlxeForum login.asp < 2.0 Multiple SQL Injection CGI 11548 

1562 eZ Publish site.ini Configuration Disclosure CGI 11538 

1563 Ocean12 Guestbook XSS CGI 11537 

1564 Super Guestbook superguestconfig Admin Password Disclosure CGI 11536 

1565 Instaboard index.cfm SQL Injection CGI 11532 

1567 Coppermine Gallery < 1.1 Beta 2 PHP Code Execution CGI N/A 

1569 VPOPMail vpopmail.php Remote Command Execution CGI 11397 

1578 Sambar environ.pl Default CGI Disclosure CGI N/A 

1579 Sambar testcgi.exe Default CGI Disclosure CGI N/A 

1582 Bugzilla < 2.14.5 / 2.16.2 / 2.17.3 Multiple Vulnerabilities CGI 11463 

Family CGI 8

1584 Bonsai < 1.4 Multiple Vulnerabilities CGI 11440 

1588 popper_mod < 1.2.3 Administration Authentication Bypass CGI 11334 

1589 WebWho+ whois.cgi Remote Command Execution CGI 11333 

1592 phpinfo() Function Information Disclosure CGI 11229 

1598 myPHPnuke displayCategory.php Remote Command Execution CGI 11836 

1687 ddicgi.exe Multiple Vulnerabilities CGI 11728 

2114 Mantis < 0.18.3 / 0.19.0a2 Multiple Vulnerabilities CGI 14324 

2118 Sympa < 4.1.2 wwsympa.fcgi List Master Authentication Bypass CGI N/A 

2119 Sympa < 4.1.3 List Creation Description Field XSS CGI N/A 

2128 PHP-Fusion Database Backup Information Disclosure CGI N/A 

2132 eGroupWare < 1.0.0.004 Multiple XSS CGI N/A 

2146 WebAPP < 0.9.9.2 index.cgi Directory Traversal Arbitrary File Access CGI 14365 

2149 PHP Code Snippet Library index.php XSS CGI N/A 

2166 Webmatic < 1.9.0 Multiple Vulnerabilities CGI N/A 

2187 Nagl Dictionary Module for XOOPS XSS CGI N/A 

2191 phpScheduleIt < 1.0.0 New User Registration HTML Injection CGI N/A 

2266 PSNews v1.1 index.php Multiple Parameter XSS CGI N/A 

2267 OpenCA < 0.9.1-9 Web Interface Form Input Field XSS CGI N/A 

2269 PHPGroupWare < 0.9.16.003 Wiki Module XSS CGI N/A 

2271 SAFE TEAM Regulus Staff Accounts Password Hash Disclosure CGI N/A 

2272 SAFE TEAM Regulus Customers Accounts Password Hash Disclosure CGI N/A 

2273 

2278 

2280 


SAFE TEAM Regulus Customer Statistics Connection Log Information 

Disclosure 

PerlDesk < 2 pdesk.cgi lang Parameter Traversal Server-Side Script 

Execution 

Turbo Seek < 1.7.2 tseekdir.cgi location Parameter Information 

Disclosure 

CGI N/A 

CGI N/A 

CGI N/A 

2289 SnipSnap < 1.0b1 POST Request HTTP Response Splitting CGI N/A 

2294 vBulletin authorize.php x_invoice_num Parameter SQL Injection CGI N/A 

2302 Snitz Forum < 3.4.05 HTTP Response Splitting CGI N/A 

2305 YaBB Multiple Vulnerabilities CGI N/A 

2308 Tutos Multiple Vulnerabilities CGI N/A 

2312 YaBB < Gold SP 1.3.2 Multiple Input Validation Vulnerabilities CGI N/A 

Family CGI 9

2317 Full Revolution aspWebCalendar calendar.asp SQL Injection CGI N/A 

2318 Full Revolution album.asp aspWebAlbum SQL Injection CGI N/A 

2336 Serendipity < 0.7-beta3 Multiple Vulnerabilities CGI N/A 

2352 PHP-Fusion Database Multiple Vulnerabilities CGI N/A 

2372 Bugzilla Authentication Bypass and Information Disclosure CGI 15562 

2394 Mantis < 0.19.1 Multiple Information Disclosure Vulnerabilities CGI N/A 

2398 eGroupWare < 1.0.0.006 JiNN Application Unspecified Vulnerability CGI N/A 

2401 SquirrelMail < 1.4.4 decodeHeader HTML Injection CGI N/A 

2407 miniBB < 1.7f index.php user Parameter SQL Injection CGI 15763 

2409 PowerPortal index.php index_page Parameter SQL Injection CGI 15760 

2410 


phpScheduleIt < 1.0.1 Reservation.class.php Arbitrary Reservation 

Modification 

CGI 15772 

2411 phpBB Login Form SQL Injection CGI 15780 

2414 WebGUI < 6.2.9 Unspecified Vulnerability CGI 15787 

2415 PHP-Kit < 1.6.04 Multiple Input Validation Vulnerabilities CGI 15784 

2416 phpMyAdmin Detection CGI N/A 

2417 phpMyAdmin < 2.6.0-p13 Multiple XSS CGI 15770 

2418 phpMyAdmin sql.php Traversal Arbitrary File Access CGI 11116 

2419 phpMyAdmin < 2.5.6-rc1 Traversal Arbitrary File Access (2) CGI 12041 

2420 phpMyAdmin < 2.5.2 Multiple Vulnerabilities CGI 11761 

2421 phpMyAdmin < 2.6.0-p12 Multiple Remote Command Execution CGI 11761 

2422 Invision PowerBoard < 2.0.3 SQL Injection CGI 18011 

2423 Nucleus CMS Multiple Vulnerabilities CGI 15788 

2431 Brooky CubeCart < 2.0.2 index.php cat_id Parameter SQL Injection CGI 15442 

2433 KorWeblog < 1.6.2 Remote Directory Listing CGI N/A 

2439 YaBB Shadow BBCode Tag XSS CGI 15859 

2440 Post-Nuke pnTresMailer Directory Traversal Arbitrary File Access CGI 15858 

2445 PAFileDB Multiple Information Disclosure Vulnerabilities CGI 15911 

2446 ViewCVS < 1.0-dev Multiple Unspecified Vulnerabilities CGI N/A 

2447 PHP Live! < 2.8.2 Remote Configuration File Include CGI 15928 

2451 IlohaMail < 0.8.14-RC1 Unspecified Vulnerability CGI 15935 

2452 phpMyAdmin < 2.6.1-pl1 Remote Command Execution CGI N/A 

2453 phpDig < 1.8.5 Unspecified Vulnerability CGI 15949 

Family CGI 10

2454 Citadel/UX Remote Format String CGI N/A 

2456 Serendipity < 0.7.1 compat.php searchTerm Parameter XSS CGI 15914 

2457 PHPGroupWare Multiple XSS and SQL Injection Vulnerabilities CGI N/A 

2462 Ikonboard < 3.1.3 ikonboard.cgi Multiple Parameter SQL Injection CGI N/A 

2464 JSBoard Remote Arbitrary Script Upload CGI N/A 

2465 

WordPress < 1.2.2 Multiple Vulnerabilities (XSS, HTML Injection, SQL 

Injection) 

CGI 15443 

2466 Singapore Gallery Multiple Vulnerabilities CGI 15987 

2470 CVSTrac < 1.1.5 Unspecified XSS CGI N/A 

2474 Namazu < 2.0.14 Multiple Vulnerabilities CGI 16045 

2475 2BGal SQL Injection CGI 16046 

2477 Help Center Live Multiple Vulnerabilities CGI 18296 

2478 ViewCVS < 1.0.0 HTTP Response Splitting CGI 16062 

2479 Owl < 0.74.0 Multiple Vulnerabilities CGI 16063 

2480 PHProxy index.php error Parameter XSS CGI N/A 

2483 FlatNuke < 2.5.2 Form Submission Arbitrary Script Injection CGI N/A 

2484 All Enthusiast PhotoPost PHP Pro < 4.8.6 Multiple XSS CGI N/A 

2485 MyBulletinBoard Multiple SQL Injection Vulnerabilities CGI 19525 

2486 

All Enthusiast ReviewPost PHP Pro < 2.5.2 Multiple Input Validation 

Vulnerabilities 

CGI N/A 

2487 b2evolution index.php SQL Injection CGI N/A 

2513 PHPWind Board < 2.0.2 faq.php Remote File Inclusion CGI 16122 

2522 VideoDB < 2.0.2 Multiple Vulnerabilities CGI N/A 

2523 GNU Mailman Multiple Unspecified Remote Vulnerabilities CGI N/A 

2524 BiTBOARD IMG BBCode Tag JavaScript XSS CGI N/A 

2532 Bugzilla < 2.18.0 Internal Error XSS CGI N/A 

2533 Gallery Multiple Vulnerabilities CGI 16185 

2534 

AWStats < 6.3 awstats.pl configdir Parameter Remote Command 

Execution 

CGI 16189 

2535 VBulletin Init.PHP Unspecified Remote Vulnerability CGI 16203 

2544 


CMSimple < 2.4 Beta 5 Multiple Remote Input Validation 


CGI 19693 

2545 Siteman < 1.1.11 Page User Database Privilege Escalation CGI 16216 

2546 ExBB Nested BBcode XSS CGI 16223 

Family CGI 11

2549 JSBoard < 2.0.10 session.php Arbitrary File Access CGI N/A 

2550 SquirrelMail < 1.4.4-RC1 webmail.php XSS CGI N/A 

2551 MercuryBoard < 1.1.2 Multiple Vulnerabilities CGI N/A 

2554 Comersus Default Install Script Admin Access CGI N/A 

2579 SmarterMail Attachment Upload XSS CGI 16281 

2580 XOOPS Detection CGI N/A 

2582 SquirrelMail < 1.4.4 URI Parsing Arbitrary Code Execution CGI N/A 

2592 ht://Dig config Parameter XSS CGI N/A 

2593 WWWBoard Password File Disclosure CGI N/A 

2596 BXCP < 0.2.9.8 index.php show Parameter PHP Content Disclosure CGI N/A 

2597 PerlDesk < 2 kb.cgi view Parameter SQL Injection CGI 16323 

2598 PHP-Fusion viewthread.php Arbitrary Thread Access CGI N/A 

2607 GNU Mailman < 2.1.6 Directory Traversal Arbitrary File Access CGI 16339 

2613 AWStats < 6.5 Perl Content-Parsing Code Execution CGI 19415 

2614 Sympa < 4.1.3 src/queue.c Remote Buffer Overflow CGI 16387 

2616 OpenWebmail openwebmail.pl logindomain Parameter XSS CGI N/A 

2617 Brooky CubeCart Multiple Vulnerabilities CGI N/A 

2618 ELOG < 2.5.7 Unspecified Remote Buffer Overflows CGI 16469 

2619 Siteman users.php Remote Buffer Overflow CGI 16216 

2621 Kayako eSupport Multiple XSS CGI 17598 

2626 PaNews Multiple Injection Vulnerabilities CGI 17574 

2627 MercuryBoard < 1.1.3 Multiple Vulnerabilities CGI N/A 

2628 

WebCalendar users.php user_valid_crypt Parameter < 1.0.0 SQL 

Injection 

CGI 18571 

2629 paFAQ Multiple Vulnerabilities CGI 18535 

2636 ZeroBoard Multiple Vulnerabilities CGI N/A 

2639 WebConnect Multiple Remote Vulnerabilities CGI N/A 

2641 

phpBB < 2.0.12 Path Disclosure / Unauthorized unlink() Function 

Access 

CGI N/A 

2642 vBulletin < 3.0.7 misc.php PHP Code Injection CGI N/A 

2643 PBLang Bulletin Board Multiple HTML Injection and XSS CGI 17209 

2651 


punBB < 1.2.2 Multiple SQL Injection and Authentication Bypass 


CGI N/A 

Family CGI 12

2653 Brooky CubeCart < 2.0.6 settings.inc.php XSS CGI N/A 

2658 phpBB < 2.0.13 Cookie Authentication Bypass CGI N/A 

2661 FCKeditor with PHPNuke connector.php File Upload CGI N/A 

2662 PostNuke < 0.760 RC3 Multiple Vulnerabilities CGI 17240 

2663 phpCOIN 1.2.1b Multiple Vulnerabilities CGI 17246 

2665 PHPNews < 1.2.5 auth.php path Parameter Remote File Inclusion CGI 17247 

2668 Typo3 < 1.4.2 cmw_linklist SQL Injection CGI 17272 

2673 Stadtaus Form Mail < 2.4 formmail.inc.php Remote File Inclusion CGI 17285 

2674 

phpBB < 2.0.14 Cookie Authentication Bypass and SQL Injection 


CGI 17301 

2675 phpMyFAQ < 1.6.0 SQL Injection CGI N/A 

2676 CopperExport Plugin < 0.2.1 xp_publish.php SQL Injection CGI 17306 

2678 Sun AnswerBook2 < 1.4.5 XSS CGI N/A 

2679 Aztek Forum myadmin.php Admin Authentication Bypass CGI N/A 

2682 PHP-Fusion < 5.01 BBcode IMG Tag XSS CGI N/A 

2683 XOOPS Arbitrary Avatar File Upload CGI N/A 

2685 YaBB < 2.1 YaBB.pl username Parameter XSS CGI 17305 

2686 paFileDB < 3.2 XSS and SQL Injection Vulnerabilities CGI 19505 

2687 NewsScript Content Management Admin Authentication Bypass CGI 17309 

2692 Zorum < 3.6.0 Multiple Vulnerabilities CGI 17312 

2693 Active WebCam < 5.6 Multiple Vulnerabilities CGI 17315 

2694 PhotoPost Multiple Vulnerabilities CGI 17314 

2699 UBB.threads < 6.5.1.1 editpost.php SQL Injection CGI 18098 

2702 PHP-Nuke paBox Module Hidden Parameter XSS CGI 17336 

2706 SimpGB < 1.35.2 guestbook.php quote Parameter SQL Injection CGI 17328 

2707 Cricket Network Monitor Detection CGI N/A 

2711 phpPGAds/phpAdNew < 2.0.5 adframe.php refresh Parameter XSS CGI N/A 

2715 


punBB < 1.2.5 Multiple SQL Injection and Authentication Bypass 


CGI 17363 

2719 NTOP Network Tool Detection CGI N/A 

2720 NTOP Multiple Vulnerabilities CGI N/A 

2723 RunCMS highlight.php Information Disclosure CGI N/A 

2725 CoolForum SQL and XSS Vulnerabilities CGI 17597 

Family CGI 13

2726 PHP-Fusion < 5.0.2 setuser.php HTML Injection Vulnerability CGI N/A 

2731 Novell GroupWise WebAccess Detection CGI N/A 

2732 Novell NetWare Management Portal Information Disclosure CGI N/A 

2734 Policy - TeamSpeak Online Gaming VoIP Server Detection CGI N/A 

2735 UserMin Remote Access Detection CGI N/A 

2736 WebSTAR Mail Detection CGI N/A 

2737 WebSTAR Mail < 5.4.0 Multiple Vulnerabilities CGI N/A 

2742 Endymion MailMan Detection CGI N/A 

2743 Network Query Tool Detection CGI N/A 

2745 


Vortex Portal Content Management System Multiple Remote File 

Inclusion 

CGI N/A 

2747 XMB Forum < 1.9.8 SQL Injection and XSS Vulnerabilities CGI 17608 

2748 phpSysInfo < 2.5 Multiple Script XSS CGI 17610 

2774 phpMyDirectory < 10.1.6 review.php Multiple Parameter XSS CGI 17634 

2776 Ublog < 1.0.5 login.asp msg Parameter XSS CGI N/A 

2778 PhotoPost < 5.02 RC3 Multiple Content-parsing Vulnerabilities CGI 17649 

2779 Horde < 3.0.4 Parent Page Title XSS CGI 17650 

2780 MailReader < 2.3.36 network.cgi MIME Message XSS CGI 17657 

2783 MaxWebPortal < 1.36 XSS and SQL Injection Vulnerabilities CGI N/A 

2787 phpMyAdmin < 2.6.2 RC1 Remote Command Execution CGI 17689 

2796 Comersus Cart Username Field HTML Injection CGI 17983 

2797 Comersus Cart Detection CGI N/A 

2798 RunCMS fileupload.php Arbitrary File Upload CGI 17987 

2799 Active Auction House Multiple Vulnerabilities CGI 17989 

2801 Brooky CubeCart < 2.0.7 Multiple Script SQL Injection CGI 17999 

2807 punBB < 1.2.5 profile.php SQL Injection CGI 18005 

2808 PostNuke < 0.760 RC4 Multiple XSS and SQL Injection Vulnerabilities CGI 18360 

2809 Citrix MetaFrame Server Detection CGI N/A 

2812 ModernBill < 4.3.3 Multiple Vulnerabilities CGI 18008 

2816 XAMPP < 1.4.14 Default Installation Multiple HTML Injection CGI 18037 

2819 EGroupWare < 1.0.0.007 Attachment Information Disclosure CGI 15719 

2820 PHPBB2 < 2.0.14 Multiple Vulnerabilities CGI 18573 

2821 PHP Photo Album < 2.0.14 Multiple Vulnerabilities CGI N/A 

Family CGI 14

2826 Serendipity < 0.72 exit.php Multiple Parameter SQL Injection CGI 18155 

2827 SPHPBlog search.php q Parameter XSS CGI 18048 

2828 

IlohaMail < 0.8.14-RC3 read_message.php Multiple Field HTML 

Injection 

CGI 18050 

2837 mvnForum < 1.0 RC4_03 Search Parameter XSS CGI 18359 

2839 Coppermine Gallery < 1.3.3 init.inc.php HTML Injection CGI N/A 

2843 Info2WWW < 1.2.2.9-23 Argument XSS CGI 18086 

2846 Coppermine Gallery SQL Injection CGI 18101 

2848 Woltlab Burning Board XSS / SQL Injection Vulnerabilities CGI 18251 

2849 phpBB < 2.0.15 admin_forums.php XSS CGI 18124 

2850 Horde Vacation < 2.2.2 Parent Frame Page Title XSS CGI N/A 

2851 Horde MNemo < 1.1.4 Parent Frame Page Title XSS CGI N/A 

2852 Horde Nag < 1.1.3 Parent Frame Page Title XSS CGI 18136 

2853 Horde Chora < 1.2.3 Parent Frame Page Title XSS CGI 18131 

2854 Horde Accounts < 2.1.2 Parent Frame Page Title XSS CGI N/A 

2855 Horde Forwards < 2.2.2 Parent Frame Page Title XSS CGI N/A 

2856 Horde Imp < 3.2.8 Parent Frame Page Title XSS CGI N/A 

2857 Horde Turba < 1.2.5 Parent Frame Page Title XSS CGI 18138 

2858 Horde Kronolith Multiple XSS CGI N/A 

2859 Yappa-NG < 2.3.2 Multiple vulnerabilities CGI N/A 

2864 PHP-Calendar < 0.10.3 includes/search.php SQL Injection CGI N/A 

2865 Claroline Multiple Remote Vulnerabilities CGI 18165 

2867 PHPCoin < 1.2.2 2005-12-13 Multiple Script SQL Injection CGI 18166 

2871 JGS-Portal < 3.0.2 jgs_portal.php id Parameter SQL Injection CGI N/A 

2874 MaxWebPortal < 1.3.5 Multiple SQL Injection CGI N/A 

2875 


Open Webmail < 2.51 20050430 Shell Escape Arbitrary Command 

Execution 

CGI 18190 

2879 Invision Board Multiple XSS and SQL Injection CGI 18201 

2885 WebStar Mail < 5.4.1 Tomcat Plugin Remote Overflow CGI N/A 

2886 PHP Advanced Transfer Manager < 1.22 Arbitrary File Upload CGI 18207 

2897 BoastMachine < 3.1 users.inc.php Arbitrary File Upload CGI 18247 

2898 MaxWebPortal < 1.360 Multiple Vulnerabilities CGI 18248 

2900 Bugzilla < 2.19.3 Information Disclosure CGI 18245 

Family CGI 15

2903 

PhotoPost PHP Pro < 5.02 RC4 member.php uid Parameter SQL 

Injection 

CGI N/A 

2917 JGS-Portal < 3.03 Multiple Scripts SQL Injection CGI 18289 

2918 WordPress < 1.5.1.2 SQL Injection and XSS CGI 18301 

2920 Serendipity < 0.80 RC7 Multiple Vulnerabilities CGI 18298 

2933 

PHP Advanced Transfer Manager < 1.22 File Upload Arbitrary 

Command Execution 

CGI 18207 

2937 MaxWebPortal password.asp memKey Parameter SQL Injection CGI 18370 

2942 Invision Board < 2.0.5 Privilege Escalation / SQL Injection CGI 18401 

2944 Exhibit Engine < 1.5 RC 5 list.php Multiple Parameter SQL Injection CGI 18416 

3016 SquirrelMail < 1.4.5 Multiple Vulnerabilities CGI 18504 

3017 Ultimate PHP Board < 1.9.7 Multiple XSS CGI N/A 

3024 MercuryBoard User-Agent HTTP Header SQL Injection CGI 18541 

3025 Raxnet Cacti Detection CGI N/A 

3026 i-Gallery Traversal File Access / XSS CGI 18539 

3028 Simple Machines Forum < 1.0.5 SQL Injection CGI 18553 

3032 UBB.threads < 6.5.2 Beta 2 XSS / SQL Injection CGI N/A 

3037 PHP-Fusion < 6.00.106 submit.php Multiple Parameter HTML Injection CGI N/A 

3038 phpBB < 2.0.16 viewtopic.php Arbitrary Code Execution CGI 18589 

3041 Xoops < 2.0.12 Multiple XSS / SQL Injection CGI 18614 

3046 osTicket < 1.3.1 Multiple Vulnerabilities CGI 18612 

3047 PHPNews < 1.2.6 news.php prevnext Parameter SQL Injection CGI 18621 

3049 

phpPgAdmin < 3.5.4 index.php formLanguage Parameter Traversal 

Arbitrary File Access 

CGI N/A 

3050 Geeklog < 1.3.12 comment.php order Parameter SQL Injection CGI N/A 

3051 phpBB < 2.0.17 Nested BBCode URL Tags XSS CGI 18626 

3053 Drupal Public Comment PHP Code Injection CGI N/A 

3054 Comersus Cart < CGI 18643 

3055 PHPAUCTION Multiple Vulnerabilities CGI N/A 

3056 


Jinzora < 2.1 Multiple Scripts include_path Parameter Remote File 

Inclusion 

CGI 18653 

3058 punBB < 1.2.6 profile.php $temp Parameter SQL Injection CGI N/A 

3060 Bugzilla < 2.18.2 / 2.20rc1 Multiple Vulnerabilities CGI 18654 

3061 PPA functions.inc.php ppa_root_path Parameter Remote File Inclusion CGI N/A 

Family CGI 16

3086 VP-ASP Multiple Script SQL Injection (2) CGI 19229 

3087 GroupWise WebAccess < 6.5 SP5 EMail IMG SRC XSS CGI 19228 

3100 PHP-Fusion < 6.00.107 Multiple Vulnerabilities CGI 19311 

3103 CMSimple < 2.5 Beta 3 Search Function XSS CGI N/A 

3104 PHPNews < 1.3.0 auth.php Multiple Field SQL Injection CGI N/A 

3109 Hobbit Monitor < 4.1.0 Remote DoS CGI N/A 

3110 FtpLocate Multiple Scripts fsite Parameter Remote File Inclusion CGI 19300 

3111 

Atomic Photo Album apa_phpinclude.inc.php apa_module_basedir 

Parameter Remote File Inclusion 

CGI 19299 

3157 FlatNuke < 2.5.6 Multiple XSS CGI N/A 

3162 WordPress < 1.5.1.4 cache_lastpostdate Parameter PHP Code Injection CGI 19414 

3163 phpBB < 2.0.20 Multiple Vulnerabilities CGI N/A 

3167 Discuz File Extension Validation Weakness Arbitrary File Upload CGI N/A 

3168 Dada Mail < 2.10 alpha 1 Archived Message XSS CGI N/A 

3169 

phpPGAds/phpAdNew < 2.0.6 lib-view-direct.inc.php clientid Parameter 

SQL Injection 

CGI N/A 

3173 Mantis < 0.19.3 Multiple Injection Vulnerabilities CGI N/A 

3175 Woltlab Burning Board modcp.php Multiple Parameter SQL Injection CGI N/A 

3178 Coppermine Gallery < 1.3.4 displayimage.php HTML Injection CGI N/A 

3179 PHP-Kit Multiple SQL Injection Vulnerabilities CGI N/A 

3180 RunCMS Multiple SQL Injection Vulnerabilities CGI N/A 

3182 


WebCalendar < 1.0.1 send_reminders.php includedir Parameter Remote 

File Inclusion 

CGI 19502 

3184 Simple PHP Blog (SPHPBlog) < CGI 19516 

3185 Gallery < 1.5.3-RC3 EXIF Data XSS CGI 19512 

3186 YaPiG EXIF Data Script Injection CGI 19515 

3187 PhotoPost < 5.11 PHP Pro EXIF Data XSS CGI 19513 

3193 phpMyAdmin < 2.6.4-RC1 Multiple XSS CGI 19519 

3194 PHP-Fusion < 6.00.11 Multiple Vulnerabilities CGI N/A 

3195 phpLDAPadmin < 0.9.6c Anonymous Bind Security Bypass CGI 19546 

3198 Simple Machines Forum < 1.0.7 Code Injection CGI N/A 

3202 PHPGroupWare < 0.9.16.007 Main Screen Message Script Injection CGI N/A 

3204 PBLang Bulletin Board < 4.66z Multiple Vulnerabilities CGI N/A 

Family CGI 17

3208 HP OpenView Network Node Manager (NNM) Detection CGI N/A 

3209 Land Down Under < 802 events.php SQL Injection CGI 19603 

3216 PBLang Multiple Vulnerabilities CGI 19594 

3220 punBB < 1.2.7 Multiple SQL Injection Vulnerabilities CGI N/A 

3223 Twiki rev Parameter Arbitrary Shell Command Execution CGI N/A 

3231 vBulletin < 3.0.10 Multiple Vulnerabilities CGI 19760 

3234 PHP Advanced Transfer Manager < CGI 19768 

3235 PunBB < 1.2.8 Multiple Vulnerabilities CGI 19775 

3237 Movable Type < 3.20 Multiple Vulnerabilities CGI N/A 

3241 Interchange < 5.2.1 Multiple Injection Vulnerabilities CGI N/A 

3242 SEO-Board < 1.03 admin.php user_pass_sha1 Cookie SQL Injection CGI N/A 

3244 Brooky CubeCart < 3.0.4 Multiple XSS CGI N/A 

3245 PHP-Fusion < 6.00.110 Multiple SQL Injection Vulnerabilities CGI N/A 

3246 lucidCMS Login Form Field SQL Injection CGI N/A 

3248 IceWarp Web Mail Multiple Vulnerabilities CGI 19782 

3252 


PHPMyAdmin Multiple Script usesubform Parameter Remote File 

Inclusion 

CGI 19950 

3253 WebGUI < 6.7.6 Unspecified Code Execution CGI N/A 

3259 Gallery < 2.0.1 main.php Directory Traversal Arbitrary File Access CGI N/A 

3260 PunBB < 1.2.9 search.php old_searches Parameter SQL Injection CGI 20013 

3264 Splatt Forums < 4.0 Unspecified Authentication Bypass CGI N/A 

3265 FlatNuke < 2.5.7 index.php Traversal File Inclusion CGI N/A 

3266 Nuked Klan Multiple Modules SQL Injection CGI N/A 

3267 PHP-Fusion < 6.00.205 HTML Injection CGI N/A 

3269 Flyspray Multiple Vulnerabilities CGI N/A 

3271 Snitz Forum < 3.4.0.06 XSS CGI N/A 

3272 NTOP < 3.2 ntop.init Temporary File Symlink Arbitrary File Overwrite CGI N/A 

3276 XMB Forum < 1.9.8 SP2 SQL Injection CGI N/A 

3278 Simple PHP Blog < CGI N/A 

3288 IPCop Web Interface Detection CGI N/A 

3289 PHPSysInfo < 2.4.0 Multiple Vulnerabilities CGI N/A 

3290 phpWebThings download.php file Parameter SQL Injection CGI N/A 

3293 Xoops < 2.2.4 Multiple Vulnerabilities CGI N/A 

Family CGI 18

3303 WebCalendar < 1.0.2 Multiple Vulnerabilities CGI 20250 

3304 Gallery Unspecified Remote Vulnerabilities CGI N/A 

3305 Xaraya Directory Traversal Arbitrary File/Directory Manipulation CGI N/A 

3319 PHPMyAdmin < 2.7.0 pl1 Global Variable Overwrite CGI N/A 

3323 

Contenido < 4.6.4 class.inuse.php Multiple Parameter Remote File 

Inclusion 

CGI N/A 

3324 Lyris List Manager < CGI N/A 

3327 Blackboard Academic Suite < 7.0 Multiple Vulnerabilities CGI N/A 

3328 PHP Support Tickets < 2.1 index.php Multiple Field SQL Injection CGI N/A 

3333 

PhpGedView PGV_BASE_DIRECTORY Parameter Remote File 

Inclusion 

CGI 20339 

3335 Mantis < 0.19.5 Multiple Unspecified Vulnerabilities CGI N/A 

3336 MIMESweeper Detection CGI N/A 

3337 Cerberus Help Desk < 2.7.0 Multiple Vulnerabilities CGI N/A 

3338 MyBulletinBoard < 1.01 function_upload.php SQL Injection CGI N/A 

3339 

Web Wiz Multiple Products check_user.asp txtUserName Parameter 

SQL Injection 

CGI N/A 

3340 IBM AIX WebSM Detection CGI N/A 

3341 IBM AIX WebSM getCommand.new Local Traversal Vulnerability CGI N/A 

3379 ELOG < 2.6.2 Multiple Vulnerabilities CGI 20750 

3391 PmWiki < CGI N/A 

3397 


Invision Power Board Dragoran Forum < 1.4 index.php site Parameter 

SQL Injection 

CGI N/A 

3417 MyBulletinBoard < 1.04 SQL Injection CGI N/A 

3423 RunCMS < 1.3a3 Arbitrary File Upload CGI N/A 

3426 LinPHA < CGI 20892 

3427 WebGUI < 6.8.6 'Anonymous' Account Creation CGI N/A 

3433 dotProject < 2.0.2 Multiple Script Remote File Inclusion CGI 20925 

3435 WordPress < 2.0.1 Arbitrary Script Injection CGI N/A 

3436 Coppermine Gallery < 1.4.4 Script Injection CGI N/A 

3439 Bugzilla Whinedays SQL Injection CGI N/A 

3441 SquirrelMail < 1.4.7 Multiple Vulnerabilities CGI 20970 

3446 Brooky CubeCart < 3.0.7 connector.php Arbitrary File Upload CGI N/A 

3452 Woltlab Burning Board < 2.7.1 Multiple Script SQL Injection CGI N/A 

Family CGI 19

3454 vBulletin < 3.5.4 HTML Injection CGI N/A 

3457 

Gallery < 2.0.3 GalleryUtilities.class X_FORWARDED_FOR HTTP 

Header XSS 

CGI N/A 

3462 Invision Power Board showtopic.php st Parameter SQL Injection CGI N/A 

3464 

Geeklog lib-sessions.php Session Cookie Handling Administrative 

Bypass 

CGI N/A 

3465 Owl Intranet Engine xrms_file_root Parameter Remote File Inclusion CGI 21025 

3472 

Gallery < 2.0.4 Watermark Function stepOrder Parameter Local File 

Inclusion 

CGI 21040 

3476 Simple PHP Blog < 0.4.7.2 install05.php Local File Inclusion CGI N/A 

3477 Horde < 3.1 go.php url Parameter File Disclosure CGI 21081 

3479 PHP iCalendar Local File Inclusion CGI 17129 

3488 phpPGAds/phpAdNew < 2.0.8 Multiple Injection Vulnerabilities CGI N/A 

3489 GreyMatter gm-upload.cgi Arbitrary File Upload CGI N/A 

3490 Horde < 3.1.1 Help Viewer Code Execution CGI 21164 

3492 OneOrZero Helpdesk < 1.6.5.3 index.php id Parameter SQL Injection CGI N/A 

3500 Policy - Virtual War Gaming Server Detection CGI N/A 

3501 BASE < 1.2.4 base_maintenance Authentication Bypass CGI 21174 

3507 GNU Mailman < 2.1.8 Multiple Vulnerabilities CGI N/A 

3517 Sysinfo Detection CGI N/A 

3518 Serendipity < CGI N/A 

3519 MyBB < 1.1.1 Multiple Script Variable Overwrite CGI 21239 

3520 


Coppermine Photo Gallery < 1.4.5 index.php file Parameter Local File 

Inclusion 

CGI 21240 

3521 Help Center Live < 2.1.0 osTicket Multiple SQL Injection CGI N/A 

3526 Limbo CMS < CGI N/A 

3528 sBLOG < CGI 21313 

3530 CGI:IRC Server Detection CGI N/A 

3536 AWStats < 6.6 migrate Variable Command Execution CGI N/A 

3558 Nagios Detection CGI N/A 

3560 PHP-Fusion < 6.00.307 Local File Inclusion CGI N/A 

3561 MyBB < CGI N/A 

3622 PHP-Fusion < 6.00.308 SQL Injection CGI N/A 

3626 FCKeditor with PHPNuke < 2.3 Beta upload.php Arbitrary File Upload CGI 21573 

Family CGI 20

3629 

XOOPS < 2.0.9.4 include/common.php nocommon Parameter Local File 

Inclusion 

CGI 21581 

3631 Woltlab Burning Board < 2.3.5 links.php cat Parameter SQL Injection CGI N/A 

3633 

Nucleus CMS < 3.23 PLUGINADMIN.php DIR_LIBS Parameter 

Remote File Inclusion 

CGI 21596 

3635 Geeklog < 1.4.0sr3 Multiple Injection Vulnerabilities CGI N/A 

3639 SquirrelMail < 1.4.8 Local File Inclusion CGI N/A 

3641 BASE < 1.2.5 BASE_path Parameter Remote File Inclusion CGI 21611 

3647 WordPress < 2.0.3 Arbitrary Code Injection CGI N/A 

3649 MyBB < 1.1.3 Multiple Vulnerabilities CGI N/A 

3654 Calendarix < CGI N/A 

3657 TWiki Privilege Escalation CGI N/A 

3663 MyBB < 1.1.4 SQL Injection CGI N/A 

3668 BlueDragon < CGI N/A 

3669 YaBB SE < CGI N/A 

3674 WordPress < 2.0.4 SQL Injection / Cross-site Scripting (XSS) CGI N/A 

3677 Geeklog FCKeditor < 1.4.0sr4 Arbitrary File Upload CGI 21780 

3678 phpFormGenerator Arbitrary File Upload CGI 21918 

3684 SimpleBoard sbp Parameter Remote File Inclusion CGI 22023 

3687 

Mambo / Joomla Component / Module mosConfig_absolute_path 


CGI 22049 

3688 IceWarp < 5.6.1 lang_settings Parameter Remote File Inclusion CGI 22079 

3689 MyBB < 1.1.6 HTTP Header CLIENT-IP Field SQL Injection CGI 22055 

3691 X7 Chat Server Detection CGI N/A 

3693 OpenCms < 6.2.2 Authentication Bypass CGI N/A 

3696 Help Center Live < CGI N/A 

3699 

Hobbit Monitor < 4.1.2p2 config Command Traversal Arbitrary File 

Access 

CGI N/A 

3729 Owl Intranet Engine < 0.91 Multiple Vulnerabilities CGI 22232 

3735 


phpCOIN < 1.2.4 Multiple Script _CCFG[_PKG_PATH_INCL] 


CGI N/A 

3736 CubeCart < 3.0.13 Multiple Vulnerabilities CGI 22296 

3737 Mailman < 2.1.9rc1 Spoofed Log Entry Injection CGI 22307 

3739 HP OpenView BBC Service Detection CGI 22318 

Family CGI 21

3753 

SAP Internet Transaction Server < 6.20 Patch 18 wgate urlmime 

Parameter XSS 

CGI 22465 

3756 phpMyAdmin < 2.9.1 RC1 Multiple Vulnerabilities CGI N/A 

3788 ZABBIX Multiple Overflows CGI N/A 

3793 

Blueshoes GoogleSearch.php APP[path][lib] Parameter Remote File 

Inclusion 

CGI N/A 

3797 Cerberus Helpdesk rpc.php Information Disclosure CGI 22876 

3801 Web Wiz Forums forum/search.asp KW Parameter SQL Injection CGI N/A 

3803 WordPress < 2.0.5 Multiple Vulnerabilities CGI N/A 

3827 Policy - .mp3 / .mp4 File Detection CGI 11419 

3828 Policy - .wav File Detection CGI 11419 

3835 Serendipity serendipity[charset] Parameter Local File Inclusion CGI 23752 

3839 Policy - .ogg File Detection CGI 11419 

3840 Policy - .wma File Detection CGI 11419 

3845 ThinClientServer < 4.0.2248 Admin Account Creation CGI 23780 

3847 Policy - .avi File Detection CGI 11419 

3848 Policy - .mpg File Detection CGI 11419 

3862 


JBoss JMX Console DeploymentFileRepository Directory Traversal File 

Manipulation 

CGI 23843 

3865 Policy - .divx File Detection CGI N/A 

3869 vBulletin < 3.6.5 .swf ActionScript XSS CGI N/A 

3872 Ultimate PHP Board chat/login.php username Parameter Script Injection CGI N/A 

3873 WordPress < 2.0.6 template.php file Parameter HTML Injection CGI N/A 

3874 phpBB < 2.0.22 Multiple Vulnerabilities CGI N/A 

3880 phpMyFAQ < 1.6.8 Multiple Vulnerabilities CGI N/A 

3881 WordPress < CGI N/A 

3882 PHPMyAdmin < 2.9.2 rc2 Multiple Vulnerabilities CGI N/A 

3888 Burning Board search.php boardids Parameter SQL Injection CGI 24223 

3890 WordPress < 2.1 Pingback Information Disclosure CGI 24237 

3894 Movable Type' Blog < 3.34 XSS CGI N/A 

3896 CVSTrac < 2.0.1 Text Output Formatter DoS CGI 24263 

3897 WebGUI < 7.3.8 www_purgeList Method Asset Deletion CGI N/A 

3900 Geeklog < CGI N/A 

Family CGI 22

3923 WebAPP < 0.9.9.6 Multiple Vulnerabilities CGI N/A 

3933 WordPress < 2.1.2 Backdoor Vulnerability CGI 24759 

3950 Horde < 3.1.4 NLS.php new_lang Parameter XSS CGI 24817 

3959 

WordPress < 2.1.3 xmlrpc.php mt.setPostCategories Method SQL 

Injection 

CGI N/A 

3967 XAMPP adodb.php mssql_connect Function Overflow CGI N/A 

3971 

GroupWise < 7.0.0 SP2 WebAccess GWINTER.exe Base64 Decoding 

Overflow 

CGI N/A 

3983 RunCMS < 1.5.2 Build 20070504 SQL Injection CGI N/A 

3984 Cubecart < 3.0.16 HTTP Response Splitting CGI N/A 

3994 vBulletin < 3.6.7 calendar.php title Parameter Persistent HTML Injection CGI N/A 

3995 

WordPress < 2.1.4 wp-admin/admin-ajax.php cookie Parameter SQL 

Injection 

CGI N/A 

4002 Cubecart < 3.0.17 cart.inc.php Multiple Parameter SQL Injection CGI N/A 

4035 WebGUI < 7.3.14 viewList() Function Authentication Bypass CGI N/A 

4076 BASE < 1.3.8 Redirect Authentication Bypass CGI N/A 

4078 PBLang < CGI 25444 

4087 Invision Power Board < CGI N/A 

4097 YaBB SE < CGI N/A 

4101 

Simple Machines Forum < 1.1.3 PHPSESSIONID Cookie Session 

Hijacking 

CGI N/A 

4111 FuseTalk Multiple XSS Vulnerabilities CGI 25553 

4112 FuseTalk txForumID Parameter SQL Injection CGI 25548 

4113 Calendarix < CGI 25567 

4114 WordPress < 2.2.1 _wp_attached_file Metadata Unrestricted File Upload CGI N/A 

4117 Kaspersky Anti-Spam < 3.0.0 [0274] Authentication Bypass CGI N/A 

4119 

4120 

4121 


Vulnerabilities in .NET Framework Could Allow Remote Code 

Execution (931212) 





CGI 25691 

CGI 25691 

CGI 25691 

4128 Microsoft .NET Framework Version Detection CGI N/A 

4129 Microsoft ASP.NET Version Detection CGI N/A 

4133 SquirrelMail G/PGP Encryption Plugin < CGI N/A 

Family CGI 23

4136 paFileDB includes/search.php categories Parameter SQL Injection CGI 25708 

4143 MD-Pro < 1.0.82 index.php topicid Parameter SQL Injection CGI N/A 

4149 Bandersnatch < CGI N/A 

4150 

4154 

LinPHA include/img_view.class.php < 1.3.2 order Parameter SQL 

Injection 

Kaspersky Ani-Spam < 3.0.0 [0278] File Permission Weakness Local 

Privilege Escalation 

CGI 25811 

CGI N/A 

4162 Help Center Live < 2.1.5 Admin Authentication Bypass CGI N/A 

4163 Serendipity < CGI N/A 

4191 Bugzilla Multiple Vulnerabilities CGI N/A 

4205 Gallery < 2.2.3 Information Disclosure CGI N/A 

4213 Plesk Multiple Script PLESKSESSID Cookie SQL Injection CGI N/A 

4219 Bugzilla < 3.0.2 / 3.1.2 WebService/User.pm Authentication Bypass CGI N/A 

4231 Blackboard Academic Suite < CGI N/A 

4250 RunCMS < 1.5.3 Unspecified Vulnerability CGI N/A 

4257 

4258 

Simple Machines Forum < 1.1.4 index.php SMFCookie218 Parameter 

SQL Injection 

Vanilla Forum < 1.1.4 sortcategories.php CategoryID Parameter SQL 

Injection 

CGI N/A 

CGI N/A 

4259 Simple PHP Blog < CGI N/A 

4276 Apache-SOAP Administrative Interface Detection CGI N/A 

4279 HP Radia Integration Server Version Detection CGI N/A 

4283 TestLink < 1.7.1 Authorization Mechanism Failure CGI N/A 

4295 


RunCMS include/common.php xoopsOption Parameter Local File 

Inclusion 

CGI 28291 

4304 Plumtree Version Detection CGI N/A 

4306 Snitz Forum < 3.4.0.07 active.asp BuildTime Parameter SQL Injection CGI N/A 

4315 WebGUI < 7.4.18 Secondary Admin Remote Privilege Escalation CGI N/A 

4325 Gallery < 2.2.4 Multiple Vulnerabilities CGI N/A 

4326 Mantis < 0.9.5 / 1.1.0 RC5 view.php HTML Injection CGI N/A 

4328 CMS Made Simple content_css.php templateid Parameter SQL Injection CGI 29829 

4329 Atlassian JIRA < 3.12.1 Multiple Vulnerabilities CGI 29834 

4338 Horde Imp < 4.1.6 Multiple Vulnerabilities CGI N/A 

4340 Sun Java System Identity Manager Version Detection CGI N/A 

Family CGI 24

4341 Sun Java System Identity Manager XSS CGI N/A 

4346 MyBB < 1.2.11 forumdisplay.php sortby Parameter Command Execution CGI 29996 

4348 BoastMachine < CGI N/A 

4351 

4352 

4353 

Coppermine Photo Gallery < 1.4.11 Album Password Cookie SQL 

Injection 

Citadel < 7.11 makeuserkey Function RCPT TO Command Remote 

Overflow 

MyBB < 1.2.12 private.php options[disablesmilies] Parameter SQL 

Injection 

CGI 31137 

CGI N/A 

CGI N/A 

4357 Web Wiz Forums < 9.08 Multiple Script Directory Traversals CGI N/A 

4364 WordPress < 2.3.3 XML-RPC Unauthenticated Post Modification CGI N/A 

4377 WinIPDS Version Detection CGI N/A 

4391 PunBB < 1.2.17 Password Reset Information Disclosure CGI N/A 

4397 OSSIM Version Detection CGI N/A 

4398 OSSIM < CGI 31133 

4399 ListManager < 9.3b / 9.2c / 8.95d Multiple Vulnerabilities CGI 31134 

4402 H-Sphere Multiple Unspecified Vulnerabilities CGI N/A 

4407 PHPMyAdmin < 2.11.5 SQL Injection CGI N/A 

4420 phpList < 2.10.9 Multiple Remote File Inclusion CGI N/A 

4454 Sympa < 5.4 Content-Type Header Remote DoS CGI N/A 

4455 Sympa Application Detection CGI N/A 

4463 Openfire < 3.5.0 Queue Handling Remote DoS CGI 31855 

4464 


Coppermine Photo Gallery < 1.4.18 Bridge Wizard Cookie SQL 

Injection 

CGI 31859 

4466 OTRS < 2.1.8 / 2.2.6 SOAP Interface Authentication Bypass CGI 31789 

4475 phpBB < 3.0.1 Multiple Information Disclosure Vulnerabilities CGI N/A 

4482 WordPress < CGI N/A 

4488 WordPress < 2.5.1 Crafted Cookie Authentication Bypass CGI N/A 

4489 WebGUI < 7.4.35 Data Form List View Unspecified Vulnerability CGI N/A 

4505 Cross-Domain Policy File (crossdomain.xml) Detection CGI 32318 

4506 Mantis Cross-Site Request Forgery Vulnerabilities CGI 32324 

4510 MercuryBoard < 1.1.6 SQL Injection CGI N/A 

4519 Cerberus Helpdesk < Cerberus Helpdesk 4.0 Build 603 CGI N/A 

4540 Gallery < 2.2.4 Multiple Vulnerabilities CGI N/A 

Family CGI 25

4549 ListManager words Parameter Cross-Site Scripting Vulnerability CGI 33219 

4559 WebGUI < 7.5.13 RSS Feed Authentication Bypass CGI N/A 


4574 Simple Machines Forum %lt; 1.1.4 / 1.0.12 SQL Injection CGI N/A 

4585 phpBB < 3.0.2 Multiple Information Disclosure Vulnerabilities CGI N/A 

4587 WordPress < 2.6 press-this.php XSS CGI N/A 

4597 RunCMS < 1.6.2 Multiple Script Remote File Inclusion CGI N/A 

4605 

Mantis < 1.1.2 account_prefs_update.php language Parameter Traversal 

Local File Inclusion 

CGI N/A 

4613 Coppermine Photo Gallery < 1.4.19 data Cookie Local File Inclusion CGI 33789 

4616 Novell iManager Version Detection CGI N/A 

4618 Novell iManager < 2.7 SP1 Property Book Pages Security Bypass CGI 33867 

4619 

Gallery < 1.5.8 modules.php phpEx Parameter Traversal Local File 

Inclusion 

CGI N/A 

4626 Sympa < CGI N/A 

4627 PHP Live! Helper < 2.1.0 Multiple Vulnerabilities CGI N/A 

4636 Kayako SupportSuite Version Detection CGI N/A 

4637 Kayako SupportSuite < 3.30.01 Multiple Vulnerabilities CGI 34029 

4640 Invision Power Board < CGI N/A 

4646 

Simple Machines Forum < 1.1.6 Random Number Generator Credentials 

Disclosure 

CGI N/A 

4648 WordPress < 2.6.2 Administrative Password Reset CGI N/A 

4649 Trac Version Detection CGI N/A 


4686 Invision Power Board < 2.3.6 index.php name Parameter SQL Injection CGI N/A 


4690 PHP iCalendar < 2.25 Administrative Bypass CGI N/A 

4694 Mantis < 1.1.4 HTTPS Session Cookie Secure Flag Weakness CGI N/A 

4703 


Simple Machines Forum < 1.1.7 Incomplete BBcode Block Security 

Bypass 

CGI N/A 

4728 IBM Tivoli Storage Manager Version Detection CGI N/A 

4742 Bugzilla quips.cgi Unspecified Crafted Variable Security Bypass CGI N/A 

4766 vBulletin < 3.7.4 Visitor Messages Add-on HTML Injection CGI N/A 

4767 MyBB < 1.4.4 CSRF CGI N/A 

Family CGI 26

4773 

4775 

CMS Made Simple admin/login.php cms_language Cookie Local File 

Inclusion 

WordPress wp-includes/feed.php self_link() Function Host Header RSS 

Feed XSS 

CGI 34992 

CGI 34994 

4780 Twiki < 4.2.4 Multiple Vulnerabilities CGI N/A 

4786 

4788 

PHPMyAdmin < 2.11.9.4 / 3.1.1.0 tbl_structure.php table Parameter 

SQL Injection 

Moodle < 1.9.4 filter/tex/texed.php pathname Parameter Remote 


CGI N/A 

CGI 35090 

4801 OneOrZero Helpdesk tinfo.php Arbitrary File Upload CGI 35261 

4802 SPIP Version Detection CGI N/A 

4812 Comersus Cart < 7.099 Remote Password Disclosure CGI N/A 

4813 Simple Machines Forum < 1.1.8 Password Reset Function Bypass CGI N/A 

4815 Ganglia Web Backend Version Detection CGI N/A 

4816 Ganglia Web Backend < 3.0.7 process_path Function Overflow CGI N/A 

4835 

Horde < 3.3.3 / 3.2.4 Horde_Image::factory driver Argument Local File 

Inclusion 

CGI 35554 

4847 Coppermine < 1.4.20 'img_dir' Arbitrary File Upload CGI N/A 

4921 Bugzilla < 3.2.1/3.3.2 Multiple Vulnerabilities CGI N/A 

4924 Moodle < 1.9.4 / 1.8.8 / 1.7.7 / 1.6.9 Multiple Vulnerabilities CGI N/A 

4925 Openfire < 3.6.3 Multiple Vulnerabilities CGI 35628 

4938 Novell GroupWise MTA Web Console Accessible CGI N/A 

4951 

ZABBIX < 1.6.3 Web Interface locales.php extlang[] Remote Code 

Execution 

CGI 35787 

4953 IBM Tivoli Storage Manager < 5.4.2.6 / 5.5.1.8 Overflow CGI N/A 

4954 Nucleus CMS < 3.40 Unspecified Traversal Arbitrary File Access CGI N/A 

4959 IBM Tivoli Storage Manager < 5.4.4.1 Overflow CGI N/A 

4966 Umbraco Version Detection CGI N/A 

4983 Atlassian JIRA < 3.13.3 Multiple Vulnerabilities CGI N/A 

4985 

phpMyAdmin file_path Parameter Multiple Vulnerabilities 

(PMASA-2009-1) 

CGI 36083 

4989 Policy - .divx File Detection CGI N/A 

4997 


phpMyAdmin < 3.1.3.2 Multiple Code Execution Vulnerabilities 

(PMASA-2009-4) 

CGI 36171 

4999 NTOP < CGI N/A 

Family CGI 27


5016 


IBM Tivoli Storage Manager < 5.2.5.4/5.3.6.6/5.4.2.7/5.5.2 Multiple 


CGI N/A 

5018 Openfire < 3.6.4 Arbitrary Password Manipulation CGI N/A 

5019 IceWarp Merak WebMail Server < 9.4.2 Multiple Vulnerabilities CGI N/A 

5028 Coppermine < 1.4.23 injection CGI N/A 

5033 BASE < 1.4.3 XSS CGI N/A 

5036 DocuWiki Version Detection CGI N/A 


5039 Simple Machines < 1.1.9 / 2.0.0 RC1 XSS CGI N/A 

5078 RT: Request Tracker 'ShowConfigTab' Security Bypass CGI N/A 


5086 BASE < 1.2.5 Authentication Bypass CGI N/A 


5089 MyBB < 1.4.8 Multiple XSS CGI N/A 

5090 FireStats < 1.6.2 SQL Injection Vulnerability CGI N/A 

5091 Joomla! < 1.5.12 Multiple Vulnerabilities CGI N/A 

5092 Horde Passwd Module < 3.1.1 XSS CGI N/A 

5095 Bugzilla < 3.2.4/3.4 RC1 Security-Bypass Vulnerability CGI N/A 


5097 MediaWiki 1.14.0/1.15.0 Cross-Site Scripting Vulnerability CGI N/A 


5105 Snitz Forum < 3.4.0.08 SQL Injection CGI N/A 


5120 WordPress < 2.8.3 Multiple Security Bypass Vulnerabilities CGI N/A 

5121 Bugzilla < 3.4.1 Information Disclosure CGI N/A 

5123 CMS Made Simple < 1.6.3 Local File Include Vulnerability CGI 40551 

5126 WordPress < 2.8.4 Security Bypass Vulnerability CGI 40578 

5131 ViewVC < 1.0.9 Multiple Vulnerabilities CGI N/A 

5138 Buildbot < 0.7.11p3 Multiple Cross-site Scripting Vulnerabilities CGI N/A 

5144 FlexCMS < 3.0 'CookieUsername' Parameter SQL Injection CGI 40824 


5169 Bugzilla < 3.0.9/3.2.5/3.4.2 Multiple Vulnerabilities CGI N/A 

Family CGI 28

5171 Horde < 3.3.4 / 3.3.5 Multiple Vulnerabilities CGI N/A 

5177 

Best Practical Request Tracker 'Custom Field' HTML Injection 

Vulnerability 

CGI N/A 


5180 Interchange Search Request Information Disclosure CGI 41056 

5206 

Symantec SecurityExpressions Audit and Compliance Server Multiple 

XSS 

CGI 42083 

5207 OpenCms Multiple Input Validation Vulnerabilities CGI N/A 

5208 Achievo < 1.4.0 Multiple Vulnerabilities CGI N/A 

5209 phpMyAdmin < 2.11.9.6 / 3.2.2.1 Multiple Vulnerabilities CGI N/A 

5210 MapServer < 4.10.5/5.2.3/5.4.2 Integer Overflow Vulnerability CGI 42262 

5211 BASE < 1.4.4 Multiple Vulnerabilities CGI 42264 

5233 WordPress < 2.8.6 Multiple Vulnerabilities CGI 42801 

5238 Bugzilla < 3.4.4/3.5.2 Information Disclosure Vulnerability CGI N/A 

5246 OpenX < 2.8.2 Arbitrary File Upload CGI N/A 

5248 RT: Request Tracker Session Fixation Vulnerability CGI 43006 

5249 AWStats < 6.95 awredir.pl Redirect CGI 42982 

5250 Simple Machines Forum < 1.1.11 Multiple Vulnerabilities CGI N/A 

5257 Moodle < 1.8.11 / 1.9.7 Multiple Vulnerabilities CGI N/A 

5258 TestLink < 1.8.5 Multiple Vulnerabilities CGI 43101 

5260 Invision Power Board < 3.0.5 Multiple Vulnerabilities CGI 43163 

5263 Piwik < 0.5 unserialize() PHP Code Execution Vulnerability CGI N/A 

5285 OpenX < 2.8.3 Authentication-Bypass CGI 43864 

5288 ViewVC < 1.1.3 Multiple Vulnerabilities CGI N/A 

5290 Centreon < 2.1.4 Security Bypass CGI N/A 

5291 phpLDAPadmin < 1.2 Local File Inclusion CGI 43402 

5294 Dada Mail < 4.0.2 List Membership Requirement Bypass CGI N/A 

5295 


Novell iManager < 2.7 SP3 eDirectory Plugin Buffer Overflow 

Vulnerability 

CGI N/A 

5296 Liferay Portal 'p_p_id' Parameter HTML Injection CGI N/A 

5297 Trac < 0.11.6 Multiple Vulnerabilities CGI N/A 

5301 Zope 'standard_error_message' Cross-Site Scripting Vulnerability CGI N/A 

5302 DokuWiki < DokuWiki Release 2009-12-25 Multiple Vulnerabilities CGI 44059 

Family CGI 29

5303 Sun Java System Identity Manager 8.1 Privilege Escalation Vulnerability CGI N/A 

5304 phpMyAdmin < 2.11.10 Multiple Vulnerabilities CGI 44324 

5324 HP Power Manager < 4.2.10 Multiple Vulnerabilities CGI 44109 

5329 SilverStripe < 2.3.5 Cross-site Scripting Vulnerability CGI 44332 

5330 

Symantec Altiris Notification Server 6.0 < SP3 R12 Static Encryption 

Key 

CGI 44339 

5331 Bugzilla < 3.0.11 / 3.2.6 / 3.4.5 / 3.5.3 Multiple Vulnerabilities CGI 44426 

5334 OTRS Core System Multiple Unspecified SQL Injection Vulnerabilities CGI N/A 

5344 Sawmill < 7.2.18 Unspecified Cross-Site Scripting Vulnerability CGI N/A 

5345 SilverStripe < 2.3.6 Multiple Vulnerabilities CGI 44941 

5348 Website Baker < 2.8.1 Security Bypass Vulnerability CGI N/A 

5350 Symantec IM Manager Multiple Vulnerabilities CGI 45018 

5363 eScan Anti-Virus Detection CGI N/A 

5365 eGroupWare < 1.6.003 Mutiple Vulnerabilities CGI 45023 

5488 Interchange HTTP Response Splitting Vulnerability CGI N/A 

5490 Trac < 0.11.7 Security Bypass Vulnerability CGI N/A 

5501 

ViewVC < 1.0.11 / 1.1.5 Regex Search Cross-Site Scripting 

Vulnerability 

CGI 45406 


5506 AjaXplorer < 2.6 Multiple Vulnerabilities CGI 45489 



5522 MODx < 1.0.3 Multiple Vulnerabilities CGI 46183 

5523 

Wing FTP Server < 3.4.1 Multiple Information Disclosure 


CGI N/A 

5524 Wing FTP Server < 3.4.5 HTTP Request Directory Traversal CGI N/A 

5530 CMS Made Simple < 1.7.1 Cross-Site Scripting Vulnerability CGI N/A 


5545 PHPGroupWare < 0.9.16.016 Multiple Vulnerabilities CGI N/A 

5554 Apache Axis2 < 1.5 'xsd' Parameter Directory Traversal CGI 46741 

5568 


PRTG Traffic Grapher < 6.2.1.963 / 9.2.1.964 Cross-Site Scripting 

Vulnerability 

CGI 46857 


5577 Atlassian JIRA < 4.1.2 Multiple Vulnerabilities CGI 47114 

Family CGI 30


5590 Snare for Windows < 3.1.8 Web Interface Cross-Site Request Forgery CGI N/A 

5592 WordPress WP-UserOnline plugin URL HTML Injection Vulnerability CGI N/A 

5594 Bugzilla 3.7.x < 3.7.2 Information Disclosure Vulnerability CGI 47748 

5598 CMS Made Simple < 1.8.1 Local File Include Vulnerability CGI N/A 


5611 MapServer < 5.6.4 / 4.10.6 Multiple Vulnerabilities CGI 47861 

5612 Axon Virtual PBX < 2.13 /logon Multiple Parameter XSS CGI 42475 

5618 Piwik 0.6 < 0.6.4 Remote File Include Vulnerability CGI N/A 

5619 Mantis 1.2.x < 1.2.2 Cross-Site Scripting Vulnerability CGI N/A 

5627 Bugzilla < 3.2.8 / 3.4.8 / 3.6.2 / 3.7.3 Multiple Vulnerabilities CGI 48316 


5631 Drupal Devel module < 6.x-1.22 Cross-Site Scripting Vulnerability CGI N/A 

5632 Drupal OpenID module < 5.x-1.5 Authentication Bypass Vulnerability CGI N/A 

5634 Drupal Ubercart Module < 5.x-1.10 / 6.x-2.4 Multiple Vulnerabilities CGI N/A 

5636 Drupal FileField Source Module < 6.x-1.2 Arbitrary Code Execution CGI N/A 

5643 

Drupal CCK "Node Reference" Module < 6.x-2.8 Security Bypass 

Vulnerability 

CGI N/A 

5652 phpMyAdmin 3.x < 3.3.6 Cross-Site Scripting Vulnerability CGI N/A 

5668 Nagios XI < 2009R1.3B Multiple Unspecified XSS CGI 49775 

5671 Syncrify < 2.1 Build 420 Multiple Security Bypass Vulnerabilities CGI 49659 

5676 Mantis 1.2.x < 1.2.3 Cross-Site Scripting Vulnerability CGI N/A 


5714 FreeNAS < 0.7.2 Revision 5543 Command Execution Vulnerability CGI 50510 

5716 


phpMyAdmin 2.x < 2.11.11.1 / 3.x < 3.3.8.1 Cross-Site Scripting 

Vulnerability 

CGI N/A 

5736 HP Power Manager < 4.3.2 Buffer Overflow Vulnerability CGI 51200 

5743 Piwik < 1.1.0 Multiple Vulnerabilities CGI N/A 

5744 Bugzilla < 3.2.10 / 3.4.10 / 3.6.4 Multiple Vulnerabilities CGI N/A 

5753 HP Performance Insight Detection CGI N/A 

5754 HP OpenView Performance Insight Server Backdoor Account CGI 51850 

5785 WordPress < 3.0.5 Multiple Vulnerabilities CGI 51939 

5797 phpMyAdmin 2.x < 2.11.11.3 / 3.x < 3.3.9.2 SQL Injection Vulnerability CGI N/A 

Family CGI 31

(PMASA-2011-2) 

5798 MySQL Eventum < 2.3.1 Multiple HTML Injection Vulnerabilities CGI 52054 

5859 

Liferay Portal < 5.2.3 'exportFileName' File Creation Remote Code 

Execution 

CGI N/A 

5860 Liferay Portal < 6.0.6 Multiple Vulnerabilities CGI N/A 

5878 Joomla! 1.6 < 1.6.1 Multiple Vulnerabilities CGI N/A 

5879 MyBB < 1.4.15 / 1.6 < 1.6.2 Multiple Vulnerabilities CGI 53288 

5880 LizaMoon Malware Detection CGI 29871 

5881 Joomla! 1.5 < 1.5.23 Information Disclosure Vulnerability CGI N/A 

5893 Joomla! 1.6 < 1.6.2 Multiple Vulnerabilities CGI N/A 

5905 HP Network Node Manager i (NNMi) Multiple Vulnerabilities CGI N/A 

5930 phpMyAdmin 3.3.x < 3.3.10.1 / 3.4.x < 3.4.1 Multiple Vulnerabilities CGI 55023 

5952 

Movable Type < 4.361 / 5.051 / 5.11 Multiple Unspecified 


CGI 55410 

5985 phpMyAdmin 3.3.x < 3.3.10.2 / 3.4.x < 3.4.3.1 Multiple Vulnerabilities CGI N/A 

5989 Symantec Web Gateway Detection CGI 55627 

5990 Symantec Web Gateway login.php Blind SQL Injection (SYM11-001) CGI 55628 

5991 Symantec Web Gateway forget.php Blind SQL Injection (SYM11-008) CGI 55629 

5995 phpMyAdmin 3.3.x < 3.3.10.3 / 3.4.x < 3.4.3.2 Multiple Vulnerabilities CGI N/A 

6026 phpMyAdmin 3.4.x < 3.4.5 Cross-site Scripting (PMASA-2011-14) CGI 56379 

6031 Symantec IM Manager < 8.4.18 Multiple Vulnerabilities (SYM11-012) CGI 56378 

6045 Joomla! 1.5 < 1.5.24 Information Disclosure Vulnerability CGI N/A 

6046 Joomla! 1.7 < 1.7.2 Multiple Information Disclosure Vulnerabilities CGI N/A 

6113 HP Managed Printing Administration < 2.6.4 Multiple Vulnerabilities CGI N/A 

6398 


Tivoli Provisioning Manager Express for Software Distribution Multiple 

SQL Injection Vulnerabilities 

CGI 58529 

Family CGI 32

Family Database 


ID 


ID 

1108 SQL Server Cleartext 'sa' Account NULL Password Attempted Login Database N/A 

1109 SQL Server Cleartext 'sa' Account 'sa' Password Attempted Login Database N/A 

1110 SQL Server Cleartext 'sa' Account 'password' Password Attempted Login Database N/A 

1111 

SQL Server Cleartext 'sa' Account 'administrator' Password Attempted 

Login 

Database N/A 

1112 SQL Server Cleartext 'sa' Account 'admin' Password Attempted Login Database N/A 

1113 

1114 

1115 

SQL Server Cleartext 'admin' Account 'administrator' Password 

Attempted Login 

SQL Server Cleartext 'admin' Account 'password' Password Attempted 

Login 

SQL Server Cleartext 'admin' Account 'admin' Password Attempted 

Login 

Database N/A 

Database N/A 

Database N/A 

1116 SQL Server Cleartext 'probe' Account 'probe' Password Attempted Login Database N/A 

1117 

SQL Server Cleartext 'probe' Account 'password' Password Attempted 

Login 

Database N/A 

1118 SQL Server Cleartext 'sql' Account 'sql' Password Attempted Login Database N/A 

1119 SQL Server Cleartext 'sa' Account 'sql' Password Attempted Login Database N/A 

1121 SQL Server Cleartext 'sa' Account 'NULL' Password Authentication Database 10862 

1122 SQL Server Cleartext 'sa' Account 'sa' Password Authentication Database 10862 

1123 SQL Server Cleartext 'sa' Account 'password' Password Authentication Database 10862 

1124 

SQL Server Cleartext 'sa' Account 'administrator' Password 

Authentication 

Database 10862 

1125 SQL Server Cleartext 'sa' Account 'admin' Password Authentication Database 10862 

1126 

SQL Server Cleartext 'admin' Account 'administrator' Password 



1127 SQL Server Cleartext 'admin' Account 'admin' Password Authentication Database 10862 

1128 SQL Server Cleartext 'probe' Account 'probe' Password Authentication Database 10862 

1129 

SQL Server Cleartext 'probe' Account 'password' Password 



1130 SQL Server Cleartext 'sql' Account 'sql' Password Authentication Database 10862 

1131 SQL Server Cleartext 'sa' Account 'sql' Password Authentication Database 10862 

1132 

SQL Server Cleartext 'admin' Account 'password' Password 



Family Database 33


1892 PostgreSQL < 7.2.3 Multiple Vulnerabilities Database 11456 

1893 PostgreSQL < 7.2.3 Multiple Vulnerabilities (2) Database 11456 

1900 MySQL < 3.23.56 Local Privilege Escalation Database 11378 

1908 MySQL < 3.23.55 Double Free() Overflow Database 11299 

2000 Firebird Database Detection Database N/A 

2001 Potential SQL Injection Vulnerability Detection Database 11139 



2129 MySQL Mysqlhotcopy Script Insecure Temporary File Creation Database N/A 

2131 SQL Server Detection Database N/A 

2252 IBM DB2 Multiple Vulnerabilities Database N/A 

2277 Oracle Security Alert #68 Database N/A 

2334 MySQL < 4.1.5 Bounded Parameter Overflow Database 14831 

2349 IBM DB2 < 8.2 Multiple Vulnerabilities (2) Database 15486 

2361 MySQL < 3.23.59 Multiple Vulnerabilities (2) Database 15449 

2362 MySQL < 4.0.21 Multiple Vulnerabilities (2) Database 15449 

2369 MySQL < 4.0.21 Remote FULLTEXT Search DoS Database 15477 

2370 MySQL < 4.0.21 Remote GRANT Privilege Escalation Database 15477 

2429 AppServ Open Project Remote Insecure Default Password Database N/A 

2489 Lotus Domino Default Administration Database Detection Database 10629 

2583 PostgreSQL < 8.0.1 Multiple Remote Vulnerabilities Database N/A 

2680 Oracle Database Server UTL_FILE Directory Traversal File Access Database 17654 

2696 MySQL Multiple Vulnerabilities Database 17313 

2822 Oracle Database Multiple Remote Vulnerabilities Database 18034 

2840 Oracle Database Multiple Remote Vulnerabilities Database 18034 

2876 PostgreSQL < 8.0.3 Incorrect Function Declaration Database 18202 

3158 MySQL User-Defined Function init_syms() Overflow Database 19416 

3363 PostgreSQL postmaster Connection Saturation DoS Database N/A 

3392 PostgreSQL Database Detection Database N/A 

3393 Microsoft SQL Server Database Detection Database N/A 

3394 MySQL Database Detection Database N/A 

3395 Oracle Database Detection Database N/A 

Family Database 34


3398 Oracle Database Detection Database N/A 

3527 MySQL Remote Overflow and Information Disclosure Vulnerabilities Database N/A 

3623 QuickBooks Enterprise Database Server Detection Database N/A 

3632 PostgreSQL SQL Injection Database N/A 

3652 IBM DB2 < 8.12.0 Multiple DoS Database N/A 

3697 MySQL MERGE Table Privilege Escalation Database N/A 

3698 IBM DB2 Version Detection Database N/A 

3730 Informix Database Detection (Windows) Database 22228 

3731 Informix Database Detection (Unix) Database 22228 

3798 PostgreSQL Multiple Local DoS Vulnerabilities Database N/A 

3901 PostgreSQL Multiple Vulnerabilities Database N/A 

3921 IBM DB2 Multiple Local Vulnerabilities Database N/A 

3973 PostgreSQL SECURITY DEFINER Functions Local Privilege Escalation Database N/A 

3985 MySQL < 5.0.40 IF Query NULL Dereference DoS Database 25198 

3993 MySQL < 5.1.18 Multiple Vulnerabilities Database 25242 

4115 Ingres Communications Server Detection Database 25572 


4187 Cache Database Version Detection Database N/A 

4189 Cache Database Version Detection Database N/A 

4190 Cache Database Server Redirection Vulnerability Database N/A 

4200 EnterpriseDB Advanced Server Version Detection Database N/A 

4201 EnterpriseDB Advanced Server < 8.2.4.12 Version Detection Database N/A 

4226 Firebird Database Plaintext Password Database N/A 

4227 Firebird Database Plaintext Password Database N/A 

4228 Firebird Database Version Detection Database N/A 

4229 Firebird Database < 2.0.2 Multiple Vulnerabilities Database N/A 

4230 Firebird Database Multiple Stack-based Overflows Database N/A 

4238 Firebird Database < 2.0.3.12981 'fbserver.exe' Stack Overflow Database N/A 

4239 IBM DB2 < 9 FixPak 3 / 8 FixPak 15 Multiple Vulnerabilities Database 25905 

4309 MySQL < 5.0.51 RENAME TABLE Symlink System Table Overwrite Database 29251 

4312 MySQL Enterprise Server < 5.0.52 Multiple Vulnerabilities Database 29346 

4313 MySQL Community Server < 5.1.23 / 6.0.4 Multiple Vulnerabilities Database 29345 

Family Database 35

4333 PostgreSQL Multiple Vulnerabilities Database N/A 

4336 MaxDB Version Detection Database N/A 

4337 SAP DB / MaxDB Cons Program Arbitrary Command Execution Database 29924 

4358 DB2 < 8.1 FixPak 16 Multiple Vulnerabilities Database 30153 

4416 Versant Object Database Version Detection Database N/A 

4423 Informix Dynamic Server Multiple Remote Overflows Database N/A 

4449 IBM Solid Database Version Detection Database N/A 

4450 IBM Solid Database Version Detection Database 53811 

4494 SAP MaxDB Multiple Vulnerabilities Database 32194 

4498 MySQL 4.1 < 4.1.24 MyISAM Table Privilege Check Bypass Database 32137 

4499 

MySQL Enterprise Server 5.0 < 5.0.60 MyISAM Table Privilege Check 

Bypass 


4511 Firebird Default Credentials Database 32315 

4512 Interbase/Firebird Account Detection Database N/A 

4513 Interbase Database Version Detection Database N/A 

4514 Interbase Database Remote Stack Overflow Database N/A 

4536 DB2 < 9 Fix Pack 5 Multiple Vulnerabilities Database 33128 

4584 Firebird Database < 2.1.1.17910 Multiple Vulnerabilities Database N/A 

4612 DB2 < 9.5 Fix Pack 1 Multiple Vulnerabilities Database 33763 

4615 Ingres Database Multiple Local Vulnerabilities Database N/A 

4638 DB2 < 9.5 Fix Pack 2 Multiple Vulnerabilities Database 34056 

4652 MySQL Empty Binary String DoS Database N/A 

4680 DB2 < 8 FixPak 17 Multiple Vulnerabilities Database 34195 

4721 DB2 9.1 < Fix Pack 6 Multiple Vulnerabilities Database 34475 

4743 MySQL Enterprise Server 5.0 < 5.0.70 Privilege Bypass Database 34727 

4926 Microsoft SQL Server Version Detection Database 10674 

4927 


Vulnerability in Microsoft SQL Server Could Allow Remote Code 



4946 MySQL Community Server 5.1 < 5.1.32 XPath Expression DoS Database 35766 

4957 PostgreSQL Error Message Conversion Remote DoS Database N/A 

4993 Oracle Database Version Detection Database N/A 

4994 Oracle Database Client Detection Database N/A 

4995 Oracle Database Server Detection Database N/A 

Family Database 36

5002 MySQL 6.0 < 6.0.10 XPath Expression DoS Database 36020 

5003 MySQL Community Server Version Detection Database N/A 

5006 DB2 9.1 < Fix Pack 7 Information Disclosure Database 36216 

5043 DB2 9.1 < Fix Pack 7 / 9.5 < Fix Pack 4 Multiple Vulnerabilities Database N/A 

5119 IBM DB2 Client Detection Database N/A 

5129 Microsoft SQL Client Detection Database N/A 

5135 MySQL Database Server Detection Database N/A 

5136 MySQL Database Client Detection Database N/A 

5148 Sybase SQL-Anywhere Database Server Detection Database N/A 

5149 Sybase SQL-Anywhere Database Client Detection Database N/A 

5150 Sybase SQL-Anywhere Database Server Default Credentials Database N/A 

5155 Sybase ASE (Adaptive Server Enterprise) Database Server Detection Database N/A 

5156 Sybase ASE (Adaptive Server Enterprise) Database Client Detection Database N/A 

5157 

Sybase ASE (Adaptive Server Enterprise) Database Server Default 

Credentials 

Database N/A 

5170 PostgreSQL Multiple Vulnerabilities Database 40947 

5181 Firebird Database Client Detection Database N/A 


5191 Informix Dynamic Server Long Password Remote Denial of Service Database N/A 

5215 Database Client Detection Database N/A 


5244 IBM Solid Database < 6.30.0.37 Remote Denial of Service Database 42877 

5245 IBM Solid Database < 6.30.0.37 Remote Denial of Service Database 42877 


5261 


PostgreSQL < 8.4.2/8.3.9/8.2.15/8.1.19/8.0.23/7.4.27 Multiple 


Database N/A 

5262 DB2 9.5 < Fix Pack 5 Unspecified Vulnerabilities Database 43172 

5333 MySQL 6.0 < 6.0.9 CREATE TABLE Security Bypass Database N/A 

5366 DB2 Trace Enabled Database N/A 

5367 DB2 Trace Disabled Database N/A 

5368 DB2 Suspicious Command Detection Database N/A 



Family Database 37














5383 Microsoft SQL Server Native Auditing Accessed Database N/A 

5384 Microsoft SQL Server Native Auditing Enabled Database N/A 

5385 Microsoft SQL Server Extended Procedure Detection Database N/A 

5386 Microsoft SQL Server Native Auditing Accessed Database N/A 

5387 Microsoft SQL Server Suspicious Command Detection Database N/A 
















Family Database 38



5404 MySQL Server Suspicious Command Detection Database N/A 
















5420 Oracle Server Suspicious Command Detection Database N/A 















Family Database 39












5445 Sybase ASE Server Suspicious Command Detection Database N/A 

















5462 Sybase SQL Anywhere Server Suspicious Command Detection Database N/A 





Family Database 40












5478 DB2 Audited Procedure Accessed Database N/A 

5503 CouchDB < 0.11.0 Timing Attack Vulnerability Database 45435 

5546 

PostgreSQL < 8.4.4/8.3.11/8.2.17/8.1.21/8.0.25/7.4.29 Multiple 


Database N/A 

5547 MySQL Community Server 5.1 < 5.1.46 Multiple Vulnerabilities Database 46328 

5550 Microsoft SQL client Detection (TDS) Database N/A 

5551 Microsoft SQL Server Detection (TDS) Database N/A 

5552 Database Client Detection Database N/A 


5560 MySQL Version Detection Database N/A 

5587 MySQL Community Server < 5.1.47 / 5.0.91 Multiple Vulnerabilities Database 46702 

5588 MySQL Community Server 5.1 < 5.1.48 Denial of Service Vulnerability Database 47158 

5595 Database Client Login Detection Database N/A 

5596 Database Client Login Detection Database N/A 

5599 

IBM Solid Database < 6.5 Service Pack 2 Handshake Request Username 

Field Remote Code Execution 

Database N/A 

5633 MySQL Server Failed Login Detection Database N/A 

5642 CouchDB < 0.11.2 Futon Admin Interface Cross-Site Request Forgery Database 48382 

5645 Database TDS Failed Login Detection Database N/A 

5646 

5677 


MySQL Community Server 5.1 < 5.1.49 Multiple Denial of Service 






Family Database 41

5707 MaxDB User Login Detection Database N/A 




5755 CouchDB < 1.0.2 Cross Site Scripting Issue Database 51923 

5757 PostgreSQL < 9.0.3 / 8.4.7 / 8.3.14 / 8.2.20 Code Execution Vulnerability Database N/A 


5906 

IBM Solid Database < 4.5.182 / 6.0.1069 / 6.3.49 / 6.5.0.4 Denial of 

Service Vulnerability 


5908 Oracle Database Client Traffic Detection Database N/A 

5928 




6004 Oracle Database Unsupported Version Detection Database 55786 

6099 DB2 9.7 < Fix Pack 5 Local Denial of Service Vulnerability Database 56928 

6264 

MySQL Server 5.1 < 5.1.61 / 5.5 < 5.5.20 Multiple Unspecified 



6336 PostgreSQL 8.3.x < 8.3.18 Multiple Vulnerabilities Database N/A 

6337 PostgreSQL < 9.1.3 / 9.0.7 / 8.4.11 Multiple Vulnerabilities Database N/A 

6340 


IBM Solid Database 6.5 < 6.5.0.8 Multiple Denial of Service 




6491 MySQL Server 5.5 < 5.5.22 Multiple Unspecified Vulnerabilities Database 58661 



6609 MySQL Server 5.5.x < Database 62640 



6653 MySQL Server 5.1 < 5.1.63 Multiple Vulnerabilities Database 61393 

6674 MySQL Server 5.5.x < 5.5.29 Multiple Vulnerabilities Database 63618 

6675 MySQL Server 5.1.x < 5.1.67 Multiple Vulnerabilities Database 63617 

Family Database 42


Family Database 43

Family DNS Servers 


ID 


ID 

1000 ISC BIND Version 8 Detection 

1001 ISC BIND rdataset Parameter Malformed DNS Packet DoS 

1002 ISC BIND Multiple DNS Resolver Functions Remote Overflow 


1004 ISC BIND < 8.2.3 Multiple Remote Vulnerabilities 



1007 ISC BIND < 4.9.7 Inverse-Query Remote Overflow 

DNS 

Servers 

DNS 

Servers 

DNS 

Servers 

DNS 

Servers 

DNS 

Servers 

DNS 

Servers 

DNS 

Servers 

DNS 

Servers 

1008 ISC BIND < 4.9.5 Multiple DNS Resolver Functions Remote Overflow DNS 

Servers 




1012 ISC BIND < 8.2.2-P5 Multiple Remote Vulnerabilities 

1013 ISC BIND Compressed ZXFR Name Service Query DoS 


1015 ISC BIND < 8.1.2 Inverse-Query Remote Overflow 

1016 DNS Server Detection 

1017 DNS Server Zone Transfer Allowed 

DNS 

Servers 

DNS 

Servers 

DNS 

Servers 

DNS 

Servers 

DNS 

Servers 

DNS 

Servers 

DNS 

Servers 

DNS 

Servers 

DNS 

Servers 

10028 

11051 

11318 

10728 

10605 

10605 

10886 

10728 

11510 

11152 

11152 

11152 

10029 

10549 

10028 

10728 

11002 

10595 

Family DNS Servers 44

2556 ISC BIND < 8.4.6 q_usedns Array Remote Overflow DoS 

2557 ISC BIND < 8.4.6 dnssec authvalidated Crafted Packet Remote DoS 

2771 dnsmasq < 2.21 Multiple Remote Vulnerabilities 

2936 Delegate Compressed DNS Packet Remote DoS 

3522 DeleGate < 8.11.6 Invalid DNS Response DoS 

3523 ISC BIND < 9.3.3 DNS Message Malformed TSIG Remote DoS 

3703 Recursive DNS Server Detection 

3978 

ISC BIND query.c query_addsoa Function Unspecified Recursive 

Query DoS 

4147 ISC BIND < 9.5.0a6 Multiple Vulnerabilities 

4195 ISC BIND < 8.4.7-P1 Outgoing Query Predictable DNS Query ID 

4445 SMTP Sender Policy Framework (SPF) Enabled 

4578 ISC BIND DNS Query ID Field Prediction Cache Poisoning 

4601 DNS Server Source Port 53 Query Usage 

4777 PowerDNS Version Detection 

5040 NSD packet.c Off-By-One Buffer Overflow 

5107 ISC BIND Dynamic Update Message Handling Remote DoS 

5243 BIND 9 DNSSEC Query Response Remote Cache Poisoning 

5323 


BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache 

Poisoning 

5601 BIND 9.7.1 < 9.7.1 P2 'RRSIG' Record Type Remote DoS 

DNS 

Servers 

DNS 

Servers 

DNS 

Servers 

DNS 

Servers 

DNS 

Servers 

DNS 

Servers 

DNS 

Servers 

DNS 

Servers 

DNS 

Servers 

DNS 

Servers 

DNS 

Servers 

DNS 

Servers 

DNS 

Servers 

DNS 

Servers 

DNS 

Servers 

DNS 

Servers 

DNS 

Servers 

DNS 

Servers 

DNS 

Servers 

16260 

16261 

17631 

N/A 

21293 

N/A 

10539 

25121 

N/A 

N/A 

31658 

N/A 

N/A 

N/A 

38850 

40422 

42983 

44116 

47760 

5673 BIND 9.7 < 9.7.2 P2 Multiple Vulnerabilities DNS 49777 


5718 

5803 

5909 

BIND 9.4-ESV < 9.4-ESV-R4 / 9.6.2 < 9.6.2-P3, 9.6-ESV < 

9.6-ESV-R3 / 9.7.x < 9.7.2-P3 Multiple Vulnerabilities 

BIND 9.7.1-9.7.2-P3 IXFR /DDNS Update Combinded with High 

Query Rate DoS 

Bind9 9.8.0 RRSIG Query Type Remote Denial of Service 

Vulnerability 

5933 ISC BIND 9 Large RRSIG RRsets Negative Caching Remote DoS 

5981 


ISC BIND Response Policy Zones (RPZ) DNAME / CNAME Parsing 

Remote DoS 

5982 ISC BIND 9 Unspecified Packet Processing Remote DoS 

6093 ISC BIND 9 Query.c Logging Resolver Denial of Service 

Servers 

DNS 

Servers 

DNS 

Servers 

DNS 

Servers 

DNS 

Servers 

DNS 

Servers 

DNS 

Servers 

DNS 

Servers 

50976 

52158 

53842 

54923 

55533 

55534 

56862 


Family Finger 


ID 


ID 

1276 Finger Service Detection Finger 10069 

1277 Finger Service Detection Finger 10069 

1278 cfingerd Service Detection Finger 10651 

1279 cfingerd < 1.4.4 Multiple Vulnerabilities Finger 10652 

1280 

Solaris in.fingerd Crafted Request Information 

Disclosure 

Finger 10788 

1281 FreeBSD 4.1.1 Finger Arbitrary File Access Finger 10534 

1282 in.fingerd Remote Command Execution Finger 10126 

Family Finger 47

Family FTP Servers 

PVS ID PLUGIN NAME FAMILY 

1091 Yak! FTP Server Default Credentials FTP Servers N/A 

NESSUS 

ID 

1147 Crob FTP Server Connection Saturation Remote DoS FTP Servers 12060 

1152 smallftpd Crafted RETR Command Remote Overflow DoS FTP Servers 12072 

1165 SAMI FTP Server Multiple DoS FTP Servers 12061 

1166 Xlight FTP Server < 1.53 RETR Command Remote Overflow FTP Servers 12056 

1168 

Serv-U FTP Server < 4.2 SITE CHMOD Command Handling 

Overflow 

FTP Servers 12037 

1174 TFTP Server Detection FTP Servers 11819 

1175 TYPSoft FTP Server < 1.11 Invalid Path Request DoS FTP Servers 12075 

1176 

Windows NT FTP Server (WFTP) Pro Server < 3.21 Multiple 



1208 WU-FTPD < 2.6.3 Multiple Vulnerabilities FTP Servers 12098 

1803 FTP Server Detection FTP Servers 10092 

1804 FTP Server Detection (Port 21) FTP Servers 10092 

1805 Eserv FTP Memory Leak DoS FTP Servers 11619 

1806 Novell FTP Malformed Input Remote DoS FTP Servers 11614 

1807 

WU-FTPD < 2.6.0 "SITE NEWER" Command Memory Exhaustion 

DoS 


1808 WU-FTPD < 2.6.1 "SITE EXEC" Command Overflow FTP Servers 10452 

1809 

WU-FTPD < 2.6.2 PASV Command Format String Arbitrary Code 

Execution 


1810 WU-FTPD < 2.4.3 Directory Structure Processing Overflow FTP Servers 10318 

1811 WU-FTPD < 2.6.1 Glob Command Overflow FTP Servers 11332 

1812 WS_FTP < 2.0.3 Multiple Command Long Argument Overflows FTP Servers 11094 

1813 WFTP < 2.41 RNTO Command Handling DoS FTP Servers 10466 

1814 VXWorks ftpd CEL Command Overflow DoS FTP Servers 11185 

1815 SunFTP Directory Traversal / Overflow FTP Servers 11373 

1816 WebWeaver FTP RETR Command Remote DoS FTP Servers 11584 

1817 Debian proftpd root Privilege Escalation FTP Servers 11450 

1818 ProFTPD cwd Command Format String FTP Servers 11407 

1819 HP-UX ftpd glob() Expansion STAT Command Remote Overflow FTP Servers 11372 

Family FTP Servers 48


1820 Anonymous FTP Detection (login: ftp) FTP Servers N/A 

1821 Anonymous FTP Enabled FTP Servers N/A 

1822 Anonymous FTP Detection (login: anonymous) FTP Servers N/A 

1823 Anonymous FTP Enabled FTP Servers N/A 

1824 SmallFTPD < 1.0.3 CWD Command Traversal Directory Listing FTP Servers N/A 

1825 Platinum FTP server Multiple Vulnerabilities FTP Servers 11200 

1826 NiteServer < 1.85 FTP Server Traversal Directory Listing FTP Servers 11466 

1827 AIX FTPd libc Library Remote Overflow FTP Servers 10009 

1828 bftpd < 1.0.14 chown Command Overflow FTP Servers 10579 

1829 bftpd < 1.0.13 Format String Overflow FTP Servers 10568 

1830 War FTP Daemon < 1.66x4 USER/PASS Command Overflow FTP Servers 11207 

1831 War FTP Daemon < 1.67b5 Traversal Arbitrary Directory Access FTP Servers 11206 

1832 WS_FTP < 3.1.2 SITE CPWD Buffer Overflow FTP Servers 11098 

1833 EFTP .lnk File Upload Overflow DoS FTP Servers 10928 

1834 EFTP < 2.0.8.348 File Enumeration FTP Servers 10933 

1835 FTP Server 'glob' Function Overflow FTP Servers 10648 

1836 FTP Server 'glob' Function Overflow FTP Servers 10648 

1837 Serv-U < 2.5e CWD Command Path Disclosure FTP Servers 11392 

1838 Serv-U < 2.5i CD Command Traversal Directory / File Access FTP Servers 10565 

1839 GuildFTPd Directory Traversal Arbitrary File Access FTP Servers N/A 

1840 GuildFTPd Traversal Arbitrary File Enumeration FTP Servers 10471 

1841 Microsoft IIS FTP Status Request DoS FTP Servers 10934 

1842 WarFTPd Multiple Command CPU Consumption DoS FTP Servers 10822 

1843 ProFTPd < 1.2.0pre6 mkdir Command Overflow FTP Servers 10189 

1844 ProFTPd ASCII Newline Character Overflow FTP Servers 11849 

1845 wzdftp < 0.1rc5 Mutliple DoS FTP Servers N/A 

1846 Access Point Detection via FTP Server Version FTP Servers 11026 



1849 War FTP Daemon CWD/MKD Overflow DoS FTP Servers 11205 

1850 WU-FTPD Server Detection FTP Servers N/A 

1851 Debian ProFTPD Server Detection FTP Servers N/A 


1852 War FTP Daemon Detection FTP Servers N/A 

1853 Serv-U FTP Server Detection FTP Servers N/A 

1854 


TNFTPD Multiple Signal Handler Remote Superuser Privilege 

Escalation 

FTP Servers N/A 

2115 Serv-U FTP Server Default Account FTP Servers N/A 

2188 WS_FTP Server < 5.04 Hotfix 1 Path Parsing Remote DoS FTP Servers N/A 

2189 WFTPD MLST Command Remote DoS FTP Servers N/A 

2190 Titan FTP < 3.30 CWD Remote Heap Overflow FTP Servers N/A 

2270 TYPSoft FTP Server Multiple DoS FTP Servers N/A 

2275 Serv-U FTP Server < 5.2.0.1 'STOU' Command Remote DoS FTP Servers N/A 

2279 TwinFTP < 1.0.3 R3 Server Directory Traversal File Access FTP Servers N/A 

2375 Ability FTP Server Remote Buffer Overflow FTP Servers N/A 

2377 Hummingbird Inetd FTP Server XCWD Command Remote Overflow FTP Servers N/A 

2385 ArGoSoft FTP Server < 1.4.2.2 Shortcut File Upload FTP Servers N/A 

2393 ProFTPD < 1.2.11 Remote User Enumeration FTP Servers 15484 

2395 SlimFTPd < 3.16 Multiple Command Remote Overfow FTP Servers N/A 

2436 WS_FTP Server < 5.04 Multiple Vulnerabilities (2) FTP Servers 15857 

2564 WarFTPd < 1.82.00-RC9 CWD Command Remote Overflow FTP Servers 16270 

2595 3Com 3CServer FTP Server < 2.0 Remote Overflow FTP Servers N/A 

2604 ArGoSoft FTP Server < 1.4.2.8 Shortcut File Extension Filter Bypass FTP Servers 16334 

2667 Golden FTP Server < 1.93 USER Remote Overflow FTP Servers N/A 

2684 ArGoSoft FTP Server DELE Buffer Overflow FTP Servers N/A 

2700 PlatinumFTP Server < 2.0 Remote Format String DoS FTP Servers 17321 

2738 FileZilla FTP Server < 0.9.6 Multiple DoS FTP Servers 17593 

2746 WU-FTPD FTP Server File Globbing Remote DoS FTP Servers 17602 

2802 SurgeFTP < 2.2m2 LEAK Command Remote DoS FTP Servers 18000 

2861 NetTerm FTP Server USER Command Remote Overflow FTP Servers 18142 

2877 Golden FTP < 2.53 USER Traversal File Access FTP Servers 18194 

2941 Hummingbird Inetd Multiple Remote Overflows FTP Servers 18403 

2945 CROB FTP Server Multiple Command Remote Overflow DoS FTP Servers N/A 

3040 Inframail FTP Server < 7.12 NLST Command Remote Overflow FTP Servers 18587 

3045 Golden FTP Server < 2.7.0 Multiple Vulnerabilities FTP Servers 18615 

3102 SlimFTPd < 3.17 Multiple Commands Remote Overflow FTP Servers N/A 


3113 ProFTPD < 1.3.0rc2 Multiple Format Strings FTP Servers 19302 

3118 Generic Botnet Client Detection FTP Servers N/A 

3165 Zotob Worm Infection FTP Servers 19429 

3166 Zotob Worm Infection FTP Servers 19429 

3201 SlimFTPd Multiple Command Remote Overflow DoS FTP Servers 19588 

3222 FTP Server Detection (Any Port) FTP Servers N/A 

3277 Serv-U FTP Server < 6.1.0.4 Malformed Packet Remote DoS FTP Servers N/A 

3344 WinProxy < 6.1a Multiple Vulnerabilities FTP Servers 20393 

3506 

GlobalSCAPE Secure FTP Server < 3.1.4 Build 01.10.2006 Custom 

Command Remote DoS 


3529 ArGoSoft FTP Server < 1.4.3.7 RNTO Overflow FTP Servers N/A 

3532 FileZilla FTP Server < 0.9.17 MLSD Command Overflow FTP Servers N/A 

3533 WarFTP Daemon < 1.82.00-RC11 Remote Overflow FTP Servers N/A 

3534 Gene6 FTP Server < 3.8.0.34 Multiple Command Remote Overflows FTP Servers 21324 

3535 SAMI FTP Server < FTP Servers N/A 

3733 WFTPD < FTP Servers N/A 

3799 FtpXQ FTP Server < 3.0.2 Multiple Vulnerabilities FTP Servers N/A 

3808 


WarFTP Daemon < 1.82.00-RC13 Multiple Command Remote Format 

Strings 

FTP Servers N/A 

3836 TNFTPD < 20040811 Globbing Overflow FTP Servers N/A 

3861 FileZilla Server < 0.9.22 Multiple Remote DoS FTP Servers 23831 

3902 WinProxy < 6.1 R1c HTTP CONNECT Request Overflow FTP Servers 24277 

3934 Anomalous FTP Server Detection FTP Servers N/A 

3964 FTP Server Detection FTP Servers N/A 

3970 ProFTPD < 1.3.0rc4 Multiple Modules Authentication Bypass FTP Servers N/A 

4361 WS_FTP Server < 6.1.1 Multiple Vulnerabilities FTP Servers 40771 

4624 HP-UX ftpd Remote Privileged Access Authentication Bypass FTP Servers 33899 

4629 RhinoSoft Serv-U FTP Server Version Detection FTP Servers N/A 

4630 Serv-U < 7.2.0.1 SFTP Directory Creation Logging DoS FTP Servers 33937 

4687 ProFTPD Command Truncation Cross-Site Request Forgery FTP Servers 34265 

4699 Serv-U < 7.3.0.1 Multiple Remote Vulnerabilities FTP Servers 34398 

4713 Titan FTP Server < 6.26 Build 631 SITE WHO Command DoS FTP Servers 34434 

4810 Serv-U < 7.4.0.0 Multiple Command Argument Handling DoS FTP Servers 35328 


4930 ProFTPD Username Variable Substitution SQL Injection FTP Servers 35690 

4952 FileZilla < 0.9.31 SSL/TLS Packet Overflow DoS FTP Servers N/A 

4979 Serv-U < 8.0.0.1 Multiple Vulnerabilities (DoS, Traversal) FTP Servers 36035 

4981 Xlight FTP Server Authentication SQL Injection FTP Servers 36051 

5195 Serv-U < 9.0.0.1 Multiple Vulnerabilities FTP Servers 41980 

5237 Serv-U < 9.1.0.0 TEA Decoder Remote Stack Buffer Overflow FTP Servers 42934 

5282 Serv-U < 9.2.0.1 User Directory Information Disclosure FTP Servers 43369 

5300 TurboFTP 'DELE' FTP Command Remote Buffer Overflow FTP Servers 43877 


5622 VxWorks Detection FTP Servers N/A 


5641 QNX Detection FTP Servers N/A 

5713 FileCOPA < 6.01.01 Multiple Vulnerabilities FTP Servers 50811 

5972 FTP Server Session Initiated FTP Servers N/A 

6101 


ProFTPD < 1.3.3g / 1.3.4 Response Pool Use-After-Free Code 

Execution 


6335 IBM iSeries FTP Service Detection FTP Servers N/A 


Family FTP Clients 


ID 


ID 

1195 FTP Based ZIP File Download Detection 

3375 FTP Client Detection (PORT) 

3376 FTP Client Detection (PASV) 

3377 FTP Client Detection 

3838 Kaspersky Antivirus Client Detection 

3841 

Kaspersky Antivirus Client MIME-encoded 

Scan Bypass 

5083 Last Seen FTP Client Name 

5702 SmartFTP Directory Traversal Vulnerability 

5703 SmartFTP filename Unspecified Vulnerability 

5913 FTP Client Data Leakage 









FTP 

Clients 

FTP 

Clients 

FTP 

Clients 

FTP 

Clients 

FTP 

Clients 

FTP 

Clients 

FTP 

Clients 

FTP 

Clients 

FTP 

Clients 

FTP 

Clients 

FTP 

Clients 

FTP 

Clients 

FTP 

Clients 

FTP 

Clients 

FTP 

Clients 

FTP 

Clients 

FTP 

Clients 

FTP 

Clients 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

50575 

Family FTP Clients 53 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A



5973 FTP Client Session Initiated 

6103 FTP File Upload Detection 

FTP 

Clients 

FTP 

Clients 

FTP 

Clients 

Family FTP Clients 54 

N/A 

N/A 

N/A

Family Generic 


ID 


ID 

1106 Internet Key Exchange (IKE) Server Detection Generic 11935 

1120 SNMP Version 3 Detection Generic N/A 

1137 Symantec Antivirus LiveUpdate Local Privilege Escalation Generic N/A 

1142 TrueWeather Application Detection Generic N/A 

1144 NTP Server Protocol Version 3 Detection Generic N/A 

1145 RADIUS Server Failed Login Detection Generic N/A 






1153 Windows RDP / Terminal Services Detection Generic N/A 

1154 RIP Router Version 1 Detection Generic N/A 

1155 RIP Router Version 2 Detection Generic N/A 

1162 Kerberos Version 5 Server Detection Generic 11512 

1163 MIT Kerberos 4 Multiple Vulnerabilities Generic 11511 

1164 Kerberos Version 5 Server Detection Generic 11512 

1170 PPTP Set-Link-Info - Setup of PPTP VPN Channel Detection Generic N/A 

1172 LDAP Server NULL Bind Detection Generic 10723 

1177 Zebra Routing Software Detection Generic N/A 

1178 GHOST UDP Network Client Detection Generic N/A 

1179 CVS Software Detection Generic N/A 

1180 

CVS < 1.11.10 / 1.12.3 pserver Crafted Module Request Arbitrary File / 

Directory Creation 

Generic 11947 

1181 CVS pserver CVSROOT Passwd File Arbitrary Code Execution Generic 11970 

1182 Witty Worm Detection Generic 11214 

1196 BGP Routing Protocol Open Message Detection Generic N/A 

1198 Windows Media Service Server Detection Generic N/A 

1199 BGP Keep Alive Message Detection Generic N/A 

1200 BGP Keep Alive Message Detection Generic N/A 

Family Generic 55

1202 Trojan/Backdoor - PhatBOT Detection Generic 12111 

1214 RealNetworks Helix Universal Server < 9.0.3 HTTP GET Request DoS Generic 12210 

1216 rsync < 2.6.1 Traversal Arbitrary File Creation Generic 12230 

1219 CVS < 1.11.15 / 1.12.7 Client Traversal Arbitrary File Retrieval Generic 12212 

1220 CVS < 1.11.16 / 1.12.8 pserver Line Entry Handling Remote Overflow Generic 12240 

1222 Winamp Fasttracker 2 Plug-in in_mod.dll Heap Overflow Generic N/A 

1223 Winamp b4s File Handling Multiple Malformed Fields Overflow Generic N/A 

1224 H323 Application Detection Generic 12243 

1225 Winamp Malformed File Name Handling DoS Generic N/A 

1226 Subversion (SVN) Software Detection Generic 12259 

1227 Subversion (SVN) apr_time_t Data Conversion Remote Overflow Generic 12261 

1228 Checkpoint Firewall-1 Version Detection Generic N/A 

1879 Password File Obtained by HTTP (GET) Generic N/A 

1882 VNC Detection Generic 10342 

1886 Apple Airport Administrative Port Credential Encryption Weakness Generic 11620 

1887 LeafNode < 1.9.30 Resource Exhaustion DoS Generic N/A 

1888 NNTP Server Type and Version Generic 10159 

1889 tanned < 0.7.2 Remote Format String Generic 11495 

1890 apcupsd Detection Generic N/A 

1891 apcupsd Overflow Generic 11484 

1895 McAfee ePolicy Orchestrator Remote Format String Generic 11409 

1896 rsync Detection Generic 11389 

1897 rsync < 2.5.2 Signedness Error Array Overflow Generic 11390 

1898 CVS Server Detection Generic N/A 

1899 


CVS < 1.11.5 pserver Directory Request Double Free() Privilege 

Escalation 

Generic 11385 

1901 UUCP Server Detection Generic N/A 

1902 Time Server Detection Generic N/A 

1903 Telnet Server Detection Generic N/A 

1904 Chargen Server Detection Generic N/A 

1905 Chargen Server Detection (UDP) Generic N/A 

1906 DHCP Server Detection Generic N/A 

1907 DHCP Server Multiple Vulnerabilities Generic N/A 

Family Generic 56


1922 NetBIOS Name Service Reply Information Disclosure Generic 11830 

1923 TLSv1 Negotiation Detection Generic N/A 

1924 Citrix Server Detection Generic 10942 

1925 Windows Update Traffic Detection Generic N/A 

1926 Generic Shell Detection (HP-UX Telnet) Generic N/A 

1927 Generic Shell Detection (Linux Telnet) Generic N/A 

1928 Generic Shell Detection (HP-UX High Port) Generic N/A 

1929 Generic Shell Detection (Cisco Telnet) Generic N/A 

1930 Generic Shell Detection (HP JetDirect) Generic N/A 

1931 Generic Shell Detection (HP JetDirect) Generic N/A 

1932 Generic Shell Detection (SunOS) Generic N/A 

1933 Generic Shell Detection (Windows NT Telnet) Generic N/A 

1934 Generic Shell Detection (Sys V Telnet) Generic N/A 

1935 Generic Shell Detection (Printer Telnet) Generic N/A 

1936 Generic Shell Detection (RedHat Telnet) Generic N/A 

1937 Generic Shell Detection (AXIS Telnet) Generic N/A 

1938 Generic Shell Detection (SCO Telnet) Generic N/A 

1939 Generic Shell Detection (Informix UniVerse Telnet) Generic N/A 

1940 Generic Shell Detection (AIX Telnet) Generic N/A 

1941 Generic Shell Detection (Cisco Telnet) Generic N/A 

1942 Generic Shell Detection (MESA Telnet) Generic N/A 

1943 Generic Shell Detection (Cisco Catalyst) Generic N/A 

1944 Generic Shell Detection (MV/9600) Generic N/A 

1945 Citrix MetaFrame Published Application Enumeration Generic 11138 

1946 LDAP NULL Base Connection Generic 10722 

1947 LDAP Server NULL Bind Connection Information Disclosure Generic 10723 

1948 UPNP Traffic Detection Generic 10829 

1949 LDAP Server NULL Bind Connection Information Disclosure Generic 10723 

1950 UPNP Traffic Detection Generic 10829 

1951 Speak Freely Malformed GIF Image Handling DoS Generic N/A 

1952 Winamp MIDI Plugin Track Size Overflow Generic N/A 

1953 Citrix MetaFrame Service Enumeration Generic 11138 

Family Generic 57


1954 LDAP NULL Base Connection Generic 10722 

1955 Checkpoint Firewall-1 Detection Generic N/A 








1963 Generic Shell Detection (Avaya Telnet) Generic N/A 

1964 Subversion (SVN) < 1.0.6 Module File Restriction Bypass Generic 13848 

1965 Rsync < 2.6.3 Sanitize_path Function Module Path Escaping Generic N/A 

2117 Subversion (SVN) < 1.0.3 Remote Buffer Overflow Generic 12261 

2151 Winamp < 5.05 .WSZ File Handling Remote Code Execution Generic N/A 

2155 CVS history.c File Existence Disclosure Generic 14313 

2212 Cisco VPN Concentrator HTML Interface DoS (Bug ID CSCdu15622) Generic 11288 

2258 Winamp ActiveX Control Remote Buffer Overflow Generic N/A 

2285 Mozilla Error Reporting Version Check Generic N/A 

2296 Toshiba Software Auto-Update Detection Generic N/A 

2297 RealNetwork RealPlayer Version Detection Generic N/A 

2298 Microsoft Winerr Plaintext Report Detection Generic N/A 

2313 Host DHCP Address Release Generic N/A 

2315 Subversion (SVN) Unreadable Path Metadata Information Disclosure Generic 14800 

2320 Generic Shell Detectors (Checkpoint Telnet) Generic N/A 

2321 Generic Shell Detectors (Windows 2000 Telnet) Generic N/A 

2322 Generic Shell Detectors (3COM SuperStack Telnet) Generic N/A 

2323 Identd Service Detection Generic N/A 




2353 Symantec Norton Antivirus Detection Generic N/A 

2359 Microsoft NNTP Component Remote Overflow (883935) Generic 15465 

Family Generic 58


2360 Microsoft NNTP Component Remote Overflow (883935) Generic 15465 

2368 MacOS X Application Crash Plaintext Report Generic N/A 

2426 Nullsoft Winamp < 5.0.7 IN_CDDA.dll Remote Buffer Overflow Generic N/A 

2443 Make Love Not Spam Screen Saver Detection Generic N/A 

2455 Nullsoft Winamp Large MP4 / M4A File Remote DoS Generic 15952 

2517 HylaFAX < 4.2.1 Remote Access Control Bypass Generic N/A 

2525 launch.yahoo.com Streaming Client Detection Generic N/A 

2526 Windows Media Player Version Information Generic N/A 

2541 Microsoft Anti-Spyware Detection Generic N/A 

2548 Cisco IOS Telephony SCCP Control DoS (CSCee08584) Generic 16217 

2558 Cisco IOS 12.0 IPv6 Remote DoS Generic N/A 

2559 gpsd < 2.8 gpsd_report() Function Remote Format String Generic 16265 

2560 gpsd Detection Generic N/A 

2561 Juniper Router Detection Generic N/A 

2562 Juniper Router JUNOS Remote DoS Generic N/A 

2563 Nullsoft Winamp < 5.0.8c IN_CDDA.dll Library Remote Overflow Generic 16152 

2574 ngIRCd < 0.8.2 Lists_MakeMask Function Remote Buffer Overflow Generic 16274 

2584 Cisco IDS Plaintext Telnet Service Detection Generic N/A 

2585 Newspost < 2.0-r1 socket_getline Function Remote Overflow Generic N/A 

2591 ngIRCd < 0.8.3 Log_Resolver() Remote Format String Overflow Generic 16310 

2601 Microsoft Media Player Version Detection Generic N/A 

2602 Microsoft Media Player Version 9 PNG Multiple Vulnerabilities Generic 16328 

2605 Policy - RealArcade Gaming Client Detection Generic N/A 

2622 BrightStor ARCserve/Enterprise Backup Default Account Generic 16390 

2633 Knox Arkeia Network Backup Agent Detection Generic 17157 

2634 Knox Arkeia Network Backup Server Detection Generic N/A 

2635 Knox Arkeia Type 77 Request Remote Buffer Overflow Generic 17158 

2646 Fedora YUM Updater Detection Generic N/A 

2647 Fedora FC3 Yum Updates Detection Generic N/A 

2650 IDA Pro Software Detection Generic N/A 

2688 CA License Service Multiple Vulnerabilities Generic 17307 

2689 CA License Service Client Detection Generic N/A 

Family Generic 59

2690 CA License Service Detection Generic N/A 

2691 CA License Service Detection Generic N/A 

2697 Xerox Document Centre Denial of Service (DoS) Generic 18268 

2698 Xerox Document Centre Authentication Bypass Generic 18258 

2721 ZoneAlarm < 5.5.062.011 Multiple Vulnerabilities Generic 14726 

2722 ZoneAlarm Detection Generic N/A 

2759 Media Server Type Detection Generic N/A 

2760 Media Server Type (RTP) Detection Generic N/A 

2761 Apple QuickTime Streaming Server Detection Generic N/A 

2762 Apple QuickTime Server < 4.1.3 Multiple Vulnerabilities Generic N/A 

2763 


Apple QuickTime < 4.1.4 Directory Traversal, Denial of Service, and 

Script Disclosure Vulnerabilities 

Generic N/A 

2764 Apple QuickTime Streaming Server < 5.0.3.2 DoS Generic N/A 

2781 BayTech RPC3 Telnet Daemon Authentication Bypass Generic 17663 

2784 Bakbone NetVault Multiple Vulnerabilities Generic 18257 

2786 Windows 2003 (No Service Pack) Multiple Vulnerabilities Generic N/A 

2791 TLSv1 Traffic Negotiation Detection Generic N/A 

2792 SSLv3 Traffic Negotiation Detection Generic N/A 

2795 CA eTRUST IDS Detection Generic N/A 

2829 DameWare Remote Desktop Listener Generic N/A 

2836 Xerox Document Centre Multiple Remote Vulnerabilities Generic N/A 

2838 CVS < 1.12.12 Unspecified Remote Overflow Generic N/A 

2863 ZoneAlarm < 5.5.094.000 Undisclosed Vulnerability Generic N/A 

2880 Leafnode < 1.11.2 Abrupt Disconnect DoS Generic N/A 

2895 Bakbone NetVault < 7.1.1 Unspecified Remote Overflow Generic N/A 

2901 Microsoft Media Player Versions 9 and 10 Arbitrary HTML Pop-up Generic N/A 

2904 Checkpoint Firewall-1 Patch Level 0 Detection Generic N/A 

2905 Checkpoint Firewall-1 Patch Level 1 Detection Generic N/A 

2906 Checkpoint Firewall-1 Patch Level 2 through 6 Detection Generic N/A 

2907 Checkpoint Firewall-1 NG AI R54 Detection Generic N/A 

2908 Checkpoint Firewall-1 NG AI R55 Detection Generic N/A 

2909 Checkpoint Firewall-1 NG Patch Level 0 Detection Generic N/A 

2910 Checkpoint Firewall-1 NG Patch Level FP1 Detection Generic N/A 

Family Generic 60




2913 Checkpoint Firewall-1 VPN Detection Generic N/A 

2914 VPN Client Detection Generic N/A 

2915 VPN Server Detection (over PPTP) Generic N/A 

2916 Fortinet VPN Server Detection (over PPTP) Generic N/A 

2922 Groove Detection Generic N/A 

2923 Groove < 3.1.0 Build 2338 Multiple Vulnerabilities Generic 18355 

2924 Cisco IOS VPN Detection Generic N/A 

2925 Cisco Unity VPN Detection Generic N/A 

2926 SSH Sentinel VPN Detection Generic N/A 

2927 SSH Sentinel 1.1 VPN Detection Generic N/A 



2930 SSH Sentinel 1.4.1 VPN Detection Generic N/A 


2932 Cisco VPN Detection Generic N/A 

2948 KAME/racoon VPN Detection Generic N/A 

2949 Microsoft Windows 2000 VPN Detection Generic N/A 

2950 Netscreen VPN Detection Generic N/A 

2951 OpenPGP VPN Detection Generic N/A 

2952 SafeNet SoftRemote VPN Detection Generic N/A 

3011 Leafnode < 1.11.3 TCP Timeout DoS Generic N/A 

3020 Razor-agents < 2.72 Multiple DoS Generic N/A 

3022 ZenWorks Detection Generic N/A 

3069 Nullsoft Winamp < 5.093 Malformed ID3v2 Tag Overflow Generic 19217 

3071 SSH IPSEC Express 1.1.0 VPN Detection Generic N/A 






Family Generic 61











3159 Cisco NetFlow Agent Detection Generic N/A 

3170 Xerox Document Centre Multiple Unspecified Remote Vulnerabilities Generic N/A 

3176 OpenVPN TCP Client Detection Generic N/A 

3181 CVS < 1.12.13 Local 'tmp' File Permission Vulnerability Generic N/A 

3188 Telnet Detection on High-numbered TCP Port Generic N/A 

3189 Telnet Server Detection (High Port) Generic N/A 

3190 Linux Telnet Server Detection (High Port) Generic N/A 

3191 SysV Telnet Server Detection (High Port) Generic N/A 

3192 Informix Telnet Server Detection (High Port) Generic N/A 

3210 Kerberos v5 Client with SSH Server Detection Generic N/A 

3211 Kerberos v4 Client with SSH Server Detection Generic N/A 

3227 ZoneAlarm Personal Firewall < 6.0.667.000 Multiple Vulnerabilities Generic N/A 

3228 DSL/CableModem Internet Gateway Detection Generic N/A 

3236 HylaFAX < 4.2.2 RC1 xferfaxstats Symlink Arbitrary File Overwrite Generic N/A 

3284 Computer Associates Message Queuing Service Buffer Overflow Generic 20173 

3306 Symantec pcAnywhere Detection Generic N/A 

3307 ZoneAlarm Personal Firewall < 6.1.737.000 Multiple Vulnerabilities Generic N/A 

3313 Testing NAT-T RFC VPN Detection Generic N/A 

3314 Windows 2000 VPN Detection Generic N/A 

3315 Windows 2003 VPN Detection Generic N/A 

3316 Windows XP VPN Detection Generic N/A 

3334 Network Block Device Server Detection Generic 20340 

3343 Sophos Control Center Detection Generic N/A 

Family Generic 62

3345 HylaFAX < 4.2.4 Multiple Vulnerabilities Generic 20387 

3346 TFTP Client Detection Generic N/A 

3374 Nokia Intellisync Portable Device Detection Generic N/A 

3382 Cisco VPN Concentrator 3000 < 4.7.3 Crafted HTTP Packet DoS Generic N/A 

3384 Mercury PH Server Detection Generic N/A 

3390 Winamp < 5.13 Malformed Playlist File Handling Overflow Generic 20826 

3406 Computer Associates Message Queuing DoS Generic N/A 

3407 L2TP VPN Client Detection Generic N/A 

3408 L2TP VPN Server Detection Generic N/A 

3421 IKE Server Detection Generic N/A 

3424 Powerd Detection Generic N/A 

3425 Powerd WHATIDO Variable Remote Overflow Generic N/A 

3429 

3430 

Microsoft Windows Media Player Bitmap File Processing Overflow 

(911565) 

Microsoft Windows Media Player Bitmap File Processing Overflow 

(911565) 

Generic 20905 

Generic 20905 

3431 Windows Media Player Bitmap File Processing Overflow (911565) Generic 20905 

3445 Winamp < 5.14 .M3U File Handling Buffer Overflow Generic 20826 

3459 Retrospect Client for Windows Malformed Packet DoS Generic 20996 

3460 Retrospect Client for Windows Malformed Packet DoS Generic 20996 

3461 Retrospect Client < 6.5.138 / 7.0.109 Malformed Packet DoS Generic 20996 

3493 


ZoneAlarm < 6.1.744.001 VSMON.exe Path Subversion Local Privilege 

Escalation 

Generic 21165 

3511 Nokia Intellisync Web Portal Detection Generic N/A 

3563 Windows XP SP1 VPN Detection Generic N/A 

3564 Windows 2003 or XP SP2 VPN Detection Generic N/A 

3565 Firewall-1 NGX VPN Detection Generic N/A 


3567 SSH IPSEC Express 5.0 VPN Detection Generic N/A 




3571 RFC 3947 NAT-T VPN Detection Generic N/A 

Family Generic 63


3572 Nortel Contivity VPN Detection Generic N/A 

3573 SonicWall VPN Detection Generic N/A 

3574 SSH QuickSec 0.9.0 VPN Detection Generic N/A 





3579 MacOS 10.x VPN Detection Generic N/A 

3580 StrongSwan 2.2.0 VPN Detection Generic N/A 








3588 XyXEL ZyWALL Router VPN Detection Generic N/A 

3589 Linux FreeS/WAN 2.00 VPN Detection Generic N/A 







3596 Openswan 2.2.0 VPN Detection Generic N/A 

3597 Openswan 2.3.0 VPN Detection Generic N/A 

3598 OpenPGP VPN Detection Generic N/A 

3599 FortiGate VPN Detection Generic N/A 





Family Generic 64









3612 Avaya VPN Detection Generic N/A 

3613 StoneGate VPN Detection Generic N/A 

3614 StoneGate VPN Detection Generic N/A 

3615 EMC Retrospect Client Packet Handling Overflow Generic 21327 

3630 Networker Multiple Vulnerabilities Generic N/A 

3650 Microsoft Windows Media Player PNG Processing Overflow (917734) Generic N/A 

3651 


Microsoft Windows Media Player PBG File Processing Overflow 

(917734) 

Generic N/A 

3658 Winamp < 5.22 MIDI File Handling Overflow Generic N/A 

3664 Helix RealServer < 11.1.0.801 Remote Overflow Generic N/A 

3666 Nokia Intellisync Web Portal Detection Generic N/A 

3667 ZoneAlarm < 6.5.722.000 Multiple Vulnerabilities Generic 21165 

3673 OpenOffice.org Detection Generic N/A 

3675 F-Secure Scan Evasion Generic N/A 

3676 F-Secure Product Detection Generic N/A 

3704 Proxy/Firewall Detection Generic N/A 

3708 Proxy / Firewall Detection Generic N/A 

3709 Firewall / Proxy / NAT Dependency Generic N/A 



3712 Firewall / Proxy / NAT dependency Generic N/A 





Family Generic 65





3727 HP OpenView Storage Data Protector Detection Generic N/A 

3728 

HP OpenView Storage Data Protector Backup Agent Remote Arbitrary 


Generic 22225 

3747 Netopia SNMP Password Disclosure Generic N/A 

3759 Sun Secure Global Desktop Detection Generic N/A 

3760 Sun Secure Global Desktop / Tarantella < 4.20.983 Multiple XSS Generic 22495 

3762 SIP Client Detection Generic N/A 

3763 SIP Server Detection Generic N/A 

3764 Cisco SIP TFTP Server Detection Generic N/A 


3768 Asterisk VoIP Server Detection Generic N/A 

3789 ZABBIX Client Detection Generic N/A 

3795 Skinny Server Detection Generic 22877 

3800 Winamp < 5.31 Multiple Heap Overflows Generic N/A 

3843 Novell Client Detection Generic N/A 

3844 Novell Service Agent Detection Generic N/A 

3856 Modicon PLC IO Scan Status Disclosure Generic N/A 

3875 Teredo IPv6 Client Detection Generic N/A 

3876 Teredo Server Detection Generic 23972 

3883 Socks 4 Proxy Detection Generic N/A 

3884 Socks 5 Proxy Detection Generic N/A 

3885 Microsoft Remoting Client Detection Generic N/A 

3886 Microsoft Remoting Client Detection Generic N/A 

3911 Mercury LoadRunner Detection Generic N/A 

3912 Cisco VPN Server Detection (PPTP) Generic N/A 

3919 Catbird Appliance Detection Generic N/A 

3953 


Helix Server < 11.1.3.1887 DESCRIBE Request LoadTestPassword Field 

Overflow 

Generic N/A 

3965 Bakbone NetVault < 7.4.0 Unspecified Overflow Generic N/A 

Family Generic 66

3968 ZoneAlarm Pro < 7.0.302.000 vsdatant Driver Local DoS Generic N/A 

3974 Winamp < 5.34 Malformed 'PLS' File Handling DoS Generic N/A 

3976 Winamp < 5.34a MP4 File Handling Overflow Generic N/A 

3979 Tivoli Client Detection Generic N/A 

3980 Tivoli Server Detection Generic N/A 

3986 SNORT Intrusion Detection System (IDS) Detection Generic N/A 

3987 Bro Intrusion Detection System (IDS) Detection Generic N/A 

3989 Darwin RTSP Server < 5.5.5 Multiple Overflows Generic N/A 

3997 Symantec Discovery Client Detection Generic N/A 

3998 Symantec Discovery Server Detection Generic N/A 

4036 eScan Agent Detection Generic N/A 

4069 OpenOffice Version Information Generic N/A 

4081 Yahoo! Messenger User Enumeration Generic N/A 

4083 GHOST UDP Network Client Version Detection Generic N/A 

4094 Microsoft Windows Office Version Detection Generic N/A 

4098 IMAP User ID Enumeration Generic N/A 

4105 SJPhone SIP Client INVITE Transaction Remote DoS Generic N/A 

4106 SIP Client Detection Generic N/A 

4116 TrendMicro OfficeScan < 8.0.0.1042 Multiple Vulnerabilities Generic N/A 

4145 Panda Antivirus Agent Detection Generic N/A 

4155 Microsoft Office Version Information Generic N/A 

4168 

4169 

4170 

Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution 

(940965) 


(940965) 


(940965) 

Generic 25882 

Generic 25882 

Generic 25882 

4178 Altiris Client Detection Generic N/A 

4179 Altiris Server Detection Generic N/A 

4180 


Altiris Deployment Solution < 6.8 SP2 Aclient Log File Viewer Local 

Privilege Escalation 

Generic 25904 

4181 ZoneAlarm Pro < 7.0.362.000 Local Privilege Escalation Generic N/A 

4182 EMC Legato Networker 'nsrexecd.exe' Overflow Generic N/A 

4188 TrendMicro Server Detection Generic N/A 

Family Generic 67

4192 Helix Server < 11.1.4 RTSP Command Multiple Requires Overflow Generic 25950 

4198 Subversion (SVN) < 1.4.5 Directory Traversal Privilege Escalation Generic N/A 

4216 OpenOffice < 2.3 TIFF Parser Multiple Overflows Generic 26064 

4222 BrightStore HSM CsAgent Version Detection Generic N/A 

4223 DriveLock Agent Version Detection Generic N/A 

4224 DriveLock < 5.0.0.314 Agent Version Detection Generic N/A 

4240 Magnicomp SysInfo Version Detection Generic N/A 

4241 Quintum Technologies VoIP Server Detection Generic N/A 

4242 Google Urchin < Generic N/A 

4243 Winamp < 5.5 libFLAC Integer Overflow Generic N/A 

4244 Avocent KVM Appliance Detection Generic N/A 

4264 Cisco HSRP 'Active' Router Detection Generic N/A 

4265 Cisco HSRP 'Standby' Router Detection Generic N/A 

4267 BEA WebLogic Cluster Server Detection Generic N/A 

4269 Altiris AClient < 6.8.380 Multiple Local Vulnerabilities Generic 27596 

4271 GIOP Device Detection Generic N/A 

4287 VMWare Server Detection Generic N/A 

4288 VMWare Server Plaintext Authorization Generic N/A 

4289 LIVE555 Media Server < 2007.11.18 DoS Generic N/A 

4300 IBM Director Version Detection Generic N/A 

4301 IBM Director < Generic N/A 

4308 OpenOffice HSQLDB Document Handling Java Code Injection Generic N/A 

4316 LDAP Client Anonymous Bind Utilization Generic N/A 

4317 LDAP Client Anonymous Bind Utilization Generic N/A 

4332 


Vulnerability in SMBv2 Could Allow Remote Code Execution (942624) - 

Network Check 

Generic 29855 

4342 netOctopus Agent Detection (UDP) Generic 29930 

4343 netOctopus Server Detection (UDP) Generic N/A 

4347 Winamp < 5.52 Ultravox Streaming Metadata Parsing Buffer Overflows Generic 29998 

4359 MicroTik Router Version Detection Generic N/A 

4360 MicroTik Router Version Detection Generic N/A 

4382 SHOUTcast Server Service Port Default Password Generic 31098 

4387 sapLPD Version Detection Generic N/A 

Family Generic 68

4388 SAPlpd < 6.29 Multiple Vulnerabilities Generic 31121 

4392 Mobilink Monitor Client Detection Generic N/A 

4393 Mobilink Monitor Server Detection Generic N/A 

4403 ActivePDF Server Detection Generic N/A 

4410 WebSphere MQ Server Detection Generic N/A 

4412 Borland StarTeam Server Detection Generic 31355 

4413 Perforce Server Version Detection Generic N/A 

4414 Perforce Client Detection Generic N/A 

4415 Perforce Proxy Server Detection Generic N/A 

4419 Altiris AClient < 6.9.164 Multiple Vulnerabilities Generic 31417 

4432 F-Secure Multiple Products Unspecified Code Execution Generic N/A 

4433 Check for Windows Update Traffic Generic N/A 

4437 AFP Server Detection Generic N/A 

4438 AFP Server Detection Generic N/A 

4439 AFP Client Detection Generic N/A 

4474 OpenOffice < 2.4 Multiple Vulnerabilities Generic 31968 

4490 Sun Directory Version Detection Generic N/A 

4491 Sun Directory < 6.3 bind-dn Remote Privilege Escalation Generic N/A 

4495 Novell eDirectory Version Detection Generic N/A 

4496 LDAP Version Detection Generic N/A 

4502 


Vulnerability in Microsoft Publisher Could Allow Remote Code 


Generic 32311 

4503 Windows Defender Client Detection Generic N/A 

4504 Altiris Deployment Solution < 6.9.176 Multiple Vulnerabilities Generic 32323 

4516 MDAP Service Detection Generic 32399 

4523 Mac OS X < 10.5.3 Generic 32477 

4534 CA eTrust SCM Detection Generic N/A 

4535 Novell Groupwise Messenger server Generic N/A 

4538 OpenOffice < 2.4.1 rtl_allocateMemory Integer Overflow Generic 33129 

4563 EMC AlphaStor Library Manager Detection Generic 33280 

4564 Mac OS X < 10.5.4 Multiple Vulnerabilities Generic 33281 

4581 Sun Jconsole Detection Generic N/A 

4583 RMI Registry Detection Generic 22227 

Family Generic 69

4586 Java Remote Management Platform Plaintext Password Detection Generic N/A 

4596 WinRemotePC Server Detection Generic N/A 

4599 EMC Retrospect Backup Client Version Detection Generic N/A 

4602 OpenDNS Client Detection Generic N/A 

4606 Retrospect Backup Client < Generic 33561 

4617 Winamp < 5.541 NowPlaying Unspecified Vulnerability Generic 33820 

4639 Sharity Detection Generic N/A 

4641 eDirectory < 8.8 SP3 Multiple Vulnerabilities Generic 34221 

4643 MicroTik Router < Generic N/A 

4644 MicroTik Router < Generic N/A 

4670 

Trojan/Backdoor - Potential Malicious Microsoft Executable Being 

Served 

Generic 33950 


4684 Trend Micro OfficeScan 'cgiRecvFile.exe' Buffer Overflow Generic 34216 

4704 eDirectory < 8.7.3 SP10 FTF1 Multiple Vulnerabilities Generic 34349 

4705 

Trend Micro OfficeScan < 7.3 Build 3172 Client Traversal Arbitrary File 

Access 

Generic 34362 

4716 DHCP Client Detection Generic N/A 

4717 Mac Software Update DNS Query Detection Generic N/A 



4720 Microsoft Software Update DNS Query Detection Generic N/A 



4724 Trend Micro OfficeScan HTTP Request Buffer Overflow Generic 34490 

4727 OpenOffice < 2.4.2 WMF and EMF File Handling Buffer Overflows Generic 34510 

4750 Yosemite Backup Service Driver Detection Generic 34756 

4768 Apple Error Reporting DNS Lookup Generic N/A 

4772 


Altiris Deployment Solution Server < 6.9.355 Password Disclosure 

(SYM08-020) 

Generic 34964 

4782 Dovecot ManageSieve Server Detection Generic N/A 



Family Generic 70


4803 SSL Certificate Signed Using Weak Hashing Algorithm Generic 35291 



4818 Fujitsu Systemcast Deployment Server Detection Generic N/A 

4931 Media Gateway Control Protocol (MGCP) Server Detection Generic N/A 

4933 Media Gateway Control Protocol (MGCP) Client Detection Generic N/A 

4934 Sun Java System Directory Server 6.x < 6.3.1 LDAP JDBC Backend DoS Generic 35688 

4944 eDirectory < 8.8 SP3 FTF3 iMonitor Crafted HTTP Request Overflow Generic 35760 

4955 WINS Server Detection Generic N/A 

4962 Cisco Phone Client Detection (SCCP) Generic N/A 

4963 Cisco Phone Server Detection (SCCP) Generic 22877 

4967 POLICY - OS X Insecure Software Update Transfer Generic N/A 

4973 Synergy Protocol Server Detection Generic N/A 

4974 Synergy Protocol Client Detection Generic N/A 

5023 Mac OS X 10.5 < 10.5.7 Multiple Vulnerabilities Generic 38744 

5031 Winamp < 5.552 Buffer Overflow Generic N/A 

5050 Cisco IronPort Detection Generic N/A 

5051 TACACS Client Detection Generic N/A 

5052 TACACS Server Detection Generic N/A 

5070 NFS Directory Detection Generic N/A 

5071 NFS File Detection Generic N/A 

5093 SMTP Client Account Detection Generic N/A 

5098 eDirectory < 8.8 SP5 Multiple Vulnerabilities Generic N/A 

5118 Apple GarageBand < 5.1 Information Disclosure Generic N/A 


5139 TortoiseSVN < 1.5.6 / 1.6.0-1.6.3 Multiple Integer Overflows Generic 40620 

5140 SVN < 1.5.6 / 1.6.0-1.6.3 Multiple Integer Overflows Generic 40620 

5143 Altiris Deployment Solution < 6.9.430 Multiple Vulnerabilities Generic 43828 

5145 OpenOffice < 3.1.1 Multiple Vulnerabilities Generic 40826 

5153 Windows Media Services Remote Code Execution (MS09-047) Generic 40890 

5154 Windows Media Services Version Detection Generic N/A 


Family Generic 71

5163 MS09-047: Vulnerabilities in Windows Media Format (Windows 2000) Generic 40890 

5164 

5165 

5166 

5167 

MS09-047: Vulnerabilities in Windows Media Format (Windows Server 

2003) 

MS09-047: Vulnerabilities in Windows Media Format (Windows XP 

32-bit) 

MS09-047: Vulnerabilities in Windows Media Format (Windows XP 

64-bit) 

MS09-047: Vulnerabilities in Windows Media Format (Windows Vista / 

Server 2008) 

Generic 40890 

Generic 40890 

Generic 40890 

Generic 40890 

5213 Windows NETBIOS Workstation Name Detection Generic N/A 

5226 eDirectory < 8.8.5 ftf1/8.7.3.10 ftf2 NULL Base DN DoS Generic 42412 


5228 Avigilon Security Camera Detection Generic N/A 

5229 IPP Device Detection Generic N/A 

5231 Ingenico Point of Sales (POS) Device Detection Generic N/A 

5251 eDirectory < 8.8.5.2/8.7.3.10 ftf2 'NDS Verb 0x1' Buffer Overflow Generic 43030 

5267 Winamp < 5.57 Multiple Vulnerabilities Generic 43181 

5268 Zabbix < 1.6.6 Null Pointer Dereference DoS Generic N/A 

5269 Zabbix < 1.6.7 Security Bypass Vulnerability Generic 43391 

5270 Zabbix < 1.6.8 Multiple Vulnerabilities Generic 44620 

5289 


Sun Java System Directory Proxy Server 6.x < 6.3.1 Update 1 Multiple 


Generic 43615 

5305 Windows-Vista VPN Detection Generic N/A 

5306 Dead Peer Detection v1.0 VPN Detection Generic N/A 

5307 strongSwan 4.0.5 VPN Detection Generic N/A 










Family Generic 72



5318 Netscreen-14 VPN Detection Generic N/A 



5321 Symantec-Raptor-v8.1 VPN Detection Generic N/A 

5322 Symantec-Raptor VPN Detection Generic N/A 

5326 DNS Client Query Detection Generic N/A 


5341 Novell eDirectory < 8.8 SP5 Patch 3 eMBox SOAP Request DoS Generic 44938 


5497 DNS Generic Query Detection Generic N/A 

5498 DNS Generic Query Detection Generic N/A 

5499 DNS Query Failed Generic N/A 

5500 DNS Query Failed Generic N/A 

5511 RealNetworks Helix Server 11.x / 12.x / 13.x Multiple Vulnerabilities Generic 45543 

5514 Memcached < 1.4.3 No Newline Memory Consumption DoS Generic 45579 

5515 Altiris Deployment Solution < 6.9 SP4 DBManager DoS (SYM10-007) Generic 45592 

5519 Zabbix 1.8.x < 1.8.2 'DBCondition' Parameter SQL Injection Generic N/A 

5525 Microsoft Media Server Version Detection Generic N/A 

5528 X Server Detection Generic N/A 

5533 NETBIOS Domain/workgroup Detection Generic N/A 

5564 OpenOffice < 3.2.1 Multiple Vulnerabilities Generic 46814 

5570 Novell eDirectory < 8.8 SP5 Patch 4 Multiple Vulnerabilities Generic 47022 



5620 SSL Server Certificate Exchange Detection Generic N/A 

5621 VxWorks 'debug' Port Detection Generic N/A 

5630 Zoiper < 2.24 SIP INVITE Request Remote DoS Generic 48273 

5637 QNX Detection Generic N/A 

5638 QNX 'debug' Service Detection Generic N/A 

5639 QNX qconn Service Detection Generic N/A 

5640 QCONN Version Detection Generic N/A 

Family Generic 73


5687 XMPP Client Detection Generic N/A 

5688 LDAP Server Detection Generic N/A 

5689 Winamp < 5.59 Build 3033 Multiple Vulnerabilities Generic 50379 

5701 Microsoft Executable in Transit Detection Generic N/A 


5706 Microsoft Executable in Transit Detection (Client) Generic N/A 


5726 Winamp < 5.601 MIDI Timestamp Stack Buffer Overflow Generic 51091 


5741 Rocket Software UniVerse < 10.3.9 Remote Code Execution Vulnerability Generic 51575 


5759 Generic Protocol Detection Generic N/A 




















5779 Lexmark Printer Service Detection Generic N/A 

Family Generic 74

5802 Asterisk main/udptl.c Buffer Overflows (AST-2011-002) Generic 52157 

5825 

Asterisk Multiple Denial of Service Vulnerabilities 

(AST-2011-003/AST-2011-004) 

Generic 52714 


5895 TodouVA Proxy Detection Generic 10195 

5897 Asterisk Multiple Vulnerabilities (AST-2011-005/AST-2011-006) Generic 53544 

5907 Novell File Reporter Agent XML Parsing Remote Code Execution Generic 53536 

5926 HP Intelligent Management Center Detection Generic N/A 

5927 

HP Intelligent Management Center < 5.0 E0101-L02 Multiple 


Generic 54999 

5934 VNC Detection Generic N/A 


5938 SSL Client Detection Generic N/A 

5939 Asterisk SIP Channel Driver Denial of Service (AST-2011-007) Generic 54971 



5969 

Asterisk Multiple Channel Drivers Denial of Service 

(AST-2011-008/AST-2011-009/AST-2011-010) 

Generic 55457 

5977 SSL Client Detection Generic N/A 

5983 

5984 

HP Intelligent Management Center User Access Manager < 5.0 E0101P03 

Code Execution Vulnerability 

HP Intelligent Management Center Endpoint Admission Defense < 5.0 

E0101P03 Code Execution Vulnerability 

Generic 55577 

Generic 55577 

6005 DNS Client Detection Generic N/A 

6006 DNS Client Detection Generic N/A 

6013 DHCP Client Detection Generic N/A 

6014 mDNS Client Queries Generic N/A 


6043 


Asterisk Remote Crash Vulnerability in SIP Channel Driver 

(AST-2011-012) 

Generic 56922 


6057 Novell Messenger Server < 2.2.1 Memory Information Disclosure Generic 56691 

6065 VNC Client Session Started Generic N/A 

6087 Symantec pcAnywhere Detection Generic N/A 

6104 CA eTrust Directory SNMP Packet Parsing Denial of Service Generic 57035 

Family Generic 75

6130 Successful Shell Attack Detected - Linux Failed 'cd' Command Generic N/A 

6131 Successful Shell Attack Detected - Linux Failed 'cp' Command Generic N/A 

6132 Successful Shell Attack Detected - Linux Failed 'su' Command Generic N/A 

6133 Successful Shell Attack Detected - FreeBSD Failed 'su' Command Generic N/A 

6134 Successful Shell Attack Detected - Unix Failed 'wget' Command Generic N/A 

6135 Successful Shell Attack Detected - IRIX 'id' Command Generic N/A 

6136 Successful Shell Attack Detected - Linux 'id' Command Generic N/A 

6137 Successful Shell Attack Detected - Linux 'ifconfig' Command Generic N/A 

6138 Successful Shell Attack Detected - FreeBSD 'ifconfig' Command Generic N/A 

6139 Successful Shell Attack Detected - Unix 'ls -a' Command Generic N/A 

6140 Successful Shell Attack Detected - Unix 'ls -l' Command Generic N/A 

6141 Successful Shell Attack Detected - Linux Failed 'ls' Command Generic N/A 

6142 Successful Shell Attack Detected - Linux 'lsof' command Generic N/A 

6143 


Successful Shell Attack Detected - Linux 'passwd' Command Changed 

Password 

Generic N/A 

6144 Successful Shell Attack Detected - Linux 'passwd' Command Generic N/A 

6145 Successful Shell Attack Detected - Linux 'passwd' Command Generic N/A 

6146 Successful Shell Attack Detected - IRIX 'passwd' Command Generic N/A 

6147 Successful Shell Attack Detected - Linux 'netstat' Command Generic N/A 

6148 Successful Shell Attack Detected - Linux 'ping' Command Generic N/A 

6149 Successful Shell Attack Detected - Linux 'ps' Command Generic N/A 

6150 Successful Shell Attack Detected - FreeBSD 'ps -aux' Command Generic N/A 

6151 Successful Shell Attack Detected - Linux 'rpcinfo' Command Generic N/A 

6152 Successful Shell Attack Detected - Linux 'traceroute' Command Generic N/A 

6153 Successful Shell Attack Detected - Linux 'w' Command Generic N/A 

6154 Successful Shell Attack Detected - IRIX 'w' Command Generic N/A 

6155 Successful Shell Attack Detected - FreeBSD 'w' Command Generic N/A 

6156 Successful Shell Attack Detected - Linux 'rm' Command Generic N/A 

6157 Successful Shell Attack Detected - Unix Failed 'tcpdump' Command Generic N/A 

6158 Successful Shell Attack Detected - Unix Failed 'which' Command Generic N/A 

6159 Successful Shell Attack Detected - Unix Failed 'which' Command Generic N/A 

6160 Successful Shell Attack Detected - Unix SSH Initial Connetion Detection Generic N/A 

6161 Successful Shell Attack Detected - Unix Failed 'lynx' Command Generic N/A 

Family Generic 76


6162 Successful Shell Attack Detected - Unix 'wget' File Download Generic N/A 

6163 Successful Shell Attack Detected - 'nmap' Tool Generic N/A 

6164 Successful Shell Attack Detected - Linux 'netstat -rn' Command Generic N/A 

6165 Successful Shell Attack Detected - FreeBSD 'netstat -rn' Command Generic N/A 

6166 Successful Shell Attack Detected - FreeBSD 'netstat' Command Generic N/A 

6167 Successful Shell Attack Detected - Linux 'nslookup' Command Generic N/A 

6168 Successful Shell Attack Detected - Unix 'hping2' Tool Generic N/A 

6169 Successful Shell Attack Detected - Unix 'hping2' Tool Generic N/A 

6170 Successful Shell Attack Detected - Unix 'hping2' Tool (Listen Mode) Generic N/A 

6171 Successful Shell Attack Detected - Unix 'date' Command Generic N/A 

6172 Successful Shell Attack Detected - Unix 'route' Command Generic N/A 

6173 Successful Shell Attack Detected - Unix 'snort' Tool Generic N/A 

6174 Successful Shell Attack Detected - Unix 'ngrep' Command Generic N/A 

6175 Successful Shell Attack Detected - Unix 'tethereal' Tool Generic N/A 

6176 Successful Shell Attack Detected - Unix 'history' Command Generic N/A 

6177 Successful Shell Attack Detected - Windows 'copy' Command Generic N/A 

6178 Successful Shell Attack Detected - Windows Failed 'cd' Command Generic N/A 

6179 Successful Shell Attack Detected - Windows Unknown Shell Command Generic N/A 

6180 Successful Shell Attack Detected - Windows 'dir' Command Execution Generic N/A 

6181 Successful Shell Attack Detected - Windows 'netstat' Command Generic N/A 

6182 Successful Shell Attack Detected - Windows 'net view' Command Generic N/A 

6183 Successful Shell Attack Detected - Windows 'net share' Command Generic N/A 

6184 Successful Shell Attack Detected - 'nslookup' Command Generic N/A 

6185 Successful Shell Attack Detected - Windows 'tftp' Command Generic N/A 

6186 Successful Shell Attack Detected - Windows 'nbtstat' Command Generic N/A 

6187 Successful Shell Attack Detected - Windows 'net user' Command Generic N/A 

6188 Successful Shell Attack Detected - Windows 'date' Command Generic N/A 

6189 Successful Shell Attack Detected - Windows 'time' Command Generic N/A 

6190 Successful Shell Attack Detected - Windows 'Fport' Command Generic N/A 

6191 Successful Shell Attack Detected - Windows 'PsList' Command Generic N/A 

6192 Successful Shell Attack Detected - Windows 'arp -a' Command Generic N/A 

6193 Successful Shell Attack Detected - 'ftp' Command Generic N/A 

Family Generic 77

6194 Successful Shell Attack Detected - Windows 'ipconfi' Command Generic N/A 

6195 Successful Shell Attack Detected - Windows 'route print' Command Generic N/A 

6196 Successful Shell Attack Detected - Windows 'route print' Command Generic N/A 

6197 Successful Shell Attack Detected - Windows 'ping' Command Generic N/A 

6198 Successful Shell Attack Detected - Windows 'net user' Command Generic N/A 

6199 Successful Shell Attack Detected - Windows 'tsgrinder.exe' Tool Generic N/A 

6200 Successful Shell Attack Detected - Windows 'fscan' Tool Generic N/A 

6201 Successful Shell Attack Detected - Windows 'net use' Command Generic N/A 

6202 Successful Shell Attack Detected - Cisco 'show privilege' Command Generic N/A 

6203 Successful Shell Attack Detected - Cisco 'show version' Command Generic N/A 

6204 Successful Shell Attack Detected - Cisco 'show ip bgp' Command Generic N/A 

6205 Successful Shell Attack Detected - Cisco 'show version' Command Generic N/A 

6206 Successful Shell Attack Detected - Cisco 'show proc' Command Generic N/A 

6207 Successful Shell Attack Detected - Cisco 'show access-list' Command Generic N/A 

6208 


Successful Shell Attack Detected - Cisco 'show mac-address-table' 

Command 

Generic N/A 

6209 Successful Shell Attack Detected - Cisco 'show running-config' Command Generic N/A 

6210 Successful Shell Attack Detected - Cisco 'show ip interface' Command Generic N/A 

6211 Finger Attack - Successful Finger Query to Multiple Users Generic N/A 

6212 TFTP Attack - /etc/passwd File Obtained via TFTP Generic N/A 

6213 TFTP Attack - Cisco Router Config File Obtained via TFTP Generic N/A 

6214 FTP Attack - Hidden Directory Created Generic N/A 

6215 FTP Attack - File Hidden Generic N/A 

6216 FTP Attack - Passive Port Scan Generic N/A 

6217 FTP Attack - Successful SITE EXEC Command Generic N/A 

6233 TFTP Attack - c:\winnt\repair\sam File Obtained via TFTP Generic N/A 


6298 PCAnywhere Detection Generic N/A 


6474 VoIP Client Detection Generic N/A 

6475 Polycom VoIP Client Detection Generic N/A 


6502 RealNetworks Helix Server 14.x < 14.3.x Multiple Vulnerabilities Generic 58724 

Family Generic 78

6509 FW/Proxy detection Generic N/A 

6510 

6511 


Asterisk Remote Crash Vulnerability in Skinny Channel Driver 

(AST-2012-009) 

Asterisk Remote Crash Vulnerability in voice mail application 

(AST-2012-011) 

Generic 59714 

Generic 60065 


6568 Asterisk Peer IAX2 Call Handling ACL Rule Bypass (AST-2012-013) Generic 61994 



6640 DHCPv6 client detection Generic N/A 

6641 DHCPv6 server detection Generic N/A 

6690 Asterisk Peer Multiple Vulnerabilities (AST-2012-014 / AST-2012-015) Generic 64717 

6695 mDNS Client Queries Generic N/A 

6696 MAC change detection (SNMP) Generic N/A 

Family Generic 79

Family Operating System Detection 

PVS ID PLUGIN NAME FAMILY 

1107 Cisco IOS Version Detection 

2274 

Mac OS X Multiple Vulnerabilities (Security Update 

2004-09-07) 

2283 Microsoft WinErr Version Check 

2284 Outbound Microsoft WinErr Message 

2444 

2555 


2004-12-02) 


2005-001) 

2648 Fedora FC2 Yum Update Detection 

2649 Fedora FC1 Yum Update Detection 

2730 


2005-003) 

2750 Windows 2003 Server Detection 

2751 Windows 2000 Server Detection (No Service Pack) 

2752 Windows 2000 SP1 Detection 




2756 Windows XP (No Service Pack) Detection 

2757 Windows XP SP1 Detection 



Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 

NESSUS 

ID 

Family Operating System Detection 80 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A

2765 Mac OS X 10.0 Detection 



2768 Mac OS X 10.2.8 Detection 



2785 Windows 2003 SP1 Server Detection 

2824 AS/400 Server Detection 

2833 Apple Mac OS X < 10.3.9 Multiple Vulnerabilities 

2878 


2005-005) 



3064 Mac OS X < 10.4.2 Multiple Vulnerabilities 



3225 SuSE Linux Operating System Detection 



3308 



2005-009) 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

18062 

18189 

18353 

N/A 

18683 

N/A 

N/A 

N/A 

N/A 

20113 

20249 

3434 Mac OS X < 10.4.5 Multiple Vulnerabilities Operating System 20911 

Family Operating System Detection 81

3474 

3475 


2006-002) 


2006-002) 

3496 Debian Operating System Detection 

3497 Ubuntu Operating System Detection 


3617 


2006-003) 



3773 Mac OS X Generic Detection 

3786 HP Printer Detection 

3846 Cell Phone Operating System Discovery 

3947 

Mac OS X < 10.4.9 Multiple Vulnerabilities (Security 

Update 2007-003) 

4089 Windows 2003 SP2 Server Detection 

4091 Windows Vista Operating System Detection 

4108 Ubuntu Server Detection 

4275 Unix AIX Operating System Detection 

4284 

Mac OS X < 10.4.11 Multiple Vulnerabilities (Security 

Update 2007-008) 

4345 WinErr Messages OS Detection 


4372 Windows Vista Operating System Detection 

Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 

21073 

21073 

N/A 

N/A 

21175 

21341 

21763 

22746 

N/A 

N/A 

N/A 

24811 

N/A 

N/A 

N/A 

N/A 

28212 


N/A 

N/A


4732 Windows Unsupported Operating system 

4733 Windows 2000 < SP4 Detection 


4735 Windows XP < SP2 Detection 



4738 Windows 2003 (No Service Pack) Detection 

4739 Windows Vista (No Service Pack) Detection 

4740 Windows Vista SP 1 Detection 

6106 Mac OS X Detection 

6107 Windows Version Detection 

6111 Windows OS detection 

6115 Windows OS Version Information 








Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 

6121 Windows OS Version Information Operating System N/A 

30255 


N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A





6296 CentOS Version Detection 

6486 Apple Hardware Detection 



Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


Detection 


N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A

Family IMAP Servers 


ID 

PLUGIN NAME FAMILY 

1085 Cyrus IMAP Server login Command Remote Overflow 

1086 IMAP Server Detection 

1087 UoW imapd (UW-IMAP) Multiple Command Remote Overflows 

1088 UoW imapd (UW-IMAP) BODY Request Remote Overflow 

1089 Atrium MERCUR Mailserver Local Traversal Arbitrary File Access 

1090 Ipswitch IMail 5.0 Multiple Remote Overflows 

1092 

Netscape Messaging Server IMAP LIST Command Remote 

Overflow 

1093 UoW imapd (UW-IMAP) Multiple Command Remote Overflows 

1094 

MDaemon IMAP Service CREATE Command Mailbox Name 

Handling Overflow 

1095 Mozilla IMAP Client literal_size Remote Overflow 

1096 

Microsoft Outlook Express IMAP Client literal_size Remote 

Overflow 

1097 QUALCOMM Eudora IMAP Client literal_size Remote Overflow 

1099 Pine c-client IMAP Client literal_size Remote Overflow 

1101 

UoW imapd (UW-IMAP) AUTHENTICATE Command Remote 

Overflow 

1210 Courier IMAP Server < 3.0.7 Multiple Vulnerabilities 

2158 

Merak Mail Server < 7.5.2 Web Mail Module Multiple 


2310 Alt-N MDaemon Multiple Buffer Overflows 

2425 Cyrus IMAPD < 2.2.10 Multiple Vulnerabilities 

IMAP 

Servers 

IMAP 

Servers 

IMAP 

Servers 

IMAP 

Servers 

IMAP 

Servers 

IMAP 

Servers 

IMAP 

Servers 

IMAP 

Servers 

IMAP 

Servers 

IMAP 

Servers 

IMAP 

Servers 

IMAP 

Servers 

IMAP 

Servers 

IMAP 

Servers 

IMAP 

Servers 

IMAP 

Servers 

IMAP 

Servers 

IMAP 

Servers 

NESSUS 

ID 

11196 

11414 

10625 

10966 

10382 

10123 

10580 

10374 

11577 

N/A 

N/A 

N/A 

N/A 

10292 

12103 

Family IMAP Servers 85 

N/A 

N/A 

N/A

2438 Mercury Mail Remote IMAP Stack Buffer Overflow 

2568 UW-imapd CRAM-MD5 Authentication Bypass 

2645 Cyrus IMAPD < 2.2.12 Multiple Remote Overflows 

3068 MailEnable IMAP STATUS Command Remote Overflow 

3250 MailEnable STATUS Command Overflow 

3251 UW-IMAP Quote String Buffer Overflow 

IMAP 

Servers 

IMAP 

Servers 

IMAP 

Servers 

IMAP 

Servers 

IMAP 

Servers 

IMAP 

Servers 

3299 WorldMail IMAP Server Directory Traversal Arbitrary Spool Access IMAP 

Servers 

3302 MailEnable IMAP Service Remote DoS 

IMAP 

Servers 

3383 Mercury Mail Transport System < 4.01b ph Service Buffer Overflow IMAP 

Servers 

3480 Mercur Mailserver Remote Overflow 

3482 MailEnable WebMail Multiple Products Quoted Printable Mail DoS 

3483 MailEnable Multiple Products POP3 Authentication Bypass 

IMAP 

Servers 

IMAP 

Servers 

IMAP 

Servers 

3628 Cyrus IMAPD < 2.3.4 'POP3D USER' Command Remote Overflow IMAP 

Servers 

3814 WorldMail < 

3906 

AXIGEN Mail Server IMAP Server Multiple Authentication 

Methods DoS 

3937 Ipswitch IMail Server < 2006.2 Multiple Overflows 

3958 

Lotus Domino IMAP Server < 6.5.6 / 7.0.2 FP1 CRAM-MD5 

Authentication Overflow 

3999 IMAP SSL/TLS Server Detection 

4220 Mercury IMAP Server < 


IMAP 

Servers 

IMAP 

Servers 

IMAP 

Servers 

IMAP 

Servers 

IMAP 

Servers 

IMAP 

Servers 

N/A 

N/A 

17208 

19193 

19783 

N/A 

20224 

N/A 

20812 

N/A 

N/A 

N/A 

N/A 

N/A 

24321 

24782 

24903 

4290 Ability Mail Server < 2.61 Multiple Vulnerabilities IMAP 28289 

Family IMAP Servers 86 

N/A 

N/A


4730 UW-IMAP < 2007d.404 Multiple Utility Mailbox Name Overflow 

4798 UW-IMAP < 2007e c-client Library Overflow 

5184 Ability Mail Server < 2.70 Remote Denial of Service 

Servers 

IMAP 

Servers 

IMAP 

Servers 

IMAP 

Servers 

N/A 

N/A 

41644 

Family IMAP Servers 87

Family Internet Messengers 


ID 


1244 AOL Instant Messenger Arbitrary File Forced Download 

1245 

1246 

AOL Instant Messenger URL href Attribute Traversal Arbitrary 

Local File Execution 

AOL Instant Messenger goim Handler Screen Name Parameter 


1247 AOL Instant Messenger URL refresh Tag XSS 

1248 

AOL Instant Messenger AddBuddy Link Long ScreenName 

Parameter Overflow DoS 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

1249 AOL Instant Messenger AddExternalApp Remote Buffer Overflow Internet 

Messengers 

1250 AOL Instant Messenger Active File Transfer Hijacking 

1251 AOL Instant Messenger IMG Tag Arbitrary Command Execution 

1252 AOL Instant Messenger Multiple DoS 

1253 AOL Instant Messenger < 

1254 AOL Instant Messenger Filename Handling Format String 

1255 AOL Instant Messenger File Transfer Path Disclosure 

1256 AOL Instant Messenger Malformed ASCII Value Message DoS 

1257 AOL Instant Messenger Login Sequence Remote Overflow 

1258 

AOL Instant Messenger ASCII-Symbol Interpretation Denial of 

Service 

1259 AOL Instant Messenger Password Encryption Weakness 

1260 Yahoo! Messenger Shared File Access User Status Enumeration 

1261 Yahoo! Messenger ymsgr Protocol Multiple Function Overflow 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

NESSUS 

ID 

Family Internet Messengers 88 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A

1262 Yahoo! Messenger ymsgr URI Arbitrary Script Execution 

1263 Yahoo! Messenger ymsgr URI Arbitrary Script Execution 

1264 Yahoo! Messenger IMvironment Field Remote Overflow 

1265 Yahoo! Messenger Spoofed Username 

1266 Yahoo! Messenger Message Field Remote Overflow 

1267 MSN Messenger Malformed Invite Request Remote DoS 

1268 MSN Messenger Malformed Font Field Remote DoS 

1269 MSN Messenger Detection 

1270 AOL Instant Messenger Detection 

1271 Yahoo! Messenger Download Feature Long Filename Overflow 

1272 Yahoo! Messenger Peer To Peer File Sharing Detection 

1273 Yahoo! Messenger Detection 

1274 

AOL Instant Messenger aim:goaway URI Handler goaway Function 

Away Message Handling Remote Overflow 


2135 Bird Chat Server Invalid User DoS 

2159 Gaim < 0.82 Multiple Overflows 

2160 Gaim < 0.82 MSN Protocol Buffer Overflow 

2161 Gaim / Ultramagnetic Multiple Security Vulnerabilities 

2162 Gaim < 0.59.1 Remote Command Execution 


Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

2163 Gaim < 0.59 Web Mail Account Information Disclosure Internet N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

11993 


N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A

2366 Gaim < 1.0.2 Multiple Vulnerabilities 

2405 Skype < 1.0.0.100 CallTo URI Buffer Remote Overflow 

2406 Skype Detection (Host) 

2428 ProZilla Multiple Remote Buffer Overflows 

2599 MSN Messenger Version Detection 

2600 MSN Messenger UserID Detection 

2603 MSN Messenger < 6.2.0205 PNG File Remote Overflow 

2630 Yahoo! Messenger < 6.0.0.1750 Detection 

2631 Gaim < 1.1.3 Multiple DoS Vulnerabilities 

2654 Gaim < 1.1.4 Remote DoS 

2655 Gaim Detection 

2681 Yahoo! Messenger < 6.0.0.1921 Multiple DoS 

2749 Trillian HTTP-parsing Remote Overflow 


2817 MSN Messenger Malformed GIF Remote Overflow 

2888 AOL Instant Messenger Font Tag sml Parameter Remote DoS 


3008 AOL Instant Messenger Remote Malformed GIF DoS 



Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

16328 

N/A 

N/A 

N/A 

N/A 

N/A 

17611 

N/A 

N/A 

18299 

N/A 

18432 


N/A

3070 Skype Temporary File Arbitrary File Overwrite 


3199 

IndiaTimes Instant Messenger ActiveX RenameGroup Function 

Overflow 

3268 Skype Technologies Multiple Buffer Overflows 

3627 Skype Technologies < 2.5.0.78 Arbitrary File Download 

3665 Yahoo! Messenger < 

3700 Yahoo! Messenger < 8.0.0.863 File Extension Spoofing 

3772 

Skype Technologies < 1.5.0.80 NSRRunAlertPanel Function 

Format String (Mac OS X) 

3977 Trillian < 3.1.5.0 Multiple Vulnerabilities 

4084 Windows Live Messenger Version Detection 


4103 AOL Instant Messenger < 

4104 AOL Instant Messenger 6 Version Detection 


4196 Windows Live Messenger Version Detection 

4197 Windows Live Messenger < 8.1.0178 Video Processing Overflow 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

4199 Yahoo! Messenger < 8.1.0.419 YVerInfo ActiveX Buffer Overflow Internet 

Messengers 

4210 

4211 


Vulnerability in Microsoft MSN Messenger and Windows Live 

Messenger Could Allow Remote Code Execution (942099) 

Vulnerability in Microsoft MSN Messenger and Windows Live 

Messenger Could Allow Remote Code Execution (942099) 

Internet 

Messengers 

Internet 

Messengers 

4215 AOL Instant Messenger < Internet N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

25120 

N/A 

25547 

N/A 

N/A 

N/A 

N/A 

N/A 

25955 

26019 

26019 

Family Internet Messengers 91

4280 Trillian Version Detection 

4310 

Skype Technologies < 3.6.0.216 skype4com URI Handler Remote 

Heap Corruption 

4404 ICQ 6 Version Detection 

4405 ICQ 6 HTML Code Generation Remote Format String 


4531 Skype Technologies URI Handler Remote Code Execution 

4570 Jabber Client Detection 

4571 Jabber Server Detection 


5032 Pidgin < 2.5.6 Multiple Buffer Overflow Vulnerabilities 

5137 Pidgin < 2.5.9 Buffer Overflow 

5168 Pidgin < 2.6.1 Multiple Vulnerabilities 

5298 Pidgin < 2.6.5 Information Disclosure Vulnerability 

5362 Skype < 4.2.0.155 URI Handler Security Vulnerability 

5898 Skype Detection (User-Agent) 


6234 Meebo Messenger Detected 


Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

Internet 

Messengers 

N/A 

29250 

N/A 

N/A 

32400 

N/A 

N/A 

N/A 

35042 

N/A 

40663 

40986 

43862 

45061 


N/A 

N/A 

N/A


Family Internet Messengers 93

Family IRC Clients 


ID 


ID 

1855 BitchX IRC Client "/INVITE" Command Format String DoS IRC Clients N/A 

1856 BitchX IRC Clent DNS Response Remote Overflow IRC Clients N/A 

1857 

BitchX IRC Client Malformed RPL_NAMEREPLY Message 

DoS 

IRC Clients N/A 

1858 Multiple ircii-based Clients Remote Overflows IRC Clients N/A 

1859 BitchX Trojaned Distribution Authentication Bypass IRC Clients N/A 

1860 BitchX IRC Client Channel Mode Change DoS IRC Clients N/A 

1861 mIRC < 6.0 Long Nickname Buffer Overflow IRC Clients N/A 

1862 mIRC < 6.1 DCC Server Protocol Nickname Disclosure IRC Clients N/A 

1863 mIRC < 6.03 Scripting $asctime Overflow IRC Clients N/A 

1864 mIRC DCC Get Dialog File Spoofing Weakness IRC Clients N/A 

1865 Trillian IRC PART Message Remote DoS IRC Clients N/A 

1866 Trillian IRC User Mode Numeric Remote Overflow IRC Clients N/A 

1867 Trillian IRC Module DCC Length Remote Overflow IRC Clients N/A 

1868 Trillian IRC Oversized Data Block Remote Overflow DoS IRC Clients N/A 

1869 Trillian IRC Raw Message DoS IRC Clients N/A 

1870 Trillian IRC Module Channel Name Format String IRC Clients N/A 

1871 Trillian IRC Server Response Remote Overflow IRC Clients N/A 

1872 Trillian IRC JOIN Remote Overflow IRC Clients N/A 

1873 XChat Malformed Nickname Remote Format String IRC Clients N/A 

1874 

1875 

XChat /dns Reverse Lookup Response Arbitrary Command 

Execution 

XChat CTCP Ping Arbitrary Remote IRC Command 

Execution 



1876 XChat Client URL Metacharacter Command Execution IRC Clients N/A 

1877 mIRC Minimized Dialogue Window DoS IRC Clients N/A 

1878 IRC Client Detection IRC Clients N/A 

2547 

Konversation IRC Client < 0.15.1 Multiple Remote 



3101 IRC Client Detection IRC Clients N/A 

3119 Generic Botnet Client Detection IRC Clients N/A 

Family IRC Clients 94



















Family IRC Clients 95

Family IRC Servers 


ID 


2152 ignitionServer < 0.3.2 SERVER Command Remote DoS IRC Servers N/A 

2153 Unreal IRCD < 3.2.1 Cloak IP Address Disclosure IRC Servers N/A 

2154 Unreal IRCD OperServ Raw Message Channel Join DoS IRC Servers N/A 

2403 

BNC < 2.9.1 getnickuserhost IRC Server Response Buffer 

Overflow 

IRC Servers N/A 

2404 BNC IRC Server < 2.9.1 Authentication Bypass IRC Servers N/A 

NESSUS 

ID 

2919 ignitionServer < 0.3.6p1 Channel Locking Remote DoS IRC Servers 18291 

3107 IRC Server Detection IRC Servers N/A 

3134 Generic Botnet Server Detection IRC Servers N/A 
















Family IRC Servers 96

Family Peer-To-Peer File Sharing 


ID 


2050 Gnutella Server Detection 

2051 BearShare Detection 

2052 ICQ P2P Client Detection 

2053 Blubster Detection 

2054 Gnucleus Detection 

2055 Morpheus Detection 

2056 WinMX Detection 

2057 Xolox Detection 

2058 Kazaa Detection 

2059 Shareaza Detection 

2060 Edonkey2k Detection 

2061 MyNapster Detection 

2062 KazaaClient Detection 

2063 Trillian Detection 

2327 Zinf .pls File Overflow 

2347 Vypress < 4.0 First Message Field Overflow 

2434 

Open DC Hub RedirectAll Value Remote Buffer 

Overflow 

2576 BitTorrent P2P Protocol Detection 


Sharing 


Sharing 


Sharing 


Sharing 


Sharing 


Sharing 


Sharing 


Sharing 


Sharing 


Sharing 


Sharing 


Sharing 


Sharing 


Sharing 


Sharing 


Sharing 


Sharing 


Sharing 

NESSUS 

ID 

10946 

10946 

N/A 

N/A 

N/A 

N/A 

N/A 

11431 

11426 

Family Peer-To-Peer File Sharing 97 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A

2577 BitTorrent P2P Client Detection 

2578 BitTorrent P2P Server Detection 

2656 PeerFTP Client Detection 

2709 eMule Peer-To-Peer File Sharing Server Detection 

2710 

LimeWire < 4.8.0 Directory Traversal Arbitrary File 

Access 

2813 DC++ < 0.674 File Content Manipulation 

2868 ICUII Peer-To-Peer Client Detection 

2872 BitTorrent Client Detection 

3378 WinComet Detection 

3385 Shareaza P2P Fileshare Client Integer Overflow 

3403 uTorrent Client Detection 

3404 uTorrent Server Detection 

3920 BitTorrent Client Detection 

3991 BitTorrent Server Detection 

4110 Limewire Server Detection 

4550 JXTA P2P Server Detection 

4551 JXTA P2P Client Detection 

4939 SMPP Peer-to-Peer Client Detection 

4940 SMPP Peer-to-Peer Server Detection 



Sharing 


Sharing 


Sharing 


Sharing 


Sharing 


Sharing 


Sharing 


Sharing 


Sharing 


Sharing 


Sharing 


Sharing 


Sharing 


Sharing 


Sharing 


Sharing 


Sharing 


Sharing 


Sharing 

4941 Manolito Peer-to-Peer Client Detection Peer-To-Peer File N/A 

N/A 

N/A 

N/A 

N/A 

17973 

18012 


N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A

4942 Manolito Peer-to-Peer Server Detection 

5034 SoulSeek Version Detection 

5292 Transmission Client Detection 

5947 BitTorrent Protocol Traffic Detection 


6392 BitTorrent .torrent File Download Detection 



Sharing 


Sharing 


Sharing 


Sharing 


Sharing 


Sharing 


Sharing 


Sharing 


N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A

Family POP Server 


ID 


ID 

1783 ipop2d fold Command Arbitrary File Access POP Server 10469 

1784 qpopper < 3.0.1b2 EIUDL Arbitrary Command Execution POP Server 10423 

1785 qpopper < 4.0 PASS Command Remote Overflow POP Server 10196 

1786 qpopper < 4.0.5fc2 Qvsnprintf Remote Overflow POP Server 11376 

1787 ipop2d < 4.5 FOLD Command Remote Overflow POP Server 10130 

1788 Netscape Messenging Server User Account Enumeration POP Server 10681 

1789 qpopper Options File Buffer Overflow POP Server 10948 

1790 ZetaMail Remote DoS POP Server 10184 

1791 Delegate Multiple Function Remote Overflows POP Server 10184 

1792 Qualcomm Qpopper Remote Overflow DoS POP Server 10184 

1793 Qualcomm Qpopper Remote Overflows POP Server 10184 

1794 Qualcomm Qpopper Username Remote Overflow POP Server 10184 

1795 Computalynx CMail POP3 Server DELE Function DoS POP Server N/A 

1796 Computalynx CMail < 2.4.10 HELO Command Overflow POP Server N/A 

1797 ALT-N MDaemon < 6.5.0 POP Server Overflow DoS POP Server N/A 

1798 Xtramail < 1.12 POP3 Overflow POP Server 10325 

1799 Xtramail < 1.12 Control Server Overflow Denial of Service POP Server 10323 

1800 XMail < 0.59 APOP Overflow DoS POP Server 10559 

1801 XMail < 2.4 (Build 0530) APOP Remote Format String POP Server N/A 

1802 POP Server Detection POP Server N/A 

2156 

Merak Mail Server < 7.5.1 Web Mail Module Multiple 


POP Server N/A 

2331 YahooPOPs! Proxy Detection POP Server N/A 

2332 Intellipeer User Account Enumeration POP Server 14829 

2413 Digital Mappings Systems POP3 Server Remote Buffer Overflow POP Server N/A 

2518 POP Password Changer Unauthorized Password Change POP Server N/A 

2740 DeleGate < 8.11.1 Multiple Remote Overflows POP Server 17599 

2823 AS400 Default POP Services Information Disclosure POP Server 18046 

2935 Qualcomm Qpopper < 4.0.5 Multiple Local Privilege Escalation POP Server 18361 

2938 GNU Mailutils Multiple IMAP Vulnerabilities POP Server 19605 

Family POP Server 100

2939 GNU Mailutils Multiple POP Vulnerabilities POP Server N/A 

3034 

True North eMailServer < 5.3.4 Build 2019 LIST Command 

Remote DoS 


3035 POP Banner Detection POP Server N/A 

3243 Qualcomm Qpopper poppassd Local Privilege Escalation POP Server N/A 

3257 XMail < 1.22.0 Multiple Overflows POP Server N/A 

3300 Winmail Server < POP Server N/A 

3320 Apache James < 2.2.1 Spooler retrieve Function DoS POP Server N/A 

3655 MERCUR < 2005 SP4 Multiple Remote DoS POP Server N/A 

3734 


ALT-N MDaemon POP Server < 9.06 USER / APOP Command 

Overflow 


3815 ALT-N MDaemon < 9.0.7 / 9.54 Local Insecure Directory POP Server N/A 

3938 Ipswitch IMail Server < 2006.2 Multiple Overflows POP Server 24782 

4000 POP SSL/TLS Server Detection POP Server N/A 

4118 ALT-N MDaemon < 9.6.1 DomainPOP Malformed Message DoS POP Server N/A 

4260 Delegate < 9.7.5 Multiple Vulnerabilities POP Server N/A 

4292 Ability Mail Server < 2.61 Multiple Vulnerabilities POP Server 28289 

4765 MDaemon WorldClient < 10.0.2 Script Injection POP Server 34849 

5186 Ability Mail Server < 2.70 Remote Denial of Service POP Server 41644 

5517 Alt-N MDaemon < 11.0.1 Multiple Remote DoS Vulnerabilities POP Server 45627 

Family POP Server 101

Family RPC 


ID 

1018 


ID 

RPC Status (rpc.statd) Service In 

Use 

RPC N/A 

1019 RPC rstatd Service In Use RPC N/A 

1020 RPC rusers Service In Use RPC N/A 

1021 RPC NFS Service In Use RPC N/A 

1022 RPC NIS ypserv Service In Use RPC N/A 

1023 RPC mountd Service In Use RPC N/A 

1024 RPC NIS ypbind Service In Use RPC N/A 

1025 RPC walld Service In Use RPC N/A 

1026 

RPC NIS yppasswd Service In 

Use 

RPC N/A 

1027 RPC etherstatd Service In Use RPC N/A 

1028 RPC rquotad Service In Use RPC N/A 

1029 RPC sprayd Service In Use RPC N/A 

1030 

RPC 3270_mapper Service In 

Use 

RPC N/A 

1031 RPC rje_mapper Service In Use RPC N/A 

1032 

1033 

RPC selection_svc Service In 

Use 

RPC database_svc Service In 

Use 

RPC N/A 

RPC N/A 

1034 RPC rexd Service In Use RPC N/A 

1035 RPC alis Service In Use RPC N/A 

1036 RPC sched Service In Use RPC N/A 

1037 RPC llockmgr Service In Use RPC N/A 

1038 RPC nlockmgr Service In Use RPC N/A 

1039 RPC x25.inr Service In Use RPC N/A 

1040 RPC statmon Service In Use RPC N/A 

1041 RPC bootparam Service In Use RPC N/A 

1042 

RPC NIS ypupdated Service In 

Use 

RPC N/A 

1043 RPC keyserv Service In Use RPC N/A 

Family RPC 102

1044 

RPC sunlink_mapper Service In 

Use 

RPC N/A 

1045 RPC tfsd Service In Use RPC N/A 

1046 RPC nsed Service In Use RPC N/A 

1047 RPC nsemntd Service In Use RPC N/A 

1048 RPC showfhd Service In Use RPC N/A 

1049 RPC ioadmd Service In Use RPC N/A 

1050 RPC NETlicense Service In Use RPC N/A 

1051 RPC sunisamd Service In Use RPC N/A 

1052 RPC debug_svc Service In Use RPC N/A 

1053 RPC NIS ypxfrd Service In Use RPC N/A 

1054 RPC bugtraqd Service In Use RPC N/A 

1055 RPC kerbd Service In Use RPC N/A 

1056 

1057 

1058 

RPC SunNet Manager event 

Service In Use 

RPC SunNet Manager logger 


RPC SunNet sync Service In 

Use 

RPC N/A 

RPC N/A 

RPC N/A 

1059 RPC hostperf Service In Use RPC N/A 

1060 

RPC SunNet Manager activity 


RPC N/A 

1061 RPC hostmem Service In Use RPC N/A 

1062 RPC sample Service In Use RPC N/A 

1063 RPC x25 Service In Use RPC N/A 

1064 RPC ping Service In Use RPC N/A 

1065 


RPC NFS (na.rpcnfs) Service In 

Use 

RPC N/A 

1066 RPC hostif Service In Use RPC N/A 

1067 RPC etherif Service In Use RPC N/A 

1068 RPC iproutes Service In Use RPC N/A 

1069 RPC layers Service In Use RPC N/A 

1070 RPC snmp Service In Use RPC N/A 

1071 RPC traffic Service In Use RPC N/A 

1072 RPC nfs_acl Service In Use RPC N/A 

Family RPC 103

1073 RPC sadmind Service In Use RPC N/A 

1074 RPC nisd Service In Use RPC N/A 

1075 

RPC NIS nispasswd Service In 

Use 

RPC N/A 

1076 RPC ufsd Service In Use RPC N/A 

1077 RPC pcnfsd Service In Use RPC N/A 

1078 RPC amd Service In Use RPC N/A 

1079 RPC sgi_fam Service In Use RPC N/A 

1080 RPC bwnfsd Service In use RPC N/A 

1081 RPC fypxfrd Service In Use RPC N/A 

1082 RPC portmapper Service In Use RPC N/A 

1083 


Superflous NFS Daemon 

Detection 

RPC N/A 

1084 RPC status Service In Use RPC N/A 

Family RPC 104

Family Samba 


ID 


ID 

1337 Samba Version Detection Samba N/A 

1338 Samba < 2.0.10 Remote Arbitrary File Overwrite Samba 10786 

1339 

Samba < 2.2.8 Fragment Reassembly Overflow / Arbitrary File 

Overwrite 

Samba 11398 

1340 Samba < 2.2.5 Multiple Overflows Samba 11113 

1341 Samba-TNG < 0.3.1 Multiple Vulnerabilities Samba 11442 

1342 Samba < 2.2.8a trans2.c trans2open() Function Overflow Samba 11523 

1343 Samba < 2.2.7 Unicode Encrypted Password Decryption Overflow Samba 11168 

2337 Samba < 2.2.11 Remote Arbitrary File Access Samba 15394 

2338 Samba < 3.0.6 Remote Arbitrary File Access Samba 15394 

2397 

2463 

Samba < 3.0.8 Remote Wild Card DoS and QFILEPATHINFO 

Remote Overflow 

Samba < 3.0.10 Directory Access Control List Remote Integer 

Overflow 

Samba N/A 

Samba N/A 

3499 Samba < 3.0.22 Local File Permissions Credentials Disclosure Samba N/A 

3682 Samba < 3.0.23 smdb Share Remote DoS Samba N/A 

3905 Samba < 3.0.24 nss_winbind.so.1 Multiple Function Overflow Samba N/A 

3988 Samba < 3.0.25 NDR MS-RPC Request Heap-Based Overflow Samba 25216 

3990 Samba < 3.0.25 Multiple Vulnerabilities Samba 25217 

4208 Samba < 3.0.26 idmap_ad.co Local Privilege Escalation Samba N/A 

4285 Samba < 3.0.27 Multiple Vulnerabilities Samba 28228 

4311 Samba < 3.0.28 send_mailslot Function Buffer Overflow Samba 29252 

4522 Samba < 3.0.30 receive_smb_raw Buffer Overflow Vulnerability Samba 32476 

4774 Samba 3.0.29 - 3.2.4 Potential Memory Disclosure Samba 34993 

4807 Samba 3.2.0 - 3.2.6 Unauthorized Access Samba 35298 

5053 SMB AndX File Handle Detection (client) Samba N/A 

5054 SMB AndX File Handle Detection (server) Samba N/A 

5087 Samba < 3.3.6/3.2.13/3.0.35 Multiple Vulnerabilities Samba N/A 

5194 Samba < 3.0.37 / 3.2.15 / 3.3.8 / 3.4.2 Multiple Vulnerabilities Samba 41970 

5360 Samba 3.3.11 / 3.4.6 / 3.5.0 Security Bypass Vulnerability Samba 45047 

5534 Samba < 3.5.2/3.4.8 Multiple DoS Samba 46351 

Family Samba 105

5538 Microsoft Group Policy Client Detection Samba N/A 

5540 Microsoft Group Policy File Download Detection Samba N/A 





5572 Samba 3.x < 3.3.13 SMB1 Packet Chaining Memory Corruption Samba 47036 

5663 Samba 3.x < 3.5.5 / 3.4.9 / 3.3.14 sid_parse Buffer Overflow Samba 49228 

6299 Samba 3.6.x < 3.6.3 Denial of Service Samba 57752 

6443 Samba 3.x < 3.6.4 / 3.5.14 / 3.4.16 RPC Multiple Buffer Overflows Samba 58662 

6686 


Samba 3.x < 3.5.21 / 3.6.12 and 4.x < 4.0.2 SWAT Multiple 


Samba 64459 

Family Samba 106

Family SMTP Clients 


ID 


1098 Sylpheed IMAP Client literal_size Remote Overflow 

1100 E-mail Client Detection 

1140 Elm frm Command Mail Subject Line Handling Remote Overflow 

1188 

Mutt < 1.4.2 menu.c menu_pad_string Function Index Menu Code 

Remote Overflow DoS 

1218 Eudora Long URL Status Bar Obfuscation 

1283 Qualcomm Eudora < 5.2 Long Attachment Filename Handling DoS 

1284 Qualcomm Eudora File Attachment Spoofing Vulnerability 

1285 

1286 

Qualcomm Eudora MIME Multipart Boundary Buffer Overflow 

Vulnerability 

Qualcomm Eudora WebBrowser Control Embedded Media Player File 

Vulnerability 

1287 Qualcomm Eudora Hidden Attachment Execution Vulnerability 

1288 Qualcomm Eudora Client and Path Disclosure Vulnerability 

1289 

1290 

Qualcomm Eudora 4.2/4.3 Warning Message Circumvention 

Vulnerability 

Microsoft Outlook and Outlook Express Arbitrary Program Execution 

Vulnerability 

1291 Microsoft Outlook Express S/MIME Buffer Overflow Vulnerability 

1292 Microsoft Outlook Express POP Denial of Service Vulnerability 

1293 

1294 

1295 

Microsoft Outlook Express for MacOS HTML Attachment Automatic 

Download Vulnerability 

Microsoft Outlook 98 / Outlook Express 4.x Long Filename 

Vulnerability 

Mutt < 1.4.1 / 1.5 IMAP Remote Folder Buffer Overflow 


SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

NESSUS 

ID 

Family SMTP Clients 107 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A

1296 

Mutt < 1.4.1 / 1.5 UTF-7 IMAP Remote Folder Buffer Overflow 

Vulnerability 

1297 Mutt < 1.4.1 / 1.5 Address Handling Buffer Overflow Vulnerability 

1298 Mutt < 1.4.1 / 1.5 IMAP Server Format String Vulnerability 

1299 

Mutt < 1.4.1 / 1.5 Text Enriched Handler Buffer Overflow 

Vulnerability 

1300 Elm Alternative Folder Buffer Overflow Vulnerability 

1301 Pegasus Mail < 

1302 Pegasus Mail < 

1303 Pegasus Mail < 4.02 To/From Header Overflow DoS 

1304 Lotus Notes R5 S/MIME Message Modification Warning Failure 

1305 Lotus Notes Password Hieroglyphics Information Disclosure 

1306 

Ximian Evolution < 1.1.1 camel Component Man-in-the-Middle SSL 

Session Weakness 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

1307 Ximian Evolution < 1.2.3 UUEncoding Overflow DoS / Data Injection SMTP 

Clients 

1308 Ximian Evolution < 1.2.3 MIME image/* Content-Type Data Injection SMTP 

Clients 

1310 Netscape/Mozilla Null Character Cookie Disclosure 

1311 Netscape/Mozilla/Galeon Local File Enumeration 

1312 Netscape/Mozilla Malformed Email Newline POP3 Remote DoS 

1313 Netscape/Mozilla Navigator Plugin Path Disclosure 

1314 Mozilla JavaScript URL Host Spoofing Arbitrary Cookie Disclosure 

1315 Mozilla FTP View URL Title Tag XSS 


SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

1316 Mozilla OnUnload Referer Information Leakage Race Condition SMTP N/A 


N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A

Information Disclosure Clients 

1317 Mozilla onkeypress Function XPI Installation Weakness 

1318 Mozilla document.open() Memory Corruption Denial of Service 

1319 Mozilla Browser HTTP/HTTPS Redirection Weakness 

1320 Mozilla POP3 Mail Handler Remote Overflow 

1321 Mozilla Browser Large HTTP Header Handling Overflow 

1322 Mozilla JAR File Decompression Heap Overflow 

1323 Mozilla Browser 'onclick' Property Cross Domain Violation 

1324 Qualcomm Eudora Attachment Filename Handling Overflow 

1325 Microsoft Outlook Remote Buffer Overflow 

1326 Pine < 4.58 Multiple Overflows 

1327 Netscape/Mozilla/Galeon Long IRC Channel Name Overflow 

1328 Mozilla Javascript Array Object Heap Overflow 

1329 SMTP Client Return Email Address Detection 

1330 Mozilla Mail Client Detection 

1331 Qualcomm Eudora Mail Client Detection 

1332 Microsoft Outlook Express Mail Client Detection 

1333 Mutt Mail Client Detection 

1334 Lotus Notes Mail Client Detection 

1335 Pegasus Mail Client Detection 


SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 


N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A

1336 Elm Mail Client Detection 

2145 DtMail Local Format String Privilege Escalation 

2150 Outlook Express BCC: Recipient Disclosure 

2168 Nakedsoft Gaucho < 1.4.0 Build 151 Content-Type Header Overflow 

2288 Mozilla / Mozilla Thunderbird Multiple Vulnerabilities 

2341 Local POP Account Detection 

2588 Qualcomm Eudora < 6.2.1 Unspecified Remote Overflows 

2609 PGP Email Client Detection 

2610 Generic Email Client Detection 

2611 Generic Email Client Detection 

2672 Sylpheed < 1.0.3 Invalid Header Overflow 

2703 Mozilla Thunderbird < 1.0.2 Multiple Vulnerabilities 

2713 Ximian Evolution < 2.0.4 Content-Parsing DoS 

2777 Sylpheed MIME Content-parsing Overflow 

2811 KDE KMail HTML Email Information Spoofing 

2814 Pine < 4.63 rpdump Symlink Arbitrary File Overwrite 

3013 Outlook Express NNTP LIST Command Remote Overflow 

3052 Lotus Notes < 6.5.5 Web Mail Attachment HTML Injection 

3062 Outlook Express Multiple DoS 


SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

3161 Ximian Evolution < 2.3.7 Content-Parsing Multiple Vulnerabilities SMTP N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

17605 

N/A 

N/A 

N/A 

N/A 

18489 

N/A 

18680 

Family SMTP Clients 110

3172 Mutt < 1.5.11 imap/browse.c Remote Overflow 

3174 Elm 'Expires' Header Overflow 

3232 Opera < 8.50 Mail Client Multiple Vulnerabilities 

3258 Mozilla Thunderbird < 1.5 Multiple Vulnerabilities 

3285 Sylpheed < 2.0.4 Address Book LDIF Import Overflow 

3332 Pegasus Email Client < 4.31 Multiple Remote Overflows 

3365 

Microsoft Outlook / Exchange TNEF Decoding Arbitrary Code 

Execution 

3366 Microsoft Outlook Email Client Detection 


3388 Ximian Evolution < 2.3.8 Inline XML Content-parsing Overflow 

3412 DidTheyReadIt Email Tracker Application Detection 

3413 pointofmail Email Tracker Application Detection 

3422 Lotus Notes < 6.5.5 or 7.0.1 Multiple Vulnerabilities 

3510 Outlook Express .wab File Processing Overflow 

3513 Mozilla Thunderbird < 1.5.0.2 or 1.0.8 Multiple Vulnerabilities 

3638 Thunderbird < 1.5.0.4 Multiple Vulnerabilities 

3640 SpamAssassin spamd vpopmail Username Command Injection 

3694 Mozilla Thunderbird < 1.5.0.5 Multiple Vulnerabilities 



Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

20390 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

22096 

22370 

23635 


3860 Cumulative Security Update for Outlook Express (923694) 


3893 PGP Desktop < 9.5.1 PGPserv Arbitrary Code Execution 

3918 SpamAssassin < 3.1.8 Malformed HTML Long URI DoS 


3948 GnuPG < 1.4.7 Multiple Vulnerabilities 


4088 

4090 

4092 

4093 

Cumulative Security Update for Microsoft Outlook Express and 

Windows Mail (929123) 







4100 SpamAssassin < 3.2.1 spamd Symlink Local DoS 

4135 Apple iPhone Mail Program Detection 


4186 Lotus Notes < 7.0.2 ntmulti.exe Local Privilege Escalation 

4232 

4233 

4234 

4235 










SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

23835 

23929 

24246 

N/A 

24748 

N/A 

25350 

25487 

25487 

25487 

25487 

N/A 

N/A 

N/A 

N/A 

26962 

26962 

26962 

26962 

4236 Cumulative Security Update for Microsoft Outlook Express and SMTP 26962 


Windows Mail (941202) Clients 


4262 Lotus Notes < 7.0.3 HTML Email RTF Conversion Overflow 


4421 

Vulnerability in Microsoft Outlook Could Allow Remote Code 



4451 GnuPG < 1.4.9 / 2.0.9 Key Import Duplicate ID Memory Corruption 

4485 eTrust SCM SMTP Version Detection 

4492 eTrust SCM SMTP Version Detection 








5353 


Mozilla Thunderbird < 2.0.0.23 Certificate Authority (CA) Common 

Null Byte Handling SSL MiTM Weakness 




SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

N/A 

N/A 

N/A 

31414 

N/A 

N/A 

N/A 

N/A 

32134 

33563 

34294 

34819 

35287 

35977 

N/A 

40664 

44111 

44961 

45110 


5483 Mozilla Thunderbird Unsupported Version Detection 


5508 Possible RBL/CBL Blacklisting Message Detected 

5509 Possible RBL/CBL Blacklisting Message Detected 

5558 Mozilla Thunderbird Version Detection 


5608 Thunderbird 3.0.x < 3.0.6 Multiple Vulnerabilities 

5609 Thunderbird 3.1.x < 3.1.1 Multiple Vulnerabilities 

5658 Thunderbird < 3.0.x < 3.0.7 Multiple Vulnerabilities 

5659 Thunderbird < 3.1.3 Multiple Vulnerabilities 


5683 Mozilla Thunderbird 3.0.x < 3.0.9 Multiple Vulnerabilities 


5692 Mozilla Thunderbird 3.0.x < 3.0.10 Buffer Overflow Vulnerability 

5693 Mozilla Thunderbird 3.1.x < 3.1.6 Buffer Overflow Vulnerability 






SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

40362 

45394 

N/A 

N/A 

N/A 

47125 

47783 

47784 

49147 

49148 

50086 

50087 

50384 

50385 

51122 

51123 

52532 

53596 

55289 

6010 Mozilla Thunderbird 5 Multiple Vulnerabilities SMTP 55887 


6011 Mozilla Thunderbird 3.1 < 3.1.12 Multiple Vulnerabilities 

6029 Mozilla Thunderbird 6 Multiple Vulnerabilities 

6110 Mozilla Thunderbird 8 Multiple Vulnerabilities 

6357 E-mail Client Detection 

6498 Mozilla Thunderbird 12.x < 12 Multiple Vulnerabilities 

6499 Roving Constant Contact E-mail Marketing Client Detection 

6520 Mozilla Thunderbird 13.x < 13 Multiple Vulnerabilities 

6560 Mozilla Thunderbird 14.x < 


6614 Mozilla Thunderbird 16.x < 16.0.2 Multiple Vulnerabilities 



6683 Barracuda Networks device detection 



Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

SMTP 

Clients 

55886 

56336 

57361 

N/A 

59409 

N/A 

60045 

61717 

62582 

62746 

63000 

63553 

N/A 

64724 


Family SMTP Servers 


ID 


1156 Novell GroupWise Internet Mail Server Detection 

1173 SMTP Server Inbound .exe Attachment Detection 

1206 Courier < 0.45 Japanese Codeset Conversion Overflows 

2004 SMTP Banner - Generic 

2005 SMTP Banner - Port Specific 

2006 CommuniGate Pro < 3.2 HTTP Configuration Port Remote Overflow 

2007 WebShield SMTP Header DoS / Filter Bypass 

2008 Lotus Domino < 5.0.12 / 6.0.1 Multiple Vulnerabilities 

2009 Sendmail .forward File Local Privilege Escalation 

2010 Sendmail .forward File Local Privilege Escalation 

2011 Sendmail < 8.12.1 RestrictQueueRun Option Local DoS 

2012 Sendmail < 8.9.3 Header Parsing Redirection DoS 

2013 Sendmail < 8.8.5 MIME Conversion Malformed Header Overflow 

2014 Sendmail < 8.8.3 mime7to8 Function Overflow 

2015 Sendmail < 8.10.0 mail.local Newline Handling Remote DoS 

2016 Sendmail < 8.6.8 Long Debug Local Overflow 

2017 Eserv SMTP Memory Leak 

2018 Sendmail < 8.11.6 Local Overflow 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

NESSUS 

ID 

N/A 

N/A 

12102 

10263 

10263 

10048 

10557 

11338 

11364 

11364 

11087 

11352 

10055 

10588 

11351 

11348 

11619 

10729 

Family SMTP Servers 116

2019 Sendmail < 8.6.10 IDENT Remote Overflow 

2020 Sendmail < 8.12.8 Header Handling Remote Overflow 

2021 Sendmail < 8.8.4 Group Permissions Local Privilege Escalation 

2022 EXPN Command Information Disclosure 

2023 EXPN Command Information Disclosure 

2024 Sendmail < 8.10.1 ETRN Command Remote DoS 

2025 Sendmail < 8.12.5 DNS Map TXT Query Overflow 

2026 Sendmail 'decode' Alias Arbitrary File Overwrite 

2027 Sendmail ResrictQueueRun Debug Information Disclosure 

2028 Sendmail DEBUG Arbitrary Command Execution 

2029 Sendmail < 8.8.3 Local Overflow 

2030 Sendmail < 8.12.1 Custom Configuration File Privilege Escalation 

2031 Sendmail < 8.12.9 NOCHAR Value Overflow 

2032 Sendmail HELO Command Overflow 

2033 Microsoft Exchange IMC SMTP EHLO Hostname Overflow 

2034 TFS SMTP < 4.0 Build 210 MAIL FROM Remote Overflow 

2035 Xtramail SMTP Multiple Command Remote Overflows 

2036 SLMail SMTP Multiple Overflows 

2037 FTGate Multiple Vulnerabilities 


SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

10278 

11316 

11349 

10249 

10249 

N/A 

11232 

10248 

11088 

10247 

11346 

11086 

11499 

10260 

11053 

10284 

10324 

11593 

11579 

2038 Lotus Domino < 6.0.1 Multiple SMTP Vulnerabilities SMTP 11386 


2039 Sendmail < 8.12.8 Double Pipe smrsh Bypass Overflow 

2040 MS SMTP NULL Session Mail Relay 

2041 ISMail < 1.4.5 Multiple Command Domain Name Handling Overflow 

2042 Youngzsoft CMailServer < 4.0.2003.03.30 RCPT TO Overflow 

2043 Sendmail < 8.12.10 prescan() Function Remote Overflow 

2044 Sendmail < 8.7.6 GECOS Field Local Overflow DoS 

2046 Sendmail SMTP Server Detection 

2047 Lotus Domino SMTP Server Detection 

2048 Clearswift MAILsweeper for SMTP < 4.3.15 Multiple Vulnerabilities 

2049 Ipswitch IMail Weak Password Encryption Weakness 

2157 Merak Mail Server < 7.5.2 Web Mail Module Multiple Vulnerabilities 

2256 Ipswitch IMail Server < 8.13.0 Multiple Vulnerabilities 

2257 Ipswitch IMail Server < 8.13.0 Multiple Vulnerabilities 

2311 Alt-N MDaemon Multiple Buffer Overflows 

2319 Canon ImageRUNNER Printer Email Arbitrary Content Printing / DoS 

2340 Kerio MailServer < 6.0.3 Unspecified Code Execution 

2358 Microsoft SMTP DNS Lookup Overflow (885881) 

2384 MailEnable SMTP Server < 1.5.1 Undisclosed Vulnerabilities 

2412 


CCProxy < 6.3 Logging Function HTTP GET Request Remote 

Overflow 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

11321 

11308 

11272 

N/A 

11838 

11347 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

14819 

15404 

15464 

15611 

15774 


2430 Alt-N MDaemon File Creation Local Privilege Escalation 

2432 Youngzsoft CMailServer < 5.2.1 Multiple Remote Vulnerabilities 

2435 

MailEnable < 1.53 IMAP Service Multiple Remote Pre-Authentication 

Buffer Overflows 

2473 ArGoSoft Mail Server < 1.8.7.0 Unspecified XSS 

2482 Macallan Mail Solution < 4.1.1.0 Multiple HTTP Vulnerabilities 

2505 

Exim < 4.44 Illegal IPv6 Address / SPA Authentication Buffer 

Overflow 

2606 ArGoSoft Mail Server < 1.8.7.4 HTML Injection 

2695 

Ipswitch IMail < 8.15 Hotfix 1 IMAP EXAMINE Argument Buffer 

Overflow 

2717 MailEnable < 1.8.1 mailto Remote Format String Overflow 

2739 

NetWin SurgeMail < 3.0.0c2 Multiple Remote Unspecified 


2772 Smail < 3.2.0.121 Multiple Vulnerabilities 

2773 OpenBSD spamd Service Detection 

2818 GLD Greylisting Server < 1.5 Detection 

2834 Kerio MailServer < 6.0.9 Malformed Email DoS 

2847 ArGoSoft Mail Server Multiple Vulnerabilities 

2873 Kerio MailServer < 6.0.10 Unspecified Admin Web Interface DoS 

2921 

NetWin SurgeMail < 3.0.0c3 Multiple Unspecified Remote 


3009 GoodTech < 5.15 SMTP RCPT TO: Single Character DoS 

3029 Sendmail < 8.13.4 Multiple Vulnerabilities 


SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

N/A 

N/A 

15852 

16012 

N/A 

N/A 

16364 

17311 

17364 

17594 

17633 

N/A 

N/A 

N/A 

18140 

18184 

18354 

18433 

3036 True North eMailServer < 5.3.4 Build 2019 LIST Command Remote SMTP 18570 

Family SMTP Servers 119 

N/A

3039 

DoS Servers 

Inframail SMTP Server < 7.12 MAIL FROM Command Remote 

Overflow 

3048 Courier Mail Server < 0.50.1 SPF Data Lookup Remote DoS 

3106 

GoodTech SMTP Server < 5.17 'RCPT TO' Command Remote 

Overflow 

3155 BusinessMail SMTP < 4.7 Multiple Command Remote Overflows 

3317 Ipswitch IMail Format String and 'LIST' Command DoS 

3321 Apache James < 2.2.1 Spooler retrieve Function DoS 

3322 

Courier Mail Server < 0.52.2 Deactivated Account Authentication 

Bypass 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

3361 Eudora Internet Mail Server < 3.2.8 NTLM Authentication Request DoS SMTP 

Servers 

3440 True North eMailServer SEARCH Command Remote Overflow 

3447 ArGoSoft Mail Server < 1.8.8.6 '_DUMP' Information Disclosure 

3448 MTS Professional < 1.61.1.85 SMTP Open Relay 

3469 Kerio MailServer < 6.1.3 Patch 1 Remote DoS 

3473 

Ipswitch Multiple Products < 2006.03 IMAP FETCH Command 

Overflow 

3484 Sendmail < 8.13.6 Unspecified Overflow 


3487 Sendmail < 8.13.6 Signal Handler Remote Overflow 

3504 McAfee WebShield < 4.5 MR2 Bounced Emails Format String 

3646 Courier Mail Server < 0.53.2 Crafted Username Encoding DoS 

3653 Sendmail < 8.13.7 Multi-part MIME Message Handling DoS 

3659 Clearswift MAILsweeper for SMTP < 4.3.20 Multiple Vulnerabilities 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

18588 

18620 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

20977 

N/A 

N/A 

21051 


N/A 

N/A 

N/A 

N/A 

N/A 

N/A

3670 MailEnable SMTP Service HELO Command Remote DoS 

3690 

VisNetic MailServer < 8.5.0.5 lang_settings Parameter Remote File 

Inclusion 

3738 Ipswitch IMail Server RCPT String Remote Overflow 

3892 Trend Micro InterScan VirusWall Version Detection 

3936 Ipswitch IMail Server < 2006.2 Multiple Overflows 

4077 Lotus Domino Web Server Multiple Vulnerabilities 

4122 Potential SPAM Server Detection 






4141 Ipswitch IMail Server < 2006.21 Multiple Vulnerabilities 

4148 Kerio MailServer < 6.4.1 Attachment Filter Unspecified Issue 



4203 MailMarshal < 


4207 Hexamail < 3.0.1.004 POP3 Service USER Command Overflow 

4217 Merak Mail < 9.0.0 BODY Element HTML Injection 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

4261 Lotus Domino Multiple Vulnerabilities SMTP N/A 

N/A 

22079 

N/A 

N/A 

24782 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

25737 


N/A 

N/A 

N/A 

N/A 

N/A 

N/A

4268 Ipswitch IMail Client < 2006.23 Multipart MIME Email Overflow 

4291 Ability Mail Server < 2.61 Multiple Vulnerabilities 

4339 Lotus Domino < 7.0.2 FP3 Unspecified DoS 

4381 Kerio MailServer < 6.5.0 Multiple Vulnerabilities 

4431 NetWin SurgeMail < 


4517 Lotus Domino < 8.0.1 / 7.0.3 FP1 Multiple Vulnerabilities 

4555 SurgeMail < 3.9g2-2 IMAP Command Handling Unspecified DoS 

4695 Postfix Detection 

4697 MailMarshal < 6.4 Spam Quarantine Management XSS 

4797 Kerio MailServer < 6.6.2 (KSEC-2008-12-16-01) Multiple XSS 

4800 IceWarp Merak Mail Server < 9.4.0 IMG Tag XSS 

5025 Sendmail < 8.13.2 Remote Overflow 

5048 Kerio MailServer < 6.6.2 Patch 3 / 6.7.0 Patch 1 XSS 


5293 Sendmail < 8.14.4 SSL Certificate NULL Character Spoofing 

5347 XMail < 1.27 Insecure Temporary File Creation 

5510 

MS10-024: Vulnerabilities in Microsoft Exchange and Windows SMTP 

Service Could Allow Denial of Service (981832) 

5557 Exim < 4.72 Multiple Vulnerabilities 


Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

27590 

28289 

29925 

31119 

N/A 

N/A 

32433 

33277 

N/A 

34336 

35258 

35281 

N/A 

N/A 

41644 

43637 

44942 

45517 

46783 


5561 

Kerio MailServer / Connect < 7.0.1 Administration Console File 

Disclosure and File Corruption Vulnerability 

5600 Ipswitch IMail Server < 11.02 Multiple Vulnerabilities 

5752 Exim < 4.74 Local Privilege Escalation Vulnerability 

5910 Exim < 4.70 string_format Function Remote Overflow 

5911 


Exim < 4.76 dkim_exim_verify_finish Remote Format String 

Vulnerability 

5929 Checkpoint Firewall ESMTP Service Detection 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

SMTP 

Servers 

47140 

47743 

51861 

51179 

53856 


N/A

Family SNMP Traps 


ID 


1344 SNMP Public Community String 

1345 SNMP Public Community String 

1346 SNMP Private Community String 

1347 SNMP Private Community String 

1348 SNMP ilmi Community String 

1349 SNMP ilmi Community String 

1350 SNMP ILMI Community String 

1351 SNMP ILMI Community String 

1352 SNMP System Community String 

1353 SNMP System Community String 

1354 SNMP Write Community String 

1355 SNMP Write Community String 

1356 SNMP all Community String 

1357 SNMP all Community String 

1358 SNMP Monitor Community String 

1359 SNMP Monitor Community String 

1360 SNMP Agent Community String 

1361 SNMP Agent Community String 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

NESSUS 

ID 

Family SNMP Traps 124 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A

1362 SNMP Manager Community String 

1363 SNMP Manager Community String 

1364 SNMP OrigEquipMfr Community String 

1365 SNMP OrigEquipMfr Community String 

1366 SNMP Admin Community String 

1367 SNMP Admin Community String 

1368 SNMP Default Community String 

1369 SNMP Default Community String 

1370 SNMP Password Community String 

1371 SNMP Password Community String 

1372 SNMP Tivoli Community String 

1373 SNMP Tivoli Community String 

1374 SNMP Openview Community String 

1375 SNMP Openview Community String 

1376 SNMP community Community String 

1377 SNMP community Community String 

1378 SNMP snmp Community String 

1379 SNMP snmp Community String 

1380 SNMP snmpd Community String 


SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

1381 SNMP snmpd Community String SNMP N/A 


N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A

1382 SNMP security Community String 

1383 SNMP Security Community String 

1384 SNMP rmon Community String 

1385 SNMP rmon Community String 

1386 SNMP rmon_admin Community String 

1387 SNMP rmon_admin Community String 

1388 SNMP hp_admin Community String 

1389 SNMP hp_admin Community String 

1390 SNMP NoGaH$@! Community String 

1391 SNMP NoGaH$@! Community String 

1392 SNMP 0392a0 Community String 

1393 SNMP 0392a0 Community String 

1394 SNMP xyzzy Community String 

1395 SNMP xyzzy Community String 

1396 SNMP agent_steal Community String 

1397 SNMP agent_steal Community String 

1398 SNMP freekevin Community String 

1399 SNMP freekevin Community String 

1400 SNMP fubar Community String 


Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 


N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A

1401 SNMP fubar Community String 

1402 SNMP secret Community String 

1403 SNMP secret Community String 

1404 SNMP cisco Community String 

1405 SNMP cisco Community String 

1406 SNMP apc Community String 

1407 SNMP apc Community String 

1408 SNMP ANYCOM Community String 

1409 SNMP ANYCOM Community String 

1410 SNMP cable-docsis Community String 

1411 SNMP cable-docsis Community String 

1412 SNMP c Community String 

1413 SNMP c Community String 

1414 SNMP cc Community String 

1415 SNMP cc Community String 

1416 SNMP cascade Community String 

1417 SNMP cascade Community String 

1418 SNMP comcomcom Community String 

1419 SNMP comcomcom Community String 


SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

1420 SNMP internal Community String SNMP N/A 


N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A

1421 SNMP internal Community String 

1422 SNMP blue Community String 

1423 SNMP blue Community String 

1424 SNMP yellow Community String 

1425 SNMP yellow Community String 

1426 SNMP Agent on Remote Host 

1427 SNMP Agent on Remote Host 

1428 SNMP Trap Agent on Remote Host 

1429 SNMP Trap Agent on Remote Host 

1430 Operating System Detection (SNMP) 

1431 Operating System Detection (SNMP) 

1432 Network Interfaces List Detection (SNMP) 

1433 Network Interfaces List Detection (SNMP) 

1434 Wireless Access Point Detection (SNMP) 







Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

10800 

10800 

10551 

10551 

11026 

11026 

11026 

11026 

11026 

11026 

Family SNMP Traps 128



2195 Cisco IOS ACL Bypass (Bug ID CSCdi34061) 






2201 

2202 

2203 


Cisco IOS OSPF Neighbor Announcement Overflow DoS (Bug ID 

CSCdp58462) 


CSCdp58462) 


CSCdp58462) 

2204 Cisco IOS PPTP Packet Remote DoS (Bug ID CSCdt46181) 



2207 Cisco PPTP Authentication Bypass / DoS (Bug ID CSCdt56514) 



SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

2210 Cisco VPN Concentrator HTML Interface DoS (Bug ID CSCdu15622) SNMP 

Traps 

2211 Cisco VPN Concentrator HTML Interface DoS (Bug ID CSCdu15622) SNMP 

Traps 

11026 

11026 

10973 

10973 

10973 

10974 

10974 

10974 

11283 

11283 

11283 

10979 

10979 

10979 

11287 

11287 

11287 

11288 

11288 

2213 Cisco IOS CEF Packet Information Disclosure (Bug ID CSCdu20643) SNMP 10983 


2214 Cisco IOS CEF Packet Information Disclosure (Bug ID CSCdu20643) 

2215 Cisco IOS CEF Packet Information Disclosure (Bug ID CSCdu20643) 

2216 

2217 

2218 

Cisco VPN Concentrator Service Banners Information Disclosure (Bug 

ID CSCdu35577) 

Cisco VPN Concentrator Service Banner Information Disclosure (Bug 


Cisco VPN Concentrator Service Banner Information Disclosure (Bug 


2219 Cisco VPN Concentrator Invalid Login DoS (Bug ID CSCdu82823) 



2222 

2223 

2224 

2225 

2226 

2227 

2228 

2229 

2230 

2231 

2232 


Cisco VPN Concentrator PPTP Multiple Vulnerabilities (Bug ID 

CSCdv66718) 


CSCdv66718) 


CSCdv66718) 

Cisco VPN Concentrator HTML Source Cleartext Password Disclosure 

(Bug ID CSCdv88230, CSCdw22408) 

Cisco VPN Concentrator HTMl Source Cleartext Password Disclosure 


Cisco VPN Concentrator HTML Source Cleartext Password Disclosure 


Cisco VPN Concentrator HTML Source Certificate Password 

Disclosure (Bug ID CSCdw50657) 





Cisco VPN Concentrator ACL Bypass / DoS (Bug ID CSCdx07754, 

CSCdx24622, CSCdx24632) 



Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

10983 

10983 

11289 

11289 

11289 

11290 

11290 

11290 

11291 

11291 

11291 

11292 

11292 

11292 

11294 

11294 

11294 

11293 

11293 


2233 

2234 

2235 

2236 

2237 

2238 

2239 



Cisco VPN Concentrator "No Encryption" Option Remote DoS (Bug 

ID CSCdx39981) 





Cisco VPN Concentrator LAN-to-LAN IPSEC Tunnel Termination 

DoS (Bug ID CSCdx54675) 





2240 Cisco Multiple DoS (Bug ID CSCdx92043) 



2243 Cisco TFTP Server Long Filename DoS (Bug ID CSCdy03429) 



2246 

2247 

2248 

2249 

Cisco VPN Concentrator ISAKMP Packet Remote DoS (Bug ID 

CSCdy38035) 

Cisco VPN Concentrator ISAKMP PAcket Remote DoS (Bug ID 

CSCdy38035) 

Cisco VPN Concentrator ISAKMP Packet Remote DoS (Bug ID 

CSCdy38035) 

Cisco IOS SIP Packet Remote DoS (Bug ID CSCdz39284, 

CSCdz41124) 

2250 Cisco IOS SIP Packet DoS (Bug ID CSCdz39284, CSCdz41124) 

2251 


Cisco IOS SIP Packet Remote DoS (Bug ID CSCdz39284, 

CSCdz41124) 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

2299 GNU Radius < 1.2.94 SNMP Request Remote DoS SNMP N/A 

11293 

11295 

11295 

11295 

11296 

11296 

11296 

11379 

11379 

11379 

11056 

11056 

11056 

11297 

11297 

11297 

11380 

11380 

11380 


2300 GNU Radius < 1.2.94 SNMP Request Remote DoS 

3023 Cisco VPN Concentrator Group Name Enumeration 

3749 SNMP 'cable-docsis' Community String 

3750 SNMP 'cable-docsis' Community String 


Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 

SNMP 

Traps 


N/A 

N/A 

N/A 

N/A

Family SSH 


ID 


ID 

1966 F-Secure SSH Password Authentication Policy Evasion SSH 12099 

1967 SSH Server Detection SSH 10267 

1968 SSH Client Detection SSH N/A 

1969 SSH < 3.1.5 / 3.2.2 setsid() Privilege Escalation SSH 11169 

1970 scp < 2.1 Traversal File Create/Overwrite SSH 11339 

1971 PKCS#1 Version 1.5 Session Key Retrieval SSH N/A 

1972 SSH RSAREF Library Multiple Overflows SSH 10269 

1973 SSH Multiple Vulnerabilities SSH 11195 



1976 SSH Secure-RPC Weak Encrypted Authentication Key Recovery SSH 11340 

1977 SSH < 1.2.28 Kerberos NFS Share Ticket Disclosure SSH 10472 

1978 SSH < 1.2.25 CBC/CFB Data Stream Injection SSH 10268 

1979 OpenSSH Client < 2.3.0 X11 Unauthorized Remote Forwarding SSH 11343 

1980 SSH1 CRC-32 detect_attack Function Overflow SSH 10607 

1981 SSH-1 < 1.2.31 SSH Daemon Account Login Attempt Logging Failure SSH 11341 

1982 SSH < 3.1.2 AllowedAuthentications Remote Bypass SSH 10965 

1983 SSH < 3.0.1 Locked Account Remote Authentication Bypass SSH 10708 

1984 Portable OpenSSH < 3.6.1p2 PAM Timing Side-Channel Weakness SSH 11574 

1985 OpenSSH < 2.3.2 SSHv2 Public Key Authentication Bypass SSH 10608 

1986 OpenSSH < 3.0.1 Multiple Vulnerabilities SSH 10802 

1987 OpenSSH < 3.4 Multiple Remote Overflows SSH 11031 

1988 OpenSSH < 2.9.9 Multiple Key Type ACL Bypass SSH 10771 

1989 OpenSSH < 3.2.1 AFS/Kerberos Ticket/Token Passing Overflow SSH 10954 

1990 OpenSSH < 3.1 Channel Code Off by One Privilege Escalation SSH 10883 

1991 OpenSSH < 2.1.1 UseLogin Local Privilege Escalation SSH 10439 

1992 

OpenSSH < 3.0.2 UseLogin Environment Variable Local Command 

Execution 

SSH 10823 

1993 Dropbear SSH Server Format String SSH N/A 

1994 OpenSSH < 3.7 buffer_append_space Function Overflow SSH N/A 

Family SSH 133

1995 LSH < 1.5 lshd Daemon Remote Overflow SSH 11843 

1996 Portable OpenSSH < 3.7.1p2 Multiple PAM Vulnerabilities SSH 11848 

1997 OpenSSH Detection SSH N/A 

1998 PuTTY < 0.55 modpow Function Arbitrary Code Execution SSH N/A 

1999 Putty < 0.54 SSH2 Authentication Password Persistence Weakness SSH N/A 

2371 PuTTY < 0.56 Remote SSH2_MSG_DEBUG Buffer Overflow SSH N/A 

2427 Van Dyke SecureCRT < 4.1.9 Telnet URI Remote Command Execution SSH N/A 

2637 PuTTY < 0.57 SFTP Remote Buffer Overflow SSH N/A 

2716 Lysator < 2.0.1 LSH Unspecified Remote DoS SSH 17352 

3043 Tectia SSH Server < 4.3.2 Local Key Disclosure SSH N/A 

3059 SSH Valid Banner Check SSH N/A 

3205 OpenSSH < 4.2p1 GSSAPI Authentication Credential Escalation SSH N/A 

3207 

AttachmateWRQ Reflection for Secure IT Server < 6.0 Build 24 

Multiple Vulnerabilities 

SSH 19589 

3329 SSH Tectia Server < 5.0.1 Host Authentication Authorization Bypass SSH 20316 

3331 Dropbear SSH Server < 0.47 svr_ses.childpidsize Remote Overflow SSH N/A 

3380 Lysator LSH Seed-file File Descriptor Leak SSH N/A 

3428 AttachmateWRQ Reflection for Secure IT Server SFTP Format String SSH 20902 

3432 SSH Tectia Server SFTP Filename Logging Format String SSH 20927 

3466 Dropbear < 0.48 Authorization-Pending Connection Saturation DoS SSH 21023 

3620 FortressSSH < 0.47 SSH_MSG_KEXINIT Logging Remote Overflow SSH N/A 

3648 WinSCP < 3.8.2 Arbitrary Command Insertion SSH N/A 

3751 OpenSSH < 4.4 Multiple GSSAPI Vulnerabilities SSH 22466 

3754 


OpenBSD Portable OpenSSH < 4.4.p1 GSSAPI Authentication 

Overflow 

SSH 22466 

3787 OpenSSH < 4.1.0p2 / 4.2 Timing Attack SSH N/A 

3821 SSH Server Detection (Non-standard Port) SSH N/A 

3929 Dropbear < 0.49 Hostkey Host Spoofing Vulnerability SSH N/A 

4209 OpenSSH < 4.7 Trusted X11 Cookie Connection Policy Bypass SSH N/A 

4214 WinSCP < 4.0.4 URL Protocol Handler Arbitrary File Transfer SSH 26027 

4335 SSH Tectia Server < 5.2.4 / 5.3.6 Local Privilege Escalation SSH N/A 

4422 SSF Server Detection SSH 31421 

4459 OpenSSH < 5.0 X11 Forwarding Local Session Hijacking SSH 31737 

Family SSH 134

4598 OpenSSH X11 < 5.1 Session Hijacking SSH N/A 

4628 Reflections SSH Server Version Detection SSH N/A 

4632 

Attachmate Reflection for Secure IT UNIX Server < 7.0 SP1 Multiple 


SSH 33948 

4761 SSH Tectia CBC Information Disclosure SSH N/A 

5247 Sun Solaris sshd Timeout Mechanism Remote Denial of Service SSH N/A 

5593 XLight FTP Server SFTP Directory Traversal SSH 47680 

5712 Serv-U < 10.3.0.1 SFTP Server Authentication Bypass Vulnerability SSH 50659 

5784 OpenSSH Legacy Certificate Signing Information Disclosure SSH 51920 

5936 PVS-SSH-Server-Session_Start SSH N/A 

5937 PVS-SSH-Session_Start SSH N/A 

6088 SSH Server Detection (realtime) SSH N/A 

6089 SSH Client login detected (realtime) SSH N/A 

6300 OpenSSH < 5.7 Multiple Vulnerabilities SSH 44081 

6338 


Dropbear SSH Server Channel Concurrency Use-after-free Remote 

Code Execution 

SSH 58183 

6642 Tectia SSH Server Authentication Bypass SSH 63156 

Family SSH 135

Family Web Clients 


ID 


ID 

1102 WinRoute Proxy Detection 

1136 lftp HTTP Directory Name Handling Remote Overflow 

1138 Policy - SETI@HOME Client Detection 

1171 HTTP Based ZIP File Download Detection 

1239 Mozilla < 1.7 Multiple Remote Overflows 

1243 Opera Web Browser < 7.5.4 Multiple Vulnerabilities 

1309 

Mozilla Predictable Temporary File Symbolic Link Arbitrary File 

Overwrite 

1734 HTTP Proxy Detection 

1735 Web Client Detection 

1736 Lynx Command Line URL CRLF Injection 

1737 Lynx < 2.8.5 dev 6 Syslog URI Format String 

1738 Lynx < 2.8.3pre5 Long URL Buffer Overflow 

1739 Lynx Internal URL Verification Code Execution 

1740 Lynx < 2.8.1dev 10 Mailer Buffer Overflow 

1741 Konqueror < 3.1.x Sub-Frames XSS 

1742 Konqueror < 3.0.3 Image Handling Overflow DoS 

1743 Wget < 1.5.4 Symlink Permission Modification 

1744 Wget < 1.8.3 Rogue FTP Site File Deletion 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Family Web Clients 136 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A

1745 Curl < 7.4.1 Long Error Message Buffer Overflow 

1746 Mozilla < 0.9 Predictable Temporary File Name File Deletion 

1747 Mozilla < 0.9.7 Null Byte Cookie Disclosure 

1748 Mozilla < 1.0rc2 Local File Detection 

1749 Netscape < 6.2.3 Local File Detection 

1750 Galeon < 1.2.2 Local File Detection 

1751 Mozilla < 1.0rc2 IRC Client Buffer Overflow 

1752 Netscape < 6.2.3 IRC Client Buffer Overflow 

1753 Mozilla < 1.0rc2 XMLHttpRequest File / Directory Disclosure 

1754 Galeon < 1.2.2 XMLHttpRequest File / Directory Disclosure 

1755 Netscape < 6.2.3 XMLHttpRequest File / Directory Disclosure 

1756 Mozilla < 1.0.1 XMLSerializer Cross-domain Policy Access 

1757 Galeon < 1.2.7 XMLSerializer Cross-domain Policy Access 

1758 Mozilla < 1.1 POP3 Client Malformed Email DoS 

1759 Netscape < 4.78 POP3 Client Malformed Email DoS 

1760 Netscape < 6.2.3 POP3 Client Malformed Email DoS 

1761 Mozilla < 1.0.1 Plugin Path Disclosure 

1763 Opera < 7.11 Filename Extension Handling Overflow 

1764 Opera < 7.0.3 Multiple Vulnerabilities 


Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

1765 MailMax/Web Remote Installation Path Disclosure Web N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

11578 

11404 

Family Web Clients 137

1766 DeskNow Web Mail Cleartext Authentication 

1767 MPlayer Detection 

1768 MPlayer < 0.92.0 ASX Header Parsing Buffer Overflow 

1769 Mozilla Web Client Detection 

1770 Mozilla < 1.7.1 SSL Redirect Spoofing 

1771 Mozilla Browser < 1.7.2 Non-FQDN SSL Certificate Spoofing 

1772 Mozilla < 1.7.1 Cross-Domain Frame Loading Vulnerability 

1773 

Mozilla Browser

2133 libNSS Hello Challenge Remote Heap Overflow 

2169 Gecko-based Browsers for MacOS X Content Spoofing 

2259 Opera < 7.54.0 Empty CCCC Object JavaScript-based DoS 

2265 mpg123 Multiple Remote Overflows 

2268 eZ Multiple Products Connection Saturation Remote DoS 

2281 Mozilla/Firefox Linux Installation Arbitrary File Overwrite 

2287 Mozilla-based Web Browser Multiple Vulnerabilities 

2295 Mozilla / Firefox enablePrivilege Dialog Weakness 

2301 

Microsoft Internet Explorer 6 SV 1 XHTML Comment User 

Confirmation Bypass 

2304 Xine-lib < 1.0 RC6a Heap and Stack Overflows 

2306 Google Toolbar HTML Injection 

2344 RealPlayer Multiple Remote Overflows 

2345 Mozilla/Firefox Linux Installation Arbitrary File Deletion 

2373 Opera < 7.55.0 Cross-Domain Dialog Box Spoofing 

2374 Konqueror < 3.2.2-2 Cross-Domain Dialog Box Spoofing 

2376 NetCaptor Cross-Domain Dialog Spoofing 

2379 Konqueror Cross-Domain Scripting 

2380 Quicktime Multiple Integer Overflows 


2381 RealPlayer Skin File Handling Buffer Overflow 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

2396 Pavuk < 0.9.31 Multiple Unspecified Remote Buffer Overflows Web N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

17656 

15395 

15408 

N/A 

N/A 

N/A 

N/A 

17637 


N/A

2399 EZ-IPupdate show_message() Remote Format String 

2402 Firefox < 1.0.0 IMG Tag Multiple Vulnerabilities 

2424 OmniWeb Browser Cross-Domain Dialog Box Spoofing 

2449 GNU WGet Multiple Remote Vulnerabilities 

2458 

MPlayer < 1.0pre5try2 Get_Header Remote Client-Side Buffer 

Overflow 

2459 Xine-Lib < 1.0-rc8 Remote Client-Side Buffer Overflow 

2467 Opera < 7.54u1 Download Box Spoofing 

2468 Netscape < 7.2 Cross-domain Window Injection 

2471 GREED Multiple Remote Vulnerabilities 

2472 RealPlayer Unspecified Remote Buffer Overflow 

2481 

Mozilla < 1.7.5 Network News Transport Protocol Remote Heap 

Overflow 

2512 Dillo < 0.8.4-rc1 Interface Message Format String 

2519 Apple iTunes < 4.7.1 Playlist Buffer Overflow 

2521 Gracebyte Network Assistant Remote DoS 

2529 Konqueror < 3.3.2 Multiple Remote Java Sandbox Bypass 

2530 iCab Web Browser Remote Window Hijacking 

2531 Konqueror Web Browser < 3.3.3 Remote Window Hijacking 

2581 Lynx Malformed HTML Tags DoS 


2640 Curl < 7.13.1 NTLM Stack-based Buffer Overflow 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

N/A 

15712 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

14278 

16085 


N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A

2644 ProZilla < 1.3.7.4 Location Header Format String 

2652 Firefox < 1.0.1 Multiple Vulnerabilities 

2666 RealPlayer < 6.0.12.1059 Multiple Remote Overflows 

2671 Mozilla < 1.7.6 Multiple Vulnerabilities 

2704 Mozilla Firefox < 1.0.2 Multiple Vulnerabilities 


2789 Mozilla < 1.7.7 Multiple Vulnerabilities 

2794 Pavuk < 0.9.32 Multiple Unspecified Remote Buffer Overflows 

2803 Axel < 1.0b conn.c HTTP Redirection Remote Overflow 

2832 MusicMatch Multiple Vulnerabilities 

2844 MPlayer < 1.0pre7 Multiple Remote Heap-based Overflows 

2869 FilePocket File Sharing Application Detection 


2889 Apple iTunes < 4.8 MPEG-4 File Handling Overflow 

2899 Quicktime < 7.0.1 Web Plugin Information Disclosure 

2902 Mozilla Browser < 1.7.8 Multiple Vulnerabilities 

3007 AVG AntiVirus Version Detection 

3015 Opera Multiple Injection Vulnerabilities 

3018 HTTP Plaintext Password Authentication 


Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

N/A 

17603 

17254 

17604 

N/A 

18064 

18065 

N/A 

N/A 

18049 

N/A 

N/A 

18243 

18214 

18521 

18244 

N/A 

18503 

3030 RealPlayer < 6.0.12.1212 vidplin.dll Crafted AVI Overflow Web 18560 


N/A

3031 Metasploit Framework Engine Detection 

3033 ClamAV < 0.86.1 Content-parsing DoS 

3044 Prevx Pro 2005 < 




3108 ClamAV < 0.86.2 Content-parsing Multiple Overflows 

3115 Generic Botnet Client Detection 

3153 Opera Multiple Injection Vulnerabilities 

3154 MetaSploit < 2.4-current Unspecified Vulnerability 

3177 OpenVPN TCP Proxy Client Detection 

3183 MPlayer < 1.0pre8 Audio Header strf Overflow 

3229 ClamAV < 0.86.3 Content-parsing Multiple Overflows 

3233 Opera < 8.50 Upload Flaw 



3240 Maxthon Web Browser < 1.3.3 Cross-Domain Dialog Box Spoofing 

3254 ClamAV < 0.87.2 Content-parsing DoS 

3255 GNU WGet < 1.10.2 Buffer Overflow 


Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

N/A 

N/A 

18616 

18689 

18813 

18689 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

19718 

19719 


N/A 

N/A 

N/A

3256 Curl NTLM Buffer Overflow 

3261 Lynx < 2.8.6 dev14 NNTP Headers Buffer Overflow 

3280 Quicktime < 7.0.3 (Windows) Detection 

3281 ClamAV < 0.87.1 Content-parsing Buffer Overflow 

3286 RealPlayer for Windows Multiple Overflows (2) 

3287 Lynx < 2.8.6 dev15 Arbitary Code Execution 

3292 Sony XCP-DRM Rootkit Detection 

3294 Absinthe SQL Injection Tool Detection 

3296 iTunes For Windows < 6.0 Local Code Execution 

3309 Opera < 

3310 SQL Injector SQL Injection Tool Detection 

3318 Curl < 

3359 SocketScanner Detection 

3362 ClamAV < 0.88.0 UPX File Processing Overflow 

3364 Quicktime < 7.0.4 (Windows) Multiple Vulnerabilities 

3381 Microsoft CryptoAPI Version Check 

3396 VMWare Detection 


3405 Mozilla Firefox < 1.5.0.1 Multiple Vulnerabilities 

3409 DidTheyReadIt Email Tracker (Client) Detection 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

3410 ReadNotify Email Tracker (Client) Detection Web N/A 

N/A 

N/A 

20136 

N/A 

20184 

N/A 

N/A 

N/A 

20218 

N/A 

N/A 

N/A 

N/A 

N/A 

20395 


N/A 

N/A 

N/A 

N/A

3411 PointOfMail Email Tracker (Client) Detection 

3418 McAfee Client Detection (SPIPE) 

3420 McAfee Client Detection (UPDATE) 

3467 Mac OS X Intel Detection 

3481 Curl < 7.15.3 TFTP URL Parsing Overflow 

3485 RealPlayer for Linux, Mac, and Windows Remote Overflows 

3491 MPlayer Crafted Media File Integer Overflow 

3498 Internet Explorer Version 7 Detection 

3503 NOD32 < 2.51.26 Antivirus Local File Overwrite 

3505 ClamAV < 0.88.1 Multiple Vulnerabilities 

3512 Mozilla Firefox < 1.5.0.2 or 1.0.8 Multiple Vulnerabilities 


3515 Opera < 8.54 signedness StyleSheet Overflow 

3516 SeaMonkey < 1.0.1 Multiple Vulnerabilities 

3525 ClamAV < 0.88.2 HTTP Header Remote Overflow 

3531 Mozilla Firefox < 1.5.0.3 Multiple Vulnerabilities 

3616 Quicktime < 7.1 on Mac OS X Multiple Vulnerabilities 

3624 WhatsUp Network Monitoring Tool Detection 

3636 Firefox < 1.5.0.4 Multiple Vulnerabilities 


Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

21221 

N/A 

N/A 

N/A 

21554 


N/A 

N/A


3661 Opera < 9.01 Malformed 'HREF' DoS 

3662 Opera < 9.01 Malformed JPEG Overflow 

3671 iTunes < 6.0.5 AAC File Parsing Overflow 


3701 ClamAV < 0.88.4 UPX rsize Content-Parsing Overflow 

3705 Safari Version Detection 

3706 Firefox Version Detection 

3707 Microsoft Internet Explorer Detection 


3725 Microsoft Internet Explorer Version Detection 

3726 Google Toolbar Detection 

3741 Quicktime < 7.1.3 Multiple Vulnerabilities 

3743 Firefox < 1.5.0.7 Multiple Viulnerabilities 


3746 RSSOwl < 1.2.3 Atom Feed XSS 

3748 SharpReader < 0.9.7.1 RSS Feed XSS 

3794 ClamAV < 0.88.5 PE Handler Content-Parsing Overflow 

3796 Opera < 9.02 Multiple Vulnerabilities 


Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

N/A 

N/A 

N/A 

21781 

22095 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

22369 

22371 

N/A 

N/A 

N/A 

22875 

3810 SeaMonkey < 1.0.6 Multiple Vulnerabilities Web 23634 



3817 Windows Media Player < 

3820 iTunes Client Detection 

3837 Python Urllib Version Detection 

3842 ClamAV < 0.88.7 MIME-encoded Scan Bypass 

3859 Windows Media Format Series Remote Code Execution (923689) 

3863 CA Antivirus Client Detection 

3864 LogMeIn Listening Server Detection 


3868 Firefox < 1.5.0.9 / 2.0.0.1 Multiple Vulnerabilities 


3879 OmniWeb Browser < 5.5.2 Javascript alert Function Format String 

3889 BitDefender Detection 

3891 Symantec Antivirus Version Number Detection 

3899 Policy - Nintendo Wii Detection 

3903 Firefox < 

3907 TiVo Detection 




Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

23633 

N/A 

N/A 

N/A 

N/A 

23838 

N/A 

N/A 

23928 

23930 

23977 


N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A


3924 Google Desktop Detection 


3935 QuickTime < 7.1.5 Multiple Vulnerabilities 


3954 IDA Pro Disassembler Software Detection 

3955 IDA Pro Remote Debugger Server Authentication Bypass 

3960 F-Secure Product Detection 




4001 NOD32 < 2.70.37 Directory Name Handling Multiple Overflows 

4071 Mozilla Firefox < 1.5.0.12 / 2.0.0.4 Multiple Vulnerabilities 

4073 Mozilla SeaMonkey < 1.0.9 / 1.1.2 Multiple Vulnerabilities 


4079 Yahoo! Messenger Webcam ActiveX Multiple Overflows 

4080 Windows CE < 5.1 Detection 

4082 AOL Instant Messenger User Enumeration 

4095 Windows CE < 5.1 Detection 


Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

4096 Windows CE < 5.0 / 6.0 Buffer Overflow Web N/A 

24701 

24709 

24735 

24761 

24875 

N/A 

N/A 

N/A 

N/A 

N/A 

25290 

N/A 

25349 

25351 

N/A 

25459 


N/A 

N/A 

N/A

4099 Windows Safari Detection 

4109 CFNetwork < 129.20 DoS 

4130 ClamAV < 0.91.0 Multiple RAR Content Parsing Vulnerabilities 

4131 AVG AntiVirus < 7.5.476 avg7core.sys Local Privilege Escalation 

4132 QuickTime < 7.2 Multiple Vulnerabilities 

4137 Curl < 7.16.4 Expired Certificate Access Restriction Bypass 


4142 Opera < 9.22 Torrent File Overflow 


4153 Mozilla SeaMonkey < 1.1.4 Multiple Vulnerabilities 

4171 

4172 

4173 

4174 

4175 

4176 

Vulnerability in Windows Media Player Could Allow Remote Code 












4177 Opera < 9.23 Arbitrary Code Execution 

4183 ClamAV < 0.91.2 Multiple Remote DoS 

4193 Netopia Timbuktu Detection 


Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

N/A 

N/A 

N/A 

N/A 

25703 

N/A 

25735 

N/A 

25820 

N/A 

25885 

25885 

25885 

25885 

25885 

25885 

25900 


N/A 

N/A

4204 iTunes < 7.4.0 MP4/AAC File covr atom Overflow 



4253 Microsoft Internet Explorer Version Detection 








4321 ClamAV < 0.92.0 PE File Handling Integer Overflow 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

4322 Flash Player < 9.0.115.0 / 7.0.73.0 APSB07-20 Multiple Vulnerabilities Web 

Clients 



4362 iPhoto < 7.1.2 Photocast Subscription Format String 

4363 QuickTime < 7.4.1 RTSP Response Handling Overflow 




Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

4374 WebDAV Mini Redirector Client Detection Web N/A 

N/A 

N/A 

27506 

N/A 

27521 

N/A 

N/A 

27626 

28329 

N/A 

29698 

N/A 

29741 

29742 

29982 

30201 

30204 

30209 

30210 


4375 ClamAV < 0.92.1 Multiple Overflows 

4384 Now SMS/MMS Gateway Version Detection 


4389 Now SMS/MMS Gateway Multiple Remote Overflows 

4394 Mobilink Monitor Server Version Detection 

4395 MobiLink Server < 10.0.1 Build 3649 Multiple Remote Overflows 

4396 Sybase SQL Anywhere Database Version Detection 

4406 Sony Playstation Version Detection 

4408 Eye-Fi Version Detection 

4409 WebSphere MQ Server Detection 

4418 IBM Rational Clearquest Server Detection 

4429 VLC Media Player < 0.8.6f Multiple Vulnerabilities 

4434 Mac OS X Safari < 3.1 Multiple Vulnerabilities 

4435 Mac OS X Version Detection 



4453 X2 Thin Client Server Detection 




Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

N/A 

N/A 

31129 

N/A 

N/A 

31719 

N/A 

N/A 

N/A 

N/A 

N/A 

31853 

31604 

N/A 

31652 

31653 

N/A 

31734 

31735 


4461 Flash Player < 9.0.124.0 APSB08-11 Multiple Vulnerabilities 

4465 ClamAV < 0.93.0 Multiple Overflows 

4468 MarketFirst Client Detection 

4472 Safari < 3.1.1 PCRE Nested Repetition Count Overflow 

4473 Firefox < 2.0.0.14 Javascript Garbage Collection DoS 



4543 Novell NetWare iPrint Client Version Detection 

4547 ClamAV < 0.93.1 memcpy() Function Overflow 

4548 Novell iPrint Client Unspecified Vulnerability 

4556 Safari < 3.1.2 Multiple Vulnerabilities 

4560 IronPort Version Detection 

4562 VLC Media Player < 0.8.6h Multiple Vulnerabilities 



4569 

VLC Media Player < 0.8.6i WAV File Handling Remote Integer 

Overflow 


4588 Firefox < 2.0.0.16 / 3.0.1 Multiple Vulnerabilities 



Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

4592 F-PROT Antivirus Version Detection Web N/A 

31799 

N/A 

N/A 

N/A 

31864 

33131 

33168 

N/A 

N/A 

33227 

33226 

N/A 

33278 

33393 

33394 

33485 

33396 

33505 

33522 


4593 F-PROT Attachment Handling DoS 

4600 EMC Retrospect Server Detection 

4603 Agnitum Outpost Version Detection 

4604 

4607 

4608 

Agnitum Outpost Security Suite < 6.5.2358.316.0607 Detection Engine 

Bypass 

Retrospect Backup Server < 7.6 Authentication Module Password Hash 

Disclosure (ESA-08-009) 

RealPlayer for Windows < 6.0.14.806 / 6.0.12.1675 Multiple 


4611 AVG Scanning Engine < 8.0.156 UPX Parsing DoS 


4635 SQL Worm Client Detection 

4642 ClamAV < 0.93.1 memcpy() .chm File Handling DoS 

4645 Google Chrome Version Detection 

4647 

Novell iPrint Client nipplib.dll IppCreateServerRef Function Buffer 

Overflow 

4650 Microsoft Office OneNote Client Detection 


4653 iTunes < 8.0 Multiple Vulnerabilities 

4678 Virus / Backdoor Client Detection 

4681 Google Chrome < 0.2.149.29 Multiple Vulnerabilities 




Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

N/A 

N/A 

N/A 

N/A 

33562 

33744 

33762 

33949 

N/A 

N/A 

N/A 

34085 

N/A 

34118 

N/A 

N/A 

34197 

34267 

34268 




4708 VLC Media Player < 0.9.3 XSPF Playlist Memory Corruption 


4726 

VLC Media Player < 0.9.5 TY Media File Handling Memory 

Curruption 


4741 System Requirements Lab Software Client Detection 

4744 

ClamAV < 0.94.1 get_unicode_name() Function Off-by-One Buffer 

Overflow 

4745 Mozilla Browser Plugin Detection 

4746 Flash Player APSB08-18 / APSB08-20 Multiple Vulnerabilities 

4747 VLC Media Player 0.5.0 to 0.9.5 Stack-Based Buffer Overflows 

4748 Google Chrome < 0.3.154.9 Address Spoofing 


4752 Firefox 3.x < 3.0.4 Multiple Vulnerabilities 


4754 Safari < 3.2 Multiple Vulnerabilities 

4756 Microsoft Web Service client Version Detection 

4757 SOAP/XML Plaintext Credentials Disclosure 

4759 Adobe AIR Version Detection 


Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

34269 

34368 

34400 

34459 

34400 

34680 

N/A 

34729 

N/A 

34741 

34730 

34742 

34766 

34767 

34768 

34772 

4760 Adobe AIR APSB08-23 / APSB08-22 / APSB08-20 / APSB08-18 Web 34815 


N/A 

N/A 

N/A

Multiple Vulnerabilities Clients 

4763 Symantec Backup Exec Detection 

4770 NetWitness Version Detection 

Web 

Clients 

Web 

Clients 

4776 ClamAV < 0.94.2 cli_check_jpeg_exploit() Malformed JPEG File DoS Web 

Clients 

4785 

VLC Media Player < 0.9.8a RealMedia Processing Remote Integer 

Overflow 

4787 ClamAV < 0.94 Multiple Vulnerabilities 





4796 Firefox < 2.0.0.20 Cross-Domain Data Theft 

4799 McAfee ePO Version Detection 





4935 Google Chrome < 1.0.154.48 Cross-browser Command Injection 

4937 Flash Player APSB09-01 Multiple Vulnerabilities 




Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

N/A 

N/A 

35009 

35068 

35087 

35185 

35218 

35219 

35220 

35251 

N/A 

35437 

35558 

35581 

35687 

35689 

35742 

35761 

35778 





4982 ClamAV < 0.95 Scan Evasion 


4988 SeaMonkey < 1.1.16 XSL Transformation Overflow DoS 


Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

5004 Google Chrome < 1.0.154.59 Same Origin Policy Bypass Vulnerability Web 

Clients 

5008 Firefox 3.0.9 Memory Corruption 

5009 ESET Anti-Virus Version Detection 

5013 ESET Anti-Virus Version Detection 

5014 Avira Anti-Virus Version Detection 

5015 Avira Anti-Virus Zip File Scan Evasion 


5021 AVG Scanning Engine UPX Parsing Denial of Service Vulnerability 


5026 Google Chrome < 1.0.154.65 Remote Code Execution 

5027 Avira Anti-Virus PDF File Scan Evasion 

5038 Avira Anti-Virus Multiple Scan Evasions 


Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

35914 

35978 

36045 

36075 

36131 

36130 

36215 

38154 

N/A 

N/A 

N/A 

N/A 

N/A 

38699 

N/A 

38745 

N/A 

N/A 

38973 

5041 iTunes < 8.2 Remote Overflow Web 38986 






5073 ClamAV < 0.95.2 File Scan Evasion 


5082 Google Chrome < 2.0.172.33 Buffer Overflow vulnerability 



5099 Google Chrome < 2.0.172.37 Buffer Overflow 


5109 Adobe AIR < 1.5.2 Multiple Vulnerabilities (APSB09-10) 

5112 VLC Media Player < 1.0.1 Remote Integer Underflow 

5113 Firefox < 3.0.13/3.5.0 Multiple Vulnerabilities 

5114 Mozilla Firefox < 3.5.2/3.0.12 Multiple Vulnerabilities 

5115 Mozilla Firefox < 3.0.13/3.5.2 Proxy Response DoS 

5116 Mozilla Firefox 3.5 < 3.5.2 Proxy Response DoS 

5117 LoJack Software Detection 



Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

38988 

39339 

N/A 

39372 

N/A 

39499 

N/A 

N/A 

N/A 

39852 

40351 

40447 

N/A 

N/A 

40479 

N/A 

N/A 

N/A 

40554 


5130 Curl < 7.19.6 Certificate Validation Bypass Vulnerability 




5158 Flash Client Version Detection 


5161 Mozilla Firefox < 3.0.14 / 3.5.3 Multiple Vulnerabilities 

5172 Aria2 Detection 

5175 Debian devscripts 'uscan' Input Validation Vulnerability 


5182 iTunes < 9.0.1 Remote Code Execution 

5188 VLC Media Player < 1.0.2 Multiple Buffer Overflows 


5197 OSSProxy Detection 

5198 Apple iPhone Wireless Connection Detection 

5199 Sophos Enterprise Anti-virus Version Detection 

5202 QuickBooks Accounting Software Version Detection 

5203 GtekClient Detection 


5204 Unsupported Software Detection (Windows 98) 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

5212 GNU Wget SSL Certificate Security Bypass Web N/A 

N/A 

40778 

40827 

40874 

N/A 

40929 

40930 

N/A 

N/A 

41000 

41061 

41626 

41958 


N/A 

N/A 

N/A 

N/A 

N/A 

N/A



5219 Mozilla SeaMonkey < 2.0 Multiple Vulnerabilities 



5234 Google Chrome < 3.0.195.33 Security Bypass Vulnerability. 


5254 Client .exe Download Detection 

5255 Novell iPrint Client < 5.32 Multiple Buffer Overflow Vulnerabilities 

5256 Adobe AIR < 1.5.3 Multiple Vulnerabilities (APSB09-19) 





5325 


Real Networks RealPlayer < RealPlayer SP 1.0.5 Multiple 



5335 cURL < 7.20.0 CURLOPT_ENCODING Option Buffer Overflow 


5338 Flash Player < 10.0.45.2 Multiple Vulnerabilities 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

42291 

42306 

42307 

42413 

42478 

42798 

42892 

N/A 

43060 

43069 

43174 

43175 

N/A 

N/A 

44119 

44317 

N/A 

44587 

44596 


5342 Mozilla Firefox < 3.0.18 / 3.5.8 / 3.6 Multiple Vulnerabilities 



5351 Client PDF Download Detection 

5352 Client ZIP Download Detection 

5359 Mozilla Firefox cpe Version Detection 




5481 Mozilla Firefox Unsupported Version Detection 

5482 Mozilla SeaMonkey Unsupported Version Detection 


5485 Mozilla Firefox < 3.6.2 Multiple Vulnerabilities. 







5502 Firefox < 3.6.3 Remote Code Execution Vulnerability 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

44659 

44660 

44960 

N/A 

N/A 

N/A 

45045 

45086 

45111 

40362 

40362 

45121 

45133 

45391 

45388 

45392 

45393 

45395 

45403 

5505 ClamAV < 0.96 Multiple Vulnerabilities Web 45437 




5527 

Opera < 10.53 Asynchronous Content Modification Uninitialized 

Memory Access 

5529 Beyond Compare < 3.1.11 Zip File Buffer Overflow 

5539 Konqueror < 4.4.3 Multiple Vulnerabilities 



5566 Safari < 4.1 / 5.0 Multiple Vulnerabilities 


5569 

Flash Player < 10.1.53.64 / 9.0.277.0 Multiple Vulnerabilities 

(APSB10-14) 




5580 Firefox 3.6.x < 3.6.4 Multiple Vulnerabilities 





5602 Client .dat Download Detection 


Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

45610 

46171 

46204 

46242 

N/A 

46706 

46732 

46838 

46850 

46859 

47038 

47113 

47123 

47124 

47126 

47139 

47583 

47595 


N/A

5603 Client .dat Download Detection 

5605 iTunes < 9.2.1 'itpc:' Buffer Overflow Vulnerability 



5610 SeaMonkey 2.0.x < 2.0.6 Multiple Vulnerabilities 

5613 Firefox 3.6.7 Remote Code Execution Vulnerability 


5617 Safari < 4.1.1 / 5.0.1 Multiple Vulnerabilities 

5625 Flash Player Multiple Vulnerabilities (APSB10-16) 


5628 

QuickTime < 7.6.7 QuickTimeStreaming.qtx SMIL File Debug 

Logging Overflow (Windows) 


5647 Novell iPrint Client < 5.42 Multiple Vulnerabilities 


5650 Real Networks RealPlayer SP < 1.1.5 Multiple Vulnerabilities 

5651 

VLC Media Player < 1.1.4 Patch Subversion Arbitrary DLL Injection 

Code Execution 





Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

N/A 

47764 

47781 

47782 

47785 

47829 

47859 

47888 

48300 

48317 

48323 

48383 

48364 

48407 

48907 

48906 

49087 

49089 

49144 

5656 Firefox 3.5.x < 3.5.12 Multiple Vulnerabilities Web 49145 




5661 

Opera < 10.62 Path Subversion Arbitrary DLL Injection Code 

Execution 


5665 QuickTime < 7.6.8 Multiple Vulnerabilities (Windows) 


5670 Flash Player Unspecified Code Execution (APSB10-22) 

5672 ClamAV < 0.96.3 Denial-of-Service Vulnerability 



5681 Mozilla Firefox 3.5.x < 3.5.14 Multiple Vulnerabilities 


5685 Mozilla SeaMonkey 2.0.x < 2.0.9 Multiple Vulnerabilities 

5690 Mozilla Firefox 3.5.x < 3.5.15 Buffer Overflow Vulnerability 

5691 Mozilla Firefox 3.6.x < 3.6.12 Buffer Overflow Vulnerability 

5694 Mozilla SeaMonkey 2.0.x < 2.0.10 Buffer Overflow Vulnerability 





Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

49146 

49149 

49174 

49237 

49260 

49285 

49307 

49712 

49964 

50049 

50084 

50085 

50088 

50382 

50383 

50386 

N/A 

N/A 

50476 


5699 

5709 

5710 

Flash Player < 9.0.289 / 10.1.102.64 Multiple Vulnerabilities 

(APSB10-26) 

Real Networks RealPlayer < 14.0.1.609 (Build 12.0.1.609) Multiple 


VLC Media Player < 1.1.5 Samba Share Access Module Code 

Execution 











5746 VLC Media Player < 1.1.6 Multiple Vulnerabilities 


5748 



Remote Code Execution Vulnerabilities 

5756 VLC Media Player < 1.1.7 Code Execution Vulnerability 



Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

50493 

50612 

50650 

50654 

50977 

51125 

51062 

51121 

51120 

51124 

51161 

51343 

51511 

51772 

51774 

51814 

51851 

51872 

51921 

5781 Flash Player < 10.2.152.26 Multiple Vulnerabilities (APSB11-02) Web 51926 


5783 Flash Player Unsupported Version Detection 

5796 ClamAV < 0.97 Multiple Vulnerabilities 

5805 Symantec Enterprise AV Client Detection 








5815 Dropbox Client Retrieval Detection 

5818 Google Chrome < 10.0.648.133 Code Execution Vulnerability 


5827 


Flash Player < 10.2.152.33 Unspecified Memory Corruption 

(APSB11-05) 

5842 Mozilla Firefox 3.6.x < 3.6.16 Invalid HTTP Certificates 

5843 Mozilla Firefox 3.5.x < 3.5.18 Invalid HTTP Certificates 

5844 Mozilla SeaMonkey 2.0.x < 2.0.13 Invalid HTTP Certificates 


5846 VLC Media Player < 1.1.8 Multiple Buffer Overflows 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

51937 

51935 

N/A 

52535 

52501 

52531 

52530 

52533 

52589 

52613 

N/A 

52657 

52713 

52673 

52767 

52766 

52769 

52975 

52976 


5883 VLC Media Player < 1.1.9 Heap Corruption Vulnerability 

5886 





5892 

Flash Player < 10.2.159.1 Unspecified Memory Corruption 

(APSB11-07) 

5894 iTunes < 10.2.2 Multiple Vulnerabilities 







5916 Flash Player < 10.3.181.14 Multiple Vulnerabilities (APSB11-12) 

5925 Opera < 11.11 Frameset Memory Corruption 



5941 Flash Player < 10.3.181.22 Cross-Site Scripting (APSB11-13) 



5946 VLC Media Player < 1.1.10 XSPF Playlist Parser Integer Overflow 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

53405 

53409 

53411 

53392 

53472 

53489 

53569 

53593 

53594 

53595 

53597 

53879 

54299 

54587 

54647 

54973 

54988 

54989 

55024 

5964 Mozilla Firefox 3.6.x < 3.6.18 Multiple Vulnerabilities Web 55418 


5965 Mozilla Firefox > 4.0 and < 5.0 Multiple Vulnerabilities 

Clients 

Web 

Clients 

5967 Flash Player < 10.3.181.26 Code Execution Vulnerability (APSB11-18) Web 

Clients 



5987 

VLC Media Player > 0.5.0 and < 1.1.11 Multiple Code Execution 




5994 ClamAV < 0.97.2 'cli_hm_scan' Denial of Service 




6008 Mozilla Firefox 5.0 Multiple Vulnerabilities 

6009 Mozilla Firefox 3.6 < 3.6.20 Multiple Vulnerabilities 

6012 Mozilla SeaMonkey 2.x < 2.3.0 Multiple Vulnerabilities 




6020 Google Chrome < 13.0.782.218 Out of Date CA List 



Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

55419 

55141 

55460 

55470 

55608 

55506 

55369 

N/A 

55765 

55764 

55804 

55902 

55901 

55885 

55959 

56042 

56023 

56241 

56230 



6027 Mozilla Firefox 3.6 < 3.6.23 Multiple Vulnerabilities 






6044 ClamAV < 0.97.3 Unspecified Denial of Service 


6051 Apple iTunes Client Detection 



6054 Novell iPrint Client < 5.72 Code Execution Vulnerability 

6063 PS3 Login Detection 

6064 PS3 Version Detection 



6096 Apple iOS 3.0 through 5.0 Multiple Vulnerabilities 

6097 



(APSB11-26) 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

56259 

56334 

56335 

56337 

56391 

56470 

56483 

N/A 

56650 

N/A 

56667 

56585 

56682 

N/A 

N/A 

56779 

56920 

N/A 

56875 

6098 iTunes < 10.5.1 Update Authenticity Verification Weakness Web 56873 





6244 Java version detection 

6245 Flash Player version detection 






6308 Mozilla Thunderbird 9.0 Multiple Vulnerabilities 

6309 Mozilla Thunderbird 3.1.x Multiple Vulnerabilities 


6311 Real Networks RealPlayer < 15.0.2.72 Multiple Vulnerabilities 


6315 Novell iPrint Client < 5.78 Multiple Code Execution Vulnerabilities 


6324 Mozilla Firefox 10.x < 10.0.1 Memory Corruption 

6325 


Mozilla Firefox 10.x < 10.0.2 'png_decompress_chunk' Integer 

Overflow 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

57039 

57288 

57359 

N/A 

N/A 

57468 

57666 

57751 

57773 

57774 

57775 

57776 

57772 

57863 

57876 

57890 

57974 

57919 

58005 


6326 Mozilla Thunderbird 10.x < 10.0.1 Memory Corruption 

6327 

Mozilla Thunderbird 10.x < 10.0.2 'png_decompress_chunk' Integer 

Overflow 

6328 Mozilla SeaMonkey 2.x < 2.7.1 Memory Corruption 

6329 

Mozilla SeaMonkey 2.x < 2.7.2 'png_decompress_chunk' Integer 

Overflow 


6344 Apple iOS 3.0 through 5.0.1 Multiple Vulnerabilities 



6348 Google Chrome < 17.0.963.78 Code Multiple Vulnerabilities 

6349 Google Chrome < 17.0.963.79 Memory Corruption Vulnerabilities 

6350 Mozilla Firefox 10.x < 10.0.3 Multiple Vulnerabilities 




6354 Mozilla SeaMonkey 2.x < 2.8 Multiple Vulnerabilities 

6355 VLC Media Player < 2.0.1 Multiple Code Execution Vulnerabilities 





Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

57920 

58075 

57921 

58009 

58206 

N/A 

58320 

58323 

58328 

58342 

58353 

58354 

58355 

58356 

58352 

58416 

58434 

N/A 

58536 

6403 Google Chrome < 18.0.1025.151 Multiple Vulnerabilities Web 58644 


6455 



6460 Skype Client Detection 

6480 Epiphany Browser Version Detection 

6481 Apple iOS 3.0 through 5.1 Multiple Vulnerabilities 







6497 Mozilla Firefox 12.x < 12 Multiple Vulnerabilities 

6500 iTunes < 10.6.3 Multiple Vulnerabilities 

6501 Facebook SocialCam Application Detection 

6503 Facebook Viddy Application Detection 

6504 Facebook Viddy Application Detection 

6505 Flash player version detection 

6506 Adobe Media player version detection 

6507 Outlook Social Connector version detection 



Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

55908 

N/A 

N/A 

N/A 

59069 

59117 

59173 

59113 

59255 

59411 

59407 

59499 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

59735 



6514 Java version detection 

6518 

VLC Media Player < 2.0.2 Ogg_DecodePacket Function OGG File 


6519 Mozilla Firefox 13.x < 13 Multiple Vulnerabilities 




6534 Mozilla Firefox Android client 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

6536 Google Chrome < 21.0.1180.60 Multiple PDF Viewer Vulnerabilities Web 

Clients 

6544 Flash Player < 11.3.300.271 Code Execution (APSB12-18) 

6545 


(APSB12-14) 

6548 VMWare VI Client Version Detection 

6549 Sophos Anti-virus Version Detection 


6554 Oracle Java SE 7 < 

6555 Flash Player < 

6559 Mozilla Firefox 14.x < 



6562 Opera < 12.02 Truncated Dialog Vulnerability 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

59958 

N/A 

60049 

60043 

60046 

60127 

61381 

N/A 

61462 

61551 

59428 

N/A 

N/A 

61414 

61681 

61623 

61715 

61718 

61732 

6563 Google Chrome < 21.0.1180.89 Multiple Vulnerabilities Web 61774 


6566 Mac Outlook Client Version Detection 



6582 Mac OS X : Safari < 6.0.1 Multiple Vulnerabilities 

6589 Apple iOS < 6.0 Multiple Vulnerabilities 








6605 BigFix Client Detection 

6606 BigFix Client Version Detection 

6608 BigFix Server Detection 

6612 BigFix Client Patch Update 


6615 Apple iOS < 6.0.1 Multiple Vulnerabilities 



Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

N/A 

62065 

62077 

62216 

N/A 

62313 

62467 

62480 

62518 

62519 

62580 

62583 

N/A 

N/A 

N/A 

N/A 

62747 

62803 

62861 


6617 Steam Valve Client Detection 


6620 QuickTime < 7.7.3 Multiple Vulnerabilities (Windows) 


6622 Mac OS X : Safari < 6.0.2 Multiple Vulnerabilities 


6626 Mozilla SeaMonkey 2.x < 








6650 Netsuite Client Detection 






Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

N/A 

62821 

62890 

62984 

62802 

62998 

63001 

63063 

63110 

63232 

63242 

63242 

63242 

63301 

N/A 

63289 

62836 

62836 

62836 

6658 VLC Media Player < 2.0.5 Multiple Vulnerabilities Web 63381 


6659 Red Hat Satellite Client Communication 

6660 Red Hat Satellite Client Communication 







6670 Mozilla SeaMonkey 2.x < 


6679 Apple iOS < 6.1 Multiple Vulnerabilities 






6693 SeaMonkey < 2.16 Multiple Vulnerabilities 



Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

Web 

Clients 

6699 Oracle Java SE Multiple Vulnerabilities (February 2013 CPU Update 1) Web 

Clients 

N/A 

N/A 

63468 

63521 

63450 

63450 

63450 

63551 

63554 

63645 

64287 

64363 

64454 

64506 

64584 

64723 

N/A 

64813 

64790 




Family Web Servers 


ID 


ID 

1103 Weak SSL Ciphers Supported 



1133 Web Server SSLv3 Detection 



1139 SHOUTcast Media Server Detection 

1157 NetWare Apache Web Server Detection 

1160 Sami HTTP Server 1.0.4 GET Request Remote Overflow 

1161 Jigsaw < 2.2.4 URI Parsing Remote Code Execution 

1167 

1169 

Apache-SSL < 1.3.29 / 1.53 SSLVerifyClient SSLFakeBasicAuth Client 

Certificate Forgery 

Finjan SurfinGate Proxy FHTTP Command Admin Functions 

Authentication Bypass 

1205 Apache HTTP Server < 2.0.49 mod_ssl Plain HTTP Request DoS 

1209 MetaSploit Framework Web Server Detection 

1211 HP Jet Admin 7.x Traversal Arbitrary Command Execution 

1212 Squid Proxy < 2.5.STABLE6 %xx URL Encoding ACL Bypass 

1213 Oracle Application Server Web Cache Multiple Vulnerabilities 

1221 Apache < 1.3.31 / 2.0.49 Error Log Escape Sequence Injection 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

10863 

10863 

10863 

N/A 

N/A 

N/A 

N/A 

N/A 

12073 

12071 

12046 

12036 

12100 

N/A 

12120 

12124 

12126 

12239 

Family Web Servers 176

1237 Apache Input Header Folding Remote DoS 

1238 Trojan/Backdoor - Apache mod_rootme Detection 

1242 Microsoft Outlook Web Access (OWA) Version Detection 

1442 Web Server Detection 

1443 Apache < 2.0.46 Multiple Vulnerabilities 

1444 Zope < 2.1.7 DocumentTemplate Unauthorized Modification 

1445 Zope < 2.2.5 Multiple Vulnerabilities 

1446 

Zope < 2.3.3 ZClass Permission Mapping Modification Local Privilege 

Escalation 

1447 Zeus < 3.3.5a Web Server Null Byte Request CGI Source Disclosure 

1448 Webserver4everyone < 1.30 URI Overflow 

1449 WebsitePro

1459 UltraSeek < 4.0 Malformed URL DoS 

1460 UltraSeek Server Detection 

1461 Tripwire for WebPages Installation Disclosure 

1462 Apache Tomcat /status Information Disclosure 

1463 Apache Tomcat < 4.x JSP Source Code Disclosure 

1464 Apache Tomcat Snoop Servlet Remote Information Disclosure 

1465 Jakarta Tomcat < 3.2.1 Path Disclosure 

1466 Apache Tomcat < 3.3.1a Directory Listing and File Disclosure 

1467 Apache Tomcat < 3.3.1a Servlet Engine MS/DOS Device Name DoS 

1468 thttpd < 2.20 ssi Servlet Traversal File Access 

1469 thttpd < 2.05 If-Modified-Since Header Remote Overflow 

1470 SWAT Server Detection 

1471 Sun Cobalt Adaptative Firewall Detection 

1472 StrongHold Web Server Detection 

1473 StrongHold < 3.0 build 3015 System File Disclosure 

1474 StrongHold < 3.0 build 3015 File System Disclosure 

1475 Abyss Web Server < 1.1.4 HTTP GET Header Remote DoS 

1476 PHP < 4.2.2 Malformed POST Requests 

1477 PHP < 4.3.1 CGI Module File Access 


Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

10542 

N/A 

10743 

11218 

11176 

10478 

10807 

11438 

11150 

10523 

10286 

10273 

N/A 

11230 

10803 

10803 

11521 

11050 

11237 


1478 PHP < 3.0.17 / 4.0.3 Hidden Form Field File Upload 

1479 PHP < 4.0.4 IMAP Module Overflow 

1480 PHP < 3.0.17 / 4.0.3 Error Log Command Injection 

1481 PHP < 4.2.3 Mail Function Header Spoofing 

1482 PHP < 4.0.4 php.cgi Shell Access Overflow 

1483 PHP < 4.1.0 Safe Mode Mail Function Command Execution 

1484 PHP < 4.3.2 Multiple Function Remote Overflows 

1485 PHP < 4.1.2 POST Request file_upload Overflow 

1486 RemotelyAnywhere Web Server Detection 

1487 Alibaba 2.0 HTTP Request Overflow DoS 


1489 Apache < 2.0.43 HTTP POST Request Source Disclosure 

1490 Apache mod_auth_pgsql < 0.9.6 SQL Injection 

1491 Apache mod_auth_pg < 1.2b3 SQL Injection 


1492 Apache mod_auth_mysql < 1.10 SQL Injection 

1493 Apache mod_auth_oracle < 0.52 SQL Injection 

1494 Apache mod_auth_pgsql_sys < 0.9.5 SQL Injection 

1495 Apache Chunked Encoding Remote Overflow / DoS 

1496 Apache-SSL < 1.47 mod_ssl i2d_SSL_SESSION Function Overflow 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

10513 

10628 

10535 

11444 

N/A 

12307 

11468 

N/A 

10920 

10012 

11137 

11408 

10752 

10752 

10752 

10752 

10752 

11030 

10918 

1497 Apache < 2.0.44 MS-DOS Device Name DoS / Code Execution Web 11209 


1498 Apache < 2.0.40 Win32 Directory Traversal File Access 

1499 Apache < 2.0.44 File Access on Win32 

1500 BadBlue < 2.3 ISAPI Extension Administrative Actions Bypass 

1501 BitKeeper 3.0.x Remote Command Execution 

1502 Communigate Pro < 3.2 HTTP Configuration Port Remote Overflow 

1503 Compaq WBEM Server Detection 

1504 Lotus Domino < 5.0.12 / 6.0.1 Multiple Vulnerabilities 

1505 Domino < 5.0.7 NSF File Request Directory Traversal File Access 

1506 dwhttpd < 4.2 GET Request Remote Format String 

1507 IMail < 7.0.6 Account Hijacking 

1508 LocalWeb2000 2.10 Crafted Request File Disclosure 

1509 Apache mod_frontpage < 1.6.1 Remote Overflow 

1510 Apache mod_jk < 1.2.1 Chunked Encoding DoS 

1511 Apache mod_python < 2.7.8 Imported Function Access 

1512 Apache mod_ssl < 2.8.10 Off-by-one Overflow 

1513 Apache mod_ssl Session Cache Code Overflow 

1514 Monkey HTTP Daemon < 0.6.2 POST Request Remote Overflow 

1515 OpenSSL Private Key Disclosure 


1516 Oracle WebCache Server < 2.0.0.3.x Multiple Vulnerabilities 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

11092 

11210 

11554 

11198 

10048 

10746 

11338 

11344 

11075 

11271 

11005 

11303 

11519 

10947 

11039 

10888 

11544 

11267 

10808 


1517 Resin < 2.1s020604 MS-DOS Device Path Disclosure 

1518 Savant < 3.0 GET Request CGI Source Disclosure 

1519 Pi3Web WebServer < 2.0.1 CGI Handler Overflow 

1520 Shoutcast Multiple GET Request Remote DoS 

1521 AnalogX SimpleServer:WWW < 1.2 Remote DoS 

1522 thttpd < 2.05 If-Modified-Since Header Overflow 

1523 Squid < 2.4.STABLE6 Multiple Overflows 

1524 Squid Proxy mkdir-only PUT Request DoS 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

1525 BEA WebLogic < 5.1.0 SP8 Hex-encoded Request JSP Source Disclosure Web 

Servers 

1526 

BEA WebLogic < 6.1 SP2 Encoded Null Byte Request JSP Source 

Disclosure 

1527 SHOUTcast Server Log Files XSS 

1529 mod_ssl < 2.8.10 Wildcard DNS Server Name XSS 

1531 eServ HTTP Connection Saturation Memory Leak Remote DoS 

1535 Apache < 2.0.46 on OS/2 filestat.c Device Name Request DoS 

1536 BEA WebLogic Server GET Request Name Disclosure 

1538 BEA WebLogic < 5.1 SP 11 JSP Source Disclosure 

1541 NetCharts Server Default Password 

1544 JetDB Direct Request Database Download 


1545 YaBB SE < 1.5.2 Remote File Inclusion and SQL Injection 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

11048 

N/A 

11099 

10717 

11305 

10285 

10923 

10768 

10715 

10949 

11624 

11622 

11619 

11607 

11606 

11604 

11600 

N/A 

11588 

1546 XMB < 1.8 SP1 member.php SQL Injection Web 11587 


1547 Sambar Cleartext Password Remote Disclosure 

1550 

thttpd < 2.24 Host:' Header Traversal File Access / libhttpd.c defang 

Overflow 

1552 CommuniGate Pro < 4.0 .1b2 Referer Field Hijacking 

1554 BadBlue < 2.2 Unspecified Admin Access 

1556 mod_NTLM Overflow / Format String 

1560 Xeneo Web Server < 2.1.5 GET Request Denial of Service 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

1561 Monkey HTTP Daemon < 0.6.2 PostMethod Function Remote Overflow Web 

Servers 

1566 Vignette StoryServer Information Disclosure 

1568 Linksys Router Default Password 

1570 Abyss Malformed GET Request Remote DoS 

1571 mod_jk Chunked Encoding DoS 

1572 AutomatedShops webc.cgi Multiple Overflows 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

1573 NETGEAR ProSafe Router Password Disclosure / Port Filtering Bypass Web 

Servers 

1574 Ecartis User Password Reset Privilege Escalation 

1575 Sambar Default 'billy-bob' Account 

1576 Sambar Default Admin Account 

1577 Sambar Default Anonymous Account 


1580 Advanced Poll info.php Information Disclosure 

1581 Advanced Poll info.php Information Disclosure 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

11585 

11576 

11567 

N/A 

11552 

11546 

11544 

11526 

11522 

11521 

11519 

11516 

11514 

11505 

11493 

11493 

11493 

11487 

11487 


1583 Microsoft IIS UNC Mapped Virtual Host Source Disclosure 

1585 WebDAV Enabled 

Web 

Servers 

Web 

Servers 

1586 Sun ONE (iPlanet) Application Server < 6.5 SP1 NSAPI Plugin Overflow Web 

Servers 

1587 Lotus Domino < 6.0.1 Multiple Overflows 

1590 Proxy Accepts gopher:// Protocol Requests 

1591 PHP-Nuke Software Detection 

1593 

Oracle 9iAS SOAP Default Configuration Unauthenticated Application 

Deployment 

1594 Oracle 9iAS .JSP File Request Default Error Information Disclosure 

1595 Phorum < 3.4.3 Message Post XSS 

1596 WebGUI < 5.2.4 Crafted HTTP Request DoS 


1597 Web Server .mdb File Remote Information Disclosure 

1599 Wireless Access Point (WAP) Detection (HTTP) 

1600 D-Link Wireless Access Point (WAP) Detection (HTTP) 

1601 Cisco Wireless Access Point (WAP) Detection (HTTP) 

1602 Cisco Wireless Access Point (WAP) Detection (HTTP) 

1603 Linksys Wireless Access Point (WAP) Detection (HTTP) 

1604 Linksys WRT Wireless Access Point (WAP) Detection (HTTP) 

1605 Linksys BEFW Wireless Access Point (WAP) Detection (HTTP) 

1606 Linksys WPG Wireless Access Point (WAP) Detection (HTTP) 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

11443 

11424 

11403 

11386 

11305 

11236 

11227 

11226 

N/A 

N/A 

N/A 

11026 

11026 

11026 

11026 

11026 

11026 

11026 

11026 

1607 SOHO Wireless Access Point (WAP) Detection (HTTP) Web 11026 



1608 Buffalo WBR-G54 Wireless Access Point (WAP) Detection (HTTP) 

1609 R2 Wireless Access Point (WAP) Detection (HTTP) 













1622 NETGEAR Wireless Access Point (WAP) Detection (HTTP) 

1623 NETGEAR Wireless Access Point (WAP) Detection (HTTP) 

1624 Broadcom Wireless Access Point (WAP) Detection (HTTP) 

1625 Apache < 1.3.14 Multiple Forward Slash Directory Listing 

1626 Stalkerlab Mailers CGIMail.exe Arbitrary File Retrieval 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

11026 

11026 

11026 

11026 

11026 

11026 

11026 

11026 

11026 

11026 

11026 

11026 

11026 

11026 

11026 

11026 

11026 

10440 

11721 


1627 Trend Micro Virus Buster cgiWebupdate.exe Arbitrary File Access 

1628 PDGSoft Shopping Cart redirect.exe Remote Overflow 

1629 PDGSoft Shopping Cart changepw.exe Remote Overflow 

1630 counter.exe Detection 

1631 WebLogic FileServlet Source Code Disclosure 

1632 CSNews.cgi Arbitrary File Access 

1633 NetWin CWMail.exe < 2.8a Remote Overflow 

1634 

Excite for Web Servers (EWS) AT-admin.cgi Remote Password 

Disclosure 

1635 CSMailto.cgi Multiple Vulnerabilities 

1636 UltraBoard UltraBoard.cgi Arbitrary File Access 

1637 UltraBoard UltraBoard.pl Arbitrary File Access 

1638 YaBB YaBB.cgi num Parameter XSS 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

1639 Drummond Miles A1Statistics a1disp4.cgi Traversal Arbitrary File Read Web 

Servers 

1640 Cobalt RAQ alert.cgi XSS 

1641 Aplio Internet Phone authenticate.cgi Arbitrary Command Execution 

1642 Extropia WebBBS bbs_forum.cgi Remote Command Execution 

1643 BNBForm bnbform.cgi Automessage Arbitrary File Retrieval 

1644 


bsguest.cgi Guestbook Email Address Variable Arbitrary Command 

Execution 

1645 bslist.cgi Email Address Variable Arbitrary Command Execution 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

1646 Aktivate Shopping System catgy.cgi desc Parameter XSS Web N/A 

11722 

11723 

11723 

11725 

11724 

11726 

11727 

N/A 

11748 

11748 

Family Web Servers 185 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A

1647 cgforum.cgi Multiple Vulnerabilities 

1648 classifieds.cgi Multiple Vulnerabilities 

1649 csPassword.cgi Multiple Vulnerabilities 

1650 cvsview2.cgi Multiple Vulnerabilities 

1651 cvslog.cgi Multiple Vulnerabilities 

1652 multidiff.cgi Multiple Vulnerabilities 

1653 dnewsweb.cgi Multiple Vulnerabilities 

1654 download.cgi Multiple Vulnerabilities 

1655 edit_action.cgi Multiple Vulnerabilities 

1656 emumail.cgi Multiple Vulnerabilities 

1657 everythingform.cgi Multiple Vulnerabilities 

1658 ezadmin.cgi Multiple Vulnerabilities 

1659 ezboard.cgi Multiple Vulnerabilities 

1660 ezman.cgi Multiple Vulnerabilities 

1661 ezadmin.cgi Multiple Vulnerabilities 

1662 FileSeek.cgi Multiple Vulnerabilities 

1663 fom.cgi Multiple Vulnerabilities 

1664 gbook.cgi Multiple Vulnerabilities 

1665 getdoc.cgi Multiple Vulnerabilities 


Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

11748 

N/A 

11748 

11748 

11748 

11748 

11748 

11748 

11748 

11748 

11748 

11748 

11748 

11748 

11748 

11748 

11748 

11748 

11748 


1666 global.cgi Multiple Vulnerabilities 

1667 guestserver.cgi Multiple Vulnerabilities 

1668 imageFolio.cgi Multiple Vulnerabilities 

1669 lastlines.cgi Multiple Vulnerabilities 

1670 mailfile.cgi Multiple Vulnerabilities 

1671 mailview.cgi Multiple Vulnerabilities 

1672 sendmessage.cgi Multiple Vulnerabilities 

1673 nsManager.cgi Multiple Vulnerabilities 

1674 perlshop.cgi Multiple Vulnerabilities 

1675 readmail.cgi Multiple Vulnerabilities 

1676 printmail.cgi Multiple Vulnerabilities 

1677 register.cgi Multiple Vulnerabilities 

1678 sendform.cgi Multiple Vulnerabilities 

1679 sendmessage.cgi Multiple Vulnerabilities 

1680 service.cgi Multiple Vulnerabilities 

1681 setpasswd.cgi Multiple Vulnerabilities 

1682 simplestmail.cgi Multiple Vulnerabilities 

1683 simplestguest.cgi Multiple Vulnerabilities 

1684 talkback.cgi Multiple Vulnerabilities 


Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

11748 

11748 

11748 

11748 

11748 

11748 

11748 

11748 

11748 

11748 

11748 

11748 

11748 

11748 

11748 

11748 

11748 

11748 

11748 

1685 ttawebtop.cgi Multiple Vulnerabilities Web 11748 


1686 ws_mail.cgi Multiple Vulnerabilities 

1688 Microsoft FrontPage Extensions Detection 



1691 

Microsoft IIS FrontPage Visual Studio RAD Support fp30reg.dll 

Overflow 

1692 Hosting Controller Multiple Script Arbitrary Directory Browsing 










1702 Microsoft IIS bdir.htr Directory Listing 

1703 Microsoft IIS 5.0 PROPFIND Remote DoS 


1704 Microsoft IIS viewcode.asp Arbitrary File Access 


Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

11748 

10077 

10077 

10077 

10699 

11745 

11746 

11745 

11746 

11745 

11746 

11745 

11746 

11745 

11746 

10577 

10667 

10576 

10576 







1711 ION ion-p.exe Traversal File Access 

1712 Netdynamics ndcgi.exe Previous User Session Replay 

1713 TrendMicro eManager Detection 

1714 AspUpload Multiple Script File Upload / Directory Traversal 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

1715 Lucent VitalNet VsSetCookie.exe Direct Request Authentication Bypass Web 

Servers 

1716 Netwin WebNews Webnews.exe Remote Overflow 

1717 Microsoft IIS Patch Level Detection (English versions only) 






1723 Apache Web Server Detection 

1724 Microsoft Web Server Detection 


Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

1725 Kerio Mailserver Embedded HTTP Server Multiple Unspecified Web N/A 

10576 

10576 

10576 

10576 

10576 

11729 

11730 

11747 

11746 

11731 

11732 


N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A

Vulnerabilities Servers 

1726 CuteNews show_archives.php XSS 

1727 QuiXplorer < 2.3.1 item Parameter Directory Traversal File Access 

1728 

AWStats Rawlog Plugin Logfile Parameter Arbitrary Command 

Execution 

1729 phpBB < 2.0 Multiple Vulnerabilities 

1730 WackoWiki < R4.0 TextSearch XSS 

1731 PScript PForum < 1.26 User Profile XSS 

1732 Powie PHP Forum < 1.15 Multiple Vulnerabilities 

1733 Sympa < 4.1.2 List Creation Authentication Bypass 

1762 Web Server JavaScript File (.js) Copyright Information 

1894 Oracle 9iAS Administrative Web Interface Authentication Weakness 

2120 thttpd < 2.20 Arbitrary World-Readable File Disclosure 

2121 THTTPD/Mini_HTTPD < 2.22 File Disclosure 

2122 THTTPD/Mini_HTTPD < 1.16 File Disclosure 

2123 thttpd < 2.21 Error Page XSS 

2124 thttpd/mini_httpd Virtual Hosting File Disclosure 

2125 thttpd/mini_httpd < 2.24 Virtual Hosting File Disclosure 

2126 thttpd CGI Test Script XSS 


2127 BadBlue Webserver Connection Saturation Remote DoS 

2134 libNSS Hello Challenge Remote Heap Overflow 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

11452 


N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A

2136 Icecast list.cgi User-Agent XSS 

2137 Icecast < 2.0.1 HTTP Basic Authentication Remote Overflow 

2138 

Icecast Server < 2.0.0 list_directory Function Traversal Directory 

Enumeration 

2139 Icecast < 1.3.12 Multiple Remote Buffer Overflows 

2140 Icecast < 1.3.10 Multiple Remote Buffer Overflows 

2141 Icecast < 1.3.12-1 HTTP GET Request Remote Overflow 

2142 Icecast Server < 1.3.10 Crafted URI Remote DoS 

2143 Icecast Server < 1.3.10 Directory Traversal Arbitrary File Access 

2144 Icecast < 1.3.10 print_client() Format String 

2147 Easy File Share Virtual Folders Arbitrary File Access 

2148 Easy File Sharing Large HTTP Request Remote DoS 

2164 Keene Digital Media Server Directory Traversal Arbitrary File Access 

2165 

Keene Digital Media Server < 1.0.4 Directory Traversal and 

Authentication Bypass 

2167 HastyMail HTML Attachment Content-Disposition Header XSS 

2170 4D WebStar < 5.3.3 FTP Pre-Authentication Overflow 

2171 4D WebStar < 5.3.3 Information Disclosure 

2172 Abyss < 1.1.6 httpd GET Request Remote Overflow 




Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

2175 Apache < 2.0.48 Multiple Vulnerabilities Web N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

14370 

14195 

14196 

11784 

11793 

11915 


2176 Argosoft HTTP GET Request Saturation Remote DoS 

2177 BadBlue < 2.3 ISAPI Module Remote Administrative Interface Access 

2178 CommuniGatePro < 4.1b2 Session Token Disclosure 

2179 Dune Web Server HTTP GET Request Remote Overflow 

2180 Microsoft IIS FrontPage Extensions Detection 

2181 

iPlanet Web Server < 4.1 SP7 URL-Encoded Host: Information 

Disclosure 

2182 MyServer < 

2183 OpenSSL < 0.9.6m / 0.9.7d Multiple DoS 

2184 Pi3Web Webserver < 2.0.3 HTTP GET Request Overflow DoS 

2185 

Squid Remote NTLM Authentication Password Handling Remote 

Overflow 

2186 WebServer 4D HTTP GET Request Remote Overflow 

2192 pLog register.php HTML Injection 

2193 dasBlog Multiple HTTP Headers HTML Injection 

2194 Cerbere Proxy Server Long Host Header Field Overflow DoS 

2253 CuteNews < 


2255 Squid NTLM Authentication NTLMSSP Packet Remote DoS 

2260 phpMyBackupPro < 1.0.0 Multiple Input Sanitization Vulnerabilities 

2261 Keene Digital Media Server Multiple XSS 


Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

11734 

11641 

11567 

11751 

11923 

11856 

11770 

12110 

11695 

12294 

11560 

N/A 

N/A 

N/A 

17256 


N/A 

N/A 

N/A 

N/A

2262 Keene Digital Media Server Multiple Script Authentication Bypass 

2263 Ipswitch WhatsUp Gold prn.htm GET Request Remote DoS 

2264 Ipswitch WhatsUp Gold Notification Instance Name Remote Overflow 

2276 Apache < 2.0.51 mod_ssl Rewrite Rules DoS 

2282 BEA WebLogic < 8.1.0 SP 3 Multiple Vulnerabilities 

2286 PHP Arbitrary File Upload 

2290 Apache < 2.0.51 ${ENVVAR} Local Overflow 

2291 Apache < 2.0.51 mod_dav DAV LOCK Command Remote DoS 

2292 Apache < 2.0.51 IPv6 Remote Buffer Overflow 

2293 myServer < 0.7.1 Directory Traversal Arbitrary File Access 

2303 HTML Comment 'href' Link Obfuscation 

2307 Rhinosoft DNS4Me Multiple Vulnerabilities 

2309 Apache < 2.0.52-dev 'Satisfy' Directive Access Control Bypass 

2314 EmuLive Server4 Authentication Bypass / DoS 

2316 Macromedia JRun Multiple Vulnerabilities 

2328 BroadBoard Message Board Detection 

2329 BroadBoard Message Board SQL Injection 

2330 MegaBBS ASP Forum SQL Injection 


2333 @lex Guestbook livre_include.php Remote File Inclusion 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

2335 Icecast < 2.0.2 Multiple HTTP Headers Remote Overflow Web N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

14770 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

14810 

N/A 

14828 

N/A 

14830 


2339 W-Agora Multiple Input Validation Vulnerabilities 

2342 AJ-Fork Permission Weakness Information Disclosure 

2343 Bblog Blog Software Detection 

2346 BugPort < 1.134 Remote Privilege Escalation 

2348 NetworkActive Web Server Resource Exhaustion DoS 

2350 PHPLinks SQL Injection 

2351 Jetty Web Server < 4.2.4 Directory Traversal Arbitrary File Access 

2354 PHP < 5.0.2 Open Bracket Memory Disclosure 

2355 DCP-Portal < 6.1 Multiple Vulnerabilities 

2356 WordPress BLOG < 1.2.1 wp-login.php HTTP Response Splitting 

2357 Helix RealServer Remote Integer Handling DoS 

2363 Squid < 2.5.STABLE7 SNMP ASN.1 Parser Remote DoS 

2364 CJOverkill < 4.0.4 trade.php XSS 

2365 IceWarp Web Mail < 5.3.0 Multiple Vulnerabilities 

2367 Serendipity < 0.7.0rc1 HTTP Response Splitting 

2378 PHPList < 2.6.5 Multiple Remote Vulnerabilities 

2382 Caudium Web Server < 1.4.4 RC2 Malformed URI DoS 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

2383 Cherokee Web Server < 0.4.17.1 auth_pam Authentication Format String Web 

Servers 

2386 MailPost.exe Multiple Vulnerabilities 


Web 

Servers 

15402 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

15463 

15462 

15469 

15543 

N/A 

N/A 

N/A 

15626 


2387 IceWarp Web Mail < 5.3.1 Multiple Vulnerabilities (2) 

2388 Moodle < 1.4.3 Glossary Module SQL Injection 

2389 Gallery < 1.4.4-p12 Unspecified HTML Injection 

2390 Helm Control Panel < 3.1.20 Multiple Input Validation Vulnerabilities 

2391 cPanel Front Page Extension Installation Information Disclosure 

2392 cPanel Remote Backup Module Information Disclosure 

2400 04WebServer Multiple Remote Vulnerabilities 

2408 Ipswitch IMail Server < 8.14.0 Delete Command Buffer Overflow 

2437 JanaServer < 2.4.5 Multiple Remote DoS 

2448 

Squid Proxy Failed DNS Lookup Random Error Messages Information 

Disclosure 

2450 OpenText FirstClass HTTP Daemon Search DoS 

2460 PHP < 4.3.10 / 5.0.3 Multiple Vulnerabilities 

2461 

IBM WebSphere Commerce Database Update Default User Information 

Disclosure 

2476 SHOUTcast < 1.9.5 Filename Remote Format String 

2490 Big Sister Information Leak 

2491 Squid Server Report Information Disclosure 

2492 Ganglia Cluster Report Information Disclosure 

2493 WebLog Information Disclosure 

2494 Getstats Report Information Disclosure 


Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

2495 wwwstat Report Information Disclosure Web N/A 

15643 

15639 

15624 

N/A 

N/A 

18540 

N/A 

N/A 

15862 

15929 

15934 

15973 

N/A 

16064 


N/A 

N/A 

N/A 

N/A 

N/A

2496 Hassan Shopping Cart Detection 

Servers 

Web 

Servers 

2497 Cisco 'tech-support' Anonymous User Debugging Information Disclosure Web 

Servers 

2498 Xerox Default Administrative Web Page Detection 

2499 Mnogosearch search.cgi Detection 

2500 Gallery Configuration Mode Authentication Bypass 

2504 Awstats Web Statistics Server Detection 

2506 Webalizer Report Information Disclosure 

2507 osCommerce Admin Interface Detection 

2508 Terminal Services Web Detection 

2509 Nessus Scan Report Disclosure 

2510 ISS Scan Report Disclosure 

2511 Big Brother Information Disclosure 

2514 SNAP Network Attached Server Administration Page 

2515 MikroTik Router Detection 

2516 Oracle HTTP Listener Default Web Page Detection 

2520 Squid Proxy < 2.5.STABLE8 Multiple Vulnerabilities 

2527 Siteman forum.php page Parameter XSS 

2528 MaxDB WebSQL < 7.5.00.18 Remote Overflow 

2536 SparkleBlog journal.php SQL Injection 


Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

N/A 

N/A 

N/A 

11735 

N/A 

N/A 

N/A 

N/A 

12234 

N/A 

N/A 

N/A 

N/A 

N/A 

10849 


N/A 

N/A 

N/A 

N/A

2537 

Squid Proxy < 2.5.STABLE8 Gopher, WCCP, and Cache Poisoning 


2538 NETGEAR Router Detection 

2539 NETGEAR Router Log Viewer XSS 

2540 Ocean12 ASP Calendar Administrative Interface Access 

2552 3[APA3A] Proxy Remote Overflow 

2553 3[APA3A] Proxy Detection 

2565 MRTG Web Application Detection 

2566 Mercury Test Director Application Detection 

2567 Lotus Domino Address Book Information Disclosure 

2569 CoolForum < 0.8 SQL Injection 

2570 WebWasher Proxy Server < 3.4 Detection 

2571 WebWasher Proxy Server Detection 


2572 Alt-N WebAdmin < 3.0.3 Multiple Remote Vulnerabilities 

2573 IceWarp Web Mail < 5.3.3 Multiple Vulnerabilities (3) 

2575 phpPGAds/phpAdNew < 2.0.2 HTTP Response Splitting 

2586 Ventia DeskNow Multiple Remote Vulnerabilities 

2587 Savant Web Server Multiple Remote Overflows 

2589 Mambo Content Server < 4.5.1b Detection Global Variables Overwrite 

2590 Sunshop < 3.4RC2 index.php search Parameter XSS 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

2594 RaidenHTTPd < 1.1.31 Crafted Request Remote File Access Web N/A 

16190 

N/A 

N/A 

15974 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

16271 

16273 

16276 

N/A 

N/A 

16312 


N/A

2608 Apache mod_python < 3.1.4 Information Disclosure 

2612 IBM WebSphere JSP Engine Source Disclosure 

2615 BEA WebLogic < 8.1.0 SP4 Information Disclosure 

2620 Sami HTTP Server v1.0.5 Remote Overflow 

2623 Compaq WBEM < 5.96 Multiple Remote Overflows 

2624 Lighttpd < 1.3.8 CGI Source Disclosure 

2625 DCP-Portal < 6.1.2 Multiple SQL Injection 

2632 TrackerCam Multiple Remote Overflows 

2638 Mambo Content Server Detection Global Variables Overwrite 

2657 BadBlue < 2.60 'GET' Request Remote Overflow 

2659 Policy - WebMod Gaming HTTP Server Detection 

2660 WebMod < 0.48 HTTP Server 'Content-Length' Heap Overflow 

2664 RaidenHTTPd < 1.1.33 Remote Buffer Overflow 

2669 

Squid < 2.5.STABLE10 Set-Cookie Authentication Information 

Disclosure 

2670 CProxy Directory Traversal Arbitrary File Access / DoS 

2677 Sun WebServer Detection 

2701 Apache Tomcat AJP12 Protocol Remote DoS 

2705 Phorum < 5.0.15 HTML Injection 

2708 Dell Remote Access Controller Detection 


Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

N/A 

N/A 

N/A 

16468 

17997 

16475 

16478 

N/A 

18495 

N/A 

N/A 

N/A 

17243 

N/A 

N/A 

N/A 

17322 

17596 


N/A

2712 IBM WebSphere 'ResetPassword' Information Disclosure 

2714 Jetty < 4.2.19 HttpRequest.java Content-Length DoS 

2724 Icecast Multiple Vulnerabilities 

2727 Panasonic Camera Detection 

2728 MOBOTIX AG Camera Detection 

2729 AXIS Camera Detection 

2733 SAP Internet Transaction Server Version Detection 

2741 Sun Cobalt RAQ Server Detection 

2744 Apache < 2.0.50 Input Header Folding and mod_ssl DoS 

2775 AOLServer Multiple Remote Vulnerabilities 

2782 PHP Remote getimagesize DoS 

2790 

CommuniGatePro < 4.3c3 Undisclosed LISTS Module Multipart Message 

DoS 

2800 Lotus Domino Server < 6.5.3 Web Service Remote DoS 

2804 ColdFusion MX Server Detection 

2805 ColdFusion MX Server Detection 

2806 ColdFusion < 7.0 MX File Disclosure 

2810 Autocomplete Not Disabled for 'Password' Field 

2825 IBM WebSphere JSP Source Disclosure / XSS Vulnerabilities 

2830 Oracle Application Server 10g Detection 


Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

2831 Oracle Application Server J2EE Container Detection Web N/A 

17337 

17348 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

12293 

N/A 

18033 

17985 

17991 


N/A 

N/A 

N/A 

N/A 

N/A 

N/A

2835 Monkey HTTP Daemon < 0.9.1 Multiple Vulnerabilities 

2842 webcamXP < 2.16.478 Chat Name HTML Injection 

2845 SunOne Web Proxy < 3.6 SP7 Unspecified Remote Buffer Overflows 

2860 

Fastream NETFile < 7.5.0 Beta 7 Directory Traversal Arbitrary File 

Access 

2862 BEA WebLogic < 8.1 SP5 Multiple Vulnerabilities 

2866 

2870 

Oracle Application Server Web Cache OHS mod_access Authentication 

Bypass 

Lotus Domino Server Web Service NRPC Authentication Format String 

DoS 

2881 Oracle Application Server < 10.1.0.0.3 Privilege Escalation 

2882 Oracle Application Server < 10.1.0.0.4 Logging Service Interruption 

2883 

Software602 602Pro LAN SUITE < 2004.0.05.0509 Directory Traversal 


2884 Apache htdigest realm Variable Overflow 

2890 GeoVision Digital Surveillance System Detection 

2891 GeoVision Digital Surveillance System Detection 

2892 myServer Multiple Vulnerabilities 

2893 ColdFusion Error Page XSS 

2896 Woppoware Postmaster < 4.2.3 Multiple Vulnerabilities 

2940 Apache htpasswd Overflow 

2943 PeerCast < 0.1212 URL Error Message Format String 

2946 FlexCast < 2.0 Remote Overflow 


Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

N/A 

18122 

18114 

N/A 

18365 

18181 

N/A 

N/A 

N/A 

N/A 

N/A 

18220 

N/A 

18218 

N/A 

18246 

14771 

18417 

18429 


2947 Sawmill < 7.1.6 Multiple Vulnerabilities 

3014 Outlook Web Access with Exchange 5.5 SP4 XSS 

3019 YAWS < 1.56 Script File Source Code Disclosure 

3021 

3027 

JBoss Malformed HTTP Request Remote Configuration Information 

Disclosure 

IpSwitch WhatsUp < 2005 SP 1A Login.asp Multiple Parameter SQL 

Injection 

3042 Apache HTTP Request Parsing HTML Injection 

3057 Apache Webserver Valid Banner Check 

3063 Moodle < 1.5.1 Unspecified Vulnerability 

3105 Alt-N MDaemon < 8.0.4 IMAP Multiple Buffer Overflows 

3112 Apache < 2.0.55 HTTP Smuggling Vulnerability 

3114 Lotus Domino Server Multiple Information Disclosure Vulnerabilities 

3116 Generic Botnet Server Detection (Web Admin) 

3151 MDaemon < 8.1.0 Content Filter Traversal Arbitrary File Overwrite 

3152 PHPList admin/index.php id Parameter SQL Injection 

3156 NetworkActiv < 3.5.14 Multiple Parameter XSS 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

3171 W-Agora < 4.2.1 index.php site Parameter Traversal Arbitrary File Access Web 

Servers 

3196 BNBT P2P Tracking Detection 

3197 BNBT EasyTracker Malformed Request DoS 


3200 Barracuda Spam Firewall < Firmware 3.1.18 Multiple Vulnerabilities 

Web 

Servers 

Web 

Servers 

Web 

Servers 

18507 

18488 

18522 

18526 

18552 

N/A 

N/A 

N/A 

19252 

19296 

19309 

N/A 

19310 

N/A 

N/A 

N/A 

N/A 

19548 

19556 

3203 Phorum < 5.0.18 register.php XSS Web 19584 


3206 Squid sslConnectTimeout Function Remote DoS 

3212 ASP/ASA Source Using Microsoft Translate f: bug (IIS 5.1) 

3213 IIS Patch Level Detection (English Versions Only) 



3218 SunOne Web Proxy < 3.6 SP8 Unspecified DoS 

3219 Sawmill < 7.1.14 GET Request Query String XSS 

3221 Linksys Wireless Router < 4.20.7 Multiple Vulnerabilities 

3226 Lotus Domino Server Multiple XSS 

3230 CuteNews flood.db.php HTTP Header PHP Code Injection 

3247 Squid < 2.5 STABLE11 NTLM Authentication Header DoS 

3249 4D WebStar < 5.3.5 IMAP Mac OS Client DoS 

3262 PHP < 5.0.5 Multiple Vulnerabilities 

3263 Xerver < 4.20 Multiple Vulnerabilities 

3270 WindWeb < 

3273 PHP < 5.0.6 GLOBAL Variable Overwrite 

3279 CuteNews < 

3282 Acme thttpd < 2.24 CGI Test Script Symlink Arbitrary File Overwrite 

3283 PHPList < 2.10.3 Multiple Vulnerabilities 


Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

N/A 

19596 

N/A 

N/A 

N/A 

N/A 

19681 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

20062 

20097 


N/A 

N/A 

N/A 

N/A

3291 Moodle < 1.5.3 Multiple Scripts SQL Injection 

3295 Macromedia Flash < 2.0 Malformed RTMP Data DoS 

3301 Jetty < 5.16.0 JSP Source Code Disclosure 

3312 Nokia Intellisync Web Portal Detection 

3325 Sights 'N Sounds Media Server < 

3326 Sights 'N Sounds Media Server Detection 

3330 ColdFusion < 7.01 MX Multiple Vulnerabilities 

3347 Broadlogic XLT Router Default Password 

3348 'admin/1234' Default Password 

3358 Apache < 2.0.3 mod_auth_pgsql Module Server Log Format String 

3360 Apache < 1.6.1 auth_ldap Module Remote Format String 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

3367 BEA WebLogic < 8.1.0 SP6 MBeanHome Config Information Disclosure Web 

Servers 

3368 PHP < 5.1.2 mysqli Error Message Format String 


3387 Communigate Pro < 5.0.7 LDAP Module BER Decoding DoS 

3389 HTTP Proxy Detection 


3415 Communigate Pro < 5.0.8 LDAP Module BER Decoding DoS 

3416 Lotus Domino Server < 7.0.1 LDAP Component Unspecified DoS 

3419 McAfee ePolicy Orchestrator Server Detection 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

3437 Warez P2P Server/Client Detection Web N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

20813 

20827 

N/A 

20827 


N/A 

N/A

3438 Fedora DS Administration Server < 1.0.1 Information Disclosure 

3442 CherryPy < 2.1.1 staticfilter Directory Traversal Arbitrary File Access 

3443 ViRobot Linux Server filescan Authentication Bypass 

3444 Mambo Undisclosed Authentication Bypass 

3449 MDaemon < 8.15 IMAP Mail Folder Name Remote Overflow 

3450 Lighttpd < 1.4.10a Crafted Filename Request Source Disclosure 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

3451 NetworkActiv < 3.5.16 Crafted Filename Request Source Code Disclosure Web 

Servers 

3453 Apache mod_python < 3.2.8 Remote Command Execution 

3455 RaidenHTTPd < 1.1.48 Crafted Request Script Source Disclosure 

3456 SPLUNK Online Log Search Detection 

3458 Listserv < 14.5 Multiple Buffer Overflows 

3463 Acme thttpd < 2.26 htpasswd Utility Overflow 

3468 PeerCast < 0.1217 procConnectArgs Function Remote Overflow 

3470 Easy File Sharing Web Server Format String 

3478 Dwarf HTTP Server < 1.3.3 Multiple Vulnerabilities 

3486 Orion < 2.0.7 Crafted Filename Extension Source Code Disclosure 

3508 Cherokee Web Server < 0.5.1 XSS 


3524 Oracle 10g Application Server SQL Injection 


Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

20952 

20961 

20968 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

21016 

N/A 

21041 

21039 


N/A 

N/A 

N/A 

N/A 

N/A

3559 IBM WebSphere < 6.0.2.3 Authentication Bypass 

3618 BEA WebLogic Server Multiple Vulnerabilities 

3619 SonicWall Firewall Detection 

3621 Resin < 3.0.19 Directory Traversal and Path Disclosure Vulnerabilities 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

3625 WhatsUp Network Monitoring Tool Default Administrative Credentials Web 

Servers 

3634 MDaemon < 8.1.4 Remote Overflow 

3642 WinGate < 6.1.3 POST Request Buffer Overflow 

3645 

TIBCO < 7.5.1 Rendezvous HTTP Administrative Interface Remote 

Overflow 

3656 Mambo < 4.6.1 Login Function usercookie Cookie SQL Injection 

3679 CommuniGate Pro < 5.1c2 POP3 Overflow 

3680 Zope < 2.9.4 docutils Information Disclosure 

3681 

WinGate < 6.1.4 Build 1099 IMAP Service Traversal Arbitrary Mail 

Access 

3692 CheckPoint Firewall Default Web Server 

3702 ColdFusion Administrative Interface Authentication Bypass 

3723 IPCheck Server Monitor < 5.3.3.639 Traversal Arbitrary File Access 


3740 RaidenHTTPD SoftParserFileXml Parameter Remote File Inclusion 

3742 Moodle < 1.6.2 Multiple Vulnerabilities 


3752 SAP Internet Transaction Server (ITS) Detection 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

3755 OpenSSL < 0.9.7l / 0.9.8d Multiple Vulnerabilities Web N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

21674 

N/A 

N/A 

20827 

N/A 

N/A 

N/A 

N/A 

22205 

N/A 

22317 


N/A 

N/A

3758 Mercury SiteScope Server Detection 

3766 

McAfee ePolicy Orchestrator HTTP Server Source Header Remote 

Overflow 

3769 Asterisk VoIP Administrative Interface Detection 

3770 Cisco Call Manager (VoIP) Administrative Interface Detection 

3771 Cisco IP Phone Detection 

3792 ColdFusion < 

3802 FreePBX VoIP Administrative Interface Detection 

3809 Sun-One Application Server Version Detection 

3816 Apache mod_auth_kerb < 

3818 WinGate < 6.2.0 Compressed Name Pointer DoS 

3819 iTunes Detection 

3829 Web Server Type 

3830 Web Server Detection on Port Other Than TCP/80 

3831 FreePBX < 2.2.1 VoIP Input Validation Vulnerabilities 

3832 Xerox WorkCentre Detection 

3833 Xerox WorkCentre Version Detection 

3834 Xerox WorkCentre Multiple Vulnerabilities 



3877 Wireless Access Point (WAP) Web Server Detection 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

N/A 

22494 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

11026 


3887 Squid < 2.6 STABLE7 Multiple Vulnerabilities 

3898 Phorum < 5.1.19 register.php XSS 

3904 Jetty Non-random Session ID Vulnerability 

3910 

Firefox < 0.0.9 'Plain Old Webserver' (POW) Directory Traversal 


3913 Cisco VPN Concentrator Administrative Interface Detection 

3915 Microsoft FrontPage Version Detection 

3916 

3925 

3928 

LifeType < 1.1.6 rss.php profile Parameter Traversal Arbitrary File 

Access 

SQLiteManager include/config.inc.php SQLiteManager_currentTheme 

Cookie Local File Inclusion 

OrangeHRM < 2.1 alpha 5 login.php txtUserName Parameter SQL 

Injection 

3932 Apache TomCat mod_jk < 1.2.21 Worker Map Remote Overflow 

3942 LedgerSMB / SQL-Ledger Authentication Bypass 

3949 

Apache Tomcat < 5.5.23 / 6.0.10 Directory Traversal Arbitrary File 

Access 

3952 Squid < 2.6 STABLE12 TRACE Request DoS 

3961 F-Secure Product Server Detection 

3962 F-Secure Policy Manager fsmsh.dll Path Disclosure 

3969 Lighttpd < 1.4.14 Multiple DoS 

3972 Tivoli Provisioning Manager Detection 

3981 

Mambo < 4.6.2 includes/pdf.php dofreePDF Function Authentication 

Bypass 



Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

24356 

24726 

24743 

N/A 

24748 

N/A 

24873 

N/A 

15931 

N/A 

N/A 

N/A 

25159 

3992 Resin < 3.1.1 Directory Traversal Vulnerability (2) Web 25241 


4070 Openfire < 3.3.1 Admin Console Privilege Escalation 


4107 cPanel Remote Backup Information Disclosure 

4139 Tivoli Provisioning Manager < 

4165 Sun ONE Web Server Version Detection 

4166 WinGate < 6.2.2 Invalid SMTP State Remote DoS 

4167 Apache Tomcat < 


4206 Lighttpd < 1.4.18 mod_fastcgi HTTP Request Header Overflow 

4221 OpenSSL < 0.9.8f Multiple Vulnerabilities 

4225 HTTP Server Basic Authentication Detection 

4237 SQL-Ledger < 2.6.27 Multiple Fields SQL Injection 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

4245 Apache Tomcat < 6.0.15 WEBDAV Lock Request Information Disclosure Web 

Servers 

4246 Ruby Version Detection 

4247 Ruby on Rails Version Detection 

4248 Ruby on Rails < 1.2.5 Multiple Vulnerabilities 

4251 Oracle 10g Application Server SQL Injection 

4252 Avocent DSView Server Detection 

4263 Adaptec Storage Manager Server Detection 


Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

25343 

25368 

N/A 

N/A 

N/A 

25879 


N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A

4266 IBM Server RAID Manager Detection 

4270 WebSphere Server Version Detection 

4272 WebSphere SSL Server Detection 

4273 WebSphere UDDI Console Multiple Vulnerabilities 

4278 OrangeHRM < 2.2.2 RepViewController.php Privilege Escalation 


4282 Oracle Web Listener Version Detection 

4286 WebSphere HTML 'Expect' Header HTML Injection 

4293 Ability Mail Server < 2.61 Multiple Vulnerabilities 

4294 Microsoft Outlook Web Access (OWA) Version Detection 

4297 Sentinel Protection Server < 7.4.1 Directory Traversal File Access 

4299 Ruby on Rails < 1.2.6 Cookie Related Session Fixation 

4305 Squid < 2.6.STABLE18 Update Reply Processing DoS 

4307 Jetty < 6.1.6 Multiple Vulnerabilities 

4318 

PeerCast < 0.1218 servhs.cpp handShakeHTTP Function Remote 

Overflow 

4319 RaidenHTTPD < 

4320 CUPS < 1.3.5 Back End SNMP Response Remote Overflow 

4324 CuteNews < 1.4.6 search.php files_arch Array Arbitrary File Access 

4327 OpenBiblio < 0.6.0 Multiple Vulnerabilities 


Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

N/A 

N/A 

N/A 

N/A 

N/A 

28181 

N/A 

N/A 

28289 

N/A 

N/A 

N/A 

29216 

4330 Mort Bay Jetty < 6.1.7 Double Slash Information Disclosure Web 29852 


N/A 

N/A 

N/A 

N/A 

N/A 

N/A


Servers 

Web 

Servers 

4349 WebSphere serveServletsByClassnameEnabled Unspecified Vulnerability Web 

Servers 

4350 WebSphere serveServletsByClassnameEnabled Unspecified Vulnerability Web 

Servers 

4354 Tivoli Provisioning Manager < 5.1.0.3 DoS 

4355 WebSphere Application Server < 6.0.2.25 Multiple Vulnerabilities 

4356 NetCache Version Detection 

4368 Apache Tomcat < 6.0.16 Information Disclosure 

4369 ExtremeZ-IP Version Detection 

4370 F5 BIG-IP Web Management Version Detection 

4371 ExtremeZ-IP Version Detection 

4376 Apache mod_jk2 < 2.0.4 Multiple Overflows 

4378 Flash Media Server Detection 



4383 BEA WebLogic Server Multiple Vulnerabilities 


4390 CUPS < 1.3.6 Multiple Vulnerabilities 

4411 Lighttpd < 1.4.19 Information Disclosure 


Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

4424 IBM WebSphere Application Server < 6.1.0.15 Multiple Vulnerabilities Web 

Servers 

29833 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

30216 

30253 

31786 

N/A 

N/A 

N/A 

N/A 

31118 

31131 

N/A 

45422 


4436 cPanel < 


4452 X2 Thin Client Server Detection 


4460 Apache-SSL Environment Variables Manipulation 

4462 TIBCO Rendezvous < 8.0.1 Remote Overflow 

4483 eTrust Proxy Detection 

4484 CA eTrust SCM Plaintext Login Detection 

4486 ePOclient Version Detection 


4501 

Apache Tomcat Sample App cal2.jsp time Parameter XSS 

(CVE-2009-0781) 

4507 SUN Java System Application Server Version Detection 

4508 JSP information disclosure in Sun Java System application server 

4509 cPanel Remote Privilege Escalation vulnerability 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

4518 Barracuda Spam Firewall ldap_test.cgi Cross-Site Scripting Vulnerability Web 

Servers 

4521 OpenSSL < 0.9.8h Multiple Vulnerabilities 

4528 IBM Content Manager (ICM) Version Detection 

4529 Snap Appliance Version Detection 


Web 

Servers 

Web 

Servers 

Web 

Servers 

4530 IBM WebSphere Application Server < 6.1.0.17 Unspecified Vulnerability Web 

Servers 

4532 Sun-One ASP Server Version Detection Web N/A 

N/A 

31649 

N/A 

31730 

31738 

N/A 

N/A 

N/A 

N/A 

32123 

35806 

N/A 

N/A 

N/A 

32434 

N/A 

N/A 

N/A 

33127 


4533 Sun Java System ASP < 4.0.3 Multiple Vulnerabilities 

4539 Gordano Messaging Suite Version Detection 

4542 Novell NetWare Print Server Detection 

4544 Sun-One ASP Server Version Detection 

4546 Sun-One ASP Server Test Application Detection 

4552 Sun Java Calendar Version Detection 

4553 Sun Java Calendar Logging Component Unspecified Remote DoS 

4561 Resin < Viewfile file Parameter XSS 

4565 Sun Java System Access Manager Version Detection 

4575 Sun Java ASP Server Default Admin Password 

4576 trixbox Version Detection 

4577 

trixbox Dashboard user/index.php langChoice Parameter Local File 

Inclusion 


4580 Xerox Centreware Version Detection 

4582 Xerox CentreWare < 4.6.46 Multiple Vulnerabilities 

4589 Blackberry Enterprise Server Version Detection 

4590 

BlackBerry Enterprise Server < 4.1.6 PDF Processing Arbitrary Code 

Execution 

4594 HP System Management Version Detection 


4595 HP System Management Homepage (SMH) < 2.1.12 Unspecified XSS 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

33439 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

33273 

N/A 

33437 

N/A 

33445 

33477 

N/A 

33478 

N/A 

33550 

N/A 

33548 


4610 CUPS < 1.3.8 Crafted PNG File Integer Overflow 

4614 Apache Tomcat < 4.1.37/5.5.26/6.0.16 Multiple Vulnerabilities 


Web 

Servers 

Web 

Servers 

Web 

Servers 

4621 Apache Tomcat < 6.0.18 UTF-8 Directory Traversal Arbitrary File Access Web 

Servers 

4623 

JBoss EAP < 4.2.0.CP03 / 4.3.0.CP01 Status Servlet Information 

Disclosure 

4625 Sun Java System Web Proxy Server Detection 

4631 RhinoSoft Serv-U Web Server Version Detection 

4633 Cisco Secure Access Control Server Detection 

4656 Database Connection Configuration Information Disclosure 




4666 Internal IP Address Disclosure 

4667 Persistent Cookie Utilization 

4668 ActiveX Control Detection 

4669 ActiveX Control Detection 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

4679 Ruby on Rails < 2.1.1 Active Record Multiple Parameter SQL Injection Web 

Servers 

4683 Hitachi IP Phone Detection 

4685 


IBM WebSphere Application Server 6.1 < Fix Pack 19 Unspecified 

Vulnerability 

Web 

Servers 

Web 

Servers 

4689 JBoss EAP < 4.2.0.CP04 / 4.3.0.CP02 Status Servlet Information Web N/A 

33577 

N/A 

33849 

33866 

33869 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

34219 


Disclosure Servers 

4698 lighttpd < 1.4.20 Multiple Vulnerabilities 

4700 Blue Coat Reporter Detection 

4701 Blue Coat Reporter Default admin Credentials 

4702 OpenNMS Server Detection 


4709 Copyright Information Within HTML Comments 

4710 Email Address Obfuscated Within HTML Comments 


4714 Security Center < 3.4 Multiple Unspecified Traversals 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 


Servers 

4731 Obsolete Web Server Detection 

4749 Zope < 2.11.3 PythonScript Handling DoS 

4755 Sun Java System Identity Manager Version Detection 

4758 SOAP/XML Plaintext Credentials Disclosure 

4764 Ruby on Rails < 2.0.5 Multiple Vulnerabilities 

4769 Apple iPhone Web Utility Detection 

4771 CUPS < 1.3.10 Multiple Overflows 

4779 PHP 5 < 5.2.7 Multiple Vulnerabilities 

4783 


IBM WebSphere Application Server 7.0 < Fix Pack 1 Multiple 


Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

34332 

34334 

34346 

N/A 

34385 

N/A 

N/A 

34433 

34443 

34501 

34460 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

35043 

35082 


4784 PHP < 5.2.8 magic_quotes_gpc Security Bypass 

4795 

Barracuda Spam Firewall < 3.5.12.007 Multiple Vulnerabilities (SQLi, 

XSS) 

4819 OpenX Version Detection 

4820 3COM CellPlex Default Password 

4821 3COM Netbuilder Default Password 

4822 Web Server 'admin' Default Password 

4823 Web Server 'admin/password' Default Credentials 

4824 3Com Shark Fin Comcast-supplied Default Password 

4825 Web Server 'Administrator/admin' Default Password 

4826 3ware Default Password 

4827 ACCTON Wirelessrouter T-online Default Password 

4828 ADIC Scalar 100/1000 Default Password 

4829 Web Server 'admin/admin' Default Password 

4830 APC UPSes (Web/SNMP Mgmt Card) Default Password 

4831 ASMAX Web Server Default Password 

4832 Web Server 'admin/NULL' Default Password 

4833 Allied Telesyn AT-8024(GB) Default Password 

4834 GigaTribe Detection 

4836 Allied Telesyn AT Router Default Password 


Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

4837 Allied Telesyn AT-AR130 (U) -10 Default Password Web N/A 

35067 

35224 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

35468 


N/A

4838 Alteon ACEswitch 180e Default Password 

4839 Ambit Default Password 

4840 Aspect ACD 6 Default Password 

4841 Axis Webcams Default Password 

4842 HTTP NULL User ID and Password 

4843 Blue Coat Systems ProxySG 3.x Default Password 

4844 Cisco Ciso Aironet 1100 Series Rev. 01 Default Password 

4845 Cisco Aironet 1200 Default Password 

4846 Conexant Router Default Password 

4848 Cyclades TS800 Default Password 

4849 D-Link DI-614+ Default Password 

4850 D-Link DI-624 All Default Password 

4851 Deerfield MDaemon Default Password 

4852 Dell Remote Access Card Default Password 

4853 Deutsch Telekomm T-Sinus 130 DSL Default Password 

4854 Enterasys ANG-1105 Unknown Default Password 

4855 Ericsson BP250 Default Password 

4856 Fujitsu Siemens Routers Default Password 


4857 Hewlett-Packard webmin 0.84 Default Password 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 


N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A

4858 IBM Directory - Web Administration Tool 5.1 Default Password 

4859 IBM 3583 Tape Library Default Password 

4860 IBM Web Server Default Password 

4861 Infosmart SOHO Router Default Password 

4862 Intel Wireless Gateway 3.x Default Password 

4863 Intershop Intershop 4 Default Password 

4864 Irongate NetSurvibox 266 1 Default Password 

4865 Konica Minolta Magicolor 5430 DL Default Password 

4866 Konica/ Minolta Di 2010f n/a Default Password 

4867 Kyocera EcoLink 7.2 Default Password 

4868 Linksys Comcast Comcast-supplied Default Password 

4869 Linksys/ Cisco RTP300 w/2 Phone Ports 1.0 Default Password 

4870 Minolta PagrPro QMS 4100GN PagePro Default Password 

4871 Minolta QMS Magicolor 3100 3.0.0 Default Password 

4872 Mitel 3300 ICP All Default Password 

4873 Motorola Default Password 

4874 NGSec NGSecureWeb Default Password 


4875 NRG or RICOH DSc338 Printer 1.19 Default Password 

4876 NETGEAR Comcast Comcast-supplied Default Password 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

4877 NetGenesis NetAnalysis Web Reporting Default Password Web N/A 


N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A

4878 NETGEAR WG602 Firmware Version 1.04.0 Default Password 

4879 NETGEAR WG602 Firmware Version 1.7.14 Default Password 

4880 

4881 

Network Associates WebShield Security Appliance e500 Default 

Password 

Network Associates WebShield Security Appliance e250 Default 

Password 

4882 Nortel Contivity Extranet/VPN Switches Default Password 

4883 Nortel Business Communications Manager 3.5 / 3.6 Default Password 

4884 OKI C5700 Default Password 

4885 Openwave WAP Gateway Any Default Password 

4886 Openwave MSP Any Default Password 

4887 Pirelli Pirelli AGE-SB Default Password 

4888 Polycom Soundpoint VoIP Phones Default Password 

4889 Psion Teklogix 9150 Default Password 

4890 RedHat 6.2 Default Password 

4891 RedHat 6.2 Default Password 

4892 Ricoh AP410N 1.13 Default Password 

4893 SMC Default Password 

4894 SMC 7401BRA 1 Default Password 

4895 SMC 7401BRA 2 Default Password 

4896 SMC Barricade7204BRB Default Password 


Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 


N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A

4897 SMC Modem/Router Default Password 

4898 SOPHIA (Schweiz) AG Protector Default Password 

4899 Samsung MagicLAN SWL-3500RG 2.15 Default Password 

4900 Scientific Atlanta DPX2100 Comcast-supplied Default Password 

4901 Sharp AR-M355N Default Password 

4902 Siemens SpeedStream 4100 Default Password 

4903 Sun Microsystems ILOM of X4100 1.0 Default Password 

4904 Sybase EAServer Default Password 

4905 Symbol Spectrum Series 4100-4121 Default Password 

4906 Symbol CB3000 A1 Default Password 

4907 'Administrator' NULL Password 

4908 US ROBOTICS ADSL Ethernet Modem Default Password 

4909 

X-Micro X-Micro WLAN 11b Broadband Router 1.6.0.1 Default 

Password 

4910 Xerox DocuCentre 425 Default Password 

4911 Xerox 240a Default Password 

4912 ZyXEL Prestige Default Password 

4913 apc Smartups 3000 Default Password 


4914 iPSTAR iPSTAR Satellite Router/Radio v2 Default Password 

4915 iPSTAR iPSTAR Network Box v.2+ Default Password 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

4916 ihoi oihoh lknlkn Default Password Web N/A 


N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A

4917 longshine isscfg Default Password 

4918 medion Routers Default Password 

4919 RealNetworks Helix Server < 11.1.8 / 12.0.1 Multiple Vulnerabilities 

4923 

Squid < 2.7.STABLE6 / 3.0.STABLE13 / 3.1.0.5 HTTP Version Numbers 

DoS 

4928 TrendMicro Interscan Web Security Suite (IWSS) Default Password 

4929 




4956 Apache modsecurity Plugin Detection 

4984 Apache TomCat mod_jk < 1.2.27 Cross-user Information Disclosure 

4987 Microsoft TMG Proxy Detection 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 


Servers 

4991 



Web 

Servers 


Servers 

5000 BlackBerry Enterprise Server < 4.1.6 MR5 XSS 

5005 OrangeHRM < 2.4.2 Multiple Vulnerabilities 

5007 Fortify 360 Web Interface Detection 

5010 Citrix Web Interface 4.6/5.0/5.0.1 XSS 


5011 Flash Media < 3.0.4/3.5.2 Privilege Escalation 

5017 Mort Bay Jetty < 6.1.17 Multiple Vulnerabilities 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

N/A 

N/A 

35555 

35620 

N/A 

35659 

35750 

N/A 

N/A 

N/A 

36132 

36133 

36161 

N/A 

N/A 

38155 


N/A 

N/A 

N/A

5022 A-A-S Server Detection 

5029 Sun GlassFish Enterprise Server Detection 

5030 Sun GlassFish Enterprise Server Multiple Vulnerabilities 

5035 lighttpd < 1.4.24 Information Disclosure 

5044 Apache Tomcat < 4.1.40 / 5.5.28 / 6.0.20 Multiple Vulnerabilities 

5045 LogMeIn 'cfgadvanced.html' HTTP Header Injection 

5047 Microsoft SharePoint Detection 

5057 Big-IP Web Application Firewall Detection 

5058 WebKnight Web Application Firewall Detection 

5059 AirLock Web Application Firewall Detection 

5060 Barracuda Web Application Firewall Detection 

5061 F5 ASM Web Application Firewall Detection 

5062 F5 TrafficShield Web Application Firewall Detection 

5063 Teros Web Application Firewall Detection 


5064 NetContinuum Web Application Firewall Detection 

5065 BinarySEC Web Application Firewall Detection 

5066 HyperGuard Web Application Firewall Detection 

5067 Profense Web Application Firewall Detection 

5068 Netscaler Web Application Firewall Detection 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

5069 dotDefender Web Application Firewall Detection Web N/A 


N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A

Servers 


Servers 


Servers 


5100 RealNetworks Helix Server 12.x Multiple DoS 

5103 RaidenHTTPD workspace.php ulang Parameter Local File Inclusion 

5104 CommuniGate Pro POP3 < 5.1c2 Buffer Overflow 

5108 Squid 3.0.STABLE16 / 3.10.11 Remote DoS 


5124 Oracle Secure Enterprise Search 10.x Version Detection 

5127 Microsoft IIS 7.0 Webserver Detection 

5128 

MS09-036: Vulnerability in ASP.NET in Microsoft Windows Could 

Allow Denial of Service (970957) 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

5132 Sun Java System Access Manager 7.1 < Patch 2 Multiple Vulnerabilities Web 

Servers 

5133 Sun Java System Access Manager 7.1 < Patch 3 Multiple Vulnerabilities Web 

Servers 

5134 Sun OpenSSO Enterprise 8.0 < Patch1 Update1 Memory Corruption 

5142 



5151 Sun GlassFish Server 3.0 Preview Multiple Vulnerabilities 

5173 nginx Webserver Detection 

5174 nginx HTTP Request Remote Buffer Overflow 



Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

38978 

39450 

N/A 

40350 

29728 

N/A 

40420 

N/A 

N/A 

N/A 

40555 

35618 

N/A 

N/A 

40823 

N/A 

N/A 

41608 

41014 



Servers 


5192 Websense Proxy Detection 


5201 Ubicom Embedded Web Server Detection 

5216 nginx HTTP Request Header Remote Buffer Overflow 

5220 

5221 

5222 

5223 

5224 

MS09-061: Vulnerabilities in the Microsoft .NET Framework 1.1 

Common Language Runtime Could Allow Remote Code Execution 

(974378) 

MS09-061: Vulnerabilities in the Microsoft .NET Framework 2.0 


(974378) 

MS09-061: Vulnerabilities in the Microsoft .NET Framework 2.0 SP1 


(974378) 

MS09-061: Vulnerabilities in the Microsoft .NET Framework 2.0 SP2 


(974378) 

MS09-061: Vulnerabilities in the Microsoft .NET Framework 3.5.1 


(974378) 

5230 CUPS < 1.4.2 XSS 

5235 IBM WebSphere Application Server < 7.0.0.7 Multiple Vulnerabilities 

5236 RhinoSoft Serv-U Web Client HTTP Request Remote Buffer Overflow 

5239 McAfee Common Management Agent Remote Denial of Service 

5242 PHP 5.3.x < 5.3.1 Multiple Vulnerabilities 

5252 HTTP Server Basic Authorization Detection 



Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

41057 

41644 

N/A 

42052 

N/A 

41608 

42117 

42117 

42117 

42117 

42117 

42468 

42821 

42934 

N/A 

42862 

N/A 

43351 


5283 

5284 

Adobe Flash Media Server < 3.0.5 / 3.5.3 Multiple Vulnerabilities 

(APSB09-018) (RTMP over HTTP) 

Adobe Flash Media Server < 3.5.3 Multiple Vulnerabilities 

(APSB09-018) (RTMP) 

5327 Apache Tomcat < 5.5.29 / 6.0.24 

5332 Squid 3.0STABLE23 / 3.1.0.16 Remote DoS 

5340 Squid < 3.0STABLE24 HTCP Request Denial of Service 



5358 OpenSSL < 0.9.8m Multiple Vulnerabilities 

5487 OpenSSL < 0.9.8n Multiple Vulnerabilities 


5521 JBoss EAP < 4.2.0.CP09 / 4.3.0.CP08 Multiple Vulnerabilities 

5531 OrangeHRM < 2.5.5 Multiple Vulnerabilities 

5532 Drupal Context module < 6.x-2.0-rc4 HTML Injection 

5536 Drupal AutoAssign Role Module < 6.x-1.2 Authentication Bypass 

5537 Drupal Services Module < 6.x-2.1 Authentication Bypass 

5555 Acme thttpd Version Detection 

5559 OpenSSL < 0.9.8o / 1.0.0a Multiple Vulnerabilities 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

5562 nginx 8.3 Filename Alias Request Access Rules / Authentication Bypass Web 

Servers 

5563 OpenSSL Version Detection 


Web 

Servers 

5565 PHP Version Detection Web N/A 

43390 

43390 

44314 

44384 

45591 

44921 

45004 

45039 

45359 

45554 

53337 

N/A 

N/A 

N/A 

N/A 

N/A 

46801 


N/A 

N/A


5583 EvoCam < 3.6.8 GET Request Buffer Overflow 

5586 Web Server Detection 

5615 Apache 2.2 < 2.2.16 Multiple Vulnerabilities 


5623 VxWorks Detection 

5624 

Adobe Flash Media server < 3.0.6 / 3.5.4 Multiple Vulnerabilities 

(APSB10-19) 

5649 Linksys WAP Default Credentials Detection 

5662 

Squid < 3.1.8 / 3.2.0.2 NULL Pointer Dereference Denial of Service 

Vulnerability 

5666 Squid 3.1.6 DNS Replay Denial of Service 

5667 HP System Management Homepage < 6.2 Multiple Vulnerabilities 

5674 Web Server Parameters (POST) 

5675 Web Server Parameters (GET) 

5704 

Adobe Flash Media server < 3.0.7 / 3.5.5 / 4.0.1 Multiple Vulnerabilities 

(APSB10-27) 

5708 Ricoh Printer Detection 

5720 OpenSSL < 0.9.8q / 1.0.0c Multiple Vulnerabilities 

5732 PHP 5.3 < 5.3.4 Multiple Vulnerabilities 



5740 PHP 5.2 < 5.2.17 / 5.3 < 5.3.5 String To Double Conversion DoS 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

47683 

47682 

N/A 

48205 

48245 

N/A 

48298 

49646 

49693 

48433 

49272 

N/A 

N/A 

50562 

N/A 

51892 

51140 

51139 

51439 


5782 OpenSSL < 0.9.8r / 1.0.0d OCSP Stapling Denial of Service 

5786 Apache Tomcat 5.5.x < 5.5.30 Multiple Vulnerabilities 

5787 Apache Tomcat 5.5.x < 5.5.32 Cross-site Scripting Vulnerability 



5790 Apache Tomcat 6.0.x < 6.0.32 Denial of Service Vulnerability 


5792 Apache Tomcat 7.0.x < 7.0.4 File Permission Bypass Vulnerability 

5793 Apache Tomcat 7.0.x < 7.0.5 Cross-Site Scripting Vulnerability 

5794 Apache Tomcat 7.0.x < 7.0.6 Cross-Site Scripting Vulnerability 


5799 Web Server HttpOnly Cookies Not In Use 

5816 Apache Tomcat 7.0.x < 7.0.11 Security Bypass Vulnerability 

5824 PHP 5.3 < 5.3.6 String To Double Conversion DoS 


5924 

5932 

Adobe Flash Media server < 3.5.6 / 4.0.2 Multiple Vulnerabilities 

(APSB11-11) 

IBM Tivoli Management Framework Endpoint '/addr' Remote Buffer 

Overflow 

5956 Symantec Enterprise AV Server detection 



Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

51919 

47749 

51957 

48255 

51975 

51987 

N/A 

51958 

51526 

51976 

51987 

N/A 

52634 

52717 

53323 

53895 

54924 

N/A 

55759 

6002 Adobe Flash Media server < 3.5.7 / 4.0.3 Multiple Vulnerabilities Web 55811 


(APSB11-20) Servers 

6003 Adobe Flash Media Server Unsupported Version Detection 

6007 Apache Tomcat 7.0.x < 7.0.20 'jsvc' Information Disclosure 

6015 PHP 5.3 < 5.3.7 Multiple Vulnerabilities 

6017 PHP 5.3.7 crypt() MD5 Incorrect Return Value 



6022 OpenSSL 1.x < 1.0.0e Multiple Vulnerabilities 

6058 TimThumb Application Detection 

6059 TimThumb Arbitrary Code Injection 

6060 TimThumb Version Detection 

6062 Apache 2.2 < 2.2.21 mod_proxy_ajp DoS 

6129 OpenSSL 0.9.8 < 0.9.8s / 1.x < 1.0.0f Multiple Vulnerabilities 


6288 OpenSSL 0.9.8s / 1.0.0f DTLS Denial of Service 

6289 Polycom Audio/Video Server Detection 

6290 DCS Video Server Detection 

6292 Netwave Video Server Detection 



6304 PHP 5.3.9 php_register_variable_ex() Code Execution 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

55814 

55859 

57753 

55969 

56008 

55976 

56162 

N/A 

N/A 

N/A 

56216 

57460 

57537 

57712 

N/A 

N/A 

N/A 

57791 

58039 


6331 Apache Tomcat 5.5.x < 5.5.35 Hash Collision Denial of Service 



6334 Apache Tomcat 7.0.x < 7.0.23 Hash Collision Denial of Service 

6400 OpenSSL 0.9.8 < 0.9.8u / 1.0.0 < 1.0.0h Multiple Vulnerabilities 

6401 Apache Traffic Server < 3.0.4 / 3.1.3 Buffer Overflow Vulnerability 

6456 nginx < 1.0.10 DNS Resolver Remote Heap Buffer Overflow 

6457 nginx < 1.0.14 / 1.1.x < 1.1.17 Information-Disclosure 

6458 nginx < 1.0.15 / 1.1.x < 1.1.19 Buffer-Overflow Vulnerability 

6478 

IBM Tivoli Directory Server Web Admin tool 6.1.0.x < 6.1.0.48 / 6.2.0.x 

< 6.2.0.22 / 6.3.0.x < 6.3.0.11 Cross-Site Scripting Vulnerability 

6479 HTTP Server Insecure Authentication (Basic) 

6494 PHP 5.3.x < 5.3.13 CGI Query String Code Execution 


6529 

nginx < 1.2.x / 1.3.x < 1.2.1 / 1.3.1 Vulnerabilities with Windows 

directory aliases 

6530 PHP 5.4.x < 5.4.5 _php_sream_scandir Overflow 




6607 BigFix Server Detection 


Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

57540 

57080 

57082 

57541 

58565 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

59088 

58988 

61394 

60086 

61644 

60085 

62101 

6623 Apache Tomcat 7.0.x < 7.0.28 Header Parsing Remote Denial of Service Web 62985 


N/A

6624 

Apache Tomcat 7.0.x < 7.0.30 DIGEST Authentication Multiple Security 

Weaknesses 

6644 Apache Tomcat 7.0.x < 7.0.32 CSRF Filter Bypass 


6661 Red Hat Satellite Server Communication 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

Web 

Servers 

6662 Red Hat Satellite Server Communication Channel Detection - Server-Side Web 

Servers 

6671 

6672 

PHP 5.3.x < 5.3.21 cuRL X.509 Certificate Domain Name Matching 

MiTM Weakness 

PHP 5.4.x < 5.4.11 cURL X.509 Certificate Domain Name Matching 

MiTM Weakness 

6684 Barracuda Spam Firewall version detection 


Web 

Servers 

Web 

Servers 

Web 

Servers 

62988 

63200 

62987 

N/A 

N/A 

63621 

63622 


N/A

Family Abuse 

PVS ID PLUGIN NAME FAMILY NESSUS ID 

Family Abuse 230

Family Policy 


ID 


ID 

1158 eEye Retina Scanner Detection Policy N/A 

1159 Nessus Scanner Detection Policy N/A 

1186 Policy - Time of Defiance Gaming Client Detection Policy N/A 

1187 

Policy - BattleField 1942 Network Gaming Server 

Detection 

Policy N/A 

1189 Policy - Command and Conquer Gaming Server Detection Policy N/A 

1190 Policy - Quake Gaming Server Detection Policy N/A 

1191 Policy - America's Army Game Client Detection Policy N/A 

1192 Policy - Unreal Gaming Server Detection Policy N/A 

1193 Policy - Unreal Tournament Gaming Client Detection Policy N/A 

1194 Policy - Civilization III Gaming Server Detection Policy N/A 

1197 Policy - Halo LAN Gaming Client Detection Policy N/A 

1201 Policy - DirectX Gaming Server Detection Policy N/A 

1203 Policy - HALO Internet Gaming Client Detection Policy N/A 

1204 Policy - BattleField 1942 Gaming Client Detection Policy N/A 

1880 KaZaa or Morpheus Detection Policy N/A 

1881 MLdonkey Detection Policy 11125 

2441 Paros Web Proxy Detection Policy N/A 

2442 Visionael Scanner Detection Policy N/A 

2469 Retina REM Detection Policy N/A 

2501 Policy - Xlink Online Gaming Client Detection (TCP) Policy N/A 

2502 Policy - Xlink Online Gaming Server Detection Policy N/A 

2503 Policy - Xlink Online Gaming Client Detection (UDP) Policy N/A 

2543 Tor Tunnel Detection Policy N/A 

2718 Looking Glass Network Tool Detection Policy N/A 

2841 webcamXP Camera Detection Policy N/A 

3297 HTTPrint Scanning Software Detection Policy N/A 

3298 Acunetix Web Vulnerability Scanner Detection Policy N/A 

3342 Gmail File System Detection Policy N/A 

3399 Nmap Scanner Detection Policy N/A 

Family Policy 231




3562 Simple Scanning Tool (SAT) Scanner Detection Policy N/A 

3643 'The Bat' Mass Mailer Detection Policy N/A 

3644 Dynamic DNS Dynamic Update Client (DUC) Detection Policy N/A 

3660 GFI Languard Scanner Detection Policy N/A 

3683 MetaSploit Detection Policy N/A 

3685 MetaSploit Shell Detection Policy N/A 

3686 WebInspect Detection Policy N/A 

3761 SiVus VOIP Vulnerability Scanner Detection Policy N/A 

3765 Sipsak VOIP Vulnerability Scanner Detection Policy N/A 

3790 LogMeIn Listening Server Detection Policy N/A 


3805 MetaSploit Server Detection Policy N/A 

3806 MetaSploit Server Detection Policy N/A 

3807 Brutus Password Scanning Tool Detection Policy N/A 

3813 Tivoli Network Services Auditor (NSA) Scanner Detection Policy N/A 

3895 


Stompy (the session stomper) Vulnerability Scanner 

Detection 

Policy N/A 

3909 Sensepost Wikto Detection Policy N/A 

3914 SQLiX SQL Injection Tool Detection Policy N/A 

3926 Xbox Console Detection Policy N/A 

3930 Qualys Scanner Detection Policy N/A 

3956 SIPScan VOIP Vulnerability Scanner Detection Policy N/A 

3957 SIPScan VOIP Vulnerability Scanner Detection Policy N/A 

4085 BearShare P2P Client Version Detection Policy N/A 

4086 gtk-gnutella P2P Client Version Detection Policy N/A 

4138 IBM AppScan Detection Policy N/A 

4159 AIMExpress Client Detection Policy N/A 

4160 proxy.org Client Detection Policy N/A 

4194 Netopia Timbuktu Detection Policy N/A 

4212 Tor Tunnel 'End Point' Server Detection Policy N/A 

Family Policy 232


4302 Maltego Tool Detection Policy N/A 

4426 KiSS PC-Link Server Detection (TCP) Policy 31464 

4427 KiSS PC-Link Server Detection (UDP) Policy 31465 

4428 KiSS PC-Link Client Detection Policy N/A 

4430 VLC Media Player Detection Policy N/A 

4443 Orb Client Detection Policy N/A 

4524 iGuard Security Device Version Detection Policy N/A 

4525 ipMonitor Device Version Detection Policy N/A 

4526 DLINK Audio/Video Camera Detection Policy N/A 

4527 Dell Printer Administrative Web Console Detection Policy N/A 

4554 Owner-Free File System Client Detection Policy 33228 

4557 DC++ Client Detection Policy N/A 

4558 Kismet Server Information Disclosure Policy 33257 

4566 RatProxy Detection Policy N/A 

4622 Grendel Web Application Scanner Detection Policy N/A 

4674 Flash '.swf' File Detection Policy N/A 

4675 SOAP '.wsdl' File Detection Policy N/A 

4676 SOAP '.disco' File Detection Policy N/A 

4677 User Credentials Stored in Cookie Policy N/A 

4808 Hamachi VPN Detection Policy N/A 

4809 Hamachi VPN Version Detection Policy N/A 

4811 HDHomerun Server Detection Policy N/A 

4969 DNS Tunneling Client Detection (HTTP) Policy N/A 

4970 DNS Tunneling Client Detection (HTTP) Policy N/A 

4971 DNS Tunneling Server Detection (HTTP) Policy N/A 

4972 DNS Tunneling Server Detection (HTTP) Policy N/A 

4975 DNS Tunneling Client Detection (SMTP) Policy N/A 

4976 DNS Tunneling Client Detection (SMTP) Policy N/A 

5081 Microsoft .NET Hidden 'ViewState' Detection Policy N/A 

5205 Policy - Dopewars Gaming Server Detection Policy N/A 

5277 Synapse Client Detection Policy N/A 

5278 Web Server - JavaScript Hosted on 3rd Party Server Policy N/A 

Family Policy 233


5280 whatismyip.com Client Detection Policy N/A 


5723 JavaScript eval() Usage on Web Server Policy N/A 

5724 JavaScript Usage on Web Server Detection Policy N/A 

5800 Web Server CSS Hosted on 3rd-party Server Policy N/A 

5801 Web Site Cross-Domain Policy File Detection Policy 32318 

5804 Email Attachment Detection (client) Policy N/A 

5861 Web Server Pornographic Material Detected Policy N/A 














5876 Microsoft .NET Verbose Error Reporting Detection Policy N/A 

5877 Web Server iFrame Source Hosted on 3rd-party Server Policy N/A 

5940 Havij SQL Injection Tool Detection Policy N/A 

5961 Xbox Live Login Detection Policy N/A 

5978 Port 80 Non-HTTP Traffic Detection Policy N/A 

5979 TeamViewer Detection Policy N/A 

6055 GoToMyPC Detection Policy N/A 

6102 OpenVAS Server Detection Policy N/A 

6126 Policy - .xxx Domain Access Attempt Policy N/A 

6235 Evony Game Detected Policy N/A 

6236 Desert Operations Game Detected Policy N/A 

Family Policy 234

6237 Empire Universe 2 Game Detected Policy N/A 

6238 Gilfor's Tale Game Detected Policy N/A 

6239 MechRage Game Detected Policy N/A 

6240 Romadoria Game Detected Policy N/A 

6241 Space Pioneers 2 Game Detected Policy N/A 

6242 eBay Auction Detected Policy N/A 

6243 Orkut Social Application Detected Policy N/A 

6319 Facebook/Twitter Pinterest Activity Policy N/A 



6343 Apple's iCloud Service Access Detection Policy N/A 

6358 Facebook Game - Zynga's Cafe World Detected Policy N/A 

6359 Facebook Game - Zynga's Castleville Detected Policy N/A 

6360 Facebook Game - Zynga's CityVille Detected Policy N/A 

6361 Facebook Game - Zynga's Empires & Allies Detected Policy N/A 

6362 Facebook Game - Zynga's FarmVille Detected Policy N/A 

6363 Facebook Game - Zynga's FishVille Detected Policy N/A 

6364 Facebook Game - Zynga's Hidden Chronicles Detected Policy N/A 

6365 


Facebook Game - Zynga's Indiana Jones Adventure World 

Detected 

Policy N/A 

6366 Facebook Game - Zynga's Mafia Wars 2 Detected Policy N/A 

6367 Facebook Game - Zynga's Mafia Wars Detected Policy N/A 

6368 Facebook Game - Zynga's PetVille Detected Policy N/A 

6369 Facebook Game - Zynga's Pioneer Trail Detected Policy N/A 

6370 Facebook Game - Zynga's Poker Detected Policy N/A 

6371 Facebook Application - Zynga's RewardVille Detected Policy N/A 

6372 Facebook Game - Zynga's Treasure Isle Detected Policy N/A 

6373 Facebook Game - Zynga's Vampire Wars Detected Policy N/A 

6374 Facebook Game - Zynga's Words With Friends Detected Policy N/A 

6375 Facebook Game - Zynga's YoVille Detected Policy N/A 

6376 Facebook Game - Wooga Bubble Island Detected Policy N/A 

6377 Facebook Game - Wooga Diamond Dash Detected Policy N/A 

6378 Facebook Game - Wooga Happy Hospital Detected Policy N/A 

Family Policy 235

6379 Facebook Game - Wooga Magic Land Detected Policy N/A 

6380 Facebook Game - Wooga Monster World Detected Policy N/A 

6381 Facebook Game - Angry Birds Detected Policy N/A 

6382 Facebook Game - Backyard Monsters Detected Policy N/A 

6383 Facebook Game - Bejeweled Blitz Detected Policy N/A 

6384 Facebook Game - BINGO Blitz Detected Policy N/A 

6385 Facebook Game - Coco Girl Detected Policy N/A 

6386 Facebook Game - CSI Crime City Detected Policy N/A 

6387 Facebook Game - Shadow Fight Detected Policy N/A 

6388 

Facebook Game - Social Empires, Land of Dragons & 

Castles Detected 

Policy N/A 

6389 Facebook Game - Tetris Battle Detected Policy N/A 

6390 Facebook Game - The Sims Social Detected Policy N/A 

6391 


Facebook Game - Top Eleven, Be a Football Manager 

Detected 

Policy N/A 

6396 Facebook Link Detection Policy N/A 

6397 Facebook Application Access Policy N/A 

6404 ashleymadison.com Access Detection Policy N/A 

6405 ashleymadison.com Access Detection Policy N/A 

6406 chemistry.com Access Detection Policy N/A 

6407 chemistry.com Access Detection Policy N/A 

6408 craigslist.org Personals Section Access Detected Policy N/A 

6409 craigslist.org Personals Access Detection Policy N/A 

6410 lavalife.com Access Detection Policy N/A 

6411 lavalife.com Access Detection Policy N/A 

6412 eharmony.com Access Detection Policy N/A 



6415 Facebook Game - 21 Questions Detected Policy N/A 

6416 Facebook Game - Barn Buddy Detected Policy N/A 

6417 Facebook Game - Bayou Blast Detected Policy N/A 

6418 Facebook Game - Best Casino Detected Policy N/A 

6419 Facebook Game - Crime City Detected Policy N/A 

Family Policy 236

6420 Facebook Game - Family Feud Detected Policy N/A 

6421 Facebook Game - Farkle Detected Policy N/A 

6422 Facebook Game - Fruit Ninja Frenzy Detected Policy N/A 

6423 Facebook Game - Happy Aquarium Detected Policy N/A 

6424 Facebook Game - Happy Pets Detected Policy N/A 

6425 Facebook Game - Icy Tower Detected Policy N/A 

6426 Facebook Game - JackpotJoy Slot Machines Detected Policy N/A 

6427 Facebook Game - Mesmo Games Detected Policy N/A 

6428 Facebook Game - Mindjolt Detected Policy N/A 

6429 Facebook Game - Monster Galaxy Detected Policy N/A 

6430 Facebook Game - My Shops Detected Policy N/A 

6431 Facebook Game - Okey Detected Policy N/A 

6432 Facebook Game - Restaurant City Detected Policy N/A 

6433 Facebook Game - Scrabble Detected Policy N/A 

6434 Facebook Game - The Smurfs & Co Detected Policy N/A 

6435 Facebook Game - Stardoll Detected Policy N/A 

6436 Facebook Game - Sultan Bubble Detected Policy N/A 

6437 Facebook Game - Turkiye Texas Poker Detected Policy N/A 

6438 Facebook Game - TubeHero Detected Policy N/A 

6439 


Facebook Game - Poker Texas Hold'em Boyaa Viet Nam 

Detected 

Policy N/A 

6440 Facebook Game - Miscrits of Volcano Island Detected Policy N/A 

6441 Facebook Game - War Commander Detected Policy N/A 

6442 Facebook Game - Zynga Slingo Detected Policy N/A 




6461 Facebook Game - Wooga Game Detection (Generic) Policy N/A 

6476 Policy - Usenet .nzb File Detection Policy N/A 

6477 Policy - Usenet .nzb Client File Detection Policy N/A 

6493 Game - Smurf's Village Detected Policy N/A 

6651 Instagram Upload Activity Detected Policy N/A 

6682 Email Attachment Detection (client) Policy N/A 

Family Policy 237


Family Policy 238

Family Data Leakage 


ID 


3774 Encryption Private Key Detection (Generic) 


3776 Encryption Private Key Detection (PuTTY) 

3777 Encryption Private Key Detection (PuTTY) 



3780 Encryption Private Key Detection (RSA) 

3781 Encryption Private Key Detection (RSA) 

3782 Encryption Private Key Detection (DSA) 

3783 Encryption Private Key Detection (DSA) 

3784 Encryption Private Key Detection (PGP) 

3785 Encryption Private Key Detection (PGP) 

3822 Microsoft Office .xls File Detection 

3823 Microsoft Office .doc File Detection 

3824 Microsoft Office .ppt File Detection 

3825 Microsoft Office .csv File Detection 

3826 Microsoft Office .rtf File Detection 

3870 Detection of .xls File Email Attachment 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

NESSUS 

ID 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

11419 

11419 

11419 

11419 

11419 

Family Data Leakage 239 

N/A

3871 Detection of .zip File Email Attachment 

3940 .pst File Email Attachment Detection 

3941 .pst Office File Detection 

3943 .ost File Email Attachment Detection 

3944 .ost Offie File Detection 

3945 .uni Email Attachment Detection 

3946 .uni Office Files Detection 

3963 .pdf Document File Detection 

4003 FTP Server .xls Office Files Detection 

4004 FTP Server .doc Office Files Detection 

4005 FTP Server .ppt Office Files Detection 

4006 FTP Server .csv Office Files Detection 

4007 FTP Server .rtf Office Files Detection 

4008 FTP Server .mp3 / .mp4 Files Detection 

4009 FTP Server .wav Files Detection 

4010 FTP Server .ogg Files Detection 

4011 FTP Server .wma Files Detection 

4012 FTP Server .avi Files Detection 

4013 FTP Server .mpg Files Detection 


Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

4014 FTP Server .divx Files Detection Data N/A 


N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A

4015 FTP Server .pst Office Files Detection 

4016 FTP Server .ost Office Files Detection 

4017 FTP Server .uni Files Detection 

4018 FTP Server .pdf Files Detection 

4019 .xls File Upload Detection 

4020 .doc File Upload Detection 

4021 .ppt File Upload Detection 

4022 .csv File Upload Detection 

4023 .rtf File Upload Detection 

4024 .mp3 File Upload Detection 

4025 .wav File Upload Detection 

4026 .ogg File Upload Detection 

4027 .wma File Upload Detection 

4028 .avi File Upload Detection 

4029 .mpg File Upload Detection 

4030 .divx File Upload Detection 

4031 .pst File Upload Detection 

4032 .ost File Upload Detection 

4033 .uni File Upload Detection 


Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 


N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A

4034 .pdf File Upload Detection 

4037 FTP Server Zipped .xls File Detection 

4038 FTP Server Zipped .doc File Detection 

4039 FTP Server Zipped .ppt File Detection 

4040 FTP Server Zipped .csv File Detection 

4041 FTP Server Zipped .rtf File Detection 

4042 FTP Server Zipped .mp3 / .mp4 File Detection 

4043 FTP Server Zipped .wav File Detection 

4044 FTP Server Zipped .ogg File Detection 

4045 FTP Server Zipped .wma File Detection 

4046 FTP Server Zipped .avi File Detection 

4047 FTP Server Zipped .mpg File Detection 

4048 FTP Server Zipped .divx File Detection 

4049 FTP Server Zipped .pst File Detection 

4050 FTP Server Zipped .ost File Detection 

4051 FTP Server Zipped .uni File Detection 

4052 FTP Server Zipped .pdf File Detection 

4053 FTP Server Zipped xls File Uploaded 

4054 FTP Server Zipped .doc File Uploaded 


Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

4055 FTP Server Zipped .ppt File Uploaded Data N/A 


N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A

4056 FTP Server Zipped .csv File Uploaded 

4057 FTP Server Zipped .rtf File Uploaded 

4058 FTP Server Zipped .mp3 / .mp4 File Uploaded 

4059 FTP Server Zipped .wav File Uploaded 

4060 FTP Server Zipped .ogg File Uploaded 

4061 FTP Server Zipped .wma File Uploaded 

4062 FTP Server Zipped .avi File Uploaded 

4063 FTP Server Zipped .mpg File Uploaded 

4064 FTP Server Zipped .divx File Uploaded 

4065 FTP Server Zipped .pst File Uploaded 

4066 FTP Server Zipped .ost File Uploaded 

4067 FTP Server Zipped .uni File Uploaded 

4068 FTP Server Zipped .pdf File Uploaded 

4661 Java '.class' File Detection 

4662 '.cnf' File Detection 

4663 Possible Social Security Number in Cookie 

4664 '.log' File Detection 

4665 '.conf' File Detection 

4671 Possible Social Security Number in Cookie 


Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 


N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A

4672 Possible User ID and Password Sent Within a Web Form (POST) 

4673 Possible User ID and Password Sent Within a Web Form (GET) 

4711 '.dll' File Detection 

4781 Web Server Allows Download of .ini Files 

4947 Microsoft Office .docx File Detection 

4948 Microsoft Office .xlsx Files Detection 

4949 Microsoft Office .pptx Files Detection 

4960 WebSphere '.ear' File Detection 

4961 WebSphere '.war' File Detection 

4968 Mac .dmg File Detection 

4992 FTP Server .divx file Detection 

5055 FTP Server File Detection 

5056 FTP Client File Download Detection 

5214 

XML Request Possible userID / password Cleartext Remote 

Disclosure 

5286 Web Server - BitTorrent .torrent File Detection 

5686 HTTP File Upload Detection 


5820 Social Security Number Cleartext Transmission (Client) 



Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

5828 Credit Card Number Cleartext Transmission (Client)Social Security Data N/A 


N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A

Number Cleartext Transmission (Client) Leakage 

5829 Credit Card Number Cleartext Transmission (Client) 





5847 Generic Credit Card Signature Detection 












6033 '.dll' File Download Detection 



Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 


N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A



6630 Confidential data on server 










Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 

Data 

Leakage 


N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A

Family SCADA 


ID 


ID 

3552 Distributed Network Protocol v3 Client Detection (SCADA) SCADA N/A 

3553 Distributed Network Protocol v3 Server Detection SCADA N/A 

3554 COTP Server Detection (SCADA) SCADA N/A 

3555 COTP Client Detection (SCADA) SCADA N/A 

3556 MODBUS Server Detection (SCADA) SCADA N/A 

3557 MODBUS Client Detection (SCADA) SCADA N/A 

3849 MODBUS Server Diagnostic Mode (SCADA) SCADA N/A 

3850 Modicon PLC Embedded HTTP Server Detection (SCADA) SCADA N/A 

3851 Modicon PLC Default FTP Password (SCADA) SCADA N/A 

3852 Modicon Modbus/TCP Programming Function Code Access (SCADA) SCADA N/A 

3853 Modicon PLC HTTP Server Default Username/Password (SCADA) SCADA N/A 

3854 Modicon PLC Telnet Server Detection (SCADA) SCADA N/A 

3855 Modicon PLC CPU Type Default Credentials (SCADA) SCADA N/A 

6247 Distributed Network Protocol v3 'Disable Unsolicited' Alert (SCADA) SCADA N/A 

6248 Distributed Network Protocol v3 'Cold Restart' Alert (SCADA) SCADA N/A 

6249 

Distributed Network Protocol v3 'Unauthorized Read Request' Alert 

(SCADA) 

SCADA N/A 

6250 Distributed Network Protocol v3 'Stop Application' Alert (SCADA) SCADA N/A 

6251 Distributed Network Protocol v3 'Warm Restart' Alert (SCADA) SCADA N/A 

6252 Distributed Network Protocol v3 'Broadcast Request' Alert (SCADA) SCADA N/A 

6253 ICCP Invalid Destination Address (SCADA) SCADA N/A 

6254 ICCP Invalid Client Disconnect (SCADA) SCADA N/A 

6255 ICCP Invalid OSI-SSEL (SCADA) SCADA N/A 

6256 ICCP Invalid OSI-PSEL (SCADA) SCADA N/A 

6257 MODBUS Client 'Force Listen Only Mode' Request (SCADA) SCADA N/A 

6258 MODBUS Client 'Restart Communications' Request (SCADA) SCADA N/A 

6259 

MODBUS Client 'Clear Counters and Diagnostic Registers' Request 

(SCADA) 

SCADA N/A 

6260 MODBUS Client 'Read Device Identification' Request (SCADA) SCADA N/A 

6261 MODBUS Client 'Report Server Information' Request (SCADA) SCADA N/A 

Family SCADA 247

6265 

6266 

6267 

6268 

6269 

Schweitzer Engineering Laboratories (SEL) Telnet Account Detection 

(SCADA) 

Schweitzer Engineering Laboratories (SEL) Management Server 

Detection (SCADA) 

Schweitzer Engineering Laboratories (SEL) Default telnet Account 


Schweitzer Engineering Laboratories (SEL) Default telnet 

Account/Password Detection (SCADA) 

Schweitzer Engineering Laboratories (SEL) Default telnet Account 


SCADA N/A 

SCADA N/A 

SCADA N/A 

SCADA N/A 

SCADA N/A 

6270 GE D20 TFTP Client Access Detection (SCADA) SCADA N/A 

6271 GE D20 TFTP Client Access Detection (SCADA) SCADA N/A 

6272 GE D20 Server TFTP File Transfer Detection (SCADA) SCADA N/A 

6273 GE D20 Server TFTP File Transfer Detection (SCADA) SCADA N/A 

6274 Modicon FTP Client Detection (SCADA) SCADA N/A 

6275 Modicon FTP Server Detection (SCADA) SCADA N/A 

6276 Modicon FTP Default Account/Password Usage (SCADA) SCADA N/A 

6277 Modicon FTP Default Account/Password Usage (SCADA) SCADA N/A 

6278 Modicon telnet Default Account Detection (SCADA) SCADA N/A 

6279 Modicon telnet Default Account/Password Detection (SCADA) SCADA N/A 

6280 Modicon telnet Default Account/Password Detection (SCADA) SCADA N/A 

6281 GE PLC telnet Server Detection (SCADA) SCADA N/A 

6282 GE PLC telnet Server Default Account/Password (SCADA) SCADA N/A 

6283 GE PLC telnet Server Default Account/Password (SCADA) SCADA N/A 

6284 Rockwell Automation PLC HTTP Server Detection (SCADA) SCADA N/A 

6285 

6286 

Rockwell Automation PLC HTTP Server Administrator Access 


Rockwell Automation PLC - Micrologix Controller Version Detection 

(SCADA) 

SCADA N/A 

SCADA N/A 

6287 Modicon PLC HTTP Default Account/Password Detection (SCADA) SCADA N/A 

6293 


Schweitzer Engineering Laboratories (SEL) Management Server 

Detection Default Level 1 Credentials (SCADA) 

SCADA N/A 

6301 RealWin Management Server Detection (SCADA) SCADA N/A 

6305 RealWin Management Server HMI Service Detection (SCADA) SCADA N/A 

6313 ClearSCADA Management Server Detection (SCADA) SCADA N/A 

Family SCADA 248


6316 InduSoft WebStudio Server detection (SCADA) SCADA N/A 

6317 InduSoft WebStudio Server detection Version 6 (SCADA) SCADA N/A 

6318 InduSoft WebStudio Server detection Version (SCADA) SCADA N/A 

6323 7T-IGSS Server Login Attempt Detected (SCADA) SCADA N/A 

6330 7T-IGSS Server Detected (SCADA) SCADA N/A 



6446 Wonderware Management Server Detection (SCADA) SCADA N/A 




6450 

6453 

6454 


7T Interactive Graphical SCADA System (IGSS) Server Detection 

(SCADA) 


(SCADA) 


(SCADA) 

SCADA N/A 

SCADA N/A 

SCADA N/A 

6462 Rockwell Automation Service Detection SCADA N/A 












6537 Tridium SCADA Server Detection SCADA N/A 

6542 enteliTOUCH SCADA Server Detection SCADA N/A 

6543 Electro Industries GaugeTech SCADA Server Detection SCADA N/A 

Family SCADA 249

6597 IEC 60870-5-104 server detection SCADA N/A 

6689 Siemens SIMATIC RF-MANAGER Detection (SCADA) SCADA 64682 

6697 


Ecava IntegraXor < 4.00.4283 ActiveX Remote Buffer Overflow 

(SCADA) 

SCADA 64630 

6698 Ecava IntegraXor Server Login Attempt (SCADA) SCADA N/A 

Family SCADA 250

Family Mobile Devices 


ID 


3494 Tablet PC Detection 

3495 Cellular Phone Browser Detection 

4134 Apple iPhone/iPad Detection 

4425 Apple iPhone < 1.1.4 Detection 

4545 BlackBerry Version Detection 

4654 Apple iPod Device Detection 

5074 Apple iPhone 3.x Detection 

5075 Palm Pre Mobile Phone Detection 

5110 Apple iPhone < 3.0.1 Overflow 

5160 Apple iPhone < 3.1 Multiple Vulnerabilities 

5189 BlackBerry Dialog Box Certificate Mismatch 

5287 Android Mobile Device Detection 

5337 Apple iPhone OS < 3.1.3 Multiple Vulnerabilities 

5578 Apple iPhone/iPad OS < 4.0 Multiple Vulnerabilities 

5715 Apple iPhone/iPad iOS < 4.2 Multiple Vulnerabilities 

5737 Android < 2.3 Multiple Vulnerabilities 

5814 Apple iPhone/iPad OS < 4.3 Multiple Vulnerabilities 

5888 Apple iPhone/iPad OS < 4.3.2 Multiple Vulnerabilities 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

NESSUS 

ID 

Family Mobile Devices 251 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A

5889 Apple iPhone/iPad OS 4.2.5 / 4.2.6 Multiple Vulnerabilities 

5986 

5993 

Apple iPhone/iPad iOS < 4.3.4 and iOS 4.2.5 through 4.2.9 

Multiple Vulnerabilities 

Apple iOS < 4.2.10 / 4.3.5 Data Security Certificate Verification 

Vulnerability 

5997 Android OS 2.3.4 / 3.1 Sandbox Bypass Vulnerability 

5999 Apple FaceTime Detection 

6041 Apple iOS 3.0 through 4.3.5 Multiple Vulnerabilities 

6066 Android Market Detection 

6067 Android version Detection 

6068 BlackBerry Version Detection 

6069 DELL Mobile Device Version Detection 

6070 HP Tablet Mobile Device Version Detection 

6071 HP Tablet Mobile Device Version Detection 

6072 HTC Mobile Device Version Detection 



6075 Kindle Mobile Device Version Detection 

6076 LG Mobile Device Version Detection 

6077 Nokia Mobile Device Version Detection 

6078 Nook Mobile Device Version Detection 


Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

6079 Samsung Mobile Device Version Detection Mobile N/A 


N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A

6080 Samsung Mobile Device Version Detection 




6084 PalmOS Mobile Device Version Detection 

6085 Symbian Mobile Device Version Detection 

6086 Motorola Mobile Device Version Detection 

6114 Kindle Mobile Device Detection 

6297 Android 2.3 < 2.3.6 Information Disclosure 

6395 Apple Jailbroken Device Detected 

6517 ActiveSync detection 

6531 Android Mobile Device App Download Detection 

8002 iPhone App Install Detected 


Devices 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 

Mobile 

Devices 


N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A

Family Internet Services 


ID 


2488 Google API "Google Hacking" Detection 

3217 Google Talk Detection 

3414 ReadNotify Email Tracker Application Detection 

3939 MySpaceIM Chat Detection 

4156 YouSendIt Client Detection 

4157 SendThisFile Client Detection 

4158 DropSend Client Detection 

4161 Box.net File Sharing Detection 

4164 MediaMax File Sharing Detection 

4467 MarketFirst Software Detection 

4814 Twitter Client Usage Detection 

4936 Dropbox Software Detection 

5200 Pandora Version Detection 

5271 Myspace Usage Detection 

5272 Facebook Usage Detection 

5273 YouTube Usage Detection 

5274 classmates.com Usage Detection 

5275 Gmail Usage Detection 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

NESSUS 

ID 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

35717 

Family Internet Services 254 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A

5276 XM Radio Usage Detection 

5279 Yahoo! Web Mail Usage Detection 

5679 iDisk User Enumeration 

5695 YouSendIt Client Detection 

5817 Facebook Chat Client Detection 

5819 Facebook Chat Client Username Detection 

5875 Wikipedia Page 'edit' Detection 

5884 Facebook Status Update Detection 

5885 Facebook Status Update Detection 

5887 Facebook Profile Edit Detection 

5944 Hulu Username Detection 

5945 Hulu Start Video Session Detection 

5948 Box.net Client Detection 

5949 Box.net File Share Detection 



5953 Hulu Start Video Session Detection 

5955 LinkedIn Status Update Detection 

5957 LinkedIn Profile Update Detection 


Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

5958 LinkedIn Message Inbox Access Detection Internet N/A 


N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A

5959 LinkedIn Message Creation Detection 

5960 LinkedIn User Name Detection 

5962 XM Radio Usage Detection 

5963 Hotmail UserID Detection 

6040 NetFlix User Detection 

6042 NetFlix User Detection 

6047 Tumblr Blog Edit Detection 

6048 Tumblr Photo Upload Detection 

6049 iHeartRadio Stream Detection 

6061 World of Warcraft/Battle.net Detection 

6090 Google Music Client Detection 

6091 Google Music Client Upload Detection 

6092 Google Music Client Session Initiated 

6100 Sony Blu-Ray Player Detection 

6112 Shavlik Software Management Detection 

6124 BingToolbar Installed 

6128 Spotify Installed 

6339 Evernote Client Detection 

6342 iHeartRadio Stream Detection 


Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 


N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A

6484 Dropbox Software Detection 

6485 iTunes AppleTV client Detection 

6513 Evernote Client Detection 

6524 ESPN ScoreCenterXL Detection iOS 

6525 ESPN ScoreCenterXL Video Stream Detection iOS 

6526 

NBCOlympics application detection for Apple iPad - 

(accessed) 

6527 NBCOlympics application detection for Apple iPad. 

6532 

Detection of uploading a file to scribd.com - (HTML 

method) 

6533 Detection of uploading a file to scribd.com - (Flash Method) 

6535 Spotify app music streaming detection 

6538 

Last.fm application music streaming on an Android mobile 

device 

6539 Last.fm application music streaming on an iOS device 

6540 

6541 

Pandora Internet radio streaming on an Android mobile 

device 

Pandora Internet radio streaming on an Apple iOS mobile 

device 

6546 NetFlix on-demand media streaming to the Apple iPad 

6547 NetFlix on-demand media streaming to a Windows Desktop 

6552 Hulu plus search detection on the Apple iPad 

6553 Hulu on-demand media streaming to the Apple iPad 

6557 Opendrive Login Detection 


Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

6558 Opendrive File Upload Detection Internet N/A 

35717 


N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A

6564 Ustream mobile Android app detection 

6565 Ustream mobile Android app streaming detection 

6567 Spiceworks Client Version Detection 

6569 Foursquare app on an Android mobile device 

6570 Carbonite 'Cloud' Backup Service Detection 

6571 Carbonite 'Cloud' Backup Service Detection 

6572 MS Skydrive 'Cloud' Backup Service Detection 

6573 Sprint TV app on Android mobile devices 

6577 JustCloud 'Cloud' Backup Service Detection 

6578 JustCloud 'Cloud' Backup Service Detection 

6580 Wunderlist 'Cloud' sync Detection 

6581 Wunderlist 'Cloud' Service Detection 

6585 Salesforce Application Detection 

6586 Sugarsync 'Cloud' Backup Service Detection 

6587 Sugarsync 'Cloud' Backup Service Detection 

6588 SSL Client Hello Detection 

6590 Accessing iTunes Store on an Apple iOS device 

6591 Browsing Cydia software packages 


6593 Foursquare app on an Apple iOS mobile device 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 


N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A

6594 

6595 

Slacker application music streaming on an Android mobile 

device 

Slacker application music streaming on an Apple iOS 

mobile device 

6596 Slacker application music streaming leaking information 

6619 Microsoft Office365 Access 

6676 Windows 8 App Store Access 

6677 Windows 8 App Store Download Detected 

6678 Windows 8 Tile Services Detection 

ISC BIND Version 8 Detection 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

Internet 

Services 

PVS ID: 1000 FAMILY: DNS Servers RISK: INFO NESSUS ID:10028 

Description: The remote host is running BIND : %L 

Solution: N/A 

CVE Not available 

ISC BIND rdataset Parameter Malformed DNS Packet DoS 

PVS ID: 1001 FAMILY: DNS Servers RISK: HIGH NESSUS ID:11051 

Description: Synopsis :\n\nThe remote server is vulnerable to a Denial of Service (DoS) attack\n\nThe 

remote BIND 9 server is vulnerable to a denial of service attack. 

Solution: Upgrade to BIND 9.2.1 

CVE-2002-0400 


ISC BIND Multiple DNS Resolver Functions Remote Overflow 



N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A

Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow\n\nThe remote BIND 9 

server is vulnerable to a buffer overflow which may be exploited by an attacker to gain a 

shell on this host, or disable this service entirely. 

Solution: Upgrade to Bind 9.2.2 

CVE-2002-0684 



Description: Synopsis :\n\nThe remote host allows remote users to query it's version number\n\nIt is 

possible to determine that the remote BIND server is running BIND 9.x, even if its version 

number has been hidden, by querying it for the AUTHORS map. 

Solution: It is recommended you change the source code to prevent attackers from fingerprinting 

your server. 


ISC BIND < 8.2.3 Multiple Remote Vulnerabilities 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow\n\nThe remote BIND 

server is vulnerable to various buffer overflows which may allow an attacker to gain a root 

shell on this host 

Solution: Upgrade to bind 8.2.3 or newer 

CVE-2001-0013 




server is vulnerable to various buffer overflows which may allow an attacker to gain a root 

shell on this host 

Solution: Upgrade to bind 4.9.2 or newer 

CVE-2001-0013 




Family Internet Services 260

Description: Synopsis :\n\nThe remote host is vulnerable to multiple remote overflows\n\nThe remote 

BIND server is vulnerable to three different vulnerabilitities : \n1) The remote BIND 

server, based on its version number, if running recursive DNS functionality, is vulnerable 

to a buffer overflow.\n2) The remote BIND server is vulnerable to a denial of service 

(crash) via SIG RR elements with invalid expiry times.\n3) The remote BIND server is 

vulnerable to a denial of service.\nWhen a DNS lookup is requested on a non-existant 

sub-domain of a valid domain and an OPT resource record with a large UDP payload is 

attached, the server may fail. 

Solution: Upgrade to BIND 8.3.4 or newer 

CVE-2002-1220 

ISC BIND < 4.9.7 Inverse-Query Remote Overflow 



server, according to its version number, is vulnerable to an inverse query overflow. An 

attacker may use this flaw to gain a root shell on this host. 


CVE-1999-0009 

ISC BIND < 4.9.5 Multiple DNS Resolver Functions Remote Overflow 



server, according to its version number, is vulnerable to a remote buffer overflow within its 

resolver code. An attacker may be able to execute arbitrary code by having the remote DNS 

server make a request and send back a malicious DNS response with an invalid length field. 


CVE-2002-0684 




server is vulnerable to the SIG cached RR overflow vulnerability. An attacker may use this 

flaw to gain a shell on this system. 

Solution: Upgrade to bind 8.2.7 

CVE-2002-1221 





Description: Synopsis :\n\nTHe remote host is vulnerable to a buffer overflow\n\nThe remote BIND 




CVE-2002-1221 







CVE-2002-1219 

ISC BIND < 8.2.2-P5 Multiple Remote Vulnerabilities 



server is vulnerable to several attacks that can allow an attacker to gain root on this system. 

Solution: Upgrade to BIND 8.2.2-P5 

CVE-1999-0849 

ISC BIND Compressed ZXFR Name Service Query DoS 


Description: Synopsis :\n\nThe remote host is vulnerable to a Denial of Service (DoS) attack\n\nThe 

remote BIND server is vulnerable to the ZXFR bug that allows an attacker to disable it 

remotely. 

Solution: Upgrade to BIND 8.2.2-P7 

CVE-2000-0887 





Description: The remote host is running BIND : %L 

Solution: N/A 


ISC BIND < 8.1.2 Inverse-Query Remote Overflow 



server, according to its version number, is vulnerable to an inverse query overflow. An 

attacker may use this flaw to gain a root shell on this host. 


DNS Server Detection 

CVE-1999-0009 

PVS ID: 1016 FAMILY: DNS Servers RISK: LOW NESSUS ID:11002 

Description: An authoritative DNS server is running on this port. 

Solution: If you do not use it, disable it. 


DNS Server Zone Transfer Allowed 

PVS ID: 1017 FAMILY: DNS Servers 

RISK: 

MEDIUM 

NESSUS ID:10595 

Description: Synopsis :\n\nThe remote DNS server allows zone transfers\n\nA succesful zone transfer 

was just observed. An attacker may use the zone information to discover sensitive 

information about hosts on your network. 

Solution: Verify that you only allow zone transfers to authorized hosts. 

CVE-1999-0532 

RPC Status (rpc.statd) Service In Use 

PVS ID: 1018 FAMILY: RPC RISK: INFO NESSUS ID:Not Available 

Description: The remote host is running the RPC status service (rpc.statd). 

Solution: N/A 




RPC rstatd Service In Use 


Description: The remote host is running the RPC rstatd (rstat, rup, perfmeter, rstat_svc) service. 

Solution: N/A 


RPC rusers Service In Use 


Description: The remote host is running the RPC rusers service. 

Solution: N/A 


RPC NFS Service In Use 


Description: The remote host is running the RPC NFS (nfsprog) service. Ensure any shared filesystems 

are properly configured and require authenticated to access. 

Solution: N/A 


RPC NIS ypserv Service In Use 


Description: The remote host is running the RPC NIS Yellow Pages service (ypserv, ypprog). 

Solution: N/A 


RPC mountd Service In Use 


Description: The remote host is running the RPC mountd (mount, showmount) service. 

Solution: N/A 




RPC NIS ypbind Service In Use 


Description: The remote host is running the RPC NIS Yellow Pages ypbind service. 

Solution: N/A 


RPC walld Service In Use 


Description: The remote host is running the RPC walld (rwall, shutdown) service. 

Solution: N/A 


RPC NIS yppasswd Service In Use 


Description: The remote host is running the RPC NIS Yellow Pages yppasswd service. 

Solution: N/A 


RPC etherstatd Service In Use 


Description: The remote host is running the RPC etherstatd service. 

Solution: N/A 


RPC rquotad Service In Use 


Description: The remote host is running the RPC rquotad (rquotaprog, quota, rquota) service. 

Solution: N/A 


RPC sprayd Service In Use 




Description: The remote host is running the RPC sprayd service. 

Solution: N/A 


RPC 3270_mapper Service In Use 


Description: The remote host is running the RPC 3270_mapper service. 

Solution: N/A 


RPC rje_mapper Service In Use 


Description: The remote host is running the RPC rje_mapper service. 

Solution: N/A 


RPC selection_svc Service In Use 


Description: The remote host is running the RPC selection_svc (selnsvc) service. 

Solution: N/A 


RPC database_svc Service In Use 


Description: The remote host is running the RPC database_svc service. 

Solution: N/A 


RPC rexd Service In Use 




Description: The remote host is running the RPC rexd service. 

Solution: N/A 

RPC alis Service In Use 



Description: The remote host is running the RPC alis service. 

Solution: N/A 


RPC sched Service In Use 


Description: The remote host is running the RPC sched service. 

Solution: N/A 


RPC llockmgr Service In Use 


Description: The remote host is running the RPC llockmgr service. 

Solution: N/A 


RPC nlockmgr Service In Use 


Description: The remote host is running the RPC nlockmgr service. 

Solution: N/A 


RPC x25.inr Service In Use 




Description: The remote host is running the RPC x25.inr service. 

Solution: N/A 


RPC statmon Service In Use 


Description: The remote host is running the RPC statmon service. 

Solution: N/A 


RPC bootparam Service In Use 


Description: The remote host is running the RPC bootparam service. 

Solution: N/A 


RPC NIS ypupdated Service In Use 


Description: The remote host is running the RPC NIS Yellow Pages ypupdated service. 

Solution: N/A 


RPC keyserv Service In Use 


Description: The remote host is running the RPC keyserv service. 

Solution: N/A 


RPC sunlink_mapper Service In Use 




Description: The remote host is running the RPC sunlink_mapper service. 

Solution: N/A 

RPC tfsd Service In Use 



Description: The remote host is running the RPC tfsd service. 

Solution: N/A 


RPC nsed Service In Use 


Description: The remote host is running the RPC nsed service. 

Solution: N/A 


RPC nsemntd Service In Use 


Description: The remote host is running the RPC nsemntd service. 

Solution: N/A 


RPC showfhd Service In Use 


Description: The remote host is running the RPC showfhd service. 

Solution: N/A 


RPC ioadmd Service In Use 




Description: The remote host is running the RPC ioadmd (rpc.ioadmd) service. 

Solution: N/A 


RPC NETlicense Service In Use 


Description: The remote host is running the RPC NETlicense service. 

Solution: N/A 


RPC sunisamd Service In Use 


Description: The remote host is running the RPC sunisamd service. 

Solution: N/A 


RPC debug_svc Service In Use 


Description: The remote host is running the RPC debug_svc service. 

Solution: N/A 


RPC NIS ypxfrd Service In Use 


Description: The remote host is running the RPC NIS Yellow Pages map transfer server (rpc.ypxfrd) 

service. 

Solution: N/A 


RPC bugtraqd Service In Use 




Description: The remote host is running the RPC bugtraqd service. 

Solution: N/A 


RPC kerbd Service In Use 


Description: The remote host is running the RPC kerbd service. 

Solution: N/A 


RPC SunNet Manager event Service In Use 


Description: The remote host is running the RPC event (na.event - SunNet Manager) service. 

Solution: N/A 


RPC SunNet Manager logger Service In Use 


Description: The remote host is running the RPC logger (na.logger - SunNet Manager) service. 

Solution: N/A 


RPC SunNet sync Service In Use 


Description: The remote host is running the RPC SunNet sync (na.sync) service. 

Solution: N/A 


RPC hostperf Service In Use 




Description: The remote host is running the RPC hostperf (na.hostperf) service. 

Solution: N/A 


RPC SunNet Manager activity Service In Use 


Description: The remote host is running the RPC activity (na.activity - SunNet Manager) service. 

Solution: N/A 


RPC hostmem Service In Use 


Description: The remote host is running the RPC hostmem (na.hostmem) service 

Solution: N/A 


RPC sample Service In Use 


Description: The remote host is running the RPC sample (na.sample) service. 

Solution: N/A 

RPC x25 Service In Use 



Description: The remote host is running the RPC sample (na.x25) service. 

Solution: N/A 


RPC ping Service In Use 




Description: The remote host is running the RPC ping (na.ping) service. 

Solution: N/A 


RPC NFS (na.rpcnfs) Service In Use 


Description: The remote host is running the RPC NFS (na.rpcnfs) service. 

Solution: N/A 


RPC hostif Service In Use 


Description: The remote host is running the RPC hostif (na.hostif) service. 

Solution: N/A 


RPC etherif Service In Use 


Description: The remote host is running the RPC etherif (na.etherif) service. 

Solution: N/A 


RPC iproutes Service In Use 


Description: The remote host is running the RPC iproutes (na.iproutes) service. 

Solution: N/A 


RPC layers Service In Use 




Description: The remote host is running the RPC layers (na.layers) service. 

Solution: N/A 


RPC snmp Service In Use 


Description: The remote host is running the RPC snmp (na.snmp, snmp-cmc, snmp-synoptics, 

snmp-unisys, snmp-utk) service. 

Solution: N/A 


RPC traffic Service In Use 


Description: The remote host is running the RPC traffic (na.traffic) service. 

Solution: N/A 


RPC nfs_acl Service In Use 


Description: The remote host is running the RPC nfs_acl service. 

Solution: N/A 


RPC sadmind Service In Use 


Description: The remote host is running the RPC sadmind service. 

Solution: N/A 

RPC nisd Service In Use 





Description: The remote host is running the RPC nisd (rpc.nisd) service. 

Solution: N/A 


RPC NIS nispasswd Service In Use 


Description: The remote host is running the RPC NIS nispasswd (rpc.nispasswd) service. 

Solution: N/A 


RPC ufsd Service In Use 


Description: The remote host is running the RPC ufsd service. 

Solution: N/A 


RPC pcnfsd Service In Use 


Description: The remote host is running the RPC pcnfsd service. 

Solution: N/A 


RPC amd Service In Use 


Description: The remote host is running the RPC amd (amq) service. 

Solution: N/A 


RPC sgi_fam Service In Use 




Description: The remote host is running the RPC sgi_fam (fam) service. 

Solution: N/A 


RPC bwnfsd Service In use 


Description: The remote host is running the RPC bwnfsd service. 

Solution: N/A 


RPC fypxfrd Service In Use 


Description: The remote host is running the RPC fypxfrd (freebsd-ypxfrd) service. 

Solution: N/A 


RPC portmapper Service In Use 


Description: The remote host is running the RPC portmapper (portmap, sunrpc, rpcbind) service. 

Solution: N/A 


Superflous NFS Daemon Detection 

PVS ID: 1083 FAMILY: RPC RISK: LOW NESSUS ID:Not Available 

Description: The remote host is running an unused NFS daemon. 

Solution: Disable this service. 


RPC status Service In Use 




Description: The remote host is running the RPC status service. 

Solution: N/A 


Cyrus IMAP Server login Command Remote Overflow 

PVS ID: 1085 FAMILY: IMAP Servers RISK: HIGH NESSUS ID:11196 

Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow\n\nAccording to its 

banner, the remote Cyrus IMAP server is vulnerable to a pre-login buffer overrun. An 

attacker without a valid login could exploit this, and would be able to execute arbitrary 

commands as the owner of the Cyrus process. This would allow full access to all users' 

mailboxes. More information : http://online.securityfocus.com/archive/1/301864 

Solution: If possible, upgrade to an unaffected version. However, at the time of writing no official fix 

was available. There is a source patch against 2.1.10 in the Bugtraq report. 

IMAP Server Detection 


PVS ID: 1086 FAMILY: IMAP Servers RISK: INFO NESSUS ID:11414 

Description: An IMAP server is running on this port. According to the banner, it is :\n %L 

Solution: N/A 


UoW imapd (UW-IMAP) Multiple Command Remote Overflows 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow\n\nThere is a buffer 

overflow in the remote IMAP4 server which allows an authenticated user to obtain a 

remote shell. 

Solution: upgrade your imap server or use another one 

CVE-2000-0284 

UoW imapd (UW-IMAP) BODY Request Remote Overflow 

PVS ID: 1088 FAMILY: IMAP Servers 


RISK: 

MEDIUM 




overflow in the remote imap server which allows an authenticated user to obtain a remote 

shell. By supplying an overly long tag the the BODY command, an attacker may gain a 

shell on this host. 

Solution: Upgrade to imap-2001a 

CVE-2002-0379 

Atrium MERCUR Mailserver Local Traversal Arbitrary File Access 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote system is vulnerable to an information disclosure flaw\n\nThe 

remote imap server is Mercur Mailserver 3.20. There is a flaw in this server (present up to 

version 3.20.02) which allows any authenticated user to read any file on the system. This 

includes other users mailboxes, or any system file. Warning : this flaw has not been 

actually checked but was deduced from the server banner 

Solution: There was no solution ready when this vulnerability was written; Please contact the vendor 

for updates that address this vulnerability. 

CVE-2000-0318 

Ipswitch IMail 5.0 Multiple Remote Overflows 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow\n\nA buffer overflow in 

the remote IMAP server allows an intruder to execute arbitrary code on this host. 

Solution: Upgrade your IMAP server to the newest version. 

CVE-1999-1557 

Yak! FTP Server Default Credentials 

PVS ID: 1091 FAMILY: FTP Servers 

RISK: 

MEDIUM 

NESSUS ID:Not Available 

Description: Synopsis :\n\nThe remote FTP Server is running with known default credentials\n\nYak 

uses the FTP protocol to transfer files. Yak UserID and/or password may be a static value. 

Versions prior to 2.1.0 have known default credentials. An attacker can use this flaw to 

send arbitrary data to client machines. 

Solution: Change the password for the default 'Yak' account. 




Netscape Messaging Server IMAP LIST Command Remote Overflow 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow\n\nThere may be a buffer 


shell. 

Solution: Upgrade to the latest version. 

CVE-2000-0961 

UoW imapd (UW-IMAP) Multiple Command Remote Overflows 




shell. 

Solution: Upgrade imap-2000 or higher. 

CVE-2000-0284 

MDaemon IMAP Service CREATE Command Mailbox Name Handling Overflow 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow\n\nIt is possible to crash 

the remote MDaemon server by supplying an oversized argument to the CREATE imap 

command. An attacker may use this flaw to prevent other users from fetching their email. It 

will also crash other MDaemon services (SMTP, POP), thus preventing this server from 

receiving any email as well, or even to execute arbitrary code on this host with the 

privileges of the mdaemon IMAP daemon. 

Solution: Upgrade to MDaemon 6.7.10 or later. 

CVE-2003-1470 

Mozilla IMAP Client literal_size Remote Overflow 

PVS ID: 1095 FAMILY: IMAP Servers RISK: HIGH NESSUS ID:Not Available 

Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow\n\nThe remote e-mail 

client is Mozilla 1.3 or 1.4a which is vulnerable to a boundary condition error whereby a 

malicious IMAP server may be able to crash or execute code on the client. 

Solution: Upgrade to either 1.3.1 or 1.4a. 

CVE-2003-0298 



Microsoft Outlook Express IMAP Client literal_size Remote Overflow 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow\n\nThe remote 

e-mail client is Microsoft Outlook Express 6.00.2800.1106 which is vulnerable to 

a boundary condition error whereby a malicious IMAP server may be able to crash 

or execute code on the client. 

Solution: Install latest OE service pack. 

CVE-2003-0301 

QUALCOMM Eudora IMAP Client literal_size Remote Overflow 


RISK: 

MEDIUM 



client is Eudora 5.2.1 which is vulnerable to a boundary condition error whereby a 


Solution: Contact vendor or upgrade to latest version. 

CVE-2003-0302 

Sylpheed IMAP Client literal_size Remote Overflow 

PVS ID: 1098 FAMILY: SMTP Clients 

RISK: 

MEDIUM 



client is Sylpheed 0.8.11 which is vulnerable to a boundary condition error whereby a 


Solution: Upgrade to latest version. 

CVE-2003-0300 

Pine c-client IMAP Client literal_size Remote Overflow 



client is Pine 4.53 which is vulnerable to a boundary condition error whereby a malicious 

IMAP server may be able to crash or execute code on the client. 

Solution: Upgrade to latest version of Pine. 

CVE-2003-0297 



E-mail Client Detection 

PVS ID: 1100 FAMILY: SMTP Clients RISK: NONE NESSUS ID:Not Available 

Description: The remote host is running the following e-mail client: %L 

Solution: N/A 


UoW imapd (UW-IMAP) AUTHENTICATE Command Remote Overflow 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow\n\nThe remote UW-IMAP 

server has a buffer overflow bug when it processes the argument of the AUTHENTICATE 

command. An attacker may exploit this flaw to gain a root shell on this host 

Solution: Upgrade uw-imap to its latest version. 

CVE-1999-0005 

WinRoute Proxy Detection 

PVS ID: 1102 FAMILY: Web Clients RISK: INFO NESSUS ID:Not Available 

Description: Synopsis :\n\nThe remote proxy may pass local user credentials to a malicious external 

website\n\nThe remote client is utilizing a WinRoute Proxy. Some versions of this proxy 

have a bug wherein client Proxy authorization is forwarded to remote web servers. As a 

result, a malicious web server can retrieve the user's Proxy UserID and password. Versions 

of Winroute up to 5.1.4 are affected by this vulnerability. 

Solution: Upgrade to 5.1.4 or later. 


Weak SSL Ciphers Supported 

PVS ID: 1103 FAMILY: Web Servers 

RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote SSL server is configured to use weak encryption\n\nThe SSL 

server allows clients to connect using weak (export grade) Ciphers. As these ciphers are 

more easily cracked or hijacked, there is the potential of a remote session being taken over 

or observed. There is a risk of potential loss of confidential data. 

Solution: Disable weak ciphers on the TLS/SSL server. 






RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote SSL Server is configured to use weak encryption\n\nThe SSL 







PVS ID: 1105 FAMILY: Web Servers RISK: LOW NESSUS ID:10863 

Description: Synopsis :\n\nThe remote SSL Server is configured to use weak encryption\n\nThe SSL 






Internet Key Exchange (IKE) Server Detection 

PVS ID: 1106 FAMILY: Generic 

RISK: 

MEDIUM 


Description: The remote host seems to be enabled to do Internet Key Exchange (IKE). This is typically 

indicative of a VPN server. VPN servers are used to connect remote hosts into internal 

resources. You should ensure that: the VPN is authorized for your Companies computing 

environment, the VPN utilizes strong encryption and that the VPN utilizes strong 

authentication. 

Solution: Contact your VPN vendor to ensure that you are operating at a security level commensurate 

with the assets being protected. 


Cisco IOS Version Detection 

PVS ID: 1107 FAMILY: Operating System Detection RISK: INFO NESSUS ID:Not Available 

Description: The remote host is running Cisco IOS version %L 

Solution: N/A 




SQL Server Cleartext 'sa' Account NULL Password Attempted Login 

PVS ID: 1108 FAMILY: Database 

RISK: 

MEDIUM 


Description: The remote client attempted to log into a SQL database with the 'sa' password set to NULL 

Solution: Ensure that the client is authorized and running with the proper encryption and 

authentication schemes for your Corporate environment. 


SQL Server Cleartext 'sa' Account 'sa' Password Attempted Login 


RISK: 

MEDIUM 


Description: The remote client attempted to log into a SQL database with the 'sa' password set to 'sa' 




SQL Server Cleartext 'sa' Account 'password' Password Attempted Login 


RISK: 

MEDIUM 


Description: The remote client attempted to log into a SQL database with the 'sa' password set to 

'password' 


authentication schemes for your Corporate environment 


SQL Server Cleartext 'sa' Account 'administrator' Password Attempted Login 


RISK: 

MEDIUM 


Description: The remote client attempted to log into a SQL database with the 'sa' password set to 

'administrator' 





SQL Server Cleartext 'sa' Account 'admin' Password Attempted Login 



RISK: 

MEDIUM 


Description: The remote client attempted to log into a SQL database with the 'sa' password set to 'admin' 




SQL Server Cleartext 'admin' Account 'administrator' Password Attempted Login 


RISK: 

MEDIUM 


Description: The remote client attempted to log into a SQL database with the 'admin' password set to 





SQL Server Cleartext 'admin' Account 'password' Password Attempted Login 


RISK: 

MEDIUM 



'password' 




SQL Server Cleartext 'admin' Account 'admin' Password Attempted Login 


RISK: 

MEDIUM 



'admin' 





SQL Server Cleartext 'probe' Account 'probe' Password Attempted Login 



RISK: 

MEDIUM 


Description: The remote client attempted to log into a SQL database with the 'probe' password set to 

'probe' 




SQL Server Cleartext 'probe' Account 'password' Password Attempted Login 


RISK: 

MEDIUM 


Description: The remote client attempted to log into a SQL database with the 'probe' password set to 

'password' 




SQL Server Cleartext 'sql' Account 'sql' Password Attempted Login 


RISK: 

MEDIUM 


Description: The remote client attempted to log into a SQL database with the 'sql' password set to 'sql' 




SQL Server Cleartext 'sa' Account 'sql' Password Attempted Login 


RISK: 

MEDIUM 


Description: The remote client attempted to log into a SQL database with the 'sa' password set to 'sql' 




SNMP Version 3 Detection 


PVS ID: 1120 FAMILY: Generic RISK: LOW NESSUS ID:Not Available 


Description: The remote host responds to SNMP v3 queries. It is likely that the host is configured for 

remote administration. 

Solution: Ensure that the instance of SNMP is configured within corporate standards and security 

policies. 


SQL Server Cleartext 'sa' Account 'NULL' Password Authentication 

PVS ID: 1121 FAMILY: Database RISK: HIGH NESSUS ID:10862 

Description: Synopsis :\n\nThe remote database has set the Administrator password to NULL\n\nThe 

remote SQL server allows logins with the 'sa' password set to NULL 

Solution: Require the SQL server to utilize an encrypted login and ensure that passwords are not 

trivially guessed. 


SQL Server Cleartext 'sa' Account 'sa' Password Authentication 


Description: Synopsis :\n\nThe remote database is configured with easily guessed (or default) 

Administrative passwords\n\nThe remote SQL server allows logins with the 'sa' password 

set to 'sa' 




SQL Server Cleartext 'sa' Account 'password' Password Authentication 


Description: Synopsis :\n\nThe remote database is configured with easily guessed (or default) 

Administrative passwords\n\nThe remote SQL server allows logins with the 'sa' password 

set to 'password' 





SQL Server Cleartext 'sa' Account 'administrator' Password Authentication 



Description: Synopsis :\n\nThe remote host is configured with default or easily-guessed 

credentials\n\nThe remote SQL server allows logins with the 'sa' password set to 





SQL Server Cleartext 'sa' Account 'admin' Password Authentication 



credentials\n\nThe remote SQL server allows logins with the 'sa' password set to 'admin' 




SQL Server Cleartext 'admin' Account 'administrator' Password Authentication 



credentials\n\nThe remote SQL server allows logins with the 'admin' password set to 





SQL Server Cleartext 'admin' Account 'admin' Password Authentication 




'admin' 





SQL Server Cleartext 'probe' Account 'probe' Password Authentication 




credentials\n\nThe remote SQL server allows logins with the 'probe' password set to 'probe' 




SQL Server Cleartext 'probe' Account 'password' Password Authentication 



credentials\n\nThe remote SQL server allows logins with the 'probe' password set to 

'password' 




SQL Server Cleartext 'sql' Account 'sql' Password Authentication 



credentials\n\nThe remote SQL server allows logins with the 'sql' password set to 'sql' 




SQL Server Cleartext 'sa' Account 'sql' Password Authentication 



credentials\n\nThe remote SQL server allows logins with the 'sa' password set to 'sql' 





SQL Server Cleartext 'admin' Account 'password' Password Authentication 





'password' 




Web Server SSLv3 Detection 

PVS ID: 1133 FAMILY: Web Servers RISK: LOW NESSUS ID:Not Available 

Description: The web server on this port is tunneling traffic through SSL version 3. 

Solution: N/A 




Description: The server on this port is tunneling traffic through SSL version 2. 

Solution: N/A 




RISK: 

MEDIUM 


Solution: Disable SSLv1 in favor of stronger encryption such as TLSv1 or SSLv3. 


lftp HTTP Directory Name Handling Remote Overflow 


PVS ID: 1136 FAMILY: Web Clients RISK: HIGH NESSUS ID:Not Available 

Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow\n\nThe client is using a 

version of lftp less than 2.6.10. This version is vulnerable to a remote buffer overflow from 

a malicious server. 

Solution: Upgrade to version 2.6.10 or later. 



CVE-2003-0963 

Symantec Antivirus LiveUpdate Local Privilege Escalation 


Description: The remote host is running an instance of Symantec Anti-virus. The host is also 

configured to automatically update virus signatures via LiveUPDATE. Depending 

on the version, this may allow a local user to gain elevated privileges. 

Solution: Larger companies will wish to distribute virus pattern files via a central, internal 

update site. For large companies, individual users accessing Internet updates will tend 

to decrease bandwidth and cause undue congestion on the network. 

CVE-2003-0994 

Policy - SETI@HOME Client Detection 


Description: Synopsis :\n\nThe remote host is running client software which may be considered 

questionable.\n\nThe remote client is running the SETI@HOME application which is used 

to maximize spare CPU cycles within a workstation in order to Search for Extra Terrestrial 

Intelligence. While it does not usually interfere with operations on the local machine, it has 

the possibility of taking up bandwidth while downloading work updates. 

Solution: Ensure that the application is allowed within your environment. 


SHOUTcast Media Server Detection 


Description: The remote server is running the SHOUTcast media server: %L 

Solution: Ensure that this instance of SHOUTcast meets corporate and security guidelines. 



Elm frm Command Mail Subject Line Handling Remote Overflow 

PVS ID: 1140 FAMILY: SMTP Clients RISK: HIGH NESSUS ID:Not Available 

Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow\n\nThe remote host is 

running Elm 2.5.6 or older, which contains a buffer overflow which might be triggered 

remotely. To exploit it, an attacker would need to send a malicious email to a user of this 

hosts. 

Solution: Upgrade to the latest version of Elm (available at http://www.instinct.org/elm). 


CVE-2003-0966 

Trojan/Backdoor - W32/Bagle Virus Detection 

PVS ID: 1141 FAMILY: Backdoors RISK: HIGH NESSUS ID:Not Available 

Description: Synopsis :\n\nThe remote host has a backdoor installed.\n\nThe remote host seems to be 

infected with the W32/Bagle virus. 

Solution: Using your corporate standard for Anti-virus, update your pattern files and manually scan 

the machine. 


TrueWeather Application Detection 

PVS ID: 1142 FAMILY: Generic RISK: INFO NESSUS ID:Not Available 


questionable.\n\nTrueWeather is a program which runs on a client workstation. The 

program routinely polls a parent server and downloads information such as weather reports 

and news. The program may, under certain circumstances, take up bandwidth while 

downloading. A network with too many instances of TrueWeather may notice a 

degradation in network performance during update periods. 

Solution: Ensure that this application is appropriate for your environment. 


Trojan/Backdoor - MyDOOM/NoVarg Detection 

PVS ID: 1143 FAMILY: Backdoors RISK: HIGH NESSUS ID:12029 

Description: Synopsis :\n\nThe remote host has a backdoor installed.\n\nThe remote machine is infected 

with the MyDOOM/NoVarg virus/backdoor. 

Solution: Remove the virus using your Corporate standard for anti-virus. 


NTP Server Protocol Version 3 Detection 


Description: The remote server is Running an NTP (protocol version 3) server service (Stratum 2) which 

is used to synchronize time amongst multiple machines 

Solution: Ensure that this server is authorized and running in compliance with Corporate standards 

and Security guidelines 




RADIUS Server Failed Login Detection 


RISK: 

MEDIUM 


Description: The remote host is a RADIUS server. In addition, a login into this host just failed. 

realtime 

Solution: Ensure that this server is authorized and running in compliance with corporate standards 

and security guidelines. Ensure that the failed logins are valid mistakes, and not malicious 

cracking attempts. 




Description: The remote server is Running a Network Time Protocol (NTP) protocol version 1 server 

service (Stratum 2) which is used to synchronize time amongst multiple machines. 


and security guidelines. 


Crob FTP Server Connection Saturation Remote DoS 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nThe remote CROB 

FTP Server is vulnerable to multiple overflows when issued standard FTP commands. 

Solution: Upgrade your version of CROB FTP Server. 

CVE-2004-0282 



Description: The remote server is Running a Network Time Protocol (NTP) protocol version 3 server 



and security guidelines. 






Description: The remote server is running a Network Time Protocol (NTP) protocol version 2 server 



and Security guidelines. 
















smallftpd Crafted RETR Command Remote Overflow DoS 


RISK: 

MEDIUM 



remote FTP server (smallftpd) is vulnerable to a flaw that may allow a remote user to crash 

the server if the user specifies an overly long RETR command. Note that the remote user 

must have a valid username and password to exploit this flaw. 

Solution: Restrict access to trusted users. 

CVE-2004-0299 

Windows RDP / Terminal Services Detection 




Description: The remote host is running Terminal Services or Remote Desktop Protocol (RDP). This 

protocol is used to manage remote servers and is installed, by default, on Windows XP 

Systems. An attacker can use this port to brute force the user accounts present on the 

server. 

Solution: Ensure that RDP is required for the machine in question. 

CVE-2001-0540 

RIP Router Version 1 Detection 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is running an inherently insecure protocol or 

application\n\nThe remote host is running with Routing Information Protocol (RIP) version 

1 enabled, an inherently insecure protocol. It is probably a router. 

Solution: Either upgrade the protocol version of RIP, or use another routing protocol. 


RIP Router Version 2 Detection 


Description: The remote host is running with Routing Information Protocol (RIP) version 2 

enabled. It is probably a router. 

Solution: Ensure that the router meets the corporate policies and guidelines concerning 

internetworking equipment. 


Novell GroupWise Internet Mail Server Detection 

PVS ID: 1156 FAMILY: SMTP Servers RISK: LOW NESSUS ID:Not Available 

Description: The remote host is running the Novell GroupWise mail server. 

Solution: Ensure that this server is running within corporate guidelines. 


NetWare Apache Web Server Detection 




Description: The remote host is running Apache web server on Novell NetWare. 

Solution: N/A 


eEye Retina Scanner Detection 

PVS ID: 1158 FAMILY: Policy 

RISK: 

MEDIUM 



questionable\n\nThe remote host is running an instance of eEye Retina vulnerability 

scanner. 

Solution: Ensure that the owner of this machine is scanning within corporate policy. 


Nessus Scanner Detection 


RISK: 

MEDIUM 



questionable\n\nThe remote host is running the Nessus vulnerability scanner. 

Solution: Ensure that the scanner is being used in a responsible and authorized manner. 


Sami HTTP Server 1.0.4 GET Request Remote Overflow 

PVS ID: 1160 FAMILY: Web Servers RISK: HIGH NESSUS ID:12073 

Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow\n\nThe remote host seems 

to be running Sami HTTP Server v1.0.4 or older. A vulnerability has been reported for 

Sami HTTP server v1.0.4. An attacker may be capable of corrupting data such as return 

address, and thereby control the execution flow of the program. This may result in denial of 

service or execution of arbitrary code. 

Solution: Use another web server since Sami HTTP is not maintained any more. 

CVE-2004-0292 


Jigsaw < 2.2.4 URI Parsing Remote Code Execution 



Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow\n\nThe remote host 

appears to be running a version of the Jigsaw web server which is older than 2.2.4. This 

version is vulnerable to a bug in the way it parses URI. An attacker might exploit this flaw 

to execute arbitrary code on this host. 


CVE-2004-2274 

Kerberos Version 5 Server Detection 

PVS ID: 1162 FAMILY: Generic RISK: HIGH NESSUS ID:11512 

Description: The remote host is running Kerberos 5. There are several vulnerabilities associated with 

this software. 

Solution: Ensure that this instance of Kerberos is in keeping with corporate standards and security 

guidelines. 

CVE-2003-0139 

MIT Kerberos 4 Multiple Vulnerabilities 



application\n\nThe remote host is running Kerberos 4. It has been demonstrated that the 

Kerberos 4 protocol has inherent design flaws that make it insecure to use. 

Solution: Upgrade to Kerberos 5. If you run Kerberos 5 with Kerberos 4 backward compatibility, 

make sure you upgrade to version 1.3. 

CVE-2003-0139 

Kerberos Version 5 Server Detection 


Description: The remote host is running Kerberos 5. Kerberos 5 contains multiple vulnerabilities 

depending on the version and configuration. 

Solution: Ensure that this instance of Kerberos is in keeping with Corporate standards and 

Security guidelines. Upgrade to the latest version if required. 

CVE-2002-0036 

SAMI FTP Server Multiple DoS 



RISK: 

MEDIUM 



Description: Synopsis :\n\nThe remote host is vulnerable to multiple Denial of Service (DoS) 

attacks\n\nThe remote host is running SAMI FTP server. There is a bug in the way some 

versions of this server handles certain FTP command requests which may allow an attacker 

to trigger a remote Denial of Service (DoS) attack against the server. 

Solution: Ensure that your version of SAMI FTP server is patched to the latest revision. 

CVE-2004-2081 

Xlight FTP Server < 1.53 RETR Command Remote Overflow 


RISK: 

MEDIUM 



running XLight FTP server. There is a bug in the way this server handles arguments to the 

RETR command that may allow an attacker to trigger a buffer overflow against this server, 

potentially allowing him to disable this server remotely or to execute arbitrary code. 

Solution: Upgrade XLight Server to version 1.53 or later. 

CVE-2004-0255 

Apache-SSL < 1.3.29 / 1.53 SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery 


Description: Synopsis :\n\nThe remote server is configured to allow a potential bypass of 

authorization\n\nThe remote host is running a version of ApacheSSL which is older than 

1.3.29/1.53. This version is vulnerable to a flaw which may allow an attacker to make the 

remote server forge a client certificate. 

Solution: Upgrade to version ApacheSSL 1.3.29/1.53 or later. 

CVE-2004-0009 

Serv-U FTP Server < 4.2 SITE CHMOD Command Handling Overflow 

PVS ID: 1168 FAMILY: FTP Servers RISK: HIGH NESSUS ID:12037 


running Serv-U FTP server. There is a bug in the way this server handles arguments to the 

SITE CHMOD requests which may allow an attacker to trigger a buffer overflow against 

this server, which may allow him to disable this server remotely or to execute arbitrary 

code on this host. 

Solution: Upgrade Serv-U FTP Server version 4.2 or later. 

CVE-2004-2533 



Finjan SurfinGate Proxy FHTTP Command Admin Functions Authentication Bypass 


Description: Synopsis :\n\nThe remote proxy can be tricked into executing commands\n\nThe remote 

host is running a Finjan proxy. It may be possible to use this proxy and force it to connect 

to itself, to then issue administrative commands to this service. An attacker may use this 

flaw to force this proxy to restart continuously, although other administrative commands 

might be executable. 

Solution: Block all connections to '*:ControlPort' 

CVE-2004-2107 

PPTP Set-Link-Info - Setup of PPTP VPN Channel Detection 


RISK: 

MEDIUM 



questionable\n\nThe remote host has created a PPTP VPN connection. You should ensure 

that this sort of connection is authorized within existing Company guidelines or policies. 

Solution: Block port 1723 and ensure this connection is authorized. 


HTTP Based ZIP File Download Detection 

PVS ID: 1171 FAMILY: Web Clients RISK: LOW NESSUS ID:Not Available 

Description: An HTTP transfer of a file compressed with the ZIP algorithm was just observed. This file 

may contain malicious code, or content that may not be subjected to any content filtering in 

place. However, if the host attempting the download is a web server, email server or other 

server, this behavior may be indicative of a system compromise. 

Solution: Block all HTTP requests with content type: application/zip, and ensure a content filtering 

system is in place that handles ZIP compressed files. 


LDAP Server NULL Bind Detection 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote LDAP server allows NULL connections\n\nThe remote server is 

an LDAP server. Further, it appears as if the server allows NULL BIND requests. If this is 

an internal server, then this is considered an acceptable configuration. 

Solution: Ensure that this server is authorized with respect to Corporate standards and policies. 



SMTP Server Inbound .exe Attachment Detection 


Description: PVS has noted an inbound mail message that contained a .exe attachment. CAVEAT: PVS 

was not able to determine whether or not the SMTP server actually processed the email 

message. 

Solution: If applicable, block incoming .exe attachments. Ensure antivirus and malware 

detection is deployed. 

TFTP Server Detection 


PVS ID: 1174 FAMILY: FTP Servers RISK: NONE NESSUS ID:11819 

Description: The remote host is running a TFTPD server. This server allows for unauthenticated file 

transfer to and from the host. 

Solution: If you do not require this TFTP service, disable it. 


TYPSoft FTP Server < 1.11 Invalid Path Request DoS 



remote host seems to be running TYPSoft FTP 1.10 or earlier. TYPESoft FTP Server is 

prone to a remote denial of service vulnerability that may allow an attacker to cause the 

server to crash. 

Solution: Upgrade to version 1.11 or later. 

CVE-2004-0325 

Windows NT FTP Server (WFTP) Pro Server < 3.21 Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote host is vulnerable to multiple issues\n\nThe remote server is 

running a potentially vulnerable version of WFTPD. There are at least one remote 

stack-based buffer overflows and two remote Denial of Service (DoS) attacks that WFTPD 

is vulnerable to. 

Solution: Upgrade to WFTP 3.21 or later. 



CVE-2004-0341 

Zebra Routing Software Detection 


Description: The remote host is running the open source Zebra routing daemon. This daemon is 

capable of routing RIP, OSPF, and BGP traffic. 

Solution: Ensure that this software is running within the boundaries of existing corporate and security 

policies. 


GHOST UDP Network Client Detection 


Description: The remote host is a GHOST client which looks for a GHOST server and, if found, 

downloads a bootable image at system startup. 

Solution: Ensure that this protocol is secured and within corporate and security policies and 

guidelines. This traffic should never be seen on an external (DMZ or Extranet) segment. 

CVS Software Detection 



Description: The remote client is using CVS to synchronize files. 

Solution: Ensure that the client is operating under the guidelines as set forth by corporate and security 

policies. Further, examine the possibility of securing the CVS session by using CVS over 

SSH. 


CVS < 1.11.10 / 1.12.3 pserver Crafted Module Request Arbitrary File / Directory Creation 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host allows unauthorized users to create or modify 

files/directories\n\nThe remote CVS server, according to its version number, may allow an 

attacker to create directories and possibly files at the root of the filesystem holding the CVS 

repository. 

Solution: Upgrade CVS to 1.11.10, 1.12.3 or later. 

CVE-2003-0977 



CVS pserver CVSROOT Passwd File Arbitrary Code Execution 


Description: Synopsis :\n\nAn attacker may execute arbitrary commands on the remote system\n\nThe 

remote CVS server, according to its version number, might allow an attacker to execute 

arbitrary commands on the remote system as cvs does not drop root privileges properly. 

Solution: Upgrade to most recent version of CVS 

Witty Worm Detection 




vulnerable to a series of remote vulnerabilities to the ISS IDS engine. In addition, network 

traffic seems to indicate that the machine was compromised by a worm (Witty) which 

spreads via these ISS vulnerabilities. 

Solution: The Witty worm corrupts the victim's hard drive. The victim Operating System must be 

reinstalled. 

CVE-2004-0362 

Policy - iroffer Software Detection 

PVS ID: 1183 FAMILY: Backdoors RISK: INFO NESSUS ID:Not Available 


questionable\n\nThe remote system appears to have iroffer. This program allows the 

machine to be used as an IRC fileserver. Iroffer and such bots are most common in warez 

and illegal file transfer agents. 

Solution: Locate and eliminate the application serving this traffic. 




















Policy - Time of Defiance Gaming Client Detection 

PVS ID: 1186 FAMILY: Policy RISK: INFO NESSUS ID:Not Available 


questionable\n\nThe remote client is playing the Internet-based 'Time of Defiance' Network 

strategy game. 

Solution: Ensure that this sort of gaming is in alignment with corporate and security standards. 


Policy - BattleField 1942 Network Gaming Server Detection 



questionable\n\nThe remote Server is hosting a 'BattleField 1942' Network Game Server. 

Solution: Ensure that this gaming server is in alignment with corporate and security policies. 


Mutt < 1.4.2 menu.c menu_pad_string Function Index Menu Code Remote Overflow DoS 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow\n\nMutt 1.4.1 and older 

versions are vulnerable to a buffer overflow vulnerabilty in the code which is used to draw 

menus on screen. An attacker could exploit this flaw to prevent a user from reading his mail 

using this client (thus corrupting a full mailbox), or possibly to execute code remotely. 

Solution: Upgrade to Mutt 1.4.2 or later. 

CVE-2004-0078 


Policy - Command and Conquer Gaming Server Detection 




questionable\n\nThe remote host is a Command and Conquer Game Server. 

Solution: Ensure that this sort of gaming is in alignment with corporate and security policies 


Policy - Quake Gaming Server Detection 



questionable\n\nThe remote client is a Quake gaming client. Many games utilize the 

'Quake' Gaming Protocol. The presence of this traffic indicates that individuals are playing 

network-based games. 

Solution: Ensure that this gaming is in alignment with corporate and security policies. 


Policy - America's Army Game Client Detection 



questionable\n\nThe remote client is running the 'Americas Army' game. This is an action 

game which allows users to play against opponents on both the Internet and Local Area 

Network (LAN). 



Policy - Unreal Gaming Server Detection 



questionable\n\nThe remote server is acting as an Unreal Tournament Server. Depending 

on the configuration, Internet or LAN gaming clients can connect to the machine and play 

Unreal Tournament. 




Policy - Unreal Tournament Gaming Client Detection 




questionable\n\nThe remote client is running the Unreal Tournament game. 

Solution: Ensure that this sort of gaming is in alignment with corporate and security policies. 


Policy - Civilization III Gaming Server Detection 



questionable\n\nThe remote client is a Civilization Gaming client. The presence of this 

traffic indicates that individuals are playing network-based games. 



FTP Based ZIP File Download Detection 

PVS ID: 1195 FAMILY: FTP Clients RISK: LOW NESSUS ID:Not Available 

Description: PVS has detected a FTP transfer of a file compressed with the ZIP algorithm. This file may 

contain malicious code, but probably not a direct threat. However, if the host attempting the 

download is a web server, email server, or other server, this behavior may be indicative of a 

system compromise. 

Solution: Deploy a FTP proxy and block all the downloads of files ending in .zip. In addition, ensure 

desktop computers have anti-virus software. 


BGP Routing Protocol Open Message Detection 


Description: The remote host is advertising the BGP routing protocol. 

Solution: Ensure that BGP is authorized with respect to network policies. If not needed, block access 

to port 179. 


Policy - Halo LAN Gaming Client Detection 





questionable\n\nThe remote client is running the Halo Local Area Network (LAN) Game. 

Solution: Ensure that this sort of gaming is in alignement with corporate and security policies. 


Windows Media Service Server Detection 


Description: The remote server is running the Windows Media Service Server. This server is used to 

stream media to remote clients. 

Solution: You should ensure that this server is within corporate and security policies. 


BGP Keep Alive Message Detection 


Description: This event signifies that a BGP speaking system is trying to maintain connectivity with 

other BGP systems. The traffic is benign in nature, however it does reveal who is currently 

speaking BGP on your network. 

Solution: Ensure BGP traffic is intended to be deployed on this network. Block port 179 if necessary. 


BGP Keep Alive Message Detection 


Description: This event signifies that a BGP speaking system is trying to maintain connectivity with 

other BGP systems. The traffic is benign in nature, however it does reveal who is currently 

speaking BGP on your network. 

Solution: Ensure BGP traffic is intended to be deployed on this network. Block port 179 if necessary. 


Policy - DirectX Gaming Server Detection 



Description: Synopsis :\n\nThe remote host is running client software that may be considered 

questionable\n\nThe remote server is a Microsoft DirectX Game Server. You should ensure 

that the gaming server is in alignment with corporate and security standards. 


Solution: If not required, disable the game server. 


Trojan/Backdoor - PhatBOT Detection 


Description: Synopsis :\n\nThe remote host can be remotely controlled by a malicious user\n\nThe 

remote systems appears to have PhatBOT installed. This program allows the machine to be 

controlled via a P2P network. PhatBOT is extremely sophisticated and allows the remote 

attacker to use the victim machine to perform various actions. 

Solution: Remove the trojan software from the infected machine and consider re-installing the 

operating system. 


Policy - HALO Internet Gaming Client Detection 



questionable\n\nThe remote client is playing the Internet-based action game, HALO. 

HALO is a game wherein users from across the Internet can play against each other via 

central Internet servers. 



Policy - BattleField 1942 Gaming Client Detection 



questionable\n\nThe remote client is running a 'BattleField 1942' network game. 



Apache HTTP Server < 2.0.49 mod_ssl Plain HTTP Request DoS 



RISK: 

MEDIUM 



remote host appears to be running a version of Apache 2.x which is older than 2.0.49. 

There is a bug in the mod_ssl module that ships with Apache 2.0.35 to 2.0.48 that makes it 

vulnerable to a remote denial of service. An attacker may exploit this flaw by issuing 


malformed SSL commands when connecting to the remote host, and may therefore use it to 

prevent HTTPS from working. 

Solution: Upgrade to Apache/2.0.49 or later. 

CVE-2004-0113 

Courier < 0.45 Japanese Codeset Conversion Overflows 

PVS ID: 1206 FAMILY: SMTP Servers RISK: HIGH NESSUS ID:12102 

Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow\n\nThe remote mail server 

is the Courier MTA. There is a buffer overflow in the Japanese codeset conversion 

functions of this software that may allow an attacker to execute arbitrary code on this host. 

Solution: Upgrade to Courier 0.45 or later. 

CVE-2004-0224 

Trojan/Backdoor - Agobot.FO Detection 


Description: Synopsis :\n\nThe remote host has a backdoor installed\n\nThe remote host has the 

Agobot.FO backdoor installed. This backdoor is known to scan local networks for 

common Microsoft vulnerabilities, scan local networks for exploitable DameWare 

systems, brute force local Microsoft machine User accounts, connect to an IRC 

channel and setup a BOT for remote command execution. 

Solution: This backdoor should be immediately removed from the infected systems and 

manually cleaned. 


WU-FTPD < 2.6.3 Multiple Vulnerabilities 


Description: Synopsis :\n\nAn attacker may be able to access directories outside the FTP root\n\nThe 

remote host is running wu-ftpd 2.6.2 or older. There is a bug in this version which may 

allow an attacker to bypass the restricted-gid feature and gain unauthorized access to 

otherwise restricted directories. In addition, this version is prone to a remote overflow in 

the S/KEY authentication. 

Solution: Upgrade to wu-ftpd 2.6.3 or later. 

CVE-2004-0185 

MetaSploit Framework Web Server Detection 


PVS ID: 1209 FAMILY: Web Servers RISK: INFO NESSUS ID:Not Available 



questionable.\n\nThe remote server is running a MetaSploit Framework server. Metasploit 

allows users to easily exploit and backdoor vulnerable applications via the network. The 

fact that there is one running on your network may be indicative of a penetration testing 

team or malicious individual exploiting weaknesses on the network.\nFor your information, 

the remote server is running %L 

Solution: Ensure that this server is sanctioned by policy and guidelines regarding acceptable 

network usage. 


Courier IMAP Server < 3.0.7 Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow\n\nThe remote mail server 

is the Courier-IMAP imap server. Versions of Courier-IMAP prior to 3.0.7 are prone to a 

remote buffer overflow and a remote format string vulnerability. 

Solution: If applicable, upgrade to Courier-Imap 3.0.7 or later. 

CVE-2004-0777 

HP Jet Admin 7.x Traversal Arbitrary Command Execution 


Description: Synopsis :\n\nThe remote host is vulnerable to a directory traversal flaw\n\nThe remote 

host is an HP Web JetAdmin server. 7.X versions of this server are vulnerable to a 

directory traversal attack which can reveal the contents of arbitrary files, or be used to 

execute arbitrary commands. 

Solution: Set a password for the JetAdmin and ensure that you are running the latest version of the 

Webserver software. In addition, the device supports IP-based Access Control Lists (ACLs) 

which can be used to restrict access to only valid administrators. 



Squid Proxy < 2.5.STABLE6 %xx URL Encoding ACL Bypass 


Description: Synopsis :\n\nThe remote host is vulnerable to a flaw which allows for the bypassing of 

authentication\n\nThe remote squid caching proxy, according to its version number, is 

vulnerable to a flaw that may allow an attacker to gain access to unauthorized resources. 

The flaw in itself consists of sending a malformed username containing the %00 (null) 

character, that may allow an attacker to access otherwise restricted resources. 

Solution: Upgrade to squid 2.5.STABLE6 or later. 


CVE-2004-0189 

Oracle Application Server Web Cache Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote host is vulnerable to a heap overflow\n\nThe remote host is 

running a version of Oracle Application Server Web Cache version 9.0.4.0 or older. There 

is a heap overflow condition in this version of the software, that may allow an attacker to 

execute arbitrary code on this host. In addition, there is an unspecified issue with client 

request handling. 

Solution: See http://otn.oracle.com/deploy/security/pdf/2004alert66.pdf for vendor patch information. 

CVE-2004-0385 

RealNetworks Helix Universal Server < 9.0.3 HTTP GET Request DoS 


Description: Synopsis :\n\nThe remote host is vulnerable to a Denial of Service (DoS) attack\n\nHelix 

Universal Server versions prior to 9.0.3 are vulnerable to a trivial remote Denial of Service 

(DoS) attack. By sending a malformed HTTP GET request, an unauthenticated attacker can 

crash the service. 

Solution: Upgrade to version 9.0.3 or higher. 

CVE-2004-0389 

Trojan/Backdoor Detection - Sasser Worm 


Description: Synopsis :\n\nThe remote host has a backdoor installed\n\nThe remote host is 

infected with the Sasser Worm. This worm utilizes a backdoor command server 

and FTP server on ports 5554 and 9996, respectively. 

realtime 

Solution: Use an anti-virus product to remove the worm and consider re-installing the operating 

system. 


rsync < 2.6.1 Traversal Arbitrary File Creation 



RISK: 

MEDIUM 




rsync server may be vulnerable to a path traversal issue.\n An attacker may use this flaw to 

create arbitrary files hosted outside of a module directory. 

Solution: Upgrade to rsync 2.6.1 or later. 

CVE-2004-0426 

SquirrelMail < 1.4.3 Multiple Vulnerabilities 

PVS ID: 1217 FAMILY: CGI RISK: HIGH NESSUS ID:Not Available 

Description: Synopsis :\n\nThe remote host is vulnerable to XSS and SQL injection flaws\n\nThe 

remote host is running SquirrelMail : %L . SquirrelMail is a web-based mail server. 

There are several flaws in all versions prior to 1.4.3 that allow for remote cross-site 

scripting (XSS) attacks and SQL injection attacks. 

Solution: Upgrade to SquirrelMail 1.4.3 or later. 

CVE-2004-0519 

Eudora Long URL Status Bar Obfuscation 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote email client may be tricked into visiting a malicious 

URI\n\nEudora versions 6.0.0 through 6.1.0 are vulnerable to a URI obfuscation weakness 

that may hide the true contents of a link. An attacker, exploiting this bug remotely, would 

send an HTML email with an obfuscated link which actually redirects to a malicous or 

misleading web page. 

Solution: Upgrade to the most recent version of Eudora. 

CVE-2004-2649 

CVS < 1.11.15 / 1.12.7 Client Traversal Arbitrary File Retrieval 


RISK: 

MEDIUM 



CVS server, according to its version number, might allow an attacker to checkout RCS 

archive files that are outside of the cvs root. 

Solution: Upgrade to CVS 1.11.15, 1.12.7 or later. 

CVE-2004-0405 


CVS < 1.11.16 / 1.12.8 pserver Line Entry Handling Remote Overflow 



Description: Synopsis :\n\nThe remote host is vulnerable to a heap overflow\n\nThe remote CVS server, 

according to its version number, might allow an attacker to execute arbitrary commands on 

the remote system because of a heap overflow in the cvs pserver code. 

Solution: Upgrade to CVS 1.11.16, 1.12.8, or later. 

CVE-2004-0396 

Apache < 1.3.31 / 2.0.49 Error Log Escape Sequence Injection 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a flaw in the way that it displays log 

files\n\nThe target host is running an Apache web server that allows for the injection of 

arbitrary escape sequences into its error logs. An attacker might use this vulnerability in an 

attempt to exploit similar vulnerabilities in terminal emulators. 

Solution: Upgrade to Apache version 1.3.31, 2.0.49 or newer. 

CVE-2003-0020 

Winamp Fasttracker 2 Plug-in in_mod.dll Heap Overflow 

PVS ID: 1222 FAMILY: Generic RISK: HIGH NESSUS ID:Not Available 

Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow\n\nThe remote client is 

running a version of the Nullsoft Winamp media player that may be vulnerable to a heap 

overflow. This vulnerability may be used to remotely crash the client or possible execute 

arbitrary code. 

Solution: Upgrade to the latest version of Winamp. 

CVE-2004-1896 

Winamp b4s File Handling Multiple Malformed Fields Overflow 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow\n\nWinamp versions 3.0 

build 488 and below suffer from a vulnerability in the processing of B4S files. 

Solution: Upgrade to the latest version of Nullsoft's Winamp. 

CVE-2003-1272 

H323 Application Detection 


PVS ID: 1224 FAMILY: Generic RISK: LOW NESSUS ID:12243 


Description: The H323 protocol is used for Voice Over IP (VOIP), Microsoft NetMeeting and countless 

other applications. PVS was able to observe that the server is using the H323 protocol. 

Solution: Ensure that this device is in compliance with security and corporate policies. 


Winamp Malformed File Name Handling DoS 


RISK: 

MEDIUM 



remote client is running a version of the Nullsoft Winamp media player that may be 

vulnerable to a denial of service attack if the client is presented with a file containing an 

excessive number of characters and has the '.mid' extension. 

Solution: Upgrade to the latest version of Winamp. 


Subversion (SVN) Software Detection 


Description: The remote server is running 'Subversion'. Subversion is an alternative to CVS that is used 

to synch file revisions between multiple developers. 

Solution: Ensure that you are running the most recent version of Subversion. 


Subversion (SVN) apr_time_t Data Conversion Remote Overflow 



running subversion, an open-source file management product. According to the version 

number, the remote system is vulnerable to at least one remote buffer overflow. 


CVE-2004-0397 

Checkpoint Firewall-1 Version Detection 




Description: The remote host is a Checkpoint Firewall version AI R55. 

Solution: Ensure that the firewall is configured in a manner consistent with corporate and security 

policies. 


Trojan/Backdoor - JS.Scob.Trojan/Download.Ject Detection 


Description: Synopsis :\n\nThe remote host has a backdoor installed\n\nThe remote web server is 

infected with JS.Scob.Trojan or Download.Ject Trojan. This Trojan installs malicious code 

on all web pages and infects clients as they browse the server. Specifically, the Trojan's 

dropper sets it as the document footer for all pages served. 

Solution: Stop the IIS server and use an Antivirus product to remove the Trojan. Consider 

re-installing the operating system. 


Policy - GATOR Software Detection 

PVS ID: 1230 FAMILY: Backdoors 

RISK: 

MEDIUM 



questionable\n\nThe remote host is using the GATOR program. You should ensure that the 

user intended to install GATOR (it is sometimes silently installed) and that the use of 

GATOR matches your corporate mandates and security policies. 

Solution: Uninstall the program manually. 


Policy - ALEXA Software Detection 



questionable\n\nThe remote host is using the ALEXA program. This software is bundled by 

default with Internet Explorer 6. This software transmits the complete URL of the search 

results to both 'msn.com' and 'alexa.com', thus potentially violating the privacy of the 

remote user. You should ensure that the user intended to install ALEXA and that the use of 

ALEXA matches your corporate mandates and security policies. 

Solution: Remove the software manually. 




Policy - BARGAINBUDDY Software Detection 


RISK: 

MEDIUM 



questionable\n\nThe remote host is using the BARGAINBUDDY program. You should 

ensure that the user intended to install BARGAINBUDDY (it is sometimes silently 

installed) and that the use of BARGAINBUDDY matches your corporate mandates and 

security policies. 

Solution: Manually uninstall the software. 


Policy - HOTBAR Software Detection 



questionable\n\nThe remote host is using the HOTBAR program. You should ensure that 

the user intended to install HOTBAR (it is sometimes silently installed) and that the use of 

HOTBAR matches your corporate mandates and security policies. 



Policy - EZULA Software Detection 



questionable\n\nThe remote host is using the EZULA program. You should ensure that the 

user intended to install EZULA (it is sometimes silently installed) and that the use of 

EZULA matches your corporate mandates and security policies. 



Policy - HOTBAR Software Detection 



questionable\n\nThe remote host is using the HOTBAR program. You should ensure that 

the user intended to install HOTBAR as it is sometimes silently installed. 





Policy - Cydoor Topicks Sofware Detection 



questionable\n\nThe remote host is using the Cydoor Topicks program. You should ensure 

that the user intended to install Cydoor (it is sometimes silently installed) and that the use 

of Cydoor matches your corporate mandates and security policies. 



Apache Input Header Folding Remote DoS 


RISK: 

MEDIUM 



remote host appears to be running a version of Apache 2.x that is older than 2.0.50. There is 

denial of service in Apache httpd 2.0.x by sending a specially crafted HTTP request. It is 

possible to consume arbitrary amounts of memory. On 64 bit systems with more than 4GB 

virtual memory this may lead to heap based buffer overflow. 

Solution: Upgrade to most recent version of Apache. 

CVE-2004-0493 

Trojan/Backdoor - Apache mod_rootme Detection 

PVS ID: 1238 FAMILY: Web Servers RISK: HIGH NESSUS ID:Not Available 

Description: Synopsis :\n\nThe remote host has been compromised and is running a 'Backdoor' 

program\n\nThe remote system appears to be running the mod_rootme module, this module 

silently allows a user to gain root shell access to the machine via crafted HTTP requests. 

Solution: - Remove the mod_rootme module from httpd.conf/modules.conf. Consider reinstalling the 

computer, as it is likely to have been compromised by an intruder 


Mozilla < 1.7 Multiple Remote Overflows 



Description: Synopsis :\n\nThe remote browser is vulnerable to multiple flaws\n\nThe remote 

host is using the Mozilla web browser prior to version 1.7. There are several flaws 

within this version of Mozilla that include a remote overflow via a spoofed address 

bar, an overflow in the SSL certificate store, and other serious issues. 


Solution: Upgrade to Mozilla 1.7 or later. 

CVE-2004-0757 

Trojan/Backdoor - MyDoom.M Detection 


Description: Synopsis :\n\nThe remote host has a backdoor installed\n\nThe remote host is infected with 

MyDoom.M. One of the features of MyDoom.M is to install a backdoor on port 1034. An 

attacker, connecting to this backdoor would be given full access to the system. 

Solution: Use an Antivirus program to remove this worm. Consider re-installing the operating 

system. 


Trojan/Backdoor - BackDoor.Zincite.A Detection 


Description: Synopsis :\n\nThe remote host has a backdoor installed\n\nThe backdoor 

'BackDoor.Zincite.A' is installed on the remote host. It has probably been installed by the 

'MyDoom.M' virus. This backdoor may allow an attacker to gain unauthorized access on 

the remote host. 

Solution: Use an appropriate Anti-virus product to remove this backdoor. Consider re-installing the 

operating system. 


Microsoft Outlook Web Access (OWA) Version Detection 


Description: The remote server is running Outlook Web Access (OWA) on Exchange %L 

Solution: Ensure that this instance of Outlook Web Access is within corporate standards and is fully 

patched. 


Opera Web Browser < 7.5.4 Multiple Vulnerabilities 

PVS ID: 1243 FAMILY: Web Clients 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote browser is vulnerable to multiple flaws\n\nThe remote Opera 

Web Browser is vulnerable to at least 20 bugs. An attacker, exploiting these flaws, would 

be able to execute code on the remote system. The attacker would need to be able to coerce 


the local Opera user to browse to a malicous website. 

Solution: Install Opera 7.5.4 or newer 

CVE-2004-2260 

AOL Instant Messenger Arbitrary File Forced Download 

PVS ID: 1244 FAMILY: Internet Messengers RISK: HIGH NESSUS ID:Not Available 

Description: Synopsis :\n\nAn attacker can silently download files to the remote AOL Client\n\nThe 

remote host is running AOL Instant Messenger (AIM). A vulnerability has been discovered 

in AIM that could allow an attacker to force a user to download an attacker supplied file. If 

a vulnerable user has an option enabled that allows users to download files without a 

prompt, it may be possible to force the user to download a file. The file will be transferred 

without prompting the target user for authorization. 

Solution: Disable the option which ignores file transfer prompts. 


AOL Instant Messenger URL href Attribute Traversal Arbitrary Local File Execution 

PVS ID: 1245 FAMILY: Internet Messengers 

RISK: 

MEDIUM 


Description: Synopsis :\n\nAn attacker can execute local files on the remote AOL Client\n\nThe remote 

host is running AOL Instant Messenger (AIM). AIM is prone to an issue that may allow 

attackers to execute arbitrary files on the client system. It is possible to send a malicious 

link that references local files to a user of the client. When the link is visited, the referenced 

file on the client's local filesystem will be executed. To exploit this issue, the attacker must 

know the exact location of the file to be executed. Additionally, there can be no spaces in 

the path or filename. This limits exploitability, since files must be on the same partition and 

command line arguments cannot be supplied. Versions other than AOL Instant Messenger 

4.8.2790 do not seem to be affected by this vulnerability. 

Solution: This issue reportedly only present in AOL Instant Messenger 4.8.2790. Users may 

address this issue by upgrading or downgrading to another version. 

CVE-2002-1813 

AOL Instant Messenger goim Handler Screen Name Parameter Handling Overflow 



RISK: 

MEDIUM 



remote host is running AOL Instant Messenger (AIM). A problem has been reported in the 

handling of special characters. When a URL is sent to a user containing special characters 

that must be converted to addressable format, an overflow may occur. This has reportedly 

been able to create a Denial of Service. 


Solution: Upgrade to the latest version of AOL Instant Messenger. 

CVE-2002-1953 

AOL Instant Messenger URL refresh Tag XSS 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote AOL Client may be coerced into running arbitrary HTML 

code\n\nThe remote host is running AOL Instant Messenger (AIM). AIM is prone to an 

issue that may allow maliciously crafted HTML to perform unauthorized actions (such as 

adding entries to the buddy list) on behalf of the user of a vulnerable client. This condition 

is due to how the client handles aim: URIs. These actions will be taken without prompting 

or notifying the user. This issue was reported for versions of AIM running on Microsoft 

Windows and MacOS. The Linux version of this client is not affected. 


CVE-2002-2169 

AOL Instant Messenger AddBuddy Link Long ScreenName Parameter Overflow DoS 


RISK: 

MEDIUM 



running AOL Instant Messenger (AIM). A possible buffer overflow vulnerability exists in 

AIM. The condition is related to processing of malformed aim:AddBuddy hyperlinks. If a 

victim clinks on an AddBuddy hyperlink consisting of many comma delimited screen 

names, a crash occurs. 

Solution: Upgrade to the latest version of AOL Instant Messenger 

CVE-2002-0785 

AOL Instant Messenger AddExternalApp Remote Buffer Overflow 



running AOL Instant Messenger (AIM). AIM is vulnerable to a buffer overflow when an 

AddExternalApp request is received with a TLV greater than 0x2711. This vulnerability 

could allow a remote user to execute arbitrary code with the privaleges of the user running 

the AIM client. 


CVE-2002-0005 



AOL Instant Messenger Active File Transfer Hijacking 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote client passes network data in an insecure manner\n\nThe remote 

host is running AOL Instant Messenger (AIM). In certain versions of AIM it is possible for 

a remote attacker to intercept data sent by the AIM client. 


CVE-2002-0592 

AOL Instant Messenger IMG Tag Arbitrary Command Execution 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote client might allow an attacker to execute arbitrary 

commands\n\nThe remote host is running AOL Instant Messenger (AIM). In 

versions of AIM prior to and including 4.7 a remote attacker can create arbitrary 

files on the client's machine by sending a specially crafted message during a 

direct connection between the client and the attacker. In addition to being able to 

overwrite important files or create arbitrary files on the users system, this 

vulnerability may allow the attacker to execute arbitrary commands. 


CVE-2002-0591 

AOL Instant Messenger Multiple DoS 


Description: Synopsis :\n\nThe remote host is vulnerable to several denial of service attacks\n\nThe 

remote host is running AOL Instant Messenger (AIM). Versions prior to and including 4.7 

of AIM contain multiple buffer overflows that may be exploited when AIM tries to process 

exceptionally long comment strings in chat invite messages, long filenames (game names, 

buddy list names...), large amounts of font types in a message, or large Buddy Icons. 

Exploitation of these vulnerabilities can lock up or crash a victim's AIM client leading to a 

denial of service attack. 


CVE-2001-1421 

AOL Instant Messenger < 





running AOL Instant Messenger (AIM). Version prior to and including 4.3.2229 contain 

buffer overflows in the code that processes AIM URLs. URLs containing "aim://" along 

with exceptionally long goim and screenname parameter strings may crash a remote AIM 

client provided the victim clicks on the link. A victim does NOT have to be running AIM 

for a remote attacker to exploit this vulnerability. 


CVE-2000-1093 

AOL Instant Messenger Filename Handling Format String 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to format string flaw\n\nThe remote host is 

running AOL Instant Messenger (AIM). Version 4.1.2010 of AIM is vulnerable to a format 

string attack that may exploited by an attacker to crash a victim's IM client, leading to a 

denial of service. The vulnerability lies in AIM's improper handling of file transfers of 

filenames containing "%s". 


CVE-2000-1000 

AOL Instant Messenger File Transfer Path Disclosure 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote client may reveal file path information\n\nThe remote host is 

running AOL Instant Messenger (AIM). Version 4.0 of AIM reveals the full pathname of 

transferred files. This information could be used to leverage further attacks against the 

client's machine. 


CVE-2000-0383 

AOL Instant Messenger Malformed ASCII Value Message DoS 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a denial of service (DoS) attack\n\nThe 

remote host is running AOL Instant Messenger (AIM). Versions prior to and including 3.5 

of AIM do not properly handle coded ASCII symbols (&#XXX format) where XXX is a 

number greater than 255. AIM may crash if such a symbol is encountered resulting in a 

denial of service attack. 




AOL Instant Messenger Login Sequence Remote Overflow 



running AOL Instant Messenger (AIM). Certain versions of AIM contain a buffer overflow 

in the packet processing routines for the login process. Exploitation of this vulnerability 

may allow for execution of arbitrary code on the victim's machine. 



AOL Instant Messenger ASCII-Symbol Interpretation Denial of Service 



running AOL Instant Messenger (AIM). Certain versions of AIM contain a buffer overflow 

in the packet processing routines for the login process. Exploitation of this vulnerability 

may allow for execution of arbitrary code on the victims machine. 



AOL Instant Messenger Password Encryption Weakness 

PVS ID: 1259 FAMILY: Internet Messengers RISK: LOW NESSUS ID:Not Available 

Description: Synopsis :\n\nThe remote host passes information across the network in an insecure 

manner\n\nThe remote host is running AOL Instant Messenger (AIM). Version 1.2 of AIM 

uses a very weak encryption scheme to protect user passwords. A remote attacker may 

determine a user's password given only the encrypted form of the password (by sniffing the 

login process for example). 



Yahoo! Messenger Shared File Access User Status Enumeration 



RISK: 

MEDIUM 



Description: Synopsis :\n\nThe remote host may give an attacker information useful for future 

attacks\n\nThe remote host is running a version of Yahoo Instant Messenger that reveals 

whether a user is on-line or not regardless of whether the user is marked as being 

"invisible". This information can be determined by trying to access the user's shared files: a 

different error message is reported if the user is on-line than if the user is off-line. 

Solution: Upgrade to the latest version of Yahoo! Messenger. 


Yahoo! Messenger ymsgr Protocol Multiple Function Overflow 



running a version of Yahoo Instant Messenger that is vulnerable to multiple buffer 

overflows in the code that processes URLs of the type "ymsgr:". By supplying a specially 

crafted URL a remote attacker can exploit this vulnerability to execute arbitrary code on the 

client's machine. 

Solution: Upgrade to the latest version of Yahoo Instant Messenger. 

CVE-2002-0031 

Yahoo! Messenger ymsgr URI Arbitrary Script Execution 


Description: Synopsis :\n\nThe remote host is vulnerable to a script injection flaw\n\nThe remote host is 

running a version of Yahoo Instant Messenger that is vulnerable to a script injection attack. 

It is possible to create a URL that contains the ymsgr:addview? function and which points 

to a webpage containing malicious code. This code will be automatically loaded and 

rendered by the Yahoo Client allowing for the execution of attacker supplied code that will 

run with the privileges of the IM client user. 


CVE-2002-0032 


Yahoo! Messenger ymsgr URI Arbitrary Script Execution 



manner\n\nThe remote host is running a version of Yahoo Instant Messenger that does not 

encrypt user passwords when authenticating a user during login. Anyone monitoring the 

local segment can thus extract the passwords of the user running the client. 



CVE-2002-0322 

Yahoo! Messenger IMvironment Field Remote Overflow 



remote host is running Yahoo Instant Messenger. Version 5.0 of Instant Messenger is 

vulnerable to a Denial of Service attack, caused by a buffer overflow in the IMvironment 

Field. A remote attacker can send a message with a large IMvironment field and crash a 

local users IM client. 

Solution: Upgrade to the latest version of Yahoo Instant Messenger 

CVE-2002-0320 

Yahoo! Messenger Spoofed Username 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is running software which allows spoofed 

communications\n\nThe remote host is running Yahoo Instant Messenger. Reportedly, in 

version 5.0 of Instant Messenger a user can spoof his or her username. A remote attacker 

can use this future to flood a victim with messages without being identified. 


CVE-2002-0321 

Yahoo! Messenger Message Field Remote Overflow 



running Yahoo Instant Messenger. Version 5.0 of instant messenger contains a buffer 

overflow that may be exploited by a remote attacker by sending a message with an overly 

large message field. An attacker would have to craft a message of this type as Yahoo clients 

do not limit the size of messages sent. Exploitation of this vulnerability may allow for the 

execution of arbitrary code on the victim's computer. 


CVE-2002-0320 

MSN Messenger Malformed Invite Request Remote DoS 



RISK: 

MEDIUM 




remote host is running Microsoft MSN Messenger. Certain versions of MSN messenger are 

vulnerable to a Denial of Service attack. Specifically, a message received with a malformed 

invite request containing HTML-encoded space characters (%20) in the Invitation-Cookie 

field may cause an MSN client to crash. A remote attacker may use this vulnerability to 

create a Denial of Service attack. 

Solution: Upgrade to the latest version of MSN Messenger. 

CVE-2002-1831 

MSN Messenger Malformed Font Field Remote DoS 


RISK: 

MEDIUM 



remote host is running Microsoft MSN Messenger. Certain versions of MSN messenger are 

vulnerable to a Denial of Service attack. Specifically, a message received with a large 

amount of data (HTML encoded spaces %20 in particular) in the font field of the message 

header can cause the MSN client to crash. This vulnerability can be exploited by a remote 

attacker to continuously crash a victim's IM client, causing a Denial of Service. 

Solution: Upgrade to the latest version of MSN Messenger 

CVE-2002-1698 

MSN Messenger Detection 


Description: The remote host is running Microsoft MSN Messenger version %L. 

Solution: Ensure this software meets corporate guidelines for employee use. 


AOL Instant Messenger Detection 


Description: The remote host is running AOL Instant Messenger version %L. 




Yahoo! Messenger Download Feature Long Filename Overflow 




running a version of Yahoo Instant Messenger that is vulnerable to a buffer overflow in the 

code that processes user-initiated file transfer requests. A successful attacker would be able 

to execute malicious code under the same privileges that Yahoo! Messenger is running 

under. 


CVE-2004-0043 

Yahoo! Messenger Peer To Peer File Sharing Detection 


RISK: 

MEDIUM 


Description: The remote host is running the Yahoo! Messenger Peer To Peer application. 

Solution: Ensure that this activity matches corporate standards and security guidelines. 


Yahoo! Messenger Detection 


Description: The remote host is running a Yahoo Instant Messenger client. 



AOL Instant Messenger aim:goaway URI Handler goaway Function Away Message Handling Remote 

Overflow 



running AOL Instant Messenger (AIM). In versions 5.5.3595 and 5.5, a remote attacker can 

execute arbitrary code to gain unauthorized access on the client's machine by sending a 

specially crafted overly long 'Away' message through a link or a malicious website. 

Solution: Upgrade to AOL Instant Messenger 5.9 or later. 

CVE-2004-0636 



PVS ID: 1275 FAMILY: Internet Messengers RISK: INFO NESSUS ID:Not Available 


Description: The remote host is running Yahoo! Messenger version %L. 



Finger Service Detection 

PVS ID: 1276 FAMILY: Finger 

RISK: 

MEDIUM 


Description: The remote host seems to be running a finger daemon. This service provides valuable 

information to remote attackers, and should be disabled. 

Solution: Edit /etc/inetd.conf and comment out the finger line, or refer to your operating system 

manual for more information. 

CVE-1999-0612 

Finger Service Detection 


RISK: 

MEDIUM 


Description: The remote host seems to be running a finger daemon. This service provides valuable 

information to attackers, and should be disabled. 

Solution: Edit /etc/inetd.conf and comment out the finger line, or refer to your operating system 

manual for more information. 

CVE-1999-0612 

cfingerd Service Detection 

PVS ID: 1278 FAMILY: Finger RISK: NONE NESSUS ID:10651 

Description: The remote host is running CFINGERd. We could determine that the version run is : %L 

Solution: Consider disabling this service if not required for system functionality. 


cfingerd < 1.4.4 Multiple Vulnerabilities 


PVS ID: 1279 FAMILY: Finger RISK: HIGH NESSUS ID:10652 

Description: Synopsis :\n\nThe remote host is vulnerable to multiple issues\n\nThe remote cfinger server 

is vulnerable to a format string attack that may allow an attacker execute arbitrary 

command on this host. In addition, cfingerd has been found to be vulnerable to privilege 

escalation and overflow attacks. 


Solution: Upgrade to cfingerd 1.4.4 or later. 

CVE-2001-0609 

Solaris in.fingerd Crafted Request Information Disclosure 


RISK: 

MEDIUM 



attacks\n\nThe remote finger server discloses the full list of its users when it receives the 

query "a b c d e f g h". An attacker may use this flaw to try to log in with the name of each 

account being displayed, hoping to find a null or trivial password. 

Solution: Disable the finger service. 

CVE-2001-1503 

FreeBSD 4.1.1 Finger Arbitrary File Access 



attacks\n\nThe remote finger server allows anyone to read arbitrary files on this host, by 

requesting the file name on port 79. An attacker may use this flaw to retrieve your 

password file or any file readable by the fingerd process. 


CVE-2000-0915 

in.fingerd Remote Command Execution 


Description: Synopsis :\n\nThe remote server allows anyone to execute arbitrary commands\n\nThe 

remote finger server allows anyone to execute arbitrary commands on this host by 

prepending a pipe in front of the name of the command to be executed. An attacker may 

use this flaw to gain a root shell on this host. 


CVE-1999-0152 

Qualcomm Eudora < 5.2 Long Attachment Filename Handling DoS 



RISK: 

MEDIUM 




remote host is running a version of the Eudora mail client that may be vulnerable to a DoS 

attack. Specifically, a remote user can create a DoS attack by sending a file with an 

exceptionally long name. This does not cause an exploitable buffer overflow but crashes 

the program. 

Solution: Upgrade to Version 5.2 or higher. 


Qualcomm Eudora File Attachment Spoofing Vulnerability 


RISK: 

MEDIUM 


Description: Synopsis :\n\nBy spoofing file extensions, an attacker may be able to coerce malicious code 

execution\n\nThe remote client is running a version of the Eudora mail client that may be 

vulnerable to an issue where a remote attacker may spoof the file extension in an 

attachment. This may aid the attacker in enticing a user of the email client into executing 

malicious content, and in avoiding generating warning messages. 

Solution: Upgrade to the latest version of Eudora 

CVE-2002-2351 

Qualcomm Eudora MIME Multipart Boundary Buffer Overflow Vulnerability 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow\n\nThe remote client is 

running a version of the Eudora mail client that may be vulnerable to a buffer overflow. 

This condition may occur if a MIME multipart boundary is of excessive length. Remote 

attackers may exploit this vulnerability to execute arbitrary code. 

Solution: Upgrade to the latest version of Eudora 

CVE-2002-0833 

Qualcomm Eudora WebBrowser Control Embedded Media Player File Vulnerability 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to an arbitrary 'command insertion' 

flaw\n\nThe remote host is running a version of the Eudora mail client that may have 

vulernabilities regarding how it handles attachments. Specifically if the client is using the 

WebBrowser control to view messages, then an attacker may be able to craft a message 

containing malicious code that will be run on the victims computer. 

Solution: 



Do not use the WebBrowser control to view messages: go to Tools -> Options -> Viewing 

Mail and uncheck "Use Microsoft's viewer". 

CVE-2002-1770 

Qualcomm Eudora Hidden Attachment Execution Vulnerability 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host may allow attackers to run arbitrary code\n\nThe remote 

host is running a version of the Eudora mail client that may contain a vulnerability allowing 

an attacker to execute arbitrary code on the remote host even if 'allow executables in 

HTML content' is disabled, if the 'Use Microsoft Viewer' is enabled. 

Solution: Disable the 'Use Microsoft Viewer' option. 

CVE-2001-0365 

Qualcomm Eudora Client and Path Disclosure Vulnerability 


RISK: 

MEDIUM 



attacks\n\nThe remote host is running a version of the Eudora mail client that may disclose 

path information in email messages under certain condtions. If a message containing an 

attachement is replied to (by an individual running this version of Eudora), the reply 

message is sent with an appended string containing the full path of the attached file 

revealing the directory structure of the client. 

Solution: Disable the 'Use Microsoft Viewer' option. 

CVE-2000-0874 

Qualcomm Eudora 4.2/4.3 Warning Message Circumvention Vulnerability 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host may be tricked into running an executable file\n\nThe 

remote host is running a version of the Eudora mail client that doesn't properly warn when 

a user attempts to view an executable attachment. Specifically it doesn't give out warning 

messages if a user attempts to open a file that doesn't have one of the following extensions: 

.exe, .com, .bat. So, for example, an attacker can bypass the warnings by using a .lnk file to 

launch an executable. 

Solution: Edit the Eudora.ini file and add lnk to the WarnLaunchExtensions list or upgrade to the 

latest version 


CVE-2000-0874 

Microsoft Outlook and Outlook Express Arbitrary Program Execution Vulnerability 



remote host may be running a version of the Outlook mail client that will execute arbitrary 

programs through objects embedded in HTML email messages. 

Solution: Set Outlook and Outlook Express to use the Internet Explorer Restricted Sites Zone. 

This can be set on the Security Tab in Tools -> Options 

CVE-2003-1378 

Microsoft Outlook Express S/MIME Buffer Overflow Vulnerability 



running a version of Outlook Express that contains an unchecked buffer in the code that 

generates warning messages when certain error conditions associated with digital 

signatures are encountered. Execution of arbitrary code in the security context of the 

current user is possible. 

Solution: Microsoft has supplied a patch for 5.5 and 6.0 that may be downloaded from their webpage. 

CVE-2002-1179 

Microsoft Outlook Express POP Denial of Service Vulnerability 


RISK: 

MEDIUM 



remote host is running a version of Outlook Express that is vulnerable to a DoS attack 

whereby a malicious message sent to the users mailbox will halt POP mail download. This 

vulnerability results from Outlook incorrectly processing escaped '.' as EOM markers when 

the dots are contained in separate IP datagrams. 


CVE-1999-1033 

Microsoft Outlook Express for MacOS HTML Attachment Automatic Download Vulnerability 



RISK: 

MEDIUM 



Description: Synopsis :\n\nThe remote host may be tricked into downloading a malicious file\n\nThe 

remote host is running Outlook Express 5.0 for MacOS. This version of Express will 

automatically download attachments to HTML messages, without prompting the user. This 

weakness does not allow for a means of forcing the user to execute any code, or place files 

in a specific folder, but could be used in conjunction with other attacks. 



Microsoft Outlook 98 / Outlook Express 4.x Long Filename Vulnerability 



running a version of Outlook they may be vulernable to a buffer overflow. Specifically if 

an attacker sends an attachment with a very long filename, they may be able to execute 

arbitrary code and/or crash the victim machine. 

Solution: Apply patches available from Microsoft website. 

CVE-2000-0415 

Mutt < 1.4.1 / 1.5 IMAP Remote Folder Buffer Overflow Vulnerabilities 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow\n\nThe remote 

host is running a version of the Mutt email client that may be vulnerable to a 

buffer overrun. A specially crafted folder on an IMAP server may be able to 

trigger these overflow conditions and cause the mutt client to crash. 

Solution: Upgrade to either 1.4.1 or 1.5. Patches/upgrades are available at www.mutt.org 

CVE-2003-0167 

Mutt < 1.4.1 / 1.5 UTF-7 IMAP Remote Folder Buffer Overflow Vulnerability 


RISK: 

MEDIUM 



running a version of the Mutt email client that may be vulnerable to a buffer overrun. 

Specifically, it has been reported that Mutt does not handle remote internationalized folders 

properly. Because of this, it is possible for a malicious server to launch an attack that could 

result in the execution of code as the mutt user. 


CVE-2003-0140 



Mutt < 1.4.1 / 1.5 Address Handling Buffer Overflow Vulnerability 


RISK: 

MEDIUM 



running a version of the Mutt email client that contains a buffer overflow in the email 

address handling routines. Exploitation of this overflow by an attacker may allow arbitrary 

code execution in the context of the Mutt user. 


CVE-2002-0001 

Mutt < 1.4.1 / 1.5 IMAP Server Format String Vulnerability 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a 'format string' vulnerability\n\nThe remote 

host is running a version of the Mutt email client that contains a format string vulnerability. 

Due to improper handling of input from IMAP servers, it may be possible for a malicious 

IMAP server to send a specially crafted message to the mutt client that will cause execution 

of arbitrary code in the context of the mutt user. 



Mutt < 1.4.1 / 1.5 Text Enriched Handler Buffer Overflow Vulnerability 



running a version of the Mutt email client that contains a buffer overflow in the handling 

routines for the text enriched MIME type. This vulnerability may allow malicious email 

messages to execute code in the context of the mutt user. 



Elm Alternative Folder Buffer Overflow Vulnerability 



RISK: 

MEDIUM 



running Elm 2.4 PL3 which contains a buffer overflow accessible by passing a long string 

to the -f (Alternative-Folder) command-line option. 


Solution: Upgrade to the latest version of Elm (available at www.instinct.org/elm) 

Pegasus Mail < 



Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nThe remote host is 

running Pegasus 3.11 mail client which contains a vulnerability, where if more than 

approximately 90KB of binary data is placed in the body of a message, an overflow will 

occur, causing the program to crash and/or allowing for the execution of arbitrary code. 

Solution: Upgrade to the latest version of Pegasus. 

Pegasus Mail < 

CVE-2000-0931 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host may be tricked into uploading confidential files to a 

malicious webserver.\n\nThe remote host is running the Pegasus 3.12c mail client. This 

version contains a vulnerability whereby a malicious website operator may be able to 

obtain copies of known files on a remote system if a website visitor is running the 3.12c 

version of the Pegasus client. 

Solution: Upgrade to the latest version of Pegasus. 

CVE-2000-0930 

Pegasus Mail < 4.02 To/From Header Overflow DoS 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a Denial of Service (DoS) attack.\n\nThe 

remote host is running the Pegasus 4.01 mail client. Pegasus Mail 4.01 (and possibly earlier 

versions) are vulnerable to a Denial of Service attack caused by a buffer overflow. By 

sending an email message containing 259 characters or more in either the "From" or "To" 

message header, a remote attacker can overflow a buffer and crash the system. 

Solution: Upgrade to Pegasus Mail 4.02 or higher. 

CVE-2002-1075 

Lotus Notes R5 S/MIME Message Modification Warning Failure 



RISK: 

MEDIUM 



Description: Synopsis :\n\nThe remote client does not properly flag tampered messages.\n\nThe remote 

host is running the Lotus Notes 5.x email client. Lotus Notes R5 client versions 5.0.5 and 

earlier could allow a remote attacker to send unsigned email messages as signed email 

messages, due to a vulnerability in the implementation of the S/MIME standard. Lotus 

Notes R5 client uses the S/MIME standard to securely send and receive messages with 

digital certificates. However, Lotus Notes fails to notify the recipient if the email being 

received has been tampered with. A remote attacker can corrupt signed messages in transit 

without the recipient being warned of the invalid signature. The message appears to the 

recipient as an unsigned message. 

Solution: No known remedy as of August 2002 however at the time of writing Lotus Notes 6.0 is 

available. 

CVE-2000-1138 

Lotus Notes Password Hieroglyphics Information Disclosure 


RISK: 

MEDIUM 



attacks.\n\nThe remote host is running a Lotus Notes 4.6 or 5.x email client. The login 

dialogue box used by these version of Notes includes a number of security features, 

including a set of four hieroglyphic characters. The goal of these characters is to increase 

the difficulty in spoofing the login dialog. An attacker with knowledge of the expected 

hieroglyphic sequence for a given login may use this dialogue to perform a brute force 

attack. This will eliminate a number of incorrect passwords, reducing the search space by 

approximately a factor of two. A conventional brute force attack against the remaining 

possibilities will then be required. 

Solution: Contact vendor for an upgrade/patch. 


Ximian Evolution < 1.1.1 camel Component Man-in-the-Middle SSL Session Weakness 


RISK: 

MEDIUM 



manner.\n\nThe remote host is running a version of the Ximian Evolution email client that 

may be vulnerable to a man-in-the-middle attack if the client is being used with SSL 

(IMAPS, SMTPS, POP3S). Evolution's camel component fails to re-authenticate previously 

accepted SSL certificates when reestablishing a connection. Exploitation of this 

vulnerability potentially allows for an attacker to intercept and/or modify SSL traffic. 

Solution: Upgrade to Evolution 1.1.1 or higher. 

CVE-2002-1471 



Ximian Evolution < 1.2.3 UUEncoding Overflow DoS / Data Injection 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a Denial of Service (DoS) attack and data 

injection.\n\nThe remote host is running a version of the Ximian Evolution email client that 

may be vulnerable to a Denial of Service attack or data injection. The Evolution mail client 

supports uuencoded content and decodes it automatically when a message is initially 

parsed. An attacker may be able to send a malformed message that will crash the mail 

client. Because Evolution automatically decodes uuencoded messages, the presence of the 

malformed message may cause a Denial of Service attack as the user will be unable to 

remove the message from her mailbox. 


CVE-2003-0130 

Ximian Evolution < 1.2.3 MIME image/* Content-Type Data Injection 


RISK: 

MEDIUM 



remote host is running a version of the Ximian Evolution email client that does not properly 

validate MIME image/* Content-Type fields. If an email message contains an image/* 

Content-Type, any type of data can be embedded where the image information is expected. 

This can be used to embed HTML tags that will be rendered by GTKHtml, bypass policies, 

or invoke bonobo components to handle external content types. 


CVE-2003-0130 

Mozilla Predictable Temporary File Symbolic Link Arbitrary File Overwrite 


Description: Synopsis :\n\nThe remote host is vulnerable to a local flaw in the way that it creates 

temporary files.\n\nThe remote host is running a version of the Mozilla browser that 

follows symbolic links on lock files created in the /tmp directory, allowing a local attacker 

to create arbitrary files in the security context of the Mozilla user. 

Solution: Upgrade to the latest version of Mozilla 



Netscape/Mozilla Null Character Cookie Disclosure 

PVS ID: 1310 FAMILY: SMTP Clients RISK: LOW NESSUS ID:Not Available 


Description: Synopsis :\n\nThe remote client browser is vulnerable to a flaw which allows for the theft 

of authentication cookies.\n\nThe remote host is running a version of the Mozilla browser 

that could allow a remote attacker to steal cookie-based authentication information. A 

remote attacker could create a specially crafted URL link containing a NULL byte 

character string (%00) that would cause the victims cookie information to be sent to a 

specified hostname once the link is clicked. 


CVE-2002-2013 

Netscape/Mozilla/Galeon Local File Enumeration 



attacks.\n\nThe remote host is running a version of the Mozilla browser that could allow a 

remote attacker to detect the existence of files on the local file system of the web client 

accessing the attackers page. The vulnerability is caused by improper handling of 

embedded Cascading Style-Sheet (CSS) elements in the broswer. 


CVE-2002-0594 

Netscape/Mozilla Malformed Email Newline POP3 Remote DoS 


RISK: 

MEDIUM 



remote host is running a version of the Mozilla browser that is vulnerable to a Denial of 

Service attack. Specifically, a malformed email message may prevent the client from 

accessing POP3 mailboxes. 

Solution: Upgrade to the latest version of Mozilla or Netscape 

CVE-2002-2338 

Netscape/Mozilla Navigator Plugin Path Disclosure 



RISK: 

MEDIUM 



attacks.\n\nThe remote host is running a version of the Mozilla browser that is prone to a 

path-disclosure issue. Javascript may be used to communicate with the plugin. It is possible 

to access the filename of the plugin using JavaScript, and on some systems this also will 

expose the full path to the plugin. If the plugin is located in the home directory of the user, 

this also has the potential to disclose their username. 


Solution: Upgrade to the latest version of Mozilla or Netscape 


Mozilla JavaScript URL Host Spoofing Arbitrary Cookie Disclosure 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote client allows malicious websites to steal 'cookie' data.\n\nThe 

remote host is running a version of the Mozilla browser that may allow script code to 

access cookie data associated with arbitrary domains. It has been reported possible to create 

a javascript URL which appears to start with a valid domain. Malicious script code may 

specify an arbitrary domain, and will be able to access cookie data associated with that 

domain. 

Solution: Upgrade to Mozilla 1.1 Beta or higher 

CVE-2002-2314 

Mozilla FTP View URL Title Tag XSS 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a cross-site scripting (XSS) attack.\n\nThe 

remote host is running a version of the Mozilla browser that contains a cross-site scripting 

vulnerability. When viewing the contents of a FTP site as web content from a ftp:// URL, 

the directory name is included in the HTML representation. It is not adequately sanetized 

before this occurs. An attacker may embed javascript as this value between opening and 

closing "" tags in a FTP URLL 

Solution: Upgrade to the latest version of Mozilla or disable Javascript. 

CVE-2002-2359 

Mozilla OnUnload Referer Information Leakage Race Condition Information Disclosure 



RISK: 

MEDIUM 



attacks.\n\nThe remote host is running a version of the Mozilla browser that has a problem 

in its implementation of the JavaScript "onUnload" event handler that has the potential to 

leak sensitive information to websites. When other pages are launched using the event 

handler, the vulnerable client encapsulates the address of the next page that is visited in the 

HTTP referer field. The correct behavior is to include the address of the previously visited 

page in the HTTP referer field. Using this handler, a webpage can cause the browser to link 

information about the next page that was visited. 


Solution: Upgrade to the latest version of Mozilla. 

CVE-2002-1126 

Mozilla onkeypress Function XPI Installation Weakness 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host may be tricked into running an executable file.\n\nThe 

remote host is running a version of the Mozilla browser that contains an improper 

implementation of the onekeypress function for the space bar. As such, it may be possible 

to use a single keypress for multiple conformation, potentially allowing for the 

confirmation of a malicious XPI to be installed into the client. 



Mozilla document.open() Memory Corruption Denial of Service 


RISK: 

MEDIUM 



remote host is running a version of the Mozilla browser that contains a vulnerability that 

will result in memory corruption. This issue occurs when document.open() is called as the 

action to be performed when a form is submitted. Under certain circumstances, processing 

this data will result in memory corruption, resulting in a denial of service. 



Mozilla Browser HTTP/HTTPS Redirection Weakness 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote client allows malicious websites to redirect to non-secure sites 

without warning.\n\nThe remote host is running a version of the Mozilla browser that may 

not sufficiently provide users with warning information when being redirected from secure 

sites to other secure sites via non-secure sites. This may give users a false sense of security 

when browsing the Internet. 



Mozilla POP3 Mail Handler Remote Overflow 





running a version of the Mozilla browser that may contain a buffer overflow vulnerability. 

An integer overflow vulnerability has been reported for the Netscape/Mozilla POP3 mail 

handler routines. Reportedly, insufficient checks are performed on some server supplied 

values. An attacker may exploit this vulnerability through an attacker-controlled POP3 

server. By issuing a very large integer value that is used by the Netscape/Mozilla POP3 

mail handler, it may be possible to cause an integer overflow condition and allocate a 

buffer that is too small. Successful exploitation of this vulnerability may allow an attacker 

to obtain control over the execution of the vulnerable Mozilla process. 



Mozilla Browser Large HTTP Header Handling Overflow 



running a version of the Mozilla browser that may contain a buffer overflow vulnerability. 

The condition occurs when HTTP responses of excessive length are received from remote 

servers. 

Solution: Upgrade to Mozilla 1.0.1, 1.1 or higher. 


Mozilla JAR File Decompression Heap Overflow 


Description: Synopsis :\n\nThe remote host is vulnerable to a heap overflow.\n\nThe remote host is 

running a version of the Mozilla browser that may contain a heap corruption vulnerability. 

A vulnerability has been discovered in the JAR URI handler used by Netscape and Mozilla. 

By constructing a malformed JAR file containing invalid file length information, it is 

possible to cause heap corruption in a vulnerable browser. When a client attempts to 

decompress a malicious JAR file, invalid values will be used to allocate buffer space for the 

inflated data. As there are no checks to prevent this, an overrun condition in the heap may 

occur if excessive data is decompressed. 


CVE-2002-1308 

Mozilla Browser 'onclick' Property Cross Domain Violation 



RISK: 

MEDIUM 



Description: Synopsis :\n\nThe remote web browser may be tricked into passing browsing information 

to a malicious website.\n\nThe remote host is running a version of the Mozilla browser that 

may allow access to information in other browser windows. Upon the execution of code 

through the 'onclick' property, a violation in browser security zone policy would occur that 

allows the original web site to view the contents of web pages in other browser windows. 



Qualcomm Eudora Attachment Filename Handling Overflow 



running a version of the Eudora mail client that may be vulnerable to a buffer overflow 

when an attachment containing many dots is received. Exploitation of this vulnerability will 

crash the Eudora client and may allow for the execution of arbitrary code. 

Solution: Upgrade to the latest version of the mail client. 


Microsoft Outlook Remote Buffer Overflow 



running a version of the Microsoft Outlook mail client that may be vulnerable to a buffer 

overflow. Specifically, it may be possible for a malicious IMAP server to send a specially 

crafted message to the Outlook client that will cause the exection of arbitrary code in the 

security context of the user. 

Solution: Upgrade to the latest version of the mail client. 


Pine < 4.58 Multiple Overflows 



flaw.\n\nPine versions 4.56 and below suffer from a vulnerability which allows an attacker 

to force the client to execute the attacker's code on the client's system. This issue is easily 

exploitable since the client will send it's version number by default allowing an attacker to 

easily identify potential targets. 

Solution: Upgrade to Version 4.58 or higher 

CVE-2003-0720 



Netscape/Mozilla/Galeon Long IRC Channel Name Overflow 



running a version of the Mozilla browser that is vulnerable to a buffer overflow. 

Specifically the browser will crash when handling an exceptionally long request (32kb+) 

for a channel. The vulnerability may be used to crash the browser and/or allow the 

execution of arbitrary code on the client host. 


CVE-2002-1126 

Mozilla Javascript Array Object Heap Overflow 



running a version of the Mozilla browser that contains a vulnerability in the JavaScript 

implementation. The condition is triggered when a large integer value (x40000000) is 

passed to the array constructor. The implementation of the array class fails to check for 

oversized integers, causing memory in the heap to be corrupted. 

Solution: Upgrade to Mozilla 1.0.1, 1.1 or disable Javascript. 


SMTP Client Return Email Address Detection 


Description: The return email address of the user operating this system is:\n %L 

realtime 

Solution: N/A 


Mozilla Mail Client Detection 


Description: The remote host is running a Mozilla-based mail client 

Solution: N/A 


Qualcomm Eudora Mail Client Detection 




Description: The remote host is running a version of the Eudora mail client. 

Solution: N/A 


Microsoft Outlook Express Mail Client Detection 


Description: The remote host is running a version of the Microsoft Outlook Express mail client. 

Solution: N/A 


Mutt Mail Client Detection 


Description: The remote host is running a version of the Mutt email client 

Solution: N/A 


Lotus Notes Mail Client Detection 


Description: The remote host is running a Lotus Notes email client. The reported version number is: %L 

Solution: N/A 


Pegasus Mail Client Detection 


Description: The remote host is running the Pegasus mail client. 

Solution: N/A 


Elm Mail Client Detection 




Description: The remote host is running an Elm mail client. 

Solution: N/A 


Samba Version Detection 

PVS ID: 1337 FAMILY: Samba RISK: LOW NESSUS ID:Not Available 

Description: The remote host is running Samba : %L 

Solution: N/A 


Samba < 2.0.10 Remote Arbitrary File Overwrite 

PVS ID: 1338 FAMILY: Samba RISK: HIGH NESSUS ID:10786 

Description: Synopsis :\n\nThe remote SAMBA server allows anonymous users to gain 'root' 

access.\n\nThe remote Samba server is be vulnerable to a remote file creation vulnerability. 

This vulnerability allows an attacker overwrite arbitrary files by supplying an arbitrartily 

formed NetBIOS machine name to this server, and to potentially become root on this host. 

Solution: Upgrade to Samba 2.0.10, 2.2.0a or higher 

CVE-2001-1162 

Samba < 2.2.8 Fragment Reassembly Overflow / Arbitrary File Overwrite 


Description: Synopsis : \n\nThe remote host is vulnerable to a buffer overflow and an arbitrary file 

overwrite.\n\nThe remote Samba server is vulnerable to a remote buffer overflow when 

receiving specially crafted SMB/CIFS packets. To exploit this flaw, an attacker would need 

to be able to access at least one share and send a specially formated packet which would 

execute arbitrary code on the remote host. The remote host is running Samba version: \n 

%L 

Solution: Upgrade to Samba 2.2.8 

CVE-2003-0086 

Samba < 2.2.5 Multiple Overflows 




Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nThe remote Samba 

server is vulnerable to an unspecified buffer overflow, whose implications are not clear at 

this time. 

Solution: Upgrade to samba 2.2.5 or higher. 

CVE-2002-2196 

Samba-TNG < 0.3.1 Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote host is vulnerable to multiple attack vectors.\n\nThe remote 

Samba-TNG server is vulnerable to multiple flaws that may let an attacker gain a root shell 

on this host. As the version number did not change with the update, this alert might be a 

false positive 

Solution: Upgrade to Samba-TNG 0.3.1 

CVE-2003-0085 

Samba < 2.2.8a trans2.c trans2open() Function Overflow 


Description: Synopsis : \n\nThe remote host is vulnerable to a buffer overflow.\n\nThe remote Samba 

server is vulnerable to a buffer overflow when it processes the function trans2open(). An 

attacker may exploit it to gain a root shell on this host. The remote host is running Samba 

version: \n %L 

Solution: Upgrade to Samba 2.2.8a or higher 

CVE-2003-0201 

Samba < 2.2.7 Unicode Encrypted Password Decryption Overflow 



server is vulnerable to a buffer overflow when a client requests a password change. An 

attacker may use it to cause a denial of service or execute arbitrary code on this host with 

root privileges 

Solution: Upgrade to Samba 2.2.7 

CVE-2002-1318 

SNMP Public Community String 


PVS ID: 1344 FAMILY: SNMP Traps RISK: HIGH NESSUS ID:Not Available 



credentials.\n\nThe remote host is running an SNMPv1 server that uses a well-known 

community string - public 

Solution: This signature was obtained through direct sniffing of the network, so if possible, migrating 

systems to SNMP v3 would be more secure. For non-local attacks though, your community 

string is easily guessed and should be changed to something more random. 

CVE-2002-0053 

SNMP Public Community String 




community string - public 





SNMP Private Community String 




community string - private 





SNMP Private Community String 





community string - private 






SNMP ilmi Community String 




community string - ilmi 





SNMP ilmi Community String 




community string - ilmi 





SNMP ILMI Community String 




community string - ILMI 





SNMP ILMI Community String 





community string - ILMI 






SNMP System Community String 




community string - system 





SNMP System Community String 




community string - system 





SNMP Write Community String 




community string - write 





SNMP Write Community String 






community string - write 





SNMP all Community String 




community string - all 





SNMP all Community String 




community string - all 





SNMP Monitor Community String 





community string - monitor 






SNMP Monitor Community String 




community string - monitor 





SNMP Agent Community String 




community string - agent 





SNMP Agent Community String 




community string - agent 





SNMP Manager Community String 






community string - manager 





SNMP Manager Community String 




community string - manager 





SNMP OrigEquipMfr Community String 




community string - OrigEquipMfr 





SNMP OrigEquipMfr Community String 





community string - OrigEquipMfr 






SNMP Admin Community String 




community string - admin 





SNMP Admin Community String 




community string - admin 





SNMP Default Community String 




community string - default 





SNMP Default Community String 





community string - default 






SNMP Password Community String 




community string - password 





SNMP Password Community String 




community string - password 





SNMP Tivoli Community String 




community string - tivoli 





SNMP Tivoli Community String 






community string - tivoli 





SNMP Openview Community String 




community string - openview 





SNMP Openview Community String 




community string - openview 





SNMP community Community String 





community string - community 






SNMP community Community String 




community string - community 





SNMP snmp Community String 




community string - snmp 





SNMP snmp Community String 




community string - snmp 





SNMP snmpd Community String 






community string - snmpd 





SNMP snmpd Community String 




community string - snmpd 





SNMP security Community String 




community string - security 





SNMP Security Community String 





community string - security 






SNMP rmon Community String 




community string - rmon 





SNMP rmon Community String 




community string - rmon. 





SNMP rmon_admin Community String 




community string - rmon_admin. 





SNMP rmon_admin Community String 





community string - rmon_admin. 






SNMP hp_admin Community String 




community string - hp_admin. 





SNMP hp_admin Community String 




community string - hp_admin. 





SNMP NoGaH$@! Community String 




community string - NoGaH$@!. 





SNMP NoGaH$@! Community String 






community string - NoGaH$@!. 





SNMP 0392a0 Community String 




community string - 0392a0. 





SNMP 0392a0 Community String 




community string - 0392a0. 





SNMP xyzzy Community String 





community string - xyzzy. 






SNMP xyzzy Community String 




community string - xyzzy. 





SNMP agent_steal Community String 




community string - agent_steal. 





SNMP agent_steal Community String 




community string - agent_steal. 





SNMP freekevin Community String 






community string - freekevin. 





SNMP freekevin Community String 




community string - freekevin. 





SNMP fubar Community String 




community string - fubar. 





SNMP fubar Community String 





community string - fubar. 






SNMP secret Community String 




community string - secret. 





SNMP secret Community String 




community string - secret. 





SNMP cisco Community String 




community string - cisco. 





SNMP cisco Community String 





community string - cisco 






SNMP apc Community String 



credentials\n\nThe remote host is running an SNMPv1 server that uses a well-known 

community string - apc 





SNMP apc Community String 




community string - apc 





SNMP ANYCOM Community String 




community string - ANYCOM 





SNMP ANYCOM Community String 






community string - ANYCOM 





SNMP cable-docsis Community String 




community string - cable-docsis 





SNMP cable-docsis Community String 




community string - cable-docsis 





SNMP c Community String 





community string - c 






SNMP c Community String 




community string - c 





SNMP cc Community String 




community string - cc 





SNMP cc Community String 




community string - cc 





SNMP cascade Community String 






community string - cascade 





SNMP cascade Community String 




community string - cascade 





SNMP comcomcom Community String 




community string - comcomcom 





SNMP comcomcom Community String 





community string - comcomcom 






SNMP internal Community String 




community string - internal 





SNMP internal Community String 




community string - internal 





SNMP blue Community String 




community string - blue 





SNMP blue Community String 





community string - blue 






SNMP yellow Community String 




community string - yellow 





SNMP yellow Community String 




community string - yellow 





SNMP Agent on Remote Host 

PVS ID: 1426 FAMILY: SNMP Traps RISK: INFO NESSUS ID:Not Available 


questionable.\n\nThe remote host is running an SNMPv1 agent. Having such an agent open 

to outside access may be used to compromise sensitive information. Certain SNMP agents 

may be vulnerable to root compromise attacks. 

Solution: Disable insecure protocols or apps 


SNMP Agent on Remote Host 


PVS ID: 1427 FAMILY: SNMP Traps RISK: LOW NESSUS ID:Not Available 


Description: The remote host is running an SNMPv2 agent. Having such an agent open to outside access 

may be used to compromise sensitive information. Certain SNMP agents may be vulnerable 

to root compromise attacks. 

Solution: N/A 


SNMP Trap Agent on Remote Host 

PVS ID: 1428 FAMILY: SNMP Traps 

RISK: 

MEDIUM 



application.\n\nThe remote host is running an SNMPv1 trap agent. It is possible to 

overflow the SNMP traps log with fake traps (if the community names are known), causing 

a Denial of service. 

Solution: Look at alternate protocols or applications which do not blindly accept user-supplied input 


SNMP Trap Agent on Remote Host 

PVS ID: 1429 FAMILY: SNMP Traps RISK: LOW NESSUS ID:Not Available 

Description: The remote host is running an SNMPv2 trap agent. It is possible to overflow the SNMP 

traps log with fake traps (if the community names are known), causing a denial of service. 

Solution: N/A 


Operating System Detection (SNMP) 

PVS ID: 1430 FAMILY: SNMP Traps RISK: INFO NESSUS ID:10800 

Description: The remote host is running an SNMPv1 agent. By evaluating SNMP requests, we can 

determine the OS on the remote host. Make sure that remote access is limited to this SNMP 

agent. 

Solution: Only allow valid network management devices to connect to the SNMP services on a 

device. 


Operating System Detection (SNMP) 




Description: The remote host is running an SNMPv2 agent. Using SNMP get request, we can determine 

the OS on the remote host. Make sure that remote access is limited to this SNMP agent. 

Solution: Only allow valid network management devices to connect to the SNMP services on a 

device. 


Network Interfaces List Detection (SNMP) 


RISK: 

MEDIUM 


Description: The remote host is running an SNMPv1 agent. Using an SNMP get request, we can 

determine the list of network interfaces on the remote host. An attacker may use this 

information to gain more knowledge about the target host. 

Solution: Disable SNMP service on this host if you do not use it, or filter incoming UDP packets 

going to this port. 


Network Interfaces List Detection (SNMP) 


Description: The remote host is running an SNMPv2 agent. Using an SNMP get request, we can 

determine the list of network interfaces on the remote host. An attacker may use this 

information to gain more knowledge about the target host. 

Solution: Disable SNMP service on this host if you do not use it, or filter incoming UDP packets 

going to this port. 


Wireless Access Point Detection (SNMP) 


Description: The remote host is a wireless access point. 

RISK: 

MEDIUM 


Solution: You should ensure that the proper physical and logical controls exist around the AP. 





RISK: 

MEDIUM 



Description: The remote host is a wireless access point. The observed device name, as observed within 

an SNMP trap, is: \n %L 






RISK: 

MEDIUM 







RISK: 

MEDIUM 







RISK: 

MEDIUM 







RISK: 

MEDIUM 









RISK: 

MEDIUM 







RISK: 

MEDIUM 



Web Server Detection 


PVS ID: 1442 FAMILY: Web Servers RISK: NONE NESSUS ID:10107 

Description: A web server is running on this port. The server string is :\n %L 

Solution: N/A 


Apache < 2.0.46 Multiple Vulnerabilities 


RISK: 

MEDIUM 



remote server is running a version of Apache 2.x which is older than 2.0.45.\nThis version 

is vulnerable to various flaw :\n- There is a denial of service attack which may allow the 

attacker to disable this server remotely.\n- The httpd process leaks file descriptors to child 

processes such as CGI scripts. An attacker who has the ability to execute arbitrary CGI 

scripts on this server (include PHP code) would be able to write arbitrary data in the files 

pointed to (in particular the log files). 

Solution: Upgrade to Apache 2.0.46 

CVE-2003-0132 


Zope < 2.1.7 DocumentTemplate Unauthorized Modification 




authentication.\n\nThe remote web server is running a version of Zope which is older than 

2.1.7. There is a security problem in all the releases older than 2.1.7 which may allow the 

content of DTMLDocuments (or DTMLMethods) to be changed by any user without 


Solution: Upgrade to Zope 2.1.7 or higher. 

CVE-2000-0483 

Zope < 2.2.5 Multiple Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server contains an application server that fails to protect 

stored content from modification by remote users.\n\nAccording to its banner, the remote 

web server is Zope < 2.2.5. Such versions suffer from security issues involving incorrect 

protection of a data updating method on Image and File objects. Because the method is not 

correctly protected, it is possible for users with DTML editing privileges to update the raw 

data of a File or Image object via DTML even though they do not have editing privileges 

on the objects themselves. 

Solution: Upgrade to Zope 2.2.5 or higher. 

CVE-2000-0483 

Zope < 2.3.3 ZClass Permission Mapping Modification Local Privilege Escalation 


RISK: 

MEDIUM 



authentication.\n\nThe remote web server is a version of Zope which is older than 2.3.3. 

There is a security issue in all releases prior to version 2.3.3 which allow any user to visit a 

ZClass declaration and change its permission mappings for methods and other objects 

defined within the ZClass, possibly allowing unauthorized access within the Zope instance. 

Solution: Update to Zope 2.3.3 or higher. 

CVE-2001-0567 

Zeus < 3.3.5a Web Server Null Byte Request CGI Source Disclosure 



RISK: 

MEDIUM 



Description: Synopsis :\n\nThe remote host is vulnerable to a flaw which allows attackers to retrieve 

sensitive files.\n\nThe remote host is running the Zeus WebServer. Version 3.1.x to 3.3.5 of 

this web server are vulnerable to a bug which allows an attacker to view the source code of 

all the CGI scripts installed, and possibly steal credentials from them. 

Solution: Upgrade to Zeus Web Server 3.3.5a or higher 

CVE-2000-0149 

Webserver4everyone < 1.30 URI Overflow 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nThe remote web 

server (WebServer4Everyone) is vulnerable to various buffer overflows which may allow 

an attacker to execute arbitrary commands on this host, with the privileges of the web 

daemon (typically, SYSTEM) 

Solution: Upgrade to version 1.30 

CVE-2002-1212 

WebsitePro


RISK: 

MEDIUM 



remote web server (WebSEAL) is vulnerable to a flaw which may allow an attacker to 

disable it remotely by requesting specially malformed files. An attacker may use this flaw 

to prevent the web server from operating properly. 

Solution: None 

CVE-2001-1191 

Webmin Server Detection 



application.\n\nA Webmin server is running on this port in clear text. As webmin is a web 

interface to configure Unix systems, you should not let unciphered communication to be 

established on this service, as an attacker may sniff Webmin sessions and reuse the user 

passwords to take the control of this host. 

Solution: Force the use of SSL in the webmin configuration file. 


WebLogic Server < 6.0 SP1 Encoded Request Directory Listing 


RISK: 

MEDIUM 



sensitive files.\n\nThe remote WebLogic server discloses the listing of the page directories 

when a user submits a URL finishing with %00, %2e, %2f or %5c. An attacker may use 

this flaw to view the source code of JSP files or other dynamic content. 

Solution: Upgrade to WebLogic 6.0 SP1 



WebLogic Server < 5.1 SP 7 ".." URL Handling Remote Overflow DoS 



remote WebLogic server can be disabled remotely by requesting a long URL starting with a 

double dot. 

Solution: Upgrade to WebLogic 5.1 SP7 or higher 


CVE-2001-0098 

WebLogic Internal Management Servlet Authentication Bypass 



authentication.\n\nThe remote web server is an unpatched version of WebLogic. This 

version has an internal management servlet which does not properly check the user 

credentials and can be accessed from the outside, allowing an attacker to change the 

passwords of the users or even to upload or download any file on the remote server. 

Solution: Apply SP2 rolling patch 3 on WebLogic 6.0, service pack 4 on WebLogic 6.1 and SP2 on 

WebLogic 7.0 

CVE-2003-0151 

vqServer < 1.9.30 Directory Traversal File Access 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a directory traversal flaw.\n\nThe remote 

web server (vqServer) is vulnerable to a directory traversal bug which may allow attackers 

to read arbitrary files on the remote host. 


CVE-2000-0240 

VisualRoute Web Server Detection 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote application allows attackers to 'bounce' attacks against other 

networks.\n\nThe remote host is running VisualRoute, a web server allowing anyone to 

perform a traceroute interactively. An attacker may use this interface to perform traceroutes 

on third party hosts without being noticed, therefore using a VisualRoute server as a relay 

for their discoveries. 

Solution: Disable this server if you do not use it, or block its access on the firewall 


Vignette StoryServer Cross-user Session Information Disclosure 



RISK: 

MEDIUM 




attacks.\n\nThe remote host is running Vignette StoryServer, a web interface to Vignette's 

content management suite. A flaw in the product may allow an attacker, under certain 

circumstances, to extract information about the sessions of other users as well as other 

sensitive information. 

Solution: A patch is available at http://support.vignette.com/VOLSS/KB/View/1,,5360,00.html 

CVE-2002-0385 

UltraSeek < 4.0 Malformed URL DoS 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a Denial of Service (DoS) attack.\n\nAn 

attacker may be able to remotely disable this UltraSeek server by doingt a malformed 

request to it (as in /index.html?&col). 

Solution: Upgrade to UltraSeek 4.0 or higher. 

CVE-2000-1019 

UltraSeek Server Detection 



running the UltraSeek server. UltraSeek has been known to contain security vulnerabilities 

ranging from buffer overflows to cross-site scripting issues. It is therefore not 

recommended that you use it if you can do the same with another product 

Solution: Remove the vulnerable application 


Tripwire for WebPages Installation Disclosure 


RISK: 

MEDIUM 



sensitive files.\n\nThe remote host is running TripWire for WebPages under the Apache 

web server. This software may allow attackers to gather sensitive information about your 

server configuration. 

Solution: Hide the TripWire information by setting the option "ServerTokens" to "ProductOnly" in 

httpd.conf. 




Apache Tomcat /status Information Disclosure 


RISK: 

MEDIUM 



attacks.\n\nThe remote host is running the Tomcat web server, with the /status special page 

set. By requesting this URI, an attacker may obtain information about the status of the 

remote host and may also be able to reset the statistics of the server. 

Solution: If you do not use this feature, comment out the appropriate section in your httpd.conf file. If 

you really need it, limit access to the administrator's host. 


Apache Tomcat < 4.x JSP Source Code Disclosure 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server can disclose source code.\n\nTomcat 4.0.4 and 4.1.10 

(and possibly earlier versions) are vulnerable to source code disclosure by using the default 

servlet org.apache.catalina.servlets.DefaultServlet 

Solution: Upgrade to version 4.0.5, 4.1.12 or higher 

CVE-2002-1148 

Apache Tomcat Snoop Servlet Remote Information Disclosure 


RISK: 

MEDIUM 



attacks.\n\nThe remote Tomcat server has the 'snoop' servlet installed. This servlet 

discloses valuable information about the remote host, such as the server type and version, 

the PATHs in use, and the kernel version of the remote host. An attacker may use this 

information to gain intimate knowledge about this host and make more precise attacks 

against it. 

Solution: Delete this servlet 

CVE-2000-0760 

Jakarta Tomcat < 3.2.1 Path Disclosure 



RISK: 

MEDIUM 



Description: Synopsis :\n\nThe remote host allows remote attackers to determine physical file 

layout.\n\nThe remote Jakarta Tomcat server reveals the physical path of the remote 

webroot when asked for a .jsp file using a specially crafted request. An attacker may use 

this flaw to gain further knowledge about the remote system layout. 

Solution: Upgrade to Tomcat 3.2.1 or higher. 

CVE-2000-0759 

Apache Tomcat < 3.3.1a Directory Listing and File Disclosure 


RISK: 

MEDIUM 



attacks\n\nApache Tomcat (prior to 3.3.1a) is prone to a directory listing and file disclosure 

vulnerability. An attacker may exploit this bug to get the listing of directories otherwise 

protected by an index.html file, or even to get the source code of the remote .jsp scripts. 

Solution: Upgrade to Tomcat 3.3.1a or higher. 

CVE-2003-0042 

Apache Tomcat < 3.3.1a Servlet Engine MS/DOS Device Name DoS 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a Denial of Service (DoS) attack.\n\nIt may 

be possible the freeze or crash the remote Tomcat web server by making it read MS/DOS 

devices files through its servlet engine (ie: /examples/servlet/AUX). 

Solution: Upgrade to Tomcat 3.3.1a or higher. 

CVE-2003-0045 

thttpd < 2.20 ssi Servlet Traversal File Access 


RISK: 

MEDIUM 



sensitive files.\n\nThe remote web server (thttpd) allows an attacker to read arbitrary files 

on this host, by exploiting a weakness in an included ssi package, in prepending %2e%2e/ 

to the pathname (as in GET /cgi-bin/ssi//%2e%2e/%2e%2e/etc/passwd). 

Solution: Upgrade to thttpd 2.20 or higher. 

CVE-2000-0900 



thttpd < 2.05 If-Modified-Since Header Remote Overflow 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nThe remote thttpd 

server is vulnerable to a stack overflow when it is issued a malformed HTTP header. An 

attacker may use this bug to run arbitrary code on the remote server, with the privileges of 

the thttpd daemon (typically root or nobody). 


CVE-2000-0359 

SWAT Server Detection 


RISK: 

MEDIUM 


Description: The remote host is running SWAT (Samba Web Administration Tool). SWAT allows 

Samba users to change their passwords and provides the system administrator with an 

easy-to-use web interface to configure Samba. It is not recommended to let SWAT be 

accessed by the world, as it allows an intruder to attempt to brute force some account 

passwords. In addition to this, the traffic between SWAT and the web client is not ciphered, 

so an eavesdropper can gain cleartext passwords easily. 

Solution: Disable SWAT once your Samba server is configured. 

CVE-2000-0935 

Sun Cobalt Adaptative Firewall Detection 


RISK: 

MEDIUM 


Description: Sun Cobalt hosts contain a firewall mechanism, which can be configured remotely using 

Cobalt's built-in HTTP server. To access it, a user simply has to enter a passphrase which 

could possibly be brute-forced. 

Solution: Block incoming connections to this port 


StrongHold Web Server Detection 



RISK: 

MEDIUM 


Description: The remote host seems to be running the StrongHold web server. This server comes with a 

sample script (swish) which allows a user to obtain the physical path to the remote webroot 

directory. It may also display system-specific information about the remote host. Note: The 


CGI was not tested for. 

Solution: Remove the CGI mapped behind the /search URL 


StrongHold < 3.0 build 3015 System File Disclosure 


RISK: 

MEDIUM 


Description: The remote web server (RedHat StrongHold Web server) allows anyone to disclose 

sensitive system files, including httpd.conf, by requesting the URLs /stronghold-info and 

/stronghold-status. An attacker may use this flaw to gain a better intimate knowledge about 

the remote host and make more focused attacks. 

Solution: Upgrade to version 3.0 build 3015 or higher. 

CVE-2001-0868 

StrongHold < 3.0 build 3015 File System Disclosure 


RISK: 

MEDIUM 


Description: The remote web server (RedHat StrongHold Web server) allows anyone to disclose 

sensitive system files, including httpd.conf, by requesting the URLs /stronghold-info and 

/stronghold-status. An attacker may use this flaw to gain a better intimate knowledge about 

the remote host and make more focused attacks. 


CVE-2001-0868 

Abyss Web Server < 1.1.4 HTTP GET Header Remote DoS 


Description: The remote Abyss web server can be disabled remotely by an attacker by sending a 

malformed HTTP request. 

Solution: Upgrade to Abyss 1.1.4 or higher. 

CVE-2003-1364 

PHP < 4.2.2 Malformed POST Requests 




Description: The remote host is running a version of PHP which is older than 4.2.2. This version has a 

bug which allows an attacker to disable the remote server or execute arbitrary code on it. 

Solution: Upgrade to PHP 4.2.2 or downgrade to 4.1.x 

CVE-2002-0986 

PHP < 4.3.1 CGI Module File Access 


Description: The remote host is running PHP 4.3.0 which contains a flaw which may let anyone execute 

arbitrary PHP code on this host. 

Solution: Upgrade to PHP 4.3.1 or higher. 

CVE-2003-0097 

PHP < 3.0.17 / 4.0.3 Hidden Form Field File Upload 


RISK: 

MEDIUM 


Description: The remote host is running a version of PHP which is older than 3.0.17 or 4.0.3. If a PHP 

script that allows users to upload files and then display their content is running on this host, 

an attacker may use it to read arbitrary files. 

Solution: Upgrade to PHP 3.0.17 or 4.0.3 or higher. 

CVE-2000-0860 

PHP < 4.0.4 IMAP Module Overflow 


RISK: 

MEDIUM 


Description: The remote host is running a version of PHP which is older than 4.0.4. There is a buffer 

overflow in the IMAP module of this version which may allow an attacker to execute 

arbitrary commands with the privileges of the web server if a PHP script connects to a 

rogue IMAP server. 

Solution: Upgrade to PHP 4.0.4 


PHP < 3.0.17 / 4.0.3 Error Log Command Injection 



RISK: 

MEDIUM 



Description: The remote host is running a version of PHP which is older than 3.0.17 or 4.0.3. If the 

option 'log_errors' is set to 'On' in php.ini, an attacker may use a bug present in this version 

to execute arbitrary commands on this host. 

Solution: Upgrade your installation of PHP to 3.0.17 or 4.0.3 or higher. 

CVE-2000-0967 

PHP < 4.2.3 Mail Function Header Spoofing 


RISK: 

MEDIUM 


Description: The remote web server is running a version of PHP which is 4.2.2 or older. This version 

has a bug in its mail() function which does not properly sanitize user input. As a result, 

users can forge email to make it look like it is coming from a different source that the 

server. The remote version of PHP is: \n %L 


CVE-2002-0985 

PHP < 4.0.4 php.cgi Shell Access Overflow 


Description: The remote host seems to be running PHP as a standby application (php.cgi). Due to 

security bugs and performance issues, you should compile it as a module for your web 

server. 


CVE-1999-0058 

PHP < 4.1.0 Safe Mode Mail Function Command Execution 


RISK: 

MEDIUM 


Description: The remote host is running PHP 4.0.5. There is a flaw in this version which allows local 

users to circumvent the safe mode and gain the UID of the HTTP process. 

Solution: Upgrade to PHP 4.1.0 

CVE-2001-1246 

PHP < 4.3.2 Multiple Function Remote Overflows 



RISK: 

MEDIUM 



Description: The remote host is running a version of PHP which is older than 4.3.2. This version 

contains various flaws that may allow an attacker who has the ability to execute PHP 

scripts in safe_mode on this host to execute arbitrary commands with the privileges of the 

HTTP daemon 


CVE-2003-0172 

PHP < 4.1.2 POST Request file_upload Overflow 


Description: The remote host is running a version of PHP which is older than 4.1.2. This version 

contains a bug which the handling functions of data of type multipart/form-data, which may 

allow an attacker to gain a shell on this host. 


CVE-2002-0081 

RemotelyAnywhere Web Server Detection 


Description: The remote host is running the RemotelyAnywhere web server. RemotelyAnywhere allows 

a user to remotely control the server. You should ensure that this service is authorized by 

the appropriate groups and relevant security policies. 

Solution: Ensure that this server was legitimately installed. 


Alibaba 2.0 HTTP Request Overflow DoS 


Description: It is possible to disable the remote AliBaba web server by sending a long argument to a 

GET or POST HTTP request. 

Solution: None at this time. 

CVE-2000-0626 





Description: The remote host is running a version of Apache which is older than 1.3.27. This version 

contains several flaws that have been fixed in 1.3.27. 

Solution: Upgrade to Apache 1.3.27 or higher. 

CVE-2002-0843 

Apache < 2.0.43 HTTP POST Request Source Disclosure 


RISK: 

MEDIUM 


Description: The remote host is running a version of Apache 2.x which is older than 2.0.43. This version 

allows an attacker to view the source code of CGI scripts via a POST request made to a 

directory with both WebDAV and CGI enabled. 


CVE-2002-1156 

Apache mod_auth_pgsql < 0.9.6 SQL Injection 


Description: The remote host is running a version of mod_auth_pgsql which is older than 0.9.6. It is 

vulnerable to a SQL injection attack which may let anyone bypass authentication or even 

modify your database. 

Solution: Upgrade to mod_auth_pgsql 0.9.6 or higher. 

CVE-2001-1379 

Apache mod_auth_pg < 1.2b3 SQL Injection 


Description: The remote host is running a version of mod_auth_pg which is older than 1.2b3. It is 



Solution: Upgrade to mod_auth_pg 1.2b3 or higher. 

CVE-2001-1379 

Apache mod_auth_mysql < 1.10 SQL Injection 




Description: The remote host is running a version of mod_auth_mysql which is older than 1.10. It is 



Solution: Upgrade to mod_auth_pg 1.10 or higher. 

CVE-2001-1379 

Apache mod_auth_oracle < 0.52 SQL Injection 


Description: The remote host is running a version of mod_auth_oracle which is older than 0.5.2. It is 



Solution: Upgrade to mod_auth_oracle 0.5.2 or higher. 

CVE-2001-1379 

Apache mod_auth_pgsql_sys < 0.9.5 SQL Injection 


Description: The remote host is running a version of mod_auth_pgsql_sys which is older than 0.9.5. It is 



Solution: Upgrade to mod_auth_pgsql_sys 0.9.5 or higher. 

CVE-2001-1379 

Apache Chunked Encoding Remote Overflow / DoS 


Description: The remote host is running a version of Apache which is vulnerable to a chunked encoding 

vulnerability. An attacker may use this flaw to gain a shell on this host. 

Solution: Upgrade to Apache 1.3.26, 2.0.39 or higher. 

CVE-2002-0392 


Apache-SSL < 1.47 mod_ssl i2d_SSL_SESSION Function Overflow 


Description: The remote host is using a version of Apache-SSL which is older than 1.47. This version is 

vulnerable to a buffer overflow which may allow an attacker to execute arbitrary 

commands on this host. 


Solution: Upgrade to version 1.47 or higher. 

CVE-2002-0082 

Apache < 2.0.44 MS-DOS Device Name DoS / Code Execution 


Description: The remote host is running a version of Apache2 for Win32 which is older than 2.0.44. 

There are several flaws pre-2.0.44 which may allow an attacker to crash this host or even 

execute arbitrary code remotely. However, these bugs only affect WindowsME and 

Windows9x. 


CVE-2003-0016 

Apache < 2.0.40 Win32 Directory Traversal File Access 


Description: The remote host is running a Apache 2.0.39 for Win32. There is a flaw in this version 

which allows anyone to access files that would otherwise be inaccessible by a directory 

traversal attack. An attacker may use this flaw to read sensitive files on this host, or even 

possibly execute commands on your system. 

Solution: Upgrade to Apache 2.0.40 or higher for Win32. 

CVE-2002-0661 

Apache < 2.0.44 File Access on Win32 


RISK: 

MEDIUM 


Description: The remote host is running a version of Apache for Win32 which is older than 2.0.44. 

There is a flaw in this version which may allow an attacker to access files they should not 

have access to, by appending special chars to their name. 

Solution: Upgrade to Apache 2.0.44 or higher for Win32. 

CVE-2003-0017 

BadBlue < 2.3 ISAPI Extension Administrative Actions Bypass 


Description: The remote host is running the BadBlue web server. There is a flaw in the version used that 

may allow attackers to gain administrative privileges on this host without having to log in. 

Solution: Upgrade to BadBlue 2.3 or higher. 




BitKeeper 3.0.x Remote Command Execution 


Description: The remote host is running version 3.0.x of the BitKeeper web server. Some versions of 

this service are known to allow anyone execute arbitrary commands with the privileges of 

the BitKeeper daemon. 

Solution: Contact the vendor for a fix. 


Communigate Pro < 3.2 HTTP Configuration Port Remote Overflow 


Description: The remote host is running Communigate Pro version 3.0 or 3.1. There is a flaw in this 

version which may allow an attacker to execute arbitrary code on this host. 

Solution: Upgrade to CommunigatePro 3.2 or higher. 

CVE-1999-0865 

Compaq WBEM Server Detection 


RISK: 

MEDIUM 


Description: The remote host is running the Compaq WBEM service. This service discloses sensitive 

information about this host, such as the platform name and version, the installed hotfixes 

and the running services. The version which is running is : %L 

Solution: Disable this service if you do not use it. 


Lotus Domino < 5.0.12 / 6.0.1 Multiple Vulnerabilities 


Description: The remote host is running a version of the Domino web server which is vulnerable to 

various flaws when it acts as a web client (through web retriever) or in LDAP. An attacker 

may use these flaws to execute arbitrary code on this host. 

Solution: Upgrade to Domino 5.0.12, 6.0.1 or higher. 

CVE-2001-1311 



Domino < 5.0.7 NSF File Request Directory Traversal File Access 


RISK: 

MEDIUM 


Description: The remote Domino Web Server is vulnerable to a directory traversal attack. An attacker 

may read arbitrary files on the remote system by prepending %00%00.nsf/../ in front of 

their names. 

Solution: Upgrade to Domino 5.0.7 or higher. 

CVE-2001-0009 

dwhttpd < 4.2 GET Request Remote Format String 


Description: The remote dwhttpd server is vulnerable to a format string attack. An attacker may use this 

flaw to execute arbitrary code on this host, with the privileges of the dwhttpd web server 



IMail < 7.0.6 Account Hijacking 


RISK: 

MEDIUM 


Description: The remote host is running the IMail web interface. There is a bug in the version being run 

which may allow an attacker to read the mailboxes of the users by sending them a 

malformed HTML email containing a link to an image hosted on a rogue web server. 

Solution: Upgrade to IMail 7.0.6 or higher. 


LocalWeb2000 2.10 Crafted Request File Disclosure 


Description: The remote host is running LocalWeb2000. Versions of this software up to and including 

2.10 allow an attacker to read normally protected files by prepending a dot in front of their 

name. 

Solution: The product is no longer supported by the vendor. 

CVE-2002-0897 

Apache mod_frontpage < 1.6.1 Remote Overflow 




Description: The remote Apache server is running mod_frontpage. Versions older than 1.6.1 are 

vulnerable to a buffer overflow which may allow an attacker to gain root access on this 

host. *** Note that it is not possible to remotely determine the version of mod_frontpage 

which is running, so this may be a false positive. 

Solution: Upgrade to mod_frontpage 1.6.1 or higher. 

CVE-2002-0427 

Apache mod_jk < 1.2.1 Chunked Encoding DoS 


Description: The remote Apache server is running a version of mod_jk which is vulnerable in the way it 

processes chunked encoded requests. This may allow an attacker to desynchronise Apache 

and Tomcat which would prevent this host from running properly. 

Solution: Upgrade to mod_jk 1.2.1 or higher. 

CVE-2002-2272 

Apache mod_python < 2.7.8 Imported Function Access 


Description: The remote Apache server is running a version of mod_python which is older than 2.7.6. 

This version contains a bug which may allow an attacker to execute potentially harmful 

python function even though he should not have the privileges to do so. 

Solution: Upgrade to mod_python 2.7.8 or higher. 

CVE-2002-0185 

Apache mod_ssl < 2.8.10 Off-by-one Overflow 


RISK: 

MEDIUM 


Description: The remote Apache server is running a version of mod_ssl which contains a off-by-one 

buffer overflow. An attacker with write access to a .htacess file could exploit this bug to 

execute arbitrary code on this host with the privileges the web server is running. 

Solution: Upgrade to mod_ssl 2.8.10 or higher. 

CVE-2002-0653 

Apache mod_ssl Session Cache Code Overflow 




Description: The remote Apache server is running a version of mod_ssl which is older than 2.8.7. There 

is a bug in this module which may allow an attacker to obtain a shell on this host. 


CVE-2002-0082 

Monkey HTTP Daemon < 0.6.2 POST Request Remote Overflow 


Description: The remote host is running a version of Monkey which contains a bug in the way it handles 

POST requests. An attacker may exploit this flaw to execute arbitrary code. 

Solution: Upgrade to Monkey HTTP Daemon 0.6.2 or higher. 

CVE-2003-0218 

OpenSSL Private Key Disclosure 


RISK: 

MEDIUM 


Description: The remote host is running a version of OpenSSL which is vulnerable to a timing attack 

which may allow an attacker to recover the content of fixed data blocks and even 

eventually the RSA private key of the web server. 

Solution: Upgrade to OpenSSL 0.9.6i or 0.9.7a 

CVE-2003-0131 

Oracle WebCache Server < 2.0.0.3.x Multiple Vulnerabilities 


RISK: 

MEDIUM 


Description: The remote host is running a version of the OracleWebCache server which may be disable 

remotely by an attacker by sending a malformed request to it. The remote server is running 

: %L 

Solution: Upgrade to version 2.0.0.3.x or newer 

CVE-2002-0102 

Resin < 2.1s020604 MS-DOS Device Path Disclosure 



RISK: 

MEDIUM 



Description: The remote web server may disclosure the physical path of the remote web root when asked 

for a special MS-DOS device as, for instance, lpt9.xtp. An attacker may use this flaw to 

gain more knowledge about this host. 

Solution: Upgrade to the Resin 2.1s020604 or higher. 

CVE-2002-2090 

Savant < 3.0 GET Request CGI Source Disclosure 


Description: The remote Savant Web Server can be forced by an attacker to display the content of the 

CGIs it runs instead of the output of their execution. An attacker may use this flaw to view 

the source code of your scripts or to get a copy of your binary CGIs. 

Solution: Upgrade to Savant 3.x or higher. 

CVE-2000-0521 

Pi3Web WebServer < 2.0.1 CGI Handler Overflow 


RISK: 

MEDIUM 


Description: The remote web server may crash when it is sent a too long CGI parameter multiple times. 

An attacker may use this flaw to prevent this host from working properly. 

Solution: Upgrade to Pi3Web 2.0.1 or higher. 

CVE-2002-0142 

Shoutcast Multiple GET Request Remote DoS 


RISK: 

MEDIUM 


Description: The remote ShoutCast server can be disabled remotely by sending a multiple GET requests 

to it. An attacker may use this flaw to prevent this host from working properly. 

Solution: No solution is known at this time. 

CVE-2001-1304 

AnalogX SimpleServer:WWW < 1.2 Remote DoS 




Description: The remote web server (SimpleServer:WWW) contains a bug which may allow an attacker 

to disable it. 

Solution: Upgrade to SimpleServerWWW 1.2 or higher. 

CVE-2000-0243 

thttpd < 2.05 If-Modified-Since Header Overflow 


Description: The remote web server contains a buffer overflow in the portion of its code which 

processes the argument of the header 'If-Modified-Since'. By supplying a malformed 

argument to this header, an attacker may be able to execute arbitrary code on this host, with 

the privileges of the web server. 


CVE-2000-0359 

Squid < 2.4.STABLE6 Multiple Overflows 


Description: The remote squid caching proxy, according to its version number, is vulnerable to various 

buffer overflows. An attacker may use these to gain a shell on this system. It was 

determined that you are running %L 

Solution: Upgrade to squid 2.4.STABLE6 or higher. 

CVE-2002-0068 

Squid Proxy mkdir-only PUT Request DoS 


RISK: 

MEDIUM 


Description: The remote squid caching proxy may be disabled remotely by any user by sending it a 

malformed 'mkdir-only' PUT request. 

Solution: Upgrades and a patch are available for multiple platforms. 

CVE-2001-0843 

BEA WebLogic < 5.1.0 SP8 Hex-encoded Request JSP Source Disclosure 



RISK: 

MEDIUM 



Description: BEA WebLogic may be tricked into revealing the source code of the remote JSP scripts by 

using simple URL encoding of the characters in the filename extensions (ie: default.js%70 

instead of .jsp). 

Solution: Upgrade to WebLogic version 5.1.0 SP8 or higher. 


BEA WebLogic < 6.1 SP2 Encoded Null Byte Request JSP Source Disclosure 


RISK: 

MEDIUM 


Description: The remote BEA WebLogic server may be tricked into revealing the source code of the 

remote JSP scripts by adding an encoded character (ie: %00x) at the end of the request. 

Solution: Upgrade to WebLogic 6.1 SP2 or higher. 


SHOUTcast Server Log Files XSS 


RISK: 

MEDIUM 


Description: The remote host is running a SHOUTcast server. This software does not properly validate 

the data provided by web clients, and is therefore vulnerable to a cross-site scripting issue 

in its logs interface (which can only be used by the administrator). An attacker may use this 

flaw to steal the cookies of the administrator and gain access to this server. 

Solution: None solution known at this time. 


miniPortail admin.php Cookie Manipulation Admin Access 

PVS ID: 1528 FAMILY: CGI RISK: HIGH NESSUS ID:11623 

Description: The remote host is running MiniPortail, a set of PHP scripts designed to manage to web 

portal. There is a flaw in the remote version of miniPortail which may allow anyone to gain 

administrative privileges on this server. 

Solution: No solution known at this time. 

CVE-2003-0272 

mod_ssl < 2.8.10 Wildcard DNS Server Name XSS 



RISK: 

MEDIUM 



Description: The remote host is using a version of mod_ssl which is older than 2.8.10. This version is 

vulnerable to a flaw which may allow an attacker to successfully perform a cross-site 

scripting attack. *** Note that several Linux distributions (such as RedHat) patched this 

CGI without increasing its version number, therefore this might be a false positive. 


CVE-2002-1157 

Snitz Forums < 3.4.03 register.asp Email Parameter SQL Injection 


Description: Synopsis :\n\nThe remote web server contains a script which is vulnerable to a SQL 

injection attack.\n\nThe remote host is using Snitz Forum 2000. This set of CGI is 

vulnerable to a SQL injection issue which may allow an attacker to execute arbitrary 

commands on this host. 



eServ HTTP Connection Saturation Memory Leak Remote DoS 


Description: The remote web server (eServ) contains a memory leak which may allow an attacker to 

disable it remotely by making a large amount of requests to this port. 


CVE-2003-0290 

Horde and IMP Test Script Disclosure 

PVS ID: 1532 FAMILY: CGI 

RISK: 

MEDIUM 


Description: The remote host is running Horde and/or IMP with the test script available to anyone. An 

attacker may use these to gain valuable information about the remote host. 

Solution: Delete all the files named 'test.php' on the remote host. 


PHP Topsites counter.php Arbitrary File Overwrite 



RISK: 

MEDIUM 



Description: The remote host is running PHP Topsites and has the CGI 'counter.php' installed. There is a 

flaw in this CGI which may allow an attacker to overwrite arbitrary files on this host. 

Solution: Delete this CGI. 


mod_survey < 3.0.14e / 3.0.15pre6 ENV tags SQL Injection 



injection attack.\n\nThe remote host is using mod_survey, a perl add-on to manage online 

surveys. There is a flaw in the remote installation of mod_survey which makes it vulnerable 

to SQL injection attacks when a database backend is being used. An attacker may use this 

flaw to gain control of your database. 

Solution: Upgrade to mod_survey 3.0.14e or 3.0.15pre6 or higher. 


Apache < 2.0.46 on OS/2 filestat.c Device Name Request DoS 


RISK: 

MEDIUM 


Description: The remote host is running a version of Apache/2.x which is older than 2.0.46 on top of 

OS/2. There is an OS/2 specific bug in this version which may allow an attacker to disable 

this service remotely by abusing a flaw in the OS/2 specific source file filestat.c. 


CVE-2003-0134 

BEA WebLogic Server GET Request Name Disclosure 


RISK: 

MEDIUM 


Description: The remote host is running the WebLogic web server. There is a flaw which allows an 

attacker to gain the NetBIOS host name of the remote host. 




IkonBoard FUNC.pm lang Cookie Arbitrary Command Execution 



Description: The remote host is running IkonBoard, an on-line BBS system. There is a flaw in the 

version used which may allow an attacker to execute arbitrary commands on this host. 

Solution: Upgrade to the latest version of IkonBoard. 

CVE-2003-0770 

BEA WebLogic < 5.1 SP 11 JSP Source Disclosure 


RISK: 

MEDIUM 


Description: The remote WebLogic server may be tricked into revealing the source code of JSP scripts 

by prefixing their path by '/*.shtml/'. 

Solution: Upgrade to version 5.1 SP 11 or higher. 

CVE-2000-0683 

HappyMall normal_html.cgi Remote Command Execution 


RISK: 

MEDIUM 


Description: The remote host is running HappyMall, an e-commerce CGI suite. Some versions of this 

CGI are vulnerable to a flaw which may allow an attacker to execute arbitrary commands 

on this host. 

Solution: The vendor has provided a patch for this program. 

CVE-2003-0277 

CGI Script Path Disclosure 

PVS ID: 1540 FAMILY: CGI RISK: LOW NESSUS ID:Not Available 

Description: The remote host is hosting a CGI which seems to disclose a physical path as one of its 

arguments. An attacker may use it to gain more information about the remote host. The 

request we saw was : %P 

Solution: Fix this CGI 


NetCharts Server Default Password 




Description: The remote host is running a NetCharts server with the default login and password 

(Admin/Admin). 

Solution: Change the default password. 


12Planet Chat Server Path Disclosure 


RISK: 

MEDIUM 


Description: The remote host is running 12Planet Chat Server, a web based chat server written in Java. 

There is a flaw in this software that may allow an attacker to obtain the physical path of the 

installation of the remote server by sending a malformed request to this service. 

Solution: None solution is known at this time. 


12Planet Chat Server ClearText Password Remote Disclosure 

PVS ID: 1543 FAMILY: CGI RISK: LOW NESSUS ID:11591 

Description: The remote host is running 12Planet Chat Server over an unencrypted channel. An attacker 

who can sniff traffic on this network may use this configuration issue to obtain the 

password of the administrator of this site and use it to take control. 



JetDB Direct Request Database Download 


Description: The following request was used to download a JetDB database over HTTP : %P 

Solution: Ensure that proper permissions are set on this file. 


YaBB SE < 1.5.2 Remote File Inclusion and SQL Injection 



RISK: 

MEDIUM 


Description: The remote host is running the YaBB SE forum management system. There is a flaw in this 

version which may allow an attacker to execute arbitrary commands on this host and to 

inject arbitrary values in the remote SQL database. 


Solution: Upgrade to YaBB SE 1.5.2 or higher. 

CVE-2002-1176 

XMB < 1.8 SP1 member.php SQL Injection 


RISK: 

MEDIUM 


Description: The remote host is running XMB Forum. There is flaw in the version this host is using 

which may allow an attacker to perform a SQL injection attack against this host. 

Solution: Upgrade to XMB 1.8 SP1 or higher. 


Sambar Cleartext Password Remote Disclosure 


Description: The remote Sambar server does not run on top of SSL, therefore passwords are transmitted 

in cleartext over HTTP. An attacker who can sniff network traffic may use this flaw to gain 

access on the web interface of this host. 



TrueGalerie admin.php loggedin Parameter Admin Authentication Bypass 


RISK: 

MEDIUM 


Description: It is possible to gain administrative privileges on the remote TrueGallerie installation by 

requesting the URL '/admin.php?loggedin 

Solution: Disable the option 'register_globals' in php.ini. 

CVE-2003-1488 

album.pl < 6.2 Remote Command Execution 


RISK: 

MEDIUM 


Description: The remote host is running a version of the CGI 'album.pl' which may allow an attacker to 

execute arbitrary commands on this host. 




CVE-2003-1456 

thttpd < 2.24 Host:' Header Traversal File Access / libhttpd.c defang Overflow 


Description: The remote host is using an old version of thttpd which is vulnerable to a directory traversal 

when virtual hosting is enabled. An attacker may use this flaw to read arbitrary files on the 

remote host. 


CVE-2002-1562 

StockMan Shopping Cart < 7.9 shop.plx Command Execution 


Description: The remote host is running Stockman Shopping Cart. There is a flaw in this software which 

may allow an attacker to execute arbitrary commands on this host. 

Solution: Uprade to version 7.9 or higher. 


CommuniGate Pro < 4.0 .1b2 Referer Field Hijacking 


Description: The remote CommuniGate Pro, according to its version number, is vulnerable to a flaw 

which may allow an attacker access the mailbox of its victims. To exploit such a flaw, the 

attacker needs to send an email to its victim with a link to an image hosted on a rogue 

server which will store the Referrer field sent by the user user-agent which contains the 

credentials used to access the victim's mailbox. 

Solution: Upgrade to CommuniGate Pro 4.0 .1b2 or higher. 

CVE-2003-1481 

Coppermine Gallery < 1.1 beta 3 SQL Injection 




injection attack.\n\nThe remote host is running CopperMine Gallery, a set of PHP scripts to 

handle galleries of pictures. There is a flaw in the version of Coppermine Gallery which is 

used by the remote host, which may allow an attacker to do a SQL injection attack, which 

would allow the viewing of arbitrary pictures or even to gain administrative access on this 

database. 

Solution: Upgrade to Coppermine Gallery 1.1 beta 3 or higher. 



BadBlue < 2.2 Unspecified Admin Access 


Description: The remote BadBlue web server has a vulnerability which may allow attackers to gain the 

administrative control of this host. 

Solution: Upgrade to BadBlue version 2.2 or higher. 


Bugzilla XSS / Insecure Temporary File Names 


RISK: 

MEDIUM 


Description: The remote server is running Bugzilla, a bug tracking system. There is a flaw in the remote 

installation of Bugzilla that makes it vulnerable to cross-site scripting attacks and that may 

allow local attackers to escalate their privileges due to the use of insecure temporary file 

names. 

Solution: Upgrade to Bugzilla 2.16.3, 2.17.4 or higher. 


mod_NTLM Overflow / Format String 


Description: The remote host appears to be running mod_NTLM on top of Apache. There is a bug in 

several versions of this module which make it vulnerable to a buffer overflow and a format 

string attack. 



OpenBB Multiple SQL Injection 


Description: The remote host seems to be running OpenBB, a forum management system. There is a 

flaw in the remote version of OpenBB which allows an attacker to take the control of the 

database. 





Nokia IPSO Voyager WebGUI readfile.tcl file Parameter Arbitrary File Access 


RISK: 

MEDIUM 


Description: The remote host is running readfile.tcl on Nokia IPSO Voyager WebGUI, which allows any 

user with a web account on this host to read arbitrary files on this system with the 

privileges of the HTTP server. 



bttlxeForum login.asp < 2.0 Multiple SQL Injection 


Description: Synopsis :\n\nThe remote host is running bttlxeForum, a set of CGI designed to manager a 

web-based forum server.\n\n There is a SQL injection vulnerability in this installation 

which allows an attacker to gain the privileges of the administrator while logging in, or to 

take the control of the remote database. 


CVE-2003-0215 

Xeneo Web Server < 2.1.5 GET Request Denial of Service 


RISK: 

MEDIUM 


Description: It is possible to make the remote Xeneo web server to crash remotely. An attacker may use 

this flaw to prevent this host from working properly. 


CVE-2002-1248 

Monkey HTTP Daemon < 0.6.2 PostMethod Function Remote Overflow 


Description: It is possible to make the remote web server crash when sending a POST command with 

too much data in it. An attacker might also exploit this flaw to execute arbitrary code on 

this host. 


CVE-2003-0218 

eZ Publish site.ini Configuration Disclosure 




RISK: 

MEDIUM 


Description: eZ Publish (a content management system) is installed on the remote host. An attacker may 

retrieve the file 'settings/site.ini' and gather interesting information about the remote host. 

Solution: Restrict remote access to .ini files. 


Ocean12 Guestbook XSS 


RISK: 

MEDIUM 


Description: The remote host is running Ocean12 Guestbook, a set of scripts designed to manage an 

on-line guestbook. There is a flaw in this program which may be abused by attackers to 

inject malicious HTML code in the remote site, which may be used to steal the cookies of 

legitimate users. 



Super Guestbook superguestconfig Admin Password Disclosure 


RISK: 

MEDIUM 


Description: The remote host is running SuperGuestBook, a set of PHP scripts designed to manage an 

interactive guestbook. There is a flaw in this version which may allow an attacker to 

retrieve the configuration file of this setup, which contains the password of the 

administrator. 

Solution: Restrict remote access to the 'superguestconfig' file. 


Instaboard index.cfm SQL Injection 



injection attack.\n\nThe remote host is running NetPleasure's Instaboard, a web-interface 

designed to manage online forums. There is a vulnerability in this release which allows an 

attacker to perform a SQL injection attack through the CGI 'index.cfm'. 





Vignette StoryServer Information Disclosure 


RISK: 

MEDIUM 


Description: The remote host is running Vignette StoryServer. There is a flaw in this version which may 

allow an attacker to extract parts of the sessions of the other users. 

Solution: The vendor has released a patch to address this issue. 

CVE-2002-0385 

Coppermine Gallery < 1.1 Beta 2 PHP Code Execution 


Description: The remote host is running Coppermine Gallery, a set of PHP scripts to handle galleries of 

pictures. There is a flaw in the version of Coppermine Gallery used by the remote host that 

may allow an attacker to execute arbitrary commands on this host. 

Solution: Upgrade to Coppermine 1.1 beta 2 or higher. 


Linksys Router Default Password 


Description: The remote Linksys router has its default password (admin) set. An attacker may use it to 

reconfigure this device. 

Solution: Log into the remote host and set a strong password for the administrator. 


VPOPMail vpopmail.php Remote Command Execution 


Description: The remote VPOPMail webmail interface lets authenticated users to execute arbitrary 

commands on this host. An attacker may use it to gain a shell on this host. 

Solution: Upgrade to the VPOPMail 0.98 or higher. 


Abyss Malformed GET Request Remote DoS 




Description: The remote web server can be disabled remotely by sending a malformed HTTP request. 

An attacker may use this flaw to prevent the remote host from functioning properly. 

Solution: Upgrade to Abyss X1 v1.1.4 or higher. 

CVE-2003-1364 

mod_jk Chunked Encoding DoS 


Description: The remote host is using a version of the Apache mod_jk module which is older than 1.2.1. 

There is a bug in this version which may allow an attacker to use chunked encoding 

requests to desynchronize Apache and Tomcat and therefore prevent this host from 

working properly. 

Solution: Upgrade to mod_jk 1.2.1 or higher. 

CVE-2002-2272 

AutomatedShops webc.cgi Multiple Overflows 


Description: The remote host is running webc.cgi, a shopping cart application, which is older than 5.020. 

This CGI is vulnerable to a remote buffer overflow as well as a local one. An attacker may 

exploit this flaw to execute arbitrary code on this host. 



NETGEAR ProSafe Router Password Disclosure / Port Filtering Bypass 


Description: The remote NETGEAR FM114P ProSafe Wireless router discloses the username and the 

password of the WAN when it receives specially crafted UPnP SOAP requests. 

Solution: Disable UPnP on this device. 


Ecartis User Password Reset Privilege Escalation 



RISK: 

MEDIUM 



Description: The remote host is running the Ecartis Mailing List Manager web interface (lsg2.cgi). 

There is a vulnerability in versions older than version 1.0.0 snapshot 20030227 which 

allows an attacker to spoof a username while changing passwords, thus potentially gaining 

control of the mailing list. 

Solution: Upgrade to version 1.0.0 snapshot 20030227 or higher. 

CVE-2004-0913 

Sambar Default 'billy-bob' Account 


Description: The remote host is running Sambar with the default account 'billy-bob' set. 

Solution: Disable this account. 


Sambar Default Admin Account 


Description: The remote host is running Sambar with the default account 'admin' set. 



Sambar Default Anonymous Account 


Description: The remote host is running Sambar with the default account 'anonymous' set. 



Sambar environ.pl Default CGI Disclosure 


Description: The remote Sambar server is running environ.pl, which discloses too much information 

about the installation. 





Sambar testcgi.exe Default CGI Disclosure 


Description: The remote Sambar server is running testcgi.exe, which discloses too much information 

about the installation. 



Advanced Poll info.php Information Disclosure 


RISK: 

MEDIUM 


Description: The remote host seems to be running Advanced Poll. This program includes a file called 

'info.php' which is located under db/misc/info.php and may disclose valuable information 

about the remote host. 

Solution: Delete this file. 

CVE-2003-1181 

Advanced Poll info.php Information Disclosure 


RISK: 

MEDIUM 


Description: The remote host seems to be running Advanced Poll. This program includes a file called 

'info.php' which is located under text/misc/info.php and may disclose valuable information 

about the remote host. 


CVE-2003-1181 

Bugzilla < 2.14.5 / 2.16.2 / 2.17.3 Multiple Vulnerabilities 


Description: The remote server is running Bugzilla, a bug tracking system. There is a flaw in the remote 

installation of Bugzilla that may allow an attacker to execute arbitrary code on this host. 

Solution: Upgrade to Bugzilla 2.14.5, 2.16.2 or 2.17.3 or higher. 

CVE-2002-0811 


Microsoft IIS UNC Mapped Virtual Host Source Disclosure 

PVS ID: 1583 FAMILY: Web Servers NESSUS ID:11443 


RISK: 

MEDIUM 

Description: The IIS web server allows the retrieval of ASP/HTR source code. An attacker can use this 

vulnerability to see how your pages interact and find holes in them to exploit. 

Solution: Install the latest patches from Microsoft. 

CVE-2000-0246 

Bonsai < 1.4 Multiple Vulnerabilities 


Description: The remote host has the CGI suite 'Bonsai' installed. This suite is used to navigate a CVS 

repository with a web browser. The remote Bonsai might be vulnerable to various flaws, 

including path disclosure, cross-site scripting and remote command execution. 

Solution: Upgrade to the latest version of Bonsai. 

WebDAV Enabled 

CVE-2003-0155 


Description: The remote web server is running with WebDAV enabled. WebDAV is an industry 

standard extension to the HTTP specification that adds the capability for authorized users to 

remotely add and manage the content of a web server. If this extension is not used, it should 

be disabled. 

Solution: See Microsoft KB article Q241520 (http://support.microsoft.com/kb/241520) 


Sun ONE (iPlanet) Application Server < 6.5 SP1 NSAPI Plugin Overflow 


Description: The remote Sun ONE Application Server (formerly known as iPlanet Application Server) is 

vulnerable to a buffer overflow when a user provides a long buffer after the application 

service prefix, as in \nGET /[AppServerPrefix]/[long buffer]\n An attacker may use this 

flaw to execute arbitrary code on this host or disable it remotely. 

Solution: If you are running Application Server 6.5, apply SP1 or higher. There is no patch for 

version 6.0. 

CVE-2002-0387 

Lotus Domino < 6.0.1 Multiple Overflows 




Description: The remote Lotus Domino server, according to its version number, is vulnerable to various 

buffer overflows and denial of service attack. An attacker may use these to disable this 

server or execute arbitrary commands on the remote host. 

Solution: Upgrade to Domino 6.0.1 or higher. 

CVE-2003-0178 

popper_mod < 1.2.3 Administration Authentication Bypass 


Description: It is possible to administrate the remote popper_mod CGI by requesting the /admin 

directory directly. An attacker may use this vulnerability to obtain user passwords. 


CVE-2002-0513 

WebWho+ whois.cgi Remote Command Execution 


Description: The remote host is using WebWho+ (webwho.pl), a CGI that contains a flaw that allows an 

attacker to execute arbitrary commands on this host. 

Solution: Upgrade to a newer version of this CGI. 

CVE-2000-0010 

Proxy Accepts gopher:// Protocol Requests 


RISK: 

MEDIUM 


Description: The proxy accepts gopher:// requests. Gopher is an old network protocol which predates 

HTTP and is nearly unused today. As a result, gopher-compatible software is generally less 

audited and more likely to contain security bugs than others. By making gopher requests, 

an attacker may evade your firewall settings by making connections to port 70 or may even 

exploit arcane flaws in this protocol to gain more privileges on this host (see the attached 

CVE ID for such an example). 

Solution: Reconfigure your proxy to refuse gopher protocol requests. 

CVE-2002-0371 

PHP-Nuke Software Detection 




Description: The remote host is running a copy of PHP-Nuke. Given the history of this package, we 

recommend that you do not use it, as security was not important to the authors of the 

software. The author of PHP-Nuke (Francisco Burzi) even started to rewrite the program 

from scratch, given the huge number of vulnerabilities. 

Solution: Do not use this software. 

CVE-2005-0434 

phpinfo() Function Information Disclosure 


RISK: 

MEDIUM 


Description: The remote host seems to have a PHP page that calls the phpinfo() function. A call to this 

function should be avoided as it provides information about this host to an attacker. The 

request which triggered the viewing of a phpinfo() file was : \n%P 



Oracle 9iAS SOAP Default Configuration Unauthenticated Application Deployment 


Description: In a default installation of Oracle 9iAS v.1.0.2.2, it is possible to deploy or undeploy SOAP 

services without the need of any kind of credentials. This is due to SOAP being enabled by 

default after installation in order to provide a convenient way to use SOAP samples. 

However, this feature poses a threat to HTTP servers with public access since remote 

attackers can create SOAP services and then invoke them remotely. Since SOAP services 

can contain arbitrary Java code in Oracle 9iAS this means that an attacker can execute 

arbitrary code in the remote server. 

Solution: Disable SOAP. 

CVE-2001-1371 

Oracle 9iAS .JSP File Request Default Error Information Disclosure 



RISK: 

MEDIUM 


Description: Oracle 9iAS allows remote attackers to obtain the physical path of a file under the server 

root via a request for a non-existent .JSP file. The default error generated leaks the 

pathname in an error message. 

Solution: Ensure that virtual paths of URL is different from the actual directory path. Also, do not 

use the directory in 'ApJServMount ' to 

store data or files. 


CVE-2001-1372 

Phorum < 3.4.3 Message Post XSS 


RISK: 

MEDIUM 


Description: A cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows remote attackers 

to inject arbitrary web scripting and HTML. 


CVE-2003-0283 

WebGUI < 5.2.4 Crafted HTTP Request DoS 


Description: WebGUI version 5.2.3 and possibly earlier versions are vulnerable to a denial of service 

attack. By sending a specially-crafted HTTP request, a remote attacker could cause to the 

proxy server to consume 100% of the available CPU resources. 



Web Server .mdb File Remote Information Disclosure 


Description: The remote web server has a publicly downloadable .mdb file (%P). These database files 

usually contain sensitive information such as usernames and passwords. 

Solution: Restrict remote access to .mdb files on the remote server. 


myPHPnuke displayCategory.php Remote Command Execution 


Description: myPHPnuke versions 1.8.8_7 and below suffer from a vulnerability in displayCategory.php 

which allows an attacker to execute system commands on the web server. 



Wireless Access Point (WAP) Detection (HTTP) 



PVS ID: 1599 FAMILY: Web Servers RISK: INFO NESSUS ID:11026 

Description: The remote host is a wireless access point (WAP). 

Solution: Ensure that the proper physical and logical controls exist around the WAP. 


D-Link Wireless Access Point (WAP) Detection (HTTP) 





Cisco Wireless Access Point (WAP) Detection (HTTP) 





Cisco Wireless Access Point (WAP) Detection (HTTP) 





Linksys Wireless Access Point (WAP) Detection (HTTP) 



Solution: Ensure that the proper physical and logical controls exist around the AP. PVS made this 

determination based on the following banner:\n%L 



Linksys WRT Wireless Access Point (WAP) Detection (HTTP) 






Linksys BEFW Wireless Access Point (WAP) Detection (HTTP) 





Linksys WPG Wireless Access Point (WAP) Detection (HTTP) 





SOHO Wireless Access Point (WAP) Detection (HTTP) 





Buffalo WBR-G54 Wireless Access Point (WAP) Detection (HTTP) 






R2 Wireless Access Point (WAP) Detection (HTTP) 














































Solution: You should Ensure that the proper physical and logical controls exist around the WAP. 
























NETGEAR Wireless Access Point (WAP) Detection (HTTP) 





NETGEAR Wireless Access Point (WAP) Detection (HTTP) 






Broadcom Wireless Access Point (WAP) Detection (HTTP) 






Apache < 1.3.14 Multiple Forward Slash Directory Listing 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe web server allows the listing of directory contents.\n\nThe Apache 

server is running a version which allows directory indexing by sending many / characters 

into the web request 


CVE-2000-0505 

Stalkerlab Mailers CGIMail.exe Arbitrary File Retrieval 


Description: The script CgiMail.exe exists on the remote web server. Some versions of this script are 

vulnerable to a remote exploit. 

Solution: Upgrade CgiMail.exe 

CVE-2000-0726 

Trend Micro Virus Buster cgiWebupdate.exe Arbitrary File Access 


RISK: 

MEDIUM 


Description: The script CgiWebupdate.exe exists on the remote web server. Some versions of this script 

are vulnerable to a remote exploit. 

Solution: Upgrade or patch CgiWebupdate.exe 

CVE-2001-1150 

PDGSoft Shopping Cart redirect.exe Remote Overflow 


Description: The executable redirect.exe exists on the remote web server. Some versions of this script 


Solution: Apply vendor patches 



CVE-2000-0401 

PDGSoft Shopping Cart changepw.exe Remote Overflow 


Description: The executable changepw.exe exists on the remote web server. Some versions of this script 


Solution: Apply vendor patches 

counter.exe Detection 

CVE-2000-0401 


RISK: 

MEDIUM 


Description: The executable counter.exe appears to exist on the remote web server. This may be part of 

an old package simply called "Counter.exe", or part of the Behold! Software Web Page 

Counter package. Some versions of this script are vulnerable to remote exploits. 


CVE-1999-1031 

WebLogic FileServlet Source Code Disclosure 


RISK: 

MEDIUM 


Description: By inserting a /ConsoleHelp/ into a URL, critical source code files may be viewed. 

Solution: Upgrade to versions recommended by the vendor. 

CVE-2000-0682 

CSNews.cgi Arbitrary File Access 


Description: The CSNews.cgi seems to exist on this web server. Some versions of this file are 



CVE-2002-0923 

NetWin CWMail.exe < 2.8a Remote Overflow 




RISK: 

MEDIUM 


Description: The executable CWMail.exe exists on this web server. Some versions of this file are 


Solution: Upgrade to version 2.8a or higher. 

CVE-2002-0273 

Excite for Web Servers (EWS) AT-admin.cgi Remote Password Disclosure 


Description: The AT-admin.cgi file exists on this web server. This CGI is part of the Excite for Web 

Servers (EWS) package. Some versions of this file may allow a local attacker to gain 

access to the Architext.conf file, allowing privilege escalation. 

Solution: Upgrade or patch according to vendor recommendations. 

CVE-1999-1072 

CSMailto.cgi Multiple Vulnerabilities 


Description: The CSMailto.cgi file exists on this web server. Some versions of this file are vulnerable to 

multiple remote issues. 


CVE-2002-0749 

UltraBoard UltraBoard.cgi Arbitrary File Access 


Description: The UltraBoard.cgi file exists on this web server. This CGI can be used to access arbitrary 

files on the server. 


CVE-2000-0332 

UltraBoard UltraBoard.pl Arbitrary File Access 



Description: The UltraBoard.pl file exists on this web server. This CGI can be used to access arbitrary 

files on the server. 



CVE-2000-0332 

YaBB YaBB.cgi num Parameter XSS 


Description: The YaBB.cgi file exists on this web server. Some versions of the YaBB installation are 

vulnerable to a cross-site scripting vulnerability. 


CVE-2002-0955 

Drummond Miles A1Statistics a1disp4.cgi Traversal Arbitrary File Read 


Description: The Drummond Miles A1Statistics a1disp4.cgi file exists on this web server. Some 

versions of this file are vulnerable to a remote traversal attack that allows read access to 

arbitrary files. 


CVE-2001-0561 

Cobalt RAQ alert.cgi XSS 


Description: The alert.cgi file exists on this web server. Some versions of this file are vulnerable to a 

cross-site scripting exploit. 


CVE-2002-0346 

Aplio Internet Phone authenticate.cgi Arbitrary Command Execution 


Description: The authenticate.cgi script exists on this web server. Some versions of this file may allow a 

remote attacker to execute arbitrary commands on the host with the same privileges as the 

web server. 

Solution: Update or patch according to vendor recommendations. 

CVE-2000-0923 


Extropia WebBBS bbs_forum.cgi Remote Command Execution 



Description: The bbs_forum.cgi script exists on this web server. Some versions of this file may allow a 

remote attacker to execute arbitrary commands with the same privileges as the web server. 


CVE-2001-0123 

BNBForm bnbform.cgi Automessage Arbitrary File Retrieval 


Description: The bnbform.cgi script exists on this web server. Some versions of this file may 

allow an attacker to access arbitrary files on the server. 


CVE-1999-0937 

bsguest.cgi Guestbook Email Address Variable Arbitrary Command Execution 


Description: The bsguest.cgi script exists on this web server. Some versions of this file may allow a 



CVE-2001-0099 

bslist.cgi Email Address Variable Arbitrary Command Execution 


Description: The bslist.cgi script exists on this web server. Some versions of this file may allow a 



CVE-2001-0100 


Aktivate Shopping System catgy.cgi desc Parameter XSS 


Description: The catgy.cgi script exists on this web server. Some versions of this file are vulnerable to a 

cross-site scripting vulnerability. 



CVE-2001-1212 

cgforum.cgi Multiple Vulnerabilities 


Description: The cgforum.cgi script exists on this web server. Some versions of this file are vulnerable 

to a remote exploit. 


CVE-2002-1334 

classifieds.cgi Multiple Vulnerabilities 


Description: The classifieds.cgi script exists on this web server. Some versions of this file are vulnerable 

to remote exploits such as arbitrary command execution, arbitrary file overwrite, and 

arbitrary file access. 


CVE-2002-1600 

csPassword.cgi Multiple Vulnerabilities 


Description: The csPassword.cgi script exists on this web server. Some versions of this file are 



CVE-2002-1334 

cvsview2.cgi Multiple Vulnerabilities 


Description: The cvsview2.cgi script exists on this web server. Some versions of this file are vulnerable 



CVE-2003-0153 

cvslog.cgi Multiple Vulnerabilities 




Description: The cvslog.cgi script exists on this web server. Some versions of this file are vulnerable to 

a remote exploit. 


CVE-2002-0955 

multidiff.cgi Multiple Vulnerabilities 


Description: The multidiff.cgi script exists on this web server. Some versions of this file are vulnerable 



CVE-2003-0153 

dnewsweb.cgi Multiple Vulnerabilities 


Description: The dnewsweb.cgi script exists on this web server. Some versions of this file are vulnerable 



CVE-2002-1334 

download.cgi Multiple Vulnerabilities 


Description: The download.cgi script exists on this web server. Some versions of this file are vulnerable 



CVE-2002-1334 

edit_action.cgi Multiple Vulnerabilities 


Description: The edit_action.cgi script exists on this web server. Some versions of this file are 



CVE-2002-1334 



emumail.cgi Multiple Vulnerabilities 


Description: The emumail.cgi script exists on this web server. Some versions of this file are vulnerable 



CVE-2002-1334 

everythingform.cgi Multiple Vulnerabilities 


Description: The everythingform.cgi script exists on this web server. Some versions of this file are 



CVE-2002-1334 

ezadmin.cgi Multiple Vulnerabilities 


Description: The ezadmin.cgi script exists on this web server. Some versions of this file are vulnerable 



CVE-2002-1334 

ezboard.cgi Multiple Vulnerabilities 


Description: The ezboard.cgi script exists on this web server. Some versions of this file are vulnerable to 



CVE-2002-1334 

ezman.cgi Multiple Vulnerabilities 



Description: The ezman.cgi script exists on this web server. Some versions of this file are vulnerable to 




CVE-2002-0955 

ezadmin.cgi Multiple Vulnerabilities 


Description: The ezadmin.cgi script exists on this web server. Some versions of this file are vulnerable 



CVE-2002-0955 

FileSeek.cgi Multiple Vulnerabilities 


Description: The FileSeek.cgi script exists on this web server. Some versions of this file are vulnerable 



CVE-2002-1334 

fom.cgi Multiple Vulnerabilities 


Description: The fom.cgi script exists on this web server. Some versions of this file are vulnerable to a 

remote exploit. 


CVE-2001-0561 

gbook.cgi Multiple Vulnerabilities 


Description: The gbook.cgi script exists on this webserver. Some versions of this file are vulnerable to a 



CVE-2002-1334 

getdoc.cgi Multiple Vulnerabilities 




Description: The getdoc.cgi scripts exists on this web server. Some versions of this file are vulnerable to 



CVE-2001-0561 

global.cgi Multiple Vulnerabilities 


Description: The global.cgi scripts exists on this webserver. Some versions of this file are vulnerable to 



CVE-2001-0561 

guestserver.cgi Multiple Vulnerabilities 


Description: The guestserver.cgi script exists on this web server. Some versions of this file are 



CVE-2001-0561 

imageFolio.cgi Multiple Vulnerabilities 


Description: The imageFolio.cgi script exists on this web server. Some versions of this file are 



CVE-2002-0955 

lastlines.cgi Multiple Vulnerabilities 


Description: The lastlines.cgi script exists on this web server. Some versions of this file are vulnerable to 



CVE-2001-0561 



mailfile.cgi Multiple Vulnerabilities 


Description: The mailfile.cgi status exists on this web server. Some versions of this file are vulnerable to 



CVE-2002-1334 

mailview.cgi Multiple Vulnerabilities 


Description: The mailview.cgi script exists on this web server. Some versions of this file are vulnerable 



CVE-2002-0955 

sendmessage.cgi Multiple Vulnerabilities 


Description: The sendmessage.cgi script exists on this web server. Some versions of this file are 



CVE-2002-0955 

nsManager.cgi Multiple Vulnerabilities 


Description: The nsManager.cgi script exists on this web server. Some versions of this file are 



CVE-2002-0955 

perlshop.cgi Multiple Vulnerabilities 



Description: The perlshop.cgi script exists on this web server. Some versions of this file are vulnerable 




CVE-2002-0955 

readmail.cgi Multiple Vulnerabilities 


Description: The readmail.cgi script exists on this web server. Some versions of this file are vulnerable 



CVE-2002-0955 

printmail.cgi Multiple Vulnerabilities 


Description: The printmail.cgi script exists on this web server. Some versions of this file are vulnerable 



CVE-2001-0561 

register.cgi Multiple Vulnerabilities 


Description: The register.cgi script exists on this web server. Some versions of this file are vulnerable to 



CVE-2002-0955 

sendform.cgi Multiple Vulnerabilities 


Description: The sendform.cgi script exists on this web server. Some versions of this file are vulnerable 



CVE-2002-0955 

sendmessage.cgi Multiple Vulnerabilities 




Description: The sendmessage.cgi script exists on this web server. Some versions of this file are 



CVE-2002-1334 

service.cgi Multiple Vulnerabilities 


Description: The service.cgi script exists on this web server. Some versions of this file are vulnerable to 



CVE-2002-0955 

setpasswd.cgi Multiple Vulnerabilities 


Description: The setpasswd.cgi script exists on this web server. Some versions of this file are vulnerable 



CVE-2002-0955 

simplestmail.cgi Multiple Vulnerabilities 


Description: The simplestmail.cgi script exists on this web server. Some versions of this file are 



CVE-2002-1334 

simplestguest.cgi Multiple Vulnerabilities 


Description: The simplestguest.cgi script exists on this web server. Some versions of this file are 



CVE-2002-1334 



talkback.cgi Multiple Vulnerabilities 


Description: The talkback.cgi script exists on this web server. Some versions of this file are vulnerable 



CVE-2002-0955 

ttawebtop.cgi Multiple Vulnerabilities 


Description: The ttawebtop.cgi script exists on this web server. Some versions of this file are vulnerable 



CVE-2002-1334 

ws_mail.cgi Multiple Vulnerabilities 


Description: The ws_mail.cgi script exists on this web server. Some versions of this file are vulnerable 



CVE-2002-0955 

ddicgi.exe Multiple Vulnerabilities 


Description: The ddicgi.exe script exists on this web server. Some versions of this file are vulnerable to 



CVE-2000-0828 

Microsoft FrontPage Extensions Detection 



Description: The remote web server appears to be running FrontPage extensions. Check the server 

configuration since multiple security issues have been found with FrontPage when the 

configuration file is not configured correctly. 


Solution: If not required, disable FrontPage extensions. Otherwise, disable anonymous access to the 

resource. 

CVE-2000-0114 





server is not configured correctly. 


resource. 

CVE-2000-0114 





server is not configured correctly. 


resource. 

CVE-2000-0114 

Microsoft IIS FrontPage Visual Studio RAD Support fp30reg.dll Overflow 


Description: Microsoft IIS, running FrontPage extensions with Visual Studio RAD support, is 

vulnerable to a remote code execution. 

Solution: See http://www.microsoft.com/technet/security/bulletin/MS01-035.asp for a patch 

CVE-2001-0341 

Hosting Controller Multiple Script Arbitrary Directory Browsing 



RISK: 

MEDIUM 


Description: The Hosting Controller application resides on this server. This version is vulnerable to 

multiple remote exploits. See 

http://archives.neohapsis.com/archives/bugtraq/2002-01/0039.html for more information 



CVE-2002-0466 







CVE-2001-0938 



RISK: 

MEDIUM 






CVE-2002-0466 







CVE-2001-0938 




RISK: 

MEDIUM 







CVE-2002-0466 







CVE-2001-0938 



RISK: 

MEDIUM 






CVE-2002-0466 







CVE-2001-0938 



RISK: 

MEDIUM 








CVE-2002-0466 







CVE-2001-0938 

Microsoft IIS bdir.htr Directory Listing 


RISK: 

MEDIUM 


Description: The file bdir.htr is a default IIS file which can give a malicious user information about your 

file system. 

Solution: Obtain patch from Microsoft. If not required, delete the file. 


Microsoft IIS 5.0 PROPFIND Remote DoS 


RISK: 

MEDIUM 


Description: The remote IIS web server has PROPFIND enabled. There is at least one exploit which 

utilizes the PROPFIND vector in order to compromise IIS web servers. 

Solution: Use URLSCAN to disable PROPFIND requests. In addition, ensure that your system has 

installed all relevant IIS patches. 

CVE-2001-0151 

Microsoft IIS viewcode.asp Arbitrary File Access 



RISK: 

MEDIUM 


Description: The file viewcode.asp is a default IIS file which can give a malicious user a information 

about your file system or source files. Specifically, viewcode.asp can allow a remote user to 

potentially read any file on a web server's hard drive. 

Solution: Delete the file if not needed, or use suitable access control lists to ensure that the file is not 

world-readable. 


CVE-1999-0737 



RISK: 

MEDIUM 


Description: The file viewcode.asp is a default IIS file which can give a malicious user information 

about your file system or source files. Specifically, viewcode.asp can allow a remote user to 


Solution: Delete the file if not needed or use suitable access control lists to ensure that the file is not 

world readable. 

CVE-1999-0737 



RISK: 

MEDIUM 


Description: The file viewcode.asp is a default IIS file that can give a malicious user information about 

your file system or source files. Specifically, viewcode.asp can allow a remote user to 




CVE-1999-0737 



RISK: 

MEDIUM 







CVE-1999-0737 




RISK: 

MEDIUM 








CVE-1999-0737 



RISK: 

MEDIUM 





Solution: Delete the file if not needed or use suitable access control lists to ensure that the files are 

not world readable. 

CVE-1999-0737 



RISK: 

MEDIUM 


Description: The file viewcode.asp is a default IIS files that can give a malicious user information about 



Solution: Delete the file if not needed or use suitable access control lists to ensure that the files are 

not accessible without credentials. 

CVE-1999-0737 

ION ion-p.exe Traversal File Access 


RISK: 

MEDIUM 


Description: The ion-p.exe file exists on this web server. Some versions of this file are vulnerable to 



CVE-2002-1559 


Netdynamics ndcgi.exe Previous User Session Replay 



Description: The Netdynamics ndcgi.exe CGI exists on this web server. Some versions of this file are 

vulnerable to remote session replay exploit. 


CVE-2001-0922 

TrendMicro eManager Detection 


RISK: 

MEDIUM 


Description: TrendMicro's eManager software resides on this server. Some versions of this software 

have DLL files that are vulnerable to remote overflows. 


CVE-2001-0958 

AspUpload Multiple Script File Upload / Directory Traversal 


Description: The AspUpload software resides on this server. Some versions of this software are 

vulnerable to remote exploit. 


CVE-2001-0938 

Lucent VitalNet VsSetCookie.exe Direct Request Authentication Bypass 


Description: The VsSetCookie.exe exists on this web server. Some versions of this file are vulnerable to 

a remote authentication bypass vulnerability. 

Solution: Patch or upgrade according to vendor recommendations. 

CVE-2002-0236 

Netwin WebNews Webnews.exe Remote Overflow 



RISK: 

MEDIUM 


Description: Webnews.exe exists on this web server. Some versions of this file are vulnerable to a 

remote overflow vulnerability. 



CVE-2002-0290 

Microsoft IIS Patch Level Detection (English versions only) 


RISK: 

MEDIUM 

Description: The remote IIS server appears to be running - IIS 4 ServicePack 0. 

Solution: Ensure that you are running the latest version of IIS. 




RISK: 

MEDIUM 


NESSUS ID: 

Description: The remote IIS server appears to be running - IIS 4.0 ServicePack 6. 





RISK: 

MEDIUM 

Description: The remote IIS server appears to be running - IIS 5.0 ServicePack 0 or 1. 





RISK: 

MEDIUM 



Description: The remote IIS server appears to be running - IIS 5.0 ServicePack 2 or SP2srp1. 





PVS ID: 1721 FAMILY: Web Servers NESSUS ID:Not Available 


RISK: 

MEDIUM 






RISK: 

MEDIUM 




Apache Web Server Detection 



Description: The remote host is running an Apache web server. 

Solution: N/A 


Microsoft Web Server Detection 


Description: The remote host is running a Microsoft IIS web server. 

Solution: N/A 


Kerio Mailserver Embedded HTTP Server Multiple Unspecified Vulnerabilities 



RISK: 

MEDIUM 


Description: The remote host is running a vulnerable version of Kerio MailServer. Kerio MailServer is a 

mail server designed for use with Microsoft Windows, Linux and Unix operating systems. 

Kerio MailServer versions prior to 6.0.1 are reported to have multiple unspecified 

vulnerabilities. 

Solution: Upgrade to Kerio MailServer 6.0.1 or higher 



CuteNews show_archives.php XSS 


Description: The remote host is running CuteNews, a news management system implemented in PHP. It 

is reported that this version of CuteNews is affected by a cross-site scripting (XSS) 

vulnerability. This issue is due to a failure of the application to properly sanitize 

user-supplied URI input. An attacker may execute malicious code in a victim's browser and 

steal credentials on this site. 



QuiXplorer < 2.3.1 item Parameter Directory Traversal File Access 


Description: The remote host may be running a vulnerable version of QuiXplorer, a Web based 

application implemented in PHP that allows users to browse files and directories on a Web 

server. QuiXplorer versions up to 2.3 are prone to a directory traversal vulnerability. An 

attacker may access arbitrary files on a vulnerable computer in the context of the affected 

server. 

Solution: Upgrade QuiXplorer to version 2.3.1 or higher. 


AWStats Rawlog Plugin Logfile Parameter Arbitrary Command Execution 


Description: The remote host is running AWStats, a CGI log analyzer that generates statistic reports 

based on HTTP, SMTP or FTP logs. AWStats Rawlog Plugin is reported prone to an input 

validation vulnerability. A remote attacker may supply shell metacharacters and commands 

as a value for the 'logfile' URI parameter. These commands and metacharacters will be 

processed by the underlying shell, resulting in the execution of commands in the context of 

the hosting web server. 



phpBB < 2.0 Multiple Vulnerabilities 





injection attack.\n\nThe remote host is running an old version of phpBB, a bulletin board 

application implemented in PHP. It is reported that phpBB versions prior 2.0 are vulnerable 

to multiple security issues including SQL injection, arbitrary command execution, database 

corruption and denial of service. 

Solution: Upgrade to phpBB 2.0 or higher. 

CVE-2002-0533 

WackoWiki < R4.0 TextSearch XSS 


RISK: 

MEDIUM 



remote host is running a vulnerable WackoWiki, a lightweight Wiki-clone implemented in 

PHP. It is reported that WackoWiki R3.5 is susceptible to a cross-site scripting 

vulnerability in its textsearch form. This may allow for theft of cookie-based authentication 

credentials or other attacks. 

Solution: Upgrate to WackoWiki R4.0 or higher. 

CVE-2004-2624 

PScript PForum < 1.26 User Profile XSS 


RISK: 

MEDIUM 


Description: The remote host is running a vulnerable version of PForum, a web forum software 

implemented in PHP. It is reported that versions prior 1.26 are vulnerable to cross-site 

scripting (XSS). An attacker may include malicious HTML in the 'AIM ID' and 'IRC 

Server' fields of his profile. This malicious code may be rendered by a victim's browser 

displaying the attacker profile. It may permit the attacker to steal cookie-based 

authentication credentials or to exploit latent security flaws in web browsers. 

Solution: Upgrade to PScript PForum 1.26 or higher. 

CVE-2004-1716 

Powie PHP Forum < 1.15 Multiple Vulnerabilities 




injection attack.\n\nThe remote host is running an old version of Powie PHP Forum, a web 

forum software implemented in PHP. It is reported that version prior 1.15 are vulnerable to 

multiple security issue including cross-site scripting and SQL injection. An attacker may 

gain access on the forum as a specific user or as an administrator or steal a victim's 

cookie-based authentication credentials using malicious HTML code. 


Solution: Upgrade to Powie PHP Forum 1.15 or higher. 

CVE-2002-0319 

Sympa < 4.1.2 List Creation Authentication Bypass 


RISK: 

MEDIUM 


Description: The remote host is running wwsympa.fcgi, a web interface for the Sympa mailing list 

manager. It is reported that this version of Sympa may permit an attacker to bypass the list 

master authentication in order to create unauthorized mailing list. 


HTTP Proxy Detection 


PVS ID: 1734 FAMILY: Web Clients RISK: NONE NESSUS ID:Not Available 

Description: The remote host is a proxy server. PVS has determined this due to the manner of header 

values: \n%L 

Solution: N/A 

Web Client Detection 



Description: The remote host is using the following web client : \n %L 

Solution: N/A 


Lynx Command Line URL CRLF Injection 


Description: The remote host is using Lynx as a web browser. The version used is vulnerable to a 

command line header injection which may allow an attacker to use Lynx to send potentially 

harmful requests. An attacker may use this flaw to attack third party hosts even from a 

limited (ie: lynx-only) environment. The version used on the remote host is : \n%L 




CVE-2002-1405 

Lynx < 2.8.5 dev 6 Syslog URI Format String 


Description: The remote host is using Lynx as a web browser. The version used is vulnerable to a format 

string vulnerability (present only when the syslog() is activated for URIs). An attacker may 

use this flaw by setting up a rogue web server with a malformed URI that contains a format 

string. The attacker would then be able to execute commands with the privileges of the 

user. The version used on the remote host is : \n %L 

Solution: Upgrade to Lynx 2.8.5 dev 6 or higher. 


Lynx < 2.8.3pre5 Long URL Buffer Overflow 


Description: The remote host is using Lynx as a web browser. The version used is vulnerable to several 

buffer overflow conditions which may allow an attacker to execute arbitrary code on this 

host by setting up a rogue web server and have a user of this host visit it. The version used 

on the remote host is : \n %L 

Solution: Upgrade to Lynx 2.8.3pre5 or higher. 

CVE-2000-0209 

Lynx Internal URL Verification Code Execution 


Description: The remote host is using Lynx as a web browser. The version used is vulnerable to a bug 

which may allow a rogue web site to be considered as a local page. An attacker may 

eventually use this flaw to execute arbitrary code on this host, with the privileges of the 

user running lynx. The version used on the remote host is : \n %L 


CVE-1999-1549 

Lynx < 2.8.1dev 10 Mailer Buffer Overflow 



Description: There is a buffer overflow in Lynx's mailer which may allow an attacker to execute 

arbitrary code on this host, provided he can lure a lynx user to visit a rogue website and 

click on a relevant link. The version used on the remote host is : \n %L 

Solution: Upgrade to version 2.8.1dev 10 or higher. 



Konqueror < 3.1.x Sub-Frames XSS 


Description: The remote host is using KDE Konqueror as a web client. There is a bug in the version 

used which may allow a rogue web server to execute JavaScript code in the context of a 

trusted domain. It was determined that this host is using : \n %L 

Solution: Upgrade to Konqueror 3.1.x or higher. 

CVE-2002-1151 

Konqueror < 3.0.3 Image Handling Overflow DoS 


RISK: 

MEDIUM 


Description: The remote host is using KDE Konqueror as a web browser. There is a vulnerability in this 

version which may allow a rogue site to crash this browser by specifying too large of a 

width for the images it displays. It was determined that this host is using : \n %L 

Solution: Upgrade to Konqueror 3.0.3 or higher. 

CVE-2002-2333 

Wget < 1.5.4 Symlink Permission Modification 


RISK: 

MEDIUM 


Description: The remote host is using a version of wget that contains a bug that may make it chmod 

downloaded symlinks when the option -N is used. An attacker may use this flaw by setting 

up a rogue FTP server with a symlink pointing to sensitive files. It was determined that the 

remote host is using : \n%L 

Solution: Upgrade to Wget 1.5.4 or higher. 


Wget < 1.8.3 Rogue FTP Site File Deletion 


Description: The remote host is using a version of wget that contains a bug that may allow a rogue FTP 

site being mirrored to delete arbitrary files on this host. It was determined that the remote 

host is using : \n%L 




CVE-2002-1565 

Curl < 7.4.1 Long Error Message Buffer Overflow 


Description: The remote host is using a version of curl (or libcurl) which is vulnerable to a remote buffer 

overflow. To exploit it, an attacker would have to set up a rogue web server which would 

reply with maliciously-formed error messages. It was determined the remote host is using : 

\n%L 

Solution: Upgrade to curl 7.4.1 or higher. 

CVE-2000-0973 

Mozilla < 0.9 Predictable Temporary File Name File Deletion 


Description: The remote host is using a version of the Mozilla web browser that uses predictable 

temporary file names. A local attacker may use this flaw to delete arbitrary files on this 

host. It was determined the remote host is using : \n%L 

Solution: Upgrade to Mozilla 0.9 or higher. 


Mozilla < 0.9.7 Null Byte Cookie Disclosure 


Description: The remote host is using a version of the Mozilla web browser that may allow an attacker 

to steal the cookies of the users because of the way Mozilla handles null characters in its 

URLs. It was determined the remote host is running : \n%L 

Solution: Upgrade to Mozilla 0.9.7 or higher. 

CVE-2002-2013 

Mozilla < 1.0rc2 Local File Detection 


Description: The remote host is using a version of the Mozilla web browser that may allow a rogue web 

server to determine the existence of files on the side of the client. 

Solution: Upgrade to Mozilla 1.0rc2 or higher. 

CVE-2002-0594 



Netscape < 6.2.3 Local File Detection 


Description: The remote host is using a version of the Netscape web browser that may allow a rogue 

web server to determine the existence of files on the side of the client. 

Solution: Upgrade to Netscape 6.2.3 or higher. 

CVE-2002-1126 

Galeon < 1.2.2 Local File Detection 


Description: The remote host is using a version of the Galeon web browser that may allow a rogue web 

server to determine the existence of files on the side of the client. 

Solution: Upgrade to Galeon 1.2.2 or higher. 

CVE-2002-0594 

Mozilla < 1.0rc2 IRC Client Buffer Overflow 


RISK: 

MEDIUM 


Description: The remote host is using the Mozilla web browser, which contains a built-in IRC client. 

There is a flaw in this version that may allow an attacker to execute arbitrary code on this 

host, provided the user uses it to go on IRC. 


CVE-2002-0593 

Netscape < 6.2.3 IRC Client Buffer Overflow 


RISK: 

MEDIUM 


Description: The remote host is using the Netscape web browser, which contains a built-in IRC client. 

There is a flaw in this version that may allow an attacker to execute arbitrary code on this 

host, provided the user uses it to go on IRC. 


CVE-2002-0593 


Mozilla < 1.0rc2 XMLHttpRequest File / Directory Disclosure 

PVS ID: 1753 FAMILY: Web Clients NESSUS ID:Not Available 


RISK: 

MEDIUM 

Description: The remote host is using the Mozilla web browser. This version contains a flaw that may 

allow a rogue web server to determine the presence of a file or even the listing of 

directories to be sent back to a rogue web server. 


CVE-2002-0354 

Galeon < 1.2.2 XMLHttpRequest File / Directory Disclosure 


RISK: 

MEDIUM 


Description: The remote host is using the Galeon web browser. This version contains a flaw that may 




CVE-2002-0354 

Netscape < 6.2.3 XMLHttpRequest File / Directory Disclosure 


RISK: 

MEDIUM 


Description: The remote host is using the Netscape web browser. This version contains a flaw that may 




CVE-2002-0354 

Mozilla < 1.0.1 XMLSerializer Cross-domain Policy Access 


RISK: 

MEDIUM 


Description: The remote host is using the Mozilla web browser. The version used (%L) contains a flaw 

that may allow an attacker to set up a rogue web server which will gain access to the 

properties of other domains displayed in a frame or iframe. 

Solution: Upgrade to Mozilla 1.0.1, 1.1 or higher. 



Galeon < 1.2.7 XMLSerializer Cross-domain Policy Access 



RISK: 

MEDIUM 


Description: The remote host is using the Galeon web browser. The version used (%L) contains a flaw 

that may allow an attacker to set up a rogue web server which will gain access to the 

properties of other domains displayed in a frame or iframe. 



Mozilla < 1.1 POP3 Client Malformed Email DoS 


RISK: 

MEDIUM 


Description: The remote host is using the Mozilla web browser, which has the ability to act as a mail 

client. A vulnerability exists in the remote version (%L) which may allow an attacker to 

send a malformed email which will make Mozilla crash each time it attempts to fetch it by 

POP3. 

Solution: Upgrade to Mozilla 1.1 or higher. 

CVE-2002-2338 

Netscape < 4.78 POP3 Client Malformed Email DoS 


RISK: 

MEDIUM 


Description: The remote host is using the Netscape web browser, which has the ability to act as a mail 

client. A vulnerability exists in the remote version (%L) that may allow an attacker to send 

a malformed email which will make Netscape crash each time it attempts to fetch it by 

POP3. 

Solution: Upgrade to Netscape 4.78 or higher. 

CVE-2002-2338 

Netscape < 6.2.3 POP3 Client Malformed Email DoS 


RISK: 

MEDIUM 


Description: The remote host is using the Netscape web browser, which has the ability to act as a mail 

client. A vulnerability exists in the remote version (%L) that may allow an attacker to send 

a malformed email that will make Netscape crash each time it attempts to fetch it by POP3. 




CVE-2002-2338 

Mozilla < 1.0.1 Plugin Path Disclosure 


Description: The remote host is using a version of Mozilla which is vulnerable to a path disclosure issue 

which may allow a rogue web server to retrieve the full path to the remote plugins. 



Web Server JavaScript File (.js) Copyright Information 


Description: The remote web server was observed responding to a web request with JavaScript code 

which consisted of a the following copyright information. If this JavaScript is part of an 

open source or third party project, you will need to ensure that your SDL covers this code 

as well as all code written 'in house'. The observed copyright information was: \n %L 

\n\nThe script code is located at: \n%P 

Solution: Ensure that there is code coverage within the corporate SDL. 


Opera < 7.11 Filename Extension Handling Overflow 

PVS ID: 1763 FAMILY: Web Clients RISK: HIGH NESSUS ID:11578 

Description: The remote host is using Opera as a web browser. The version installed has a buffer 

overflow in the portion of its code that handles the filename extensions of the web pages. 

An attacker may execute arbitrary code on this host by setting up a rogue web server which 

bogus file extensions containing a shell code. 


CVE-2003-1396 

Opera < 7.0.3 Multiple Vulnerabilities 


Description: The remote host is using Opera. The version installed is vulnerable to various security 

flaws, ranging from cross-site scripting to buffer overflows. To exploit them, an attacker 

would need to set up a rogue web site, then lure a user of this host visit it using Opera. An 

attacker would then be able to execute arbitrary code on this host. 

Solution: Install Opera 7.0.3 or higher. 



CVE-2003-1397 

MailMax/Web Remote Installation Path Disclosure 


Description: MailMax/WEB software sets a cookie that contains the full installation path of the 

software. A remote user with the ability to sniff the network between a user and the target 

server can determine the installation path. 



DeskNow Web Mail Cleartext Authentication 


Description: DeskNow Web Mail login requires the username and password to be sent over the 

network without encryption. A remote user with access to the target user's or target 

server's traffic stream can view passwords. 

Solution: Use SSL to protect your login information. 

MPlayer Detection 



Description: The remote host is using MPlayer. MPlayer is a software which can be used to watch 

movies either locally or across the Internet. 

Solution: Ensure that use of the software reflects the company policy. 


MPlayer < 0.92.0 ASX Header Parsing Buffer Overflow 


Description: The remote host is using a version of MPlayer which is vulnerable to a buffer overflow. If 

MPlayer connects to a rogue web server, the server may send a malicious reply which will 

be executed on this host.\nTo exploit this vulnerability, an attacker would have to lure the 

user of this system to visit his website with MPlayer. The attacker then would need to have 

the web site send malformed replies to this host. 

Solution: Upgrade to MPlayer 0.92.0 or higher. 

CVE-2003-0835 



Mozilla Web Client Detection 


Description: The remote host is using a Mozilla web client. 

Solution: N/A 


Mozilla < 1.7.1 SSL Redirect Spoofing 


RISK: 

MEDIUM 


Description: The remote host is using a version of Mozilla that is vulnerable to a SSL redirect spoofing 

issue which may allow a rogue web server to impersonate a legitimate SSL-enabled web 

site. 


CVE-2004-0761 

Mozilla Browser < 1.7.2 Non-FQDN SSL Certificate Spoofing 


RISK: 

MEDIUM 


Description: The remote host is using a version of Mozilla that is vulnerable to a SSL spoofing issue that 

may allow a rogue web server to spoof a trusted certificate from a third party web site using 

non-fully qualified domain name. 


CVE-2004-0761 

Mozilla < 1.7.1 Cross-Domain Frame Loading Vulnerability 


RISK: 

MEDIUM 


Description: The remote host is using a version of Mozilla that is vulnerable to cross-domain frame 

loading. It may allow an attacker to spoof the interface of a trusted web site. To exploit this 

vulnerability a victim will need to visit a web site operated by an attacker. 


CVE-2004-0718 


Mozilla Browser


RISK: 

MEDIUM 


Description: The remote host is using a version of Mozilla or Mozilla Thunderbird that is vulnerable to a 

heap overflow vulnerability. A heap overflow has been reported for the Mozilla POP3 mail 

handler routines. An attacker controlled POP3 server may be able to execute arbitrary code 

on the client machine. 

Solution: Upgrade to Mozilla 1.7.1 / Thunderbird 0.7.1 or higher. 

CVE-2004-0757 

Opera < 7.54.0 Remote Location Object XSS 


RISK: 

MEDIUM 



remote host is using Opera, which is affected by a remote location object cross-domain 

scripting issue. An attacker may gain access to directory contents, files and email messages 

that are read using Opera's email utilities. 


CVE-2004-2570 

Mozilla XML User Interface Language Browser Interface Spoofing 


RISK: 

MEDIUM 


Description: The remote host is using a version of Mozilla that is vulnerable to multiple user interface 

spoofing issues that may allow a rogue web server to mimic the interface of a trusted web 

site and prompt users to submit sensitive or private information. 

Solution: Upgrade to the newest version. 

CVE-2004-0763 

Pavuk < 0.928r3 Digest Authentication Remote Overflow 


Description: The remote host is using a version of Pavuk, a web spider, that is vulnerable to an 

authentication buffer overflow. An attacker can construct a malicious website that is 

designed to trigger the vulnerability and run arbitrary code on the client machine. 

Solution: Upgrade to 0.928r3 or higher. 

CVE-2004-1437 



RealNetwork RealPlayer Unspecified Remote Vulnerability 


Description: The remote host is running a vulnerable version of RealPlayer. An attacker may execute 

arbitrary code on a computer running the player. 


CVE-2004-1437 

Neon < 0.23.8 Status Response Control Character Inclusion Vulnerability 


RISK: 

MEDIUM 


Description: The remote host is using software based on a vulnerable version of the Neon Library, an 

open-source HTTP and WebDAV client library. Applications that use this version of the 

Neon library may disclose sensitive information to an attacker. 

Solution: Upgrade to Neon library 0.23.8 or higher. 


Neon < 0.24.5 WebDAV Client Library Format String Vulnerabilities 


Description: The remote host is using software based on a vulnerable version of the Neon Library, an 

open-source HTTP and WebDAV client library. An attacker running a malicious WebDAV 

server may execute arbitrary code on the host. 


CVE-2004-0179 

Neon < 0.24.6 WebDAV Client Library ne_rfc1036_parse Function Heap Overflow 



using software based on a vulnerable version of the Neon Library, an open-source HTTP 

and WebDAV client library. Depending of the application using the library, an attacker 

running a malicious WebDAV server may execute arbitrary code on the host or create a 

denial of service. 


CVE-2004-0398 


Neon < 0.24.7 WebDAV Client Library Unspecified Vulnerability 



Description: Synopsis :\n\nThe remote host is missing a critical security patch or upgrade.\n\nThe 

remote host is using software based on a vulnerable version of the Neon Library, an 

open-source HTTP and WebDAV client library. It is reported that versions prior 0.24.7 

contains an unspecified vulnerability. Due to the nature of the library, it is likely that this is 

a remotely exploitable vulnerability. 



Opera < 7.54u1 Web Browser Resource Detection Weakness 



sensitive files or data.\n\nThe remote host is using Opera, which is affected by a security 

weakness which may permit an attacker to determine the existence of a resources on the 

vulnerable computer. 

Solution: Install Opera 7.54u1 or higher. 

CVE-2004-1490 

ipop2d fold Command Arbitrary File Access 

PVS ID: 1783 FAMILY: POP Server 

RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a flaw that allows attackers to retrieve 

sensitive files or data.\n\nThe remote pop2 server allows the reading of arbitrary files for 

authenticated users, using the 'fold' command. 



qpopper < 3.0.1b2 EIUDL Arbitrary Command Execution 


RISK: 

MEDIUM 


Description: Synopsis :\n\nAn attacker can gain an unprivileged shell on the remote system.\n\nThe 

system is using qpopper 2.53 (or newer in the 2.5x series). There is a problem in this server 

that allows users who have a pop account to gain a shell with the gid 'mail' by sending to 

themselves a specially crafted mail. 

Solution: Upgrade to version 3.0.1b2 or higher. 



CVE-2000-0320 

qpopper < 4.0 PASS Command Remote Overflow 

PVS ID: 1785 FAMILY: POP Server RISK: HIGH NESSUS ID:10196 

Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nThere is a 

vulnerability in some versions of qpopper which allows a remote user to become root using 

a buffer overflow. 


CVE-1999-0006 

qpopper < 4.0.5fc2 Qvsnprintf Remote Overflow 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nThe remote qpopper 

server, according to its banner, is vulnerable to a one-byte overflow in the function 

Qvsnprintf(). An attacker may use this flaw to gain a (non-root) shell on this host, provided 

that the attacker has a valid POP account to log in with. 

Solution: Upgrade to version 4.0.5fc2 or higher. 

CVE-2003-0143 

ipop2d < 4.5 FOLD Command Remote Overflow 


Description: Synopsis :\n\nThe remote server allows attackers to gain an unprivileged shell.\n\nThere is 

a buffer overflow in the imap suite provided with Debian GNU/Linux 2.1 that has a 

vulnerability in its POP-2 daemon found in the ipopd package. This vulnerability allows an 

attacker to gain a shell as user 'nobody', but requires the attacker to have a valid pop2 

account. 


CVE-1999-0920 

Netscape Messenging Server User Account Enumeration 



RISK: 

MEDIUM 



attacks.\n\nThe remote POP server allows an attacker to obtain a list of valid logins on the 

remote host via a brute force attack. If the user connects to this port and issues the 

commands : USER 'someusername' PASS 'whatever' a different response will be generated 


if the account 'someusername' exists or not. 


CVE-2000-0960 

qpopper Options File Buffer Overflow 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nThe remote qpopper 

server, according to its banner, is running version 4.0.3 or version 4.0.4. These versions are 

vulnerable to a buffer overflow if they are configured to allow the processing of a user's 

~/.qpopper-options file. A local user can cause a buffer overflow by setting the bulldir 

variable to something longer than 256 characters. *** This test could not confirm the 

existence of the problem - it relied on the banner being returned. *** 

Solution: Upgrade to the latest version, or disable processing of user option files. 

ZetaMail Remote DoS 

CVE-2001-1046 



ZetaMail server will crash if a username/password pair longer than 3500 characters is 

supplied by the client. 


CVE-2002-0799 

Delegate Multiple Function Remote Overflows 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nDelegate is reportedly 

vulnerable to a stack-based buffer overflow that may allow for the execution of arbitrary 

code. The condition exists if the argument to the 'USER' command is of excessive length. 

Solution: Contact the vendor for a patch or upgrade. 

CVE-2002-0799 

Qualcomm Qpopper Remote Overflow DoS 




Description: The remote qpopper service may be vulnerable to a denial of service (DoS) attack. If a 

string of longer than approximately 2048 characters is sent to the qpopper process, a denial 

of service condition will occur. 


CVE-2002-0454 

Qualcomm Qpopper Remote Overflows 


Description: There are buffer overflow vulnerabilities present in 3.x versions of the Qualcomm popper 

daemon. These vulnerabilities are remotely executable and since the daemons run as root, 

the host running qpopper can be completely compromised anonymously. 


CVE-2002-1781 

Qualcomm Qpopper Username Remote Overflow 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nIn version 4, a buffer 

overflow was introduced into the qpopper source tree. This buffer overflow is related to the 

handling of the client-supplied username and is present when a POP3 session is being 

initiated. It is believed that the overflow occurs before authentication, so it may not be 

required that users have valid POP accounts. This vulnerability can lead to a compromise of 

root privileges to remote attackers. 


CVE-2001-1046 

Computalynx CMail POP3 Server DELE Function DoS 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a denial of service (DoS) attack.\n\nIt has 

been reported that a memory corruption vulnerability exists in CMail. The POP3 server 

included with CMAIL does not properly handle some types of requests. By submitting a 

maliciously crafted request to the POP3 server, an attacker could crash the system, resulting 

in a denial of service. 





Computalynx CMail < 2.4.10 HELO Command Overflow 

PVS ID: 1796 FAMILY: POP Server RISK: HIGH NESSUS ID:Not Available 

Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nA security 

vulnerability in CMail 2.4.9 allows remote attackers to overflow one of CMail's internal 

buffers causing it to crash. If shellcode is provided in the overflowing buffer it may be 

possible to execute arbitrary code. 

Solution: Upgrade to 2.4.10 or higher. 

CVE-2001-0742 

ALT-N MDaemon < 6.5.0 POP Server Overflow DoS 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a Denial of Service (DoS) attack.\n\nA 

buffer overflow vulnerability has been reported for MDaemon. The vulnerability is due to 

inadequate bounds checking one some POP server commands. An attacker can exploit this 

vulnerability by submitting a very large integer value to some commands on the POP 

server. This will cause the MDaemon service to crash when attempting to process the 

command. 

Solution: Upgrade to MDaemon 6.5.0 or higher. 

CVE-2002-1539 

Xtramail < 1.12 POP3 Overflow 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nThe remote Xtramail 

POP server is vulnerable to a buffer overflow when the user supplies a long password 

string. An attacker may use this flaw to execute arbitrary code on this host with the 

privileges of the Xtramail server (typically, SYSTEM). 


CVE-1999-1511 


Xtramail < 1.12 Control Server Overflow Denial of Service 



Control Server is vulnerable to a buffer overflow when a user supplies a too long argument 

to as its username. An attacker may use this flaw to disable this service remotely or to 

execute arbitrary code on this host, with the privileges of the Xtramail server (typically, 

SYSTEM). 


Solution: Upgrade to Xtramail version 1.12 or higher. 

CVE-1999-1511 

XMail < 0.59 APOP Overflow DoS 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nThe remote XMail 

POP server is vulnerable to a buffer overflow when it receives two long arguments for the 

APOP command. This problem may allow an attacker to disable this POP server remotely 

or even to execute arbitrary commands with its privileges (typically, root). 

Solution: Upgrade to XMail 0.59 or higher. 

CVE-2000-0841 

XMail < 2.4 (Build 0530) APOP Remote Format String 


Description: The remote host is running a version of Magic Winmail Server that is vulnerable to a 

format string flaw. An attacker may exploit this vulnerability by connection to the 

vulnerable mail server and issuing the USER command with malicious format string 

specifiers. This may result in the crashing of the remote host and/or execution of arbitrary 

code on the remote host. 

Solution: Upgrade to version 2.4 (Build 0530) or higher. 

POP Server Detection 

CVE-2003-0391 

PVS ID: 1802 FAMILY: POP Server RISK: LOW NESSUS ID:Not Available 

Description: The remote host is running the following POP server : %L 

Solution: N/A 

FTP Server Detection 



Description: A FTP server is running on this port. Its banner is :\n %L 

Solution: N/A 




FTP Server Detection (Port 21) 


Description: A FTP server is running on this port. Its banner is :\n %L 

Solution: N/A 


Eserv FTP Memory Leak DoS 



remote FTP server is running Eserv. There is a memory leak in this software which may be 

abused by an attacker to disable this service remotely. 



Novell FTP Malformed Input Remote DoS 


RISK: 

MEDIUM 


Description: The remote host is running a Novell FTP server. Older versions of this server can be 

disabled remotely by an attacker by sending a couple of NULL characters to the FTP 

administrative port. 

Solution: Upgrade to the latest version of Novell FTP Server. 


WU-FTPD < 2.6.0 "SITE NEWER" Command Memory Exhaustion DoS 


RISK: 

MEDIUM 



remote WU-FTPD server might be vulnerable to a resource exhaustion attack. To perform 

such an attack, one would have to log into this FTP server and issue bogus SITE NEWER 

commands. 

Solution: Upgrade to WU-FTPD 2.6.0 or higher. 

CVE-1999-0880 



WU-FTPD < 2.6.1 "SITE EXEC" Command Overflow 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nThe remote WU-FTP 

server is vulnerable to a flaw which may allow an attacker to execute arbitrary code with its 

privileges (typically root) by sending a malformed argument to the SITE EXEC command. 

Solution: Upgrade to wu-ftpd 2.6.1 or higher. 

CVE-1999-0997 

WU-FTPD < 2.6.2 PASV Command Format String Arbitrary Code Execution 


Description: The remote WU-FTPD server is vulnerable to a format string flaw when it is run in debug 

mode. An attacker may use this flaw to execute arbitrary code on this host by sending a 

PASV command with a specially crafted argument. 


CVE-2001-0187 

WU-FTPD < 2.4.3 Directory Structure Processing Overflow 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nThe remote 

WU-FTPD server is vulnerable to a buffer overflow bug when it processes directories 

structure names. An attacker may use this flaw by creating a huge directory structure with 

specially malformed names, and may be able to execute arbitrary commands on this host 

with the privileges of the FTP daemon (typically, root) 


CVE-1999-0950 

WU-FTPD < 2.6.1 Glob Command Overflow 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nThe remote WU-FTP 

server is vulnerable to a buffer overflow when it receives a malformed glob command. An 

attacker may use this flaw to execute arbitrary code on this host. 


CVE-2001-0935 


WS_FTP < 2.0.3 Multiple Command Long Argument Overflows 



Description: The remote WS_FTP server is vulnerable to various buffer overflows which may allow an 

attacker to execute arbitrary commands on this host. 

Solution: Upgrade to WS_FTP 2.0.3 or higher. 

CVE-2001-1021 

WFTP < 2.41 RNTO Command Handling DoS 


RISK: 

MEDIUM 



remote WFTP server crashes when it receives the command "RNTO x" right after the login. 

An attacker may use this flaw to prevent this host from publishing anything using FTP. 

Solution: Upgrade to WFTP 2.41 or higher. 

CVE-2000-0648 

VXWorks ftpd CEL Command Overflow DoS 



remote VXWorks host can be brought down entirely if a user issues a too long argument to 

the CEL ftp command. 

Solution: Contact your vendor and reference WindRiver field patch TSR 296292. 

CVE-2002-2300 

SunFTP Directory Traversal / Overflow 


Description: Synopsis :\n\nThe remote host is vulnerable to multiple attack vectors.\n\nThe remote FTP 

server (SunFTP) allows a remote attacker to read arbitrary files on the remote host by 

adding a double dot in front of their name. In addition to this, it is vulnerable to a buffer 

overflow which may allow an attacker to execute arbitrary commands on the remote host. 

Solution: The product has been discontinued by the vendor. 

CVE-2000-0856 

WebWeaver FTP RETR Command Remote DoS 



RISK: 

MEDIUM 



Description: The remote FTP server is running WebWeaver FTPd. There is a flaw in this server which 

may allow anyone to crash it remotely by requesting a non-existing file. 



Debian proftpd root Privilege Escalation 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to multiple attack vectors\n\nThe remote FTP 

server is subject to two flaws:\n- There is a configuration error in the postinst script, when 

the user enters 'yes', when asked if anonymous access should be enabled. The postinst script 

wrongly leaves the 'run as uid/gid root' configuration option in /etc/proftpd.conf, and adds a 

'run as uid/gid nobody' option that has no effect.\n There is a bug that comes up when /var 

is a symlink, and proftpd is restarted. When stopping proftpd, the /var symlink is removed; 

when it's started again a file named /var is created. 

Solution: Upgrade proftpd to proftpd-1.2.0pre10-2.0potato1 or higher. 

CVE-2001-0456 

ProFTPD cwd Command Format String 


Description: Synopsis :\n\nThe remote host is vulnerable to a remote 'format string' flaw.\n\nThe remote 

ProFTPd server is as old or older than 1.2.0rc2. There is a format string vulnerability in this 

version that might allow an attacker to execute arbitrary code on this host. 

Solution: Upgrade to the latest version of ProFTPd. 

CVE-2001-0318 

HP-UX ftpd glob() Expansion STAT Command Remote Overflow 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nA buffer overflow in 

FTP server in HPUX 11 and previous allows remote attackers to execute arbitrary 

commands by creating a long pathname and calling the STAT command, which uses glob 

to generate long strings. 


CVE-2001-0248 

Anonymous FTP Detection (login: ftp) 




RISK: Risk 

not available 

Description: The remote server supports anonymous FTP with the login of 'ftp'. 

Solution: N/A 


Anonymous FTP Enabled 


PVS ID: 1821 FAMILY: FTP Servers RISK: LOW NESSUS ID:Not Available 


attacks.\n\nThe remote FTP server has anonymous access enabled. 

Solution: N/A 


Anonymous FTP Detection (login: anonymous) 




Solution: N/A 


Anonymous FTP Enabled 




Solution: N/A 


SmallFTPD < 1.0.3 CWD Command Traversal Directory Listing 


Description: Synopsis :\n\nThe remote host is vulnerable to a flaw which allows attackers to 

retrieve sensitive files or data.\n\nThe remote FTP server (smallftpd) is vulnerable to 

a flaw which allows users to access files outside of the FTP server root. 





Platinum FTP server Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote host is vulnerable to multiple attack vectors.\n\nPlatinum FTP 

server for Win32 has several vulnerabilities in the way it checks the format of command 

strings passed to it. This leads to the following vulnerabilities in the server: The 'dir' 

command can be used to examine the filesystem of the machine and gather further 

information about the host by using relative directory listings (I.E. '../../../' or '\..\..\..'). The 

'delete' command can be used to delete any file on the server that the Platinum FTP server 

has permissions to. Issuing the command 'cd @/..@/..' will cause the Platinum FTP server 

to crash and consume all available CPU time on the server. 



NiteServer < 1.85 FTP Server Traversal Directory Listing 


RISK: 

MEDIUM 



sensitive files or data.\n\nThe remote FTP server allows anybody to switch to the root 

directory and read potentially sensitive files. 


CVE-2003-1349 

AIX FTPd libc Library Remote Overflow 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nIt is possible to make 

the remote FTP server crash by issuing this command : CEL aaaa[...]aaaa. This problem is 

known as the 'AIX FTPd' overflow and may allow the remote user to easily gain access to 

the root (super-user) account on the remote system. 

Solution: See IBM's advisory number ERS-SVA-E01-1999:004.1 or contact your vendor for a patch. 

CVE-1999-0789 

bftpd < 1.0.14 chown Command Overflow 




Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nThe remote ftp server 

is vulnerable to a buffer overflow when issued too long arguments to the chown command. 

This vulnerability may make it possible for a remote attacker to gain root access. 

Solution: Upgrade to version 1.0.14 or disable the option ENABLE_SITE in bftpd.conf 

CVE-2000-0943 

bftpd < 1.0.13 Format String Overflow 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nThe remote ftp server 

does not properly sanitize output from the NLST command. It may be possible for remote 

attackers to gain root access if they can write in any directory served by this ftp daemon. 



War FTP Daemon < 1.66x4 USER/PASS Command Overflow 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nThe version of War 

FTP Daemon running on this host contains a buffer overflow in the code that handles the 

USER and PASS commands. A potential intruder could use this vulnerability to crash the 

server or run arbitrary commands on the system. 

Solution: Upgrade to version 1.66x4 or higher. 

CVE-1999-0256 

War FTP Daemon < 1.67b5 Traversal Arbitrary Directory Access 


RISK: 

MEDIUM 



sensitive files or data.\n\nThe version of WarFTPd running on this host contains a 

vulnerability that may allow a potential intruder to gain read access to directories and files 

outside of the ftp root. By sending a specially crafted 'dir' command, the server may 

disclose an arbitrary directory. 

Solution: Upgrade to version 1.67b5 or higher. 

CVE-2001-0295 

WS_FTP < 3.1.2 SITE CPWD Buffer Overflow 




Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nThis host is running a 

version of WS_FTP FTP server prior to 3.1.2. Versions earlier than 3.1.2 contain an 

unchecked buffer in routines that handle the 'CPWD' command arguments. The 'CPWD' 

command allows remote users to change their password. By issuing a malformed argument 

to the CPWD command, a user could overflow a buffer and execute arbitrary code on this 

host. Note that a local user account is required. 


CVE-2002-0826 

EFTP .lnk File Upload Overflow DoS 


Description: Synopsis :\n\nThe remote host is vulnerable to a Denial of Service (DoS) attack.\n\nIt was 

possible to crash the EFTP service by uploading a *.lnk file containing too much data. An 

attacker may use this to make this service crash continuously or run arbitrary code on your 

system. 


CVE-2001-1112 

EFTP < 2.0.8.348 File Enumeration 


RISK: 

MEDIUM 



attacks.\n\nThe remote FTP server can be used to determine if a given file exists on the 

remote host by adding dot-dot-slashes in front of the filename. 

Solution: Upgrade to version 2.0.8.348 or higher. 

CVE-2001-1109 

FTP Server 'glob' Function Overflow 



Description: Synopsis :\n\nThe remote host is vulnerable to a globbing attack.\n\nIt is possible to make 

the remote FTP server crash by creating a large directory structure and then attempting to 

list it using wildcards. This is usually known as the 'ftp glob overflow' attack. An attacker 

can use this flaw to execute arbitrary code on the remote server, which may lead to remote 

shell access. 

Solution: Upgrade your FTP server and/or libc. Consider removing directories writable by 

'anonymous'. 


CVE-2001-0247 

FTP Server 'glob' Function Overflow 


Description: Synopsis :\n\nThe remote host is vulnerable to a globbing overflow.\n\nIt may be possible 

to make the remote FTP server crash by creating a large directory structure and then 

attempting to list it using wildcards. This is usually known as the 'ftp glob overflow' attack. 

An attacker can use this flaw to execute arbitrary code on the remote server, which could 

lead to remote shell access. 

Solution: Upgrade your FTP server and/or libc. Consider removing directories writable by 

'anonymous'. 

CVE-2001-0247 

Serv-U < 2.5e CWD Command Path Disclosure 


RISK: 

MEDIUM 



attacks.\n\nThe remote FTP server discloses the full path to its root through a CWD 

command done to a non-existant directory. 

Solution: Upgrade to Serv-U 2.5e or higher. 

CVE-1999-0838 

Serv-U < 2.5i CD Command Traversal Directory / File Access 


RISK: 

MEDIUM 



sensitive files or data.\n\nIt is possible to break out of the remote FTP chroot by appending 

%20s in the CWD command, as in : CWD %20.. This problem allows an attacker to browse 

the entire remote file system. 

Solution: Upgrade to Serv-U 2.5i or higher. 

CVE-2001-0054 


GuildFTPd Directory Traversal Arbitrary File Access 



sensitive files or data.\n\nVersion 0.97 of GuildFTPd was detected. A security vulnerability 

in this product allows anyone with a valid FTP login to read arbitrary files on the system. 



CVE-2001-0767 

GuildFTPd Traversal Arbitrary File Enumeration 



attacks.\n\nThe remote FTP server (GuildFTPD) can be used to determine if a given file 

exists on the remote host by adding dot-dot-slashes in front of the filename. 

Solution: Upgrade according to vendor recommendations. 

CVE-2000-0640 

Microsoft IIS FTP Status Request DoS 


RISK: 

MEDIUM 



be possible to make the remote FTP server crash by sending the command 'STAT 

*?AAAAA....AAAAA' An attacker may use this flaw to prevent your FTP server from 



CVE-2002-0073 

WarFTPd Multiple Command CPU Consumption DoS 


RISK: 

MEDIUM 



remote WarFTPd server is running a 1.71 version. It is possible for a remote user to cause a 

denial of service on a host running Serv-U FTP Server, G6 FTP Server or WarFTPd Server. 

Repeatedly submitting an 'a:/' GET or RETR request, appended with arbitrary data, will 

cause the CPU usage to spike to 100%. 

Solution: Upgrade to the latest version of WarFTPd. 


ProFTPd < 1.2.0pre6 mkdir Command Overflow 




Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nThe remote ProFTPd 

server is vulnerable to a buffer overflow when issued a too long mkdir command. An 

attacker may use this flaw to execute arbitrary commands on the remote host. 

Solution: Upgrade to version 1.2.0pre6 or higher. 

CVE-1999-0911 

ProFTPd ASCII Newline Character Overflow 



running a version of ProFTPd which seems to be vulnerable to a buffer overflow when a 

user downloads a malformed ASCII file.\nAn attacker with upload privileges on this host 

may abuse this flaw to gain a root shell on this host. 

Solution: Upgrade to ProFTPd 1.2.9 or 1.2.8p or higher. 

CVE-2003-0831 

wzdftp < 0.1rc5 Mutliple DoS 


RISK: 

MEDIUM 


Description: The remote host is running wzdftpd. Versions of this software prior to 0.1rc5 contain a 

number of denial of service (DoS) vulnerabilities. However, this may be a false positive as 

wzdftpd does not display its version number in the 220 banner. 

Solution: Upgrade to version 0.1rc5 or higher. 


Access Point Detection via FTP Server Version 


RISK: 

MEDIUM 

Description: The remote host is a Wireless Access Point (WAP). 







RISK: 

MEDIUM 








RISK: 

MEDIUM 





War FTP Daemon CWD/MKD Overflow DoS 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nThe version of the 

War FTP Daemon running on this host is vulnerable to a buffer overflow attack. This is due 

to improper bounds checking within the code that handles both the CWD and MKD 

commands. By exploiting this vulnerability, it is possible to crash the server, and 

potentially run arbitrary commands on this system. 


CVE-2000-0131 

WU-FTPD Server Detection 


Description: The remote host is running a version of WU-FTPD server. 

Solution: N/A 


Debian ProFTPD Server Detection 


Description: The remote host is running a ProFTPD FTP server. 

Solution: N/A 




War FTP Daemon Detection 


Description: The remote host is running a version of War FTP Daemon. 

Solution: N/A 


Serv-U FTP Server Detection 


Description: Synopsis :\n\nAn FTP Server is running on this port\n\nThe remote host is running a 

version of the Serv-U FTP server. 

Solution: N/A 


TNFTPD Multiple Signal Handler Remote Superuser Privilege Escalation 

PVS ID: 1854 FAMILY: FTP Servers RISK: HIGH NESSUS ID:Not Available 

Description: Synopsis :\n\nThe remote host is vulnerable to multiple attack vectors.\n\nThe remote host 

is running TNFTPD, a port of the NetBSD FTP daemon. It is reported that this version of 

TNFTPD is vulnerable to multiple vulnerabilities in the signal handling functions. An 

attacker may remotely gain superuser privileges on the remote host. TNFTPD was formerly 

named lukemftpd. 

Solution: Upgrade to tnftpd 20040810 or higher. 

CVE-2004-0794 

BitchX IRC Client "/INVITE" Command Format String DoS 

PVS ID: 1855 FAMILY: IRC Clients RISK: HIGH NESSUS ID:Not Available 


host is running a version of the BitchX IRC client that may be vulnerable to a format string 

attack. BitchX IRC clients, versions 75 up to and including 1.0c16, are vulnerable to a 

Denial of Service attack and possible remote execution of code. By /invite-ing someone to 

a channel name containing formatting characters an IRC user can cause the targeted user's 

BitchX client to seg-fault. 


CVE-2000-0594 



BitchX IRC Clent DNS Response Remote Overflow 

PVS ID: 1856 FAMILY: IRC Clients 

RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is running a version of the BitchX IRC client that may be 

vulnerable to a buffer overflow. \n\nA buffer overflow within the DNS resolver code makes 

it possible to overwrite stack variables by generating a malformed DNS packet. A 

malicious attacker may use this vulnerability to execute arbitrary code in the context of the 

BitchX client. Note that it is necessary for an attacker to control a DNS server to exploit 

this bug. 


CVE-2001-0050 

BitchX IRC Client Malformed RPL_NAMEREPLY Message DoS 


RISK: 

MEDIUM 



remote host is running a version of the BitchX IRC client (version 75p3, 1.0c16, 1.0c19, or 

1.0c20cvs) that may be vulnerable to a Denial of Service attack. If a remote attacker sends 

a malformed RPL_NAMEREPLY numeric 353 message to a BitchX IRC client, the 

attacker can cause the client to crash. 


CVE-2003-1450 

Multiple ircii-based Clients Remote Overflows 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is running a version of the BitchX IRC client that may 

contain buffer overflows. \n\nMultiple vendor ircii-based client, including BitchX version 

1.0c19 and possibly earlier, are vulnerable to multiple buffer overflows. A remote attacker 

could overflow a buffer to cause the corruption of heap memory, allowing the attacker to 

execute arbitrary code on the system or possibly cause the client to crash. 


CVE-2003-0321 


BitchX Trojaned Distribution Authentication Bypass 



Description: Synopsis :\n\nThe remote host is vulnerable to a flaw which allows for the 

bypassing of authentication.\n\nThe remote host is running the BitchX IRC 

client that may contain a backdoor. BitchX, if downloaded between 

12-Apr-2003 and 13-Apr-2003, could cause a backdoor to be installed on the 

victim's computer. One of the FTP sites that was linked from the BitchX 

website was a false FTP site, and the BitchX IRC Client 1.0 c19 was modified 

to include a Trojan Horse. Once the Trojan Horse is executed it attempts to 

connect to 207.178.61.5 on port 6667. This could allow a remote attacker to 

gain access to systems that have installed the compromised BitchX distributions 

and execute commands with the privledges of the user that installed the affected 

package. 



BitchX IRC Client Channel Mode Change DoS 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is running the BitchX IRC client that may contain a Denial 

of Service (DoS) vulnerability.\n\n It may be possible to crash the BitchX client when 

certain mode changes are made. All version up to 1.0cvs20 are affected. 


CVE-2003-0334 

mIRC < 6.0 Long Nickname Buffer Overflow 


Description: Synopsis :\n\nThe remote host is running a version of mIRC that is vulnerable to a buffer 

overflow attack.\n\nThis issue is due to improper bounds checking of nicknames sent by 

the server. An excessively long nickname (200+) is capable of overwriting the stack. This 

issue is also exploitable via a webpage that can instruct the client to launch and to make a 

connection to the malicious web server. This may lead to full compromise of the host 

running the client software on some Windows systems. 


CVE-2002-0231 


mIRC < 6.1 DCC Server Protocol Nickname Disclosure 

PVS ID: 1862 FAMILY: IRC Clients RISK: LOW NESSUS ID:Not Available 



attacks.\n\nThe remote host is running the mIRC chat client. A vulnerability has been 

reported in the mIRC implementation of the DCC protocol. Reportedly, when a DCC 

connection is initiated, the command '100 testing' will cause the mIRC server to respond 

with the user's current nick. Exploitation of this vulnerability may aid an attack in further 

intelligent attacks, or help an attempt at social engineering. 


CVE-2002-0425 

mIRC < 6.03 Scripting $asctime Overflow 


RISK: 

MEDIUM 



running the mIRC chat client. A buffer overflow has been reported in the $asctime 

identifier, a function in the mIRC scripting language. The error lies in the handling of 

oversized format specifier strings. Exploitation relies on a script passing untrusted input 

into this function. Reportedly, no such script is included in the default installation of mIRC. 


CVE-2002-1456 

mIRC DCC Get Dialog File Spoofing Weakness 


RISK: 

MEDIUM 



remote host is running the mIRC chat client. It has been reported that it is possible to spoof 

file extensions in mIRC's DCC Get dialog. This could be exploited to trick a user into 

thinking a malicious file is safe, which may create a false sense of security and cause the 

user to open the file. 



Trillian IRC PART Message Remote DoS 



RISK: 

MEDIUM 



remote host is running the Trillian IRC client. Reportedly, Trillian is prone to a Denial of 

Service attack when it receives messages about a user leaving a non-specified channel or a 

channel that the user is not currently in. It is possible to exploit this issue using a malicious 

server. 



CVE-2002-1488 

Trillian IRC User Mode Numeric Remote Overflow 



running the Trillian IRC client. Trillian versions 0.73, 0.74, and possibly other versions are 

vulnerable to a buffer overflow, caused by improper validation of Internet Relay Chat 

(IRC) raw 221 user mode requests. By sending a raw 221 request with a mode of more than 

251 bytes, a remote attacker in control of a malicious IRC server could overflow a buffer 

and cause the victim's Trillian client to crash or execute code on the system. 


CVE-2002-1486 

Trillian IRC Module DCC Length Remote Overflow 



running the Trillian IRC client. Trillian versions 0.725 and 0.73 are vulnerable to a buffer 

overflow in the IRC module. By sending an overly long DCC chat message containing 

4282 or more to another user, a remote attacker can overflow a buffer and cause the Trillian 

client to crash or possibly execute code on the system. 


CVE-2002-2173 

Trillian IRC Oversized Data Block Remote Overflow DoS 


RISK: 

MEDIUM 



remote host is running the Trillian IRC client. Trillian version 0.74 and possibly other 

versions are vulnerable to a Denial of Service attack, caused by a buffer overflow. By 

sending more than 4095 characters to a vulnerable Trillian client, a remote attacker in 

control of a malicious IRC server could overflow a buffer and cause the victim's Trillian 

client to crash. 


CVE-2002-1486 



Trillian IRC Raw Message DoS 


RISK: 

MEDIUM 



remote host is running the Trillian IRC client. Trillian version 0.74 and possibly other 

versions are vulnerable to a Denial of Service attack, caused by improper validation of IRC 

raw messages. By sending one of the following raw requests: 206, 211, 213, 214, 215, 217, 

218, 243, 302, 317, 324, 332, 333, 352, or 367, a remote attacker in control of a malicious 

IRC server could cause the victim's Trillian client to crash. 


CVE-2002-1487 

Trillian IRC Module Channel Name Format String 



host is running the Trillian IRC client. Trillian versions 0.725 and 0.73 are vulnerable to a 

format string attack in the IRC module. A remote attacker operating a malicious IRC server 

can deceive another user into joining a channel with a specially crafted name where 

malicious code can be stored. The malicious code could then be executed on the user's 

system, once the user joins the channel. 


CVE-2002-2155 

Trillian IRC Server Response Remote Overflow 


RISK: 

MEDIUM 



running the Trillian IRC client. Trillian version 0.73 and earlier are vulnerable to a buffer 

overflow in the IRC module. By operating a malicious IRC server and sending malformed 

responses, a remote attacker can overflow a buffer and execute code on the server. 



Trillian IRC JOIN Remote Overflow 



RISK: 

MEDIUM 




running the Trillian IRC client. Trillian versions 0.73, 0.74 and possibly other versions are 

vulnerable to a buffer overflow, caused by improper validation of JOIN commands 

received from an IRC server. If a Trillian client connects to an attacker-controlled IRC 

server and joins a channel with a name containing more than 206 characters, the attacker 

could overflow a buffer and cause the victim's Trillian client to crash or execute code on 

the system. 


CVE-2002-1486 

XChat Malformed Nickname Remote Format String 



host is running the XChat IRC client. XChat IRC client version 1.2.x is vulnerable to a 

format string attack. A remote attacker can create a specially crafted nickname that would 

cause arbitrary code to be executed on the system once a connection is established. 


CVE-2001-0792 

XChat /dns Reverse Lookup Response Arbitrary Command Execution 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to an flaw which allows attackers to execute 

arbitrary commands.\n\nThe remote host is running the XChat IRC client. X-Chat versions 

1.8.8 and earlier could allow a remote attacker to execute arbitrary commands on the 

X-Chat client. A vulnerability regarding the lack of filtering in the EXECL command could 

allow an attacker to send a specially crafted /dns query that would return a malformed 

response from the server to execute arbitrary commands on the X-Chat client. 


CVE-2002-0382 

XChat CTCP Ping Arbitrary Remote IRC Command Execution 



RISK: 

MEDIUM 



arbitrary commands.\n\nThe remote host is running the XChat IRC client. X-Chat versions 

1.4.2 and 1.4.3 could allow a remote attacker to execute IRC commands. A remote attacker 

can send a specially crafted CTCP ping request to execute IRC commands on the IRC 

server and gain elevated privileges. 



CVE-2002-0006 

XChat Client URL Metacharacter Command Execution 


RISK: 

MEDIUM 



arbitrary commands.\n\nThe remote host is running the XChat IRC client. XChat IRC 

client versions 1.3.9 and later could allow an attacker to execute arbitrary shell commands. 

By embedding commands enclosed in backticks in URLs sent to XChat, a remote attacker 

can execute commands as the user. 


CVE-2000-0787 

mIRC Minimized Dialogue Window DoS 


RISK: 

MEDIUM 



remote host is running a version of mIRC that be vulnerable to a remote Denial of Service 

attack. Specifically version 6.12 may be crashed if a person minimizes the DCC get 

dialogue windows, and then reopens those windows to get a file with an excessively long 

filename. 


IRC Client Detection 



Description: The remote host is running an IRC client. 

Solution: N/A 


Password File Obtained by HTTP (GET) 





manner.\n\nIt seems that a Unix password file was sent by the remote web server when the 

following request was made :\n%P\nWe saw : \n%L 

Solution: N/A 


KaZaa or Morpheus Detection 

PVS ID: 1880 FAMILY: Policy RISK: LOW NESSUS ID:Not Available 

Description: Synopsis :\n\nThe remote host is running software that may not be authorized by corporate 

policy.\n\nThe remote host is running KaZaa or Morpheus, which are P2P file sharing 

software packages. In addition to the potential illegal use of this software (which can be 

used to download copyrighted material), this type of software tends to be bandwidth 

intensive and may eventually degrade network performance. 

Solution: Ensure that the software is being used for a legitimate purpose. 

MLdonkey Detection 


PVS ID: 1881 FAMILY: Policy RISK: LOW NESSUS ID:11125 

Description: Synopsis :\n\nThe remote host is running software that may not be authorized by corporate 

policy\n\nThe remote host is running MLdonkey, a P2P file sharing software. In addition to 

the potential illegal use of this software (which can be used to download copyright 

protected material), this kind of software tend to be bandwidth intensive and may 

eventually degrade network performance. 

Solution: Ensure that the software is being used for a legitimate purpose. 

VNC Detection 



Description: VNC (Virtual Network Computing) is installed on this host on this port. Disable this 

service if it is not used actively and for a legitimate purpose. 

Solution: N/A 


Trojan/Backdoor - 4553 Detection 




Description: Synopsis :\n\nThe remote host has a backdoor installed.\n\nThe remote host has 

the backdoor '4553' installed. This implies that this host has probably been 

compromised. 

Solution: Complete reinstallation of host. 


RemotelyAnywhere SSH Detection 

PVS ID: 1884 FAMILY: Backdoors RISK: LOW NESSUS ID:10921 

Description: The remote host is running a RemotelyAnywhere SSH server on this port. Make sure this 

software has been installed legitimately, as it is a tool of choice to many attackers, 

according to NAVCIRT. 

Solution: N/A 


RemotelyAnywhere WWW Detection 

PVS ID: 1885 FAMILY: Backdoors RISK: LOW NESSUS ID:10920 

Description: The remote host is running a RemotelyAnywhere web server on this port. Make sure this 

software has been installed legitimately, as it is a tool of choice to many attackers, 

according to NAVCIRT. 

Solution: N/A 


Apple Airport Administrative Port Credential Encryption Weakness 



manner.\n\nThe remote host is an Apple Airport Wireless Access Point, which can be 

administrated on top of port 5009. There is a flaw in the administration protocol of this 

device which makes its password to be transmitted in cleartext over the network. An 

attacker could sniff this information, recover the password, and use it to gain administrative 

privileges on this host. 

Solution: Block incoming traffic to this port, and only administer this device via a cross-over cable. 

CVE-2003-0270 

LeafNode < 1.9.30 Resource Exhaustion DoS 



RISK: 

MEDIUM 



Description: Synopsis :\n\nThe remote host is vulnerable to a Denial of Service (DoS) 

attack.\n\nThe remote host is running the LeafNode NNTP server. The version of 

LeafNode that is installed is vulnerable to a denial of service attack that may be 

abused by an attacker to cause this system to fail. 

Solution: Upgrade to LeafNode 1.9.30 or higher. 

CVE-2002-1661 

NNTP Server Type and Version 


Description: The remote host is running a NNTP server. Its banner is : \n%L 

Solution: N/A 


tanned < 0.7.2 Remote Format String 


Description: Synopsis :\n\nThe remote host is vulnerable to a remote format string flaw.\n\nThe remote 

host is running tanned. Some versions of this software are vulnerable to a format string 

attack which may allow an attacker to get a root shell on this host. 

Solution: Upgrade to tanned 0.7.2 or higher. 

apcupsd Detection 

CVE-2003-1236 


Description: The remote host is running apcupsd, a APC battery manager backup unit manager. 

The remote host is running the following version of this software : \n%L 

Solution: N/A 

apcupsd Overflow 





running a version of apcupsd which is vulnerable to a buffer overflow. An attacker could 

exploit this flaw to gain a root shell on this host. 



CVE-2003-0099 

PostgreSQL < 7.2.3 Multiple Vulnerabilities 


RISK: 

MEDIUM 



authentication.\n\nThe remote PostgreSQL server is vulnerable to various flaws which may 

allow an attacker who has the right to query the remote database to obtain a shell on this 

host. 

Solution: Upgrade to PostgreSQL 7.2.3 or higher. 

CVE-2002-1399 

PostgreSQL < 7.2.3 Multiple Vulnerabilities (2) 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host can be tricked into giving a user a shell.\n\nThe remote 

PostgreSQL server is vulnerable to various flaws which may allow an attacker who has the 

right to query the remote database to obtain a shell on this host. 


CVE-2002-1398 

Oracle 9iAS Administrative Web Interface Authentication Weakness 


Description: The remote Oracle 9i Application Server administrative interface runs on this port. Make 

sure that the access to this interface is restricted to the persons who are in charge of this 

server. 

Solution: Impose Access Control Lists (ACLs) on the administrative interface. 

CVE-2002-0561 


McAfee ePolicy Orchestrator Remote Format String 



server is running McAfee ePolicy Orchestrator. This service *might* be vulnerable to a 

format string attack which may allow an attacker to execute arbitrary commands with the 

SYSTEM privileges. 



rsync Detection 

CVE-2002-0690 


Description: The remote host is running rsync on this port. 

Solution: N/A 


rsync < 2.5.2 Signedness Error Array Overflow 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nThe remote rsync 

server might be vulnerable to an array index overflow. An attacker may use this flaw to 

gain a shell on this host. 

Solution: Upgrade to rsync 2.5.2 or higher. 

CVS Server Detection 

CVE-2002-0048 


Description: The remote server is running the CVS daemon. The server is being used as a central file 

repository for maintenance of file or package version. 

Solution: Ensure that the server is operating under the guidelines as set forth by corporate and 

security policies. Examine the possibility of securing the CVS session by using CVS over 

SSH. 


CVS < 1.11.5 pserver Directory Request Double Free() Privilege Escalation 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nThe remote CVS 

server is vulnerable to a double free() vulnerability that may allow an attacker to gain a 


Solution: Upgrade to CVS 1.11.5 or higher. 



CVE-2003-0015 

MySQL < 3.23.56 Local Privilege Escalation 


Description: Synopsis :\n\nThe remote host is vulnerable to a local 'privilege escalation' flaw.\n\nThe 

remote host is running a version of MySQL which is older than version 3.23.56. A 

vulnerability exists that may allow the mysqld service to start with elevated privileges. An 

attacker can exploit this vulnerability by creating a DATADIR/my.cnf that includes the line 

'user'. 


CVE-2003-0150 

UUCP Server Detection 


Description: A UUCP server is running on this port. 

Solution: N/A 

Time Server Detection 



Description: A time server is running on this port. 

Solution: N/A 

Telnet Server Detection 



Description: A telnet server is running on this port. 

Solution: N/A 


Chargen Server Detection 




Description: A chargen server is running on this port. 

Solution: N/A 


Chargen Server Detection (UDP) 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host may be used to attack other hosts.\n\nA chargen server is 

running on this port on top of UDP. An attacker may use spoofed UDP packets to use this 

server to set up a 'ping pong' attack that would use this service to attack a third party host. 

Solution: Disable the service. 

DHCP Server Detection 



Description: A DHCP server is running on this host. 

Solution: N/A 


DHCP Server Multiple Vulnerabilities 


Description: The remote host is running a DHCP server. If it is ISC-DHCP, there might be several flaws 

in it that may allow an attacker to gain a root shell on this host. 

Solution: Upgrade to latest version of ISC-DHCP. 

CVE-2004-1006 

MySQL < 3.23.55 Double Free() Overflow 




running a version of MySQL which is older than version 3.23.55. If you have not patched 

this version, then any attacker with a valid username may crash this service remotely by 

exploiting a double free bug.\n Further exploitation to gain a shell on the host may also be 

possible. 


Solution: Upgrade to MySQL 3.23.55 or higher. 

CVE-2003-0073 

ClarkConnect Linux clarkconnectd Information Disclosure 


RISK: 

MEDIUM 



sensitive files or data.\n\nThe daemon 'clarkconnectd' seems to be running on this port. 

This daemon can provide sensitive information to attackers, such as the list of running 

processes, the content of /var/log/messages, the snort log file and more. An attacker may 

use it to gain more knowledge about this host. 


CVE-2003-1379 

Trojan/Backdoor - DeepThroat Detection 


Description: Synopsis :\n\nThe remote host has a backdoor installed.\n\nDeepThroat is installed on the 

remote host. This backdoor allows anyone to partially take the control of the remote 

system. An attacker may use it to steal your password or prevent your computer from 


Solution: Use RegEdit, and find 'SystemDLL32' in 

HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run. The value's data is the path 

of the file. If you are infected by DeepThroat 2 or 3, then the registry value is named 

'SystemTray'. 


Trojan/Backdoor - NetSphere Detection 


Description: Synopsis :\n\nThe remote host has a backdoor installed.\n\nNetSphere is installed. This 

backdoor allows anyone to partially take control of the remote system. An attacker may use 

this vulnerability to steal your password or prevent your system from working properly. 

Solution: Telnet to this computer on TCP port 30100 and type : '', without the quotes, 

and press Enter. This will stop the NetSphere service. Manually inspect and repair this 

system. 


Trojan/Backdoor - GateCrasher Detection 




Description: Synopsis :\n\nThe remote host has a backdoor installed.\n\nGateCrasher is installed. This 

backdoor allows anyone to partially take the control of the remote system. An attacker may 

use it to steal your password or prevent your system from working properly. 

Solution: Telnet to this host on port 6969, then type 'gatecrasher;', without the quotes, and press 

Enter. Then type 'uninstall;' and press Enter, it will be uninstalled. Manually inspect and 

repair this system 


Trojan/Backdoor - Portal of Doom Detection 


Description: Synopsis :\n\nThe remote host has a backdoor installed.\n\nPortal of Doom is installed. 

This backdoor allows anyone to partially take the control of the remote system. An attacker 

may use it to steal your password or prevent your system from working properly. 

Solution: Open the registry to HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices 

and look for the value named 'String' with the data 'c:\windows\system\ljsgz.exe'. Boot into 

DOS mode and delete the c:\windows\system\ljsgz.exe file, then boot into Windows and 

delete the 'String' value from the registry. If you are running Windows NT and are infected, 

you can kill the process with Task Manager, and then remove the 'String' registry value. 

Manually inspect and repair this system. 


Trojan/Backdoor - GirlFriend Detection 


Description: Synopsis :\n\nThe remote host has a backdoor installed.\n\nGirlFriend is installed. This 



Solution: To remove GirlFriend from your machine, open regedit to 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run and look for a value named 

'Windll.exe' with the data 'c:\windows\windll.exe'. Reboot to DOS and delete the 

C:\windows\windll.exe file, then boot to Windows and remove the 'Windll.exe' registry 

value. Manually inspect and repair this system 


Trojan/Backdoor - EvilFTP Detection 




Description: Synopsis :\n\nThe remote host has a backdoor installed\n\nThe remote host is running 

EvilFTP. EvilFTP is a backdoor that sets up an FTP server on your machine. 

Solution: To remove this backdoor on Windows 95 and 98, delete the line "Run 


Trojan/Backdoor - Phase Zero Detection 


Description: Synopsis :\n\nThe remote host has a backdoor installed.\n\nPhase Zero is installed. This 



Solution: Look for the registry key MsgServ in 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run with value msgsvr32.exe. 

Search for any suspicious files in the run key, and if found locate the file, open it and 

search for the text string "phAse Zero". If found, then delete that file and delete the registry 

value from the registry. Manually inspect and repair this system 


Trojan/Backdoor - SubSeven Detection 


Description: Synopsis :\n\nThe remote host has a backdoor installed.\n\nThis host seems to be running 

SubSeven on this port. SubSeven is trojan which allows an intruder to take the control of 

the remote computer. An attacker may use it to steal your passwords, modify your data, and 

prevent your system from working properly. 

Solution: Use an up-to-date virus scanner to remove SubSeven or reinstall your system. 


Trojan/Backdoor - SyGate Detection 



application.\n\nThe SyGate engine remote controller seems to be running on this port. It 

may be used by malicious users which are on the same subnet as yours to reconfigure this 

SyGate engine. 

Solution: Uninstall the engine if not necessary. 

CVE-2000-0113 

SETI@HOME Client Detection 




Description: Synopsis :\n\nThe remote host is running software which should be authorized by corporate 

policy.\n\nA SETI@HOME client appears to be running on this port. This program may be 

used by malicious users to get your system information (processor type and the operating 

system). SETI@HOME client versions prior to 3.08 are vulnerable to a buffer overflow 

attack. 

Solution: Uninstall the program if it is not necessary. 


WinGate Telnet Proxy Server Detection 


RISK: 

MEDIUM 



application.\n\nThe remote host is running a Wingate Telnet Proxy server. If not configured 

securely, a Wingate Telnet Proxy server may be used by hackers to conceal their true 

origins by bouncing conections through these proxies. 

Solution: Uninstall the server if not necessary; otherwise ensure connections to the proxy are only 

made by trusted hosts. 

CVE-1999-0441 

GnoCatan Remote Overflow 



running GnoCatan, a game server for the GNOME environment. There is a buffer overflow 

in this service that may allow a remote attacker to gain a shell on this host. 



NetBIOS Name Service Reply Information Disclosure 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a flaw that allows attackers to disclose 

memory.\n\nThe remote host is running a version of the NetBT name service which suffers 

from a memory disclosure problem.\nAn attacker may send a special packet to the remote 

NetBT name service, and the reply will contain random arbitrary data from the remote host 

memory. This arbitrary data may be a fragment from the web page the remote user is 

viewing, or something more serious like a cleartext password.\nAn attacker may use this 

flaw to continuously 'poll' the content of the memory of the remote host and might be able 


to obtain sensitive information. 

Solution: Contact the vendor for a patch or disable NetBIOS over TCP if it is not required. 

CVE-2003-0661 

TLSv1 Negotiation Detection 


Description: The server on this port is tunneling traffic through TLSv1. 

Solution: N/A 

Citrix Server Detection 



RISK: 

MEDIUM 


Description: A Citrix server is running on this machine. Citrix servers allow a Windows user to remotely 

obtain a graphical login (and therefore act as a local user on the remote host). If an attacker 

gains a valid login and password, he may be able to use this service to gain further access 

on the remote host. 

Solution: Disable this service if you do not use it. Ensure that strong encryption is being used. 


Windows Update Traffic Detection 


Description: The remote host is enabled and utilizing Microsoft Windows Update. This service 

allows users to check for missing updates and initiate remediation via the Microsoft 

update site. Depending on your individual policy, this may or may not be a desirable 

action. 

Solution: Ensure that Windows Update utilization is a valid use of company resources. 


Generic Shell Detection (HP-UX Telnet) 




application.\n\nAn HP-UX shell server was noted on the host. Typically, shells are used by 

remote users to manage operating systems. Shells that pass traffic in plaintext introduce a 

risk to confidentiality and privacy. In addition, many shells are used by malicious 


individuals as part of a Trojan program or remote buffer overflow exploit. 

Solution: Ensure that the remote shell is secured against data leakage and that it is a valid, approved 

means of managing the remote machine. 


Generic Shell Detection (Linux Telnet) 



application.\n\nA Linux telnet shell server was noted on the host. Typically, shells are used 

by remote users to manage operating systems. Shells that pass traffic in plaintext introduce 

a risk to confidentiality and privacy. In addition, many shells are used by malicious 





Generic Shell Detection (HP-UX High Port) 



application.\n\nAn HP-UX shell server was noted on the host. Typically, shells are used by 







Generic Shell Detection (Cisco Telnet) 




application.\n\nA Cisco shell server was noted on the host. Typically, shells are used by 








Generic Shell Detection (HP JetDirect) 



application.\n\nA HP JetDirect shell server was noted on the host. Typically, shells are used 







Generic Shell Detection (HP JetDirect) 



application.\n\nAn unpassworded HP JetDirect shell server was noted on the host. 

Typically, shells are used by remote users to manage operating systems. Shells that pass 

traffic in plaintext introduce a risk to confidentiality and privacy. In addition, many shells 

are used by malicious individuals as part of a Trojan program or remote buffer overflow 

exploit. 




Generic Shell Detection (SunOS) 



application.\n\nA SunOS shell server was noted on the host. Typically, shells are used by 







Generic Shell Detection (Windows NT Telnet) 





application.\n\nA Windows shell server was noted on the host. Typically, shells are used by 







Generic Shell Detection (Sys V Telnet) 



application.\n\nA shell server was noted on the host. Typically, shells are used by remote 

users to manage operating systems. Shells that pass traffic in plaintext introduce a risk to 

confidentiality and privacy. In addition, many shells are used by malicious individuals as 

part of a Trojan program or remote buffer overflow exploit. 




Generic Shell Detection (Printer Telnet) 



application.\n\nA printer shell server was noted on the host. Typically, shells are used by 







Generic Shell Detection (RedHat Telnet) 




application.\n\nA RedHat Linux shell server was noted on the host. Typically, shells are 

used by remote users to manage operating systems. Shells that pass traffic in plaintext 

introduce a risk to confidentiality and privacy. In addition, many shells are used by 

malicious individuals as part of a Trojan program or remote buffer overflow exploit. 





Generic Shell Detection (AXIS Telnet) 










Generic Shell Detection (SCO Telnet) 



application.\n\nA SCO shell server was noted on the host. Typically, shells are used by 







Generic Shell Detection (Informix UniVerse Telnet) 



application.\n\nAn Informix shell server was noted on the host. Typically, shells are used 

by remote users to manage operating systems. Shells which pass traffic in plaintext 

introduce a risk to confidentiality and privacy. In addition, many shells are used by 

malicious individuals as part of a Trojan program or remote buffer overflow exploit. 






Generic Shell Detection (AIX Telnet) 



application.\n\nAn AIX shell server ( %L ) was noted on the host. Typically, shells are used 







Generic Shell Detection (Cisco Telnet) 










Generic Shell Detection (MESA Telnet) 










Generic Shell Detection (Cisco Catalyst) 





application.\n\nA Cisco shell server was noted on the host. Typically, shells are used by 







Generic Shell Detection (MV/9600) 


Description: A shell server was noted on the host. Typically, shells are used by remote users to manage 

operating systems. Shells which pass traffic in plaintext introduce a risk to confidentiality 

and privacy. In addition, many shells are used by malicious individuals as part of a Trojan 

program or remote buffer overflow exploit. 




Citrix MetaFrame Published Application Enumeration 


RISK: 

MEDIUM 



attacks.\n\nThe remote Citrix server is configured in such a way as to allow anonymous 

remote users to enumerate services. 

Solution: Contact Citrix for a workaround, patch, or configuration option to mitigate this risk 


LDAP NULL Base Connection 


RISK: 

MEDIUM 



attacks.\n\nImproperly configured LDAP servers will allow the directory BASE to be set to 

NULL. This allows information to be obtained without any prior knowledge of the 

directory structure. Coupled with a NULL BIND, an anonymous user can query your 

LDAP server using a tool such as LdapMiner 

Solution: Disable NULL base connections. 




LDAP Server NULL Bind Connection Information Disclosure 


RISK: 

MEDIUM 


Description: The remote host is an LDAP server. The LDAP server is configured to accept NULL 'bind' 

requests which will allow any user to connect to the server and query for information. 

Solution: Disable anonymous bind connections. 

CVE-1999-0385 

UPNP Traffic Detection 


RISK: 

MEDIUM 

Description: Microsoft Universal Plug n Play is running on this machine. 

Solution: Disable the Universal Plug n Play functionality unless required. 

CVE-2001-0876 

LDAP Server NULL Bind Connection Information Disclosure 


RISK: 

MEDIUM 



Description: The remote host is an LDAP server. The LDAP server is configured to accept NULL 'bind' 

requests that will allow any user to connect to the server and query for information. 

Solution: Disable anonymous bind connections. 

CVE-1999-0385 

UPNP Traffic Detection 


RISK: 

MEDIUM 

Description: Microsoft Universal Plug n Play is running on this machine. 

Solution: Disable the Universal Plug n Play functionality unless required. 

CVE-2001-0877 


Speak Freely Malformed GIF Image Handling DoS 




RISK: 

MEDIUM 



remote host is running a version of Speak Freely that is vulnerable to a Denial of Service 

attack that may be exploited by an attacker by sending a malformed GIF (using the "show 

your face feature") to the vulnerable host. 

Solution: The vendor has discontinued this product. 


Winamp MIDI Plugin Track Size Overflow 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nWinamp versions 2.91 

and below suffer from a vulnerability which allows an attacker to overflow the client with a 

specially crafted MIDI file. Mass exploitation of this vulnerability would be relatively easy 

for an attacker with a streaming media server. 



Citrix MetaFrame Service Enumeration 


RISK: 

MEDIUM 



attacks.\n\nThe remote Citrix server is configured in such a way as to allow anonymous 

remote users to enumerate services. 



LDAP NULL Base Connection 



RISK: 

MEDIUM 



attacks.\n\nImproperly configured LDAP servers will allow the directory BASE to be set to 

NULL. This allows information to be gathered without any prior knowledge of the 

directory structure. Coupled with a NULL BIND, an anonymous user can query your 

LDAP server using a tool such as LdapMiner. 


Solution: Disable NULL base connections. 


Checkpoint Firewall-1 Detection 



is a Checkpoint Firewall version 4.1 with no service packs. The firewall is vulnerable to 

multiple remote buffer overflows, format string attacks, and other miscellaneous 







is a Checkpoint Firewall version 4.1 SP1. The firewall is vulnerable to multiple remote 

buffer overflows, format string attacks, and other miscellaneous vulnerabilities. 





RISK: 

MEDIUM 



remote host is a Checkpoint Firewall version 4.1 SP2 - SP6. There are known 

vulnerabilities within these versions. 






RISK: 

MEDIUM 



remote host is a Checkpoint Firewall version NG with no service packs. There are known 

vulnerabilities within this version. 






RISK: 

MEDIUM 



remote host is a Checkpoint Firewall version NG with FP1. There are known vulnerabilities 

with this version. 





RISK: 

MEDIUM 

Description: The remote host is a Checkpoint Firewall version NG with FP2. 






Description: The remote host is a Checkpoint Firewall version NG with FP3. 

Solution: Ensure that the firewall is configured in a manner consistent with corporate security 

policies. 




Description: The remote host is a Checkpoint Firewall version AI R54. 

Solution: Ensure that the firewall is configured in a manner consistent with corporate security 

policies. 


Generic Shell Detection (Avaya Telnet) 





operating systems. Shells that pass traffic in plaintext introduce a risk to confidentiality and 

privacy. In addition, many shells are used by malicious individuals as part of a Trojan 

program or remote buffer overflow exploit. 




Subversion (SVN) < 1.0.6 Module File Restriction Bypass 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a flaw that allows attackers to retrieve and 

modify sensitive files or data.\n\nThe remote host is running a version of Subversion which 

is older than 1.0.6. A flaw exists in the apache module mod_authz_svn in older versions. 

An attacker can access to any file in a given Subversion repository despite restrictions set 

by the administrator. 

Solution: Upgrade to Subversion 1.0.6 or higher. 

CVE-2004-1438 

Rsync < 2.6.3 Sanitize_path Function Module Path Escaping 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a flaw which allows attackers to retrieve and 

modify sensitive files or data.\n\nThe remote host is running a rsync server, a program to 

synchronize files and directories structure across a network. The version running on the 

host may be vulnerable to a path escaping issue. An attacker may be able to write and read 

files in the context of the server. 

Solution: Upgrade to rsync 2.6.3 or higher. 

CVE-2004-0792 

F-Secure SSH Password Authentication Policy Evasion 

PVS ID: 1966 FAMILY: SSH 


RISK: 

MEDIUM 



attacks.\n\nThe remote host is running F-Secure SSH. This version contains a bug which 

may allow a user to log in using a password even though the server policy disallows it. An 

attacker may exploit this flaw to set up a dictionary attack against the remote SSH server 


and eventually get access to this host. 

Solution: Upgrade F-Secure SSH to a version greater than 3.1. 

SSH Server Detection 


PVS ID: 1967 FAMILY: SSH RISK: NONE NESSUS ID:10267 

Description: The remote host is running a SSH server : \n %L 

Solution: N/A 

SSH Client Detection 


PVS ID: 1968 FAMILY: SSH RISK: NONE NESSUS ID:Not Available 

Description: The remote host is running a SSH client: %L 

Solution: N/A 


SSH < 3.1.5 / 3.2.2 setsid() Privilege Escalation 

PVS ID: 1969 FAMILY: SSH RISK: HIGH NESSUS ID:11169 

Description: Synopsis :\n\nThe remote host may allow users to escalate privileges.\n\nThe remote host is 

running a version of the SSH server which is older than version 3.1.5 or 3.2.2. There is a 

vulnerability in this version which may allow a user to obtain higher privileges due to a 

flaw in the way setsid() is used. The remote host is running : %L 

Solution: Upgrade to version 3.1.5, 3.2.2 or higher. 

CVE-2002-1644 

scp < 2.1 Traversal File Create/Overwrite 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote server may allow attackers to retrieve or modify sensitive 

files.\n\nThe remote host is running SSH 1.2.3 or 1.2 (as a client). There is a vulnerability 

in this version that allows a malicious scp server to overwrite arbitrary files via a directory 

traversal bug. An attacker may use this flaw to compromise this host. To exploit it, the 

attacker would have to compromise a host to which users of this host are SSH'ing into, and 

then to set up a trojaned version of scp which would overwrite files on this host 



CVE-2000-0992 

PKCS#1 Version 1.5 Session Key Retrieval 


RISK: 

MEDIUM 



sensitive files or data.\n\nThe remote host is using version 1.5 of the SSH protocol. This 

version allows a remote attacker to decrypt and/or alter traffic via an attack against 

PKCS#1 version 1.5, called the 'Bleichenbacher' attack. OpenSSH up to version 2.3.0, 

AppGate and SSH Communications Security ssh1 update to version 1.2.31 are vulnerable 

to this attack. 

Solution: Upgrade to the latest version of OpenSSH/SSH. 

CVE-2001-0361 

SSH RSAREF Library Multiple Overflows 



running a version of SSH which is older (or as old as) 1.2.27. If this version was compiled 

against the RSAREF library (which can not be determined remotely), then it is very likely 

to be vulnerable to a buffer overflow that may allow an attacker to obtain a root shell on 

this host. To determine if SSH has been compiled against the RSAREF library, log into the 

remote host and type 'ssh -V' 

Solution: Upgrade to SSH 2.x or do not use the RSAREF library. 

CVE-1999-0834 

SSH Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote host is vulnerable to multiple attack vectors.\n\nThe remote SSH 

server is vulnerable to various vulnerabilities that may allow an attacker to obtain a root 



CVE-2002-1360 






server (or client) is vulnerable to various vulnerabilities that may allow an attacker to 

obtain a root shell on this host. 


CVE-2002-1360 




server (or client) is vulnerable to various vulnerabilities that may allow an attacker to 



CVE-2002-1360 

SSH Secure-RPC Weak Encrypted Authentication Key Recovery 

PVS ID: 1976 FAMILY: SSH RISK: LOW NESSUS ID:11340 


sensitive files or data.\n\nThe remote host is running SSH Communication Security's SSH 

1.2.27 to 1.2.30. With Secure-RPC, this version may allow local attackers to recover a 

SUN-DES-1 magic phrase generated by another user that the attacker can use to decrypt the 

private key file of the user. 


CVE-2001-0259 

SSH < 1.2.28 Kerberos NFS Share Ticket Disclosure 



sensitive files or data.\n\nThe remote host is running a version of SSH which is older (or as 

old as) version 1.2.27. If it was compiled with Kerberos support, an attacker may exploit a 

bug in the Kerberos implementation and may eavesdrop the ticket cache of the users. 

Solution: Use SSH-1.2.28 or higher. 

CVE-2000-0575 

SSH < 1.2.25 CBC/CFB Data Stream Injection 



RISK: 

MEDIUM 



Description: Synopsis :\n\nThe remote host is vulnerable to an flaw that allows attackers to execute 

arbitrary commands.\n\nThe remote host is running a version of SSH which is older than 

(or as old as) 1.2.23. This version is vulnerable to a known plaintext attack that may allow 

an attacker to insert encrypted packets in the client - server stream that will be deciphered 

by the server, thus allowing an attacker to execute arbitrary commands on the remote 

server. 

Solution: Upgrade to SSH-1.2.25 or higher. 

CVE-1999-1085 

OpenSSH Client < 2.3.0 X11 Unauthorized Remote Forwarding 



sensitive files or data.\n\nThe remote host is running OpenSSH SSH client older than 2.3.0. 

This version does not properly disable X11 or agent forwarding, which could allow a rogue 

SSH server to gain access to the X11 display of the client and eavesdrop X11 events. 


CVE-2000-1169 

SSH1 CRC-32 detect_attack Function Overflow 



using a version of SSH.com's SSH older than version 1.2.32 or a version of OpenSSH older 

than 2.3.0. These versions are vulnerable to a buffer overflow that may allow an attacker to 


Solution: Upgrade to SSH.com's SSH 1.2.32 or OpenSSH 2.3.0 or higher. 

CVE-2001-0144 

SSH-1 < 1.2.31 SSH Daemon Account Login Attempt Logging Failure 



attacks.\n\nThe remote SSH daemon does not log repeated login attempts, which allows an 

attacker to set up a brute force attack to guess the user accounts/passwords of on this host. 

Solution: Upgrade to SSH 1.2.31 or higher. 

CVE-2001-0471 


SSH < 3.1.2 AllowedAuthentications Remote Bypass 



Description: Synopsis : \n\nThe remote host may give an attacker information useful for future 

attacks.\n\nThe remote host is running a version of the SSH daemon older than 3.1.2 or 

equal to 3.0.0. There is a vulnerability in this release that may, under some circumstances, 

allow users to authenticate using a password whereas it is not explicitly listed as a valid 

authentication mechanism. An attacker may use this flaw to brute force a password using a 

dictionary attack (if the password used is weak). The remote server is running SSH version: 

\n %L 


CVE-2002-1646 

SSH < 3.0.1 Locked Account Remote Authentication Bypass 


RISK: 

MEDIUM 



authentication.\n\nThe remote host is running SSH 3.0.0. There is a vulnerability in this 

release which allows any user to log into accounts that have passwords of two characters 

long or less. An attacker may gain root privileges using this flaw. 


CVE-2001-0553 

Portable OpenSSH < 3.6.1p2 PAM Timing Side-Channel Weakness 


RISK: 

MEDIUM 



attacks.\n\nThe remote host is using a version of Portable OpenSSH that may allow an 

attacker to determine if an account exists or not by a timing analysis. 

Solution: Upgrade to OpenSSH-portable 3.6.1p2 or higher. 

CVE-2003-0190 


OpenSSH < 2.3.2 SSHv2 Public Key Authentication Bypass 


Description: Synopsis :\n\nThe remote host is vulnerable to a flaw that allows for the bypassing of 

authentication.\n\nThe remote host is running OpenSSH 2.3.1. This version is vulnerable to 

a flaw that allows any attacker who can obtain the public key of a valid SSH user to log 

into this host without any authentication. 


Solution: Upgrade to OpenSSH 2.3.2 or higher. 

CVE-2001-1585 

OpenSSH < 3.0.1 Multiple Vulnerabilities 



authentication.\n\nThe remote host is running a version of OpenSSH that is older than 

3.0.1. Versions older than 3.0.1 are vulnerable to a flaw in which an attacker may 

authenticate, provided that Kerberos V support has been enabled (which is not the case by 

default). It is also vulnerable to an excessive memory clearing bug, believed to be 

unexploitable. *** You may ignore this warning if this host is not using Kerberos V 


CVE-2002-0083 

OpenSSH < 3.4 Multiple Remote Overflows 



running a version of OpenSSH which is older than 3.4. There is a flaw in this version that 

can be exploited remotely to give an attacker a shell on this host. Note that several 

distributions patched this hole without changing the version number of OpenSSH. Note: 

PVS solely relied on the banner of the remote SSH server to perform this check. If you are 

running a RedHat host, make sure that the command :\nrpm -q openssh-server\n Returns : 

openssh-server-3.1p1-6. 

Solution: Upgrade to OpenSSH 3.4 or contact your vendor for a patch. 

CVE-2002-0640 

OpenSSH < 2.9.9 Multiple Key Type ACL Bypass 


RISK: 

MEDIUM 


Description: Synopsis :\n\nRemote users may be able to circumvent system policy.\n\nThe remote host 

is running a version of OpenSSH between 2.5.x and 2.9.x. Depending on the order of the 

user keys in ~/.ssh/authorized_keys2, sshd might fail to apply the source IP based access 

control restriction to the correct key. This problem allows users to circumvent the system 

policy and login from disallowed source IP address. 


CVE-2001-1380 


OpenSSH < 3.2.1 AFS/Kerberos Ticket/Token Passing Overflow 




running a version of OpenSSH older than OpenSSH 3.2.1. A buffer overflow exists in the 

daemon if AFS is enabled on your system, or if the options KerberosTgtPassing or 

AFSTokenPassing are enabled. Even in this scenario, the vulnerability may be avoided by 

enabling UsePrivilegeSeparation. Versions prior to 2.9.9 are vulnerable to a remote root 

exploit. Versions prior to 3.2.1 are vulnerable to a local root exploit. 


CVE-2002-0575 

OpenSSH < 3.1 Channel Code Off by One Privilege Escalation 



running a version of OpenSSH which is older than 3.1. Versions prior than 3.1 are 

vulnerable to an off by one error that allows local users to gain root access, and it may be 

possible for remote users to similarly compromise the daemon for remote access. In 

addition, a vulnerable SSH client may be compromised by connecting to a malicious SSH 

daemon that exploits this vulnerability in the client code, thus compromising the client 

system. 

Solution: Upgrade to OpenSSH 3.1 or higher. 

CVE-2002-0083 

OpenSSH < 2.1.1 UseLogin Local Privilege Escalation 



authentication\n\nThe remote host is running a version of OpenSSH which is older than 

2.1.1. If the UseLogin option is enabled, then sshd does not switch to the uid of the user 

logging in. Instead, sshd relies on login(1) to do the job. However, if the user specifies a 

command for remote execution, login(1) cannot be used and sshd fails to set the correct 

user id, so the command is run with the same privileges as sshd (usually root privileges). 


CVE-2000-0525 


OpenSSH < 3.0.2 UseLogin Environment Variable Local Command Execution 




authentication.\n\nThe remote host is running a version of OpenSSH that is older than 

3.0.2. Versions prior than 3.0.2 are vulnerable to an environment variables export that can 

allow a local user to execute command with root privileges. This problem affects only 

versions prior than 3.0.2 when the UseLogin feature is enabled (usually disabled by 

default). 


CVE-2001-0872 

Dropbear SSH Server Format String 

PVS ID: 1993 FAMILY: SSH RISK: HIGH NESSUS ID:Not Available 

Description: Synopsis :\n\nThe remote host is vulnerable to a 'format string' flaw\n\nThe remote host is 

running a version of the Dropbear SSH server that is vulnerable to a format string attack. 

An attacker may use this vulnerability to execute arbitrary code on the SSH server. 



OpenSSH < 3.7 buffer_append_space Function Overflow 



arbitrary commands.\n\nThe remote host is running a version of OpenSSH that is 

vulnerable to a flaw in the buffer handling functions which may possibly leading to 

command execution. 

Solution: Upgrade to OpenSSH 3.7 or higher. 

CVE-2003-0695 

LSH < 1.5 lshd Daemon Remote Overflow 



running a version of LSH that is vulnerable to a buffer overflow that allows an attacker to 


Solution: Upgrade to LSH 1.5 or higher. 



Portable OpenSSH < 3.7.1p2 Multiple PAM Vulnerabilities 



Description: Synopsis : \n\nThe remote host is vulnerable to a flaw that allows for the bypassing of 

authentication.\n\nThe remote host is portable OpenSSH 3.7p1 or 3.7.1p1.\nVersions older 

than 3.7.1p2 are vulnerable to a flaws that handle PAM authentication and may allow an 

attacker to gain a shell on this host. For your information, the version of OpenSSH is: \n 

%L 

Solution: Upgrade to OpenSSH 3.7.1p2 or higher or disable PAM support in sshd_config. 

OpenSSH Detection 

CVE-2003-0786 

PVS ID: 1997 FAMILY: SSH RISK: LOW NESSUS ID:Not Available 

Description: The remote host is running an OpenSSH server. 

Solution: N/A 


PuTTY < 0.55 modpow Function Arbitrary Code Execution 


RISK: 

MEDIUM 



using a vulnerable version of PuTTY or of a PuTTY-based software (eg. PSCP or 

WinSCP). PuTTY is a SSH client built for Linux and UNIX variants as well as Microsoft 

Windows operating systems. Reportedly PuTTY is affected by a remote, pre-authentication 

memory corruption vulnerability and by a buffer overrun in its SCP client. The version of 

PuTTY installed on the remote client is: %L 

Solution: Upgrade to PuTTY 0.55 or higher. 

CVE-2004-1440 

Putty < 0.54 SSH2 Authentication Password Persistence Weakness 



sensitive files or data.\n\nThe remote host is using a vulnerable version of PuTTY, a SSH 

client built for Linux and UNIX variants as well as Microsoft Windows operation systems. 

It has been reported that PuTTY does not safely handle password information. As a result, a 

local user may be able to recover authentication passwords. The version of PuTTY installed 

on the remote host is: %L 


CVE-2003-0048 



Firebird Database Detection 

PVS ID: 2000 FAMILY: Database RISK: INFO NESSUS ID:Not Available 

Description: The remote host appears to be running the Firebird database server. You should manually 

inspect the system to ensure that the database is at least version 1.5.0 



Potential SQL Injection Vulnerability Detection 


Description: Synopsis :\n\nThe remote web server contains a script that appears to be vulnerable to a 

SQL injection attack.\n\nPVS observed a response from a web server that was driven by an 

error message from an underlying SQL server. It is possible that the application may be 

susceptible to an attack known as 'SQL Injection' in which an attacker can pass SQL 

commands via a web query. Successful exploitation would allow the remote attacker to 

execute arbitrary SQL commands on the backend database server.\nThe following request 

was made :\n%P\nWe saw : \n%L 

Solution: Audit and modify the application to properly validate user input. 

























SMTP Banner - Generic 


PVS ID: 2004 FAMILY: SMTP Servers RISK: NONE NESSUS ID:10263 

Description: The banner of the remote SMTP server is : \n%L 

Solution: N/A 


SMTP Banner - Port Specific 


Description: The banner of the remote SMTP server is : \n%L 

Solution: N/A 


CommuniGate Pro < 3.2 HTTP Configuration Port Remote Overflow 



running CommuniGate Pro version 3.0 or 3.1. There is a flaw in this version that may allow 

an attacker to execute arbitrary code on this host. 

Solution: Upgrade to CommuniGate Pro 3.2 or higher. 

CVE-1999-0865 

WebShield SMTP Header DoS / Filter Bypass 



WebShield SMTP server is vulnerable to two flaws:\n- Several emails may evade the filter 

rules if the attached file names contain strange characters\n-It is possible for an outsider to 

crash this program and force its reinstallation. 

Solution: Upgrade to MR1a or higher. 



CVE-2000-1130 

Lotus Domino < 5.0.12 / 6.0.1 Multiple Vulnerabilities 



is running a version of the Domino mail server that is vulnerable to various flaws when it 

acts as a web client (through web retriever) or in LDAP. An attacker may use these flaws to 

execute arbitary code on this host. 

Solution: Upgrade to Domino 5.0.12 or 6.0.1 or higher. 

CVE-2001-1311 

Sendmail .forward File Local Privilege Escalation 



authentication.\n\nThe sendmail server may be vulnerable to a local privilege escalation 

vulnerability when using .forward files. A local attacker may use this flaw to escalate 

privileges up to 'root' level. *** Note that Sun did not increase the version number of 

Sendmail when patching Solaris 7 and 8, so this might be a false positive. 


CVE-2003-1076 

Sendmail .forward File Local Privilege Escalation 



authentication.\n\nThe sendmail server may be vulnerable to a local privilege escalation 

vulnerability when using .forward files. A local attacker may use this flaw to escalate 

privileges up to 'root' level. *** Note that Sun did not increase the version number of 

Sendmail when patching Solaris 7 and 8, so this might be a false positive. 


CVE-2003-1076 


Sendmail < 8.12.1 RestrictQueueRun Option Local DoS 

PVS ID: 2011 FAMILY: SMTP Servers RISK: LOW NESSUS ID:11087 


remote sendmail server may be vulnerable to a queue destruction if a local user runs the 

command 'sendmail -q -h1000'. A local attacker may use this flaw to force this host to 


delete e-mails. 


CVE-2001-0714 

Sendmail < 8.9.3 Header Parsing Redirection DoS 

PVS ID: 2012 FAMILY: SMTP Servers 

RISK: 

MEDIUM 



remote Sendmail server has a flaw in the way it processes the headers of messages. An 

attacker may exploit this flaw to force this server to fail by sending an e-mail with a large 

number of headers. 

Solution: Upgrade to Sendmail 8.9.3 or higher. 

CVE-1999-0393 

Sendmail < 8.8.5 MIME Conversion Malformed Header Overflow 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nThe remote Sendmail 

server is vulnerable to a MIME conversion overflow. An attacker may exploit this flaw to 

gain a root shell on this host. 


CVE-1999-0047 

Sendmail < 8.8.3 mime7to8 Function Overflow 



server is vulnerable to a buffer overflow when it processes MIME conversions. An attacker 

may exploit this flaw to gain a root shell on this host. 


CVE-1999-0206 

Sendmail < 8.10.0 mail.local Newline Handling Remote DoS 



RISK: 

MEDIUM 




remote Sendmail server does not properly identiy the '.\n' string which identifies the end of 

message text. An attacker may use this flaw to remotely corrupt user mailboxes by sending 

a message line which is 2047 characters long and end in '.\n'. 

Solution: Install sendmail 8.10.0 or higher. 

CVE-2000-0319 

Sendmail < 8.6.8 Long Debug Local Overflow 



server allows local users to escalate their privileges due to a buffer overflow in the debug 

(-d) command line option of Sendmail. 


CVE-1999-1309 

Eserv SMTP Memory Leak 



remote SMTP server is running Eserv SMTP. There is a memory leak in this software that 

may be abused by an attacker to disable this service remotely. 



Sendmail < 8.11.6 Local Overflow 


RISK: 

MEDIUM 



server is vulnerable to a local buffer overflow that may allow local users to gain root 

privileges. 


CVE-2001-0653 

Sendmail < 8.6.10 IDENT Remote Overflow 





authentication.\n\nThe remote Sendmail server is vulnerable to an 'ident overflow' that may 

allow a remote attacker to gain a root shell on this host. 


CVE-1999-0204 

Sendmail < 8.12.8 Header Handling Remote Overflow 



server is vulnerable to a remote buffer overflow that may allow an attacker to remotely gain 

a root shell on this host. 


CVE-2002-1337 

Sendmail < 8.8.4 Group Permissions Local Privilege Escalation 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote server may allow local users to escalate privileges.\n\nThe 

remote Sendmail server is vulnerable to a flaw that may allow local users to gain the group 

permission of the sendmail server by crafting a .forward file. 


CVE-1999-0129 

EXPN Command Information Disclosure 


RISK: 

MEDIUM 



attacks.\n\nThe remote host has the EXPN command enabled. An attacker may use it to 

enumerate valid accounts on this host and gain more information about them. 

Solution: Disable this option in your MUA configuration file. 


EXPN Command Information Disclosure 



RISK: 

MEDIUM 




attacks.\n\nThe remote host has the EXPN command enabled. An attacker may use it to 

enumerate valid accounts on this host and gain more information about them. 

Solution: Disable this option in your MUA configuration file. 


Sendmail < 8.10.1 ETRN Command Remote DoS 


RISK: 

MEDIUM 



remote SMTP server has a flaw that may allow remote attackers to cause a denial of service 

by sending a series of ETRN commands and then disconnecting from this server. 


CVE-1999-1109 

Sendmail < 8.12.5 DNS Map TXT Query Overflow 



server is vulnerable to a buffer overflow in the portion of its code that handles DNS replies. 

The owner of a malicious DNS server could use this flaw to execute arbitrary code on this 

host. 


CVE-2002-0906 

Sendmail 'decode' Alias Arbitrary File Overwrite 


RISK: 

MEDIUM 



authentication.\n\nThe remote Sendmail server may pipe email sent to the 'decode' alias to a 

program, which is prone to various security issues. 

Solution: Remove the 'decode' entry from /etc/aliases. 

CVE-1999-0096 


Sendmail ResrictQueueRun Debug Information Disclosure 




attacks.\n\nThe remote Sendmail server discloses too much information to local users when 

the command 'sendmail -q -d0-nnn.xxx' is executed. A local attacker may use this flaw to 

gather data about your local sendmail configuration. 


CVE-2001-0715 

Sendmail DEBUG Arbitrary Command Execution 



authentication.\n\nThe remote Sendmail server accepts the DEBUG mode. An attacker may 

use it to gain a shell on this host. 


CVE-1999-0095 

Sendmail < 8.8.3 Local Overflow 



authentication.\n\nThe remote Sendmail server may allow a local user to gain root 

privileges. 


CVE-1999-0130 

Sendmail < 8.12.1 Custom Configuration File Privilege Escalation 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host may allow a local attacker to escalate privileges. \n\nThe 

remote sendmail server may be vulnerable to a mail system compromise if a rogue local 

user supplies a custom configuration file. 


CVE-2001-0713 

Sendmail < 8.12.9 NOCHAR Value Overflow 





server may be vulnerable to a remote buffer overflow that can be exploited by an attacker 

to gain a root shell on this host. 


CVE-2003-0161 

Sendmail HELO Command Overflow 


Description: Synopsis :\n\nThe remote mail server may inadvertently allow anonymous emails.\n\nThe 

remote Sendmail server accepts too long arguments to the HELO command, which may 

allow attackers to send email anonymously. 


CVE-1999-1015 

Microsoft Exchange IMC SMTP EHLO Hostname Overflow 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nA security 

vulnerability results because of an unchecked buffer in the IMC code that generates the 

response to the EHLO protocol command. If the buffer were overrun with data it would 

result in either the failure of the IMC or could allow the attacker to run code in the security 

context of the IMC, which runs as Exchange 5.5 Service Account. 


CVE-2002-0698 

TFS SMTP < 4.0 Build 210 MAIL FROM Remote Overflow 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nThe remote SMTP 

server (TFS SMTP) is vulnerable to a buffer overflow when it is issued a too long argument 

to the 'MAIL FROM' SMTP command. An attacker may exploit this vulnerability to run 

arbitrary commands on the remote SMTP server with the privileges of the SMTP daemon 

(typically, SYSTEM). 

Solution: Upgrade to TFS SMTP 4.0 Build 219 or higher. 

CVE-1999-1516 


Xtramail SMTP Multiple Command Remote Overflows 




SMTP server is vulnerable to a buffer overflow when the user supplies a too long argument 

to the HELO command. An attacker may use this flaw to execute arbitrary code on this host 

with the privileges of the Xtramail server (typically, SYSTEM). 


CVE-1999-1511 

SLMail SMTP Multiple Overflows 


Description: Synopsis :\n\nThe remote host is vulnerable to multiple buffer overflows.\n\nThe remote 

host is running a version of the SLMail SMTP server that is vulnerable to various 

overflows that may allow an attacker to gain a shell on this host. 

Solution: Upgrade to SLMail 5.1.0.4433 or higher. 

CVE-2003-0264 

FTGate Multiple Vulnerabilities 



remote SMTP server is running FTGate Pro. There is a flaw in some versions of this 

software that may allow an attacker to disable it remotely by sending a too long argument 

to the MAIL FROM and RCPT TO SMTP commands. In addition, there are flaws that 

would allow an attacker to execute arbitrary code on the vulnerable system. 


CVE-2005-4568 

Lotus Domino < 6.0.1 Multiple SMTP Vulnerabilities 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nThe remote Lotus 

Domino server, according to its version number, is vulnerable to various buffer overflows 

and denial of service attacks. An attacker may use these to disable this server or execute 

arbitrary commands on the remote host. 

Solution: Update to Domino 6.0.1 or higher. 

CVE-2003-0178 


Sendmail < 8.12.8 Double Pipe smrsh Bypass Overflow 



Description: Synopsis :\n\nThe remote host is vulnerable to a flaw that may allow attackers to execute 

arbitrary commands\n\nsmrsh (supplied by Sendmail) is designed to prevent the execution 

of commands outside of the restricted environment. However, when commands are entered 

using either double pipes (||) or a mixture of dot and slash characters, a user may be able to 

bypass the checks performed by smrsh. This can lead to the execution of commands outside 

of the restricted environment. 


CVE-2002-1337 

MS SMTP NULL Session Mail Relay 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote SMTP server may be inappropriately used as a relay.\n\nIt is 

possible to authenticate to the remote SMTP service by logging in as a NULL session. An 

attacker may exploit this flaw to use your SMTP server as a spam relay. 


CVE-2002-0054 

ISMail < 1.4.5 Multiple Command Domain Name Handling Overflow 



running ISMail, a SMTP server that is vulnerable to a buffer overflow. An attacker may 

exploit this flaw to gain LOCALSYSTEM privileges on this host. 



Youngzsoft CMailServer < 4.0.2003.03.30 RCPT TO Overflow 

PVS ID: 2042 FAMILY: SMTP Servers RISK: HIGH NESSUS ID:Not Available 


running a version of CMailServer that is vulernable to a buffer overflow. An attacker may 

use this flaw to cause CMailServer to crash or execute arbitrary code. 

Solution: Upgrade to version 4.0.2003.03.30 or higher. 

CVE-2003-0280 


Sendmail < 8.12.10 prescan() Function Remote Overflow 




server may be vulnerable to a remote buffer overflow that can be exploited by an attacker 

to gain a root shell on this host. 


CVE-2003-0694 

Sendmail < 8.7.6 GECOS Field Local Overflow DoS 



sensitive files or data.\n\nThe remote Sendmail server has a buffer overflow and a denial of 

service vulnerability in the way it uses the GECOS fields. A local attacker may exploit this 

flaw to escalate privileges on this host and gain a root shell. 


GoToMyPC Detection 

CVE-1999-0131 


RISK: 

MEDIUM 


Description: The remote host is running GoToMyPC, a remote administration tool that allows access to 

a PC. This software uses a backchannel (viewed as an outgoing connection by your 

firewall) to communicate with the vendor's computers that then broker a connection back to 

the remote client accessing this computer. 

Solution: Verify that this software conforms to your security policy. 


Sendmail SMTP Server Detection 


Description: The remote SMTP server is running a version of Sendmail. 

Solution: N/A 


Lotus Domino SMTP Server Detection 




Description: The remote host is running a version of the Domino mail server. 

Solution: N/A 


Clearswift MAILsweeper for SMTP < 4.3.15 Multiple Vulnerabilities 



remote host is running a vulnerable version of Clearswift MAILsweeper for SMTP. 

Clearswift MAILseeper for SMTP versions 4.3.14 and prior are reported to be prone to 

several security issues. 

Solution: Upgrade to Clearswift MAILsweeper 4.3.15 or higher. 

CVE-2004-2328 

Ipswitch IMail Weak Password Encryption Weakness 


Description: Synopsis :\n\nThe remote host stores local confidential data in an insecure manner.\n\nThe 

remote host is running Ipswitch IMail, an e-mail server that serves email via a web 

interface. IMail runs on Microsoft Windows operating systems. Ipswitch IMail is reported 

to use a weak encryption algorithm when obfuscating saved passwords. A local attacker 

who has the ability to read the encrypted passwords from the system registry may easily 

derive the plaintext password if the username that is associated with the password is 

known. 



Gnutella Server Detection 

PVS ID: 2050 FAMILY: Peer-To-Peer File Sharing 

RISK: 

MEDIUM 


Description: A Gnutella node was detected on the network. Gnutella is a peer-to-peer file-sharing 

software that allows users to share music or other media files. 

Solution: Ensure that use of this software is acceptable within company policy. 

BearShare Detection 




RISK: 

MEDIUM 



Description: A Bearshare node was detected on the network. Bearshare is a peer-to-peer 

file-sharing software that allows users to share music or other media files. 

Solution: Ensure that use of BearShare software is acceptable to your company's policy. 


ICQ P2P Client Detection 


Description: The remote host is using ICQ. 

RISK: 

MEDIUM 

NESSUS ID: 

Solution: Ensure that the software is being used in accordance with company policy. 

Blubster Detection 



Description: The remote host is using Blubster. 

RISK: 

MEDIUM 

NESSUS ID: 


Gnucleus Detection 


PVS ID: 2054 FAMILY: Peer-To-Peer File Sharing RISK: LOW NESSUS ID: 

Description: The remote host is using Gnucleus version %L 


Morpheus Detection 


PVS ID: 2055 FAMILY: Peer-To-Peer File Sharing RISK: LOW NESSUS ID: 

Description: The remote host is using Morpheus version %L 


WinMX Detection 





RISK: 

MEDIUM 

Description: The remote host is running the WinMX P2P client. 

NESSUS ID: 


Xolox Detection 



RISK: 

MEDIUM 

Description: The remote host is running the XOLOX P2P client. 



Kazaa Detection 


PVS ID: 2058 FAMILY: Peer-To-Peer File Sharing RISK: HIGH NESSUS ID:11426 

Description: The remote host is running the Kazaa P2P client. 


Shareaza Detection 

CVE-2002-0315 


Description: The remote host is running Shareaza version %L 

RISK: 

MEDIUM 

NESSUS ID: 


Edonkey2k Detection 




RISK: 

MEDIUM 

Description: The remote host is running the Edonkey P2P client. 

NESSUS ID: 



MyNapster Detection 



RISK: 

MEDIUM 

Description: The remote host is running the MyNapster P2P client version %L 

NESSUS ID: 


KazaaClient Detection 



RISK: 

MEDIUM 

Description: The remote host is running the KazaaClient P2P client. 

NESSUS ID: 


Trillian Detection 



RISK: 

MEDIUM 

Description: The remote host is running the Trillian P2P client. 

NESSUS ID: 



Mantis < 0.18.3 / 0.19.0a2 Multiple Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to an HTML injection attack.\n\nThe remote 

host seems to be running a vulnerable version of Mantis, a bug tracker web application 

written in PHP. It is reported that versions up to 0.18.0 and 0.19.0a1 are prone to multiple 

flaws that may allow a remote attacker to inject malicious HTML in webpages, to execute 

arbitrary code on the remote host or to perform a mass mailing. 

Solution: Upgrade to Mantis version 0.18.3 or 0.19.0a2 or higher. 

CVE-2004-1731 

Serv-U FTP Server Default Account 





credentials.\n\nThe remote host is running a version of the Serv-U FTP Server that has an 

hidden default administration account. This account is reported to be hard-coded but it can 

be used only from the loopback interface. It may permit a local attacker to log into the site 

maintenance interface. 


CVE-2004-2532 

Mozilla Browser Input Type HTML Tag Unauthorized Access 


RISK: 

MEDIUM 



remote host is using a vulnerable version of Mozilla, an open-source web browser. It is 

reported that Mozilla versions prior 1.7.1 present an issue in the INPUT tag. An attacker 

may craft a malicious web page that may secretly upload files readable by the victim on a 

remote computer. 


CVE-2004-0759 

Subversion (SVN) < 1.0.3 Remote Buffer Overflow 



running Subversion, an open-source file management product. According to the version 

number, the remote system is vulnerable to at least one remote buffer overflow. 


CVE-2004-0397 

Sympa < 4.1.2 wwsympa.fcgi List Master Authentication Bypass 


Description: Synopsis :\n\nThe remote host is vulnerable to a flaw that allows for the 

bypassing of authentication.\n\nThe remote host is running wwsympa.fcgi, a 

web interface for the Sympa mailing list manager. It is reported that this version 

of Sympa may permit an attacker to bypass the list master authentication in 

order to create unauthorized mailing list. 





Sympa < 4.1.3 List Creation Description Field XSS 


Description: Synopsis :\n\nThe remote host is vulnerable to a Cross-Site Scripting (XSS) attack.\n\nThe 

remote host is running wwsympa.fcgi, a web interface for the Sympa mailing list manager. 

It is reported that this version of Sympa may permit an attacker to inject malicious HTML 

in "List Info" page through the description field of the list creation form. This field is not 

sanitized properly by the CGI. 


CVE-2004-1735 

thttpd < 2.20 Arbitrary World-Readable File Disclosure 



sensitive files or data\n\nThe remote host is running a vulnerable version of Acme thttpd. 

This web server includes a CGI program to provide server-side-includes functionalities. It 

is reported that this CGI program does not properly filter certain escape sequences. An 

attacker may view arbitrary files in a known location on the web server. 


CVE-2000-0900 

THTTPD/Mini_HTTPD < 2.22 File Disclosure 


Description: Synopsis : \n\nThe remote host is vulnerable to a flaw that allows attackers to 

retrieve sensitive files or data.\n\nThe remote host is running a vulnerable version of 

Acme thttpd. It is reported that versions prior 2.22 are prone to an issue that may 

permit an attacker to access arbitrary files on the vulnerable web server. The version 

of the remote thttpd server is: \n %L 



THTTPD/Mini_HTTPD < 1.16 File Disclosure 





sensitive files or data.\n\nThe remote host is running a vulnerable version of Acme 

mini_httpd. It is reported that versions prior 1.16 are prone to an issue that may 

permit an attacker to access arbitrary files on the vulnerable web server. 

Solution: Upgrade to mini_httpd 1.16 or higher. 


thttpd < 2.21 Error Page XSS 


Description: Synopsis : \n\nThe remote host is vulnerable to a Cross-Site Scripting (XSS) attack.\n\nThe 

remote host is running a vulnerable version of Acme thttpd. It is reported that this version 

of thttpd fails to check URLs for the presence of script commands when generating error 

pages. An attacker may craft links containing scripting code in order to execute code within 

the context of the website. The version of the remote thttpd server is: \n %L 


CVE-2002-0733 

thttpd/mini_httpd Virtual Hosting File Disclosure 



sensitive files or data.\n\nThe remote host is running a vulnerable version of Acme 

mini_httpd. It is reported that versions prior 1.18 are prone to an issue that may permit an 

attacker to access arbitrary files on the vulnerable web server when virtual hosting is 

enabled. In a chrooted environment, this may only disclose directories under the chroot. 


CVE-2003-0899 

thttpd/mini_httpd < 2.24 Virtual Hosting File Disclosure 



sensitive files or data.\n\nThe remote host is running a vulnerable version of Acme thttpd. 

It is reported that versions prior 2.24 are prone to an issue that may permit an attacker to 

access arbitrary files on the vulnerable web server when virtual hosting is enabled. In a 

chrooted environment, this may only disclose directories under the chroot. 


CVE-2003-0899 



thttpd CGI Test Script XSS 



remote host is running a vulnerable version of Acme thttpd. It is reported that versions prior 

2.06 are prone to a cross-site scripting issue which may permit an attacker to embed hostile 

HTML and script code in an URL. This code may be rendered by the web browser of an 

innocent user visiting this crafted URL. This would occur in the security context of the 

vulnerable web site. 



BadBlue Webserver Connection Saturation Remote DoS 


RISK: 

MEDIUM 



remote host is running a version of BadBlue webserver that is reported to be vulnerable to a 

denial of service. Upon receiving approximatively 24 connections for the same IP address, 

BadBlue Webserver version up to 2.5 may stop responding to new incoming request as 

long as the attacker maintains the connections. 


CVE-2004-1727 

PHP-Fusion Database Backup Information Disclosure 



sensitive files or data.\n\nThe remote host is running a version of PHP-Fusion that is 

prone to an information disclosure issue. In versions prior to 4.01, an attacker may 

download an entire backup of the web site database if he can guess the name of the 

backup file. 


CVE-2004-1724 

MySQL Mysqlhotcopy Script Insecure Temporary File Creation 



RISK: 

MEDIUM 




sensitive files or data.\n\nThe remote host is running a version of MySQL that is older than 

version 3.23.49 or than 4.0.20. The version of the utility Mysqlhotcopy included in these 

versions of MySQL is reported to be prone to a vulnerability that may permit an attacker to 

overwrite arbitrary files on the database server with the privilege of the targeted user. 

Privilege escalation may also be possible. An attacker requires local interactive access in 

order to exploit this vulnerability. 


CVE-2004-0457 

Opera getElementsByTagName Javascript Method DoS 


RISK: 

MEDIUM 



attack.\n\nThe remote host is using a version of Opera that is affected by a security 

weakness that may permit an attacker to crash the remote web browser using 

Javascript. 


SQL Server Detection 



Description: Detects SQL servers on port 1433 

Solution: N/A 


eGroupWare < 1.0.0.004 Multiple XSS 

RISK: Risk 

not available 




remote host is running eGroupWare, a web-based groupware solution. It is reported that 

versions prior 1.0.0.004 are prone to a cross-site scripting issue. An attacker may steal 

cookie-based authentication credentials from a legitimate user by sending malformed links 

to this web site. 


CVE-2004-1467 



libNSS Hello Challenge Remote Heap Overflow 


RISK: 

MEDIUM 



running a vulnerable version of the Mozilla web browser. This version is based on a 

vulnerable version of libNSS, the Network Security Service library that implements the 

SSL/TLS protocol. It is reported that versions of libNSS up to 3.9.0 are prone to a remote 

heap overflow in the processing of the 'hello' message. An attacker may use this overflow 

to execute arbitrary code on the remote host. 


CVE-2004-0826 

libNSS Hello Challenge Remote Heap Overflow 


Description: Synopsis : \n\nThe remote host is vulnerable to a buffer overflow.\n\nThe remote host 

seems to be running a vulnerable version of the Netscape Enterprise Server, iPlanet or Sun 

ONE Web Server. This version is based on a vulnerable version of libNSS, the Network 

Security Service library that implements the SSL/TLS protocol. It is reported that versions 

of libNSS up to 3.9.0 are prone to a remote heap overflow in the processing of the 'hello' 

message. An attacker may use this overflow to execute arbitrary code on the remote host. 

PVS detected the following version of the webserver: \n %L 


CVE-2004-0826 

Bird Chat Server Invalid User DoS 


RISK: 

MEDIUM 



remote host is running a vulnerable version of Bird Chat Server. Bird Chat Server is a small 

chat server for Windows. It is reported that versions up to 6.10 are prone to an issue that 

permit an attacker connecting with a fake username on the server to remotely crash all 

clients using the server. 


CVE-2004-1739 

Icecast list.cgi User-Agent XSS 





remote host is running a vulnerable version of Icecast, an open-source streaming server. It 

is reported that every version of the 1.3 branch is vulnerable to a cross scripting issue. An 

attacker may steal cookie-based authentication credentials from a legitimate user by 

sending malformed links to the Icecast server. 


CVE-2004-0781 

Icecast < 2.0.1 HTTP Basic Authentication Remote Overflow 



running a vulnerable version of Icecast, an open-source streaming server. It is reported that 

every version prior to 2.0.1 is vulnerable to a remote buffer overflow during the Base64 

authorization request processing. This vulnerability may permit an attacker to execute 

arbitrary code on the remote host. 

Solution: Upgrade to Icecast 2.0.1 or higher. 

CVE-2004-2027 

Icecast Server < 2.0.0 list_directory Function Traversal Directory Enumeration 


RISK: 

MEDIUM 



host is running a vulnerable version of Icecast, an open-source streaming server. It is 

reported that every version prior 2.0.0 is vulnerable to directory traversal issue. This issue 

discloses the existence of directory on the remote system that may permit an attacker to 

gather information about the host. 


CVE-2002-1982 

Icecast < 1.3.12 Multiple Remote Buffer Overflows 




every version up to 1.3.10 is vulnerable to a remote buffer overflow which may permit an 

attacker to execute arbitrary code on the host. 




CVE-2001-1230 

Icecast < 1.3.10 Multiple Remote Buffer Overflows 




every version prior 1.3.10 is vulnerable to a remote buffer overflow that may permit an 

attacker to execute arbitrary code on the host. Most vulnerable versions usualy run as root. 


CVE-2001-1229 

Icecast < 1.3.12-1 HTTP GET Request Remote Overflow 




every version prior to 1.3.12-1 is vulnerable to a remote buffer overflow that may permit an 

attacker to execute arbitrary code on the host. 

Solution: Upgrade to Icecast 1.3.12-1 or higher. 

CVE-2002-0177 

Icecast Server < 1.3.10 Crafted URI Remote DoS 


RISK: 

MEDIUM 



remote host is running a vulnerable version of Icecast, an open-source streaming server. It 

is reported that every version prior to 1.3.10 is vulnerable to a remote denial of service. The 

problem occurs if an attacker crafts a malicious file request by appending '/', '\' or '.' at the 

end. 


CVE-2001-0784 

Icecast Server < 1.3.10 Directory Traversal Arbitrary File Access 



RISK: 

MEDIUM 



sensitive files or data.\n\nThe remote host is running a vulnerable version of Icecast, an 

open-source streaming server. It is reported that every version prior to 1.3.10 is vulnerable 


to an information disclosure issue. An attacker may craft encoded URL request that may 

permit him to read files and directory outside the Icecast Server directory. 


CVE-2001-0784 

Icecast < 1.3.10 print_client() Format String 



host is running a vulnerable version of Icecast, an open-source streaming server. It is 

reported that every version prior to 1.3.10 is vulnerable to a format string bug that may 

permit an attacker to overwrite memory at arbitrary address. 


CVE-2001-0197 

DtMail Local Format String Privilege Escalation 



host is using DtMail, a mail user agent included in CDE, the default desktop environment 

for Sun Solaris. It is reported that versions of DtMail shipped with Solaris 8 and 9 are prone 

to a local format string issue. An local attacker may exploit this vulnerability to execute 

malicious code with mail group privileges. 


CVE-2004-0800 

WebAPP < 0.9.9.2 index.cgi Directory Traversal Arbitrary File Access 


RISK: 

MEDIUM 



sensitive files or data.\n\n The remote host is running WebAPP, an open-source web portal 

application written in perl. There is a flaw in the remote version of this software that may 

allow an attacker to read arbitrary files on the remote host with the privileges of the web 

server process (httpd or root). 


CVE-2004-1742 


Easy File Share Virtual Folders Arbitrary File Access 



RISK: 

MEDIUM 



sensitive files or data.\n\nThe remote host is running a version of the Easy File Share Web 

Server that is vulnerable to an information disclosure vulnerability. It is reported that in 

versions up to 1.25, an attacker may obtain read access to the server underlying filesystem 

using virtual folders URLs. 


CVE-2004-1743 

Easy File Sharing Large HTTP Request Remote DoS 


RISK: 

MEDIUM 



remote host is running a version of the Easy File Sharing Web Server that is vulnerable to 

an remote denial of service. An attacker may deny service to legitimate users by sending 

large HTTP request to the web server. When processing such requests, this service 

consumes CPU resources exponentially. 


CVE-2004-1744 

PHP Code Snippet Library index.php XSS 



remote host is running a version of PHP-CSL that is reported prone to a cross-site scripting 

vulnerability. An attacker may steal cookie-based authentication credentials from a 

legitimate user using crafted link to this web application. 


CVE-2004-1746 

Outlook Express BCC: Recipient Disclosure 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote email client is vulnerable to a flaw where the 'BCC' address is 

not hidden.\n\nThe remote host is using Outlook Express version 6.00 or 6.00 SP1. It is 

reported that the effectiveness of the BCC: field in these versions cannot be trusted. People 

receiving the mail through the To: and CC: fields can find the invisible receipients by 

opening the mail in a text editor. 



CVE-2004-2137 

Winamp < 5.05 .WSZ File Handling Remote Code Execution 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nThe remote client is 

running a version of the Nullsoft Winamp media player that may be vulnerable to a remote 

code execution issue. This vulnerability may be used to remotely execute arbitrary code on 

the host by crafting a malicious .WSZ file (Winamp Skin). 

Solution: Upgrade to Winamp 5.05 or higher. 


ignitionServer < 0.3.2 SERVER Command Remote DoS 

PVS ID: 2152 FAMILY: IRC Servers 

RISK: 

MEDIUM 



remote host is running an ignitionServer IRC server. This version of ignitionServer is 

reported to be prone to a remote denial of service in the processing of the SERVER IRC 

command. An attacker may crash or hang the remote server, denying service to legitimate 

users. 



Unreal IRCD < 3.2.1 Cloak IP Address Disclosure 

PVS ID: 2153 FAMILY: IRC Servers RISK: LOW NESSUS ID:Not Available 


attacks.\n\nThe remote host is running a version of Unreal IRCD that is prone to a cloaked 

IP address disclosure issue. An attacker may use its own IP and the corresponding hash in 

order to find the server cloak keys. This vulnerability could permit an attacker to gather 

valid IP addresses in order to carry out attacks on them. 


CVE-2004-0679 


Unreal IRCD OperServ Raw Message Channel Join DoS 

PVS ID: 2154 FAMILY: IRC Servers NESSUS ID:Not Available 


RISK: 

MEDIUM 


remote host is running a version of Unreal IRCD that is vulnerable to a remote denial of 

service. It is reported that Unreal IRCD may crash when a client sends a raw message to 

OperServ to join a channel. An attacker may use this issue to deny service to legitimate 

users. 



CVS history.c File Existence Disclosure 


RISK: 

MEDIUM 



attacks.\n\nThe remote host is running a CVS server that, according to its version number, 

is vulnerable to an information disclosure issue. This weakness can be exploited by 

malicious users to gain knowledge about files and directories existing on the server. 


CVE-2004-0778 

Merak Mail Server < 7.5.1 Web Mail Module Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote web server contains a script that is vulnerable to a SQL injection 

attack.\n\nThe remote host is running Merak Mail Server. It is reported that versions prior 

to 7.5.1 are prone to multiple vulnerabilities in the Web Mail module. An attacker may use 

these vulnerabilities to perform cross-site scripting attacks, SQL injection and access to the 

PHP source code. 

Solution: Upgrade to Merak Mail Server 7.5.1 or higher if you are using the Web Mail module. 

CVE-2004-1721 











CVE-2004-1721 









CVE-2004-1721 

Gaim < 0.82 Multiple Overflows 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nThe remote host 

appears to be running Gaim, a popular open-source multi-protocol instant messenger. It is 

reported that this version of Gaim is prone to multiple vulnerabilities including several 

buffer and heap overflows. These vulnerabilities may permit an attacker to execute 

arbitrary code on the remote computer. 

Solution: Upgrade to Gaim 0.82.0 or higher. 

CVE-2004-0785 

Gaim < 0.82 MSN Protocol Buffer Overflow 


RISK: 

MEDIUM 




reported that this version of Gaim is prone to several buffer overflows in the MSN protocol 

implementation. This vulnerability may permit an attacker to execute arbitrary code on the 

remote computer. 

Solution: Upgrade to Gaim 0.82.0 or higher or disable the MSN protocol module. 

CVE-2004-0500 


Gaim / Ultramagnetic Multiple Security Vulnerabilities 

PVS ID: 2161 FAMILY: Internet Messengers NESSUS ID:Not Available 


RISK: 

MEDIUM 


seems to be running either Gaim, a popular open-source multi-protocol instant messenger, 

either Ultramagnetic, a clone of Gaim that includes encryption features. It is reported that 

the version of the running software is prone to 12 security problems including buffer and 

stack overflows. These vulnerabilities may permit an attacker to execute arbitrary code on 


Solution: Upgrade to Gaim version 0.76 or higher or to Ultramagnetic 0.81.0 or higher. 

CVE-2004-0008 

Gaim < 0.59.1 Remote Command Execution 


RISK: 

MEDIUM 



seems to be running Gaim, a popular open-source multi-protocol instant messenger. It is 

reported that this version of Gaim is prone to a remote command execution issue. An 

attacker may send malicious code encoded in hyperlinks in instant messages that will be 

executed by the remote host. 


CVE-2002-0989 

Gaim < 0.59 Web Mail Account Information Disclosure 



sensitive files or data.\n\nThe remote host appears to be running Gaim, a popular 

open-source multi-protocol instant messenger. It is reported that this version of Gaim is 

prone to an information disclosure issue. If the user configures Gaim to check a web mail 

account, the program may create two world readable files in /tmp during the operation that 

contain sensitive information about the account. 


CVE-2002-0377 


Keene Digital Media Server Directory Traversal Arbitrary File Access 




host is running Keene Digital Media Server, a web application for Microsoft Windows 

designed to share media files on the Internet. The version installed on the remote host has 

been reported to be prone to a directory traversal issue. An attacker may gain read access 

on files outside the web root. 



Keene Digital Media Server < 1.0.4 Directory Traversal and Authentication Bypass 


RISK: 

MEDIUM 



is running Keene Digital Media Server, a web application for Microsoft Windows designed 

to share media files on the Internet. The version installed on the remote host has been 

reported prone to several vulnerabilities including a directory traversal issue and an 

authentication bypass issue. An attacker may gain read access on files outside the web root 

or access the administrative module without authentication. 


CVE-2004-2419 

Webmatic < 1.9.0 Multiple Vulnerabilities 



remote host is running Webmatic, a web portal application. It is reported that this version of 

Webmatic is prone to several unknown security issues. 

Solution: Upgrade to Webmatic 1.9.0 or higher. 


HastyMail HTML Attachment Content-Disposition Header XSS 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a Script Injection attack.\n\nThe remote host 

is running HastyMail, a PHP-based mail client application. There is a flaw in the remote 

version of this software that may allow an attacker to execute arbitrary javascript code on 

the hosts of users of this software. To exploit this flaw, an attacker would need to send an 

email to a victim using HastyMail containing a malicious HTML attachment. When the 

victim attempts to read the attachment, a web browser may attempt to render the HTML 

file. An attacker may use this flaw to steal the cookies of the victim and therefore get 

access to their mailbox or perform other attacks. 


Solution: Upgrade to Hastymail 1.0.2 or 1.2.0 or higher. 

CVE-2004-2704 

Nakedsoft Gaucho < 1.4.0 Build 151 Content-Type Header Overflow 


RISK: 

MEDIUM 



using Nakedsoft Gaucho, an email client for Microsoft Windows. It is reported that this 

version of the software is prone to a buffer overflow in its mail headers processing 

function. An attacker may craft a malicious email that could execute arbitrary code on the 

remote host. 

Solution: Upgrade to Gaucho 1.4.0 build 151 or higher. 

CVE-2004-1752 

Gecko-based Browsers for MacOS X Content Spoofing 



appears to be running a Gecko-based browser under the MacOS X operating system. It 

could be Mozilla, Camillo, Netscape or Firefox. This version of the software is vulnerable 

to a content spoofing issue because of a flaw in the third-party plug-in management. An 

attacker may write a malicious plug-in (or a Java applet) that may misrepresent or spoof the 

content of a alternate tab. 


CVE-2004-1753 

4D WebStar < 5.3.3 FTP Pre-Authentication Overflow 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nThe remote server is 

running 4D WebStar. There is a buffer overflow condition in the FTP server module of the 

remote version of this software. An attacker may exploit this flaw to execute arbitrary code 

on the remote host with the privileges of the FTP server (root). 

Solution: Upgrade to 4D WebStar 5.3.3 or higher. 

CVE-2004-0695 

4D WebStar < 5.3.3 Information Disclosure 




RISK: 

MEDIUM 


server is running 4D WebStar Web Server. The remote server is vulnerable to two issues: 

an attacker may be able to obtain the listing of a directory by appending a star (*) to the 

directory name and an attacker may obtain the file php.ini by directly requesting 

/cgi-bin/php.ini 

Solution: Upgrade to 4D WebStar 5.3.3 or higher. 

CVE-2004-0696 

Abyss < 1.1.6 httpd GET Request Remote Overflow 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nThe remote Abyss 

Web server is vulnerable to a buffer overflow that may be exploited by an attacker to 

execute arbitrary code on this host. 

Solution: Upgrade to Abyss 1.1.6 or higher. 

CVE-2003-1337 




remote host appears to be running a version of Apache that is older than 1.3.28 There are 

several flaws in this version, which may allow an attacker to disable the remote server. 


CVE-2002-0061 




host appears to be running a version of Apache which is older than 1.3.29 There 

are several flaws in this version that may allow an attacker to possibly execute 

arbitrary code through mod_alias and mod_rewrite. 


CVE-2003-0542 






remote host appears to be running a version of Apache 2.x that is older than 2.0.48. This 

version is vulnerable to a bug that may allow a rogue CGI to disable the httpd service by 

issuing over 4K of data to stderr. To exploit this flaw, an attacker would need the ability to 

upload a rogue CGI script to this server and to have it executed by the Apache daemon 

(httpd). 


CVE-2004-0092 

Argosoft HTTP GET Request Saturation Remote DoS 


RISK: 

MEDIUM 



running Argosoft. This version is reported prone to a denial of service. It is possible to kill 

the remote HTTP server by sending an invalid request to it ('GET /index.html\n\n'). An 

attacker may exploit this vulnerability to make a web server crash continually or even 

execute arbitrary code on a system. 



BadBlue < 2.3 ISAPI Module Remote Administrative Interface Access 



authentication.\n\nThe remote BadBlue web server has a bug in the way its security 

functions are performed that may allow attackers to gain administrative control of this host. 



CommuniGatePro < 4.1b2 Session Token Disclosure 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host may allow an attacker to gain unauthorized access to a user's 

email.\n\nThe remote CommuniGatePro, according to its version number, is vulnerable to a 

flaw that may allow an attacker access the mailboxes of its victims. To exploit such a flaw, 

the attacker needs to send an email to a victim with a link to an image hosted on a rogue 

server that will store the Referer field sent by the user-agent that contains the credentials 

used to access the victim's mailbox. 


Solution: Upgrade to CommuniGatePro 4.1b2 or higher. 


Dune Web Server HTTP GET Request Remote Overflow 



running a version of the Dune Web server that contains a flaw that may be exploited by an 

attacker to gain a shell on this host. 



Microsoft IIS FrontPage Extensions Detection 


Description: The remote host is running Microsoft IIS with FrontPage Extensions. 

Solution: Ensure that you are running a fully patched version of FrontPage and that access to the 

FrontPage application is limited to authorized developers and/or administrators. 

CVE-2003-0824 

iPlanet Web Server < 4.1 SP7 URL-Encoded Host: Information Disclosure 


RISK: 

MEDIUM 



iPlanet webserver (according to it's version number) is vulnerable to a bug where a remote 

user can retrieve sensitive data from memory allocation pools or cause a denial of service 

against the server. 

Solution: Update to version 4.1 SP7 or higher. 

MyServer < 

CVE-2001-0327 



RISK: 

MEDIUM 



remote host is running myServer 0.4.2 or older. There are flaws in this software that may 

allow an attacker to disable this service remotely. 



CVE-2002-2240 

OpenSSL < 0.9.6m / 0.9.7d Multiple DoS 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is vulnerable to a Denial of Service (DoS) attack.\n\nThe 

remote host is using a version of OpenSSL that is older than 0.9.6m or 0.9.7d There are 

several vulnerabilities in this version of OpenSSL that may allow an attacker to cause a 

denial of service against the remote host. The reported version of OpenSSL is: \n %L 

Solution: Upgrade to version 0.9.6m, 0.9.7d or higher. 

CVE-2004-0112 

Pi3Web Webserver < 2.0.3 HTTP GET Request Overflow DoS 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nThe remote Pi3Web 

web server may crash when it is sent a malformed GET request. 

Solution: Upgrade to Pi3Web 2.0.3 or higher. 

CVE-2003-0276 

Squid Remote NTLM Authentication Password Handling Remote Overflow 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nThe remote server is 

running a Squid proxy server. This version is reported vulnerable to a remote buffer 

overflow in the NTLM authentication routine. Exploitation of this vulnerability can allow 

remote attackers to gain access to confidential data. 


CVE-2004-0541 

WebServer 4D HTTP GET Request Remote Overflow 



RISK: 

MEDIUM 



running WebServer 4D. It is possible to kill the web server by sending an oversized string 

of '

your web server crash continually or even execute arbirtray code on your system. 


CVE-2005-1507 

Nagl Dictionary Module for XOOPS XSS 



remote host is running Nagl Dictionary, a XOOPS module. XOOPS is a web portal 

application written in PHP. The running version is reported vulnerable to a cross-site 

scripting issue. An attacker may steal cookie-based authentication credentials from a 

legitimate user by sending the user malformed links to this web site. 


CVE-2004-1640 

WS_FTP Server < 5.04 Hotfix 1 Path Parsing Remote DoS 


Description: Synopsis :\n\nThe remote host is vulnerable to a Denial of Service (DoS) attack.\n\nThis 

host is running a vulnerable version of WS_FTP Server. Versions up to and including 5.0.2 

are reported prone to a remote denial of service in the processing of the CD command. By 

providing a malformed path containing '../' characters to the CD command, an attacker may 

exhaust server resources. 

Solution: Upgrade to version 5.04 Hotfix 1 or higher. 

CVE-2004-1643 

WFTPD MLST Command Remote DoS 



remote WFTP server may crash when a logged user sends 60 MLST requests with varying 

parameter sizes over 2KB. An attacker may use this flaw to prevent this host from 

publishing anything using FTP. 


CVE-2004-1642 

Titan FTP < 3.30 CWD Remote Heap Overflow 



RISK: 

MEDIUM 



Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nThe remote is running 

Titan FTP Server. All versions up to and including 3.21 are reported vulnerable to a remote 

heap overflow in the CWD command processing. An attacker may deny service to 

legitimate users or execute arbitrary code on the remote host. 

Solution: Upgrade to Titan FTP 3.30 or higher. 

CVE-2004-1641 

phpScheduleIt < 1.0.0 New User Registration HTML Injection 


Description: Synopsis :\n\nThe remote host is vulnerable to an HTML injection attack.\n\nThe 

remote host is running phpScheduleIt. According to its banner, this version is 

reported vulnerable to an HTML injection issue. An attacker may add malicious 

HTML and Javascript code in a schedule page if they have the right to edit the 

'Schedule Name' field. This field is not properly sanitized. The malicious code 

would be executed by a victim's web browser displaying this schedule. 

Solution: Upgrade to phpScheduleIt 1.0.0 or higher. 

CVE-2004-1651 

pLog register.php HTML Injection 



host is running pLog, a blog system implemented in PHP. It is reported that every version 

up to and including 0.3.2 are prone to an HTML injection issue in the user registration 

form. An attacker may use the 'username' and 'blog' fields to inject malicous HTML codes 

and scripts in web pages. The malicious code will be executed by a victim's browser when a 

tampered page is displayed. For example, the summary.php page that lists every user and 

their blog on the system. 



dasBlog Multiple HTTP Headers HTML Injection 




host is running dasBlog, a .NET blog system. It is reported that versions up to and 

including 1.6.0 are vulnerable to an HTML injection issue. The application does not 

sanitize the Referer and User-Agent HTTP headers. An attacker may use this weakness to 

include malicious code in the 'Activity and Events Viewer' that may be executed by an 

administrator displaying this page. 



CVE-2004-1657 

Cerbere Proxy Server Long Host Header Field Overflow DoS 



running Cerbere Proxy Server, a HTTP/FTP proxy server for Windows operating systems. 

It is reported that versions up to and including 1.2 are vulnerable to a remote denial of 

service in the 'Host:' HTTP field processing. An attacker may craft a malicious HTTP 

request with a large 'Host:' field to deny service to legitimate users. 



Cisco IOS ACL Bypass (Bug ID CSCdi34061) 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host may allow unauthorized traffic to pass, despite configured 

access controls.\n\n The remote system appears to be vulnerable to a flaw in IOS when the 

keyword 'established' is being used in the ACLs. This bug can, under very specific 

circumstances and only with certain IP host implementations, allow unauthorized packets 

to circumvent a filtering router. This vulnerability is documented as Cisco Bug ID 

CSCdi34061. 

Solution: http://www.cisco.com/warp/public/707/2.html 

CVE-1999-0162 



RISK: 

MEDIUM 



access controls.\n\n The remote system seems to be vulnerable to a flaw in IOS when the 




CSCdi34061. 


CVE-1999-0162 





RISK: 

MEDIUM 







CSCdi34061. 


CVE-1999-0162 


PVS ID: 2198 FAMILY: SNMP Traps RISK: HIGH NESSUS ID:10974 



keyword 'tacacs-ds' or 'tacacs' is being used in extended ACLs. This bug can, under very 

specific circumstances and only with certain IP host implementations, allow unauthorized 

packets to circumvent a filtering router. This vulnerability is documented as Cisco Bug ID 

CSCdi36962. 


CVE-1999-0161 








CSCdi36962. 


CVE-1999-0161 










CSCdi36962. 


CVE-1999-0161 

Cisco IOS OSPF Neighbor Announcement Overflow DoS (Bug ID CSCdp58462) 



Open Shortest Path First (OSPF) implementation in the remote Cisco IOS software 

versions is vulnerable to a denial of service if it receives a flood of neighbor 

announcements in which more than 255 hosts try to establish a neighbor relationship per 

interface. An attacker may use this flaw to prevent the router from working properly. This 

vulnerability is documented as Cisco Bug ID CSCdp58462. 

Solution: http://www.cisco.com/warp/public/707/cisco-sn-20030221-ospf.shtml 

CVE-2003-0100 










CVE-2003-0100 












CVE-2003-0100 

Cisco IOS PPTP Packet Remote DoS (Bug ID CSCdt46181) 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a Denial of Service (DoS) attack.\n\n 

Point-to-Point Tunneling Protocol (PPTP) allows users to tunnel to an Internet Protocol 

(IP) network using a Point-to-Point Protocol (PPP). The protocol is described in RFC2637. 

PPTP implementation using Cisco IOS software releases contains a vulnerability that will 

crash a router if it receives a malformed or crafted PPTP packet. To expose this 

vulnerability, PPTP must be enabled on the router. PPTP is disabled by default. No 

additional special conditions are required. An attacker may use this issue to prevent a 

network from working properly. This vulnerability is documented as Cisco Bug ID 

CSCdt46181 

Solution: http://www.cisco.com/warp/public/707/PPTP-vulnerability-pub.html 

CVE-2001-1183 



RISK: 

MEDIUM 










CSCdt46181 


CVE-2001-1183 




RISK: 

MEDIUM 











CSCdt46181 


CVE-2001-1183 

Cisco PPTP Authentication Bypass / DoS (Bug ID CSCdt56514) 


Description: Synopsis :\n\nThe remote host is vulnerable to a flaw which allows for the 

bypassing of authentication.\n\nThe remote VPN concentrator is vulnerable to 

an internal PPTP / IPSEC authentication login vulnerability. This vulnerability 

is documented as Cisco bug ID CSCdt56514. 

Solution: http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml 

CVE-2002-1095 








CVE-2002-1095 










CVE-2002-1095 

Cisco VPN Concentrator HTML Interface DoS (Bug ID CSCdu15622) 


RISK: 

MEDIUM 



remote VPN concentrator is vulnerable to a flaw in its HTML parser processor. This 

vulnerability is documented as Cisco bug ID CSCdu15622. 


CVE-2002-1093 



RISK: 

MEDIUM 




vulnerability is documented as Cisco bug ID CSCdu15622. 


CVE-2002-1093 



RISK: 

MEDIUM 




vulnerability is documented as Cisco bug ID CSCdu15622. For your information, the 

version of Cisco IOS was observed as: %L 


CVE-2002-1093 

Cisco IOS CEF Packet Information Disclosure (Bug ID CSCdu20643) 



RISK: 

MEDIUM 



manner.\n\nIf the remote device has Cisco Express Forwarding (CEF) enabled, it may leak 

information from previous packets that have been handled by the device. An attacker may 


use this vulnerability to sniff your network remotely. This vulnerability is documented as 

Cisco Bug ID CSCdu20643. 

Solution: http://www.cisco.com/warp/public/707/IOS-CEF-pub.shtml 

CVE-2002-0339 



RISK: 

MEDIUM 








CVE-2002-0339 



RISK: 

MEDIUM 








CVE-2002-0339 

Cisco VPN Concentrator Service Banners Information Disclosure (Bug ID CSCdu35577) 


RISK: 

MEDIUM 



attacks.\n\nThe remote VPN concentrator gives out too much information in application 

layer banners. This vulnerability is documented as Cisco bug ID CSCdu35577. 


CVE-2002-1094 



Cisco VPN Concentrator Service Banner Information Disclosure (Bug ID CSCdu35577) 


RISK: 

MEDIUM 






CVE-2002-1094 

Cisco VPN Concentrator Service Banner Information Disclosure (Bug ID CSCdu35577) 


RISK: 

MEDIUM 






CVE-2002-1094 

Cisco VPN Concentrator Invalid Login DoS (Bug ID CSCdu82823) 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nThe remote VPN 

concentrator has a vulnerability in its implementation of telnetd. This vulnerability is 

documented as Cisco bug ID CSCdu82823. 


CVE-2001-0427 




concentrator has a vulnerability in its implemenation of telnetd. This vulnerability is 



CVE-2001-0427 






concentrator has a vulnerability in its implemenation of telnetd. This vulnerability is 



CVE-2001-0427 

Cisco VPN Concentrator PPTP Multiple Vulnerabilities (Bug ID CSCdv66718) 



remote VPN concentrator has a vulnerability in its PPTP client. This vulnerability is 

documented as Cisco bug ID CSCdv66718. 


CVE-2002-1092 







CVE-2002-1092 







CVE-2002-1092 


Cisco VPN Concentrator HTML Source Cleartext Password Disclosure (Bug ID CSCdv88230, 

CSCdw22408) 



Description: Synopsis :\n\nThe remote host is vulnerable to a flaw that allows attackers to 

retrieve sensitive files or data.\n\nThe remote VPN concentrator discloses the 

passwords of its users in the source HTML of the embedded web server. This 

vulnerability is documented as Cisco bug ID CSCdv88230 and CSCdw22408. 


CVE-2002-1096 

Cisco VPN Concentrator HTMl Source Cleartext Password Disclosure (Bug ID CSCdv88230, 

CSCdw22408) 







CVE-2002-1096 

Cisco VPN Concentrator HTML Source Cleartext Password Disclosure (Bug ID CSCdv88230, 

CSCdw22408) 







CVE-2002-1096 

Cisco VPN Concentrator HTML Source Certificate Password Disclosure (Bug ID CSCdw50657) 




certificate passwords of its users in the source HTML pages of the embedded web 

server. This vulnerability is documented as Cisco bug ID CSCdw50657. 


CVE-2002-1097 










CVE-2002-1097 








CVE-2002-1097 

Cisco VPN Concentrator ACL Bypass / DoS (Bug ID CSCdx07754, CSCdx24622, CSCdx24632) 



remote VPN concentrator is subject to multiple flaws: XML public rule, HTML pages 

access and HTML login processing. This vulnerability is documented as Cisco bug ID 

CSCdx07754, CSCdx24622 and CSCdx24632 


CVE-2002-1098 





access and HTML login processing. This vulnerability is documented as Cisco bug ID 



CVE-2002-1098 







access, HTML login processing. This vulnerability is documented as Cisco bug ID 



CVE-2002-1098 

Cisco VPN Concentrator "No Encryption" Option Remote DoS (Bug ID CSCdx39981) 


RISK: 

MEDIUM 



remote VPN concentrator is subject to a VPN client authentication vulnerability that can 

force a reload of the concentrator when a very large string for the username prompt is sent. 

This vulnerability is documented as Cisco bug ID CSCdx39981 


CVE-2002-1095 



RISK: 

MEDIUM 







CVE-2002-1095 




RISK: 

MEDIUM 








CVE-2002-1095 

Cisco VPN Concentrator LAN-to-LAN IPSEC Tunnel Termination DoS (Bug ID CSCdx54675) 


RISK: 

MEDIUM 



remote VPN concentrator is subject to a LAN-to-LAN IPSEC tunnel vulnerability that 

allows remote attackers to cause a denial of service. Existing associations might be 

removed when a new connection is made and no check is done in order to determine if the 

connection comes from the proper network. This vulnerability is documented as Cisco bug 

ID CSCdx54675 


CVE-2002-1102 



RISK: 

MEDIUM 







ID CSCdx54675 


CVE-2002-1102 




RISK: 

MEDIUM 







ID CSCdx54675 



CVE-2002-1102 

Cisco Multiple DoS (Bug ID CSCdx92043) 


Description: Synopsis :\n\nThe remote host is vulnerable to multiple attack vectors.\n\n Sending bogus 

ICMP redirect packets, a malicious user can either disrupt or intercept communication from 

a router. This vulnerability is documented with the CISCO bug ID CSCdx92043 


CVE-2002-1222 



Description: Synopsis :\n\nThe remote host is vulnerable to multiple attack vectors.\n\nSending bogus 




CVE-2002-1222 



Description: Synopsis :\n\nThe remote host is vulnerable to multiple attack vectors.\n\n Sending bogus 




CVE-2002-1222 

Cisco TFTP Server Long Filename DoS (Bug ID CSCdy03429) 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\n Trivial File Transfer 

Protocol (TFTP) is a protocol that allows for easy transfer of files between network 

connected devices. A vulnerability has been discovered in the processing of filenames 

within a TFTP read request when Cisco IOS is configured to act as a TFTP server. This 

vulnerability is documented as Cisco Bug ID CSCdy03429. 

Solution: http://www.cisco.com/warp/public/707/ios-tftp-long-filename-pub.shtml 

CVE-2002-0813 





Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nTrivial File Transfer 




vulnerability is documented as Cisco Bug ID CSCdy03429 


CVE-2002-0813 



Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nTrivial File Transfer 




vulnerability is documented as Cisco Bug ID CSCdy03429 


CVE-2002-0813 

Cisco VPN Concentrator ISAKMP Packet Remote DoS (Bug ID CSCdy38035) 


RISK: 

MEDIUM 



remote VPN concentrator is subject to an ISAKMP package processing vulnerability. 

Malformed or a very large number of ISAKMP packets might cause a reload of the 

concentrator. The vulnerability is aggravated if debug is turned on. This vulnerability is 

documented as Cisco bug ID CSCdy38035. 


CVE-2002-1103 

Cisco VPN Concentrator ISAKMP PAcket Remote DoS (Bug ID CSCdy38035) 



RISK: 

MEDIUM 









CVE-2002-1103 

Cisco VPN Concentrator ISAKMP Packet Remote DoS (Bug ID CSCdy38035) 


RISK: 

MEDIUM 








CVE-2002-1103 

Cisco IOS SIP Packet Remote DoS (Bug ID CSCdz39284, CSCdz41124) 


Description: Synopsis :\n\nThe remote host is vulnerable to a Denial of Service (DoS) attack.\n\n It is 

possible to make the remote IOS crash by sending malformed SIP packets. These 

vulnerabilities are documented as CISCO bug id CSCdz39284 and CSCdz41124. 

Solution: http://www.cisco.com/warp/public/707/cisco-sa-20030221-protos.shtml 

CVE-2003-1115 

Cisco IOS SIP Packet DoS (Bug ID CSCdz39284, CSCdz41124) 






CVE-2003-1115 


Cisco IOS SIP Packet Remote DoS (Bug ID CSCdz39284, CSCdz41124) 







CVE-2003-1115 

IBM DB2 Multiple Vulnerabilities 

PVS ID: 2252 FAMILY: Database RISK: HIGH NESSUS ID:Not Available 


running a IBM DB/2 Universal Database Server. It is reported that versions up to and 

including 8.1 are vulnerable to multiple critical vulnerabilities including multiple remote 

buffer overflows. Because DB/2 banners sent over the network do not include the installed 

FixPak number, this alert may be a false positive. 

Solution: Install the relevant Fixpak (Fixpak 8 for DB/2 8.1 or Fixpak 12 for DB/2 7.x) from IBM. 

CuteNews < 

CVE-2004-1372 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a Cross-Site Scripting (XSS) 

attack.\n\nAccording to its version number, the remote host is running a version of 

CuteNews that allows an attacker to inject arbitrary script through the variables 

'X-FORWARDED-FOR' or 'CLIENT-IP' when adding a comment. On one hand, an 

attacker can inject a client-side script to be executed by an administrator's browser when 

he/she chooses to edit the added comment. On the other, an attacker with local access could 

leverage this flaw to run arbitrary PHP code in the context of the web server user. 

Additionally, it suffers from a cross-site scripting flaw involving the 'search.php' script. 


CVE-2005-0645 




RISK: 

MEDIUM 



remote host appears to be running a version of Apache 2.x that is older than 2.0.51. It is 

reported that these versions of Apache are prone to a denial of service issue related to 

mod_ssl. An attacker may force a SSL connection to be aborted and therefore cause the 

Apache server to enter in an infinite loop, consuming CPU resources. 



CVE-2004-0748 

Squid NTLM Authentication NTLMSSP Packet Remote DoS 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a Denial of Service (DoS) attack.\n\nThe remote 

server is running a Squid proxy server. This version is reported vulnerable to a remote denial of 

service in the NTLM authentication routine. If NTLM authentication is enabled, an attacker 

may deny service to legitimate users by sending malformed NTLMSSP packets. 

Solution: Apply the relevant patch from 

http://www.squid-cache.org/squid/Versions/v2/2.5/bugs/squid-2.5.STABLE6-ntlm_fetch_string.patch 

CVE-2004-0832 

Ipswitch IMail Server < 8.13.0 Multiple Vulnerabilities 


RISK: 

MEDIUM 



remote host is running Ipswitch IMail, a server that sends clients email via a web interface. 

It runs on Microsoft Windows operating systems. Ipswitch IMail is reported to be 

vulnerable to multiple remote denial of service in the following modules: 'Queue Manager', 

'Web Messaging' and 'Web Calendar'. An attacker may use these weakness to deny service 

to legitimate users. It is conjectured that these issues may allow remote arbitrary code 

execution. 


CVE-2004-2422 

Ipswitch IMail Server < 8.13.0 Multiple Vulnerabilities 



RISK: 

MEDIUM 



remote host is running Ipswitch IMail, an server that sends clients email via a web 

interface. It runs on Microsoft Windows operating systems. Ipswitch IMail is reported to be 

vulnerable to multiple remote denial of service in the following modules: 'Queue Manager', 

'Web Messaging' and 'Web Calendar'. An attacker may use these weakness to deny service 

to legitimate users. It is conjectured that these issues may allow remote arbitrary code 

execution. 



CVE-2004-2422 

Winamp ActiveX Control Remote Buffer Overflow 


RISK: 

MEDIUM 




code execution issue. This vulnerability may be used to remotely execute arbitrary code on 

the host by invoking an ActiveX component installed by Winamp in a malicious manner. 



Opera < 7.54.0 Empty CCCC Object JavaScript-based DoS 



remote host is using a version of Opera that is affected by a security weakness that may 

permit an attacker to crash the remote web browser by using JavaScript. Specifically, 

processing an empty 'CCCC' object generated using JavaScript causes Opera to crash. 



phpMyBackupPro < 1.0.0 Multiple Input Sanitization Vulnerabilities 



appears to be using phpMyBackupPro. It is reported that this version is prone to multiple 

security weaknesses via input validation. An attacker may use these issues to gain access to 

the application or to access the underlying database. 



Keene Digital Media Server Multiple XSS 




remote host is running Keene Digital Media Server, a web application for Microsoft 

Windows designed to share media files on the Internet. This version of the software has 


een reported to be prone to a cross-site scripting issue. An attacker may steal cookie-based 

authentication credentials from a legitimate user by sending malformed links to this site. 



Keene Digital Media Server Multiple Script Authentication Bypass 


RISK: 

MEDIUM 



authentication.\n\nThe remote host is running Keene Digital Media Server, a web 

application for Microsoft Windows designed to share media files on the Internet. This 

version of the software has been reported to be prone to an authentication bypass 

vulnerability. An attacker may access some part of the administration interface 

(adminmessage.kspx and adminshares.kspx) without providing proper authentication. 



Ipswitch WhatsUp Gold prn.htm GET Request Remote DoS 


RISK: 

MEDIUM 



attack.\n\nAccording to its HTTP banner, the remote host appears to be running a 

vulnerable version of Ipswitch WhatsUp Gold, a network management application for 

Microsoft Windows. It is reported that versions up to and incluing 8.03 hotfix 1 are prone 

to a remote denial of service vulnerability when processing certain HTTP GET requests. 

An attacker may deny service to legitimate users by sending a malformed GET request for 

the 'prn.html' file. 

Solution: Upgrade to WhatsUp Gold 8.03 Hotfix 3 or higher. 



Ipswitch WhatsUp Gold Notification Instance Name Remote Overflow 


Description: Synopsis :\n\nThe remote host is missing a critical security patch or upgrade.\n\nAccording 

to its HTTP banner, the remote host appears to be running a vulnerable version of Ipswitch 

WhatsUp Gold, a network management application for Microsoft Windows. It is reported 

that versions up to and incluing 8.03 Hotfix 1 are prone to a remote buffer overflow 

vulnerability when processing notification instance names in the web interface. An attacker 

may use this vulnerability to execute arbitrary code on the remote host. 


Solution: Upgrade to WhatsUp Gold 8.03 Hotfix 2 or higher. 


mpg123 Multiple Remote Overflows 



seems to be running mpg123 (or one of its derivatives). This version of mpg123 is reported 

to be vulnerable to a remote buffer overflow that may permit an attacker to execute 

arbitrary code on the remote host. 


CVE-2004-0805 

PSNews v1.1 index.php Multiple Parameter XSS 



remote host is running PSNews, a content management system implemented in ASP. It is 

reported that PSNews v1.1 is affected by a cross-site scripting vulnerability. An attacker 

may steal cookie-based authentication credentials from a legitimate user by sending 

malformed links to this web site. 


CVE-2004-1665 

OpenCA < 0.9.1-9 Web Interface Form Input Field XSS 


Description: Synopsis :\n\nThe remote host is vulnerable to an Cross-Site Scripting (XSS) 

attack.\n\nThe remote host appears to be running OpenCA. It is reported that OpenCA 

versions up to and including 0.9.2-RC2 are prone to a cross-site scripting vulnerability 

when processing user inputs into the web form frontend. This issue may permit an attacker 

to execute hostile HTML code in the context of another user. 

Solution: Upgrade to version 0.9.1-9 or higher. 

CVE-2004-0787 

eZ Multiple Products Connection Saturation Remote DoS 



RISK: 

MEDIUM 




remote host appears to be running eZ or eZphotoshare. It is reported that this software is 

vulnerable to a remote denial of service. An attacker may remotely crash eZphotoshare or 

eZ by establishing over 80 simultaneous connections to the server. 



PHPGroupWare < 0.9.16.003 Wiki Module XSS 



remote host appears to be running PHPGroupWare, a groupware system implemented in 

PHP. This version is reported to be vulnerable to a cross-site scripting issue in the Wiki 

module. An attacker may steal cookie-based authentication credentials from a legitimate 

user by sending a malformed link to this web site. 

Solution: Upgrade to PHPGroupWare 0.9.16.003 or higher. 

CVE-2004-0875 

TYPSoft FTP Server Multiple DoS 


RISK: 

MEDIUM 



appears to be running TYPSoft FTP Server. It is reported that version up to and including 

1.11 are prone to multiple vulnerabilities.\n\n - A denial-of-service vulnerability when an 

authenticated user issues two 'RETR' request in a row, without actualy downloading the 

files.\n\n - A denial-of-service vulnerability when handling data passed to the 'APPE' and 

'DELE' commands via the same socket connection.\n\n - A denial-of-service vulnerability 

when handling a malformed 'ABORT' command. 


CVE-2009-4105 


SAFE TEAM Regulus Staff Accounts Password Hash Disclosure 



retrieve sensitive files or data.\n\nThe remote host seems to be running Regulus, a 

web accounting software implemented in PHP. It is reported that every version of 

Regulus up to and including 2.2-95 are prone to a staff accounts information 

disclosure vulnerability. Any user may query the 'staffile' from the web server and 

be served. This file contains information about the staff accounts including 

password hashes which are computed using DES 56 bit. Therefore staff users 


passwords can be easily derived from their hash using a dictionary-based brute 

force attack. 



SAFE TEAM Regulus Customers Accounts Password Hash Disclosure 



retrieve sensitive files or data.\n\nThe remote host seems to be running Regulus, a 

web accounting software implemented in PHP. It is reported that every version of 

Regulus up to and including 2.2-95 are prone to a customer accounts information 

disclosure vulnerability. The 'Update your password' action from the 

'custchoice.php' script permits any user to get the password hash for a given 

username or customer ID. The password hash, computed using DES 56 bit, is 

included in a hidden tag of the HTML file served by the web server. Therefore 

customer passwords can be easily derived from their hash using a dictionary-based 

brute force attack. 



SAFE TEAM Regulus Customer Statistics Connection Log Information Disclosure 



attacks.\n\nThe remote host seems to be running Regulus, a web accounting software 

implemented in PHP. It is reported that every version of Regulus up to and including 2.2-95 

are prone to a customer statistics information disclosure vulnerability. The 'To see your 

connection logs' action from the 'custchoice.php' script permits any user to see the 

connection statistics for a given username or customer ID without requiring valid 

credentials. 




Mac OS X Multiple Vulnerabilities (Security Update 2004-09-07) 

PVS ID: 2274 FAMILY: Operating System Detection RISK: HIGH NESSUS ID:Not Available 


remote host is missing Apple's Security Update 2004-09-07. This security update fixes the 

following components: CoreFoundation, IPSec, Kerberos, libpcap, lukemftpd, 

NetworkConfig, OpenLDAP, OpenSSH, PPPDialer, rsync, Safari and tcpdump 


Solution: http://docs.info.apple.com/article.html?artnum 

CVE-2004-0823 

Serv-U FTP Server < 5.2.0.1 'STOU' Command Remote DoS 



remote host is running Serv-U FTP server. There is a bug in the way this version handles 

the 'STOU' command, which is used to send files to a remote server. It is reported that 

Serv-U FTP server will crash if it receives certain 'STOU' requests. An attacker may 

connect to the remote server and issue a 'STOU' request to deny service to legitimate users. 


CVE-2004-1675 

Apache < 2.0.51 mod_ssl Rewrite Rules DoS 


RISK: 

MEDIUM 



remote host appears to be running a version of Apache 2.x that is older than 2.0.51. It is 

reported that these versions of Apache are prone to a denial of service issue related to 

mod_ssl. An attacker may deny service to legitimate users if the remote server uses a 

'RewriteRule' to enable reverse proxying to a SSL origin server. 


CVE-2004-0751 

Oracle Security Alert #68 


Description: The remote host appears to be running a vulnerable version of Oracle Database Server. It is 

reported that Oracle Database Server version 8.1.7, 9.0.1.4, 9.0.1.5, 9.0.4, 9.2.0.4, 9.2.0.5 

and 10.1.0.2 are prone to multiple vulnerabilities including buffer overflow issues, PL/SQL 

injection, trigger abuse, character set conversion bugs and denial of service issues. An 

attacker may exploit these vulnerabilities to deny service to legitimate users or to execute 

arbitrary code on the remote server. 

Solution: Download and install the relevant patch from Oracle. 

CVE-2004-0638 


PerlDesk < 2 pdesk.cgi lang Parameter Traversal Server-Side Script Execution 



RISK: 

MEDIUM 



remote host is running perlDesk, a web-based help desk application implemented in Perl. It 

is reported that perlDesk is prone to a service-side script execution vulnerability. If an 

attacker manages to store a script on the remote server, he may execute it through the 'lang' 

URI parameter of perlDesk. Otherwise, he may use this vulnerability for information 

disclosure purposes. 

Solution: Upgrade to version 2 or higher. 

CVE-2004-1678 

TwinFTP < 1.0.3 R3 Server Directory Traversal File Access 



host is running TwinFTP FTP Server. It is reported that TwinFTP is prone to a directory 

traversal issue. An attacker may read and write files outside the FTP server root directory 

with the FTP server process privileges. 

Solution: Upgrade to TwinFTP Enterprise or Standard 1.0.3 R3 or higher. 

CVE-2004-1679 

Turbo Seek < 1.7.2 tseekdir.cgi location Parameter Information Disclosure 


RISK: 

MEDIUM 



sensitive files or data.\n\nThe remote host is running FocalMedia Turbo Seek, a web-based 

search Application for Unix. It is reported that Turbo Seek is prone to an information 

disclosure issue. An attacker may craft a malicious request for the tseekdir.cgi script and be 

served with the content of any file readable by the web server process. 




Mozilla/Firefox Linux Installation Arbitrary File Overwrite 



sensitive files or data.\n\nThe remote host seems to be running Mozilla or Firefox for 

Linux. It is reported that versions up to and include 0.9.3 of Firefox and up to and including 

1.7.2 of Mozilla are prone to an improper file permission issue in the installation process. 

Upon installation, several files are created with world-writable permissions. An attacker 


with interactive access to the host may corrupt these scripts and programs during the 

installation process. This vulnerability exists only in the Linux archive version. If you 

installed Firefox using your Linux distribution packaging system, the vulnerability is likely 

not present on the remote system. 


CVE-2004-0906 

BEA WebLogic < 8.1.0 SP 3 Multiple Vulnerabilities 


RISK: 

MEDIUM 



remote host is running BEA WebLogic. Multiple undisclosed vulnerabilities have been 

reported in every version of WebLogic up to and including 8.1.0 SP2. An attacker may 

exploit these issues to gain unauthorized access or to gather information about the remote 

host. BEA WebLogic 8.1 Service Pack 3 addresses these vulnerabilities. 

Solution: Upgrade to WebLogic 8.1.0 SP3 or higher. 

CVE-2004-2320 

Microsoft WinErr Version Check 

PVS ID: 2283 FAMILY: Operating System Detection RISK: 

MEDIUM 


Description: Microsoft has a functionality in which error messages are sent to Microsoft Corp. PVS has 

just noted a network client sending such an error to Microsoft. According to the error 

message, the network client is running Microsoft version %L 

Solution: Depending on corporate policy, you may wish to disable Windows Error Messages. 


Outbound Microsoft WinErr Message 


Description: The remote client has enabled automatic Windows Error Reporting. This functionality 

allows Microsoft to gather error reports from local clients. According to the error report, 

the remote client just had an error in %L and has sent an error report to Microsoft. 

realtime 

Solution: Ensure that such reporting is in alignment with existing corporate standards and policies. 




Mozilla Error Reporting Version Check 


Description: The remote host has just sent an error report to Mozilla.org. According to the Mozilla error 

message, the remote host is running Mozilla version %L 

Solution: Ensure that this reporting is in alignment with existing corporate policies and standards. 


PHP Arbitrary File Upload 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is vulnerable to a 'file upload' flaw.\n\nThe remote web 

server is configured to be PHP-enabled. It is reported that versions of PHP up to 5.0.2 and 

4.3.9 are prone to a file upload vulnerability. An attacker may upload an arbitrary file on 

the web server in the context of the PHP application. For your information, the server is 

running PHP version: \n %L 



Mozilla-based Web Browser Multiple Vulnerabilities 



remote host is running a Mozilla-based web browser. It is reported that web browsers based 

on versions of Mozilla up to and including 1.7.2 are prone to multiple vulnerabilities 

including overflows and cross-site scripting issues. An attacker may execute arbitrary code 

remotely, steal cookie-based authentication credentials or gather intelligence about the host. 


CVE-2004-0908 

Mozilla / Mozilla Thunderbird Multiple Vulnerabilities 



RISK: 

MEDIUM 



running a vulnerable version of Mozilla or Mozilla Thunderbird mail client. It is reported 

that this version of Mozilla or Mozilla Thunderbird is vulnerable to several flaws that may 

allow an attacker to execute arbitrary code on the remote host. To exploit this flaw, an 

attacker would need to send a rogue email to a victim on the remote host. 



CVE-2004-0903 

SnipSnap < 1.0b1 POST Request HTTP Response Splitting 


Description: Synopsis :\n\nThe remote host is vulnerable to an HTTP 'response splitting' 

vulnerability.\n\nThe remote host seems to be running SnipSnap, a weblog application 

implemented in Java. It is reported that versions of SnipSnap prior 1.0.0b1 are prone to a 

HTTP response splitting vulnerability. An attacker may influence how the website is 

served, cached and interpreted by the means of a malformed link to the web site that would 

alter the server HTTP headers. 

Solution: Upgrade to SnipSnap 1.0b1 or higher. 

CVE-2004-1470 

Apache < 2.0.51 ${ENVVAR} Local Overflow 


RISK: 

MEDIUM 



running a vulnerable version of Apache. It is reported that versions prior 2.0.51 are prone to 

a local buffer overflow when processing ${ENVVAR} constructs in .htaccess and 

httpd.conf files. An attacker with interactive access to the computer may use this flaw to 

execute arbitrary code in the context of the web server. 


CVE-2004-0747 

Apache < 2.0.51 mod_dav DAV LOCK Command Remote DoS 


RISK: 

MEDIUM 



remote host is running a vulnerable version of Apache. It is reported that versions prior 

2.0.51 are prone to a remote denial of service issue. An attacker may issue a specific 

sequence of DAV LOCK commands to crash the process. If Apache is configured to use 

threads, it may completely crash the Apache process. 


CVE-2004-0809 

Apache < 2.0.51 IPv6 Remote Buffer Overflow 




RISK: 

MEDIUM 



running a vulnerable version of Apache. It is reported that versions prior to 2.0.51 are prone 

to a remote buffer overflow when parsing an URI sent over IPv6. An attacker may use this 

vulnerability to execute arbitrary code on the remote host or to deny service to legitimate 

users. 


CVE-2004-0786 

myServer < 0.7.1 Directory Traversal Arbitrary File Access 


RISK: 

MEDIUM 



sensitive files or data.\n\nThe remote host is running myServer 0.7.0 or older. There is a 

flaw in the remote version of this software that may allow an attacker to read arbitrary files 

on the remote host with the privileges of the web server process using malformed URI. 


CVE-2004-2516 

vBulletin authorize.php x_invoice_num Parameter SQL Injection 



attack.\n\nThe remote host is running a version of vBulletin, a forum application 

implemented in PHP, that is vulnerable to a SQL injection issue. It is reported that versions 

3.0.0 through to 3.0.3 are prone to this issue. An attacker may steal content from the 

underlying database or attack it. 


CVE-2004-2695 

Mozilla / Firefox enablePrivilege Dialog Weakness 




appears to be running Mozilla or Firefox. It is reported that versions up to and including 

0.9.3 of Firefox and up to and including 1.7.2 of Mozilla are prone to a security weakness 

in the enablePrivilege dialog that is displayed to authorize signed code execution. An 

attacker may display an arbitrary string in the security dialog to entice an user into 

executing a malicious script. 




Toshiba Software Auto-Update Detection 


Description: The remote Toshiba %L is running the Toshiba auto-update client (Pinger.exe) that 

automatically connects to the Internet and downloads software from the Toshiba Software 

Upgrade FTP site.solution 

Solution: N/A 


RealNetwork RealPlayer Version Detection 


Description: The remote client is running RealNetworks RealPlayer Version %L 

Solution: N/A 


Microsoft Winerr Plaintext Report Detection 


RISK: 

MEDIUM 


Description: The remote Windows Client is reporting the following Windows error via the network \n 

%L 

Solution: Ensure that passing such reports via the Internet adheres to existing corporate policies. 


GNU Radius < 1.2.94 SNMP Request Remote DoS 


RISK: 

MEDIUM 



remote host appears to be running GNU Radius, an open-source remote authentication 

dial-up service implementation. The running version is vulnerable to a remote denial of 

service when processing certain SNMP requests. As we determined the software version 

using its SNMP banner, it appears this option is being used. 




CVE-2004-0849 

GNU Radius < 1.2.94 SNMP Request Remote DoS 


RISK: 

MEDIUM 



remote host appears to be running GNU Radius, an open-source remote authentication 

dial-up service implementation. The running version is vulnerable to a remote denial of 

service when processing certain SNMP requests. As we determined the software version 

using its SNMP banner, it appears that this option is being used. 


CVE-2004-0849 

Microsoft Internet Explorer 6 SV 1 XHTML Comment User Confirmation Bypass 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is vulnerable to a script injection attack.\n\nThe remote host 

is running Internet Explorer 6 SV1, the version that is part of Windows XP SP2. It is 

reported that the user confirmation asked before to load client-side JavaScript and ActiveX 

embedded in web pages can be trivially bypassed. An attacker may run malicious script on 

the remote host. For your information, the reported MSIE version number was: \n %L \n 


CVE-2004-1686 

Snitz Forum < 3.4.05 HTTP Response Splitting 


Description: Synopsis :\n\nThe remote host is vulnerable to an HTTP 'response splitting' 

vulnerability.\n\nThe remote host appears to be running Snitz Forum, a web forum 

application implemented in ASP. It is reported that versions of Snitz Forum prior 3.4.0.04 

are prone to a HTTP response splitting vulnerability. An attacker may influence how the 

website is served, cached and interpreted by the means of a malformed link to the web site 

that would alter the server HTTP headers. 

Solution: Upgrade to Snitz Forum 3.4.05 or higher. 

CVE-2004-1687 

HTML Comment 'href' Link Obfuscation 




Description: The remote web server was observed responding to a web request with HTML code that 

consisted of a 'href' link obfuscated within the HTML comments. The 'href' link observed 

was: \n %L \n\nThe request which generated this response was: \n%P 

Solution: Whenever possible, remove information that attackers may find useful for future attacks. 


Xine-lib < 1.0 RC6a Heap and Stack Overflows 


RISK: 

MEDIUM 



host is using a software linked again xine-lib, an open-source multimedia library. It is 

reported that versions up to 1.0 rc6a are vulnerable to multiple overflows in the DVD, 

subtitles and Video-CD modules. An attacker may craft a malicious multimedia file that 

may execute arbitrary code on the remote host if played with a xine-lib based software. 

Solution: Upgrade to Xine-lib 1.0 RC6a or higher. 

CVE-2004-1476 

YaBB Multiple Vulnerabilities 


RISK: 

MEDIUM 



is running a vulnerable version of YaBB. It is reported that versions up to and including 1 

Gold SP 1.3.1 are prone to multiple security flaws including administrator authentication 

bypassing and cross-site scripting issues. By crafting a malformed URL, an attacker may 

issue administrator commands or steal cookie-based authentication credentials from an 

unsuspecting user. 


CVE-2004-2402 

Google Toolbar HTML Injection 



Description: Synopsis : \n\nThe remote host is vulnerable to an HTML injection attack.\n\nThe remote 

host is running a vulnerable version of Google Toolbar. It is reported that versions prior to 

2.0.114.2 are vulnerable to an HTML injection issue in the ABOUT.HTML page. An 

attacker may inject malicious script code in this page. An unsuspecting user viewing this 

page will have the malicious code executed within a less restricted context. The reported 

version of GoogleToolbar is: \n %L 



CVE-2004-2475 

Rhinosoft DNS4Me Multiple Vulnerabilities 


RISK: 

MEDIUM 



remote host is running Rhinosoft DNS4Me, a dynamic DNS software for Windows 

systems. DNS4Me includes a small web server that can serve static content. It is reported 

that this embedded web server is prone to multiple security flaws including remote denial 

of service and cross-site scripting. An attacker can crash the server by sending an 

abnormally long request or steal cookie-based authentication credentials by sending a 

malformed link to this site. 


CVE-2004-1691 

Tutos Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote web server contains a script that is vulnerable to SQL injection 

and cross-site scripting attacks.\n\nThe remote host is running a vulnerable version of 

Tutos. It is reported that Tutos 1.1.20040414 is prone to multiple input validation 

weaknesses. Due to insufficient user input validation, an attacker may carry out SQL 

injection or cross-site scripting attacks on this host. 


CVE-2004-2162 

Apache < 2.0.52-dev 'Satisfy' Directive Access Control Bypass 


RISK: 

MEDIUM 



authentication.\n\nThe remote host is running Apache Web Server 2.0.51. It is reported that 

this version of Apache is vulnerable to an access control bypass attack. This issue occurs 

when using the 'Satisfy' directive. An attacker may gain unauthorized access to restricted 

resources if access control relies on this directive. 

Solution: Upgrade to version 2.0.52-dev or higher. 

CVE-2004-0811 

Alt-N MDaemon Multiple Buffer Overflows 





running Alt-N MDaemon, a SMTP/IMAP server for Windows operating systems. It is 

reported that versions up to and including 6.5.1 are prone to multiple buffer overflows. An 

attacker may deny service to legitimate users or execute arbitrary code on the remote 

server. The attacker needs to authenticate in order to exploit these vulnerabilities against 

the IMAP server but it doesn't need to do so against the SMTP server. 


CVE-2004-1546 

Alt-N MDaemon Multiple Buffer Overflows 



running Alt-N MDaemon, a SMTP/IMAP server for Windows operating systems. It is 

reported that versions up to and including 6.5.1 are prone to multiple buffer overflows. An 

attacker may deny service to legitimate users or execute arbitrary code on the remote 

server. The attacker needs to authenticate in order to exploit these vulnerabilities against 

the IMAP server but it doesn't need to do so against the SMTP server. 


CVE-2004-1546 

YaBB < Gold SP 1.3.2 Multiple Input Validation Vulnerabilities 



remote host is running a vulnerable version of YaBB. It is reported that versions up to and 

including 1 Gold SP 1.3.1 are prone to multiple input validation vulnerabilities. Using these 

weaknesses, an attacker may influence how web content is served, cached and interpreted 

or perform cross-site scripting attacks to steal cookie-based authentication credentials from 

an unsuspecting user. 

Solution: Upgrade to YaBB Gold SP 1.3.2 or higher. 

CVE-2004-2139 

Host DHCP Address Release 


Description: The remote host released its DHCP lease. 

Solution: N/A 




EmuLive Server4 Authentication Bypass / DoS 



is running EmuLive Server4. It is reported that versions up to and including Build 7569 are 

prone to an authentication bypass vulnerability and remote denial of service. An attacker 

may directly access the administration console to bypass the authentication or deny service 

to legitimate users. Note that Build 7569 is only vulnerable to the denial of service issue. 


CVE-2004-1695 

Subversion (SVN) Unreadable Path Metadata Information Disclosure 


RISK: 

MEDIUM 



attacks.\n\nThe remote host is running Subversion, an open-source file management 

product. According to the version number, the remote system is prone to an information 

disclosure issue. An attacker may gather information about the remote host using metadata 

in unreadable paths. 


CVE-2004-0749 

Macromedia JRun Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\n The remote host is 

running JRun, a J2EE application server running on top of IIS or Apache. There are 

multiple vulnerabilities in the remote version of this software :\n- The JSESSIONID 

variable is not implemented securely. An attacker may use this flaw to guess the session id 

number of other users\n- There is a code disclosure issue that may allow an attacker to 

obtain the contents of a .cfm file by appending ';.cfm' to the file name\n- There is a buffer 

overflow vulnerability if the server connector is configured in 'verbose' mode. An attacker 

may exploit this flaw to execute arbitrary code on the remote host. 


CVE-2004-2182 


Full Revolution aspWebCalendar calendar.asp SQL Injection 




attack.\n\nThe remote host is running Full Revolution aspWebCalendar, a web calendar 

application implemented in ASP. It is reported that this version of the software is prone to 

multiple SQL injection vulnerabilities. An attacker may access the underlying database in 

order to access sensitive information or to corrupt data. 


CVE-2004-1552 

Full Revolution album.asp aspWebAlbum SQL Injection 



attack.\n\nThe remote host is running Full Revolution aspWebAlbum, a web photo album 

application implemented in ASP. It is reported that this version of the software is prone to 

multiple SQL injection vulnerabilities. An attacker may access the underlying database in 

order to access sensitive information or to corrupt data. 


CVE-2004-1552 

Canon ImageRUNNER Printer Email Arbitrary Content Printing / DoS 


RISK: 

MEDIUM 



remote host seems to be a Canon ImageRUNNER printer, running an SMTP service. It is 

possible to send an email to the remote service and it will print its content. An attacker may 

use this flaw to send an endless stream of emails to the remote device and cause a denial of 

service by using all the paper in printer. 

Solution: Disable the email printing service using the web interface. 

CVE-2004-2166 

Generic Shell Detectors (Checkpoint Telnet) 




operating systems. Shells that pass traffic in plaintext introduce a risk to confidentiality. In 

addition, many shells are used by malicious individuals as part of a Trojan program or 

remote buffer overflow exploit. 


Solution: Ensure that the remote shell is secured against data leakage and that it is a valid and 

approved means of managing the remote machine. 


Generic Shell Detectors (Windows 2000 Telnet) 









Generic Shell Detectors (3COM SuperStack Telnet) 









Identd Service Detection 



attacks.\n\nThe remote host is running an ident (also known as 'auth') daemon. The 'ident' 

service provides sensitive information to potential attackers. It mainly says which accounts 

are running which services. This helps attackers to focus on valuable services (those owned 

by root). If you do not use this service, disable it. 

Solution: Under Unix systems, comment out the 'auth' or 'ident' line in /etc/inetd.conf and restart 

inetd. 












inetd. 










inetd. 










inetd. 

Zinf .pls File Overflow 




RISK: 

MEDIUM 



running 'Zinf' version 2.2.1. This version of Zinf is reported prone to a remote buffer 

overflow when downloading a malicious playlist. 



CVE-2004-0964 

BroadBoard Message Board Detection 


Description: The remote host is running BroadBoard Message Board. 

Solution: Ensure that you are running the most recent version of BroadBoard. 

CVE-2004-1555 

BroadBoard Message Board SQL Injection 



attack.\n\nThe remote host is running a vulnerable version of BroadBoard. An attacker 

exploiting this flaw would be able to overwrite arbitrary files and/or execute system 

commands on the remote web server. 


CVE-2004-1555 

MegaBBS ASP Forum SQL Injection 



attack.\n\nThe remote host is running a vulnerable version of MegaBBS ASP Forum. An 

attacker exploiting this flaw would be able to overwrite arbitrary files and/or execute 

system commands on the remote web server. 



YahooPOPs! Proxy Detection 



RISK: 

MEDIUM 


Description: The remote host is running the YahooPOPs! Proxy. This proxy is a gateway to send and 

receive Yahoo mail via a proxy. Such a configuration may bypass existing corporate 

policies regarding appropriate email usage. 

Solution: Ensure that the use of the YahooPOPs! proxy is appropriate for your environment. 


CVE-2004-1558 

Intellipeer User Account Enumeration 


RISK: 

MEDIUM 



attacks.\n\nThe remote host is running a POP3 service that allows a remote attacker to 

determine when a user account is valid. An attacker exploiting this flaw would only need to 

connect to the port repeatedly while sending different user names. The server will alert the 

attacker whenever a valid username is sent. This vulnerability is known to affect Intellipeer 

POP3 server (versions less than or equal to 1.0.1). 


CVE-2004-2150 

@lex Guestbook livre_include.php Remote File Inclusion 



is running the @lex guestbook. @lex is a web-based guestbook. Some versions of @lex are 

prone to a remote exploitation via PHP script upload. 


CVE-2004-1554 

MySQL < 4.1.5 Bounded Parameter Overflow 


RISK: 

MEDIUM 



arbitrary commands.\n\nYou are running a version of MySQL 4.1.x which is older than 

version 4.1.5. There is a flaw in the remote version of this software that may allow an 

attacker to execute arbitrary commands on the remote host with the privileges of the user 

running the mysqld process (typically 'mysql'). 

Solution: Upgrade to at least version 4.1.5 or higher. 

CVE-2004-2149 


Icecast < 2.0.2 Multiple HTTP Headers Remote Overflow 




running a vulnerable version of Icecast, an open-source streaming server. An attacker 

exploiting this flaw would only need to be able to connect to the Icecast HTTP port and 

send multiple (32) headers. A successful attack would give the attacker the ability to 

execute arbitrary code. 


CVE-2004-1561 

Serendipity < 0.7-beta3 Multiple Vulnerabilities 



attack.\n\nThe remote host is running a vulnerable version of Serendipity Web Log. 

Version 0.7beta1 is prone to both cross-site scripting (XSS) and SQL Injection attacks. 

Versions prior to 0.7beta3 should also be upgraded. 

Solution: Upgrade to version 0.7beta3 or higher. 

CVE-2004-2157 

Samba < 2.2.11 Remote Arbitrary File Access 

PVS ID: 2337 FAMILY: Samba 

RISK: 

MEDIUM 



sensitive files or data.\n\nThe remote Samba server, according to its version number ('%L'), 

may be vulnerable to a remote file access vulnerability.\n This vulnerability may allow an 

attacker to access arbitrary files that exist outside of the share's defined path.\nAn attacker 

needs a valid account to exploit this vulnerability. 

Solution: Upgrade to Samba 2.2.11 or higher. 

CVE-2004-0815 

Samba < 3.0.6 Remote Arbitrary File Access 


RISK: 

MEDIUM 



sensitive files or data.\n\nThe remote Samba server, according to its version number, may 

be vulnerable to a remote file access vulnerability.\n This vulnerability may allow an 

attacker to access arbitrary files that exist outside of the share's defined path.\nAn attacker 

needs a valid account to exploit this vulnerability. 




CVE-2004-0815 

W-Agora Multiple Input Validation Vulnerabilities 



attack.\n\nThe remote host is running W-Agora, a web-based forum management software 

written in PHP.\nThere are multiple input validation flaws in the remote version of this 

software :\n\n - There is an SQL injection vulnerability in the file 'redir_url.php' that may 

allow an attacker to execute arbitrary SQL statements in the remote database ;\n - There is a 

cross site scripting issue that may allow an attacker to steal the cookies of the legitimate 

users of the remote site by sending them a specially malformed link ;\n - There is an HTTP 

response splitting vulnerability that may also allow an attacker to perform cross-site 

scripting attacks against the remote host. 


CVE-2004-1565 

Kerio MailServer < 6.0.3 Unspecified Code Execution 



running a version of Kerio MailServer prior to 6.0.3.\n\nThere is an undisclosed flaw in the 

remote version of this server that might allow an attacker to execute arbitrary code on the 

remote host. 

Solution: Upgrade to Kerio MailServer 6.0.3 or higher. 

CVE-2004-2441 

Local POP Account Detection 


Description: PVS observed at least one POP session originating from this server address. PVS 

maintains the most recently seen POP account used to download email to this server. 

The detected user login string was:\n %L 

realtime 

Solution: N/A 



AJ-Fork Permission Weakness Information Disclosure 



RISK: 

MEDIUM 


sensitive files or data.\n\nPVS observed that the remote webserver is running the AJ-Fork 

service version %L .\nThis version of AJ-Fork is vulnerable to a remote attack wherein the 

critical system files used by AJ-Fork can be read and written by any anonymous remote 

user. All versions of AJ-Fork up to and including version 167 are reported vulnerable. 


CVE-2004-1573 

Bblog Blog Software Detection 



attack.\n\nPVS observed that the remote webserver is running Bblog. Bblog is a web blog 

that has, in the past, been vulnerable to SQL injection and Cross-Site Scripting (XSS) 



CVE-2004-1570 

RealPlayer Multiple Remote Overflows 



running a version of RealPlayer that is vulnerable to multiple undisclosed remote buffer 

overflows. 


CVE-2005-0190 

Mozilla/Firefox Linux Installation Arbitrary File Deletion 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote Firefox browser can be tricked into deleting potentially sensitive 

files.\n\nThe remote host appears to be running Mozilla or Firefox. It is reported that 

versions up to 0.10.1 of Firefox are prone to an improper file permission issue when 

bookmarking a 'link'. An attacker crafting a malicious link can cause Firefox to overwrite 

or delete files within the download directory. 



CVE-2004-2225 

BugPort < 1.134 Remote Privilege Escalation 



host is running a version of BugPort. BugPort is a PHP application that is used to track 

bugs and development items within an organization. According to its version number, this 

instance is vulnerable to a remote attack where a remote user can upload a malicious script 

or file in order to escalate privileges. 

Solution: Upgrade to at least version 1.134 or higher. 


Vypress < 4.0 First Message Field Overflow 

PVS ID: 2347 FAMILY: Peer-To-Peer File Sharing RISK: HIGH NESSUS ID:Not Available 


running a version of Vypress Messenger, %L , that is vulnerable to a remote buffer 

overflow. An attacker exploiting this flaw would only need to be able to send a message or 

file to the Vypress service (listens on port 7777 by default). A successful exploit would 

allow the remote attacker the ability to overwrite and control the program's memory. 


CVE-2004-1574 

NetworkActive Web Server Resource Exhaustion DoS 


RISK: 

MEDIUM 



remote host is running NetworkActive Web Server. NetworkActive Web Server is a small 

application that can be downloaded and run on any Windows desktop. An attacker 

exploiting this flaw would need to be able to connect to the server (typically on port 80) 

and send long requests. By sending enough requests, the attacker would be able to exhaust 

the resources of the Web server and cause it to crash. 



IBM DB2 < 8.2 Multiple Vulnerabilities (2) 




Description: Synopsis :\n\nThe remote host is vulnerable to multiple flaws which impact confidentiality, 

integrity, and availability.\n\nThe remote host is running an IBM DB/2 Universal Database 

Server. It is reported that versions up to 8.2 may be vulnerable to multiple remote 

overflows. IBM DB/2 passes database versions over the network. PVS has noted that the 

DB/2 version is less than 8.2. 


CVE-2005-0417 

PHPLinks SQL Injection 



attack.\n\nThe remote host is running PHPLinks. PHPLinks is a PHP application that 

gathers 'links'. This version is prone to a bug where an attacker can cause the server to 

execute arbitrary script code. Further, the application is reported to be prone to SQL 

Injection flaws. An attacker exploiting either of these flaws would be able to run commands 

with the privileges of the Web Server. 



Jetty Web Server < 4.2.4 Directory Traversal Arbitrary File Access 


RISK: 

MEDIUM 



host is running Jetty prior to version 4.2.4. Jetty is a Java web server that is downloadable 

off of the Internet and is currently bundled with some IBM applications. An attacker 

exploiting this flaw would only need to be able to request web pages from the Jetty server. 

A successful attack would allow the attacker to navigate outside the web directories and 

download potentially confidential data. 


CVE-2004-2478 

PHP-Fusion Database Multiple Vulnerabilities 



Description: The remote host is running a version of PHP-Fusion that is prone to a SQL injection issue. 

In versions prior to and including 4.01, an attacker may be able to manipulate and obtain 

potentially confidential data. In addition, there is also a flaw in the way that this version of 

PHP-Fusion handles upload code. An attacker exploiting this flaw would be able to upload 

malicious code that would then be run by unsuspecting web users. Finally, there is a flaw in 

the way that PHP-Fusion handles user-supplied input via the forum_search.php script. An 


attacker can potentially read confidential data from protected areas of the server. 


CVE-2004-2437 

Symantec Norton Antivirus Detection 


Description: The remote host is running Symantec's Norton Antivirus version %L 

Solution: Ensure that you are running the latest version of Symantec NAV. 


PHP < 5.0.2 Open Bracket Memory Disclosure 



attacks.\n\nThe remote host is running a version of PHP that is older than 5.0.2. This 

version has a bug that allows an attacker to insert an arbitrary value into an array. When the 

PHP parser handles the array, it may leak memory information back to the web client. A 

successful attacker would be able to retrieve information from the server that is potentially 

confidential in nature. 



DCP-Portal < 6.1 Multiple Vulnerabilities 


RISK: 

MEDIUM 


Description: The remote host is running a version of DCP-Portal that is reported prone to three distinct 

vulnerabilities. DCP-Portal is software that handles content management submitted by 

various clients or users. This version is vulnerable to Cross-Site Scripting (XSS), HTML 

injection, and HTML-splitting attacks. An attacker exploiting these flaws would be able to 

modify HTTP data and/or create malicious links or code for other visiting users to execute. 


CVE-2004-2511 


WordPress BLOG < 1.2.1 wp-login.php HTTP Response Splitting 



Description: Synopsis :\n\nThe remote host is vulnerable to a HTTP 'splitting' attack.\n\nThe remote 

host is running WordPress BLOG. WordPress BLOG is a PHP software package that is 

used to generate HTML BLOGS via a web interface. This version is vulnerable to an 

HTTP-splitting attack where an attacker can insert CRLF characters and then entice an 

unsuspecting user into accessing the URL. The client will parse and possibly act on the 

secondary header that was supplied by the attacker. 


CVE-2004-1584 

Helix RealServer Remote Integer Handling DoS 


RISK: 

MEDIUM 



attack.\n\nRealServer versions 9.0.4.958 and prior as well as 10.3.1.716 and prior are 

vulnerable to a remote Denial of Service (DoS) attack when they are presented with an 

invalid (negative) integer for the Content-Length field. An attacker exploiting this flaw 

would need to be able to connect to the RealServer (default port 554) and issue a 

malformed request. A successful attack would consume large amounts of memory on the 

RealServer, eventually ending in the unavailability of the server. 

Solution: Upgrade to version 9.0.4.960, 10.3.1.718 or higher. 

CVE-2004-0774 

Microsoft SMTP DNS Lookup Overflow (885881) 



running a version of Microsoft SMTP server that is vulnerable to a buffer overflow 

issue.\n\nAn attacker may exploit this flaw to execute arbitrary commands on the remote 

host with the privileges of the SMTP server process. 

Solution: http://www.microsoft.com/technet/security/bulletin/MS04-035.mspx 

CVE-2004-0840 


Microsoft NNTP Component Remote Overflow (883935) 



running a version of Microsoft NNTP server that is vulnerable to a buffer overflow 


host with the privileges of the NNTP server process. 



CVE-2004-0840 

Microsoft NNTP Component Remote Overflow (883935) 



running a version of Microsoft NNTP server that is vulnerable to a buffer overflow 


host with the privileges of the NNTP server process. 


CVE-2004-0840 

MySQL < 3.23.59 Multiple Vulnerabilities (2) 



is running a version of the MySQL database that is older than 3.23.59.\n\nMySQL is a 

database that runs on both Linux/BSD and Windows platforms.\nThe remote version of this 

software is vulnerable to specially crafted ALTER TABLE SQL query that can be 

exploited to bypass some applied security restrictions or cause a denial of service.\n\nTo 

exploit this flaw, an attacker would need the ability to execute arbitrary SQL statements on 



CVE-2004-0835 

MySQL < 4.0.21 Multiple Vulnerabilities (2) 



is running a version of the MySQL database that is older than 4.0.21.\n\nMySQL is a 

database that runs on both Linux/BSD and Windows platforms.\nThe remote version of this 

software is vulnerable to specially crafted ALTER TABLE SQL query that can be 

exploited to bypass some applied security restrictions or cause a denial of service.\n\nTo 

exploit this flaw, an attacker would need the ability to execute arbitrary SQL statements on 



CVE-2004-0835 


Squid < 2.5.STABLE7 SNMP ASN.1 Parser Remote DoS 



RISK: 

MEDIUM 



remote Squid caching proxy, according to its version number, may be vulnerable to a 

remote denial of service.\n\nThis flaw is caused due to an input validation error in the 

SNMP module.\n\nAn attacker can exploit this flaw to crash the server with a specially 

crafted UDP packet. 

Solution: Upgrade to Squid 2.5.STABLE7 or higher. 

CVE-2004-0918 

CJOverkill < 4.0.4 trade.php XSS 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a Cross-Site Scripting (XSS) attack\n\nThe 

remote server runs a version of CJOverkill, a free traffic trading script that is as old as or 

older than version 4.0.3.\nThe remote version of this software is vulnerable to a cross-site 

scripting attack.\n\nAs a result of this vulnerability, it is possible for a remote attacker to 

create a malicious link containing script code that will be executed in the browser of an 

unsuspecting user when followed.\n\nThis may facilitate the theft of cookie-based 

authentication credentials as well as other attacks. 


CVE-2004-2193 

IceWarp Web Mail < 5.3.0 Multiple Vulnerabilities 



is running IceWarp Web Mail, a webmail solution available for the Microsoft Windows 

platform.\n\nThe remote version of this software is vulnerable to multiple input validation 

issues that may allow an attacker to compromise the integrity of the remote host. 

Solution: Upgrade to IceWarp Web Mail 5.3.0 or higher. 

CVE-2004-1674 

Gaim < 1.0.2 Multiple Vulnerabilities 



RISK: 

MEDIUM 





reported that this version of Gaim is prone to multiple vulnerabilities that may allow an 

attacker to disable this client remotely or to execute arbitrary code on the remote host. 

Solution: Update to Gaim 1.0.2 or higher. 


Serendipity < 0.7.0rc1 HTTP Response Splitting 


RISK: 

MEDIUM 



remote host is running Serendipity, a weblog written in PHP.\nThe remote version of this 

software is vulnerable to a HTTP response splitting vulnerability that may allow an attacker 

to perform a cross-site scripting attack against the remote host. 

Solution: Upgrade to Serendipity 0.7.0rc1 or higher. 

CVE-2004-1620 

MacOS X Application Crash Plaintext Report 


RISK: 

MEDIUM 


Description: The remote MacOS X Client is reporting a MacOS application error via the network. 

Solution: Ensure that passing such reports via the Internet is in accordance with existing corporate 

policies. The reports usually include crash dumps that may contain sensitive information 

about the remote host environment. 


MySQL < 4.0.21 Remote FULLTEXT Search DoS 


RISK: 

MEDIUM 



remote host is running a version of MySQL that is older than version 4.0.21.\nIt is 

vulnerable to a flaw that may allow an attacker to cause a Denial Of Service. An attacker 

can exploit this vulnerability by using the FULLTEXT search functionality. 


CVE-2004-0956 



MySQL < 4.0.21 Remote GRANT Privilege Escalation 


RISK: 

MEDIUM 



sensitive files or data.\n\nThe remote host is running a version of MySQL that is older than 

version 4.0.21.\nIt is vulnerable to a flaw that may allow an attacker to gain access to 

unauthorized databases. An attacker can exploit this vulnerability if he has GRANT 

privileges on databases containing '_'. 


CVE-2004-0957 

PuTTY < 0.56 Remote SSH2_MSG_DEBUG Buffer Overflow 


RISK: 

MEDIUM 



using a vulnerable version of PuTTY, a SSH client built for Linux and UNIX variants as 

well as Microsoft Windows operating systems. It has been reported that PuTTY does not 

safely handle SSH2_MSG_DEBUG messages. As a result, an attacker may be able to 

exploit it by setting up a mallicious SSH server. The version of PuTTY installed on the 

remote host is: %L 


CVE-2004-1008 

Bugzilla Authentication Bypass and Information Disclosure 


RISK: 

MEDIUM 



authentication.\n\nThe remote server is running Bugzilla, a bug tracking system. There is a 

flaw in the remote installation of Bugzilla that may allow an attacker to bypass 

authentication or to get access to private bug reports. 

Solution: Upgrade to version 2.14.5, 2.16.2, 2.17.3 or higher. 

CVE-2004-1634 

Opera < 7.55.0 Cross-Domain Dialog Box Spoofing 





remote host is using a version of Opera that is prone to a security flaw where a malicious 

website can spoof a cross-domain dialog box that may entice the local user to enter 

information based on the bogus domain. For example, if the malicious website were to 

spoof a trusted domain, the user may enter confidential information into the dialog box. 

These sort of exploits are commonly referred to as 'Phishing' scams. 



Konqueror < 3.2.2-2 Cross-Domain Dialog Box Spoofing 



remote host is using a version of Konqueror that is prone to a security flaw where a 

malicious website can spoof a cross-domain dialog box that may entice the local user to 

enter information based on the bogus domain. For example, if the malicious website were 

to spoof a trusted domain, the user may enter confidential information into the dialog box. 

These sort of exploits are commonly referred to as 'Phishing' scams. 

Solution: Upgrade to version 3.2.2-2 or higher. 


Ability FTP Server Remote Buffer Overflow 


RISK: 

MEDIUM 



running the Ability FTP Server. It is reported that Ability FTP Server is prone to a remote 

buffer overflow via the STOR command. An attacker exploiting this flaw would only need 

to be able to craft and send a query to the FTP server on its service port (usually 21) 


CVE-2004-1626 

NetCaptor Cross-Domain Dialog Spoofing 




remote host is running NetCaptor. NetCaptor is a web browser that is installed 'over' 

Internet Explorer, using the IE core engine while adding functionality to the GUI. This 

version of NetCaptor is vulnerable to a flaw where a malicious website can spoof a domain 

via the Dialog box. An attacker exploiting this flaw may be able to access confidential data 

from the client. 




Hummingbird Inetd FTP Server XCWD Command Remote Overflow 



running the Hummingbird Inetd FTP Server. It is reported that Hummingbird FTP Server is 

prone to a remote buffer in the XCWD command. An attacker exploiting this flaw would 

only need to be able to craft and send a query to the FTP server on its service port (usually 

21) 


CVE-2004-2728 

PHPList < 2.6.5 Multiple Remote Vulnerabilities 



attack.\n\nThe remote host is running PHPList. PHPList is an application that gathers and 

handles mailing and customer lists. This version is reported to be prone to multiple 

vulnerabilities that may include: Cross-Site scripting (XSS), SQL Injection, HTML 

Injection, and possibly others. An attacker exploiting these flaws would be able to run 

commands with the privileges of the Web Server. 


CVE-2004-2744 

Konqueror Cross-Domain Scripting 


Description: Synopsis :\n\nThe remote host is vulnerable to a Cross-site scripting (XSS) attack.\n\nThe 

remote host is using a version of Konqueror, a web browser, which is prone to a security 

flaw wherein a malicious website can spoof a third party domain within frames. An attacker 

exploiting this flaw would get the local user to 'trust' a remote spoofed domain. For 

example, if the malicious website were to spoof a trusted domain, the user may enter 

confidential information into the spoofed frame. 


CVE-2004-0746 

Quicktime Multiple Integer Overflows 





running an older version of Quicktime player for Microsoft Windows. This version is 

vulnerable to a remote overflow. A remote attacker exploiting this flaw would need to 

create a malicious Quicktime file and entice the user to play it. A successful exploit would 

allow the attacker to execute random code within the context of the local machine. 

Additionally, there is a similar flaw within the Quicktime library that displays JPEG files. 

An attacker exploiting this second flaw would need to be able to convince a user into 

viewing a malicious JPEG file within the Quicktime viewer. Successful exploitation would 

result in arbitrary code being executed on the victim system. 


CVE-2004-0988 

RealPlayer Skin File Handling Buffer Overflow 


RISK: 

MEDIUM 



running a version of RealPlayer which is vulnerable to an overflow via a malformed skin 

file. As skin files are downloaded, typically, without any sort of warning or prompt to the 

user, the remote attacker need only create a website with a malformed skins file and entice 

the user to visit the site. 


CVE-2004-1094 

Caudium Web Server < 1.4.4 RC2 Malformed URI DoS 


RISK: 

MEDIUM 



remote host is running Caudium Web Server. The version being run is vulnerable to an 

attack where a malformed URI causes the web server to stop responding to requests. An 

attacker exploiting this flaw would only need to be able to connect to the Webserver and 

issue an HTTP 'GET' request. 

Solution: Upgrade to version 1.4.4 RC2 or higher. 



Cherokee Web Server < 0.4.17.1 auth_pam Authentication Format String 




host is running the Cherokee web server. This version is vulnerable to a remote format 

string overflow. An attacker exploiting this flaw would only need to be able to connect to 

the web server and issue an HTTP 'GET' request. Upon successful exploitation, the attacker 

would be able to execute commands within the context of the web server. 


CVE-2004-1097 

MailEnable SMTP Server < 1.5.1 Undisclosed Vulnerabilities 



remote host is running a version of MailEnable Professional that is older than version 1.5.1. 

The remote version of this software is known to be prone to an undisclosed vulnerability 

that has been fixed in version 1.5.1. 



ArGoSoft FTP Server < 1.4.2.2 Shortcut File Upload 


RISK: 

MEDIUM 



sensitive files or data.\n\nThe remote host is running the ArGoSoft FTP Server. It is 

reported that ArGoSoft FTP Server is prone to a vulnerability that allows a shortcut link 

upload. An attacker exploiting this flaw may be able to have read and write access to any 

files and directories on the FTP server. 


CVE-2004-1428 

MailPost.exe Multiple Vulnerabilities 



RISK: 

MEDIUM 



is using a version of TIPS MailPost that is vulnerable to several flaws.\nTIPS MailPost is 

an HTML form content email application designed to facilitate\nthe emailing of HTML 

form data to a third party.\nThere are various flaws in the remote version of this software 

:\n- A remote file enumeration vulnerability that may allow an attacker to determine if a file 

exists or not\n\n- Two cross-site scripting vulnerabilities that may allow an attacker to steal 

the cookies of third-parties users\n\n- An information disclosure vulnerability that may 

allow an attacker to gain more information about the remote host 



CVE-2004-1103 

IceWarp Web Mail < 5.3.1 Multiple Vulnerabilities (2) 


RISK: 

MEDIUM 



is running IceWarp Web Mail, a webmail solution available for the Microsoft Windows 

platform.\n\nThe remote version of this software is vulnerable to multiple input validation 

issues that may allow an attacker to compromise the integrity of the remote host. 



Moodle < 1.4.3 Glossary Module SQL Injection 



attack.\n\nThe remote host is running a version of the Moodle suite, an open-source course 

management system written in PHP, that is older than version 1.4.3.\nThe remote version 

of this software is vulnerable to a SQL injection issue in the 'glossary' module due to a lack 

of user input sanitization. 

Solution: Upgrade to Moodle 1.4.3 or higher. 

CVE-2004-1425 

Gallery < 1.4.4-p12 Unspecified HTML Injection 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to an HTML Injection attack.\n\nThe remote 

host is running the Gallery web-based photo album.\nThere is a flaw in the remote version 

of this software that may allow an attacker to inject arbitrary HTML tags in the remote web 

server. 

Solution: Upgrade to Gallery 1.4.4-pl2 or higher. 

CVE-2004-1106 


Helm Control Panel < 3.1.20 Multiple Input Validation Vulnerabilities 



Description: Synopsis :\n\nThe remote web server contains a script that is vulnerable to a SQL 

injection attack.\n\nThe remote host is using Helm Control Panel, a web based 

mangement system.\nThere are multiple flaws in the remote version of this 

software that may allow an attacker to perform a SQL injection or a cross-site 

scripting attack against the remote host.\nTo exploit these flaws, an attacker would 

need a valid login and password to log into the service. 

Solution: Upgrade to Helm 3.1.20 or higher. 

CVE-2004-1499 

cPanel Front Page Extension Installation Information Disclosure 


RISK: 

MEDIUM 



is running a version of cPanel that is older or as old as version 9.9.1.\n\nThe remote version 

of this software is vulnerable to two flaws :\n- An information disclosure flaw if the 

FrontPage Extension is installed that may allow a local attacker to read arbitrary files on the 

remote host with the privileges of the 'cpsvrd' process.\n - A file ownership problem in the 

FrontPage Extension that may allow a local attacker to read the content of a .htaccess file 

;\n 


CVE-2004-1603 

cPanel Remote Backup Module Information Disclosure 


RISK: 

MEDIUM 



sensitive files or data.\n\nThe remote host is running a version of cPanel which is older or 

as old as version 9.4.1.\nThe remote version of this software is vulnerable to a file 

disclosure flaw in the Remote Backup module that may allow a local attacker to read 

arbitrary files on the remote system. 


CVE-2004-1603 

ProFTPD < 1.2.11 Remote User Enumeration 



RISK: 

MEDIUM 




attacks.\n\nThe remote ProFTPd server is as old or older than 1.2.10.\nIt is possible to 

determine which user names are valid on the remote host based on timing analysis attack of 

the login procedure.\nAn attacker may use this flaw to set up a list of valid usernames for a 

more efficient brute-force attack against the remote host. 


CVE-2004-1602 

Mantis < 0.19.1 Multiple Information Disclosure Vulnerabilities 



attacks.\n\nThe remote host appears to be running a vulnerable version of Mantis, a bug 

tracker web application written in PHP. It is reported that versions up to 0.19.0 are prone to 

multiple information disclosure vulnerabilities flaws that may allow an attacker to view 

stats of all projects or receive information from a project he was removed. 

Solution: Upgrade to Mantis version 0.19.1 or higher. 


SlimFTPd < 3.16 Multiple Command Remote Overfow 


RISK: 

MEDIUM 



seems to be running a vulnerable version of SlimFTPd, a small FTP server for Windows. It 

is reported that versions up to 3.15 are prone to a buffer overflow vulnerability that may 

allow an attacker to execute arbitrary code on this host. A attacker needs a valid FTP 

account on the server to exploit this vulnerability. 

Solution: Upgrade to SlimFTPd version 3.16 or higher. 

CVE-2004-2418 

Pavuk < 0.9.31 Multiple Unspecified Remote Buffer Overflows 



RISK: 

MEDIUM 



arbitrary commands.\n\nThe remote host is using a version of Pavuk, a web spider, that is 

vulnerable to multiple unspecified buffer overflows. An attacker can construct a malicious 

website that is designed to trigger the vulnerability and run arbitrary code on the client 

machine. 


Solution: Upgrade to Pavuk 0.9.31 or higher. 


Samba < 3.0.8 Remote Wild Card DoS and QFILEPATHINFO Remote Overflow 


RISK: 

MEDIUM 



server, according to its version number, may be vulnerable to a remote Denial Of Service 

vulnerability and a remote buffer overflow.\n The Wild Card DoS vulnerability may allow 

an attacker to make the remote server consume excessive CPU cycles.\nThe 

QFILEPATHINFO remote buffer overflow vulnerability may allow an attacker to execute 

code on the server.\n An attacker needs credentials to exploit those flaws. 


CVE-2004-0882 

eGroupWare < 1.0.0.006 JiNN Application Unspecified Vulnerability 


RISK: 

MEDIUM 



remote host is running eGroupWare, a web-based groupware solution. It is reported that 

versions prior 1.0.0.006 are prone to an unspecified vulnerability. 

Solution: Upgrade to eGroupWare 1.0.0.006 or higher. 

CVE-2005-1202 

EZ-IPupdate show_message() Remote Format String 


RISK: 

MEDIUM 



host is using a version of EZ-IPupdate, a tool to update DNS records, that is vulnerable to a 

remote format string flaw. This vulnerability is present only if EZ-IPupdate runs in daemon 

mode 


CVE-2004-0980 

04WebServer Multiple Remote Vulnerabilities 





remote host is running a version of 04WebServer that is older or as old as version 

1.42.\nThe remote version of this software is vulnerable to cross-site scripting and log 

injection vulnerabilities. 


CVE-2004-1513 

SquirrelMail < 1.4.4 decodeHeader HTML Injection 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host allows attackers to bypass user authentication.\n\nThe 

remote host is running SquirrelMail, a webmail system written in PHP. Versions of 

SquirrelMail prior to 1.4.4 are vulnerable to an email HTML injection vulnerability. A 

remote attacker can exploit this flaw to gain access to users' accounts. 

Solution: Upgrade to SquirrelMail 1.4.4 or higher. 


Firefox < 1.0.0 IMG Tag Multiple Vulnerabilities 


RISK: 

MEDIUM 



remote host is using Firefox. The remote version of this software contains a security issue 

that may allow an attacker to determine existence of local files, cause a DoS and steal 

passwords (Windows only). The security vulnerability is due to the fact that Firefox does 

not handle correctly tags. 

Solution: Upgrade to Firefox 1.0.0 or higher. 

CVE-2005-0150 

BNC < 2.9.1 getnickuserhost IRC Server Response Buffer Overflow 

PVS ID: 2403 FAMILY: IRC Servers RISK: HIGH NESSUS ID:Not Available 


running a version of BNC, an IRC proxy that is vulnerable to a remote buffer overflow. An 

attacker may use this issue to execute code on remote server. 


CVE-2004-1052 



BNC IRC Server < 2.9.1 Authentication Bypass 



bypassing of authentication.\n\nThe remote host is running a version of BNC, 

an IRC proxy, that is vulnerable to an authentication bypass vulnerability. An 

attacker may use this issue to access the remote IRC proxy server. 


CVE-2004-2612 

Skype < 1.0.0.100 CallTo URI Buffer Remote Overflow 



using Skype, a peer to peer chat and VoIP software. The remote version of this software 

contains a security issue that may allow an attacker to execute code on the remote 

host.\nAn attacker needs to send a malicious URI to the user to exploit this flaw. 

Solution: Upgrade to Skype 1.0.0.100 or higher. 

Skype Detection (Host) 

CVE-2004-1114 


Description: Synopsis :\n\nThe remote host is running software that should be authorized with respect to 

corporate policy\n\nThe remote host is using the Skype program, a peer to peer chat and 

VoIP software. 

Solution: Ensure that the use of this software is in accordance with organizational security policies. 


miniBB < 1.7f index.php user Parameter SQL Injection 



attack.\n\nThe remote host is using the miniBB forum management system.\nAccording to 

its version number, this forum is vulnerable to a SQL injection attack that may allow an 

attacker to execute arbitrary SQL statements against the remote database. 

Solution: Upgrade to miniBB 1.7f or higher. 

CVE-2004-2456 



Ipswitch IMail Server < 8.14.0 Delete Command Buffer Overflow 


RISK: 

MEDIUM 



running a version of Ipswitch IMail that is older than version 8.14.0. The remote version of 

this software is vulnerable to a buffer overflow when it processes the argument of the 

'delete' command. An attacker may exploit this flaw to execute arbitrary code on the remote 

host. 


CVE-2004-1520 

PowerPortal index.php index_page Parameter SQL Injection 



attack.\n\nThe remote host is using PowerPortal, a content management system written in 

PHP. A vulnerability exists in the remote version of this product that may allow a remote 

attacker to perform a SQL injection attack against the remote host. An attacker may exploit 

this flaw to execute arbitrary SQL statements against the remote database and possibly to 

execute arbitrary commands on the remote host. 



phpScheduleIt < 1.0.1 Reservation.class.php Arbitrary Reservation Modification 


RISK: 

MEDIUM 



authentication.\n\nThe remote host is running phpScheduleIt, a web-based reservation 

system written in PHP. According to its banner, this version is reported vulnerable to an 

undisclosed issue that may allow an attacker to modify or delete phpScheduleIt 

reservations. 


CVE-2004-2469 

phpBB Login Form SQL Injection 




Description: Synopsis :\n\nThe remote host is vulnerable to a SQL Injection attack.\n\nThe remote host 

is running phpBB. There is a flaw in the remote software that may allow anyone to inject 

arbitrary SQL commands in the login form. An attacker may exploit this flaw to bypass the 

authentication of the remote host or execute arbitrary SQL statements against the remote 

database. 



CCProxy < 6.3 Logging Function HTTP GET Request Remote Overflow 



running CCProxy, an application proxy supporting many protocols (Telnet, FTP, WWW, 

and more). There is a buffer overflow in the remote version of this software that may allow 

an attacker to execute arbitrary code on the remote host with the privileges of the user 

running the proxy. 

Solution: Upgrade to CCProxy 6.3 or higher. 

CVE-2004-2416 

Digital Mappings Systems POP3 Server Remote Buffer Overflow 



running Digital Mappings Systems POP3 server which is vulnerable to a remote buffer 

overflow. An attacker exploiting this flaw will be able to execute code on the remote host 

by sending a malicious username string. 


CVE-2004-1533 

WebGUI < 6.2.9 Unspecified Vulnerability 



remote host is running WebGUI, a content management framework.\n\nThe remote version 

of this software is vulnerable to an undisclosed vulnerability. 

Solution: Upgrade to WebGUI 6.2.9 or higher. 



PHP-Kit < 1.6.04 Multiple Input Validation Vulnerabilities 




is running PHP-Kit, an open-source content management system written in PHP.\nThe 

remote version of this software is vulnerable to multiple flaws that may allow an attacker to 

execute arbitrary SQL statements against the remote database or to perform a cross-site 

scripting attack. 

Solution: Upgrade to PHPKit 1.6.04 or higher. 

CVE-2006-1773 

phpMyAdmin Detection 


Description: The remote host is running phpMyAdmin, an open-source software written in PHP to 

handle the administration of MySQL over the Web.\nThe remote host is running 

phpMyAdmin %L. 

Solution: N/A 


phpMyAdmin < 2.6.0-p13 Multiple XSS 


RISK: 

MEDIUM 



remote host is running phpMyAdmin, an open-source software written in PHP to handle the 

administration of MySQL over the Web.\nThis version is vulnerable to cross-site scripting 

attacks through multiple scripts.\n\n With a specially crafted URL, an attacker may use the 

remote host to perform a cross site scripting attack. 

Solution: Upgrade to phpMyAdmin 2.6.0-pl3 or higher. 

CVE-2004-1055 

phpMyAdmin sql.php Traversal Arbitrary File Access 



RISK: 

MEDIUM 



sensitive files or data.\n\nThe remote host is running phpMyAdmin, an open-source 

software written in PHP to handle the administration of MySQL over the Web.\nIt is 

possible to make the remote phpMyAdmin installation read arbitrary data on the remote 

host by using a malformed URL.\nAn attacker may use this flaw to read /etc/passwd or any 

file that the web server has the right to access. 



CVE-2001-0478 

phpMyAdmin < 2.5.6-rc1 Traversal Arbitrary File Access (2) 


RISK: 

MEDIUM 



sensitive files or data.\n\nThe remote host is running phpMyAdmin, an open-source 

software written in PHP to handle the administration of MySQL over the Web.\nIt is 

possible to make the remote phpMyAdmin installation read arbitrary data on the remote 

host by using a malformed URL.\nAn attacker may use this flaw to read /etc/passwd or any 

file that a web server has the right to access. 

Solution: Upgrade to phpMyAdmin 2.5.6-rc1 or higher. 

CVE-2004-0129 

phpMyAdmin < 2.5.2 Multiple Vulnerabilities 


RISK: 

MEDIUM 



attacks.\n\nThe remote host is running phpMyAdmin, an open-source software written in 

PHP to handle the administration of MySQL over the Web.\nThe remote version of this 

software is vulnerable to several flaws :\n- It may be tricked into disclosing the physical 

path of the remote PHP installation\n- It is vulnerable to cross-site scripting, which may 

allow an attacker to steal the cookies of your users\n - It is vulnerable to a flaw that may 

allow an attacker to list the content of arbitrary directories on the remote server.\nAn 

attacker may use these flaws to gain more knowledge about the remote host and therefore 

set up more complex attacks against it. 

Solution: Upgrade to phpMyAdmin 2.5.2 or higher. 



phpMyAdmin < 2.6.0-p12 Multiple Remote Command Execution 



flaw.\n\nThe remote host is running phpMyAdmin, an open-source software written in PHP 

to handle the administration of MySQL over the Web.\nThe remote version of this software 

is vulnerable to arbitrary command execution due to a lack of user-supplied data 

sanitization.\n 



CVE-2004-2630 

Invision PowerBoard < 2.0.3 SQL Injection 


Description: The remote host is running Invision Power Board, a CGI suite designed to set up a bulletin 

board system on the remote web server.\nA vulnerability has been discovered in the remote 

version of this software that may allow unauthorized users to inject SQL commands in the 

remote SQL database.\n An attacker may use this flaw to gain the control of the remote 

database and possibly to overwrite files on the remote host.\n\nIn addition, a remote HTML 

injection flaw has been identified within \nInvision Power Board. An attacker exploiting 

this flaw would be\nable to control the way that the website is presented. In order 

to\nexploit such a vulnerability, the attacker would need to be able to\nconvince a user to 

visit a malicious website. 


CVE-2004-1531 

Nucleus CMS Multiple Vulnerabilities 



attack.\n\nThe remote host is running Nucleus CMS, an open-source content management 

system.\nThe remote version of this software is vulnerable to various flaws that may allow 

an attacker to perform a cross-site scripting attack using the remote host and to perform a 

SQL injection attack on the remote database. 



OmniWeb Browser Cross-Domain Dialog Box Spoofing 



remote host is using Omniweb, an alternative web browser for the MacOS platform.\nThere 

is a cross-domain dialog box spoofing vulnerability affecting the remote version of this 

software. An attacker may exploit this flaw to trick a user into downloading a file from a 

third party site. 



Cyrus IMAPD < 2.2.10 Multiple Vulnerabilities 




Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nAccording to its 

banner, the remote Cyrus IMAPD server is vulnerable to a pre-login buffer overflow. Cyrus 

IMAP server is also vulnerable to three other buffer overflows after authentication. An 

attacker with or without a valid login could exploit these issues, and would be able to 

execute arbitrary commands as the owner of the Cyrus process. 

Solution: Upgrade to Cyrus IMAPD 2.2.10 or higher. 

CVE-2004-1067 

Nullsoft Winamp < 5.0.7 IN_CDDA.dll Remote Buffer Overflow 




buffer overflow. This vulnerability may be used to remotely execute arbitrary code on the 

host by invoking a malicious playlist. IN_CDDA.dll will fail to parse it correctly and an 

attacker will be able to exploit the buffer overflow. 

Solution: Upgrade to Winamp 5.0.7 or higher. 

CVE-2004-1119 

Van Dyke SecureCRT < 4.1.9 Telnet URI Remote Command Execution 


RISK: 

MEDIUM 



using a vulnerable version of SecureCRT, a SSH/Telnet client built for Microsoft Windows 

operating systems. It has been reported that SecureCRT does not safely check the protocol 

handler. As a result, an attacker may be able to exploit it by setting up a malicious SMB 

share. 

Solution: Upgrade to SecureCRT 4.1.9 or higher. 

CVE-2004-1541 

ProZilla Multiple Remote Buffer Overflows 




is using Prozilla, a download accelerator for Linux and Unix systems. The remote version 

of this software contains multiple security issues that may allow an attacker to execute code 

on the remote host.\nAn attacker needs to create a malicious HTTP server and entice the 

user to download a file on this server. 



CVE-2004-1120 

AppServ Open Project Remote Insecure Default Password 


RISK: 

MEDIUM 



credentials.\n\nThe remote MySQL server appears to allow connections as root without a 

password. AppServ Open Project, an installation utility for APACHE/PHP/MySQL under 

Windows, creates a passwordless database by default. Anyone can log into the database and 

change data or increase their privileges. 

Solution: Connect to the remote MySQL database and set a password. 

CVE-2004-1532 

Alt-N MDaemon File Creation Local Privilege Escalation 


Description: Synopsis :\n\nThe remote host is vulnerable to a local buffer overflow.\n\nThe remote host 

is running ALT-N MDaemon, a mail server for Microsft Windows. There is a local 

privilege escalation vulnerability in the remote version of this software that may allow a 

local attacker to execute arbitrary code on the remote host with the SYSTEM privileges. 


CVE-2004-2504 

Brooky CubeCart < 2.0.2 index.php cat_id Parameter SQL Injection 



attack.\n\nThe remote host is using Brooky CubeCart, an online storefront application 

written in PHP. A vulnerability exists in the remote version of this product that may allow a 

remote attacker to perform a SQL injection attack against the remote host. An attacker may 

exploit this flaw to execute arbitrary SQL statements against the remote database and 

possibly execute arbitrary commands on the remote host. 

Solution: Upgrade to Brooky CubeCart 2.0.2 or higher. 

CVE-2004-1580 


Youngzsoft CMailServer < 5.2.1 Multiple Remote Vulnerabilities 




attack.\n\nThe remote host is running YoungZSoft CMail Server, a mail server for 

Microsoft Windows. There are multiple remote vulnerabilities such as buffer overflows, 

SQL injection, and HTML injection in the remote version of this software that may allow 

an attacker to execute arbitrary code on the remote host. 


CVE-2004-1129 

KorWeblog < 1.6.2 Remote Directory Listing 



attacks.\n\nThe remote host is using KorWeblog, a web-based log application written in 

PHP. A vulnerability exists in the remote version of this product that may allow a remote 

attacker to disclose directory listings. Information disclosures could help the attacker in 

further attacks. 


CVE-2004-1427 

Open DC Hub RedirectAll Value Remote Buffer Overflow 


RISK: 

MEDIUM 



running a version of Open DC Hub, a peer to peer file sharing application, that is 

vulnerable to a remote buffer overflow. A successful exploit would allow a remote attacker 

to execute code on the remote host. It must be noted that the remote attacker needs 

administrative access to this application. 


CVE-2004-1127 

MailEnable < 1.53 IMAP Service Multiple Remote Pre-Authentication Buffer Overflows 



running a version of MailEnable Professional that is older than version 1.53. The remote 

version of this software is known to be prone to multiple remote buffer overflow 

vulnerabilities that have been fixed in version 1.53. 




CVE-2004-2501 

WS_FTP Server < 5.04 Multiple Vulnerabilities (2) 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nThis host is running a 

vulnerable version of WS_FTP Server. Versions up to and including 5.03 are reported 

prone to multiple buffer overflows that may be used by an attacker to execute arbitary code 

on the remote system. 


CVE-2004-1135 

JanaServer < 2.4.5 Multiple Remote DoS 



remote host is running a version of JanaServer that is vulnerable to various denial of service 

issues.\nAn attacker may exploit these vulnerabilities by sending a malformed request to 

the remote service and cause it to enter an infinite loop, thus refusing connections and using 

100% of the CPU of the remote host. 

Solution: Upgrade to JanaServer 2.4.5 or higher. 


Mercury Mail Remote IMAP Stack Buffer Overflow 



running Mercury Mail server, an IMAP server for Windows operating systems. It is 

reported that versions up to and including 4.01 are prone to stack buffer overflow 

vulnerabilities. An authenticated attacker may execute arbitrary code on the remote server. 

The attacker needs to authenticate in order to exploit these vulnerabilities against the IMAP 

server. 


CVE-2004-1211 

YaBB Shadow BBCode Tag XSS 



RISK: 

MEDIUM 



Description: Synopsis :\n\nThe remote host is vulnerable to a script injection attack\n\nThe remote host 

is using the YaBB web forum software.\nAccording to its version number, the remote 

version of this software is vulnerable to JavaScript injection issues using shadow or glow 

tags. This may allow an attacker to inject hostile JavaScript into the forum system to steal 

cookie credentials or misrepresent site content. When the form is submitted the malicious 

JavaScript will be incorporated into dynamically generated content. 

Solution: Upgrade to YaBB 1 Gold SP 1.4 or higher. 


Post-Nuke pnTresMailer Directory Traversal Arbitrary File Access 


RISK: 

MEDIUM 



host is running a version of the pnTresMailer PostNuke module that is vulnerable to a 

directory traversal attack.\nAn attacker may use this flaw to read arbitrary files on the 

remote web server with the privileges of the web server process. 


CVE-2004-1205 

Paros Web Proxy Detection 



corporate policy.\n\nThe remote host is running Paros version: %L \n \n Paros is a web 

proxy that is used to test the security of web applications and servers. A remote user 

running Paros can surrepititiously test the web server for SQL injection, cross-site 

scripting, buffer overflows, and more. 

Solution: Ensure that the remote Paros server is authorized for use within your environment. 


Visionael Scanner Detection 




corporate policy.\n\nThe remote host is running Visionael Scanner. Visionael scanner is a 

network discovery and penetration testing tool. The presence of this tool typically indicates 

that someone is scanning the network for vulnerabilities. 

Solution: Ensure that the remote Visionael server is authorized for use within your environment. 



Make Love Not Spam Screen Saver Detection 



corporate policy.\n\nThe remote host is running the 'Make Love Not Spam' screensaver. 

This screensaver, downloaded from Lycos, participates in a Denial of Service (DoS) attack 

against known spammers. 

Solution: Ensure that running this client is within acceptable use. 


Mac OS X Multiple Vulnerabilities (Security Update 2004-12-02) 


MEDIUM 



remote host is missing Security Update 2004-12-02. This security update contains a number 

of enhancements for the following programs :\n\n - Apache\n - Apache2\n - AppKit\n - 

Cyrus IMAP\n - HIToolbox\n - Kerberos\n - Postfix\n - PSNormalizer\n - QuickTime 

Streaming Server\n - Safari\n - Terminal 


CVE-2004-1089 

PAFileDB Multiple Information Disclosure Vulnerabilities 


RISK: 

MEDIUM 



attacks.\n\nThe remote host is using PAFileDB.\nAccording to its version number, the 

remote version of this software is vulnerable to path and password hash disclosure. This 

may allow an attacker to perform brute force attack on the password hash and gain access 

to account information. 


CVE-2004-1219 


ViewCVS < 1.0-dev Multiple Unspecified Vulnerabilities 




remote host is using the ViewCVS, a tool to browse CVS repositories.\nAccording to its 

version number, the remote version of this software is vulnerable to multiple unspecified 


Solution: Upgrade to version 1.0-dev or higher. 

CVE-2004-0915 

PHP Live! < 2.8.2 Remote Configuration File Include 


Description: Synopsis :\n\nThe remote host is vulnerable to a script injection attack.\n\nThe remote host 

is running PHP Live!, a live support system for web sites.\nThe remote version of this 

software contains an unspecified flaw that may allow an attacker to include a configuration 

file hosted on a third party server.\nAn attacker may exploit this flaw to execute arbitrary 

PHP code on the remote host. 


CVE-2004-2485 

Squid Proxy Failed DNS Lookup Random Error Messages Information Disclosure 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote proxy can be tricked into disclosing portions of its 

memory.\n\nThe remote host running a Squid proxy on this port.\nThere is a vulnerability 

in the remote version of this software that may allow an attacker to disclose the content of 

its memory by causing the use of a freed pointer. 

Solution: Upgrade to Squid 2.5.STABLE8 or 3.0-PRE4 or apply the vendor patches. 

CVE-2004-2479 

GNU WGet Multiple Remote Vulnerabilities 


RISK: 

MEDIUM 



is using a version of wget that contains bugs that may allow a malicious to server to 

overwrite or inject data in files or perform a directory traversal. 


CVE-2004-1487 



OpenText FirstClass HTTP Daemon Search DoS 



remote host is running OpenText FirstClass, a web based unified messaging system.\nThe 

remote version of this software is vulnerable to an unspecified Denial of Service attack that 

may allow an attacker to disable this service remotely. 


CVE-2004-2496 

IlohaMail < 0.8.14-RC1 Unspecified Vulnerability 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nThe target is running 

at least one instance of IlohaMail version 0.8.13 or earlier.\nThe remote version of this 

software is vulnerable to an unspecified vulnerability announced by the vendor. 

Solution: Upgrade to IlohaMail version 0.8.14RC1 or higher. 

CVE-2004-2500 

phpMyAdmin < 2.6.1-pl1 Remote Command Execution 



arbitrary commands.\n\nThe remote host is running phpMyAdmin, an open-source software 

written in PHP to handle the administration of MySQL over the Web.\nThe remote version 

of this software is vulnerable to arbitrary command execution due to a lack of user-supplied 

data sanitization.\nIn addition, the remote host is vulnerable to multiple remote Cross-Site 

Scripting (XSS) flaws. An attacker exploiting these flaws would need to be able to 

convince a user into clicking on a malicious URL. Upon successful exploitation, the 

attacker would be able to steal credentials or execute code within the browser.\nThirdly, the 

remote host is vulnerable to a flaw in the way that it handles user-supplied variables that 

are used within included files. An attacker exploiting this flaw would pass malicious data to 

the server that the server would then include within the executing script code. A successful 

exploit would result in the attacker being able to execute arbitrary code on the server. 


CVE-2005-0543 

phpDig < 1.8.5 Unspecified Vulnerability 



RISK: 

MEDIUM 




authentication.\n\nThe remote host is running phpDig, an open-source search engine 

written in PHP.\nThe remote version of this software is vulnerable to a flaw that may allow 

an attacker to tamper with the integrity of the remote host. 



Citadel/UX Remote Format String 



running Citadel/UX, a BBS software for Unix systems.\nThere is a format string issue in 

the remote version of this software that may be exploited by an attacker to execute arbitrary 

commands on the remote host. The remote version of Citadel/UX is also known to be 

vulnerable to a buffer overflow in the way that select() function is performed. 



Nullsoft Winamp Large MP4 / M4A File Remote DoS 



using WinAMP, a popular media player that handles many files format (mp3, wavs and 

more).\nThe remote version of this software is vulnerable to a denial of service 

vulnerability when it processes malformed .mp4 and .m4a files. An attacker may exploit 

this flaw by sending malformed files to a victim on the remote host. 


CVE-2004-1396 

Serendipity < 0.7.1 compat.php searchTerm Parameter XSS 


RISK: 

MEDIUM 


Description: The remote host is running Serendipity. Serendipity is a blogging software that is 

implemented in PHP. This version of Serendipity is vulnerable to a remote Cross-Site 

Scripting (XSS) attack. 

Solution: Upgrade to Serendipity 0.7.1 or higher. 

CVE-2004-2525 



PHPGroupWare Multiple XSS and SQL Injection Vulnerabilities 



attack.\n\nThe remote host seems to be running PHPGroupWare, a groupware system 

implemented in PHP. This version is reported to be vulnerable to a cross-site scripting issue 

and a SQL injection vulnerability. An attacker may gain access to unauthorized information 

or may steal cookie-based authentication credentials from a legitimate user by sending the 

user a malformed link to this web site. 


CVE-2004-1383 

MPlayer < 1.0pre5try2 Get_Header Remote Client-Side Buffer Overflow 



using a version of Mplayer, a multimedia video and audio application, that contains bugs 

that may allow a malicious server to overwrite a buffer and execute code. 

Solution: Upgrade to Mplayer 1.0pre5try2 or higher. 


Xine-Lib < 1.0-rc8 Remote Client-Side Buffer Overflow 



using Xine, an open-source multimedia player. It is reported that versions up to 1.0 rc7 are 

vulnerable to a buffer overflow. An attacker may craft a malicious multimedia file that may 

execute arbitrary code on the remote host if played with Xine. 

Solution: Upgrade to Xine 1.0-rc8 or higher. 


PHP < 4.3.10 / 5.0.3 Multiple Vulnerabilities 




is running a version of PHP which is older than 5.0.3 or 4.3.10.\nThe remote version of this 

software is vulnerable to various security issues that may, under certain circumstances, 

allow attackers to execute arbitrary code on the remote host, provided that they can pass 

arbitrary data to some functions or bypass safe_mode. The reported version of PHP is: \n 

%L 


Solution: Upgrade to PHP 5.0.3 or 4.3.10 or higher. 

CVE-2004-1065 

IBM WebSphere Commerce Database Update Default User Information Disclosure 



sensitive files or data.\n\nThe remote WebSphere webserver is vulnerable to an 

information leak. User information is sometimes stored under the profile of the 

'default' user. Unintended users may gain access to this information and use the 

information to elevate privileges on the remote machine. It is also possible that the 

default user account may disclose information regarding other users. 



Ikonboard < 3.1.3 ikonboard.cgi Multiple Parameter SQL Injection 



attack.\n\nThe remote host appears to be running Ikonboard, a bulletin board service 

implemented in Perl. This version is reported vulnerable to a SQL injection vulnerability. 

An attacker may gain access to unauthorized information or may steal authentication 

credentials by sending malformed string to ikonboard.cgi. 

Solution: Upgrade to Ikonboard 3.1.3 or higher. 

CVE-2004-1406 

Samba < 3.0.10 Directory Access Control List Remote Integer Overflow 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a remote overflow.\n\nThe remote Samba 

server, according to its version number ('%L'), may be vulnerable to a remote buffer 

overflow.\nThe remote integer overflow vulnerability may allow an attacker to execute 

code on the server.\n An attacker needs access to a vulnerable share to exploit this issue. 


CVE-2004-1154 

JSBoard Remote Arbitrary Script Upload 





attack.\n\nThe remote host seems to be running Ikonboard, a bulletin board service 

implemented in Perl. This version is reported vulnerable to a SQL injection vulnerability. 

An attacker may gain access to unauthorized information or may steal authentication 

credentials by sending malformed string to ikonboard.cgi. 

Solution: Upgrade to Ikonboard 2.0.9, Ikonboard-win32 1.3.13 or higher. 


WordPress < 1.2.2 Multiple Vulnerabilities (XSS, HTML Injection, SQL Injection) 


RISK: 

MEDIUM 


Description: The remote host is running WordPress, a web blog manager written in PHP.\nThe remote 

version of this software is vulnerable to various flaws that may allow an attacker to perform 

an HTML injection attack against the remote host or to allow an attacker to execute 

arbitrary SQL statements against the remote database. 

Solution: Upgrade to WordPress 1.2.2 or higher. 

CVE-2004-1584 

Singapore Gallery Multiple Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to multiple attack vectors.\n\nSingapore is a 

PHP based photo gallery web application. The remote version of this software is vulnerable 

to multiple flaws that may allow an attacker to read arbitrary files on the remote host or to 

execute arbitrary PHP commands. 

Solution: Upgrade to Singapore 0.9.11 or higher. 

CVE-2004-1408 

Opera < 7.54u1 Download Box Spoofing 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote browser allows attackers to spoof download file 

extensions.\n\nThe remote host is using a version of Opera that is prone to a security flaw 

where a malicious website can spoof a filename within a download dialog box. An attacker 

exploiting this flaw would need to be able to entice a local user to browse to a malicious 

website. Upon visiting the website, the user would download a file with an obfuscated 

name. 


Solution: Install Opera 7.54u1 or higher. 

CVE-2004-1490 

Netscape < 7.2 Cross-domain Window Injection 


Description: Synopsis :\n\nThe remote browser allows attackers to spoof popup windows.\n\nThe 

remote host is using the Netscape 7 web browser. There is a flaw in this version of 

Netscape browser that allows an attacker to spoof popup windows from trusted hosts. An 

attacker exploiting this flaw would need to be able to entice a user to browse a malicious 

website while browsing a trusted site in another browser window. These sort of attacks are 

commonly referred to as 'Phishing' attacks. \nThe remote host is running Netscape version 

%L 

Solution: Upgrade to Netscape 7.2 or higher. 

Retina REM Detection 

CVE-2004-1160 



corporate policy.\n\nThe remote host is running the EEYE REM server. This server is used 

to manage multiple EEYE Retina scanners. The presence of this server indicates that a 

group is scanning the network for vulnerabilities. \nThe version of the REM server is %L 

Solution: Ensure that these servers are authorized for your network. 


CVSTrac < 1.1.5 Unspecified XSS 



remote host is using the CVSTrac, a tool to browse CVS repositories.\nAccording to its 

version number, the remote version of this software is vulnerable to an unspecified 



CVE-2004-1146 

GREED Multiple Remote Vulnerabilities 





application.\n\nThe remote host is using GREED, a wget-like tool to fetch HTTP and FTP 

data from a command-line.\nThis software is unmaintained and contains multiple flaws that 

may allow an attacker to execute arbitrary commands on the remote host by sending 

malformed replies to the client requests. 

Solution: Discontinue the usage of this software. 


RealPlayer Unspecified Remote Buffer Overflow 



version number, the version of Realplayer is vulnerable to several remote 

overflows.\nRealplayer is a multimedia player. An attacker exploiting this flaw would need 

to be able to convince a local user into visiting a malicious URL or downloading a 

malicious RealPlayer media file that would execute code with the privileges of the local 

user. 


CVE-2004-0550 

ArGoSoft Mail Server < 1.8.7.0 Unspecified XSS 


RISK: 

MEDIUM 



remote host is running the ArGoSoft Mail Server. It is reported that ArGoSoft Mail Server 

is prone to a HTML injection vulnerability. An attacker exploiting this flaw may be able to 

steal cookie-based authentication credentials. 



Namazu < 2.0.14 Multiple Vulnerabilities 



remote host is running Namazu, a web-based search engine.\nThe remote version of this 

software is vulnerable to various flaws that may allow an attacker to perform a cross-site 

scripting attack using the remote host or to execute arbitrary code on the remote system 

with the privileges of the web server. 

Solution: Upgrade to Namazu 2.0.14 or higher. 



2BGal SQL Injection 

CVE-2004-1318 


Description: Synopsis :\n\nThe remote host is vulnerable to a SQL Injection attack\n\nThe remote host 

appears to be running 2BGal, a photo gallery software written in PHP.\nThere is a flaw in 

the remote software which may allow anyone to inject arbitrary SQL commands, which 

may in turn be used to gain administrative access on the remote host. 

Solution: Upgrade to the latest version of this software 

CVE-2004-1415 

SHOUTcast < 1.9.5 Filename Remote Format String 



host is running SHOUTcast server.\nThe remote version of this software is vulnerable to a 

format string attack that may let an attacker execute arbitrary code on the remote host by 

sending a malformed request to it. 

Solution: Upgrade to SHOUTcast 1.9.5 or higher. 

CVE-2004-1373 

Help Center Live Multiple Vulnerabilities 



authentication.\n\nThe remote web server is running Help Center Live, a help desk 

application written in PHP.\nThe remote version of this software is vulnerable to various 

flaws that may allow an attacker to execute arbitrary commands on the remote host. 


CVE-2005-1674 

ViewCVS < 1.0.0 HTTP Response Splitting 



Description: Synopsis :\n\nThe remote host is vulnerable to a HTTP response splitting attack.\n\nThe 

remote host is running ViewCVS, a tool to browse CVS repositories over the web. There is 

a flaw in the remote ViewCVS server that may allow an attacker to steal the credentials of 

third-party users via an HTTP response splitting attack. 



CVE-2005-4831 

Owl < 0.74.0 Multiple Vulnerabilities 



is using Owl Intranet Engine, an open-source file sharing utility written in PHP.\nThe 

remote version of this software is vulnerable to various flaws that may allow an attacker to 

execute arbitrary SQL statements against the remote database or to perform a cross-site 

scripting attack against third party users by using the remote server. 

Solution: Upgrade to Owl 0.74.0 or higher. 

CVE-2005-0264 

PHProxy index.php error Parameter XSS 


RISK: 

MEDIUM 



attack.\n\nThe remote host is using PHProxy, an open-source HTTP proxy written 

in PHP.\nThe remote version of this software is vulnerable to a cross-site scripting 

flaw that may allow an attacker to steal user credentials. 


CVE-2004-2604 

Mozilla < 1.7.5 Network News Transport Protocol Remote Heap Overflow 



using Mozilla.\nThe remote version of this software is vulnerable to a heap overflow 

against its NNTP functionality. This may allow an attacker to execute arbitrary code on the 

remote host. To exploit this flaw, an attacker would need to set up a rogue website and lure 

a victim on the remote host into visiting it. 


CVE-2005-0150 


Macallan Mail Solution < 4.1.1.0 Multiple HTTP Vulnerabilities 




host is running Macallan Mail Solution, a mail server (POP,SMTP,HTTP) for 

Windows. It is reported that Macallan Mail Solution is prone to a HTTP GET 

buffer overflow vulnerability and to an authentication bypass vulnerability. An 

attacker exploiting those flaws may be able to access an administrative interface, 

crash the service or execute arbitrary code. 



FlatNuke < 2.5.2 Form Submission Arbitrary Script Injection 


RISK: 

MEDIUM 



is running FlatNuke, an open-source content management system.\nThe remote version of 

this software is prone to a form submission vulnerability. This may allow an attacker to 

execute script on the remote host. 


CVE-2005-0267 

All Enthusiast PhotoPost PHP Pro < 4.8.6 Multiple XSS 



attack.\n\nThe remote host is running All Enthusiast PhotoPost PHP, a web-based 

gallery application.\nThe remote version of this software is prone to multiple 

cross-site scripting vulnerabilities. This may allow an attacker to steal 

authentication credentials. 


CVE-2005-0273 

MyBulletinBoard Multiple SQL Injection Vulnerabilities 



RISK: 

MEDIUM 



injection attack.\n\nThe remote host is running MyBulletinBoard, a PHP-based 

bulletin board. The remote version of this software is prone to SQL injection 

attacks due to its failure to sanitize user-supplied input to various scripts before 

using it in database queries. This may allow an attacker to uncover sensitive 

information (such as password hashes), access the Admin Control Panel without 

authentication, modify existing data, and launch attacks against the underlying 


database. 


CVE-2005-0282 

All Enthusiast ReviewPost PHP Pro < 2.5.2 Multiple Input Validation Vulnerabilities 



is running All Enthusiast ReviewPost, a web-based bulletin board written in PHP.\nThe 

remote version of this software is prone to multiple input validation vulnerabilities. This 

may allow an attacker to steal authentication credentials, inject SQL data or run arbitrary 

scripts. 


CVE-2004-2175 

b2evolution index.php SQL Injection 



attack.\n\nThe remote host is running b2evolution, a web-based blog engine written in 

PHP.\nThe remote version of this software is prone to a SQL injection vulnerability. This 

may allow an attacker to steal authentication credentials or run arbitrary code on the remote 

host. 



Google API "Google Hacking" Detection 

PVS ID: 2488 FAMILY: Internet Services RISK: LOW NESSUS ID:Not Available 


corporate policy.\n\nThe remote host appears to be using the Google API to execute 

'Google hacking' queries. Many vulnerabilities can be found by querying for the error string 

(or similar) coming from an incorrectly configured or broken web application. An attacker 

queries the Google cache for these error strings which then gives them a list of potential 

targets. 

Solution: Ensure that this behavior is in accordance with corporate standards and policies. 



Lotus Domino Default Administration Database Detection 



RISK: 

MEDIUM 



sensitive files or data.\n\nThe remote Lotus Domino server is running with the default 

administrative databases. An attacker finding these databases may be able to pull 

confidential data from the remote database. 

Solution: Restrict access to these databases. 

CVE-2002-0664 

Big Sister Information Leak 



attacks.\n\nThe remote host is running Big Sister network monitoring software. Big Sister 

gives anonymous users quite a bit of information regarding critical servers, uptime, 

response times, and more. An attacker accessing these pages would be able to map out 

potential targets 

Solution: Use ACLs or firewalls to prevent network-based access. 


Squid Server Report Information Disclosure 



attacks.\n\nThe remote host is running the Squid proxy. The server has web-based proxy 

reporting enabled. An attacker viewing these pages would be able to gain information that 

may be useful in future attacks. 

Solution: Use ACLs to protect the Squid proxy reports. 


Ganglia Cluster Report Information Disclosure 




attacks.\n\nThe remote host is running the Ganglia Cluster Toolkit. This toolkit is used to 

manage and display information regarding critical servers. Anonymous users who access 

this toolkit would be able to peruse the different machines in the cluster. In addition, they 

would be able to query each specific machine for information regarding OS level, current 

load and more. 


Solution: Use ACLs to protect the Ganglia Cluster Report. 


WebLog Information Disclosure 



attacks.\n\nThe remote host is running the WebLog report generator. This application 

parses the web logs and gives information regarding files accessed, errors, site referers and 

more. An attacker perusing this page would be able to gather information useful in further 

attacks against the web server. 

Solution: Use ACLs to protect the WebLog Reports. 


Getstats Report Information Disclosure 



attacks.\n\nThe remote host is running the Getstats Report generator. Getstats parses web 

logs and gives a potential attacker information regarding the hosts that have accessed the 

server, resources accessed, total statistics for the Web server, version of Web server and 

more. 

Solution: Use ACLs to protect the Getstats Report. 


wwwstat Report Information Disclosure 



attacks.\n\nThe remote host is running the wwwstat Report generator. Wwwstat parses web 

logs and gives a potential attacker information regarding the hosts that have accessed the 

server, resources accessed, total statistics for the Web server, version of Web server and 

more. 

Solution: Use ACLs to protect the wwwstat report. 


Hassan Shopping Cart Detection 



RISK: 

MEDIUM 



Description: The remote server is running the Hassan Shopping Cart script. This script is used to 

manage online shopping carts. There have been many vulnerabilities noted in the Hassan 

CGI scripts. \nThe version of Hassan Shopping Cart is %L 



Cisco 'tech-support' Anonymous User Debugging Information Disclosure 



sensitive files or data.\n\nCisco routers and switches ship with a default web interface that 

allows remote administrators to view the entire configuration via the web. Unfortunately, 

many of these devices are not password protected and allow anonymous users to download 

critical router/switch configuration information.\nAn attacker can download the Cisco 

configuration file by browsing to /exec/show/tech-support/cr 

Solution: Enable passwords for the Cisco IOS web server. 


Xerox Default Administrative Web Page Detection 


RISK: 

MEDIUM 



application.\n\nThe remote Xerox printer does not have a protected default configuration 

web page. An attacker connecting to the Xerox web server would be able to view and 

modify the printer configuration. 

Solution: Enable passwords for the XEROX printer. 


Mnogosearch search.cgi Detection 



application.\n\nThe remote host is running the mnogosearch search.cgi CGI program. There 

is a flaw in older versions of this software that may allow an attacker to gain a shell on this 

host. 

Solution: Upgrade or patch according to vendor recommendations, or discontinue use of the script. 

CVE-2003-0437 



Gallery Configuration Mode Authentication Bypass 



bypassing of authentication.\n\nThe remote server is running Gallery in 

configuration mode. Gallery is a software tool for webservers that allows for 

easy creation of online photo albums. This version of Gallery has been installed 

but not yet configured. Any remote user discovering the configuration screen 

may be able to modify web content on the remote server. 

Solution: Configure Gallery, then disable configuration mode. 


Policy - Xlink Online Gaming Client Detection (TCP) 


RISK: 

MEDIUM 


Description: The remote client is running the Xlink gaming console. Xlink allows individuals to connect 

Xbox, Playstation2, Gamecube, and other gaming clients up to central servers and play 

games against other Internet hosts. 

Solution: Ensure that this behavior is authorized for your network. 


Policy - Xlink Online Gaming Server Detection 


RISK: 

MEDIUM 


Description: The remote host is running the Xlink Gaming Server. Xlink allows individuals to connect 






Policy - Xlink Online Gaming Client Detection (UDP) 


Description: The remote client is running the Xlink gaming console. Xlink allows individuals to connect 






Awstats Web Statistics Server Detection 



attacks.\n\nThe remote web server is running the awstats statistics program. Awstats parses 

the web logs and gives a potential attacker information regarding hosts that have accessed 

the server, resources accessed, total statistics for the Web server, version of Web server, 

and more. 

Solution: Use ACLs to protect the awstats report. 


Exim < 4.44 Illegal IPv6 Address / SPA Authentication Buffer Overflow 



running Exim, a message transfer agent (SMTP). It is reported that Exim is prone to an 

IPv6 address and a SPA authentication buffer overflow . An attacker exploiting those flaws 

may be able to execute arbitrary code on the remote host. Exim must be configured with 

SPA Authentication or with IPv6 support to exploit those flaws. 


CVE-2005-0022 

Webalizer Report Information Disclosure 



attacks.\n\nThe remote host is running the Webalizer Report generator. Webalizer parses 

web logs and gives a potential attacker information regarding hosts that have accessed the 

server, resources accessed, total statistics for the Web server, version of Web server, and 

more.\nThe version of Webalizer is: %L 

Solution: Use ACLs to protect the Webalizer report. 


osCommerce Admin Interface Detection 



RISK: 

MEDIUM 



Description: The remote server is running the admin interface of osCommerce. OsCommerce is an 

application for deploying and managing e-commerce servers. 

Solution: Ensure that only valid Administrators can access the Admin interface. Also ensure 

that you are running the latest version of osCommerce. 


Terminal Services Web Detection 



attacks.\n\nThe remote host appears to be configured to facilitate the client download of an 

ActiveX Terminal Services Client. Users can access the web page and click a 'connect' 

button that will prompt a client-side download of a .cab file that will be used to connect the 

client directly to a terminal services server using Remote Desktop Protocol -- RDP. You 

will want to manually inspect this page for possible information regarding systems offering 

RDP access, system information, IP addressing information, and more. 

Solution: Password protect access to the 'tsweb' resource. 


Nessus Scan Report Disclosure 



attacks.\n\nThe remote web server is hosting a Nessus scan report at the following location 

: \n%P\nAn anonymous user reading this report will be able to obtain information useful in 

attacking vulnerable hosts on the network. 

Solution: Remove or protect the scan report data. 


ISS Scan Report Disclosure 



attacks.\n\nThe remote web server is hosting an ISS scan report at the following URL : 

\n%P\nAn anonymous user reading this report will be able to obtain information useful in 

attacking vulnerable hosts on the network. 

Solution: Remove or protect the scan report data. 




Big Brother Information Disclosure 



attacks.\n\nThe remote host is running Big Brother network monitoring software. Big 

Brother gives anonymous users information regarding critical servers, uptime, response 

times, and more. An attacker accessing these pages would be able to map out potential 

targets. \nThe remote host is running Big Brother version: %L 

Solution: Protect the servers by using ACLs or firewalls. 


Dillo < 0.8.4-rc1 Interface Message Format String 


RISK: 

MEDIUM 



host is using Dillo, an alternative web browser for Unix and Linux.\nThe remote version of 

this software is vulnerable to a format string vulnerability. This may allow an attacker to 

overwrite data in memory. 

Solution: Upgrade to version 0.8.4-rc1 or higher. 

CVE-2005-0012 

PHPWind Board < 2.0.2 faq.php Remote File Inclusion 


Description: The remote host is running PHPWind Board, a web based bulletin board. There is a remote 

file inclusion vulnerability in older versions of this software that may allow an attacker to 




SNAP Network Attached Server Administration Page 



RISK: 

MEDIUM 


Description: The remote host is running the SNAP Network Attached Server. A SNAP server is a device 

that allows easy creation of network-attached services. SNAP ships with a default web 

server that allows anonymous users to peruse device configuration information, user lists, 

Administrative tasks, and more. 

Solution: Use ACLs to protect the SNAP Network Attached Server web pages. 



MikroTik Router Detection 


Description: The remote host is a MikroTik router. 

Solution: Ensure that this router and default web pages are in accordance with corporate policies. 


Oracle HTTP Listener Default Web Page Detection 


RISK: 

MEDIUM 



attacks.\n\nThe remote host is running the Oracle HTTP Configuration interface. This 

interface allows anonymous users to view configuration details. In addition, an attacker 

may be able to make configuration changes if the default settings are in place. 

Solution: Lock down or remove the Oracle HTTP Configuration interface. 


HylaFAX < 4.2.1 Remote Access Control Bypass 



bypassing of authentication.\n\nThe remote host is running HylaFAX, a fax 

transmission software. It is reported that HylaFAX is prone to an access control 

bypass vulnerability. An attacker exploiting this flaw may be able to gain 

unauthorized access to the service. 



POP Password Changer Unauthorized Password Change 



RISK: 

MEDIUM 



authentication\n\nThe remote host is running POP Password Changer, a server used to 

change POP users' passwords, that is vulnerable to unauthorized access. An attacker 

exploiting this flaw will be able to change users' passwords. 




Apple iTunes < 4.7.1 Playlist Buffer Overflow 


RISK: 

MEDIUM 



remote host is using iTunes, a media player application for Windows and Mac OS X. The 

remote version of this software is vulnerable to a buffer overflow. This may allow an 

attacker to execute code on the remote host. An attacker needs to send a malicious playlist 

to the user to exploit this flaw. 


CVE-2005-0043 

Squid Proxy < 2.5.STABLE8 Multiple Vulnerabilities 



remote Squid caching proxy, according to its version number, may be vulnerable to a 

remote denial of service.\n\nThis flaw is caused due to an input validation error in the 

NTLM module.\n\nAn attacker can exploit this flaw to crash the server with a specially 

crafted packet.\n\nThe remote Squid proxy is also vulnerable to a cache-corruption flaw 

due to incorrect parsing of malformed HTTP headers. An attacker exploiting this flaw 

would be able to poison the cache.\n\nThe remote Squid proxy is vulnerable to an 

authentication bypass\nin the squid_ldap_auth module as well as a remote overflow due to 

oversized HTTP headers. 


CVE-2005-0211 

Gracebyte Network Assistant Remote DoS 



remote host is using Gracebyte Network Assistant, a chat and instant messenger program 

for home and small office. The remote version of this software is vulnerable to a denial of 

service flaw. This may allow an attacker to crash the remote service. 



VideoDB < 2.0.2 Multiple Vulnerabilities 





attack.\n\nThe remote host is VideoDB, a web based video database manager written in 

PHP.\nThe remote version of this software is vulnerable to a SQL injection vulnerability 

due to a lack of filtering on user-supplied input. An attacker may exploit this flaw to 

modify the remote database.\nThis software may be vulnerable to an unauthorized access 

vulnerability in the file 'edit.php' that may allow an attacker to edit database entries. 

Solution: Upgrade to VideoDB 2.0.2 or higher. 


GNU Mailman Multiple Unspecified Remote Vulnerabilities 



remote host is running GNU Mailman, a web based software to manage mailing lists. There 

are multiple flaws such as information disclosure and cross-site scripting in the remote 

version of this software that may allow an attacker to steal user cookies to gain 

unauthorized access. 



BiTBOARD IMG BBCode Tag JavaScript XSS 


Description: Synopsis :\n\nThe remote host is vulnerable to a Script Injection attack\n\nThe remote host 

is running BiTBOARD, a web based bulletin board written in PHP. There is a JavaScript 

injection vulnerability in the remote version of this software that may allow an attacker to 

steal user's cookie to gain unauthorized access. 


CVE-2005-0374 

launch.yahoo.com Streaming Client Detection 



Description: The remote client is streaming video or audio from the Yahoo Launch servers. Yahoo 

Launch is a service that allows Yahoo users to download and view videos and songs from a 

variety of artists. This can potentially impact performance of bandwidth and user 

productivity. 

Solution: Ensure that this activity is sanctioned by policy and guidelines regarding acceptable 




Windows Media Player Version Information 


Description: The remote host is running Windows Media Player version %L 



Siteman forum.php page Parameter XSS 


Description: The remote host is running SiteMan, a content-management system written in PHP.\nThe 

remote version of this software is vulnerable to a remote cross-site scripting (XSS) attack. 

An attacker exploiting this flaw would be able to inject and run code on unsuspecting 

users.\nThe remote host is running Siteman version %L 



MaxDB WebSQL < 7.5.00.18 Remote Overflow 



running the MaxDB SAP Web server that includes an administrative CGI called WebSQL. 

It has been reported that there is a remote buffer overflow within the WebSQL logon form. 

Specifically, a large username is reported to trigger a buffer overflow. More generally, the 

existence of the WebSQL script indicates that regardless of the version, the site 

administrators have allowed remote plaintext administration of the server. An attacker can 

use anonymous access to gain information regarding configured databases, server name, 

physical path of files, and more. 

Solution: Upgrade to version 7.5.00.18 or higher. In addition, use access control lists to block 

anonymous access to the webserver configuration pages. 

CVE-2005-0111 


Konqueror < 3.3.2 Multiple Remote Java Sandbox Bypass 




remote host is using a version of Konqueror that is prone to a security flaw where a 

malicious website can bypass the browser Java sandbox.\nAs a result, an attacker may be 

able to read arbitrary files on the remote host by luring a victim into visiting a rogue 

website hosting a malicious Java applet. 

Solution: Install Konqueror 3.3.2 or higher. 


iCab Web Browser Remote Window Hijacking 



remote host is using a version of iCab that is prone to a security flaw that may allow a 

malicious website to influence a pop up window from a trusted site.\nAn attacker may 

exploit this flaw to impersonate third-party web servers and convince a victim on the 

remote host into revealing personal information. 



Konqueror Web Browser < 3.3.3 Remote Window Hijacking 



remote host is using a version of Konqueror that is prone to a security flaw that may allow 

a malicious website to influence a pop up window from a trusted site.\nAn attacker may 

exploit this flaw to impersonate third-party web servers and convince a victim on the 

remote host into revealing personal information. 

Solution: Install Konqueror 3.3.3 or higher. 

CVE-2004-1158 

Bugzilla < 2.18.0 Internal Error XSS 



remote server is running Bugzilla, a bug tracking system. There is a flaw in the remote 

installation of Bugzilla that may allow an attacker to perform a cross-site scripting attack 

by exploiting a bug in the way Bugzilla displays internal errors mixed with user-supplied 

data. 

Solution: Upgrade to Bugzilla 2.18.0 or higher. 



CVE-2004-1061 

Gallery Multiple Vulnerabilities 


RISK: 

MEDIUM 



remote host is running the Gallery web-based photo album.\nThere are various flaws in the 

remote version of this software that may allow an attacker to perform a cross-site scripting 

attack using the remote host, or to exploit an information disclosure flaw to gain more 

knowledge about the remote system. 



AWStats < 6.3 awstats.pl configdir Parameter Remote Command Execution 


Description: The remote host is running AWStats, a CGI log analyzer.\nThere are various flaws in the 

remote version of this software that may allow an attacker to execute code on the remote 

host. 

Solution: Upgrade to AWStats 6.3 or higher. 

CVE-2005-0116 

VBulletin Init.PHP Unspecified Remote Vulnerability 



authentication.\n\nThe remote host is running a version of vBulletin, a forum application 

implemented in PHP, that is vulnerable to an unspecified remote vulnerability. It is reported 

that versions prior to 3.0.5 are prone to this issue. Additionally, versions of vBulletin prior 

to 3.0.5 are vulnerable to a content-parsing flaw within the forumdisplay.php script. An 

attacker exploiting this flaw would be able to run arbitrary commands on the remote web 

server. 

Solution: Upgrade to vBulletin 3.0.5 or higher. 

CVE-2005-0429 

SparkleBlog journal.php SQL Injection 





attack.\n\nThe remote host is running SparkleBlog, a web blog. An attacker exploiting this 

flaw would only need to be able to craft a web request against the web server using the 

'journal.php' script.\nThe remote version is: %L 



Squid Proxy < 2.5.STABLE8 Gopher, WCCP, and Cache Poisoning Vulnerabilities 



remote Squid caching proxy, according to its version number, is vulnerable to several 

security flaws :\n\n- There is a buffer overflow issue when handling the reply of a rogue 

gopher site. To exploit this issue, an attacker would need to use the remote proxy to visit a 

specially setup gopher site generating malformed replies \n\n- There is a denial of service 

vulnerability in the WCCP code of the remote proxy. To exploit this flaw, an attacker 

would need to guess the IP of the WCCP router used by the proxy and spoof a malformed 

UDP packet using the router IP address. There are several flaws in the way that the Squid 

proxy caches pages.\nAn attacker exploiting these flaws would be able to poison the 

Squid\ncache. 


CVE-2005-0241 

NETGEAR Router Detection 


Description: The remote host is a NETGEAR VPN router. A VPN is a connection protocol that allows 

users or companies to connect to remote networks seamlessly.\nThe NETGEAR version 

number is: %L 

Solution: Ensure that you are running the latest firmware for this version. 


NETGEAR Router Log Viewer XSS 




remote host is running a NETGEAR VPN router with Firmware version 2.4. A VPN is a 

connection protocol that allows users or companies to connect to remote networks 

seamlessly. Firmware version 2.4 of the NETGEAR router is reported to be prone to code 

injection and/or cross-site scripting (XSS) attacks. 



CVE-2005-0291 

Ocean12 ASP Calendar Administrative Interface Access 



authentication.\n\nThe remote host is running Ocean12 ASP Calendar, a web 

based\napplication written in ASP.\n\nThere is a flaw in the remote software that may 

allow anyone\nto execute admnistrative commands on the remote host by requesting\nthe 

page /admin/main.asp.\n\nAn attacker may exploit this flaw to deface the remote site 

without\nany credentials.\n 


CVE-2004-1400 

Microsoft Anti-Spyware Detection 



manner.\n\nThe remote host is running the Microsoft Anti-Spyware tool. Further, the 

administrators have not disabled the default 'Spyware Community' feature. The Spyware 

Community feature allows Microsoft to centrally track information regarding infected files, 

versions, locations, and more. When a file is flagged as being spyware, the remote host will 

automatically send this information (via the Internet) to Microsoft servers. 

Solution: Ensure that the 'Spyware Community' feature is in alignment with corporate policies and 

procedures. 

Tor Tunnel Detection 



RISK: 

MEDIUM 


Description: The remote client just started a Tor tunnel for routing network traffic over the Tor Tunnel 

network. The Tor tunnel allows users to run applications such as peer-to-peer clients, 

instant messaging and web browsers over a single encrypted tunnel. Tor also tunnels and 

encrypts the DNS requests associated with such applications. By sending traffic over the 

Tor network, users can bypass corporate policies, firewalls, and guidelines. 

Solution: Ensure that the usage of the Tor network is in alignment with corporate polices and 

guidelines. 




Tor Tunnel Detection 



corporate policy.\n\nThe remote client is routing network traffic over the Tor Tunnel 

network. The Tor tunnel allows users to run applications such as peer-to-peer clients, 

instant messaging, web browsers over a single encrypted HTTP tunnel. Tor also tunnels 

and encrypts the DNS requests associated with such applications. By sending traffic over 

the Tor network, users can bypass corporate policies, firewalls, and guidelines. 


guidelines. 


CMSimple < 2.4 Beta 5 Multiple Remote Input Validation Vulnerabilities 



host is running a version of CMSimple, a content management system. The remote version 

of this software is prone to multiple input validation vulnerabilities. An attacker may 

exploit these flaws to inject arbitrary code to steal authentication cookies. 

Solution: Upgrade to CMSimple 2.4 Beta 5 or higher. 


Siteman < 1.1.11 Page User Database Privilege Escalation 


RISK: 

MEDIUM 



authentication.\n\nThe remote host is running Siteman, a web-based content management 

system written in PHP. The remote version of this software is vulnerable to a privilege 

escalation vulnerability. An attacker with a valid username and password may escalate 

privileges by making a specially crafted request to the remote server. 

Solution: Upgrade to SiteMan 1.1.11 or higher. 

CVE-2005-0305 

ExBB Nested BBcode XSS 



RISK: 

MEDIUM 




is running ExBB, a bulletin board system written in PHP.\nThe remote version of this 

software is vulnerable to a script injection vulnerability.\nAn attacker may post a forum 

comment in the remote application containing rogue JavaScript tags that will be executed in 

the browsers of legitimate visitors of the remote web site. 



Konversation IRC Client < 0.15.1 Multiple Remote Vulnerabilities 


RISK: 

MEDIUM 



remote host is running a Konversation, an IRC client. The remote version of this software 

may be vulnerable to a remote Denial of Service attack and shell code execution attack. 

Solution: Upgrade to Konversation 0.15.1 or higher. 

CVE-2005-0131 

Cisco IOS Telephony SCCP Control DoS (CSCee08584) 


RISK: 

MEDIUM 



remote router contains a version of IOS that has flaw in its telephony\nservice.\n\nIf the 

remote router is configured for ITS, CME or SRST, then an attacker\n\nmay send 

malformed TCP queries to the remote host resulting in a reboot\n\nof the router.\nCISCO 

identifies this vulnerability as Bug ID CSCee08584 


CVE-2005-0186 

JSBoard < 2.0.10 session.php Arbitrary File Access 



RISK: 

MEDIUM 



sensitive files or data.\n\nThe remote host appears to be running Ikonboard, a bulletin board 

service implemented in Perl. This version is reported to be vulnerable to a file disclosure 

flaw within the session.php file. Specifically, when the server is configured with PHP 

'magic_quotes_gpc' disabled, a remote attacker can use session.php to read any file on the 

web server that is readable by the web process owner. 



CVE-2005-0300 

SquirrelMail < 1.4.4-RC1 webmail.php XSS 


Description: The remote host is running SquirrelMail, a webmail system written in PHP. Versions of 

SquirrelMail prior to 1.4.4-RC1 are vulnerable to a cross-site scripting (XSS) vulnerability. 

A remote attacker can exploit this flaw to run malicious code within a web browser. 

Solution: Upgrade to version 1.4.4-RC1 or higher. 

CVE-2005-0075 

MercuryBoard < 1.1.2 Multiple Vulnerabilities 



attack.\n\nThe remote host is running MercuryBoard, a web-based message board. This 

version of MercuryBoard is vulnerable to multiple vulnerabilities that include: cross-site 

scripting (XSS), SQL Injection, and path disclosure. An attacker exploiting these flaws 

would be able to elevate privileges and/or execute code. 


CVE-2005-0307 

3[APA3A] Proxy Remote Overflow 



running the 3[APA3A] Proxy. There is a flaw in this version of the proxy engine that 

allows remote attackers to potentially overwrite critical memory, thus allowing for remote 

code execution.\nThe remote proxy is running version: %L 



3[APA3A] Proxy Detection 



Description: The remote host is running the 3[APA3A] Proxy version %L. 

Solution: Ensure that the proxy is authorized in accordance to policies and procedures 

regarding appropriate network use. 



Comersus Default Install Script Admin Access 



authentication.\n\nThe remote host is running Comersus, a web application shopping cart. 

This version of Comersus is vulnerable to a remote attack where anonymous users can gain 

administrative access by requesting a .asp script that was a part of the install process but 

never deleted after the install. 

Solution: Delete all /comersus_backoffice_install scripts. In addition, upgrade or patch according to 

vendor recommendations. 


Mac OS X Multiple Vulnerabilities (Security Update 2005-001) 



remote host is missing Security Update 2005-001. This security update contains a number 

of enhancements for the following programs :\n\n - at commands\n - ColorSync\n - 

libxml2\n - Mail\n - PHP\n - Safari\n - SquirrelMail\n 


CVE-2005-0525 

ISC BIND < 8.4.6 q_usedns Array Remote Overflow DoS 


RISK: 

MEDIUM 



attack.\n\nThe remote BIND DNS server is, according to its version number, 

vulnerable to a remote buffer overflow in the 'q_usedns' buffer. An attacker may be 

able to launch a denial of service attack against the remote BIND Server. 

Solution: Upgrade to Bind 8.4.6 or higher or the newest version of BIND 9. 

CVE-2005-0033 

ISC BIND < 8.4.6 dnssec authvalidated Crafted Packet Remote DoS 



RISK: 

MEDIUM 




remote BIND server, according to its version number, has a flaw in the way 

'authvalidator()' is implemented. An attacker may be able to launch a denial of service 

attack against the remote service. 

Solution: Upgrade to Bind 8.4.6 or higher or the newest version of BIND 9. 

CVE-2005-0034 

Cisco IOS 12.0 IPv6 Remote DoS 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a Denial of Service (DoS) attack.\n\n The 

remote Cisco device has enabled IPv6. On many Cisco devices, it may be possible to make 

the remote device crash when sending it malformed IPv6 packets. These vulnerabilities 

would allow a remote attacker to potentially cause the Cisco machine to reboot repeatedly, 

causing a loss of availability. 

Solution: Ensure that IPv6 functionality is required and then ensure that a patched version of Cisco 

IOS is installed. 


gpsd < 2.8 gpsd_report() Function Remote Format String 



host is running GPSD, a daemon that monitors a GPS device\nand publishes its data over 

the network.\n\nThe remote version of this software is vulnerable to format string 

attack\ndue to the way it uses the syslog() call. An attacker may exploit this flaw\nto 

execute arbitrary code on the remote host. 

Solution: Upgrade to gpsd 2.8 or higher. 

gpsd Detection 



Description: The remote host is running GPSD, a daemon that monitors a GPS device and publishes its 

data over the network. 

Solution: Ensure that this server/service is in alignment with corporate policies and guidelines. 




Juniper Router Detection 


Description: The remote host is running the Juniper Router JUNOS version %L 

Solution: Ensure that the host is operating within acceptable corporate policies and standards. 


Juniper Router JUNOS Remote DoS 


RISK: 

MEDIUM 



remote host is running a vulnerable version of the Juniper JUNOS.\nThere is a reported 

flaw in this version of JUNOS that would allow a remote attacker to cause the Juniper 

router to fail. 

Solution: Ensure that the host is operating within acceptable corporate policies and standards. 

CVE-2004-0467 

Nullsoft Winamp < 5.0.8c IN_CDDA.dll Library Remote Overflow 


RISK: 

MEDIUM 



using Winamp, a popular media player that handles many file formats (mp3, wavs and 

more).\nThe remote version of this software is vulnerable to an overflow in the 

IN_CDDA.dll library. An attacker can entice a user to open a file or track with a long name 

to trigger an overflow on the remote machine. 

Solution: Upgrade to Winamp 5.0.8c or higher. 

CVE-2004-1150 

WarFTPd < 1.82.00-RC9 CWD Command Remote Overflow 


RISK: 

MEDIUM 



version of WarFTPd running on this host contains a vulnerability that may allow a potential 

intruder to craft an FTP 'CWD' command such that it causes the WarFTPd server to crash. 


CVE-2005-0312 



MRTG Web Application Detection 


Description: The remote host is running Multi Router Traffic Grapher (MRTG). MRTG is a web-based 

tool that collects data from routers and switches and then displays the information in a 

graph format. An attacker perusing this page would be able to gain information regarding 

routers, interfaces, traffic patterns, and more. This information could then be used to launch 

more sophisticated, targeted attacks.\nThe remote version of MRTG is %L 

Solution: Ensure that the page is protected by a password and/or ACLs. 


Mercury Test Director Application Detection 



attacks.\n\nThe remote host is running Mercury Test Director. Test Director is a web-based 

application that is used to aid in the planning, deployment, and testing of Internet 

applications. The application leaks information regarding broken applications, servers, and 

more.\nThe remote server is running version %L 

Solution: Ensure that the application utilizes strong ACLS and/or encryption. 


Lotus Domino Address Book Information Disclosure 



attacks.\n\nThe remote host is running Lotus Domino's names.nsf application. This 

application allows web clients to browse address books via the web. An attacker can use 

this information to mount more sophisticated attacks. 

Solution: Remove the application or use Access Control Lists (ACLs) to filter access to the 

application. 


UW-imapd CRAM-MD5 Authentication Bypass 



RISK: 

MEDIUM 



authentication.\n\nThere is a flaw in the remote UW-IMAP server that allows an 

authenticated user to log into the server as any user. The flaw is in the CRAM-MD5 

authentication theme. An attacker exploiting this flaw would only need to identify a 


vulnerable UW-IMAP server that had enabled the CRAM-MD5 authentication scheme. The 

attacker would then be able to log in as any valid user.\nIt is important to note that the 

IMAP daemon will automatically enable CRAM-MD5 if the /etc/cram-md5.pwd file exists. 

Solution: Upgrade or patch according to vendor recommendations. In addition, the fact that 

CRAM-MD5 is enabled indicates that the server is storing the IMAP passwords in 

plaintext. Ensure that the /etc/cram-md5.pwd file is mode 0400. 

CVE-2005-0198 

CoolForum < 0.8 SQL Injection 



attack.\n\nCoolForum is a bulletin board written in PHP. This version of CoolForum is 

vulnerable to a remote SQL injection attack. An attacker exploiting this flaw would be able 

to manipulate data and execute commands on the remote system. 



WebWasher Proxy Server < 3.4 Detection 



attacks.\n\nThere is a flaw in the remote WebWasher Proxy. The proxy, when issued a 

CONNECT command for 127.0.0.1 (or localhost/loopback), will comply with the request 

and initiate a connection to the local machine. This bypasses any sort of firewalling as well 

as gives access to local applications that are only bound to the loopback.\nThe version of 

WebWasher is %L 

Solution: upgrade to version 3.4 or higher. 

CVE-2005-0316 

WebWasher Proxy Server Detection 



questionable.\n\nThe remote host is running WebWasher, an anonymizing web proxy. A 

user accessing this proxy can effectively obfuscate their web traffic to possibly bypass 

Acceptable Use Policies.. 

Solution: Ensure that such a proxy is authorized under corporate policies and guidelines. 




Alt-N WebAdmin < 3.0.3 Multiple Remote Vulnerabilities 


RISK: 

MEDIUM 



is running Alt-N WebAdmin, a web interface to the MDaemon mail server. The remote 

version of this software is vulnerable to a cross-site scripting vulnerability due to a lack of 

filtering on user-supplied input in the file 'useredit_account.wdm' and the file 

'modalframe.wdm'. An attacker may exploit this flaw to steal user credentials. This 

software is also vulnerable to an access bypass vulnerability in the file 

'useredit_account.wdm'. An attacker may exploit this flaw to modify user account 

information. An attacker need a valid email account on the server to exploit both 


Solution: Upgrade to WebAdmin 3.0.3 or higher. 

CVE-2005-0318 

IceWarp Web Mail < 5.3.3 Multiple Vulnerabilities (3) 


RISK: 

MEDIUM 



running IceWarp Web Mail, a webmail solution available for the Microsoft Windows 

platform. The remote version of this software is vulnerable to multiple input validation 

issues that may allow an attacker to compromise the integrity of the remote host. An 

attacker needs a valid account on the webmail to perform an attack. 


CVE-2005-0321 

ngIRCd < 0.8.2 Lists_MakeMask Function Remote Buffer Overflow 



running a version of the ngIRCd service that may be vulnerable to a buffer overflow in the 

way the server handles list names. An attacker may execute code on the remote host by 

using a malicious user information. 

Solution: Upgrade to ngIRCd 0.8.2 or higher. 

CVE-2005-0199 

phpPGAds/phpAdNew < 2.0.2 HTTP Response Splitting 



RISK: 

MEDIUM 



Description: Synopsis :\n\nThe remote host is vulnerable to an HTTP splitting attack.\n\nThere is a flaw 

in the remote phpAdNew/phpPgAds PHP Ads server, a banner management and tracking 

system written in PHP. This version of phpAdNew/phpPgAds is vulnerable to a HTTP 

response splitting vulnerability. An attacker exploiting this flaw would be able to redirect 

users to another site to steal their credentials. 



BitTorrent P2P Protocol Detection 

PVS ID: 2576 FAMILY: Peer-To-Peer File Sharing RISK: LOW NESSUS ID:Not Available 

Description: The remote host is running the BitTorrent P2P protocol. 

Solution: N/A 


BitTorrent P2P Client Detection 


RISK: 

MEDIUM 


Description: The remote host is running the following BitTorrent Peer-to-Peer (P2P) Client: %L \n\n 

BitTorrent is a protocol for exchanging files in a P2P file-sharing network. 

Solution: Ensure that the trading of files over a peer-to-peer network is within the Acceptable Use 

Policy. 


BitTorrent P2P Server Detection 



questionable.\n\nThe remote host is running a BitTorrent Peer-to-Peer (P2P) Server. 

BitTorrent is a protocol for exchanging files in a P2P file sharing network. The BitTorrent 

Server is a system that is offering files for download from BitTorrent Clients. 

Solution: Ensure that the trading of files over a Peer-to-Peer network is within corporate guidelines 

and Acceptable Use Policies. You should further ensure that the BitTorrent Server is not 

trafficking any confidential or copyrighted materials. 


SmarterMail Attachment Upload XSS 




Description: The remote host is running SmarterMail. SmarterMail is a web interface to a mail server. 

This version of SmarterMail is vulnerable to a Cross-Site Scripting (XSS) vulnerability. An 

attacker exploiting this flaw would need to be able to convince a user to click on a 

malicious link. A successful attack would give the attacker the ability to run code within 

the client browser. 


XOOPS Detection 


PVS ID: 2580 FAMILY: CGI RISK: INFO NESSUS ID:Not Available 

Description: The remote host is running XOOPS, a web-portal software written in PHP. 

Solution: Ensure that this application is approved with respect to corporate policies and guidelines. 


Lynx Malformed HTML Tags DoS 


RISK: 

MEDIUM 



remote host is using Lynx as a web browser. The version used is vulnerable to a remote 

attack wherein malformed HTML can cause Lynx to go into an infinite loop. An attacker 

exploiting this flaw would need to be able to convince a user to browse to a malicious 

website. Upon a successful attack, Lynx would take up many resources on the client 

machine, possibly causing a crash in either Lynx or the operating system. The version of 

Lynx is: \n %L 


CVE-2004-1617 

SquirrelMail < 1.4.4 URI Parsing Arbitrary Code Execution 



running SquirrelMail, a webmail system written in PHP. Versions of SquirrelMail prior to 

1.4.4-Stable are vulnerable to a remote buffer overflow within the URI parsing 

functionality of SquirrelMail. An attacker exploiting this flaw would only need to be able to 

send web requests to the vulnerable system. 


CVE-2005-0152 



PostgreSQL < 8.0.1 Multiple Remote Vulnerabilities 


RISK: 

MEDIUM 



remote PostgreSQL server is vulnerable to a number of critical flaws. Some of these flaws 

require an attacker to have a valid account with credentials; however, some of the attacks 

do not require the attacker to have any sort of credentials. 


CVE-2005-0247 

Cisco IDS Plaintext Telnet Service Detection 



manner.\n\nThe remote host is running the Cisco IDS %L \nThe IDS administrator has 

enabled the plaintext telnet service. An attacker sniffing the local network can determine 

the user ID and password required to administer the machine. 

Solution: Ensure that telnet is required in order to administer the machine. 


Newspost < 2.0-r1 socket_getline Function Remote Overflow 


RISK: 

MEDIUM 



using the Newspost NNTP client. Newspost is used to automate the sending of binary files 

to different NNTP servers. There is a flaw in this version of Newspost that would allow the 

operator of a malicious news server to create a buffer overflow within the Newspost client. 

In order to execute this attack, the attacker would need to be able to convince a Newspost 

user to submit a post to the malicious NNTP server. The remote host is running Newspost 

version: %L 

Solution: Upgrade to version 2.0-r1 or higher. 

CVE-2005-0101 

Ventia DeskNow Multiple Remote Vulnerabilities 



RISK: 

MEDIUM 



Description: Synopsis :\n\nThe remote Ventia DeskNow server allows unauthorized access to local files 

and email.\n\nThe remote host is running Ventia DeskNow Mail And Collaboration Server. 

Ventia DeskNow allows multiple users to chat, share files, collaborate and more via a 

central Ventia DeskNow server. There is a flaw with the version of DeskNow that allows 

files to be modified on the local server, email to be tampered with, and other flaws. 


CVE-2005-0332 

Savant Web Server Multiple Remote Overflows 



running Savant Web Server. This version of Savant is vulnerable to a remote overflow due 

to a long user request. An attacker exploiting this flaw would only need to be able to craft a 

query to the web server. 


CVE-2005-0338 

Qualcomm Eudora < 6.2.1 Unspecified Remote Overflows 



remote host is running a version of the Eudora mail client that may be vulnerable to at least 

one remote buffer overflow. 



Mambo Content Server < 4.5.1b Detection Global Variables Overwrite 



authentication.\n\nThe remote host is running the Mambo Content Server, an application 

for generating dynamic content for web servers. The remote application is vulnerable to a 

flaw where remote attacks can overwrite global variables used by the application. In doing 

so, they can alter the way that the application operates, causing a disclosure of information 

or a loss of availability. 

Solution: Upgrade to version 4.5.1b or higher. 




Sunshop < 3.4RC2 index.php search Parameter XSS 


Description: The remote host is running the Sunshop e-commerce shopping cart. This version of 

Sunshop is vulnerable to a remote cross-site scripting (XSS) attack. An attacker 

exploiting this flaw would need to be able to convince a user to click on a malicious 

URL which, when executed, would run potentially malicious code within the client 

browser. 

Solution: Upgrade to version 3.4RC2 or higher. 


ngIRCd < 0.8.3 Log_Resolver() Remote Format String Overflow 



running a version of the ngIRCd service that may\nbe vulnerable to a buffer overflow in the 

way the server handles user-supplied data which is passed to syslog(). 


CVE-2005-0226 

ht://Dig config Parameter XSS 


Description: The remote version of htsearch appears to be vulnerable to a remote Cross-Site 

Scripting (XSS) attack. An attacker exploiting this flaw would need to be able to 

entice a user into clicking on a malicious URL that would contain embedded script 

code designed to exploit trust and execute within the client browser.\nThe remote 

host is running %L 


CVE-2005-0085 

WWWBoard Password File Disclosure 




sensitive files or data.\n\nThe remote host appears to be running WWWBoard. 

WWWBoard is a web-based forum written in Perl. There is a flaw in the default 

configuration of WWWBoard that would allow a remote attacker to retrieve the password 

file. To exploit the flaw, the attacker would only need to be able to request the 

/wwwboard/passwd.txt file. The attacker could then crack the password file and log into the 

machine with enhanced access rights. 


Solution: Upgarde or patch according to vendor recommendations. 

CVE-1999-0953 

RaidenHTTPd < 1.1.31 Crafted Request Remote File Access 



sensitive files or data.\n\nThe remote host is running RaidenHTTPd. RaidenHTTPd is a 

web server that is designed for the Microsoft platform. This version of RaidenHTTPd is 

vulnerable to a flaw where an attacker can read any file on the web server by using the 

header 'Host: localhost'.\nThe remote version of RaidenHTTPd is %L 



3Com 3CServer FTP Server < 2.0 Remote Overflow 


RISK: 

MEDIUM 



vulnerable to several remote overflows. An attacker exploiting these flaws would need to 

be able to log into the FTP server and run standard FTP commands. If anonymous access is 

enabled, the 'Anonymous' account would be sufficient to generate the overflow on the 

remote machine. 


CVE-2005-0277 

BXCP < 0.2.9.8 index.php show Parameter PHP Content Disclosure 



retrieve sensitive files or data.\n\nThe remote host is running BXCP. BXCP is a web 

application which does content management. There is a flaw in this version of 

BXCP that would allow an attacker to view the source code (or content) of any PHP 

script on the system. The flaw is due to how the index.php script handles the 'show' 

parameter. An attacker exploiting this flaw would be able to use a '../../' directory 

traversal syntax within the 'show' parameter, thereby rendering the code of any PHP 

script on the system.\nThe remote host is running BXCP version %L 

Solution: Upgrade to 0.2.9.8 or higher. 




PerlDesk < 2 kb.cgi view Parameter SQL Injection 


Description: The remote host is running PerlDesk, a web-based help desk application\nwritten in 

perl.\n\nThe remote version of this software is vulnerable to several SQL\ninjection 

vulnerabilities that may allow an attacker to execute\narbitrary SQL statements on the 

remote SQL database. 


CVE-2005-0343 

PHP-Fusion viewthread.php Arbitrary Thread Access 



sensitive files or data.\n\nThe remote host is running a version of PHP-Fusion that is 

vulnerable to an information leak via the viewthread.php script. Specifically, 

viewthread.php does not properly sanitize $_GET variables. An attacker exploiting this 

flaw would be able to view all threads (to include protected threads). 


CVE-2005-0345 

MSN Messenger Version Detection 


Description: The remote host is running Microsoft MSN Messenger %L 

Solution: Ensure that you are running the latest version of MSN Messenger. 


MSN Messenger UserID Detection 


Description: The remote host is running Microsoft MSN Messenger. PVS tracks the most recent UserID 

that is logging into the MSN Messenger servers. The UserID used to access MSN 

Messenger is %L 

realtime 

Solution: Ensure that you are running the latest version of MSN Messenger. 




Microsoft Media Player Version Detection 


Description: The remote host is running %L 

Solution: Ensure that you are running the latest version of Microsoft Windows Media Player. 


Microsoft Media Player Version 9 PNG Multiple Vulnerabilities 



running Microsoft Media Player Version 9. There is a flaw in this version of Media Player 

that would allow a remote attacker to potentially execute code on the target host. Exploiting 

this flaw would require that the attacker be able to convince a local user to open an email or 

browse to a malicious URL. 


CVE-2004-1244 

MSN Messenger < 6.2.0205 PNG File Remote Overflow 

PVS ID: 2603 FAMILY: Internet Messengers RISK: HIGH NESSUS ID:16328 

Description: Synopsis : \n\nThe remote host is vulnerable to a buffer overflow.\n\nThe remote 

host is running Microsoft MSN Messenger. There is a flaw in this version of MSN 

Messenger that would allow a remote attacker to potentially execute code on the 

target host. The reported version number is: \n %L 

Solution: Upgrade to MSN Messenger 6.2.0205 or higher. 

CVE-2004-1244 

ArGoSoft FTP Server < 1.4.2.8 Shortcut File Extension Filter Bypass 



is running the ArGoSoft FTP Server.\n\nIt is reported that ArGoSoft FTP Server is prone to 

a vulnerability that\nallows a user to bypass a filter forbidding link upload. An attacker 

\nexploiting this flaw may be able to have read and write access to any\nfiles and 

directories on the FTP server. 

Solution: Upgrade to ArGoSoft FTP 1.4.2.8 or higher. 

CVE-2005-0520 



Policy - RealArcade Gaming Client Detection 



corporate policy.\n\nThe remote host is running RealArcade games on the local system. 

RealArcade is a piece of software that facilitates the downloading or interactive playing of 

computer games. 

Solution: Ensure that such activity is allowed under corporate policies and guidelines. 


ArGoSoft Mail Server < 1.8.7.4 HTML Injection 


RISK: 

MEDIUM 



sensitive files or data.\n\nThe remote host is running the ArGoSoft Mail Server. This 

version of ArGoSoft is prone to several vulnerabilities. Specifically, an attacker can use a 

directory traversal attack to gain access to sensitive data. Further, an attacker can add or 

delete folders. Note: Both of these vulnerabilities would require that the attacker have a 

valid user account. 



GNU Mailman < 2.1.6 Directory Traversal Arbitrary File Access 


RISK: 

MEDIUM 



sensitive files or data\n\nThe remote host is running GNU Mailman, a web based software 

to manage mailing lists. There is a flaw in this version of Mailman that would allow a 

remote attacker to retrieve potentially confidential data. Specifically, the CGI script 

'private.py' does not properly parse user-supplied data and would allow an attacker to read 

any file on the operating system that was readable by the web process. 


CVE-2005-0202 


Apache mod_python < 3.1.4 Information Disclosure 




attacks.\n\nThe remote Apache server is running a version of mod_python that is older than 

3.1.4. This version contains a flaw wherein specially formatted requests can cause 

mod_python to divulge information regarding paths, file locations, and more. An attacker 

can use this flaw in order to gain more information about the machine. 

Solution: Upgrade to mod_python 3.1.4 or higher. 

CVE-2005-0088 

PGP Email Client Detection 

PVS ID: 2609 FAMILY: SMTP Clients RISK: INFO NESSUS ID:Not Available 

Description: The remote host is running PGP. PGP is an encryption software often used in conjunction 

with email. The sending email address is\n%L 

realtime 

Solution: Ensure that the use of PGP is within corporate guidelines. 


Generic Email Client Detection 


Description: Generic check for an email client. 

Solution: N/A 


Generic Email Client Detection 


Description: Generic check for an email client. 

Solution: N/A 


IBM WebSphere JSP Engine Source Disclosure 




sensitive files or data.\n\nThe remote WebSphere web server is vulnerable to an 

information leak. There is a flaw in the JSP engine that would allow a remote 

attacker to view the source code of any of the web server scripts. An attacker 


exploiting this flaw would only need to be able to send HTTP requests to the web 

server. 



AWStats < 6.5 Perl Content-Parsing Code Execution 


RISK: 

MEDIUM 



flaw.\n\nThe remote host is running AWStats, a CGI log analyzer. There are various 

content-parsing flaws in the remote version of this software that would allow an attacker to 

execute code on the remote host. An attacker exploiting this flaw would only need to be 

able to generate HTTP requests to the awstats.pl CGI script. A successful attack would 

allow the attacker to run system commands with the privileges of the CGI script. 

Solution: Upgrade to AWStats 6.5 or higher. 

CVE-2005-1527 

Sympa < 4.1.3 src/queue.c Remote Buffer Overflow 


Description: The remote host is running Sympa. 


CVE-2005-0073 

BEA WebLogic < 8.1.0 SP4 Information Disclosure 

RISK: 

MEDIUM 




attacks.\n\nThe remote host is running BEA WebLogic. This version of WebLogic is 

vulnerable to an information disclosure flaw. Specifically, failed logins yield information 

regarding authentication scheme, validity of user ID, and more. 


CVE-2005-1380 


OpenWebmail openwebmail.pl logindomain Parameter XSS 



Description: The remote host is running OpenWebmail, an open-source perl script that gives remote 

users a web-based interface to email. This version of OpenWebmail is vulnerable to a 

cross-site scripting (XSS) attack. An attacker exploiting this flaw would be need to be able 

to convince a user to click on a malicious URL. Upon successful exploitation, the attacker 

would be able to steal credentials or execute code within the browser. 


CVE-2005-0445 

Brooky CubeCart Multiple Vulnerabilities 



remote host is using Brooky CubeCart, an online storefront application written in PHP. 

This version of CubeCart is vulnerable to a path disclosure and cross-site scripting 

vulnerability. 

Solution: Upgrade to Brooky CubeCart 2.0.5 or higher. 

CVE-2005-0442 

ELOG < 2.5.7 Unspecified Remote Buffer Overflows 


Description: Synopsis :\n\nThe remote host is vulnerable to multiple remote buffer overflows.\n\nThe 

remote server is running ELOG, an open source logbook web application. This version of 

ELOG is reported to be prone to multiple remote overflows. An attacker exploiting these 

alleged flaws would be able to execute code on the remote webserver. 

Solution: Upgrade to ELOG 2.5.7 or higher. 

CVE-2005-0439 

Siteman users.php Remote Buffer Overflow 


RISK: 

MEDIUM 



running Siteman, a web-based content management system. This version of Siteman is 

vulnerable to a remote buffer overflow in the users.php script. An attacker exploiting this 

flaw would be able to gain 'site owner' access. 


CVE-2008-0452 



Sami HTTP Server v1.0.5 Remote Overflow 


RISK: 

MEDIUM 



appears to be running Sami HTTP Server v1.0.5 or older. A vulnerability has been reported 

for Sami HTTP server v1.0.5. An attacker may be capable of corrupting data such as return 

address, and thereby control the execution flow of the program. This may result in denial of 

service or execution of arbitrary code. 



Kayako eSupport Multiple XSS 


RISK: 

MEDIUM 


Description: The remote host is running Kayako eSupport, a web-based support and help desk 

application. This version of Kayako is vulnerable to a Cross-Site Scripting (XSS) attack. 

An attacker exploiting this flaw would need to be able to convince an unsuspecting user to 

visit a malicious website. Upon successful exploitation, the attacker would be able to 

possibly steal credentials or execute browser-side code.\nThe remote host is running %L 

Solution: Upgrade to a version greater than 2.3.1. 

CVE-2005-2463 

BrightStor ARCserve/Enterprise Backup Default Account 



credentials.\n\nThe remote host is running UniversalAgent, an agent used by BrightStor 

ARCserve to perform backups. The remote version of this agent contains a default account 

with the username '\x02root\x03' and password '\x02

services, and more.\nIn addition, according to the version number, the remote host is 

vulnerable to a number of remote overflows. 


CVE-2005-4823 

Lighttpd < 1.3.8 CGI Source Disclosure 


RISK: 

MEDIUM 



sensitive files or data.\n\nThe remote host is running Lighttpd, a small webserver. This 

version of Lighttpd is vulnerable to a flaw where an attacker requesting a CGI script 

appended by a '%00' will be able to read the source of the script. 


CVE-2005-0453 

DCP-Portal < 6.1.2 Multiple SQL Injection 



attack.\n\nThe remote host is running a version of DCP-Portal that is reported prone to a 

remote SQL injection flaw. An attacker exploiting this flaw would be able to execute 

commands, view data, and manipulate data by sending malformed HTTP requests to the 

web server. 


CVE-2005-4227 

PaNews Multiple Injection Vulnerabilities 


Description: The remote host is running PaNews, a news management script\nwritten in PHP.\n\nThis 

version of PaNews is vulnerable to a Cross-Site Scripting (XSS)\nattack.\n\nAn attacker 

exploiting this flaw would need to be able to convince\nan unsuspecting user to visit a 

malicious website. Upon\nsuccessful exploitation, the attacker would be able to 

possibly\nsteal credentials or execute browser-side code.\n\nThe version of PaNews is also 

reported to be prone to several remote SQL and HTML injection attacks. An attacker 

exploiting these flaws would be able to potentially modify and view confidential data. 


CVE-2005-0647 



MercuryBoard < 1.1.3 Multiple Vulnerabilities 



attack.\n\nThe remote host is running MercuryBoard, a web-based Message board\nwritten 

in PHP.\n\nThis version of MercuryBoard is vulnerable to a Cross-Site Scripting 

(XSS)\nattack\n\nAn attacker exploiting this flaw would need to be able to convince\nan 

unsuspecting user to visit a malicious website. Upon\nsuccessful exploitation, the attacker 

would be able to possibly\nsteal credentials or execute browser-side code.\n\nIn addition, 

the remote host is vulnerable to a SQL Injection attack. An attacker exploiting this flaw 

would be able to read data, modify data, or execute commands. 


CVE-2005-0878 

WebCalendar users.php user_valid_crypt Parameter < 1.0.0 SQL Injection 



attack.\n\nThe remote host is running WebCalendar, a web-based calendar management 

program. This version of WebCalendar is vulnerable to a SQL injection attack via the 

user_valid_crypt parameter of the users.php script. An attacker exploiting this flaw would 

be able to read/modify data or execute commands as the web server process. 


CVE-2005-2320 

paFAQ Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote web server contains scripts that are vulnerable to a SQL 

injection attack.\n\nThe remote host is running paFAQ, a web-based 'Frequently 

Asked Questions' (FAQ) generator. This version of paFAQ is vulnerable to a SQL 

injection attack. An attacker exploiting this flaw would be able to read/modify data 

or execute commands as the web server process.\nIn addition, this version of 

paFAQ is vulnerable to a remote cross-site scripting (XSS) flaw as well as a flaw 

within the backup.php script that would allow a remote attacker full access to the 

application database. 


CVE-2005-2014 

Yahoo! Messenger < 6.0.0.1750 Detection 





remote host is running a version of Yahoo Instant Messenger that is reported vulnerable to 

several security flaws. 


CVE-2005-0242 

Gaim < 1.1.3 Multiple DoS Vulnerabilities 


RISK: 

MEDIUM 



remote host appears to be running Gaim, a popular open-source multi-protocol instant 

messenger. It is reported that this version of Gaim is prone to multiple Denial of Service 

(DoS) vulnerabilities that may allow an attacker to disable this client remotely. An attacker 

exploiting this flaw would need to be able to initiate a chat session with the Gaim client. A 

successful exploit would result in the Gaim client crashing. 


CVE-2005-0473 

TrackerCam Multiple Remote Overflows 



running TrackerCam. TrackerCam is a web server that allows remote users to view 

real-time video streams from an attached camera. This version of TrackerCam is vulnerable 

to multiple remote buffer overflows. An attacker exploiting one of these flaws would 

connect to the web server and send a large malformed request. Successful exploitation 

would result in the attacker being able to run arbitrary commands on the web server. 

Solution: Upgrade to a version of TrackerCam higher than 5.12. 

CVE-2005-0482 

Knox Arkeia Network Backup Agent Detection 


Description: The remote host is running Arkea Network Backup agent, an agent system\ndesigned to 

remotely perform backups of the remote host. 





Knox Arkeia Network Backup Server Detection 


Description: The remote host is running Arkeia Network Backup Server. This server is used to 

automatically connect to client machines and retrieve backups on a regular schedule. 



Knox Arkeia Type 77 Request Remote Buffer Overflow 



running Arkea Network Backup agent, an agent system designed to remotely perform 

backups of the remote host. The remote version of this agent contains a buffer overflow 

vulnerability that may allow an attacker to execute arbitrary commands on the remote host 

with the privileges of the Arkeia daemon. 


CVE-2005-0491 

ZeroBoard Multiple Vulnerabilities 



remote host is running ZeroBoard, a web-based bulletin board written in PHP. This version 

of Zeroboard is vulnerable to a cross-site scripting (XSS) flaw as well as a flaw in the 

'preg_replace' function. An attacker exploiting\n these flaws would require that the attacker 

be able to:\n1) convince an unsuspecting user to visit a malicious website\n2) send HTTP 

requests that are parsed by the 'preg_replace' function. Successful exploitation leads to 

arbitrary code execution on the remote system or arbitrary code executing in client 

browsers (after following a malicious URI). 


CVE-2005-1820 

PuTTY < 0.57 SFTP Remote Buffer Overflow 




using a vulnerable version of PuTTY, a SSH client built for Linux and UNIX variants as 

well as Microsoft Windows operating systems. This version of PuTTY does not properly 

handle an integer value passed from the SSH Server during an SFTP connection. An 

attacker exploiting this flaw would need to be able to convince a user to use PuTTY to 


initiate an SFTP connection to a malicious SSH server. Successful exploitation would result 

in PuTTY crashing or possibly executing arbitrary commands. The version of PuTTY 

installed on the remote host is: %L 


CVE-2005-0467 

Mambo Content Server Detection Global Variables Overwrite 



is running the Mambo Content Server, an application for generating dynamic content for 

web servers. The remote application is vulnerable to a flaw where remote attackers can 

upload malicious code. The code can then be executed by simply requesting the code via an 

HTTP session. The specific flaw is within the Tar.php script, which does not properly 

sanitize user-supplied content. Versions of Mambo through 4.5.2.3 are prone to a remote 

'file include' flaw. An attacker exploiting this flaw would be able to specify malicious code 

that would be run by the Mambo server. 

Solution: Upgrade to a version of Mambo higher than 4.5.2. 

CVE-2005-3738 

WebConnect Multiple Remote Vulnerabilities 



is running OpenConnect WebConnect. WebConnect is a web-based graphical user interface 

that gives remote users console access to mainframe, midrange, and Unix systems. 

WebConnect can be used to launch a Java-based telnet console that communicates over the 

HTTP protocol. This version of WebConnect is vulnerable to several remote attacks. The 

impact of the attack ranges from Denial of Service (DoS) to data compromise. An attacker 

exploiting these flaws would only need to be able to send HTTP requests to the web server. 

Successful exploitation would result in compromise of data or loss of availability.\nThe 

remote host is running WebConnect version %L 


CVE-2004-0465 

Curl < 7.13.1 NTLM Stack-based Buffer Overflow 




using a version of curl (or libcurl) that is vulnerable to several remote buffer overflows. To 

exploit this vulnerability, an attacker would have to set up a rogue web server that would 

reply with a malicious NTLM or Kerberos authentication request. Upon successful 


exploitation, the attacker would be able to execute arbitrary commands with the rights of 

the web server. 


CVE-2005-0490 

phpBB < 2.0.12 Path Disclosure / Unauthorized unlink() Function Access 


RISK: 

MEDIUM 



is running phpBB, a web-based forum application written in PHP. There is a flaw in this 

version of phpBB that will allow a remote attacker to disclose paths. This sort of 

information may be useful for further attacks.\nThere is another flaw within the 

usercp_avatar.php script that would allow a remote user to pass arbitrary files to the 

unlink() function. The unlink() function deletes files. A successful attack would delete 

arbitrary files on the web server. 


CVE-2005-0259 

vBulletin < 3.0.7 misc.php PHP Code Injection 


RISK: 

MEDIUM 



host is running a version of vBulletin, a forum application implemented in PHP, that is 

vulnerable to a flaw in the misc.php script. The flaw allows a remote attacker the ability to 

execute PHP code on the server. An attacker exploiting this flaw would pass malformed 

data to the 'template' parameter of the misc.php script. 


CVE-2005-0511 

PBLang Bulletin Board Multiple HTML Injection and XSS 



RISK: 

MEDIUM 



is running PBLang, a bulletin board system written in PHP. This version of PBLang is 

vulnerable to a remote Cross-Site Scripting (XSS) flaw. In addition, this version of PBLang 

is vulnerable to an HTML injection flaw within the pmpshow.php script. An attacker 

exploiting these flaws would be need to be able to convince a user to click on a malicious 

URL. Upon successful exploitation, the attacker would be able to steal credentials or 

execute code within the browser. A third flaw, which does not require user interaction, has 


een discovered with this version of PBLang. Specifically, files outside of the web root 

may be displayed to remote users. This sort of attack is known as a 'directory-traversal' 

attack, and would allow an attacker to craft a remote query such that the returned data 

would contain potentially confidential data (/etc/passwd file, HTTPD configuration files, 

and more.) 


CVE-2005-0630 

ProZilla < 1.3.7.4 Location Header Format String 


Description: Synopsis :\n\nThe remote client is vulnerable to a remote overflow.\n\nThe remote host is 

using Prozilla, a download accelerator for Linux and Unix systems. The remote version of 

this software contains a flaw in the way that it handles server HTTP headers. Specifically, 

Prozilla does not properly handle format strings, which would allow the remote attacker to 

execute arbitrary code on the client (Prozilla) machine. An attacker exploiting this flaw 

would need to be able to convince a user to browse a malicious website. In addition, the 

remote host is reported vulnerable to a remote buffer overflow. The details of this overflow 

have not been made public at this time. 


CVE-2005-2961 

Cyrus IMAPD < 2.2.12 Multiple Remote Overflows 



banner, the remote Cyrus IMAPD server is vulnerable to multiple remote buffer overflow 

attacks. An attacker exploiting these flaws would need to be able to communicate with the 

IMAPD server (usually on TCP port 143). A successful attack would result in the attacker 

executing arbitrary code on the IMAPD server. 


CVE-2005-0546 

Fedora YUM Updater Detection 


Description: The remote host is running Fedora YUM updater. 

Solution: N/A 




Fedora FC3 Yum Updates Detection 


Description: The remote host is running Fedora Linux (Core 3) and is using Yum to keep packages up to 

date. Yum is similar to the RedHat package manager and allows remote users to download, 

verify, and install software and/or patches via the central Fedora servers on the Internet. 

Solution: Ensure that both Yum and auto-patching are desired and supported with respect to existing 

policies and guidelines. 


Fedora FC2 Yum Update Detection 








Fedora FC1 Yum Update Detection 








IDA Pro Software Detection 


Description: The remote client is running the IDA Pro Disassembler Program. This program is used to 

analyze binary files. 

Solution: Ensure that this behavior is authorized for your network and that the version of IDA Pro is 

properly licensed. 




punBB < 1.2.2 Multiple SQL Injection and Authentication Bypass Vulnerabilities 



attack.\n\nThe remote host is running punBB, a web-based bulletin board. punBB works in 

conjunction with a SQL database. This version of punBB is vulnerable to several SQL 

injection flaws as well as an authentication bypass flaw. An attacker exploiting these flaws 

would only need to be able to send HTTP traffic to the web server. A successful SQL 

injection attack would give the attacker the ability to execute commands on the SQL server, 

view data, and modify data. A successful authentication bypass attack would give the 

attacker the ability to perform administrative tasks on the web server. 


CVE-2005-0570 

Firefox < 1.0.1 Multiple Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is missing a critical security patch or upgrade.\n\nThe 

remote host is using Firefox. The remote version of this software contains the following 

security flaws: \n1) There is a flaw in the way that the browser handle scripting within 

'tabbed' cross-domains. An attacker exploiting this flaw would need to be able to coerce a 

user into clicking on a malicious URL which would then open a separate 'TAB' within the 

browser. The attacker could then retrieve data relevant to other tabbed connections or 

execute code locally.\n2)There is a flaw in the default about: config script that would allow 

an attacker to modify configuration data. In order to execute such an attack, the attacker 

would need to be able to entice the user into visiting or clicking on a malicious URL. A 

successful attacker would be able to modify the local configuration file, resulting in 

enhanced access rights or other potential exploits. The reported browser version (as seen on 

the network) is: \n %L 

Solution: Upgrade to Firefox 1.0.1 or higher. 

CVE-2005-0231 

Brooky CubeCart < 2.0.6 settings.inc.php XSS 


Description: The remote host is using Brooky CubeCart, an online storefront application written in PHP. 

This version of CubeCart is vulnerable to a Cross-Site Scripting (XSS) flaw within the 

default parser. An attacker exploiting these flaws would be need to be able to convince a 

user to click on a malicious URL. Upon successful exploitation, the attacker would be able 

to steal credentials or execute code within the browser. 




CVE-2005-0606 

Gaim < 1.1.4 Remote DoS 


RISK: 

MEDIUM 



remote host appears to be running Gaim, a popular open-source multi-protocol instant 

messenger. It is reported that this version of Gaim is prone to a flaw in the way that it 

handles malformed HTML data. An attacker exploiting this flaw would need to be able to 

communicate with a vulnerable GAIM user. Upon successful exploitation, the Gaim client 

would stop responding.\nThere is a second issue with this version of Gaim that is similar to 

the first. Specifically, downloaded files which include bracket characters like '(' or ')' will 

cause the client to crash. 


Gaim Detection 

CVE-2005-0208 


Description: The remote host seems to be running Gaim, a popular open-source multi-protocol instant 

messenger. 

Solution: N/A 


PeerFTP Client Detection 



corporate policy.\n\nThe remote host is running PeerFTP. PeerFTP is a peer-to-peer 

application that utilizes the FTP protocol. PeerFTP is both a client and a server application. 

The remote host is offering files for download as well as downloading files. Further, as the 

host is running PeerFTP version 5, there is a flaw in the way that passwords are stored. All 

passwords are stored locally as plaintext. 


CVE-2005-0517 

BadBlue < 2.60 'GET' Request Remote Overflow 




Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nThe remote BadBlue 

web server has a bug in the way it processes long 'GET' requests. An overly long request 

results in a buffer overflow that would give a remote attacker the abillity to execute 

arbitrary commands as the SYSTEM user. 


CVE-2005-0595 

phpBB < 2.0.13 Cookie Authentication Bypass 



bypassing of authentication.\n\nThe remote host is running phpBB, a 

web-based forum application written in PHP. There is a flaw in this version of 

phpBB that will allow a remote attacker to bypass the login process. 

Specifically, a malformed cookie, when processed by phpBB, will always result 

in a 'true' value. 


CVE-2005-0614 

Policy - WebMod Gaming HTTP Server Detection 


Description: Synopsis :\n\nThe remote host is running software that should be authorized with 

respect to corporate policy.\n\nThe remote host is running WebMod. WebMod is 

a web server that is used in popular online games (such as Half-Life). WebMod is 

the administrative interface to the currently-running game. The existence of 

WebMod indicates that there is a game server currently serving up game 

scenarios. 

Solution: Ensure that this sort of gaming is in alignment with corporate policies and guidelines. 



WebMod < 0.48 HTTP Server 'Content-Length' Heap Overflow 


Description: Synopsis :\n\nThe remote host is vulnerable to a heap overflow.\n\nThe remote 

host is running WebMod. WebMod is a web server that is used in popular online 

games (such as Half-Life). WebMod is the administrative interface to the 

currently-running game. This version of WebMod is vulnerable to a remote heap 

overflow. The flaw is in the way that WebMod handles large 'Content-Length' 

HTTP headers. 



CVE-2005-0608 

FCKeditor with PHPNuke connector.php File Upload 


Description: Synopsis :\n\nThe remote host is vulnerable to a 'file upload' flaw.\n\nThe remote 

host is running FCKeditor plugin for PHPNuke. FCKeditor is a web-based 

document editor. This version of FCKeditor is vulnerable to a flaw in the way that 

it verifies file extensions for file uploads. An attacker exploiting this flaw would be 

able to upload potentially malicious code to the web server that might, under certain 

circumstances, be executable via a remote HTTP request. 


CVE-2005-0613 

PostNuke < 0.760 RC3 Multiple Vulnerabilities 



attack.\n\nThe remote host is running PostNuke version 0.760 RC2 or older. 

These\nversions suffer from several vulnerabilities, among them :\n\n*) SQL injection 

vulnerability in the News, NS-Polls and\nNS-AddStory modules.\n*) SQL injection 

vulnerability in the Downloads module.\n*)Cross-site scripting vulnerabilities in the 

Downloads\nmodule.\n*) Possible path disclosure vulnerability in the News module.\n\nAn 

attacker may use the SQL injection vulnerabilities to obtain the\npassword hash for the 

administrator or to corrupt the \ndatabase used by PostNuke.\n\nExploiting the XSS flaws 

may enable an attacker to inject arbitrary\nscript code into the browser of site 

administrators leading to\ndisclosure of session cookies.\n\nThe remote host is running %L 

Solution: Upgrade to version 0.760 RC3 or higher. 

CVE-2005-0616 

phpCOIN 1.2.1b Multiple Vulnerabilities 




attack.\n\nThe remote host is running phpCOIN version 1.2.1b or older. These\nversions 

suffer from several vulnerabilities, among them :\n\n*) Multiple SQL injection 

vulnerabilities.\nBy calling the 'faq' module with a specially crafted \n'faq_id' parameter or 

the 'pages' or 'site' modules with a \nspecially crafted 'id' parameter, a remote attacker may 

be\nable to manipulate SQL queries used by the program, thereby \nrevealing sensitive 

information or even corrupting the\ndatabase.\n\n*) Multiple cross-site scripting 

vulnerabilities.\nA remote attacker may be able to inject arbitrary code\ninto the 'helpdesk' 

and 'mail' modules as well as the\n'login.php' script by appending it to a valid 


equest.\nSuccessful exploitation may allow an attacker to steal\nauthentication cookies or 

misrepresent site content. 

Solution: Upgrade to phpCOIN 1.2.1b if necessary and then apply the Fix File. 

CVE-2005-0947 

RaidenHTTPd < 1.1.33 Remote Buffer Overflow 



running RaidenHTTPd. RaidenHTTPd is a web server that is designed for the Microsoft 

platform. This version of RaidenHTTPd is vulnerable to a flaw where an attacker can 

execute code as the SYSTEM user. An attacker exploiting this flaw would only need to 

send a URI request that exceeds 524 bytes. 

Solution: Upgrade to RaidenHTTPd 1.1.33 or higher. 


PHPNews < 1.2.5 auth.php path Parameter Remote File Inclusion 


RISK: 

MEDIUM 



remote host is running a version of PHPNews, an open source news\napplication, that has a 

remote file inclusion vulnerability in auth.php. \nBy leveraging this flaw, a attacker can 

cause arbitrary PHP code to be\nexecuted on the remote host using the permissions of the 

web server\nuser. 


CVE-2005-0632 

RealPlayer < 6.0.12.1059 Multiple Remote Overflows 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nThe remote host has 

the RealPlayer software installed.\n\nThere are several flaws in the remote version of this 

software that might allow\nan attacker to execute arbitrary code and delete arbitrary files on 

the remote\nhost.\n\nTo exploit these flaws, an attacker would need to send a malformed 

SMIL or\nWAV file to a user on the remote host and wait for the file to be opened in 

RealPlayer. 


CVE-2005-0455 



Golden FTP Server < 1.93 USER Remote Overflow 



running the Golden FTP Server. This version of Golden FTP is vulnerable to a remote 

buffer overflow when given a long USER name. An attacker exploiting this flaw would be 

able to execute arbitrary commands as the SYSTEM user.\nThe remote version of Golden 

FTP Server is %L 


CVE-2005-0634 

Typo3 < 1.4.2 cmw_linklist SQL Injection 



attack.\n\nThe remote host is running Typo3, a web-based content management system. 

This version of Typo3 is vulnerable to a remote SQL injection attack. An attacker 

exploiting this flaw would send a specially crafted HTTP query to the Typo3 application. 

Successful exploitation would result in leaking of confidential data, modification of data, 

and potentially executing arbitrary commands with the full rights of the web server process. 


CVE-2005-0658 

Squid < 2.5.STABLE10 Set-Cookie Authentication Information Disclosure 


Description: Synopsis :\n\nThe remote host may facilitate the theft of authentication data.\n\nThe remote 

Squid caching proxy, according to its version number,\nis vulnerable to an attack where the 

attacker gains access to Set-Cookie headers for another user. Such an attack would allow 

the attacker to gain access to resources with the credentials of another user. 

Solution: Upgrade to squid 2.5.STABLE10 or higher. 

CVE-2005-1519 

CProxy Directory Traversal Arbitrary File Access / DoS 



RISK: 

MEDIUM 



is running CProxy, a Web/Mail proxy server. This version of CProxy is vulnerable to a 

flaw where a remote attacker can download any file from the server (even outside the 

webroot) by using a '../' type of query. In addition, if the requested file is a .exe which does 


not exist, then the server may crash. At the least, this would cause a Denial of Service 

(DoS) against the service and attached users. 


CVE-2005-0657 

Mozilla < 1.7.6 Multiple Vulnerabilities 



remote host is using Mozilla, a web browser. The remote version of this software contains 

the following security flaws: \n1) There is a flaw in the way that the browser handles 

scripting within 'tabbed' cross-domains. An attacker exploiting this flaw would need to be 

able to convince a user to click on a malicious URL which would then open a separate 

'TAB' within the browser. The attacker could then retrieve data relevant to other tabbed 

connections or execute code locally.\n2)There is a flaw in the default about: config script 

that would allow an attacker to modify configuration data. In order to execute such an 

attack, the attacker would need to be able to entice the user into visiting or clicking on a 

malicious URL. A successful attacker would be able to modify the local configuration file, 

resulting in enhanced access rights or other potential exploits. In addition, there are other 

unconfirmed flaws in Mozilla version 1.7.5 and lower. The reported browser version (as 

seen on the network) is: \n %L 


CVE-2005-0231 

Sylpheed < 1.0.3 Invalid Header Overflow 



running Sylpheed, an email client for Unix and Unix-like operating systems. This version is 

vulnerable to a buffer overflow via invalid headers. Specifically, if a specially crafted email 

message is replied to, a buffer overflow may occur on the local machine. To exploit this, an 

attacker would need to be able to craft an email and entice a local user to both read and 

reply to the email. Successful exploitation would result in the attacker executing arbitrary 

code on the remote client. 



Stadtaus Form Mail < 2.4 formmail.inc.php Remote File Inclusion 



RISK: 

MEDIUM 




flaw.\n\nThe remote host is running the Stadtaus PHP Form Mail script. This script is used 

to send form information to an email address. This version of Form Mail is vulnerable to a 

flaw where incorrect parsing of the script_root parameter of the formmail.inc.php script can 

lead to arbitrary code being sent to the 'include()' function call. A successful attack would 

give the attacker the ability to execute arbitrary code on the target server.\nThe remote host 

is running %L 

Solution: Upgrade to Form Mail 2.4 or higher. 

CVE-2005-0678 

phpBB < 2.0.14 Cookie Authentication Bypass and SQL Injection Vulnerabilities 


RISK: 

MEDIUM 


Description: The remote host is running phpBB, a web-based forum application written in PHP. There is 

a flaw in this version of phpBB that will allow a remote attacker to gain elevated privileges 

due to a flaw in the way that phpBB handles autologin failure. Specifically, when an 

autologin fails, the 'user_id' value is reset, but the 'user_level' value remains the same. A 

successful attack would result in the attacker gaining access to potentially confidential data 

that may aid the attacker in gaining elevated privileges. There is a second flaw within the 

'file_id' parameter of the 'dlman.php' script. Specifically, a failure to properly parse out 

malicious characters leads to a SQL injection vulnerability. An attacker exploiting this flaw 

needs to be able to send HTTP requests to the server. A successful attack would lead to 

reading of data, writing of data, and potentially arbitrary code execution. 


CVE-2005-1026 

phpMyFAQ < 1.6.0 SQL Injection 



attack.\n\nThe remote host is running phpMyFAQ, a web-based 

Frequently-Asked-Questions (FAQ) application. This version of phpMyFAQ is vulnerable 

to a remote SQL injection attack. An attacker exploiting this flaw would send a specially 

crafted HTTP request to the application. Upon parsing the request, the server would be 

coerced into running commands embedded within the request. A successful attack would 

give the attacker the ability to view data, modify data, and potentially execute systems 

commands with the permission of the web server. 


CVE-2005-3049 


CopperExport Plugin < 0.2.1 xp_publish.php SQL Injection 




attack.\n\nThe remote host is running CopperExport, a plug-in for Apple iPhoto and 

CopperMine that allows users to directly export images to a Coppermine gallery. An 

attacker exploiting this flaw would send a specially crafted HTTP request to the 

application. Upon parsing the request, the server would run commands embedded within 

the request. A successful attack would give the attacker the ability to view data, modify 

data, and potentially execute system commands with the permission of the web server. It 

should be noted that the vulnerability is in a CopperExport script that runs on a 

CopperMine server. 


CVE-2005-0697 

Sun WebServer Detection 


Description: Sun WebServer has been detected on the remote system. 

Solution: NONE 


Sun AnswerBook2 < 1.4.5 XSS 


Description: The remote host is running Sun AnswerBook2 web application. This application allows 

users to view and search Sun documentation online. This version of AnswerBook2 is 

vulnerable to a cross-site-scripting (XSS) attack. Exploiting the XSS flaws may enable an 

attacker to inject arbitrary script code into the browser of unsuspecting users. A successful 

attack would potentially allow the attacker the ability to view confidential data (cookies, 

authentication data, and more.) or compromise the integrity of the local system via the web 

browser. 


CVE-2005-0549 


Aztek Forum myadmin.php Admin Authentication Bypass 



bypassing of authentication.\n\nThe remote host is running Aztek Forum, a 

web-based forum. This version of Aztek is reported to be prone to a remote 

attack where administrative access may be usurped via a flaw in the 

myadmin.php script. The details of the vulnerability are, at this time, unknown. 



CVE-2005-0700 

Oracle Database Server UTL_FILE Directory Traversal File Access 


RISK: 

MEDIUM 



sensitive files.\n\nThe remote host appears to be running a vulnerable version of Oracle 

Database Server. An authenticated user can craft SQL queries such that they would be able 

to retrieve any file on the system. An attacker exploiting this flaw would need a valid 

account and would need to be able to connect to the Oracle service (typically on port 2972). 

The attacker would retrieve and/or potentially modify confidential data on the target Oracle 

server. 


CVE-2005-0701 

Yahoo! Messenger < 6.0.0.1921 Multiple DoS 


RISK: 

MEDIUM 



remote host is running a version of Yahoo Instant Messenger that is reported vulnerable to 

a remote buffer overflow. An attacker exploiting this flaw would craft a malicious 'away' 

message and then entice an unsuspecting user to attempt to contact them. When the user 

receives the malicious 'away' message, the overflow would be triggered and code would be 

executed remotely. In addition, this version of Yahoo! Messenger is vulnerable to a remote 

Denial of Service (DoS) attack via a malformed YMSGR: URI. 


CVE-2005-1618 

PHP-Fusion < 5.01 BBcode IMG Tag XSS 




host is running a version of PHP-Fusion which is vulnerable to a script injection flaw. The 

'fusion_core.php' script is reportedly vulnerable to an attack where an attacker can inject 

HTML and script code through the 'BBCode IMG' tag. An attacker exploiting this flaw 

would create a malicious URI link and then convince an unsuspecting user to click on the 

link. A successful attack would yield potentially confidential data (cookies, credentials) as 

well as potentially execute malicious code within the context of the vulnerable server. 



CVE-2005-0692 

XOOPS Arbitrary Avatar File Upload 



remote host is running XOOPS, a web-portal software written in PHP. This version of 

XOOPS is vulnerable to a flaw where remote attackers can upload arbitrary executable 

code and then execute the code via a web request. An attacker exploiting this flaw would be 

able to execute arbitrary code within the context of the web server. 


CVE-2005-0743 

ArGoSoft FTP Server DELE Buffer Overflow 


RISK: 

MEDIUM 



running the ArGoSoft FTP Server. This version of ArGoSoft FTP Server is vulnerable to a 

flaw when parsing a malicious DELE command from an authenticated (or anonymous) 

user. An attacker exploiting this flaw would be able to execute arbitrary code on the remote 

FTP server. 


CVE-2005-0696 

YaBB < 2.1 YaBB.pl username Parameter XSS 


RISK: 

MEDIUM 


Description: The remote host is using the YaBB web forum software. This version of YaBB is 

vulnerable to a cross-site scripting (XSS) attack. Exploiting the XSS flaws may enable an 

attacker to inject arbitrary script code into the browser of unsuspecting users. A successful 

attack would potentially allow the attacker the ability to view confidential data (cookies, 

authentication data, and more.) or compromise the integrity of the local system via the web 

browser. 

Solution: Upgrade to YaBB 2.1 or higher. 

CVE-2005-0741 


paFileDB < 3.2 XSS and SQL Injection Vulnerabilities 




attack.\n\nPHP Arena paFileDB is a web application that is used to manage files. This 

version of paFileDB is vulnerable to a remote cross-site-scripting (XSS) flaw. Exploiting 

the flaw may enable an attacker to inject arbitrary script code into the browser of 

unsuspecting users. A successful attack would potentially allow the attacker the ability to 

view confidential data (cookies, authentication data, and more) or compromise the integrity 

of the local system via the web browser. The version of paFileDB is also vulnerable to a 

remote SQL injection attack. An attacker exploiting this flaw would only need to be able to 

send a query to the 'viewall.php' or 'category.php' script. A successful exploit would give 

the attacker the ability to read or write confidential data as well as potentially execute 

arbitrary commands on the remote web server. 


CVE-2005-0782 

NewsScript Content Management Admin Authentication Bypass 


RISK: 

MEDIUM 



application.\n\nThe remote host is running the NewsScript.co.uk news content management 

system. NewsScript is a perl script that manages news items and present them in an HTML 

format. There have been flaws in previous versions of NewsScript. You should manually 

check whether or not the application is vulnerable. 


CVE-2005-0735 

CA License Service Multiple Vulnerabilities 



running the Computer Associate License Application.\n\nThe remote version of this 

software is vulnerable to several flaws that\nmay allow a remote attacker to execute 

arbitrary code on the remote host\nwith the SYSTEM privileges. 


CVE-2005-0583 

CA License Service Client Detection 




Description: The remote client is running the Computer Associate License Application. 

Solution: N/A 


CA License Service Detection 


Description: The remote server is running the Computer Associate License Application. 

Solution: N/A 


CA License Service Detection 


Description: The remote server is running the Computer Associate License Application. 

Solution: N/A 


Zorum < 3.6.0 Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote web server contains a PHP application that is affected by 

numerous flaws. The remote host is running Zorum, an open-source electronic forum 

written in PHP. The version of Zorum installed on the remote host is prone to several 

vulnerabilities. Namely:\n\nAn attacker can execute arbitrary shell commands by means of 

specially-crafted arguments to the 'argv[1]' parameter of the 'gorum/prod.php' script 

provided that PHP's 'register_globals' setting is enabled and 'register_argc_argv' is 

disabled.\n\nAn attacker can adjust the 'id' parameter to the 'index.php' script after 

authentication, setting it to that of another currently authenticated user to gain their 

privileges.\n\nAn attacker can insert SQL code in the 'Search in messages created by user' 

box as well as the 'rollid' parameter to trigger an SQL error and possibly manipulate SQL 

queries if PHP's 'magic_quotes' is disabled.\n\nThe 'list', 'method', and 'frommethod' 

parameters of the 'index.php' script are not sanitized properly, allowing a remote attacker to 

inject arbitrary HTML or script code in a user's browser in the context of the affected web 

site, resulting in theft of authentication data or other such attacks. 


CVE-2005-4619 

Active WebCam < 5.6 Multiple Vulnerabilities 




RISK: 

MEDIUM 



is running Active WebCam, a Java program that displays real-time video camera images 

over the Internet. This version of Active WebCam is vulnerable to several flaws. 

Specifically, it is reported that Active WebCam reveals path information and file name 

location (within debugging information). It is also reported that requesting a URI like 

'http://www.somesite.com/A:\a.txt' leads to a Denial of Service (DoS) condition on the 

remote application. 


CVE-2005-0734 

PhotoPost Multiple Vulnerabilities 



host is running PhotoPost, a web-based image gallery written in PHP. This version of 

PhotoPost is reported to be vulnerable to multiple flaws. Specifically, the host is reported 

vulnerable to an access validation flaw within the 'adm-photo.php' script. An attacker 

exploiting this flaw would be able to upload images under the context of another user. The 

second flaw is a Cross-Site Scripting (XSS) vulnerability. Exploiting the XSS flaw may 

enable an attacker to inject arbitrary script code into the browser of unsuspecting users. A 

successful attack would potentially allow the attacker the ability to view confidential data 

(cookies, authentication data, and more) or compromise the integrity of the local system via 

the web browser. 

Solution: Upgrade to a version of PhotoPost greater than 5.00 Release Candidate 3. 

CVE-2005-1629 

Ipswitch IMail < 8.15 Hotfix 1 IMAP EXAMINE Argument Buffer Overflow 



running a version of the Ipswitch Collaboration\nSuite / Ipswitch IMail IMAP server that is 

prone to a buffer overflow\nwhen processing an EXAMINE command with a long 

argument.\nSpecifically, if an authenticated attacker sends an EXAMINE command\nwith 

a malformed mailbox name of 259 bytes, the attacker will overwrite the\nsaved stack frame 

pointer and potentially gain control of process\nexecution. 

Solution: Apply IMail Server 8.15 Hotfix 1 (February 3, 2005) or upgrade to a version greater 

than 8.15 when it becomes available. 

CVE-2005-0707 



MySQL Multiple Vulnerabilities 


RISK: 

MEDIUM 



is running a version of MySQL that is older than version 4.0.24. This version of MySQL is 

vulnerable to multiple remote attacks. Specifically\n1) The MySQL is vulnerable to a flaw 

where the database temporary files are world-writeable and use a common name syntax. An 

attacker may be able to guess a file name and inject data into the temp file.\n2) 

Authenticated users that have 'CREATE TEMPORARY TABLE' privileges will be able to 

corrupt MySQL files with the privileges of the MySQL process\n3) Authenticated users 

with the 'INSERT' and 'DELETE' privileges may be able to escalate their database rights 

due to an input validation error in MySQL\n4) Authenticated users that have 'INSERT' and 

'DELETE' privileges may also abuse the 'CREATE FUNCTION' statement in order to gain 

access to restricted data structures. 

Solution: Upgrade to version 4.0.24, 4.1.10a or higher. 

CVE-2005-0710 

Xerox Document Centre Denial of Service (DoS) 



remote host is running Xerox Document Centre, an administrative, web-based GUI to a 

Xerox device. This version is reportedly prone to a remote Denial of Service (DoS) attack. 

An attacker exploiting this flaw would only need to be able to send malformed HTTP 

requests to the web interface of the printer. A successful attack would result in a loss of 

availability to the users of the printer. 



Xerox Document Centre Authentication Bypass 



authentication.\n\nThe remote host is running Xerox Document Centre, an administrative, 

web-based GUI to a Xerox device. This version is reportedly prone to a remote 

authentication bypass attack. While there are no details currently available, it is believed 

that remote anonymous users may be able to subvert the authentication mechanism in such 

a way as to gain administrative access to all or portions of the web server. 


CVE-2005-1936 



UBB.threads < 6.5.1.1 editpost.php SQL Injection 


Description: Synopsis :\n\nThe remote host is vulnerable to a SQL injection attack.\n\nThe remote host 

is running a version of UBB.threads that fails to sufficiently sanitize the 'Number' 

parameter before using it in SQL queries in the editpost.php script. As a result, a remote 

attacker can pass malicious input to database queries, potentially resulting in data exposure, 

modification of the query logic, or even data modification or attacks against the database 

itself. 

Solution: Upgrade to UBB.threads version 6.5.1.1 or higher. 

CVE-2005-0726 

PlatinumFTP Server < 2.0 Remote Format String DoS 


RISK: 

MEDIUM 



remote host is running PlatinumFTP Server. The remote server is vulnerable to a remote 

Denial of Service (DoS) attack. Specifically, a remote user attempting to authenticate 50+ 

times with a user ID that includes '\\' will cause the server to fail. A successful attack would 

render the FTP server useless for valid users. 


CVE-2005-0779 

Apache Tomcat AJP12 Protocol Remote DoS 


RISK: 

MEDIUM 



be possible to freeze or crash the remote Tomcat web server by sending a specially crafted 

HTTP request. An attacker exploiting this flaw would only need to be able to send HTTP 

requests to the server. Successful exploitation would result in the web server being made 

unavailable to valid users. 


CVE-2005-0808 

PHP-Nuke paBox Module Hidden Parameter XSS 



RISK: 

MEDIUM 




host is running paBox, a web application written in PHP. This version of paBox is 

vulnerable to a remote HTML/script injection flaw. An attacker exploiting this flaw would 

only need to be able to send HTTP requests to the vulnerable application. A successful 

exploit would result in potential theft of confidential data (configuration data, browser 

cookies, and more) or browser-side code execution. 


CVE-2005-0674 

Mozilla Thunderbird < 1.0.2 Multiple Vulnerabilities 

PVS ID: 2703 FAMILY: SMTP Clients RISK: HIGH NESSUS ID:17605 


running a vulnerable version of Mozilla Thunderbird mail client. It is reported that this 

version of Mozilla or Mozilla Thunderbird is vulnerable to a flaw where embedded HTML 

tagging allows a remote attacker to spoof the 'Save as' dialog box and convince an 

unsuspecting user in download a malicious file. An attacker exploiting this flaw would 

need to be able to convince a remote user to click on a malicious link. Successful 

exploitation would result in malicious code being downloaded onto the client 

machine.\nSecondly, The remote version of this software is vulnerable to a heap overflow 

vulnerability when it processes GIF images. An attacker may exploit this flaw to execute 

arbitrary code on the remote host. To exploit this flaw, an attacker would need to send a 

malformed GIF image to a victim on the remote host and wait for him or her to open it. 


CVE-2005-0399 

Mozilla Firefox < 1.0.2 Multiple Vulnerabilities 


RISK: 

MEDIUM 



remote host is using Firefox. The remote version of this software contains multiple security 

flaws that can be exploited by a malicious website. An attacker exploiting one of these 

flaws would need to be able to either convince a remote user to visit a malicious website or 

convince the remote user to open an HTML email and save an attachment.\nIn addition, 

this version is vulnerable to a remote flaw that could result in arbitrary code execution. 

Specifically, if a malicious web page is bookmarked as a sidebar panel, the malicious page 

may open and inject code into privileged pages. An attacker exploiting this flaw would 

need to be able to convince a user to both visit and bookmark their malicious web page. 

The reported browser version (as seen on the network) is: \n %L 


CVE-2005-0402 



Phorum < 5.0.15 HTML Injection 


RISK: 

MEDIUM 



host is running Phorum, a web-based content management system written in PHP. This 

version of Phorum is vulnerable to a remote HTML injection flaw. An attacker exploiting 

this flaw would only need to be able to send HTTP requests to the vulnerable application. A 

successful exploit would result in potential theft of confidential data (configuration data, 

browser cookies, and more) or browser-side code execution.\nIn addition, the version of 

Phorum installed on the remote host does not properly sanitize input used in the Location 

response header. An attacker can exploit this flaw with a specially-crafted request to inject 

malicious code into HTTP headers, which may allow execution of arbitrary HTML and 

script code in a user's browser within the context of the remote host. 


CVE-2005-0784 

SimpGB < 1.35.2 guestbook.php quote Parameter SQL Injection 



attack.\n\nThe remote host is running SimpGB, a web-based guestbook application. This 

version of SimpGB is vulnerable to a remote SQL injection flaw. An attacker exploiting 

this flaw would only need to be able to send a malformed query to the 'quote' parameter of 

the 'guestbook.php' application. A successful exploit would give the attacker the ability to 

read or write confidential data as well as potentially execute arbitrary commands on the 

remote web server. 


CVE-2005-0786 

Cricket Network Monitor Detection 



attacks.\n\nThe remote host is running Cricket, a tool for mapping and displaying network 

information. An attacker happening upon an installation of Cricket will be able to gain 

much information regarding the next phase of their attack. Cricket typically displays 

detailed information regarding networking equipment, connections, latency, average 

bandwidth, revision, uptime, etc.\nThe remote host is running %L 

Solution: Ensure that Cricket is not available to anonymous users. 




Dell Remote Access Controller Detection 



attacks.\n\nThe remote host is running the Dell Remote Access Controller, a web-based 

management interface for Dell devices. A remote user (or administrator) can, with 

credentials, control the machine from within their web browser. 

Solution: Ensure that this application is in alignment with existing corporate policies and guidelines. 

If the application is not required, disable the service. 


eMule Peer-To-Peer File Sharing Server Detection 



corporate policy.\n\nThe remote host is running eMule, a Peer-To-Peer File Sharing 

software that allows for uploading and downloading of files. \nFor your information, the 

remote host is running %L 

Solution: Ensure that this application is in alignment with corporate policies and guidelines. 


LimeWire < 4.8.0 Directory Traversal Arbitrary File Access 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote client is vulnerable to an arbitrary file download flaw.\n\nThe 

remote host is running LimeWire, a Gnutella client used for peer-to-peer file sharing. The 

host is running a version of Limewire that is vulnerable to a remote exploit via a parsing 

error. An attacker exploiting this flaw would pass the client a specially formatted request 

which, when processed, would give the attacker the ability to download any file on the 

Gnutella client. 


CVE-2005-0789 


phpPGAds/phpAdNew < 2.0.5 adframe.php refresh Parameter XSS 


Description: There is a flaw in the remote phpAdNew/phpPgAds PHP Ads server, a banner management 

and tracking\nsystem written in PHP.\n\nThis version of phpAdNew is vulnerable to a 

Cross-Site Scripting (XSS)\nvulnerability.\nAn attacker exploiting this flaw would be able 

steal potentially confidential\ninformation (such as cookies) or execute malicious code 


within\nthe client browser. 


CVE-2005-0791 

IBM WebSphere 'ResetPassword' Information Disclosure 



attacks.\n\nThe remote WebSphere webserver is vulnerable to an information leak. There is 

a flaw in the default ResetPassword form that would allow a remote attacker to obtain 

potentially confidential data (such as UserID) within the web server cache. An attacker 

exploiting this flaw would only need to be able to browse to the affected system and view 

the confidential data within the form source code. 



Ximian Evolution < 2.0.4 Content-Parsing DoS 


RISK: 

MEDIUM 



remote host is running a version of the Ximian Evolution email client that does not properly 

validate malformed Unicode messages. By processing a malformed message, the client will 

crash. 



Jetty < 4.2.19 HttpRequest.java Content-Length DoS 


RISK: 

MEDIUM 



remote host is running Jetty, a Java web server that can be downloaded off the Internet and 

is currently bundled with some IBM applications. This version of Jetty is vulnerable to a 

remote Denial of Service (DoS) attack. An attacker exploiting this flaw would be able to 

render the web server unavailable. 


CVE-2004-2381 



punBB < 1.2.5 Multiple SQL Injection and Authentication Bypass Vulnerabilities 


RISK: 

MEDIUM 



host is running punBB, a web-based bulletin board. This version of punBB ( %L ) is 

vulnerable to multiple remote HTML injection attacks. Specifically, failure to correctly 

parse the 'email' and 'Jabber' variables of the profile page leads to a condition where 

attackers can insert bogus HTTP headers and content into a client browser session. In order 

to affect such an attack, the attacker would typically need to be able to entice a remote user 

into perusing a malicious URI. A successful attack would lead to a loss of confidential data 

(such as authentication or state cookies) or the execution of malicious code within the 

browser. 


CVE-2005-0818 

Lysator < 2.0.1 LSH Unspecified Remote DoS 


RISK: 

MEDIUM 



remote host is running Lysator's LSH, a version of Secure Shell (SSH) that is available for 

Unix-like platforms. This version of LSH is reported vulnerable to a Denial of Service 

(DoS) attack. 

Solution: Upgrade to version 2.0.1 of LSH (when available). 


MailEnable < 1.8.1 mailto Remote Format String Overflow 



host is running a version of MailEnable Professional which is reported to be prone to a 

remote format string vulnerability. Specifically, the application fails to properly parse the 

SMTP 'mailto:' request. An attacker exploiting this flaw would send a malformed query to 

the server which, upon being parsed, would either crash the remote host or possibly execute 

arbitrary commands on the remote host. 


CVE-2005-1015 

Looking Glass Network Tool Detection 


PVS ID: 2718 FAMILY: Policy NESSUS ID:Not Available 


RISK: 

MEDIUM 


corporate policy.\n\nThe remote host is running Looking Glass, a tool for performing 

rudimentary router functions via a web interface. If available to anonymous users, this 

application can give away information that would enable an attacker to perform more 

sophisticated (or targeted) attacks against internal networks or specific networking 

equipment. 

Solution: Either disable or protect (with ACLs) the web application from anonymous, 

unauthenticated users. 


NTOP Network Tool Detection 



attacks.\n\nThe remote host is running NTOP, a tool for viewing network configuration, 

usage, statistics, protocols, and much more via a web interface. If available to anonymous 

users, this application can give away information that would enable an attacker to perform 

more sophisticated (or targeted) attacks against internal networks or specific 

internetworking equipment. 

Solution: Either disable or protect (with ACLs) the web application from anonymous, 

unauthenticated users. 


NTOP Multiple Vulnerabilities 



remote host is running NTOP, a tool for viewing network configuration, usage, statistics, 

protocols, and much more via a web interface. This version of NTOP is reported to be 

prone to at least four (4) vulnerabilities. An attacker exploiting these flaws would be able to 

execute arbitrary code on the target server. 


CVE-2000-0706 

ZoneAlarm < 5.5.062.011 Multiple Vulnerabilities 




Description: Synopsis :\n\nThe remote host is running an application that is vulnerable to multiple 

flaws.\n\nThe remote host is running ZoneAlarm, a personal firewall for the Windows 

platform. The client is running a version of ZoneAlarm that is less than 5.5.062.011. This 

version of Zonealarm is prone to at least one vulnerability that could, if exploited, damage 

the integrity of the firewall. 


ZoneAlarm Detection 

CVE-2005-0114 


Description: The remote host is running ZoneAlarm, a personal firewall for the Windows platform. 

Solution: Ensure that you are running the latest version of Zonealarm and that Zonealarm is 

supported with respect to corporate policies and guidelines. 


RunCMS highlight.php Information Disclosure 



attacks.\n\nThe remote host is running RunCMS, a web-based messaging system. This 

version of RunCMS is vulnerable to a remote information disclosure flaw. Specifically, a 

malformed query to the highlight.php script can result in RunCMS sending back 

confidential database information. This information could include user IDs and passwords. 

An attacker exploiting this flaw would need to have knowledge regarding the installation 

path of the RunCMS program. A successful exploit would result in the loss of confidential 

data. 


CVE-2005-0828 

Icecast Multiple Vulnerabilities 



RISK: 

MEDIUM 



is running a vulnerable version of Icecast, an open-source streaming server. This version is 

reported prone to at least two (2) remote attacks. The first attack involves a content-parsing 

flaw within the XSL parser. An attacker exploiting this flaw would need to be able to 

convince an administrator into downloading and installing a malicious XSL file. The 

second attack allows a remote attacker to download source code by appending a '.' to a 

request to a XSL resource. An attacker exploiting this second flaw would only need to be 

able to send queries to the Icecast server. Successful exploitation would result in the 


potential leaking of confidential data which may lead to a more sophisticated future attack. 


CVE-2005-0837 

CoolForum SQL and XSS Vulnerabilities 


RISK: 

MEDIUM 



attack.\n\nThe remote host is running CoolForum, a bulletin board written in PHP. This 

version of CoolForum is vulnerable to at least two (2) remote attacks. Specifically, a SQL 

injection attack affects the 'entete.php' and 'register.php' scripts. An attacker exploiting 

these flaws would send a malformed query to the questionable scripts. A successful exploit 

would result in the reading and writing of confidential data. In addition, the attacker may be 

able to execute arbitrary code on the remote webserver.\n\nMultiple HTML injection and 

Cross-Site Scripting (XSS) flaws have also been reported to exist within this version of 

CoolForum. An attacker exploiting these flaws would typically need to be able to convince 

a user to browse a malicious URI. A successful attack would result in the theft of 

potentially confidential client data (cookies, authentication credentials, and more) or 

malicious code being executed within the client browser. 


CVE-2005-0857 

PHP-Fusion < 5.0.2 setuser.php HTML Injection Vulnerability 



host is running a version of PHP-Fusion that is vulnerable to an HTML injection flaw. 

Specifically, the setuser.php script fails to properly sanitize input data via the 'user_name' 

and 'user_pass' parameters. An attacker exploiting this flaw would typically need to be able 

to convince a remote user to browse to a malicious URI. A successful attack would yield 

potentially confidential data (cookies, credentials) as well as potentially execute malicious 

code within the context of the vulnerable server. 



Panasonic Camera Detection 



RISK: 

MEDIUM 



Description: Synopsis :\n\nThe remote host is a network-based camera.\n\nThe remote host is running a 

network-based Panasonic cameras. Such cameras are easy to install, do not require a server, 

and can be remotely administered via a web GUI. By default, anonymous users can connect 

to the camera and control the camera view, grab stillshot images, and more. 

Solution: Ensure that the use of the camera is in keeping with corporate policies and guidelines. 

Further, ensure that there is no violation of confidentiality or privacy with respect to the 

placement of the camera. 


MOBOTIX AG Camera Detection 


RISK: 

MEDIUM 



network-based MOBOTIX camera. Such cameras are easy to install, do not require a 

server, and can be remotely administered via a web GUI. By default, anonymous users can 

connect to the camera and control the camera view, grab stillshot images, and more. 




AXIS Camera Detection 



RISK: 

MEDIUM 



network-based AXIS camera. Such cameras are easy to install, do not require a server, and 

can be remotely administered via a web GUI. By default, anonymous users can connect to 

the camera and control the camera view, grab stillshot images, and more. 









remote host is missing Security Update 2005-003. This security update contains a number 

of enhancements for the following programs :\n\n - AFP Server\n - Bluetooth Setup 

Assistant\n - Core Foundation\n - Cyrus IMAP\n - Cyrus SASL\n - Folder Permissions\n - 


Mailman\n - Safari\n 



Novell GroupWise WebAccess Detection 


Description: The remote host is running the Novell GroupWise WebAccess application. This application 

allows remote users to access their Novell email via a web application. 

Solution: Ensure that this application is authorized and properly protected. 


Novell NetWare Management Portal Information Disclosure 



attacks.\n\nThe remote host is running Novell NetWare Management Portal. The portal is 

used to allow remote login and administrative functions. An attacker can use this 

application to gain information regarding system status, local files, user accounts, and 

more. In addition, the portal can be used as a brute-force entry point for guessing user IDs 

and passwords. 

Solution: Ensure that the application is not available to anonymous users. 


SAP Internet Transaction Server Version Detection 


Description: The remote host is running SAP Internet Transaction Server %L.\nThis is a web application 

that allows remote users to access SAP resources via the Web. 

Solution: Ensure that the application is protected from anonymous users. 



Policy - TeamSpeak Online Gaming VoIP Server Detection 



corporate policy.\n\nThe remote host is running a TeamSpeak Voice Over IP (VoIP) server. 

This server typically runs in conjunction with network-based gaming. TeamSpeak allows 

game players to chat amongst each other while playing. 


Solution: Ensure that TeamSpeak and related applications are sanctioned with respect to Corporate 

Policy. 


UserMin Remote Access Detection 


Description: Synopsis :\n\nThe remote host is running a web-based administrative interface.\n\nThe 

remote server is running UserMin, a web-based administration application that allows 

remote users to control the server remotely. 

Solution: Ensure that UserMin is running in compliance with existing corporate policies and 

guidelines. 


WebSTAR Mail Detection 


Description: The remote host is running WebSTAR MAIL %L, a mail server for Mac OS X that offers 

services via a Web interface. 

Solution: Ensure that you are running the latest version of WebSTAR. 


WebSTAR Mail < 5.4.0 Multiple Vulnerabilities 



remote host is running WebSTAR Mail, a mail server for Mac OS X that offers services via 

a Web interface. This version of WebSTAR is vulnerable to many attack vectors that could 

impact the confidentiality, availability, or integrity of the machine and its data. 



FileZilla FTP Server < 0.9.6 Multiple DoS 



Description: Synopsis :\n\nThe remote host is vulnerable to multiple attack vectors (remote and 

local).\n\nThe remote host is running the FileZilla FTP server. There is a flaw in the remote 

version of this software that may allow an authenticated attacker to crash the remote host 

by requesting DOS devices (CON, NUL, etc.) or by misusing the zlib compression mode. 


In addition, there is a local client flaw within the FileZilla server component. A local user 

on the FileZilla server who is enticed to initiate an FTP connection to a malicious server 

can be exploited. 


CVE-2005-0850 

NetWin SurgeMail < 3.0.0c2 Multiple Remote Unspecified Vulnerabilities 



remote host is running NetWin SurgeMail, a mail server application. The remote version of 

this software is vulnerable to multiple unspecified vulnerabilities that have been disclosed 

by the vendor. 

Solution: Upgrade to NetWin SurgeMail 3.0.0c2 or higher. 


DeleGate < 8.11.1 Multiple Remote Overflows 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nDelegate is reportedly 

vulnerable to a stack-based buffer overflow that may allow for the execution of arbitrary 

code. The details of this vulnerability are not known at this time. 


CVE-2005-0861 

Sun Cobalt RAQ Server Detection 



attacks.\n\nThe remote server is running the Sun Cobalt RaQ appliance. The web-based 

administrative access is enabled and functioning. An attacker can use the web interface to 

brute force login credentials off of the appliance. 

Solution: Ensure that the administrative interface is only available to internal (non-Internet) 

browsers. 


Endymion MailMan Detection 



RISK: 

MEDIUM 




attacks.\n\nThe remote host is running the Endymion MailMan application. This 

application allows remote users to access their email via a web interface. There have been 

many flaws found in the mailman.cgi perl script. In addition, the current features of 

Mailman allow it to be used as a remote attack tool. As Mailman takes Username, 

Password, and Server as arguments for login, it is possible to use Mailman as a POP3 

scanner and/or brute-force password scanner. For example, an attacker could automate an 

attack against internal POP3 accounts by simply bouncing the attack through an instance of 

Mailman in the DMZ. An attacker without access to the internal network would still be able 

to brute-force valid accounts simply by using Mailman to identify internal POP3 servers 

and then bouncing the attack through Mailman. 

Solution: Ensure that this application is authorized and properly protected. 


Network Query Tool Detection 


RISK: 

MEDIUM 



attacks.\n\nThe remote host is running the Network Query Tool CGI script. This script 

allows anonymous, remote users to perform port scans, whois, DNS queries, ping, 

traceroute, and more via a web interface. An attacker coming upon this application would 

be able to use the script to perform discovery scanning against any range of addresses. This 

would include, but not be limited to, internal IP ranges. 

Solution: Ensure that this application is valid with respect to corporate policies and guidelines. If the 

application is required, consider using Access Control Lists (ACLs) or other security 

measures to block unauthorized usage. 


Apache < 2.0.50 Input Header Folding and mod_ssl DoS 


RISK: 

MEDIUM 



remote host is using a version of the Apache web server that is less than 2.0.50. This 

version is vulnerable to two (2) remote Denial of Service (DoS) attacks. The first issue 

stems from a failure to properly manage memory and could lead to the consumption of 

massive amounts of memory and, alledgedly,a potential heap overflow. The second issue 

stems from mod_ssl's inability to handle sessions that terminate before any bytes of data 

have been sent. This second flaw results in a memory violation that leads to a loss of 

availability to valid users. 




CVE-2004-0493 

Vortex Portal Content Management System Multiple Remote File Inclusion 



is running %L , a content-management system for gaming. This version of Vortex is 

vulnerable to an 'include' file injection attack. Specifically, the 'act' variable of 'content.php' 

and 'index.php' is not properly sanitized by the Vortex application. An attacker exploiting 

this flaw would be able to include arbitrary malicious code within a URI. The attacker 

would then need to be able to convince a client to browse to the URI. A successful attack 

would result in the client browser executing malicious code within the context of the 

Vortex application. 

Solution: Ensure that this application is allowed within corporate policies and guidelines. 

CVE-2005-0879 

WU-FTPD FTP Server File Globbing Remote DoS 



remote host is running a WU-FTPD FTP server. This version of WU-FTPD is vulnerable to 

a remote Denial of Service (DoS). Specifically, by sending a LIST request with many '*' 

characters causes the remote server to crash. This introduces a risk to availability. 


CVE-2005-0256 

XMB Forum < 1.9.8 SQL Injection and XSS Vulnerabilities 



is running XMB Forum. There is flaw in the version this host is using that may allow an 

attacker to perform a cross-site scripting attack against this host. An attacker exploiting this 

flaw would need to be able to convince a user to browse a malicious URI. Successful 

exploitation would result in a potential loss of confidential data (cookies, authentication 

credentials, and more.).\n\nIn addition, there is a flaw in the way that XMB handles 

user-supplied data sent to the 'u2u.inc.php' script. An attacker sending malformed queries 

can inject SQL commands that are executed on the database server. This can lead to the 

reading or writing of data and, in some cases, the attacker can execute arbitrary system 

commands. 


CVE-2005-0885 



phpSysInfo < 2.5 Multiple Script XSS 


RISK: 

MEDIUM 



remote host is running phpSysInfo, a PHP script that monitors and reports on local *nix 

system resources utilization. This version of phpSysInfo is vulnerable to a remote 

Cross-Site Scripting attack. An attacker exploiting this flaw would need to be able to 

convince a user to browse a malicious URI. Successful exploitation could lead to a loss of 

integrity as code would be executed by the browser within the security context of the 

vulnerable web site. 


CVE-2005-3348 

Trillian HTTP-parsing Remote Overflow 



running Trillian, a chat client. This version of Trillian is reported vulnerable to a remote 

overflow. While the details of the vulnerability are not known, the security risk is either a 

denial of service (availability) or remote code execution (integrity). 



Windows 2003 Server Detection 

PVS ID: 2750 FAMILY: Operating System Detection RISK: NONE NESSUS ID:Not Available 

Description: The remote host is running Windows 2003 Server. According to the update request, the 

exact version of Windows 2003 server is: %L 

Solution: N/A 


Windows 2000 Server Detection (No Service Pack) 


Description: The remote host is running Windows 2000 Server with no Service Pack applied. PVS has 

made this determination based on an update request. The following request was observed: 

%L 

Solution: Upgrade to Windows 2000 SP4. 




Windows 2000 SP1 Detection 


Description: The remote host is running Windows 2000 SP1. 















Description: The remote host is running Windows 2000 Server SP4. 

Solution: N/A 


Windows XP (No Service Pack) Detection 


Description: The remote host is running Windows XP with no Service Pack applied. PVS has 

determined this by observing the following request sent to windowsupdate.microsoft.com: 

\n %L 

Solution: Upgrade to Windows XP SP3. 




Windows XP SP1 Detection 


Description: The remote host is running Windows XP SP1. 





Description: The remote host is running Windows XP SP2. 



Media Server Type Detection 

PVS ID: 2759 FAMILY: Generic RISK: NONE NESSUS ID:Not Available 

Description: A media server is running on this port : %L 

Solution: N/A 


Media Server Type (RTP) Detection 


Description: A media server is running on this port : %L 

Solution: N/A 


Apple QuickTime Streaming Server Detection 



Description: The remote host is running Apple QuickTime Streaming Server version: \n %L . 

Solution: Ensure that you are running the latest version of QTSS. 



Apple QuickTime Server < 4.1.3 Multiple Vulnerabilities 


RISK: 

MEDIUM 



is running the Apple Quicktime Streaming Server. This version is vulnerable to an 

information disclosure bug. Specifically, the parse_xml.cgi script can be coerced into 

giving away local system information (path, file name, and more). Such information can 

aid an attacker in more sophisticated attacks. A second flaw would allow an attacker the 

ability to run arbitrary code on the remote server. Specifically, malformed requests are not 

properly parsed prior to being logged. When the logs were viewed by a local user, code 

could be executed with the permissions of the user reading the logs (typically an 

administrator). The remote server is also reported prone to a remote Cross-Site Scripting 

(XSS) flaw. An attacker exploiting this flaw would need to be able to convince a user to 

browse to a malicious URI. Successful exploitation would result in the theft of confidential 

data (cookies, authentication materials, and more). 


CVE-2003-0051 

Apple QuickTime < 4.1.4 Directory Traversal, Denial of Service, and Script Disclosure Vulnerabilities 


RISK: 

MEDIUM 



is running the Apple Quicktime Streaming Server. This version is vulnerable to a remote 

directory traversal flaw. An attacker exploiting this flaw would be able to access data 

outside of the web root. In addition, several remote denial of service (DoS) flaws have been 

reported in this version of QTSS. Thirdly, this version of QTSS has been reported prone to 

script disclosure attacks. An attacker exploiting this flaw would be able to read script 

source code. This could lead to more sophisticated attacks. 

Solution: Upgrade to Apple Quicktime Server 4.1.4 or higher. 

CVE-2004-0169 

Apple QuickTime Streaming Server < 5.0.3.2 DoS 



RISK: 

MEDIUM 



remote Apple QuickTime Server is reported prone to a remote Denial of Service (DoS) 

attack. The details of the attack are currently unknown. An attacker with access to the 

specific attack vectors would be able to impact the availability of the server. 



CVE-2004-0825 

Mac OS X 10.0 Detection 


Description: The remote host is running Mac OS X 10.0, which is now unsupported. 

Solution: Upgrade to version 10.2, 10.3 or higher. 




Description: The remote host is running Mac OS X 10.1, which is now unsupported. 





Description: The remote host is running Mac OS X 10.2.\n%L 

Solution: Upgrade to version 10.2.8, 10.3.9, 10.4 or higher. 


Mac OS X 10.2.8 Detection 


Description: The remote host is running Mac OS X 10.2.8. 





Description: The remote host is running Mac OS X 10.3 : \n %L 








Solution: N/A 


dnsmasq < 2.21 Multiple Remote Vulnerabilities 



running dnsmasq, a DHCP and DNS server. The remote version of this software is 

vulnerable to multiple remote vulnerabilities that may allow an attacker to execute arbitrary 

code on the remote host or perform a DNS cache poisoning attack. 

Solution: Upgrade to dnsmasq 2.21 or higher. 

CVE-2005-0876 

Smail < 3.2.0.121 Multiple Vulnerabilities 



host is running a version of Smail, a mail transport agent, that is older or as old as than 

version 3.2.0.120. The remote version of this software contains various vulnerabilities that 

may allow a remote attacker to execute arbitrary code on the remote host by exploiting a 

heap overflow in the function which processes the 'MAIL FROM' command. 

Solution: Upgrade to Smail 3.2.0.121 or higher. 

CVE-2005-0892 

OpenBSD spamd Service Detection 

PVS ID: 2773 FAMILY: SMTP Servers RISK: INFO NESSUS ID:Not Available 

Description: The remote host is running SPAMD, a service that ships with OpenBSD and allows 

administrators to control incoming spam through the use of white, grey, and black lists. 

Solution: N/A 




phpMyDirectory < 10.1.6 review.php Multiple Parameter XSS 


RISK: 

MEDIUM 



version of phpMyDirectory installed on the remote host suffers from multiple cross-site 

scripting vulnerabilities due to its failure to sanitize user-input to its 'review.php' script 

through various parameters. A remote attacker can exploit these flaws to steal cookie-based 

authentication credentials and perform other such attacks. 

Solution: Upgrade to a version of phpMyDirectory greater than 10.1.6 when it becomes available. 

CVE-2005-0896 

AOLServer Multiple Remote Vulnerabilities 



remote host is running AOLServer, a web server from AOL. This version of AOLServer is 

vulnerable to multiple remote overflows. An attacker exploiting these flaws would be able 

to execute arbitrary code on the remote server. 


CVE-2001-0205 

Ublog < 1.0.5 login.asp msg Parameter XSS 


Description: The remote host is running Ublog, a blog program written in ASP. This version of Ublog is 

vulnerable to a remote Cross-Site Scripting (XSS) attack. An attacker exploiting this flaw 

would typically need to be able to convince a user to browse a malicious URI. A successful 

attack would result in the theft of potentially confidential client data (cookies, 

authentication credentials, and more) or malicious code being executed within the client 

browser. 


CVE-2005-0925 

Sylpheed MIME Content-parsing Overflow 





vulnerable to a buffer overflow via specially crafted MIME messages or attachments. An 

attacker exploiting this flaw would need to be able to convince a user to open a malicious 


email message. Successful exploitation would lead to a Denial of Service or remote code 

execution. 


CVE-2005-0926 

PhotoPost < 5.02 RC3 Multiple Content-parsing Vulnerabilities 



attack.\n\nThe remote host is running PhotoPost, a web-based image gallery written in 

PHP. This version of PhotoPost is reported vulnerable to multiple vulnerabilities. Multiple 

scripts are reported prone to a Cross-Site Scripting (XSS) vulnerability. Exploiting the XSS 

flaws may enable an attacker to inject arbitrary script code into the browser of unsuspecting 

users. A successful attack would potentially allow the attacker the ability to view 

confidential data (cookies, authentication data, and more) or compromise the integrity of 

the local system via the web browser. A second set of issues also affect multiple scripts. 

Specifically, multiple scripts are vulnerable to a remote SQL injection attack. An attacker 

exploiting this flaw would be able to view and modify database data as well as potentially 

execute arbitrary commands. 

Solution: Upgrade to PhotoPost 5.02 Release Candidate 3 or higher. 

CVE-2005-0928 

Horde < 3.0.4 Parent Page Title XSS 


RISK: 

MEDIUM 



version of Horde installed on the remote host suffers from a cross-site scripting 

vulnerability in which an attacker can inject arbitrary HTML and script code via the page 

title of a parent frame, enabling him to steal cookie-based authentication credentials and 

perform other such attacks. 


CVE-2005-0961 

MailReader < 2.3.36 network.cgi MIME Message XSS 



RISK: 

MEDIUM 



host is running Mailreader, a web-based application which can be used to read email. This 

version of Mailreader is vulnerable to a remote HTML injection flaw. An attacker 

exploiting this flaw would need to be able to convince a Mailreader user to open a 


malicious email. Successful exploitation would result in the client running code within their 

browser that would seem to be originating from the Mailreader server. 


CVE-2005-0386 

BayTech RPC3 Telnet Daemon Authentication Bypass 



authentication.\n\nThe remote host is running a version of Bay Technical Associates RPC3 

Telnet Daemon that lets a user bypass authentication by sending a special set of keystrokes 

at the username prompt. Since BayTech RPC3 devices provide remote power management, 

this vulnerability enables an attacker to cause a denial of service, shut down the device 

itself and any connected devices. 


CVE-2005-0957 

PHP Remote getimagesize DoS 



remote host is running a version of PHP that is older than 4.3.11 or 5.0.4. This version 

contains a bug that can be triggered when the getimagesize() function processes malicious 

IFF or JPEG image files. An attacker exploiting this flaw would be able to present an image 

to the function that would cause the function to go into an infinite loop by processing a 

negative file size. A successful exploit would result in the loss of system availability for 

valid users. There is also a reported flaw in the way that PHP handles data being passed to 

the Image File Directory (IFD). Reportedly, this leads to a remote Denial of Service (DoS) 

attack. Other flaws impacting this version of PHP have been reported; however, details 

have not been released. The reported version of PHP is: \n %L 

Solution: Upgrade to 4.3.11, 5.0.4 or higher. 

CVE-2005-1043 


MaxWebPortal < 1.36 XSS and SQL Injection Vulnerabilities 



attack.\n\nMaxWebPortal is a web portal that utilizes a backend SQL or MySQL database. 

This version of MaxWebPortal is vulnerable to remote cross-site scripting (XSS) and SQL 

injection flaws. An attacker exploiting this flaw would typically need to be able to convince 

a user to browse a malicious URI. A successful attack would result in the theft of 

potentially confidential client data (cookies, authentication credentials, and more) or 


malicious code being executed within the client browser. An attacker exploiting the SQL 

injection flaw would only need to be able to send HTTP queries to the remote application. 

A successful attack would give the attacker the ability to read and write database data as 

well as potentially execute arbitrary remote commands on the SQL or MySQL system. 


CVE-2005-1016 

Bakbone NetVault Multiple Vulnerabilities 



running Bakbone NetVault, an enterprise backup/restore application. This version of 

NetVault is vulnerable to a remote heap overflow as well as a local content-parsing 

overflow. An attacker exploiting the first flaw would need to be able to connect to the 

application on port 20031. A successful exploit would result in arbitrary code being 

executed by the SYSTEM process. An attacker exploiting the second flaw would need local 

read/write access to the Netvault configuration files. A successful attack would lead to 

arbitrary code being executed. 


CVE-2005-1547 

Windows 2003 SP1 Server Detection 



Solution: N/A 


Windows 2003 (No Service Pack) Multiple Vulnerabilities 



remote host is running Windows 2003 Server. Multiple vulnerabilities were fixed in 

SP1.\nThe reported version of Microsoft 2003 running on this server is: \n %L 

Solution: Upgrade to Windows 2003 SP1 or higher. 

CVE-1999-0662 


phpMyAdmin < 2.6.2 RC1 Remote Command Execution 

PVS ID: 2787 FAMILY: CGI NESSUS ID:17689 


RISK: 

MEDIUM 

Description: The remote host is running phpMyAdmin, an open-source software written in PHP to 

handle the administration of MySQL over the Web. The remote host is vulnerable to a 

remote Cross-Site Scripting (XSS) flaw. An attacker exploiting these flaws would be need 

to be able to convince a user to click on a malicious URL. Upon successful exploitation, the 

attacker would be able to steal credentials or execute code within the browser. 

Solution: Upgrade to phpMyAdmin 2.6.2 RC1 or higher. 

CVE-2005-0992 




remote host is using Firefox. \n\nThe remote version of this software contains various 

security issues that may\nallow an attacker to execute arbitrary code on the remote host. 

The reported browser version (as seen on the network) is: \n %L 


CVE-2005-0752 

Mozilla < 1.7.7 Multiple Vulnerabilities 



remote host is using Mozilla. The remote version of this software contains various security 

issues that may allow an attacker to execute arbitrary code on the remote host. The reported 

browser version (as seen on the network) is: \n %L 


CVE-2005-0752 

CommuniGatePro < 4.3c3 Undisclosed LISTS Module Multipart Message DoS 



RISK: 

MEDIUM 



remote CommuniGatePro, according to its version number, is vulnerable to a flaw that may 

allow an attacker to crash the server using a malformed request. While the details of the 

vulnerability are unknown, the exploit is thought to cause a disruption to availability. 

Solution: Upgrade to CommuniGatePro 4.3c3 or higher. 


CVE-2005-1007 

TLSv1 Traffic Negotiation Detection 


Description: The server on this port is tunneling traffic through TLSv1. 

Solution: N/A 


SSLv3 Traffic Negotiation Detection 



Solution: N/A 




RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to multiple attack vectors.\n\nThe 

remote host seems to be running Gaim, a popular open-source multi-protocol 

instant messenger. It is reported that this version of Gaim is prone to a flaw in 

the way that it handles malformed HTML data. Specifically, a content-parsing 

flaw in the 'gaim_markup_strip_html' function can cause the application to 

fail, leading to a loss of availability. Further, there are reported flaws within 

the IRC and Jabber plugins that can lead to a remote Denial of Service. In 

addition, it is reported that a flaw within the IRC plugin can allow the 

injection of Gaim scripting language commands. 


CVE-2005-0966 


Pavuk < 0.9.32 Multiple Unspecified Remote Buffer Overflows 



flaw.\n\nThe remote host is using a version of Pavuk, a web spider, that is vulnerable to 

multiple unspecified buffer overflows. An attacker can construct a malicious website that is 

designed to trigger the vulnerability and run arbitrary code on the client machine. 


Solution: Upgrade to Pavuk 0.9.32 or higher. 


CA eTRUST IDS Detection 



attacks.\n\nThe remote host is running the CA eTRUST Intrusion Detection System (IDS). 

Solution: N/A 


Comersus Cart Username Field HTML Injection 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to an HTML Injection attack.\n\nAccording to 

its banner, the remote host is running a version of Comersus Cart that fails to properly 

sanitize user input to the Username field. An attacker can exploit this vulnerability to cause 

arbitrary HTML and script code to be executed by a user's browser in the context of the 

affected web site when a user views the username; eg, in the admin pages. 


CVE-2005-1010 

Comersus Cart Detection 


Description: According to its banner, the remote host is running a version of Comersus Shopping Cart, a 

web-based storefront application. 

Solution: N/A 


RunCMS fileupload.php Arbitrary File Upload 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a 'file upload' flaw.\n\nThe remote host is 

running RunCMS, a web-based messaging system. This version of RunCMS is vulnerable 

to a remote file upload vulnerability. Specifically, when 'Allow custom avatar upload' has 

been enabled, remote attackers would be able to upload arbitrary files to the server. 

Successful exploitation would result in arbitary code being executed with the rights of the 


web application. 


CVE-2005-1031 

Active Auction House Multiple Vulnerabilities 



attack.\n\nThe remote host is running Active Auction House, an auction software written in 

ASP.\n\nThe remote version of this software is vulnerable to various SQL injection 

and\ncross-site scripting issues. 


CVE-2005-1029 

Lotus Domino Server < 6.5.3 Web Service Remote DoS 


RISK: 

MEDIUM 



remote host is running a version of Lotus Domino Server's web service that is prone to a 

denial of service vulnerability. By sending a specially crafted HTTP request with a long 

string of unicode characters, a remote attacker can crash the nHTTP.exe process, denying 

service to legitimate users. IBM has released technote number 1202446 for this issue but 

has been unable to reproduce it. 


CVE-2005-0986 

Brooky CubeCart < 2.0.7 Multiple Script SQL Injection 



attack.\n\nThe remote host is using Brooky CubeCart, an online storefront application 

written in PHP. This version of CubeCart is vulnerable to multiple remote SQL injection 

flaws. An attacker exploiting these flaws would send a malformed HTTP request to the 

application. Successful exploitation would result in viewing of confidential data, 

modification of confidential data, and potentially arbitrary code execution. The flawed PHP 

scripts are 'index.php', 'tellafriend.php', 'view_cart.php', and 'view_product.php' 

Solution: Upgrade to version 2.0.7 or higher.. 

CVE-2005-1033 



SurgeFTP < 2.2m2 LEAK Command Remote DoS 


RISK: 

MEDIUM 



remote host is running SurgeFTP, an FTP server for Microsoft and Unix platforms. This 

version of SurgeFTP is vulnerable to a content-parsing flaw via the LEAK command. 

Calling the LEAK command twice consecutively causes a file IO bug that causes the server 

to either stop responding or stop file transfers. 

Solution: Upgrade to version 2.2m2 or higher. 

CVE-2005-1034 

Axel < 1.0b conn.c HTTP Redirection Remote Overflow 



flaw.\n\nThe remote host is running Axel, a download accelerator for FTP and HTTP 

protocols. This version of Axel is vulnerable to a remote buffer overflow due to the way 

that it parses server '302' messages. An attacker exploiting this flaw would need to be able 

to entice an Axel user to browse to their malicious website. Successful exploitation would 

result in the attacker running arbitrary commands on the system. 

Solution: Upgrade to version 1.0b or higher. 

CVE-2005-0390 

ColdFusion MX Server Detection 


Description: The remote host is running ColdFusion MX Server. 

Solution: N/A 


ColdFusion MX Server Detection 


Description: The remote host is running ColdFusion MX Server. 

Solution: N/A 


ColdFusion < 7.0 MX File Disclosure 





sensitive files.\n\nThe remote host is running Macromedia ColdFusion, a web application 

server. This version of Macromedia is vulnerable to a flaw in the way that it stores its class 

files. Specifically, a flaw in the Macromedia ColdFusion MX Updater causes compiled 

Java classes to be stored in the '/WEB-INF/cfclasses' directory. A remote attacker can 

retrieve the files and run a Java decompiler in order to decompile the binary code into 

human-readable format. 

Solution: Upgrade to ColdFusion 7.0 MX or higher.. There is also a workaround available for version 

6.1. 


punBB < 1.2.5 profile.php SQL Injection 


RISK: 

MEDIUM 



attack.\n\nThe remote host is running punBB, a web-based bulletin board. This version of 

punBB ( %L ) is vulnerable to a SQL injection attack. Due to a content-parsing flaw, 

attackers can inject SQL commands into the 'change_email' parameter of the profile.php 

script. An attacker exploiting this flaw would only need to be able to send HTTP requests 

to the application. Successful exploitation would result in the attacker having the ability to 

read or write to the database. In addition, the attacker may be able to execute arbitrary 

commands on the remote system. 


CVE-2005-1051 


PostNuke < 0.760 RC4 Multiple XSS and SQL Injection Vulnerabilities 



attack.\n\nThe remote host is running PostNuke version 0.760 RC3 or older. This version 

of PostNuke is vulnerable to a remote Cross-Site Scripting (XSS) flaw. Specifically, failure 

to parse malicious input to the 'op' parameter of the user.php script or the 'module' 

parameter of the admin.php script can lead to the injection of script code. An attacker 

exploiting this flaw would need to be able to entice the victim into browsing a malicious 

URI. Successful exploitation would result in the attacker being able to inject arbitrary script 

code into the browser of the unsuspecting user. This can lead to disclosure of confidential 

information. In addition, the remote host is vulnerable to a remote SQL Injection attack. An 

attacker exploiting this flaw would be able to read/write confidential database data. 



CVE-2005-1700 

Citrix MetaFrame Server Detection 



attacks.\n\nThe remote host is running Citrix MetaFrame Server. Citrix MetaFrame is a 

web-based application that allows and facilitates connections to other systems. There is a 

flaw in many versions of Citrix MetaFrame that allows authenticated users to elevate access 

by creating macros within Microsoft Office documents. 

Solution: Ensure that this instance of Citrix MetaFrame is allowed with respect to corporate policies 

and guidelines. In addition, ensure that the Citrix MetaFrame server is patched to the latest 

revision. 


Autocomplete Not Disabled for 'Password' Field 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web application server may be prone to a policy 

violation.\n\nThe remote web server is hosting a form that calls for a user password. 

However, the 'Autocomplete' functionality has not been disabled for the password. When 

Autocomplete is enabled, the client machine will store the form data for future use. This 

can be very dangerous as attackers can target confidential data that has been stored on the 

client computer. The page that is hosting the form is located at: \n%P\n\nThe form field 

that should have Autocomplete disabled is: \n %L >\n 

Solution: Set Autocomplete 


KDE KMail HTML Email Information Spoofing 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is running a vulnerable email client.\n\nThe remote client is 

running Kmail, an email client for Unix and Unix-like operating systems. This version is 

vulnerable to a content-parsing flaw within the HTML handlers. Specifically, a client with 

HTML enabled may be sent a malicious email that is able to overlap portions of the 

displayed email. This can be used to convince users to perform web-based tasks that have 

unexpected results. 


CVE-2005-0404 



ModernBill < 4.3.3 Multiple Vulnerabilities 


RISK: 

MEDIUM 



remote host is running ModernBill (%L ), a web hosting application written in PHP. This 

version of ModernBill is vulnerable to several remote attacks. There are Cross-Site 

Scripting (XSS) flaws in the 'aid' and 'c_code' parameters of the orderwiz.php script. An 

attacker exploiting these flaws can inject script code into a URI. If the attacker can 

convince a user into browse a malicious URI, there is a risk of confidential data being sent 

back to the attacker. In addition, there is a flaw in the news.php script that would allow an 

attacker to execute arbitrary server-side code on the web server. Versions of ModerBill 

prior to 4.3.3 are also vulnerable to a SQL injection flaw. Successful exploitation would 

allow a remote attacker the ability to execute arbitrary code on the database server. 


CVE-2005-1053 

DC++ < 0.674 File Content Manipulation 


RISK: 

MEDIUM 



remote host is running DC++, an open source peer-to-peer client. The remote host is 

reported to be prone to a vulnerability where attackers can append data to file transfers. The 

details of this flaw are, at the time, undocumented. It is believed that a successful attack 

would result in arbitrary code being run on the client machine (after a download is 

complete). 


CVE-2005-1089 

Pine < 4.63 rpdump Symlink Arbitrary File Overwrite 



temporary files.\n\nPine versions 4.62 and below suffer from a vulnerability with the 

rpdump utility. Rpdump ships with Pine by default. This version of rpdump is vulnerable to 

a local file-access race condition. An attacker exploiting this flaw would need local access 

to the machine as well as the knowledge of when a user was using rpdump. Successful 

exploitation results in elevation of privileges. 


CVE-2005-1066 



Hydrogen Server Detection 



program.\n\nThe remote host is running Immunity's Hydrogen server. Hydrogen is a 

Backdoor/Trojan application that is often used by penetration-testing teams to backdoor a 

system that has been compromised. 

Solution: Ensure that the instance of Hydrogen was actually installed by Security Team members 

while performing a sanctioned penetration test. 


XAMPP < 1.4.14 Default Installation Multiple HTML Injection 


Description: The remote host is running the XAMPP web server, a version of Apache that comes 

pre-bundled with Perl, MySQL, and PHP. This version of XAMPP is reported to be prone 

to remote HTML injection attacks. An attacker, exploiting this flaw, would need to be able 

to convince a user to browse to a malicious URI. Successful exploitation would result in the 

attacker executing malicious code within the user's browser, possibly leading to theft of 

confidential data. 


CVE-2005-2043 

MSN Messenger Malformed GIF Remote Overflow 


Description: Synopsis : \n\nThe remote host is vulnerable to a buffer overflow.\n\nThe remote host is 

running Microsoft MSN Messenger. There is a flaw in this version of MSN Messenger that 

would allow a remote attacker to potentially execute code on the target host. The flaw is in 

the processing of GIF images. An attacker exploiting this flaw would need to be able to 

convince a user to view a GIF image (such as an emoticon or icon). Successful exploitation 

would lead to arbitrary code being executed on the vulnerable system. The reported version 

number is: \n %L \n 


CVE-2005-0562 

GLD Greylisting Server < 1.5 Detection 





is running the GLD Greylisting server. A Greylisting server is one that forces SMTP 

servers to re-send an email. By forcing a re-send, SPAM can be greatly throttled down. 

Versions of GLD prior to 1.5 are prone to multiple remote attack vectors. 


CVE-2005-1100 

EGroupWare < 1.0.0.007 Attachment Information Disclosure 


Description: Synopsis :\n\nThe remote email client may attach unrequested attachments to an outgoing 

email.\n\nThe remote host is running eGroupWare, a web-based groupware solution. It is 

reported that versions prior 1.0.0.007 are prone to an information disclosure vulnerability. 

Specifically, if a user composes an email with an attachment and then cancels the email, the 

attachment will be attached and sent with the next outbound email. 

Solution: Upgrade to eGroupWare 1.0.0.007 or higher. 

CVE-2005-1202 

PHPBB2 < 2.0.14 Multiple Vulnerabilities 


RISK: 

MEDIUM 


Description: The remote host is running phpBB2, a web-based bulletin board written in PHP. This 

version of phpBB2 is vulnerable to multiple Cross-Site Scripting (XSS) attacks. An 

attacker exploiting this flaw would need to be able to entice a user into browsing a 

malicious URI. Successful exploitation would lead to the attacker executing code within the 

client browser possibly resulting in the theft of confidential data. 


CVE-2005-1115 


PHP Photo Album < 2.0.14 Multiple Vulnerabilities 



attack.\n\nThe remote host is running Photo Album, a phpBB module that enables users to 

easily share photo albums via the internet. This version of Photo Album is vulnerable to a 

SQL injection attack within the 'mode' parameter of the album_search.php script. An 

attacker exploiting this flaw would send a malformed query to the album_search.php script 

which, when processed, would give the attacker the ability to read and/or modify data. In 

addition, the attacker may be able to execute arbitrary code. Photo Album is also vulnerable 

to a Cross-Site Scripting (XSS) attack within the 'sid' parameter of the album_cat.php and 

album_comment.php scripts. An attacker exploiting this flaw would need to convince a 


user to browse to a malicious URI. Successful exploitation would result in attacker code 

running within the victim browser possibly resulting in the loss of confidential data (such 

as cookies). 


CVE-2005-1115 

Oracle Database Multiple Remote Vulnerabilities 


Description: Synopsis :\n\nThe remote host is vulnerable to multiple attack vectors.\n\nAccording to its 

version number, the installation of Oracle on the remote\nhost is reportedly subject to 

multiple unspecified vulnerabilities.\nSome vulnerabilities don't require authentication. It 

may allow an attacker\nto craft SQL queries such that they would be able to retrieve any 

file on\nthe system and potentially retrieve and/or modify confidential data on the\ntarget's 

Oracle server. 

Solution: http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf 

CVE-2005-3203 

AS400 Default POP Services Information Disclosure 


RISK: 

MEDIUM 



attacks.\n\nThe remote host is running the AS400 (version 4.5 or higher) POP3 server. This 

version of the POP daemon is vulnerable to an information disclosure flaw. An attacker can 

gain information about valid accounts, accounts with expired passwords, system accounts 

by querying the POP server. This information can be useful in other attacks that require a 

user ID and/or password. 


CVE-2005-1133 

AS/400 Server Detection 


Description: The remote host is AS/400 version 4.5 or higher. 

Solution: N/A 



IBM WebSphere JSP Source Disclosure / XSS Vulnerabilities 



RISK: 

MEDIUM 



sensitive files.\n\nThe remote WebSphere web server is vulnerable to an information leak. 

There is a flaw in the way that WebSphere determines the web root directory based on the 

HTTP 'Host' tag. An application server that has its root web directory defined in the Web 

Servers root directory may disclose the source of .JSP files. JSP source code often contains 

information that is useful for further attacks. This version of WebSphere is also vulnerable 

to a remote Cross-Site Scripting (XSS) attack. An attacker exploiting this flaw would 

typically need to convince a user to browse to a malicious URI. Successful exploitation 

would result in the theft of confidential materials (such as authentication cookies). 


CVE-2005-1112 

Serendipity < 0.72 exit.php Multiple Parameter SQL Injection 



attack.\n\nThe remote host is running Serendipity. Serendipity is a blogging software that is 

implemented in PHP. This version of Serendipity is vulnerable to a remote SQL Injection 

attack. Specifically, the 'url_id' parameter of the exit.php script does not properly parse out 

SQL reserved characters. An attacker exploiting this flaw would send a malformed query to 

the exit.php script. Successful exploitation would result in the attacker being able to read 

data, write data, and possibly execute arbitrary commands. 


CVE-2005-1448 

SPHPBlog search.php q Parameter XSS 


RISK: 

MEDIUM 



remote host is running SPHPBlog, an open source blog application\nwritten in 

PHP.\n\nDue to a lack of input validation bug, the remote version of this software can\nbe 

used to perform a cross-site scripting attack. 


CVE-2005-1135 

IlohaMail < 0.8.14-RC3 read_message.php Multiple Field HTML Injection 



RISK: 

MEDIUM 



Description: Synopsis :\n\nThe remote host is vulnerable to an HTML injection attack.\n\nThe target is 

running at least one instance of IlohaMail version 0.8.14 or earlier. The remote version of 

this software is vulnerable to an HTML injection attack. An attacker exploiting this flaw 

would need to convince a local user to open a malicious HTML email. Successful 

exploitation would result in the victim executing potentially damaging code and possibly 

theft of confidential, authentication-related data. 


CVE-2005-1120 

DameWare Remote Desktop Listener 


RISK: 

MEDIUM 


Description: The remote host is running Dameware, a utility that allows administrators remote access to 

the Windows Desktop via a number of different protocols. There have been many flaws in 

Dameware and even one backdoor (Agobot) that uses Dameware as an attack vector for 

further propagation. 

Solution: Ensure that Dameware is authorized for your environment and that Dameware has been 

upgraded to the most recent version. 


Oracle Application Server 10g Detection 


Description: The remote host is running the Oracle Application Server 10g version %L 

Solution: N/A 


Oracle Application Server J2EE Container Detection 


Description: The remote host is running Oracle Application Server and has enabled J2EE containers 

version %L 

Solution: N/A 


MusicMatch Multiple Vulnerabilities 



RISK: 

MEDIUM 




running MusicMatch, a music player. The remote version of this software is vulnerable to a 

buffer overflow condition as well as a cross-site scripting vulnerability. An attacker may 

exploit these flaws to execute arbitrary code on the remote host. 


CVE-2005-1185 

Apple Mac OS X < 10.3.9 Multiple Vulnerabilities 

PVS ID: 2833 FAMILY: Operating System Detection RISK: HIGH NESSUS ID:18062 


remote host is running a version of Mac OS X 10.3 that is older than version 10.3.9.\nMac 

OS X 10.3.9 contains several security fixes for :\n- Safari : a remote local zone script 

execution vulnerability has been fixed\n - kernel : multiple local privilege escalation 

vulnerabilities have been fixed\n 


CVE-2005-0971 

Kerio MailServer < 6.0.9 Malformed Email DoS 



host is running a version of Kerio MailServer prior to 6.0.9. There is an 

undisclosed flaw in the remote version of this server that might allow an attacker 

to exhaust resources (impact availability) on the Kerio MailServer. 


CVE-2005-1138 

Monkey HTTP Daemon < 0.9.1 Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote host is vulnerable to multiple attack vectors.\n\nThe version of 

the Monkey HTTP Server installed on the remote host suffers from the following flaws:\n\n 

- A format string vulnerability. A remote attacker may be able to execute arbitrary code 

with the permissions of the user running monkeyd by sending a specially-crafted 

request.\n\n - A denial of service vulnerability. Repeated requests for a zero-byte length 

file, if one exists, could cause the web server to crash. 


CVE-2005-1123 



Xerox Document Centre Multiple Remote Vulnerabilities 


Description: Synopsis :\n\nThe remote host is vulnerable to unspecified remote attack vectors.\n\nThe 

remote host is running Xerox Document Centre, an administrative web-based GUI to a 

Xerox device. This version is reportedly prone to several remote attacks which, if 

exploited, would lead to remote administrative access. The details of the attack are not 

currently known. 


CVE-2005-1179 

mvnForum < 1.0 RC4_03 Search Parameter XSS 


Description: The remote host is running mvnForum, a web-based bulletin board. This version of 

mvnForum is vulnerable to a Cross-Site Scripting (XSS) attack. An attacker exploiting this 

flaw would need to entice a user into browsing a malicious URI. Successful exploitation 

could lead to disclosure of confidential information (such as cookies). 

Solution: Upgrade to version 1.0 RC4_03 or higher. 

CVE-2005-1183 

CVS < 1.12.12 Unspecified Remote Overflow 



running a CVS server that, according to its version number, is vulnerable to an undisclosed 

remote buffer overflow. An attacker exploiting this flaw is alleged to be able to execute 

arbitrary code on the target CVS server. 


CVE-2005-0753 

Coppermine Gallery < 1.3.3 init.inc.php HTML Injection 



RISK: 

MEDIUM 



host is running CopperMine Gallery, a set of PHP scripts to handle galleries of pictures. 

There is a flaw in this version of Coppermine Gallery. Specifically, the x-forwarded-for 

variable is not properly parsed by the application. An attacker exploiting this flaw can 

inject HTML or script into a browser session. Typically, exploiting this flaw involves 

convincing a user to browse to a malicious URI. Successful exploitation results in a 


potential loss of confidential data (such as cookies). 


CVE-2005-1172 

Oracle Database Multiple Remote Vulnerabilities 


Description: Synopsis :\n\nThe remote host is vulnerable to multiple attack 

vectors.\n\nAccording to its version number, the installation of Oracle on the 

remote host is reportedly subject to multiple unspecified vulnerabilities. Some 

vulnerabilities don't require authentication. It may allow an attacker to craft 

SQL queries such that they would be able to retrieve any file on the system and 

potentially retrieve and/or modify confidential data on the target's Oracle server. 

Solution: http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf 

CVE-2005-3203 

webcamXP Camera Detection 


RISK: 

MEDIUM 



corporate policy.\n\nThe remote host is running the webcamXP application. webcamXP is 

an all-in-one camera/webserver appliance that allows users to view and administer a 

camera remotely. 

Solution: Ensure that this web camera is authorized with respect to corporate policies and guidelines. 

In addition, ensure that the images being shown by the camera do not violate any 

'Acceptable Usage' policies. 


webcamXP < 2.16.478 Chat Name HTML Injection 



RISK: 

MEDIUM 



host is running the webcamXP application. webcamXP is an all-in-one camera/webserver 

appliance that allows users to view and administer a camera remotely. This version of 

webcamXP is vulnerable to an HTML injection flaw. An attacker exploiting this flaw 

would typically need to be able to entice a user into browsing to a malicious URI. 

Successful exploitation would result in the theft of confidential materials (such as 

authentication cookies). 



CVE-2005-1189 

Info2WWW < 1.2.2.9-23 Argument XSS 


Description: The remote host is running Info2WWW, an application that generates informational web 

pages. This version of Info2WWW is vulnerable to a remote cross-site scripting (XSS) 

attack. An attacker exploiting this flaw would typically need to convince a user to browse 

to a malicious URI. Success exploitation would result in the theft of confidential materials 

(such as authentication cookies). 

Solution: Upgrade to version 1.2.2.9-23 or higher. 

CVE-2004-1341 

MPlayer < 1.0pre7 Multiple Remote Heap-based Overflows 



using a version of Mplayer, a multimedia video and audio application, that is vulnerable to 

several heap-based overflows that may allow an attacker to execute arbitrary code on the 

remote system. 

Solution: Upgrade to version 1.0pre7 or higher. 

CVE-2005-1195 

SunOne Web Proxy < 3.6 SP7 Unspecified Remote Buffer Overflows 



running the SunOne Web Proxy. This version is reported vulnerable to a number of remote 

buffer overflows. Alledgedly, successful exploitation would result in the attacker executing 

arbitrary commands on the remote SunOne Web Proxy server. 

Solution: Upgrade to version 3.6 SP7 or higher. 


Coppermine Gallery SQL Injection 




is running CopperMine Gallery, a set of PHP scripts to handle galleries of pictures. There is 

a flaw in this version of Coppermine Gallery. Specifically, the remote user's cookie is not 


properly parsed for SQL special characters. An attacker exploiting this flaw would send a 

malicious cookie to the Coppermine application. Successful exploitation would result in the 

attacker being able to read and write sensitive database data as well as potentially executing 

arbitrary code on the remote database. 

Solution: Upgrade to Coppermine greater than 1.3.2. 

CVE-2005-1225 

ArGoSoft Mail Server Multiple Vulnerabilities 


RISK: 

MEDIUM 



authentication.\n\nThe remote host is running the ArGoSoft Mail Server. This version of 

ArGoSoft is prone to a remote, unauthenticated access flaw. Specifically, as ArGoSoft does 

not require authentication prior to serving the 'addnew' script, an unauthenticated user can 

perform administrative tasks. Successful exploitation would lead to the attacker being able 

to add accounts and escalate their privileges on the remote server. 


CVE-2005-1283 

Woltlab Burning Board XSS / SQL Injection Vulnerabilities 



is running Woltlab Burning Board, a web bulletin board written in PHP. This version of 

Burning Board is vulnerable to a remote Cross-Site Scripting (XSS) attack. An attacker 

exploiting this flaw would typically need to convince a user to browse to a malicious URI. 

Success exploitation would result in the theft of confidential materials (such as 

authentication cookies).\n\nThis version of Woltlab is also vulnerable to a remote SQL 

injection\nattack. An attacker exploiting this flaw would send a malformed\n'email' form 

query to the 'verify_email()' function. Succesful exploitation\nwould result in the attacker 

being able to read or write confidential\ndata. In some instances, the attacker may be able 

to execute arbitrary\ncode on the remote database server. 


CVE-2005-1642 

phpBB < 2.0.15 admin_forums.php XSS 



RISK: 

MEDIUM 



Description: The remote host is running the phpBB bulletin board. The reported version is: \n %L 

\n\nThis version is reported vulnerable to a cross-site-scripting (XSS) flaw. 


CVE-2005-1193 

Horde Vacation < 2.2.2 Parent Frame Page Title XSS 


RISK: 

MEDIUM 



version of Horde Vacation installed on the remote host suffers from a cross-site scripting 

vulnerability in which an attacker can inject arbitrary HTML and script code into an 

unsuspecting user's browser, enabling him to steal cookie-based authentication credentials 

and perform other such attacks. 


CVE-2005-1321 

Horde MNemo < 1.1.4 Parent Frame Page Title XSS 


RISK: 

MEDIUM 



version of Horde MNemo installed on the remote host suffers from a cross-site scripting 





CVE-2005-1320 

Horde Nag < 1.1.3 Parent Frame Page Title XSS 


RISK: 

MEDIUM 



version of Horde Nag installed on the remote host suffers from a cross-site scripting 







CVE-2005-1322 

Horde Chora < 1.2.3 Parent Frame Page Title XSS 


RISK: 

MEDIUM 



version of Horde Chora installed on the remote host suffers from a cross-site scripting 






Horde Accounts < 2.1.2 Parent Frame Page Title XSS 


RISK: 

MEDIUM 



version of Horde Accounts installed on the remote host suffers from a cross-site scripting 






Horde Forwards < 2.2.2 Parent Frame Page Title XSS 


RISK: 

MEDIUM 



version of Horde Forwards installed on the remote host suffers from a cross-site scripting 






Horde Imp < 3.2.8 Parent Frame Page Title XSS 



RISK: 

MEDIUM 




version of Horde Imp installed on the remote host suffers from a cross-site scripting 






Horde Turba < 1.2.5 Parent Frame Page Title XSS 


RISK: 

MEDIUM 



version of Horde Turba installed on the remote host suffers from a cross-site scripting 






Horde Kronolith Multiple XSS 


RISK: 

MEDIUM 



version of Horde Kronolith installed on the remote host suffers from a cross-site scripting 




Solution: Upgrade to version 1.1.4, H3 2.0.3-rc1, or higher. 


Yappa-NG < 2.3.2 Multiple vulnerabilities 



RISK: 

MEDIUM 



host is running Yappa-NG, a web-based photo album. This version is vulnerable to several 

remote script injection flaws. An attacker exploiting these flaws would typically need to be 

able to convince a user to browse a malicious URI. Successful exploitation would result in 

the execution of script code which could cause a loss of confidential data. 



CVE-2005-1311 

Fastream NETFile < 7.5.0 Beta 7 Directory Traversal Arbitrary File Access 


RISK: 

MEDIUM 



host is running the Fastream NETFile web server. This version of NETFile is vulnerable to 

a remote directory traversal flaw. An attacker exploiting this flaw would send a malformed 

request to the HTTP server. Successful exploitation would result in the attacker gaining 

access to confidential data outside the web server's root directory. 

Solution: Upgrade to version 7.5.0 Beta 7 or higher. 


NetTerm FTP Server USER Command Remote Overflow 



running NetTerm FTP Server. All versions of NetTerm FTP server are vulnerable to a 

remote buffer overflow. The primary maintainers have removed netftpd.exe from all new 

versions of their product. An attacker exploiting this flaw would be able to execute 

arbitrary code on the remote FTP server. 


CVE-2005-1323 

BEA WebLogic < 8.1 SP5 Multiple Vulnerabilities 



is running a version of BEA WebLogic Server or WebLogic Express that is prone to 

multiple vulnerabilities. These flaws could lead to buffer overflows, denial of service, 

unauthorized access, cross-site scripting attacks, and information disclosure. 


CVE-2005-1749 


ZoneAlarm < 5.5.094.000 Undisclosed Vulnerability 




remote host is running ZoneAlarm, a personal firewall for the Windows platform. The 

client is running a version of ZoneAlarm which is less than 5.5.094.000. This version of 

ZoneAlarm is reported vulnerable to an undisclosed vulnerability and the vendor has 

released version 5.5.094.000 to remediate risk. 



PHP-Calendar < 0.10.3 includes/search.php SQL Injection 



attack.\n\nThe remote host is running PHP-Calendar, a web-based calendar application 

written in PHP. This version of PHP-Calendar is vulnerable to a remote SQL injection 

attack. Specifically, the search.php script fails to parse out SQL-reserved characters and 

would allow a remote attacker to read or write data as well as potentially execute arbitrary 

code on the remote database. 


CVE-2005-1397 

Claroline Multiple Remote Vulnerabilities 



attack.\n\nThe remote host is running an older version of Claroline, an online e-learning 

software. This version is vulnerable to multiple attacks that include, but are not limited to, 

remote buffer overflow, HTML injection, Cross-Site Scripting (XSS), and SQL injection. 

An attacker exploiting these flaws can gain access to confidential data, run arbitrary code, 

and execute malicious code within victim browsers. 


CVE-2005-1376 


Oracle Application Server Web Cache OHS mod_access Authentication Bypass 



authentication.\n\nThe remote host is running the Oracle Application Server. This version 

is reported vulnerable to an authentication bypass attack. Specifically, administrators may 

restrict access using the 'mod_access' Oracle module. However, attackers may utilize the 

Oracle Webcache service in order to bypass these restrictions. An attacker exploiting this 

flaw would be able to elevate privileges and potentially gain access to administrative 

functions or confidential data. 


Solution: Upgrade to a version of Oracle Application Server higher than 10.1.2.0.0, when available. 

CVE-2005-1383 

PHPCoin < 1.2.2 2005-12-13 Multiple Script SQL Injection 



attack.\n\nThe remote host is running phpCOIN version 1.2.2 or older. This version of 

PHPCoin is vulnerable to a remote SQL injection attack. This vulnerability is possible due 

to the login.php and mod.php scripts not properly parsing SQL reserved characters from the 

user-supplied input. An attacker exploiting these flaws would be able to gain access to 

confidential materials with both read and write access. In addition, the attacker may be able 

to execute arbitrary code on the remote database server. 

Solution: Upgrade to phpCOIN 1.2.2 with at least fix-file 2005-12-13 or higher. 

CVE-2005-1384 

ICUII Peer-To-Peer Client Detection 


RISK: 

MEDIUM 



corporate policy.\n\nThe remote client is running ICUII, a peer-to-peer client for messaging 

and video. ICUII supports two primary modes: 'Family Oriented' and 'Adult'. There has 

been at least one local bug associated with ICUII. 

Solution: Ensure that ICUII is authorized with respect to corporate 'Appropriate Network Usage' 

policies. If authorized, ensure that ICUII is running with the most recent version. 

CVE-2005-1411 

FilePocket File Sharing Application Detection 


RISK: 

MEDIUM 



corporate policy.\n\nThe remote client is running FilePocket, an application for sharing 

files via the Internet. There has been at least one local bug associated with FilePocket. 

Solution: Ensure that FilePocket is authorized with respect to corporate 'Appropriate Network Usage' 

policies. If authorized, ensure that FilePocket is running with the most recent version. 

CVE-2005-1414 



Lotus Domino Server Web Service NRPC Authentication Format String DoS 


Description: Synopsis :\n\nThe remote host is vulnerable to a format string flaw.\n\nThe remote host is 

running a version of Lotus Domino Server's web service that is prone to a remote format 

string vulnerability. Specifically, during Lotus Notes authentication, a server utilizing 

Notes Remote Procedure Call (NRPC) can be sent a malicious payload that, when parsed, 

would cause the server to either fail (loss of availability) or execute arbitrary code (loss of 

confidentiality and integrity). 

Solution: Upgrade to Lotus Domino Server version 6.5.4, 6.0.5 or higher. 

CVE-2005-1441 

JGS-Portal < 3.0.2 jgs_portal.php id Parameter SQL Injection 



attack.\n\nThe remote host is running JGS-Portal, a plugin for the Woltlab web application. 

This version of JGS-Portal is vulnerable to a remote SQL injection attack. An attacker 

exploiting this flaw would send a malformed HTTP query to the application. Successful 

exploitation would result in the attacker being able to read or write confidential data. In 

addition, the attack may be able to execute arbitrary code on the remote database server. 


CVE-2005-1479 

BitTorrent Client Detection 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is running software which should be authorized with respect 

to corporate policy.\n\nThe remote host is running the Bittorrent client version 

%L\nBitTorrent is a client application that allows users to quickly download files from 

multiple locations. 

Solution: Ensure that BitTorrent is allowed with respect to corporate policies and guidelines. 


Kerio MailServer < 6.0.10 Unspecified Admin Web Interface DoS 



RISK: 

MEDIUM 




remote host is running a version of Kerio MailServer prior to 6.0.10.\n\nThere is a flaw in 

the remote version of this server that would allow an attacker to exhaust resources on the 

administrative web interface. While the details of the flaw are unknown, it is alledged that 

an attacker can launch the attack without any credentials and render the target service 

unavailable. 


CVE-2005-1063 

MaxWebPortal < 1.3.5 Multiple SQL Injection 



attack.\n\nMaxWebPortal is a web portal that utilizes a backend SQL or MySQL database. 

This version of MaxWebPortal is vulnerable to multiple SQL Injection flaws. An attacker 

exploiting these flaws would only need to be able to send HTTP queries to the remote 

application. A successful attack would give the attacker the ability to read and write 

database data as well as potentially execute arbitrary remote commands on the SQL or 

MySQL system. 


CVE-2005-1417 

Open Webmail < 2.51 20050430 Shell Escape Arbitrary Command Execution 


RISK: 

MEDIUM 



arbitrary commands.\n\nThe remote host is running Open Webmail, an open-source perl 

script that gives remote users a web-based interface to email. This version of Open 

Webmail is vulnerable to a content-parsing flaw that would allow a remote attack to run 

arbitrary code on the Open Webmail server. Specifically, the application fails to parse out 

the '|' character which can be used to append commands to system calls. 

Solution: Upgrade to version 2.51 20050430 or higher. 

CVE-2006-3233 


PostgreSQL < 8.0.3 Incorrect Function Declaration 

PVS ID: 2876 FAMILY: Database RISK: NONE NESSUS ID:18202 


authentication.\n\nThe remote host is running PostgreSQL, an open source relational 

database. This version is vulnerable to a number of flaws. Specifically, the following 

functions are directly accessible to remote 


users:\ndex_init()\nsnb_en_init()\nsnb_ru_init()\nspell_init()\nsyn_init()\n\nAn attacker 

calling these functions can submit queries that lead to compromise of confidential data or 

execution of arbitrary code on the remote database server. 


CVE-2005-1410 

Golden FTP < 2.53 USER Traversal File Access 


RISK: 

MEDIUM 



host is running the Golden FTP Server. This version of Golden FTP is vulnerable to a 

remote directory traversal flaw. An authenticated attacker can retrieve sensitive files from 

outside the FTP server directories by using a '../' type query. 


CVE-2005-1484 




is missing Security Update 2005-005. This security\nupdate contains security fixes for the 

following application :\n\n- Apache\n- AppKit\n- AppleScript\n- Bluetooth\n- Directory 

Services\n- Finder\n- Foundation\n- HelpViewer\n- LDAP\n- libXpm\n- lukemftpd\n- 

NetInfo\n- ServerAdmin\n- sudo\n- Terminal\n- VPN 

Solution: Apply Security Update 2005-005. 

CVE-2005-1343 

Invision Board Multiple XSS and SQL Injection 



RISK: 

MEDIUM 



attack.\n\nThe remote host is running Invision Board, a CGI suite designed to set up a 

bulletin board system on the remote web server. This version of Invision Board is 

vulnerable to a Cross-Site Scripting (XSS) flaw where attackers can supply malicious script 

code to the 'act' parameter of the index.php script. An attacker exploiting this flaw would 

need to be able to convince a user to browse to a malicious URI. Successful exploitation 

would result in the theft of confidential materials (such as authentication cookies). In 

addition, the remote application is vulnerable to a remote SQL Injection attack. An attacker 

exploiting this flaw would send a malformed query to the application. The query would 

include reserved SQL characters and syntax. Successful exploitation would result in the 


loss of integrity and confidentiality. 

Solution: Upgrade to version 2.0.4, 2.1.0 Alpha 3 or higher. 

CVE-2005-1443 

Leafnode < 1.11.2 Abrupt Disconnect DoS 


RISK: 

MEDIUM 



remote host is running the LeafNode NNTP server. The version of LeafNode is vulnerable 

to a remote Denial of Service (DoS) attack. Specifically, when an upstream NNTP server 

requests a header and then abruptly terminates the connection, the LeafNode NNTP server 

fails. Successful exploitation would result in a loss of availability. 


CVE-2005-1453 

Oracle Application Server < 10.1.0.0.3 Privilege Escalation 



bypassing of authentication.\n\nThe remote host is running the Oracle 

Application Server. This version is reported vulnerable to a privilege escalation 

flaw. Specifically, users with the 'create job' privileges can obtain 

administrative access to the database. An attacker exploiting this flaw would 

need a valid account that had the ability to create new database jobs. Successful 

exploitation would result in the attacker being able to read or write confidential 

data. 


CVE-2005-1496 

Oracle Application Server < 10.1.0.0.4 Logging Service Interruption 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a flaw that would allow a single user to 

affect logging-level changes for all users of a database.\n\nThe remote host is running the 

Oracle Application Server. This version is reported vulnerable to a flaw where a SYS user 

can disable Fine Grained Auditing (FGA) which then impacts the logging level of all users 

of the database. 



CVE-2006-1705 

Software602 602Pro LAN SUITE < 2004.0.05.0509 Directory Traversal Arbitrary File Access 


RISK: 

MEDIUM 



host is running the 602Pro LAN SUITE, an application that provides web, FTP, telnet, 

DNS, RealAudio, SSL services and proxying. This version of 602Pro LAN SUITE is 

vulnerable to a remote directory traversal attack within the 'mail' scripts 'A' parameter. An 

attacker exploiting this flaw would simply supply a typical '../../' directory traversal query to 

the 'A' parameter. Successful exploitation would give the attacker access to any files on the 

remote system. This introduces a loss of confidentiality. 


CVE-2005-1423 

Apache htdigest realm Variable Overflow 


RISK: 

MEDIUM 



appears to be running a version of Apache, an open source web server. This version of 

Apache is vulnerable to a flaw in the 'htdigest' utilility. Specifically, a long user-supplied 

realm will cause an overflow and execution of arbitrary code. This issue is not considered a 

local flaw, as the program is not run setuid. An attacker exploiting this flaw would need to 

find a vulnerable Apache Web server that was making a call to 'htdigest' via a CGI script. 


CVE-2005-1344 

WebStar Mail < 5.4.1 Tomcat Plugin Remote Overflow 



running WebSTAR Mail, a mail server for Mac OS X that offers its services via a web 

interface. WebStar runs with the Tomcat plugin enabled by default. This version of 

WebStar is vulnerable to an attack against the Tomcat plugin. Specifically, a long, 

user-supplied URI will result in a buffer overflow. Successful exploitation would lead to 

the execution of arbitrary code on the remote server. 

Solution: Upgrade to a version greater than 5.4.1. 

CVE-2005-1507 



PHP Advanced Transfer Manager < 1.22 Arbitrary File Upload 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a script injection attack.\n\nAccording to its 

banner, the version of PHP Advanced Transfer Manager installed on the remote host allows 

authenticated users to upload arbitrary files and then run them subject to the privileges of 

the web server user. 

Solution: Upgrade to PHP Advanced Transfer Manager 1.22 or higher. 

CVE-2005-1681 




is using Firefox. This version of Firefox is prone to a remote exploit which stems from the 

'install()' method. Specifically, an attacker can pass JavaScript to the 'install()' method 

which would then be executed within the client browser. An attacker exploiting this flaw 

would only need to be able to entice a user into browsing to a malicious website. Successful 

exploitation would result in the client browser executing arbitrary code that could impact 

the confidentiality and integrity of the remote machine. The reported browser version (as 

seen on the network) is: \n %L 


CVE-2005-1532 

AOL Instant Messenger Font Tag sml Parameter Remote DoS 


RISK: 

MEDIUM 



remote host is running AOL Instant Messenger (AIM). Versions 5.9.3702 and lower are 

reported to be vulnerable to a remote Denial of Service (DoS) attack. An attacker exploiting 

this flaw would only need to be able to initiate a chat, file transfer, or game request to a 

vulnerable instance of AOL IM. Successful exploitation would result in the Instant 

Messenger client crashing. 

Solution: When available, upgrade to a version of AOL IM greater than 5.9.3702. 

CVE-2005-1655 


Apple iTunes < 4.8 MPEG-4 File Handling Overflow 




running iTunes - an application for managing and listening to music media files. The 

version of iTunes client is %L. \nThis version of iTunes is vulnerable to a buffer overflow. 

An attacker exploiting this flaw would need to be able to entice an iTunes user into opening 

a malformed file. Successful exploitation would result in the attacker executing arbitrary 

code on the remote system. 


CVE-2005-1248 

GeoVision Digital Surveillance System Detection 


RISK: 

MEDIUM 



authentication.\n\nThe remote host is running GeoVision Digital Surveillance System, a 

web-based surveillance system that allows remote operators to control and manage data 

streams from multiple cameras. This version of GeoVision is vulnerable to a remote flaw 

that allows attackers to view images without authentication. An attacker can query any of 

the controlled cameras for the current image stored. Successful exploitation could lead to 

the compromise of confidential data. 


CVE-2005-1552 

GeoVision Digital Surveillance System Detection 


Description: The remote host is running GeoVision Digital Surveillance System, a web-based 

surveillance system that allows remote operators to control and manage data streams from 

multiple cameras. 

Solution: Ensure that the existence of the surveillance system is explicitly allowed with respect to 

corporate policies and guidelines. 


myServer Multiple Vulnerabilities 



Description: The remote host is running myServer 0.8.0 or older. There is a flaw in the remote version 

of this software that may allow an attacker to list directories or execute a Cross-Site 

Scripting (XSS) attack. The first flaw would allow an attacker access to potentially 

confidential data via a directory listing. The second flaw would require the attacker to be 

able to convince a user to browse a malicious URI. Successful exploitation would result in 

the attacker being able to retrieve potentially confidential data (such as authentication 


cookies). 



ColdFusion Error Page XSS 


Description: The remote host is running Macromedia ColdFusion, a web application server. This version 

of ColdFusion is vulnerable to a Cross-Site Scripting (XSS) flaw in the way that it handles 

displaying error pages. An attacker exploiting this flaw would need to be able to convince a 

user to browse to a malicious URI. Further, the Macromedia site would need to be utilizing 

the JRUN web server (installed by default, but not recommended for production services). 

Successful exploitation would result in the potential loss of confidential data (such as 







appears to be running Gaim, a popular open-source, multi-protocol instant messenger. It is 

reported that this version of Gaim is vulnerable to several remote flaws. Namely\n\n1) The 

MSN protocol module is vulnerable to a remote Denial of Service (DoS) attack when sent a 

NULL SLP message. Successful exploitation results in the application crashing.\n\n2) 

Gaim instant messages support the sending of links (URIs). This version of Gaim only 

supports links of 8192 bytes or less. An attacker sending a link of more than 8192 bytes can 

overwrite memory and execute arbitrary code. 


CVE-2005-1261 

Bakbone NetVault < 7.1.1 Unspecified Remote Overflow 




NetVault is reported to be vulnerable to a remote heap overflow. The details of the flaw are 

not currently known. It is believed that a successful attack would lead to arbitrary code 

being executed. 




CVE-2005-1009 

Woppoware Postmaster < 4.2.3 Multiple Vulnerabilities 


RISK: 

MEDIUM 



is running Woppoware Postmaster, a suite of products that allows users to surf the web via 

a proxy, connect to email accounts via a web interface, send and receive email, and 

remotely administer the services. This version of Postmaster is reported to be vulnerable to 

a number of flaws. An attacker exploiting these flaws would be able to gain access to 

confidential data, compromise the integrity of the machine, and impact the availability of 

the services. 


CVE-2005-1652 

BoastMachine < 3.1 users.inc.php Arbitrary File Upload 


RISK: 

MEDIUM 



running BoastMachine, a blogging software. This version of BoastMachine is vulnerable to 

a flaw in the users.inc.php script. Specifically, a remote user can pass a specially formatted 

HTTP request to the BoastMachine script and cause it to upload unsafe files. After upload, 

the attacker can then execute the files with the permissions of the web server. In addition, 

the attacker can leave malicious scripts that are executed by unsuspecting users who browse 

the web page. 


CVE-2005-1580 

MaxWebPortal < 1.360 Multiple Vulnerabilities 


PVS ID: 2898 FAMILY: CGI RISK: NONE NESSUS ID:18248 

Description: Synopsis :\n\nThe remote host is vulnerable to multiple attack vectors.\n\nMaxWebPortal is 

a web portal that utilizes a backend SQL or MySQL database. This version of 

MaxWebPortal is vulnerable to multiple flaws that include: HTML injection, cross-site 

scripting (XSS) and SQL Injection. An attacker exploiting these flaws would only need to 

be able to send HTTP queries to the remote application. A successful attack would give the 

attacker the ability to read and write database data as well as potentially execute arbitrary 

remote commands on the database server. The HTML injection and XSS flaws would 

typically require that the attacker be able to coerce a user into browsing to a malicious URI. 

Successful exploitation would result in arbitrary code executing in the client browser and 

possible theft of confidential data (such as authentication cookies). 



CVE-2005-1561 

Quicktime < 7.0.1 Web Plugin Information Disclosure 


RISK: 

MEDIUM 



attacks.\n\nThe remote host is running an older version of Quicktime player for Microsoft 

Windows. This version is vulnerable to a remote information disclosure flaw. It is alleged 

that when the Quicktime web plugin parses a malformed '.mov' video file, information may 

be disclosed to the website that is hosting the movie file. The information which is 

disclosed may include the computer name, operating system version, and hardware 

specifics. Such information may be used by the attacker to launch a more sophisticated 

attack. A remote attacker exploiting this flaw would need to create a malicious '.mov' file 

and entice the user to play it. 


CVE-2005-1579 

Bugzilla < 2.19.3 Information Disclosure 



attacks.\n\nThe remote server is running Bugzilla, a bug tracking system. There is a flaw in 

the remote installation of Bugzilla that may allow an attacker to disclose sensitive 

information. Specifically, if a user generates a report prior to authentication, the user ID 

and password will be embedded within the report. An attacker exploiting this flaw would 

be able to harvest user IDs and passwords from generated reports. 


CVE-2005-1564 

Microsoft Media Player Versions 9 and 10 Arbitrary HTML Pop-up 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote client can be tricked into opening up an HTML page.\n\nThe 

remote host is running Microsoft Media Player. There is a flaw in this version of Media 

Player that would allow a remote attacker to cause an HTML pop-up window to appear 

when a specially formed media file was opened. An attacker exploiting this flaw would 

need to be able to convince a user to download or browse to the malicious file. Successful 

exploitation would result in an HTML page opening on the remote system. This flaw would 

typically be used in conjunction with social engineering or a browser exploit. 




Mozilla Browser < 1.7.8 Multiple Vulnerabilities 


Description: Synopsis : \n\nThe remote host is vulnerable to multiple attack vectors.\n\nThe remote host 

is using Mozilla. The remote version of this software contains various security issues that 

may allow an attacker to execute arbitrary code on the remote host. The reported browser 

version (as seen on the network) is: \n %L 


CVE-2005-1532 

PhotoPost PHP Pro < 5.02 RC4 member.php uid Parameter SQL Injection 



attack.\n\nThe remote host is running PhotoPost, a web-based image gallery written in 

PHP. This version of PhotoPost is reported vulnerable to a remote SQL Injection flaw. An 

attacker exploiting this flaw would only need to be able to send HTTP requests to or from 

the application web server. Successful exploitation would result in the attacker being able 

to read or write data. In addition, the attacker may be able to execute arbitrary code on the 

remote database server. 


CVE-2005-1629 

Checkpoint Firewall-1 Patch Level 0 Detection 



is running the Firewall-1 4.1 VPN Server. The remote server is not running any Checkpoint 

patches. Since the release of version 4.1, there have been at least six (6) critical patches 

released by Checkpoint. This version of Firewall-1 is vulnerable to a myriad of remote 

attacks that would give the attacker the ability to impact confidentiality, integrity, and 

availability of the remote system 



Checkpoint Firewall-1 Patch Level 1 Detection 





is running the Firewall-1 4.1 VPN Server. The remote server is running with Service Pack 

1. There have been at least five (5) critical patches released by Checkpoint since SP1. This 

version of Firewall-1 is vulnerable to a myriad of remote attacks that would give the 

attacker the ability to impact confidentiality, integrity, and availability of the remote 

system. 



Checkpoint Firewall-1 Patch Level 2 through 6 Detection 



is running the Firewall-1 4.1 VPN Server. The remote server is running with Service Pack 2 

- 6. There have been at least four (4) critical patches released by Checkpoint since SP2. 

This version of Firewall-1 may be vulnerable to a myriad of remote attacks that would give 

the attacker the ability to impact confidentiality, integrity, and availability of the remote 

system. 



Checkpoint Firewall-1 NG AI R54 Detection 



is running the Firewall-1 NG VPN Server. The remote server is running with version R54. 

There have been at least two (2) critical patches released by Checkpoint since R54. This 

version of Firewall-1 may be vulnerable to a myriad of remote attacks that would give the 


system. 



Checkpoint Firewall-1 NG AI R55 Detection 



RISK: 

MEDIUM 




is running the Firewall-1 NG VPN Server. The remote server is running with version R55. 

There has been at least one (1) critical patch released by Checkpoint since R55. This 

version of Firewall-1 may be vulnerable to a myriad of remote attacks that would give the 


system. 


CVE-2006-3885 

Checkpoint Firewall-1 NG Patch Level 0 Detection 



is running the Firewall-1 NG VPN Server. The remote server is not running any 

Checkpoint patches. Since the release of Firewall-1 NG, there have been at least five (5) 

critical patches released by Checkpoint. This version of Firewall-1 is vulnerable to a 

myriad of remote attacks that would give the attacker the ability to impact confidentiality, 

integrity, and availability of the remote system 



Checkpoint Firewall-1 NG Patch Level FP1 Detection 



is running the Firewall-1 NG VPN Server. The remote server is running Checkpoint patch 

level FP1. Since the release of Firewall-1 NG FP1, there have been at least four (4) critical 

patches released by Checkpoint. This version of Firewall-1 is vulnerable to a myriad of 

remote attacks that would give the attacker the ability to impact confidentiality, integrity, 

and availability of the remote system 








level FP2. Since the release of Firewall-1 NG FP2, there have been at least three (3) critical 











level FP3. Since the release of Firewall-1 NG FP3, there have been at least two (2) critical 






Checkpoint Firewall-1 VPN Detection 


Description: The remote host is running a Checkpoint Firewall-1 VPN Server. 

Solution: N/A 

VPN Client Detection 



RISK: 

MEDIUM 


Description: The remote workstation is running as a VPN client. The workstation is connecting to a 

remote network via an encrypted VPN session. Depending on the configuration of the VPN 

server on the remote network, the client may be routing traffic to/from an untrusted 

network. 

Solution: Ensure that corporate policies and guidelines allow for hosts connecting to other networks 

via a VPN. 


VPN Server Detection (over PPTP) 




Description: The remote server is acting as a VPN server. 

Solution: N/A 


Fortinet VPN Server Detection (over PPTP) 


Description: The remote host is running the Fortinet %L PPTP VPN. 

Solution: Ensure that the VPN is within corporate policy. 


JGS-Portal < 3.03 Multiple Scripts SQL Injection 


Description: The remote host is running JGS-Portal, a plugin for the Woltlab web\napplication. This 

version of JGS-Portal is vulnerable to a remote SQL\ninjection attack. An attacker 

exploiting this flaw would send a\nmalformed HTTP query to one of the following php 

scripts:\n- jgs_portal.php\n- jgs_portal_statistik.php\n- jgs_portal_beitraggraf.php\njgs_portal_mitgraf.php\n-jgs_portal_themengraf.php\njgs_portal_viewsgraf.php\n\nSuccessful 

exploitation would result in the attacker being able 

to\nread or write confidential data. In addition, the attacker may be\nable to execute 

arbitrary code on the remote database server. 



WordPress < 1.5.1.2 SQL Injection and XSS 



is running WordPress, a web blog manager written in PHP. The remote version of this 

software is vulnerable to various flaws that may allow an attacker to perform a SQL 

injection attack against the remote host. Successful exploitation would allow an attacker to 

read/write confidential data as well as potentially execute arbitrary code on the remote 

database. In addition, the remote host is vulnerable to multiple cross-site scripting (XSS) 

flaws. 

Solution: Upgrade to WordPress 1.5.1.2 or higher. 

CVE-2005-1810 


ignitionServer < 0.3.6p1 Channel Locking Remote DoS 


PVS ID: 2919 FAMILY: IRC Servers RISK: HIGH NESSUS ID:18291 


remote host is running an ignitionServer IRC server. This version of ignitionServer is 

reported to be prone to a remote remote denial of service in the way that the server handles 

channel locking. Specifically, a non-operator can create a locked channel which cannot be 

unlocked by an authorized operator. The only way to clear the channel would be to reboot 

the server. This can cause a loss of availability. 

Solution: Upgrade to version 0.3.6p1 or higher. 

CVE-2005-1641 

Serendipity < 0.80 RC7 Multiple Vulnerabilities 


RISK: 

MEDIUM 



is running Serendipity. Serendipity is a\nBlogging software that is implemented in PHP. 

This version of Serendipity\nis reported vulnerable to multiple remote exploits. It is 

reported that\nthis version is vulnerable to HTML injection, Cross-Site Scripting 

(XSS),\nand file upload flaws. An attacker exploiting these flaws would be able\nto gain or 

elevate privileges on the remote machine. An attacker may also\nbe able to user the server 

as an attack vector against unsuspecting users browsing the website. 


CVE-2005-1712 

NetWin SurgeMail < 3.0.0c3 Multiple Unspecified Remote Vulnerabilities 



is running NetWin SurgeMail, a mail server application. The remote version of this 

software is vulnerable to multiple unspecified vulnerabilities that have been disclosed by 

the vendor. 

Solution: Upgrade to version 3.0.0c3 or higher. 

Groove Detection 

CVE-2005-1714 



Description: The remote host is running %L, a virtual office workspace that\nallows remote users to 

collaborate via the Internet. Groove uses\ncentralized servers to keep remote workers 

synchronized with each other. 


Solution: Ensure that you are using the most recent version of Groove. 


Groove < 3.1.0 Build 2338 Multiple Vulnerabilities 



running Groove, a virtual office workspace that allows remote users to collaborate via the 

Internet. Groove uses centralized servers to keep remote workers synchronized with each 

other. This version of Groove is vulnerable to multiple remote attacks. The attacks stem 

from a lack of content parsing by the Groove product. An attacker exploiting these flaws 

would need to be able to entice a Groove user into opening or viewing malicious files or 

data from within the Groove application. Successful exploitation leads to the attacker being 

able to execute arbitrary code on the unsuspecting user. 

Solution: Upgrade to version 3.1.0 build 2338 or higher. 

CVE-2005-1677 

Cisco IOS VPN Detection 


Description: The remote host is running a Cisco IOS VPN server.\n\nA VPN (Virtual Private Network) 

allows remote users to connect to an\ninternal network as if they were local users. A VPN 

that allows\nsplit-tunneling will essentially serve as a bridge between the remote\nnetwork 

and the internal network. Special care should be taken to\nensure that remote VPN clients 

connect securely and do not introduce\nan unacceptable level of risk to the internal 

computing environment. 

Solution: Ensure that the VPN is acceptable with respect to corporate guidelines and policies. 


Cisco Unity VPN Detection 


Description: The remote host is running a Cisco Unity VPN server.\n\nA VPN (Virtual Private 

Network) allows remote users to connect to an\ninternal network as if they were local 

users. A VPN that allows\nsplit-tunneling will essentially serve as a bridge between the 

remote\nnetwork and the internal network. Special care should be taken to\nensure that 

remote VPN clients connect securely and do not introduce\nan unacceptable level of risk to 

the internal computing environment. 





SSH Sentinel VPN Detection 


Description: The remote host is running a SSH Sentinel VPN Server.\n\nA VPN (Virtual Private 








SSH Sentinel 1.1 VPN Detection 


Description: The remote host is running a SSH Sentinel 1.1 VPN Server.\n\nA VPN (Virtual Private 






























SSH Sentinel 1.4.1 VPN Detection 


Description: The remote host is running a SSH Sentinel 1.4.1 VPN Server.\n\nA VPN (Virtual Private 

















Cisco VPN Detection 




Description: The remote host is running a generic Cisco VPN Server.\n\nA VPN (Virtual Private 









PHP Advanced Transfer Manager < 1.22 File Upload Arbitrary Command Execution 


Description: Synopsis :\n\nThe remote host is vulnerable to a Script Injection attack.\n\nAccording to its 

banner, the version of PHP Advanced Transfer Manager installed on the remote host allows 

authenticated users to upload arbitrary files and then run them subject to the privileges of 

the web\nserver user. 


CVE-2005-1681 



MEDIUM 


Description: The remote host is running a version of Mac OS X 10.4 that is older than 10.4.2 : \n %L 


CVE-2005-1473 

Qualcomm Qpopper < 4.0.5 Multiple Local Privilege Escalation 


Description: Synopsis :\n\nThe remote host is vulnerable to a local privilege escalation flaw.\n\nThe 

remote host is running Qpopper, a POP3 mail server for Unix-type systems.\nThis version 

of Qpopper is vulnerable to multiple local configuration flaws.\nA local attacker exploiting 

these flaws would be able to elevate privileges\non the Qpopper system. 


CVE-2005-1152 

Delegate Compressed DNS Packet Remote DoS 



RISK: 

MEDIUM 



remote host is running the Delegate DNS Service. This version of Delegate is vulnerable to 

a remote Denial of Service flaw. An attacker exploiting this flaw would send a malformed 

DNS query to the host. Successful exploitation would result in the loss of availability. 



CVE-2005-4794 

MaxWebPortal password.asp memKey Parameter SQL Injection 


Description: Synopsis :\n\nThe remote host is vulnerable to a SQL Injection attack.\n\nMaxWebPortal is 

a web portal that utilizes a backend SQL or MySQL database.\nThis version of 

MaxWebPortal is vulnerable to a SQL Injection flaw.\n\nAn attacker exploiting this flaw 

would only need to be able to send HTTP\nqueries to the remote application. A successful 

attack would give the attacker\nthe ability to read and write database data as well as 

potentially execute\narbitrary remote commands on the database server. 

Solution: Upgrade to a version 1.360, 2.000 or higher. 

CVE-2005-1779 

GNU Mailutils Multiple IMAP Vulnerabilities 



running GNU Mailutils, an open source package that includes tools for running and 

managing a mail server. This version of GNU Mailutils is vulnerable to several remote 

buffer overflows. An attacker exploiting these flaws will be able to execute arbitrary code. 


CVE-2005-1523 

GNU Mailutils Multiple POP Vulnerabilities 



is running GNU Mailutils, an open source package that includes tools for running and 

managing a mail server. This version of GNU Mailutils is vulnerable to several remote 

buffer overflows. An attacker exploiting these flaws will be able to execute arbitrary code 



Apache htpasswd Overflow 



RISK: 

MEDIUM 



Description: Synopsis :\n\nThe remote web server could potentially allow remote attackers to 

manipulate the password database.\n\nThe remote host appears to be running a version of 

Apache, an open source web server. This version of Apache is vulnerable to a flaw in the 

'htpasswd' utility. This issue is not considered a local flaw, as the program is not run setuid. 

An attacker exploiting this flaw would need to find a vulnerable Apache Web server that 

was making a call to 'htpasswd' via a CGI script. 



Hummingbird Inetd Multiple Remote Overflows 



running Hummingbird Inetd, a commercial INETD server. This version of Inetd is 

vulnerable to a remote overflow in the lpd service module. An attacker exploiting this flaw 

would be able to execute arbitrary code on the remote system. NOTE: this is only a flaw if 

the lpd module is enabled. In addition, the remote ftpd module is vulnerable to a remote 

buffer overflow. An attacker exploiting this flaw would be able to execute arbitrary code on 

the remote system. 


CVE-2005-2599 

Invision Board < 2.0.5 Privilege Escalation / SQL Injection 


RISK: 

MEDIUM 




bulletin board system on the remote web server.\nThis version of Invision Board is 

vulnerable to a flaw in the way that it handles moving of users from one group to another 

group. It is reported that non-admin users can, when deleting a user account, optionally 

move the user into an administrative group.\nThis can allow users to elevate their rights to 

that of an administrator.\n\nIn addition to this, the remote version of this software is 

vulnerable to a SQL injection vulnerability that may allow an attacker to execute arbitrary 

SQL statements against the remote host. 


CVE-2006-0888 


PeerCast < 0.1212 URL Error Message Format String 



Description: Synopsis :\n\nThe remote host is vulnerable to a 'format string' flaw.\n\nThe remote host is 

running PeerCast, a streaming audio server. This version of PeerCast is vulnerable to a 

remote format string flaw within its HTTP server component. An attacker exploiting this 

flaw would be able to crash the server or execute arbitrary code on the remote system. 


CVE-2005-1806 

Exhibit Engine < 1.5 RC 5 list.php Multiple Parameter SQL Injection 


Description: The remote host is running Exhibit Engine, a web-based PHP application for sharing 

photos. This version of Exhibit Engine is vulnerable to a remote SQL injection flaw. An 

attacker exploiting this flaw would send a malformed HTTP query to the application. 

Successful exploitation would result in the attacker being able to read or write confidential 

data. In addition, the attacker may be able to execute arbitrary code on the remote database 

server. 

Solution: Upgrade to version 1.5 RC 5 or higher. 

CVE-2005-1875 

CROB FTP Server Multiple Command Remote Overflow DoS 


RISK: 

MEDIUM 



running the CROB FTP Server. This version of CROB is vulnerable to a remote 

stack-based overflow when sent a malformed RMD command. An attacker exploiting this 

flaw would be able to execute arbitrary code. In addition, there are also multiple 

heap-based overflows within many other FTP commands. 


CVE-2006-6558 

FlexCast < 2.0 Remote Overflow 



running FlexCast, a streaming audio and video server. This version of FlexCast is 

vulnerable to a remote buffer overflow. An attacker exploiting this flaw would be able to 

execute arbitrary code on the remote system. 




CVE-2005-1897 

Sawmill < 7.1.6 Multiple Vulnerabilities 



remote host is running Sawmill, an application for analyzing web logs. Sawmill 

typically is viewed via a web front-end and works off of a MySQL server. This 

version of Sawmill is vulnerable to multiple remote flaws. While some of the flaws 

have not yet been fully disclosed, it is believed that the flaws will lead to either 

privilege escalation or Cross-Site Scripting (XSS). An attacker exploiting these 

flaws would either require credentials or require that a user browse to a malicious 

URI. 


CVE-2005-1900 

KAME/racoon VPN Detection 


Description: The remote host is running a KAME Racoon VPN Server.\n\nA VPN (Virtual Private 








Microsoft Windows 2000 VPN Detection 


Description: The remote host is running the Microsoft Windows 2000 VPN Server.\n\nA VPN (Virtual 

Private Network) allows remote users to connect to an\ninternal network as if they were 

local users. A VPN that allows\nsplit-tunneling will essentially serve as a bridge between 

the remote\nnetwork and the internal network. Special care should be taken to\nensure that 





Netscreen VPN Detection 




Description: The remote host is running the Netscreen VPN Server.\n\nA VPN (Virtual Private 








OpenPGP VPN Detection 


Description: The remote host is running the OpenPGP VPN Server.\n\nA VPN (Virtual Private 








SafeNet SoftRemote VPN Detection 


Description: The remote host is running the SafeNet SoftRemote VPN Server.\n\nA VPN (Virtual 

Private Network) allows remote users to connect to an internal network as if they were 

local users. A VPN that allows split-tunneling will essentially serve as a bridge between the 

remote network and the internal network. Special care should be taken to ensure that 

remote VPN clients connect securely and do not introduce an unacceptable level of risk to 




AVG AntiVirus Version Detection 



Description: The remote host is running AVG anti-virus %L 

Solution: Ensure that all clients are configured for automatic updates. 



AOL Instant Messenger Remote Malformed GIF DoS 



remote host is running AOL Instant Messenger (AIM). Versions 5.9.3797 and lower are 

reported vulnerable to a remote Denial of Service (DoS) attack. An attacker exploiting this 

flaw would only need to be able to initiate an GIF image exchange with a vulnerable AOL 

IM client. Successful exploitation would result in the Instant Messenger client crashing. 


CVE-2005-1891 

GoodTech < 5.15 SMTP RCPT TO: Single Character DoS 


RISK: 

MEDIUM 



remote host is running the GoodTech SMTP server. This version of Goodtech is vulnerable 

to a remote Denial of Service (DoS) attack. An attacker sending a single character as an 

argument to the 'RCPT TO:' value, will cause the server to crash. 


CVE-2005-1013 



MEDIUM 


Description: The remote host is running Mac OS 10.4.1. It should run 10.4.2 to be up-to-date. 



Leafnode < 1.11.3 TCP Timeout DoS 



RISK: 

MEDIUM 



remote host is running the LeafNode NNTP server. The version of LeafNode that is 

installed is vulnerable to a remote Denial of Service (DoS) attack. When an upstream 

NNTP server requests a header and then allows the connection to time out, the LeafNode 


NNTP server fails. Successful exploitation would result in a loss of availability. 


CVE-2005-1911 



RISK: 

MEDIUM 



remote host appears to be running Gaim, a popular open-source, multi-protocol instant 

messenger. It is reported that this version of Gaim is vulnerable to several remote flaws. 

Namely\n\n1) A Gaim client downloading a non-Ascii support file will crash when 

processing the file\n2) The Gaim MSN Messenger module, when processing a malformed 

message, will crash.\n\nBoth of these vulnerabilities are Denial of Service (DoS) attacks 

that introduce a risk to availability. 

Solution: Update to version 1.3.1 or higher. 

CVE-2005-1269 

Outlook Express NNTP LIST Command Remote Overflow 



running Outlook Express. This version of Outlook Express is vulnerable to a buffer 

overflow when malformed NNTP responses are parsed by versions of msoe.dll prior to 

6.00.2800.1506. An attacker exploiting this flaw would need to host a malicious NNTP 

server and be able to convince a local Outlook user to connect to the NNTP server. 

Successful exploitation would result in arbitrary code being executed on the machine 

running Outlook Express. 


CVE-2005-1213 

Outlook Web Access with Exchange 5.5 SP4 XSS 



RISK: 

MEDIUM 



remote server is running Outlook Web Access (OWA) on Exchange %L\n\nThis version of 

OWA, coupled with Exchange 5.5 SP4, is reported to be vulnerable to a remote Cross-Site 

Scripting (XSS) flaw. An attacker exploiting this flaw would typically need to be able to 

convince a user to browse to a malicious URI. Successful exploitation would result in 

arbitrary code executing in the client browser and possible theft of confidential data (such 

as authentication cookies). 



CVE-2005-0563 

Opera Multiple Injection Vulnerabilities 


RISK: 

MEDIUM 



host is using a version of Opera that is prone to a security flaw where a malicious attacker 

can inject malicious data into a URI. Such an attack would require that the attacker be able 

to convince an Opera user to browse to a malicious URI. Successful exploitation would 

result in the attacker gaining access to confidential data (such as authentication cookies) or 

executing code within the browser. 


CVE-2003-1420 



RISK: 

MEDIUM 



is running SquirrelMail, a webmail system written in PHP.\nThe version of SquirrelMail 

installed on the remote host is prone to multiple flaws :\n - Multiple Cross-Site Scripting 

Vulnerabilities. Using a specially-crafted URL or email message, an attacker may be able 

to exploit these flaws, stealing cookie-based session identifiers and thereby hijacking 

SquirrelMail sessions.\n - Post Variable Handling Vulnerabilities - Using specially-crafted 

POST requests, an attacker may be able to set random variables in the file 

'options_identities.php', which could lead to accessing other users' preferences, cross-site 

scripting attacks, and writing to arbitrary files.\n 


CVE-2005-1769 

Ultimate PHP Board < 1.9.7 Multiple XSS 



Description: The remote host is running Ultimate PHP Board, a message board written \nin PHP. 

Versions of Ultimate less than 1.9.7 are vulnerable to\nmultiple Cross-Site Scripting (XSS) 

flaws. An attacker \nexploiting these flaws would typically need to be able to convince a 

user\nto browse to a malicious URI. Successful exploitation would result\nin arbitrary code 

executing in the client browser and possible theft of\nconfidential data (such as 




CVE-2005-2004 

HTTP Plaintext Password Authentication 


Description: Synopsis :\n\nThe remote host passes information across the network in an 

insecure manner.\n\nThe remote client sent an HTTP auth request in cleartext. The 

base64-encoded password it used was:\n\n %L 

realtime 

Solution: Use SSL or a stronger authentication mechanism. 


YAWS < 1.56 Script File Source Code Disclosure 


RISK: 

MEDIUM 



sensitive files.\n\nThe remote host is running YAWS, a web server. This version of YAWS 

is vulnerable to a NULL byte script file source code disclosure bug. An attacker appending 

a '%00' to the end of a request can download source code.\n\nThe remote host is running 

%L 


CVE-2005-2008 

Razor-agents < 2.72 Multiple DoS 


RISK: 

MEDIUM 



remote host is running the razor-agent, a distributed client that connects to the razor spam 

detection and filtering network. This version of Razor-agent is vulnerable to a remote 

Denial of Service (DoS) attack via a malformed query. The details of the attack vectors are 

not currently known 


CVE-2005-2024 


JBoss Malformed HTTP Request Remote Configuration Information Disclosure 



RISK: 

MEDIUM 


attacks.\n\nThe remote JBoss server is vulnerable to an information disclosure flaw that 

may allow an attacker to retrieve the physical path of the server installation, its security 

policy, or to guess its exact version number.\nAn attacker may use this flaw to gain more 

information about the remote configuration. 

Solution: Upgrade to JBoss 3.2.8, 4.0.3 or higher. 

ZenWorks Detection 

CVE-2005-2006 


Description: The remote host is running ZenWorks, a remote management interface from Novell. 

Solution: N/A 


Cisco VPN Concentrator Group Name Enumeration 


RISK: 

MEDIUM 



attacks.\n\nThe remote VPN concentrator is subject to an information disclosure flaw.\nAn 

attacker connecting in Agressive mode can determine whether a remote Cisco group is 

defined. This can allow the attacker the ability to garner information useful in future brute 

force attacks. 

Solution: http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3000/4_7/471con3k.htm 

CVE-2005-2025 

MercuryBoard User-Agent HTTP Header SQL Injection 



RISK: 

MEDIUM 



is running MercuryBoard, a web-based message board written in PHP. This version of 

MercuryBoard is vulnerable to a remote SQL Injection flaw.\nAn attacker exploiting this 

flaw would send a malformed HTTP query to the application. Successful exploitation 

would result in the attacker being able to read or write confidential data. In addition, the 

attacker may be able to execute arbitrary code on the remote database server. 



Raxnet Cacti Detection 

CVE-2005-2028 


RISK: 

MEDIUM 



attacks.\n\nThe remote host is running Cacti, a web frontend to RRDTool. Cacti allows 

administrators to view network graphs, utilization, architecture, and more. An attacker 

happening upon an instance of Cacti would gain information useful in future attacks. 



i-Gallery Traversal File Access / XSS 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a Directory Traversal flaw.\n\nThe remote 

host is running i-Gallery, a web-based photo gallery.\nThis version of i-Gallery is 

vulnerable to multiple flaws. Most importantly, the application is vulnerable to a directory 

traversal flaw. An attacker exploiting this flaw would only need to be able to send '../' 

HTTP requests to the vulnerable system. A successful attack would result in the attacker 

being able to download confidential files (such as password data). 


CVE-2005-2033 

IpSwitch WhatsUp < 2005 SP 1A Login.asp Multiple Parameter SQL Injection 


RISK: 

MEDIUM 



is running the IpSwitch WhatsUp application, a tool for managing network hosts. This 

version of IpSwitch WhatsUp is vulnerable to a remote SQL Injection flaw.\nThe login.asp 

script fails to parse out SQL-reserved characters and would allow a remote attacker to read 

or write data as well as potentially execute arbitrary code on the remote database 

Solution: Upgrade to version 2005 SP 1A or higher. 

CVE-2005-1250 

Simple Machines Forum < 1.0.5 SQL Injection 





is running the Simple Machines Forum (SMF), a web forum. This version of SMF is 

vulnerable to a remote SQL Injection flaw. The application fails to properly parse out 

SQL-reserved characters passed to the 'msg' parameter. This would allow a remote attacker 

to read or write data as well as potentially execute arbitrary code on the remote database. 



Sendmail < 8.13.4 Multiple Vulnerabilities 



Sendmail server is running a version of Sendmail that is less than 8.13.4. There have been 

many flaws in versions prior to 8.13.4. 



RealPlayer < 6.0.12.1212 vidplin.dll Crafted AVI Overflow 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nThe remote Windows 

host has RealPlayer software installed. There is a flaw in this version of the software that 

would allow an attacker to execute arbitrary code. An attacker exploiting this flaw would 

need to be able to convince a user to download and play a malicious media file. Upon 

execution, a local content-parsing bug would be triggered, enabling a local heap overflow 

and code execution. 


CVE-2005-1766 

Metasploit Framework Engine Detection 



Description: The remote server is running a Metasploit Framework server. Metasploit allows users to 

automatically exploit and backdoor vulnerable applications via the network. The fact that 

there is one running on your network is indicative of a penetration testing team or an 

individual potentially exploiting weaknesses on the network.\nFor your information, the 

remote server is running:\n\n %L 

Solution: Ensure that this server is sanctioned by policy and guidelines regarding acceptable 




UBB.threads < 6.5.2 Beta 2 XSS / SQL Injection 



is running a version of UBB.threads that fails to correctly parse multiple PHP scripts. A 

remote attacker can send malformed HTTP requests that, when processed, forces the 

UBB.threads server to execute arbitrary database commands or inject malicious code into 

user browsers.\nAs a result, a remote attacker can pass malicious input to database queries, 

potentially resulting in data exposure, modification of the query logic, or even data 

modification or attacks against the database itself. 

Solution: Upgrade to version 6.5.2 Beta 2 or higher. 

CVE-2006-5136 

ClamAV < 0.86.1 Content-parsing DoS 



remote host is running ClamAV, an open-source antivirus solution for Unix-like 

systems.\nThis version of ClamAV is reported to be vulnerable to a flaw where the parsing 

of a malicious file will cause the ClamAV process to crash. An attacker exploiting this flaw 

would need to be able to send a specially formed email to the system running ClamAV. 

Successful exploitation would result in loss of service. The installed version of ClamAV is: 

\n %L 


CVE-2005-1923 

True North eMailServer < 5.3.4 Build 2019 LIST Command Remote DoS 



remote host is running the True North eMailServer.\nThis version of eMailServer is 

vulnerable to a content-parsing flaw where a malformed IMAP request can cause the server 

to fail. An attacker exploiting this flaw would be able to disable the service remotely. 

Solution: Upgrade to version 5.3.4 Build 2019 or higher. 

POP Banner Detection 

CVE-2005-2083 



PVS ID: 3035 FAMILY: POP Server RISK: NONE NESSUS ID:Not Available 

Description: A POP server is running on this port. Its banner is :\n %L 

Solution: N/A 


True North eMailServer < 5.3.4 Build 2019 LIST Command Remote DoS 


RISK: 

MEDIUM 



remote host is running the True North eMailServer.\nThis version of eMailServer is 

vulnerable to a content-parsing flaw where a malformed IMAP request can cause the server 

to fail. An attacker exploiting this flaw would be able to disable the service remotely. 


CVE-2005-2083 

PHP-Fusion < 6.00.106 submit.php Multiple Parameter HTML Injection 


RISK: 

MEDIUM 



host is running a version of PHP-Fusion that is vulnerable to an HTML injection flaw. 

Specifically, the submit.php script fails to properly sanitize input data via the 'news_body', 

'article_description', and 'user_pass' parameters. An attacker exploiting this flaw would 

typically need to be able to convince a remote user to browse to a malicious URI. A 

successful attack would yield potentially confidential data (cookies, credentials) as well as 

potentially execute malicious code within the context of the vulnerable server. 


CVE-2005-2074 


phpBB < 2.0.16 viewtopic.php Arbitrary Code Execution 



is running phpBB, a web-based forum application written in PHP. There is a flaw in this 

version of phpBB that will allow remote attackers to inject arbitrary code into the 

'viewtopic.php' script. An attacker exploiting this flaw would only need to be able to send 

an HTTP request to the vulnerable script. Successful execution would result in the attacker 

executing code with the permissions of the webserver. 



CVE-2005-2086 

Inframail SMTP Server < 7.12 MAIL FROM Command Remote Overflow 



running the SMTP server component of Inframail, a commercial suite of network servers 

from Infradig Systems.\n\nThe installed version of Inframail suffers from a buffer overflow 

vulnerability that arises when the SMTP server component processes a MAIL FROM 

command with an excessively long argument (around 40960 bytes). Successful exploitation 

will cause the service to crash and may allow arbitrary code execution. 

Solution: Upgrade to version 7.12 or greater. 

CVE-2005-2085 

Inframail FTP Server < 7.12 NLST Command Remote Overflow 



running the FTP server component of Inframail, a commercial suite of network servers 

from Infradig Systems.\n\nThe installed version of Inframail suffers from a buffer overflow 

vulnerability that arises when the FTP server component processes an NLST command 

with an excessively long argument (around 102400 bytes). Successful exploitation will 

cause the service to crash and may allow arbitrary code execution. 


CVE-2005-2085 

Xoops < 2.0.12 Multiple XSS / SQL Injection 



Xoops installed on the remote host is prone to several vulnerabilities :\n\n- A SQL Injection 

Vulnerability\nThe bundled XMLRPC server fails to sanitize user-supplied input to the 

'xmlrpc.php' script. An attacker can exploit this flaw to launch SQL injection attacks that 

may lead to authentication bypass, disclosure of sensitive information, attacks against the 

underlying database, and more.\n\n- Multiple Cross-Site Scripting Vulnerabilities\nAn 

attacker can pass arbitrary HTML and script code through the 'order' and 'cid' parameters of 

the 'modules/newbb/edit.php' 'modules/repository/comment_edit.php' scripts respectively, 

which could result in disclosure of administrative session cookies. 




CVE-2005-2112 

Apache HTTP Request Parsing HTML Injection 


Description: Synopsis :\n\nThe remote host is vulnerable to a flaw in the way that it parses HTTP 

requests.\n\nThe remote host appears to be running a version of Apache, an open source 

web server. This version of Apache is vulnerable to a flaw in the way that it handles 

malformed HTTP requests. An attacker exploiting this flaw would be able to possibly 

corrupt cache memory or inject HTML requests to a vulnerable Apache server. The 

vulnerability stems from a non-conformance to RFC 2616 that states that HTTP requests 

must not include both a 'Content-Length' and 'Transfer-Encoding' field. 


CVE-2005-3705 

Tectia SSH Server < 4.3.2 Local Key Disclosure 



sensitive files or data.\n\nThe remote host is running the Tectia SSH Server on Microsoft 

Windows. This version of Tectia is vulnerable to a local attack where Tectia does not 

properly protect locally stored keys. A local user exploiting this flaw would be able to 

retrieve keys and exploit trust relationships. 


Prevx Pro 2005 < 




authentication.\n\nThe remote host is running Prevx Pro 2005, an intrusion protection 

system for Windows.\n\nThe installed version of Prevx Pro 2005 reportedly suffers from 

multiple vulnerabilities that allow local attackers to bypass the application's security 

features. For your information, the version of Prevx Pro is:\n\n%L 


CVE-2005-2144 


Golden FTP Server < 2.7.0 Multiple Vulnerabilities 




is running the Golden FTP Server, an FTP server for the Windows platform. This version 

of Golden FTP is vulnerable to a number of different flaws. An attacker exploiting these 

flaws would be able to either execute arbitrary code or cause the application to fail. 


CVE-2005-4553 

osTicket < 1.3.1 Multiple Vulnerabilities 


RISK: 

MEDIUM 



osTicket installed on the remote host suffers from several vulnerabilities, including:\n\n- A 

Local File Include Vulnerability\nThe application fails to sanitize user-supplied input to the 

'inc' parameter in the 'view.php' script. After authentication, an attacker can exploit this 

flaw to run arbitrary PHP code found in files on the remote host provided PHP's 

'register_globals' setting is enabled.\n\n- A SQL Injection Vulnerability\nAn authenticated 

attacker can affect SQL queries via POST queries due to a failure of the application to filter 

input to the 'ticket' variable in the 'class.ticket.php' code library. 


CVE-2005-1439 

PHPNews < 1.2.6 news.php prevnext Parameter SQL Injection 



is running PHPNews, an open-source news application written in PHP. The installed 

version of PHPNews is prone to a SQL injection attack due to its failure to sanitize 

user-supplied input via the 'prevnext' parameter of the 'news.php' script. An attacker can 

exploit this flaw to affect database queries, possibly revealing sensitive information, 

launching attacks against the underlying database, and more. 


CVE-2005-2156 


Courier Mail Server < 0.50.1 SPF Data Lookup Remote DoS 



remote host is running Courier Mail Server, an open source mail server for Linux and Unix. 

The installed version of Courier is prone to a remote denial of service vulnerability 

associated with Sender Policy Framework (SPF) data lookups. To exploit this flaw, an 

attacker would need to control a DNS server and return malicious SPF records in response 


to queries from the affected application. 


CVE-2005-2151 

phpPgAdmin < 3.5.4 index.php formLanguage Parameter Traversal Arbitrary File Access 


RISK: 

MEDIUM 



sensitive files or data.\n\nThe remote host is running phpPgAdmin, a web-based 

PostgreSQL administrative interface. This version of phpPgAdmin is vulnerable to a flaw 

via the Login form. Specifically, a malformed 'formLanguage' directive can be used to 

retrieve sensitive files (such as /etc/passwd or other critical configuration files). 


CVE-2005-2256 

Geeklog < 1.3.12 comment.php order Parameter SQL Injection 



attack.\n\nThe remote host is running Geeklog, an open-source weblog powered by PHP 

and MySQL. The installed version of Geeklog suffers from a SQL injection vulnerability 

due to the application's failure to sanitize user-supplied input via the 'order' parameter of the 

'comment.php' script. By leveraging this flaw, an attacker may be able to recover sensitive 

information, such as password hashes, launch attacks against the underlying database, and 

more. 


CVE-2006-0824 

phpBB < 2.0.17 Nested BBCode URL Tags XSS 



attack.\n\nAccording to its banner, the remote host is running a version of phpBB that fails 

to sanitize BBCode containing nested URL tags, which enables attackers to cause arbitrary 

HTML and script code to be executed in a user's browser within the context of the affected 

site. 


CVE-2005-2161 



Lotus Notes < 6.5.5 Web Mail Attachment HTML Injection 


RISK: 

MEDIUM 



is running the Lotus Notes email client. Lotus Notes client versions 6.5.4 and earlier could 

allow a remote attacker to inject HTML and JavaScript into email messages. An attacker 

exploiting this flaw would only need to send a malicious email to a Lotus Notes recipient. 

Successful exploitation would result in potentially malicious code executing with the user's 

privileges. 



Drupal Public Comment PHP Code Injection 



is running Drupal, a content management system. This version of Drupal is vulnerable to a 

flaw in the way that it handles user-supplied 'comments'. Specifically, an attacker can 

embed PHP script code within a comment that would then be executed by the remote 

webserver. An attacker exploiting this flaw would only need to post a specially formatted 

comment via the Drupal web interface. 


Comersus Cart < 

CVE-2005-2106 


Description: Synopsis :\n\nThe remote host is vulnerable to multiple attack vectors.\n\nThe installed 

version of Comersus Cart on the remote host suffers from multiple SQL injection and 

cross-site scripting flaws due to its failure to sanitize user-supplied input. Attackers may be 

able to exploit these flaws to influence database queries or cause arbitrary HTML and script 

code to be executed in users' browsers within the context of the affected site. 


CVE-2005-2190 

PHPAUCTION Multiple Vulnerabilities 





attack.\n\nThe remote host is running PHPAUCTION, a web-based auction portal. This 

version of PHPAUCTION is vulnerable to multiple injection flaws. The application fails to 

properly sanitize user input and, consequently, is prone to remote attacks. The attacks 

include HTML injection as well as SQL injection. An attacker exploiting these flaws would 

only need to be able to send malformed HTTP requests to the application. Successful 

exploitation would result in possible database compromise or arbitrary code being executed 

either on the server or within an unsuspecting user's browser. 


CVE-2005-2255 

Jinzora < 2.1 Multiple Scripts include_path Parameter Remote File Inclusion 


RISK: 

MEDIUM 


Description: Synopsis :\n\nAttackers may be able to view or execute arbitrary PHP code.\n\nThe remote 

host is running Jinzora, a web-based media streaming and management system written in 

PHP. The installed version of Jinzora allows remote attackers to control the 'include_path' 

variable used when including PHP code in several of the application's scripts. By 

leveraging this flaw, an attacker may be able to view arbitrary files on the remote host and 

execute arbitrary PHP code, possibly taken from third-party hosts. 


CVE-2005-2249 

Apache Webserver Valid Banner Check 


Description: Ensure some level of integrity for the web banners being presented. 

Solution: N/A 



punBB < 1.2.6 profile.php $temp Parameter SQL Injection 




punBB ( %L ) is vulnerable to a remote SQL Injection attack. Due to a content-parsing 

flaw, attackers can inject SQL commands into the 'change_email' parameter of the 

profile.php script. An attacker exploiting this flaw would only need to be able to send 

HTTP requests to the application. Successful exploitation would result in the attacker 

having the ability to read or write to the database. In addition, the attacker may be able to 

execute arbitrary commands on the remote system. 



CVE-2005-2193 

SSH Valid Banner Check 

PVS ID: 3059 FAMILY: SSH RISK: INFO NESSUS ID:Not Available 

Description: Ensure some level of integrity for the SSH banners being presented. 

Solution: N/A 


Bugzilla < 2.18.2 / 2.20rc1 Multiple Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to an flaw in the way that it discloses private 

information.\n\nThe remote host is running Bugzilla, a bug-tracking software with a web 

interface. This version of Bugzilla on the remote host suffers from two information 

disclosure vulnerabilities:\n\n - Any user can change any flag on a bug, even if they don't 

otherwise have access to the bug or rights to make changes to it.\n\n - A private bug 

summary may be visible to users if MySQL replication is used on the backend database. 

Solution: Upgrade to Bugzilla 2.18.2 / 2.20rc1 or higher. 


PPA functions.inc.php ppa_root_path Parameter Remote File Inclusion 



is running PPA, a photo album application written in PHP.\nThere is a flaw in the remote 

version of this software that may allow an attacker to force the remote PHP script to 

include arbitrary files hosted on a third-party server. Therefore, an attacker can exploit this 

flaw to execute arbitrary PHP code on the remote host. 


CVE-2005-2199 

Outlook Express Multiple DoS 



RISK: 

MEDIUM 




remote host runs a version of Outlook Express that contains multiple vulnerabilities.\nAn 

attacker may exploit these vulnerabilities to disable the Outlook Express client of a 

victim.\n\nTo exploit this flaw, an attacker would need to send a malformed e-mail 

message to a victim and wait for him to read it using Outlook Express. 


CVE-2005-2226 

Moodle < 1.5.1 Unspecified Vulnerability 



remote host is running version 1.5.0 of the Moodle suite, an open-source course 

management system written in PHP.\nThe remote version of this software is vulnerable to 

an undisclosed flaw that may affect the confidentiality or integrity of the remote host. 

Solution: Upgrade to Moodle 1.5.1 or higher. 

CVE-2005-2247 

Mac OS X < 10.4.2 Multiple Vulnerabilities 


MEDIUM 



is running a version of Mac OS X 10.4 that is older than version 10.4.2.\n Mac OS X 10.4.2 

contains several security fixes for :\n - TCP/IP\n - Dashboard\n 


CVE-2005-1333 




Solution: N/A 






Description: Synopsis : \n\nThe remote host is vulnerable to multiple attack vectors.\n\nThee remote 

host is using Firefox.\n The remote version of this software contains various security issues 

that may allow an attacker to execute arbitrary code on the remote host. The reported 

browser version (as seen on the network) is: \n %L \n\n 


CVE-2004-0718 



Description: Synopsis : \n\nThe remote host is vulnerable to a multiple attack vectors.\n\nThe remote 

host is using Mozilla. The remote version of this software contains various security issues 

that may allow an attacker to execute arbitrary code on the remote host. The reported 

browser version (as seen on the network) is: \n %L 


CVE-2004-0718 

MailEnable IMAP STATUS Command Remote Overflow 



running a version of MailEnable's IMAP service that is prone to a buffer overflow 

vulnerability triggered when processing a STATUS command with a long mailbox name. 

Once authenticated, an attacker can exploit this flaw to execute arbitrary code subject to the 

privileges of the affected application. 

Solution: Upgrade to MailEnable Professional 1.6 or higher or to MailEnable Enterprise Edition 1.1 

or higher. 

CVE-2005-2278 

Nullsoft Winamp < 5.093 Malformed ID3v2 Tag Overflow 



using Winamp, a popular media player with support for playing MP3s, WAVs, and more.\n 

The installed version of Winamp suffers from a buffer overflow vulnerability when 

processing overly-long ID3v2 tags in an MP3 file. An attacker may be able to exploit this 

flaw to execute arbitrary code on the remote host. 


CVE-2005-2310 



Skype Temporary File Arbitrary File Overwrite 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a local flaw in the way that it protects data 

files.\n\nThe remote host is using Skype, a peer to peer chat and VoIP software. The remote 

version of this software contains a security issue that may allow a local attacker to 

overwrite sensitive data files. Successful exploitation would result in loss of confidential 

data or possibly a Denial of Service (DoS). 

Solution: Upgrade to a version higher than 1.1.0.20. 


SSH IPSEC Express 1.1.0 VPN Detection 


Description: The remote host is running the IPSEC Express 1.1.0 VPN Server.\nA VPN (Virtual Private 

Network) allows remote users to connect to an internal network as if they were local users. 

A VPN that allows split-tunneling will essentially serve as a bridge between the remote 

network and the internal network. Special care should be taken to ensure that remote VPN 

clients connect securely and do not introduce an unacceptable level of risk to the internal 
























































































































































VP-ASP Multiple Script SQL Injection (2) 




attack.\n\nThe remote host is using the VP-ASP, a shopping cart program written in ASP. 

The remote version of this software is vulnerable to three SQL injection vulnerabilities in 

the files shopaddtocart.asp, shopaddtocartnodb.asp and shopproductselect.asp. An attacker 

may exploit these flaws to execute arbitrary SQL statements against the remote database. 




GroupWise WebAccess < 6.5 SP5 EMail IMG SRC XSS 


RISK: 

MEDIUM 



remote host is running a version of GroupWise WebAccess from Novell that fails to 

sanitize email messages of HTML and script code embedded in IMG tags. An attacker can 

exploit this flaw to launch cross-site scripting attacks against users of WebAccess by 

sending them specially crafted email messages. The version of the remote Novell 

Groupwise server is\n%L 


CVE-2005-2276 




using Firefox. The remote version of this software contains various security issues that may 

allow an attacker to execute arbitrary code on the remote host. The reported browser 

version (as seen on the network) is: \n %L 


CVE-2004-0718 

PHP-Fusion < 6.00.107 Multiple Vulnerabilities 



RISK: 

MEDIUM 



attack.\n\nAccording to its version number, the remote host is running a version of 

PHP-Fusion that suffers from multiple vulnerabilities. Namely:\n\nHTML Injection 

Vulnerability - An attacker can inject malicious CSS (Cascading Style Sheets) codes 

through [color] tags, thereby affecting how the site is rendered whenever users view 

specially-crafted posts.\n\nSQL Injection Vulnerability - The application fails to sanitize 

user-supplied input to the 'msg_view' parameter of the 'messages.php' script before using it 

in database queries. Exploitation requires that an attacker first authenticate. 



IRC Client Detection 

CVE-2005-2401 


Description: The remote host is running an IRC client. The IRC command that triggered this plugin was: 

\n %L 

Solution: N/A 


SlimFTPd < 3.17 Multiple Commands Remote Overflow 


Description: Synopsis : \n\nThe remote host is vulnerable to a buffer overflow.\n\nThe remote host 

seems to be running a vulnerable version of SlimFTPd, a small FTP server for Windows. It 

is reported that versions up to 3.16 are prone to buffer overflow vulnerability that may 

allow an attacker to execute arbitrary code on this host. A attacker needs a valid FTP 

account to exploit this vulnerability (to include anonymous access, if enabled).\n\nNOTE: 

The SlimFTPd hotfix does not change the version number from 3.16 to 3.17. The version 

number is: \n %L 


CVE-2004-2418 

CMSimple < 2.5 Beta 3 Search Function XSS 


Description: The remote host is running a version of CMSimple, a content management system. This 

version of CMSimple is vulnerable to a remote Cross-Site Scripting (XSS) attack. An 

attacker exploiting this flaw would typically need to be able to convince a user to browse to 

a malicious URI. Successful exploitation would result in arbitrary code executing in the 

client browser and possible theft of confidential data (such as authentication cookies). 

Solution: Upgrade to version 2.5 Beta 3 or higher. 

CVE-2005-2392 


PHPNews < 1.3.0 auth.php Multiple Field SQL Injection 



attack.\n\nThe remote host is running PHPNews, an open-source news application written 

in PHP. The installed version of PHPNews is prone to a SQL injection attack due to its 

failure to sanitize user-supplied input. An attacker can exploit this flaw to affect database 


queries, possibly revealing sensitive information, launching attacks against the underlying 

database, and the like. 


CVE-2005-2383 

Alt-N MDaemon < 8.0.4 IMAP Multiple Buffer Overflows 



running Alt-N MDaemon, a SMTP/IMAP server for the Windows operating system family. 

It is reported that versions up to and including 8.0.3 are prone to multiple buffer overflow 

vulnerabilities. An attacker may cause a denial of service or execute arbitrary code on the 

remote server. The attacker does not need credentials to exploit the flaw in 

CRAM-MD5/LOGIN authenticate method. 



GoodTech SMTP Server < 5.17 'RCPT TO' Command Remote Overflow 



running the GoodTech SMTP server. This version of GoodTech is vulnerable to a remote 

buffer overflow. An attacker exploiting this flaw would send a malformed 'RCPT TO' 

request to the SMTP server. Successful exploitation would result in the attacker running 

arbitrary code on the remote system. 


IRC Server Detection 

CVE-2005-2387 

PVS ID: 3107 FAMILY: IRC Servers RISK: INFO NESSUS ID:Not Available 

Description: The remote host is an IRC server. 

Solution: Ensure that such services are authorized for your network 



ClamAV < 0.86.2 Content-parsing Multiple Overflows 




running ClamAV, an open-source antivirus solution for Unix-like systems. This version of 

ClamAV is reported to be vulnerable to a flaw where the parsing of a malicious file will 

cause the clamav process to overflow system memory, possibly resulting in an attacker 

executing code. An attacker exploiting this flaw would need to be able to send a specially 

formed email to the system running ClamAV. 


CVE-2005-2450 

Hobbit Monitor < 4.1.0 Remote DoS 


RISK: 

MEDIUM 



remote host is running Hobbit Monitor, a web-based host/network monitoring software. 

This version of Hobbit Monitor is prone to a remote denial of service attack. An attacker 

sending a specially formatted string to the hobbitd process can force the software to crash. 



FtpLocate Multiple Scripts fsite Parameter Remote File Inclusion 



arbitrary commands\n\nThe remote host is running FtpLocate, a web search engine for FTP 

sites written in Perl.\n\nThe installed version of FtpLocate allows remote attackers to 

execute commands on the remote host by manipulating input to the 'fsite' parameter in 

various scripts. 


CVE-2005-2420 


Atomic Photo Album apa_phpinclude.inc.php apa_module_basedir Parameter Remote File Inclusion 



is running Atomic Photo Album, a free PHP-based photo gallery. The installed version of 

Atomic Photo Album allows remote attackers to control the 'apa_module_basedir' variable 

used when including PHP code in the 'apa_phpinclude.inc.php' script. By leveraging this 

flaw, an attacker may be able to view arbitrary files on the remote host and execute 

arbitrary PHP code, possibly taken from third-party hosts. 


Solution: Enable PHP's 'magic_quotes_gpc' setting and disable 'allow_url_fopen'. 

CVE-2005-2413 

Apache < 2.0.55 HTTP Smuggling Vulnerability 


Description: Synopsis :\n\nThe remote host is vulnerable to a remote SSL flaw.\n\nThe remote host 

appears to be running a version of Apache, an open source web server. This version of 

Apache is vulnerable to a flaw in the way that it handles mod_ssl CRL verification 

callback. In order for an attacker to exploit this flaw the attacker would need to find a 

server that was configured to use a malicious certificate revocation list (CRL). 


CVE-2005-2088 

ProFTPD < 1.3.0rc2 Multiple Format Strings 


RISK: 

MEDIUM 



is using ProFTPD, a free FTP server for Unix and Linux. According to its banner, the 

version of ProFTPD installed on the remote host suffers from multiple format string 

vulnerabilities, one involving the 'ftpshut' utility and the other in mod_sql's 'SQLShowInfo' 

directive. Exploitation of either requires involvement on the part of a site administrator and 

can lead to information disclosure, denial of service, and even a compromise of the affected 

system. According to the banner, the remote version of ProFTPD is: \n %L 

Solution: Upgrade to version 1.3.0rc2 or higher. 

CVE-2006-6563 

Lotus Domino Server Multiple Information Disclosure Vulnerabilities 


RISK: 

MEDIUM 



attacks.\n\nThe remote host is running a version of Lotus Domino Server that is prone to 

several information disclosure vulnerabilities. Specifically, users' password hashes and 

other data are included in hidden fields in the public address book 'names.nsf' that is 

readable by default by all users. Moreover, Domino does not use a 'salt' to compute 

password hashes, which makes it easier to crack passwords. 


CVE-2005-2428 



Generic Botnet Client Detection 


Description: Synopsis :\n\nThe remote host has been compromised and is running a 'backdoor' 

program.\n\nThe remote host appears to be running a machine that has been compromised 

and is being controlled by a botnet. A botnet is a network of compromised computers that 

are remotely controlled by a malicious bot administrator. Botnets are commonly used 

for\nsending spam\nrunning Denial of Service (DoS) attacks against other 

networks\nscanning and compromising new systems\nInstalling sniffers\nInstalling 

keyloggers\nIdentify theft 

realtime 

Solution: Manually inspect the machine for malicious processes. In addition, you may wish to 

consider installing security software that detects and blocks this sort of malicious software. 


Generic Botnet Server Detection (Web Admin) 









realtime 






Description: Synopsis :\n\nThe remote host has a backdoor installed.\n\nThe remote host appears to be 

running a machine that has been compromised and is being controlled by a botnet. A botnet 

is a network of compromised computers that are remotely controlled by a malicious bot 

administrator. Botnets are commonly used for\nsending spam\nrunning Denial of Service 

(DoS) attacks against other networks\nscanning and compromising new systems\nInstalling 

sniffers\nInstalling keyloggers\nIdentify theft 

realtime 















realtime 












keyloggers\nIdentify theft\nThe observed command was '%P'\n 

realtime 















realtime 












keyloggers\nIdentify theft\nThe observed command was '%L'\n 

realtime 













realtime 















realtime 













realtime 













realtime 















realtime 













realtime 















realtime 












keyloggers\nIdentify theft \nThe observed command was '%L' 

realtime 












keyloggers\nIdentify thefft\nThe observed command was '%P'\n 

realtime 















realtime 













realtime 












keyloggers\nIdentify theft\nThe observed command was '%L'\n 

realtime 






Generic Botnet Server Detection 



program.\n\nThe remote host appears to be running a machine that is being used to control 

a botnet. A botnet is a network of compromised computers that are remotely controlled by a 

malicious bot administrator. Botnets are commonly used for\nsending spam\nrunning 

Denial of Service (DoS) attacks against other networks\nscanning and compromising new 

systems\nInstalling sniffers\nInstalling keyloggers\nIdentify theft\nThe observed command 

was '%L'\n 

realtime 












was '%L'\n 

realtime 














was '%L'\n 

realtime 












was '%L'\n 

realtime 












was '%L'\n 

realtime 














was '%L'\n 

realtime 












was '%L'\n 

realtime 












was '%L'\n 

realtime 














was '%L'\n 

realtime 












was '%L'\n 

realtime 














was '%L'\n 

realtime 












was '%L'\n 

realtime 












was '%L'\n 

realtime 














was '%L'\n 

realtime 












was '%L'\n 

realtime 












was '%L'\n 

realtime 















realtime 




MDaemon < 8.1.0 Content Filter Traversal Arbitrary File Overwrite 



host is running Alt-N MDaemon, an SMTP/IMAP server for Windows. According to its 

banner, the version of MDaemon on the remote host is prone to a directory traversal flaw 

that can be exploited to overwrite files outside the application's quarantine directory 

provided MDaemon's attachment quarantine feature is enabled. 



PHPList admin/index.php id Parameter SQL Injection 



attack.\n\nThe remote host is running PHPList. PHPList is a PHP application that gathers 

handles mailing and customer lists. This version is reported to be prone to a SQL Injection 

flaw. An attacker exploiting this flaw would be able to read the database, manipulate the 

database, and possibly run commands with the privileges of the web server. 




CVE-2005-2432 

Opera Multiple Injection Vulnerabilities 



remote host is using a version of Opera that is vulnerable to a download dialog spoofing 

flaw. Specifically, a malicious web site operator can create downloadable files that, upon 

download, appear to be innocent. For example, the user may think that they are 

downloading and opening a text file when in fact they are running an executable. 


CVE-2005-2406 

MetaSploit < 2.4-current Unspecified Vulnerability 


RISK: 

MEDIUM 



remote server is running a MetaSploit Framework server. Metasploit allows users to 

automatically exploit and backdoor vulnerable applications via the network. This version of 

MetaSploit is reported vulnerable to an unspecified issue. 

Solution: Upgrade to version 2.4-current or higher. 

CVE-2005-2482 

BusinessMail SMTP < 4.7 Multiple Command Remote Overflows 



host is running a version of BusinessMail that fails to sanitize user-supplied SMTP input. 

An attacker exploiting this flaw would be able to potentially execute malicious code on the 

remote server. 


CVE-2005-2472 

NetworkActiv < 3.5.14 Multiple Parameter XSS 



Description: The remote host is running NetworkActiv, a web server. This version of NetworkActiv is 

vulnerable to a remote Cross-Site Scripting (XSS) attack. An attacker exploiting this flaw 

would typically need to convince a user to browse to a malicious URI. Success exploitation 

would result in the theft of confidential materials (such as authentication cookies). 



CVE-2005-2453 

FlatNuke < 2.5.6 Multiple XSS 


Description: The remote host is running FlatNuke, an open-source content management system. The 

remote version of this software is prone to a XSS vulnerability. An attacker exploiting this 

flaw would typically need to convince a user to browse to a malicious URI. Success 

exploitation would result in the theft of confidential materials (such as authentication 

cookies). 


CVE-2005-2539 

MySQL User-Defined Function init_syms() Overflow 


RISK: 

MEDIUM 



version number, the installation of MySQL on the remote host may be prone to a buffer 

overflow when copying the name of a user-defined function into a stack-based buffer. With 

sufficient access to create a user-defined function, an attacker may be able to exploit this 

and execute arbitrary code within the context of the affected database server process. 

Solution: Upgrade to version 4.0.25 / 4.1.13 / 5.0.7-beta or higher. 

CVE-2005-2558 

Cisco NetFlow Agent Detection 


Description: The remote host is running a Cisco NetFlow Agent. NetFlow is a UDP protocol 

which sends sniffed traffic from a Cisco device to a Cisco collector device. By using 

NetFlow, companies do not need to deploy 'taps' or utilize span (or mirror) ports. 

Instead, the NetFlow agent bundles the sniffed traffic into a UDP packet and forwards 

to the collector. 

Solution: As the NetFlow traffic is passed in plaintext, ensure that NetFlow traffic does not 

traverse any untrusted networks. 






RISK: 

MEDIUM 



seems to be running Gaim, a popular open-source, multi-protocol instant messenger. It is 

reported that this version of Gaim is vulnerable to several remote flaws. An attacker 

exploiting these flaws would be able to create a Denial of Service (DoS) condition or 

possibly overflow system memory and execute arbitrary code. 


CVE-2005-2102 

Ximian Evolution < 2.3.7 Content-Parsing Multiple Vulnerabilities 



running a version of the Ximian Evolution email client that does not properly parse 

user-supplied data. A remote attacker can craft an email message such that, upon opening, 

Evolution crashes or executes arbitrary code. 


CVE-2005-2549 

WordPress < 1.5.1.4 cache_lastpostdate Parameter PHP Code Injection 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a script injection attack.\n\nThe installed 

version of WordPress on the remote host will accept and execute arbitrary PHP code passed 

to the 'cache_lastpostdate' parameter via cookies provided PHP's 'register_globals' setting is 

enabled. 

Solution: Upgrade to version 1.5.1.4 or disable PHP's 'register_globals' setting. 

CVE-2005-2612 

phpBB < 2.0.20 Multiple Vulnerabilities 




vectors.\n\nAccording to its banner, the remote host is running a version of 

phpBB that fails to sanitize BBCode '[IMG]' tags. This can enable an attacker to 

cause arbitrary HTML and script code to be executed in a user's browser within 

the context of the affected site. There is also a flaw in the way that phpBB 

deregisters its global variables. An attacker exploiting this flaw would be able to 

inject and execute PHP code, execute SQL Injection attacks, and more. 



Zotob Worm Infection 

CVE-2005-3420 


Description: Synopsis :\n\nThe remote host has a backdoor installed.\n\nA Microsoft Windows shell is 

running on port 8888. This may indicate an infection by the Zotob worm, although other 

worms may also create a shell on this host.\n\nThe remote host has been compromised. 

Solution: Manually inspect and repair this system. 





program.\n\nThe remote host is infected with the Zotob Worm. 

Solution: Manually inspect and repair the remote host. 





program.\n\nThe remote host is infected with the Zotob Worm. 

Solution: Manually inspect and repair the remote host. 



Discuz File Extension Validation Weakness Arbitrary File Upload 



is running Discuz, a web-based message board. This version of Discuz is vulnerable to a 

flaw that would allow remote attackers to upload arbitrary files to the web server. The 

attacker could then execute the uploaded file (with the permission of the web server) or 

convince other Discuz users to download and/or execute the code. An attacker exploiting 

this flaw would be able to gain access to confidential data, potentially impact the 

availability of the server, and tarnish the integrity of the server. 



CVE-2005-2614 

Dada Mail < 2.10 alpha 1 Archived Message XSS 


RISK: 

MEDIUM 



remote host is running Dada Mail, a mailing list management system. This version of Dada 

Mail is vulnerable to a remote HTML injection attack. An attacker exploiting this flaw 

would typically upload HTML (or script) code to the webserver. Unsuspecting users, upon 

visiting the malicious portion of the site, would have code executed within their browser. 

This can lead to theft of confidential data (such as authentication cookies). 

Solution: Upgrade to version 2.10 alpha 1 or higher. 

CVE-2005-2595 

phpPGAds/phpAdNew < 2.0.6 lib-view-direct.inc.php clientid Parameter SQL Injection 



attack.\n\nThere is a flaw in the remote phpAdNew/phpPgAds PHP Ads server, a banner 

management and tracking system written in PHP. This version of phpAdNew is vulnerable 

to a SQL Injection vulnerability. An attacker exploiting this flaw would send a malformed 

HTTP request to the phpPgAds server. The server, failing to parse out special SQL 

characters, would give the attacker the ability to read or write database data as well as 

potentially execute code. 


CVE-2005-2635 

Xerox Document Centre Multiple Unspecified Remote Vulnerabilities 



remote host is running Xerox Document Centre, an administrative web-based GUI to a 

Xerox device. This version is reportedly prone to several remote attacks that, if exploited, 

would lead to remote administrative access. The details of the attack are not currently 

known. 


CVE-2005-2647 


W-Agora < 4.2.1 index.php site Parameter Traversal Arbitrary File Access 



RISK: 

MEDIUM 



is running W-Agora, a web-based forum management software written in PHP. This 

version of Agora is vulnerable to a flaw in the way that it handles the 'site' parameter of the 

index.php script. An attacker exploiting this flaw can supply a directory outside of the web 

root. Successful exploitation would allow the remote attacker the ability to peruse 

potentially confidential files outside of the web root (such as /etc/passwd or similar). In 

addition, the software is vulnerable to several other remote cross-site-scripting (XSS) and 

script injection flaws. Finally, the application is vulnerable to a multiple 'file include' flaws. 

An attacker exploiting this flaw would be able to execute arbitrary PHP script code on the 

W-Agora system. Executed scripts would have the permissions of the webserver process. 


CVE-2006-2228 

Mutt < 1.5.11 imap/browse.c Remote Overflow 



running a version of the Mutt email client that contains a buffer overflow. It is alleged that 

an attacker exploiting this flaw would be able to execute arbitrary code on the remote 

system. 


CVE-2006-3242 

Mantis < 0.19.3 Multiple Injection Vulnerabilities 



attack.\n\nThe remote host seems to be running a vulnerable version of Mantis, a bug 

tracker web application written in PHP. It is reported that versions up to 0.19.3 are prone to 

multiple HTML and SQL injection flaws that would allow an attacker to upload or execute 

arbitrary code as well as manipulate database data. 


CVE-2005-2557 

Elm 'Expires' Header Overflow 





running Elm, an email client. This version of Elm is vulnerable to a buffer overflow via the 

'Expires' header parameter. An attacker exploiting this flaw would send a specially formed 

email with a very long 'Expires' value. Successful exploitation would result in arbitrary 

code being executed. 


CVE-2005-2665 

Woltlab Burning Board modcp.php Multiple Parameter SQL Injection 



injection attack.\n\nThe remote host is running Woltlab Burning Board, a web 

bulletin board written in PHP. This version of Burning Board is vulnerable to a 

remote SQL injection attack. An attacker exploiting this flaw would send a 

malformed 'x' or 'y' parameter to the 'modcp.php' PHP script. Succesful exploitation 

would result in the attacker being able to read or write confidential data. In some 

instances, the attacker may be able to execute arbitrary code on the remote database 

server. 


CVE-2005-2673 

OpenVPN TCP Client Detection 


Description: The remote client is running the OpenVPN TCP Client. A VPN (Virtual Private Network) 

allows remote users to connect to an internal network as if they were local users. A VPN 

that allows split-tunneling will essentially serve as a bridge between the remote network 

and the internal network. Special care should be taken to ensure that remote VPN clients 

connect securely and do not introduce an unacceptable level of risk to the internal 




OpenVPN TCP Proxy Client Detection 



Description: The remote client is running the OpenVPN TCP Client. The client is configured to use an 

HTTP proxy to tunnel the VPN to an external network. A VPN (Virtual Private Network) 









Coppermine Gallery < 1.3.4 displayimage.php HTML Injection 


RISK: 

MEDIUM 



host is running CopperMine Gallery, a set of PHP scripts to handle galleries of pictures. 

There is an injection flaw in this version of Coppermine Gallery. Specifically, the 

'displayimage.php' script does not properly sanitize user-supplied images prior to rendering. 

An attacker exploiting this flaw can run arbitrary code within the browser of unsuspecting 

users. 


CVE-2005-2676 

PHP-Kit Multiple SQL Injection Vulnerabilities 


Description: Synopsis :\n\nThe remote web server contains scripts that are vulnerable to a SQL injection 

attack.\n\nThe remote host is running PHP-Kit, an open-source content management 

system written in PHP. The remote version of this software is vulnerable to multiple SQL 

Injection flaws that may allow an attacker to execute arbitrary SQL statements against the 

remote database. 

Solution: The PHP-Kit project has been discontinued. All versions of PHP-Kit are vulnerable to a 

number of flaws. PHP-Kit is an absolute necessity within your environment, you will need 

to delegate resources to fix the security flaws and manage the code. 

CVE-2006-1773 

RunCMS Multiple SQL Injection Vulnerabilities 




attack.\n\nThe remote host is running RunCMS, a web-based messaging system. This 

version of RunCMS is vulnerable to a remote SQL Injection flaw. An attacker exploiting 

this flaw would send specially formatted SQL commands to the web server. Successful 

exploitation would allow the attacker to run arbitrary commands on the remote database 

server. 



CVE-2005-2692 

CVS < 1.12.13 Local 'tmp' File Permission Vulnerability 


RISK: 

MEDIUM 



temporary files.\n\nThe remote host is running a CVS server that, according to its version 

number, is vulnerable to a flaw in the way that it creates and protects temporary files. A 

local user exploiting this flaw may be able to write arbitrary information into critical CVS 

files. 



WebCalendar < 1.0.1 send_reminders.php includedir Parameter Remote File Inclusion 


Description: Synopsis :\n\nThe remote host is vulnerable to a script injection attack.\n\nThe remote 

version of WebCalendar fails to sanitize user-supplied input to the 'includedir' parameter of 

the 'send_reminders.php' script. By leveraging this flaw, an attacker may be able to view 

arbitrary files on the remote host and execute arbitrary PHP code, possibly taken from 

third-party hosts. 


CVE-2005-2717 

MPlayer < 1.0pre8 Audio Header strf Overflow 



using a version of MPlayer, a multimedia video and audio application. This version of 

MPlayer is vulnerable to a buffer overflow due to a lack of content parsing. An attacker 

exploiting this flaw would need to craft a malicious media file and then convince a local 

user to download and play the file within MPlayer. Successful exploitation would result in 

arbitrary code being executed locally. 

Solution: Upgrade to version 1.0pre8 or higher. 

CVE-2005-2718 

Simple PHP Blog (SPHPBlog) < 





is running the Simple PHP Blog, a web log (or blog) package. This version of Simple PHP 

Blog is vulnerable to a flaw where remote users can upload arbitrary files to the server. 

Successful exploitation results in the attacker executing code on the server or executing 

code in unsuspecting user's browser. 


CVE-2005-2733 

Gallery < 1.5.3-RC3 EXIF Data XSS 


RISK: 

MEDIUM 



is running Gallery, a web-based photo album. According to its banner, the version of 

Gallery installed on the remote host is prone to script insertion attacks because it does not 

sanitize malicious EXIF data stored in image files. Using a specially-crafted image file, an 

attacker can exploit this flaw to cause arbitrary HTML and script code to be executed in a 

user's browser within the context of the affected application. 


CVE-2005-2734 

YaPiG EXIF Data Script Injection 


RISK: 

MEDIUM 



is running YaPiG, a web-based image gallery written in PHP. According to its banner, the 

version of YaPiG installed on the remote host is prone to script insertion attacks because it 

does not sanitize malicious EXIF data stored in image files. Using a specially-crafted image 

file, an attacker can exploit this flaw to cause arbitrary HTML and script code to be 

executed in a user's browser within the context of the affected application. 


CVE-2006-4421 

PhotoPost < 5.11 PHP Pro EXIF Data XSS 



RISK: 

MEDIUM 



attack.\n\nAccording to its banner, the version of PhotoPost PHP Pro installed on the 

remote host is prone to script insertion attacks because it does not sanitize malicious EXIF 

data stored in image files. Using a specially-crafted image file, an attacker can exploit this 


flaw to cause arbitrary HTML and script code to be executed in a user's browser within the 

context of the affected application. 


CVE-2005-2737 

Telnet Detection on High-numbered TCP Port 


Description: The remote host is running a telnet server on a non-standard high TCP port. 

Solution: Ensure that the telnet server is authorized by relevant corporate policies and procedures. 


Telnet Server Detection (High Port) 


Description: A telnet server is running on this port. 

Solution: N/A 


Linux Telnet Server Detection (High Port) 


Description: A Linux telnet server is running on this port. 

Solution: N/A 


SysV Telnet Server Detection (High Port) 


Description: A SysV telnet server is running on this port. 

Solution: N/A 


Informix Telnet Server Detection (High Port) 




Description: An Informix telnet server is running on this port. 

Solution: N/A 


phpMyAdmin < 2.6.4-RC1 Multiple XSS 


RISK: 

MEDIUM 



version of phpMyAdmin installed on the remote host may suffer from two cross-site 

scripting vulnerabilities due to its failure to sanitize user input to the 'error' parameter of the 

'error.php' script and in 'libraries/auth/cookie.auth.lib.php'. A remote attacker may use these 

vulnerabilities to cause arbitrary HTML and script code to be executed in a user's browser 

within the context of the affected application. 


CVE-2005-2869 

PHP-Fusion < 6.00.11 Multiple Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to an HTML Injection attack.\n\nAccording to 

its version number, the remote host is running a version of PHP-Fusion that suffers from an 

HTML injection vulnerability. An attacker can inject malicious code using specially-crafted 

posts. Successful exploitation would affect how the site is rendered to remote viewers. 


CVE-2005-2783 

phpLDAPadmin < 0.9.6c Anonymous Bind Security Bypass 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote application may allow anonymous connections despite the 

configuration details.\n\nThe remote host is running phpLDAPadmin, a PHP-based LDAP 

browser. The version of phpLDAPadmin installed on the remote host may allow access to 

an LDAP server anonymously, even if anonymous binds have been disabled in the 

application's configuration. 

Solution: Upgrade to version 0.9.6c or higher. 

CVE-2005-2654 



BNBT P2P Tracking Detection 


Description: The remote host is running the BNBT web application. BNBT is a tool for tracking 

peer-to-peer (P2P) BitTorrent connections. 

Solution: Ensure that P2P applications are allowed by corporate policies and procedures. 


BNBT EasyTracker Malformed Request DoS 


RISK: 

MEDIUM 



remote host is running BNBT EasyTracker, a packaged BitTorrent tracker installer for 

Windows. The remote version of BNBT EasyTracker fails to properly handle malformed 

HTTP requests, making it prone to denial of service attacks. An attacker can crash the 

application by sending a request with a header line consisting of only a ':'. 


CVE-2005-2806 

Simple Machines Forum < 1.0.7 Code Injection 


RISK: 

MEDIUM 




vulnerable to a remote code injection flaw. An attacker exploiting this flaw would be able 

to execute arbitrary PHP code on the target web server. In addition, the remote host is 

vulnerable to an HTML injection attack. An attacker exploiting this flaw would create a 

post that included malicious script code. The attacker would then wait for a vulnerable user 

to peruse the page. Successful exploitation would result in malicious code executing within 

the user browser. 


CVE-2006-0896 


IndiaTimes Instant Messenger ActiveX RenameGroup Function Overflow 



running IndiaTimes Instant Messaging client. IndiaTimes allows users to consolidate ICQ, 

Yahoo, AIM and MSN messengers into a single GUI console. This version of IndiaTimes 


is vulnerable to a remote buffer overflow. An attacker exploiting this flaw would need to be 

able to convince a user to browse to a malicious website and execute a malicious ActiveX 

control. Successful exploitation would lead to the attacker executing arbitrary code on the 



CVE-2005-2844 

Barracuda Spam Firewall < Firmware 3.1.18 Multiple Vulnerabilities 



appears to be a Barracuda Spam Firewall appliance, which protects mail servers from spam 

and viruses. It appears that the installed appliance suffers from several vulnerabilities that 

allow for execution of arbitrary code and reading of arbitrary files, all subject to the 

permissions of the web server user ID. 

Solution: Upgrade to firmware 3.1.18 or higher. 

CVE-2005-2847 

SlimFTPd Multiple Command Remote Overflow DoS 


RISK: 

MEDIUM 



remote host appears to be using SlimFTPd, a free, small standards-compliant FTP server 

for Windows. The installed version of SlimFTPd on the remote host suffers from a denial 

of service vulnerability. By sending 'user' and 'pass' commands that are each 40 bytes long, 

an attacker will crash the service after a short period of time. 


CVE-2005-2850 

PHPGroupWare < 0.9.16.007 Main Screen Message Script Injection 



seems to be running PHPGroupWare, a groupware system implemented in PHP. This 

version is reported vulnerable to a flaw where the Administrator can inject script code into 

the browsers of unsuspecting users. 


CVE-2005-2761 



Phorum < 5.0.18 register.php XSS 


RISK: 

MEDIUM 



remote version of Phorum contains a script called 'register.php' that is vulnerable to a 

cross-site scripting attack. An attacker may exploit this problem to steal the authentication 

credentials of third party users. 


CVE-2005-2836 

PBLang Bulletin Board < 4.66z Multiple Vulnerabilities 



running PBLang, a bulletin board system written in PHP. This version of PBLang is 

reported to be vulnerable to a number of remote overflows. While the details of the 

vulnerabilities are unknown at this time, it is alleged that a remote attacker would be able to 

execute commands with 'Administrative' privileges. 

Solution: Upgrade to version 4.66z or higher. 


OpenSSH < 4.2p1 GSSAPI Authentication Credential Escalation 


RISK: 

MEDIUM 



sensitive files or data.\n\nThe remote host is running a version of OpenSSH which is 

vulnerable to a flaw in the way that it handles GSSAPI authentication. Specifically, if 

GSSAPI is enabled and 'GSSAPIDelegateCredentials' is enabled, an attacker may gain 

access to GSSAPI credentials. 

Solution: Upgrade to version 4.2p1 or higher. 

CVE-2005-2798 

Squid sslConnectTimeout Function Remote DoS 




remote Squid caching proxy, according to its version number, is vulnerable to an attack 

where the attacker can cause the Squid proxy to stop servicing valid service requests. The 

flaw is within the 'sslConnectTimeout' function and stems from the functions inability to 


parse user-supplied requests. Successful exploitation leads to a loss of availability. 

Solution: Upgrade to version 2.5.STABLE11 (when available) or higher. 

CVE-2005-2796 

AttachmateWRQ Reflection for Secure IT Server < 6.0 Build 24 Multiple Vulnerabilities 


RISK: 

MEDIUM 



is running AttachmateWRQ Reflection for Secure IT Server, a commercial SSH server for 

Windows. According to its banner, the installed version of Reflection for Secure IT Server 

on the remote host suffers from several vulnerabilities, including :\n\n- An Access 

Restriction Bypass Vulnerability. Access expressions are evaluated in a case-sensitive 

manner while in versions prior to 6.0 they were case-insensitive. This may let an attacker 

gain access to an otherwise restricted account by logging in using a variation on the account 

name.\n\n- A Renamed Account Remote Login Vulnerability. The application continues to 

accept valid public keys for authentication to the the Administrator or Guest accounts if 

either has been renamed or disabled after being configured for SSH public key 

authentication.\n\n- An Information Disclosure Vulnerability. Users with access to the 

remote host can read the server's private key, which can lead to host impersonation attacks. 


CVE-2005-2770 

HP OpenView Network Node Manager (NNM) Detection 


Description: The remote host is running the HP OpenView Network Node Manager. 

Solution: Ensure that this server is configured in accordance with corporate policies and procedures. 


Land Down Under < 802 events.php SQL Injection 




attack.\n\nThe remote host is running Land Down Under, a web-based content management 

system. This version of LDU is vulnerable to a script injection flaw within the 'events.php' 

script. An attacker exploiting this flaw would need to be able to convince a user to browse 

to a malicious URI. Successful exploitation would lead to script code being executed within 

the user's browser. In addition, the product is vulnerable to multiple SQL injection flaws. 

An attacker exploiting these flaws would be able to execute code within the context of the 

database. 



CVE-2005-2884 

Kerberos v5 Client with SSH Server Detection 


Description: The remote host is running a Kerberos 5 client with SSH Server. 

Solution: N/A 


Kerberos v4 Client with SSH Server Detection 


Description: The remote host is running a Kerberos 4 client with SSH Server. 

Solution: N/A 


ASP/ASA Source Using Microsoft Translate f: bug (IIS 5.1) 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server can disclose source code.\n\nThere is a serious 

vulnerability in IIS 5.1 that allows an attacker to view ASP/ASA source code instead of a 

processed file when the files are stored on a FAT partition. ASP source code can contain 

sensitive information such as usernames and passwords for ODBC connections. 

Solution: Install the remote web server on a NTFS partition. 


IIS Patch Level Detection (English Versions Only) 


RISK: 

MEDIUM 

Description: The remote IIS server appears to be running IIS 5.1 Service Pack 2. 








RISK: 

MEDIUM 


Description: The remote IIS server appears to be running IIS 5.1 with no Service Pack. 





RISK: 

MEDIUM 

Description: The remote IIS server appears to be running IIS 5.1. 



PBLang Multiple Vulnerabilities 




is running PBLang, a bulletin board system that uses flat files and is written in PHP. The 

version of PBLang installed on the remote suffers from several vulnerabilities, including 

remote code execution, information disclosure, cross-site scripting, and path disclosure. 


Google Talk Detection 

CVE-2005-2894 

PVS ID: 3217 FAMILY: Internet Services RISK: INFO NESSUS ID:Not Available 

Description: The remote client is running the Google Talk application. This application allows 

remote users to place voice calls over the Internet. 

Solution: Ensure that such activity is allowed by corporate policies and guidelines. 


SunOne Web Proxy < 3.6 SP8 Unspecified DoS 



RISK: 

MEDIUM 




remote host is running the SunOne Web Proxy. Alledgedly, successful exploitation of an 

overflow would result in a Denial of Service (DoS), thereby rendering the service 

unuseable to valid users. 

Solution: Upgrade to 3.6 SP8 or higher. 

CVE-2005-4806 

Sawmill < 7.1.14 GET Request Query String XSS 


RISK: 

MEDIUM 



remote host is running Sawmill, a weblog analysis package. The version of Sawmill 

installed on the remote host suffers from a cross-site scripting flaw because its standalone 

web server treats an arbitrary query string appended to a GET request as a configuration 

command and fails to sanitize it before using it in an error page. An unauthenticated 

attacker may be able to exploit this issue to steal authentication information of users of the 

affected application. 

Solution: Upgrade to version 7.1.14 or higher or use Sawmill in CGI mode. 

CVE-2005-2950 

punBB < 1.2.7 Multiple SQL Injection Vulnerabilities 


RISK: 

MEDIUM 




punBB ( %L ) is vulnerable to a SQL Injection attack. Due to a content-parsing flaw, 

attackers can inject SQL commands into a PHP script. An attacker exploiting this flaw 

would only need to be able to send HTTP requests to the application. Successful 

exploitation would result in the attacker having the ability to read or write to the database. 

In addition, the attacker may be able to execute arbitrary commands on the remote system. 


CVE-2005-4665 


Linksys Wireless Router < 4.20.7 Multiple Vulnerabilities 



is running a Linksys wireless router. This version of the router is vulnerable to multiple 

remote flaws. An attacker exploiting these flaws would need to be on the internal network 

and have the ability to craft HTTP requests to the default Linksys web server. Successful 


exploitation would result in the remote attacker gaining administrative access. The remote 

host is running firmware version\n%L 

Solution: Upgrade the firmware to version 4.20.7 or higher. 

CVE-2005-2916 

FTP Server Detection (Any Port) 

PVS ID: 3222 FAMILY: FTP Servers RISK: NONE NESSUS ID:Not Available 

Description: An FTP server is running on this port. 

Solution: N/A 


Twiki rev Parameter Arbitrary Shell Command Execution 


RISK: 

MEDIUM 


Description: Synopsis :\n\nAn attacker can run arbitrary shell commands on the remote system.\n\nThe 

remote host is running Twiki, an open-source wiki software written in Perl. This version of 

Twiki is vulnerable to a command insertion flaw. Specifically, an attacker sending a 

command (within backticks) to the 'rev' parameter would be able to execute arbitrary code 

on the web server. Example:\n\nGET /cgi-bin/TwikiUsers?rev 


CVE-2005-2877 



Description: The remote host is running Mac OS 10.3.9. 

Solution: N/A 


SuSE Linux Operating System Detection 


Description: The remote host is running SuSE Linux %L\nThe host is using YaST to maintain patch 

levels with the SuSE central servers. 

Solution: N/A 




Lotus Domino Server Multiple XSS 


RISK: 

MEDIUM 


Description: The remote host is running a version of Lotus Domino Server that is prone to multiple 

remote Cross-Site Scripting (XSS) flaws. An attacker exploiting this flaw would need to be 

able to convince a user to browse to a malicious URI. Successful exploitation would result 

in script code executing within the user's browser. 


CVE-2005-4819 

ZoneAlarm Personal Firewall < 6.0.667.000 Multiple Vulnerabilities 



is running ZoneAlarm, a personal firewall for the Windows platform. The client is running 

a version of ZoneAlarm that is less than 6.0.667.000. This version of ZoneAlarm is 

reported vulnerable to a number of flaws that can render the firewall unuseable or, in some 

instances, give the users a false sense of security. 


CVE-2005-3560 

DSL/CableModem Internet Gateway Detection 


RISK: 

MEDIUM 



application.\n\nThe remote host is advertising Internet Gateway Services. This is common 

in many off-the-shelf cable modem or DSL modem hardware. On a production network, 

such a device may be inadvertently introducing risk due to a multi-homing of the internal 

network. 

Solution: Ensure that such devices are allowed by corporate policies and guidelines. 



ClamAV < 0.86.3 Content-parsing Multiple Overflows 





ClamAV is reported to be vulnerable to a flaw where the parsing of a malicious file will 

cause the clamav process to overflow system memory, possibly resulting in an attacker 

executing code. An attacker exploiting this flaw would need to be able to send a specially 

formed email to the system running ClamAV. In addition, this version of ClamAV is 

vulnerable to a remote Denial of Service (DoS) attack that would render the service 

unavailable to valid users. 


CVE-2005-2920 

CuteNews flood.db.php HTTP Header PHP Code Injection 


Description: Synopsis :\n\nThe remote host is vulnerable to a Script Injection 

attack.\n\nAccording to its version number, the remote host is running a version 

of CuteNews that allows an attacker to inject arbitrary script code. An attacker 

exploiting this flaw would be able to inject script code that would either be 

executed locally or possibly executed within the browser of an unsuspecting 

user. 


CVE-2005-3010 

vBulletin < 3.0.10 Multiple Vulnerabilities 



vBulletin installed on the remote host fails to properly sanitize user-supplied input to a 

number of parameters and scripts before using it in database queries and to generate 

dynamic HTML. An attacker can exploit these issues to launch SQL injection and 

cross-site scripting attacks against the affected application. Note that the affected scripts 

require moderator or administrator acess, with the exception of 'joinrequests.php'. 


CVE-2005-3025 

Opera < 8.50 Mail Client Multiple Vulnerabilities 



RISK: 

MEDIUM 



Description: The remote host is running the Opera Mail Client. This version of Opera is reported to be 

vulnerable to multiple remote attack vectors. An attacker exploiting this flaw would need to 

be able to convince an Opera mail user to open a malicious email or attachment. Successful 

exploitation would result in arbitrary code being executed. 


CVE-2005-3041 

Opera < 8.50 Upload Flaw 



using a version of Opera that is vulnerable to an unspecified file upload vulnerability. An 

attacker exploiting this flaw would need to be able to convince a user to browse to a 

malicious URI. Successful exploitation would result in the attacker executing arbitrary code 

on the target machine. 


CVE-2005-3041 

PHP Advanced Transfer Manager < 


RISK: 

MEDIUM 



PHP Advanced Transfer Manager on the remote host suffers from multiple information 

disclosure and cross-site scripting flaws. For example, by calling the text or HTML viewer 

directly, an unauthenticated attacker can view arbitrary files, possibly even from remote 

hosts, provided PHP's 'register_globals' setting is enabled. As another example, an attacker 

can issue a request for '/PATH/users/username' and retrieve sensitive user credentials. In 

addition, selected PHP settings on the remote host can be disclosed by accessing the 

'test.php' script directly. 

Solution: Disable PHP's 'register_globals' setting and remove the 'test.php' script. 


PunBB < 1.2.8 Multiple Vulnerabilities 



RISK: 

MEDIUM 



PunBB installed on the remote host suffers from several flaws.\n\nA File Inclusion 

Vulnerability - The application fails to validate the 'language' parameter when a user 

updates their profile and uses that throughout the application to require PHP code in order 

to display messages. An attacker with an account on the affected application may be able to 


exploit this issue to read arbitrary files and execute local files with arbitrary PHP code 

subject to the privileges of the web server user ID.\n\nA Cross-Site Scripting Vulnerability 

- The application also does not sanitize input passed to the 'email' parameter of the 

'login.php' script when requesting a new password, which permits cross-site scripting 

attacks such as theft of authentication cookies. 


CVE-2005-3078 

HylaFAX < 4.2.2 RC1 xferfaxstats Symlink Arbitrary File Overwrite 


Description: Synopsis :\n\nThe fax server creates temporary files in an insecure manner.\n\nThe remote 

host is running HylaFAX, a fax transmission software. It is reported that HylaFAX is prone 

to a flaw in the way that it creates temporary files. A local attacker exploiting this flaw 

would be able to gain access to potentially confidential information or use the flaw to 

escalate their privileges on the machine. 


CVE-2005-3070 

Movable Type < 3.20 Multiple Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThere are multiple injection-type flaws within this version of Movable 

Type.\n\nThe remote host is running Movable Type, a blogging software for Unix and 

Windows platforms. This version of Movable Type is vulnerable to multiple flaws that may 

allow an attacker to inject or upload web files, execute malicious code within a user's 

browser or disclose confidential data. 


CVE-2005-3101 




using Mozilla, an alternative web browser. The installed version of Mozilla contains 

various security issues, several of which are critical as they can be easily exploited to 

execute arbitrary shell code on the remote host. The reported browser version (as seen on 

the network) is: \n %L 




CVE-2005-2602 




using Firefox. The installed version of Firefox contains various security issues, several of 

which are critical as they can be easily exploited to execute arbitrary shell code on the 

remote host. The reported browser version (as seen on the network) is: \n %L 


CVE-2005-2871 

Maxthon Web Browser < 1.3.3 Cross-Domain Dialog Box Spoofing 


RISK: 

MEDIUM 


Description: The remote host is running Maxthon Web Browser. Maxthon Web Browser is reported to 

be prone to a cross-domain dialog box spoofing vulnerability. This issue may allow a 

remote attacker to carry out phishing style attacks. 



Interchange < 5.2.1 Multiple Injection Vulnerabilities 



attack.\n\nThe remote host is running Interchange, a web-based content management 

application. This version of Interchange is vulnerable to a flaw in the way that it handles 

malformed data. An attacker exploiting these flaws would be able to inject commands into 

SQL statements or inject executable code that would be executed by the web server 

process. 


CVE-2005-3073 


SEO-Board < 1.03 admin.php user_pass_sha1 Cookie SQL Injection 



attack.\n\nThe remote host is running SEO-Board, a web forum written in PHP. This 

version of SEO-Board is vulnerable to a flaw in the way that it handles malformed data. An 


attacker exploiting this flaw would be able to inject arbitrary system commands into SQL 

statements. 


CVE-2005-3082 

Qualcomm Qpopper poppassd Local Privilege Escalation 


Description: Synopsis :\n\nThe host is vulnerable to a local file access flaw.\n\nThe remote host is 

running Qpopper, a POP3 mail server for Unix-type systems. This version of Qpopper is 

vulnerable to a local configuration flaws. A local attacker exploiting these flaws would be 

able to elevate privileges on the Qpopper system. 


CVE-2005-3098 

Brooky CubeCart < 3.0.4 Multiple XSS 


Description: Synopsis :\n\nThe remote web server contains a script that is vulnerable to a Cross-Site 

Scripting (XSS) attack.\n\nThe remote host is using Brooky CubeCart, an online storefront 

application written in PHP. This version of CubeCart is vulnerable to multiple XSS 

Injection flaws. An attacker exploiting these flaws would need to be able to convince a user 

to browse to a malicious URI. Successful exploitation would result in code execution 

within the user's browser that could lead to theft of authentication materials. 


CVE-2005-3152 

PHP-Fusion < 6.00.110 Multiple SQL Injection Vulnerabilities 


Description: Synopsis :\n\nThe remote web server contains a script that is vulnerable to a 

SQL injection attack.\n\nAccording to its version number, the remote host is 

running a version of PHP-Fusion that suffers from a SQL Injection flaw. An 

attacker exploiting these flaws would be able to inject commands into SQL 

statements or inject executable code which would be executed by the database 

server. 


CVE-2005-3161 



lucidCMS Login Form Field SQL Injection 


Description: Synopsis :\n\nThe remote web server contains a script that is vulnerable to a 

SQL injection attack.\n\nAccording to its version number, the remote host is 

running a version of lucidCMS that suffers from a SQL Injection flaw. An 

attacker exploiting these flaws would be able to inject commands into SQL 

statements or inject executable code which would be executed by the database 

server. 


CVE-2005-3130 

Squid < 2.5 STABLE11 NTLM Authentication Header DoS 


Description: Synopsis :\n\nThe remote proxy is vulnerable to a DoS attack.\n\nThe remote squid 

caching proxy, according to its version number, is vulnerable to an attack where an 

attacker can disable the Squid proxy by sending a malformed NTLM request. 

Successful exploitation leads to a loss of availability. 

Solution: Upgrade to version 2.5 STABLE11 or higher. 

CVE-2005-2917 

IceWarp Web Mail Multiple Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis :\n\nIt is possible to retrieve or delete local files on the remote system through the 

WebMail.\n\nThe remote host is running IceWarp Web Mail, a webmail solution available 

for the Microsoft Windows platform. The remote version of this software is vulnerable to a 

Directory Traversal vulnerability that may allow an attacker to retrieve arbitrary files on the 

system. Another input validation flaw allows an attacker to delete arbitrary files on the 

remote host. In addition, the existence of these two flaws indicates that IceWarp is 

vulnerable to cross-site scripting attack. 


CVE-2005-3131 

4D WebStar < 5.3.5 IMAP Mac OS Client DoS 




Description: Synopsis :\n\nThe remote host is vulnerable to a remote Denial of Service (DoS) 

attack.\n\nThe remote server is running 4D WebStar Web Server. The remote server is 

reported to be vulnerable to a Denial of Service (DoS) attack via the IMAP service. 


CVE-2005-3143 

MailEnable STATUS Command Overflow 


Description: Synopsis :\n\nThe remote IMAP server is prone to buffer overflows.\n\nThe remote host is 

running a version of MailEnable's IMAP service that is prone to a buffer overflow 

vulnerability triggered when processing a STATUS command with a long mailbox name. 

Once authenticated, an attacker can exploit this flaw to execute arbitrary code subject to the 

privileges of the affected application. In addition, the version of MailEnable is vulnerable 

to an IMAP directory traversal flaw. An attacker exploiting this flaw would need to be able 

to log into the server and issue a malformed ('../') request. Successful exploitation would 

result in the attacker accessing confidential data. 

Solution: Upgrade to MailEnable Professional 1.7 or higher or to MailEnable Enterprise Edition 1.2 

or higher. 

CVE-2005-3155 

UW-IMAP Quote String Buffer Overflow 

PVS ID: 3251 FAMILY: IMAP Servers RISK: LOW NESSUS ID:Not Available 

Description: Synopsis :\n\nThe IMAP server is vulnerable to an overflow after authentication.\n\nThere 

is a flaw in the remote UW-IMAP server that allows an authenticated user to execute 

arbitrary code on the server. The flaw is in the way that UW-IMAP handles quoted mailbox 

names. Specifically, an attacker supplying a long mailbox name which only contained one 

'"' would be able to overwrite memory and execute arbitrary code. 


CVE-2005-2933 

PHPMyAdmin Multiple Script usesubform Parameter Remote File Inclusion 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server contains a PHP application that is prone to 

information disclosure attacks.\n\nThe version of phpMyAdmin installed on the remote 

host allows attackers to read arbitrary files because of its failure to sanitize the parameter 

'usesubform' before using it in several scripts. 



CVE-2005-3299 

WebGUI < 6.7.6 Unspecified Code Execution 


Description: Synopsis :\n\nThe remote host is vulnerable to an arbitrary 'code execution' 

vulnerability.\n\nThe remote host is running WebGUI, a content management framework. 

The remote version of this software is vulnerable to an undisclosed remote vulnerability 

that would allow an attacker to execute arbitrary code with the permissions of the 

webserver. 


CVE-2005-4694 

ClamAV < 0.87.2 Content-parsing DoS 


RISK: 

MEDIUM 



remote host is running ClamAV, an open-source antivirus solution for Unix-like systems. 

This version of ClamAV is reported vulnerable to a flaw where the parsing of a malicious 

file will cause the clamav process to enter an infinite loop. Successful exploitation causes 

the clamd service to exit. 


CVE-2005-3239 

GNU WGet < 1.10.2 Buffer Overflow 



using a version of wget that contains a flaw in the way that it handles NTLM authentication 

data. Specifically, a rogue website that returns malformed data during an NTLM 

authentication session will be able to execute arbitrary code on the local client machine. 


CVE-2006-1985 

Curl NTLM Buffer Overflow 





using a version of curl (or libcurl) that is vulnerable to a remote buffer overflows. To 

exploit, an attacker would have to set up a rogue web server that would reply with a 

malicious NTLM authentication request. Upon successful exploitation, the attacker would 

be able to execute arbitrary commands with the rights of the web server. 


CVE-2006-1985 

XMail < 1.22.0 Multiple Overflows 


Description: Synopsis :\n\nThe remote host is vulnerable to multiple buffer overflow attacks.\n\nThe 

remote XMail server is vulnerable to multiple remote and local buffer overflows. 

Successful exploitation would lead to the attacker executing arbitrary code. 


CVE-2005-2943 

Mozilla Thunderbird < 1.5 Multiple Vulnerabilities 



is running a vulnerable version of Mozilla Thunderbird mail client. This version of 

Thunderbird is vulnerable to a Man-in-the-middle (MITM) or sniffing vulnerability where 

an attacker can determine user credentials even when encryption is enabled. To exploit this 

flaw, an attacker would need access to the local network. In addition, the client is 

vulnerable to a flaw where attackers can spoof attachment types. An attacker exploiting this 

flaw would craft a malicious email and entice a user to open a seemingly innocuous 

attachment. 


CVE-2006-0236 

Gallery < 2.0.1 main.php Directory Traversal Arbitrary File Access 


RISK: 

MEDIUM 



host is running the Gallery web-based photo album. This version of Gallery is vulnerable to 

a 'directory traversal' flaw. An attacker exploiting this flaw would be able to access files 

outside of the webroot. 




CVE-2005-3251 

PunBB < 1.2.9 search.php old_searches Parameter SQL Injection 


RISK: 

MEDIUM 



PunBB installed on the remote host fails to sanitize user-supplied input to the 'old_searches' 

parameter of the 'search.php' script before using it in database queries. Provided PHP's 

'register_globals' setting is enabled, an attacker may be able to exploit this issue to delete 

arbitrary data or launch attacks against the underlying database. 


CVE-2005-3518 

Lynx < 2.8.6 dev14 NNTP Headers Buffer Overflow 


RISK: 

MEDIUM 



using Lynx as a web browser. This version of Lynx is vulnerable to a buffer overflow when 

processing malformed NNTP headers. An attacker exploiting this flaw would need to be 

able to convince the local Lynx user to browse a malicious NNTP server. Successful 

exploitation will result in the attacker running arbitrary code on the local system. 

Solution: Upgrade to version 2.8.6 dev14 or higher. 

CVE-2005-3120 

PHP < 5.0.5 Multiple Vulnerabilities 



is running a version of PHP that is older than 5.0.5. This version has a number of bugs that 

allow attackers to execute or retrieve arbitrary files outside of the web root directory. An 

attacker exploiting these flaws would only need to send a malformed HTTP request to the 

vulnerable system. Successful exploitation would result in the loss of confidential data or a 

breach of system integrity. 



Xerver < 4.20 Multiple Vulnerabilities 




RISK: 

MEDIUM 

Description: Synopsis :\n\nThe remote web server is affected by multiple flaws.\n\nThe remote host is 

running Xerver, an open-source FTP and web server written in Java. The installed version 

of Xerver on the remote host suffers from several vulnerabilities that can be used by an 

attacker to reveal the contents of directories as well as the source of scripts and HTML 

pages. In addition, it is prone to a generic cross-site scripting flaw. 


CVE-2005-4774 

Splatt Forums < 4.0 Unspecified Authentication Bypass 



arbitrary commands.\n\nThe remote host is running Splatt, an online forum. This version of 

Splatt is vulnerable to an authentication bypass flaw. An attacker exploiting this flaw would 

be able to execute administrative commands without authentication. 


CVE-2005-3282 

FlatNuke < 2.5.7 index.php Traversal File Inclusion 



arbitrary commands.\n\nThe remote host is running FlatNuke, an open-source content 

management system. The remote version of this software is prone to a file upload 

vulnerability. An attacker can specify any arbitrary 'include' file which will then be 

executed on the target FlatNuke system. Successful exploitation leads to the execution of 



CVE-2005-4208 

Nuked Klan Multiple Modules SQL Injection 




is running Nuked Klan, a content management system. This version of Nuked Klan is 

vulnerable to a remote SQL Injection flaw. An attacker exploiting this flaw would be able 

to execute arbitrary commands on the remote database server. 



CVE-2005-3305 

PHP-Fusion < 6.00.205 HTML Injection 


Description: Synopsis :\n\nThe remote host is vulnerable to several injection attacks.\n\nAccording to its 

version number, the remote host is running a version of PHP-Fusion that suffers from an 

HTML Injection flaw. An attacker exploiting these flaws would be able to inject code that 

would be executed either by the target web server or by unsuspecting users browsing the 

website. In addition, this version of PHP-Fusion may be vulnerable to a SQL injection 

attack. \n 


CVE-2005-4005 

Skype Technologies Multiple Buffer Overflows 



using Skype, a peer-to-peer chat and VoIP software. The remote version of this software 

contains multiple flaws that would allow an attacker to overflow memory buffers and either 

cause the service to stop or execute arbitrary code. 


CVE-2005-3265 

Flyspray Multiple Vulnerabilities 


RISK: 

MEDIUM 



is running FlySpray, a bug-reporting web application. This version of Flyspray is 

vulnerable to a remote cross-site scripting (XSS) attack. An attacker exploiting this flaw 

would typically need to convince a user to browse to a malicious URI. Success exploitation 

would result in the theft of confidential materials (such as authentication cookies). In 

addition, the remote host is vulnerable to a remote file inclusion flaw. A remote attacker 

can supply PHP code and then trick the FlySpray server into executing the code. 


WindWeb < 

CVE-2005-3334 




RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server is prone to denial of service attacks.\n\nThe remote 

host appears to be running the WindWeb web server, which is found on embedded devices 

running Wind River Systems' VxWorks such as certain ADSL modems and routers. The 

version of WindWeb installed on the remote host is affected by a remote denial of service 

vulnerability when it receives maliciously crafted requests. An attacker may be able to 

leverage this issue to deny access to the web server to legitimate users. 


CVE-2005-3475 

Snitz Forum < 3.4.0.06 XSS 



remote host appears to be running Snitz Forum, a web forum application implemented in 

ASP. It is reported that versions of Snitz Forum prior to 3.4.0.06 are prone to a Cross-Site 

Scripting (XSS) attack. 


CVE-2007-1374 

NTOP < 3.2 ntop.init Temporary File Symlink Arbitrary File Overwrite 


RISK: 

MEDIUM 



temporary files.\n\nThe remote host is running NTOP, a tool for viewing network 

configuration, usage, statistics, protocols and much more via a web interface. This version 

of NTOP is reported ot be prone to a local exploit. Specifically, a local attacker can 

overwrite critical ntop temporary files, leading to an escalation of privileges. 


CVE-2005-3387 

PHP < 5.0.6 GLOBAL Variable Overwrite 




attacks.\n\nThe remote host is running a version of PHP that is older than 5.0.6. This 

version has a flaw where remote attackers can reenable the 'register_globals' parameter. In 

addition, a remote attacker may be able to overwrite the 'GLOBAL' variable. This may lead 

to another more serious exploitation. The remote host is running PHP version: \n %L 



CVE-2005-3391 



Description: The remote host is running Mac OS 10.4.3. 

Solution: N/A 



PVS ID: 3275 FAMILY: Operating System Detection RISK: LOW NESSUS ID:20113 


is running a version of Mac OS X 10.4 that is older than version 10.4.3. Mac OS X 10.4.3 

contains several security fixes for :\n\n- Finder\n- Software Update\n- memberd\n- 

KeyChain\n- Kernel 


CVE-2005-4504 

XMB Forum < 1.9.8 SP2 SQL Injection 


RISK: 

MEDIUM 



is running XMB Forum. There is flaw in the version this host is using which may allow an 

attacker to perform a SQL Injection attack. An attacker sending malformed queries can 

inject SQL commands that are executed on the database server. This can lead to the reading 

or writing of data and, in some cases, the attacker can execute arbitrary system commands. 

In addition, the remote version of XMB forum is vulnerable to HTML injection type 

attacks. An attacker exploiting this second flaw would be able to manipulate the application 

to execute arbitrary script code. 

Solution: Upgrade to XMB 1.9.8 SP2 or higher. 

CVE-2005-3689 

Serv-U FTP Server < 6.1.0.4 Malformed Packet Remote DoS 



RISK: 

MEDIUM 




remote host is running Serv-U FTP server. There is a bug in the way this version handles 

certain unspecified commands. While the details of the overflow are unknown, it is 

reported that successful exploitation leads to a Denial of Service (DoS) attack. 


Simple PHP Blog < 

CVE-2005-3467 



is running Simple PHP Blog, a blog written in PHP. The version of Simple PHP Blog 

installed on the remote host is vulnerable to a SQL Injection flaw. An attacker exploiting 

this flaw would send malformed PHP queries to the application. Successful exploitation 

would result in the attacker executing arbitrary commands on the backend database. 


CuteNews < 

CVE-2005-3473 


RISK: 

MEDIUM 


Description: According to its version number, the remote host is running a version of CuteNews that 

allows an attacker to upload or download files outside of the web root directory. This can 

lead to an attack against both confidentiality and integrity. An attacker exploiting this flaw 

would simply send a malformed request including a '../' in the request. Successful 

exploitation leads to writing or reading arbitrary files outside of the web root. 

Solution: Upgrade to a version of CuteNews higher than 1.4.1. 

CVE-2005-3507 

Quicktime < 7.0.3 (Windows) Detection 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nThe remote Windows 

host is running a version of Quicktime 7 that is older than Quicktime 7.0.3. This version is 

vulnerable to various buffer overflows that may allow an attacker to execute arbitrary code 

on the remote host by sending a malformed file to a victim and have him open it using 

QuickTime player. 




CVE-2005-2755 

ClamAV < 0.87.1 Content-parsing Buffer Overflow 


RISK: 

MEDIUM 




ClamAV is reported vulnerable to a flaw where the parsing of a malicious file will cause 

the clamav process to execute arbitrary code. An attacker exploiting this flaw would only 

need to be able to craft and send a malformed email to a ClamAV server. Successful 

exploitation results in the server executing arbitrary code or crashing. 


CVE-2005-3501 

Acme thttpd < 2.24 CGI Test Script Symlink Arbitrary File Overwrite 


RISK: 

MEDIUM 



temporary files.\n\nThe remote host is running a vulnerable version of Acme thttpd. It is 

reported that versions prior to 2.24 are prone to a local flaw where temporary files can be 

used by local users to escalate their privileges on the machine. Specifically, attackers can 

use the insecure temp files to overwrite critical web content or configuration files. 


CVE-2005-3124 

PHPList < 2.10.3 Multiple Vulnerabilities 


RISK: 

MEDIUM 



is running PHPList. PHPList is a PHP application that gathers handles mailing and 

customer lists. This version is reported to be prone to a SQL Injection flaw. An attacker 

exploiting this flaw would be able to read the database, manipulate the database, and 

possibly run commands with the privileges of the web server. The SQL injection attack 

vector requires administrative access. There is also a directory traversal flaw where an 

attacker can send a malformed HTTP query and retrieve files outside of the webroot 

directories. Finally, the remote application is vulnerable to multiple HTML injection and 

Cross-Site Scripting (XSS) flaws. 


CVE-2005-3557 



Computer Associates Message Queuing Service Buffer Overflow 


Description: Synopsis :\n\nArbitrary code can be executed on the remote host due to a flaw in the 

Message Queuing service.\n\nThe remote version of Computer Associates Message 

Queuing Service contains a stack overflow in the 'log_security' function that may allow an 

attacker to execute arbitrary code on the remote host. This version is also prone to :\n- 

Denial of Service on the TCP port 4105\n- arbitrary code execution through spoofed CAFT 

packets\nAn attacker does not need to be authenticated to exploit this flaw. 

Solution: Refer to http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_notice.asp 

CVE-2005-2668 

Sylpheed < 2.0.4 Address Book LDIF Import Overflow 


RISK: 

MEDIUM 




vulnerable to a buffer overflow via specially crafted email messages. An attacker exploiting 

this flaw would need to be able to convince a user to open a malicious email message and 

importing an attached LDIF file into their address book. Successful exploitation would lead 

to a Denial of Service or remote code execution. 


CVE-2005-3354 

RealPlayer for Windows Multiple Overflows (2) 


Description: Synopsis :\n\nThe remote Windows application is affected by several overflow 

vulnerabilities.\n\nThe installed version of RealPlayer / RealOne Player / RealPlayer 

Enterprise for Windows on the remote host is prone to buffer overflow and heap overflow 

vulnerabilities. An attacker may be able to leverage these issues to execute arbitrary code 

on the remote host subject to the permissions of the user running the affected application. 

Note that a user doesn't necessarily need to explicitly access a malicious media file since 

the browser may automatically pass RealPlayer skin files (ie, files with the extension '.rjs') 

to the application. 

Solution: See http://service.real.com/help/faq/security/memory.html 

CVE-2005-2629 

Lynx < 2.8.6 dev15 Arbitary Code Execution 





flaw.\n\nThe remote host is using Lynx as a web browser. This version of Lynx is 

vulnerable to a flaw where an attacker, convincing a Lynx user to browse a malicious URI, 

can execute arbitrary code on the remote system. 

Solution: Upgrade to version 2.8.6 dev15 or higher. 

CVE-2005-2929 

IPCop Web Interface Detection 


RISK: 

MEDIUM 



sensitive files or data.\n\nThe remote host is running the IPCop web interface. This 

interface allows administrators to remotely access and configure the underlying firewall. 

Because compromise of a firewall can lead to much more serious attacks, care should be 

taken to harden the IPCop web interface. Critical information (such as firewall 

configuration, administrative login, etc.) should not be passed across the network 

unencrypted. 

Solution: Ensure that only valid users can query the IPCop interface. Require the use of SSL from 

remote users. 


PHPSysInfo < 2.4.0 Multiple Vulnerabilities 


RISK: 

MEDIUM 



is running PHPSysInfo, a PHP application that gives system information via a web 

interface. This version of PHPSysInfo is vulnerable to a multitude of flaws. These flaws 

include Cross-Site Scripting (XSS), HTML injection, and a local file inclusion flaw. There 

is also an inherent risk whenever system information is displayed via a web interface. Of 

these flaws, the more serious flaw is the local file inclusion vulnerability. An attacker 

exploiting this flaw would be able to retrieve and display potentially confidential files (such 

as /etc/passwd). This can lead to confidential materials being downloaded by anonymous 

users. 


CVE-2005-3347 


phpWebThings download.php file Parameter SQL Injection 




is running phpWebThings, a PHP web development framework. This version of 

phpWebThings is vulnerable to a SQL Injection flaw. An attacker exploiting this flaw 

would send a malformed query to the download.php script. Successful exploitation would 

allow the attacker to execute commands on the backend SQL database. This can lead to 

loss of confidential materials as well as compromise of the integrity of the SQL database 

server. 


CVE-2005-3676 

Moodle < 1.5.3 Multiple Scripts SQL Injection 



is running Moodle, an open-source content-management system written in PHP. This 

version of Moodle is vulnerable to a SQL Injection flaw. An attacker exploiting this flaw 

would send a malformed request to one of the affected PHP scripts. Successful exploitation 

would result in the attacker executing arbitrary commands against the backend SQL server. 

This would lead to a loss of confidential material, possible loss of database integrity, and 

possible loss of availability. 


CVE-2005-3648 

Sony XCP-DRM Rootkit Detection 



questionable.\n\nThe remote host is running the Sony XCP-DRM Rootkit. While not 

malicious in nature, the Sony software hides itself on the target host and monitors copying. 

Solution: Ensure that this software is compliant with corporate policies and procedures. While some 

third party vendors are offering a tool to remove the software, it is recommended that you 

contact the vendor for an uninstall tool. 


Xoops < 2.2.4 Multiple Vulnerabilities 




Xoops installed on the remote host is prone to several vulnerabilities. These include HTML 

Injection, SQL Injection, and Directory traversal flaws. An attacker exploiting these flaws 

would be able to retrieve confidential data from the remote server, execute arbitrary SQL 

commands on the remote database server, and execute malicious code within the browser 


of unsuspecting users. 


CVE-2005-3681 

Absinthe SQL Injection Tool Detection 


Description: The remote host is running Absinthe. Absinthe is a tool that automates SQL Injection 

queries and makes a local copy of the remote database. Given a form or script that is 

vulnerable to SQL Injection, Absinthe will take care of all the brute-forcing necessary to 

build a local copy of the database. The script that Absinthe appears to be targeting is\n\n%L 

Solution: Ensure that this application is being used in conjunction with corporate policies and 

guidelines. 


Macromedia Flash < 2.0 Malformed RTMP Data DoS 



remote host is running Macromedia Flash server, a multimedia server. This version of Flash 

is reported to be vulnerable to a flaw; however, the details of the flaw have not been 

released. It is rumoured that the flaw would lead to Denial of Service (DoS) attack. 


CVE-2005-3901 

iTunes For Windows < 6.0 Local Code Execution 


Description: Synopsis :\n\nThe remote host contains an application that is affected by a local code 

execution flaw.\n\nAccording to its banner, the version of iTunes for Windows on the 

remote host launches a helper application by searching for it through various system paths. 

An attacker with local access can leverage this issue to place a malicious program in a 

system path and have it called before the helper application. 


CVE-2005-2938 

HTTPrint Scanning Software Detection 




Description: The remote host is running the HTTPrint scanning software. HTTPrint is used to enumerate 

and fingerprint HTTP servers. With any scanner software, there will always be the risk of 

interruption of services due to scanning. As HTTPrint uses some non-standard HTTP 

commands, it may cause some web servers to fail. Further, if the tool is used against a 

non-HTTP service, it can also cause availability issues. 

Solution: Ensure that this software is being used in accordance with corporate policies and 

guidelines. 


Acunetix Web Vulnerability Scanner Detection 


Description: The remote host is running the Acunetix Vulnerability Scanner version: \n %L \n\nEnsure 

that the usage of this scanner is in accordance with corporate security policy. 

Solution: You should ensure that such a scanner is allowed by corporate policies and guidelines. 


WorldMail IMAP Server Directory Traversal Arbitrary Spool Access 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow and a directory traversal 

flaw.\n\nThe remote host is running Eudora WorldMail, a commercial email server for 

Windows. This version of Worldmail is vulnerable to a remote buffer overflow due to the 

way that it processes commands with multiple '}' characters. An attacker exploiting this 

flaw would be able to execute arbitrary code on the target machine. In addition, the IMAP 

server bundled with the version of WorldMail installed on the remote host fails to filter 

directory traversal sequences from mailbox names and fails to restrict access to mailboxes 

within its spool area. An authenticated attacker can exploit these issues to read and manage 

the messages of other users on the affected application as well as move arbitrary folders on 

the affected system. Such attacks could result in the disclosure of sensitive information as 

well as affect the stability of the remote host itself. 


Winmail Server < 

CVE-2005-3189 




is running a version of Magic Winmail Server that is vulnerable to multiple flaws. These 

flaws include a directory traversal flaw that would allow an attacker to access confidential 

data, a cross-site scripting (XSS) flaw and an HTML injection flaw. 



CVE-2006-1250 

Jetty < 5.16.0 JSP Source Code Disclosure 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server can disclose source code.\n\nThe remote host is 

running Jetty, a Java web server that can be downloaded off the Internet and is currently 

bundled with some IBM applications. This version of Jetty is vulnerable to a remote 'source 

code disclosure' flaw. An attacker exploiting this flaw would append a '%5C' to the end of a 

'.jsp' URI request. Successful exploitation would result in the attacker downloading source 

code. 


CVE-2005-3747 

MailEnable IMAP Service Remote DoS 


RISK: 

MEDIUM 



remote host is running a version of MailEnable's IMAP service that is prone to a remote 

Denial of Service (DoS) attack. Specifically, an attacker requesting a nonexistent mailbox 

can crash the service. An attacker exploiting this flaw would need to be able to authenticate 

with some valid user account. Following successful authentication, the attacker would 

request a nonexistent mailbox. Successful exploitation leads to a loss of availability. 

Solution: Upgrade to MailEnable Professional 1.7.1 or higher or to MailEnable Enterprise Edition 1.2 

or higher. 

CVE-2006-0504 

WebCalendar < 1.0.2 Multiple Vulnerabilities 



Description: The remote web server has a PHP application that is affected by multiple vulnerabilities. 

The remote version of WebCalendar does not validate input to the 'id' and 'format' 

parameters of the 'export_handler.php' script before using it to overwrite files on the remote 

host, subject to the privileges of the web server user ID. In addition, the 'activity_log.php', 

'admin_handler.php', 'edit_report_handler.php', 'edit_template.php' and 'export_handler.php' 

scripts are prone to SQL injection attacks and the 'layers_toggle.php' script is prone to 

HTTP response splitting attacks. 



CVE-2005-3982 

Gallery Unspecified Remote Vulnerabilities 


RISK: 

MEDIUM 




an 'unspecified' flaw. While the exact details of the flaw are unknown, the vendor has 

released version 2.0.2 as a fix. In addition, this version of Gallery is supposedly vulnerable 

to an HTML injection flaw. An attacker exploiting this flaw would need to be able to 

convince a user to browse to a malicious URI. Successful exploitation could lead to the loss 

of potentially confidential data 

Solution: Upgrade to version 2.0.2 or 1.5.2 or higher. 

CVE-2006-0330 

Xaraya Directory Traversal Arbitrary File/Directory Manipulation 


RISK: 

MEDIUM 



host is running Xaraya, a PHP Web application framework. This version of Xaraya is 

vulnerable to a directory traversal flaw. An attacker can request and receive a file that is 

outside of the web directories. Successful exploitation would give the attacker confidential 

data (such as the user password file or critical configuration files) that would be useful in 

other types of attacks. 


CVE-2005-3929 

Symantec pcAnywhere Detection 


Description: The remote host is running pcAnywhere, an application that allows remote users to connect 

to a Windows desktop and work remotely. 

Solution: Ensure that you are running the latest version of pcAnywhere. 



ZoneAlarm Personal Firewall < 6.1.737.000 Multiple Vulnerabilities 

PVS ID: 3307 FAMILY: Generic NESSUS ID:Not Available 


RISK: 

MEDIUM 


remote host is running ZoneAlarm, a personal firewall for the Windows platform. The 

client is running a version of ZoneAlarm that is less than 6.1.737.000. This version of 

ZoneAlarm is reported to be vulnerable to a number of flaws that can render the firewall 

unuseable or, in some instances, give the users a false sense of security. 






is running Apple Mac OS X, but lacks Security Update 2005-009. This security update 

contains fixes for the following applications :\n- Apache2\n- Apache_mod_ssl\n- 

CoreFoundation\n- curl\n- iodbcadmintool\n- OpenSSL\n- passwordserver\n- Safari\nsudo\n- 

syslog 


Opera < 

CVE-2005-3704 


RISK: 

MEDIUM 



remote host is using a version of Opera that is vulnerable to a number of remote Denial of 

Service (DoS) attacks. An attacker exploiting these flaws would need to be able to convince 

a user to browse to a malicious URI. Successful exploitation would result in the browser 

crashing. 


CVE-2005-3946 

SQL Injector SQL Injection Tool Detection 



Description: The remote host is running SQL Injector. SQL Injector is a tool that automates SQL 

Injection queries and tests database applications. Given a form or script that is vulnerable to 

SQL Injection, SQL Injector will take care of all the brute-forcing necessary to exploit the 

remote database. The script that SQL Injector appears to be targeting is\n\n%L 



guidelines. 


Nokia Intellisync Web Portal Detection 


RISK: 

MEDIUM 



application.\n\nThe remote server is a Nokia Intellisync web portal. These portals are 

designed for access by users of portable devices (PDA, cell phone, etc.). A user can 

configure their POP/IMAP mail servers, accounts and more via this interface. Intellisync 

supports an option for forcing these communications over an encrypted (SSL) channel. This 

is the recommended configuration. 

Solution: Ensure that clients are forced into an SSL channel. 


Testing NAT-T RFC VPN Detection 


Description: The remote host is running the Testing NAT-T RFC VPN server. 

Solution: N/A 


Windows 2000 VPN Detection 


Description: The remote host is running the Windows 2000 VPN Server. 

Solution: N/A 


Windows 2003 VPN Detection 


Description: The remote host is running the Windows 2003 VPN Server. 

Solution: N/A 




Windows XP VPN Detection 


Description: The remote host is running the Windows XP VPN Server. 

Solution: N/A 


Ipswitch IMail Format String and 'LIST' Command DoS 


Description: Synopsis :\n\nThe remote host is vulnerable to a format string flaw.\n\nThe remote host is 

running a version of the Ipswitch Collaboration Suite / Ipswitch IMail IMAP server that is 

prone to a format string flaw. An attacker exploiting this flaw would send a malformed 

string to the remote mail server. Successful exploitation would result in the attacker 

executing arbitrary code. The affected SMTP arguments are: EXPN, MAIL, MAIL FROM, 

and RCPT TO. In addition, the remote host is vulnerable to a flaw when processing very 

long 'LIST' commands. Successful exploitation results in the remote service crashing. 

Solution: Upgrade to version 8.22.0 of IMail or version 2.0.0.2 of the Ipswitch Collaboration Suite. 

Curl < 

CVE-2005-2923 



using a version of curl (or libcurl) that is vulnerable to a remote buffer overflows. To 

exploit, an attacker would have to set up a rogue web server and entice a curl user into 

browsing to the malicious server. Upon successful exploitation, the attacker would be able 

to execute arbitrary commands with the rights of the web server. 


CVE-2006-1985 

PHPMyAdmin < 2.7.0 pl1 Global Variable Overwrite 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a flaw where attackers can overwrite critical 

variables.\n\nThe remote host is running phpMyAdmin, a web interface for administering 

MySQL database servers. This version of phpMyAdmin is vulnerable to a flaw that allows 

remote attackers to overwrite global variables. An attacker exploiting this flaw would only 

need to be able to send an HTTP query to the web server. Successful exploitation would 

result in critical variables being overwritten. This can lead to a partial loss of data integrity. 


Solution: Upgrade to version 2.7.0 pl1 or higher. 

CVE-2005-4079 

Apache James < 2.2.1 Spooler retrieve Function DoS 


RISK: 

MEDIUM 



remote host is running the Apache James software, a Java-based POP3, SMTP, and NNTP 

server. This version of JAMES is vulnerable to a flaw in the way that the spooler handles 

malformed messages. An attacker exploiting this flaw would need to be able to send 

multiple malformed emails to the server. Successful exploitation would result in the 

JAMES server depleting all system resources and eventually crashing. 


CVE-2004-2650 

Apache James < 2.2.1 Spooler retrieve Function DoS 


RISK: 

MEDIUM 



remote host is running the Apache James software, a Java-based POP3, SMTP, and NNTP 

server. This version of JAMES is vulnerable to a flaw in the way that the spooler handles 

malformed messages. An attacker exploiting this flaw would need to be able to send 

multiple malformed emails to the server. Successful exploitation would result in the 

JAMES server depleting all system resources and eventually crashing. 


CVE-2004-2650 


Courier Mail Server < 0.52.2 Deactivated Account Authentication Bypass 


Description: Synopsis :\n\nThe remote host may allow deactivated users to access their accounts using 

their old credentials.\n\nThe remote host is running Courier Mail Server, an open source 

mail server for Linux and Unix. The installed version of Courier is prone to a bug in the 

way that it handles deactivated accounts. Versions of Courier less than 0.52.2 will still 

allow deactivated accounts to be accessed and used. An attacker exploiting this flaw would 

need to have the deactivated credentials in order to exploit this flaw. 

Solution: Upgrade to Courier Mail Server 0.52.2 or higher. 


CVE-2005-3532 

Contenido < 4.6.4 class.inuse.php Multiple Parameter Remote File Inclusion 



arbitrary commands\n\nThe remote host is running Contenido, a web content-management 

application. This version of Contenido is vulnerable to an unspecified 'command execution' 

flaw. It is reported that an attacker can, by sending a malformed query, coerce the 

application into running system commands. This flaw can only be executed if the 

"allow_url_fopen" and "register_globals" PHP variables are enabled. Successful 

exploitation would result in loss of confidential data as well as a compromise of system 

integrity. 


Lyris List Manager < 

CVE-2005-4132 



is running Lyris List Manager, a mailing list manager. This version of Lyris is vulnerable to 

multiple flaws. There is a flaw in the way that Lyris handles SQL queries that an attacker 

could use to execute arbitrary commands on the backend database. There is a flaw that 

would allow an attacker to execute arbitrary commands with the permissions of the web 

server. Finally, there are several flaws that would allow an attacker to access information 

that was not intended for public consumption. An attacker exploiting these flaws would 

likely be able to access confidential data and tarnish the integrity of both the web server 

and the database. 

Solution: Upgrade to a version higher than 8.8a. 

CVE-2005-4142 

Sights 'N Sounds Media Server < 



RISK: 

MEDIUM 



running Sights 'N Sounds, a media server that streams content to remote web clients. This 

version of Sights 'N Sounds is vulnerable to a remote buffer overflow. Specifically, when 

an attacker sends an overly long request such as 'GET /MediaListing.exe?', it causes the SWS.exe process to overwrite memory and either crash or 


Solution: Upgrade to a version of higher than 2.0.3b. 


CVE-2005-4194 

Sights 'N Sounds Media Server Detection 


Description: The remote host is running Sights 'N Sounds, a media server that streams content to remote 

web clients. 

Solution: N/A 


Blackboard Academic Suite < 7.0 Multiple Vulnerabilities 


RISK: 

MEDIUM 



is running Blackboard, a web-based academic software package that allows organizations 

to teach students remotely. This version of Blackboard is vulnerable to multiple flaws that 

allow remote attackers to bypass authentication, gain administrative access, and display 

untrusted domain content within a trusted frame (cross-domain content insertion). An 

attacker exploiting the 'cross-domain' flaw would need to be able to convince a user to 

browse to a malicious URI. 


CVE-2006-0511 

PHP Support Tickets < 2.1 index.php Multiple Field SQL Injection 



is running PHP Support Tickets, a PHP help-desk application. An attacker exploiting this 

flaw would only need to be able to send HTTP queries to the remote application. 

Successful exploitation would result in the attacker being able to execute arbitrary 

commands on the backend database server. 


CVE-2005-4264 


SSH Tectia Server < 5.0.1 Host Authentication Authorization Bypass 


Description: Synopsis :\n\nIt is possible to bypass the authentication of the remote SSH server.\n\nThe 

remote host is running the Tectia SSH Server. This version of Tectia is older than 5.0.1. 

Versions older than 5.0.1 are vulnerable to a flaw in which an attacker may bypass the 


authentication routine. However the SSH server must be configured to use Host-Based 

authentication only. 


CVE-2005-4310 

ColdFusion < 7.01 MX Multiple Vulnerabilities 



is running Macromedia ColdFusion, a web application server. This version of ColdFusion 

is vulnerable to a number of flaws. Some of the attacks are remote in nature; however, most 

of the attacks require local user access. Successful exploitation results in remote users 

bypassing security mechanisms or local users escalating their privileges (potentially to 

Administrator rights) 

Solution: Upgrade to ColdFusion 7.01 MX or higher. 

CVE-2005-4345 

Dropbear SSH Server < 0.47 svr_ses.childpidsize Remote Overflow 


RISK: 

MEDIUM 



running a version of the Dropbear SSH server that is vulnerable to a remote buffer 

overflow. An attacker exploiting this flaw would need to be able to log into a valid account. 

After logging in, the user would send a malformed request to the SSH server which would 

result in a buffer overflow and execution of arbitrary code. 

Solution: Upgrade to version 0.47 or higher . 

CVE-2005-4178 

Pegasus Email Client < 4.31 Multiple Remote Overflows 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to several remote buffer overflows.\n\nThe 

remote host is running the Pegasus Email client. This version of Pegasus is vulnerable to 

two (2) distinct remote buffer overflows. In the first instance, an attacker, convincing a 

Pegasus user to connect to a malicious server, can cause a buffer overflow resulting in 

execution of arbitrary code. In the second instance, an attacker would need to be able to 

convince a Pegasus user to view the email 'headers'. Successful exploitation would result in 

the execution of arbitrary code. 



CVE-2005-4445 

PhpGedView PGV_BASE_DIRECTORY Parameter Remote File Inclusion 


Description: Synopsis :\n\nThe remote web server contains a PHP application that is prone to a remote 

file inclusion vulnerability.\n\nThe remote host appears to be running PhpGedView, a 

web-based genealogy program written in PHP. The version of PhpGedView installed on the 

remote host fails to sanitize user-supplied input to the 'PGV_BASE_DIRECTORY' 

parameter of the 'help_text_vars.php' script before using it in a PHP 'require' function. 

Provided PHP's 'register_globals' setting is enabled, an unauthenticated attacker may be 

able to exploit this flaw to read arbitrary files on the remote host and or run arbitrary code, 

possibly taken from third-party hosts, subject to the privileges of the web server user ID. In 

addition, the application reportedly fails to sanitize user input to the 'user_language', 

'user_email', and 'user_gedcomid' parameters of the 'login_register.php' script, which could 

be used by an attacker to inject arbitrary PHP code into a log file that can then be executed 

on the affected host, subject to the permissions of the web server user ID. 

Solution: Upgrade to version 3.3.7 or 4.0 beta 3 and apply the patch referenced in the vendor 

advisory above. 

CVE-2005-4468 

Network Block Device Server Detection 


Description: Synopsis :\n\nThe remote host is running a remote storage service.\n\nThe remote host is 

running a Network Block Device (NBD) server, which allows one Linux host to use 

another as one of its block devices. 

Solution: Ensure that you are running the latest version of NBD. 



Mantis < 0.19.5 Multiple Unspecified Vulnerabilities 



attack as well as other unspecified vulnerabilities.\n\nThe remote host appears to be 

running a vulnerable version of Mantis, a bug tracker web application written in PHP. It is 

reported that versions 0.19.3 and lower are vulnerable to a number of flaws. While the 

details of the flaws are unknown, it is believed that successful exploitation of the flaws 

would lead to an attacker uploading files or executing code on the remote database. 

Solution: Upgrade to version 0.19.5 (or 1.0.0 RC5) or higher. 


CVE-2006-0841 

MIMESweeper Detection 


Description: Synopsis :\n\nThe remote host is running an antivirus server.\n\nThe remote host is running 

a 'MIMESweeper for Web' antivirus product. 

Solution: Ensure that you are running the latest version of MIMESweeper. 


Cerberus Help Desk < 2.7.0 Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote host is vulnerable to multiple injection-type attacks.\n\nThe 

remote host is running Cerberus, a web-based Help Desk. This version of Cerberus is 

vulnerable to multiple flaws. The more serious of these flaws involves SQL Injection. An 

attacker can send a malformed request that, when parsed, will execute arbitrary commands 

on the remote database server. 


CVE-2005-4427 

MyBulletinBoard < 1.01 function_upload.php SQL Injection 



attack.\n\nThe remote host is running MyBulletinBoard, a PHP-based bulletin board. The 

remote version of this software is prone to SQL injection attacks due to its failure to 

sanitize user-supplied input to various scripts before using it in database queries. This may 

allow an attacker to uncover sensitive information (such as password hashes), access the 

Admin Control Panel without authentication, modify existing data, and launch attacks 

against the underlying database. 


CVE-2005-4602 


Web Wiz Multiple Products check_user.asp txtUserName Parameter SQL Injection 



is running Web Wiz, a suite of products which offers services via HTTP. The installed 

version of Web Wiz is prone to a SQL Injection flaw. An attacker exploiting this flaw 


would send a malformed HTTP query to the application. Successful exploitation would 

result in the attacker being able to read or write confidential data. In addition, the attack 

may be able to execute arbitrary code on the remote database server. 


CVE-2005-4606 

IBM AIX WebSM Detection 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote server is running a web-based system manager.\n\nThe remote 

host is running IBM's WebSM, a web-based system manager. An attacker browsing this 

page would be able to gain information regarding the underlying operating system. Further, 

web-based system managers allow a point of attack for attackers who wish to brute-force 

accounts and passwords. Also, the application is not configured to use encryption. A 

passive attacker with the means to capture local traffic can sniff system configuration 

information. 

Solution: Ensure that this application utilizes both strong encryption as well as authentication. 


IBM AIX WebSM getCommand.new Local Traversal Vulnerability 


Description: Synopsis :\n\nThe remote host is vulnerable to a local 'directory traversal' flaw.\n\nThe 

remote host is running the IBM AIX WebSM, a web-based system manager. This version 

of WebSM is vulnerable to a flaw where local users can gain access to potentially 

confidential data by passing a malformed query to the getCommand.new utility. 

Specifically, a request for a file like '../../../../' will retrieve the file as if the 

system manager had requested it. 


CVE-2006-0133 

Gmail File System Detection 



RISK: 

MEDIUM 



corporate policy.\n\nThe remote client is using the Gmail File System (GmailFS), an 

application that allows users to use their Google email account as a virtual drive. Users can 

treat the GmailFS as if it were an additional drive within their computer. They can 

drag-and-drop files into the drive. There is an inherent risk with 1) storing data on a public 

mail server 2) passing data to/from the public mail server in plaintext and 3) allowing 


anonymous users to possibly inject files into the virtual filesystem. 

Solution: Ensure that corporate policies and guidelines allow users to store data on public Internet 

servers. 


Sophos Control Center Detection 


Description: The remote host is running the Sophos Control Center. Sophos is an antivirus software and 

the Control Center allows the central management of multiple Sophos clients. 

Solution: Ensure that you are running the latest version of Sophos Control Center. 


WinProxy < 6.1a Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote proxy is affected by multiple vulnerabilities.\n\nThe remote host 

is running WinProxy, a proxy server for Windows. This version of WinProxy suffers from 

denial of service and buffer overflow vulnerabilities in its telnet and web proxy servers. An 

attacker may be able to exploit these issues to crash the proxy or even execute arbitrary 

code on the affected host. 


CVE-2005-3654 

HylaFAX < 4.2.4 Multiple Vulnerabilities 



is running HylaFAX, a fax transmission software. It is reported that HylaFAX is prone to a 

number of flaws that would allow a remote attacker to execute arbitrary commands with the 

permission of the process running HylaFAX. In addition, the application is vulnerable to a 

flaw that would allow remote attackers to bypass authentication, giving them administrative 

access without the proper credentials. An attacker exploiting either of these flaws will be 

able to gain control of the remote HylaFAX server. 


TFTP Client Detection 

CVE-2005-3538 




Description: The remote host is running a TFTP client. 

Solution: N/A 


Broadlogic XLT Router Default Password 



credentials.\n\nThe remote host is running a Broadlogic XLT router server with the default 

login and password set ('webadmin'/'webadmin').\nThe affected web application is:\n%P 

Solution: Do not use default passwords for this device. 


'admin/1234' Default Password 



credentials.\n\nThe remote host is running a web server with the default login and password 

set to 'admin/1234'.\nThe affected web application is:\n%P 

Solution: Do not use default passwords. 


Apache < 2.0.3 mod_auth_pgsql Module Server Log Format String 



host is running the Apache mod_auth_pgsql module, a module for authenticating remote 

users against a PostgreSQL database. This version of mod_auth_pgsql is vulnerable to 

multiple format string flaws. An attacker exploiting these flaws would be able to execute 

arbitrary code on the remote web server. 


CVE-2005-3656 

SocketScanner Detection 




Description: The remote host is running SocketScanner, a security tool that inspects and blocks 

malicious traffic. SocketScanner is often run in conjunction with WormRadar. WormRadar 

is a tool that monitors worm activity and sends the information to the wormradar.com 

servers. 

Solution: Ensure that you are running the latest version of SocketScanner. 


Apache < 1.6.1 auth_ldap Module Remote Format String 



host is running the Apache auth_ldap module, a module for authenticating remote users 

against an LDAP server. This version of auth_ldap is vulnerable to a format string flaw. An 

attacker exploiting this flaw would be able to execute arbitrary code on the remote web 

server. 


CVE-2006-0150 

Eudora Internet Mail Server < 3.2.8 NTLM Authentication Request DoS 


RISK: 

MEDIUM 



remote host is running Eudora Internet Mail Server (EIMS), an SMTP server for Mac OS. 

The installed version of EIMS is vulnerable to a remote Denial of Service (DoS). An 

attacker exploiting this flaw would be able to cause the remote mail server to crash, 

impacting the availability of the service to valid users. 


CVE-2006-0141 

ClamAV < 0.88.0 UPX File Processing Overflow 




running ClamAV, an open-source antivirus solution for Unix and Windows systems. This 

version of ClamAV is reported to be vulnerable to a flaw where the parsing of a malicious 

file will cause the clamav process to execute arbitrary code. While the details of the attack 

are currently unknown, it is rumoured that an attacker exploiting this flaw would only need 

to be able to craft and send a malformed email to a ClamAV server. Successful exploitation 

results in the server executing arbitrary code or crashing. 



CVE-2006-0162 

PostgreSQL postmaster Connection Saturation DoS 


RISK: 

MEDIUM 



remote host is running PostgreSQL, an open source relational database. This version is 

vulnerable to a Denial of Service (DoS) flaw. Specifically, an attacker initiating multiple 

connections to the 'postmaster' service may be able to cause the service to fail. This can 

lead to a loss of availability. 


CVE-2006-0105 

Quicktime < 7.0.4 (Windows) Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote version of QuickTime is affected by multiple code execution 

vulnerabilities.\n\nThe remote version of Quicktime is vulnerable to various buffer 

overflows involving specially crafted images and media files. An attacker may be able to 

leverage these issues to execute arbitrary code on the remote host by sending a malformed 

file to a victim and having him/her open it using QuickTime player. 


CVE-2005-4092 

Microsoft Outlook / Exchange TNEF Decoding Arbitrary Code Execution 


Description: Arbitrary code can be executed on the remote host through the email client or the email 

server. The remote host is running a version of Outlook that is vulnerable to a bug in the 

Transport Neutral Encapsulation Format (TNEF) MIME attachment handling routine that 

may allow an attacker execute arbitrary code on the remote host by sending a specially 

crafted email. 

Solution: Microsoft has released a set of patches for Office 2000, 2002, XP, and 2003. 

CVE-2006-0002 

Microsoft Outlook Email Client Detection 




Description: The remote host is running the Microsoft Outlook email client, version: \n %L 

Solution: N/A 


BEA WebLogic < 8.1.0 SP6 MBeanHome Config Information Disclosure 


RISK: 

MEDIUM 



sensitive files.\n\nThe remote host is running a version of BEA WebLogic Server or 

WebLogic Express that is prone to a flaw in the way that it handles anonymous RMI 

connections. An attacker exploiting this flaw would be able to retrieve sensitive 

configuration files anonymously. Such information would undoubtedly aid the attacker in 

more sophisticated attacks. 

Solution: Upgrade to version 8.1.0 SP6 or higher. 

CVE-2003-1290 

PHP < 5.1.2 mysqli Error Message Format String 



host is running a version of PHP that is older than 5.1.2. Versions 5.1.0 and 5.1.1 are 

potentially vulnerable to a remote format string vulnerabilty. Specifically, if PHP is 

configured to log MySQL errors, then an attacker may be able to trigger a condition 

wherein arbitrary commands or code are executed. 


CVE-2006-0200 

Nokia Intellisync Portable Device Detection 


Description: The remote client is a portable device (PDA, laptop, cell phone, etc.) that is managed by a 

Nokia Intellisync server. 

Solution: N/A 


FTP Client Detection (PORT) 


PVS ID: 3375 FAMILY: FTP Clients RISK: INFO NESSUS ID:Not Available 


Description: The remote host is running an FTP client. 

Solution: N/A 


FTP Client Detection (PASV) 



Solution: N/A 

FTP Client Detection 




Solution: N/A 

WinComet Detection 



Description: The remote client was observed signing into a 'Torrent' P2P network. This sort of network 

allows users to upload and download files. 

Solution: Ensure that such activity is authorized with respect to corporate guidelines and policies. 


ELOG < 2.6.2 Multiple Vulnerabilities 




appears to be using ELOG, a web-based electronic logbook application. The version of 

ELOG installed on the remote host fails to filter directory traversal strings before 

processing GET requests. An attacker can exploit this issue to retrieve the contents of 

arbitrary files from the remote host, subject to the privileges under which ELOG runs. In 

addition, the application is reportedly affected by a format string vulnerability in the 

'write_logfile'. Provided logging is enabled, an attacker may be able to exploit this via the 

'uname' parameter of the login form to crash the application or execute arbitrary code 

remotely. 



CVE-2006-0599 

Lysator LSH Seed-file File Descriptor Leak 



is running Lysator's LSH, a version of Secure Shell (SSH) that is available for Unix-like 

platforms. This version of LSH is reported to be vulnerable to a local flaw. Specifically, 

this version of LSH leaks its file descriptors. A local attacker armed with this knowledge 

may be able to access confidential data or cause the LSH server to fail. 


CVE-2006-0353 

Microsoft CryptoAPI Version Check 


Description: The remote host is running Microsoft CryptoAPI, version %L 

Solution: N/A 


Cisco VPN Concentrator 3000 < 4.7.3 Crafted HTTP Packet DoS 



remote host is running the Cisco VPN Concentrator 3000 product. This version of the VPN 

Concentrator is vulnerable to a remote Denial of Service (DoS) attack. Specifically, an 

attacker with access to the HTTP port(s) can send a malformed query that, upon parsing, 

would cause the Concentrator to fail. Successful exploitation would result in a denial of 

service to valid users. 


CVE-2006-0483 


Mercury Mail Transport System < 4.01b ph Service Buffer Overflow 


Description: Synopsis :\n\nThe remote ph service is affected by a buffer overflow vulnerability.\n\nThe 

remote host is running the Mercury Mail Transport System, a free suite of server products 

for Windows and NetWare associated with Pegasus Mail. The remote installation of 

Mercury includes a ph server that is vulnerable to buffer overflow attacks. By leveraging 


this issue, an unauthenticated remote attacker is able to crash the remote service and 

possibly execute arbitrary code remotely. 

Solution: Upgrade to version 4.01b or higher. 

CVE-2005-4411 

Mercury PH Server Detection 


Description: The remote host is running the Mercury PH Server, version %L 

Solution: Ensure that you are running the latest version of Mercury PH Server. 


Shareaza P2P Fileshare Client Integer Overflow 

PVS ID: 3385 FAMILY: Peer-To-Peer File Sharing RISK: HIGH NESSUS ID:Not Available 

Description: Synopsis :\n\nThe remote host is vulnerable to a remote overflow.\n\nThe remote host is 

using Shareaza, a peer-to-peer (P2P) fileshare client. This version of Shareaza is vulnerable 

to a flaw in the way that it handles integer values. An attacker exploiting this flaw would 

send a malformed query to the Shareaza client. Successful exploitation would result in the 

attacker executing arbitrary code on the target system. 

Solution: Upgrade to a version of Shareaza greater than 2.2.1.0. 

TiVo Detection 

CVE-2006-0474 


Description: Synopsis :\n\nThe remote host is a personal video recorder (PVR).\n\nThe remote host is a 

TiVo, a personal video recorder. The version as advertised by port banners is:\n\n%L 

Solution: Ensure that the use of such devices is authorized by corporate security policy. 



Communigate Pro < 5.0.7 LDAP Module BER Decoding DoS 


Description: Synopsis :\n\nThe remote application is prone to denial of service attacks.\n\nThe remote 

host appears to be running CommuniGate Pro, a commercial email and groupware 

application. The version of CommuniGate Pro installed on the remote host includes an 

LDAP server that reportedly fails to handle requests with negative BER lengths. A user can 

leverage this issue to crash not just the LDAP server but also the entire application on the 


emote host. 


CVE-2006-0468 

Ximian Evolution < 2.3.8 Inline XML Content-parsing Overflow 


RISK: 

MEDIUM 



running a version of the Ximian Evolution email client that does not properly parse 

user-supplied data. Specifically, this version of Evolution is reported to be vulnerable to a 

flaw in the way that it handles inline XML attachments. A remote attacker can craft an 

email message such that, upon opening, Evolution crashes or executes arbitrary code. 


HTTP Proxy Detection 

CVE-2006-0040 

PVS ID: 3389 FAMILY: Web Servers RISK: NONE NESSUS ID:Not Available 

Description: The remote host is a proxy server. PVS has determined this due to the format of the HTTP 

request. PVS observed a client issuing this request: \n%P\n\nThe server replied with: \n %L 

Solution: N/A 


Winamp < 5.13 Malformed Playlist File Handling Overflow 


Description: Synopsis :\n\nA multimedia application that is affected by a buffer overflow vulnerability 

is installed on the remote Windows host.\n\nThe remote host is using Winamp, a popular 

media player for Windows. It's possible that a remote attacker using a specially-crafted 

playlist can cause a buffer overflow in the version of Winamp installed on the remote host 

resulting in a crash of the application or even execution of arbitrary code remotely subject 

to the user's privileges. This flaw can reportedly be exploited without user interaction by 

linking to a '.pls' file in an IFRAME tag. 


PmWiki < 

CVE-2005-3188 


PVS ID: 3391 FAMILY: CGI NESSUS ID:Not Available 


RISK: 

MEDIUM 


is running PmWiki, an open-source Wiki. This version of PmWiki is vulnerable to several 

flaws. An attacker exploiting these flaws would be able to upload and run arbitrary PHP 

code as well as possibly execute code within an unsuspecting user's browser. 

Solution: Upgrade to version 2.1 Beta21 or higher. 

CVE-2006-0479 

PostgreSQL Database Detection 


Description: The remote host is running a PostgreSQL database. 

Solution: N/A 


Microsoft SQL Server Database Detection 


Description: The remote host is running Microsoft SQL Server. 

Solution: N/A 


MySQL Database Detection 


Description: The remote host is running a MySQL database. 

Solution: N/A 


Oracle Database Detection 


Description: The remote host is running an Oracle database. 

Solution: N/A 



VMWare Detection 




manner.\n\nThe remote host is running VMWare, an application that allows users to run 

multiple operating systems virtually. VMWare passes the license key in plaintext across the 

Internet. An attacker sniffing the network will be able to gain access to the VMWare 

key:\n\n%L 

Solution: Disable automatic updates and only use encrypted sessions to update VMWare software. 


Invision Power Board Dragoran Forum < 1.4 index.php site Parameter SQL Injection 



is running the Dragoran Forum, a PHP-based web portal. This version of Dragoran is 

vulnerable to a SQL Injection flaw. An attacker exploiting this flaw would be able to 

execute arbitrary SQL commands on the Dragoran backend database server. 


CVE-2006-0520 

Oracle Database Detection 


Description: The remote host is running an Oracle database. 

Solution: N/A 


Nmap Scanner Detection 


Description: The remote host is running the Nmap port scanner. 

Solution: Ensure that this tool is authorized according to corporate policies and guidelines. 



















uTorrent Client Detection 


Description: The remote host is running the uTorrent P2P BitTorrent client. This client is used for 

downloading files from a Peer-To-Peer File Sharing network. The version number is: \n 

%L 

Solution: Ensure that P2P clients are authorized on this network. 


uTorrent Server Detection 


Description: The remote host is running the uTorrent P2P BitTorrent server. This server is used to store 

and upload files to Peer-To-Peer File Sharing clients. 

Solution: Ensure that P2P servers are authorized on this network. 




Mozilla Firefox < 1.5.0.1 Multiple Vulnerabilities 



is running an older version of the Firefox browser. The installed version of Firefox is 

reported to be prone to a cross-domain scripting flaw. An attacker exploiting this flaw 

would need to be able to convince a user to browse to a malicious URI. Successful 

exploitation would result in the attacker executing malicious script code within the Firefox 

browser. In addition, the remote browser is vulnerable to a memory corruption and 

authentication bypass flaw. An attacker exploiting these flaws would be able to execute 

arbitrary code on the remote browser or gain access to critical functions. 


CVE-2006-0496 

Computer Associates Message Queuing DoS 


RISK: 

MEDIUM 



remote version of Computer Associates Message Queuing Service contains a flaw when 

handling specially crafted packets destined for port 4105. An attacker exploiting these 

flaws would be able to render the service unavailable. 


CVE-2006-0529 

L2TP VPN Client Detection 


Description: The remote host is running a L2TP VPN client. 

Solution: Ensure that this software is authorized and configured correctly. 


L2TP VPN Server Detection 


Description: The remote host is running a L2TP VPN server. 

Solution: Ensure that this software is authorized and configured correctly. 




DidTheyReadIt Email Tracker (Client) Detection 


RISK: 

MEDIUM 



manner.\n\nThe remote host has opened an email that is being tracked by DidTheyReadIt. 

This software embeds a tiny HTML link within an email such that when the user opens or 

highlights the email, a connection is made to an Internet server that tells the email sender 

when the email was opened, the operating system of the recipient, the email client of the 

recipient, the geographic location of the recipient, and more. 

Solution: Use anti-spam software to block 'phone home' applications or disable HTML within the 

email reader. 


ReadNotify Email Tracker (Client) Detection 


RISK: 

MEDIUM 



manner.\n\nThe remote host has opened an email that is being tracked by ReadNotify. This 

software embeds a tiny HTML link within an email such that when the user opens or 





email reader. 


PointOfMail Email Tracker (Client) Detection 


RISK: 

MEDIUM 



manner.\n\nThe remote host has opened an email that is being tracked by PointofMail. This 

software embeds a tiny HTML link within an email such that when the user opens or 





email reader. 




DidTheyReadIt Email Tracker Application Detection 


Description: The remote host is using DidTheyReadIt to track when and where emails are read. This 

technology embeds a tiny link within an email. When the recipient opens the email, the link 

is retrieved from a xpostmail.com server and the original sender is notified when the image 

was read as well as the IP address of the recipient. This is done without the knowledge of 

the recipient. 

Solution: Ensure that such activity is allowed according to corporate policies and guidelines. 


pointofmail Email Tracker Application Detection 


Description: The remote host is using pointofmail to track when and where emails are read. This 


is retrieved from a pointofmail server and the original sender is notified when the image 

was read as well as the IP address of the recipient. This is done without the knowledge of 

the recipient. 



ReadNotify Email Tracker Application Detection 


Description: The remote host is using ReadNotify to track when and where emails are read. This 


is retrieved from a ReadNotify server and the original sender is notified when the email was 

read as well as the IP address of the recipient. This is done without the knowledge of the 

recipient. In the case of ReadNotify, the recipient is presented with a dialogue asking if 

they would like to send the sender a notification that they have received the email. Even if 

the user clicks 'No' or 'Cancel', the sender is still notified, regardless of the recipients 

wishes. 




Communigate Pro < 5.0.8 LDAP Module BER Decoding DoS 



Description: Synopsis :\n\nThe remote application is prone to a denial of service (DoS) attack.\n\nThe 

remote host appears to be running CommuniGate Pro, a commercial email and groupware 

application. The version of CommuniGate Pro installed on the remote host includes an 

LDAP server that reportedly fails to handle malformed LDAP requests. A user can leverage 

this issue to crash not just the LDAP server but also the entire application on the remote 

host. 


CVE-2006-0468 

Lotus Domino Server < 7.0.1 LDAP Component Unspecified DoS 



remote host is running a version of Lotus Domino Server that is prone to a Denial of 

Service (DoS) attack. While the details are unknown, it is alleged that a malformed LDAP 

query will cause the server to become unresponsive. This can lead to a loss of availability. 


CVE-2005-2712 

MyBulletinBoard < 1.04 SQL Injection 



attack.\n\nThe remote host is running MyBulletinBoard, a PHP-based bulletin board. The 

remote version of this software is prone to SQL injection attacks due to its failure to 

sanitize user-supplied input to various scripts before using it in database queries. This may 

allow an attacker to uncover sensitive information such as password hashes, access the 

Admin Control Panel without authentication, modify existing data, and launch attacks 



CVE-2006-0638 

McAfee Client Detection (SPIPE) 


Description: The remote client is running McAfee security software and is centrally managed by ePolicy 

Orchestrator. 

Solution: N/A 




McAfee ePolicy Orchestrator Server Detection 


Description: The remote server is running McAfee ePolicy Orchestrator. This software is used to 

centrally manage multiple remote McAfee clients. The remote server is version: \n %L 

Solution: N/A 


McAfee Client Detection (UPDATE) 


Description: The remote client is running McAfee security software. 

Solution: N/A 

IKE Server Detection 



Description: The remote host is a VPN server. VPN servers are used to connect remote hosts to internal 

resources. You should ensure that this VPN server is authorized for your company's 

computing environment and that the VPN utilizes strong encryption and strong 


Solution: Contact your VPN vendor to ensure that you are operating at a security level commensurate 

with the assets being protected. 


Lotus Notes < 6.5.5 or 7.0.1 Multiple Vulnerabilities 



running a Lotus Notes email client. Lotus Notes client versions 6.5.4 and 7.0.0 (and earlier) 

could allow a remote attacker to execute arbitrary code. Specifically, several of the routines 

that handle the uncompression of archived files do not properly handle malformed files. An 

attacker exploiting this flaw would need to be able to entice a Lotus Notes user into 

opening an archived file. 


CVE-2006-0663 

RunCMS < 1.3a3 Arbitrary File Upload 




Description: Synopsis :\n\nThe remote host is vulnerable to a file upload flaw.\n\nThe remote host is 

running RunCMS, a web-based messaging system. This version of RunCMS is vulnerable 

to a remote file upload flaw. Specifically, an attacker can create a malicious .php3 or .php5 

script and upload it to the RunCMS server. The attacker can then invoke the script, causing 

arbitrary code to be run on the RunCMS system. 

Solution: Upgrade to version 1.3a3 or higher, when available. 

Powerd Detection 

CVE-2006-1793 


Description: The remote host is using Powerd (version : %L ), an open-source application, to monitor 

UPS devices. 

Solution: N/A 


Powerd WHATIDO Variable Remote Overflow 



using Powerd (version : %L ), an open-source application, to monitor the UPS device. This 

version of Powerd is vulnerable to a remote overflow. An attacker exploiting this flaw will 

be able to execute arbitrary code on the target machine. 

Solution: Block access to the powerd server port (532) from untrusted clients. 

LinPHA < 

CVE-2006-0681 



RISK: 

MEDIUM 



is running LinPHA, a web photo gallery application written in PHP. The installed version 

of LinPHA suffers from a number of flaws, several of which may allow an unauthenticated 

attacker to view arbitrary files or to execute arbitrary PHP code on the remote host subject 

to the privileges of the web server user ID. Note that successful exploitation requires that 

PHP's 'magic_quotes_gpc' setting be disabled, that an attacker has the ability to create, 

upload or edit files on the remote host, or that the application's 'user login events log' 

setting be enabled. The host is also vulnerable to a cross-site scripting (XSS) and SQL 

injection attacks. Attackers exploiting the XSS flaw would be able to potentially execute 

malicious code within a user's browser. A successful SQL Injection attack would give the 


attacker the ability to execute arbitrary commands on the backend database server. 


CVE-2006-1924 

WebGUI < 6.8.6 'Anonymous' Account Creation 


RISK: 

MEDIUM 



attacks.\n\nThe remote host is running WebGUI, a content management framework. The 

remote version of this software is vulnerable to a flaw where an anonymous user can be 

created even if the Administrator has configured the site to reject the creation of 

anonymous accounts. An attacker exploiting this flaw would only need to be able to send a 

malformed HTTP request to the WebGUI server. Successful exploitation would lead to the 

creation of an anonymous account. 


CVE-2006-0680 

AttachmateWRQ Reflection for Secure IT Server SFTP Format String 


RISK: 

MEDIUM 


Description: The remote SSH server is affected by a format string vulnerability. The remote host is 

running AttachmateWRQ Reflection for Secure IT Server / F-Secure SSH Server, a 

commercial SSH server. According to its banner, the installed version of this software 

contains a format string vulnerability in its SFTP subsystem. An remote authenticated 

attacker may be able to execute arbitrary code on the affected host subject to his privileges 

or crash the server itself. 

Solution: Upgrade or patch according to vendor recommendations or edit the software's configuration 

to disable the SFTP subsystem. 

CVE-2006-0705 


Microsoft Windows Media Player Bitmap File Processing Overflow (911565) 


Description: Synopsis :\n\nArbitrary code can be executed on the remote host through the Windows 

Media Player.\n\nThe remote host is running Microsoft Media Player version 10. There is a 

vulnerability in the remote version of this software that may allow an attacker to execute 

arbitrary code on the remote host. To exploit this flaw, one attacker would need to set up a 

rogue BMP image and send it to a victim on the remote host. 



CVE-2006-0006 

Microsoft Windows Media Player Bitmap File Processing Overflow (911565) 



Media Player.\n\nThe remote host is running Microsoft Media Player version 9.0. There is 

a vulnerability in the remote version of this software that may allow an attacker to execute 




CVE-2006-0006 

Windows Media Player Bitmap File Processing Overflow (911565) 



Media Player.\n\nThe remote host is running Microsoft Media Player version 7.1. There is 





CVE-2006-0006 

SSH Tectia Server SFTP Filename Logging Format String 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote SSH server may be affected by a format string 

vulnerability.\n\nThe remote host is running SSH Tectia Server, a commercial SSH server. 

According to its banner, the installed version of this software contains a format string 

vulnerability in its SFTP subsystem. An authenticated remote attacker may be able to 

execute arbitrary code on the affected host subject to his privileges or crash the server 

itself. 


CVE-2006-0705 


dotProject < 2.0.2 Multiple Script Remote File Inclusion 




multiple remote file inclusion vulnerabilities.\n\nThe remote host is running dotProject, a 

web-based, open-source project management application written in PHP. The installed 

version of dotProject fails to sanitize user input to various parameters and scripts before 

using it in calls to PHP functions such as 'include', and 'require_once()'. Provided PHP's 

'register_globals' setting is enabled, an unauthenticated attacker may be able to leverage 

these issues to view arbitrary files or to execute arbitrary PHP code on the remote host, 

subject to the privileges of the web server user ID. 


CVE-2006-0755 


PVS ID: 3434 FAMILY: Operating System Detection RISK: LOW NESSUS ID:20911 

Description: Synopsis :\n\nThe remote host is missing a Mac OS X update that fixes a security 

issue.\n\nThe remote host is running a version of Mac OS X 10.4 that is older than version 

10.4.5. Mac OS X 10.4.5 contains several security fixes for a local denial of service 

vulnerability. A malicious local user may trigger the vulnerability by invoking an 

undocumented system call. 


CVE-2006-0382 

WordPress < 2.0.1 Arbitrary Script Injection 


Description: Synopsis :\n\nThe remote host is vulnerable to a Script Injection attack.\n\nThe installed 

version of WordPress on the remote host will accept and execute arbitrary PHP code. This 

version of Wordpress is vulnerable to a flaw where a remote attacker can, by sending a 

malformed request, execute arbitrary code on the WordPress server. The path to the 

installed Wordpress installation is:\n%P 


CVE-2006-0733 

Coppermine Gallery < 1.4.4 Script Injection 



RISK: 

MEDIUM 



is running CopperMine Gallery, a set of PHP scripts to handle galleries of pictures. There is 

an injection flaw in this version of Coppermine Gallery. An attacker exploiting this flaw 

would only need to be able to send standard HTTP requests to the server. Successful 

exploitation would result in the attacker running arbitrary code with the permissions of the 


web server. 


CVE-2006-0872 

Warez P2P Server/Client Detection 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is running client software that may be considered 

questionable.\n\nThe remote server is running the Warez Peer-to-Peer (P2P) client/server 

application. This software is used to trade files between peers. The remote host is running 

version: \n %L 

Solution: Ensure that such software is in alignment with corporate policies and guidelines regarding 

appropriate network usage. 


Fedora DS Administration Server < 1.0.1 Information Disclosure 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server is affected by an information disclosure 

vulnerability.\n\nThe remote host appears to be running Fedora Directory Server, a 

directory server implementation for Fedora Core. The Administration Server, which is used 

to manage Fedora DS, allows an unauthenticated attacker to retrieve the admin password 

hash through a simple GET request. 


CVE-2005-3630 

Bugzilla Whinedays SQL Injection 



is running Bugzilla, a bug-tracking software with a web interface. The version of Bugzilla 

on the remote host suffers from a SQL Injection flaw. An attacker exploiting this flaw 

would only need to be able to send HTTP queries to the Bugzilla application. Successful 

exploitation would result in the attacker executing arbitrary commands on the remote 

database server that services Bugzilla. 


CVE-2006-0916 



True North eMailServer SEARCH Command Remote Overflow 


RISK: 

MEDIUM 



running the True North eMailServer. This version of eMailServer is vulnerable to a remote 

buffer overflow when passed a long 'SEARCH' directive. An attacker exploiting this flaw 

would need to be able to authenticate with a valid account. Successful exploitation would 

result in the attacker executing arbitrary code. 


CVE-2006-0853 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote webmail application is affected by multiple issues.\n\nThe 

installed version of SquirrelMail fails to sanitize user-supplied input to mailbox names 

before passing them to an IMAP server. An unauthenticated attacker may be able to 

leverage this issue to launch attacks against the underlying IMAP server or against a user's 

mailboxes by tricking him into clicking on a specially-formatted link in an email message. 

There are also reportedly several possible cross-site scripting flaws that could be exploited 

to inject arbitrary HTML and script code into a user's browser. 


CVE-2006-0188 

CherryPy < 2.1.1 staticfilter Directory Traversal Arbitrary File Access 


RISK: 

MEDIUM 



host is running CherryPy, a web-based content management system written in python. This 

version of CherryPy is vulnerable to a directory traversal flaw. An attacker exploiting this 

flaw would send a malformed query to the application. Successful exploitation would result 

in the attacker being able to access confidential data outside of the web root directory. 


CVE-2006-0847 


ViRobot Linux Server filescan Authentication Bypass 



Description: Synopsis :\n\nThe remote web server is affected by an authentication bypass flaw.\n\nThe 

remote host is running ViRobot Linux Server, a commercial anti-virus application server. 

The installed version of ViRobot Linux Server has a flaw such that an attacker can bypass 

authentication and gain access to its 'filescan' component by supplying a special cookie. An 

unauthenticated attacker may be able to leverage this flaw to delete arbitrary files on the 

remote host or disable access to the service by submitting scans of a large number of large 

files on the remote host. 


CVE-2006-0864 

Mambo Undisclosed Authentication Bypass 



authentication.\n\nThe remote host is running the Mambo Content Server, an application 

for generating dynamic content for web servers. The remote application is vulnerable to a 

flaw where remote attackers can bypass authentication and access confidential data. The 

exact details of the flaw are unknown; however, it is believed that an attacker exploiting 

this flaw would be able to access confidential data that was readable by the web server 

process. 


CVE-2006-1794 

Winamp < 5.14 .M3U File Handling Buffer Overflow 



using Winamp, a popular media player for Windows. It is possible that a remote attacker 

using a specially-crafted playlist can cause a buffer overflow in the version of Winamp 

installed on the remote host, resulting in a crash of the application or even execution of 

arbitrary code subject to the user's privileges. An attacker exploiting this flaw would need 

to be able to convince a Winamp user to open a malicious '.m3u' file. 


CVE-2006-0720 

Brooky CubeCart < 3.0.7 connector.php Arbitrary File Upload 



RISK: 

MEDIUM 




is running Brooky CubeCart, an online storefront application written in PHP. This version 

of CubeCart is vulnerable to a flaw where arbitrary PHP code can be uploaded to the web 

server and then executed with the permissions of the web server process. Successful 

exploitation would only require that the attacker can send malformed HTTP requests to the 

application. 


CVE-2006-0922 

ArGoSoft Mail Server < 1.8.8.6 '_DUMP' Information Disclosure 


RISK: 

MEDIUM 



sensitive files or data.\n\nThe remote host is running the ArGoSoft Mail Server. This 

version of ArGoSoft is prone to a remote unauthenticated access flaw. Specifically, as 

ArGoSoft does not require authentication prior to allowing the _DUMP directive, an 

unauthenticated user can cause the server to disclose potentially confidential data. 

Successful exploitation would give the attacker confidential server data.\n\nSecondly, the 

remote host is vulnerable to a directory traversal flaw within its IMAP component. An 

attacker exploiting this flaw would need to be authenticated. Successful exploitation would 

result in the attacker accessing confidential data outside of their default IMAP 

folder.\n\nThirdly, the remote server is vulnerable to an HTML Injeciton attack. 


CVE-2006-0928 

MTS Professional < 1.61.1.85 SMTP Open Relay 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote SMTP server can be tricked into relaying email, regardless of its 

relay configuration.\n\nThe remote host is running the MTS Professional SMTP server. 

This version of MTS is vulnerable to a flaw in the way that it handles malformed 'MAIL 

FROM:' headers. An attacker exploiting this flaw would send malformed 'MAIL FROM:' 

directives to the server. Successful exploitation would result in the attacker being able to 

relay traffic through the host. 


CVE-2006-0977 


MDaemon < 8.15 IMAP Mail Folder Name Remote Overflow 



RISK: 

MEDIUM 


running Alt-N MDaemon, an SMTP/IMAP server for Windows. This version of MDaemon 

is vulnerable to a flaw in the way that it handles malformed IMAP commands. An attacker 

exploiting this flaw would need to be able to authenticate to the server and issue IMAP 

'CREATE' and 'LIST' commands. Successful exploitation would result in the attacker 

executing arbitrary code or crashing the service. 


CVE-2006-0925 

Lighttpd < 1.4.10a Crafted Filename Request Source Disclosure 


RISK: 

MEDIUM 



sensitive files or data.\n\nThe remote host is running Lighttpd, a small web server. This 

version of Lighttpd is vulnerable to a flaw where an attacker can retrieve source code files. 

An attacker exploiting this flaw would be able to retrieve potentially sensitive data that 

would aid them in further attacks. 

Solution: Upgrade to version 1.4.10a or higher. 

CVE-2006-0814 

NetworkActiv < 3.5.16 Crafted Filename Request Source Code Disclosure 


RISK: 

MEDIUM 



sensitive files or data.\n\nThe remote host is running NetworkActiv, a web server. This 

version of NetworkActiv is vulnerable to a flaw where an attacker can request and 

download source code. This can lead to more sophisticated future attacks. 


CVE-2006-0815 


Woltlab Burning Board < 2.7.1 Multiple Script SQL Injection 



attack.\n\nThe remote host is running Woltlab Burning Board, a web bulletin board written 

in PHP. This version of Burning Board is vulnerable to a remote SQL Injection attack. An 

attacker exploiting this flaw would send a malformed 'fileid' parameter to the 'info_db.php' 


or 'database.php' PHP scripts. Succesful exploitation would result in the attacker being able 

to read or write confidential data. In some instances, the attacker may be able to execute 

arbitrary code on the remote database server. 


CVE-2006-1094 

Apache mod_python < 3.2.8 Remote Command Execution 



arbitrary commands.\n\nThe remote Apache server is running a version of mod_python that 

is equal to 3.2.7. It is reported that a flaw was introduced with version 3.2.7. Specifically, if 

'FileSession' has been enabled, a remote attacker can send a specially formatted session 

cookie that will, upon being parsed, force mod_python into executing arbitrary code. The 

exact details of the flaw are unknown. 


CVE-2006-1095 

vBulletin < 3.5.4 HTML Injection 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to an HTML Injection attack.\n\nThe version 

of vBulletin installed on the remote host fails to properly sanitize user-supplied input. 

Given this, the application is prone to an HTML injection attack. An attacker exploiting 

this flaw would post a malicious entry to the vBulletin board. Unsuspecting users perusing 

the board would have code executed within their browser. Successful exploitation could 

lead to the theft of confidential data. 


CVE-2006-1040 

RaidenHTTPd < 1.1.48 Crafted Request Script Source Disclosure 



RISK: 

MEDIUM 



sensitive files or data.\n\nThe remote host is running RaidenHTTPd. RaidenHTTPd is a 

web server that is designed for the Microsoft platform. This version of RaidenHTTPd is 

vulnerable to a flaw where an attacker can send a malformed 'GET' request that will, upon 

being parsed, cause the Raiden web server to send back potentially confidential files (such 

as source code for active scripts). 



CVE-2006-0949 

SPLUNK Online Log Search Detection 


RISK: 

MEDIUM 



attacks.\n\nThe remote host is running SPLUNK, a web-based application that allows 

remote users to search syslog log files. This application may give remote attackers the 

ability to gain information useful in future attacks. 

Solution: Ensure that access to SPLUNK is restricted to administrative users. 


Gallery < 2.0.3 GalleryUtilities.class X_FORWARDED_FOR HTTP Header XSS 


RISK: 

MEDIUM 




a cross-site scripting (XSS) flaw. The vendor has released version 2.0.3 as a fix. An 

attacker exploiting this flaw would need to be able to convince a user to browse to a 

malicious URI. Successful exploitation could lead to the loss of potentially confidential 

data. 


CVE-2006-1127 

Listserv < 14.5 Multiple Buffer Overflows 



running Listserv, a mailing list management application. According to its version number, 

the Listserv install on the remote host suffers from as-yet unspecified buffer overflows, 

including one that reportedly can be exploited by an unauthenticated attacker to execute 

arbitrary code on the affected host. 


CVE-2006-1044 


Retrospect Client for Windows Malformed Packet DoS 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote backup client is susceptible to denial of service 

attacks.\n\nAccording to its version number, the installed instance of Retrospect Client for 

Windows reportedly will stop working if it receives a packet starting with a 

specially-crafted sequence of bytes. An unauthenticated remote attacker may be able to 

leverage this flaw to prevent the affected host from being backed up. 


CVE-2006-0995 

Retrospect Client for Windows Malformed Packet DoS 


RISK: 

MEDIUM 








CVE-2006-0995 

Retrospect Client < 6.5.138 / 7.0.109 Malformed Packet DoS 


RISK: 

MEDIUM 








CVE-2006-0995 


Invision Power Board showtopic.php st Parameter SQL Injection 




bulletin board system on the remote web server. This version of Invision Board is 

vulnerable to a flaw in the way that it handles the 'st' parameter of the 'showtopic' php 


script. Successful exploitation may allow an attacker to execute arbitrary SQL statements 

against the remote host. 


CVE-2006-2217 

Acme thttpd < 2.26 htpasswd Utility Overflow 



running a vulnerable version of Acme thttpd. It is reported that versions prior to 2.26 

contain a flaw within the 'htpasswd' utility. The htpasswd binary does not correctly verify 

the amount of data that it is parsing. Given this, a long argument passed to the htpasswd 

utility may cause a buffer overflow. An attacker exploiting this flaw would need to be able 

to find a system that calls htpasswd via a dynamic page (such as a CGI script). In addition, 

the application is vulnerable to a flaw in the way that it creates local temporary files. A 

local attacker exploiting this flaw would be able to modify or delete files with the privileges 

of the thttpd server process. 


CVE-2006-1079 

Geeklog lib-sessions.php Session Cookie Handling Administrative Bypass 



bypassing of authentication.\n\nThe remote host is running Geeklog, an 

open-source weblog powered by PHP and MySQL. The installed version of 

Geeklog is vulnerable to a flaw in the 'lib-sessions.php' script. Specifically, a 

remote attacker can use the script to bypass authentication and gain 

administrative access to the Geeklog application. Successful exploitation gives 

the attacker the ability to gather confidential data, the ability to compromise file 

integrity, and the ability to interrupt services to valid users. 

Solution: Upgrade to version 1.3.11sr5, 1.3.9sr5, 1.4.0sr2, or higher. 

CVE-2006-1069 


Owl Intranet Engine xrms_file_root Parameter Remote File Inclusion 


Description: Synopsis :\n\nThe remote web server contains a PHP script that suffers from a remote file 

include vulnerability.\n\nThe remote host is running Owl Intranet Engine, a web-based 

document management system written in PHP. The version of Owl Intranet Engine on the 

remote host fails to sanitize user-supplied input to the 'xrms_file_root' parameter of the 

'lib/OWL_API.php' script before using it in a PHP 'require_once' function. An 


unauthenticated attacker may be able to exploit this issue to view arbitrary files on the 

remote host or to execute arbitrary PHP code, possibly taken from third-party hosts. 


CVE-2006-1149 

Dropbear < 0.48 Authorization-Pending Connection Saturation DoS 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote SSH server is susceptible to denial of service attacks.\n\nThe 

remote host is running Dropbear, a small, open-source SSH server. The version of 

Dropbear installed on the remote host by default has a limit of 30 connections in the 

authorization-pending state; subsequent connections are closed immediately. This issue can 

be exploited trivially by an unauthenticated attacker to deny service to legitimate users. 


CVE-2006-1206 

Mac OS X Intel Detection 


Description: The remote host is running Mac OS X on the Intel platform. 

Solution: N/A 


PeerCast < 0.1217 procConnectArgs Function Remote Overflow 


Description: Synopsis :\n\nThe remote web server suffers from a buffer overflow vulnerability.\n\nThe 

version of PeerCast installed on the remote host copies the supplied option string without 

limit into a finite-size buffer. An unauthenticated attacker can leverage this issue to crash 

the affected application and possibly to execute arbitrary code on the remote host subject to 

the privileges of the user running PeerCast. 


CVE-2006-1148 

Kerio MailServer < 6.1.3 Patch 1 Remote DoS 





remote host is running Kerio MailServer version 6.0.10 or lower. There is a flaw in the 

remote version of this server that would allow an attacker to cause the application to fail. 

While the details of the flaw are unknown, it is alledged that an attacker can launch the 

attack without any credentials and render the target service unavailable. 

Solution: Upgrade to version 6.1.3 Patch 1 or higher. 

CVE-2006-0742 

Easy File Sharing Web Server Format String 


Description: Synopsis :\n\nThe remote web server suffers from a format string vulnerability.\n\nThe 

remote host is running Easy File Sharing Web Server, a file sharing application / web 

server for Windows. The version of Easy File Sharing Web Server installed on the remote 

host may crash if it receives requests with an option parameter consisting of a format string. 

It is unknown whether this issue can be exploited to execute arbitrary code on the remote 

host, although it is likely the case. In addition, the application reportedly allows remote 

users to upload arbitrary files to arbitrary locations on the affected host. An attacker may be 

able to leverage this issue to completely compromise the host by placing them in the startup 

folder and waiting for a reboot. Additionally, it fails to sanitize input to the 'Description' 

field when creating a folder or uploading a file, which could lead to cross-site scripting 

attacks. Note that by default the application runs with the privileges of the user who started 

it, although it can be configured to run as a service. 


CVE-2006-1160 

Gallery < 2.0.4 Watermark Function stepOrder Parameter Local File Inclusion 


RISK: 

MEDIUM 



multiple local file include flaws.\n\nThe remote host is running Gallery, a web-based photo 

album application written in PHP. The version of Gallery installed on the remote host fails 

to sanitize input to the 'stepOrder' parameter of the 'upgrade/index.php' and 

'install/index.php' scripts before using it in a PHP 'require()' function. An unauthenticated 

attacker may be able to exploit this issue to view arbitrary files or to execute arbitrary PHP 

code on the affected host provided PHP's 'register_globals' setting is enabled. 


CVE-2006-1219 


Ipswitch Multiple Products < 2006.03 IMAP FETCH Command Overflow 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote IMAP server is affected by a buffer overflow 

vulnerability.\n\nThe remote host is running Ipswitch Collaboration Suite / IMail Secure 

Server / IMail Server, commercial messaging and collaboration suites for Windows. 

According to its banner, the version of Ipswitch Collaboration Suite / IMail Secure Server / 

IMail Server installed on the remote host has a buffer overflow issue in its IMAP server 

component. Using a specially-crafted FETCH command with excessive data, an 

authenticated attacker can crash the IMAP server on the affected host, thereby denying 

service to legitimate users and possibly execute arbitrary code as LOCAL SYSTEM. 


CVE-2005-3526 



Description: Synopsis :\n\nThe remote operating system is missing vendor supplied patches. The remote 

host is running Apple Mac OS X, but lacks Security Update 2006-002. This security update 

contains fixes for the following applications 

:\n\napache_mod_php\nCoreTypes\nLaunchServices\nMail\nSafari\nrsync 

Solution: Retrieve security patch 2006-002 from Apple. 

CVE-2006-1220 



Description: Synopsis :\n\nThe remote operating system is missing vendor supplied patches. The remote 

host is running Apple Mac OS X, but lacks Security Update 2006-002. This security update 

contains fixes for the following applications 

:\n\napache_mod_php\nCoreTypes\nLaunchServices\nMail\nSafari\nrsync 

Solution: Retrieve security patch 2006-002 from Apple. 

CVE-2006-0399 


Simple PHP Blog < 0.4.7.2 install05.php Local File Inclusion 


Description: Synopsis :\n\nThe remote host is vulnerable to a local 'file inclusion' flaw.\n\nThe remote 

host is running the Simple PHP Blog, web log (or blog) package. This version of Simple 

PHP Blog is vulnerable to a flaw where remote users can manipulate the application to 

include any local file within an executed query. For example, the attacker could request that 

the /etc/passwd file be used in a PHP query that would then return confidential data back to 


the attacker. An attacker exploiting this flaw would gain access to confidential data. 


CVE-2006-1243 

Horde < 3.1 go.php url Parameter File Disclosure 


RISK: 

MEDIUM 


Description: The remote web server contains a PHP application that is affected by an information 

disclosure flaw. The version of Horde installed on the remote host fails to validate input to 

the 'url' parameter of the 'services/go.php' script before using it to read files and return their 

contents. An unauthenticated attacker may be able to leverage this issue to retrieve the 

contents of arbitrary files on the affected host subject to the privileges of the web server 

user ID. This can result in the disclosure of authentication credentials used by the affected 

application as well as other sensitive information. Note that successful exploitation of this 

issue seems to require that PHP's 'magic_quotes_gpc' be disabled, although this has not 

been confirmed by the vendor. 


CVE-2006-1260 

Dwarf HTTP Server < 1.3.3 Multiple Vulnerabilities 



is running the Dwarf HTTP Server. This version of Dwarf is vulnerable to multiple input 

flaws due to a lack of data validation. An attacker exploiting these flaws will be able to 

impact confidentiality and integrity on the remote server. 


CVE-2006-0820 

PHP iCalendar Local File Inclusion 




is running PHP iCalendar, an open-source PHP blog. This version of iCalendar is 

vulnerable to a flaw wherein a local user can gain access to confidential data by requesting 

the data from the iCalendar application. Successful exploitation would lead to a local user 

gaining access to confidential data. In addition, the remote host is vulnerable to a remote 

file upload flaw. An attacker exploiting this flaw would be able to manipulate the 

application into uploading and executing potentially malicious scripts. The referenced URI 

is:\n%P 



CVE-2006-1292 

Mercur Mailserver Remote Overflow 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nThe remote IMAP 

server is running Mercur Mailserver %L.\n\nThis version of Mercur is vulnerable to a flaw 

where remote users can send specially crafted IMAP LOGIN and SELECT commands. 

Upon parsing of these commands, the Mercur Mailserver crashes, potentially executing 

arbitrary system code. 


CVE-2006-7041 

Curl < 7.15.3 TFTP URL Parsing Overflow 



using a version of curl (or libcurl) that is vulnerable to a remote buffer overflows. An 

attacker would have to set up a rogue web server and entice a curl user to browse to the 

malicious server to exploit this vulnerability. Upon successful exploitation, the attacker 

would be able to execute arbitrary commands with the rights of the web server. The 

specific flaw occurs when processing long 'tftp://' URIs. E.g., 

tftp://www.somesite.com/[512 bytes] 


CVE-2006-1061 

MailEnable WebMail Multiple Products Quoted Printable Mail DoS 



RISK: 

MEDIUM 



remote host is running a version of MailEnable's WebMail service that is prone to a remote 

Denial of Service (DoS) attack. Specifically, an attacker sending malformed web data can 

crash the service. An attacker exploiting this flaw would only need to be able to create and 

send a malformed email to a valid WebMail user. Successful exploitation leads to a loss of 

availability. 

Solution: Upgrade to MailEnable Professional 1.73 or higher or to MailEnable Enterprise Edition 

1.21 or higher. 


CVE-2006-1338 

MailEnable Multiple Products POP3 Authentication Bypass 



bypassing of authentication.\n\nThe remote host is running a vulnerable version 

of the MailEnable email server. While the details of the flaw are unknown, it is 

alleged that a remote attacker can create a query such that they gain 

administrative access without actually authenticating. 

Solution: Upgrade to MailEnable Professional 1.74 or higher, MailEnable Enterprise Edition 1.22 or 

higher, or Mailenable 1.94 or higher. 

CVE-2006-1337 

Sendmail < 8.13.6 Unspecified Overflow 



server is running a version less than 8.13.6. There is a flaw in versions of Sendmail less 

than 8.13.6. At this time, the details are unknown, although it is believed that an attacker 

can overwrite stack memory with a successful attack. 



RealPlayer for Linux, Mac, and Windows Remote Overflows 


Description: Synopsis :\n\nThe remote Windows application is affected by several overflow 

vulnerabilities.\n\nThe installed version of RealPlayer on the remote host is prone to buffer 

overflow vulnerabilities. An attacker may be able to leverage these issues to execute 

arbitrary code on the remote host subject to the permissions of the user running the affected 

application. Note that a user doesn't necessarily need to explicitly access a malicious media 

file since the browser may automatically pass the file to the RealPlayer application. 


CVE-2005-2922 

Orion < 2.0.7 Crafted Filename Extension Source Code Disclosure 



RISK: 

MEDIUM 




sensitive files or data.\n\nThe remote host is running the Orion HTTP Server. This version 

of Orion is vulnerable to a flaw where a malformed HTTP query can manipulate the web 

server into disclosing potentially sensitive source code. An attacker exploiting this flaw 

would be able to gain access to confidential data that would be useful in future attacks. 


CVE-2006-0816 

Sendmail < 8.13.6 Signal Handler Remote Overflow 



server is running a version less than 8.13.6. There is a flaw in versions of Sendmail less 

than 8.13.6. At this time, the details are unknown, although it is believed that an attacker 

can overwrite stack memory with a successful attack. 


CVE-2006-0058 

phpPGAds/phpAdNew < 2.0.8 Multiple Injection Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to HTML Injection and Cross-Site Scripting 

attacks.\n\nThere is a flaw in the remote phpAdNew/phpPgAds PHP Ads server, a banner 

management and tracking system written in PHP. This version of phpAdNew is vulnerable 

to an HTML injection and a Cross-Site Scripting (XSS) flaw. An attacker exploiting these 

flaws would be able to gain access to potentially confidential data 


CVE-2006-1397 

GreyMatter gm-upload.cgi Arbitrary File Upload 



RISK: 

MEDIUM 



is running Greymatter, a log and journal application. This version of Greymatter is 

vulnerable to a flaw where an attacker can upload and execute arbitrary code with the rights 

of the web server. Successful exploitation would lead to the attacker executing arbitrary 

code that would impact confidentiality, integrity and availability. 



CVE-2006-1485 

Horde < 3.1.1 Help Viewer Code Execution 


Description: The remote web server contains a PHP application that allows execution of arbitrary PHP 

code. The version of Horde installed on the remote host fails to sanitize user-supplied input 

before using it in the Help viewer to evaluate code. An unauthenticated attacker could 

exploit this flaw to execute arbitrary command on the remote host subject to the privileges 

of the web server user ID. 


CVE-2006-1491 

MPlayer Crafted Media File Integer Overflow 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to an integer overflow\n\nThe remote host is 

using a version of MPlayer, a multimedia video and audio application. This version of 

MPlayer is vulnerable to an integer overflow due to a lack of content parsing. An attacker 

exploiting this flaw would need to craft a malicious media file and then convince a local 

user to download and play the file within MPlayer. Successful exploitation would result in 

arbitrary code being executed locally. 


CVE-2006-1502 

OneOrZero Helpdesk < 1.6.5.3 index.php id Parameter SQL Injection 



is running OneOrZero, an open-source helpdesk application. This version of OneOrZero is 

vulnerable to a SQL Injection flaw. An attacker exploiting this flaw would be able to 

execute arbitrary SQL commands on the backend SQL server. This can lead to loss of 

confidentiality, integrity and availability. 


CVE-2006-1501 

ZoneAlarm < 6.1.744.001 VSMON.exe Path Subversion Local Privilege Escalation 



RISK: 

MEDIUM 



Description: The remote Windows application is prone to a local privilege escalation issue. The remote 

host is running ZoneAlarm, a firewall for Windows. The TrueVector service associated 

with the version of ZoneAlarm installed on the remote host loads as part of its startup 

several necessary DLLs without specifying their pathnames. An attacker with local access 

can exploit this flaw to execute arbitrary programs on the affected host with LOCAL 



Tablet PC Detection 

CVE-2006-1221 

PVS ID: 3494 FAMILY: Mobile Devices RISK: INFO NESSUS ID:Not Available 

Description: The remote host is running Tablet PC version %L 

Solution: N/A 


Cellular Phone Browser Detection 


Description: The remote HTTP client is a cellular phone. 

Solution: N/A 


Debian Operating System Detection 


Description: The remote host is running the Debian operating system. The reported version information 

is '%L' 

Solution: N/A 


Ubuntu Operating System Detection 


Description: The remote host is running the Ubuntu operating system. The reported version number is: 

'%L ' 

Solution: N/A 




Internet Explorer Version 7 Detection 


Description: The remote host is running Internet Explorer version 7. 

Solution: N/A 


Samba < 3.0.22 Local File Permissions Credentials Disclosure 

PVS ID: 3499 FAMILY: Samba RISK: LOW NESSUS ID:Not Available 

Description: Synopsis :\n\nThe remote host is vulnerable to a local flaw in the way that it creates log 

files.\n\nThe remote Samba server, according to its version number, may be vulnerable to a 

local flaw. Specifically, if debugging has been set to level 5 or higher, the local SAMBA 

process will log account credentials. These credentials can be read by local users and used 

in future attacks. 


CVE-2006-1059 

Policy - Virtual War Gaming Server Detection 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is running software that should be authorized by corporate 

policy.\n\nThe remote server is running the Virtual War Gaming Server. This application is 

used to manage game events and profiles. 

Solution: Ensure that the software is authorized. 


BASE < 1.2.4 base_maintenance Authentication Bypass 



RISK: 

MEDIUM 


Description: The remote web server contains a PHP script that is prone to an authentication bypass 

vulnerability. The remote host is running BASE, a web-based tool for analyzing alerts from 

one or more SNORT sensors. The version of BASE installed on the remote host allows a 

remote attacker to bypass authentication to the 'base_maintenance.php' script and then 

perform selected maintenance tasks. 



CVE-2006-1505 



MEDIUM 




10.4.6. Mac OS X 10.4.5 contains several security fixes for a local authentication bypass 

vulnerability. A malicious local user may exploit this vulnerability to bypass the firmware 

password and gain access to Single User mode. 


CVE-2006-0401 

NOD32 < 2.51.26 Antivirus Local File Overwrite 


Description: Synopsis :\n\nThe remote antivirus software can be tricked by local users into replacing 

system files.\n\nThe remote host is running the NOD32 antivirus software. This software is 

vulnerable to a flaw where local users can execute arbitrary code by quarantining a file and 

then 'restoring' the file in such a manner that, when next executed, the file is run with 



CVE-2006-1649 

McAfee WebShield < 4.5 MR2 Bounced Emails Format String 



host is running the McAfee WebShield SMTP server. This version of WebShield is 

vulnerable to a flaw in the way that it processes 'bounced' emails. An attacker can send a 

malformed email that, upon being bounced, will overflow the remote mail server. 

Solution: Upgrade to version 4.5 MR2 or higher. 

CVE-2006-0559 

ClamAV < 0.88.1 Multiple Vulnerabilities 





remote host is running ClamAV, an antivirus application. The remote host is running 

version: \n %L \n\nThere are a number of flaws that affect this version of ClamAV, and the 

vendor recommends upgrading to version 0.88.1 or higher. 


CVE-2006-1630 

GlobalSCAPE Secure FTP Server < 3.1.4 Build 01.10.2006 Custom Command Remote DoS 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote FTP server is prone to denial of service 

attacks.\n\nGlobalSCAPE Secure FTP Server is installed on the remote Windows host. The 

installed version of GlobalSCAPE Secure FTP Server on the remote host is affected by a 

denial of service vulnerability involving a lengthy parameter line to an unspecified custom 

command. 

Solution: Upgrade to version 3.1.4 Build 01.10.2006 or higher. 

CVE-2006-1693 

GNU Mailman < 2.1.8 Multiple Vulnerabilities 



is running the GNU mailman application. It is running a version of Mailman prior to 2.1.8. 

These versions of Mailman are prone to several remote attacks that may impact 

confidentiality and integrity. 


CVE-2006-1712 

Cherokee Web Server < 0.5.1 XSS 


RISK: 

MEDIUM 



remote Cherokee web server is vulnerable to a flaw in the way that it parses user requests. 

Specifically, an attacker can create queries such that unsanitized script code is displayed in 

user browsers. An attacker exploiting this flaw would need to be able to convince a user to 

browse to a malicious URI. Successful exploitation would result in a possible loss of 

confidential materials. 




CVE-2006-1681 



Description: Synopsis :\n\nThe remote host is vulnerable to a flaw that allows local attackers to execute 

arbitrary commands.\n\nThe remote host is running a version of PHP that is older than 

5.1.4. This version is reported vulnerable to several flaws that may allow an attacker, with 

the right to execute PHP scripts, the ability to execute arbitrary code. Executed code would 

be run with the permissions of the web server process. 


CVE-2006-1494 

Outlook Express .wab File Processing Overflow 


RISK: 

MEDIUM 



running Microsoft Outlook Express. The noted version of Outlook Express is vulnerable to 

a buffer overflow in the way that it handles the parsing of .wab files. An attacker exploiting 

this flaw would need to be able to entice the user into opening the attachment. Successful 

exploitation would result in code being executed with the rights of the compromised user. 


CVE-2006-0014 



Description: The remote server is a Nokia Intellisync Server. These portals are designed for access by 

users of portable devices (PDA, cell phone). One of the server components is a syncing port 

(TCP/3102) that maintains state and synchronization with the remote clients. 

Solution: N/A 



Mozilla Firefox < 1.5.0.2 or 1.0.8 Multiple Vulnerabilities 



remote host is using Firefox. The installed version of Firefox contains various security 

issues, several of which are critical as they can be easily exploited to execute arbitrary shell 


code on the remote host. The version of Firefox is vulnerable to multiple denial of service 

attacks, overflows, information disclosure, privilege escalation, and other issues. An 

attacker exploiting these flaws would need to be able to convince a Firefox user to browse 

to a malicious URI. 

Solution: Upgrade to version 1.5.0.2, 1.0.8 or higher. 

CVE-2006-1730 

Mozilla Thunderbird < 1.5.0.2 or 1.0.8 Multiple Vulnerabilities 



remote host is running a vulnerable version of Mozilla Thunderbird mail client. This 

version of Thunderbird is vulnerable to multiple denial of service attacks, overflows, 

information disclosure, privilege escalation, and other issues. An attacker exploiting these 

flaws would need to be able to convince a user to open or read a malicious email. 

Successful exploitation would give the attacker the ability to execute arbitrary code with 

the permissions of the user running Thunderbird. 

Solution: Install version 1.5.0.2, 1.0.8 or higher. 

CVE-2006-1730 




remote host is using Mozilla. The installed version of Mozilla contains various security 


code on the remote host. The version of Mozilla is vulnerable to multiple denial of service 


attacker exploiting these flaws would need to be able to convince a Mozilla user to browse 

to a malicious URI. 


CVE-2006-1730 

Opera < 8.54 signedness StyleSheet Overflow 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host contains a web browser that is vulnerable to a buffer 

overflow vulnerability.\n\nThe remote host is using Opera. The version of Opera installed 

on the remote host contains a buffer overflow that can be triggered by a long value within a 

stylesheet attribute. Successful exploitation can lead to a browser crash and possibly allow 

for the execution of arbitrary code subject to the privileges of the user running Opera. 



CVE-2006-1834 

SeaMonkey < 1.0.1 Multiple Vulnerabilities 



remote host is using SeaMonkey. The installed version of SeaMonkey contains various 

security issues, several of which are critical as they can be easily exploited to execute 

arbitrary shell code on the remote host. The version of SeaMonkey is vulnerable to multiple 

denial of service attacks, overflows, information disclosure, privilege escalation, and other 

issues. An attacker exploiting these flaws would need to be able to convince a user to 

browse to a malicious URI. 


Sysinfo Detection 

CVE-2006-1730 


RISK: 

MEDIUM 



attacks.\n\nThe remote host is running sysinfo, a perl CGI script that administrators use to 

monitor servers. Sysinfo gives potential attackers information regarding system 

configuration. In addition, many versions of sysinfo are vulnerable to many different flaws. 

The remote host is running version: \n %L \n 

Solution: Ensure that this application is approved and protected according to existing policies and 

procedures. 

Serendipity < 




is running Serendipity, an open-source web log application. This version of Serendipity is 

vulnerable to a flaw where a remote attack can upload and execute PHP scripts with the 

rights of the web server. Successful exploitation may lead to partial loss of confidentiality, 

integrity, and availability. 


CVE-2006-1910 



MyBB < 1.1.1 Multiple Script Variable Overwrite 



version of MyBB does not properly initialize global variables in the 'global.php' and 

'inc/init.php' scripts. An unauthenticated attacker can leverage this issue to overwrite global 

variables through GET and POST requests and launch other attacks against the affected 

application. 

Solution: Upgrade to verison 1.1.1 or higher. 

CVE-2006-1912 

Coppermine Photo Gallery < 1.4.5 index.php file Parameter Local File Inclusion 


Description: Synopsis :\n\nThe remote web server contains a PHP script that is affected by a local file 

include issue.\n\nThe version of Coppermine Gallery installed on the remote host fails to 

properly sanitize input to the 'file' parameter of the 'index.php' script before using it in a 

PHP 'include_once()' function. Provided PHP's 'register_globals' setting is enabled, an 

unauthenticated attacker may be able to exploit this issue to view arbitrary files or to 

execute arbitrary PHP code on the remote host, subject to the privileges of the web server 

user ID. 


CVE-2006-1909 

Help Center Live < 2.1.0 osTicket Multiple SQL Injection 


Description: Synopsis :\n\nThe remote host is vulnerable to a SQL Injection attack.\n\nThe remote web 

server is running Help Center Live, a help desk application written in PHP. The remote 

version of this software is vulnerable to a SQL Injection flaw. An attacker exploiting this 

flaw would send malformed HTTP requests to the web application that would, upon being 

parsed, execute arbitrary commands on the database server. 


CVE-2006-2039 

DeleGate < 8.11.6 Invalid DNS Response DoS 



RISK: 

MEDIUM 



Description: Synopsis :\n\nA rogue DNS server may crash the remote proxy.\n\nThe remote version of 

this software is vulnerable to a denial of service when processing invalid DNS responses. 

An attacker may exploit this flaw to disable this service remotely. To exploit this flaw, an 

attacker would need to be able to inject malformed DNS responses to the queries sent by 

the remote application. 


CVE-2006-2072 

ISC BIND < 9.3.3 DNS Message Malformed TSIG Remote DoS 


RISK: 

MEDIUM 



remote BIND DNS server is vulnerable to a flaw in the way that it handles TSIG responses. 

An attacker exploiting this flaw would need to have the ability to send malformed 

responses to the vulnerable DNS Server. Successful exploitation would lead to the BIND 

server crashing. 


CVE-2006-2073 

Oracle 10g Application Server SQL Injection 


RISK: 

MEDIUM 



is running a version of the Oracle 10g Application Server that is vulnerable to a remote 

SQL injection attack. An attacker exploiting this flaw would gain limited access to the 

remote database server. Successful exploitation would allow the attacker the ability to 

execute SQL commands on the database server. 


CVE-2007-1609 

ClamAV < 0.88.2 HTTP Header Remote Overflow 



RISK: 

MEDIUM 



running ClamAV, an antivirus application. The remote host is running version: \n %L 

\n\nThere is a remote buffer overflow within this version of ClamAV. Specifically, if an 

attacker were able to spoof or gain control of a ClamAV update server, the attacker could 

craft a malicious HTTP response that would trigger a buffer overflow. Successful 

exploitation would result in the execution of arbitrary code. 



Limbo CMS < 

CVE-2006-1989 



is running the Limbo Content Management System (CMS). This version of Limbo is 

vulnerable to a flaw where remote attackers can include arbitrary code within HTTP 

requests. By using such a tactic, the remote attacker can execute arbitrary code with the 

permissions of the remote web server. In addition, the remote host is vulnerable to a SQL 

Injection attack. An attacker exploiting this flaw would send a malformed HTTP query to 

the server that would, upon parsing, cause the web server to execute arbitrary SQL 

commands on the backend database server. 


CVE-2008-0734 

MySQL Remote Overflow and Information Disclosure Vulnerabilities 


RISK: 

MEDIUM 



version number, the installation of MySQL on the remote host may be prone to multiple 

buffer overflows. The MySQL server is also vulnerable to multiple information disclosure 

flaws. An attacker exploiting the overflow would need to be able to authenticate to the 

MySQL server. An attacker exploiting the information disclosure flaw would only need to 

be able to send malformed 'login' packets to the server. This version of MySQL is also 

prone to a remote Denial of Service (DoS) due to an inability to properly parse a 

malformed call to the date_format function. 

Solution: Upgrade to version 4.0.27 / 4.1.19 / 5.0.27 / 5.1.10 or higher. 

sBLOG < 

CVE-2006-1516 



Description: The remote web server contains a PHP script that is prone to SQL injection attacks. The 

remote host is running sBLOG, a PHP-based blog application. The installed version of 

sBLOG fails to validate user input to the 'keyword' parameter of the 'search.php' script 

before using it to generate database queries. Regardless of PHP's 'magic_quotes_gpc' 

setting, an unauthenticated attacker can leverage this issue to manipulate database queries 

to bypass authentication, disclose sensitive information, modify data, or launch attacks 




CVE-2006-2189 

ArGoSoft FTP Server < 1.4.3.7 RNTO Overflow 


RISK: 

MEDIUM 



running the ArGoSoft FTP Server. This version of ArGoSoft FTP Server is vulnerable to a 

flaw when parsing a malicious RNTO command from an authenticated (or anonymous) 

user. An attacker exploiting this flaw would be able to execute arbitrary code on the remote 

FTP server. 


CVE-2006-2170 

CGI:IRC Server Detection 


Description: Synopsis :\n\nThe remote host is running software that should be authorized according to 

corporate policy.\n\nThe remote host is running CGI:IRC, a web-based IRC client that 

allows users to access IRC channels via their web browser. 

Solution: Ensure that the application is authorized according to corporate policies and guidelines. 

CVE-2006-2148 

Mozilla Firefox < 1.5.0.3 Multiple Vulnerabilities 


RISK: 

MEDIUM 



remote host is using Firefox. The installed version of Firefox contains various security 


code on the remote host. The version of Firefox is vulnerable to multiple denial of service 


attacker exploiting these flaws would need to be able to convince a user to browse to a 

malicious URI. 


CVE-2006-1993 


FileZilla FTP Server < 0.9.17 MLSD Command Overflow 



RISK: 

MEDIUM 



running FileZilla, an FTP server. There is a flaw in the remote version of this software that 

may allow an authenticated attacker to issue a malformed request such that a buffer 

overflow occurs. Successful exploitation would result in the attacker executing arbitrary 

code. 


CVE-2006-2173 

WarFTP Daemon < 1.82.00-RC11 Remote Overflow 


RISK: 

MEDIUM 



running WarFTPd, an FTP server for the Microsoft platform. The version of WarFTPd 

running on this host contains a vulnerability that may allow a potential intruder to craft a 

special command such that execution of the command results in a buffer overflow. 

Successful exploitation would allow the attacker to execute arbitrary code on the remote 

server. 


CVE-2006-2171 

Gene6 FTP Server < 3.8.0.34 Multiple Command Remote Overflows 


Description: Synopsis :\n\nThe remote FTP server is affected by buffer overflow flaws.\n\nThe remote 

host appears to be using Gene6 FTP Server, a professional FTP server for Windows. 

According to its banner, the version of Gene6 FTP Server installed on the remote host 

contains buffer overflow vulnerabilities that can be exploited by an authenticated, possibly 

anonymous, user with specially-crafted 'MKD', 'RMD', 'XMKD', and 'XRMD' commands 

to crash the affected application or execute arbitrary code on the affected host. 


SAMI FTP Server < 

CVE-2006-2172 



RISK: 

MEDIUM 




running SAMI FTP server. It has been reported that this version of SAMI is vulnerable to a 

buffer overflow in the way that it handles USER and PASSWORD information. An 

attacker exploiting this flaw would be able to execute arbitrary code on the remote SAMI 

FTP server. 


CVE-2006-2212 

AWStats < 6.6 migrate Variable Command Execution 


RISK: 

MEDIUM 



flaw.\n\nThe remote host is running AWStats, a CGI log analyzer. There are various 

content-parsing flaws in the remote version of this software that would allow an attacker to 

execute code on the remote host. An attacker exploiting this flaw would only need to be 

able to generate HTTP requests to the awstats.pl CGI script. A successful attack would 

allow the attacker to run system commands with the privileges of the CGI script. 


CVE-2006-2237 

Distributed Network Protocol v3 Client Detection (SCADA) 

PVS ID: 3552 FAMILY: SCADA RISK: INFO NESSUS ID:Not Available 

Description: The remote client is running the Distributed Network Protocol v3 client. This 

protocol is common on SCADA networks and should be protected or segmented from 

the production network. 

Solution: N/A 


Distributed Network Protocol v3 Server Detection 


Description: The remote server is running the Distributed Network Protocol v3 server. This 

protocol is common on SCADA networks and should be protected or segmented from 

the production network. 

Solution: N/A 




COTP Server Detection (SCADA) 


Description: The remote server is running the ISO 8073 Connection-Oriented Transport Protocol. This 

protocol is common on SCADA networks and should be protected or segmented from the 

production network. 

Solution: N/A 


COTP Client Detection (SCADA) 


Description: The remote client is running the ISO 8073 Connection-Oriented Transport Protocol. This 

protocol is common on SCADA networks and should be protected or segmented from the 

production network. 

Solution: N/A 


MODBUS Server Detection (SCADA) 


Description: The remote server is running the MODBUS protocol. This protocol is common on SCADA 

or process control networks. 

Solution: N/A 


MODBUS Client Detection (SCADA) 


Description: The remote client is running the MODBUS protocol. This protocol is common on SCADA 

or process control networks. 

Solution: N/A 

Nagios Detection 




RISK: 

MEDIUM 




attacks.\n\nThe remote host is running Nagios, an open-source application that allows 

administrators to track the availability of network hosts. 

Solution: Ensure that Nagios is only accessible from trusted IP ranges, running the latest version, and 

requires strong authentication. 


IBM WebSphere < 6.0.2.3 Authentication Bypass 



sensitive files or data.\n\nThe remote WebSphere web server is vulnerable to an 

information leak. There is a flaw in the way that WebSphere processes filtered requests 

which end with a '/'. For instance, if the file test.jsp required authentication, an attacker 

could simply request test.jsp/ and retrieve the page. 


CVE-2006-2342 

PHP-Fusion < 6.00.307 Local File Inclusion 


RISK: 

MEDIUM 



sensitive files or data.\n\nAccording to its version number, the remote host is running a 

version of PHP-Fusion that suffers from a flaw where remote attackers can specify arbitrary 

'include' files which will be retrieved and displayed by the web server. An attacker 

exploiting this flaw would simply need to supply '../' to the PHP-Fusion 

application. Successful exploitation would result in the attacker gaining access to 



MyBB < 

CVE-2006-2331 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a SQL Injection attack.\n\nThe remote 

version of MyBB does not properly parse user-supplied input to the showthread.php script. 

An attacker can pass data to showthread.php such that, upon parsing, the web server is 

tricked into sending a malformed SQL query to the backend database. Successful 

exploitation results in the attacker executing arbitrary SQL commands on the database. 



CVE-2006-2336 

Simple Scanning Tool (SAT) Scanner Detection 


RISK: 

MEDIUM 



corporate policy.\n\nThe remote host is running an instance of the SAT vulnerability 

scanner. 

Solution: Ensure that the owner of this machine is scanning within corporate policy. 


Windows XP SP1 VPN Detection 


Description: The remote host is running the Windows XP SP1 VPN Server. A VPN (Virtual Private 






Solution: Ensure that the VPN is acceptable according to corporate guidelines and policies. 


Windows 2003 or XP SP2 VPN Detection 


Description: The remote host is running the Windows 2003 or XP SP2 VPN Server. A VPN (Virtual 








Firewall-1 NGX VPN Detection 




Description: The remote host is running the Firewall-1 NGX VPN Server. A VPN (Virtual Private 










Description: The remote host is running the SSH IPSEC Express 4.1.1 VPN Server. A VPN (Virtual 








SSH IPSEC Express 5.0 VPN Detection 


Description: The remote host is running the SSH IPSEC Express 5.0 VPN Server. A VPN (Virtual 








































RFC 3947 NAT-T VPN Detection 


Description: The remote host is running the RFC 3947 NAT-T VPN Server. A VPN (Virtual Private 










Nortel Contivity VPN Detection 


Description: The remote host is running the Nortel Contivity VPN Server. A VPN (Virtual Private 








SonicWall VPN Detection 


Description: The remote host is running the SonicWall VPN Server. A VPN (Virtual Private Network) 








SSH QuickSec 0.9.0 VPN Detection 


Description: The remote host is running the SSH QuickSec 0.9.0 VPN Server. A VPN (Virtual Private 




















































MacOS 10.x VPN Detection 


Description: The remote host is running the MacOS 10.x VPN Server. A VPN (Virtual Private Network) 








StrongSwan 2.2.0 VPN Detection 


Description: The remote host is running the StrongSwan 2.2.0 VPN Server. A VPN (Virtual Private 
















Solution: Ensure that the VPN is acceptable accoirding to corporate guidelines and policies. 


































































XyXEL ZyWALL Router VPN Detection 



Description: The remote host is running the XyXEL ZyWALL Router VPN Server. A VPN (Virtual 









Linux FreeS/WAN 2.00 VPN Detection 


Description: The remote host is running the Linux FreeS/WAN 2.00 VPN Server. A VPN (Virtual 








































































Openswan 2.2.0 VPN Detection 


Description: The remote host is running the Openswan 2.2.0 VPN Server. A VPN (Virtual Private 








Openswan 2.3.0 VPN Detection 


Description: The remote host is running the Openswan 2.3.0 VPN Server. A VPN (Virtual Private 








OpenPGP VPN Detection 



Description: The remote host is running the OpenPGP VPN Server. A VPN (Virtual Private Network) 









FortiGate VPN Detection 


Description: The remote host is running the FortiGate VPN Server. A VPN (Virtual Private Network) 










Description: The remote host is running the Netscreen VPN Server. A VPN (Virtual Private Network) 






























































































































Avaya VPN Detection 


Description: The remote host is running the Avaya VPN Server. A VPN (Virtual Private Network) 








StoneGate VPN Detection 


Description: The remote host is running the StoneGate VPN Server. A VPN (Virtual Private Network) 








StoneGate VPN Detection 


Description: The remote host is running the StoneGate VPN Server. A VPN (Virtual Private Network) 








EMC Retrospect Client Packet Handling Overflow 




Description: Synopsis :\n\nIt is possible to execute code on the remote backup client.\n\nAccording to 

its version number, the installed instance of Retrospect client is vulnerable to a buffer 

overflow when it receives a packet starting with a specially-crafted sequence of bytes. An 

unauthenticated remote attacker may be able to exploit this flaw to execute code on the 

remote host. 

Solution: Upgrade to version 6.5.140 ,7.0.112, 7.5.116 or higher. 

CVE-2006-2391 

Quicktime < 7.1 on Mac OS X Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote version of QuickTime is affected by multiple overflow 

vulnerabilities.\n\nThe remote Mac OS X host is running a version of Quicktime prior to 

7.1. The remote version of Quicktime is vulnerable to various integer and buffer overflows 

involving specially-crafted image and media files. An attacker may be able to leverage 

these issues to execute arbitrary code on the remote host by sending a malformed file to a 

victim and having it opened using QuickTime player. 

Solution: Install version 7.1 or higher. 

CVE-2006-1460 



Description: Synopsis :\n\nThe remote operating system is missing vendor supplied patches.\n\nThe 

remote host is running Apple Mac OS X, but lacks Security Update 2006-003. This security 

update contains fixes for the following applications 

:\nAppKit\nImageIO\nBOM\nCFNetwork\nClamAV (Mac OS X Server 

only)\nCoreFoundation\nCoreGraphics\nFinder\nFTPServer\nFlash 

Player\nKeyChain\nLaunchServices\nlibcurl\nMail\nMySQL Manager (Mac OS X Server 

only)\nPreview\nQuickDraw\nQuickTime Streaming Server\nRuby\nSafari 


CVE-2006-1457 

BEA WebLogic Server Multiple Vulnerabilities 




is running a version of BEA WebLogic Server that is vulnerable to eleven (11) distinct 

vulnerabilities. An attacker exploiting these flaws would be able to impact availability, 

confidentiality and integrity. 




SonicWall Firewall Detection 


Description: The remote host is running a SonicWall Firewall. 

Solution: N/A 


FortressSSH < 0.47 SSH_MSG_KEXINIT Logging Remote Overflow 



running a version of the FortressSSH SSH server that is vulnerable to a remote buffer 

overflow. An attacker exploiting this flaw would send a malformed key exchange. 

Successful exploitation would give the attacker the ability to execute arbitrary code on the 

remote server. 


CVE-2006-2421 

Resin < 3.0.19 Directory Traversal and Path Disclosure Vulnerabilities 


Description: Synopsis :\n\nThe remote host is vulnerable to multiple attack vectors.\n\nThe remote web 

server is running Resin. Versions 3.0.17 and 3.0.18 are vulnerable to multiple flaws which 

impact Confidentiality. An attacker exploiting these flaws would be able to disclose 

physical paths and read files outside of the web server root directory. Reading of 

confidential files could lead to more sophisticated attacks. 


CVE-2006-1953 

PHP-Fusion < 6.00.308 SQL Injection 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a SQL Injection attack.\n\nAccording to its 

version number, the remote host is running a version of PHP-Fusion that suffers from a 

flaw within the 'messages.php' script. messages.php fails to correctly parse user-supplied 

data and is vulnerable to a SQL injection attack. An attacker exploiting this flaw would 


send a specially formed query to the script. Successful exploitation would result in the 

attacker being able to execute arbitrary SQL commands on the backend database server. 


CVE-2006-2459 

QuickBooks Enterprise Database Server Detection 


Description: The remote host is running QuickBooks Enterprise. This software is used to manage 

accounting data and often contains confidential information. This server is acting as the 

central server that hosts corporate database files. 

Solution: Ensure that this server utilizes strong authentication and access controls. 


WhatsUp Network Monitoring Tool Detection 


Description: The remote host is running WhatsUp, a network monitoring tool that discovers and 

monitors network resources. 

Solution: N/A 


WhatsUp Network Monitoring Tool Default Administrative Credentials 



credentials.\n\nThe remote host is running WhatsUp, a network monitoring tool that 

discovers and monitors network resources. The remote install of WhatsUp is still utilizing 

the default administrative credentials (e.g. admin/admin). An attacker exploiting this flaw 

would be able to log into the application and gain information regarding the network, 

change the configuration of the device, and run arbitrary administrative commands on the 

WhatsUp application. 

Solution: Change the default passwords for the application. 


FCKeditor with PHPNuke < 2.3 Beta upload.php Arbitrary File Upload 



RISK: 

MEDIUM 



Description: Synopsis :\n\nThe remote web server contains a PHP application that is affected by an 

arbitrary file upload vulnerability.\n\nThe version of FCKeditor installed on the remote 

host allows an unauthenticated attacker to upload arbitrary files containing PHP code and 

then to execute them subject to the privileges of the web server user ID. 

Solution: Either edit 'editor/filemanager/upload/php/config.php' to disable file uploads or upgrade to 

FCKeditor 2.3 Beta or higher. 

CVE-2006-2529 

Skype Technologies < 2.5.0.78 Arbitrary File Download 



sensitive files or data.\n\nThe remote host is using Skype, a peer-to-peer chat and VoIP 

software. The remote version of this software contains a flaw where a Skype client, 

previously configured to allow downloads, will allow remote attackers to download 

arbitrary files from the local file system. This can allow attackers to gain access to 

confidential data that may be useful for more sophisticated attacks. 


CVE-2006-2312 

Cyrus IMAPD < 2.3.4 'POP3D USER' Command Remote Overflow 


RISK: 

MEDIUM 



banner, the remote Cyrus IMAPD server is vulnerable to a remote buffer overflow attack. 

The flaw is in the way that IMAPD handles malformed data sent with the 'POP3D USER' 

command. An attacker exploiting this flaw would need to be able to communicate with the 

IMAPD server (usually on TCP port 143). A successful attack would result in the attacker 

executing arbitrary code on the IMAPD server. 


CVE-2006-2502 

XOOPS < 2.0.9.4 include/common.php nocommon Parameter Local File Inclusion 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server contains a PHP application that is vulnerable to local 

file include attacks.\n\nThe version of XOOPS installed on the remote host allows an 

unauthenticated attacker to skip processing of the application's 'include/common.php' script 

and thereby to gain control of the variables '$xoopsConfig[language]' and 

'$xoopsConfig[theme_set]', which are used by various scripts to include PHP code from 


other files. Successful exploitation of these issues requires that PHP's 'register_globals' 

setting be enabled and can be used to view arbitrary files or to execute arbitrary PHP code 

on the remote host, subject to the privileges of the web server user ID. 


CVE-2006-2516 

Networker Multiple Vulnerabilities 



is running EMC Legato Networker, an enterprise application that enables centralized file 

management, backup and more. This version of Networker is vulnerable to a number of 

vulnerabilities including buffer overflows. Given this, an attacker can gain full control of 

the remote server using a number of attack vectors. 


CVE-2005-3658 

Woltlab Burning Board < 2.3.5 links.php cat Parameter SQL Injection 



attack.\n\nThe remote host is running Woltlab Burning Board, a web bulletin board written 

in PHP. This version of Burning Board is vulnerable to a remote SQL Injection attack. An 

attacker exploiting this flaw would send a malformed 'cat' parameter to the 'links.php' 

script. Succesful exploitation would result in the attacker being able to read or write 

confidential data. In some instances, the attacker may be able to execute arbitrary code on 

the remote database server. 


CVE-2006-3256 

PostgreSQL SQL Injection 




is running PostgreSQL, an open source relational database. This version is vulnerable to a 

SQL Injection flaw when passed properly formatted SQL queries coupled with 

invalidly-encoded multibyte data. An attacker exploiting this flaw would need to be able to 

send queries to the PostgreSQL server. As such, this exploit typically requires 

authentication. Successful exploitation would result in the attacker executing arbitrary SQL 

commands on the database server. 


Solution: Upgrade to version 7.3.15, 7.4.13, 8.0.8, 8.1.4, or higher. 

CVE-2006-2314 

Nucleus CMS < 3.23 PLUGINADMIN.php DIR_LIBS Parameter Remote File Inclusion 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server contains a PHP script that is prone to remote file 

inclusion attacks.\n\nThe remote host is running Nucleus CMS, an open-source content 

management system. The version of Nucleus CMS installed on the remote host fails to 

sanitize input to the 'DIR_LIBS' parameter before using it in a PHP include() function in 

the 'nucleus/libs/PLUGINADMIN.php' script. Provided PHP's 'register_globals' setting is 

enabled, an unauthenticated attacker may be able to exploit this flaw to view arbitrary files 

on the remote host or to execute arbitrary PHP code, possibly taken from third-party hosts. 


CVE-2006-2583 

MDaemon < 8.1.4 Remote Overflow 



running Alt-N MDaemon, an SMTP/IMAP server for Windows. According to its banner, 

the version of MDaemon on the remote host is prone to a remote buffer overflow. Versions 

of Alt-N prior to 8.1.4 are vulnerable. The attacker exploiting this flaw would send a 

malformed request before the authentication process. Successful exploitation would allow 

the attacker to execute arbitrary code. 


CVE-2006-2646 

Geeklog < 1.4.0sr3 Multiple Injection Vulnerabilities 



is running Geeklog, an open-source weblog powered by PHP and MySQL. The installed 

version of Geeklog is vulnerable to both Cross-Site Scripting and SQL Injection flaws. An 

attacker exploiting the SQL injection flaw would be able to execute arbitrary SQL 

commands on the backend database server. Exploitation of the XSS flaws would enable the 

attacker to execute script code within the vulnerable user's browser. 

Solution: Upgrade to version 1.4.0sr3 or higher. 

CVE-2006-2699 



Firefox < 1.5.0.4 Multiple Vulnerabilities 



is using Firefox. The installed version of Firefox contains multiple flaws that could allow 

an attacker to execute arbitrary code, disable the service, or gain access to confidential data. 

An attacker exploiting this flaw would need to be able to convince a user to browse to a 

malicious URI. 


CVE-2006-2781 




remote host is using SeaMonkey. The installed version of SeaMonkey contains various 

security issues that may allow an attacker to execute code or escalate privileges on the 

remote browser. An attacker exploiting these flaws would need to be able to convince a 

user to browse to a malicious URI. 


CVE-2006-2781 

Thunderbird < 1.5.0.4 Multiple Vulnerabilities 



remote host is running a vulnerable version of Mozilla Thunderbird mail client. This 

version of Thunderbird is vulnerable to multiple flaws that might allow an attacker to 

launch Denial of Service attacks, buffer overflows, information disclosure, privilege 

escalation, and other issues. An attacker exploiting these flaws would need to be able to 

convince a user to open or read a malicious email. Successful exploitation would, at the 

most, give the attacker the ability to execute arbitrary code with the permissions of the user 

running Thunderbird. 


CVE-2006-2781 

SquirrelMail < 1.4.8 Local File Inclusion 




Description: Synopsis :\n\nThe remote host is vulnerable to a remote 'file include' flaw.\n\nThe remote 

host is running Squirrelmail, a web-based email client. This version of Squirrelmail is 

vulnerable to a 'file include' flaw within the redirect.php script. An attacker exploiting this 

flaw would be able to execute local commands. This can lead to the reading, writing or 

deletion of critical data. To exploit this flaw, the attacker would only need to be able to 

send web requests to the server. 


CVE-2006-2842 

SpamAssassin spamd vpopmail Username Command Injection 


RISK: 

MEDIUM 



flaw.\n\nThe remote host is running SpamAssassin, an anti-spam software application that 

detects and blocks spam emails. Due to a content-parsing error, SpamAssassin can be 

tricked into executing arbitrary commands with the privileges of the SpamAssassin spamd 

process. Additionally, the remote version of SpamAssassin must be running with either 

'--vpopmail' or '--paranoid' enabled. 


CVE-2006-2447 

BASE < 1.2.5 BASE_path Parameter Remote File Inclusion 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server contains a PHP application that is prone to remote file 

inclusion attacks.\n\nThe remote host is running BASE, a web-based tool for analyzing 

alerts from one or more SNORT sensors. The version of BASE installed on the remote host 

fails to sanitize input to the 'BASE_path' parameter before using it in PHP include_once() 

function in several scripts. Provided PHP's 'register_globals' setting is enabled, an 

unauthenticated attacker may be able to exploit this flaw to view arbitrary files on the 

remote host or to execute arbitrary PHP code, possibly taken from third-party hosts. 


CVE-2006-2685 

WinGate < 6.1.3 POST Request Buffer Overflow 




Description: Synopsis :\n\nThe remote HTTP proxy server is prone to a buffer overflow attack.\n\nThe 

remote host appears to be running WinGate Proxy Server, a Windows application for 

managing and securing Internet access. According to its banner, the version of WinGate 

installed on the remote host is affected by a buffer overflow vulnerability in its HTTP 

proxy service. An attacker with access to use the proxy may be able to exploit this issue to 

execute arbitrary code on the remote host. By default, the service operates with LOCAL 

SYSTEM privileges, which means that a successful attack may result in a complete 

compromise of the affected system. 


CVE-2006-2926 

'The Bat' Mass Mailer Detection 


Description: The remote client is running 'The Bat', a piece of software that is used to automate the 

sending of many emails. The presence of 'The Bat' often indicates the existence of a 

spamming mail server. 

realtime 

Solution: N/A 


Dynamic DNS Dynamic Update Client (DUC) Detection 


Description: The remote host is configured as a dynamic DNS server. Further, it is using software that 

automatically queries and updates an Internet DNS database whenever a new client IP 

address is obtained. This sort of software is often used by individuals who are connected to 

the Internet via a Dynamic (DHCP) IP address. 

Solution: Ensure that this dynamic domain name is being used in compliance with corporate 

standards and guidelines. 



TIBCO < 7.5.1 Rendezvous HTTP Administrative Interface Remote Overflow 



running the TIBCO Rendezvous web server. Rendezvous is part of the TIBCO messaging 

suite that facilitates network-based communication. This version of Rendezvous ( %L ) is 


execute arbitrary code on the remote Rendezvous server. 



CVE-2006-2830 

Courier Mail Server < 0.53.2 Crafted Username Encoding DoS 



remote host is running Courier Mail Server, an open source mail server for Linux and Unix. 

The installed version of Courier is prone to a flaw in the way that it handles malformed 

'login' strings. Specifically, an attacker who sends a username that includes a ' 


CVE-2006-2659 

WordPress < 2.0.3 Arbitrary Code Injection 



flaw.\n\nThe remote WordPress application is vulnerable to an arbitrary 'code injection' 

flaw. The application fails to sanitize cached 'username' data. An attacker exploiting this 

flaw would send a malformed request to the WordPress application. Successful exploitation 

would result in the attacker running arbitrary commands with the permission of the 

WordPress application. The path to the vulnerable WordPress application is '%P' 


CVE-2006-2667 

WinSCP < 3.8.2 Arbitrary Command Insertion 


Description: Synopsis : \n\nThe remote host is vulnerable to an arbitrary 'command insertion' 

flaw.\n\nThe remote host is running WinSCP, a file transfer application that utilizes Secure 

Shell (SSH) as the transport protocol. This version of WinSCP is vulnerable to a flaw in the 

way that it parses URI strings. An attacker exploiting this flaw would need to be able to 

convince a WinSCP user to click on a malicious URI. Successful exploitation would result 

in the attacker executing arbitrary commands with the rights of the user running WinSCP. 

The reported version of WinSCP is: \n %L 


CVE-2006-3015 

MyBB < 1.1.3 Multiple Vulnerabilities 





is running an older version of MyBulletinBoard. The vendor has released version 1.1.3 in 

order to fix several flaws. An attacker exploiting the more serious of the flaws would be 

able to execute arbitrary script code on the remote web server. 


CVE-2006-2908 

Microsoft Windows Media Player PNG Processing Overflow (917734) 


Description: Synopsis :\n\nArbitrary code can be executed on the remote host through Windows Media 

Player.\n\nThe remote host is running Microsoft Media Player version 10. There is a 


arbitrary code on the remote host. To exploit this flaw, one attacker would need to be able 

to convince a user to open a malicious media resource using the vulnerable player. 


CVE-2006-0025 

Microsoft Windows Media Player PBG File Processing Overflow (917734) 


Description: Synopsis :\n\nArbitrary code can be executed on the remote host through the Media 

Player.\n\nThe remote host is running Microsoft Windows Media Player version 9. There is 


arbitrary code on the remote host. To exploit this flaw, an attacker would need to be able to 

convince a user to open a malicious media resource using the vulnerable player. 

Solution: Patch or upgrade according to vendor recommendations. 

CVE-2006-0025 

IBM DB2 < 8.12.0 Multiple DoS 



RISK: 

MEDIUM 



remote host is running the IBM DB2 database. This version of DB2 is vulnerable to 

multiple flaws in the way that it processes user-supplied data. A remote attacker may deny 

access to legitimate database users. It is believed that authentication is required prior to the 

exploitation of this bug. 



CVE-2006-3066 

Sendmail < 8.13.7 Multi-part MIME Message Handling DoS 


RISK: 

MEDIUM 



attack.\n\nAccording to its banner, the remote sendmail server is running a version less than 

8.13.7. There is a flaw in versions of Sendmail less than 8.13.7 that would allow a remote 

attacker to deny resources to legitimate users. An attacker exploiting this flaw would only 

need to be able to send email through the remote sendmail server. 


Calendarix < 

CVE-2006-1173 



is running Calendarix, a calendar application for web servers. This version of Calendarix is 

vulnerable to a flaw in the way that it parses user-supplied HTTP data. An attacker 

exploiting this flaw would be able to send specially formatted SQL commands that, upon 

being parsed, would execute on the remote database server. This can lead to a loss of 

confidentiality, integrity, and availability on the remote database server. 



MERCUR < 2005 SP4 Multiple Remote DoS 


Description: Synopsis :\n\nThe remote host is vulnerable to a number of Denial of Service (DoS) 

attacks.\n\nThe remote host is running the Atrium Software MERCUR mail server, a POP3, 

SMTP and IMAP server. This version of MERCUR is vulnerable to a number of flaws in 

the way that it handles user-supplied commands. Some of the commands do not require 

prior authentication. An attacker exploiting these flaws would be able to cause the 

MERCUR server to fail. Successful exploitation would result in the loss of availability. 

Solution: Upgrade to version 2005 SP4 or higher. 

CVE-2006-7041 


Mambo < 4.6.1 Login Function usercookie Cookie SQL Injection 




is running the Mambo Content Server, an application for generating dynamic content for 

web servers. The remote application is vulnerable to a flaw where remote attackers can 

execute arbitrary SQL commands on the database server utilized by Mambo. In order to 

exploit this flaw, an attacker would only need to send a malformed HTTP query containing 

SQL commands to the 'Name' field of the 'Submit Weblink' form. Successful exploitation 

would result in a potential loss of confidentiality, integrity, and availability on the remote 

database server. 


CVE-2006-3262 

TWiki Privilege Escalation 



is running the TWiki web application. This version of TWiki is vulnerable to a flaw where 

users can escalate their privileges, giving them administrative rights to the application. A 

valid user account is required in order to exploit this flaw. Successful exploitation leads to 

the attacker gaining administrative access. This can lead to a loss of confidentiality, 

integrity, and availability. In addition, the remote TWiki application is vulnerable to a 'file 

upload' flaw. An attacker exploiting this flaw would be able to insert and execute arbitrary 

script code with the permissions of the web server process. This can also lead to a loss of 

confidentiality, integrity, and availability. 


CVE-2006-2942 

Winamp < 5.22 MIDI File Handling Overflow 



running Winamp, a multimedia software application. This version of Winamp is vulnerable 

to a buffer overflow. Specifically, when handling a malformed MIDI file, Winamp may 

crash, possibly executing arbitrary code. An attacker exploiting this flaw would need to be 

able to convince a Winamp user to open a malicious MIDI file. 


CVE-2006-3228 


Clearswift MAILsweeper for SMTP < 4.3.20 Multiple Vulnerabilities 




is running a vulnerable version of Clearswift MAILsweeper for SMTP. Clearswift 

MAILseeper for SMTP versions 4.3.19 and prior are reported prone to several security 

issues. According to the vendor, an attacker can bypass security or render the application 

unavailable for legitimate users. 


CVE-2006-3216 

GFI Languard Scanner Detection 


RISK: 

MEDIUM 



corporate policy.\n\nThe remote host is running an instance of GFI Languard vulnerability 

scanner. 

Solution: Ensure that this machine is scanning in accordance with corporate policies and procedures. 


Opera < 9.01 Malformed 'HREF' DoS 


RISK: 

MEDIUM 



remote host is using Opera 9.00. The version of Opera installed on the remote host contains 

a flaw in the way that it handles very large links. An attacker exploiting this flaw would 

need to be able to convince an Opera user to browse to a malicious URI. Successful 

exploitation would result in the browser crashing. 


CVE-2006-3199 

Opera < 9.01 Malformed JPEG Overflow 



using Opera 9.00. The version of Opera installed on the remote host contains a flaw in the 

way that it handles JPEG images. An attacker exploiting this flaw would need to be able to 

convince an Opera user to browse to a malicious URI. Successful exploitation would result 

in the browser crashing and possibly executing arbitrary code. 




CVE-2006-3331 

MyBB < 1.1.4 SQL Injection 



is running an older version of MyBulletinBoard. The vendor has released version 1.1.4 in 

order to fix a flaw. Specifically, this version of MyBB is vulnerable to a remote SQL 

injection flaw. An attacker exploiting this flaw would only need to be able to send a 

malformed HTTP query that contains SQL commands. Successful exploitation would result 

in the attacker executing arbitrary SQL commands on the backend database server. 



Helix RealServer < 11.1.0.801 Remote Overflow 



running the Helix RealServer streaming media server. All versions of Helix 10.0.x and 

11.0.x are vulnerable to multiple remote buffer overflows. Apparently, the application does 

not properly sanitize malformed HTTP requests. An attacker exploiting this flaw would 

only need to be able to send HTTP requests to the Helix server. Successful exploitation 

would result in the attacker executing arbitrary code. 


Yahoo! Messenger < 

CVE-2006-3276 


RISK: 

MEDIUM 



is running a version of Yahoo! Messenger that is reported vulnerable to a remote overflow. 

An attacker exploiting this flaw would craft a malicious message that included non-ASCII 

characters. The attacker would then send the malformed message to another Yahoo! 

Messenger user. When the user received the malicious message, the overflow would be 

triggered and the application would crash. In addition, the remote client is vulnerable to a 

flaw where remote users can initiate a browser connection by sending a malformed string to 

the Yahoo! Messenger Client. 


CVE-2006-3298 





Description: The remote server is a Nokia Intellisync Server. These portals are designed for access by 

users of portable devices (PDA, cell phone, etc.). One of the server components is a 

syncing port (TCP/3102) that maintains state and synchronization with the remote clients. 

Solution: N/A 


ZoneAlarm < 6.5.722.000 Multiple Vulnerabilities 


RISK: 

MEDIUM 



is running ZoneAlarm, a firewall for Windows. The vendor has released version 

6.5.722.000 of ZoneAlarm. This version corrects several bugs within the firewall. 


BlueDragon < 

CVE-2006-1221 


RISK: 

MEDIUM 



is running BlueDragon, a ColdFusion Markup Language server. This version of 

BlueDragon is vulnerable to a Cross-Site Scripting (XSS) flaw where attackers can inject 

malicious scripting code that will run within the browser of BlueDragon clients. A second 

flaw would allow the attacker the ability to crash the application remotely, thereby denying 

services to legitimate users. 


YaBB SE < 

CVE-2006-2311 



is running the YaBB SE forum management system. There is a flaw in this version of 

YaBB SE that allows attackers to inject SQL commands via the web interface. An attacker 

exploiting this flaw would be able to execute arbitrary SQL commands on the backend 

database server used by YaBB SE. 




CVE-2006-3275 

MailEnable SMTP Service HELO Command Remote DoS 


RISK: 

MEDIUM 



remote host is running a vulnerable version of the MailEnable email server. While the 

details of the flaw are unknown, it is alleged that a remote attacker can create a query such 

that when the MailEnable server parses the query, the service crashes. Successful 

exploitation denies access to legitimate users. 

Solution: Upgrade to MailEnable Professional 1.74 or higher, MailEnable Enterprise Edition 1.22 or 

higher, or Mailenable Standard 1.94 or higher. 

CVE-2006-3277 

iTunes < 6.0.5 AAC File Parsing Overflow 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host contains an application that is affected by a remote code 

execution flaw.\n\nDescription :\n\nThe remote host is running iTunes, a popular jukebox 

program.\nThe remote version of this software is vulnerable to an integer overflow when it 

parses specially crafted AAC files that may lead to the execution of arbitrary code.\n\nAn 

attacker may exploit this flaw by sending a malformed AAC file to a user on the remote 

host and wait for them to play it with iTunes.\n\nRisk factor :\n\nMedium 


CVE-2006-1467 


PVS ID: 3672 FAMILY: Operating System Detection 


10.4.7.\n\nMac OS X 10.4.7 contains several security fixes for the following prog 

Solution: Upgrade to Mac OS X 10.4.7 or 

higher:\nhttp://www.apple.com/support/downloads/macosxupdate1047intel.html\nhttp://www.apple.com/su 

OpenOffice.org Detection 


CVE-2006-1469 



Description: Synopsis :\n\nThe remote host is using the OpenOffice.org application.\n\nDescription 

:\n\nThe remote host is running OpenOffice.org %P 

Solution: N/A 


WordPress < 2.0.4 SQL Injection / Cross-site Scripting (XSS) 


RISK: 

MEDIUM 



attack.\n\nThe remote host is running WordPress blog, a web blog manager written in 

PHP.\nThe remote version of this software is vulnerable to various flaws that may\nallow 

an attacker to perform a SQL injection attack against the remote host.\nSuccessful 

exploitation would allow an attacker to read/write confidential\ndata as well as potentially 

execute arbitrary code on the remote database.\n\nIn addition, the remote host is vulnerable 

to multiple Cross-Site Scripting (XSS) flaws.\nThe path to the vulnerable application is 

'%P' 


F-Secure Scan Evasion 

CVE-2006-3390 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote antivirus scanner may be tricked into not scanning certain 

files.\n\nThe remote host is running F-Secure, a firewall and antivirus software package. 

This version of F-Secure is vulnerable to a flaw where specially crafted file names are not 

scanned. This can lead to potentially damaging files not being deleted or quarantined. An 

attacker exploiting this flaw would only need the ability to create these files and deliver 

them to a vulnerable F-Secure user. Successful exploitation would result in a false sense of 

security. 


CVE-2006-3490 

F-Secure Product Detection 


Description: The remote host is running F-Secure, a firewall and antivirus software package. 

Solution: N/A 




Geeklog FCKeditor < 1.4.0sr4 Arbitrary File Upload 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server contains a PHP application that is affected by an 

arbitrary file upload vulnerability.\n\nThe remote host is running Geeklog, an open-source 

weblog powered by PHP and MySQL. The version of Geeklog installed on the remote host 

includes an older version of FCKeditor that is enabled by default and allows an 

unauthenticated attacker to upload arbitrary files containing PHP code, and then to execute 

them subject to the privileges of the web server user ID. 

Solution: Upgrade to Geeklog 1.4.0sr4 or higher. 

CVE-2006-3362 

phpFormGenerator Arbitrary File Upload 



is running phpFormGenerator, a PHP-based tool for generating web forms. The version of 

phpFormGenerator installed on the remote host allows an unauthenticated attacker to create 

forms supporting arbitrary file uploads. This issue can then be leveraged to upload a file 

with arbitrary code and execute it subject to the privileges of the web server user ID. 



CommuniGate Pro < 5.1c2 POP3 Overflow 


Description: Synopsis :\n\nThe remote mail server is prone to multiple attack vectors.\n\nAccording to 

its banner, the version of CommuniGate Pro running on the remote host will crash when 

certain mail clients try to open an empty mailbox. Remote code execution may even be 

possible. 

Solution: Upgrade to version 5.1c2 or higher. 

CVE-2006-0468 

Zope < 2.9.4 docutils Information Disclosure 





sensitive files or data.\n\nThe remote web server is a version of Zope that is older than 

2.9.4. There is a flaw in this version of Zope that may allow attackers to gain access to 

confidential data. It is reported that the 'docutils' module does not properly parse 

user-supplied data. Successful exploitation leads to loss of confidential data that may be 

useful in further attacks. 


CVE-2006-3458 

WinGate < 6.1.4 Build 1099 IMAP Service Traversal Arbitrary Mail Access 


RISK: 

MEDIUM 



host appears to be running WinGate Proxy Server, a Windows application for managing 

and securing Internet access. According to its banner, the version of WinGate installed on 

the remote host is affected by a directory traversal flaw in its IMAP service. An attacker 

exploiting this flaw would only need to be able to connect to the IMAP service port, 

authenticate and issue a malformed request. Successful exploitation would lead to a loss of 



CVE-2006-2917 

Samba < 3.0.23 smdb Share Remote DoS 


RISK: 

MEDIUM 



remote Samba server, according to its version number ('%L'), may be vulnerable to a 

remote attack. An attacker can cause the Samba smbd service to fail by opening a large 

number of connections. Successful exploitation leads to a loss of availability. 


MetaSploit Detection 

CVE-2006-3403 



RISK: 

MEDIUM 



corporate policy.\n\nThe remote server is running a MetaSploit Framework server. 

Metasploit allows users to automatically exploit and backdoor vulnerable applications via 

the network. The version of MetaSploit is %L. 


Solution: Ensure that this application is authorized according to corporate policies and guidelines. 


SimpleBoard sbp Parameter Remote File Inclusion 


RISK: 

MEDIUM 



inclusion attacks.\n\nThe remote host is running SimpleBoard, a web-based bulletin board 

component for Mambo / Joomla. The version of SimpleBoard installed on the remote host 

fails to sanitize input to the 'sbp' parameter of the 'image_upload.php' and reportedly other 

scripts before using it to include PHP code. Provided PHP's 'register_globals' setting is 

enabled, an unauthenticated attacker may be able to exploit these flaws to view arbitrary 

files on the remote host or to execute arbitrary PHP code, possibly taken from third-party 

hosts. 


CVE-2006-5043 

MetaSploit Shell Detection 


RISK: 

MEDIUM 



corporate policy.\n\nThe remote server is running a MetaSploit Framework server. 


the network. The version of MetaSploit is %L. \nFurther, the Metasploit shell server is 

bound to a non-localhost socket. This allows users to connect to the shell and run exploits 

from the server. You should ensure that this application can only be accessed by trusted 

security staff. 


WebInspect Detection 




RISK: 

MEDIUM 



corporate policy.\n\nThe remote server is running a WebInspect web scanner. WebInspect 

is a security tool that allows security staff and administrators to automate web-based attacks 

and exploits against web servers. 




Mambo / Joomla Component / Module mosConfig_absolute_path Parameter Remote File Inclusion 


RISK: 

MEDIUM 



inclusion attacks.\n\nThe remote host contains a third-party Mambo / Joomla component or 

module. The version of at least one such component or module installed on the remote host 

fails to sanitize input to the 'mosConfig_absolute_path' parameter before using it to include 

PHP code. Provided PHP's 'register_globals' setting is enabled, an unauthenticated attacker 

may be able to exploit these flaws to view arbitrary files on the remote host or to execute 

arbitrary PHP code, possibly taken from third-party hosts. 

Solution: Disable PHP's 'register_globals' setting. Upgrade or patch according to vendor 

recommendations. 

CVE-2006-6962 

IceWarp < 5.6.1 lang_settings Parameter Remote File Inclusion 


RISK: 

MEDIUM 



is running IceWarp Web Mail, a webmail product written in PHP that is distributed as a 

standalone application and also bundled with VisNetic Mail Server and Merak Mail Server. 

The version of IceWarp Web Mail installed on the remote host fails to sanitize 

user-supplied input to the 'lang_settings' parameter of the 'accounts/inc/include.php' and 

'admin/inc/include.php' scripts before using it to include PHP code. An unauthenticated 

attacker may be able to exploit these flaws to view arbitrary files on the remote host or to 

execute arbitrary PHP code after injecting it into the mail server's log file. 


CVE-2006-0818 


MyBB < 1.1.6 HTTP Header CLIENT-IP Field SQL Injection 


Description: Synopsis :\n\nThe remote web server contains a PHP application that is susceptible to a 

SQL injection attack.\n\nThe remote version of MyBB fails to sanitize input to the 

'CLIENT-IP' request header before using it in a database query when initiating a sesion in 

'inc/class_session.php'. This may allow an unauthenticated attacker to uncover sensitive 

information such as password hashes, modify data, launch attacks against the underlying 

database, and more. Note that successful exploitation is possible regardless of PHP's 

settings. 



CVE-2006-3775 

VisNetic MailServer < 8.5.0.5 lang_settings Parameter Remote File Inclusion 


RISK: 

MEDIUM 



is running VisNetic MailServer, a commercial mail server for the Microsoft platform. The 

version of VisNetic MailServer installed on the remote host fails to sanitize user-supplied 

input to the 'lang_settings' parameter of the 'accounts/inc/include.php' and 

'admin/inc/include.php' scripts before using it to include PHP code. An unauthenticated 

attacker may be able to exploit these flaws to view arbitrary files on the remote host or to 

execute arbitrary PHP code after injecting it into the mail server's log file. 

Solution: Upgrade to version 8.5.0.5 or later. 

CVE-2006-0818 

X7 Chat Server Detection 



application.\n\nThe remote host is running X7 Chat, a web-based chat server. There have 

been security flaws associated with the X7 Chat server. 

Solution: Ensure that such software is authorized on your network and that it is completely patched 

against vulnerabilities. 


CheckPoint Firewall Default Web Server 


Description: The remote server is running a Checkpoint Firewall. Checkpoint Firewall, by default, opens 

a web server on port 18264 and allows external and internal access to the server. Many 

versions of this software are reported to be vulnerable to a directory traversal flaw. 



OpenCms < 6.2.2 Authentication Bypass 





bypassing of authentication.\n\nThe remote host is running OpenCms, an 

open-source content management system. This version of OpenCms ( %L ) is 

vulnerable to a remote flaw where attackers can bypass authentication and gain 

administrative access to accounts and confidential data. An attacker exploiting 

this flaw would just need to have knowledge of where administrative forms are 

stored within the web directory (trivial to find). Successful exploitation leads to 

the user gaining administrative access to the application. 



Mozilla Thunderbird < 1.5.0.5 Multiple Vulnerabilities 


Description: The remote Windows host contains a mail client that is affected by multiple vulnerabilities. 

The remote version of Mozilla Thunderbird suffers from various security issues, at least 

one of which may lead to execution of arbitrary code on the affected host subject to the 

user's privileges. 


CVE-2006-3811 



Description: Synopsis :\n\nThe remote Windows host contains a web browser that is affected by 

multiple vulnerabilities.\n\nThe installed version of Firefox is affected by various security 

issues, some of which may lead to execution of arbitrary code on the affected host subject 

to the user's privileges. 


Help Center Live < 

CVE-2006-3812 




web server is running Help Center Live, a help desk application written in PHP. The remote 

version of this software is vulnerable to a Directory Traversal flaw. An attacker exploiting 

this flaw would send a malformed HTTP request which included '../' (or similar) directory 

traversal strings. Successful exploitation would result in the attacker gaining access to 




CVE-2005-3639 

MySQL MERGE Table Privilege Escalation 

PVS ID: 3697 FAMILY: Database RISK: LOW NESSUS ID:Not Available 


sensitive files or data.\n\nAccording to its version number, the installation of MySQL on 

the remote host may be prone to a flaw where an authenticated user can escalate privileges 

on the remote database server. Specifically, even if a user has had access revoked to a 

certain table, they may be able to access it from another table. Successful exploitation 

would lead to a loss of confidential data. 


CVE-2006-4031 

IBM DB2 Version Detection 


Description: The remote host is running IBM DB2 database version %L. 

Solution: N/A 


Hobbit Monitor < 4.1.2p2 config Command Traversal Arbitrary File Access 


RISK: 

MEDIUM 



host is running Hobbit Monitor, a web-based host/network monitoring software. This 

version of Hobbit Monitor is prone to a flaw where remote attackers can use the 'config' 

command to access confidential files. To exploit this issue, the attacker would connect to 

the Hobbit application (typically on port 1984) and send a 'config ../../../../../' 

request. Successful exploitation would result in the attacker gaining access to confidential 

data. 

Solution: Upgrade to version 4.1.2p2 or higher. 

CVE-2006-4003 

Yahoo! Messenger < 8.0.0.863 File Extension Spoofing 



RISK: 

MEDIUM 




remote host is running a version of Yahoo! Messenger that is reported vulnerable to a 

remote file extension spoofing flaw. Specifically, if a user sends a malformed download 

query that includes many '~@' sequences, the displayed name of the file will obfuscate the 

true file type. An attacker can use this flaw to trick users into downloading files that they 

believe are not malicious. Successful exploitation might lead to the attacker executing 

arbitrary executables on the target system. 



ClamAV < 0.88.4 UPX rsize Content-Parsing Overflow 


Description: Synopsis : \n\nThe remote host is vulnerable to a heap overflow.\n\nThe remote host is 


\n\nThere is a remote content-parsing flaw in this version of ClamAV that could lead to a 

heap overflow by sending a malformed file compressed with UPX. Successful exploitation 



CVE-2006-4018 

ColdFusion Administrative Interface Authentication Bypass 



bypassing of authentication.\n\nThe remote host is running Macromedia 

ColdFusion, a web application server. This version of Macromedia is 

vulnerable to a flaw where an unauthenticated user can bypass authentication 

and gain administrative access over the application. Successful exploitation 

impacts confidentiality, integrity and availability. 

Solution: Upgrade to a version higher than 7,0,2,142559. 

CVE-2006-4724 

Recursive DNS Server Detection 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote name server allows recursive queries to be performed.\n\nIt is 

possible to query the remote nameserver for third party names. If this is your internal 

nameserver, then disregard this warning. If the host allows these recursive queries via UDP, 

then the host can be used to 'bounce' Denial of Service attacks against another network or 

system. 


Solution: Restrict recursive queries to the hosts that should use this nameserver (such as those of the 

LAN connected to it). If you are using BIND 8, you can do this by using the instruction 

'allow-recursion' in the 'options' section of your named.conf. If you are using BIND 9, you 

can define a grouping of internal addresses using the 'acl' command. Then, within the 

options block, you can explicitly state: 'allow-recursion { hosts_defined_in_acl }'. If you 

are using another name server, consult its documentation. 

CVE-1999-0024 

Proxy/Firewall Detection 


Description: The remote device appears to be a network firewall or proxy server. PVS has determined 

this due to the device flagging as multiple operating systems within a short time frame. 

Solution: N/A 


Safari Version Detection 


Description: The remote host is running Safari, a web browser. The version of Safari is: \n %L 

Solution: N/A 


Firefox Version Detection 


Description: The remote host is running Firefox version: \n %L 

Solution: N/A 


Microsoft Internet Explorer Detection 


Description: The remote host is running Microsoft Internet Explorer version: \n %L 

Solution: N/A 




Proxy / Firewall Detection 




Solution: N/A 


Firewall / Proxy / NAT Dependency 


Description: The remote host may be running a NAT device. 

Solution: N/A 





Solution: N/A 





Solution: N/A 


Firewall / Proxy / NAT dependency 



Solution: N/A 








Solution: N/A 





Solution: N/A 





Solution: N/A 





Solution: N/A 






Solution: N/A 







Solution: N/A 





Solution: N/A 





Solution: N/A 


IPCheck Server Monitor < 5.3.3.639 Traversal Arbitrary File Access 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server is prone to a directory traversal attack.\n\nThe remote 

host is running IPCheck Server Monitor, a network resource monitoring tool for Windows. 

The installed version of IPCheck Server Monitor fails to filter directory traversal sequences 

from requests that pass through the web server interface. An attacker can exploit this issue 

to read arbitrary files on the remote host subject to the privileges under which the affected 

application runs. 


CVE-2006-4140 






version of Firefox is affected by a flaw that could lead to a Denial of Service (DoS) 

condition within the browser. In addition, the version of Firefox is reported vulnerable to a 

buffer overflow when processing malformed XML documents. An attacker exploiting 

either of these flaws would need to be able to convince a user to visit a malicious URI. 


CVE-2006-4253 

Microsoft Internet Explorer Version Detection 


Description: The remote host is running Microsoft Internet Explorer version:\n'%L'\n\nNote that the 

version information passed within User-Agent strings is not typically granular. 

Solution: Ensure that the latest version of Microsoft IE is installed. 


Google Toolbar Detection 


Description: The remote host is running Google Toolbar version: \n %L 

Solution: N/A 


HP OpenView Storage Data Protector Detection 


Description: The remote host is running HP OpenView Storage Data Protector version %L . 

Solution: N/A 



HP OpenView Storage Data Protector Backup Agent Remote Arbitrary Command Execution 


Description: Synopsis :\n\nIt is possible to execute code on the remote host through the backup 

agent.\n\nThe remote version of HP OpenView Data Protector is vulnerable to an 

authentication bypass flaw. By sending specially crafted requests to the remote host, an 

attacker may be able to execute unauthorized Backup commands. Due to the nature of the 

software, a successful exploitation of this vulnerability could result in remote code 

execution. 


Solution: If this service is not needed, disable it or filter incoming traffic to this port. HP has released 

a set of patches for Data Protector 5.10 and 5.50: 

http://itrc.hp.com/service/cki/docDisplay.do?docId 

CVE-2006-4201 

Owl Intranet Engine < 0.91 Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote web server contains a PHP application that is prone to several 

issues.\n\nThe remote host is running Owl Intranet Engine, a web-based document 

management system written in PHP. The version of Owl Intranet Engine on the remote host 

fails to sanitize input to the session ID cookie before using it in a database query. Provided 

PHP's 'magic_quotes_gpc' setting is disabled, an unauthenticated attacker may be able to 

exploit this issue to uncover sensitive information such as password hashes, modify data, 

launch attacks against the underlying database, and more. In addition, the application 

reportedly suffers from at least one cross-site scripting (XSS) issue. 


CVE-2006-4211 

Informix Database Detection (Windows) 


RISK: 

MEDIUM 



manner.\n\nThe remote host is running the Informix database server for Microsoft 

Windows. Further, clients connecting to this server are passing plaintext credentials across 

the network. 

Solution: Enable encrypted communications between the Informix client and server. 


Informix Database Detection (Unix) 


RISK: 

MEDIUM 



manner.\n\nThe remote host is running the Informix database server for Unix. Further, 

clients connecting to this server are passing plaintext credentials across the network. 

Solution: Enable encrypted communications between the Informix client and server. 







is running a version of PHP that is older than 4.4.4 or 5.1.5. This version is reported 

vulnerable to several flaws that may allow an attacker with the right to execute PHP scripts 

the ability to execute arbitrary code. Executed code would be run with the permissions of 

the web server process. 


WFTPD < 

CVE-2006-4486 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nThe remote WFTP 

server vulnerable to a remote buffer overflow. The server allegedly does not properly parse 

and verify input to the 'CWD', 'DELE', 'APPE', 'MDTM', 'MKD', 'RMD', 'MLST', 'RNFR', 

'SIZE', 'XCWD', 'XMKD', and XRMD commands. An attacker exploiting this flaw would 

need to be able to authenticate to the FTP server. Successful exploitation would result in 

the attacker executing arbitrary code on the WFTP server. 


CVE-2006-5826 

ALT-N MDaemon POP Server < 9.06 USER / APOP Command Overflow 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nA buffer overflow 

vulnerability has been reported for MDaemon. The vulnerability is due to inadequate 

bounds checking one some POP server commands. Namely, 'USER' and 'APOP'. An 

attacker can exploit this vulnerability by submitting a very large values to these commands 

on the POP server. This will cause the MDaemon service to crash when attempting to 

process the command. Successful exploitation would lead to the attacker executing 

arbitrary code on the remote server. 


CVE-2006-4364 

phpCOIN < 1.2.4 Multiple Script _CCFG[_PKG_PATH_INCL] Parameter Remote File Inclusion 



RISK: 

MEDIUM 



Description: Synopsis :\n\nThe remote host is vulnerable to a 'File Inclusion' flaw.\n\nThe remote host is 

running phpCOIN version 1.2.2 or older. This version of phpCOIN is vulnerable to a 

remote 'file include' flaw. An attacker exploiting this flaw would be able to execute PHP 

script code on the remote web server with the permissions of the web server process. 

Successful exploitation would lead to partial loss of confidentiality, integrity, and 

availability. 


CVE-2006-4424 

CubeCart < 3.0.13 Multiple Vulnerabilities 


Description: The remote web server contains a PHP application that suffers from multiple 

vulnerabilities. The version of CubeCart installed on the remote host fails to properly 

sanitize user-supplied input to the 'gateway' parameter before using it in the 

'includes/content/gateway.inc.php' script to include PHP code. An unauthenticated remote 

attacker may be able to exploit this issue to view arbitrary files or to execute arbitrary PHP 

code on the remote host, subject to the privileges of the web server user ID. In addition, the 

application fails to initialize the 'searchArray' and 'links' array variables, which could be 

leveraged to launch SQL injection and cross-site scripting attacks respectively against the 

affected installation as long as PHP's 'register_globals' setting is enabled. 


CVE-2006-4526 

Mailman < 2.1.9rc1 Spoofed Log Entry Injection 


Description: Synopsis :\n\nThe remote web server contains a Python application that is affected by a log 

spoofing vulnerability.\n\nThe version of Mailman installed on the remote host fails to 

sanitize user-supplied input before writing it to the application's 'error' log. An 

unauthenticated remote attacker can leverage this flaw to spoof log messages. In addition, 

the application is reportedly affected by a denial of service issue involving headers that do 

not conform to RFC 2231 as well as several cross-site scripting vulnerabilities. 


CVE-2006-4624 


Ipswitch IMail Server RCPT String Remote Overflow 




vulnerability.\n\nThe remote host is running Ipswitch IMail Server, a commercial 

messaging and collaboration software product for Windows. According to its banner, the 

version of Ipswitch installed on the remote host has a buffer overflow issue in its SMTP 

server component. The details of the exploit are not currently known. An attacker 

exploiting this flaw would send a malformed SMTP command to the server. Successful 

exploitation would result in arbitrary code being executed. 


CVE-2006-4379 

HP OpenView BBC Service Detection 

PVS ID: 3739 FAMILY: CGI RISK: INFO NESSUS ID:22318 

Description: The remote host appears to be running one of the HP OpenView products. This 

specific service is an HTTP server. By sending special requests (version, info, status, 

ping, services), it is possible to obtain information about the remote host. The 

reported server version is: \n %L 

Solution: Ensure that this server is configured in accordance with corporate policies and procedures. 


RaidenHTTPD SoftParserFileXml Parameter Remote File Inclusion 


RISK: 

MEDIUM 


Description: The remote web server contains a PHP script that is susceptible to a remote file inclusion 

attack. The remote host is running RaidenHTTPD, a web server for Windows. The version 

of RaidenHTTPD on the remote host fails to sanitize user-supplied input to the 

'SoftParserFileXml' of the '/raidenhttpd-admin/slice/check.php' script before using it to 

include PHP code. An unauthenticated attacker may be able to exploit this issue to view 

arbitrary files or to execute arbitrary PHP code on the remote host, subject to the privileges 

of the user under which the application runs, which is LOCAL SYSTEM by default. 


CVE-2006-4723 

Quicktime < 7.1.3 Multiple Vulnerabilities 



Description: Synopsis :\n\nThe remote version of QuickTime is affected by multiple code execution 

vulnerabilities.\n\nThe remote version of Quicktime is vulnerable to various buffer 

overflows involving specially-crafted media files. An attacker may be able to leverage 

these issues to execute arbitrary code on the remote host by sending a malformed file to a 

victim and having them open it using QuickTime player. 



CVE-2006-4382 

Moodle < 1.6.2 Multiple Vulnerabilities 



is running Moodle, an open-source content-management system written in PHP. This 

version of Moodle is vulnerable to a SQL Injection flaw, a cross-site scripting flaw, and an 

information disclosure flaw. An attacker exploiting these flaws would only need to be able 

to send malformed HTTP requests to the server. Successful exploitation would result in 

arbitrary SQL command execution on the remote database server, code execution within 

client browsers, or gleaning of information useful in future attacks. 


CVE-2006-4785 

Firefox < 1.5.0.7 Multiple Viulnerabilities 



multiple vulnerabilities.\n\nThe installed version of Firefox is affected by multiple security 




CVE-2006-4566 



Description: Synopsis :\n\nA web browser on the remote host is prone to multiple flaws.\n\nThe 

installed version of SeaMonkey has various security issues, some of which may lead to 

execution of arbitrary code on the affected host subject to the user's privileges. 


CVE-2006-4566 





Description: The remote Windows host contains a mail client that is affected by multiple vulnerabilities. 

The remote version of Mozilla Thunderbird has various security issues, at least one of 

which may lead to execution of arbitrary code on the affected host subject to the user's 

privileges. 


CVE-2006-4566 

RSSOwl < 1.2.3 Atom Feed XSS 


RISK: 

MEDIUM 



host is running RSSOwl, a free RSS reader. RSSOwl 1.2.2 (build 2006-08-27) and lower 

are reported vulnerable to flaws that would allow malicious RSS servers to execute 

malicious code via the RSSOwl application. 


CVE-2006-4760 

Netopia SNMP Password Disclosure 


RISK: 

MEDIUM 



manner.\n\nThe remote host appears to be running a Netopia router with SNMP enabled. 

The Netopia router is using the default SNMP community strings. This version of the 

Netopia firmware is vulnerable to a flaw where a remote attacker can retrieve the 

administrative password by sending a specially formed SNMP query. An attacker 

exploiting this flaw would only need to be able to send SNMP queries to the router using 

the default community string of 'public'. Successful exploitation would result in the attacker 

gaining administrative credentials to the router. 

Solution: Upgrade or patch according to vendor recommendations. Change the default SNMP 

community string to one that is not easily guessed. 


SharpReader < 0.9.7.1 RSS Feed XSS 



RISK: 

MEDIUM 



host is running SharpReader, a free RSS reader. SharpReader 0.9.7.0 and lower are 

reported to be vulnerable to flaws that would allow malicious RSS servers to execute 

malicious code via the SharpReader application. 



CVE-2006-4761 

SNMP 'cable-docsis' Community String 




community string - 'cable-docsis' 


systems to SNMP v3 would be more secure. For non-local attacks, your community string 

is easily guessed and should be changed to something more random. 


SNMP 'cable-docsis' Community String 




community string - 'cable-docsis' 


systems to SNMP v3 would be more secure. For non-local attacks, your community string 

is easily guessed and should be changed to something more random. 


OpenSSH < 4.4 Multiple GSSAPI Vulnerabilities 



remote host is running a version of OpenSSH that is vulnerable to a flaw in the way that it 

handles GSSAPI authentication. If the SSH server is configured to utilize GSSAPI 

authentication then the host may be compromised by a remote attacker with access to the 

SSH port (typically 22). Successful exploitation would result in a Denial of Service (i.e. 

loss of availability). The version of SSH is: \n %L 


CVE-2006-5051 

SAP Internet Transaction Server (ITS) Detection 




Description: The remote host is running the SAP Internet Transaction Server (ITS). According to 

embedded HTML comments, the version and build information is: \n %L 

Solution: N/A 


SAP Internet Transaction Server < 6.20 Patch 18 wgate urlmime Parameter XSS 


RISK: 

MEDIUM 


Description: The remote web server contains a CGI script that is vulnerable to a cross-site scripting 

attack. The remote web server fails to sanitize the contents of the 'urlmime' parameter to the 

'/scripts/wgate' script before using it to generate dynamic web content. An unauthenticated 

remote attacker may be able to leverage this issue to inject arbitrary HTML and script code 

into a user's browser to be evaluated within the security context of the affected web site. 

Solution: Upgrade to version 6.20 Patch 18 or higher. 

CVE-2006-5114 

OpenBSD Portable OpenSSH < 4.4.p1 GSSAPI Authentication Overflow 



running a version of OpenSSH that is vulnerable to a flaw in the way that it handles 

GSSAPI authentication. If the SSH server is configured to utilize GSSAPI authentication 

then the host may be compromised by a remote attacker with access to the SSH port 

(typically 22). Successful exploitation would result in remote code execution. The reported 

version number is: \n %L 

Solution: Upgrade to version 4.4.p1 or higher. 

CVE-2006-5052 

OpenSSL < 0.9.7l / 0.9.8d Multiple Vulnerabilities 



is using a version of OpenSSL that is older than 0.9.6m or 0.9.7d There are several bugs in 

this version of OpenSSL that may allow an attacker to either execute remote code or cause 

a Denial of Service (DoS). 

Solution: Upgrade to version 0.9.7l, 0.9.8d or higher. 

CVE-2006-3738 



phpMyAdmin < 2.9.1 RC1 Multiple Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe vendor has released a fix for an undisclosed flaw in this version of the 

software.\n\nThe remote host is running phpMyAdmin, a web interface for administering 

MySQL database servers. This version of phpMyAdmin is vulnerable to an undisclosed 

vulnerability. The details of the flaws will be released by the vendor; however, they have 

released a patched version of phpMyAdmin. 


CVE-2006-5117 


PVS ID: 3757 FAMILY: Operating System Detection 


contains several security fixes for the following programs :\n - CFNetwork\n - Fla 

Workgroup Manager 

Solution: Upgrade to Mac OS X 10.4.8 or 

higher:\nhttp://www.apple.com/support/downloads/macosx1048updateintel.html\nhttp://www.apple.com/su 

Mercury SiteScope Server Detection 

CVE-2006-4399 


Description: The remote host is running the Mercury SiteScope Server. SiteScope is a system 

monitoring tool that large Enterprises use to track and monitor systems. The reported 

version is: \n %L 

Solution: N/A 


Sun Secure Global Desktop Detection 


Description: The remote server is running the Sun Secure Global Desktop, a web server application that 

allows access from multiple platforms. The reported version is: \n %L 

Solution: N/A 




Sun Secure Global Desktop / Tarantella < 4.20.983 Multiple XSS 


RISK: 

MEDIUM 


Description: The remote web server contains CGI scripts that are vulnerable to cross-site scripting 

attacks. The remote web server contains a CGI script used by Sun Secure Global Desktop 

or Tarantella, a Java-based program for web-enabling applications running on a variety of 

platforms. According to the version reported in one of its scripts, the installation of the 

software on the remote host fails to sanitize user-supplied input to several unspecified 

parameters before using it to generate dynamic web content. An unauthenticated remote 

attacker may be able to leverage these issues to inject arbitrary HTML and script code into 

a user's browser to be evaluated within the security context of the affected web site. 


CVE-2006-4958 

SiVus VOIP Vulnerability Scanner Detection 


Description: The remote client is scanning the network with the SiVus VOIP vulnerability scanner. This 

tool scans networks and detects vulnerable VOIP SIP phones. 

Solution: Ensure that such scanning is in alignment with corporate policies and guidelines. 

SIP Client Detection 



Description: The remote host is running the following SIP client: \n %L \nThis protocol is used to 

connect VoIP users via the Internet. 

Solution: N/A 

SIP Server Detection 



Description: The remote host is running the following SIP server: \n %L \nThis protocol is used to 


Solution: N/A 




Cisco SIP TFTP Server Detection 


RISK: 

MEDIUM 



application.\n\nThe remote host is running a Cisco SIP VOIP server. The device is 

configured to allow TFTP access. An attacker can guess the name of the image files and 

download the device configuration. Such information would include passwords and IDs. 

Solution: Ensure that the TFTP server and associated ACLs are in alignment with corporate policies 

and guidelines. 


Sipsak VOIP Vulnerability Scanner Detection 


Description: The remote client is scanning the network with the Sipsak VOIP vulnerability scanner. This 

tool scans networks and detects vulnerable VOIP SIP phones. The version of Sipsak was: \n 

%L 



McAfee ePolicy Orchestrator HTTP Server Source Header Remote Overflow 


Description: Arbitrary code can be executed on the remote host due to a flaw in the web service. The 

remote host is running McAfee ePolicy Orchestrator. The remote version of this software is 

vulnerable to a stack overflow vulnerability. An unauthenticated attacker can exploit this 

flaw by sending a specially crafted packet to the remote host. A successful exploitation of 

this vulnerability would result in remote code execution with the privileges of the 

SYSTEM. 

Solution: Upgrade to version 3.5.0 Patch 6 or higher. 


CVE-2006-5156 


Description: The remote host is running the following SIP server: \n %L \nThis protocol is used to 


Solution: N/A 




Asterisk VoIP Server Detection 


Description: The remote host is running the Asterisk Voice Over IP (VoIP) Server. This service is used 

to manage phone calls between Internet hosts. 

Solution: N/A 


Asterisk VoIP Administrative Interface Detection 


Description: The remote host is running the Asterisk administrative interface. This interface is used to 

manage the Voice Over IP (VoIP) services offered by the server. 

Solution: Ensure that the default settings for the web interface have been disabled or changed. 

Further, ensure that only trusted IP ranges can access the service. 


Cisco Call Manager (VoIP) Administrative Interface Detection 


Description: The remote host is running the Cisco Call Manager administrative interface. This interface 

is used to manage the Voice Over IP (VoIP) services offered by the server. 

Solution: Ensure that the default settings for the Call Manager have been disabled or changed. 

Further, ensure that only trusted IP ranges can access the service. 


Cisco IP Phone Detection 



RISK: 

MEDIUM 



attacks.\n\nThe remote host is running the Cisco IP Phone version/build " %L "\nFurther, 

the administrative page is available via an embedded web server. Unfortunately, the web 

server gives away critical information that an attacker can use to gain access to the VoIP 

device. This information includes, but is not limited to, user accounts, passwords, TFTP 

servers, network addresses, and phone line information. An attacker exploiting this flaw 

would be able to elevate access on the VoIP devices and possibly gain control of the 

devices. 


Solution: Use ACLs to ensure that only trusted administrators can access the administrative GUI. 


Skype Technologies < 1.5.0.80 NSRRunAlertPanel Function Format String (Mac OS X) 



host is using Skype, a peer to peer chat and VoIP software. The remote version of this 

software contains a format string flaw. An attacker exploiting this flaw would need to be 

able to convince a user to open a malicious URI that was handled by the Skype software. 

Successful exploitation would result in the attacker executing arbitrary code. 


CVE-2006-5084 

Mac OS X Generic Detection 


Description: The remote host is running Mac OS X. 

Solution: N/A 


Encryption Private Key Detection (Generic) 

PVS ID: 3774 FAMILY: Data Leakage RISK: LOW NESSUS ID:Not Available 


manner.\n\nThe remote host has just passed an encryption private key via plaintext on the 

network. This is a risk in that private keys should only reside on a local system and if they 

must be passed, they should be encrypted in transit. 

Solution: Ensure that there are policies and guidelines in place that prohibit the passing of 

private encryption data in plaintext. 













Encryption Private Key Detection (PuTTY) 



manner.\n\nThe remote host has just passed a PuTTY SSH client encryption private key via 

plaintext on the network. This is a risk in that private keys should only reside on a local 

system and if they must be passed, they should be encrypted in transit. 




Encryption Private Key Detection (PuTTY) 



manner.\n\nThe remote host has just passed a PuTTY SSH client encryption private key via 

plaintext on the network. This is a risk in that private keys should only reside on a local 

system and if they must be passed, they should be encrypted in transit. 
























Encryption Private Key Detection (RSA) 









Encryption Private Key Detection (RSA) 









Encryption Private Key Detection (DSA) 




manner.\n\nThe remote host has just passed a DSA encryption private key via plaintext on 

the network. This is a risk in that private keys should only reside on a local system and if 

they must be passed, they should be encrypted in transit. 





Encryption Private Key Detection (DSA) 



manner.\n\nThe remote host has just passed a DSA encryption private key via plaintext on 






Encryption Private Key Detection (PGP) 



manner.\n\nThe remote host has just passed a PGP encryption private key via plaintext on 






Encryption Private Key Detection (PGP) 



manner.\n\nThe remote host has just passed a PGP encryption private key via plaintext on 





HP Printer Detection 



Description: The remote host is running an HP printer. 

Solution: N/A 




OpenSSH < 4.1.0p2 / 4.2 Timing Attack 


Description: Synopsis : \n\nThe remote host discloses information regarding the availability of user 

accounts.\n\nThe remote host is running a version of OpenSSH that is vulnerable to a flaw 

in the way that it handles authentication requests. Specifically, OpenSSH is alleged to vary 

response time based on the complexity (or availability) of the user password. An account 

that had no password would elicit a quicker SSH response than an account that had a 

defined password. An attacker exploiting this flaw would be able to determine local 

accounts that had passwords. This information would be useful in other more complex 

attacks. Tthe reported version of SSH is: \n %L 

Solution: Upgrade to version 4.2, 4.1.0p2 or higher. 

CVE-2006-5229 

ZABBIX Multiple Overflows 



server is running ZABBIX, an open-source tool that is used to manage network devices. 

This version of ZABBIX is vulnerable to a flaw in the way that it handles agent data. An 

attacker spoofing an agent would be able to exploit a number of flaws that would give the 

attacker the rights of the ZABBIX server. 


CVE-2006-6693 

ZABBIX Client Detection 


Description: The remote host is running the ZABBIX client. ZABBIX is a client-server application that 

allows a central server to collect and manage results from multiple clients. 

Solution: N/A 


LogMeIn Listening Server Detection 




Description: The remote client is a LogMeIn server awaiting remote connection. LogMeIn is an 

application that allows users to access their computers (work or home) from anywhere in 

the world via a web browser. LogMeIn works by installing an agent on the computer that is 

to be accessed remotely. The application then establishes a client connection to an Internet 

server and allows the user to connect over the established HTTPS connection. As such, 

LogMeIn has the ability to bypass firewalls and proxies. 

Solution: Ensure that such usage is in alignment with corporate policies and guidelines regarding 

remote access. 




Description: The remote client is a LogMeIn server awaiting remote connection. LogMeIn is an 

application that allows users to access their computers (work or home) from anywhere in 

the world via a web browser. LogMeIn works by installing an agent on the computer that is 

to be accessed remotely. The application then establishes a client connection to an Internet 

server and allows the user to connect over the established HTTPS connection. As such, 

LogMeIn has the ability to bypass firewalls and proxies. 



ColdFusion < 




bypassing of authentication.\n\nThe remote host is running Macromedia 

ColdFusion, a web application server. This version of Macromedia is 

vulnerable to a flaw where a user with local system access can bypass 

authentication and gain administrative access over the application. Successful 

exploitation impacts confidentiality, integrity, and availability. 

Solution: Upgrade to version 7,0,2,142559 or higher. 

CVE-2006-3978 

Blueshoes GoogleSearch.php APP[path][lib] Parameter Remote File Inclusion 



RISK: 

MEDIUM 



Description: Synopsis :\n\nThe remote host is vulnerable to a file-include injection flaw.\n\nThe remote 

host is running the Blueshoes framework, a PHP framework for creating web applications. 

This version of Blueshoes is vulnerable to a flaw in the GoogleSearch.php script. An 

attacker exploiting this flaw would be able to execute arbitrary PHP code on the target 

server. Successful exploitation would give the attacker the same rights as the web process. 


CVE-2006-5250 

ClamAV < 0.88.5 PE Handler Content-Parsing Overflow 


Description: Synopsis : \n\nThe remote host is vulnerable to a heap overflow.\n\nThe remote host is 


\n\nThere is a remote content-parsing flaw in this version of ClamAV that could lead to a 

heap overflow. An attacker sending a malformed PE file would be able to exploit this flaw. 

Successful exploitation would result in the attacker executing arbitrary code. 


CVE-2006-5295 

Skinny Server Detection 

PVS ID: 3795 FAMILY: Generic RISK: INFO NESSUS ID:22877 

Description: The remote server is an H.323 proxy that understands the Skinny protocol, also known as 

SCCP, for 'Skinny Client Control Protocol'. Skinny is Cisco's proprietary lightweight 

terminal control protocol used by some VoIP phones to communicate with Cisco 

CallManager or Asterisk PBX systems. 

Solution: Limit incoming traffic to this port. 


Opera < 9.02 Multiple Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host contains a web browser that is susceptible to a heap buffer 

overflow attack.\n\nThe version of Opera installed on the remote host reportedly contains a 

heap buffer overflow vulnerability that can be triggered by a long link. Successful 

exploitation of this issue may result in a crash of the application or even allow for 

execution of arbitrary code subject to the user's privileges. 




CVE-2006-4819 

Cerberus Helpdesk rpc.php Information Disclosure 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server contains a PHP script that is affected by an 

information disclosure issue.\n\nThe remote host is running Cerberus Helpdesk, a 

web-based helpdesk suite written in PHP. The installed version of Cerberus Helpdesk on 

the remote host allows an unauthenticated attacker to retrieve information about ticket 

requesters through the 'rpc.php' script. 


CVE-2006-5428 

PostgreSQL Multiple Local DoS Vulnerabilities 


RISK: 

MEDIUM 




vulnerable to multiple flaws where an attacker with local access can cause the service to 

stop. Successful exploitation would result in the system being unavailable to legitimate 

users. 

Solution: Upgrade to version 7.3.16, 7.4.14, 8.0.9, 8.15 or higher. 

CVE-2006-5542 

FtpXQ FTP Server < 3.0.2 Multiple Vulnerabilities 


RISK: 

MEDIUM 



FtpXQ FTP server vulnerable to multiple flaws. Versions 3.01 and lower are vulnerable to 

a buffer overflow that results in a Denial of Service (DoS) attack. In addition, versions 3.01 

and lower ship with two default accounts that are enabled. These accounts 

are:\nanonymous/NULL and\ntest/test\n\nAn attacker exploiting the 'test' default account 

would have read/write capability on the remote FTP server. 


CVE-2006-5569 

Winamp < 5.31 Multiple Heap Overflows 





running Winamp, a multi-media software application. This version of Winamp is 

vulnerable to multiple heap overflows. Specifically, the application fails to handle buffers 

when handling 'ultravox-max' and 'Lyrics3' tags. An attacker exploiting this flaw would 

need to be able to convince a user into perusing a malicious media server. Successful 

exploitation would give the attacker the ability to execute code with the privileges of the 

user running Winamp. 


CVE-2006-5567 

Web Wiz Forums forum/search.asp KW Parameter SQL Injection 



is vulnerable to a SQL injection flaw in its search.asp script. An attacker exploiting this 

flaw would be able to execute arbitrary commands on the remote database server. 

Successful exploitation would only require that the attacker be able to send malformed 

requests to the search.asp application. Successful exploitation would result in a loss of 



CVE-2006-5635 

FreePBX VoIP Administrative Interface Detection 


Description: The remote host is running the FreePBX administrative interface. FreePBX is an Asterisk 

derivative that includes a Voice Over IP (VoIP) server and an administrative web interface. 

The web interface is used to manage the VoIP services. The version of FreePBX is\n%L 

Solution: Ensure that the default settings for the web interface have been disabled or changed. Also 

ensure that only trusted IP ranges can access the service. 


WordPress < 2.0.5 Multiple Vulnerabilities 



RISK: 

MEDIUM 



is running WordPress, a web blog manager written in PHP.\nThe remote version of this 

software is reported to be vulnerable to a number of flaws. At the time of this writing, the 

flaws have not been verified by the vendor. Allegedly, an attacker can exploit these flaws to 

gain information about the server that would be useful in future attacks. The WordPress 

application is hosted at the following location:\n%P 



CVE-2006-5705 

SQLYog MySQL HTTP Tunnel Detection 


RISK: 

MEDIUM 



application.\n\nThe remote host is running a MySQL database. In addition, a PHP script is 

installed that allows MySQL connections to be tunneled over HTTP. This sort of 

connection is typically utilized when the database administrator does not have access to 

connect to the database from remote locations. The tunnel does not use any sort of 

encryption and exposes credentials to passive sniffing. In addition, as the PHP script 

connects to the database from the localhost, database authentication does not look for the 

originating IP address within the GRANT tables but instead uses the server IP as the 

originating source. Not only does the script allow database admins to bypass firewall 

restrictions and log in insecurely, it also exposes the database to brute-force attacks from 

anonymous users. The database information contained within the client request was:\n%P\n 

Solution: For remote database administration, choose a method of connection that is restricted to only 

trusted sources and encrypts the authentication credentials. 


MetaSploit Server Detection 


RISK: 

MEDIUM 



corporate policy\n\nThe remote server is running a MetaSploit Framework server. 


the network. 






RISK: 

MEDIUM 



corporate policy.\n\nThe remote server was just observed making an SSL connection to 

metasploit.com. An SSL connection to metasploit.com usually indicates a Metasploit server 

that is downloading updates from the metasploit.com web site. Metasploit is an attack 

framework that allows users to automatically exploit and backdoor vulnerable applications 


via the network. 



Brutus Password Scanning Tool Detection 


RISK: 

MEDIUM 



corporate policy.\n\nThe remote client is running a Brutus scanner. Brutus is a brute-force 

scanner that scans servers, routers, applications and more for passwords. 



WarFTP Daemon < 1.82.00-RC13 Multiple Command Remote Format Strings 


RISK: 

MEDIUM 



host is running WarFTPd, an FTP server for the Microsoft platform. The version of 

WarFTPd running on this host contains multiple 'format string' vulnerabilities. An attacker 

exploiting these flaws would need to be able to authenticate to the FTP server. After 

authentication, the attacker would send a malformed request. Successful exploitation would 

allow the attacker to crash the application and possibly execute arbitrary code on the 

remote server. The vulnerable commands are 'CWD', 'CDUP', 'DELE', 'NLST', 'LIST' and 

'SIZE'. 


CVE-2006-5789 

Sun-One Application Server Version Detection 


Description: The remote host is running the Sun-One Application Server version %L 

Solution: N/A 






Description: Synopsis :\n\nA web browser on the remote host is prone to multiple 

vulnerabilities.\n\nThe installed version of SeaMonkey contains various security issues, 

some of which may lead to execution of arbitrary code on the affected host subject to the 

user's privileges. 


CVE-2006-5748 



Description: Synopsis :\n\nThe remote Windows host contains a mail client that is affected by multiple 

vulnerabilities.\n\nThe remote version of Mozilla Thunderbird suffers from various security 

issues, at least one of which may lead to execution of arbitrary code on the affected host 

subject to the user's privileges. 


CVE-2006-5748 








CVE-2006-5748 

Tivoli Network Services Auditor (NSA) Scanner Detection 


RISK: 

MEDIUM 



corporate policy.\n\nThe remote host is running the Tivoli Network Services Auditor 

scanning software. This software is used to automate the scanning of network systems for 

known vulnerabilities. The presence of this scanner indicates that a group is scanning the 

network for vulnerabilities. 

Solution: Ensure that these scanners are authorized according to corporate policies and guidelines. 




WorldMail < 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow and other 

flaws.\n\nThe remote host is running Eudora WorldMail, a commercial mail server 

for Windows. This version of Worldmail is vulnerable to a remote buffer overflow. 

An attacker exploiting this flaw would be able to execute arbitrary code on the 

target machine. In addition, the application is reported to be vulnerable to a Denial 

of Service (DoS) attack. 


CVE-2006-6025 

ALT-N MDaemon < 9.0.7 / 9.54 Local Insecure Directory 


RISK: 

MEDIUM 



remote host is running the Alt-N MDaemon mail server. This is a mail server for the 

Microsoft Windows platform. This version of MDaemon is vulnerable to a flaw where 

local attackers can overwrite critical MDaemon library files. Successful exploitation would 

give the local user the ability to escalate privileges to those of the MDaemon server. This 

would impact confidentiality, integrity, and availability. 

Solution: Upgrade to version 9.0.7 or 9.54 or higher. 


Apache mod_auth_kerb < 


RISK: 

MEDIUM 



running the Apache mod_auth_kerb Kerberos authentication module. This version of 

mod_auth_kerb is reported to be vulnerable to a remote buffer overflow. The details of the 

attack are not yet known, however, it is alleged that an attacker would be able to crash the 

system or execute arbitrary code. In order to exploit this flaw, an attacker would only need 

to send a malformed Kerberos authentication request. 

Solution: Upgrade to a version higher than 5.20. 

CVE-2006-5989 

Windows Media Player < 





remote host is running Microsoft Media Player version: \n %L .\n\nThere is a flaw in this 

version of Media Player that would allow a remote attacker to crash the application. The 

flaw is in the way that Media Player parses long playlist files. An attacker exploiting this 

flaw would need to be able to convince a user to open a malicious playlist file. 

Solution: Upgrade to a version of Windows Media Player higher than 10.00.00.4036. 

CVE-2006-6134 

WinGate < 6.2.0 Compressed Name Pointer DoS 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote proxy is affected by a denial of service vulnerability.\n\nThe 

remote host appears to be running WinGate, a Windows application for managing and 

securing Internet access. The version of WinGate installed on the remote host contains a 

flaw involving the processing of DNS requests with compressed name pointers. By sending 

a specially-crafted DNS request to a UDP port on which WinGate is listening, an 

unauthenticated remote attacker can cause the affected application to consume 100% of the 

available CPU, thereby denying service to legitimate users. 


iTunes Detection 

CVE-2006-4518 


RISK: 

MEDIUM 



corporate policy.\n\nThe remote host is running an iTunes music share version 

%L.\niTunes is a software package that is used to manage music media files. iTunes has a 

'music share' feature that allows user(s) to access their music via an iTunes web server. 

Solution: Ensure that such software is in alignment with Corporate policies and guidelines. 

iTunes Client Detection 




Description: The remote host is running iTunes, an application for managing and listening to music 

media files. The version of iTunes client is: \n %L . 

Solution: Ensure that such software is in alignment with corporate policies and guidelines. 



SSH Server Detection (Non-standard Port) 


Description: The remote host is running a SSH server: \n %L \nThe SSH server is not running on port 

22. 

Solution: Ensure that this service is authorized. 


Microsoft Office .xls File Detection 

PVS ID: 3822 FAMILY: Data Leakage RISK: INFO NESSUS ID:11419 

Description: The remote web server is hosting .xls files. As an example, consider the following file 

%P\nThe webmaster should make sure that these files contain no confidential data. 

Solution: N/A 


Microsoft Office .doc File Detection 


Description: The remote web server is hosting .doc files. These are Microsoft Office document files. As 

an example, consider the following file %P\nThe webmaster should make sure that these 

files contain no confidential data. 

Solution: N/A 


Microsoft Office .ppt File Detection 


Description: The remote web server is hosting .ppt files. These are Microsoft Office PowerPoint 

presentation files. As an example, consider the following file %P\nThe webmaster should 

make sure that these files contain no confidential data. 

Solution: N/A 


Microsoft Office .csv File Detection 




Description: The remote web server is hosting .csv files. These are Microsoft Office spreadsheet files. 

As an example, consider the following file %P\nThe webmaster should make sure that 

these files contain no confidential data. 

Solution: N/A 


Microsoft Office .rtf File Detection 


Description: The remote web server is hosting .rtf files. These are Microsoft Office rich text format (rtf) 

document files. As an example, consider the following file %P\nThe webmaster should 

make sure that these files contain no confidential data. 

Solution: N/A 


Policy - .mp3 / .mp4 File Detection 


Description: The remote web server is hosting .mp3 or .mp4 files. As an example, consider the 

following file %P\nThe webmaster should make sure that these files are in compliance with 


Solution: N/A 


Policy - .wav File Detection 


Description: The remote web server is hosting .wav files. As an example, consider the following file 

%P\nThe webmaster should make sure that these files are in compliance with corporate 


Solution: N/A 

Web Server Type 





Description: A web server is running on port: Version %L 

Solution: N/A 


Web Server Detection on Port Other Than TCP/80 


Description: PVS has discovered a web server running on a non-standard port. The reported version 

information for this web server is: \n %L 

Solution: Ensure that this web server is authorized according to existing policies and guidelines. 


FreePBX < 2.2.1 VoIP Input Validation Vulnerabilities 



running the FreePBX administrative interface. FreePBX is an Asterisk derivative that 

includes a Voice Over IP (VoIP) server and an administrative web interface. The web 

interface is used to manage the VoIP services. The version of FreePBX is\n%L\nThis 

version of FreePBX is vulnerable to flaws in the way that it handles 'CALLERID(name)' 

and 'CALLERID(num)'. While the details are unknown, it is alleged that an attacker will be 

able to possibly inject or execute code on the remote system. 


CVE-2006-6244 

Xerox WorkCentre Detection 


Description: The remote host is a Xerox WorkCentre, a web-based printer and copier. 

Solution: N/A 


Xerox WorkCentre Version Detection 


Description: The remote host is a Xerox WorkCentre version %L 

Solution: N/A 




Xerox WorkCentre Multiple Vulnerabilities 



is a Xerox WorkCentre. The exact version of the installed software is %L\nThis version of 

WorkCentre is vulnerable to a number of flaws. Namely\n 1) There are multiple command 

injection flaws that would allow an anonymous user to execute commands with the 

privileges of the WorkCentre Administrator.\n 2) Administrative bypass within the 

TFTP/BOOTP auto configuration options. This flaw would allow an attacker to make 

configuration changes that would impact the availability of the remote printer\n 3) A flaw 

that would allow an attacker to hijack email messages and insert malicious code into the 

body of the message\n 4) A flaw within the 'scan-to-mailbox' function that would allow an 

attacker to retrieve sensitive files\n 5) A flaw that would allow an attacker to switch to the 

HTTP protocol instead of the HTTPS protocol 


CVE-2006-6432 

Serendipity serendipity[charset] Parameter Local File Inclusion 


RISK: 

MEDIUM 



multiple local file inclusion issues.\n\nSeveral scripts included with the version of 

Serendipity installed on the remote host fail to sanitize input to the 'serendipity[charset]' 

parameter before using it to include PHP code. Provided PHP's 'register_globals' setting is 

enabled, an unauthenticated attacker may be able to exploit these issues to view arbitrary 

files or to execute arbitrary PHP code on the remote host, subject to the privileges of the 

web server user IS. 


CVE-2006-6242 

TNFTPD < 20040811 Globbing Overflow 




running TNFTPD, a port of the NetBSD FTP daemon. This version of TNFTPD is 

vulnerable to a remote buffer overflow. The flaw is within the glob.c function. An attacker 

exploiting this flaw would need to authenticate to the server and then pass a malformed 

string that would be interpreted by the glob function. Successful exploitation results in the 

attacker executing arbitrary code on the remote system. 



CVE-2006-6652 

Python Urllib Version Detection 


Description: The remote host is running Python's urllib version %L 

Solution: N/A 


Kaspersky Antivirus Client Detection 


Description: The remote host is running the Kaspersky antivirus client version %L 

Solution: N/A 


Policy - .ogg File Detection 


Description: The remote web server is hosting .ogg files. As an example, consider the following file 



Solution: N/A 


Policy - .wma File Detection 


Description: The remote web server is hosting .wma files. As an example, consider the following file 



Solution: N/A 



Kaspersky Antivirus Client MIME-encoded Scan Bypass 

PVS ID: 3841 FAMILY: FTP Clients RISK: HIGH NESSUS ID:Not Available 


Description: Synopsis :\n\nThe antivirus product can be tricked into not scanning potentially malicious 

files.\n\nThe remote host is running the Kaspersky antivirus client version %L\nThis 

version of Kaspersky is vulnerable to a flaw where file scanning can be bypassed by 

passing malformed MIME-encoded requests. An attacker exploiting this flaw would be 

able to send malicious files through the antivirus product without being detected. 


CVE-2006-6409 

ClamAV < 0.88.7 MIME-encoded Scan Bypass 


Description: Synopsis :\n\nThe antivirus product can be tricked into not scanning potentially malicious 

files.\n\nThe remote host is running the ClamAV antivirus client version %L\nThis version 

of ClamAV is vulnerable to a flaw where file scanning can be bypassed by passing 

malformed MIME-encoded requests. An attacker exploiting this flaw would be able to send 

malicious files through the antivirus product without detection. 


Novell Client Detection 

CVE-2006-5874 


Description: The remote host is running Novell client software. 

Solution: N/A 


Novell Service Agent Detection 


Description: The remote host is running Novell software. In addition, the software is announcing itself 

on the network as a service agent. 

Solution: N/A 



ThinClientServer < 4.0.2248 Admin Account Creation 



Description: The remote web server contains a PHP script that allows the creation of additional 

administrative accounts. The remote host is running ThinClientServer, an application to 

convert existing PCs into thin clients. The version of ThinClientServer installed on the 

remote host allows an unauthenticated remote attacker to create administrative accounts. 


CVE-2006-6221 

Cell Phone Operating System Discovery 


Description: The remote host is a cellular device with web browsing capabilities. The remote client OS 

is %L 

Solution: N/A 


Policy - .avi File Detection 


Description: The remote web server is hosting .avi files. These are audio/video files. As an example, 

consider the following file %P\nThe webmaster should make sure that these files are in 

compliance with corporate policies and guidelines. 

Solution: N/A 


Policy - .mpg File Detection 


Description: The remote web server is hosting .mpg files. These are audio/video files. As an example, 



Solution: N/A 


MODBUS Server Diagnostic Mode (SCADA) 

PVS ID: 3849 FAMILY: SCADA 


RISK: 

MEDIUM 




attacks.\n\nThe remote server is running the MODBUS protocol. This protocol is common 

on SCADA or process control networks. In addition, the PLC is running with 'Diagnostics' 

enabled. This is very dangerous, as it can give attackers information that can be used to 

exploit the machine. 

Solution: Only allow diagnostic sessions from trusted clients. 


Modicon PLC Embedded HTTP Server Detection (SCADA) 

PVS ID: 3850 FAMILY: SCADA RISK: LOW NESSUS ID:Not Available 

Description: The Modicon Quantum, Premium and Micro models of PLC have an HTTP server 

interface. The Modicon PLC web server and content was identified on the host. The banner 

is reporting version %L 

Solution: Filter access to TCP port 80 to authorized management addresses. 


Modicon PLC Default FTP Password (SCADA) 

PVS ID: 3851 FAMILY: SCADA RISK: HIGH NESSUS ID:Not Available 


credentials.\n\nThe ethernet modules on Modicon Quantum, Premium and Micro brand 

PLC's have an FTP server. The FTP server has one account that can be modified. The 

default account has the ability to load programs and change the configuration and 

programming of the PLC. 

Solution: Change the username and password for the FTP server. 


Modicon Modbus/TCP Programming Function Code Access (SCADA) 



application.\n\nThe proprietary Modbus/TCP function code 126 is active on this Modbus 

slave. An attacker who is able to gain network access to this device may be able to 

reprogram PLC logic or otherwise impact the integrity of the physical process. 

Solution: Filter incoming traffic on this port to authorized Modbus TCP clients. 



Modicon PLC HTTP Server Default Username/Password (SCADA) 




credentials.\n\nThe ethernet module on Modicon's Quantum, Premium and Micro PLC's 

has an HTTP server with one account that can be modified. The default account has the 

ability to load programs and change the configuration and programming of the PLC. 

Solution: Change the username and password for the HTTP server. 


Modicon PLC Telnet Server Detection (SCADA) 


Description: The remote host is a Modicon PLC Telnet server. 

Solution: Restrict access to the affected port on the PLC or change the default credentials. 


Modicon PLC CPU Type Default Credentials (SCADA) 


RISK: 

MEDIUM 



credentials.\n\nThe Modicon Quantum, Premium and Momentum brands of PLCs have a 

private SNMP MIB that is available on the Internet. The type of Modicon PLC may be 

obtained via an SNMP Get Request. 

Solution: Change default community strings to a value not easily guessed and filter access to the 

SNMP port. 


Modicon PLC IO Scan Status Disclosure 



RISK: 

MEDIUM 



attacks.\n\nThe Modicon Quantum, Premium and Momentum brands of PLCs have a 

private SNMP MIB that is available on the Internet. The scan status may be obtained via an 

SNMP Get Request. The scan status is either idle, operational or stopped. An attacker may 

use this information to determine the status of a PLC. 

Solution: Change default community strings to a value not easily guessed and filter access to the 

SNMP port. 






is running PHP less than 5.2.0. This version is vulnerable to around 180 bugs. An attacker 

exploiting these flaws would be able to impact confidentiality, integrity, and availability. 

The reported version of PHP is: \n %L 


CVE-2006-6383 





and is being controlled by a botnet. A botnet is a network of compromised computers 

which are remotely controlled by a malicious bot administrator. Botnets are commonly 

used for\nsending spam\nrunning Denial of Service (DoS) attacks against other 



realtime 

Solution: You should manually inspect the machine for malicious processes. In addition, you may 

wish to consider installing security software that detects and blocks this sort of malicious 

software. 


Windows Media Format Series Remote Code Execution (923689) 


Description: Synopsis :\n\nArbitrary code can be executed on the remote host through the Media Format 

Series.\n\nThe remote host is running Windows Media Player/Series. There is a 



rogue ASF/ASX file and send it to a victim on the remote host. 

Solution: Microsoft has released a set of patches for Windows 2000, XP and 2003 at 

http://www.microsoft.com/technet/security/bulletin/ms06-078.mspx 

CVE-2006-6134 


Cumulative Security Update for Outlook Express (923694) 



RISK: 

MEDIUM 


Description: Synopsis :\n\nArbitrary code can be executed on the remote host through the email 

client.\n\nThe remote host is running a version of Microsoft Outlook Express that contains 

a security flaw that may allow an attacker to execute arbitrary code on the remote host. To 

exploit this flaw, an attacker would need to send a malformed HTML email to a victim on 

the remote host and have them open it. 

Solution: Microsoft has released a set of patches for Outlook Express at 

http://www.microsoft.com/technet/security/bulletin/ms06-076.mspx 

CVE-2006-2386 

FileZilla Server < 0.9.22 Multiple Remote DoS 


RISK: 

MEDIUM 



attack.\n\nAccording to its version, the FileZilla Server Interface installed on the remote 

host is affected by several denial of service flaws that could be leveraged by an 

authenticated attacker to crash the server and deny service to legitimate users. 



JBoss JMX Console DeploymentFileRepository Directory Traversal File Manipulation 


Description: The remote web server contains a Java service that is affected by a directory traversal flaw. 

The remote web server appears to be a version of JBoss that fails to sanitize user-supplied 

input to the BaseDir parameter used by the 'DeploymentFileRepository' service of JMX 

Console before using it to store or delete files. An unauthenticated attacker may be able to 

exploit this to alter files on the remote host subject to the privileges of the JBoss user. 


CVE-2006-5750 

CA Antivirus Client Detection 


Description: The remote host is a CA antivirus client. 

Solution: N/A 






Description: The remote client is actually a LogMeIn server awaiting remote connection. 

LogMeIn is an application that allows users to access their computers (work or 

home) from anywhere in the world via a web browser. LogMeIn works by installing 

an agent on the computer that is to be accessed remotely. The application then 

establishes a client connection to an Internet server and awaits the user to connect 

over the established HTTPS connection. As such, LogMeIn has the ability to bypass 

firewalls and proxies. 

Solution: Ensure that such usage is in alignment with corporate policies regarding remote access. 


Policy - .divx File Detection 


Description: The remote web server is hosting .divx files. These are movie files. As an example, 



Solution: N/A 





installed version of SeaMonkey contains various security issues, some of which may lead 

to execution of arbitrary code on the affected host subject to the user's privileges. 


CVE-2006-6505 










CVE-2006-6505 

Firefox < 1.5.0.9 / 2.0.0.1 Multiple Vulnerabilities 






Solution: Upgrade to version 1.5.0.9 / 2.0.0.1 or higher. 

CVE-2006-6507 

vBulletin < 3.6.5 .swf ActionScript XSS 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a Script Injection attack.\n\nThe version of 

vBulletin installed on the remote host fails to properly sanitize user-supplied input. Given 

this, the application is prone to a file upload flaw. An attacker exploiting this flaw would 

create a post that includes a malicious .swf file attachment. The malicious .swf file would 

be uploaded to the target server. Users viewing the post and executing the .swf file would 

be vulnerable to a loss of confidential data. 


CVE-2006-6779 

Detection of .xls File Email Attachment 


Description: The remote host was just observed sending the following .xls file. %L\nThe file was 

observed as an email attachment. If the file is confidential, you should check your 

mail server logs for the sender and/or recipient. 

Solution: N/A 


Detection of .zip File Email Attachment 




Description: The remote host was just observed sending the following .zip file. %L\nThe file was 

sent as an email attachment. If the file is considered confidential, you should consult 

your mail server logs for the sender and/or recipient. 

Solution: N/A 


Ultimate PHP Board chat/login.php username Parameter Script Injection 


Description: Synopsis :\n\nThe remote host is vulnerable to a Script Injection attack.\n\nThe 

remote host is running Ultimate PHP Board, a message board written in PHP. 

Versions of Ultimate less than 2.0b2 are vulnerable to a flaw where remote 

attackers can inject and execute script code. Code would be executed with the 

privileges of the web server process. The root flaw is in the 'username' parameter of 

the 'chat/login.php' script. After uploading the code, the attacker can execute via the 

'chat/text.php' script. Successful exploitation results in the attacker impacting 



CVE-2006-6790 

WordPress < 2.0.6 template.php file Parameter HTML Injection 


RISK: 

MEDIUM 




software is reported to be vulnerable to a flaw where a remote attacker can inject malicious 

script code into the 'file' parameter of the 'template.php' script. Successful exploitation 

would result in script code being executed in the browsers of other WordPress clients. In 

addition, the application is reported to be vulnerable to a SQL injection attack. An attacker 

exploiting this attack vector would only need to send malformed requests to the WordPress 

application. Successful exploitation would result in the attacker executing arbitrary SQL 

statements on the database server utilized by WordPress. The path to the vulnerable 

WordPress application is:\n%P 


CVE-2007-0107 

phpBB < 2.0.22 Multiple Vulnerabilities 






phpBB that fails to sanitize user-supplied input. The details of several of these 

flaws is unknown; however, it is known that one of the vulnerabilities is an 

HTML injection flaw. This can enable an attacker to cause arbitrary HTML and 

script code to be executed in a user's browser within the context of the affected 

site. 


CVE-2006-6841 

Teredo IPv6 Client Detection 


RISK: 

MEDIUM 



corporate policy.\n\nThe remote client is a Teredo client. Teredo allows clients to tunnel 

IPv6 traffic over IPv4. The protocol operates over UDP port 3544 and the RFC draft is 

sponsored by Microsoft. Teredo client puts the IPv6 data inside of an IPv4 packet and 

sends it to a gateway machine. The gateway machine then strips away the IPv4 header and 

delivers the IPv6 packet. Given this, Teredo can be used to circumvent firewall rules. 

Solution: Ensure that this sort of functionality is authorized with respect to existing policies and 

guidelines. 

Teredo Server Detection 



Description: Synopsis :\n\nA Teredo server is listening on the remote host.\n\nThe remote host is 

running a Teredo server. Teredo is a protocol for tunneling IPv6 over UDP and is used to 

enable nodes to obtain IPv6 connectivity even when they are located behind IPv4 NAT 

devices that have no support for IPv6. A Teredo server is a node that is connected to both 

IPv4 and IPv6 internets and supports a Teredo tunneling interface over which packets are 

received. 

Solution: Limit incoming traffic to this port if desired. 



Wireless Access Point (WAP) Web Server Detection 



Description: Synopsis :\n\nThe remote host is running a wireless access point (WAP) that should be 

authorized with respect to corporate policy.\n\nThe remote host is a wireless access point. 






Opera installed on the remote host reportedly contains a heap overflow vulnerability that 

can be triggered when processing the DHT marker in a specially-crafted JPEG image to 

crash the browser or possibly allow execution of arbitrary code on the affected host. In 

addition, another flaw in Opera's createSVGTransformFromMatrix object typecasting may 

lead to a browser crash or arbitrary code execution if support for Javascript is enabled. 


CVE-2006-4819 

OmniWeb Browser < 5.5.2 Javascript alert Function Format String 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a 'format string' flaw.\n\nThe remote host is 

using Omniweb, an alternative web browser for the Mac OS platform. This version of 

OmniWeb is vulnerable to a format-string flaw. Specifically, the Javascript 'alert' function 

fails to correctly parse specially formatted strings. An attacker exploiting this flaw would 

need the ability to pass malformed strings to the browser. This typically involves being able 

to entice a user into browsing to a malicious site. Successful exploitation would result in 

the attacker executing arbitrary code within the browser. 


CVE-2007-0148 

phpMyFAQ < 1.6.8 Multiple Vulnerabilities 




attack.\n\nThe remote host is running phpMyFAQ, a web-based 

Frequently-Asked-Questions (FAQ) application. This version of phpMyFAQ is vulnerable 

to a remote SQL injection attack. An attacker exploiting this flaw would send a specially 

crafted HTTP request to the application. Upon parsing the request, the server would be 

manipulated into running commands embedded within the request. A successful attack 

would give the attacker the ability to view data, modify data and potentially execute 

systems commands with the permission of the web server. In addition, the host is 


vulnerable to a flaw where users can bypass authentication and gain administrative access 

to the application. Successful exploitation would lead to the compromise of confidentiality, 

integrity, and availability on the remote machine. 


WordPress < 

CVE-2006-6913 




software is reported to be vulnerable to a flaw where a remote attacker can inject malicious 

SQL statements into the 'tb_id' parameter of the 'wp-trackback.php' script. An attacker 

exploiting this flaw would only need to be able to send queries to the remote web server. 

Successful exploitation would result in the attacker executing arbitrary SQL statements on 

the database server utilized by WordPress. The path to the vulnerable application is:\n%P 


CVE-2007-0233 

PHPMyAdmin < 2.9.2 rc2 Multiple Vulnerabilities 



is running phpMyAdmin, a web interface for administering MySQL database servers. This 

version of phpMyAdmin is vulnerable to an HTML injection attack as well as several 

undisclosed vulnerabilities. The details of the flaws will be released by the vendor; 

however, they have released a patched version of phpMyAdmin. 

Solution: Upgrade to version 2.9.2 rc2 or higher. 

CVE-2007-0204 

Socks 4 Proxy Detection 


Description: The remote host is acting as a Socks version 4 proxy. This allows remote proxy clients to 

tunnel traffic through the host. This sort of behavior is somewhat commonplace on 

compromised hosts. 

Solution: Ensure that the proxy is authorized with respect to corporate policies and guidelines. 




Socks 5 Proxy Detection 


Description: The remote host is acting as a Socks version 5 proxy. This allows remote proxy clients to 

tunnel traffic through the host. This sort of behavior is somewhat commonplace on 

compromised hosts. 

Solution: Ensure that the proxy is authorized with respect to corporate policies and guidelines. 


Microsoft Remoting Client Detection 


Description: The remote host is a 'remoting' client. .NET Remoting is an API developed by Microsoft 

and used for interprocess communications that take place over a channel. 

Solution: N/A 


Microsoft Remoting Client Detection 


Description: The remote host is a 'remoting' server. .NET Remoting is an API developed by Microsoft 

and used for interprocess communications that take place over a channel. 

Solution: N/A 


Squid < 2.6 STABLE7 Multiple Vulnerabilities 


RISK: 

MEDIUM 



Squid caching proxy, according to its version number, is vulnerable to multiple attack 

vectors. At the least, attackers would be able to crash the service. 


CVE-2007-0248 


Burning Board search.php boardids Parameter SQL Injection 



Description: Synopsis :\n\nThe remote web server contains a PHP script that is prone to a SQL injection 

attack.\n\nThe version of Burning Board / Burning Board Lite on the remote host fails to 

sanitize user input to the 'boardids' parameter of the 'search.php' script before using it in 

database queries. Regardless of PHP's 'register_globals' and 'magic_quotes_gpc' settings, an 

unauthenticated remote attacker can leverage this issue to launch SQL injection attacks 

against the affected application, including discovery of password hashes of users of the 

application. 


BitDefender Detection 

CVE-2007-1518 


Description: Synopsis :\n\nThe remote host has an antivirus software package installed on it.\n\nThe 

remote host is running BitDefender, a commercial antivirus software package for Windows. 

Solution: N/A 


WordPress < 2.1 Pingback Information Disclosure 


RISK: 

MEDIUM 



WordPress installed on the remote host fails to sanitize the 'sourceURI' before passing it to 

the 'wp_remote_fopen()' function when processing pingbacks. An unauthenticated remote 

attacker can leverage this issue to determine the existence of local files and possibly even to 

view parts of those files, subject to the permissions of the web server user ID. In addition, 

the version is also reportedly susceptible to a denial of service attack because it allows an 

anonymous attacker to cause a server to fetch arbitrary URLs without limits. The path to 

the WordPress application is:\n%P 



Symantec Antivirus Version Number Detection 


Description: The remote host is running Symantec Antivirus. 

Solution: Ensure that you are running the latest version of Symantec Antivirus. 




Trend Micro InterScan VirusWall Version Detection 


Description: The remote host is running Trend Micro InterScan VirusWall version %L 

Solution: Ensure that you are running the most recent version of VirusWall. 


PGP Desktop < 9.5.1 PGPserv Arbitrary Code Execution 


Description: Synopsis :\n\nThe remote Windows host has an application that is affected by a privilege 

escalation issue.\n\nThe version of PGP Desktop installed on the remote host reportedly 

can allow an authenticated remote user to execute arbitrary code on the affected host with 

LOCAL SYSTEM privileges. The issue arises because the software operates a service 

named 'PGPServ' or 'PGPsdkServ' that exposes a named pipe that fails to validate the object 

data passed to it. 


CVE-2007-0603 

Movable Type' Blog < 3.34 XSS 


RISK: 

MEDIUM 



remote host is running Movable Type, a blogging software for Unix and Windows 

platforms. This version of Movable Type is vulnerable to a persistent Cross-Site Scripting 

(XSS) flaw. An attacker exploiting this flaw would post malicious code into the blog. 

Successful exploitation would allow an attacker to execute malicious code within a user's 

browser or disclose confidential data. 



Stompy (the session stomper) Vulnerability Scanner Detection 


Description: The remote client is scanning with the Stompy HTTP session scanner. This tool scans web 

servers and detects applications that use predictable 'Session Identifier' algorithms. 





CVSTrac < 2.0.1 Text Output Formatter DoS 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server contains a CGI script or is itself subject to a denial of 

service attack.\n\nAccording to its version number, the version of CVSTrac installed on the 

remote host contains a flaw related to its Wiki-style text output formatter that may allow an 

attacker to cause a partial denial of service, depending on the pages requested. 


CVE-2007-0347 

WebGUI < 7.3.8 www_purgeList Method Asset Deletion 


RISK: 

MEDIUM 



authentication.\n\nThe remote host is running WebGUI, a content management framework. 

The remote version of this software is vulnerable to a flaw where an attacker can bypass 

security restrictions and gain administrative access to the application. Specifically, the 

'www_purgeList()' function fails to validate user credentials and would allow an 

unauthenticated user to delete application assets. 


CVE-2007-0629 

Phorum < 5.1.19 register.php XSS 


RISK: 

MEDIUM 



remote version of Phorum contains a script called 'register.php' that is vulnerable to a 

cross-site scripting attack via the 'username' parameter. An attacker may exploit this 

problem to steal the authentication credentials of third party users. 


CVE-2007-0769 

Policy - Nintendo Wii Detection 


Description: The remote client is a Nintendo Wii gaming station. 

Solution: Ensure that the device is authorized. 



Geeklog < 




running Geeklog, an open-source weblog powered by PHP and MySQL. The version of 

Geeklog installed on the remote host includes a flaw in the way that it parses user-supplied 

data. Specifically, the 'glConf' parameter of the 'BaseView.php' script can be used by a 

remote attacker to upload and execute arbitrary script code. An attacker exploiting this flaw 

would be able to execute code with the permissions of the web server process. 


CVE-2007-0810 

PostgreSQL Multiple Vulnerabilities 



is running PostgreSQL, an open source relational database. This version is vulnerable to 

multiple flaws where an attacker with a valid user account can cause the service to stop or 

potentially disclose confidential information. Successful exploitation would result in the 

system being unavailable to legitimate users or the leakage of confidential data. 

Solution: Upgrade to version 7.3.16, 7.4.16, 8.0.11, 8.1.7, 8.2.2 or higher. 

CVE-2007-0556 

WinProxy < 6.1 R1c HTTP CONNECT Request Overflow 


Description: Synopsis :\n\nThe remote HTTP proxy is affected by a buffer overflow 

vulnerability.\n\nThe remote host is running WinProxy, a proxy server for Windows. The 

version of WinProxy installed on the remote host reportedly contains a design issue that 

may result in a buffer overflow vulnerability. Using a specially-crafted HTTP CONNECT 

request, a remote attacker may be able to leverage this issue to execute arbitrary code on 

the affected host subject to the privileges under which the service runs. 

Solution: Upgrade to version 6.1 R1c or higher. 

Firefox < 

CVE-2007-0796 



RISK: 

MEDIUM 



Description: Synopsis :\n\nThe remote browser may allow an attacker to read confidential 

data.\n\nThe installed version of Firefox is reported to be vulnerable to a number of 

flaws. The details of the flaws are not currently known; however, it is alleged that an 

attacker can bypass security mechanisms in order to obtain local file contents. In 

order for this attack to be a success, the attacker would need to be able to convince a 

user to browsea malicious URI and expect that the user would allow a popup 

window. 


CVE-2007-0801 

Jetty Non-random Session ID Vulnerability 


RISK: 

MEDIUM 



application.\n\nThe remote host is running Jetty, a Java web server that can be downloaded 

from the Internet and is currently bundled with some IBM applications. This version of 

Jetty is vulnerable to a remote flaw within its random number generation. Jetty uses a 

predictable algorithm to generate session IDs. Given this, an attacker can gather and 

impersonate other accounts with generated session IDs. An attacker exploiting this flaw 

would only need to be able to access the Jetty application that utilized Session IDs. 

Solution: Upgrade to version 4.2.27, 5.1.12, 6.0.2, 6.1.0-pre3 or higher. 

CVE-2006-6969 

Samba < 3.0.24 nss_winbind.so.1 Multiple Function Overflow 


RISK: 

MEDIUM 



server, according to its version number ('%L'), may be vulnerable to multiple remote buffer 

overflows. The flaw appears to be in the way that Samba handles very long responses to 

'gethostbyname' and 'getipnodebyname' name resolution. An attacker exploiting this flaw 

would only need to be able to send a very long name to the vulnerable application. 

Successful exploitation would result in the attacker executing arbitrary code on the Samba 

server. 


CVE-2007-0453 


AXIGEN Mail Server IMAP Server Multiple Authentication Methods DoS 



Description: Synopsis :\n\nThe remote IMAP server is prone to multiple vulnerabilities.\n\nThe remote 

host is running AXIGEN Mail Server, a messaging system for Linux and BSD. The IMAP 

server component of AXIGEN Mail Server is affected by two denial of service issues 

involving PLAIN and CRAM-MD5 authentication methods. An unauthenticated remote 

attacker can leverage these issues to crash the IMAP service and possibly even execute 

arbitrary code remotely. 



CVE-2007-0887 


Description: Synopsis :\n\nThe remote host is a TiVO device.\n\nThe remote host is a TiVo, a television 

recorder. The version, as advertised by port banner, is:\n\n%L 

Solution: Ensure that the use of such devices is authorized by corporate policy. 




Description: Synopsis :\n\nThe remote host is a TiVO device.\n\nThe remote host is a TiVo, a television 

recorder. The version, as advertised by port banner, is:\n\n%L 

Solution: Ensure that the use of such devices is authorized by corporate policy. 


Sensepost Wikto Detection 


RISK: 

MEDIUM 



corporate policy.\n\nThe remote server is running the Wikto scanner. Wikto is a tool for 

scanning and testing the security of web sites. 

Solution: Ensure that this application is authorized with respect to corporate policies and guidelines. 


Firefox < 0.0.9 'Plain Old Webserver' (POW) Directory Traversal Arbitrary File Access 



RISK: 

MEDIUM 




host is running Plain Old Webserver (POW), a Firefox plugin that allows the user to run a 

web server via a browser plugin. This version of POW is vulnerable to a directory traversal 

flaw. An attacker exploiting this flaw would send a malformed request that contained '../' 

strings. Such a request would allow the attacker to obtain confidential files from outside the 

web root directory. Successful exploitation would lead to the loss of confidential data. 


CVE-2007-0872 

Mercury LoadRunner Detection 


Description: The remote host is running Mercury's LoadRunner. This tool is used to manage and test 

network applications. In the past, LoadRunner has been vulnerable to remote attacks. The 

following information was culled from the Agent:\n\n%L 

Solution: Ensure that you are running the latest version of LoadRunner and consider using ACLs to 

ensure that untrusted hosts cannot connect to the LoadRunner application. 


Cisco VPN Server Detection (PPTP) 


Description: The remote Cisco server is acting as a PPTP VPN server. 

Solution: N/A 


Cisco VPN Concentrator Administrative Interface Detection 



manner.\n\nThe remote Cisco server is acting as a PPTP VPN server. Further, the server 

has enabled web administration over unencrypted HTTP. The VPN Concentrator handles 

user accounts and other confidential data. An attacker with the ability to sniff the network 

would be able to gather confidential data that would be useful in future attacks. The 

reported machine name is:\n\n%L 

Solution: Use Access Control Lists (ACLs) to block access from untrusted machines. In addition, 

force the communication over an SSL connection. 




SQLiX SQL Injection Tool Detection 


RISK: 

MEDIUM 



corporate policy.\n\nThe remote host is running SQLix. SQLix is a tool that automates the 

detection and exploitation of web applications that are vulnerable to SQL injection attacks. 

Solution: Ensure that this application is authorized by corporate policies and guidelines. 


Microsoft FrontPage Version Detection 


Description: The remote web server appears to be running with FrontPage extensions. Double-check the 

configuration since many problems have been found with FrontPage when the 

configuration has not been secured. The reported version of FrontPage is: \n %L 

Solution: If it is not required, disable FrontPage access. Otherwise, disable anonymous access to the 

resource. 


LifeType < 1.1.6 rss.php profile Parameter Traversal Arbitrary File Access 


Description: Synopsis :\n\nThe remote host may allow remote disclosure of confidential files.\n\nThe 

remote host is running LifeType, an open-source blogging platform. The version of 

LifeType installed on the remote fails to sanitize input to the 'profile' parameter of the 

'rss.php' script of directory traversal sequences. An unauthenticated remote attacker can 

leverage this flaw to read files on the affected host and disclose sensitive information, such 

as configuration parameters used by the application. 

Solution: Upgrade to version 1.1.6, 1.2-beta2 or higher. 

CVE-2007-0979 




RISK: 

MEDIUM 



remote host is running the ClamAV antivirus client version %L\n\nThis version of 

ClamAV is vulnerable to a flaw where a CAB file with a reported length of zero 

can cause ClamAV to crash. In addition, the ClamAV application is vulnerable to a 

directory traversal flaw. An attacker, by specifying a file name which has '../' or '..\' 


strings, can overwrite critical system files. In both instances, the attacker only 

needs to be able to send files that are processed by ClamAV. 


CVE-2007-0898 

SpamAssassin < 3.1.8 Malformed HTML Long URI DoS 


RISK: 

MEDIUM 



remote host is running SpamAssassin, an anti-spam software application that detects and 

blocks spam emails. Due to a content-parsing error, SpamAssassin can be crashed when 

processing very long URIs within an email message. An attacker exploiting this flaw would 

only need to have the ability to craft and send an email. Successful exploitation leads to a 

loss of availability. 


CVE-2007-0451 

Catbird Appliance Detection 


Description: The remote host is running the Catbird security appliance. 

Solution: N/A 


BitTorrent Client Detection 


RISK: 

MEDIUM 



corporate policy.\n\nThe remote host is running the Bittorrent client.\nBitTorrent is a client 

application that allows users to quickly download files from multiple locations. 



IBM DB2 Multiple Local Vulnerabilities 




Description: Synopsis :\n\nThe remote host is vulnerable to multiple local flaws.\n\nThe remote 

host is running IBM DB2 database version %L.\nThis version is reported to be 

vulnerable to a number of local flaws. The most serious of these flaws involves a 

local buffer overflow. An attacker exploiting these flaws would need local access to 

the DB2 server. Successful exploitation would result in the attacker executing 


Solution: IBM has released Fixpak 2 for version 9.1 installs. Upgrade or patch older installations 

according to vendor recommendations. 

CVE-2007-1228 








CVE-2007-0996 

WebAPP < 0.9.9.6 Multiple Vulnerabilities 



is running WebAPP, an open-source web portal application written in Perl. There is a flaw 

in the remote version of this software that may allow an attacker to gain remote control of 

the application. The exact nature of the flaws is currently unknown. However, given the 

vendor's statement regarding the patches, the flaws are thought to be of a serious nature. 



Google Desktop Detection 


PVS ID: 3924 FAMILY: Web Clients RISK: INFO NESSUS ID:24709 

Description: Synopsis :\n\nThe remote host has Google Desktop installed.\n\nGoogle Desktop, a search 

application for Windows that allows users to easily search for files on the computer, is 

installed on the remote host. If the 'Advanced Features' or 'Search Across Computers' 

options of Google Desktop are enabled, some data may be sent to Google's servers, 

potentially breaching confidentiality and your corporate security policy. 

Solution: Ensure that installing Google Desktop is authorized by your corporate policy. 



SQLiteManager include/config.inc.php SQLiteManager_currentTheme Cookie Local File Inclusion 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server contains a PHP script that is susceptible to a local file 

inclusion attack. \n\nThe remote host is running SQLiteManager, a web-based application 

for managing SQLite databases. The version of SQLiteManager installed on the remote 

host fails to sanitize user input to the 'SQLiteManager_currentTheme' cookie before using it 

to include PHP code in 'include/config.inc.php'. An unauthenticated remote attacker may be 

able to exploit this issue to view arbitrary files or to execute arbitrary PHP code on the 

remote host, subject to the privileges of the web server user ID. 


CVE-2007-1232 

Xbox Console Detection 


Description: PVS detected an Xbox gaming console on the local network. The version of software 

is: \n %L 

Solution: Ensure that such systems are authorized with respect to corporate policies. 





installed version of SeaMonkey contains various security issues, some of which may lead 

to execution of arbitrary code on the affected host subject to the user's privileges. 


CVE-2007-0994 


OrangeHRM < 2.1 alpha 5 login.php txtUserName Parameter SQL Injection 


Description: Synopsis :\n\nThe remote web server contains a PHP script that is affected by a SQL 

injection vulnerability.\n\n The remote host is running OrangeHRM, a human resource 

management system written in PHP. The version of OrangeHRM installed on the remote 

host fails to sanitize input to the 'txtUserName' parameter of the 'login.php' script before 


using it in a database query. An unauthenticated remote attacker may be able to leverage 

this flaw to manipulate SQL queries and bypass authentication, uncover sensitive 

information, modify data, or launch attacks against the underlying database.\n\n Note that 

successful exploitation of this issue requires that PHP's 'magic_quotes_gpc' be disabled. 

Solution: Upgrade to version 2.1 alpha 5 or higher. 

CVE-2007-1193 

Dropbear < 0.49 Hostkey Host Spoofing Vulnerability 


Description: Synopsis :\n\nThe remote host is vulnerable to a flaw that would allow remote attackers to 

spoof trusted hosts.\n\nThe remote host is running Dropbear, a small, open-source SSH 

server. The version of Dropbear installed on the remote host by default has a flaw where 

the application fails to warn if the hostkey file has changed. An attacker exploiting this flaw 

would be able to execute a man-in-the-middle attack against the Dropbear server. 


CVE-2007-1099 

Qualys Scanner Detection 



corporate policy.\n\nThe remote host is running the Qualys network scanner. The presence 

of this software indicates that a group is scanning the network for vulnerabilities. 

Solution: Ensure that this software is authorized for your network. 





vulnerabilities.\n\n The remote version of Mozilla Thunderbird suffers from various 

security issues, at least one of which may lead to execution of arbitrary code on the affected 

host subject to the user's privileges. 


CVE-2007-0777 


Apache TomCat mod_jk < 1.2.21 Worker Map Remote Overflow 




running the Apache Tomcat web server with mod_jk. mod_jk is reported to be vulnerable 

to a remote buffer overflow. It is alleged that an attacker sending a URI of greater than 

4095 bytes can corrupt the application memory. Successful exploitation would result in the 

attacker executing arbitrary code on the remote web server. 


CVE-2007-0774 

WordPress < 2.1.2 Backdoor Vulnerability 


Description: Synopsis :\n\nThe remote web server contains a PHP application that is affected by a 

remote command execution vulnerability.\n\nThe version of WordPress installed on the 

remote host may include a backdoor that allows an unauthenticated remote attacker to 

execute arbitrary code on the remote host, subject to the permissions of the web server user 

ID. 

Solution: Upgrade to WordPress version 2.1.2 or higher and overwrite all the old files, especially 

those in wp-includes. 

CVE-2007-1277 

Anomalous FTP Server Detection 


Description: An FTP server is running on this port. The server is running on a non-standard port. The 

last observed user ID was\n%P 

Solution: N/A 


QuickTime < 7.1.5 Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote Windows host contains an application that is prone to multiple 

attacks.\n\nAccording to its version, the installation of QuickTime on the remote Windows 

host is affected by multiple buffer overflows. An attacker may be able to leverage these 

issues to crash the affected application or to execute arbitrary code on the remote host by 

sending a specially-crafted file to a victim and having him open it using QuickTime. 


CVE-2007-0717 



Ipswitch IMail Server < 2006.2 Multiple Overflows 


Description: Synopsis :\n\nThe remote mail server is affected by multiple buffer overflow 

vulnerabilities.\n\nThe remote host is running Ipswitch Collaboration Suite / IMail, 

commercial messaging and collaboration suites for Windows. According to its banner, the 

version of Ipswitch Collaboration Suite / IMail installed on the remote host has several 

unspecified buffer overflows in various service components as well as one in an ActiveX 

control. An attacker may be able to leverage these issues to crash the affected service or 

execute arbitrary code remotely by default with LOCAL SYSTEM privileges. 

























MySpaceIM Chat Detection 




Description: The remote host is running MySpaceIM, an application that allows MySpace users to chat 

with one another. 

Solution: Ensure that such chat clients are authorized according to corporate policies and guidelines. 


.pst File Email Attachment Detection 


Description: The remote host was just observed sending the following .pst file.%L\nThe file was 

observed as an email attachment. If the file is confidential, check your mail server logs to 

see who the sender and/or recipient was. 

Solution: N/A 


.pst Office File Detection 

PVS ID: 3941 FAMILY: Data Leakage RISK: INFO NESSUS ID:Not Available 

Description: The remote web server is hosting .pst files. As an example, consider the following 

file %P\nThe webmaster should ensure that they do not contain confidential data. 

Solution: N/A 


LedgerSMB / SQL-Ledger Authentication Bypass 


Description: Synopsis :\n\nThe remote web server contains a Perl application that is prone to an 

authentication bypass issue.\n\nThe remote host is running LedgerSMB or SQL-Ledger, a 

web-based double-entry accounting system. The version of LedgerSMB or SQL-Ledger on 

the remote host contains a design flaw that can be leveraged by a remote attacker to bypass 

authentication and can gain administrative access of the application. 

Solution: If using LedgerSMB, upgrade to 1.1.9 or higher. There is no known solution for 

SQL-Ledger at this time. 

CVE-2007-0777 

.ost File Email Attachment Detection 




Description: The remote host was just observed sending the following .ost file.%L\n.ost files are 

offline storage tables of personal information. The file was observed being sent as an 

email attachment. If the file is confidential, check your mail server logs to see who 

the sender and/or recipient was. 

Solution: N/A 

.ost Offie File Detection 



Description: The remote web server is hosting .ost files. '.ost' files are offline storage tables used to store 

personal information. As an example, consider the following file %P\nThe webmaster 

should make sure that they do not contain confidential data. 

Solution: N/A 


.uni Email Attachment Detection 


Description: The remote host was just observed sending the following .uni file.%L\n.uni files are 

personal folder files for Outlook XP. The file was observed being sent as an email 

attachment. If the file is confidential, check your mail server logs to see who the sender 

and/or recipient was. 

Solution: N/A 


.uni Office Files Detection 


Description: The remote web server is hosting .uni files. '.uni' files are personal folder files for Outlook 

XP that can store Unicode data. As an example, consider the following file %P\nThe 

webmaster should make sure that they do not contain confidential data. 

Solution: N/A 



Mac OS X < 10.4.9 Multiple Vulnerabilities (Security Update 2007-003) 





10.4.9 or a version of Mac OS X 10.3 that does not have Security Update 2007-003 

applied. This update contains several security fixes for the following programs :\n\n - 

ColorSync\n - CoreGraphics\n - Crash Reporter\n - CUPS\n - Disk Images\n - DS Plugins\n 

- Flash Player\n - GNU Tar\n - HFS\n - HID Family\n - ImageIO\n - Kernel\n - MySQL 

server\n - Networking\n - OpenSSH\n - Printing\n - QuickDraw Manager\n - servermgrd\n 

- SMB File Server\n - Software Update\n - sudo \n - WebLog 


CVE-2006-4829 

GnuPG < 1.4.7 Multiple Vulnerabilities 


RISK: 

MEDIUM 



is running GnuPG. The version of GnuPG is: \n %L \nThis version is vulnerable to a 

number of security and privacy flaws. 


CVE-2007-1263 

Apache Tomcat < 5.5.23 / 6.0.10 Directory Traversal Arbitrary File Access 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is vulnerable to a directory traversal flaw.\n\nThe remote 

host is running the Apache Tomcat server. This version of Tomcat is vulnerable to a 

directory traversal flaw. An attacker exploiting this flaw would only need to be able to send 

a malformed request to the server. Successful exploitation would result in the attacker 

being able to read arbitrary files with the permission of the web server process. This can 

lead to disclosure of source code or confidential data. The reported version of Tomcat is: \n 

%L 


CVE-2007-0450 

Horde < 3.1.4 NLS.php new_lang Parameter XSS 



RISK: 

MEDIUM 



Description: The remote web server contains a PHP application that is vulnerable to a cross-site 

scripting attack.\n\n The version of Horde installed on the remote host fails to sanitize input 

to the 'new_lang' parameter before using it in the 'framework/NLS/NLS.php' script to 

generate dynamic content. An unauthenticated remote attacker may be able to leverage this 

issue to inject arbitrary HTML or script code into a user's browser to be executed within the 

security context of the affected site. 


CVE-2007-1473 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote Windows host contains a web browser that can be manipulated 

remotely for network abuse.\n\nThe FTP client support in the installed version of Firefox 

has a flaw that could allow a remote attacker with control of an FTP server to perform a 

rudimentary port scan of the user's internal network. 


CVE-2007-1562 

Squid < 2.6 STABLE12 TRACE Request DoS 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote proxy server is vulnerable to a denial of service 

vulnerability.\n\nA vulnerability in TRACE request processing has been reported in Squid 

that can be exploited by malicious people to cause a denial of service. 


CVE-2007-1560 


Helix Server < 11.1.3.1887 DESCRIBE Request LoadTestPassword Field Overflow 



running the Helix RealServer streaming media server. This version of Helix is vulnerable to 

a flaw in the way that it processes the 'LoadTestPassword' field of a 'DESCRIBE' request. 

An attacker exploiting this flaw would only need to be able to send malformed requests to 

the Helix Server. Successful exploitation would result in the attacker executing arbitrary 

code 



CVE-2006-6026 

IDA Pro Disassembler Software Detection 


Description: The remote client is running the IDA Pro Disassembler Program. This program is used to 

analyze binary files. The reported user and version is\n%L 

Solution: Ensure that this software is authorized for your network and that the version of IDA Pro is 

properly licensed. 


IDA Pro Remote Debugger Server Authentication Bypass 



bypassing of authentication.\n\nThe remote host is running DataRescue IDA 

Pro, a commercial disassembler. This version of IDA Pro is vulnerable to a flaw 

in the way that it handles remote data passed to the processor_request() 

function, an authentication function. An attacker exploiting this flaw can bypass 

authentication and execute commands anonymously. Successful exploitation 

gives the attacker the ability to execute arbitrary commands on the remote 

system. 


CVE-2007-1666 

SIPScan VOIP Vulnerability Scanner Detection 


Description: The remote client is scanning the network with the SIPScan VOIP vulnerability scanner. 

This tool scans networks and detects vulnerable VOIP SIP phones. 



SIPScan VOIP Vulnerability Scanner Detection 



Description: The remote client is scanning the network with the SIPScan VOIP vulnerability scanner. 

This tool scans networks and detects vulnerable VOIP SIP phones. The version of SIPScan 

is\n%L 




Lotus Domino IMAP Server < 6.5.6 / 7.0.2 FP1 CRAM-MD5 Authentication Overflow 


Description: Synopsis : \n\nThe remote IMAP server is affected by a buffer overflow 

vulnerability.\n\nThe IMAP server component of IBM Lotus Domino Server installed on 

the remote host fails to check the length of the supplied username in its CRAM-MD5 

authentication mechanism before processing it. By supplying a username over 256 bytes, 

an unauthenticated remote attacker can leverage this issue to crash the affected service and 

possibly execute arbitrary code remotely. The reported version (via banner) of the affected 

application is: \n %L 

Solution: Upgrade to version 6.5.6, 7.0.2 FP1 or higher. 

CVE-2007-1675 

WordPress < 2.1.3 xmlrpc.php mt.setPostCategories Method SQL Injection 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is vulnerable to a SQL Injection attack.\n\nThe version of 

WordPress installed on the remote host is vulnerable to a SQL injection attack. The 

reported version is: \n %L \n\nAn attacker exploiting this flaw would need to have the 

ability to authenticate to WordPress. Upon authentication, the attacker would send a 

malformed query that, when processed, would execute arbitrary SQL commands on the 

WordPress database. The path to the affected application is: \n%P 

Solution: Upgrade to version 2.1.3 or higher and overwrite all the old files, especially those in 

wp-includes. 

CVE-2007-1897 

F-Secure Product Detection 


Description: The remote host is running F-Secure, a firewall and antivirus software package. 

Solution: N/A 


F-Secure Product Server Detection 




Description: The remote host is running an F-Secure Server. These servers are responsible for managing 

an Enterprise network of F-Secure clients. Such a server typically holds critical and 

confidential information. The reported server version number was: \n %L 

Solution: N/A 


F-Secure Policy Manager fsmsh.dll Path Disclosure 


RISK: 

MEDIUM 



attacks.\n\nThe remote host is running F-Secure Policy Manager, a distributed 

administration software that allows a system administrator to control applications from a 

single web console. There is a flaw in the file '/fsms/fsmsh.dll' that discloses the physical 

path to this application. An attacker may use the knowledge gained through this problem to 

set up more elaborate attacks against the remote host. 


CVE-2004-1223 

.pdf Document File Detection 


Description: The remote web server is hosting .pdf files. As an example, consider the following 

file %P\nThe webmaster should make sure that these files do not contain confidential 

data. 

Solution: N/A 

FTP Server Detection 


PVS ID: 3964 FAMILY: FTP Servers RISK: INFO NESSUS ID:Not Available 

Description: The remote host is a FTP server. 

Solution: N/A 


Bakbone NetVault < 7.4.0 Unspecified Overflow 






NetVault is reported to be vulnerable to a remote buffer overflow. The details of the flaw 

are not currently known. It is believed that a successful attack would lead to arbitrary code 

being executed. 






running the ClamAV antivirus client version %L\n\nThis version of ClamAV is vulnerable 

to multiple attack vectors. The more serious of the flaws is a buffer overflow. An attacker 

exploiting this flaw would need to be able to manipulate ClamAV to scan a malicious file 

(via email, web, etc.). Successful exploitation would result in the attacker executing 

arbitrary code on the remote ClamAV scanner. 


CVE-2007-1997 

XAMPP adodb.php mssql_connect Function Overflow 



running the XAMPP web server, a version of Apache which comes pre-bundled with Perl, 

MySQL, and PHP. This version of XAMPP is reported prone to a remote buffer overflow 

via the mssql_connect() function. An attacker exploiting this flaw would send a malformed 

argument to a script that passed the data to mssql_connect(). Successful exploitation would 

result in the attacker executing arbitrary code on the server. 

Solution: Upgrade to XAMPP greater than 1.6.0a. 

CVE-2007-2079 

ZoneAlarm Pro < 7.0.302.000 vsdatant Driver Local DoS 



RISK: 

MEDIUM 



remote host is running ZoneAlarm, a firewall for Windows. The vendor has released 

version 7.0.302.000 of ZoneAlarm. This version corrects a flaw where a local user can 

disable the firewall. 



CVE-2007-2467 

Lighttpd < 1.4.14 Multiple DoS 



remote host is running Lighttpd, a small web server. This version of Lighttpd is vulnerable 

to multiple Denial of Service (DoS) flaws. An attacker exploiting these flaws would only 

need to be able to send data to the web server. Successful exploitation would result in the 

attacker crashing the web server. 


CVE-2007-1869 

ProFTPD < 1.3.0rc4 Multiple Modules Authentication Bypass 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is vulnerable to a flaw that allows for the bypassing of 

authentication.\n\nThe remote host is using ProFTPD, a free FTP server for Unix and 

Linux. According to its banner, the version of ProFTPD installed on the remote host suffers 

from a flaw where a user can bypass access controls. An attacker exploiting this flaw would 

need the ability to authenticate to the server. Successful exploitation would result in the 

attacker elevating privileges or accessing confidential data. The observed banner was: \n 

%L 


CVE-2007-2165 

GroupWise < 7.0.0 SP2 WebAccess GWINTER.exe Base64 Decoding Overflow 



running a version of GroupWise WebAccess from Novell that fails to sanitize HTTP 

authentication requests. An overly long request will generate an overflow on the remote 

WebAccess server. An attacker exploiting this flaw would only need to be able to connect 

to the service and send an HTTP basic authentication request. Successful exploitation 


Solution: Upgrade to version 7.0.0 SP2 or higher. 

CVE-2007-2171 

Tivoli Provisioning Manager Detection 




Description: The remote host is running the IBM 'Tivoli Provisioning Manager for OS Deployment' 

version %L 

Solution: Ensure that you are running the latest version of TPMfOSd. 


PostgreSQL SECURITY DEFINER Functions Local Privilege Escalation 


RISK: 

MEDIUM 




vulnerable to a local 'privilege escalation' flaw. By accessing temporary objects, a local 

user can escalate privileges. Successful exploitation would allow the local user to gain 

access elevated access to PostgreSQL data. 


CVE-2007-2138 

Winamp < 5.34 Malformed 'PLS' File Handling DoS 


RISK: 

MEDIUM 



remote host is running Winamp, a multimedia software application. This version of 

Winamp is vulnerable to a content-parsing flaw. Specifically, when handling malformed 

PLS files, Winamp can be crashed. An attacker exploiting this flaw would need to be able 

to convince a local user to open a malicious file with Winamp. Successful exploitation 

would result in the application crashing. 






Description: Synopsis :\n\nThe remote host is vulnerable to multiple buffer overflows.\n\nAccording to 

its version, the installation of QuickTime on the remote Windows host is affected by a flaw 

in the way that it handles malformed Java byte code. An attacker exploiting this flaw would 

need to be able to convince a user to browse to a malicious site. Further, the browser must 

be Java-enabled and have a vulnerable version of QuickTime installed. Successful 

exploitation would result in the attacker executing arbitrary code on the client system. In 

addition, this version of QuickTime is vulnerable to an integer overflow and a heap 


overflow. An attacker exploiting either of these flaws will be able to execute code on the 

remote machine. 


CVE-2007-2296 

Winamp < 5.34a MP4 File Handling Overflow 



running Winamp, a multimedia software application. This version of Winamp is vulnerable 

to a content-parsing flaw when handling malformed MP4 files. An attacker exploiting this 

flaw would need to be able to convince a local user to open a malicious MP4 file with 

Winamp. Successful exploitation would result in the attacker executing arbitrary code on 



CVE-2007-2498 

Trillian < 3.1.5.0 Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote host contains a web browser that is susceptible to multiple 

issues.\n\nThe version of Trillian installed on the remote host reportedly contains several 

buffer overflow issues involving its handling of UTF-8 characters. A remote attacker may 

be able to leverage these issues to execute arbitrary code as the current user. 


CVE-2007-2418 

ISC BIND query.c query_addsoa Function Unspecified Recursive Query DoS 



remote BIND DNS server is vulnerable to a flaw in the way that it handles malformed 

recursive query requests. An attacker exploiting this flaw would need to have the ability to 

send malformed requests to the vulnerable DNS Server. Further, the remote server must be 

configured to handle recursive queries from the attacker. Successful exploitation would 

lead to the BIND server crashing. 

Solution: Either disable recursion or upgrade to version 9.4.1, 9.5.0a4 or higher. 

CVE-2007-2241 



Tivoli Client Detection 


Description: The remote host is a Tivoli client. The reported version was: \n %L 

Solution: N/A 

Tivoli Server Detection 



Description: The remote host is a Tivoli Server. The reported version was: \n %L 

Solution: N/A 


Mambo < 4.6.2 includes/pdf.php dofreePDF Function Authentication Bypass 



bypassing of authentication.\n\nThe remote host is running the Mambo Content 

Server, an application for generating dynamic content for web servers. The 

remote application is vulnerable to a flaw where remote attackers can gain 

access to the data hosted on the Mambo database. The root of the flaw stems 

from a lack of authentication and authorization by the 'pdf.php' application. In 

order to exploit this flaw, an attacker would only need to be able to send data to 

the 'pdf.php' application. Successful exploitation would result in a potential loss 

of confidentiality, integrity, and availability on the remote database server. 


CVE-2006-7202 




is running a version of PHP lower than 4.4.7 or 5.2.2. This version is vulnerable to a 

number of remote issues. At least one of these issues is related to a buffer overflow attack. 

An attacker exploiting these flaws would be able to impact confidentiality, integrity, and 

availability. The reported version of PHP is: \n %L 


CVE-2007-1001 



RunCMS < 1.5.2 Build 20070504 SQL Injection 



is running RunCMS, a web-based content management and messaging system. This version 

of RunCMS is vulnerable to a remote SQL injection flaw. Flaws within the SQL-handling 

routines of the 'debug_show.php' script are the root cause of this vulnerability. An attacker 

exploiting this flaw would only need to be able to send specially crafted queries to the 

'debug_show.php' script. Successful exploitation would result in the attacker being able to 

execute arbitrary SQL commands on the remote database server. 


CVE-2007-2539 

Cubecart < 3.0.16 HTTP Response Splitting 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to an HTTP 'response splitting' attack.\n\nThe 

version of CubeCart installed on the remote host fails to properly sanitize user-supplied 

input to the 'ccUser' parameter before using it in cart.php and index.php. An 

unauthenticated remote attacker may be able to exploit this issue to insert false HTTP 

header data into the client request. 


CVE-2007-2550 

MySQL < 5.0.40 IF Query NULL Dereference DoS 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote database server is prone to a denial of service attack.\n\nThe 

version of MySQL installed on the remote host is reportedly affected by a denial of service 

vulnerability that may be triggered with a specially crafted IF query. An attacker who can 

execute arbitrary SELECT statements may be able to leverage this issue to crash the 

affected service. 


CVE-2007-2583 


SNORT Intrusion Detection System (IDS) Detection 



Description: The remote host is running either the Sourcefire SNORT Intrusion Detection System or 

passing SNORT logs to a remote syslog server. 

Solution: N/A 


Bro Intrusion Detection System (IDS) Detection 


Description: The remote host is running either the Bro Intrusion Detection System or passing Bro logs to 

a remote syslog server. 

Solution: N/A 


Samba < 3.0.25 NDR MS-RPC Request Heap-Based Overflow 


Description: Synopsis :\n\nIt is possible to execute code on the remote host through Samba.\n\nThe 

version of the Samba server installed on the remote host ('%L') is affected by multiple heap 

overflow vulnerabilities that can be exploited remotely to execute code with the privileges 

of the samba daemon. 


CVE-2007-2446 

Darwin RTSP Server < 5.5.5 Multiple Overflows 


Description: Synopsis : \n\nThe remote host is vulnerable to multiple buffer overflows.\n\nThe remote 

host is running the Darwin RTSP media server. This version of Darwin is vulnerable to 

multiple flaws in the way that it processes user-supplied data. An attacker exploiting these 

flaws would only need to be able to send RTSP requests to the Darwin server. Successful 

exploitation would result in the attacker executing arbitrary code with the privileges of the 

Darwin server process. The reported version number is: \n %L 


CVE-2007-0748 

Samba < 3.0.25 Multiple Vulnerabilities 




Description: Synopsis :\n\nThe remote Samba server is affected by multiple 

vulnerabilities.\n\nAccording to its banner, the version of the Samba server installed on the 

remote host ('%L') is affected by multiple buffer overflow and remote command injection 

vulnerabilities that can be exploited remotely, as well as a local privilege escalation bug. 

The reported version number of Samba is\n%L 


CVE-2007-2447 

BitTorrent Server Detection 


RISK: 

MEDIUM 



corporate policy.\n\nThe remote host is running a BitTorrent server.\nBitTorrent is a P2P 




Resin < 3.1.1 Directory Traversal Vulnerability (2) 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server is prone to a directory traversal attack. \n\nThe 

remote host is running Resin, an application server. The installation of Resin on the remote 

host allows an unauthenticated remote attacker to gain access to the web-inf directories, or 

any known subdirectories, on the affected Windows host, which may lead to a loss of 

confidentiality. 


CVE-2007-2440 

MySQL < 5.1.18 Multiple Vulnerabilities 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote database server is affected by multiple vulnerabilities.\n\nThe 

version of MySQL installed on the remote host reportedly is affected by three issues :\n\n- 

A user can rename a table without having DROP privileges.\n\n-If a stored routine is 

declared as 'SQL SECURITY INVOKER', a user may be able to gain privileges by 

invoking that routine.\n\n-A user with only ALTER privileges on a partitioned table can 

discover information about the table that should require SELECT privileges. 



CVE-2007-2693 

vBulletin < 3.6.7 calendar.php title Parameter Persistent HTML Injection 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to an HTML injection attack.\n\nThe version 


Specifically, the 'title' parameter of the calendar.php script can be used by an attacker to 

inject script code into a public section of the bulletin board. An attacker exploiting this flaw 

would only need the ability to post data to the calendar.php script. When an unsuspecting 

user browses the site, the script code would be executed within the client browser. 


CVE-2007-2908 

WordPress < 2.1.4 wp-admin/admin-ajax.php cookie Parameter SQL Injection 


Description: Synopsis : \n\nThe remote host is vulnerable to a SQL injection attack.\n\nThe version of 

WordPress installed on the remote host is vulnerable to a SQL injection attack. The 

reported version is: \n %L \n\nAn attacker exploiting this flaw would only need to be able 

to send data to the 'wp-admin/admin-ajax.php' script. Successful exploitation would result 

in the attacker executing SQL commands on the remote database server 


CVE-2007-2821 



Description: Synopsis :\n\nThe remote host contains a web browser that is prone to a buffer overflow 

attack.\n\nThe version of Opera installed on the remote host reportedly contains a buffer 

overflow vulnerability that can be triggered by a malicious Torrent file. Successful 

exploitation requires that a user on the affected host right-click on the torrent entry in the 

transfer manager rather than simply click on a torrent link and may allow a remote attacker 

to execute arbitrary code subject to the privileges of the user. 


CVE-2007-2274 

Symantec Discovery Client Detection 




Description: The remote host is running the Symantec Discovery client. 

Solution: N/A 


Symantec Discovery Server Detection 


Description: The remote host is running the Symantec Discovery server. 

Solution: N/A 


IMAP SSL/TLS Server Detection 

PVS ID: 3999 FAMILY: IMAP Servers RISK: INFO NESSUS ID:Not Available 

Description: An IMAP server is running on this port. The IMAP server is utilizing the SSL/TLS 

encryption protocol. 

Solution: N/A 


POP SSL/TLS Server Detection 

PVS ID: 4000 FAMILY: POP Server RISK: INFO NESSUS ID:Not Available 

Description: A POP server is running on this port. The POP server is utilizing the SSL/TLS 

encryption protocol. 

Solution: N/A 



NOD32 < 2.70.37 Directory Name Handling Multiple Overflows 



running the NOD32 antivirus software. This version of NOD32 is vulnerable to multiple 

stack overflows. An attacker exploiting this flaw would only need to send a malformed file 

to a system running the NOD32 antivirus software. Successful exploitation would result in 

the attacker exploiting code on the remote system. The reported version of NOD32 is: \n 

%L 



CVE-2007-2852 

Cubecart < 3.0.17 cart.inc.php Multiple Parameter SQL Injection 


Description: Synopsis :\n\nThe remote host is vulnerable to a SQL Injection attack.\n\nThe version of 

CubeCart installed on the remote host fails to properly sanitize user-supplied input to the 

'options' parameter before using it in /include/path/cart.inc.php. An unauthenticated remote 

attacker may be able to exploit this issue to execute arbitrary SQL commands on the remote 

database server. An attacker exploiting this flaw would only need to be able to send HTTP 

requests to the Cubecart application. 


CVE-2007-2862 

FTP Server .xls Office Files Detection 


Description: The remote FTP server is hosting .xls files. As an example, consider the following file that 

was detected on the remote FTP server\n%P\n\nDistributing files over FTP is a common 

way of distributing information; however, efforts should be taken to ensure that the hosted 

files do not contain confidential data. risk 

Solution: N/A 


FTP Server .doc Office Files Detection 


Description: The remote FTP server is hosting .doc files. As an example, consider the following file that 



files do not contain confidential data. 

Solution: N/A 


FTP Server .ppt Office Files Detection 




Description: The remote FTP server is hosting .ppt files. As an example, consider the following file that 




Solution: N/A 


FTP Server .csv Office Files Detection 


Description: The remote FTP server is hosting .csv files. As an example, consider the following file that 




Solution: N/A 


FTP Server .rtf Office Files Detection 


Description: The remote FTP server is hosting .rtf files. As an example, consider the following file that 




Solution: N/A 


FTP Server .mp3 / .mp4 Files Detection 


Description: The remote FTP server is hosting .mp3 or .mp4 files. As an example, consider the 

following file that was detected on the remote FTP server\n%P\n\nDistributing files over 

FTP is a common way of distributing information; however, efforts should be taken to 

ensure that the hosted files do not contain confidential data. 

Solution: N/A 


FTP Server .wav Files Detection 




Description: The remote FTP server is hosting .wav files. As an example, consider the following file that 




Solution: N/A 


FTP Server .ogg Files Detection 


Description: The remote FTP server is hosting .ogg files. As an example, consider the following file that 




Solution: N/A 


FTP Server .wma Files Detection 


Description: The remote FTP server is hosting .wma files. As an example, consider the following file 

that was detected on the remote FTP server\n%P\n\nDistributing files over FTP is a 

common way of distributing information; however, efforts should be taken to ensure that 

the hosted files do not contain confidential data. 

Solution: N/A 


FTP Server .avi Files Detection 


Description: The remote FTP server is hosting .avi files. As an example, consider the following file that 




Solution: N/A 


FTP Server .mpg Files Detection 




Description: The remote FTP server is hosting .mpg files. As an example, consider the following file 




Solution: N/A 


FTP Server .divx Files Detection 


Description: The remote FTP server is hosting .divx files. As an example, consider the following file 




Solution: N/A 


FTP Server .pst Office Files Detection 


Description: The remote FTP server is hosting .pst files. As an example, consider the following file that 




Solution: N/A 


FTP Server .ost Office Files Detection 


Description: The remote FTP server is hosting .ost files. As an example, consider the following file that 




Solution: N/A 


FTP Server .uni Files Detection 




Description: The remote FTP server is hosting .uni files. As an example, consider the following file that 




Solution: N/A 


FTP Server .pdf Files Detection 


Description: The remote FTP server is hosting .pdf files. As an example, consider the following file that 




Solution: N/A 


.xls File Upload Detection 


Description: The remote client is utilizing the FTP protocol to upload files to an FTP server. As an 

example, consider the following file that was just uploaded by the client to a remote FTP 

server\n%L\n\nDistributing files over FTP is a common way of distributing information; 

however, efforts should be taken to ensure that the hosted files do not contain confidential 

information. 

Solution: N/A 


.doc File Upload Detection 






information. 

Solution: N/A 




.ppt File Upload Detection 






information. 

Solution: N/A 


.csv File Upload Detection 






information. 

Solution: N/A 


.rtf File Upload Detection 






information. 

Solution: N/A 


.mp3 File Upload Detection 







information. 


Solution: N/A 


.wav File Upload Detection 






information. 

Solution: N/A 


.ogg File Upload Detection 






information. 

Solution: N/A 


.wma File Upload Detection 






information. 

Solution: N/A 


.avi File Upload Detection 








information. 

Solution: N/A 


.mpg File Upload Detection 






information. 

Solution: N/A 


.divx File Upload Detection 






information. 

Solution: N/A 


.pst File Upload Detection 






information. 

Solution: N/A 




.ost File Upload Detection 






information. 

Solution: N/A 


.uni File Upload Detection 






information. 

Solution: N/A 


.pdf File Upload Detection 






information. 

Solution: N/A 



WebGUI < 7.3.14 viewList() Function Authentication Bypass 




The remote version of this software is vulnerable to a flaw where an attacker can bypass 


security restrictions and gain administrative access to the application. Specifically, the 

'viewList()' function of the 'lib/WebGUI/Asset/Wobject/DataForm.pm' script fails to 

validate user credentials and would allow an unauthenticated user access to confidential 

data. 


eScan Agent Detection 



Description: Synopsis :\n\nThe remote host is running antivirus.\n\nThe remote host is running 

MicroWorld Agent server, an embedded service used by Microsoft antivirus software. 

Solution: N/A 


FTP Server Zipped .xls File Detection 


Description: The remote FTP server is hosting compressed (zipped) archives that contain .xls files. As 

an example, consider the following file that is a part of a .zip archive and was just 

downloaded by a remote FTP client\n%L\n\nDistributing files over FTP is a common way 

of distributing information; however, efforts should be taken to ensure that the hosted files 

do not contain confidential information. 

Solution: N/A 


FTP Server Zipped .doc File Detection 


Description: The remote FTP server is hosting compressed (zipped) archives that contain .doc files. As 





Solution: N/A 


FTP Server Zipped .ppt File Detection 




Description: The remote FTP server is hosting compressed (zipped) archives that contain .ppt files. As 





Solution: N/A 


FTP Server Zipped .csv File Detection 


Description: The remote FTP server is hosting compressed (zipped) archives that contain .csv files. As 





Solution: N/A 


FTP Server Zipped .rtf File Detection 


Description: The remote FTP server is hosting compressed (zipped) archives that contain .rtf files. As an 

example, consider the following file that is a part of a .zip archive and was just downloaded 

by a remote FTP client\n%L\n\nDistributing files over FTP is a common way of 

distributing information; however, efforts should be taken to ensure that the hosted files do 

not contain confidential information. 

Solution: N/A 


FTP Server Zipped .mp3 / .mp4 File Detection 


Description: The remote FTP server is hosting compressed (zipped) archives that contain .mp3 or .mp4 

files. As an example, consider the following file that is a part of a .zip archive and was just 




Solution: N/A 




FTP Server Zipped .wav File Detection 


Description: The remote FTP server is hosting compressed (zipped) archives that contain .wav files. As 





Solution: N/A 


FTP Server Zipped .ogg File Detection 


Description: The remote FTP server is hosting compressed (zipped) archives that contain .ogg files. As 





Solution: N/A 


FTP Server Zipped .wma File Detection 


Description: The remote FTP server is hosting compressed (zipped) archives that contain .wma files. As 





Solution: N/A 


FTP Server Zipped .avi File Detection 



Description: The remote FTP server is hosting compressed (zipped) archives that contain .avi files. As 




Solution: N/A 




FTP Server Zipped .mpg File Detection 


Description: The remote FTP server is hosting compressed (zipped) archives that contain .mpg files. As 





Solution: N/A 


FTP Server Zipped .divx File Detection 


Description: The remote FTP server is hosting compressed (zipped) archives that contain .divx files. As 





Solution: N/A 


FTP Server Zipped .pst File Detection 


Description: The remote FTP server is hosting compressed (zipped) archives that contain .pst files. As 





Solution: N/A 


FTP Server Zipped .ost File Detection 




Description: The remote FTP server is hosting compressed (zipped) archives that contain .ost files. As 





Solution: N/A 


FTP Server Zipped .uni File Detection 


Description: The remote FTP server is hosting compressed (zipped) archives that contain .uni files. As 



of distributing information. However, efforts should be taken to ensure that the hosted files 


Solution: N/A 


FTP Server Zipped .pdf File Detection 


Description: The remote FTP server is hosting compressed (zipped) archives that contain .pdf files. As 



of distributing information. However, efforts should be taken to ensure that the hosted files 


Solution: N/A 


FTP Server Zipped xls File Uploaded 



Description: The remote FTP client was observed uploading an archive (zipped) file that contained a .xls 

file. As an example, consider the following file that is a part of a .zip archive and was just 

uploaded to a remote FTP server\n%L\n\nDistributing files over FTP is a common way of 

distributing information. However, efforts should be taken to ensure that confidential files 

are not uploaded via FTP. 


Solution: N/A 


FTP Server Zipped .doc File Uploaded 


Description: The remote FTP client was observed uploading an archive (zipped) file that contained a 

.doc file. As an example, consider the following file that is a part of a .zip archive and was 

just uploaded to a remote FTP server\n%L\n\nDistributing files over FTP is a common way 

of distributing information. However, efforts should be taken to ensure that confidential 

files are not uploaded via FTP. 

Solution: N/A 


FTP Server Zipped .ppt File Uploaded 



.ppt file. As an example, consider the following file that is a part of a .zip archive and was 




Solution: N/A 


FTP Server Zipped .csv File Uploaded 



.csv file. As an example, consider the following file that is a part of a .zip archive and was 




Solution: N/A 


FTP Server Zipped .rtf File Uploaded 




Description: The remote FTP client was observed uploading an archive (zipped) file that contained a .rtf 





Solution: N/A 


FTP Server Zipped .mp3 / .mp4 File Uploaded 



.mp3 or .mp4 file. As an example, consider the following file that is a part of a .zip archive 

and was just uploaded to a remote FTP server\n%L\n\nDistributing files over FTP is a 

common way of distributing information. However, efforts should be taken to ensure that 

confidential files are not uploaded via FTP. 

Solution: N/A 


FTP Server Zipped .wav File Uploaded 



.wav file. As an example, consider the following file that is a part of a .zip archive and was 




Solution: N/A 


FTP Server Zipped .ogg File Uploaded 



.ogg file. As an example, consider the following file that is a part of a .zip archive and was 




Solution: N/A 




FTP Server Zipped .wma File Uploaded 



.wma file. As an example, consider the following file that is a part of a .zip archive and was 




Solution: N/A 


FTP Server Zipped .avi File Uploaded 


Description: The remote FTP client was observed uploading an archive (zipped) file that contained a .avi 





Solution: N/A 


FTP Server Zipped .mpg File Uploaded 



.mpg file. As an example, consider the following file that is a part of a .zip archive and was 




Solution: N/A 


FTP Server Zipped .divx File Uploaded 




.divx file. As an example, consider the following file that is a part of a .zip archive and was 



Solution: N/A 




FTP Server Zipped .pst File Uploaded 


Description: The remote FTP client was observed uploading an archive (zipped) file that contained a .pst 





Solution: N/A 


FTP Server Zipped .ost File Uploaded 


Description: The remote FTP client was observed uploading an archive (zipped) file that contained a .ost 





Solution: N/A 


FTP Server Zipped .uni File Uploaded 



.uni file. As an example, consider the following file that is a part of a .zip archive and was 




Solution: N/A 


FTP Server Zipped .pdf File Uploaded 





.pdf file. As an example, consider the following file that is a part of a .zip archive and was 




Solution: N/A 


OpenOffice Version Information 


Description: The remote host is running the OpenOffice suite of business tools. The exact version is 

\n%L 

Solution: N/A 


Openfire < 3.3.1 Admin Console Privilege Escalation 


Description: Synopsis :\n\nThe remote web server allows unauthenticated access to its administrative 

console.\n\nThe remote host is running Openfire / Wildfire, an instant messaging server 

supporting the XMPP protocol.\n\nThe version of Openfire or Wildfire installed on the 

remote host allows unauthenticated access to a servlet, which could allow a malicious user 

to upload code to Openfire via its admin console. 

Solution: Either firewall access to the admin console on this port or upgrade to Openfire version 3.3.1 

or higher. 

CVE-2007-2975 

Mozilla Firefox < 1.5.0.12 / 2.0.0.4 Multiple Vulnerabilities 




issues, one of which may lead to execution of arbitrary code on the affected host subject to 

the user's privileges. 


CVE-2007-1362 










CVE-2007-1558 

Mozilla SeaMonkey < 1.0.9 / 1.1.2 Multiple Vulnerabilities 



installed version of SeaMonkey contains various security issues, one of which may lead to 

execution of arbitrary code on the affected host subject to the user's privileges. 

Solution: Upgrade to version 1.0.9 / 1.1.2 or higher. 

CVE-2007-1558 



RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server uses a version of PHP that is affected by multiple 

flaws.\n\nAccording to its banner, the version of PHP installed on the remote host is older 

than 5.2.3. Such versions may be affected by several issues including an integer overflow, 

'safe_mode' and 'open_basedir' bypass, and a denial of service vulnerability. The reported 

version of PHP is: \n %L 


CVE-2007-2756 




remote host is running the ClamAV anti-virus client version %L\n\nThis version of 

ClamAV is vulnerable to a denial of service (DoS) attack when handling malformed RAR 

archive files. An attacker exploiting this flaw would only need the ability to send an email 

to the vulnerable system. Successful exploitation would result in the application crashing. 




CVE-2007-2650 

BASE < 1.3.8 Redirect Authentication Bypass 



bypassing of authentication.\n\nThe remote host is running BASE, a web-based 

tool for analyzing alerts from one or more SNORT sensors. The version of 

BASE installed on the remote host fails to sanitize user-supplied input to the 

'base_main.php'. An attacker exploiting this flaw would be able to access 

confidential data without authorization. 


CVE-2007-5578 

Lotus Domino Web Server Multiple Vulnerabilities 



is running a version of Lotus Domino Server that is prone to multiple attacks against the 

web server component. If this Lotus Domino install includes the web server component, 

there is a risk that remote users may crash the application (DoS) or that local users may 

escalate privileges on the local machine. 

Solution: Upgrade to version 6.5.5F3, 6.5.6, 7.0.2F2, 7.0.3 or higher. 

PBLang < 

CVE-2007-0068 


RISK: 

MEDIUM 



inclusion attack.\n\nThe remote host is running PBLang, a bulletin board system that uses 

flat files and is written in PHP. The version of PBLang installed on the remote host fails to 

sanitize user input to the 'lang' parameter before using it to include PHP code in 'login.php'. 

Regardless of PHP's 'register_globals' setting, an unauthenticated remote attacker may be 

able to exploit this issue to view arbitrary files or to execute arbitrary PHP code on the 

remote host, subject to the privileges of the web server user ID. 


CVE-2007-3096 


Yahoo! Messenger Webcam ActiveX Multiple Overflows 



Description: Synopsis :\n\nThe remote Windows host has a least one ActiveX control that is affected by 

a buffer overflow vulnerability.\n\nThe remote host contains the 'Webcam' ActiveX 

controls included with Yahoo! Messenger. The version of at least one of these controls on 

the remote host has a buffer overflow. If an attacker can trick a user on the affected host 

into visiting a specially-crafted web page, he may be able to leverage these issues to 

execute arbitrary code on the host subject to the user's privileges. 

Solution: Upgrade or patch according to vendor recommendations and ensure that the version of both 

affected controls is 2.0.1.6 or higher. 

CVE-2007-3148 

Windows CE < 5.1 Detection 



remote host is a Windows CE device. The remote client OS is \n%L\n\nThis version of 

Windows CE has been reported prone to a number of Denial of Service (DoS) attacks. 



Yahoo! Messenger User Enumeration 


Description: The remote host is running Yahoo! Instant Messenger. The user ID associated with this 

session is\n%L 

realtime 

Solution: N/A 


AOL Instant Messenger User Enumeration 


Description: The remote host is running AOL Instant Messenger. The user ID associated with this 

session is\n%L 

realtime 

Solution: N/A 




GHOST UDP Network Client Version Detection 


Description: The remote host is a GHOST client that looks for a GHOST server and, if found, 

downloads a bootable image at system startup. The version of the remote GHOST client 

is\n%L 

Solution: Ensure that this protocol is secure and within corporate and security policies and 

guidelines. This traffic should never be seen on an external (DMZ or extranet) segment. 


Windows Live Messenger Version Detection 


Description: The remote client is running Windows Live Messenger, an application that allows users to 

chat and share information on multiple chat networks simultaneously. The version of 

Windows Live Messenger is\n%L 

Solution: Ensure that you are running the latest version of this software. 


BearShare P2P Client Version Detection 


Description: The remote host is running the BearShare client. BearShare is a Gnutella Peer to Peer (P2P) 

client that is used to connect to file-sharing networks. The reported version is \n%L 

Solution: Ensure that such behavior is in alignment with policies and guidelines regarding 



gtk-gnutella P2P Client Version Detection 


Description: The remote host is running the gtk-gnutella client. gtk-gnutella is a Gnutella Peer to Peer 

(P2P) client that is used to connect to file-sharing networks. The reported version is \n%L 






Invision Power Board < 



authentication.\n\nThe remote host is running Invision Board, a CGI suite designed to set 

up a bulletin board system on the remote web server. This version of Invision Board is 

vulnerable to a flaw in the way that the 'sources/action_public/xmlout.php' script handles 

user-supplied data. An attacker exploiting this flaw would be able to change the instant 

messenger profile of another user. This could lead to a loss of confidential data. 


CVE-2007-3219 

Cumulative Security Update for Microsoft Outlook Express and Windows Mail (929123) 


Description: Arbitrary code can be executed on the remote host through the email client. The remote 

host is running a version of Microsoft Outlook Express that contains several security flaws 

that may allow an attacker to execute arbitrary code on the remote host. To exploit this 

flaw, an attacker would need to send a malformed email to a victim on the remote host and 

have him open it.\nIAVB Reference : 2007-B-0011\nSTIG Finding Severity : Category II 


CVE-2007-2227 

Windows 2003 SP2 Server Detection 



Solution: N/A 










Solution: Upgrade or patch according to vendor recommendaitons. 


CVE-2007-2227 

Windows Vista Operating System Detection 


Description: The remote host is running Windows Vista. 

Solution: N/A 










CVE-2007-2227 









CVE-2007-2227 

Microsoft Windows Office Version Detection 


Description: The remote host is running Microsoft Office version %L 

Solution: N/A 


Windows CE < 5.1 Detection 





is a Windows CE device. The remote client OS is \n%L\n\nThis version of Windows CE 

has been reported prone to a number of Denial of Service (DoS) attacks. In addition, the 

client is reported vulnerable to a buffer overflow. An attacker exploiting these flaws would 

be able to either crash the client or execute arbitrary code. 



Windows CE < 5.0 / 6.0 Buffer Overflow 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nThe remote host is a 

Windows CE device. The remote client OS is \n%L\n\nThis version of Windows CE has 

been reported prone to a buffer overflow. An attacker exploiting this flaw would be able to 

execute arbitrary code on the remote device. 


YaBB SE < 




bypassing of authentication.\n\nThe remote host is running the YaBB SE forum 

management system. There is a flaw in this version of YaBB SE that allows 

authenticated users to escalate privileges and gain administrative access. The 

'Profile.pl' and 'Register.pl' scripts fails to sanitize CRLF sequences. An attacker 

can use this flaw to write data into their profile which gives them elevated 

access. 


CVE-2007-3295 

IMAP User ID Enumeration 


Description: The remote host is an IMAP client. The observed IMAP User ID was\n%L" 

Solution: N/A 




Windows Safari Detection 


Description: The remote host is running the Safari browser for Microsoft Windows. The version number 

was\n%L 

Solution: N/A 


SpamAssassin < 3.2.1 spamd Symlink Local DoS 



remote host is running SpamAssassin, an anti-spam software application that detects and 

blocks spam emails. This version of SpamAssassin is vulnerable to a flaw in that by 

creating a symbolic link, local attackers can cause the application to process a malformed 

file. Successful exploitation results in the application crashing and denying valid services to 

users. 


CVE-2007-2873 

Simple Machines Forum < 1.1.3 PHPSESSIONID Cookie Session Hijacking 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a predictable ID flaw that allows hijacking 

of user accounts.\n\nThe remote host is running the Simple Machines Forum (SMF), a web 

forum. This version of SMF is vulnerable to a flaw in the way that it handles 

'PHPSESSIONID' cookie data. Specifically, if an attacker can convince a user to browse a 

malicious URI with a predefined 'PHPSESSIONID', the attacker can impersonate the user 

and hijack their account. Successful exploitation would lead to the attacker gaining full 

access to the targeted account. 


CVE-2007-2546 




Description: Synopsis :\n\nThe remote host contains an instant messenging application that is affected 

by a buffer overflow vulnerability.\n\nThe version of Trillian installed on the remote host 

reportedly is affected by a heap buffer overflow issue involving improper handling of 

UTF-8 sequences when word-wrapping UTF-8 text. A remote attacker may be able to 


leverage these issues to execute arbitrary code as the current user. 


CVE-2007-3305 




remote host is running AOL Instant Messenger (AIM). Versions 6.1.32.1 and lower are 

reported vulnerable to a remote Denial of Service (DoS) attack. An attacker exploiting this 

flaw would only need to be able to initiate a SIP session to the AIM client. Successful 

exploitation would result in the Instant Messenger client crashing. 


CVE-2007-3350 

AOL Instant Messenger 6 Version Detection 


Description: The remote client is running AOL Instant Messenger version: \n %L 

Solution: N/A 


SJPhone SIP Client INVITE Transaction Remote DoS 



remote host is running the SJPhone VoIP SIP client: \n %L \nThis protocol is used to 

connect VoIP users via the Internet. Further, it is alleged that certain versions of SJPhone 

(prior to 1.65.377a) are prone to a Denial of Service flaw. 


SIP Client Detection 

CVE-2007-3351 



Description: The remote host is running the following SIP client: \n %L \nThis protocol is used to 



Solution: N/A 


cPanel Remote Backup Information Disclosure 



is running a version of cPanel that is either 10.9.1 or 11.4.19.\nThe remote version of this 

software is vulnerable to a cross-site scripting (XSS) flaw in the 'scgiwrap' script. An 

attacker exploiting this flaw would need to be able to convince a user to browse a malicious 

URI. In addition, this version of cPanel is vulnerable to a path disclosure flaw. Successful 

exploitation would result in the attacker gaining knowledge of the physical location of the 

different web files. 

Solution: Upgrade or patch according to vendor recommednations. 

CVE-2007-3367 

Ubuntu Server Detection 


Description: The remote host is running the Ubuntu operating system. This information was gathered via 

the web server banner that looked like: \n %L 

Solution: Upgrade to the latest version of Ubuntu. 


CFNetwork < 129.20 DoS 


RISK: 

MEDIUM 



remote host is running CFNetwork prior to 129.20. CFNetwork is an API for Mac OS X 

users that allows an abstraction of common network protocols. This version of CFNetwork 

is prone to a Denial of Service (DoS) flaw. An attacker exploiting this flaw would be able 

to crash the application utilizing CFNetwork. The reported version of CFNetwork is: \n %L 


CVE-2007-0464 

Limewire Server Detection 



RISK: 

MEDIUM 




questionable.\n\nThe remote host is running the Limewire server.\nLimewire is a P2P 


Solution: Ensure that Limewire is allowed with respect to corporate policies and guidelines. 


FuseTalk Multiple XSS Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server contains a ColdFusion script that is susceptible to 

multiple cross-site scripting attacks.\n\nThe remote host is running FuseTalk, a discussion 

forum implemented in ColdFusion. The version of FuseTalk installed on the remote host 

fails to properly sanitize user-supplied input to several parameters and scripts before using 

it to generate dynamic content. An unauthenticated remote attacker may be able to leverage 

this issue to inject arbitrary HTML or script code into a user's browser to be executed 

within the security context of the affected site. 


CVE-2007-3339 

FuseTalk txForumID Parameter SQL Injection 


Description: Synopsis :\n\nThe remote web server contains a ColdFusion script that is prone to a SQL 

injection attack.\n\nThe remote host is running FuseTalk, a discussion forum implemented 

in ColdFusion. The version of FuseTalk installed on the remote host fails to properly 

sanitize user-supplied input to the 'txForumID' parameter before using it in the 

'forum/include/error/forumerror.cfm' script in database queries. An unauthenticated remote 

attacker can leverage this issue to launch SQL injection attacks against the affected 

application. 


Calendarix < 

CVE-2007-3273 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server contains a PHP script that is prone to SQL injection 

attacks.\n\nThe remote host is running Calendarix, a free web-based calendar application 

written in PHP. The version of Calendarix installed on the remote host fails to sanitize 

input to the 'month' and 'year' parameters of the 'calendar.php' script before using it in 

database queries. Provided PHP's 'magic_quotes_gpc' setting is disabled, an 


unauthenticated attacker can exploit these flaws to manipulate database queries, which may 

lead to disclosure of sensitive information, modification of data or attacks against the 

underlying database. 

Solution: Upgrade to a version of higher than 0.7.20070307. 

CVE-2007-3183 

WordPress < 2.2.1 _wp_attached_file Metadata Unrestricted File Upload 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a script injection attack.\n\nThe version of 

WordPress installed on the remote host is vulnerable to a file upload attack. An attacker 

exploiting this flaw would only need to be able to send custom queries to the 'wp-app.php' 

or 'app.php' script. Successful exploitation would result in the attacker uploading arbitrary 

code that could then be executed with the privileges of the web server. The path to the 

vulnerable version of WordPress is:\n%P 


CVE-2007-3543 

Ingres Communications Server Detection 

PVS ID: 4115 FAMILY: Database RISK: INFO NESSUS ID:25572 

Description: Synopsis :\n\nA database service is listening on the remote host.\n\n The remote service is 

an Ingres Communications Server, also known as a Net Server. This is the main process 

component of Ingres Net and monitors communications between applications and DBMS 

servers. 



TrendMicro OfficeScan < 8.0.0.1042 Multiple Vulnerabilities 



is running a TrendMicro OfficeScan server. This version is reported to be vulnerable to 

multiple flaws. The more serious of these flaws involves a buffer overflow. An attacker 

exploiting these flaws would be able to execute arbitrary code on the remote OfficeScan 

server. 


CVE-2007-3454 



Kaspersky Anti-Spam < 3.0.0 [0274] Authentication Bypass 


Description: Synopsis : \n\nThe remote host is vulnerable to a flaw that allows for the 

bypassing of authentication.\n\nThe remote host is running the Kaspersky 

Anti-Spam server. This version of Anti-spam is vulnerable to a flaw where 

unauthenticated users can gain access to confidential data. The details of the 

flaw are currently unknown; however, it is believed that a successful attack 

would give an attacker access to confidential data. The version of the remote 

server is: \n %L 

Solution: Upgrade to version 3.0.0 [0274] or higher. 

CVE-2007-3502 

ALT-N MDaemon < 9.6.1 DomainPOP Malformed Message DoS 



attack.\n\nThe remote host is running the Alt-N MDaemon mail server. This is a 

mail server for the Microsoft Windows platform. This version of MDaemon is 

vulnerable to a flaw where a remote attacker can cause the mail service to crash. An 

attacker exploiting this flaw would only need to be able to connect to the POP3 port 

of the server (typically 110). Successful exploitation would result in services being 

denied to valid users. 


CVE-2007-3622 

Vulnerabilities in .NET Framework Could Allow Remote Code Execution (931212) 


Description: Synopsis :\n\nThe remote .NET Framework is vulnerable to code execution attack.\n\nThe 

remote host is running a version of the ASP.NET framework that contains multiple 

vulnerabilities :\n\n- PE Loader Vulnerability: could allow an attacker to execute arbitrary 

code with the privilege of the logged-on user;\n\n- ASP.NET NULL Byte Termination 

Vulnerability: could allow an attacker to retrieve the content of the web server;\n\n- JIT 

Compiler Vulnerability: could allow an attacker to execute arbitrary code with the privilege 

of the logged-on user.\nIAVA Reference : 2007-A-0037\nSTIG Finding Severity : 

Category II 

Solution: Microsoft has released a set of patches for .NET Framework 1.0, 1.1 and 2.0. 

CVE-2007-0043 












Category II 


CVE-2007-0043 










Category II 


CVE-2007-0043 

Potential SPAM Server Detection 


RISK: 

MEDIUM 


Description: The remote server is forwarding email in a manner consistent with many SPAM/UCE 

servers. The SMTP header that PVS flagged on was: \n %L 

realtimeonly 

Solution: Ensure that this email server is authorized send SPAM/UCE emails. 





RISK: 

MEDIUM 




servers. The logged 'From' email address of the email was: \n %L 

Solution: Ensure that this email server is authorized to send SPAM/UCE emails. 




RISK: 

MEDIUM 



servers. The SMTP header which PVS flagged on was: \n %L 





RISK: 

MEDIUM 








RISK: 

MEDIUM 



servers. A portion of the sent email includes: \n %L 






RISK: 

MEDIUM 




servers. A portion of the sent email includes: \n %L 



Microsoft .NET Framework Version Detection 


Description: The remote host is running Microsoft .NET Framework version %L 

Solution: Ensure that you are running the latest version of .NET Framework. 


Microsoft ASP.NET Version Detection 


Description: The remote host is running Microsoft ASP.NET version %L 

Solution: Ensure that you are running the latest version of ASP.NET. 


ClamAV < 0.91.0 Multiple RAR Content Parsing Vulnerabilities 



is running the ClamAV antivirus client version %L\n\nThis version of ClamAV is 

vulnerable to a denial of service (DoS) attack when handling malformed RAR archive files. 

An attacker exploiting this flaw would only need the ability to send an email to the 

vulnerable system. Successful exploitation would result in the application crashing. Further, 

it has been alleged that it may be possible to execute arbitrary code on the remote machine. 




AVG AntiVirus < 7.5.476 avg7core.sys Local Privilege Escalation 


Description: Synopsis :\n\nThe remote host is vulnerable to a local privilege escalation flaw.\n\nThe 

remote host is running AVG Antivirus. This version of AVG is reported to be prone to a 

flaw where a local attacker can escalate privileges and gain administrative access to the 

application or system. An attacker exploiting this flaw would need to be locally 

authenticated. Successful exploitation would result in the attacker gaining SYSTEM access. 



CVE-2007-3777 

QuickTime < 7.2 Multiple Vulnerabilities 


Description: Synopsis : \n\nThe remote Windows host contains an application that is affected by 

multiple issues.\n\nThe version of QuickTime installed on the remote Windows host is 

older than 7.2. Such versions contain several vulnerabilities that may allow an attacker to 

execute arbitrary code on the remote host if he can trick the user to open a specially-crafted 

file with QuickTime. The reported version of QuickTime is: \n %L 

Solution: Either use QuickTime's Software Update preference to upgrade to the latest version or 

manually upgrade to version 7.2 or later. 

CVE-2007-2389 

SquirrelMail G/PGP Encryption Plugin < 



flaw.\n\nThe remote host is running the SquirrelMail web-based email software with GPG 

Encryption enabled. This version of the GPG Plugin is vulnerable to a flaw in the way that 

it parses user-supplied data. An attacker exploiting this flaw would be able to execute shell 

commands on the remote server with the permissions of the SquirrelMail server process. 

Solution: Upgrade to a version of GPG Plugin higher than 2.1. 

CVE-2006-4169 

Apple iPhone/iPad Detection 


Description: The remote host is an Apple iPhone, iPod, or iPad. For your information, the version of iOS 

installed on the remote mobile device is \n%L\n\n 

Solution: N/A 


Apple iPhone Mail Program Detection 




Description: The remote host is running the Apple iPhone Mail program version %L 

Solution: N/A 


paFileDB includes/search.php categories Parameter SQL Injection 


Description: Synopsis :\n\nThe remote web server contains a PHP script that is prone to SQL a injection 

attack.\n\nThe version of paFileDB installed on the remote host fails to sanitize 

user-supplied input to the 'categories' parameter before using it in the 'includes/search.php' 

script to make database queries. An unauthenticated attacker can exploit this issue to 

manipulate database queries, which may lead to disclosure of sensitive information, 

modification of data or attacks against the underlying database. 


CVE-2007-3808 

Curl < 7.16.4 Expired Certificate Access Restriction Bypass 


Description: Synopsis :\n\nThe remote host may allow access to unauthorized websites via an expired 

certificate.\n\nThe remote host is running Curl, a download client for various protocols. 

This version of Curl is vulnerable to an authentication flaw in the GnuTLS certificate 

verification routine. An attacker exploiting this flaw would be able to use an expired 

certificate. 


CVE-2007-3564 

IBM AppScan Detection 


RISK: 

MEDIUM 



corporate policy.\n\nThe remote server is running an IBM AppScan web scanner. AppScan 

is a security tool that allows security staff and administrators to automate web-based attacks 

and exploits against web servers. The reported version is: '%L' 



Tivoli Provisioning Manager < 




RISK: 

MEDIUM 



remote host is running the IBM 'Tivoli Provisioning Manager for OS Deployment' version 

%L\nThis version of the software is vulnerable to a flaw in the way that it handles 

malformed TFTP requests. An attacker exploiting this flaw can cause a crash that would 

affect all of the Tivoli services on the server. An attacker exploiting this flaw would need to 

be able to send malformed TFTP requests to the server. 


CVE-2007-3268 





issues, one of which may lead to execution of arbitrary code on the affected host subject to 

the user's privileges. 


CVE-2007-3734 

Ipswitch IMail Server < 2006.21 Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote mail server is affected by multiple vulnerabilities.\n\nThe remote 

host is running Ipswitch IMail, a commercial messaging and collaboration suite for 

Windows. According to its banner, the version of Ipswitch IMail installed on the remote 

host has several buffer overflows in its IMAP service component, one of which can be 

exploited to execute arbitrary code with SYSTEM privileges prior to authentication. In 

addition, there is also an denial of service issue that can cause the IM server to crash 

without authentication. 


CVE-2007-3927 

Opera < 9.22 Torrent File Overflow 



Description: Synopsis :\n\nThe remote host contains a web browser that is prone to a buffer overflow 

attack.\n\nThe version of Opera installed on the remote host reportedly contains a buffer 

overflow vulnerability that can be triggered by a malicious Torrent file. Successful 

exploitation requires that a user browse to a malicious URI and is enticed into opening a 


malformed torrent file. Successful exploitation may allow a remote attacker to execute 

arbitrary code subject to the privileges of the user. 


CVE-2007-3929 

MD-Pro < 1.0.82 index.php topicid Parameter SQL Injection 



is running MD-Pro, an open-source blogging software. This version of MD-Pro is 

vulnerable to a flaw in the way that it parses user-supplied data. Specifically, failure to 

parse reserved SQL characters allows an attacker to inject SQL queries to the database. An 

attacker exploiting this flaw would only need the ability to post data to the affected web 

application. Successful exploitation would result in the attacker executing arbitrary SQL 

commands on the database server. 


CVE-2007-3938 



Description: Synopsis :\n\nThe remote host contains an instant messenging application that is affected 

by a buffer overflow vulnerability.\n\nThe version of Trillian installed on the remote host 

reportedly is affected by a buffer overflow issue involving improper handling of 'aim:' URI 

strings. A remote attacker may be able to leverage these issues to execute arbitrary code as 

the current user. 


CVE-2007-3833 

Panda Antivirus Agent Detection 


Description: The remote host is running Panda Antivirus version %L 

Solution: N/A 





RISK: 

MEDIUM 



Description: Synopsis :\n\nThe remote database server is susceptible to multiple attacks.\n\nThe version 

of MySQL installed on the remote host is reportedly affected by a denial of service 

vulnerability that can lead to a server crash with a specially-crafted password packet. It is 

also affected by a privilege escalation vulnerability because 'CREATE TABLE LIKE' does 

not require any privileges on the source table, which allows an attacker to create arbitrary 

tables using the affected application. 


CVE-2007-3782 

ISC BIND < 9.5.0a6 Multiple Vulnerabilities 


RISK: 

MEDIUM 



is running a version of BIND DNS Server prior to 9.4.1-P1. This version of BIND is 

vulnerable to a number of flaws that would allow cache poisoning and Denial of Service 

(DoS) attacks. An attacker exploiting these flaws would need to be able to manipulate the 

vulnerable DNS server to contact a malicious DNS server. Successful exploitation would 

lead to cache-poisoning attacks or a loss of availability. 

Solution: Upgrade to version 9.5.0a6 or higher. 

CVE-2007-2926 

Kerio MailServer < 6.4.1 Attachment Filter Unspecified Issue 


Description: Synopsis :\n\nThe remote host is vulnerable to an unspecified vulnerability in its filtering 

mechanism.\n\nThe remote host is running Kerio MailServer version 6.4.0 or lower. There 

is a flaw in the remote version of this server. The details of the flaw are currently unknown; 

however, it is alleged that the flaw would lead to remote compromise. 


Bandersnatch < 

CVE-2007-3993 




server is running Bandersnatch, an open-source PHP application that generates Jabber 

usage statistics. This version of Bandersnatch is vulnerable to a flaw in the way that it 

parses multiple user-supplied variables. An attacker exploiting these flaws can inject script 

and SQL code that would be executed on the server with the permissions of the web server. 



CVE-2007-3910 

LinPHA include/img_view.class.php < 1.3.2 order Parameter SQL Injection 



attack.\n\n The remote host is running LinPHA, a web photo gallery application written in 

PHP. The version of LinPHA installed on the remote host fails to sanitize input to the 

'order' parameter of the 'new_images.php' script before using it in the 'setSql' function in 

'include/img_view.class.php' in a database query. Regardless of PHP's 'magic_quotes_gpc' 

setting, an unauthenticated attacker may be able to exploit this issue to manipulate such 

queries, leading to disclosure of sensitive information, modification of data or attacks 



CVE-2007-4053 




multiple vulnerabilities.\n\nThe installed version of Firefox allows unescaped URIs to be 

passed to external programs, may lead to execution of arbitrary code on the affected host 

subject to the user's privileges, and could also allow privilege escalation attacks against 

addons that create 'about:blank' windows and populate them in certain ways. 


CVE-2007-3844 



RISK: 

MEDIUM 



version of Mozilla Thunderbird suffers from a flaw in the way that it handles 'about:blank' 

Javascript code. An attacker exploiting this flaw would need to be able to convince a 

Thunderbird user to open an email that populated 'about:blank' with malicious Javascript 

code. Successful exploitation would result in the attacker executing arbitrary Javascript on 

the local machine. 


CVE-2007-3844 



Mozilla SeaMonkey < 1.1.4 Multiple Vulnerabilities 


RISK: 

MEDIUM 



multiple vulnerabilities.\n\nThe installed version of SeaMonkey allows unescaped URIs to 

be passed to external programs, may lead to execution of arbitrary code on the affected host 

subject to the user's privileges, and could also allow privilege escalation attacks against 

addons that create 'about:blank' windows and populate them in certain ways. 


CVE-2007-3844 

Kaspersky Ani-Spam < 3.0.0 [0278] File Permission Weakness Local Privilege Escalation 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a local flaw due to the way that it creates 

local file permissions.\n\nThe remote host is running the Kaspersky Anti-spam server. This 

version of Kaspersky is vulnerable to a local flaw. Specifically, it is alleged that the 

application creates local files with permissions that would allow a local attacker the ability 

to either gain access to confidential data or subvert the integrity of the application. The 

details of the flaw are currently unknown; however, the vendor has acknowledged the flaw. 

An attacker exploiting these flaws would need local access to the machine. Successful 

exploitation would result in the attacker gaining access to confidential data or processes. 

Solution: Upgrade to version 3.0.0 [0278] or higher. 

CVE-2007-4206 

Microsoft Office Version Information 


Description: The remote host is running the Microsoft Office suite of business tools. The exact version 

is \n%L 

Solution: N/A 


YouSendIt Client Detection 



Description: The remote client is utilizing the 'YouSendIt' service. YouSendIt allows users to send 

large attachments via email. YouSendIt is a web-based service. Given this, internal 

corporate users can use this service to bypass outbound email security. 




SendThisFile Client Detection 


Description: The remote client is utilizing the 'SendThisFile' service. SendThisFile allows users to send 

large attachments via email. SendThisFile is a web-based service. Given this, internal 




DropSend Client Detection 


Description: The remote client is utilizing the 'DropSend' service. DropSend allows users to send 

large attachments via email. DropSend is a web-based service. Given this, internal 




AIMExpress Client Detection 


Description: The remote client is utilizing the 'AIMExpress' service. AIMExpress allows users to utilize 

a chat client (AOL Instant Messenger) via a web browser. 



proxy.org Client Detection 



Description: The remote client is utilizing the 'proxy.org' service. proxy.org allows users to bypass 

corporate measures that restrict or monitor web usage. The site which is being 'anonymized 

is': \n %L 




Box.net File Sharing Detection 


Description: The remote client is utilizing the 'Box.net' service. Box.net allows users to upload files to 

an external web server that can then be accessed from the Internet. Box.net allows internal 

users to store resources on an Internet server and then share or access the documents from 

any location. 



Help Center Live < 2.1.5 Admin Authentication Bypass 



authentication.\n\nThe remote web server is running Help Center Live, a help desk 

application written in PHP. The remote version of this software is vulnerable to a flaw in 

the way that it handles access to certain administrative pages. Specifically, 

'admin/departments.php' and 'admin/operators.php' fails to block access to unauthenticated 

users. An attacker exploiting this flaw would be able to gain administrative access to the 

application. 

Solution: Upgrade to a version 2.1.5 or higher. 

Serendipity < 

CVE-2007-4240 


RISK: 

MEDIUM 



authentication\n\nThe remote host is running Serendipity, a web log application. This 

version of Serendipity is vulnerable to a flaw where authenticated users can access 

restricted 'administrative' functions. An attacker exploiting this flaw would require a user 

ID and password to some portion of the web application. Successful exploitation would 

allow the user to gain limited administrative access. 

Solution: Upgrade to a version higher than 1.1.3 or 1.2-beta4. 

CVE-2007-4282 

MediaMax File Sharing Detection 




Description: The remote client is utilizing the 'MediaMax' service. MediaMax allows users to upload 

files to an external web server that can then be accessed from the Internet. MediaMax 

allows internal users to store resources on an Internet server and then share or access the 

documents from any location. The user account associated with this session of MediaMax 

is: \n %L 



Sun ONE Web Server Version Detection 


Description: The remote host is running the Sun ONE web server version %L 

Solution: N/A 


WinGate < 6.2.2 Invalid SMTP State Remote DoS 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote proxy is affected by a denial of service vulnerability.\n\nThe 

remote host appears to be running WinGate, a Windows application for managing and 

securing Internet access. The version of WinGate installed on the remote host fails to 

sanitize user-supplied input to its SMTP server component of format strings before using it 

to log a problem. By connecting to the service and issuing commands the server was not 

expecting, a remote attacker may be able to force the service to an invalid state and crash 

the WinGate service itself, thereby denying service to legitimate users. 


Apache Tomcat < 

CVE-2007-4335 



RISK: 

MEDIUM 



is running the Apache Tomcat server. This version of Tomcat is vulnerable to two distinct 

classes of flaws. First, the application is vulnerable to a Cross-Site Scripting flaw in the 

'aliases' parameter of the '/host-manager/html/add' script. Second, the application is 

vulnerable to a number of flaws that would reveal sensitive information. An attacker 

exploiting these flaws would be able to either execute code within client browsers or gain 

information that would be useful for further attacks against Tomcat. The reported version 

of Tomcat is: \n %L 



CVE-2007-3386 

Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (940965) 


Description: Synopsis :\n\nArbitrary code can be executed on the remote host through Microsoft 

Excel.\n\nThe remote host is running a version of Microsoft Excel that is subject to various 

flaws that may allow arbitrary code to be run. An attacker may use this to execute arbitrary 

code on this host. To succeed, the attacker would have to send a rogue file to a user of the 

remote computer and have it open it with Microsoft Excel. 

Solution: Microsoft has released a set of patches for Excel 2000, XP and 2003. 

CVE-2007-3890 









CVE-2007-3890 









CVE-2007-3890 


Vulnerability in Windows Media Player Could Allow Remote Code Execution (936782) 




Player.\n\nThe remote host is running Windows Media Player. There is a vulnerability in 

the remote version of this software that may allow an attacker to execute arbitrary code on 

the remote host. To exploit this flaw, one attacker would need to set up a rogue PNG image 

and send it to a victim on the remote host. 

Solution: Microsoft has released a set of patches for Windows 2000, XP, 2003 and Vista. 

CVE-2007-3035 









CVE-2007-3035 









CVE-2007-3035 











CVE-2007-3035 









CVE-2007-3035 









CVE-2007-3035 

Opera < 9.23 Arbitrary Code Execution 


Description: Synopsis : \n\nThe remote host contains a web browser that is affected by an arbitrary code 

execution vulnerability.\n\n The version of Opera installed on the remote host reportedly 

allows for execution of arbitrary code via specially-crafted Javascript if a user can be 

tricked into visiting a malicious site. 


Altiris Client Detection 

CVE-2007-4367 



Description: The remote client is running Altiris. Altiris is a product for managing software installations 

across an enterprise network. With an Altiris client, it is possible for an Altiris server to 

remotely manage software configurations on the local machine. 



Altiris Server Detection 



Description: The remote client is running Altiris Server. Altiris is a product for managing software 

installations across an enterprise network. As an Altiris server, this machine may be 

managing the software configurations of multiple client machines. The reported version 

number was: \n %L 



Altiris Deployment Solution < 6.8 SP2 Aclient Log File Viewer Local Privilege Escalation 


Description: Synopsis :\n\nThe remote Windows host has a program that is prone to a local privilege 

escalation attack.\n\nThe version of the Altiris Client Agent (aclient) installed on the 

remote host reportedly contains a flaw where local users can use the Log File Viewer to 

open or execute files on the affected host with SYSTEM privileges. 


CVE-2007-4380 

ZoneAlarm Pro < 7.0.362.000 Local Privilege Escalation 


Description: Synopsis :\n\nThe remote host is vulnerable to multiple local 'privilege escalation' 

flaws.\n\nThe remote host is running ZoneAlarm, a firewall for Windows. The 

vendor has released version 7.0.362.000 of ZoneAlarm. This version corrects a flaw 

where a local user can disable the firewall or escalate privileges due to incorrect 

access control lists on local configuration files and device drivers. 


CVE-2005-2932 

EMC Legato Networker 'nsrexecd.exe' Overflow 




running EMC Legato Networker, an enterprise application that enables centralized file 

management, backup and more. This version of Legato is vulnerable to a flaw in the 


'nsrexecd.exe' application. An attacker exploiting this flaw would only require the ability to 

connect to the nsrexecd.exe listening port (111/TCP). Successful exploitation would result 

in the execution of arbitrary code. 


CVE-2007-3618 

ClamAV < 0.91.2 Multiple Remote DoS 



remote host is running the ClamAV anti-virus client version '%L'\n\nThis version of 

ClamAV is vulnerable to multiple denial of service (DoS) attacks when handling 

malformed files. An attacker exploiting this flaw would only need the ability to send an 

email to the vulnerable system. Successful exploitation would result in the application 

crashing. 


CVE-2007-4560 



RISK: 

MEDIUM 



servers. The SMTP header that triggered this alert was\n%P\n\nPVS observed the computer 

connecting to a remote SMTP server and attempting to send an email that was denied for 

the reason denoted above. 





RISK: 

MEDIUM 



servers. The SMTP header that triggered this alert is\n%L 

realtimeonly 





Lotus Notes < 7.0.2 ntmulti.exe Local Privilege Escalation 


Description: Synopsis : \n\nThe remote host is vulnerable to a local 'privilege escalation' flaw.\n\nThe 

remote host is running the Lotus Notes email client. The reported version is less than 7.0.2. 

There is a flaw in this version of Lotus Notes that would allow a local user to replace the 

'ntmulti.exe' file. After replacing the executable, the local attacker would have their code 

executed with SYSTEM level privileges. The reported version of Lotus Notes is: \n %L 



Cache Database Version Detection 


Description: The remote host is running the Cache database server version %L 

Solution: N/A 


TrendMicro Server Detection 


Description: The remote host is a TrendMicro Antivirus server. 

Solution: N/A 


Cache Database Version Detection 


Description: The remote host is running the Cache database server version %L 

Solution: N/A 


Cache Database Server Redirection Vulnerability 



RISK: 

MEDIUM 




remote host is running the Cache database server version %L\nThis version of Cache is 

reported to be prone to a flaw in the way that it handles redirection. While the details of the 

flaw are unknown, it is alleged that an attacker can modify data within the database without 

proper authorization. Successful exploitation would lead to the loss of data integrity. 

Solution: Upgrade to version 2007.1.0.369.0, 2007.1.1.420.0 or higher. 


Bugzilla Multiple Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to multiple attack vectors.\n\nhe remote host is 

running Bugzilla, a bug-tracking software with a web interface. The version of Bugzilla on 

the remote host suffers from multiple flaws. An attacker exploiting these flaws would be 

able to inject HTML, execute arbitrary remote commands and disclose sensitive 

information. 

Solution: Upgrade to version 2.20.5, 2.22.3, 3.0.1, 3.1.1 or higher. 

CVE-2007-4543 

Helix Server < 11.1.4 RTSP Command Multiple Requires Overflow 


Description: Synopsis :\n\nThe remote RTSP server is prone to a buffer overflow.\n\n The remote host is 

running Helix Server or Helix DNA Server, a media streaming server. The version of the 

Helix server installed on the remote host reportedly contains a heap overflow that is 

triggered using an RTSP command with multiple 'Require' headers. An unauthenticated 

remote attacker can leverage this flaw to execute arbitrary code subject to the privileges 

under which it operates, by default LOCAL SYSTEM on Windows. 

Solution: Upgrade to Helix Server / Helix DNA Server version 11.1.4 or higher. 

CVE-2007-4561 

Netopia Timbuktu Detection 



Description: The remote host is running Timbuktu, a remote management software. Systems running 

Timbuktu can both manage and be managed remotely. Further, the software supports 

tunneling, which allows a host to be accessed despite firewall policies that might attempt to 

block it. The email account associated with this Timbuktu software is\n%L 

Solution: Ensure that such software is authorized according to corporate policies and guidelines. 



Netopia Timbuktu Detection 


Description: The remote host is running Timbuktu, a remote management software. Systems running 

Timbuktu can both manage and be managed remotely. Further, the software supports 

tunneling, which allows a host to be accessed despite firewall policies that might attempt to 

block it. 



ISC BIND < 8.4.7-P1 Outgoing Query Predictable DNS Query ID 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote DNS server is vulnerable to a cache-poisoning attack.\n\nThe 

remote host is running a version of BIND DNS Server prior to 8.4.7-P1. This version of 

BIND is vulnerable to a flaw that would allow cache poisoning. An attacker exploiting this 

flaw would need to be able to manipulate the vulnerable DNS server into contacting a 

malicious DNS server. Successful exploitation would lead to a cache-poisoning attack. 

Solution: BIND 8 is no longer supported by ISC. Upgrade or patch according to vendor 


CVE-2007-2930 

Windows Live Messenger Version Detection 


Description: The remote host is running Windows Live Messenger version %L 

Solution: N/A 



Windows Live Messenger < 8.1.0178 Video Processing Overflow 



running Windows Live Messenger version %L. This version of Windows Live Messenger 

is vulnerable to a flaw in the way that it processes video messages. An attacker exploiting 

this flaw would need to be able to initiate a chat session with a user running a vulnerable 

version of the software. Successful exploitation would result in the attacker executing 




CVE-2007-2931 

Subversion (SVN) < 1.4.5 Directory Traversal Privilege Escalation 


RISK: 

MEDIUM 



host is running Subversion, an open-source file management product. According to the 

version number, the remote system is reported to be vulnerable to a flaw where 

authenticated users can write to files outside the Subversion folders. By prepending '../' to a 

file name, an attacker can overwrite sensitive system files that may then be executed by a 

SYSTEM process. Given this, successful exploitation would likely result in the attacker 

gaining elevated access to the server hosting Subversion. 


CVE-2007-3846 

Yahoo! Messenger < 8.1.0.419 YVerInfo ActiveX Buffer Overflow 


Description: Synopsis :\n\nThe remote Windows host has an ActiveX control that is affected by a buffer 

overflow vulnerability.\n\n The remote host contains the 'YVerInfo' ActiveX control, 

distributed as part of the Yahoo! services suite typically downloaded with the installer for 

Yahoo! Messenger. The version of this control installed on the remote host reportedly 

contains a boundary error. If an attacker can trick a user on the affected host into visiting a 

specially-crafted web page, he may be able to leverage this issue to execute arbitrary code 

on the host subject to the user's privileges. 

Solution: Either disable the use of this ActiveX control from within Internet Explorer by setting its 

'kill' bit or upgrade to Yahoo! Messenger version 8.1.0.419 (version 2007.8.27.1 of the 

YVerInfo control itself) or higher. 

CVE-2007-4515 

EnterpriseDB Advanced Server Version Detection 


Description: The remote host is running EnterpriseDB Advanced Server version: \n %L 

Solution: N/A 




EnterpriseDB Advanced Server < 8.2.4.12 Version Detection 


RISK: 

MEDIUM 



remote host is running EnterpriseDB Advanced Server version: \n %L \n\nThis version of 

EnterpriseDB is vulnerable to a remote Denial of Service attack. An attacker exploiting this 

flaw would need to be able to authenticate to the database. Successful exploitation would 

result in the service crashing and denying access to valid users. 


CVE-2007-4639 



RISK: 

MEDIUM 



is running a version of PHP prior to 5.2.4. This version of PHP is vulnerable to at least 120 

distinct security flaws impacting confidentiality, integrity and availability. The reported 



MailMarshal < 

CVE-2007-3806 



host is running MailMarshal Mail Server version 6.2.1 or lower. There is a flaw in the 

remote version of this server. An attacker can create an archive file such that upon opening, 

critical system files would be overwritten with files of the attacker's choice. Successful 

exploitation would result in the attacker replacing arbitrary files. 

Solution: Upgrade to a version higher than 6.2.1. 


iTunes < 7.4.0 MP4/AAC File covr atom Overflow 




running iTunes - an application for managing and listening to music media files. The 

version of iTunes client is %L. \nThis version of iTunes is vulnerable to a buffer overflow 

due to the way that it processes malformed MP4/AAC files. An attacker exploiting this 


flaw would need to be able to entice an iTunes user into opening a malformed file. 

Successful exploitation would result in the attacker executing arbitrary code on the remote 

system. 


CVE-2007-3752 

Gallery < 2.2.3 Information Disclosure 


RISK: 

MEDIUM 



remote host is running Gallery, a web-based photo album application written in PHP. The 

version of Gallery installed on the remote host is lower than 2.2.3. The vendor has reported 

multiple security flaws in this version. It is alleged that a remote attacker can use these 

flaws to replace and/or modify program files. 


CVE-2007-4650 

Lighttpd < 1.4.18 mod_fastcgi HTTP Request Header Overflow 


RISK: 

MEDIUM 



running Lighttpd, a small web server. This version of Lighttpd is vulnerable to a buffer 

overflow via the 'mod_fastcgi' module. An attacker exploiting this flaw would only need 

the ability to send large, malformed requests to the 'mod_fastcgi' module. Successful 

exploitation would result in the attacker executing arbitrary code. 


CVE-2007-4727 


Hexamail < 3.0.1.004 POP3 Service USER Command Overflow 



running Hexamail, an SMTP server, version %L\nThis version of Hexamail is vulnerable to 

a buffer overflow in its POP3 service when passed a large string to the 'USER' directive. 

An attacker exploiting this flaw would only need to be able to connect to the POP3 port 

(default TCP/110) on the remote server. Successful exploitation would result in the attacker 

executing arbitrary code. 



CVE-2007-4646 

Samba < 3.0.26 idmap_ad.co Local Privilege Escalation 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a local 'privilege escalation' 

flaw.\n\nAccording to its banner, the version of the Samba server installed on the remote 

host ('%L') is affected by a flaw where a local attacker can gain group-0 access. In order for 

the exploit to work, the local system must be configured to use Microsoft Active Directory 

and return a NULL value for the group ID. Successful exploitation would result in the local 

attacker gaining elevated access on the local machine. 


CVE-2007-4138 

OpenSSH < 4.7 Trusted X11 Cookie Connection Policy Bypass 


Description: Synopsis : \n\nThe remote host is vulnerable to a local 'privilege escalation' flaw.\n\nThe 

remote host is running a version of OpenSSH that is vulnerable to a flaw in the way that it 

handles local X11 cookies. It is alleged that an attacker exploiting this flaw would be able 

to execute SSH commands for which they are not authorized. The reported version of SSH 

is: \n %L 


CVE-2007-4752 

Vulnerability in Microsoft MSN Messenger and Windows Live Messenger Could Allow Remote Code 



Description: Synopsis :\n\nArbitrary code can be executed on the remote host through MSN and 

Windows Live Messenger.\n\nThe remote host is running MSN Messenger or Windows 

Live Messenger. The version of Messenger used on the remote host is vulnerable to a 

remote buffer overflow in the way it handles webcam and video chat sessions. An attacker 

may exploit this vulnerability to execute arbitrary code on the remote host. 


CVE-2007-2931 


Vulnerability in Microsoft MSN Messenger and Windows Live Messenger Could Allow Remote Code 




Description: Synopsis :\n\nArbitrary code can be executed on the remote host through MSN or Windows 

Live Messenger.\n\nThe remote host is running MSN Messenger or Windows Live 

Messenger. The version of Messenger used on the remote host is vulnerable to a remote 

buffer overflow in the way it handles webcam and video chat sessions. An attacker may 

exploit this vulnerability to execute arbitrary code on the remote host. 


CVE-2007-2931 

Tor Tunnel 'End Point' Server Detection 


RISK: 

MEDIUM 



corporate policy.\n\nThe remote server is routing network traffic over the Tor Tunnel 

network. As a TOR 'end point' router, this server accepts and processes anonymized traffic 

over the Tor network. 


guidelines. 


Plesk Multiple Script PLESKSESSID Cookie SQL Injection 


Description: Synopsis :\n\nThe remote host is vulnerable to a SQL injection attack.\n\nThe 

remote host is running Plesk. Plesk is a web-based administrative console written 

in PHP. This version of Plesk is vulnerable to a flaw in the way that it handles the 

'PLESKSESSID' cookie when passed via the 'login.php3' and 'auth.php3' scripts. 

An attacker exploiting this flaw would only need to be able to send HTTP requests 

to the vulnerable application. Successful exploitation would result in the attacker 

executing arbitrary SQL commands on the remote database server utilized by 

Plesk. 

Solution: Upgrade to a version of Plesk other than 7.6.1, 8.1.0, 8.1.1 and 8.2.0. 

CVE-2007-4892 


WinSCP < 4.0.4 URL Protocol Handler Arbitrary File Transfer 



Description: Synopsis : \n\nThe remote Windows host has a program that allows arbitrary file 

access.\n\n According to its version, the installation of WinSCP on the remote host fails to 

completely sanitize input to the SCP and SFTP protocol handlers. If an attacker can trick a 

user on the affected host into clicking on a malicious link, he may be able to initiate a file 

transfer to or from the affected host. The reported version of WinSCP is: \n %L 


CVE-2007-4909 



RISK: 

MEDIUM 



client is running AOL Instant Messenger version: %L\nThis version of AIM is vulnerable 

to a flaw where script code can be injected and executed by a malicious user. To exploit 

this flaw, an attacker would only need to be able to send a message to an unsuspecting user. 

Successful exploitation would result in the attacker executing arbitrary script code. 


CVE-2007-4901 

OpenOffice < 2.3 TIFF Parser Multiple Overflows 


Description: The remote Windows host has a program that is affected by multiple buffer overflow 

vulnerabilities. The remote host is running a version of OpenOffice.org that is affected by 

multiple integer overflows in its TIFF document parser that can be triggered when parsing 

tags in TIFF directory entries. If a remote attacker can trick a user into opening a 

specially-crafted TIFF document, he may be able to leverage this issue to execute arbitrary 

code on the remote host subject to the user's privileges. 


CVE-2007-2834 

Merak Mail < 9.0.0 BODY Element HTML Injection 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to an HTML injection attack.\n\nThere is a 

flaw in this version of Merak mail server. Specifically, the application fails to filter out 

dangerous script input to email. An attacker may be able to execute arbitrary code when the 

user accesses Merak via the webmail interface. Successful exploitation would result in the 

attacker executing code in the remote client browser. 



CVE-2007-5046 




version of Firefox is vulnerable to multiple flaws. It is alleged that an attacker exploiting 

the browser would be able to inject and run arbitrary code. 


CVE-2007-4841 

Bugzilla < 3.0.2 / 3.1.2 WebService/User.pm Authentication Bypass 



authentication.\n\nThe remote host is running Bugzilla, a bug-tracking software with a web 

interface. The version of Bugzilla on the remote host suffers from a flaw when parsing 

input to the 'createemailregexp' parameter of the 'offer_account_by_email()' function in the 

'WebService/User.pm' file. An attacker exploiting this flaw would need to know that the 

SOAP::Lite Perl module was installed. Successful exploitation would result in the attacker 

being able to create arbitrary Bugzilla user accounts. 


CVE-2007-5038 

Mercury IMAP Server < 


RISK: 

MEDIUM 



vulnerability.\n\nThe remote host is running the Mercury Mail Transport System, a free 

suite of server products for Windows and NetWare associated with Pegasus Mail. The 

remote installation of Mercury Mail includes an IMAP server that is affected by a buffer 

overflow vulnerability. Using a specially-crafted SEARCH command, an authenticated 

remote attacker can leverage this issue to crash the remote application and even execute 

arbitrary code, subject to the privileges under which the application runs. 

Solution: Upgrade to a version of higher than 4.52. 

CVE-2007-5018 



OpenSSL < 0.9.8f Multiple Vulnerabilities 



is using a version of OpenSSL that is older than 0.9.7n or 0.9.8f. There are several bugs in 

this version of OpenSSL that may allow an attacker to either execute remote code or cause 

a Denial of Service (DoS). 

Solution: Upgrade to version 0.9.8f or higher. 

CVE-2007-5135 

BrightStore HSM CsAgent Version Detection 


Description: The remote host is running the BrightStore HSM CsAgent version %L 

Solution: Ensure that you are running the latest version of CsAgent. 


DriveLock Agent Version Detection 


Description: DriveLock is a software security product that can control physical access to computer 

resources. The remote host is running the DriveLock agent version %L 

Solution: Ensure that you are running the latest version of DriveLock. 


DriveLock < 5.0.0.314 Agent Version Detection 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nDriveLock is a 

software security product that can control physical access to computer resources. The 

remote host is running the DriveLock agent version %L\nThis version of DriveLock is 

vulnerable to a remote buffer overflow. An attacker exploiting this flaw would only need to 

be able to send a very long string to the HTTP server listening on port 6061. Successful 

exploitation would result in the attacker executing arbitrary code on the remote machine. 


CVE-2007-5209 

HTTP Server Basic Authentication Detection 




RISK: 

MEDIUM 



manner.\n\nThe remote server requires authentication for certain resources. Specifically, 

the resource "%P" requires user authentication. However, the server does not require a 

strong encryption of the passed credentials. Specifically, the server allows clients to send 

credentials using HTTP Basic authentication. The client credentials are passed in plaintext 

and slightly obfuscated by using base64 encoding. Such encoding is trivial and a passive 

attacker with the ability to sniff the traffic can easily gain access to a user's credentials. 

Solution: Use SSL or a stronger authentication mechanism. 


Firebird Database Plaintext Password 


RISK: 

MEDIUM 



manner.\n\nThe remote host appears to be running a Firebird database client. This instance 

of the Firebird client allows the passing of confidential data over an unencrypted session. 

Given this, an attacker can sniff confidential data such as database name, user ID, or 

credentials to gain elevated access to the database. The sniffed account was \n%L 

Solution: Require remote clients to use an encrypted session. 


Firebird Database Plaintext Password 


RISK: 

MEDIUM 



manner.\n\nThe remote host seems to be running a Firebird database server. This instance 

of the Firebird server allows the passing of confidential data over an unencrypted session. 

An attacker can sniff confidential data such as database name, user ID and credentials to 

gain elevated access to the database. The sniffed account was \n%P 



Firebird Database Version Detection 




Description: The remote host appears to be running a Firebird database server version %L. 

Solution: Ensure you are running the latest version of Firebird server. 


Firebird Database < 2.0.2 Multiple Vulnerabilities 



appears to be running a Firebird database server version '%L'. This version of Firebird is 

vulnerable to multiple flaws that, if exploited, would give an attacker the ability to execute 

arbitrary code on the remote database server. In order to exploit these flaws, an attacker 

would need the ability to authenticate to the database server. 

Solution: Upgrade to the latest version of Firebird server. 

CVE-2007-4669 

Firebird Database Multiple Stack-based Overflows 



seems to be running a Firebird database server version '%L'. This version of Firebird is 

vulnerable to stack overflows that, if exploited, would give an attacker the ability to 

execute arbitrary code on the remote database server. 

Solution: Upgrade to the latest version of Firebird server. 

CVE-2007-5246 

Blackboard Academic Suite < 


RISK: 

MEDIUM 



host is running Blackboard, a web-based academic software package that allows 

organizations to teach students remotely. This version of Blackboard is vulnerable to 

multiple HTML injection flaws. An attacker exploiting these flaws would need the ability 

to log in as a valid user. Successful exploitation would result in the attacker gaining 

confidential data from other Blackboard users. 


CVE-2007-5227 









have him open it. 

Solution: Microsoft has released a set of patches for Outlook Express and Windows Mail. 

CVE-2007-3897 









CVE-2007-3897 









CVE-2007-3897 











CVE-2007-3897 









CVE-2007-3897 

SQL-Ledger < 2.6.27 Multiple Fields SQL Injection 



is running SQL-Ledger, a web-based double-entry accounting system. The version of 

SQL-Ledger on the remote host contains a flaw in the way that it handles user-supplied 

data to the 'invoice quantity' and 'sort' fields. An attacker exploiting this flaw would be able 

to inject and run arbitrary SQL commands against the database server. 


CVE-2007-5372 

Firebird Database < 2.0.3.12981 'fbserver.exe' Stack Overflow 



appears to be running a Firebird database server version '%L'. This version of Firebird is 

vulnerable to a stack overflow when processing specially malformed requests. An attacker 

exploiting this flaw would only need the ability to send malformed packets to the 

fbserver.exe process which listens on TCP port 3050 by default. Successful exploitation 



CVE-2007-4992 


IBM DB2 < 9 FixPak 3 / 8 FixPak 15 Multiple Vulnerabilities 



Description: Synopsis :\n\nThe remote database server is affected by multiple issues.\n\n According to 

its version, the installation of DB2 on the remote host is affected by one or more of the 

following issues :\n\n - A local user may be able to overwrite arbitrary files,\n create 

arbitrary world-writeable directories, or gain root \n privileges via symlink attacks or 

specially-crafted \n environment variables.\n - A user may be able to continue to execute a 

method even \n once privileges for the method have been revoked (IY88226, \n version 8 

only).\n - There is an unspecified vulnerability related to \n incorrect authorization routines 

(JR25940, version 8 \n only).\n - There is an unspecified vulnerability in \n 

'AUTH_LIST_GROUPS_FOR_AUTHID' (IZ01828, version 9.1 \n only).\n - There is an 

unspecified vulnerability in the 'db2licm'\n and 'db2pd' tools (IY97922 / IY97936).\n - 

There is an unspecified vulnerability involving \n 'db2licd' and the 'OSSEMEMDBG' and 

'TRC_LOG_FILE' \n environment variables (IY98011 / IY98101).\n - There is a buffer 

overflow involving the 'DASPROF'\n environment variable (IY97346 / IY99311).\n - 

There is an unspecified vulnerability that can arise\n during instance and FMP startup 

(IZ01923 / IZ02067).\n\nNote that there is currently insufficient information to determine 

to what extent the first set of issues overlaps the others. 

Solution: Apply DB2 Version 9 FixPak 3 / 8 FixPak 15 or higher. 

CVE-2007-4411 

Magnicomp SysInfo Version Detection 


Description: The remote host is running the Magnicomp SysInfo tool. This tool is used to collect and 

manage system information. The detected version was '%L' 

Solution: Ensure that you are running the latest version of SysInfo and that the traffic cannot be 

sniffed or leaked. 


Quintum Technologies VoIP Server Detection 


Description: The remote host is running a Quintum Technologies VoIP router. The reported version info 

is '%L' 

Solution: Ensure that you are running the latest version of the device's software and that the traffic 

cannot be sniffed or leaked. 

Google Urchin < 




RISK: 

MEDIUM 




authentication.\n\nThe remote host is running the Google Urchin web application. The 

reported version is '%L'\nThis version of Urchin is reported prone to a flaw where an 

attacker can gain administrative access to the application. The 'report.cgi' script fails to 

adequately verify that the user is authorized. An attacker exploiting this flaw would be able 

to perform some subset of administrative duties without authentication. 

Solution: Upgrade to a version of Urchin higher than 5.7.03. 

CVE-2007-5113 

Winamp < 5.5 libFLAC Integer Overflow 



running Winamp, a multi-media software application. This version of Winamp includes a 

library that is reported to be prone to a remote integer overflow. An attacker exploiting this 

flaw would need to be able to convince a Winamp user to open a file with malformed 

FLAC data. Successful exploitation would result in the attacker executing arbitrary code on 

the remote client system. 


CVE-2007-4619 

Avocent KVM Appliance Detection 


Description: The remote host is running an Avocent Enterprise KVM appliance. This appliance 

allows remote users to manage their network servers remotely. 

Solution: N/A 


Apache Tomcat < 6.0.15 WEBDAV Lock Request Information Disclosure 


Description: Synopsis :\n\nThe remote web server can be manipulated to disclose confidential 

data.\n\nThe remote host is running a version of Tomcat server less than 6.0.15. This 

version of Tomcat is vulnerable to a flaw in the way that it parses WEBDAV 'lock' 

requests. Specifically, if the lock request references an external file, Tomcat will 

retrieve the file. This could lead to information disclosure of potentially confidential 

data. An attacker exploiting this flaw would need to have the ability to authenticate 

to the Tomcat server. 




CVE-2007-5461 

Ruby Version Detection 


Description: The remote server is running the Ruby web application. The reported version is '%L' 

Solution: N/A 


Ruby on Rails Version Detection 


Description: The remote server is running the Ruby on Rails web application. The reported version is 

'%L' 

Solution: N/A 


Ruby on Rails < 1.2.5 Multiple Vulnerabilities 


RISK: 

MEDIUM 



server is running the Ruby on Rails web application. The reported version is '%L'\nThis 

version of Rails is reported to be vulnerable to a number of flaws. It is reported that a 

remote attacker can perform man-in-the-middle attacks and gain user credentials. It is also 

reported that there is a content-parsing flaw in the XML handler that would allow an 

attacker to either gain unauthorized access to data or cause the application to fail. 


CVE-2007-5380 




Description: Synopsis :\n\nThe remote host contains a web browser that is affected by two 

vulnerabilities.\n\nThe version of Opera installed on the remote host reportedly may allow 

for arbitrary code execution if it has been configured to use an external news reader or 

email client and a user views a specially-crafted web page. In addition, it may also allow a 

script to bypass the same-origin policy and overwrite functions on pages from other 

domains when processing frames from different web sites, which can be leveraged to 

conduct cross-site scripting attacks. 



CVE-2007-5541 

RunCMS < 1.5.3 Unspecified Vulnerability 



remote host is running RunCMS, a web-based content management and messaging system. 

This version of RunCMS is reported to be vulnerable to a security flaw. The details of the 

flaw are unknown; however, it is alleged that the remote attacker would be able to impact 

confidentiality, integrity and availability. 


CVE-2007-5535 

Oracle 10g Application Server SQL Injection 



is running a version of the Oracle 10g Application Server that is vulnerable to a remote 

SQL injection attack. An attacker exploiting this flaw would gain limited access to the 

remote database server. Successful exploitation would allow the attacker the ability to 

execute SQL commands on the database server. 

Solution: Apply the vendor patches for Oracle 10g versions 1 and 2. 

CVE-2007-5508 

Avocent DSView Server Detection 


Description: The remote host is running the Avocent DSView server. This server is used to manage 

multiple Avocent DSR devices which, in turn, manage multiple servers. The reported 

version number was '%L' 

Solution: N/A 


Microsoft Internet Explorer Version Detection 




Description: The remote host is running Internet Explorer version '%L'. By default, Internet Explorer 

does not pass exact version info within HTTP headers. However, many third party browser 

plugins do pass the exact MSIE version number. 

Solution: N/A 





multiple vulnerabilities.\n\n The installed version of Firefox is affected by various security 




CVE-2007-2291 



RISK: 

MEDIUM 



version of SeaMonkey is vulnerable to multiple flaws that may lead to execution of 

arbitrary code on the affected host subject to the user's privileges. 


CVE-2007-5337 




version of Mozilla Thunderbird suffers from a number of flaws that could lead to an 

attacker corrupting memory and possibly executing arbitrary code. An attacker exploiting 

this flaw would need to convince a Thunderbird user to open an HTML email. 


CVE-2007-5337 

Simple Machines Forum < 1.1.4 index.php SMFCookie218 Parameter SQL Injection 



RISK: 

MEDIUM 





vulnerable to a flaw in the way that it handles user-supplied data. Data passed to the 

'SMFCookie218' parameter of the 'index.php' script can contain SQL queries that are 

ultimately run against the default database server. An attacker exploiting this flaw would be 

able to execute arbitrary SQL commands against the default database server. 


CVE-2007-5646 

Vanilla Forum < 1.1.4 sortcategories.php CategoryID Parameter SQL Injection 



is running the Vanilla Forum, a web forum. This version of Vanilla is vulnerable to a flaw 

in the way that it handles user-supplied data. Data passed to the 'CategoryID' parameter of 

the 'sortcategories.php' script can contain SQL queries that are ultimately run against the 

default database server. An attacker exploiting this flaw would be able to execute arbitrary 

SQL commands against the default database server. 


Simple PHP Blog < 

CVE-2007-5643 



is running the Simple PHP Blog, web log (or blog) package version '%L'.\n\nThis version 

of Simple PHP Blog is vulnerable to multiple flaws that, at worst, allow the ability for a 

remote attacker to execute local script code. An attacker exploiting these flaws would only 

need the ability to send valid web requests to the application. Successful exploitation would 

result in a loss of confidentiality, integrity, and availability. 



Delegate < 9.7.5 Multiple Vulnerabilities 




remote host is running Delegate, a proxy server. This version of Delegate is vulnerable to 

multiple remote Denial of Service (DoS) attacks. An attacker exploiting these flaws would 

be able to impact the availability of the proxy server. 




Lotus Domino Multiple Vulnerabilities 



is running a version of Lotus Domino Server that is prone to multiple attacks against the 

web server component. An attacker exploiting these flaws would be able to either view 

confidential data or execute arbitrary code via a buffer overflow. 


CVE-2007-5910 

Lotus Notes < 7.0.3 HTML Email RTF Conversion Overflow 



running the Lotus Notes email client. The reported version is older than 7.0.3. This version 

of Lotus Notes is reported vulnerable to multiple remote buffer overflows. The specific 

flaw seems to be in the portion of the application that processes attachments. In order for 

this attack vector to be utilized, the attacker would need to be able to entice a Lotus Notes 

user into opening a malicious attachment. Successful exploitation would result in the 

attacker executing arbitrary code on the remote system. The reported version of Lotus 

Notes is: \n %L 


CVE-2007-4222 

Adaptec Storage Manager Server Detection 


Description: The remote host is running the Adaptec Storage Manager (ASM) product. This software 

allows administrators to centrally troubleshoot and manage devices and software that are 

managed by ASM. 

Solution: N/A 


Cisco HSRP 'Active' Router Detection 




Description: The remote host is a Cisco router that is advertising itself (via HSRP) as the current active 

router. 

Solution: N/A 


Cisco HSRP 'Standby' Router Detection 


Description: The remote host is a Cisco router that is advertising itself (via HSRP) as the current standby 

router. 

Solution: N/A 


IBM Server RAID Manager Detection 


Description: The remote host is running IBM Server RAID management software. This software allows 

administrators to centrally manage the RAID disks being utilized by the IBM server. 

Solution: N/A 


BEA WebLogic Cluster Server Detection 


Description: The remote host is running BEA WebLogic software. Further, the server is configured as 

part of an Enterprise cluster of servers. 

Solution: N/A 



Ipswitch IMail Client < 2006.23 Multipart MIME Email Overflow 


Description: Synopsis :\n\nThe remote Windows host contains a program that is prone to a buffer 

overflow attack.\n\nIMail Client, a tool for administering Ipswitch IMail Server, is installed 

on the remote Windows host. The version of IMail Client on the remote host contains a 

boundary error that can be triggered by a long 'boundary' parameter in when processing 

emails with multipart MIME data. If an attacker can trick the Ipswitch Mail Server 

administrator to open a specially-crafted email using the affected application, he can 

leverage this issue to execute arbitrary code subject to the user's privileges. 



CVE-2007-4345 

Altiris AClient < 6.8.380 Multiple Local Vulnerabilities 


Description: Synopsis :\n\nThe remote Windows host has a program that is prone to multiple local 

attacks.\n\nThe version of the Altiris Client Agent (aclient) installed on the remote host 

contains a flaw in its browser option where a local user can open or execute files on the 

affected host with SYSTEM privileges. It also contains a directory traversal vulnerability 

that allows a local user to read privileged system files. 


CVE-2007-5838 

WebSphere Server Version Detection 


Description: The remote WebSphere server is running version '%L' 

Solution: N/A 

GIOP Device Detection 



Description: A GIOP-enabled service is running on this port. General Inter-ORB Protocol (GIOP) is 

commonly used in applications that are distributed across a network and have the need to 

share information. 

Solution: N/A 


WebSphere SSL Server Detection 


Description: The remote server is a WebSphere SSL Server. 

Solution: N/A 




WebSphere UDDI Console Multiple Vulnerabilities 


RISK: 

MEDIUM 



WebSphere server is running version '%L'.\nThis version is reported vulnerable to a 

number of flaws in its UDDI Console. The flaws stem from the application's inability to 

parse user-supplied input to the 'uddigui/navigateTree.do' Java program. Successful 

exploitation would require that the attacker be able to convince a user to browse a 

malicious URI. Successful exploitation would result in the attacker executing script code 

within the client browser. 


CVE-2007-5799 



RISK: 

MEDIUM 



version of Firefox is affected by various security issues, some of which may lead to 

execution of arbitrary code within vulnerable browsers. There is also a risk of the Firefox 

browser being crashed. 



Unix AIX Operating System Detection 


Description: The remote host is a UNIX AIX system. 

Solution: N/A 


Apache-SOAP Administrative Interface Detection 


Description: The remote host is running the Apache-SOAP administrative interface. The 

interface allows remote users to view, create, and delete objects. 

Solution: Ensure that only valid administrators can access the application. 







multiple issues.\n\nThe version of QuickTime installed on the remote Windows host is 

older than 7.3. Such versions contain several vulnerabilities that may allow an attacker to 

execute arbitrary code on the remote host if the user can be convinced to open a 

specially-crafted file with QuickTime. The reported version of QuickTime is: \n %L 


CVE-2007-4676 

OrangeHRM < 2.2.2 RepViewController.php Privilege Escalation 


RISK: 

MEDIUM 



sensitive files or data.\n\nThe remote host is running OrangeHRM, a human resource 

management system written in PHP. The version of OrangeHRM installed on the remote 

host fails to sanitize input within the 'RepViewController.php' PHP script. An authenticated 

user may use this flaw to access private data. An attacker exploiting this flaw would need a 

valid account on the OrangeHRM system. Successful exploitation would result in the loss 

of confidential data. 


CVE-2007-5931 

HP Radia Integration Server Version Detection 


Description: The remote host is running the HP Radia Integration server, a component of HP Openview 

that is used to manage enterprise machines. The reported version is '%L' 

Solution: N/A 


Trillian Version Detection 


Description: The version of Trillian installed on the remote client is '%L'.\nTrillian is a chat client that 

can be used for messaging and file transfer. 

Solution: N/A 






Description: The remote web server uses a version of PHP that is affected by multiple flaws. According 

to its banner, the version of PHP installed on the remote host is older than 5.2.5. Such 

versions may be affected by various issues, including but not limited to several buffer 

overflows. The reported version of PHP is: \n %L 


CVE-2007-4887 

Oracle Web Listener Version Detection 


Description: The remote server is running the Oracle Web Listener application version '%L' 

Solution: N/A 


TestLink < 1.7.1 Authorization Mechanism Failure 


Description: Synopsis :\n\nThe remote host is vulnerable to a flaw that allows authenticated attackers to 

gain access to the account data of other users.\n\nThe remote host is running TestLink, an 

application testing suite written in PHP. The reported version number is '%L'\nThis version 

is reported vulnerable to a flaw in the 'userview.php' script. Specifically, an authenticated 

user would be able to view and modify the accounts of other users. 


CVE-2007-6006 


Mac OS X < 10.4.11 Multiple Vulnerabilities (Security Update 2007-008) 




10.4.11 or a version of Mac OS X 10.3 that does not have Security Update 2007-008 

applied. This update contains several security fixes for the following programs :\n\n\n - 

Flash Player Plugin\n - AppleRAID\n - BIND\n - bzip2\n - CFFTP\n - CFNetwork\n - 

CoreFoundation\n - CoreText\n - Kerberos\n - Kernel\n - remote_cmds\n - Networking\n - 

NFS\n - NSURL\n - Safari\n - SecurityAgent\n - WebCore\n - WebKit 



CVE-2007-4701 

Samba < 3.0.27 Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote Samba server may be affected one or more vulnerabilities.\n\n 

According to its banner, the version of the Samba server ('%L') on the remote host contains 

a boundary error in the 'reply_netbios_packet()' function in 'nmbd/nmbd_packets.c' when 

sending NetBIOS replies. Provided the server is configured to run as a WINS server, a 

remote attacker can exploit this issue by sending multiple specially-crafted WINS 'Name 

Registration' requests followed by a WINS 'Name Query' request, leading to a stack-based 

buffer overflow and allow for execution of arbitrary code.\nThere is also a stack buffer 

overflow in nmbd's logon request processing code that can be triggered by means of 

specially-crafted GETDC mailslot requests when the affected server is configured as a 

Primary or Backup Domain Controller. The Samba security team currently does not believe 

this particular vulnerability can be exploited to execute arbitrary code remotely. 


CVE-2007-5398 

WebSphere HTML 'Expect' Header HTML Injection 


RISK: 

MEDIUM 



WebSphere server is running version '%L'.\nThis version is reported to be vulnerable to an 

HTML injection flaw. An attacker exploiting this flaw would need to create a custom 

request that utilized custom 'Expect' headers and be able to convince unsuspecting users to 

launch the URI. Successful exploitation would result in an attacker gaining access to 

confidential client data. 


CVE-2007-5944 

VMWare Server Detection 



Description: The remote host is running VMWare server, an application that allows users to run multiple 

operating systems virtually. Further, this instance of VMWare is a server application that 

allows remote administrator access to the VMWare console. The displayed banner is '%L' 

Solution: Only allow administrative VMWare connections from trusted hosts. 



VMWare Server Plaintext Authorization 


RISK: 

MEDIUM 



manner.\n\nThe remote host is running VMWare server, an application that allows users to 

run multiple operating systems virtually. Futher, this instance of VMWare is a server 

application that allows remote administrator access to the VMWare console. The displayed 

banner is '%L'\nThis version of VMWare Server allows authentication without SSL. 

Sending credentials in plaintext allows passive attackers to either execute 

man-in-the-middle attacks or sniff the credentials while in transit. 

Solution: Newer versions of the VMware Authentication daemon can be configured to only accept 

authentication over SSL. 


LIVE555 Media Server < 2007.11.18 DoS 



remote host is running LIVE555 Media Server, a media streaming server. The version of 

LIVE55 installed on the remote host is vulnerable to a denial of service attack when sent a 

request of less than 8 bytes. An attacker exploiting this flaw would only need the ability to 

connect to the RTSP server via the network. Successful exploitation would result in the 

service crashing. 


CVE-2007-4561 

Ability Mail Server < 2.61 Multiple Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote mail server is affected by multiple denial of service 

vulnerabilities.\n\n The remote host appears to be running Ability IMAP Server. According 

to its banner, the installed version of Ability Mail Server is affected by two issues that 

could cause the application to crash. One involves messages that are changed to a blank 

string, the other concerns IMAP4 commands with malformed number list ranges. It is not 

currently known whether either or both issues can be exploited without authentication. 


CVE-2007-6101 





RISK: 

MEDIUM 



vulnerabilities.\n\n The remote host appears to be running Ability SMTP Server. According 






CVE-2007-6101 



RISK: 

MEDIUM 



vulnerabilities.\n\n The remote host appears to be running Ability POP3 Server. According 






CVE-2007-6101 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote mail server is affected by denial of service vulnerabilities.\n\n 

The remote host appears to be running Ability Mail Server. According to its banner, the 

installed version of Ability Mail Server is affected by two issues that could cause the 

application to crash. One involves messages that are changed to a blank string, the other 

concerns IMAP4 commands with malformed number list ranges. It is not currently known 

whether either or both issues can be exploited without authentication. 


CVE-2007-6101 


Microsoft Outlook Web Access (OWA) Version Detection 



Description: The remote server is running Microsoft Outlook Web Access (OWA) version : '%P' 

Solution: Ensure that this instance of Outlook Web Access is within corporate standards and is 

fully patched. 


RunCMS include/common.php xoopsOption Parameter Local File Inclusion 


RISK: 

MEDIUM 


Description: The remote web server contains a PHP application that is susceptible to a local file 

inclusion attack. The remote host appears to be running RunCMS, a content-management 

system written in PHP. The version of RunCMS installed on the remote host fails to 

sanitize user input to the 'xoopsOption[pagetype]' parameter before using it to include PHP 

code in 'include/common.php'. Regardless of PHP's 'register_globals' setting, an 

unauthenticated remote attacker may be able to exploit this issue to view arbitrary files or 

to execute arbitrary PHP code on the remote host, subject to the privileges of the web 

server user ID. 


CVE-2008-0224 





issues :\n\n - Three bugs that can result in crashes with traces of memory corruption\n - A 

cross-site scripting vulnerability involving support for the 'jar:' URI scheme\n - A timing 

issue when setting the 'window.location' property that could be leveraged to conduct 

cross-site request forgery attacks. 


CVE-2007-5960 

Sentinel Protection Server < 7.4.1 Directory Traversal File Access 



RISK: 

MEDIUM 



host is running a the Sentinel Protection Server version %L.\nThis version of Sentinel is 

vulnerable to a flaw where specially formatted HTTP requests, like 'GET 

/..\..\..\..\..\..\winnt\win.ini', will cause the server to return potentially confidential data from 

outside of the web directories. 



CVE-2008-0760 



Description: Synopsis :\n\nThe remote Windows host contains a web browser that is affected 

by multiple vulnerabilities.\n\n The installed version of SeaMonkey is affected by 

various security issues :\n\n - Three bugs that can result in crashes with traces of 

memory corruption\n - A cross-site scripting vulnerability involving support for 

the 'jar:' URI scheme\n - A timing issue when setting the 'window.location' 

property that could be leveraged to conduct cross-site request forgery attacks. 


CVE-2007-5960 

Ruby on Rails < 1.2.6 Cookie Related Session Fixation 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote server can be used to attack user authentication data.\n\nThe 

remote server is running the Ruby on Rails web application. The reported version is 

'%L'\nThis version of Rails is reported to be vulnerable to a flaw in the way that it handles 

authentication data. Allegedly, the 'lib/action_controller/cgi_process.rb' script is vulnerable 

to a flaw that would allow an attacker to steal cookie data. An attacker could then use this 

data to gain access to the application with the user's credentials. 


CVE-2007-6077 

IBM Director Version Detection 


Description: The remote server is running IBM Director version: %L 

Solution: N/A 

IBM Director < 






remote server is running IBM Director version: %L.\nThis version of IBM Director is 

vulnerable to an attack against resources. Specifically, an attacker making multiple 

connections to a service port can cause the system to consume high CPU and memory 

resources. Successful exploitation would result in the system becoming less responsive or 

crashing. 


Maltego Tool Detection 

CVE-2007-5612 



corporate policy.\n\nThe remote host is running Maltego, a tool commonly used for 

gathering intelligence about an individual, domain, phone number, and more. 


guidelines. 


Plumtree Version Detection 


Description: The remote host is running the Plumtree Portal, a part of the BEA Aqualogic web software. 

The reported version number and build information was: '%L'. 

Solution: N/A 


Squid < 2.6.STABLE18 Update Reply Processing DoS 


Description: Synopsis :\n\nThe remote proxy server is prone to a denial of service attack. \n\nAccording 

to its banner, the version of the Squid proxy caching server installed on the remote host is 

older than 2.6.STABLE17. Such versions reportedly use incorrect bounds checking when 

processing some cache update replies. A client trusted to use the service may be able to 

leverage this issue to crash the application, thereby denying service to legitimate users. 

Solution: Either upgrade to version 2.6.STABLE18 or higher or patch according to vendor 


CVE-2007-6239 



Snitz Forum < 3.4.0.07 active.asp BuildTime Parameter SQL Injection 



appears to be running Snitz Forum, a web forum application implemented in ASP. This 

version of Snitz ('%L') is reported to be vulnerable to a SQL injection flaw within the 

'active.asp' script. An attacker exploiting this flaw would send specially formed HTTP 

queries to the active.asp script. These queries would include SQL statements that would 

ultimately be executed on the database utilized by Snitz. 


CVE-2007-6240 

Jetty < 6.1.6 Multiple Vulnerabilities 



is running Jetty (version: '%L'), a Java web server that can be downloaded off the Internet 

and is currently bundled with some IBM applications. This version of Jetty is vulnerable to 

a remote flaw in the way that it handles cookie quotes. An attacker exploiting this flaw 

would be able to hijack the session of valid users without authentication. Further, this 

version of Jetty is vulnerable to a flaw in the way that it handles Carriage-Return/Line-Feed 

characters. An attacker can exploit this flaw to inject malicious HTTP headers into a 

session. This version of Jetty is also vulnerable to a cross-site scripting (XSS) attack that 

would allow an attacker to possibly retrieve sensitive data from client browsers. 


CVE-2007-5614 

OpenOffice HSQLDB Document Handling Java Code Injection 



is running a version of OpenOffice.org that is affected by a remote code execution flaw. 

The root of the flaw appears to be the HSQLDB database engine. An attacker exploiting 

this flaw would need to be able to convince a user to open a file that was handled by the 

OpenOffice HSQLDB database engine. Successful exploitation would result in the attacker 

executing arbitrary Java code on the remote system. 

Solution: Upgrade to version 2.3.1 (2.3 build 9238) or higher. 

CVE-2007-4575 


MySQL < 5.0.51 RENAME TABLE Symlink System Table Overwrite 

PVS ID: 4309 FAMILY: Database RISK: LOW NESSUS ID:29251 


Description: Synopsis :\n\nThe remote database server is susceptible to a local symlink attack.\n\n The 

version of MySQL installed on the remote host reportedly fails to check whether a file to 

which a symlink points exists when using RENAME TABLE against a table with explicit 

DATA DIRECTORY and INDEX DIRECTORY options. A local attacker may be able to 

leverage this issue to overwrite system table information by replacing the file to which the 

symlink points. 


CVE-2007-5969 

Skype Technologies < 3.6.0.216 skype4com URI Handler Remote Heap Corruption 


Description: Synopsis :\n\nThe remote Skype client is affected by a buffer overflow.\n\nThe version of 

Skype installed on the remote host is vulnerable to a heap overflow vulnerability in the 

skype4com URI handler. A remote attacker would have to convince a user to click on a 

specially-crafted Skype URL to exploit this flaw. 


CVE-2007-5989 

Samba < 3.0.28 send_mailslot Function Buffer Overflow 


Description: Synopsis :\n\nThe remote Samba server may be affected by a buffer overflow 

vulnerability.\n\n According to its banner, the version of the Samba server ('%L') on the 

remote host is reportedly affected by a boundary error in 'nmbd' within the 'send_mailslot' 

function. Provided the 'domain logons' option is enabled in 'smb.conf', an attacker can 

leverage this issue to produce a stack-based buffer overflow using a 'SAMLOGON' domain 

logon packet in which the username string is placed at an odd offset and is followed by a 

long 'GETDC' string. Note that PVS has not verified whether 'domain logons' are enabled 

on the remote host. 


CVE-2007-6015 

MySQL Enterprise Server < 5.0.52 Multiple Vulnerabilities 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote database server is affected by several issues.\n\nThe version of 

MySQL Enterprise Server installed on the remote host reportedly is affected by the 

following issues :\n\n - Using RENAME TABLE against a table with explicit DATA 

DIRECTORY and INDEX DIRECTORY options can be used to overwrite system table 

information. (Bug #32111).\n\n - ALTER VIEW retained the original DEFINER value, 


even when altered by another user, which could allow that user to gain the access rights of 

the view. (Bug #29908)\n\n - When using a FEDERATED table, the local server can be 

forced to crash if the remote server returns a result with fewer columns than expected. (Bug 

#29801) 


CVE-2007-6304 

MySQL Community Server < 5.1.23 / 6.0.4 Multiple Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote database server is affected by several issues.\n\nThe version of 

MySQL Server installed on the remote host reportedly is affected by the following issues 

:\n\n - It is possible, by creating a partitioned table using the DATA DIRECTORY and 

INDEX DIRECTORY options, to gain privileges on other tables having the same name as 

the partitioned table. (Bug #32091)\n\n - Using RENAME TABLE against a table with 

explicit DATA DIRECTORY and INDEX DIRECTORY options can be used to overwrite 

system table information. (Bug #32111).\n\n - ALTER VIEW retains the original 

DEFINER value, even when altered by another user, which can allow that user to gain the 

access rights of the view. (Bug #29908)\n\n - When using a FEDERATED table, the local 

server can be forced to crash if the remote server returns a result with fewer columns than 

expected. (Bug #29801) 


CVE-2007-6304 



Description: Synopsis :\n\nThe remote host contains an application that is affected by multiple 

vulnerabilities.\n\n The version of QuickTime installed on the remote host is older than 

7.3.1. Such versions contain several vulnerabilities that may allow an attacker to execute 

arbitrary code on the remote host if a user opens a specially-crafted RTSP movie, QTL file 

or Flash media file with QuickTime. 


CVE-2007-6166 


WebGUI < 7.4.18 Secondary Admin Remote Privilege Escalation 



Description: Synopsis :\n\nThe remote host is vulnerable to a remote 'privilege escalation' flaw.\n\nThe 

remote host is running WebGUI, a content management framework. The remote version of 

this software is vulnerable to a flaw where an authenticated 'secondary admin' user can 

bypass security restrictions and gain administrative ability to add and modify user accounts. 

This would include the ability to create administrative accounts. An attacker exploiting this 

flaw would need a valid 'secondary admin' account. 



LDAP Client Anonymous Bind Utilization 


Description: The remote host is an LDAP client. Improperly configured LDAP servers will allow any 

user to connect to the server and query for information. PVS has noted a client that utilized 

a NULL LDAP bind request. 

Solution: Ensure that such usage is in line with corporate policies regarding authentication and 

authorization. 


LDAP Client Anonymous Bind Utilization 


Description: The remote host is an LDAP client. Improperly configured LDAP servers will allow any 

user to connect to the server and query for information. PVS has noted a client that utilized 

a NULL LDAP bind request. 

Solution: Ensure that such usage is in line with corporate policies regarding authentication and 

authorization. 


PeerCast < 0.1218 servhs.cpp handShakeHTTP Function Remote Overflow 


Description: Synopsis :\n\nThe remote web server suffers from a buffer overflow vulnerability.\n\nThe 

version of PeerCast installed on the remote host fails to properly sanitize user-supplied data 

passed to the 'handShakeHTTP()' function. An unauthenticated attacker can leverage this 

issue to crash the affected application and to possibly execute arbitrary code on the remote 

host subject to the privileges of the user running PeerCast. 


CVE-2007-6454 



RaidenHTTPD < 



host is running RaidenHTTPD, a web server for Windows. Specifically, the 'ulang' 

parameter of the 'raidenhttpd-admin/workspace.php' script fails to adequately parse 

user-supplied data. A request containing '../' would allow an attacker to gain access to files 

outside the web root. 


CVE-2007-6453 

CUPS < 1.3.5 Back End SNMP Response Remote Overflow 



running the Common Unix Printing System (CUPS) daemon. This version of CUPS is 

vulnerable to a remote buffer overflow. The flaw is in the way that CUPS handles SNMP 

responses. An attacker sending a malformed SNMP response would be able to execute 

arbitrary code on the remote system. In order to exploit this flaw, the attacker would need 

for SNMP to be enabled on the CUPS server as well as the ability to intercept and respond 

to SNMP messages bound for valid hosts. 

Solution: Upgrade to a version 1.3.5 or higher 

CVE-2007-5849 

ClamAV < 0.92.0 PE File Handling Integer Overflow 



running the ClamAV antivirus client version %L\n\nThis version of ClamAV is vulnerable 

to a remote integer overflow due to a content-parsing flaw when handling malformed PE 

files. An attacker exploiting this flaw would only need the ability to send a malformed 

attachment to a system protected by ClamAV. Successful exploitation would result in the 

attacker overwriting critical memory blocks and either crashing the service or executing 



CVE-2007-6596 


Flash Player < 9.0.115.0 / 7.0.73.0 APSB07-20 Multiple Vulnerabilities 



Description: Synopsis :\n\nThe remote Windows host contains a browser plugin that is affected by 

multiple issues.\n\n According to its version number, the instance of Flash Player on the 

remote Windows host is affected by multiple issues, including several that could allow for 

arbitrary code execution by means of a malicious SWF file. The reported version of Flash 

Player is: %L 


CVE-2007-6245 



Description: Synopsis : \n\nThe remote host contains a web browser that is affected by several 

issues.\n\n The version of Opera installed on the remote host reportedly is affected by 

several issues : \n\n - An issue where TLS certificates could be used to execute arbitrary 

code.\n\n - The browser processes a 3xx HTTP CONNECT response before a successful 

SSL handshake, which could allow a man-in-the-middle attacker to execute arbitrary web 

script in the context of a HTTPS server.\n\nThe reported version of Opera is : \n %L 


CVE-2007-6524 

CuteNews < 1.4.6 search.php files_arch Array Arbitrary File Access 


RISK: 

MEDIUM 



sensitive files or data\n\nAccording to its version number, the remote host is running a 

version of CuteNews that allows an attacker to read files that should not be typically read. 

The root of the flaw is in the way that 'search.php' handles user-supplied input. An attacker 

exploiting this flaw would only need the ability to send HTTP requests to the 'search.php' 

script. Successful exploitation will result in the loss of confidential data. 



Gallery < 2.2.4 Multiple Vulnerabilities 





version of Gallery installed on the remote host is less than 2.2.4. The vendor has reported 

multiple security flaws in this version. 




Mantis < 0.9.5 / 1.1.0 RC5 view.php HTML Injection 


RISK: 

MEDIUM 



host appears to be running a vulnerable version of Mantis, a bug tracker web application 

written in PHP. The reported version number is '%L'. It is reported that versions lower than 

1.1.0 are vulnerable to a persistent HTML injection attack. The root of the flaw is in the 

way that Mantis handles user-supplied data to the 'view.php' script. An attacker exploiting 

this flaw would only need the ability to send HTTP requests to the 'view.php' script. 

Successful exploitation would result in arbitrary code being executed within the browser of 

other Mantis users. 

Solution: Upgrade to version 0.19.5, 1.0.0 RC5 or higher. 

CVE-2008-0404 

OpenBiblio < 0.6.0 Multiple Vulnerabilities 


Description: Synopsis : \n\nThe remote host is missing a critical security patch or 

upgrade.\n\nAccording to its version number, the remote host is running a version of 

OpenBiblio that is vulnerable to a number of flaws. The reported version info is: \n %L 

\n\nOpenBiblio is an open-source, web-based library system. The vendor has released 

version 0.6.0 which addresses a number of flaws. An attacker exploiting these flaws would 

only require the ability to access the OpenBiblio web interface. Successful exploitation 

would allow the attacker to read confidential data and execute malicious code on the local 

server, database server and client browser. 


CVE-2007-6608 


CMS Made Simple content_css.php templateid Parameter SQL Injection 



attack.\n\n The remote host appears to be running CMS Made Simple ( version %L ), a 

content management system written in PHP. The version of CMS Made Simple installed on 

the remote host fails to sanitize user-supplied input to the 'templateid' parameter of the 

'modules/TinyMCE/content_css.php' script before using it in a database query. Regardless 

of PHP's 'magic_quotes_gpc' and 'register_globals' settings, an attacker may be able to 

exploit this issue to manipulate database queries, leading to disclosure of sensitive 

information, modification of data or other attacks against the underlying database. 



CVE-2007-6656 

Atlassian JIRA < 3.12.1 Multiple Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server contains an application that is affected by one or 

more vulnerabilities.\n\nAtlassian JIRA, a web-based application for bug tracking, issue 

tracking and project management, installed on the remote web server is affected by one or 

more of the following issues :\n\n - A cross-site scripting issue due to its failure to sanitize 

error messages under a user's control and passed to the '500page.jsp' script before using 

them to generate dynamic output.\n\n - A security bypass issue that may allow an attacker 

to change JIRA's default language by accessing its first setup page directly.\n\n - A security 

bypass issue by which a user may delete a shared filter created by another user.\n 

Solution: Upgrade to version 3.12.1 or higher or patch according to vendor recommendations. 

CVE-2007-6617 

Mort Bay Jetty < 6.1.7 Double Slash Information Disclosure 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server is affected by an information disclosure 

vulnerability.\n\n The remote instance of Mort Bay Jetty allows an attacker to view static 

content in WEB-INF and behind security constraints because of the approach it uses to 

compact URLs like '/foo///bar'. 


CVE-2007-6672 




issues.\n\n According to its banner, the version of PHP installed on the remote host is older 

than 4.4.8. Such versions may be affected by several issues, including integer overflows 

involving the 'chunk_split', 'strcspn', and 'strspn' functions, and 'safe_mode' / 'open_basedir' 

bypasses. The installed version of PHP is: \n %L 


CVE-2007-3378 



Vulnerability in SMBv2 Could Allow Remote Code Execution (942624) - Network Check 


Description: Synopsis :\n\nIt is possible to execute code on the remote host.\n\nThe remote version of 

Windows contains a version of SMBv2 (Server Message Block) protocol that is vulnerable 

to several vulnerabilities. An attacker may exploit these flaws to elevate privileges and gain 

control of the remote host.\nIAVT Reference : 2007-T-0049\nSTIG Finding Severity : 

Category I 

Solution: Microsoft has released a set of patches for Windows Vista : 

CVE-2007-5351 




is running PostgreSQL, an open source relational database. This version is vulnerable to six 

distinct remote flaws. The nature of three of these flaws involves privilege escalation. An 

attacker exploiting the 'privilege escalation' bugs would either need local access or user 

credentials in order to elevate their access. The other three flaws involve remote denial of 

service attacks. An attacker exploiting these flaws would not need any sort of credentials 

and would have the ability to crash the database service. 

Solution: Upgrade to PostgreSQL 7.3.21, 7.4.19, 8.0.15, 8.1.11, 8.2.6 or higher. 

CVE-2007-3278 

Malicious Website - JavaScript Files Linked on Web Site 


Description: Synopsis :\n\nThe remote web server appears to have been compromised.\n\nThe remote 

web site appears to link to malicious JavaScript files hosted on a third party web site. This 

means that the remote web site has been compromised, and it might infect its visitors as 

well. This indicates that the remote web site is vulnerable to SQL injection attacks. The 

following page is the one hosting a link to the malicious JavaScript code\n%P 

Solution: Restore the web site to its original state and audit your dynamic pages for SQL injection 




SSH Tectia Server < 5.2.4 / 5.3.6 Local Privilege Escalation 



Description: Synopsis :\n\nThe remote host is vulnerable to a local privilege escalation 

flaw.\n\nThe remote host is running SSH Tectia Server, a commercial SSH server. 

According to its banner, the installed version of this software contains a local flaw in 

the way that it handles command line arguments to the 'ssh-signer' binary. This flaw 

is only relevant to Unix machines. An attacker exploiting this flaw would need local 

access. Successful exploitation would result in the attacker executing code as the 

'root' user. 


CVE-2007-5616 

MaxDB Version Detection 


Description: The remote host is running MaxDB version %L 

Solution: Ensure you are running the latest version of MaxDB. 


SAP DB / MaxDB Cons Program Arbitrary Command Execution 


Description: Synopsis :\n\nThe remote database service allows execution of arbitrary commands.\n\n 

The version of SAP DB / MaxDB installed on the remote host fails to sanitize user-supplied 

input to the 'show' and 'exec_sdbinfo' commands before passing it to a 'system()' call. An 

unauthenticated remote attacker can leverage this issue to execute arbitrary commands on 

the affected host subject to the privileges under which the service operates, which under 

Windows is SYSTEM. 


CVE-2008-0244 

Horde Imp < 4.1.6 Multiple Vulnerabilities 


RISK: 

MEDIUM 



Horde Imp installed on the remote host suffers from a number of flaws. A failure to sanitize 

user-supplied input could lead to a situation where an attacker can inject malicious HTML 

code or delete arbitrary email messages. 


CVE-2007-6018 



Lotus Domino < 7.0.2 FP3 Unspecified DoS 


Description: Synopsis :\n\nThe remote host has an application that is affected by a denial of service 

vulnerability.\n\n The version of Lotus Domino on the remote host appears to be older than 

7.0.2 FP3. According to IBM, such versions are potentially affected by an unspecified 

denial of service issue (SPR #WRAY6WHTCC). 

Solution: Upgrade to version 7.0.2 FixPack3 or higher. 

CVE-2008-0243 

Sun Java System Identity Manager Version Detection 


Description: The remote host is running Sun Java System Identity Manager version %L 

Solution: Ensure that you are running the latest version of Identity Manager. 


Sun Java System Identity Manager XSS 


RISK: 

MEDIUM 



remote host is running Sun Java System Identity Manager. The reported version (%L) is 

vulnerable to multiple cross-site scripting (XSS) attacks. An attacker exploiting these flaws 

would be able to inject script code into the browsers of other clients of the Identity 

Manager. Successful exploitation could result in the loss of confidential client data. 


CVE-2008-0241 

netOctopus Agent Detection (UDP) 


Description: Synopsis :\n\nAn asset management agent is listening on the remote host.\n\n The remote 

service is a netOctopus Agent, the component of the netOctopus asset management 

software suite installed on individual computers. 

Solution: Filter incoming traffic to this port. 


netOctopus Server Detection (UDP) 




Description: Synopsis :\n\nAn asset management server is running on the remote host.\n\n The remote 

service is a netOctopus Server, the server component of the netOctopus asset management 

software suite. 

Solution: Filter incoming traffic to this port. 




Description: Synopsis : \n\nThe remote host contains an application that is affected by multiple 

vulnerabilities.\n\n The version of QuickTime installed on the remote host is older than 7.4. 

Such versions contain several vulnerabilities that may allow an attacker to execute arbitrary 

code on the remote host if a user opens a specially-crafted movie or PICT file with 

QuickTime. The installed version of QuickTime is: \n %L 


CVE-2008-0036 

WinErr Messages OS Detection 


Description: According to the Windows error report that was just sent to watson.microsoft.com, the 

remote host is running Microsoft operating system version %L 

Solution: N/A 


MyBB < 1.2.11 forumdisplay.php sortby Parameter Command Execution 


Description: Synopsis :\n\nThe remote web server contains a PHP script that allows arbitrary command 

execution.\n\n The version of MyBB installed on the remote host fails to sanitize input to 

the 'sortby' parameter of the 'forumdisplay.php' script before using it in an 'eval()' statement 

to evaluate PHP code. An unauthenticated attacker can leverage this issue to execute 

arbitrary code on the remote host subject to the privileges of the web server user ID. In 

addition, this version of MyBB is vulnerable to several SQL injection attacks that, if 

exploited, would give the attacker the ability to execute arbitrary SQL commands on the 

database server utilized by MyBB. 




CVE-2008-0383 

Winamp < 5.52 Ultravox Streaming Metadata Parsing Buffer Overflows 


Description: Synopsis :\n\nThe remote Windows host contains a multimedia application that is affected 

by multiple buffer overflow vulnerabilities.\n\nThe remote host is using Winamp, a popular 

media player for Windows. The version of Winamp installed on the remote Windows host 

reportedly contains two stack-based buffer overflows in 'in_mp3.dll' when parsing Ultravox 

streaming metadata that can be triggered by overly-long '' and '' tag values. 

If an attacker can trick a user on the affected host into opening a specially-crafted file, he 

may be able to leverage this issue to execute arbitrary code on the host subject to the user's 

privileges. 


BoastMachine < 

CVE-2008-0065 


Description: Synopsis :\n\nThe remote host is vulnerable to a SQL Injection attack.\n\nThe 

remote host is running BoastMachine, a blogging software, version %L.\nThis 

version of BoastMachine is vulnerable to a flaw in the mail.php script. Specifically, 

a remote user can pass arbitrary SQL commands to the mail.php script that would 

then be executed on the database server. 


CVE-2008-0422 

WebSphere serveServletsByClassnameEnabled Unspecified Vulnerability 



remote host is a WebSphere application server. The reported version number is '%L'.\nThis 

version is reported to be vulnerable to a flaw in the serveServletsByClassnameEnabled 

module. While the details of this flaw are currently unknown, the vendor has released a fix. 


CVE-2008-0389 


WebSphere serveServletsByClassnameEnabled Unspecified Vulnerability 




remote server is a WebSphere application server. The reported version number is 

'%L'.\nThis version is reported to be vulnerable to a flaw in the 

serveServletsByClassnameEnabled module. While the details of this flaw are currently 

unknown, the vendor has released a fix. 


CVE-2008-0389 

Coppermine Photo Gallery < 1.4.11 Album Password Cookie SQL Injection 


Description: Synopsis : \n\nThe remote web server contains a PHP application that is prone to a SQL 

injection attack.\n\nThe version of Coppermine installed on the remote host fails to sanitize 

user-supplied input to the album password cookie before using it in a database query in the 

'get_private_album_set' function in 'include/functions.inc.php'. Regardless of PHP's 

'magic_quotes_gpc' setting, an attacker may be able to exploit this issue to manipulate 

database queries, leading to disclosure of sensitive information, execution of arbitrary code 

or attacks against the underlying database. 


CVE-2007-1107 

Citadel < 7.11 makeuserkey Function RCPT TO Command Remote Overflow 



running Citadel, a messaging software for Unix systems. There is a buffer overflow 

vulnerability in the remote version of this software that may be exploited by an attacker to 

execute arbitrary commands on the remote host. The flaw stems from a flaw when handling 

user-supplied 'RCPT TO' data. The application cannot handle 'RCPT TO' strings that are 

greater than 4096 bytes. 


CVE-2008-0394 


MyBB < 1.2.12 private.php options[disablesmilies] Parameter SQL Injection 


Description: Synopsis :\n\nThe remote host is vulnerable to a SQL Injection attack.\n\nThe version of 

MyBB installed on the remote host fails to sanitize input to the 'options[disablesmilies]' 

parameter of the 'private.php' script before using it in a SQL query. An attacker exploiting 

this flaw would need to be able to authenticate with a valid user ID and send data to the 

private.php script. Successful exploitation would result in the attacker executing arbitrary 

SQL commands on the database server utilized by MyBB. 



CVE-2008-0787 

Tivoli Provisioning Manager < 5.1.0.3 DoS 



remote host is running the IBM 'Tivoli Provisioning Manager for OS deployment' version 

%L\nThis version of the software is vulnerable to a flaw in the way that it handles 

malformed requests. An attacker exploiting this flaw can cause a crash that would affect all 

of the Tivoli services on the server. 


CVE-2008-0401 

WebSphere Application Server < 6.0.2.25 Multiple Vulnerabilities 



server is a WebSphere application server. The reported version number is '%L'.\nThis 

version is reported to be vulnerable to a number of flaws. First, there is a reported flaw in 

the way that the administrative console monitors role users. Second, there is a buffer 

overflow in the default messaging component. Third, there is an unspecified flaw in the 

Java Transaction service. Fourth, there is an information disclosure flaw in the 

'http_plugin.log' file. Fifth, there is an information disclosure flaw in the 

'PropFilePasswordEncoder' utility. The details of these flaws are currently unknown; 

however, the vendor has released a patch to address these issues. 


CVE-2008-0741 

NetCache Version Detection 


Description: The remote host is running the NetCache proxy. NetCache is a content-filtering proxy that 

allows users to access the Internet through a common portal. The reported version is: %L 

Solution: Upgrade or patch according to vendor recommednations. 



Web Wiz Forums < 9.08 Multiple Script Directory Traversals 



RISK: 

MEDIUM 


host is running Web Wiz Forums, a free tool for generating web-based forums. The 

reported version (%L) is reported to be vulnerable to a number of flaws that, if executed, 

would give an attacker access to confidential data. Specifically, the 'sub' parameter of the 

'RTE_file_browser.asp' script fails to sanitize user-supplied data of the form '../'. An 

attacker can use this flaw to access data outside of the web directories. This same flaw can 

also be exploited via the 'file_browser.asp' script. 


CVE-2008-0481 

DB2 < 8.1 FixPak 16 Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote database server is affected by multiple issues.\n\nAccording to its 

version, the installation of DB2 on the remote host is affected by one or more of the 

following issues :\n\n - A local user may be able to gain root privileges using the 'db2pd' 

tool (IZ03546).\n - The 'b2dart' tool executes a TPUT command that effectively allows 

users to run commands as the DB2 instance owner (IZ03647).\n - A buffer overflow and 

invalid memory access vulnerability exists in the DAS server code (IZ05496).\n - An 

unspecified vulnerability in 'SYSPROC.ADMIN_SP_C' (IZ06972).\n - An unspecified 

vulnerability exists due to incorrect authorization checking in 'ALTER TABLE' statements 

(IZ07337). 


CVE-2008-0698 

MicroTik Router Version Detection 


Description: The remote host is running a MicroTik router. The reported version is: %L 

Solution: Ensure that you are running the latest version of MicroTik router. 


MicroTik Router Version Detection 



Description: The remote host is running a MicroTik router. The reported version is: %L 

Solution: Ensure that you are running the latest version of MicroTik router. 



WS_FTP Server < 6.1.1 Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote host is vulnerable to multiple attack vectors.\n\nThis host is 

running a vulnerable version of WS_FTP FTP server. Versions up to and including 6.1.0 

are reported prone to multiple flaws:\n\n - A vulnerability caused by an improper handling 

of UDP packets within the FTP log server. An attacker can exploit this to crash the affected 

service. (CVE-2008-0608)\n\n - A buffer overflow vulnerability in the SSH server service 

when handling arguments to the 'opendir' command. (CVE-2008-0590)\n\n - An 

information disclosure vulnerability when processing HTTP requests for the 

'FTPLogServer/LogViewer.asp' script. An attacker can exploit this to gain access to the log 

viewing interface. (CVE-2008-5692)\n\nThe reported version of WS_FTP is\n%L 


CVE-2008-5693 

iPhoto < 7.1.2 Photocast Subscription Format String 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote Mac OS X host contains an application that is affected by a 

format string vulnerability.\n\nThe remote host is running a version of iPhoto older than 

version 7.1.2. Such versions are reportedly affected by a format string vulnerability. If an 

attacker can trick a user on the affected host into subscribing to a specially-crafted 

photocast, he may be able to leverage these issues to execute arbitrary code on the affected 

host subject to the user's privileges. 


CVE-2008-0043 

QuickTime < 7.4.1 RTSP Response Handling Overflow 


Description: Synopsis :\n\nThe remote Windows host contains an application that is affected by a buffer 

overflow vulnerability.\n\nThe version of QuickTime installed on the remote Windows host 

is older than 7.4.1. Such versions contain a heap buffer overflow in the application's 

handling of HTTP responses when RTSP tunneling is enabled. If an attacker can trick a 

user to visit a specially-crafted webpage, he may be able to to execute arbitrary code on the 

remote host subject to the user's privileges. 




CVE-2008-0234 

WordPress < 2.3.3 XML-RPC Unauthenticated Post Modification 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a flaw that allows for unauthorized access to 

data.\n\nThe version of WordPress installed on the remote host is vulnerable to an 

unauthorized access attack. An attacker exploiting this flaw would need the ability to 

authenticate as a valid user. Upon authentication, the user would be able to manipulate data 

sent to the 'xmlrpc.php' script which would allow for editing of other user posts. The path to 

the vulnerable version of WordPress is:\n%P 


CVE-2008-0664 





issues :\n\n - Several stability bugs leading to crashes that, in some cases, show traces of 

memory corruption\n\n - Several file input focus stealing vulnerabilities that could result in 

uploading of arbitrary files provided their full path and file names are known.\n\n - Several 

issues that allow scripts from page content to escape from their sandboxed context and/or 

run with chrome privileges, resulting in privilege escalation, XSS and/or remote code 

execution.\n\n - An issue that could allow a malicious site to inject newlines into the 

application's password store when a user saves his password, resulting in corruption of 

saved passwords for other sites.\n\n - A directory traversal vulnerability via the 'chrome:' 

URI.\n\n - A vulnerability involving 'designMode' frames that may result in web browsing 

history and forward navigation stealing.\n\n - A file action dialog tampering vulnerability 

involving timer-enabled security dialogs.\n\n - Mis-handling of locally-saved plain text 

files.\n\n - Possible disclosure of sensitive URL parameters, such as session tokens, via the 

.href property of stylesheet DOM nodes reflecting the final URI of the stylesheet after 

following any 302 redirects.\n\n - A failure to display a web forgery warning dialog in 

cases where the entire contents of a page are enclosed in a '' tag with absolute 

positioning. 


CVE-2008-0416 





Description: Synopsis :\n\nA web browser on the remote host is affected by multiple vulnerabilities. 

\n\nThe installed version of SeaMonkey is affected by various security issues :\n\n - 

Several stability bugs leading to crashes that, in some cases, show traces of memory 

corruption\n\n - Several file input focus stealing vulnerabilities that could result in 

uploading of arbitrary files provided their full path and file names are known.\n\n - Several 

issues that allow scripts from page content to escape from their sandboxed context and/or 

run with chrome privileges, resulting in privilege escalation, XSS and/or remote code 

execution.\n\n - A directory traversal vulnerability via the 'chrome:' URI.\n\n - A 

vulnerability involving 'designMode' frames that may result in web browsing history and 

forward navigation stealing.\n\n - Mis-handling of locally-saved plain text files.\n\n - 

Possible disclosure of sensitive URL parameters, such as session tokens, via the .href 

property of stylesheet DOM nodes reflecting the final URI of the stylesheet after following 

any 302 redirects. 


CVE-2008-0594 




version of Thunderbird is missing a critical patch. The vendor has released a patch that 

addresses a number of remote vulnerabilities. 


CVE-2008-0413 

Apache Tomcat < 6.0.16 Information Disclosure 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server can be manipulated into disclosing confidential 

data.\n\nThe remote host is running a version of Tomcat server lower than 6.0.16. This 

version of Tomcat is vulnerable to a flaw in the way that it handles exceptions. According 

to the vendor, if an exception occurs during the processing of parameters, the parameters 

may be used in future requests to disclose potentially confidential data. 


CVE-2007-5333 

ExtremeZ-IP Version Detection 




Description: The remote host is running ExtremeZ-IP version: %L\n\nExtremeZ-IP is a software product 

that allows for file sharing and printing between Mac and Windows machines. 

Solution: Ensure that you are running the latest version of the software. 


F5 BIG-IP Web Management Version Detection 


Description: Synopsis :\n\nThe remote web server is a web management interface.\n\nThe remote host is 

running the F5 Big-IP web management software. The reported version number is: %L 

Solution: N/A 


ExtremeZ-IP Version Detection 


RISK: 

MEDIUM 



is running ExtremeZ-IP version: %L\n\nExtremeZ-IP is a software product that allows for 

file sharing and printing between Mac and Windows machines. This version is reported to 

be vulnerable to a number of remote flaws. Specifically, the server is vulnerable to a denial 

of service attack within the Service Location Protocol (SLP) and Apple Filing Protocol 

(AFP). An attacker exploiting either of these two flaws would send malformed data to the 

service, resulting in a loss of service availability. The third flaw is a directory traversal flaw 

that would allow an attacker the ability to download certain files (those with an extension 

of gif, png, jpg, xml, ico, zip, and html) from outside the defined web directory. This can 

lead to a loss of confidential data. 

Solution: Upgrade to a version higher than 5.1.2x15. 

CVE-2008-0767 

Windows Vista Operating System Detection 


Description: The remote host is running Windows Vista. 

Solution: N/A 






Description: Synopsis :\n\nThe remote host is missing a Mac OS X update that fixes various security 

issues.\n\n The remote host is running a version of Mac OS X that is older than version 

10.5.2. Mac OS X 10.5.2 contains several security fixes for a number of programs. 


CVE-2008-0042 

WebDAV Mini Redirector Client Detection 


Description: The remote Windows client utilizes the WebDAV service via the Mini Redirector client 

software version: %L 

Solution: Ensure that you are running the latest version of WebDAV Mini Redirector. 


ClamAV < 0.92.1 Multiple Overflows 



is running ClamAV version: %L\n\nThis version of ClamAV is vulnerable to several flaws 

due to the way that it parses user-supplied input. It has been reported that there is a heap 

overflow within the 'mew.c' file. It has further been reported that there is an integer 

overflow in the 'cli_scanpe' function of the 'pe.c' file. An attacker exploiting these flaws 

would either crash the service or execute arbitrary code on the remote machine. 


CVE-2008-0318 

Apache mod_jk2 < 2.0.4 Multiple Overflows 


Description: Synopsis :\n\nThe remote host is affected by multiple buffer overflow 

vulnerabilities.\n\nThe remote host is running Apache web server with mod_jk2, a 

connector that connects a web server such as Apache. According to its banner, the version 

of mod_jk2 installed is affected by multiple buffer overflow vulnerabilities. An attacker 

may be able to exploit these vulnerabilities to cause a denial-of-service condition or execute 

arbitrary code subject to the privileges of the user running the Apache process. 


CVE-2007-6258 

WinIPDS Version Detection 




Description: The remote host is running the WinIPDS application. WinIPDS is an advanced function 

printing (AFP) and intelligent print data stream (IPDS) print server. The reported version 

is: %L 



Flash Media Server Detection 


Description: The remote host is running Adobe Flash Media Server. The reported version is: %L 

Solution: N/A 




Description: The remote host is running Adobe Flash Media Server. The reported version is: %L 

Solution: N/A 




Description: Synopsis :\n\nThe remote host is vulnerable to several remote overflows.\n\nThe remote 

host is running Adobe Flash Media Server. The reported version is: %L\n\nThis version of 

Flash Media Server is vulnerable to several flaws. There is a flaw in the way that the server 

handles RTMP messages. A specific and malformed request can cause the server to access 

memory that has already been de-allocated. Another flaw with the RTMP processing would 

allow an attacker to allocate a large buffer that would lead to a corruption of heap memory. 


CVE-2007-6431 

Kerio MailServer < 6.5.0 Multiple Vulnerabilities 




Description: Synopsis :\n\nThe remote mail server is affected by multiple vulnerabilities.\n\nThe remote 

host is running Kerio MailServer, a commercial mail server available for Windows, Linux 

and Mac OS X platforms. According to its banner, the installed version of Kerio 

MailServer is affected by several issues :\n\n - There is a possible buffer overflow in the 

Visnetic antivirus plugin.\n\n - There is an unspecified security issue with NULL DACL in 

the AVG plugin.\n\n - Memory corruption is possible during uudecode decoding. 


CVE-2008-0860 

SHOUTcast Server Service Port Default Password 


Description: Synopsis :\n\nThe remote service is protected with default credentials.\n\nThe remote 

SHOUTcast Server's service port is configured to use the default password to allow 

broadcasting content and administration. Knowing it, an attacker can gain administrative 

control of the affected application. 

Solution: Edit the application's 'sc_serv.ini' file and change the 'Password' setting. Then, restart the 

service to put the change into effect. 


BEA WebLogic Server Multiple Vulnerabilities 



is running a version of BEA WebLogic Server that is vulnerable to a number of distinct 

flaws. An attacker exploiting these flaws would be able to impact availability, 

confidentiality and integrity. The vendor has released new versions of the WebLogic 

software that address these issues. 



Now SMS/MMS Gateway Version Detection 


Description: The remote host is running the Now SMS/MMS Gateway, a commercial product for 

managing SMS/MMS messaging on a network. The reported version is: %L 

Solution: N/A 






Description: Synopsis :\n\nThe remote web server may be affected by several issues.\n\nThe version of 

Apache installed on the remote host is advertising a version older than 2.2.8. Such versions 

may be affected by several issues, including :\n\n - A cross-site scripting issue involving 

mod_imagemap (CVE-2007-5000).\n\n - A cross-site scripting issue involving 413 error 

pages via a malformed HTTP method (PR 44014 / CVE-2007-6203).\n\n - A cross-site 

scripting issue in mod_status involving the refresh parameter (CVE-2007-6388).\n\n - A 

cross-site scripting issue in mod_proxy_balancer involving the worker route and worker 

redirect string of the balancer manager (CVE-2007-6421).\n\n - A denial of service issue in 

the balancer_handler function in mod_proxy_balancer can be triggered by an authenticated 

user when a threaded Multi-Processing Module is used (CVE-2007-6422).\n\n - A 

cross-site scripting issue using UTF-7 encoding in mod_proxy_ftp exists because it does 

not define a charset (CVE-2008-0005). 


CVE-2007-6423 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host contains a web browser that is affected by several 

issues.\n\nThe version of Opera installed on the remote host is reportedly affected by 

several issues :\n\n - Simulated text input could trick users into uploading arbitrary 

files.\n\n - Image properties comments containing script will be run when displaying the 

image properties, leading to code execution in the wrong security context.\n\n - 

Representation of DOM attribute values could allow cross-site scripting when importing 

XML into a document. 


CVE-2008-1082 

sapLPD Version Detection 


Description: The remote host is running the SAP Line Printer Daemon (LPD) version: %L 

Solution: N/A 


SAPlpd < 6.29 Multiple Vulnerabilities 




Description: Synopsis :\n\nThe remote print service is affected by multiple vulnerabilities.\n\nSAPlpd, a 

component of SAP GUI, is running on the remote host. According to its version number, 

the installation of SAPlpd running on the remote host is affected by several denial of 

service and buffer overflow vulnerabilities. An unauthenticated remote attacker can 

leverage these issues to crash the affected service or to execute arbitrary code on the 

affected host subject to the privileges under which it operates. 

Solution: Upgrade to version 6.29 or higher by updating to SAP GUI for Windows version 7.10 

Patchlevel 6 / 6.30 Patchlevel 30 / 6.20 Patchlevel 72 or higher. 

CVE-2008-0621 

Now SMS/MMS Gateway Multiple Remote Overflows 


RISK: 

MEDIUM 



running the Now SMS/MMS Gateway, a commercial product for managing SMS/MMS 

messaging on a network. The reported version is: %L\n\nThis version is vulnerable to 

several remote overflows. The first affects the HTTP server (which is installed by default). 

Long HTTP authorization messages can cause the application to crash. The second 

overflow affects the SMPP server (which is not enabled by default). An attacker exploiting 

these flaws would be able to execute arbitrary code on the remote system. 

Solution: When available, apply the vendor-supplied patch. As a workaround, the administrative 

interface allows for the creation of Access Control Lists (ACLs) that restrict the machines 

that are allowed to connect to the respective services. Utilize strong ACLs to only allow 

traffic from trusted hosts. 

CVE-2008-0871 

CUPS < 1.3.6 Multiple Vulnerabilities 



to its banner, the version of CUPS installed on the remote host contains a number of flaws. 

While the details of the flaws are currently unknown, it is alleged that an attacker could 

cause the application to crash, possibly executing code. 


CVE-2008-0047 


PunBB < 1.2.17 Password Reset Information Disclosure 



Description: Synopsis :\n\nThe remote host relies on pseudo-random data within the authentication 

process.\n\nThe version of PunBB installed on the remote host is vulnerable to a password 

attack. There is a flaw in the way that PunBB generates random passwords and cookie 

seeds. An attacker exploiting this flaw would be able to run efficient brute-force attacks 

against passwords that had been recently reset. The root cause of this flaw seems to be the 

use of the PHP 'mt_rand()' function which gives, at most, 1,000,000 possible outputs. 


CVE-2008-1484 

Mobilink Monitor Client Detection 


Description: The remote host is a Sybase Mobilink Monitor client. The client is configured to monitor 

remote Sybase database servers. 

Solution: N/A 


Mobilink Monitor Server Detection 


Description: The remote host is a Sybase Mobilink Monitor server. The Sybase Mobilink Monitor is an 

application that ships with the Sybase database. The purpose of Mobilink Monitor is to 

allow external machines to monitor the different server processes from a remote machine. 

Solution: N/A 


Mobilink Monitor Server Version Detection 


Description: The remote host is a Sybase Mobilink Monitor server. The Sybase Mobilink Monitor is an 

application that ships with the Sybase database. The purpose of Mobilink Monitor is to 

allow external machines to monitor the different server processes from a remote machine. 

The reported version is: %L 

Solution: N/A 



MobiLink Server < 10.0.1 Build 3649 Multiple Remote Overflows 



Description: Synopsis :\n\nThe remote Windows host has a program that is prone to a buffer overflow 

attack.\n\nThe version of the SQL Anywhere MobiLink Server installed on the remote host 

reportedly is affected by a heap-based buffer overflow when handling strings such as the 

username, version and remote ID that are longer than 128 bytes. An unauthenticated 

attacker may be able to leverage this issue to execute arbitrary code on the affected system. 

Solution: Upgrade to SQL Anywhere 10.0.1 build 3649 or higher. 

CVE-2008-0912 

Sybase SQL Anywhere Database Version Detection 


Description: The remote host is a Sybase SQL Anywhere database server. The reported version is: %L 

Solution: N/A 


OSSIM Version Detection 


Description: The remote host is running the Open Source Security Information Management (OSSIM) 

server. This security software is used for managing security data and tasks. The software is 

available via the following URI: '%P' and the reported version is OSSIM %L 

Solution: N/A 

OSSIM < 



RISK: 

MEDIUM 



multiple flaws.\n\nThe remote host is running OSSIM (Open Source Security Information 

Management), a suite of security tools managed by a web-based front-end. The version of 

OSSIM installed on the remote host fails to sanitize user input to the 'dest' parameter of the 

'session/login.php' script before using it to generate dynamic HTML output. An 

unauthenticated attacker can exploit this to inject arbitrary HTML and script code into a 

user's browser to be executed within the security context of the affected site. In addition, 

there is a SQL injection flaw within the 'modifyportform.php' script. An attacker exploiting 

this flaw would need the ability to authenticate to the application. 


CVE-2008-0920 



ListManager < 9.3b / 9.2c / 8.95d Multiple Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server is affected by multiple vulnerabilities.\n\nThe remote 

host is running ListManager, a web-based commercial mailing list management application 

from Lyris. According to its banner, the version of ListManager installed on the remote 

host relies on client-side code to validate unspecified form parameters before processing 

them. An attacker who is subscribed to a list managed by the affected application can 

reportedly leverage this issue to elevate his privileges to list administrator or gain access to 

arbitrary mailing lists. In addition, once administrative access has been granted, another 

vulnerability in ListManager's administrative interface allows creation of new accounts that 

collide with existing accounts, which results in overwriting data in the existing accounts. 

Solution: Upgrade to version 9.3b / 9.2c / 8.95d or higher. 

CVE-2007-6319 









keyloggers\nIdentify theft \nThe observed request that was sent to the control bot was '%L' 

realtime 











systems\ninstalling sniffers\ninstalling keyloggers\nidentify theft\nThe observed bot client 

request was '%P' and the response from the server was '%L' 

realtime 






H-Sphere Multiple Unspecified Vulnerabilities 



remote host is running H-Sphere, a web-based management console for managed service 

providers. This version of H-Sphere is vulnerable to a number of flaws that, while not fully 

disclosed, have been acknowledged and patched by the vendor. 


CVE-2008-1049 

ActivePDF Server Detection 


Description: The remote host is running an ActivePDF server. ActivePDF is an application server 

that converts different file formats to PDF. 

Solution: N/A 


ICQ 6 Version Detection 


Description: The remote host is an ICQ client. ICQ is a messaging software that is used for chat, file 

exchange and more. The reported build number is: %L 

Solution: N/A 



ICQ 6 HTML Code Generation Remote Format String 



host is an ICQ client. ICQ is a messaging software that is used for chat, file exchange and 

more. The reported build number is: %L\nThis version is reported to be vulnerable to a 

remote format string overflow. An attacker exploiting this flaw would need to be able to 

convince a user to open a specially formatted message. Successful exploitation would result 

in the attacker executing arbitrary code on the target machine. 


Solution: Upgrade to version 6 build 6043 or higher. 

CVE-2008-1120 

Sony Playstation Version Detection 


Description: The remote host is a Sony Playstation gaming system. The reported version is: %L 

Solution: N/A 


PHPMyAdmin < 2.11.5 SQL Injection 


RISK: 

MEDIUM 




version of phpMyAdmin is vulnerable to a SQL injection attack via the '$_REQUEST' 

variable. An attacker exploiting this flaw would need to send a specially formatted cookie 

containing the attacker's SQL commands. An attacker exploiting this flaw would be able to 

execute arbitrary SQL commands on the database server utilized by phpMyAdmin. 


CVE-2008-1149 

Eye-Fi Version Detection 


Description: The remote host is running Eye-Fi, a wireless card and software, that allows users to upload 

photos from their wireless devices directly to the web. The reported version of Eye-Fi is: 

%L 



WebSphere MQ Server Detection 



Description: The remote host is running the WebSphere MQ software. WebSphere MQ (formerly 

MQSeries) is an IBM middleware solution that allows different applications and 

platforms to communicate with each other. 


Solution: Ensure that you are running the latest version of WebSphere MQ. 


WebSphere MQ Server Detection 


Description: The remote host is running the WebSphere MQ software. WebSphere MQ (formerly 

MQSeries) is an IBM middleware solution that allows different applications and 

platforms to communicate with each other. 

Solution: Ensure that you are running the latest version of WebSphere MQ. 


Lighttpd < 1.4.19 Information Disclosure 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server can be manipulated to disclose source code.\n\nThe 

remote host is running Lighttpd, a small web server. This version of Lighttpd is vulnerable 

to an information disclosure flaw. The 'mod_cgi' module, when put under a considerable 

load, could fail to fork its process. Such a failure would lead to the web server returning the 

source code of the CGI script that had been requested. An attacker exploiting this flaw 

would be able to gain access to potentially confidential data. 


CVE-2008-1111 

Borland StarTeam Server Detection 


Description: Synopsis :\n\nA software configuration management (SCM) service is listening on the 

remote host.\n\nThe remote host is running a Borland StarTeam Server. StarTeam is a 

commercial software configuration and change management tool. The reported build 

number is: %L 



Perforce Server Version Detection 




Description: The remote host is running Perforce server, an application for sharing data between 

machines. The reported build number is: %L 



Perforce Client Detection 


Description: The remote host is running Perforce client, an application for sharing data between 

machines. 



Perforce Proxy Server Detection 


Description: The remote host is running Perforce proxy server. Perforce is an application that is used to 

share files between machines. The Perforce suite of products includes a proxy server. This 

server is used for remote clients that cannot connect to the default Perforce server port. 



Versant Object Database Version Detection 


Description: The remote host is running the Versant Object Database version: %L 

Solution: Ensure that you are running the latest version of Versant. 


IBM Rational Clearquest Server Detection 


Description: The remote host is running IBM Rational Clearquest software. Clearquest is a product 

that is used for managing software projects. 

Solution: Ensure that you are running the latest version of IBM Rational Clearquest. 




Altiris AClient < 6.9.164 Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote Windows host has a program that is affected by multiple 

privilege escalation vulnerabilities.\n\nThe version of the Altiris Client Agent (aclient) 

installed on the remote host is reportedly susceptible to a shatter attack that could allow a 

local user to elevate his or her privileges on the affected system. 


CVE-2008-1754 

phpList < 2.10.9 Multiple Remote File Inclusion 


Description: Synopsis : \n\nThe remote web server contains a PHP application that is susceptible to 

multiple remote file inclusion attacks.\n\nThe version of phpList installed on the remote 

host fails to filter user input to the '_SERVER[ConfigFile]' and '_ENV[CONFIG]' 

parameters of the 'admin/index.php' script before passing it to PHP 'include()' functions. 

Provided PHP's 'register_globals' setting is disabled, an unauthenticated attacker can exploit 

this issue to view arbitrary files on the remote host or to execute arbitrary PHP code, 

possibly taken from third-party hosts. The reported version of phpList is: \n %L 



Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031) 


Description: Synopsis :\n\nArbitrary code can be executed on the remote host through the email 

client.\n\nThe remote host is running a version of Outlook or Exchange that is vulnerable to 

a bug when processing a specially malformed URI mailto: link, which can let an attacker 

execute arbitrary code on the remote host by sending a specially crafted email.\nIAVA 

Reference : 2008-A-0012\nSTIG Finding Severity : Category II 

Solution: Microsoft has released a set of patches for Outlook 2000, XP, 2003 and 2007. 

SSF Server Detection 

CVE-2008-0110 



Description: Synopsis :\n\nThe remote version of the SSH server is no longer maintained.\n\nAccording 

to its banner, the remote SSH server is a SSF derivative. SSF had been written to be 

compliant with restrictive laws on cryptography in some European countries. These 

regulations have been softened and OpenSSH received a formal authorization from the 


French administration in 2002 and the development of SSF has been discontinued. SSF is 

based upon an old version of OpenSSH and it implements an old version of the protocol. 

As it is no longer maintained, it might be vulnerable to dangerous flaws. 

Solution: Remove SSF and install an up-to-date version of OpenSSH. 


Informix Dynamic Server Multiple Remote Overflows 



is running the Informix database server version '%L'.\nThis version of Informix is reported 

to be vulnerable to a number of remote flaws. While the details of the flaw are currently 

unknown, it is believed that a successful attack would result in the attacker overflowing a 

memory buffer and either executing arbitrary code or crashing the service. 


CVE-2008-0949 

IBM WebSphere Application Server < 6.1.0.15 Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote application server is affected by multiple vulnerabilities.\n\nIBM 

WebSphere Application Server 6.1 before Fix Pack 15 appears to be running on the remote 

host. Such versions are reportedly affected by the following vulnerabilities :\n\n - There is 

an unspecified security exposure in wsadmin (PK45726).\n\n - Sensitive information might 

appear in clear text in the http_plugin.log file (PK48785).\n\n - There is an unspecified 

potential security exposure in the 'PropFilePasswordEncoder' utility (PK52709).\n\n - There 

is an unspecified potential security exposure with 'serveServletsByClassnameEnabled' 

(PK52059).\n\n - Sensitive information may appear in plain text in startserver.log 

(PK53198). 

Solution: Apply Fix Pack 15 (6.1.0.15) or higher. 


Apple iPhone < 1.1.4 Detection 


PVS ID: 4425 FAMILY: Mobile Devices RISK: HIGH NESSUS ID:Not Available 


remote host is an Apple iPhone. This version of iPhone is vulnerable to a flaw in the way 

that the Safari browser handles memory. Specifically, when all memory has been utilized 

by the browser, it will attempt to close all inactive documents. In the process of closing 

these documents, a kernel panic and ensuing crash occurs. An attacker exploiting this flaw 

would need to be able to entice an iPhone user to browse to a malicious web server. 

Successful exploitation would result in the device crashing. 


Solution: Upgrade the iPhone software to version 1.1.4 or higher. 

CVE-2008-0729 

KiSS PC-Link Server Detection (TCP) 

PVS ID: 4426 FAMILY: Policy RISK: INFO NESSUS ID:31464 

Description: Synopsis :\n\nA multimedia streaming service is listening on the remote host.\n\nThe 

remote service is a PC-Link server, used for streaming videos, music, and pictures to a 

KiSS player. The observed request was '%P'\nThe observed response of files being shared 

on the remote server was:\n %L 

Solution: Ensure that use of this software is in accordance with your corporate security policy. If this 

service is unwanted or not needed, disable it or filter incoming traffic to this port. 


KiSS PC-Link Server Detection (UDP) 


RISK: 

MEDIUM 


Description: Synopsis :\n\nA multimedia streaming service is listening on the remote host.\n\nThe 

remote service is a PC-Link server, used for streaming videos, music, and pictures to a 

KiSS player, and this port is used by a player when searching for a PC-Link server. 


service is unwanted or not needed, disable it or filter incoming traffic to this port. 


KiSS PC-Link Client Detection 


Description: Synopsis :\n\nA multimedia client is active on the remote host.\n\nThe remote computer is 

running a PC-Link client, used for receiving streaming videos, music, and pictures from a 

KiSS server. 


service is unwanted or not needed, disable it or filter outbound traffic. 



VLC Media Player < 0.8.6f Multiple Vulnerabilities 



Description: Synopsis :\n\nThe remote Windows host contains a media player that is affected by several 

vulnerabilities.\n\nThe version of VLC Media Player installed on the remote host is 

reportedly affected by several security issues :\n\n - A subtitle buffer overflow 

(CVE-2007-6681).\n - A Real RTSP code execution problem (CVE-2008-0073).\n - MP4 

integer overflows (CVE-2008-1489).\n - A cinepak integer overflow. 

Solution: Upgrade to version 0.8.6f or higher. 

CVE-2007-6682 

VLC Media Player Detection 


Description: The remote host is running the VLC Media Player version %L. VLC is a multimedia player 

that is used to view movies or listen to audio. 

Solution: Ensure that such usage is in alignment with corporate policies and guidelines. 

NetWin SurgeMail < 




running NetWin SurgeMail, a mail server application. The remote version of this software 

is vulnerable to a remote buffer overflow in its IMAP component and exploit code was 

released. Specifically, a malformed 'LIST' command can cause the application to fail, 

possibly executing arbitrary code. An attacker exploiting this flaw would need the ability to 

authenticate as a valid user. 

Solution: Upgrade to a version higher than 3.8k4-4. 

CVE-2008-1497 

F-Secure Multiple Products Unspecified Code Execution 



running the F-Secure antivirus software package. This version of F-Secure is vulnerable to 

a content-parsing flaw in the way that it handles malformed files. An attacker exploiting 

these flaws would be able to crash the remote firewall/antivirus software or possibly 



CVE-2008-1412 



Check for Windows Update Traffic 


Description: The remote host is enabled and utilizing Microsoft Windows Update. This service 

allows users to check for missing updates and initiate remediation via the Microsoft 

update site. Depending on your individual policy, this may or may not be a desirable 

action. 

Solution: Ensure that Windows Update utilization is a valid use of company resources. 


Mac OS X Safari < 3.1 Multiple Vulnerabilities 


Description: Synopsis : \n\nThe remote host web browser is affected by multiple vulnerabilities.\n\nThe 

remote Mac OS X host is running a version of Safari that is older than version 3.1. The 

remote version of this software contains several security vulnerabilities that may allow an 

attacker to execute arbitrary code or a cross-site scripting attack on the remote host. To 

exploit these flaws, an attacker would need to convince a victim to visit a rogue web site or 

open a malicious HTML file. The exact version number that PVS observed was: \n %L 


CVE-2008-0050 

Mac OS X Version Detection 


Description: The remote host is running Mac OS X version: '%L' 

Solution: N/A 

cPanel < 




RISK: 

MEDIUM 



attacks.\n\nThe remote host is running cPanel, a web-hosting control panel. The remote 

version of this software is vulnerable to an information disclosure flaw. Specifically, the 

'showtree' parameter of the 'frontend/x/diskusage/index.html' script fails to sanitize 

user-supplied data. An attacker exploiting this flaw would be able to gain information 

regarding the programs and files utilized by the server. This information may be useful in 

more sophisticated attacks. 



AFP Server Detection 

CVE-2008-7142 


Description: The remote host is an AFP Server. Apple Filing Protocol (AFP) is a service that allows 

network-based file sharing between machines. The server supports AFP version %P. 

Solution: Ensure that this file server is authorized and configured correctly. 

AFP Server Detection 



Description: The remote host is an AFP Server. Apple Filing Protocol (AFP) is a service that allows 

network-based file sharing between machines. The server supports AFP protocol 

versions\n%L. 

Solution: Ensure that this file server is authorized and configured correctly. 

AFP Client Detection 



Description: The remote host is an AFP Client. Apple Filing Protocol (AFP) is a service that allows 

network-based file sharing between machines. The client is using AFP protocol version %L 

Solution: N/A 








are remotely controlled by a malicious bot Administrator. Botnets are commonly used 


networks\nscanning and compromising new systems\ninstalling sniffers\ninstalling 

keyloggers\nidentify theft \n\nThe observed request that was sent to the control bot was 

'%P' and the observed response from the infected botnet client was '%L' 


ealtime 







program.\n\nThe remote host appears to be running a machine that is a server within a 

botnet network. A botnet is a network of compromised computers that are remotely 

controlled by a malicious bot administrator. Botnets are commonly used for\nsending 

spam\nrunning Denial of Service (DoS) attacks against other networks\nscanning and 

compromising new systems\ninstalling sniffers\ninstalling keyloggers\nidentify theft 

\n\nThe observed command being sent from the server was '%L' 

realtime 











networks\nscanning and compromising new systems\ninstalling sniffers\ninstalling 

keyloggers\nidentify theft\nThe observed command was '%P'\n 

realtime 



Orb Client Detection 





Description: The remote host is running the Orb streaming media client. Orb is a multimedia client that 

is used to stream multimedia to a variety of devices. The user account and software version 

information is '%L' 






buffer overflows.\n\n According to its banner, the version of PHP installed on the remote 

host is older than 5.2.0. Such versions may be affected by several buffer overflows. To 

exploit these issues, an attacker would need the ability to upload an arbitrary PHP script to 

the remote server, or to be able to manipulate several variables processed by some PHP 

functions such as htmlentities(). The reported version of PHP is: \n %L 



SMTP Sender Policy Framework (SPF) Enabled 


Description: Synopsis :\n\nThe remote domain name has SPF in place.\n\nThe remote domain name has 

SPF (Sender Policy Framework) in place. This mechanism is a way to let a mail server 

know which mail servers are authorized to send emails on behalf of your domain. 

Solution: N/A 





version of Thunderbird is missing a critical patch. The vendor has released a patch that 

addresses a number of remote vulnerabilities. 


CVE-2008-1241 







issues :\n\n - A series of vulnerabilities that allow for JavaScript privilege escalation and 

arbitrary code execution.\n - Several stability bugs leading to crashes that, in some cases, 

show traces of memory corruption.\n - An HTTP Referer spoofing issue with malformed 

URLs.\n - A privacy issue with SSL client authentication.\n - Web content fetched via the 

'jar:' protocol can use Java via LiveConnect to open socket connections to arbitrary ports on 

the localhost.\n - It is possible to have a background tab create a borderless XUL pop-up in 

front of the active tab in the user's browser. 


CVE-2008-1241 



Description: Synopsis :\n\nA web browser on the remote host is affected by multiple 

vulnerabilities.\n\nThe installed version of SeaMonkey is affected by various security 

issues :\n - A series of vulnerabilities that allow for JavaScript privilege escalation and 


show traces of memory corruption.\n - An HTTP Referer spoofing issue with malformed 

URLs.\n - A privacy issue with SSL client authentication.\n - Web content fetched via the 

'jar:' protocol can use Java via LiveConnect to open socket connections to arbitrary ports on 

the localhost.\n - It is possible to have a background tab create a borderless XUL pop-up in 

front of the active tab in the user's browser. 


CVE-2008-0416 

IBM Solid Database Version Detection 


Description: The remote host is running Solid Database version: '%L' 

Solution: Ensure that you are running the latest version of Solid Database. 


IBM Solid Database Version Detection 



Description: The remote host is running Solid Database version: '%L' 

Solution: Ensure that you are running the latest version of Solid Database. 



GnuPG < 1.4.9 / 2.0.9 Key Import Duplicate ID Memory Corruption 



remote host is running GnuPG. The version of GnuPG is: \n %L \nThis version is 

vulnerable to a memory corruption flaw when handling duplicate IDs from a public key 

server. 


CVE-2008-1530 

X2 Thin Client Server Detection 


Description: The remote host is an X2 thin client server. 

Solution: N/A 


X2 Thin Client Server Detection 


Description: The remote host is an X2 thin client server. 

Solution: N/A 


Sympa < 5.4 Content-Type Header Remote DoS 


RISK: 

MEDIUM 



remote host is running Sympa, a mailing list manager. This version of Sympa is reported to 

be vulnerable to a Denial-of-Service flaw stemming from an inability to properly parse 

user-supplied 'Content-Type' headers. An attacker exploiting this flaw would send a 

malformed request to the server, causing the service to fail. 


CVE-2008-1648 

Sympa Application Detection 




Description: The remote host is running Sympa, an open-source mailing list software application. The 

reported version number is '%L' 

Solution: N/A 




Description: Synopsis :\n\nThe remote printer service is affected by multiple 

vulnerabilities.\n\nAccording to its banner, the version of CUPS installed on the remote 

host is affected by several issues :\n\n - A buffer overflow in 'cgiCompileSearch' that can 

lead to arbitrary code execution (STR #2729).\n - A GIF image filter overflow involving 

'code_size' value from a user-supplied GIF image used in 'gif_read_lzw' (STR #2765).\n - 

A temporary file with Samba credentials may be left behind by cupsaddsmb if no Windows 

drivers were installed (STR #2779). 


CVE-2008-1373 




issues.\n\nThe version of Opera installed on the remote host reportedly is affected by 

several issues :\n\n - Resized canvas patterns can lead to a program crash with possible 

memory corruption.\n - A newsfeed prompt can cause Opera to execute arbitrary code.\n - 

Improved keyboard handling of password inputs. 


CVE-2008-1762 





multiple vulnerabilities.\n\nThe version of QuickTime installed on the remote Windows 

host is older than 7.4.5. Such versions contain several vulnerabilities : \n\n - Untrusted Java 

applets may obtain elevated privileges (CVE-2008-1013).\n - Downloading a movie file 

may lead to information disclosure (CVE-2008-1014).\n - Viewing a specially-crafted 

movie file may lead to a program crash or arbitrary code execution (CVE-2008-1015, 

CVE-2008-1016, CVE-2008-1017, CVE-2008-1018, CVE-2008-1021, CVE-2008-1022).\n 

- Opening a specially-crafted PICT image file may lead to a program crash or arbitrary 


code execution (CVE-2008-1019, CVE-2008-1020, CVE-2008-1023). The remote client is 

running QuickTime version: \n %L 


CVE-2008-1023 

OpenSSH < 5.0 X11 Forwarding Local Session Hijacking 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote SSH service is prone to an X11 session hijacking 

vulnerability.\n\nAccording to its banner, the version of SSH installed on the remote host is 

older than 5.0. Such versions may allow a local user to hijack X11 sessions because it 

improperly binds TCP ports on the local IPv6 interface if the corresponding ports on the 

IPv4 interface are in use. The reported version of SSH is: \n %L 


CVE-2008-1483 

Apache-SSL Environment Variables Manipulation 


Description: Synopsis :\n\nThe remote web server is prone to a memory disclosure / privilege escalation 

attack.\n\nAccording to its banner, the version of Apache-SSL installed on the remote host 

is older than apache_1.3.41+ssl_1.59. Such versions fail to properly sanitize certificate data 

before using it to populate environment variables. By sending a client certificate with 

special characters for the subject, a remote attacker can overwrite certain environment 

variables used by the web server, resulting in memory disclosure or potential privilege 

escalation in a web application. 

Solution: Upgrade to apache_1.3.41+ssl_1.59 or higher. 

CVE-2008-0555 


Flash Player < 9.0.124.0 APSB08-11 Multiple Vulnerabilities 



multiple issues.\n\nAccording to its version number ('%L'), the instance of Flash Player on 

the remote Windows host is affected by multiple issues, including several that could allow 

for arbitrary code execution.\nIAVB Reference : 2008-B-0011\nSTIG Finding Severity : 

Category II 



CVE-2008-1655 

TIBCO Rendezvous < 8.0.1 Remote Overflow 



running the TIBCO Rendezvous web server. Rendezvous is part of the TIBCO messaging 

suite that facilitates network-based communication. This version of Rendezvous ( %L ) is 


execute arbitrary code on the remote Rendezvous server. 


CVE-2008-1704 

Openfire < 3.5.0 Queue Handling Remote DoS 


Description: Synopsis :\n\nThe remote host contains an application that is prone to a denial of service 

attack.\n\nThe remote host is running Openfire / Wildfire, an instant messaging server that 

supports the XMPP protocol. According to its version, the installation of Openfire or 

Wildfire on the remote host suffers from an unspecified denial of service vulnerability that 

could bring the server down. 


CVE-2008-1728 

Coppermine Photo Gallery < 1.4.18 Bridge Wizard Cookie SQL Injection 


Description: Synopsis :\n\nThe remote web server contains a PHP application that is prone to a SQL 

injection attack.\n\nThe version of Coppermine installed on the remote host fails to sanitize 

user-supplied input to the bridge wizard session cookie before using it in a database query 

in 'bridge/coppermine.inc.php'. Regardless of PHP's 'magic_quotes_gpc' setting, an attacker 

may be able to exploit this issue to manipulate database queries, leading to disclosure of 

sensitive information, bypassing authentication, or attacks against the underlying database. 


CVE-2008-1841 

ClamAV < 0.93.0 Multiple Overflows 





is running ClamAV version: %L\n\nThis version of ClamAV is vulnerable to several flaws 

due to the way that it parses user-supplied input. It has been reported that there is a heap 

overflow within the 'libclamav/pe.c' file. An attacker exploiting these flaws would either 

crash the service or execute arbitrary code on the remote machine. 


CVE-2008-1837 

OTRS < 2.1.8 / 2.2.6 SOAP Interface Authentication Bypass 


Description: Synopsis :\n\nThe remote web server contains a CGI script that does not properly check for 

authentication.\n\nThe remote host is running OTRS, a web-based ticketing request system. 

The version of OTRS, '%L', installed on the remote host allows a remote attacker to read 

and modify objects via the OTRS SOAP interface without any credentials. 


CVE-2008-1515 

MarketFirst Software Detection 


Description: The remote host is running the MarketFirst marketing application. This application is used 

to track downloads, users, preferences and more. The observed request to this server 

was:\n%P 

Solution: Ensure that this service is authorized according to policies and guidelines. 


MarketFirst Client Detection 


Description: The remote client was just observed being tracked by a MarketFirst server. The observed 

request was: \n %L \n\nMarketFirst is used to track downloads, users, preferences and 

more. 

Solution: N/A 





RISK: 

MEDIUM 





realtime 



Malicious Website - Embedded Iframe Detection 


Description: Synopsis :\n\nThe remote web server may have had malicious code injected.\n\nThe remote 

web server may have been infected with a malicious 'IFRAME' tag. These tags usually 

point to a malicious site that is hosting code designed to subvert the security of the client 

machine. The observed iframe was '%L' 

Solution: Ensure that the server is not serving malicious or injected IFRAME tags. 


Malware Payload Code Detection 


Description: Synopsis :\n\nThe remote service appears to be distributing the payload of malware 

code.\n\nThe remote port seems to be sending the payload of a malware. This is used by 

malware when spreading by infecting other hosts. The system is probably infected by a 

worm or a Trojan horse. 

Solution: Inspect the system for malicious code and follow appropriate incident response procedures. 


Safari < 3.1.1 PCRE Nested Repetition Count Overflow 


RISK: 

MEDIUM 



running a version of Apple Safari that is less than 3.1.1. The reported version is 

'%L'\n\nThis version of Safari is vulnerable to a remote exploit. An attacker exploiting this 

flaw would need to be able to entice a user to browse to a malicious URI and further entice 

the user to download a file. Successful exploitation would result in the attacker executing 

arbitary code. In addition, this version of Safari is running a version of AppleWebKit that is 

less than 525.18. There are a number of flaws associated with that version of AppleWebKit 

as well. 




CVE-2008-1024 

Firefox < 2.0.0.14 Javascript Garbage Collection DoS 


Description: Synopsis :\n\nThe remote Windows host contains a web browser that may allow arbitrary 

code execution.\n\nThe installed version of Firefox contains a stability problem that could 

result in a crash during Javascript garbage collection. Although there are no examples of 

this extending beyond a crash, similar issues in the past have been shown to allow arbitrary 

code execution. 


CVE-2008-1380 

OpenOffice < 2.4 Multiple Vulnerabilities 



vulnerabilities.\n\nThe version of OpenOffice installed on the remote host is reportedly 

affected by several issues :\n\n - Heap overflow and arbitrary code execution vulnerabilities 

involving ODF text documents with XForms (CVE-2007-4770/4771).\n - Heap overflow 

and arbitrary code execution vulnerabilities involving Quattro Pro files 

(CVE-2007-5745/5747).\n - Heap overflow and arbitrary code execution vulnerabilities 

involving EMF files (CVE-2007-5746).\n - Heap overflow and arbitrary code execution 

vulnerabilities involving OLE files (CVE-2008-0320). 


CVE-2008-0320 

phpBB < 3.0.1 Multiple Information Disclosure Vulnerabilities 




phpBB that is vulnerable to several flaws. An attacker exploiting these flaws 

would need the ability to authenticate as a valid user. Successful exploitation 

would allow the user to view user lists and email attachments of other users. 


CVE-2008-1766 

Trojan Horse Client Detection 





program.\n\nThe remote client appears to be infected by a Trojan horse. PVS had 

determined this based on the outbound connections recently made to control servers. 

Solution: Manually check system integrity and remove any malicious code or processes that may 

reside on the system. 






determined this based on the outbound connections recently made to control servers. PVS 

just observed the host attempting to connect to importtrenz -dot- com. 





































WordPress < 




sensitive files or data.\n\nThe version of WordPress installed on the remote host is 

vulnerable to a directory traversal attack. An attacker exploiting this flaw would send 

malformed data to the 'cat' parameter of the 'index.php' script. Successful 

exploitation would result in the attacker gaining access to confidential files on the 

target server. The path to the vulnerable version of WordPress is:\n%P 


eTrust Proxy Detection 

CVE-2008-4769 


Description: The remote host is running the eTrust Secure Content Manager proxy. 

Solution: N/A 


CA eTrust SCM Plaintext Login Detection 




RISK: 

MEDIUM 



manner.\n\nThe remote host is running the CA eTrust SCM application. The administrative 

interface is enabled on this host. Further, PVS has just observed a client logging in with 

plaintext credentials. Confidential data, such as administrative passwords, should always be 

passed over encrypted or secured channels. The observed user account was\n%P 

Solution: Force the use of encryption during login and all administrative functions. 


eTrust SCM SMTP Version Detection 


Description: The remote host is running the eTrust SCM SMTP notification service. This service is used 

to notify administrators when new software or signature updates have been made available. 

The reported version is: \n %L 

Solution: N/A 


ePOclient Version Detection 


Description: The remote host is running the McAfee ePOclient version: \n %L 



Malicious Website - Embedded Javascript Detection 


Description: Synopsis :\n\nThe remote web server may have had malicious code injected.\n\nThe remote 

web server may have been infected with a malicious script tag. These tags usually point to a 

malicious site that is hosting code designed to subvert the security of the client machine. 

The observed Javascript was '%L' 

Solution: Ensure that the server is not serving malicious or injected script tags. 



WordPress < 2.5.1 Crafted Cookie Authentication Bypass 



Description: Synopsis :\n\nThe remote host is vulnerable to a flaw that allows authenticated users to 

gain administrative access.\n\nThe version of WordPress installed on the remote host is 

vulnerable to a flaw in the way that it handles cookies. Specifically, an attacker with the 

ability to create specific accounts would be able to use the flaw in the cookie handler to 

gain administrative access to the application. The path to the vulnerable WordPress 

application is:\n%P 


CVE-2008-1930 

WebGUI < 7.4.35 Data Form List View Unspecified Vulnerability 



remote host is running WebGUI, a content management framework. The remote version of 

this software is vulnerable to an unspecified flaw. While the details of the flaw are 

currently unknown, the vendor has released a fix. 


CVE-2008-2077 

Sun Directory Version Detection 


Description: The remote host is running Sun Directory version: \n %L 



Sun Directory < 6.3 bind-dn Remote Privilege Escalation 



bypassing of authentication.\n\nThe remote host is running Sun Directory 

version: \n %L \n\nThis version is vulnerable to a flaw in the way that it 

handles the 'bind-dn' parameter from a client. This may allow an attacker to 

gain administrative access. 


CVE-2008-1995 

eTrust SCM SMTP Version Detection 




Description: The remote host is running the eTrust SCM SMTP notification service. This service is used 

to notify administrators when new software or signature updates have been made available. 

The reported version(s) of the antivirus signatures is: \n %L 

Solution: N/A 




Description: Synopsis :\n\nThe remote web server uses a version of PHP that is affected by 

multiple flaws.\n\nAccording to its banner ('%L'), the version of PHP installed 

on the remote host is older than 5.2.6. Such versions may be affected by the 

following issues :\n\n - A stack buffer overflow in FastCGI SAPI.\n - An integer 

overflow in printf().\n - An unspecified security issue tracked by 

CVE-2008-0599.\n - A safe_mode bypass in cURL.\n - Incomplete handling of 

multibyte chars inside escapeshellcmd().\n - Issues in the bundled PCRE fixed 

by version 7.6. 


CVE-2008-0599 

SAP MaxDB Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote database server is affected by multiple issues.\n\nThe remote 

host is running MaxDB, a database server from SAP. According to its version, the remote 

server is affected by multiple flaws.\n \n - A vulnerability in the 'vserver' process could 

allow an unauthenticated attacker to execute arbitrary code, subject to the privileges of the 

user under which the process operates. In order to successfully exploit this issue, an 

attacker must have prior knowledge of an active database name on the server.\n - A design 

error in 'sdbstarter' could allow an attacker to elevate his privileges to root level.\n - A 

vulnerability in cons.exe could allow command execution before authenticating to the 

database server. 

Solution: Upgrade to SAP MaxDB 7.7.04 Build 08 / 7.7.03 Build 23 / 7.7.02 Build 20 / 7.6.05 Build 

02 / 7.6.04 Build 06 / 7.6.03 Build 15 / 7.5.00 Build 48 or higher. 

CVE-2008-0307 

Novell eDirectory Version Detection 




Description: The remote host is running the Novell eDirectory LDAP server. The reported version is: \n 

%L 

Solution: Ensure that you are using the latest version of the software. 


LDAP Version Detection 


Description: The remote host is running a Lightweight Directory Access Protocol (LDAP) server. LDAP 

is a directory service that can be queried or modified remotely. The reported name/version 

is: \n %L 

Solution: Ensure that you are using the latest version of the software. 





vulnerabilities.\n\nThe installed version of Thunderbird is affected by various security 

issues :\n\n - A series of vulnerabilities that allow for JavaScript privilege escalation and 


show traces of memory corruption. 


CVE-2008-1237 

MySQL 4.1 < 4.1.24 MyISAM Table Privilege Check Bypass 


Description: Synopsis :\n\nThe remote database server allows a local user to circumvent 

privileges.\n\nThe version of MySQL installed on the remote host reportedly allows a local 

user to circumvent privileges through creation of MyISAM tables using the 'DATA 

DIRECTORY' and 'INDEX DIRECTORY' options to overwrite existing table files in the 

application's data directory. 


CVE-2008-2079 


MySQL Enterprise Server 5.0 < 5.0.60 MyISAM Table Privilege Check Bypass 



Description: Synopsis :\n\nThe remote database server allows a local user to circumvent 

privileges.\n\nThe version of MySQL Enterprise Server installed on the remote host 

reportedly allows a local user to circumvent privileges through creation of MyISAM tables 

using the 'DATA DIRECTORY' and 'INDEX DIRECTORY' options to overwrite existing 

table files in the application's data directory. 


CVE-2008-2079 

Possible Keylogger Software Installation Detection 


Description: The remote host appears to be running a keyboard logger. This software is used to capture 

screenshots, passwords, websites viewed and more. 



Apache Tomcat Sample App cal2.jsp time Parameter XSS (CVE-2009-0781) 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a cross-site scripting (XSS) attack\n\nThe 

remote web server includes an example JSP application, 'cal2.jsp' that fails to sanitize 

user-supplied input before using it to generate dynamic content. An unauthenticated remote 

attacker may be able to leverage this issue to inject arbitrary HTML or script code into a 

user's browser to be executed within the security context of the affected site. The affected 

application can be accessed via the following URI:\n%P\n 

Solution: Either undeploy the Tomcat examples web application, apply the appropriate patch 

referenced in the vendor advisory, or upgrade to Tomcat 6.0.19 / 5.5.28 / 4.1.40 when 

available. 

CVE-2009-0781 


Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (951208) 



Publisher.\n\nThe remote host is running a version of Microsoft Publisher which is subject 

to a flaw which may allow arbitrary code to be run. An attacker may use this to execute 

arbitrary code on this host. To succeed, the attacker would have to send a rogue file to a 

user of the remote computer and have it open it. Then a bug in the font parsing handler 

would result in code execution.\nIAVA Reference : 2008-A-0029\nSTIG Finding Severity : 

Category II 


Solution: Microsoft has released a set of patches for Publisher 2000, XP, 2003 and 2007: 

CVE-2008-0119 

Windows Defender Client Detection 


Description: The remote host is running the Microsoft Defender software. Defender is used to protect 

the local system from malware. 

Solution: Ensure that you are running the latest version of this software 


Altiris Deployment Solution < 6.9.176 Multiple Vulnerabilities 



vulnerabilities.\n\nThe version of the Altiris Deployment Solution installed on the remote 

host reportedly is affected by several issues :\n\n - A SQL injection vulnerability that could 

allow a user to run arbitrary code\n - A remote attacker may be able to obtain encrypted 

Altiris Deployment Solution domain credentials without authentication.\n - A local user 

could access a privileged command prompt via the Agent's user interface.\n - A local user 

could leverage a GUI tooltip to access a privileged command prompt.\n - A local user can 

modify or delete several registry keys used by the application, resulting in unauthorized 

access to system information or disruption of service.\n - A local user with access to the 

install directory of Deployment Solution could replace application components, which 

might then run with administrative privileges on an affected system. 

Solution: Upgrade to Altiris Deployment Solution 6.9.176 or later and update Agents. 

CVE-2008-2291 

Cross-Domain Policy File (crossdomain.xml) Detection 


Description: Synopsis :\n\nThe remote web server contains a 'crossdomain.xml' file.\n\nThe remote web 

server contains a cross-domain policy file. This is a simple XML file used by Adobe's Flash 

Player to allow access to data that resides outside the exact web domain from which a Flash 

movie file originated. The file resides on the webserver in the following directory: %P 

Solution: Review the contents of the policy file carefully. Improper policies, especially an 

unrestricted one with just '*', could allow for cross-site request forgery and cross-site 

scripting attacks against the web server. 




Mantis Cross-Site Request Forgery Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server contains a PHP application that is affected by 

multiple cross-site request forgery vulnerabilities.\n\nThe version of Mantis Bug Tracker 

installed on the remote host does not verify the validity of HTTP requests before 

performing various administrative actions. If a remote attacker can trick a logged-in 

administrator into viewing a specially-crafted page, he can leverage this issue to launch 

cross-site request forgery attacks against the affected application, such as creating 

additional users with administrator privileges. The reported version is: \n %L 

Solution: Upgrade to Mantis 1.2.0a1 or later. 


SUN Java System Application Server Version Detection 


Description: The remote host is running the SUN Java system application server. The version is: '%L' 

Solution: N/A 


JSP information disclosure in Sun Java System application server 


RISK: 

MEDIUM 



attacks\n\nThe remote host is running the SUN Java system application server. The version 

is: '%L'.\nThis version is reported vulnerable to a flaw in the way that it handles requests 

for '.jsp' code files. An attacker, exploiting this flaw, would be able to gain access to '.jsp' 

source code which could give an attacker information useful in future attacks. \nIAVB 

Reference : 2008-B-0045\nSTIG Finding Severity : Category II 

Solution: SUN has released a fix for this version of their server. Apply the referenced patches. 

CVE-2008-2120 

cPanel Remote Privilege Escalation vulnerability 



Description: Synopsis :\n\nThe remote host is vulnerable to a remote 'privilege escalation' flaw\n\nThe 

remote host is running cpanel, a web-hosting control panel. The remote version of this 

software is vulnerable to a flaw wherein users can gain Administrative access. The root of 

the flaw is in the way that this version of cPanel allows new user accounts to access the 


oot directory. An attacker, exploiting this flaw, would need the ability to authenticate and 

the ability to create a new user. Successful exploitation would result in the attacker gaining 

administrative access. 

Solution: Upgrade to version greater than 11.18.4 

CVE-2008-2478 

MercuryBoard < 1.1.6 SQL Injection 



is running MercuryBoard, a web-based Message board written in PHP. This version of 

MercuryBoard is vulnerable to a remote SQL Injection flaw. This version of MercuryBoard 

fails to sanitize user-supplied input to the 'login.php' script. An attacker, exploiting this 

flaw, would send a malformed HTTP query to the application. Successful exploitation 

would result in the attacker being able to read or write Confidential data. In addition, the 

attacker may be able to execute arbitrary code on the remote database server. 

Solution: Apply the vendor patch 

CVE-2008-6632 

Firebird Default Credentials 


Description: Synopsis :\n\nThe remote service is protected with default credentials.\n\nThe version of 

Firebird on the remote host uses default credentials to control access. Knowing these, an 

attacker can gain administrative access to the affected application. 

Solution: Use the application's 'gsec' utility to change the password for the 'SYSDBA' account. 


Interbase/Firebird Account Detection 


Description: The remote host is running an Interbase or Firebird database server. The account observed 

was: '%P' 

Solution: N/A 


Interbase Database Version Detection 




Description: The remote host is running an Interbase database server. The version is: '%L' 

Solution: N/A 


Interbase Database Remote Stack Overflow 



running an Interbase database server. The version is: '%L'. This version has been reported 

vulnerable to a remote buffer overflow. An attacker, exploiting this flaw, would only need 

to be able to connect to the database service port (3050/tcp by default). Successful 

exploitation would result in the attacker executing arbitrary code. 

Solution: The issue has been fixed in version 8.1.0.2578 which is available from the vendor website. 

CVE-2008-2559 



Description: Synopsis :\n\nThe remote host contains an instant messaging application that is affected by 

several vulnerabilities.\n\nThe version of Trillian installed on the remote host reportedly 

contains several vulnerabilities :\n\n - A stack buffer overflow in 'aim.dll' triggered when 

parsing messages with overly long attribute values within the 'FONT' tag.\n - A memory 

corruption issue within XML parsing in 'talk.dll' triggered when processing malformed 

attributes within an 'IMG' tag. \n - A stack buffer overflow in the header-parsing code for 

the MSN protocol when processing the 'X-MMS-IM-FORMAT' header.\n\nSuccessful 

exploitation of each issue can result in code execution subject to the privileges of the 

current user. 

Solution: Upgrade to Trillian 3.1.10.0 or later as it is reported to resolve these issues. 

CVE-2008-2409 

MDAP Service Detection 


Description: Synopsis :\n\nA network service is listening on the remote host.\n\nThe remote service 

supports the Multi Directory Access Protocol (MDAP), which is used to multicast 

commands to certain types of network devices, such as Thompson ADSL modems. 





Lotus Domino < 8.0.1 / 7.0.3 FP1 Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote web server is affected by multiple vulnerabilities.\n\nAccording 

to its banner, the version of Lotus Domino on the remote host is older than 8.0.1 / 7.0.3 

FP1. The web server component of such versions is reportedly affected by a stack overflow 

that can be triggered by means of a specially-crafted 'Accept-Language' request header. 

While IBM only says this results in a denial of service, the original researchers claim to 

have a working proof-of-concept for Windows that allows arbitrary code execution with 

LOCAL SYSTEM privileges. In addition, the web server reportedly has an unspecified 

cross-site scripting vulnerability in its servlet engine / Web container. 

Solution: Upgrade to version 7.0.3 FixPack1 or 8.0.1 

CVE-2008-2240 

Barracuda Spam Firewall ldap_test.cgi Cross-Site Scripting Vulnerability 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server contains a CGI script that is affected by a cross-site 

scripting vulnerability.\n\nAccording to its firmware version, the remote Barracuda Spam 

Firewall device fails to filter input to the 'email' parameter of the '/cgi-bin/ldap_test.cgi' 

script before using it to generate dynamic content. An unauthenticated remote attacker may 

be able to leverage this issue to inject arbitrary HTML or script code into a user's browser 

to be executed within the security context of the affected site. For your information, the 

remote host is running firmware version: '%L' 

Solution: Either configure the device to limit access to the web management application by IP 

address or update to firmware release 3.5.11.025 or later. 

CVE-2008-2333 

Cerberus Helpdesk < Cerberus Helpdesk 4.0 Build 603 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to UNSPECIFIED remote attack 

vectors\n\nThe remote host is running Cerberus Helpdesk version '%L', a web-based 

helpdesk suite written in PHP. The installed version of Cerberus Helpdesk on the remote 

host is vulnerable to several unspecified vulnerabilities. 

Solution: Patch the affected file as described in the forum thread referenced. 

CVE-2008-6440 

Possible Keylogger software installation detection 




Description: The remote host seems to be running a keyboard logger. This software is used to capture 

screenshots, passwords, websites viewed, and more. 

Solution: Ensure that such software is authorized with respect to corporate policies and guidelines. 


OpenSSL < 0.9.8h Multiple Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to multiple attack vectors.\n\nFor your 

information, the observed version of OpenSSL installed on the remote host is : \n %L 

\n\nVersions of OpenSSL earlier than 0.9.8h are potentially affected by multiple 

vulnerabilities :\n\n - A double-free error exists related to the handling of server name 

extension data and specially crafted TLS 1.0 'Client Hello' packets. This can cause 

application crashes. Note that successful exploitation requires that OpenSSL is compiled 

with the TLS server name extensions. (CVE-2008-0891)\n\n - A NULL pointer dereference 

error exists related to anonymous Diffie-Hellman key exchange and TLS handshakes. This 

can be exploited by omitting the 'Server Key exchange message' from the handshake and 

can cause application crashes. (CVE-2008-1672)\n\n - On 32-bit builds, an information 

disclosure vulnerability exists during certain calculations for NIST elliptic curves P-256 or 

P-384. This error can allow an attacker to recover the private key of the TLS server.\n\n 

The following are required for exploitation :\n\n - 32-bit build\n\n - Use of elliptic curves 

P-256 and/or P-384\n\n - Either the use of ECDH family ciphers and/or the use of ECDHE 

family ciphers without the SSL_OP_SINGLE_ECDH_USE context option. 

(CVE-2011-4354) 

Solution: Upgrade to version 0.9.8h or later. 

CVE-2008-4534 


Samba < 3.0.30 receive_smb_raw Buffer Overflow Vulnerability 


Description: Synopsis :\n\nThe remote Samba server may be affected by a buffer overflow 

vulnerability.\n\nAccording to its banner, the version of the Samba server on the remote 

host ('%L') is reportedly affected by a boundary error in 'nmbd' within the 

'receive_smb_raw' function in 'lib/util_sock.c' when parsing SMB packets received in a 

client context. By sending specially-crafted packets to an 'nmbd' server configured as a 

local or domain master browser, an attacker can leverage this issue to produce a heap-based 

buffer overflow and execute arbitrary code with system privileges. 

Solution: Upgrade to Samba version 3.0.30 or later or apply the patch referenced in the project's 

advisory. 


Mac OS X < 10.5.3 

CVE-2008-1105 



issues.\n\nThe remote host is running a version of Mac OS X 10.5 that is older than version 

10.5.3. Mac OS X 10.5.3 contains security fixes for a number of programs. 

Solution: Upgrade to Mac OS X 10.5.3 or later. 

CVE-2008-1580 

iGuard Security Device Version Detection 


Description: The remote host is running the iGuard embedded web server. This software is commonly 

found on hardware security devices which are used to control facility access. The 

embedded web server typically allows for remote administration of the device and includes 

a built-in web server, database server, and more. 

Solution: Ensure that this device only allows connections from trusted hosts 


ipMonitor Device Version Detection 


Description: The remote host is running the ipMonitor. This software is commonly used to detect and 

track network devices and services. The reported version is: \n %L 

Solution: Ensure that this device only allows connections from trusted hosts 


DLINK Audio/Video Camera Detection 


Description: The remote host is running the DLINK Audio/Video camera with embedded web and file 

transfer services (HTTP and FTP). 

Solution: Ensure that this device and any transmitted images are in compliance with corporate 




Dell Printer Administrative Web Console Detection 


PVS ID: 4527 FAMILY: Policy RISK: HIGH NESSUS ID:Not Available 


application\n\nThe remote host is running a Dell printer administrative web console version 

'%L'. These consoles allow remote users to check printer jobs, change admin passwords, 

restart the printer, and much more. You should particularly ensure that the page 

'/ews/setting/setews.htm' is not accessible by untrusted users. 

Solution: Ensure that only trusted hosts can connect to this service 


IBM Content Manager (ICM) Version Detection 


Description: The remote host is running the IBM Content manager version: '%L' 

Solution: Ensure that you are running the latest version of this software 


Snap Appliance Version Detection 


Description: The remote host is running a Snap Appliance version: '%L'\nThe Snap appliance is a family 

of products which provides remote data storage. 



IBM WebSphere Application Server < 6.1.0.17 Unspecified Vulnerability 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote application server is affected by an unspecified 

vulnerability.\n\nIBM WebSphere Application Server 6.1 before Fix Pack 17 appears to be 

running on the remote host. There reportedly is an attribute in a SOAP security header in 

such versions that may cause a security explosure in Web Services applications (PK61315). 

Solution: Apply Fix Pack 17 (6.1.0.17) or later. 



Skype Technologies URI Handler Remote Code Execution 




version of Skype installed on the remote host is vulnerable to a flaw wherein specially 

formatted 'file://' URI will allow the download and execution of executable files. An 

attacker, exploiting this flaw, would need to be able to coerce a user into browsing a 

malicious URI. Successful exploitation would result in the attacker executing arbitrary 

code. 

Solution: Upgrade to Skype release 3.8.0.139. 

CVE-2008-1805 

Sun-One ASP Server Version Detection 


Description: The remote host is running the Sun-One ASP server version: \n %L 

Solution: N/A 


Sun Java System ASP < 4.0.3 Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote web server is affected by several vulnerabilities.\n\nThe remote 

host is running Sun Java System Active Server Pages (ASP), or an older variant such as 

Sun ONE ASP or Chili!Soft ASP. The web server component of the installed version of 

Active Server Pages on the remote host is affected by several vulnerabilities :\n\n - A flaw 

in an include file used by several of the administration server's ASP applications allows an 

attacker to write arbitrary data to a file specified by an attacker on the affected host. This 

issue does not affect ASP Server on a Windows platform (CVE-2008-2401).\n - Password 

and configuration data are stored in the administration server's web root and can be 

retrieved without credentials. This issue does not affect ASP Server on a Windows platform 

(CVE-2008-2402).\n - Multiple directory traversal vulnerabilities exist in several of the 

administration server's ASP applications can be abused to read or even delete arbitrary files 

on the affected host. This issue does not affect ASP Server on a Windows platform 

(CVE-2008-2403).\n - A stack buffer overflow allows code execution in the context of the 

ASP server (by default root) and can be exploited without authentication 

(CVE-2008-2404).\n - Several of the administration server's ASP applications fail to filter 

or escape user input before using it togenerate commands before executing them in a shell. 

While access to these applications nominally requires authentication, there are reportedly 

several methods of bypassing authentication (CVE-2008-2405).\nIAVA Reference : 

2008-A-0038\nSTIG Finding Severity : Category I 

Solution: Upgrade to Sun Java System ASP version 4.0.3 or later. 

CVE-2008-2405 

CA eTrust SCM Detection 




Description: The remote server is running the Computer Associates eTrust SCM, a filtering proxy 

server. 

Solution: N/A 


Novell Groupwise Messenger server 


Description: The remote server is running a Novell Groupwise Messenger server 

Solution: N/A 


DB2 < 9 Fix Pack 5 Multiple Vulnerabilities 


Description: Synopsis : \n\nThe remote database server is affected by multiple issues.\n\nAccording to 

its version, the installation of DB2 on the remote host is affected by one or more of the 

following issues : \n\n - There is an unspecified security vulnerability related to a 

'DB2FMP' process (IZ20352).\n - There is an unspecified security vulnerability in a 

CLR-stored procedure deployment from IBM Database Add-Ins for Visual Studio 

(JR28432).\n - The password used to connect to the database can be seen in plaintext in a 

memory dump (JR27422).\n - There is a possible stack variable overrun in 'SQLRLAKA()' 

(IZ16346).\n - A local privilege escalation vulnerability via file creation can result in 

root-level access (IZ12735).\n - There are possible buffer overflows involving 'XQUERY', 

'XMLQUERY', 'XMLEXISTS', and 'XMLTABLE' (IZ18434). For your information, the 

remote server is running the following version: \n %L 

Solution: Apply DB2 patches from vendor. 

CVE-2008-3858 




Description: Synopsis :\n\nThe remote Mac OS X host contains an application that is affected by 

multiple vulnerabilities.\n\nThe version of QuickTime installed on the remote Mac OS X 

host is older than 7.5. Such versions contain several vulnerabilities :\n\n - There is a heap 

buffer overflow in QuickTime's handling of PICT image files that could result in a program 

crash or arbitrary code execution (CVE-2008-1583).\n - There is a memory corruption issue 

in QuickTime's handling of AAC-encoded media content that could result in a program 

crash or arbitrary code execution (CVE-2008-1582).\n - There is a stack buffer overflow in 

QuickTime's handling of Indeo video codec content that could result in a program crash or 


arbitrary code execution (CVE-2008-1584).\n - There is a URL handling issue in 

QuickTime's handling of 'file:' URLs that may allow launching of arbitrary applications 

(CVE-2008-1585). 


manually upgrade to QuickTime 7.5 or later. 

CVE-2008-1585 

OpenOffice < 2.4.1 rtl_allocateMemory Integer Overflow 


Description: Synopsis :\n\nThe remote Windows host has a program affected by an integer overflow 

vulnerability.\n\nThe version of OpenOffice installed on the remote host reportedly 

contains an integer overflow vulnerability in 'rtl_allocateMemory()', a custom memory 

allocation function used by the application. If an attacker can trick a user on the affected 

system, he can leverage this issue to execute arbitrary code subject to his privileges. 

Solution: Upgrade to OpenOffice version 2.4.1 or later. 

CVE-2008-2152 

Gordano Messaging Suite Version Detection 


Description: The remote host is running the Gordano Messaging Suite version: \n %L 

Solution: N/A 


Gallery < 2.2.4 Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote host is Missing a critical security patch or upgrade\n\nThe 


version of Gallery installed on the remote host is less than 2.2.5. The vendor has reported 

multiple security flaws in this version. The software is prone to a cross-site scripting flaw 

which could allow an attacker to execute arbitrary script code within client browsers. The 

software is prone to an information disclosure flaw within the 'album-select' module and 

the 'embed.php' script which would allow an attacker to gain access to confidential data. 

The software is prone to a privilege escalation flaw which would allow users the ability to 

gain access to confidential files or processes. Finally, the software is vulnerable to a 

security bypass flaw which would allow an attacker the ability to view confidential data. 

Solution: Upgrade to version 2.2.3 or newer 



CVE-2008-2724 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host contains a web browser that is affected by several issues.\n\n 

The version of Opera installed on the remote host reportedly is affected by several issues 

:\n\n - Improper handling of special characters in page addresses can make addresses look 

like other ones, aiding in phishing attacks.\n - Specially-crafted HTML canvas elements 

could violate the same-origin image policy.\n - Framed sources contained on the same 

parent page can modify each other's location. 

Solution: Upgrade to Opera version 9.5 or later. 

CVE-2008-2716 

Novell NetWare Print Server Detection 


Description: The remote host is running a Novell NetWare print server. 

Solution: N/A 


Novell NetWare iPrint Client Version Detection 


Description: The remote host is running the Novell NetWare iPrint Client version: \n %L 

Solution: N/A 


Sun-One ASP Server Version Detection 


Description: The remote host is running the Sun-One ASP server version: \n %L 

Solution: N/A 


BlackBerry Version Detection 




Description: The remote host is running the BlackBerry operating system version: \n %L 

Solution: N/A 


Sun-One ASP Server Test Application Detection 


RISK: 

MEDIUM 



application\n\nThe remote host is running the Sun-One ASP server version: %L.\n\nThis 

server is also running the default applications which are shipped with the administrative 

interface. Unfortunately, many of the default applications are vulnerable to trivial remote 

flaws which would allow an attacker to gain access to confidential data, launch persistent 

cross-site-scripting attacks, and more. PVS observed the following default application 

being accessed:\n%P 

Solution: Uninstall all default, test applications. 


ClamAV < 0.93.1 memcpy() Function Overflow 


RISK: 

MEDIUM 



running ClamAV version: %L\n\nThis version of ClamAV is vulnerable to a flaw within 

the 'memcpy()' function. An attacker, exploiting this flaw, would be able to crash the 

ClamAV server or possibly execute code. 

Solution: Upgrade to ClamAV version 0.93.1 or higher 

CVE-2008-2713 

Novell iPrint Client Unspecified Vulnerability 


Description: Synopsis : \n\nThe remote host contains an application that is affected by an unspecified 

vulnerability.\n\nThe remote host has Novell iPrint Client installed. The installed version of 

Novell iPrint is affected by an unspecified vulnerability. For your information, the installed 


Solution: Upgrade to version 4.36 or higher 

CVE-2008-2908 



ListManager words Parameter Cross-Site Scripting Vulnerability 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server is affected by a cross-site scripting 

vulnerability.\n\nThe remote host is running ListManager, a web-based commercial mailing 

list management application from Lyris. The version of ListManager installed on the 

remote host fails to sanitize user input to the 'words' parameter of the 'read/search/results' 

script before including it in dynamic HTML output. An attacker may be able to leverage 

this issue to inject arbitrary HTML and script code into a user's browser to be executed 

within the security context of the affected site. 

Solution: Upgrade to ListManager greater than 9.3d 

CVE-2008-2923 

JXTA P2P Server Detection 


RISK: 

MEDIUM 



to Corporate policy\n\nThe remote host is running the JXTA Server\nJXTA is a P2P 

application which allows users to quickly download files from multiple locations. 

Solution: Ensure that JXTA is allowed with respect to Corporate policies and guidelines. 


JXTA P2P Client Detection 


RISK: 

MEDIUM 



corporate policy.\n\nThe remote host is running the JXTA Client.\nJXTA is a P2P 


Solution: Ensure that JXTA is allowed according to corporate policies and guidelines. 


Sun Java Calendar Version Detection 


Description: The remote host is running Sun Java Calendar version: \n %L 

Solution: N/A 




Sun Java Calendar Logging Component Unspecified Remote DoS 



remote host is running Sun Java Calendar version: \n %L \n\nThis version of Calendar is 

vulnerable to a remote denial of service attack. While the details of this vulnerability are 

currently unknown, exploitation would require that 'Access Logging' be enabled. 

Successful exploitation would result in the server crashing, denying access to valid users. 


CVE-2008-2749 

Owner-Free File System Client Detection 


Description: Synopsis :\n\nThe remote web server acts as a distributed filesystem.\n\nThe remote web 

server is an OFFSystem client. OFFSystem (Owner-Free Filesystem) is a distributed 

filesystem for peer-to-peer file sharing in which files are stored as randomized data blocks. 

Solution: Ensure that use of this software is in line with your organization's security and acceptable 

use policies. 


SurgeMail < 3.9g2-2 IMAP Command Handling Unspecified DoS 


Description: The remote mail server is prone to a remote denial of service vulnerability. According to its 

banner, the remote host is running a version of SurgeMail Mail Server older than 3.9g2. 

Such versions are reportedly affected by a remote denial of service vulnerability when 

handling certain IMAP commands. An attacker can leverage this issue to crash the remote 

application. 

Solution: Upgrade to version 3.9g2-2 or higher. 

CVE-2008-2859 

Safari < 3.1.2 Multiple Vulnerabilities 




issues.\n\nThe version of Safari installed on the remote host reportedly is affected by 

several issues :\n\n - An out-of-bounds memory read while handling BMP and GIF images 

may lead to information disclosure (CVE-2008-1573).\n - Safari will automatically launch 


executable files downloaded from a site if that site is in an IE7 zone with 'Launching 

applications and unsafe files' set to 'Enable' or an IE6 'Local intranet ' / ' Trusted sites' zone 

(CVE-2008-2306).\n - There is a memory corruption issue in WebKit's handling of 

JavaScript arrays that could be leveraged to crash the application or execute arbitrary code 

if visiting a malicious site (CVE-2008-2307).\n - When handling an object with an 

unrecognized content type, Safari does not prompt the user before downloading the object 

(aka, the 'carpet-bombing' issue). If the download location is the Windows Desktop (the 

default), this could lead to arbitrary code execution (CVE-2008-2540).\nIAVT Reference : 

2009-T-0021\nSTIG Finding Severity : Category II 


DC++ Client Detection 

CVE-2008-2540 


Description: The remote host is running DC++, an open source peer-to-peer client. The reported version 

is: \n %L 

Solution: Ensure that this application is authorized according to corporate policy. 


Kismet Server Information Disclosure 


RISK: 

MEDIUM 


Description: Synopsis :\n\nIt is possible to collect information from the remote wireless monitoring 

service.\n\nThe remote host is running a Kismet server and allows clients to use it to 

monitor wireless activity. An anonymous attacker may use the information collected to 

enumerate a network. 

Solution: Limit incoming traffic to this port if and, if appropriate, do not allow clients to list WEP 

keys. 


WebGUI < 7.5.13 RSS Feed Authentication Bypass 



RISK: 

MEDIUM 




The remote version of this software is vulnerable to a flaw in the way that it handles access 

to data. Protected data can be accessed by requesting the data within an RSS feed. An 

attacker exploiting this flaw would only need the ability to request an RSS subscription. 



CVE-2008-3503 

IronPort Version Detection 


Description: The remote host is running an IronPort appliance. IronPort is a Cisco application that is 

used to filter spam. The build of the IronPort server is: \n %L 

Solution: N/A 


Resin < Viewfile file Parameter XSS 


RISK: 

MEDIUM 



remote web server is running Resin version: %L.\n\nThis version of Resin is vulnerable to 

a cross-site scripting flaw via the 'file' parameter of the Viewfile application. An attacker 

exploiting this flaw would be able to execute arbitrary script code in the browsers of other 

Resin users. 


CVE-2008-2462 

VLC Media Player < 0.8.6h Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote Windows host contains a media player that is affected by several 

vulnerabilities.\n\nThe version of VLC Media Player installed on the remote host 

reportedly includes versions of GnuTLS, libgcrypt and libxml2 that are affected by various 

denial of service and buffer overflow vulnerabilities. 

Solution: Upgrade to version 0.8.6h or higher. 

CVE-2007-6284 

EMC AlphaStor Library Manager Detection 



Description: Synopsis : \n\nThere is a tape backup manager installed on the remote host.\n\nThe remote 

host is running the EMC AlphaStor Library Manager service. AlphaStor is a tape backup 

management and library sharing for EMC NetWorker. The reported OS/platform 


Solution: N/A 

information is: \n %L 






10.5.4. Mac OS X 10.5.4 contains security fixes for a number of programs.\nIAVB 

Reference : 2008-B-0078\nIAVT Reference : 2008-T-0026\nSTIG Finding Severity : 

Category I 


CVE-2008-2726 

Sun Java System Access Manager Version Detection 


Description: The remote host is running Sun Java System Access Manager, an application for managing 

access to web applications. The reported version is: \n %L \n\nThe path to the Access 

Manager is: \n%P 

Solution: N/A 

RatProxy Detection 



Description: The remote host is a RatProxy proxy server. RatProxy is a passive web application scanner 

that acts as a middle-man to normal browser-based HTTP traffic. 

Solution: N/A 







issues :\n\n - Several stability bugs leading to crashes that, in some cases, show traces of 

memory corruption (MFSA 2008-21).\n - A vulnerability involving violation of the 


same-origin policy could allow for cross-site scripting attacks (MFSA 2008-22).\n - 

JavaScript can be injected into the context of signed JARs and executed under the context 

of the JAR's signer (MFSA 2008-23).\n - By taking advantage of the privilege level stored 

in the pre-compiled 'fastload' file, an attacker may be able to run arbitrary JavaScript code 

with chrome privileges (MFSA 2008-24).\n - Arbitrary code execution is possible in 

'mozIJSSubScriptLoader.loadSubScript()' (MFSA 2008-25).\n - An attacker can steal files 

from known locations on a victim's computer via originalTarget and DOM Range (MFSA 

2008-27).\n - It is possible for a malicious Java applet to bypass the same-origin policy and 

create arbitrary socket connections to other domains (MFSA 2008-28).\n - An improperly 

encoded '.properties' file in an add-on can result in uninitialized memory being used, which 

could lead to data formerly used by other programs being exposed to the add-on code 

(MFSA 2008-29).\n - File URLs in directory listings are not properly HTML-escaped when 

the filenames contained particular characters (MFSA 2008-30).\n - A weakness in the trust 

model regarding alt names on peer-trusted certs could lead to spoofing secure connections 

to any other site (MFSA 2008-31).\n - URL shortcut files on Windows (for example, saved 

IE favorites) could be interpreted as if they were in the local file context when opened by 

Firefox, although the referenced remote content would be downloaded and displayed 

(MFSA 2008-32).\n - A crash in Mozilla's block reflow code could be used by an attacker 

to crash the browser and run arbitrary code on the victim's computer (MFSA 2008-33). 


CVE-2008-2811 





multiple vulnerabilities.\n\nThe installed version of SeaMonkey is affected by various 

security issues :\n\n - Several stability bugs leading to crashes that, in some cases, show 

traces of memory corruption (MFSA 2008-21).\n - A vulnerability involving violation of 

the same-origin policy could allow for cross-site scripting attacks (MFSA 2008-22).\n - 

JavaScript can be injected into the context of signed JARs and executed under the context 

of the JAR's signer (MFSA 2008-23).\n - By taking advantage of the privilege level stored 

in the pre-compiled 'fastload' file, an attacker may be able to run arbitrary JavaScript code 

with chrome privileges (MFSA 2008-24).\n - Arbitrary code execution is possible in 

'mozIJSSubScriptLoader.loadSubScript()' (MFSA 2008-25).\n - An attacker can steal files 

from known locations on a victim's computer via originalTarget and DOM Range (MFSA 

2008-27).\n - It is possible for a malicious Java applet to bypass the same-origin policy and 

create arbitrary socket connections to other domains (MFSA 2008-28).\n - An improperly 

encoded '.properties' file in an add-on can result in uninitialized memory being used, which 

could lead to data formerly used by other programs being exposed to the add-on code 

(MFSA 2008-29).\n - File URLs in directory listings are not properly HTML-escaped when 

the filenames contained particular characters (MFSA 2008-30).\n - A weakness in the trust 

model regarding alt names on peer-trusted certs could lead to spoofing secure connections 

to any other site (MFSA 2008-31).\n - URL shortcut files on Windows (for example, saved 

IE favorites) could be interpreted as if they were in the local file context when opened by 

Seamonkey, although the referenced remote content would be downloaded and displayed 

(MFSA 2008-32).\n - A crash in Mozilla's block reflow code could be used by an attacker 


to crash the browser and run arbitrary code on the victim's computer (MFSA 2008-33). 


CVE-2008-2811 

VLC Media Player < 0.8.6i WAV File Handling Remote Integer Overflow 


Description: Synopsis :\n\nThe remote Windows host contains an application that is affected by an 

integer overflow vulnerability.\n\nThe installed version of VLC Media Player is affected by 

an integer overflow vulnerability. By tricking a user into opening a malicious .WAV file, it 

may be possible to cause a denial of service condition or execute arbitrary code within the 

context of the affected application. 

Solution: Upgrade to version 0.8.6i or higher. 

CVE-2008-2430 

Jabber Client Detection 


Description: The remote host is a Jabber client. 

Solution: N/A 

Jabber Server Detection 



Description: The remote host is a Jabber server. Jabber is an open-source instant messaging server. 

Solution: N/A 






issues.\n\nThe version of Opera installed on the remote host reportedly is affected by 

several issues :\n\n - Specially-crafted HTML canvas elements could reveal data from 

random areas of memory.\n - An unspecified arbitrary code execution vulnerability.\n - 

Improperly set security status when navigating from HTTP to HTTPS. 



CVE-2008-3078 




MyBB installed on the remote host is vulnerable to a number of vulnerabilities. The first 

vulnerability appears to be a cross-site scripting (XSS) flaw. The second vulnerability is a 

SQL injection flaw. An attacker exploiting the XSS vulnerability would be able to execute 

arbitrary code in the browser of unsuspecting MyBB users. An attacker exploiting the SQL 

injection flaw would be able to execute arbitrary SQL commands on the remote database 

server. 



Simple Machines Forum %lt; 1.1.4 / 1.0.12 SQL Injection 




vulnerable to a flaw in the way that it handles user-supplied data.\n\n - The 'topic' request 

parameter is used in a database query without proper sanitation. An attacker exploiting this 

flaw would be able to execute arbitrary SQL code against the remote database.\n - The 

second issue occurs in the 'preparsecode()' function when posting a message with multiple 

'[html]' tags.\n\nNOTE: both of these issues require credentials in order to exploit. 



Sun Java ASP Server Default Admin Password 


Description: Synopsis :\n\nThe remote web server can be accessed with default admin 

credentials.\n\nThe remote host is running Sun Java ASP server. It is possible to access the 

remote server with default admin credentials. 

Solution: Refer to the See Also section and follow the steps to change the admin password 

immediately. 


trixbox Version Detection 




Description: The remote host is a trixbox Voice-over-IP (VoIP) administration server. The reported 


Solution: Ensure that this service can only be accessed by trusted machines. 


trixbox Dashboard user/index.php langChoice Parameter Local File Inclusion 



inclusion attack.\n\nThe remote host is running trixbox dashboard, a PHP-based front-end 

for trixbox, an IP-PBX software solution. The version of trixbox dashboard installed on the 

remote host fails to sanitize user-supplied input to the 'langChoice' parameter of the 

'user/index.php' script before using it to include PHP code. Regardless of PHP's 

'register_globals' setting, an unauthenticated attacker may be able to leverage this issue to 

view arbitrary files or to execute arbitrary PHP code on the remote host, subject to the 

privileges of the web server user ID. 


CVE-2008-6825 

ISC BIND DNS Query ID Field Prediction Cache Poisoning 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote DNS server is vulnerable to a cache-poisoning attack.\n\nThe 

remote host is running a version of BIND DNS server which fails to randomize the UDP 

source port. This could allow an attacker to poison the DNS cache. A poisoned cache 

means that DNS clients can be directed to rogue sites and greatly simplifies phishing 

attacks. The reported version of BIND is: \n %L \nIAVA Reference : 2008-A-0045\nSTIG 

Finding Severity : Category I 

Solution: Many vendors build their DNS solution on top of BIND. Contact your specific DNS vendor 

for a fix. While the only true fix is to use DNSSEC, ISC has released patched versions of 

BIND that make it harder for attackers to spoof DNS answers. This is accomplished by 

expanding the range of UDP ports from which queries are sent. The following versions of 

ISC BIND increase the range of utilized UDP ports: 9.5.0-P1, 9.5.1b1, 9.4.2-P1, 9.4.3b2, 

9.3.5-P1 

CVE-2008-1447 




RISK: 

MEDIUM 



Description: Synopsis :\n\nThe remote web server may be affected by several issues.\n\nAccording to its 

banner, the version of Apache 2.2 installed on the remote host is older than 2.2.9. Such 

versions may be affected by several issues, including :\n\n - Improper handling of excessive 

forwarded interim responses may cause denial of service conditions in mod_proxy_http 

(CVE-2008-2364).\n - A cross-site request forgery vulnerability in the balancer-manager 

interface of mod_proxy_balancer (CVE-2007-6420).\n - An issue exists in the handling of 

the 'Options' and 'AllowOverride' directives (CVE-2009-1195).\n\nNote that the remote 

web server may not actually be affected by these vulnerabilities. PVS cannot determine 

whether the affected modules are in use. 

Solution: Either ensure that the affected modules are not in use or upgrade to Apache version 

2.2.9 or higher. 

CVE-2009-1195 

Xerox Centreware Version Detection 


Description: The remote host is running Xerox Centreware server version: \n %L 

Solution: N/A 

Sun Jconsole Detection 



Description: The remote host is running the Sun Jconsole application. This application is used to manage 

Sun servers across the network. 

Solution: N/A 


Xerox CentreWare < 4.6.46 Multiple Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server contains an application that is affected by multiple 

issues.\n\nXerox CentreWare Web, a web-based tool for IP printer management, is 

installed on the remote web server. According to its banner, the installed version of Xerox 

CentreWare Web reportedly contains three areas that are prone to SQL injection attacks, 

provided the attacker has valid credentials, and two that are prone to cross-site scripting 

attacks. The version of the remote server is: \n %L 




CVE-2008-3122 

RMI Registry Detection 


Description: Synopsis :\n\nAn RMI registry is listening on the remote host.\n\nThe remote host is 

running an RMI registry, which acts as a bootstrap naming service for registering and 

retrieving remote objects with simple names in the Java Remote Method Invocation (RMI) 

system. This server is managed and monitored by the Sun Jconsole system at IP: %L 

Solution: Ensure that only valid clients are allowed to connect to the management ports of this server. 


Firebird Database < 2.1.1.17910 Multiple Vulnerabilities 


RISK: 

MEDIUM 



seems to be running a Firebird database server version '%L'.\n\nThis version of Firebird is 

vulnerable to a number of flaws. While the details of the flaws are currently unknown, the 

vendor has addressed the issues. It is believed that an attacker exploiting these flaws would 

be able to gain access to confidential data and/or cause the database to crash. 



phpBB < 3.0.2 Multiple Information Disclosure Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is missing a critical security patch or 

upgrade.\n\nAccording to its banner, the remote host is running a version of phpBB that is 

vulnerable to several flaws. While the vendor has not released specific information 

regarding the flaws, it is believed that an attacker would be able to redirect valid phpBB 

users to malicious sites. The reported version of phpBB was: \n %L \n 



Java Remote Management Platform Plaintext Password Detection 



RISK: 

MEDIUM 




manner.\n\nThe remote server is managed by a Java JConsole. Further, the server is 

configured to accept plaintext credentials. This can be dangerous if an attacker can gain 

access to network traffic. The plaintext authentication string observed was:\n%P\n 



WordPress < 2.6 press-this.php XSS 


RISK: 

MEDIUM 



version of WordPress installed on the remote host is vulnerable to a cross-site scripting 

flaw due to the way that it parses user-supplied data to the 'press-this.php' script. An 

attacker exploiting this flaw would need to be able to convince a WordPress user to open a 

malicious URI. Successful exploitation would result in attacker code being run in the 

browser. 



Firefox < 2.0.0.16 / 3.0.1 Multiple Vulnerabilities 




issues :\n\n - By creating a very large number of references to a common CSS object, an 

attacker can overflow the CSS reference counter, causing a crash when the browser 

attempts to free the CSS object while still in use and allowing for arbitrary code execution 

(MFSA 2008-34).\n - If Firefox is not already running, passing it a command-line URI with 

pipe ('|') symbols will open multiple tabs, which could be used to launch 'chrome:i' URIs 

from the command-line or to pass URIs to Firefox that would normally be handled by a 

vector application (MFSA 2008-35). 

Solution: Upgrade to version 2.0.0.16 / 3.0.1 or higher. 

CVE-2008-2933 

Blackberry Enterprise Server Version Detection 


Description: The remote host is running Blackberry Enterprise Server version: \n %L 

Solution: N/A 




BlackBerry Enterprise Server < 4.1.6 PDF Processing Arbitrary Code Execution 


Description: Synopsis :\n\nThe remote Windows host has an application that is affected by a code 

execution vulnerability\n\nThe version of BlackBerry Enterprise Server on the remote host 

reportedly contains a vulnerability in the PDF distiller component of the BlackBerry 

Attachment Service. A remote attacker may be able to leverage this issue to execute 

arbitrary code on the affected host subject to the privileges under which the application 

runs, generally 'Administrator', by sending an email message with a specially crafted PDF 

file and having that opened for viewing on a BlackBerry smartphone. 

Solution: Either upgrade to BlackBerry Enterprise Server software version 4.1 Service Pack 6 (4.1.6), 

apply an appropriate interim security software update, or prevent the BlackBerry 

Attachment Service from processing PDF files. 






issues :\n\n - By creating a very large number of references to a common CSS object, an 

attacker can overflow the CSS reference counter, causing a crash when the browser 

attempts to free the CSS object while still in use and allowing for arbitrary code execution 

(MFSA 2008-34).\n - If Firefox is not already running, passing it a command-line URI with 

pipe ('|') symbols will open multiple tabs, which could be used to launch 'chrome:i' URIs 

from the command-line or to pass URIs to Firefox that would normally be handled by a 

vector application (MFSA 2008-35). 


CVE-2008-2933 

F-PROT Antivirus Version Detection 


Description: The remote host is running F-PROT Antivirus version: \n %L 

Solution: N/A 


F-PROT Attachment Handling DoS 




RISK: 

MEDIUM 



remote host is running the F-PROT Antivirus product version: \n %L \n\nThis version of 

F-PROT is vulnerable to a remote Denial of Service (DoS) attack when processing certain 

file types. Specifically, malformed CHM, UPX-compressed, ASPack-compressed and 

Microsoft Office documents can cause the remote antivirus engine to crash. An attacker 

exploiting this flaw would only need the ability to send an email with a malformed 

attachment. 

Solution: Versions 4.4.4 and 6.0.9.0 are listed as not being vulnerable to this attack. 

CVE-2008-3244 

HP System Management Version Detection 


Description: The remote host is running HP System Management version: \n %L \n\nThis application 

facilitates remote management via a web interface. The service primarily listens on two 

ports: 2301/tcp (plaintext HTTP) and 2381/tcp (SSL). 

Solution: Either disable port 2301 or ensure that it forces a redirect to the SSL port (2381). 


HP System Management Homepage (SMH) < 2.1.12 Unspecified XSS 


RISK: 

MEDIUM 



remote host appears to be running HP System Management Homepage (SMH), a 

web-based management interface for ProLiant and Integrity servers. The reported version 

is: \n %L \n\n.The version of HP SMH installed on the remote host fails to sanitize user 

input to an unspecified parameter and script before using it to generate dynamic HTML. A 

remote attacker may be able to exploit these issues to cause arbitrary HTML and script 

code to be executed by a user's browser in the context of the affected web site. 


CVE-2008-1663 

WinRemotePC Server Detection 




Description: The remote host is running WinRemotePC, a software application that allows for remote 

desktop administration of the machine. 

Solution: Ensure that such a solution is in alignment with corporate policies and guidelines. 


RunCMS < 1.6.2 Multiple Script Remote File Inclusion 



is running RunCMS, a web-based content management and messaging system. This version 

of RunCMS is reported to be vulnerable to a number of remote file inclusion 

vulnerabilities. Specifically, the 'votepolls.php' and 'config.php' scripts can be tricked into 

opening and running scripts from a malicious webserver. An attacker exploiting these flaws 

would only need the ability to send requests to the application. Successful exploitation 

would result in the attacker executing arbitrary script code on the server. 


CVE-2008-3354 

OpenSSH X11 < 5.1 Session Hijacking 


Description: Synopsis :\n\nThe remote host is vulnerable to a local 'session hijacking' 

flaw.\n\nAccording to its banner, the version of SSH installed on the remote host is older 

than 5.1. Such versions may allow a local user to hijack X11 sessions because it improperly 

checks user privileges before re-binding a port. In order for the attack to be successful, the 

'X11UseLocalhost' option would need to be disabled. By default, the option is enabled. 

Further, the OpenSSH service would need to be running on an operating system (such as 

HP-UX) where the effective user ID is not checked. 


CVE-2008-3259 

EMC Retrospect Backup Client Version Detection 


Description: The remote host is running the EMC Retrospect backup client. This host allows a 

server to connect and access data remotely. This application listens on port 497/tcp 

for connections. The reported version number is: \n %L 

Solution: Ensure that only valid IP addresses can access the service. 




EMC Retrospect Server Detection 


Description: The remote host is running the EMC Retrospect server. This application is used to 

manage data backups of remote Retrospect clients. The major/minor version number 

of the Retrospect server is: \n %L 

Solution: N/A 


DNS Server Source Port 53 Query Usage 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote DNS server is vulnerable to a cache-poisoning attack.\n\nThe 

remote host is running a DNS server that is configured to use port 53 as its source port for 

queries. This is extremely dangerous as an attacker only needs to spoof a 16-bit transaction 

ID in order to poison the DNS cache. A poisoned cache means that DNS clients can be 

directed to rogue sites and greatly simplifies phishing attacks.\nIAVA Reference : 


Solution: Ensure that the DNS server is fully patched and can utilize a wide range of UDP source 

port numbers. For ISC servers, ensure that the following line does not exist within the 

configuration file: "query-source address * port 53;" 

CVE-2008-1447 

OpenDNS Client Detection 


Description: The remote client is configured to use OpenDNS DNS servers. OpenDNS is a third-party 

DNS provider that offers administrators the ability to filter traffic, view network and user 

statistics, and more. 



Agnitum Outpost Version Detection 


Description: The remote client is running the Agnitum Outpost security suite. This suite of tools protects 

users from viruses, phishing attacks, malware and more. The observed version was: \n %L 

Solution: N/A 




Agnitum Outpost Security Suite < 6.5.2358.316.0607 Detection Engine Bypass 


RISK: 

MEDIUM 



remote client is running the Agnitum Outpost security suite. This suite of tools protects 

users from viruses, phishing attacks, malware and more. The observed version was: \n %L 

\n\nThe vendor has reported an issue where specially formatted file names may bypass the 

detection engines. An attacker exploiting this flaw would need to be able to convince an 

Outpost user to open a malicious file. Successful exploitation would result in the attacker 

bypassing the security rules and passing a malicious file to the client. 



Mantis < 1.1.2 account_prefs_update.php language Parameter Traversal Local File Inclusion 



host is running Mantis Bug Tracker version: '%L'\n\nThe version of Mantis Bug Tracker 

installed on the remote host does not properly parse user-supplied data to the 'language' 

parameter of the 'account_prefs_update.php' script. An attacker can gain 'read' access to 

local files or execute arbitrary files that are already present on the web server. An attacker 

exploiting this flaw would send a specially formatted 'language' parameter to the affected 

script. This parameter would probably contain file names preceded by directory-traversal 

strings. 


CVE-2008-3333 

Retrospect Backup Client < 



RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote backup client is affected by multiple 

vulnerabilities.\n\nAccording to its version number, the Retrospect Backup Client installed 

on the remote host is affected by several vulnerabilities : \n\n - An error in the client may 

lead to memory corruption and in turn a denial of service condition when processing 

specially-crafted packets, although only when an English client is used on a Chinese 

operating system, which is not a supported configuration.\n - The password hash is sent 

over the network unencrypted, which could result in its disclosure.\n - A null pointer 

dereference error may lead to a denial of service condition.\n\nThe reported version number 

is: \n %L 



CVE-2008-3290 

Retrospect Backup Server < 7.6 Authentication Module Password Hash Disclosure (ESA-08-009) 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote Windows host has an application that is affected by an 

information disclosure vulnerability.\n\nAccording to its version number, the 

Authentication Module in the Retrospect Backup Server installed on the remote host uses a 

weak hash algorithm to hash a user's password, which could allow a remote attacker to gain 

control of a client's machine. The reported version number is: \n %L 


CVE-2008-3288 

RealPlayer for Windows < 6.0.14.806 / 6.0.12.1675 Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote Windows application is affected by at least one security 

vulnerability.\n\nAccording to its version number, the installed version of RealPlayer / 

RealPlayer Enterprise on the remote Windows host suffers from possibly several issues 

:\n\n - Heap memory corruption issues in several ActiveX controls can lead to arbitrary 

code execution (CVE-2008-1309).\n - An unspecified local resource reference vulnerability 

(CVE-2008-3064).\n - An SWF file heap-based buffer overflow (CVE-2007-5400).\n - A 

buffer overflow involving the 'import()' method in an ActiveX control implemented by the 

'rjbdll.dll' module could result in arbitrary code execution (CVE-2008-3066).\n\nNote that 

RealPlayer 11 (builds 6.0.14.738 - 6.0.14.802) are only affected by the first issue 

(CVE-2008-1309).\nNote that the vendor's advisory states that version numbers for 

RealPlayer 10.5 are not sequential. 

Solution: Upgrade to RealPlayer 11.0.3 (build 6.0.14.806) / RealPlayer 10.5 (build 6.0.12.1675) or 

higher. 

CVE-2008-3066 






issues :\n\n\n - Several stability bugs leading to crashes that, in some cases, show traces of 

memory corruption (MFSA 2008-21).\n\n - By taking advantage of the privilege level 

stored in the pre-compiled 'fastload' file, an attacker may be able to run arbitrary JavaScript 

code with chrome privileges (MFSA 2008-24).\n\n - Arbitrary code execution is possible in 

'mozIJSSubScriptLoader.loadSubScript()' (MFSA 2008-25).\n\n - Several function calls in 


the MIME handling code use unsafe versions of string routines (MFSA 2008-26).\n\n - An 

improperly encoded '.properties' file in an add-on can result in uninitialized memory being 

used, which could lead to data formerly used by other programs being exposed to the 

add-on code (MFSA 2008-29).\n\n - A weakness in the trust model regarding alt names on 

peer-trusted certs could lead to spoofing secure connections to any other site (MFSA 

2008-31).\n\n - A crash in Mozilla's block reflow code could be used by an attacker to crash 

the browser and run arbitrary code on the victim's computer (MFSA 2008-33).\n\n - By 

creating a very large number of references to a common CSS object, an attacker can 

overflow the CSS reference counter, causing a crash when the browser attempts to free the 

CSS object while still in use and allowing for arbitrary code execution (MFSA 2008-34). 


CVE-2008-2785 

CUPS < 1.3.8 Crafted PNG File Integer Overflow 


Description: Synopsis :\n\nThe remote printer service is affected by a buffer overflow 

vulnerability.\n\nAccording to its banner, the version of CUPS installed on the remote host 

is affected by an integer overflow. Using a specially crafted PNG file with overly long 

width and height fields, a remote attacker can leverage this issue to crash the affected 

service and may allow execution of arbitrary code. 


CVE-2008-1722 

AVG Scanning Engine < 8.0.156 UPX Parsing DoS 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote Windows host contains an application that is affected by a denial 

of service vulnerability.\n\nAVG Anti-Virus is installed on the remote Windows host. The 

version of AVG Anti-Virus installed on the remote host is affected by a 'UPX' file parsing 

flaw. An attacker can trigger a divide-by-zero error by causing the application to process a 

specially crafted 'UPX' file, which would result in a denial of service condition. The 

reported version, build and license key is: \n %L 


CVE-2008-3373 

DB2 < 9.5 Fix Pack 1 Multiple Vulnerabilities 




Description: Synopsis : \n\nThe remote database server is affected by multiple issues.\n\nThe 

installation of DB2 9.5 on the remote host does not have any Fix Packs applied and thus is 

affected by one or more of the following issues : \n\n - There is a security vulnerability in 

the 'NNSTAT' procedure on Windows platforms only that allows low-privileged users to 

overwrite arbitrary files (IZ10776).\n - There is a security vulnerability in the 

'SYSPROC.ADMIN_SP_C' procedure on Windows platforms that allows users to load 

arbitrary libraries and execute arbitrary code in the system (IZ10917).\n - An unspecified 

vulnerability affects 'DB2WATCH' and 'DB2FREEZE' on Solaris platforms (IZ12994).\n - 

An authenticated remote user can cause the DB2 instance to crash by passing specially 

crafted parameters to the 'RECOVERJAR' and 'REMOVE_JAR' procedures (IZ15496).\n - 

There is an internal buffer overflow vulnerability in the DAS process that could allow 

arbitrary code execution on the affected host (IZ12406).\n - A local attacker can create 

arbitrary files as root on Unix and Linux platforms using symlinks to the 

'dasRecoveryIndex', 'dasRecoveryIndex.tmp', '.dasRecoveryIndex.lock', and 

'dasRecoveryIndex.cor' files during initialization (IZ12798).\n - There is a security 

vulnerability related to a failure to switch the owner of the 'db2fmp' process affecting Unix 

and Linux platforms (IZ19155).\n - When a memory dump occurs, the password used to 

connect to the database remains visible in clear text in memory (JR28314). The reported 

version/build of the remote DB2 server is: \n %L 

Solution: Apply DB2 Version 9.5 Fix Pack 1. 

CVE-2008-1998 

Coppermine Photo Gallery < 1.4.19 data Cookie Local File Inclusion 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server contains a PHP application that is affected by a local 

file inclusion vulnerability.\n\nThe version of Coppermine installed on the remote host fails 

to sanitize input to the 'lang' array element of its data cookie before using it in 

'include/init.inc.php' to include PHP code. Provided the application's character set is set to 

'utf-8', which is default, an unauthenticated remote attacker can exploit this issue to view 

arbitrary files or possibly to execute arbitrary PHP code on the remote host subject to the 

privileges of the web server user ID. 


CVE-2008-3486 

Apache Tomcat < 4.1.37/5.5.26/6.0.16 Multiple Vulnerabilities 



RISK: 

MEDIUM 



is running Apache Tomcat version: \n %L \n\nThis version of Tomcat is reported to be 

vulnerable to several flaws. First, the application fails to sanitize user input to the 

'RequestDispatcher' method. An attacker exploiting this flaw could request content outside 


the web root (typically through the use of '../' or similar sequences). If successful, the 

attacker could gain access to confidential data. Second, the application is vulnerable to a 

cross-site scripting (XSS) attack via the 'HttpServerResponse.sendError()' function. The 

user-supplied data is echoed back within the response headers and could lead to arbitrary 

code being executed within the browser of Tomcat clients. 


CVE-2008-2370 

Ingres Database Multiple Local Vulnerabilities 



is running the Ingres Database version: \n %L \n\nThis version of Ingres is vulnerable to 

several local vulnerabilities. There is a flaw in the 'verifydb' utility that would allow a local 

attacker to overwrite critical files. There is a flaw in the 'libbecompat' library that would 

allow a local attacker to execute a stack overflow. There is a flaw in the 'ingvalidpw' utility 

that would allow a local user to escalate privileges. 


CVE-2008-3357 

Novell iManager Version Detection 


Description: The remote host is running Novell iManager version: \n %L \n\niManager is a web 

application that facilitates remote administration of Novell resources. 

Solution: N/A 


Winamp < 5.541 NowPlaying Unspecified Vulnerability 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote Windows host contains a multimedia application that is affected 

by an unspecified vulnerability.\n\nThe remote host is running Winamp, a media player for 

Windows. The version of Winamp installed on the remote host is earlier than 5.541. Such 

versions reportedly contain an unspecified vulnerability involving the software's 

'NowPlaying' feature. The reported version of Winamp is: \n %L 


CVE-2008-3567 



Novell iManager < 2.7 SP1 Property Book Pages Security Bypass 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server is affected by a security bypass 

vulnerability.\n\nNovell iManager is installed on the remote host. The version of iManager 

installed reportedly fails to implement sufficient access control checks on 'Property Book 

Pages' created with Plug-in Studio before granting delete privileges on them to a user. 

Solution: Upgrade to version 2.7 SP1 (iManager 2.7.1) or higher. 

CVE-2008-3488 

Gallery < 1.5.8 modules.php phpEx Parameter Traversal Local File Inclusion 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is vulnerable to a flaw that allows attackers to retrieve 

sensitive files or data.\n\nThe remote host is running Gallery, a web-based photo album 

application written in PHP. The version of Gallery installed on the remote host is less than 

1.5.8. This version of Gallery is vulnerable to a local file inclusion vulnerability. The root 

of the flaw is in the 'phpEx' parameter of the '/contrib/phpBB2/modules.php' script. An 

attacker exploiting this flaw would send a specially formatted request to the modules.php 

application. The request would likely include a directory traversal to some local file on the 

server. e.g. '../../../etc/passwd'. Successful exploitation would result in the attacker gaining 

'read' access to confidential files. The reported version of Gallery is: \n %L \n 






issues.\n\nAccording to its banner, the version of PHP installed on the remote host is older 

than 4.4.9. Such versions address several security issues, including : \n\n - An update of 

PCRE to version 7.7.\n - An overflow in memnstr().\n - A crash in imageloadfont when an 

invalid font is given.\n - An open_basedir handling issue in the curl extension.\n - 

'mbstring.func_overload' set in '.htaccess' becomes global. Note that the release 

announcement states this will be the last release for the PHP 4.4 series. The reported 



CVE-2008-3660 


Apache Tomcat < 6.0.18 UTF-8 Directory Traversal Arbitrary File Access 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server is prone to a directory traversal attack.\n\nThe version 

of Apache Tomcat installed on the remote host is affected by a directory traversal issue. By 

encoding directory traversal sequences as UTF-8 in a request, an unauthenticated remote 

attacker can leverage this issue to view arbitrary files on the remote host. Note that 

successful exploitation requires that a context be configured with 'allowLinking' set to 'true' 

and the connector with 'URIEncoding' set to 'UTF-8', neither of which is a default setting. 


CVE-2008-2938 

Grendel Web Application Scanner Detection 



corporate policy.\n\nThe remote host is running the Grendel web application scanner. 

Grendel is an attack framework that allows users to automatically scan and fuzz web 

application servers. 



JBoss EAP < 4.2.0.CP03 / 4.3.0.CP01 Status Servlet Information Disclosure 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server contains a servlet that is affected by an information 

disclosure vulnerability.\n\nThe version of JBoss Enterprise Application Platform (EAP) 

running on the remote host allows unauthenticated access to the status servlet, which is 

used to monitor sessions and requests sent to the server. 

Solution: Upgrade to version 4.2.0.CP03 / 4.3.0.CP01 or higher. 

CVE-2008-3273 


HP-UX ftpd Remote Privileged Access Authentication Bypass 


Description: Synopsis :\n\nThe remote FTP server may allow remote privileged access.\n\nAccording to 

its banner, the version of the HP-UX FTP server running on the remote host is at a patch 

level before PHNE_38458. Such versions reportedly contain an unspecified vulnerability 

that in certain account configurations could be exploited by an anonymous remote attacker 

to gain privileged access.\nIAVT Reference : 2008-T-0045\nSTIG Finding Severity : 

Category I 


Solution: Apply patch PHNE_38458 or later. 

CVE-2008-1668 

Sun Java System Web Proxy Server Detection 


Description: The remote host is a Sun Java System web proxy server. This server retrieves web pages 

for internal clients. The reported version number was: \n %L 

Solution: N/A 

Sympa < 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a local flaw in an application that handles 

local files.\n\nThe remote host is running Sympa, an open-source mailing list software 

application. The reported version number is '%L'\n\nThis version of Sympa is vulnerable to 

a flaw due to the way that sympa.pl creates files when the '--make_alias_file' option is used. 

An attacker exploiting this flaw would need local access. Successful exploitation would 

result in the attacker overwriting local files which the Sympa application had permissions 

on. 


CVE-2008-4476 

PHP Live! Helper < 2.1.0 Multiple Vulnerabilities 



is running PHP Live Helper, a customer support application, version: \n %L \n\nThis 

version of Live Helper is vulnerable to a number of flaws. \n\nThere is a SQL injection 

flaw when handling malformed data to the 'dep' parameter of the 'onlinestatus_html.php' 

script. An attacker exploiting this flaw would be able to execute arbitrary SQL commands 

against the database server.\n\nThere is a flaw in the way that the application handles data 

passed to the 'libsecure.php' source file. An attacker exploiting this flaw would be able to 

change the behavior of the database server.\n\nThere is a flaw in the way that the 

application handles data to the 'rg' parameter of the 'globalsoff.php' file. An attacker 

exploiting this flaw might be able to get arbitrary code executed via an 'eval()' function call. 




CVE-2008-3764 

Reflections SSH Server Version Detection 


Description: The remote host is running a Reflections for Secure IT SSH server version: \n %L 

Solution: N/A 


RhinoSoft Serv-U FTP Server Version Detection 


Description: The remote host is running the RhinoSoft Serv-U FTP server. Serv-U is typically 

installed as part of a suite of products that enables file sharing on a remote server. The 

installed version number is: \n %L 

Solution: N/A 


Serv-U < 7.2.0.1 SFTP Directory Creation Logging DoS 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote FTP server is affected by a denial of service 

vulnerability.\n\nThe remote host is running Serv-U File Server, an FTP server for 

Windows. The installed version of Serv-U is earlier than 7.2.0.1 and reportedly contains an 

SFTP bug in which directory creation and logging SFTP commands could lead to an 

application crash. The reported version number is: \n %L 


CVE-2008-3731 

RhinoSoft Serv-U Web Server Version Detection 


Description: The remote host is running the RhinoSoft Serv-U web server. Serv-U web server is 

typically installed as part of a suite of products that enables file sharing on a remote 

server. The installed version number is: \n %L 

Solution: N/A 




Attachmate Reflection for Secure IT UNIX Server < 7.0 SP1 Multiple Vulnerabilities 


Description: Synopsis : \n\nThe remote SSH service is affected by multiple vulnerabilities.\n\nThe 

version of Attachmate Reflection for Secure IT UNIX Server installed on the remote host is 

lower than 7.0 SP1 and thus reportedly affected by several issues : \n\n - There is an 

inherited vulnerability in OpenSSL when parsing malformed ASN.1 structures leading to a 

denial of service vulnerability (CVE-2006-2937).\n - There is an inherited vulnerability in 

OpenSSL when parsing parasitic public keys leading to a denial of service vulnerability 

(CVE-2006-2940).\n - There is an inherited vulnerability in OpenSSL when performing 

Montgomery multiplication, leading to a side-channel attack vulnerability 

(CVE-2007-3108).\n - There is an inherited vulnerability in OpenSSH with the execution of 

the ~/.ssh2/rc session file (CVE-2008-1657).\n - There is an issue with the security of 

forwarded X11 connections, leading to possible hijacking. (CVE-2008-1483)\n - There are 

multiple unspecified other vulnerabilities.\nThe reported version of SSH is: \n %L 


CVE-2008-6021 

Cisco Secure Access Control Server Detection 


Description: Synopsis :\n\nThe remote web server is part of an access policy control platform.\n\nThe 

remote host appears to be running Cisco Secure Access Control Server, an access policy 

control platform, on this port. It is used to centrally manage access to network resources. 






issues.\n\nThe version of Opera installed on the remote host is older than 9.52 and is 

reportedly affected by several issues :\n\n - Specially-crafted URLs could start Opera in a 

way that would allow execution of arbitrary code.\n - Invalid checking of what frames a 

site can change, allowing a website to open pages from other sites.\n - An unspecified 

cross-site scripting issue.\n - Custom shortcuts and menu commands may pass parameters 

created from uninitialized memory.\n - Secure sites loading insecure content in a frame will 

cause Opera to incorrectly display the padlock icon.\n - Feed sources can link to a user's 

local disk, and appropriate JavaScript can detect if these files exist or not.\n - The page 

address may be changed when a user subscribes to a newsfeed subscription using the feed 

subscription button. 




CVE-2008-4293 

SQL Worm Client Detection 


Description: Synopsis : \n\nThe remote host has been compromised and is running a 'backdoor' 

program.\n\nThe remote host appears to be infected with a SQL worm. The worm is 

attempting to spread via other web servers. The observed network traffic from this machine 

was: \n %L 

Solution: Manually examine and clean the host. 


Kayako SupportSuite Version Detection 


Description: The remote host is running Kayako SupportSuite version: %L 

Solution: N/A 


Kayako SupportSuite < 3.30.01 Multiple Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server contains a PHP application affected by several 

vulnerabilities.\n\nThe remote host is running Kayako SupportSuite, a web-based electronic 

support portal written in PHP. According to its banner, the version of Kayako installed on 

the remote host is earlier than 3.30.01 and is affected by several issues: \n\n - There is a 

blind SQL injection issue in the staff panel that enables a staff user to gain administrative 

access.\n - A user may be able to inject arbitrary script into a user's browser by opening a 

ticket or requesting a chat if they include the script in the 'Full Name' field associated with 

their account.\n - There are numerous cross-site scripting issues. The reported version of 

SupportSuite is: \n %L 


CVE-2008-3701 

DB2 < 9.5 Fix Pack 2 Multiple Vulnerabilities 



Description: Synopsis :\n\nThe remote database server is affected by multiple vulnerabilities.\n\nThe 

installation of DB2 9.5 on the remote host does not have Fix Pack 2 applied and is affected 

by multiple vulnerabilities :\n\n - An unspecified vulnerability in the way it deploys 'CLR 


Stored Procedures' for Visual Studio from IBM database add-ins (JR28431). - A buffer 

overflow condition in the DAS server code. (IZ22188) 

Solution: Apply DB2 Version 9.5 Fix Pack 2. 

Sharity Detection 

CVE-2008-6821 


Description: The remote host is running the Sharity service for Unix. Sharity is a service that allows 

Unix computers to access SMB/CIFS servers. 

Solution: N/A 

Invision Power Board < 




is running Invision Board, a CGI suite designed to set up a bulletin board system on the 

remote web server. This version of Invision Board is vulnerable to several SQL injection 

attacks due to a lack of parsing on the 'act' and 'name' variables of the index.php script. 

There is an information disclosure flaw where authentication materials can be retrieved 

from 'ipb_stronghold' cookies. There is a vulnerability that allows attackers to hijack 

administrative sessions. There is a denial of service vulnerability due to a lack of parsing to 

the 'clean_globals()' function. There is a flaw in the 'source/action_admin/languages.php' 

where an attacker can inject code that is later executed via an 'eval()' function. Finally, 

there is a flaw in the way that the application handles data sent to the 'INFO[base_url]' 

parameter of the 'admin.php' script. A remote attacker can invoke arbitrary PHP script code. 



eDirectory < 8.8 SP3 Multiple Vulnerabilities 



Description: Synopsis :\n\nThe remote directory service is affected by multiple vulnerabilities.\n\nThe 

remote host is running eDirectory, a directory service software from Novell. The installed 

version of Novell eDirectory is affected by multiple issues :\n\n - NDS module is affected 

by a heap overflow vulnerability (Bugs 396819 and 396817).\n - Windows installs of 

eDirectory are affected by a remote memory corruption vulnerability (Bug 373852).\n - 

LDAP module is affected by a buffer overflow vulnerability (Bug 373853).\n - HTTPSTK 

is affected by two heap overflow vulnerabilities affecting 'Language' and 'Content Length' 

headers in HTTPSTK (Bugs 379882 and 379880).\n - HTTPSTK is also affected by a 

cross-site scripting vulnerability (Bug 387429). 




ClamAV < 0.93.1 memcpy() .chm File Handling DoS 



remote host is running ClamAV version: %L\n\nThis version of ClamAV is vulnerable to a 

flaw within the 'libclamav/chmunpack.c' file. Specifically, when handling malformed '.chm' 

files, the application fails to adequately parse the file. An attacker sending a malformed 

.chm file to a server running ClamAV would be able to crash the service. 


MicroTik Router < 

CVE-2008-3914 


RISK: 

MEDIUM 



authentication.\n\nThe remote host is running a MicroTik router. The reported version is: 

%L\n\nThis version of MicroTik router is vulnerable to a flaw within its SNMP module. 

An attacker exploiting this vulnerability would send the MicroTik router malformed SNMP 

queries. These queries would bypass any local 'read-only' restrictions and be executed by 

the router. 

Solution: If possible, disable SNMP or only allow queries from trusted hosts. When available, 

upgrade to a version higher than 2.9.51 or 3.13. 

MicroTik Router < 

CVE-2008-6976 



RISK: 

MEDIUM 



authentication.\n\nThe remote host is running a MicroTik router. The reported version is: 

%L\n\nThis version of MicroTik router is vulnerable to a flaw within its SNMP module. 

An attacker exploiting this vulnerability would send the MicroTik router malformed SNMP 

queries. These queries would bypass any local 'read-only' restrictions and be executed by 

the router. 

Solution: If possible, disable SNMP or only allow queries from trusted hosts. When available, 

upgrade to a version higher than 2.9.51 or 3.13. 


CVE-2008-6976 

Google Chrome Version Detection 


Description: The remote host is running the Google Chrome web browser version: %L 

Solution: N/A 


Simple Machines Forum < 1.1.6 Random Number Generator Credentials Disclosure 


Description: Synopsis : \n\nThe remote host is is vulnerable to a security-bypass flaw.\n\nThe remote 

host is running the Simple Machines Forum (SMF), a web forum. This version of SMF is 

vulnerable to a flaw where it will leak the state of the random number generator. As 

authentication materials are created using the random number generator, an attacker can use 

the leaked state to determine authentication codes of other users. Note that this 

vulnerability only affects the Windows versions of SMF that use a simple, linear, 

feed-forward design for generating random numbers. The reported version of SMF is: \n 

%L \n 


CVE-2008-6971 

Novell iPrint Client nipplib.dll IppCreateServerRef Function Buffer Overflow 


Description: Synopsis :\n\nThe remote Windows host has an application that is affected by a buffer 

overflow vulnerability.\n\nThe installed version of Novell iPrint Client is affected by a 

buffer overflow vulnerability. By passing very long arguments to either 

'GetPrinterURLList()', 'GetPrinterURLList2()', or 'GetFileList2()' functions available in 

ActiveX control 'ienipp.ocx', it may be possible to cause a heap-based buffer overflow in 

function 'IppCreateServerRef()' provided by 'nipplib.dll'. Successful exploitation of this 

issue may result in arbitrary code execution on the remote system. 

Solution: Upgrade to Novell iPrint Client version 5.08 or Novell iPrint Client for Windows 4.38 or 

higher. 

CVE-2008-2436 

WordPress < 2.6.2 Administrative Password Reset 



RISK: 

MEDIUM 



Description: Synopsis :\n\nThe remote host can be tricked into modifying administrative 

credentials.\n\nThe version of WordPress installed on the remote host is vulnerable to a 

flaw that would allow any user to reset the password of any other user account. After 

resetting the password, the newly reset password would be sent to the email address linked 

to the account. 


Trac Version Detection 

CVE-2008-4107 


Description: The remote host is running Trac, a web-based software management application that 

supports bug-tracking and source code browsing. The version of Trac is: \n %L 

Solution: N/A 


Microsoft Office OneNote Client Detection 


Description: The remote host is running Microsoft OneNote on Office version '%L' 

Solution: N/A 






vulnerabilities.\n\n The version of QuickTime installed on the remote host is older than 

7.5.5. Such versions contain several vulnerabilities :\n\n - Heap and stack buffer overflows 

in the handling of panorama atoms in QTVR (QuickTime Virtual Reality) movie files could 

lead to an application crash or arbitrary code execution (CVE-2008-3624 and 

CVE-2008-3625).\n - A memory corruption issue in QuickTime's handling of STSZ atoms 

in movie files could lead to an application crash or arbitrary code execution 

(CVE-2008-3626).\n - Multiple memory corruption issues in QuickTime's handling of 

H.264-encoded movie files could lead to an application crash or arbitrary code execution 

(CVE-2008-3627).\n - An out-of-bounds read issue in QuickTime's handling of PICT 

images could lead to an application crash (CVE-2008-3629). 


manually upgrade to version 7.5.5 or higher. 


CVE-2008-3629 

MySQL Empty Binary String DoS 


RISK: 

MEDIUM 



remote host is running MySQL database version: %L\n\nThis version of MySQL is 

vulnerable to a remote Denial of Service (DoS) attack when it processes empty binary 

strings. An attacker exploiting this flaw would need some way of injecting data into a 

MySQL query. Successful exploitation would result in the database crashing. 


CVE-2008-3963 

iTunes < 8.0 Multiple Vulnerabilities 



is running iTunes, an application for managing and listening to music media files. The 

version of iTunes is '%L'.\n\nThis version of iTunes is vulnerable to a several local flaws. 

The first involves an integer overflow and would result in the local attacker executing 

arbitrary code with the privileges of the iTunes program. The second flaw involves 

misleading firewall messages that may lead to a false sense of security. 


CVE-2008-3636 

Apple iPod Device Detection 


Description: The remote device is an Apple iPod. iPod is a multimedia hardware application that allows 

users to store files of various formats on the device. 

Solution: Ensure that such devices are authorized according to corporate policies and guidelines. 





Description: Synopsis : \n\nThe remote host is vulnerable to multiple attack vectors.\n\nThe version of 

MyBB installed on the remote host is vulnerable to a number of vulnerabilities. The 

application fails to properly parse and sanitize data sent to the 'misc.php', 'usercp2.php', 

'inc/functions_online.php', and 'moderation.php' scripts. The details of these flaws are 


currently unknown; however, the vendor has released a fix. The reported version of MyBB 

is: \n %L 


CVE-2008-3966 

Database Connection Configuration Information Disclosure 


RISK: 

MEDIUM 



violation.\n\nPVS has just noted a web transaction that included database connection 

information. This includes database name, user ID, password and more. The information 

resides at the following location: \n%P\n\nThe information that is hosted on the remote web 

server includes the following: \n %L >\n\n 

Solution: Ensure that such information is not stored or sent in plaintext. Note: PVS only reports on 

the first occurence of this item on a web server. Parse your entire web source for similar 

occurrences. 


Dns2TCP Service Detection 

PVS ID: 4657 FAMILY: Backdoors RISK: NONE NESSUS ID:Not Available 

Description: The remote service supports the DNS-to-TCP protocol. This protocol hides network traffic 

protocols by embedding the traffic within seemingly innocuous DNS queries. This service 

can be used to bypass firewalls or proxies by obfuscating the true protocol within the DNS 

protocol. The configured 'zone' for the Dns2TCP server is '%P' 

Solution: Ensure that such services are allowed according to network policies and guidelines. Limit 

incoming traffic to this port if desired. 




RISK: 

MEDIUM 







Solution: 



Ensure that such information is not stored or sent in plaintext. Note: PVS only reports on 


occurrences. 




RISK: 

MEDIUM 









occurrences. 




RISK: 

MEDIUM 









occurrences. 


Java '.class' File Detection 



Description: The remote web server is hosting .class files. As an example, consider the following file 

%P\nDistributing such files over the web can be done, but the webmaster should make sure 

that they to not contain confidential data. Java '.class' files are easily decompiled into 

source code using tools such as Jad (/www.kpdus.com/jad.html). 

Solution: Ensure that confidential data is not present within the '.class' file. Note: PVS only reports 

on the first occurence of this item on a web server. Parse your entire web source for similar 


'.cnf' File Detection 

occurrences. 



Description: The remote web server is hosting .cnf files. As an example, consider the following file 


that they do not contain confidential data. '.cnf' files are typically configuration files that 

may contain information regarding application version, physical path and more. 

Solution: Ensure that confidential data is not present within the '.cnf' file. Note: PVS only reports on 


occurrences. 


Possible Social Security Number in Cookie 


Description: The remote web client sent a cookie with what appears to be an embedded Social 

Security Number. You should manually verify that confidential data is not being 

leaked from the network. The observed cookie was: \n %L 

Solution: Ensure that confidential data is not passed within plaintext cookies. Note: PVS only reports 


occurrences. 

'.log' File Detection 



Description: The remote web server is hosting .log files. As an example, consider the following file 


that they do not contain confidential data. '.log' files are typically log files that may contain 

information regarding local applications and settings. 

Solution: Ensure that confidential data is not present within the '.log' file. Note: PVS only reports on 


occurrences. 

'.conf' File Detection 





Description: The remote web server is hosting .conf files. As an example, consider the following file 


that they do not contain confidential data. '.conf' files are typically configuration files that 

may contain information regarding local applications and settings. 

Solution: Ensure that confidential data is not present within the '.conf' file. Note: PVS only reports on 


occurrences. 


Internal IP Address Disclosure 


Description: The remote web server has not properly configured its 'Host' settings. The server discloses 

its internal IP addresses within HTTP headers. Such information can give an attacker useful 

information regarding the IP address scheme of the internal network. This may aid the 

attacker in future attacks. The leaked information was: \n %L \n\nThe request that triggered 

this response was: \n%P 

Solution: Ensure that the server has a properly configured hostname. Note: PVS only reports on the 

first occurence of this item on a web server. Parse your entire web source for similar 

occurrences. 


Persistent Cookie Utilization 


Description: The remote web server utilizes persistent cookies. Persistent cookies are stored on the hard 

drive by the user browser. If there is confidential data within the cookies (such as user ID, 

authentication tokens, etc.), an attacker with access to the hard drive can view this data. The 

application that generated this cookie was: \n%P\n\nThe cookie that was passed was: \n %L 

Solution: Ensure that persistent cookies are not used for any sort of confidential data. Note: PVS only 

reports on the first occurence of this item on a web server. Parse your entire web source for 

similar occurrences. 


ActiveX Control Detection 


Description: The remote web server is hosting content that includes an embedded call to ActiveX. The 

CLSID of the ActiveX control is: \n %L \n\nThe control is referenced at the following 

location: \n%P 

realtimeonly 



Solution: N/A 


ActiveX Control Detection 


Description: The remote web server is hosting content that includes an embedded call to ActiveX. The 

CLSID of the ActiveX control is: \n %L >\n\nThe control is referenced at the following 

location: \n%P 

Solution: N/A 

realtimeonly 


Trojan/Backdoor - Potential Malicious Microsoft Executable Being Served 


Description: Synopsis :\n\nThe remote host may be compromised.\n\nThis service appears to send a 

Microsoft Windows executable when a connection to it is established. This may be 

evidence of a type of malware that is known to propagate in this manner. 

realtime 

Solution: Check the host and disinfect or reinstall if necessary. 


Possible Social Security Number in Cookie 


Description: The remote web server sent a cookie with what appears to be an embedded Social 

Security Number. You should manually verify that confidential data is not being 

leaked from the network. The observed cookie was set to: \n %L \n\nThe request that 

generated the cookie was: \n%P 

Solution: Ensure that confidential data is not passed within plaintext cookies. Note: PVS only reports 


occurrences. 



Possible User ID and Password Sent Within a Web Form (POST) 



Description: The remote web client posted a form with what appears to be an embedded user ID 

and password. You should manually verify that confidential data is not being leaked 

from the network. The observed POST request was: \n %L 

Solution: Ensure that confidential data is not passed via plaintext form fields. Note: PVS only reports 


occurrences. 


Possible User ID and Password Sent Within a Web Form (GET) 


Description: The remote web client posted a form with what appears to be an embedded user ID 

and password. You should manually verify that confidential data is not being leaked 

from the network. The observed POST request was: \n %L 

Solution: Ensure that confidential data is not passed via plaintext form fields. Use SSL for any type 

of authentication. Also, you should consider forcing the use of POST versus GET on web 

forms. Note: PVS only reports on the first occurence of this item on a web server. Parse 

your entire web source for similar occurrences. 


Flash '.swf' File Detection 


Description: The remote web server is hosting .swf files. As an example, consider the following file 


that they do not contain confidential data. Flash '.swf' files are easily decompiled into 

source code using tools such as Flare (www.nowrap.de/flare.html). 

Solution: Ensure that confidential data is not present within the '.swf' file. Note: PVS only reports on 


occurrences. 


SOAP '.wsdl' File Detection 


Description: The remote web server is running a SOAP service that is enumerated via a '.wsdl' 

configuration file. As an example, consider the following file %P\nDistributing such files 

over the web can be done, but the webmaster should make sure that they do not contain 


Solution: 



Ensure that confidential data is not present within the '.wsdl' file. Note: PVS only reports on 


occurrences. 


SOAP '.disco' File Detection 


Description: The remote web server is running a SOAP service that is enumerated via a '.disco' 

configuration file. As an example, consider the following file %P\nDistributing 

such files over the web can be done, but the webmaster should make sure that they 

do not contain confidential data. 

Solution: Ensure that confidential data is not present within the '.disco' file. Note: PVS only reports 


occurrences. 


User Credentials Stored in Cookie 


Description: The remote web server was just observed passing a 'Set-Cookie' directive with what 

appears to be user ID or password information. Examine the following cookie to ensure that 

confidential data is not being passed via a plain text cookie: %L\n\nThe requested URI that 

prompted this cookie was:\n%P 

Solution: Ensure that confidential data is not present within the cookie. 


Virus / Backdoor Client Detection 


Description: Synopsis : \n\nThe remote host has been compromised and is running a 'backdoor' 

program.\n\nThe remote host appears to be infected with a backdoor. This strain of 

backdoor malware is known to change the browser 'User-Agent' string in order to identify 

itself to server machines. The observed network traffic from this machine was: \n %L 

Solution: Manually examine and clean the host. 



Ruby on Rails < 2.1.1 Active Record Multiple Parameter SQL Injection 



Description: Synopsis :\n\nThe remote host is vulnerable to a SQL injection attack.\n\nThe remote 


version of Rails is reported to be vulnerable to a flaw in the way that it handles ':offset' and 

':limit' parameters. An attacker exploiting these flaws would only require the ability to send 

malformed requests to the application. Successful exploitation would result in the attacker 

executing arbitrary SQL commands on the database used by Ruby on Rails. 


CVE-2008-4094 

DB2 < 8 FixPak 17 Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote database server is affected by multiple issues.\n\nAccording to its 

version, the installation of DB2 on the remote host is affected by multiple issues :\n\n - By 

sending a malicious DB2 UDB v7 client CONNECT/DETACH requests it may be possible 

to crash the remote DB2 server (IZ08134).\n\n - An unspecified vulnerability related to 

'DB2FMP' exists in DB2 (IZ20350).\n\n - By sending malicious packets to 'DB2JDS', it 

may be possible to crash the remote DB2 server (JR29274).\n\n - While running on 

Windows 'DB2FMP' runs with OS privileges (JR30228).\n\n - DAS server code is affected 

by a buffer overflow vulnerability (IZ22004).\n\n - Using INSTALL_JAR it may be 

possible to create and overwrite critical files on the system (IZ22142). 

Solution: Apply DB2 UDB Version 8 FixPak 17 or higher. 

CVE-2008-3960 

Google Chrome < 0.2.149.29 Multiple Vulnerabilities 


Description: Synopsis : \n\nThe remote host contains a web browser that is affected by multiple 

vulnerabilities.\n\nThe version of Google Chrome installed on the remote host is earlier 

than 0.2.149.29. Such versions are reportedly are affected by several issues : \n\n - A buffer 

overflow involving long filenames that display in the 'Save As...' dialog could lead to 

arbitrary code execution (Issue number 1414).\n - A buffer overflow in handling of link 

targets displayed in the status area when a user hovers over a link could lead to arbitrary 

code execution (Fix number 1797).\n - An out-of-bounds memory read when parsing URLs 

ending in ': %' could cause the application itself to crash (Issue number 122).\n - The 

default Downloads directory is set to Desktop, which could lead to malicious cluttering of 

the desktop with unwanted downloads and even execution of arbitrary programs (Fix 

number 17933).\nThe exact browser version is: \n %L 


CVE-2008-6998 







10.5.5. Mac OS X 10.5.5 contains security fixes for a number of programs.\nIAVA 

Reference : 2008-A-0045\nIAVB Reference : 2008-B-0078\nSTIG Finding Severity : 

Category I 


CVE-2008-3622 

Hitachi IP Phone Detection 


Description: The remote server is a Hitachi WIP5000 IP Phone terminal. 

Solution: N/A 


Trend Micro OfficeScan 'cgiRecvFile.exe' Buffer Overflow 


Description: Synopsis :\n\nThe remote host contains an application that is affected by a buffer overflow 

vulnerability.\n\nTrend Micro OfficeScan or Client Server Messaging Security is installed 

on the remote host. The installed version is affected by a buffer overflow vulnerability. By 

setting the parameter 'ComputerName' to a very long string in a specially crafted HTTP 

request, a malicious user within the local network may be able to trigger a stack-based 

overflow in 'cgiRecvFile.exe'. Exploitation of this issue requires manipulation of the 

parameters 'TempFileName', 'NewFileSize', and 'Verify' and, if successful, would result in 

arbitrary code execution on the remote system. 

Solution: Upgrade to : \n\n - Trend Micro OfficeScan 8.0 Build 1361/2424 or 3060 depending on the 

current OfficeScan patch level.\n - Trend Micro Client Server Messaging Security 3.6 

Build 1195.\n - Trend Micro OfficeScan 7.3 Build 3167. 

CVE-2008-2437 


IBM WebSphere Application Server 6.1 < Fix Pack 19 Unspecified Vulnerability 


Description: Synopsis :\n\nThe remote application server is affected by an unspecified vulnerability.\n\n 

IBM WebSphere Application Server 6.1 before Fix Pack 19 appears to be running on the 

remote host. Such versions reportedly have an as-yet unspecified security exposure when 

the 'FileServing' feature in the Servlet Engine / Web Container component is enabled. 

(PK64302). 



CVE-2008-4111 

Invision Power Board < 2.3.6 index.php name Parameter SQL Injection 


Description: Synopsis : \n\nThe remote host is vulnerable to a SQL injection attack.\n\nThe remote host 

is running Invision Board, a CGI suite designed to set up a bulletin board system on the 

remote web server. This version of Invision Board is vulnerable to a SQL injection attack 

due to a lack of parsing on the 'name' parameter of the index.php script. An attacker 

exploiting this flaw would be able to execute arbitrary commands against the remote 

database server. The reported version of Invision was: \n %L 


CVE-2008-4171 

ProFTPD Command Truncation Cross-Site Request Forgery 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote FTP server is prone to a cross-site request forgery attack.\n\nThe 

remote host is using ProFTPD, a free FTP server for Unix and Linux. The version of 

ProFTPD running on the remote host splits an overly long FTP command into a series of 

shorter ones and executes each in turn. If an attacker can trick a ProFTPD administrator 

into accessing a specially-formatted HTML link, he may be able to cause arbitrary FTP 

commands to be executed in the context of the affected application with the administrator's 

privileges. 


CVE-2006-5815 




MyBB installed on the remote host is vulnerable to a number of vulnerabilities. The 

application fails to properly parse and sanitize data sent to the following scripts: global.php, 

announcements.php, admin/inc/class_page.php, inc/functions.php, 

inc/datahandlers/post.php, inc/class_error.php, polls.php, moderation.php, 

inc/class_moderation.php, usercp.php, and attachments.php. The details of these flaws is 

currently unknown; however, the vendor has released a fix. The reported version of MyBB 

is: \n %L 





JBoss EAP < 4.2.0.CP04 / 4.3.0.CP02 Status Servlet Information Disclosure 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is vulnerable to a flaw that allows attackers to retrieve 

sensitive files or data.\n\nThe version of JBoss Enterprise Application Platform (EAP) 

running on the remote host allows attackers to download '.class' files. These files can be 

easily decompiled using a tool such as 'jad'. The attacker would then have access to the 

source code which could lead to more sophisticated attacks. The reported version of JBOSS 

is: \n %L 

Solution: Upgrade to version 4.2.0.CP04, 4.3.0.CP02 or higher. 

CVE-2008-3519 

PHP iCalendar < 2.25 Administrative Bypass 



bypassing of authentication.\n\nThe remote host is running PHP iCalendar, an 

open-source PHP blog. This version of iCalendar is vulnerable to a flaw where 

a remote user can, by manually changing their cookie, gain administrative 

access to the application. The reported version of PHP iCalendar is: \n %L \n 

Solution: When available, upgrade to version 2.25 or higher. 

CVE-2006-1292 



Description: Synopsis : \n\nThe remote Windows host contains a web browser that is affected by 


issues : \n\n- An attacker can cause the content window to move while the mouse is being 

clicked, causing an item to be dragged rather than clicked-on (MFSA 2008-40).\n - 

Privilege escalation is possible via 'XPCnativeWrapper' pollution (MFSA 2008-41).\n - 

There are several stability bugs in the browser engine that may lead to crashes with 

evidence of memory corruption (MFSA 2008-42).\n - Certain BOM characters and low 

surrogate characters, if HTML-escaped, are stripped from JavaScript code before it is 

executed, which could allow for cross-site scripting attacks (MFSA 2008-43).\n - The 

'resource: ' protocol allows directory traversal on Linux when using URL-encoded slashes, 

and it can by used to bypass restrictions on local HTML files (MFSA 2008-44).\nThe 

reported browser version was: \n %L 




CVE-2008-4068 





issues : \n\n - Using a specially crafted UTF-8 URL in a hyperlink, an attacker might be 

able to exploit a stack buffer overflow in the Mozilla URL parsing routes to execute 

arbitrary code (MFSA 2008-37).\n - It is possible to bypass the same-origin check in 

'nsXMLDocument: : OnChannelRedirect()' (MFSA 2008-38).\n - There are a series of 

vulnerabilities in 'feedWriter' that allow scripts from page content to run with chrome 

privileges (MFSA 2008-39).\n - An attacker can cause the content window to move while 

the mouse is being clicked, causing an item to be dragged rather than clicked-on (MFSA 

2008-40).\n - Privilege escalation is possible via 'XPCnativeWrapper' pollution (MFSA 

2008-41).\n - There are several stability bugs in the browser engine that may lead to crashes 

with evidence of memory corruption (MFSA 2008-42).\n - Certain BOM characters and 

low surrogate characters, if HTML-escaped, are stripped from JavaScript code before it is 

executed, which could allow for cross-site scripting attacks (MFSA 2008-43).\n - The 

'resource: ' protocol allows directory traversal on Linux when using URL-encoded slashes, 

and it can be used to bypass restrictions on local HTML files (MFSA 2008-44).\n - A bug 

in the XBM decoder allows random small chunks of uninitialized memory to be read 

(MFSA 2008-45).\nThe reported browser version was: \n %L 


CVE-2008-4069 




Description: Synopsis : \n\nA web browser on the remote host is affected by multiple vulnerabilities.\n\n 

The installed version of SeaMonkey is affected by various security issues : \n\n - Using a 

specially crafted UTF-8 URL in a hyperlink, an attacker might be able to exploit a stack 

buffer overflow in the Mozilla URL parsing routes to execute arbitrary code (MFSA 

2008-37).\n - It is possible to bypass the same-origin check in 'nsXMLDocument: : 

OnChannelRedirect()' (MFSA 2008-38).\n - An attacker can cause the content window to 

move while the mouse is being clicked, causing an item to be dragged rather than 

clicked-on (MFSA 2008-40).\n - Privilege escalation is possible via 'XPCnativeWrapper' 

pollution (MFSA 2008-41).\n - There are several stability bugs in the browser engine that 

may lead to crashes with evidence of memory corruption (MFSA 2008-42).\n - Certain 

BOM characters and low surrogate characters, if HTML-escaped, are stripped from 

JavaScript code before it is executed, which could allow for cross-site scripting attacks 

(MFSA 2008-43).\n - The 'resource: ' protocol allows directory traversal on Linux when 

using URL-encoded slashes, and it can by used to bypass restrictions on local HTML files 

(MFSA 2008-44).\n - A bug in the XBM decoder allows random small chunks of 

uninitialized memory to be read (MFSA 2008-45).\nThe reported browser version was: \n 

%L 



CVE-2008-3836 

Mantis < 1.1.4 HTTPS Session Cookie Secure Flag Weakness 


RISK: 

MEDIUM 


Description: The remote server is running Mantis, a bug-tracking software. The reported version is '%L'. 

This version of Mantis is vulnerable to a flaw where cookies passed over SSL are not 

marked as 'Secure'. Given this, the cookie can be requested over HTTP and sent via 

plaintext. 


Postfix Detection 

CVE-2008-3102 


Description: The remote mail server is running Postfix, an open source SMTP server. The observed 

banner was: \n %L 

Solution: N/A 







issues :\n\n - Using a specially crafted UTF-8 URL in a hyperlink, an attacker might be able 

to exploit a stack buffer overflow in the Mozilla URL parsing routes to execute arbitrary 

code (MFSA 2008-37).\n - It is possible to bypass the same-origin check in 

'nsXMLDocument::OnChannelRedirect()' (MFSA 2008-38).\n - Privilege escalation is 

possible via 'XPCnativeWrapper' pollution (MFSA 2008-41).\n - There are several stability 

bugs in the browser engine that may lead to crashes with evidence of memory corruption 

(MFSA 2008-42).\n - Certain BOM characters and low surrogate characters, if 

HTML-escaped, are stripped from JavaScript code before it is executed, which could allow 

for cross-site scripting attacks (MFSA 2008-43).\n - The 'resource:' protocol allows 

directory traversal on Linux when using URL-encoded slashes, and it can by used to bypass 

restrictions on local HTML files (MFSA 2008-44).\n - There is a heap buffer overflow that 

can be triggered when canceling a newsgroup message (MFSA 2008-46). 



CVE-2008-4070 

MailMarshal < 6.4 Spam Quarantine Management XSS 


Description: Synopsis :\n\nThe remote host has an application that is affected by a cross-site scripting 

vulnerability.\n\nThe remote host is running MailMarshal SMTP, a mail server for 

Windows version '%L'. The Spam Quarantine Management web component included with 

the version of MailMarshal SMTP installed on the remote host is affected by a persistent 

cross-site scripting vulnerability in its 'delegated spam management' feature. By exploiting 

this issue, it may be possible for an internal user to install a malicious program on another 

internal user's (victim) computer, steal session cookies or launch similar attacks. Successful 

exploitation would require a victim to accept an email invitation for delegated spam 

management from an attacker. 


CVE-2008-2831 

lighttpd < 1.4.20 Multiple Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server may be affected by several 

issues.\n\nAccording to its banner, the version of lighttpd installed on the 

remote host is older than 1.4.20. Such versions may be affected by 

several issues, including :\n\n - SSL connections could be shut down by a 

remote attacker.\n - URL rewrite and redirect patterns can be 

circumvented by encoding.\n - mod_userdir does not sanitize URLs, 

which could lead to an information disclosure on case insensitive file 

systems e.g. http://example.com/~user/file.PHP would get the source 

code of file.php, instead of running the script.\n - The server leaks 

memory when it processes duplicate headers. This could lead to a denial 

of service by resource exhaustion. 


CVE-2008-4298 

Serv-U < 7.3.0.1 Multiple Remote Vulnerabilities 



Description: Synopsis :\n\nThe remote FTP server is affected by several vulnerabilities.\n\nThe remote 

host is running Serv-U File Server, an FTP server for Windows. The reported version 

number is: '%L'\n\nThe installed version of Serv-U is earlier than 7.3.0.1 and thus is 

reportedly affected by the following issues :\n - An authenticated remote attacker can cause 

the service to consume all CPU time on the remote host by specifying a Windows port (eg, 


'CON:') when using the STOU command provided he has write access to a directory.\n - An 

authenticated remote attacker can overwrite or create arbitrary files via a directory traversal 

attack in theRNTO command.\n - An authenticated remote attacker may be able to upload a 

file to the current Windows directory with rename by placing the destination in '\' (ie, 'My 

Computer'). 


CVE-2008-4501 

Blue Coat Reporter Detection 


Description: Synopsis : \n\nThe remote web server is used to monitor web traffic.\n\nThe remote host is 

running Blue Coat Reporter, a web reporting system for monitoring centralized logs from 

Blue Coat appliances. This web service is used to access the application. The reported 


Solution: Filter incoming traffic to this port if desired. 


Blue Coat Reporter Default admin Credentials 


Description: Synopsis :\n\nThe administrative password for the remote web service can be 

guessed.\n\nThe remote Blue Coat Reporter is using the default credentials of 'admin' for 

both the username and password. 

Solution: Change the admin password. 


OpenNMS Server Detection 


Description: Synopsis :\n\nThe remote web server is used to monitor network devices.\n\nThe remote 

host is running OpenNMS, an open source network management application. This web 

interface is used to manage the server. 

Solution: Filter incoming traffic to this port if desired. 


Simple Machines Forum < 1.1.7 Incomplete BBcode Block Security Bypass 



RISK: 

MEDIUM 



Description: Synopsis : \n\nThe remote host is vulnerable to a security bypass flaw.\n\nThe remote host 

is running Simple Machines Forum (SMF), a web forum. This version of SMF is 

vulnerable to a flaw where attackers can bypass security filtering by surrounding the 

content with an incomplete BBcode block. Successful exploitation would result in the 

attacker posting banned content within the web content. The reported version of SMF is: \n 

%L \n 



eDirectory < 8.7.3 SP10 FTF1 Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote directory service is affected by multiple vulnerabilities.\n\n The 

remote host is running eDirectory, a directory service software from Novell. The installed 

version of Novell eDirectory is affected by multiple heap overflows and denial of service 

vulnerabilities :\n\n - DS module is affected by two heap overflow vulnerabilities (Bugs 

407275, 407256).\n - EMBOX module is affected by two denial of service vulnerabilities 

(Bugs 407243, 407245). 

Solution: Upgrade to eDirectory 8.7.3 SP10 FTF1 or higher. 

CVE-2008-5038 

Trend Micro OfficeScan < 7.3 Build 3172 Client Traversal Arbitrary File Access 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server is affected by a directory traversal issue.\n\n The 

version of Trend Micro OfficeScan client running on the remote host is affected by a 

directory traversal issue, which can be leveraged by an unauthenticated remote attacker to 

read arbitrary files on the remote host. Note that successful exploitation requires that 

'Tmlisten.exe' be configured to receive updates from other clients. The reported version of 

OfficeScan is: \n %L 

Solution: Upgrade to version 7.3 Build 3172 or higher. 

CVE-2008-2439 





issues.\n\nThe version of Opera installed on the remote host is earlier than 9.60 and is 

reportedly affected by several issues :\n - Specially crafted URLs can cause Opera to crash 

or allow arbitrary code execution.\n - Once a Java applet has been cached, a page that can 

predict the cache path for that applet can load it from cache thereby causing it to run in the 


security context of the local machine, allowing for reading of other files from the cache. 


CVE-2008-4695 



Description: Synopsis :\n\nThe remote printer service is affected by multiple 

vulnerabilities.\n\nAccording to its banner, the version of CUPS installed on the remote 

host is earlier than 1.3.9. Such versions are affected by several issues :\n\n - The HP-GL/2 

filter does not adequately check the ranges on the pen width and pen color opcodes, which 

allows an attacker to overwrite memory addresses with arbitrary data and which may result 

in execution of arbitrary code (STR #2911).\n - There is a heap-based buffer overflow in 

the SGI file format parsing module that can be triggered with malformed Run Length 

Encoded (RLE) data to execute arbitrary code (STR #2918).\n - There is an integer 

overflow vulnerability in the 'WriteProlog()' function in the 'texttops' application that can 

be triggered when calculating the page size used for storing PostScript data to execute 

arbitrary code (STR #2919). 


CVE-2008-3641 

VLC Media Player < 0.9.3 XSPF Playlist Memory Corruption 


Description: Synopsis : \n\nThe remote Windows host contains an application that is affected by a 

memory corruption vulnerability.\n\nThe version of VLC Media Player installed on the 

remote host is earlier than 0.9.3. Such versions do not properly bounds-check an identifier 

tag in XSPF files in the 'demux/playlist/xspf.c' library before using it to index into an array 

on the heap. By tricking a user into opening a malicious XSPF file, it may be possible to 

execute arbitrary code within the context of the affected application.\nThe reported version 

of VLC is: \n %L 

Solution: Upgrade to version 0.9.4 or higher (there are no official binaries for Windows of version 

0.9.3). 

CVE-2008-4558 

Copyright Information Within HTML Comments 




consisted of copyright information within the HTML comments. The copyright information 

observed was: \n %L \n\nThe request which generated this response was: \n%P 


Solution: Ensure that there is code coverage within the corporate SDL. 


Email Address Obfuscated Within HTML Comments 



consisted of an email address obfuscated within the HTML comments. The email address 

observed was: \n %L \n\nThe request which generated this response was: \n%P 

Solution: Whenever possible, remove information that attackers may find useful for future attacks. 

'.dll' File Detection 



Description: The remote web server is hosting and allowing the download of '.dll' files. As an 

example, consider the following file %P\nThe webmaster should make sure that they 


Solution: N/A 




RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server is vulnerable to multiple attack vectors.\n\nThe 

observed version of Apache HTTP Server is %L.\n\nVersions of Apache HTTP Server 

earlier than 2.2.10 are potentially affected by multiple vulnerabilities :\n\n - An information 

disclosure vulnerability in mod_proxy_http. Note that this only affects Apache on Unix 

systems. (CVE-2010-2791)\n\n - The mod_proxy_ftp module in the version of Apache 

installed on the remote host fails to properly sanitize user-supplied URL input before using 

it to generate dynamic HTML output. Using specially crafted requests for FTP URLs with 

globbing characters (such as asterisk, tilde, opening square bracket, etc.), an attacker may 

be able to leverage this issue to inject arbitrary HTML and script code into a user's browser 

to be executed within the security context of the affected site. (CVE-2008-2939) 

Solution: Either disable the affected module or upgrade to version 2.2.10 or higher. 

CVE-2010-2791 


Titan FTP Server < 6.26 Build 631 SITE WHO Command DoS 



RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote FTP server is prone to a denial of service attack.\n\nThe version 

of Titan FTP Server installed on the remote host goes into an unstable state when it 

receives a 'SITE WHO' command. An unauthenticated remote attacker can leverage this 

issue to deny service to legitimate users. The reported version of Titan is: \n %L 


CVE-2008-6082 

Security Center < 3.4 Multiple Unspecified Traversals 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server contains a PHP application that is prone to directory 

traversal attacks.\n\nThe version of Tenable Security Center installed on the remote host 

appears to be earlier than 3.4.2.1. Such versions contain two vulnerabilities that allow a 

user who was logged into the Security Center to obtain system files. The reported version 

of Security Center is: \n %L 





RISK: 

MEDIUM 




reportedly affected by several issues : \n\n - It may be possible to reveal a user's browsing 

history by exploiting certain constructs in Opera's History Search results (903).\n - Opera's 

Fast Forward feature is affected by a cross-site scripting vulnerability (904). \n - While 

previewing certain news feeds, it may be possible for certain scripts to subscribe a user to 

arbitrary feeds, and also view contents of user subscribed feeds (905). The reported version 

of Opera is: \n %L 


DHCP Client Detection 

CVE-2008-4725 




Description: A DHCP client is running on this host. 

Solution: N/A 


Mac Software Update DNS Query Detection 


Description: The remote system was just observed making a DNS query for an apple.com update 

service. It is highly probable that this machine is running a Mac operating system. 

Solution: N/A 






Solution: N/A 






Solution: N/A 


Microsoft Software Update DNS Query Detection 


Description: The remote host is a Microsoft computer. PVS just observed the host making a DNS 

query for a Microsoft update server. 

Solution: N/A 




DB2 9.1 < Fix Pack 6 Multiple Vulnerabilities 



its version, the installation of DB2 9.1 on the remote host is affected by one or more of the 

following issues : \n\n - An unspecified error in 'SQLNLS_UNPADDEDCHARLEN()' may 

lead to a segmentation fault in DB2 server (LI73364).\n - DB2 does not mark inoperative or 

drop views and triggers if the definer cannot maintain the objects (IZ22306).\n - 

Password-related connection string keyword values may appear in trace output (IZ23915). 

The observed version of DB2 was: \n %L 

Solution: Apply DB2 Version 9.1 Fix Pack 6 or higher. 




Description: The remote host is a Microsoft computer. 

Solution: N/A 




Description: The remote host is a Microsoft computer. 

Solution: N/A 


Trend Micro OfficeScan HTTP Request Buffer Overflow 


Description: Synopsis : \n\nThe remote host contains an application that is affected by a buffer overflow 

vulnerability.\n\nTrend Micro OfficeScan is installed on the remote host. The installed 

version is affected by a buffer overflow vulnerability. By sending a specially crafted HTTP 

request to Trend Micro OfficeScan server CGI modules, it may be possible to trigger a 

stack based buffer overflow. Successful exploitation of this issue may result in arbitrary 

code execution on the remote system. The reported version of Trend Micro is: \n %L 

Solution: Upgrade to :\n\n - Trend Micro OfficeScan 7.3 Build 1374 or higher\n - Trend Micro 

OfficeScan 8.0 Build 3110 or higher 

CVE-2008-3862 





RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote application server is affected by multiple vulnerabilities.\n\nIBM 

WebSphere Application Server 6.0.2 before Fix Pack 31 appears to be running on the 

remote host. Such versions are reportedly affected by multiple vulnerabilities.\n\n - By 

sending a specially crafted HTTP request with the 'Host' header field set to more than 256 

bytes, it may be possible to crash the remote application server (PK69371).\n - An 

unspecified security exposure vulnerability exists if the 'fileServing' feature is enabled 

(PK64302).\n - Web services security fails to honor Certificate Revocation Lists (CRL) 

configured in Certificate Store Collections (PK61258). The reported version of WebSphere 

is: \n %L 


CVE-2008-4111 

VLC Media Player < 0.9.5 TY Media File Handling Memory Curruption 


Description: Synopsis : \n\nThe remote Windows host contains an application that is affected by a 

memory corruption vulnerability.\n\nThe version of VLC Media Player installed on the 

remote host is earlier than 0.9.5. Such versions do not properly parse TY media files. By 

sending a specially formatted TY file and tricking a user into opening the file, arbitrary 

code may be executed within the context of the affected application.\nThe reported version 

of VLC is: \n %L 


CVE-2008-4558 

OpenOffice < 2.4.2 WMF and EMF File Handling Buffer Overflows 


Description: Synopsis : \n\nThe remote Windows host has a program affected by multiple buffer 

overflows.\n\n The version of OpenOffice 2.x installed on the remote host is earlier than 

2.4.2. Such versions are affected by several issues : \n\n - Specially crafted WMF files can 

lead to heap-based overflows and arbitrary code execution (CVE-2008-2237).\n - Specially 

crafted EMF files can lead to heap-based overflows and arbitrary code execution 

(CVE-2008-2238). The reported version/build of OpenOffice is: \n %L 


CVE-2008-2238 

IBM Tivoli Storage Manager Version Detection 




Description: The remote host is running the IBM Tivoli Storage Manager version: \n %L 

Solution: N/A 





issues.\n\nThe version of Opera installed on the remote host is earlier than 9.62 and thus 

reportedly affected by several issues : \n\n - Opera fails to sanitize certain parameters 

passed to the 'History Search' (906).\n - The browser's same-origin policy may be violated 

because scripts running in the 'Links Panel' always run in the outermost frame of the page 

(907).\n\nSuccessful exploitation would result in the attacker being able to execute 

arbitrary script code in the unsuspecting user's browser and may also lead to cookie-based 

credential theft, browser setting modifications and other attacks. These attacks require that 

the attacker is able to trick a user into browsing to a malicious URI with the affected 

application. The reported version of Opera browser is: \n %L 


CVE-2008-4795 

UW-IMAP < 2007d.404 Multiple Utility Mailbox Name Overflow 


Description: Synopsis : \n\nThe remote host is vulnerable to a buffer overflow.\n\nThere is a flaw in the 

remote UW-IMAP server that allows a local user to execute arbitrary code on the server. 

The flaw is in the way that UW-IMAP handles malformed data sent to the 'tmail' and 

'dmail' local executables. An attacker exploiting this flaw would need local access as well 

as the ability to execute the aforementioned binaries. Successful exploiation would result in 

the attacker executing arbitrary code as the 'root' user. The observed banner (with version 

info) was: \n %L 

Solution: Upgrade to version 2007d.404 or higher. 

CVE-2008-5006 

Obsolete Web Server Detection 



Description: Synopsis : \n\nThe remote web server is obsolete.\n\nAccording to its version, the remote 

web server is obsolete and no longer maintained by its vendor or provider. A lack of 

support implies that no new security patches are being released for it. The remote version 

of the web server was: \n %L 


Solution: Upgrade to a newer version or switch to another server. 


Windows Unsupported Operating system 


Description: The remote host is running a Windows operating system that is no longer supported. The 

version of the host operating system is: \n %L 

Solution: N/A 


Windows 2000 < SP4 Detection 


Description: The remote host is running Windows 2000 prior to SP4. The full reported version was: \n 

%L 

Solution: N/A 




Description: The remote host is running Windows 2000 SP4. The full reported version was: \n %L 

Solution: N/A 


Windows XP < SP2 Detection 


Description: The remote host is running Windows XP prior to SP2. The full reported version was: \n %L 

Solution: N/A 






Description: The remote host is running Windows XP SP2. The full reported version was: \n %L 

Solution: N/A 




Description: The remote host is running Windows 2003 SP1. The full reported version was: \n %L 

Solution: N/A 


Windows 2003 (No Service Pack) Detection 


Description: The remote host is running Windows 2003 prior to Service Pack 1. The full reported 

version was: \n %L 

Solution: N/A 


Windows Vista (No Service Pack) Detection 


Description: The remote host is running Windows Vista prior to Service Pack 1. The full reported 

version was: \n %L 

Solution: N/A 


Windows Vista SP 1 Detection 


Description: The remote host is running Windows Vista Service Pack 1. The full reported version was: 

\n %L 

Solution: N/A 



System Requirements Lab Software Client Detection 



Description: The remote web browser has enabled an ActiveX / Java program that operates within the 

browser. The software, System Requirements Lab (SRL), is used to benchmark the 

capabilities of the client machine. 

Solution: Ensure that you are running the latest version of SRL. 


Bugzilla quips.cgi Unspecified Crafted Variable Security Bypass 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe security controls on the remote host can be bypassed.\n\nThe remote 

host is running Bugzilla, a bug-tracking software with a web interface. The version of 

Bugzilla on the remote host suffers from a flaw where an authenticated user can bypass 

security controls and modify quips. The reported version of Bugzilla is: \n %L \n 


CVE-2008-6098 

MySQL Enterprise Server 5.0 < 5.0.70 Privilege Bypass 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote database server is susceptible to a privilege bypass 

attack.\n\nThe version of MySQL Enterprise Server 5.0 installed on the remote host is 

earlier than 5.0.70. In such versions, it is possible for a local user to circumvent privileges 

through the creation of MyISAM tables employing the 'DATA DIRECTORY' and 'INDEX 

DIRECTORY' options to overwrite existing table files in the application's data directory. 

Note that this issue was supposed to have been addressed in version 5.0.60, but the fix was 

incomplete. The reported version of MySQL server is: \n %L 


CVE-2008-4098 


ClamAV < 0.94.1 get_unicode_name() Function Off-by-One Buffer Overflow 


Description: Synopsis : \n\nThe remote antivirus service is affected by a buffer overflow vulnerability. 

\n\nAccording to its version, the clamd antivirus daemon on the remote host is earlier than 

0.94.1. Such versions have an off-by-one heap overflow vulnerability in the code 

responsible for parsing VBA project files, specifically in the 'get_unicode_name()' function 

of 'libclamav/vba_extract.c', when a specific 'name' buffer is passed to it. Using a specially 

crafted VBA project file embedded in an OLE2 Office document, a remote attacker can 


trigger this vulnerability and execute arbitrary code on the remote host with the privileges 

of the 'clamd' process. The reported version of ClamAV is: \n %L 


CVE-2008-5050 

Mozilla Browser Plugin Detection 


Description: The remote Firefox web browser is configured to use browser plugins. A browser plugin 

adds functionality to the browser and often extends its attack surface. Many Firefox 

browser plugins are created and maintained by third-party software vendors or enthusiasts. 

PVS observed the following plugin: \n %L 

Solution: You should manually inspect the following plugin to ensure that it is allowed according to 



Flash Player APSB08-18 / APSB08-20 Multiple Vulnerabilities 


Description: Synopsis : \n\nThe remote Windows host contains a browser plugin that is affected by 

multiple vulnerabilities.\n\nAccording to its version number, an instance of Flash Player on 

the remote Windows host is 9.0.124.0 or earlier. Such versions are potentially affected by 

several vulnerabilities : \n\n - A potential port-scanning issue. (CVE-2007-4324)\n - 

Possible privilege escalation attacks against web servers hosting Flash content and 

cross-domain policy files. (CVE-2007-6243)\n - Potential Clipboard attacks. 

(CVE-2008-3873)\n - FileReference upload and download APIs that don't require user 

interaction. (CVE-2008-4401)\n - A 'Clickjacking' issue that could be abused by an attacker 

to lure a web browser user into unknowingly clicking on a link or dialog. 

(CVE-2008-4503)\n - A potential cross-site scripting vulnerability. (CVE-2008-4818)\n - A 

potential issue that could be leveraged to conduct a DNS rebinding attack. 

(CVE-2008-4819)\n - An information disclosure issue affecting only the ActiveX control. 

(CVE-2008-4820)\n - An information disclosure issue involving interpretation of the 'jar: ' 

protocol and affecting only the plugin for Mozilla browsers. (CVE-2008-4821)\n - An issue 

with policy file interpretation could potentially lead to bypass of a non-root domain policy. 

(CVE-2008-4822)\n - A potential HTML injection issue involving an ActionScript 

attribute. (CVE-2008-4823)\n\nThe reported version of Flash is: \n %L 

Solution: Upgrade to Flash Player version 10.0.12.36 / 9.0.151.0 or higher. 

CVE-2008-4823 


VLC Media Player 0.5.0 to 0.9.5 Stack-Based Buffer Overflows 




multiple buffer overflow vulnerabilities.\n\nA version of VLC between 0.5.0 and 0.9.5 is 

installed on the remote host. Such versions are affected by the following vulnerabilities : 

\n\n - RealText subtitle file (modules\demux\subtitle.c) processing is susceptible to a buffer 

overflow caused by user-supplied data from a malicious subtitle file being copied into static 

buffers without proper validation.\n - CUE image file (modules\access\vcd\cdrom.c) 

processing is susceptible to a stack-based buffer overflow because data supplied by the 

CUE file is supplied as an array index without proper validation.\n\nAn attacker may be 

able to leverage these issues to execute arbitrary code on the remote host by tricking a user 

into opening a specially crafted video file using the affected application. The reported 

version of VLC is: \n %L 


CVE-2008-5036 

Google Chrome < 0.3.154.9 Address Spoofing 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host contains a web browser that is affected by an address 

spoofing vulnerability.\n\nThe version of Google Chrome installed on the remote host is 

earlier than 0.3.154.9. Such versions are reportedly are affected by an address spoofing 

vulnerability in pop-ups. An attacker can leverage this issue to manipulate a window's 

address bar to show a different address than the actual origin of the content. The reported 

version of Chrome is: \n %L 



Zope < 2.11.3 PythonScript Handling DoS 


RISK: 

MEDIUM 



remote Zope server is vulnerable to a flaw in the way that it handles PythonScript code. 

Specifically, code may be executed that causes the remote server to use excessive 

resources. To be successful, an attacker would require the ability to access the application 

and create or modify PythonScript code. Successful exploitation would result in the 

attacker running arbitrary code with the permissions of the Zope server and consuming all 

system resources. The reported version of the Zope server is: \n %L 



Yosemite Backup Service Driver Detection 




Description: Synopsis :\n\nA database service is listening on the remote host.\n\n The remote host is 

running Yosemite Backup, a commercial backup solution for Windows, Linux and Novell 

NetWare and targeting small-to-medium sized businesses. 

Solution: N/A 





multiple vulnerabilities.\n\nThe installed version of Firefox is earlier than 2.0.0.18. Such 

versions are potentially affected by the following security issues : \n\n - Locally saved '.url' 

shortcut files can be used to read information stored in the local cache. (MFSA 2008-47)\n 

- The canvas element can be used in conjunction with an HTTP redirect to bypass 

same-origin restrictions and gain access to the content in arbitrary images from other 

domains. (MFSA 2008-48)\n - Arbitrary code execution is possible via Flash Player 

dynamic module unloading. (MFSA 2008-49)\n - By tampering with the 

window.__proto__.__proto__ object, one can cause the browser to place a lock on a 

non-native object, leading to a crash and possible code execution. (MFSA 2008-50)\n - 

There are several stability bugs in the browser engine that may lead to crashes with 

evidence of memory corruption. (MFSA 2008-52)\n - The browser's session restore feature 

can be used to violate the same-origin policy and run JavaScript in the context of another 

site. (MFSA 2008-53)\n - There is a buffer overflow that can be triggered by sending a 

specially crafted 200 header line in the HTTP index response. (MFSA 2008-54)\n - Crashes 

and remote code execution in nsFrameManager are possible by modifying certain 

properties of a file input element before it has finished initializing. (MFSA 2008-55)\n - 

The same-origin check in 'nsXMLHttpRequest: : NotifyEventListeners()' can be bypassed. 

(MFSA 2008-56)\n - The '-moz-binding' CSS property can be used to bypass security 

checks that validate codebase principals. (MFSA 2008-57)\n - There is an error in the 

method used to parse the default namespace in an E4X document caused by quote 

characters in the namespace not being properly escaped. (MFSA 2008-58)\n\nThe reported 

version of Firefox is: \n %L 


CVE-2008-5024 

Firefox 3.x < 3.0.4 Multiple Vulnerabilities 




multiple vulnerabilities.\n\nThe installed version of Firefox 3.0 is earlier than 3.0.4. Such 

versions are potentially affected by the following security issues : \n\n - Locally saved '.url' 

shortcut files can be used to read information stored in the local cache. (MFSA 2008-47)\n 

- By tampering with the window.__proto__.__proto__ object, one can cause the browser to 


place a lock on a non-native object, leading to a crash and possible code execution. (MFSA 

2008-50)\n - 'file: ' URIs are given chrome privileges when opened in the same tab as a 

chrome page or privileged 'about: ' page, which could allow an attacker to run arbitrary 

JavaScript with chrome privileges. (MFSA 2008-51)\n - There are several stability bugs in 

the browser engine that may lead to crashes with evidence of memory corruption. (MFSA 

2008-52)\n - The browser's session restore feature can be used to violate the same-origin 

policy and run JavaScript in the context of another site. (MFSA 2008-53)\n - There is a 

buffer overflow that can be triggered by sending a specially crafted 200 header line in the 

HTTP index response. (MFSA 2008-54)\n - Crashes and remote code execution in 

nsFrameManager are possible by modifying certain properties of a file input element before 

it has finished initializing. (MFSA 2008-55)\n - The same-origin check in 

'nsXMLHttpRequest: : NotifyEventListeners()' can be bypassed. (MFSA 2008-56)\n - The 

'-moz-binding' CSS property can be used to bypass security checks that validate codebase 

principals. (MFSA 2008-57)\n - There is an error in the method used to parse the default 

namespace in an E4X document caused by quote characters in the namespace not being 

properly escaped. (MFSA 2008-58)\nThe reported version of Firefox is: \n %L 


CVE-2008-5024 



Description: Synopsis : \n\nA web browser on the remote host is affected by multiple 

vulnerabilities.\n\nThe installed version of SeaMonkey is earlier than 1.1.13. Such versions 

are potentially affected by the following security issues : \n\n - Locally saved '.url' shortcut 

files can be used to read information stored in the local cache. (MFSA 2008-47)\n - By 

tampering with the window.__proto__.__proto__ object, one can cause the browser to 

place a lock on a non-native object, leading to a crash and possible code execution. (MFSA 

2008-50)\n - 'file: ' URIs are given chrome privileges when opened in the same tab as a 

chrome page or privileged 'about: ' page, which could allow an attacker to run arbitrary 

JavaScript with chrome privileges. (MFSA 2008-51)\n - There are several stability bugs in 

the browser engine that may lead to crashes with evidence of memory corruption. (MFSA 

2008-52)\n - The browser's session restore feature can be used to violate the same-origin 

policy and run JavaScript in the context of another site. (MFSA 2008-53)\n - There is a 

buffer overflow that can be triggered by sending a specially crafted 200 header line in the 

HTTP index response. (MFSA 2008-54)\n - Crashes and remote code execution in 

nsFrameManager are possible by modifying certain properties of a file input element before 

it has finished initializing. (MFSA 2008-55)\n - The same-origin check in 

'nsXMLHttpRequest: : NotifyEventListeners()' can be bypassed. (MFSA 2008-56)\n - The 

'-moz-binding' CSS property can be used to bypass security checks that validate codebase 

principals. (MFSA 2008-57)\n - There is an error in the method used to parse the default 

namespace in an E4X document caused by quote characters in the namespace not being 

properly escaped. (MFSA 2008-58)\nThe reported version of SeaMonkey is: \n %L 




CVE-2008-5024 

Safari < 3.2 Multiple Vulnerabilities 



issues.\n\nThe version of Safari installed on the remote Windows host is earlier than 3.2. 

Such versions are potentially affected by several issues : \n\n\n - Safari includes a version 

of zlib that is affected by multiple vulnerabilities. (CVE-2005-2096)\n - A heap buffer 

overflow issue in the libxslt library could lead to a crash or arbitrary code execution. 

(CVE-2008-1767)\n - A signedness issue in Safari's handling of JavaScript array indices 

could lead to a crash or arbitrary code execution. (CVE-2008-2303)\n - A memory 

corruption issue in WebCore's handling of style sheet elements could lead to a crash or 

arbitrary code execution. (CVE-2008-2317)\n - Multiple uninitialized memory access 

issues in libTIFF's handling of LZW-encoded TIFF images could lead to a crash or 

arbitrary code execution. (CVE-2008-2327)\n - A memory corruption issue in ImageIO's 

handling of TIFF images could lead to a crash or arbitrary code execution. 

(CVE-2008-2332).\n - A memory corruption issue in ImageIO's handling of embedded ICC 

profiles in JPEG images could lead to a crash or arbitrary code execution. 

(CVE-2008-3608)\n - A heap buffer overflow in CoreGraphics' handling of color spaces 

could lead to a crash or arbitrary code execution. (CVE-2008-3623)\n - A buffer overflow 

in the handling of images with an embedded ICC profile could lead to a crash or arbitrary 

code execution. (CVE-2008-3642)\n - Disabling autocomplete on a form field may not 

prevent the data in the field from being stored in the browser page cache. 

(CVE-2008-3644)\n - WebKit's plug-in interface does not block plug-ins from launching 

local URLs, which could allow a remote attacker to launch local files in Safari and lead to 

the disclosure of sensitive information. (CVE-2008-4216)\n\nThe reported version of Safari 

is: \n %L \nIAVB Reference : 2008-B-0078\nSTIG Finding Severity : Category I 


CVE-2008-4216 

Sun Java System Identity Manager Version Detection 


Description: The remote host is running the Sun Java System Identity Manager. This system is used to 

manage and audit user rights across an enterprise. PVS has observed version: \n %L 

Solution: N/A 


Microsoft Web Service client Version Detection 




Description: The remote host is a Microsoft Web Services SOAP client. The reported version of the 

client is: \n %L 

Solution: N/A 


SOAP/XML Plaintext Credentials Disclosure 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is running an inherently insecure protocol or 

application.\n\nThe remote SOAP client was just observed sending what appears to be 

login information. Review the following: \n %L 

Solution: Ensure that confidential data is only passed over encrypted protocols. 


SOAP/XML Plaintext Credentials Disclosure 


RISK: 

MEDIUM 



application.\n\nThe remote SOAP server was just observed receiving what appears to be 

login information over unencrypted HTTP. Review the following:\n%P 

Solution: Ensure that confidential data is only passed over an encryped protocol. 


Adobe AIR Version Detection 


Description: The remote host is running Adobe AIR version: \n %L 

Solution: N/A 



Adobe AIR APSB08-23 / APSB08-22 / APSB08-20 / APSB08-18 Multiple Vulnerabilities 


Description: Synopsis : \n\nThe remote Windows host contains a runtime environment that is affected 

by multiple issues.\n\nAccording to its version number, an instance of Adobe AIR on the 

remote Windows host is 1.5 or earlier. Such versions are potentially affected by several 

vulnerabilities : \n\n - A potential port-scanning issue. (CVE-2007-4324)\n\n - Possible 


privilege escalation attacks against web servers hosting Flash content and cross-domain 

policy files. (CVE-2007-6243)\n\n - Potential Clipboard attacks. (CVE-2008-3873)\n\n - 

FileReference upload and download APIs that don't require user interaction. 

(CVE-2008-4401)\n\n - A potential cross-site scripting vulnerability. (CVE-2008-4818)\n\n 

- A potential issue that could be leveraged to conduct a DNS rebinding attack. 

(CVE-2008-4819)\n\n - An information disclosure issue affecting only the ActiveX control. 

(CVE-2008-4820)\n\n - An information disclosure issue involving interpretation of the 'jar: 

' protocol and affecting only the plugin for Mozilla browsers. (CVE-2008-4821)\n\n - An 

issue with policy file interpretation could potentially lead to bypass of a non-root domain 

policy. (CVE-2008-4822)\n\n - A potential HTML injection issue involving an 

ActionScript attribute. (CVE-2008-4823)\n\n - Multiple input validation errors could 

potentially lead to execution of arbitrary code. (CVE-2008-4824)\n\n - An Adobe AIR 

application that loads data from an untrusted source could allow an attacker to execute 

untrusted JavaScript with elevated privileges. (CVE-2008-5108)\n\nThe reported version of 

Adobe AIR is: \n %L 


CVE-2008-5108 

SSH Tectia CBC Information Disclosure 



attacks.\n\nThe remote Tectia SSH server is vulnerable to a flaw within its Cipher-Block 

Chaining (CBC) mode. An attacker exploiting this flaw would be able to obtain four (4) 

plaintext bytes of the encrypted session. Note: successful attack will result in the SSH 

session terminating. 


CVE-2008-5161 




Description: Synopsis : \n\nThe remote Windows host contains a mail client that is affected by multiple 

vulnerabilities.\n\nThe installed version of Thunderbird is earlier than 2.0.0.18. Such 

versions are potentially affected by the following security issues : \n\n\n - The canvas 

element can be used in conjunction with an HTTP redirect to bypass same-origin 

restrictions and gain access to the content in arbitrary images from other domains. (MFSA 

2008-48)\n - By tampering with the window.__proto__.__proto__ object, one can cause the 

browser to place a lock on a non-native object, leading to a crash and possible code 

execution. (MFSA 2008-50)\n - There are several stability bugs in the browser engine that 

may lead to crashes with evidence of memory corruption. (MFSA 2008-52)\n - Crashes and 

remote code execution in nsFrameManager are possible by modifying certain properties of 

a file input element before it has finished initializing. (MFSA 2008-55)\n - The same-origin 

check in 'nsXMLHttpRequest: : NotifyEventListeners()' can be bypassed. (MFSA 


2008-56)\n - There is an error in the method used to parse the default namespace in an E4X 

document caused by quote characters in the namespace not being properly escaped. (MFSA 

2008-58)\n - Scripts in a malicious mail message can access the .document URI and 

.textContext DOM properties. (MFSA 2008-59)\n\nThe reported version of Thunderbird is: 

\n %L 


CVE-2008-5052 

Symantec Backup Exec Detection 


Description: The remote host is running Symantec Backup Exec, an enterprise solution for managing 

archived data. The reported version is: \n %L 

Solution: N/A 


Ruby on Rails < 2.0.5 Multiple Vulnerabilities 


RISK: 

MEDIUM 




version of Rails is reported to be vulnerable to a flaw in the way that it handles 

user-supplied input to the 'redirect_to()' function in the 'ActionController::Base' class. An 

attacker exploiting this flaw would be able to inject arbitrary HTTP headers that could lead 

to cross-site request forgery (CSRF), cross-site scripting (XSS) and other attacks. 


CVE-2008-5189 

MDaemon WorldClient < 10.0.2 Script Injection 



RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote mail server is prone to a script injection vulnerability.\n\nThe 

remote host is running Alt-N MDaemon, a mail server for Windows. According to its 

banner, a version of MDaemon mail server older than 10.0.2 is installed on the remote host. 

Such versions ship with a version of WorldClient (a webmail client) that is affected by a 

script injection vulnerability. By tricking a user into opening a specially crafted email, an 

attacker can exploit this issue to execute script code in the user's browser in the security 

context of the affected application and thereby steal cookie based credentials or launch 

other attacks. The reported version of MDaemon is: \n %L 



CVE-2008-6967 

vBulletin < 3.7.4 Visitor Messages Add-on HTML Injection 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is vulnerable to an HTML injection attack.\n\nThe version 


Specifically, the 'Visitor Messages' addon can be used by an attacker to inject script code 

into a public section of the bulletin board. An attacker exploiting this flaw would only need 

the ability to post data to the server. When an unsuspecting user browses the site, the script 

code would be executed within the client browser. The reported version of vBulletin is: \n 

%L 


MyBB < 1.4.4 CSRF 



RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is vulnerable to a cross-site request forgery (CSRF) 

attack.\n\nThe version of MyBB installed on the remote host is vulnerable to an 

information-disclosure flaw. Specifically, the 'my_post_key' variable of the 

'moderation.php' script can be harvested by malicious third party sites. An attacker can use 

this information to generate cross-site request forgery (CSRF) attacks. The reported version 

of MyBB is: \n %L \n 


CVE-2008-7082 

Apple Error Reporting DNS Lookup 


Description: The remote host is an Apple computer. PVS just observed the host making a query to 

an Apple server that handles error reports. 

Solution: N/A 


Apple iPhone Web Utility Detection 




Description: The remote host is running the Apple iPhone web utility. 

Solution: N/A 


NetWitness Version Detection 


Description: The remote host is running the NetWitness network investigator tool version: \n %L 

Solution: N/A 


CUPS < 1.3.10 Multiple Overflows 


Description: Synopsis : \n\nThe remote host is vulnerable to an integer overflow.\n\nAccording to its 

banner, the version of CUPS installed on the remote host is earlier than 1.3.10. Such 

versions are affected by multiple integer overflow vulnerabilities : \n\n - A potential integer 

overflow in the PNG image validation code in '_cupsImageReadPNG()'. (STR #2974)\n\n - 

A heap-based integer overflow in '_cupsImageReadTIFF()'. (STR #3031)\n\n - The web 

interface may be vulnerable to DNS rebinding attacks due to a failure to validate the HTTP 

Host header in incoming requests. (STR #3118)\n\n - A heap-based buffer overflow in 

pdftops. (CVE-2009-0195)\n\n - Flawed 'ip' structure initialization in the function 

'ippReadIO()' could allow an attacker to crash the application.\n\n The reported version of 

CUPS is: \n %L \n 


CVE-2009-0195 


Altiris Deployment Solution Server < 6.9.355 Password Disclosure (SYM08-020) 


Description: Synopsis : \n\nThe remote Windows host has a program that is affected by a password 

disclosure vulnerability.\n\nThe version of the Altiris Deployment Solution installed on the 

remote host is reportedly affected by a password disclosure vulnerability. Altiris 

Deployment Solution Server reportedly stores 'Application Identity Account password' in 

the system memory in plaintext. It may be possible for an authorized non-privileged user to 

retrieve this password and make unauthorized modifications to the client systems. The level 

of unauthorized access depends on the user group under which Application Identity 

Account was registered during installation. The reported version number is: \n %L 


Solution: Upgrade to version 6.9 Build 355 or higher. 

CVE-2008-6828 

CMS Made Simple admin/login.php cms_language Cookie Local File Inclusion 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server contains a PHP application that is susceptible to a 

local file inclusion attack.\n\nThe remote host is running CMS Made Simple, a content 

management system written in PHP. The version of CMS Made Simple installed on the 

remote host fails to sanitize user-supplied input to the 'cms_language' cookie when passed 

to the 'admin/login.php' script before using it to include PHP code. Regardless of PHP's 

'register_globals' and 'magic_quotes_gpc' settings, an unauthenticated attacker may be able 

to leverage this issue to view arbitrary files or possibly to execute arbitrary PHP code on 

the remote host, subject to the privileges of the web server user ID. The reported version of 

CMS Made Simple is: \n %L 


CVE-2008-5642 

Samba 3.0.29 - 3.2.4 Potential Memory Disclosure 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote Samba server may be affected by an information disclosure 


host is between 3.0.29 and 3.2.4 inclusive. Such versions reportedly can potentially leak 

arbitrary memory contents of the 'smbd' process due to a missing bounds check on 

client-generated offsets of secondary 'trans', 'trans2', and 'nttrans' requests. The reported 


Solution: Upgrade to version 3.2.5 / 3.0.33 or higher or apply the appropriate patch referenced in the 

project's advisory. 

CVE-2008-4314 

WordPress wp-includes/feed.php self_link() Function Host Header RSS Feed XSS 



RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server contains a PHP application that is affected by a 

cross-site scripting vulnerability.\n\nThe version of WordPress installed on the remote host 

fails to completely sanitize input to the the 'Host' request header before using it in the 

'self_link()' function in 'wp-includes/feed.php' to generate dynamic HTML output. An 

attacker may be able to leverage this to inject arbitrary HTML and script code into a user's 

browser to be executed within the security context of the affected site. The reported version 


of WordPress is: \n %L 


CVE-2008-5278 

ClamAV < 0.94.2 cli_check_jpeg_exploit() Malformed JPEG File DoS 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote antivirus service is vulnerable to a denial of service 

attack.\n\nAccording to its version, the clamd antivirus daemon on the remote host is earlier 

than 0.94.2. There is a recursive stack overflow involving the JPEG parsing code in such 

versions. A remote attacker may be able to leverage this issue to cause the application to 

recursively scan a specially crafted JPEG, which will eventually cause it to crash. The 

remote version of ClamAV is: \n %L 


CVE-2008-5314 

PowerDNS Version Detection 

PVS ID: 4777 FAMILY: DNS Servers RISK: INFO NESSUS ID:Not Available 

Description: The remote host is running PowerDNS version: \n %L 

Solution: N/A 




Description: Synopsis : \n\nThe remote host contains an instant messaging application that is affected by 

several vulnerabilities.\n\nThe version of Trillian installed on the remote host reportedly 

contains several vulnerabilities : \n\n - A stack buffer overflow in the tool tip processing 

code could allow an unauthenticated attacker to execute arbitrary code with client 

privileges on the remote system. (ZDI-08-077)\n\n - A vulnerability in the XML processing 

code responsible for handling specially formulated XML could lead to arbitrary code 

execution on the remote system. (ZDI-08-078)\n\n - A vulnerability in XML processing 

code responsible for handling malformed XML tags could lead to arbitrary code execution 

on the remote system. (ZDI-08-079)\n\n The reported version of Trillian is: \n %L 


CVE-2008-5403 



PHP 5 < 5.2.7 Multiple Vulnerabilities 




than 5.2.7. Such versions may be affected by several security issues : \n\n - Missing 

initialization of 'BG(page_uid)' and 'BG(page_gid)' when PHP is used as an Apache 

module may allow for bypassing security restrictions due to SAPI 'php_getuid()' 

overloading.\n\n - Incorrect 'php_value' order for Apache configuration may allow 

bypassing PHP's 'safe_mode' setting.\n\n - File truncation can occur when calling 

'dba_replace()' with an invalid argument.\n\n - The ZipArchive: extractTo() method in the 

ZipArchive extension fails to filter directory traversal sequences from file names.\n\n - 

There is a buffer overflow in the bundled PCRE library fixed by 7.8. (CVE-2008-2371)\n\n 

- A buffer overflow in the 'imageloadfont()' function in 'ext/gd/gd.c' can be triggered when 

a specially crafted font is given. (CVE-2008-3658)\n\n - There is a buffer overflow in 

PHP's internal function 'memnstr()', which is exposed to userspace as 'explode()'. 

(CVE-2008-3659)\n\n - When used as a FastCGI module, PHP segfaults when opening a 

file whose name contains two dots (eg, 'file..php'). (CVE-2008-3660)\n\n - Multiple 

directory traversal vulnerabilities in functions such as 'posix_access()', 'chdir()', 'ftok()' may 

allow a remote attacker to bypass 'safe_mode' restrictions. (CVE-2008-2665 and 

CVE-2008-2666).\n\n - A buffer overflow may be triggered when processing long message 

headers in 'php_imap.c' due to use of an obsolete API call. (CVE-2008-2829)\n\nThe 

reported version of PHP is: \n %L 


CVE-2008-5557 

Twiki < 4.2.4 Multiple Vulnerabilities 



is running the TWiki web application. This version of TWiki is vulnerable to a 

content-parsing flaw. An attacker exploiting this flaw would send commands to the TWiki 

application within backticks. Upon being parsed, the commands would be executed on the 

remote server with the permissions of the web process. This version of TWiki is also 

vulnerable to a flaw where users can execute a cross-site scripting (XSS) attack. The 

reported version of TWiki is: \n %L \n 


CVE-2008-5305 

Web Server Allows Download of .ini Files 




Description: The remote web server is hosting .ini files. As an example, consider the following 

file %P\nThe webmaster should make sure that they do not contain confidential data. 

Solution: N/A 


Dovecot ManageSieve Server Detection 


Description: The remote host is running the Dovecot mail server with the Dovecot ManageSieve 

management application. 

Solution: N/A 


IBM WebSphere Application Server 7.0 < Fix Pack 1 Multiple Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote application server is affected by multiple vulnerabilities.\n\nIBM 

WebSphere Application Server 7.0 before Fix Pack 1 appears to be running on the remote 

host. Such versions are reportedly affected by multiple vulnerabilities.\n\n - A vulnerability 

in feature pack for web services could lead to information disclosure due to 

'userNameToken' (PK67282).\n\n - A user locked by the underlying OS may be able to 

authenticate via the administrative console (PK67909).\n\n - Web authentication options 

'Authenticate when any URI is accessed' and 'Use available authentication data when an 

unprotected URI is accessed' are ignored. Servlets with no security constraints are not 

authenticated and usernames with the '@' symbol fail to authenticate (PK71826).\n\n - 

WS-Security in JAX-WS does not remove UsernameTokens from client cache on failed 

logins (PK72435).\n\n - SSL traffic is routed over unencrypted TCP routes (PK74777). The 

reported version is: \n %L 


CVE-2008-5414 

PHP < 5.2.8 magic_quotes_gpc Security Bypass 



Description: Synopsis : \n\nThe remote web server uses a version of PHP that is affected by a security 

bypass weakness.\n\nAccording to its banner, the version of PHP installed on the remote 

host is 5.2.7. This version introduced a regression with regard to 'magic_quotes' 

functionality due to an incorrect fix to the filter extension. As a result, the 

'magic_quotes_gpc' setting remains off even if it is set to on. The reported version of PHP 

is: \n %L 



CVE-2008-5844 

VLC Media Player < 0.9.8a RealMedia Processing Remote Integer Overflow 


Description: Synopsis : \n\nThe remote Windows host contains an application that is affected by an 

integer overflow vulnerability.\n\nThe version of VLC Media Player 0.9 installed on the 

remote host is earlier than 0.9.8a. Such versions contain a heap-based integer buffer 

overflow in the Real demuxer plugin (libreal_plugin.*'). If an attacker can trick a user into 

opening a specially crafted RealMedia (.rm) file, he may be able to execute arbitrary code 

within the context of the affected application. The reported version of VLC is: \n %L 

Solution: Upgrade to version 0.9.8a or higher. 

CVE-2008-5276 

PHPMyAdmin < 2.11.9.4 / 3.1.1.0 tbl_structure.php table Parameter SQL Injection 


RISK: 

MEDIUM 




version of phpMyAdmin is vulnerable to a SQL injection attack via the 'table' parameter of 

the 'tbl_structure.php script. An attacker exploiting this flaw would need to send a specially 

formatted HTTP request containing the attackers SQL commands. An attacker exploiting 

this flaw would be able to execute arbitrary SQL commands on the database server utilized 

by phpMyAdmin. 


CVE-2008-5621 

ClamAV < 0.94 Multiple Vulnerabilities 



Description: Synopsis : \n\nThe remote antivirus service is affected by multiple issues.\n\nAccording to 

its version, the clamd antivirus daemon on the remote host is earlier than 0.94. Such 

versions are affected by one or more of the following issues : \n\n - A segmentation fault 

can occur when processing corrupted LZH files. (Bug #1052)\n\n - Invalid memory access 

errors in 'libclamav/chmunpack.c' when processing malformed CHM files may lead to a 

crash. (Bug #1089)\n\n - An out-of-memory null dereference issue exists in 

'libclamav/message.c' / 'libclamav/mbox.c'. (Bug #1141)\n\n - Possible error path memory 

leaks exist in 'freshclam/manager.c'. (Bug #1141)\n\n - There is an invalid close on error 

path in 'shared/tar.c'. (Bug #1141)\n\n - There are multiple file descriptor leaks involving 

the 'error path' in 'libclamav/others.c' and 'libclamav/sis.c'. (Bug #1141).\n\nThe reported 


version of ClamAV is: \n %L 


CVE-2008-3914 

Moodle < 1.9.4 filter/tex/texed.php pathname Parameter Remote Command Execution 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server contains a PHP application that allows arbitrary 

command execution.\n\nThe version of Moodle installed on the remote host fails to sanitize 

user-supplied input to the 'pathname' parameter before using it in the 'filter/tex/texed.php' 

script in a commandline that is passed to the shell. Provided PHP's 'register_globals' setting 

and the TeX Notation filter has both been enabled and PHP's 'magic_quotes_gpc' setting is 

disabled, an unauthenticated attacker can leverage these issues to execute arbitrary code on 

the remote host subject to the privileges of the web server user ID. The reported version of 

Moodle is: \n %L 

Solution: Disable PHP's 'register_globals' or upgrade to version 1.9.4 or higher. 




Description: Synopsis : \n\nThe remote host is missing a Mac OS X update that fixes various security 


10.5.6. Mac OS X 10.5.6 contains security fixes for the following products : \n\n - ATS\n - 

BOM\n - CoreGraphics\n - CoreServices\n - CoreTypes\n - Flash Player Plug-in\n - 

Kernel\n - Libsystem\n - Managed Client\n - network_cmds\n - Podcast Producer\n - 

UDF\n\nThe reported version of Mac OS X is: \n %L 


CVE-2008-4824 




Description: Synopsis : \n\nThe remote host is missing a Mac OS X update that fixes various security 


10.5.6. Mac OS X 10.5.6 contains security fixes for the following products : \n\n - ATS\n - 

BOM\n - CoreGraphics\n - CoreServices\n - CoreTypes\n - Flash Player Plug-in\n - 

Kernel\n - Libsystem\n - Managed Client\n - network_cmds\n - Podcast Producer\n - 

UDF\n\nThe reported version of Mac OS X is: \n %L 



CVE-2008-4824 





reportedly affected by several issues : \n\n - It may be possible to execute arbitrary code on 

the remote system by manipulating certain text-area contents. (920)\n\n - It may be possible 

to crash the remote browser using certain HTML constructs or inject code under certain 

conditions. (921)\n\n - While previewing news feeds, Opera does not correctly block 

certain scripted URLs. Such scripts, if not blocked, may be able to subscribe a user to other 

arbitrary feeds and view contents of the feeds to which the user is currently subscribed. 

(923)\n\n - By displaying content using XSLT as escaped strings, it may be possible for a 

website to inject scripted markup. (924)\n\nThe reported version of Opera browser is: \n 

%L 







multiple vulnerabilities.\n\nThe installed version of Firefox is earlier than 2.0.0.19. Such 

versions are potentially affected by the following security issues : \n\n - There are several 

stability bugs in the browser engine that may lead to crashes with evidence of memory 

corruption. (MFSA 2008-60)\n\n - XBL bindings can be used to read data from other 

domains. (MFSA 2008-61)\n\n - The feed preview still allows for JavaScript privilege 

escalation. (MFSA 2008-62)\n\n - Sensitive data may be disclosed in an XHR response 

when an XMLHttpRequest is made to a same-origin resource, which 302 redirects to a 

resource in a different domain. (MFSA 2008-64)\n\n - A website may be able to access a 

limited amount of data from a different domain by loading a same-domain JavaScript URL 

which redirects to an off-domain target resource containing data that is not parsable as 

JavaScript. (MFSA 2008-65)\n\n - Errors arise when parsing URLs with leading 

whitespace and control characters. (MFSA 2008-66)\n\n - An escaped null byte is ignored 

by the CSS parser and treated as if it was not present in the CSS input string. (MFSA 

2008-67)\n\n - XSS and JavaScript privilege escalation are possible. (MFSA 2008-68)\n\n - 

XSS vulnerabilities in SessionStore may allow for violating the browser's same-origin 

policy and performing an XSS attack or running arbitrary JavaScript with chrome 

privileges. (MFSA 2008-69)\n\nNote that Mozilla is not planning further security / stability 

updates for Firefox 2.x.\n\n - A denial of service issue when the application handles a 

maliciously crafted webpage containing a 'HTMLSelectElement' object with a large length 

attribute.\n\nThe reported version of Firefox is: \n %L 


Solution: Upgrade to version 2.0.0.19, 3.0.5 or higher. 

CVE-2008-5513 




multiple vulnerabilities.\n\nThe installed version of Firefox 3.0 is earlier than 3.0.5. Such 




domains. (MFSA 2008-61)\n\n - The feed preview still allows for JavaScript privilege 

escalation. (MFSA 2008-62)\n\n - Sensitive data may be disclosed in an XHR response 

when an XMLHttpRequest is made to a same-origin resource, which 302 redirects to a 

resource in a different domain. (MFSA 2008-64)\n\n - A website may be able to access a 

limited amount of data from a different domain by loading a same-domain JavaScript URL 

which redirects to an off-domain target resource containing data that is not parsable as 

JavaScript. (MFSA 2008-65)\n\n - Errors arise when parsing URLs with leading 

whitespace and control characters. (MFSA 2008-66)\n\n - An escaped null byte is ignored 

by the CSS parser and treated as if it was not present in the CSS input string. (MFSA 

2008-67)\n\n - XSS and JavaScript privilege escalation are possible. (MFSA 2008-68)\n\n - 

XSS vulnerabilities in SessionStore may allow for violating the browser's same-origin 

policy and performing an XSS attack or running arbitrary JavaScript with chrome 

privileges. (MFSA 2008-69)\n\n - A denial of service issue when the application handles a 

maliciously crafted webpage containing a 'HTMLSelectElement' object with a large length 

attribute.\n\nThe reported version of Firefox is: \n %L 


CVE-2009-2535 




Description: Synopsis : \n\nA web browser on the remote host is affected by multiple 

vulnerabilities.\n\nThe installed version of SeaMonkey is earlier than 1.1.14. Such versions 

are potentially affected by the following security issues : \n\n - There are several stability 

bugs in the browser engine that may lead to crashes with evidence of memory corruption. 

(MFSA 2008-60)\n\n - XBL bindings can be used to read data from other domains. (MFSA 

2008-61)\n\n - The feed preview still allows for JavaScript privilege escalation. (MFSA 

2008-62)\n\n - Sensitive data may be disclosed in an XHR response when an 

XMLHttpRequest is made to a same-origin resource, which 302 redirects to a resource in a 

different domain. (MFSA 2008-64)\n\n - A website may be able to access a limited amount 

of data from a different domain by loading a same-domain JavaScript URL which redirects 

to an off-domain target resource containing data that is not parsable as JavaScript. (MFSA 

2008-65)\n\n - Errors arise when parsing URLs with leading whitespace and control 

characters. (MFSA 2008-66)\n\n - An escaped null byte is ignored by the CSS parser and 

treated as if it was not present in the CSS input string. (MFSA 2008-67)\n\n - XSS and 


JavaScript privilege escalation are possible. (MFSA 2008-68)\n\n - XSS vulnerabilities in 

SessionStore may allow for violating the browser's same-origin policy and performing an 

XSS attack or running arbitrary JavaScript with chrome privileges. (MFSA 

2008-69)\n\nThe reported version of SeaMonkey is: \n %L 


CVE-2008-5513 

Barracuda Spam Firewall < 3.5.12.007 Multiple Vulnerabilities (SQLi, XSS) 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server contains CGI scripts that are affected by several 

issues.\n\nThe remote Barracuda Spam Firewall device is using a firmware version earlier 

than 3.5.12.007. Such versions reportedly are affected by several issues : \n\n - There is a 

SQL injection vulnerability involving the 'pattern_x' parameter (where x 

Solution: Update to firmware version 3.5.12.007 or higher. 

CVE-2008-1094 

Firefox < 2.0.0.20 Cross-Domain Data Theft 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote Windows host contains a web browser that is affected by a 

cross-domain data theft vulnerability.\n\nThe installed version of Firefox is earlier than 

2.0.0.20. Such versions shipped without a fix for a security issue that was reportedly fixed 

in version 2.0.0.19. Specifically : \n\n - A website may be able to access a limited amount 

of data from a different domain by loading a same-domain JavaScript URL which redirects 

to an off-domain target resource containing data that is not parsable as JavaScript. (MFSA 

2008-65)\n\nNote that Mozilla is not planning further security / stability updates for Firefox 

2.x.\n\nThe reported version of Firefox is: \n %L 


CVE-2008-5507 

Kerio MailServer < 6.6.2 (KSEC-2008-12-16-01) Multiple XSS 



RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote mail server is affected by several cross-site scripting 

vulnerabilities.\n\nAccording to its banner, the remote host is running a version of Kerio 

MailServer prior to 6.6.2. Multiple files in such versions are reportedly affected by 

cross-site scripting vulnerabilities.\n\n - The application fails to sanitize input to the 'folder' 

parameter of the 'mailCompose.php' script as well as the 'daytime' parameter of the 


'calendarEdit.php' script before using it to generate dynamic HTML.\n\n - Content passed 

to 'sent' parameter of the 'error413.php' script is not sanitized before being returned to the 

user.\n\nSuccessful exploitation of these issues could lead to execution of arbitrary HTML 

and script code in a user's browser within the security context of the affected site.\n\nThe 

reported version of Kerio Mailserver is: \n %L 

Solution: Upgrade to versaion 6.6.2 or higher. 

CVE-2008-5769 

UW-IMAP < 2007e c-client Library Overflow 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is vulnerable to a buffer overflow.\n\nThere is a flaw in the 

remote UW-IMAP server that allows a remote user to execute arbitrary code on the server. 

The flaw is in the way that UW-IMAP handles malformed data sent to the 

'rfc822_output_char' function of the 'c-client' library. An attacker exploiting this flaw 

would only need the ability to send malformed data to the server process. The observed 

banner (with version info) was: \n %L \n 

Solution: Upgrade to version 2007e or higher. 

CVE-2008-5514 

McAfee ePO Version Detection 


Description: The remote host is running McAfee ePO version: \n %L 

Solution: N/A 


IceWarp Merak Mail Server < 9.4.0 IMG Tag XSS 



RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote webmail server is affected by a cross-site scripting 

vulnerability.\n\nThe remote host is running IceWarp Merak Mail Server, a webmail server 

for Windows and Linux. According to its banner, the version of IceWarp installed on the 

remote host is older than 9.4.0. Such versions reportedly fail to sanitize input passed to 

'IMG' HTML tags in an e-mail message before displaying them. A remote attacker could 

leverage this issue to inject arbitrary HTML and script code into a user's browser to be 

executed within the security context of the affected application. The reported version of 

Merak is: \n %L 



CVE-2008-5734 

OneOrZero Helpdesk tinfo.php Arbitrary File Upload 


Description: Synopsis : \n\nThe remote web server contains a PHP application that is affected by an 

arbitrary file upload vulnerability.\n\nThe remote host is running OneOrZero Helpdesk, a 

web-based helpdesk application written in PHP. The version of OneOrZero HelpDesk 

installed on the remote host allows uploads of arbitrary files via the 'tinfo.php' script 

provided the 'send_email' POST parameter is set. By uploading a file with arbitrary PHP 

code, an unauthenticated remote attacker can likely leverage this issue to execute code 

subject to the privileges of the web server user ID. In addition, there is a flaw in the 

login.php script when handling the 'default_language' parameter. An attacker would be able 

to view or execute arbitrary local files. Note that successful exploitation of this issue 

requires that 'Task Attachments' is enabled, which is true by default. Further, note that there 

is also reportedly a SQL injection issue involving the Content_Type for uploaded files and 

affecting this version of OneOrZero Helpdesk. If "Task Attachments' have been disabled, 

you are not vulnerable to this flaw.\n\nThe reported version of OneOrZero is: \n %L 

Solution: Log into the application's control panel as the administrator and disable 'Task Attachments' 

(under 'OneOrZero Settings'). When released, upgrade to version 1.6.5.8 or higher. 

CVE-2009-0886 

SPIP Version Detection 


Description: The remote host is running SPIP, an application used to rapidly create web content. The 

version of SPIP is: \n %L 

Solution: N/A 



SSL Certificate Signed Using Weak Hashing Algorithm 


Description: Synopsis :\n\nThe SSL certificate has been signed using a weak hash algorithm - 

MD5\n\nThe remote service uses an SSL certificate that has been signed using a 

cryptographically weak hashing algorithm - MD5. These algorithms are known to be 

vulnerable to collision attacks. In theory, a determined attacker may be able to leverage this 

weakness to generate another certificate with the same digital signature, which could allow 

him to masquerade as the affected service. 

Solution: Contact the Certificate Authority to have the certificate reissued. 


CVE-2004-2761 










CVE-2004-2761 










CVE-2004-2761 




Description: Synopsis : \n\nThe remote Windows host contains a mail client that is affected by multiple 

vulnerabilities.\n\nThe installed version of Thunderbird is earlier than 2.0.0.19. Such 




domains. (MFSA 2008-61)\n\n - Sensitive data may be disclosed in an XHR response when 

an XMLHttpRequest is made to a same-origin resource, which 302 redirects to a resource 

in a different domain. (MFSA 2008-64)\n\n - A website may be able to access a limited 

amount of data from a different domain by loading a same-domain JavaScript URL that 

redirects to an off-domain target resource containing data that is not parsable as JavaScript. 

(MFSA 2008-65)\n\n - Errors arise when parsing URLs with leading whitespace and 

control characters. (MFSA 2008-66)\n\n - An escaped null byte is ignored by the CSS 

parser and treated as if it was not present in the CSS input string. (MFSA 2008-67)\n\n - 

XSS and JavaScript privilege escalation are possible. (MFSA 2008-68)\n\nThe reported 


version of Thunderbird is: \n %L 


CVE-2008-5512 

Samba 3.2.0 - 3.2.6 Unauthorized Access 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote Samba server may be affected by an unauthorized access 


host is between 3.2.0 and 3.2.6 inclusive. Such versions reportedly allow an authenticated 

remote user to gain access to the root filesystem, subject to his or her privileges, by making 

a request for a share called '' (empty string) from a version of smbclient prior to 3.0.28. 

Successful exploitation of this issue requires 'registry shares' to be enabled, which is not 

enabled by default.\n\nThe reported version of Samba is: \n %L 

Solution: Upgrade to version 3.2.7 or higher or apply the appropriate patch referenced in the project's 

advisory. 

CVE-2009-0022 

Hamachi VPN Detection 


Description: The remote host is running a client VPN application that allows remote users to connect to 

the computer and use it as a tunnel into the internal network. Hamachi works by connecting 

to an Internet server (a 'frontend' server) from inside a firewalled network. The connection 

is then held open and can be accessed by users outside the network. Once connected to 

Hamachi, remote users would have the ability to access internal services as if they were 

directly attached to the network. 



Hamachi VPN Version Detection 



Description: The remote host is running a client VPN application that allows remote users to connect to 

the computer and use it as a tunnel into the internal network. Hamachi works by connecting 

to an internet server (a 'frontend' server) from inside a firewalled network. The connection 

is then held open and can be accessed by users outside the network. Once connected to 

Hamachi, remote users would have the ability to access internal services as if they were 

directly attached to the network. The version of Hamachi is: \n %L 




Serv-U < 7.4.0.0 Multiple Command Argument Handling DoS 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote FTP server is affected by a denial of service 

vulnerability.\n\nThe remote host is running Serv-U File Server, an FTP server for 

Windows. The installed version of Serv-U 7.x is earlier than 7.4.0.0, and is affected by a 

denial of service vulnerability. By using a specially crafted command such as XCRC, 

STOU, DSIZ, AVBL, RNTO, or RMDA, it may be possible for an authenticated attacker to 

render the FTP server temporarily unresponsive. The reported version of Serv-U is: \n %L 



HDHomerun Server Detection 


Description: The remote host is running HDHomerun, an application used to stream digital media. 

Ensure that such applications are authorized according to existing policies. 

Solution: N/A 


Comersus Cart < 7.099 Remote Password Disclosure 


Description: Synopsis : \n\nThe remote web application allows unauthorized access to other user 

accounts.\n\nThe installed version of Comersus Cart on the remote host suffers from a flaw 

where registered users can modify the email address and password of other users. The root 

cause is a failure of the 'comersus_customerModifyExec.asp' script to sanitize 

user-supplied input. An attacker exploiting this flaw would be able to change the 

credentials of other users. The reported version of Comersus Cart is: \n %L \n 



Simple Machines Forum < 1.1.8 Password Reset Function Bypass 



RISK: 

MEDIUM 



Description: Synopsis : \n\nThe remote host is vulnerable to a security bypass flaw.\n\nThe remote host 


vulnerable to a flaw where attackers can bypass security filtering related to the password 

reset function. The root cause of this flaw is reported to be the 'action' and 'reminder' 

parameters of index.php. An attacker exploiting this flaw would be able to reset the 

administrative password and gain full access to the application. In order for this attack to be 

successful, the attacker would need prior knowledge of the administrator nickname and 

numerical ID. Successful exploitation would result in the attacker gaining administrative 

access. The reported version of SMF is: \n %L \n 



Twitter Client Usage Detection 


Description: The remote host is accessing the Twitter social network. Twitter is a social tool that 

allows users to rapidly communicate their current tasks with other users. 

realtime 

Solution: N/A 


Ganglia Web Backend Version Detection 


Description: The remote host is running the Ganglia Web Backend (gmetad) version "%L" 

Solution: N/A 


Ganglia Web Backend < 3.0.7 process_path Function Overflow 



running the Ganglia Web Backend (gmetad) version "%L".\n\nThis version of Ganglia is 

vulnerable to a remote buffer overflow within the process_path() function. An attacker 

exploiting this flaw would need the ability to send malformed data to the Ganglia gmetad 

process. Successful exploitation would result in the attacker gaining control of the remote 

system. 




CVE-2009-0241 




vulnerabilities.\n\nThe version of QuickTime installed on the remote host is older than 7.6. 

Such versions contain several vulnerabilities : \n\n - A heap buffer overflow in QuickTime's 

handling of RTSP URLs may lead to an application crash or arbitrary code execution. 

(CVE-2009-0001)\n\n - A heap buffer overflow in QuickTime's handling of THKD atoms 

in QTVR (QuickTime Virtual Reality) movie files may lead to an application crash or 

arbitrary code execution. (CVE-2009-0002)\n\n - A heap buffer overflow while processing 

an AVI movie file may lead to an application crash or arbitrary code execution. 

(CVE-2009-0003)\n\n - A buffer overflow in the handling of MPEG-2 video files with 

MP3 audio content may lead to an application crash or arbitrary code execution. 

(CVE-2009-0004)\n\n - A memory corruption in QuickTime's handling of H.263 encoded 

movie files may lead to an application crash or arbitrary code execution. 

(CVE-2009-0005)\n\n - A signedness issue in QuickTime's handling of Cinepak encoded 

movie files may result in a heap buffer overflow. (CVE-2009-0006)\n\n - A heap buffer 

overflow in QuickTime's handling of JPEG atoms in QuickTime movie files may lead to an 

application crash or arbitrary code execution. (CVE-2009-0007)\n\nThe reported version of 

Quicktime is: \n %L 


CVE-2009-0007 

Fujitsu Systemcast Deployment Server Detection 


Description: The remote host is running the Fujitsu Systemcast Deployment Server. 

Solution: N/A 


OpenX Version Detection 


Description: The remote host is running OpenX, an open-source ad generator. OpenX integrates 

with a web server to auto-generate HTML ads. The reported version is: %L 

Solution: N/A 


3COM CellPlex Default Password 





credentials.\n\nThe remote host is running a 3COM CellPlex server with the default login 

and password set ('admin'/'synnet').\nThe affected web application is:\n%P 

Solution: Change default passwords. 


3COM Netbuilder Default Password 



credentials.\n\nThe remote host is running a 3COM Netbuilder server with the default login 

and password set ('Root'/'').\nThe affected web application is:\n%P 



Web Server 'admin' Default Password 



credentials.\n\nThe remote host is running a web server with the default login and 

password set to NULL/admin\nThe affected web application is:\n%P 



Web Server 'admin/password' Default Credentials 




set to admin/password\nThe affected web application is:\n%P 




3Com Shark Fin Comcast-supplied Default Password 




credentials.\n\nThe remote host is running a 3Com Shark Fin Comcast-supplied server with 

the default login and password set ('User'/'Password').\nThe affected web application 

is:\n%P 



Web Server 'Administrator/admin' Default Password 




set to 'Administrator/admin'.\nThe affected web application is:\n%P 


3ware Default Password 




credentials.\n\nThe remote host is running a 3ware web server with the default login and 

password set to Administrator/3ware\nThe affected web application is:\n%P 



ACCTON Wirelessrouter T-online Default Password 



credentials.\n\nThe remote host is running a ACCTON Wirelessrouter T-online server with 

the default login and password set (''/'0').\nThe affected web application is:\n%P 



ADIC Scalar 100/1000 Default Password 





credentials.\n\nThe remote host is running a ADIC Scalar 100/1000 server with the default 

login and password set ('admin'/'secure').\nThe affected web application is:\n%P 



Web Server 'admin/admin' Default Password 




set to admin/admin\nThe affected web application is:\n%P 



APC UPSes (Web/SNMP Mgmt Card) Default Password 



credentials.\n\nThe remote host is running a APC UPSes (Web/SNMP Mgmt Card) server 

with the default login and password set ('device'/'device').\nThe affected web application 

is:\n%P 



ASMAX Web Server Default Password 



credentials.\n\nThe remote host is running a ASMAX web server with the 

default login and password set to admin/epicrouter\nThe affected web 




Web Server 'admin/NULL' Default Password 





credentials.\n\nThe remote host is running a web server with the default login and 

password set to admin/NULL\nThe affected web application is:\n%P 



Allied Telesyn AT-8024(GB) Default Password 



credentials.\n\nThe remote host is running a Allied Telesyn AT-8024(GB) server with the 

default login and password set ('manager'/'admin').\nThe affected web application is:\n%P 


GigaTribe Detection 



Description: Synopsis :\n\nThe remote web server appears to be used for peer-to-peer file 

sharing.\n\nAccording to its banner, the remote web server is from GigaTribe, a private 

peer-to-peer file sharing application. The reported version number is: %L 

Solution: Ensure that use of this software is compliant with your organization's acceptable use and 

security policies. 


Horde < 3.3.3 / 3.2.4 Horde_Image::factory driver Argument Local File Inclusion 


Description: Synopsis : \n\nThe remote web server contains a PHP application that is susceptible to a 

local file inclusion attack.\n\nThe version of Horde, Horde Groupware, or Horde 

Groupware Webmail Edition installed on the remote host fails to filter input to the 'driver' 

argument of the 'Horde_Image: : factory' method before using it to include PHP code in 

'lib/Horde/Image.php'. Regardless of PHP's 'register_globals' and 'magic_quotes_gpc' 

settings, an unauthenticated attacker can exploit this issue to view arbitrary files or possibly 

to execute arbitrary PHP code on the remote host, subject to the privileges of the web 

server user ID.\n\n Note that this install is also likely affected by a cross-site scripting issue 

in the 'services/portal/cloud_search.php' script. The reported version of Horde is: \n %L 


CVE-2009-0932 



Allied Telesyn AT Router Default Password 




set to root/NULL\nThe affected web application is:\n%P 



Allied Telesyn AT-AR130 (U) -10 Default Password 



credentials.\n\nThe remote host is running a Allied Telesyn AT-AR130 (U) -10 server with 

the default login and password set ('Manager'/'friend').\nThe affected web application 

is:\n%P 



Alteon ACEswitch 180e Default Password 



credentials.\n\nThe remote host is running a Alteon ACEswitch 180e server with the 

default login and password set ('admin'/'linga').\nThe affected web application is:\n%P 



Ambit Default Password 



credentials.\n\nThe remote host is running an Ambit server with the default login and 

password set ('root'/'root').\nThe affected web application is:\n%P 



Aspect ACD 6 Default Password 





credentials.\n\nThe remote host is running a Aspect ACD 6 server with the default login 

and password set ('customer'/'').\nThe affected web application is:\n%P 



Axis Webcams Default Password 



credentials.\n\nThe remote host is running a Axis Webcams server with the default login 

and password set ('root'/'pass').\nThe affected web application is:\n%P 



HTTP NULL User ID and Password 



credentials.\n\nThe remote host is running a web application with the default login and 

password set to NULL/NULL\nThe affected web application is:\n%P 



Blue Coat Systems ProxySG 3.x Default Password 



credentials.\n\nThe remote host is running a Blue Coat Systems ProxySG 3.x server with 

the default login and password set ('admin'/'articon').\nThe affected web application 

is:\n%P 




Cisco Ciso Aironet 1100 Series Rev. 01 Default Password 




credentials.\n\nThe remote host is running a Cisco Ciso Aironet 1100 series Rev. 01 server 

with the default login and password set (''/'Cisco').\nThe affected web application is:\n%P 



Cisco Aironet 1200 Default Password 



credentials.\n\nThe remote host is running a Cisco Aironet 1200 server with the default 

login and password set ('root'/'Cisco').\nThe affected web application is:\n%P 



Conexant Router Default Password 



credentials.\n\nThe remote host is running a Conexant Router server with the default login 

and password set (''/'epicrouter').\nThe affected web application is:\n%P 



Coppermine < 1.4.20 'img_dir' Arbitrary File Upload 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is vulnerable to a file upload vulnerability.\n\nThe remote 

host is running Coppermine version: \n %L \n\nThis version of Coppermine is vulnerable to 

a file upload vulnerability due to a flaw in the way that the program parses data sent to the 

'img_dir' parameter of the 'picEditor.php' script. An attacker exploiting this flaw would be 

able to upload arbitrary files to the 'album' subdirectory. 



Cyclades TS800 Default Password 





credentials.\n\nThe remote host is running a Cyclades TS800 server with the default login 

and password set ('root'/'tslinux').\nThe affected web application is:\n%P 



D-Link DI-614+ Default Password 



credentials.\n\nThe remote host is running a D-Link server with the default login and 

password set to user/NULL\nThe affected web application is:\n%P 



D-Link DI-624 All Default Password 



credentials.\n\nThe remote host is running a D-Link DI-624 all server with the default login 

and password set ('User'/'').\nThe affected web application is:\n%P 



Deerfield MDaemon Default Password 



credentials.\n\nThe remote host is running a Deerfield MDaemon server with the default 

login and password set ('MDaemon'/'MServer').\nThe affected web application is:\n%P 



Dell Remote Access Card Default Password 





credentials.\n\nThe remote host is running a Dell Remote Access Card server with the 

default login and password set ('root'/'calvin').\nThe affected web application is:\n%P 



Deutsch Telekomm T-Sinus 130 DSL Default Password 



credentials.\n\nThe remote host is running a Deutsch Telekomm DSL server with the 

default login and password set to NULL/0000\nThe affected web application is:\n%P 



Enterasys ANG-1105 Unknown Default Password 



credentials.\n\nThe remote host is running a Enterasys ANG-1105 server with the default 

login and password set ('admin'/'netadmin').\nThe affected web application is:\n%P 



Ericsson BP250 Default Password 



credentials.\n\nThe remote host is running a Ericsson BP250 server with the default login 

and password set ('admin'/'default').\nThe affected web application is:\n%P 



Fujitsu Siemens Routers Default Password 





credentials.\n\nThe remote host is running a Fujitsu Siemens Router with the default login 

and password set (''/'connect').\nThe affected web application is:\n%P 



Hewlett-Packard webmin 0.84 Default Password 



credentials.\n\nThe remote host is running a Hewlett-Packard webmin 0.84 server with the 

default login and password set ('admin'/'hp.com').\nThe affected web application is:\n%P 



IBM Directory - Web Administration Tool 5.1 Default Password 



credentials.\n\nThe remote host is running a IBM Directory - Web Administration Tool 5.1 

server with the default login and password set ('superadmin'/'secret').\nThe affected web 




IBM 3583 Tape Library Default Password 



credentials.\n\nThe remote host is running a IBM 3583 Tape Library server with the default 

login and password set ('admin'/'secure').\nThe affected web application is:\n%P 



IBM Web Server Default Password 





credentials.\n\nThe remote host is running a IBM server with the default login and 

password set to USERID/PASSWORD\nThe affected web application is:\n%P 



Infosmart SOHO Router Default Password 



credentials.\n\nThe remote host is running a Infosmart SOHO router with the default login 

and password set ('admin'/'0000').\nThe affected web application is:\n%P 



Intel Wireless Gateway 3.x Default Password 



credentials.\n\nThe remote host is running a Intel Wireless Gateway 3.x server with the 

default login and password set ('intel'/'intel').\nThe affected web application is:\n%P 



Intershop Intershop 4 Default Password 



credentials.\n\nThe remote host is running a Intershop Intershop 4 server with the default 

login and password set ('operator'/'$chwarzepumpe').\nThe affected web application 

is:\n%P 



Irongate NetSurvibox 266 1 Default Password 





credentials.\n\nThe remote host is running a Irongate NetSurvibox 266 1 server with the 

default login and password set ('admin'/'NetSurvibox').\nThe affected web application 

is:\n%P 



Konica Minolta Magicolor 5430 DL Default Password 



credentials.\n\nThe remote host is running a Konica Minolta Magicolor 5430 DL with the 

default login and password set ('admin'/'administrator').\nThe affected web application 

is:\n%P 



Konica/ Minolta Di 2010f n/a Default Password 



credentials.\n\nThe remote host is running a Konica/ Minolta Di 2010f n/a server with the 

default login and password set (''/'00000000').\nThe affected web application is:\n%P 



Kyocera EcoLink 7.2 Default Password 



credentials.\n\nThe remote host is running a Kyocera EcoLink 7.2 server with the default 

login and password set (''/'PASSWORD').\nThe affected web application is:\n%P 




Linksys Comcast Comcast-supplied Default Password 




credentials.\n\nThe remote host is running a Linksys Comcast Comcast-supplied server 

with the default login and password set ('comcast'/'1234').\nThe affected web application 

is:\n%P 



Linksys/ Cisco RTP300 w/2 Phone Ports 1.0 Default Password 



credentials.\n\nThe remote host is running a Linksys/ Cisco RTP300 w/2 Phone Ports 1.0 

server with the default login and password set ('user'/'tivonpw').\nThe affected web 




Minolta PagrPro QMS 4100GN PagePro Default Password 



credentials.\n\nThe remote host is running a Minolta PagrPro QMS 4100GN PagePro 

server with the default login and password set (''/'sysadm').\nThe affected web application 

is:\n%P 



Minolta QMS Magicolor 3100 3.0.0 Default Password 



credentials.\n\nThe remote host is running a Minolta QMS Magicolor 3100 3.0.0 server 

with the default login and password set ('operator'/'').\nThe affected web application 

is:\n%P 



Mitel 3300 ICP All Default Password 






set to system/password\nThe affected web application is:\n%P 



Motorola Default Password 



credentials.\n\nThe remote host is running a Motorola web server with the default login and 

password set to admin/motorola\nThe affected web application is:\n%P 



NGSec NGSecureWeb Default Password 



credentials.\n\nThe remote host is running a NGSec NGSecureWeb server with 

the default login and password set ('admin'/'asd').\nThe affected web application 

is:\n%P 



NRG or RICOH DSc338 Printer 1.19 Default Password 




set to NULL/password\nThe affected web application is:\n%P 




NETGEAR Comcast Comcast-supplied Default Password 




credentials.\n\nThe remote host is running a NETGEAR Comcast Comcast-supplied server 

with the default login and password set ('comcast'/'1234').\nThe affected web application 

is:\n%P 



NetGenesis NetAnalysis Web Reporting Default Password 



credentials.\n\nThe remote host is running a NetGenesis NetAnalysis Web Reporting server 

with the default login and password set ('naadmin'/'naadmin').\nThe affected web 




NETGEAR WG602 Firmware Version 1.04.0 Default Password 



credentials.\n\nThe remote host is running a NETGEAR server with the default login and 

password set ('super'/'5777364').\nThe affected web application is:\n%P 



NETGEAR WG602 Firmware Version 1.7.14 Default Password 



credentials.\n\nThe remote host is running a NETGEAR WG602 Firmware Version 1.7.14 

with the default login and password set ('superman'/'21241036').\nThe affected web 





Network Associates WebShield Security Appliance e500 Default Password 




credentials.\n\nThe remote host is running a Network Associates WebShield Security 

Appliance e500 server with the default login and password set 

('e500'/'e500changeme').\nThe affected web application is:\n%P 



Network Associates WebShield Security Appliance e250 Default Password 



credentials.\n\nThe remote host is running a Network Associates WebShield Security 

Appliance e250 server with the default login and password set 

('e250'/'e250changeme').\nThe affected web application is:\n%P 



Nortel Contivity Extranet/VPN Switches Default Password 



credentials.\n\nThe remote host is running a Nortel Contivity Extranet/VPN switch with the 

default login and password set ('admin'/'setup').\nThe affected web application is:\n%P 



Nortel Business Communications Manager 3.5 / 3.6 Default Password 



credentials.\n\nThe remote host is running a Nortel Business Communications Manager 3.5 

/ 3.6 server with the default login and password set ('supervisor'/'PlsChgMe').\nThe affected 

web application is:\n%P 



OKI C5700 Default Password 





credentials.\n\nThe remote host is running a OKI C5700 server with the default login and 

password set ('root'/'the 6 last digit of the MAC adress').\nThe affected web application 

is:\n%P 



Openwave WAP Gateway Any Default Password 



credentials.\n\nThe remote host is running a Openwave WAP Gateway Any server with the 

default login and password set ('sys'/'uplink').\nThe affected web application is:\n%P 



Openwave MSP Any Default Password 



credentials.\n\nThe remote host is running a Openwave MSP Any server with the default 

login and password set ('cac_admin'/'cacadmin').\nThe affected web application is:\n%P 



Pirelli Pirelli AGE-SB Default Password 



credentials.\n\nThe remote host is running a Pirelli Pirelli AGE-SB server with the default 

login and password set ('admin'/'smallbusiness').\nThe affected web application is:\n%P 




Polycom Soundpoint VoIP Phones Default Password 




credentials.\n\nThe remote host is running a Polycom Soundpoint VoIP phones server with 

the default login and password set ('Polycom'/'SpIp').\nThe affected web application 

is:\n%P 



Psion Teklogix 9150 Default Password 



credentials.\n\nThe remote host is running a Psion Teklogix 9150 server with the default 

login and password set ('support'/'h179350').\nThe affected web application is:\n%P 



RedHat 6.2 Default Password 



credentials.\n\nThe remote host is running a RedHat 6.2 server with the default 

login and password set ('piranha'/'q').\nThe affected web application is:\n%P 



RedHat 6.2 Default Password 



credentials.\n\nThe remote host is running a RedHat 6.2 server with the default login and 

password set ('piranha'/'piranha').\nThe affected web application is:\n%P 



Ricoh AP410N 1.13 Default Password 





credentials.\n\nThe remote host is running a Ricoh AP410N 1.13 server with the default 

login and password set ('admin'/'').\nThe affected web application is:\n%P 


SMC Default Password 




credentials.\n\nThe remote host is running a SMC web server with the default login and 

password set to NULL/smcadmin\nThe affected web application is:\n%P 



SMC 7401BRA 1 Default Password 



credentials.\n\nThe remote host is running a SMC 7401BRA 1 server with the default login 

and password set ('admin'/'barricade').\nThe affected web application is:\n%P 



SMC 7401BRA 2 Default Password 



credentials.\n\nThe remote host is running a SMC 7401BRA 2 server with the default login 

and password set ('smc'/'smcadmin').\nThe affected web application is:\n%P 



SMC Barricade7204BRB Default Password 





credentials.\n\nThe remote host is running a SMC Barricade7204BRB server with the 

default login and password set ('admin'/'smcadmin').\nThe affected web application is:\n%P 



SMC Modem/Router Default Password 



credentials.\n\nThe remote host is running a SMC Modem/Router server with the default 

login and password set ('cusadmin'/'highspeed').\nThe affected web application is:\n%P 



SOPHIA (Schweiz) AG Protector Default Password 



credentials.\n\nThe remote host is running a SOPHIA (Schweiz) AG Protector server with 

the default login and password set ('admin'/'Protector').\nThe affected web application 

is:\n%P 



Samsung MagicLAN SWL-3500RG 2.15 Default Password 



credentials.\n\nThe remote host is running a Samsung MagicLAN SWL-3500RG 2.15 

server with the default login and password set ('public'/'public').\nThe affected web 





Scientific Atlanta DPX2100 Comcast-supplied Default Password 




credentials.\n\nThe remote host is running a Scientific Atlanta DPX2100 Comcast-supplied 

server with the default login and password set ('admin'/'w2402').\nThe affected web 




Sharp AR-M355N Default Password 



credentials.\n\nThe remote host is running a Sharp AR-M355N server with the 

default login and password set ('admin'/'Sharp').\nThe affected web application 

is:\n%P 



Siemens SpeedStream 4100 Default Password 



credentials.\n\nThe remote host is running a Siemens SpeedStream 4100 with the default 

login and password set ('admin'/'hagpolm1').\nThe affected web application is:\n%P 



Sun Microsystems ILOM of X4100 1.0 Default Password 



credentials.\n\nThe remote host is running a Sun Microsystems ILOM of X4100 1.0 server 

with the default login and password set ('root'/'changeme').\nThe affected web application 

is:\n%P 



Sybase EAServer Default Password 





credentials.\n\nThe remote host is running a Sybase EAServer server with the default login 

and password set ('jagadmin'/'').\nThe affected web application is:\n%P 



Symbol Spectrum Series 4100-4121 Default Password 



credentials.\n\nThe remote host is running a Symbol Spectrum series 4100-4121 server 

with the default login and password set (''/'Symbol').\nThe affected web application is:\n%P 



Symbol CB3000 A1 Default Password 



credentials.\n\nThe remote host is running a Symbol CB3000 A1 server with the default 

login and password set ('admin'/'symbol').\nThe affected web application is:\n%P 



'Administrator' NULL Password 




set to Administrator/NULL\nThe affected web application is:\n%P 




US ROBOTICS ADSL Ethernet Modem Default Password 




credentials.\n\nThe remote host is running a US ROBOTICS ADSL Ethernet Modem with 

the default login and password set (''/'12345').\nThe affected web application is:\n%P 



X-Micro X-Micro WLAN 11b Broadband Router 1.6.0.1 Default Password 



credentials.\n\nThe remote host is running a X-Micro X-Micro WLAN 11b Broadband 

Router 1.6.0.1 with the default login and password set ('1502'/'1502').\nThe affected web 




Xerox DocuCentre 425 Default Password 



credentials.\n\nThe remote host is running a Xerox DocuCentre 425 with the default login 




Xerox 240a Default Password 



credentials.\n\nThe remote host is running a Xerox 240a server with the default login and 

password set ('admin'/'x-admin').\nThe affected web application is:\n%P \ 



ZyXEL Prestige Default Password 





credentials.\n\nThe remote host is running a ZyXEL Prestige server with the default login 

and password set (''/'1234').\nThe affected web application is:\n%P 



apc Smartups 3000 Default Password 



credentials.\n\nThe remote host is running an apc Smartups 3000 server with the default 

login and password set ('apc'/'apc').\nThe affected web application is:\n%P 



iPSTAR iPSTAR Satellite Router/Radio v2 Default Password 



credentials.\n\nThe remote host is running a iPSTAR iPSTAR Satellite Router/Radio v2 

server with the default login and password set ('admin'/'operator').\nThe affected web 




iPSTAR iPSTAR Network Box v.2+ Default Password 



credentials.\n\nThe remote host is running a iPSTAR iPSTAR Network Box v.2+ server 

with the default login and password set ('admin'/'operator').\nThe affected web application 

is:\n%P 



ihoi oihoh lknlkn Default Password 





credentials.\n\nThe remote host is running a ihoi oihoh lknlkn server with the default login 

and password set ('Administrator'/'pilou').\nThe affected web application is:\n%P 



longshine isscfg Default Password 



credentials.\n\nThe remote host is running a longshine isscfg server with the default login 




medion Routers Default Password 



credentials.\n\nThe remote host is running a medion Router with the default login and 

password set (''/'medion').\nThe affected web application is:\n%P 




RealNetworks Helix Server < 11.1.8 / 12.0.1 Multiple Vulnerabilities 


Description: Synopsis : \n\nThe remote media streaming server is affected by multiple 

vulnerabilities.\n\nThe remote host is running a version of RealNetworks Helix Server 

older than 11.1.8 / 12.0.1. Such versions are reportedly affected by multiple issues : \n\n - A 

vulnerability involving an RTSP 'DESCRIBE' request could allow an unauthenticated 

attacker to execute arbitrary code on the remote system. (ZDI-CAN-293)\n\n - By sending 

three specially crafted RTSP 'SETUP' requests it may be possible to crash the remote RTSP 

server. (ZDI-CAN-323)\n\n - A heap overflow vulnerability in 'DataConvertBuffer' could 

allow an unauthenticated attacker to execute arbitrary code on the remote system. 

(ZDI-CAN-333)\n\n - A heap overflow vulnerability in NTLM authentication could allow 

an unauthenticated attacker to execute arbitrary code on the remote system. 

(ZDI-CAN-380)\n\nThe reported version of Helix Server is: \n %L 

Solution: Update to version 11.1.8 / 12.0.1 or higher. 


CVE-2008-5911 



RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host contains a web browser that is affected by multiple 

vulnerabilities.\n\nThe version of Google Chrome installed on the remote host is earlier 

than 1.0.154.46. Such versions are reportedly affected by several issues : \n\n - Cross-site 

scripting vulnerabilities in the Adobe Reader Plugin itself could be leveraged using a PDF 

document to run scripts on arbitrary sites via Google Chrome. (CVE-2007-0048 and 

CVE-2007-0045)\n\n - A cross-domain security bypass vulnerability that could allow an 

attacker to bypass the same-origin policy and gain access to potentially sensitive 

information. (CVE-2009-0276)\n\nThe reported version of Google Chrome is: \n %L 


CVE-2009-0411 

Bugzilla < 3.2.1/3.3.2 Multiple Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is vulnerable to multiple attack vectors\n\nThe remote 

Bugzilla software is vulnerable to several flaws. First, valid users can post content in 

HTML or JavaScript. Given this, other users viewing the content may have malicious code 

executed within their browser. Second, the 'process_bug.cgi' script is vulnerable to a 

cross-site request forgery (CSRF) flaw. An attacker exploiting this flaw would need to be 

able to entice a valid user into clicking a link or opening a malicious HTML email. 

Successful exploitation would result in the attacker executing commands with the 

permissions of the valid user account. The reported version of Bugzilla is: \n %L \n 


CVE-2009-0485 





multiple vulnerabilities.\n\nThe installed version of Firefox is earlier than 3.0.6. Such 



corruption. (MFSA 2009-01)\n\n - A chrome XBL method can be used in conjunction with 

'window.eval' to execute arbitrary JavaScript within the context of another website, 

violating the same origin policy. (MFSA 2009-02)\n\n - A form input control's type could 

be changed during the restoration of a closed tab to the path of a local file whose location 

was known to the attacker. (MFSA 2009-03)\n\n - An attacker may be able to inject 


arbitrary code into a chrome document and then execute it with chrome privileges if he can 

trick a user into downloading a malicious HTML file and a .desktop shortcut file. (MFSA 

2009-04)\n\n - Cookies marked HTTPOnly are readable by JavaScript via the 

'XMLHttpRequest.getResponseHeader' and 'XMLHttpRequest.getAllResponseHeaders' 

APIs. (MFSA 2009-05)\n\n - The 'Cache-Control: no-store' and 'Cache-Control: no-cache' 

HTTP directives for HTTPS pages are ignored by Firefox 3, which could lead to exposure 

of sensitive information. (MFSA 2009-06).\n\nThe reported version of Firefox is: \n %L 


CVE-2009-0358 

Squid < 2.7.STABLE6 / 3.0.STABLE13 / 3.1.0.5 HTTP Version Numbers DoS 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote proxy server is susceptible to a denial of service attack.\n\nThe 

version of the Squid proxy caching server installed on the remote host may abort when 

parsing requests with an invalid HTTP version. A remote attacker may be able to leverage 

this issue to crash the application, thereby denying service to legitimate users.\n\nNote that 

successful exploitation of this issue requires that Squid was not built with the 'NODEBUG' 

define.\nThe reported version of Squid is: \n %L 

Solution: Either apply the appropriate patches referenced in the project's advisory above or upgrade 

to version 2.7.STABLE6 / 3.0.STABLE13 / 3.1.0.5 or higher. 

CVE-2009-0478 

Moodle < 1.9.4 / 1.8.8 / 1.7.7 / 1.6.9 Multiple Vulnerabilities 


RISK: 

MEDIUM 



Moodle installed on the remote host is vulnerable to a number of flaws. First, the server is 

vulnerable to a cross-site scripting (XSS) flaw. An attacker exploiting this flaw would be 

able to execute arbitrary code within the browser of unsuspecting users. The remote host is 

vulnerable to a cross-site request forgery (CSRF) flaw that could allow remote users to 

execute commands on the behalf of logged in users. Finally, there are several 'information 

disclosure' flaws that may allow an attacker the ability to gain access to confidential data. 

The reported version of Moodle is: \n %L \n 



Openfire < 3.6.3 Multiple Vulnerabilities 


PVS ID: 4925 FAMILY: CGI NESSUS ID:35628 


RISK: 

MEDIUM 


vulnerabilities.\n\nThe remote host is running Openfire / Wildfire, an instant messaging 

server supporting the XMPP protocol. According to its version, the installation of Openfire 

or Wildfire is affected by multiple vulnerabilities : \n\n - Multiple .jsp scripts namely, 

'logviewer.jsp' (BID 32935), 'group-summary.jsp' (BID 32937), 'user-properties.jsp' (BID 

32938), 'audit-policy.jsp' (BID 32939) and 'log.jsp' (BID 32940) fail to sanitize input 

supplied by authorized users, and hence are affected by cross-site scripting 

vulnerabilities.\n\n - Provided an administrator's browser session is allowed to execute 

arbitrary JavaScript and an attacker has managed to steal session cookies, it may be 

possible for an attacker to execute arbitrary code on the remote system by uploading a new 

server plugin.\n\n - Pages 'security-audit-viewer.jsp', 'server-properties.js' (BID 32943) and 

'muc-room-summary.jsp' (BID 32944) are affected by a stored cross-site scripting 

vulnerabilities. (BID 32943)\n\n - log.jsp fails to sanitize input passed to the 'log' parameter 

by an authorized user, and hence it may be possible for an authenticated attacker to read 

arbitrary .log files. (BID 32945).\n\nThe reported version of Openfire is: \n %L 


CVE-2009-0497 

Microsoft SQL Server Version Detection 


Description: The remote host is running Microsoft SQL Server. The information returned from the 

server includes the currently installed version. The information observed was: \n %L 

Solution: N/A 


Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420) 


Description: Synopsis : \n\nArbitrary code can be executed on the remote host through SQL 

Server.\n\nThe remote host is running a version of Microsoft SQL Server, Desktop Engine 

or Internal Database that suffers from an authenticated remote code execution vulnerability 

in the MSSQL extended stored procedure 'sp_replwritetovarbin' due to an invalid parameter 

check. Successful exploitation could allow an attacker to take complete control of the 

affected system.\n\nThe observed data (to include a version number) passed from the SQL 

server was: \n %L \nIAVA Reference : 2009-A-0012\nSTIG Finding Severity : Category I 


CVE-2008-5416 



TrendMicro Interscan Web Security Suite (IWSS) Default Password 



credentials.\n\nThe remote host is running a TrendMicro Interscan Web Security Suite 

server with the default login and password set ('admin/adminIWSS85').\nThe affected web 






Description: Synopsis :\n\nThe remote host is vulnerable to multiple attack vectors.\n\nIBM WebSphere 

Application Server 6.1 before Fix Pack 21 appears to be running on the remote host. Such 

versions are reportedly affected by multiple flaws :\n\n - Provided Performance Monitoring 

Infrastructure (PMI) is\n enabled. It may be possible for a local attacker to\n obtain 

sensitive information through 'Systemout.log' and\n 'ffdc' files which are written by 

PerfServlet.\n - SSL Configuration settings attribute 'Security Level' \n does not correctly 

enforce the level of encryption used\n by the application server. (PK63182) 


CVE-2009-0434 

ProFTPD Username Variable Substitution SQL Injection 


Description: Synopsis : \n\nThe remote host is vulnerable to a SQL Injection attack.\n\nThe remote host 

is using ProFTPD, a free FTP server for Unix and Linux. The version of ProFTPD running 

on the remote host allows the percent character, '%', within the username. This would allow 

attackers to inject special SQL characters such as a single quote. An attacker exploiting this 

flaw would be able to execute arbitrary SQL commands against the database server. The 

reported version of ProFTPD is: \n %L \n 


CVE-2009-0542 


Media Gateway Control Protocol (MGCP) Server Detection 


Description: The remote host is a Media Gateway Control Protocol (MGCP) server. An MGCP server is 

used to create and manage media sessions between multiple clients over multiple protocols. 

In particular, it is commonly used with Voice-Over-IP (VoIP) services. 


Solution: Ensure that such services are authorized. 




Description: Synopsis : \n\nThe remote host contains a web browser that is vulnerable to multiple attack 

vectors.\n\nThe version of Safari installed on the remote Windows host is earlier than 3.2.2. 

Such versions reportedly have multiple vulnerabilities : \n\n - Multiple input validation 

issues in their handling of 'feed: ' URLs, which could be abused to execute arbitrary 

JavaScript code in the local security zone. (CVE-2009-0137)\n\n - A cached certificate is 

not required before displaying a lock icon for a HTTPS web site. This allows a 

man-in-the-middle attacker to present the user with spoofed web pages over HTTPS that 

appear to be from a legitimate source. (CVE-2009-2072)\n\n - The browser processes a 

3xxx HTTP CONNECT before a successful SSL handshake, which could allow a 

man-in-the-midddle attacker to execute arbitrary script code in the context of a HTTPS site. 

(CVE-2009-2062)\n\nThe reported version of Safari is: \n %L 


CVE-2009-2072 

Media Gateway Control Protocol (MGCP) Client Detection 


Description: The remote host is a Media Gateway Control Protocol (MGCP) client. An MGCP client is 

used to create sessions with an MGCP server. In particular, it is commonly used with 

Voice-Over-IP (VoIP) services. 

Solution: Ensure that such services are authorized. 


Sun Java System Directory Server 6.x < 6.3.1 LDAP JDBC Backend DoS 



remote host is running the Sun Java System Directory Server, an LDAP server from Sun 

Microsystems. The reported version number was: \n %L \n\n The installed version is older 

than 6.3.1, and the proxy server included with such versions is reportedly affected by a 

denial of service vulnerability. By sending a specially crafted request to the JDBC backend 

through the proxy server, an unauthenticated remote attacker may be able to trigger a denial 

of service condition. 




CVE-2009-0609 

Google Chrome < 1.0.154.48 Cross-browser Command Injection 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host contains a web browser that is prone to a cross-browser 

scripting attack.\n\nThe version of Google Chrome installed on the remote host is earlier 

than 1.0.154.48. Such versions are reportedly affected by a protocol-handler command 

injection vulnerability that could allow an attacker to carry out cross-browser scripting 

attacks. 


CVE-2007-3670 

Dropbox Software Detection 

PVS ID: 4936 FAMILY: Internet Services RISK: INFO NESSUS ID:35717 

Description: Dropbox is installed on the remote host. Dropbox is an application for storing and 

synchronizing files between computers, possibly outside the organization. 

Solution: Remove this software if its use does not match your organization's security policy. 


Flash Player APSB09-01 Multiple Vulnerabilities 



multiple vulnerabilities.\n\nThe remote Windows host contains a version of Adobe Flash 

Player that is earlier than 10.0.22.87 / 9.0.159.0. Such versions are reportedly affected by 

multiple vulnerabilities : \n\n - A buffer overflow issue that could allow an attacker to 

execute arbitrary code with the privileges of the user running the application. 

(CVE-2009-0520) \n\n - An input validation vulnerability that leads to a denial of service 

attack and could possibly allow for an attacker to execute arbitrary code. (CVE-2009-0519) 

\n\n - A vulnerability in the Flash Player settings manager that could contribute to a 

clickjacking attack. (CVE-2009-0014)\n\n - A vulnerability with the mouse pointer display 

that could contribute to a clickjacking attack. (CVE-2009-0522) 

Solution: Upgrade to version 10.0.22.87 or higher. If you are unable to upgrade to version 10, 

upgrade to version 9.0.159.0 or higher. 

CVE-2009-0522 

Novell GroupWise MTA Web Console Accessible 




Description: The remote web server is a Novell GroupWise MTA Web Console, used to monitor and 

potentially control a GroupWise MTA via a web browser. The application can be accessed 

via the following URI:\n%P 

Solution: Ensure that the application only allows authenticated users. 


SMPP Peer-to-Peer Client Detection 

PVS ID: 4939 FAMILY: Peer-To-Peer File Sharing RISK: INFO NESSUS ID:Not Available 

Description: The remote host is running a short message peer-to-peer (SMPP) client application. This 

protocol is used to transfer short messages between hosts. 

Solution: N/A 


SMPP Peer-to-Peer Server Detection 


Description: The remote host is running a short message peer-to-peer (SMPP) server application. This 

protocol is used to transfer short messages between hosts. 

Solution: N/A 


Manolito Peer-to-Peer Client Detection 


Description: The remote host is running a Manolito peer-to-peer (or MP2P) client application. Manolito 

is a proprietary peer-to-peer file sharing protocol that can be used to share or download 

files. The actual client application and version is: \n %L 

Solution: N/A 


Manolito Peer-to-Peer Server Detection 



Description: The remote host is running a Manolito peer-to-peer (or MP2P) server application. Manolito 

is a proprietary peer-to-peer file sharing protocol that can be used to share or download 

files. The server software and version is: \n %L 


Solution: N/A 




RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server uses a version of PHP that is affected by multiple 


than 5.2.9. Such versions may be affected by several security issues :\n\n - Background 

color is not correctly validated with a non-true color image in function 'imagerotate()'. 

(CVE-2008-5498)\n\n - A denial of service condition can be triggered by trying to extract 

zip files that contain files with relative paths in file or directory names.\n\n - Function 

'explode()' is affected by an unspecified vulnerability.\n\n - It may be possible to trigger a 

segfault by passing a specially crafted string to function 'json_decode()'.\n\n - Function 

'xml_error_string()' is affected by a flaw that results in messages being off by one." ); 


CVE-2008-5498 

eDirectory < 8.8 SP3 FTF3 iMonitor Crafted HTTP Request Overflow 



running eDirectory, a directory service software from Novell. The iMonitor component 

included with the installed version is affected by a buffer overflow vulnerability. By 

sending a specially crafted HTTP request to the iMonitor component with a malformed 

'Accept-Language' header, it may be possible for a remote attacker to execute arbitrary 

code on the remote system. \n\nNOTE: The iMonitor service is an optional package. PVS 

has determined this vulnerability by looking at the vendor version number within LDAP 

queries. Given this, if the iMonitor service is not running, then the system is not vulnerable. 

The reported version of eDirectory was: %L 

Solution: Upgrade to version 8.8 SP3 with FTF3 or higher. 






Opera installed on the remote host is earlier than 9.64 and is reportedly affected by multiple 

issues :\n\n - A memory corruption vulnerability when processing specially crafted JPEG 

files could allow an attacker to execute arbitrary code with the privileges of the affected 

application. (926)\n\n - It may be possible for certain plugins to execute arbitrary code in 


the context of a different domain. An attacker could exploit this to steal authentication 

credentials as well as carry out other attacks. \n\n - A denial of service issue when the 

application handles a maliciously crafted web page containing 'HTMLSelectElement' 

object with a large length attribute. 


CVE-2009-0916 

MySQL Community Server 5.1 < 5.1.32 XPath Expression DoS 


RISK: 

MEDIUM 



version of MySQL 5.1 installed on the remote host is earlier than 5.1.32 and is affected by 

a denial of service vulnerability. Specifically, a user can cause an assertion failure leading 

to a server crash by calling 'ExtractValue()' or 'UpdateXML()' using an XPath expression 

employing a scalar expression as a 'FilterExpr'. The reported version of MySQL is: \n %L 


CVE-2009-0819 

Microsoft Office .docx File Detection 


Description: The remote web server is hosting .docx files. These are Microsoft Office 2007 

document files. As an example, consider the following file %P\nThe webmaster 


Solution: N/A 


Microsoft Office .xlsx Files Detection 


Description: The remote web server is hosting .xlsx files. These are Microsoft Office 2007 



Solution: N/A 


Microsoft Office .pptx Files Detection 




Description: The remote web server is hosting .pptx files. These are Microsoft Office 2007 



Solution: N/A 




Description: Synopsis : \n\nThe remote host is vulnerable to multiple attack vectors.\n\nThe installed 

version of Firefox is earlier than 3.0.7. Such versions are potentially affected by the 

following security issues : \n\n - By exploiting stability bugs in the browser engine, it might 

be possible for an attacker to execute arbitrary code on the remote system under certain 

conditions. (MFSA 2009-07)\n\n - A vulnerability in Mozilla's garbage collection process 

could be exploited to run arbitrary code on the remote system. (MFSA 2009-08)\n\n - It 

may be possible for a website to read arbitrary XML data from another domain by using 

nsIRDFService and a cross-domain redirect. (MFSA 2009-09)\n\n - Vulnerabilities in the 

PNG libraries used by Mozilla could be exploited to execute arbitrary code on the remote 

system. (MFSA 2009-10)\n\n - Certain invisible characters are decoded before being 

displayed on the location bar. An attacker may be able to exploit this flaw to spoof the 

location bar and display a link to a malicious URL. (MFSA 2009-11).\n\nThe reported 



CVE-2009-0777 

ZABBIX < 1.6.3 Web Interface locales.php extlang[] Remote Code Execution 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host contains a PHP application that is prone to a remote 

command execution attack.\n\nThe remote host is running a version of the ZABBIX web 

interface that is affected by a remote code execution vulnerability. The vulnerability exists 

in the 'extlang[]' parameter of the 'locales.php' script. Provided PHP's 'magic_quotes_gpc' 

setting is disabled, an unauthenticated remote attacker can exploit this to execute arbitrary 

code on the remote host subject to the privileges of the web server user ID. Note that this 

version of the ZABBIX web interface is also likely affected by a local file inclusion 

vulnerability and a cross-site request forgery vulnerability. The reported version of 

ZABBIX is: \n %L \n 



FileZilla < 0.9.31 SSL/TLS Packet Overflow DoS 




RISK: 

MEDIUM 



remote host is running FileZilla version: \n %L \n\nThis version of FileZilla is reported to 

be vulnerable to a Denial of Service (DoS) attack. The nature of the attack seems to take 

place within the SSL/TLS code. An attacker exploiting this flaw would be able to crash the 

service. 


CVE-2009-0884 

IBM Tivoli Storage Manager < 5.4.2.6 / 5.5.1.8 Overflow 



running the IBM Tivoli Storage Manager version: \n %L \n\nThis version of TSM contains 

a client that is prone to a remote buffer overflow. An attacker exploiting this flaw would 

need the ability to send malicious data to the service. Successful exploitation would result 

in the attacker executing arbitrary code on the system. 

Solution: Upgrade to version 5.4.2 6, 5.5.1.8 or higher. 

CVE-2009-0869 

Nucleus CMS < 3.40 Unspecified Traversal Arbitrary File Access 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is vulnerable to a directory traversal flaw.\n\nThe remote 

host is running Nucleus CMS version: \n %L \n\nNucleus is a content-management system 

that runs on PHP web servers. This version of Nucleus is vulnerable to a flaw in the way 

that the media manager handles user-supplied data. An attacker can traverse out of the web 

directory and gain access to data that may be confidential. 


CVE-2009-0929 

WINS Server Detection 


Description: The remote host is running the Windows Internet Name Server (WINS). 

Solution: N/A 




Apache modsecurity Plugin Detection 


Description: The remote host is running the Apache web server with the optional 'modsecurity' 

module installed. Modsecurity is an open source web application firewall (WAF). 

The reported version of modsecurity was: \n %L 

Solution: N/A 


PostgreSQL Error Message Conversion Remote DoS 


RISK: 

MEDIUM 



remote host is running PostgreSQL version '%L'\n\nThis version of PostgreSQL is 

vulnerable to a denial of service when processing malformed SQL statements. To exploit 

this flaw, an attacker would need a valid account and the ability to execute custom queries. 

Successful exploitation would result in the attacker shutting down the database. 


CVE-2009-0922 



RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is vulnerable to multiple attack vectors.\n\nAccording to its 

banner, the version of iTunes installed on the remote host is older than 8.1. The reported 

version is: \n %L \n\nSuch versions may be affected by multiple vulnerabilities : \n\n - It 

may be possible to cause a denial of service by sending a maliciously crafted DAAP header 

to the application. Note that this flaw only affects iTunes running on a Windows host. 

(CVE-2009-0016)\n\n - When subscribing to a podcast an authentication dialog may be 

presented without clarifying the origin of the authentication request. An attacker could 

exploit this flaw in order to steal the user's iTunes credentials. (CVE-2009-0143)"); 


CVE-2009-0016 

IBM Tivoli Storage Manager < 5.4.4.1 Overflow 





running the IBM Tivoli Storage Manager version: \n %L \n\nThis version of TSM is 

reported vulnerable to a remote buffer overflow. An attacker exploiting this flaw would be 

able to execute arbitrary code on the remote system. 


CVE-2008-4563 

WebSphere '.ear' File Detection 


Description: The remote web server is hosting .ear files. .ear files are compressed source code containers 

that contain all of the source code and resource files for a particular web application. An 

attacker gaining access to this file can use any common decompression software and gain 

access to the source code and resource files. This can lead to the loss of confidential data 

and possibly more sophisticated future attacks. The '.ear' file is located at '%P' 

Solution: N/A 


WebSphere '.war' File Detection 


Description: The remote web server is hosting .war files. .war files are compressed source code 

containers that contain all of the source code and resource files for a particular web 

application. An attacker gaining access to this file can use any common decompression 

software and gain access to the source code and resource files. This can lead to the loss of 

confidential data and possibly more sophisticated future attacks. The '.war' file is located at 

'%P' 

Solution: N/A 


Cisco Phone Client Detection (SCCP) 


Description: Synopsis :\n\nThe remote client uses the Skinny protocol.\n\nThe remote client is a phone 

that understands the Skinny protocol, also known as SCCP, for 'Skinny Client Control 

Protocol'. Skinny is Cisco's proprietary lightweight terminal control protocol used by some 

VoIP phones to communicate with Cisco CallManager or Asterisk PBX systems. 

Solution: N/A 




Cisco Phone Server Detection (SCCP) 


Description: Synopsis :\n\nThe remote server supports the Skinny protocol.\n\nThe remote server is an 

H.323 proxy that understands the Skinny protocol, also known as SCCP, for 'Skinny Client 

Control Protocol'. Skinny is Cisco's proprietary lightweight terminal control protocol used 

by some VoIP phones to communicate with Cisco CallManager or Asterisk PBX systems. 

Solution: N/A 





version of Thunderbird is earlier than 2.0.0.21. Such versions are potentially affected by the 

following security issues : \n\n - There are several stability bugs in the browser engine that 

may lead to crashes with evidence of memory corruption. (MFSA 2009-01)\n\n - By 

exploiting stability bugs in the browser engine, it might be possible for an attacker to 

execute arbitrary code on the remote system under certain conditions. (MFSA 2009-07)\n\n 

- It may be possible for a website to read arbitrary XML data from another domain by using 

nsIRDFService and a cross-domain redirect. (MFSA 2009-09)\n\n - Vulnerabilities in the 

PNG libraries used by Mozilla could be exploited to execute arbitrary code on the remote 

system. (MFSA 2009-10)\n\nThe reported version of Thunderbird is: \n %L 


CVE-2009-0776 




version of SeaMonkey is earlier than 1.1.15. Such versions are potentially affected by the 

following security issues : \n\n - There are several stability bugs in the browser engine that 

may lead to crashes with evidence of memory corruption. (MFSA 2009-01)\n\n - Cookies 

marked HTTPOnly are readable by JavaScript via the 

'XMLHttpRequest.getResponseHeader' and 'XMLHttpRequest.getAllResponseHeaders' 

APIs. (MFSA 2009-05)\n\n - By exploiting stability bugs in the browser engine, it might be 

possible for an attacker to execute arbitrary code on the remote system under certain 

conditions. (MFSA 2009-07)\n\n - It may be possible for a website to read arbitrary XML 

data from another domain by using nsIRDFService and a cross-domain redirect. (MFSA 

2009-09)\n\n - Vulnerabilities in the PNG libraries used by Mozilla could be exploited to 

execute arbitrary code on the remote system. (MFSA 2009-10) \n\nThe reported version of 

SeaMonkey is: \n %L 




CVE-2009-0776 

Umbraco Version Detection 


Description: The remote host is running Umbraco, a web content management system. The reported 

version information is: \n %L 

Solution: N/A 


POLICY - OS X Insecure Software Update Transfer 


Description: The remote client was running software on OS X that performed an insecure software 

update over HTTP. The file which was retrieved was: %L 

Solution: N/A 

Mac .dmg File Detection 



Description: The remote web server is hosting .dmg files. These are Mac executable files. As an 

example, consider the following file %P\nThe webmaster should make sure that they 


Solution: N/A 


DNS Tunneling Client Detection (HTTP) 


Description: The remote client appears to be tunneling traffic over a DNS server. There are a number of 

DNS tunneling clients that allow internal hosts to bypass firewall and proxy inspection. As 

an example, consider the following observed DNS query: %L 

realtime 

Solution: Manually inspect both traffic and client to ensure that such usage is in alignment with 

existing policies and guidelines. 




DNS Tunneling Client Detection (HTTP) 





realtime 




DNS Tunneling Server Detection (HTTP) 


Description: The remote client appears to be a server that is used to tunnel traffic. There are a number of 


an example, consider the following observed DNS query: %P\n\nFollowed by the 

following DNS response: %L 

realtime 




DNS Tunneling Server Detection (HTTP) 


Description: The remote client appears to be a server that is used to tunnel traffic. There are a number of 


an example, consider the following observed DNS query: %P\n\nFollowed by the 

following DNS response: %L 

realtime 




Synergy Protocol Server Detection 




Description: The remote host is a Synergy server. Synergy is a protocol that allows a single mouse and 

keyboard to be shared over multiple systems across a network. Given this, it is often used 

within software packages for remote administration. 

Solution: N/A 


Synergy Protocol Client Detection 


Description: The remote host is a Synergy client. Synergy is a protocol that allows a single mouse and 

keyboard to be shared over multiple systems across a network. Given this, it is often used 

within software packages for remote administration. 

Solution: N/A 


DNS Tunneling Client Detection (SMTP) 





realtime 




DNS Tunneling Client Detection (SMTP) 





realtime 

Solution: Manually inspect both the traffic and the client to ensure that such usage is in alignment 

with existing policies and guidelines. 




Trojan/Backdoor Detection - Conficker Detection 



program.\n\nThe remote host seems to be infected by the Conficker worm. This worm has 

several capabilities that allow an attacker to execute arbitrary code on the remote operating 

system. The remote host might also be attempting to propagate the worm to third-party 

hosts. 

realtime 

Solution: Update your antivirus and perform a full scan of the remote operating system. 


Trojan/Backdoor Detection - Conficker Detection 



program.\n\nThe remote host seems to be infected by the Conficker worm. This worm has 

several capabilities that allow an attacker to execute arbitrary code on the remote operating 

system. The remote host might also be attempting to propagate the worm to third-party 

hosts. 

realtime 

Solution: Update your antivirus and perform a full scan of the remote operating system. 


Serv-U < 8.0.0.1 Multiple Vulnerabilities (DoS, Traversal) 



is running Serv-U File Server, an FTP server for Windows. The reported version is: \n %L 

\n\nThis version of Serv-U is earlier than 8.0.0.1 and is reportedly affected by the following 

issues : \n\n - A directory traversal vulnerability enables an authenticated remote attacker to 

create directories outside his or her home directory. (CVE-2009-1031)\n\n - An 

authenticated remote attacker can cause the FTP service to become saturated for a long 

period of time using a long series of 'SMNT' commands without an argument. During this 

time, new connections would not be allowed. (CVE-2009-0967) 


CVE-2009-1031 







following security issues : \n\n - An XSL transformation vulnerability can be leveraged 

with a specially crafted stylesheet to crash the browser or to execute arbitrary code. (MFSA 

2009-12)\n\n - An error in the XUL tree method '_moveToEdgeShift()' can be leveraged to 

trigger garbage collection routines on objects that are still in use, leading to a browser crash 

and possibly execution of arbitrary code. (MFSA 2009-13) \n\nThe reported version of 

Firefox is: \n %L 


CVE-2009-1169 

Xlight FTP Server Authentication SQL Injection 


Description: Synopsis : \n\nThe remote host is vulnerable to a SQL Injection attack.\n\nThe version of 

Xlight FTP installed on the remote host is vulnerable to a SQL injection attack during 

login. This allows an attacker to execute arbitrary SQL commands in the context of the FTP 

server. Installations that are not using external ODBC authentication are not affected by 

this vulnerability. The reported version of Xlight is: \n %L 


CVE-2009-4795 

ClamAV < 0.95 Scan Evasion 


RISK: 

MEDIUM 



to its version, the clamd antivirus daemon on the remote host is earlier than 0.95. Such 

versions fail to handle certain malformed 'RAR' archive files, and hence it may be possible 

for certain archive files to evade detection from the scan engine. 


CVE-2009-1241 




RISK: 

MEDIUM 



Description: Synopsis : \n\nThe remote host is vulnerable to multiple attack vectors.\n\nAtlassian JIRA, 

a web-based application for bug tracking, issue tracking and project management, installed 

on the remote web server is affected by one or more of the following issues : \n\n - A 

cross-site scripting issue due to its failure to sanitize user-supplied input that is then 

returned in the HTTP response header.\n\n - A cross-site scripting issue within the 'DWR' 

library\n\n - A cross-site scripting issue within the 'Charting' plugin.\n\nThe reported 

version of Atlassian is: \n %L \n 



Apache TomCat mod_jk < 1.2.27 Cross-user Information Disclosure 



sensitive files or data.\n\nThe remote host is running the Apache Tomcat web server with 

mod_jk version %L\n\n. mod_jk is reported vulnerable to an information disclosure flaw 

due to the way that it processes 'Content-Length' headers. Allegedly, an attacker supplying 

a NULL content-length can view the HTTP responses of other requests. An attacker 

exploiting this flaw would be able to possibly gain access to confidential data. 


CVE-2008-5519 

phpMyAdmin file_path Parameter Multiple Vulnerabilities (PMASA-2009-1) 


RISK: 

MEDIUM 



phpMyAdmin installed on the remote host fails to sanitize user-supplied input to the 

'file_path' parameter of the 'bs_disp_as_mime_type.php' script before using it to read a file 

and reporting it in dynamically generated HTML. An unauthenticated remote attacker may 

be able to leverage this issue to read arbitrary files, possibly from third-party hosts, or to 

inject arbitrary HTTP headers in responses sent to third-party users. In addition, the version 

of phpMyAdmin is reportedly vulnerable to a number of other flaws. The reported version 

of phpMyAdmin is: \n %L \n 

Solution: Upgrade to version 3.1.3.1 or apply the patch referenced in the project's advisory. 







version, the clamd antivirus daemon on the remote host is earlier than 0.95.1. Such versions 

are affected by multiple vulnerabilities : \n\n- ClamAV might crash while scanning certain 

malicious files packed with UPack. (Bug #1552)\n\n- ClamAV might crash while using 

'cli_url_canon'. (Bug #1553)\n\nThe current version of ClamAV on the remote host is: \n 

%L \n 


CVE-2009-1372 

Microsoft TMG Proxy Detection 


Description: The remote host is a proxy server running the Microsoft Threat Management Gateway 

(TMG) software. 

Solution: N/A 


SeaMonkey < 1.1.16 XSL Transformation Overflow DoS 


Description: Synopsis :\n\nThe remote host is vulnerable to a buffer overflow.\n\nThe installed version 

of SeaMonkey is earlier than 1.1.16. An XSL transformation vulnerability in such versions 

can be leveraged with a specially crafted stylesheet to crash the browser or to execute 



CVE-2009-1169 

Policy - .divx File Detection 


Description: The remote web server is hosting .divx audio/video files. As an example, consider the 

following file %P\nThe webmaster should make sure that they are in compliance with 


Solution: N/A 







Application Server 6.0.2 before Fix Pack 33 appears to be running on the remote host. Such 

versions are reportedly affected by multiple vulnerabilities :\n\n - Provided an attacker has 

valid credentials, it may be possible to hijack an authenticated session. (PK66676)\n\n - 

The PerfServlet code writes sensitive information in the 'systemout.log' and ffdc files, 

provided Performance Monitoring Infrastructure (PMI) is enabled. (PK63886)\n\n - It may 

be possible to login to the administrative console using a user account that is locked by the 

operating system. (PK67909)\n\n - An unknown vulnerability affects z/OS-based IBM 

WebSphere application servers. (PK71143)\n\n - An unspecified vulnerability in the 

administrative console could allow arbitrary file retrieval from the remote system. 

(PK72036)\n\n - If APAR PK41002 has been applied, an unspecified vulnerability in 

JAX-RPC WS-Security component could incorrectly validate 'UsernameToken'. 

(PK75992)\n\n - Certain files associated with interim fixes for Unix-based versions of IBM 

WebSphere Application Server are built with insecure file permissions. (PK78960)\n\nThe 

reported version of WebSphere is: %L\n 


CVE-2009-0506 





versions are reportedly affected by multiple vulnerabilities.\n\n - Under certain conditions it 

may be possible to access administrative console user sessions. (PK74966)\n\n - The 

adminitrative console is affected by a cross-site scripting vulnerability. (PK77505)\n\n - If 

APAR PK41002 has been applied, an unspecified vulnerability in JAX-RPC WS-Security 

component could incorrectly validate 'UsernameToken'. (PK75992)\n\n - Sample 

applications shipped with IBM WebSphere Application Server are affected by cross-site 

scripting vulnerabilities. (PK76720)\n\n - Certain files associated with interim fixes for 

Unix-based versions of IBM WebSphere Application Server are built with insecure file 

permissions. (PK77590)\n\n - The Web Services Security component is affected by an 

unspecified security issue in digital-signature specification. (PK80596)\n\n - It may be 

possible for an attacker to read arbitrary application-specific war files. (PK81387)\n\n - The 

application is prone to a session-highjacking vulnerability related to the 'forced logout' 

feature. (PK74966)\n\n - A vulnerability affects the XML Digital Signature Specification in 

the web services security component. (PK80596)\n\nThe reported version of WebSphere is: 

%L\n 


CVE-2009-0903 

FTP Server .divx file Detection 




Description: The remote FTP server is hosting .divx files. As an example, consider the following file 




Solution: N/A 


Oracle Database Version Detection 


Description: The remote host is running an Oracle database server version %L 

Solution: N/A 


Oracle Database Client Detection 


Description: The remote client is running Oracle client software used to remotely manage or query an 

Oracle server. 

Solution: N/A 


Oracle Database Server Detection 


Description: The remote host is an Oracle database server. 

Solution: N/A 







versions are reportedly affected by multiple vulnerabilities :\n\n - Provided an attacker has 

valid credentials, it may be possible to hijack an authenticated session. (PK66676)\n\n - It 

may be possible for a remote attacker to redirect users to arbitrary sites using 

ibm_security_logout servlet. (PK71126) \n\n - Under certain conditions it may be possible 

to access administrative console user sessions. (PK74966)\n\n - If APAR PK41002 has 


een applied, an unspecified vulnerability in JAX-RPC WS-Security component could 

incorrectly validate 'UsernameToken'. (PK75992)\n\n - Sample applications shipped with 

IBM WebSphere Application Server are affected by cross-site scripting vulnerabilities. 

(PK76720)\n\n - The adminitrative console is affected by a cross-site scripting 

vulnerability. (PK77505)\n\n - It may be possible for an attacker to read arbitrary 

application-specific war files. (PK81387)\n\n - A session highjacking vulnerability exists in 

the 'forced logout' feature. (PK74966)\n\nThe reported version of WebSphere is: %L\n 


CVE-2009-0506 

phpMyAdmin < 3.1.3.2 Multiple Code Execution Vulnerabilities (PMASA-2009-4) 


Description: Synopsis :\n\nThe remote web server contains a PHP application that may allow execution 

of arbitrary code\n\nThe setup script included with the version of phpMyAdmin installed 

on the remote host does not properly sanitize user-supplied input before using it to generate 

a config file for the application. This version has the following vulnerabilities : \n\n - The 

setup script inserts the unsanitized verbose server name into a C-style comment during 

config file generation. \n\n - An attacker can save arbitrary data to the generated config file 

by altering the value of the 'textconfig' parameter during a POST request to config.php. An 

unauthenticated remote attacker may be able to leverage these issues to execute arbitrary 

PHP code. 

Solution: Upgrade to version 3.1.3.2 or apply the patches referenced in the project's advisory. 

CVE-2009-1285 






following security issues :\n\n - Multiple remote memory corruption vulnerabilities exist 

that can be exploited to execute arbitrary code in the context of the user running the 

affected application. (MFSA 2009-14)\n\n - A flaw may exist where Unicode box drawing 

characters are allowed in Internationalized Domain Names where they could be visually 

confused with punctuation used in valid web addresses. An attacker can leverage this to 

launch a phishing-type scam against a victim. (MFSA 2009-15)\n\n - A vulnerability exists 

when the 'jar:' scheme is used to wrap a URI which serves the content with 

'Content-Disposition: attachment'. An attacker can leverage this to subvert sites which use 

this mechanism to mitigate content injection attacks. (MFSA 2009-16)\n\n - When an 

Adobe Flash file is loaded via the 'view-source:' scheme, the Flash plugin misinterprets the 

origin of the content as localhost. An attacker can leverage this to launch cross-site request 

forgery attacks. It is also possible to exploit this to place cookie-like objects on victims' 

computers. (MFSA 2009-17)\n\n - A vulnerability exists that allows attackers to inject 

arbitrary scripts into sites via XBL bindings. This vulnerability requires the attacker to have 


the ability to embed third-party stylesheets into the site. (MFSA 2009-18)\n\n - Multiple 

remote code execution vulnerabilities exist caused by the creation of documents whose URI 

does not match the document's principle using XMLHttpRequest, as well as a flaw in the 

'XPCNativeWrapper.ToString' '__proto__' coming from the wrong scope. (MFSA 

2009-19)\n\n - A malicious MozSearch plugin could be created using a JavaScript: URI in 

the SearchForm value. An attacker can leverage this in order to inject code into arbitrary 

sites. (MFSA 2009-20)\n\n - An information disclosure vulnerability exists when saving the 

inner frame of a web page as a file when the outer page has POST data associated with it. 

(MFSA 2009-21)\n\n - A cross site scripting vulnerability exists when handling a Refresh 

header containing a JavaScript: URI. (MFSA 2009-22)" ); 


NTOP < 

CVE-2009-1312 


Description: Synopsis : \n\nThe remote host is vulnerable to a local flaw in the way that it creates log 

files.\n\nThe remote host is running NTOP, a tool for viewing network configuration, 

usage, statistics, protocols and more via a web interface. This version of NTOP is reported 

to be prone to a local exploit. Specifically, a local attacker can overwrite the 'access' log 

file. The remote host is only vulnerable if the NTOP service has been started with the 

'--access-log-file' and '-d' option. The reported version of NTOP is: \n %L \n 



BlackBerry Enterprise Server < 4.1.6 MR5 XSS 


RISK: 

MEDIUM 



remote host is running the Blackberry Enterprise Server version: \n %L \n\nThis version is 

reportedly vulnerable to a cross-site scripting flaw due to the way that it handles 

user-supplied input. An attacker exploiting this flaw would need to be able to convince a 

user to click on a link. Successful exploitation would result in the attacker executing 

arbitrary script code within the browser of the user. \nIAVT Reference : 


Solution: Upgrade to version 4.1.6 MR5 (4.1.6.5) or higher. 

CVE-2009-0307 





Description: Synopsis :\n\nThe remote host is vulnerable to multiple attack vectors\n\nThe installed 

version of Thunderbird is earlier than 2.0.0.22. Such versions are potentially affected by the 

following security issues :\n\n - Multiple remote memory corruption vulnerabilities exist 

which can be exploited to execute arbitrary code in the context of the user running the 

affected application. (MFSA 2009-14)\n\n - A flaw may exist where Unicode box drawing 

characters are allowed in Internationalized Domain Names where they could be visually 

confused with punctuation used in valid web addresses. An attacker can leverage this to 

launch a phishing-type scam against a victim. (MFSA 2009-15)\n\n - A vulnerability exists 

when the 'jar:' scheme is used to wrap a URI which serves the content with 

'Content-Disposition: attachment'. An attacker can leverage this to subvert sites which use 

this mechanism to mitigate content injection attacks. (MFSA 2009-16)\n\n - When an 

Adobe Flash file is loaded via the 'view-source:' scheme, the Flash plugin misinterprets the 

origin of the content as localhost. An attacker can leverage this to launch cross-site request 

forger attacks. It is also possible to exploit this to place cookie-like objects on victim's 

computers. (MFSA 2009-17)\n\n - A vulnerability exists which allows attackers to inject 

arbitrary scripts into sites via XBL bindings. This vulnerability requires the attacker to have 

the ability to embed third-party stylesheets into the site. (MFSA 2009-18)\n\n - Multiple 

remote code execution vulnerabilities exist caused by the creation of documents whose URI 

does not match the document's principle using XMLHttpRequest, as well as a flaw in the 

'XPCNativeWrapper.ToString' '__proto__' coming from the wrong scope. (MFSA 

2009-19)\n\n - A malicious MozSearch plugin could be created using a javascript: URI in 

the SearchForm value. An attacker can leverage this in order to inject code into arbitrary 

sites. (MFSA 2009-20)\n\n - An information disclosure vulnerability exists when saving the 

inner frame of a web page as a file when the outer page has POST data associated with it. 

(MFSA 2009-21)\n\n - A cross site scripting vulnerability exists when handling a Refresh 

header containing a javascript: URI. (MFSA 2009-22)" ); 

Solution: Upgrade to Mozilla Thunderbird 2.0.0.22 or later. 

CVE-2009-1840 

MySQL 6.0 < 6.0.10 XPath Expression DoS 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is vulnerable to a Denial of Service (DoS) attack\n\nThe 

version of MySQL 6.0 installed on the remote host is earlier than 6.0.10 and thus affected 

by a denial of service vulnerability. Specifically, a user can cause an assertion failure 

leading to a server crash by calling 'ExtractValue()' or 'UpdateXML()' using an XPath 

expression employing a scalar expression as a 'FilterExpr'. For your information, the 

reported version of MySQL is: \n %L 

Solution: Upgrade to MySQL Community Server version 6.0.10 or later. 

CVE-2009-0819 

MySQL Community Server Version Detection 




Description: The remote host is running the MySQL Community server (GPL) version: \n %L 

Solution: N/A 


Google Chrome < 1.0.154.59 Same Origin Policy Bypass Vulnerability 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host contains a web browser that is affected by a same origin 

bypass vulnerability.\n\nThe version of Google Chrome installed on the remote host is 

earlier than 1.0.154.59. Such versions are reportedly affected by a same origin policy 

bypass vulnerability when handling URLS with a 'chromehtml: ' protocol which could 

allow an attacker to run scripts of his choosing on any page or enumerate files on the local 

disk.\n\nIf a user has Google Chrome installed, visiting an attacker-controlled web page in 

another browser could cause Google Chrome to launch, open multiple tabs, and load scripts 

that run after navigating to a URL of the attacker's choice (Issue number 9860).\nFor your 

information, the exact browser version is: \n %L 

Solution: Upgrade to Google Chrome 1.0.154.59. 


OrangeHRM < 2.4.2 Multiple Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is vulnerable to multiple attack vectors\n\nThe remote host 

is running OrangeHRM, a human resource management system written in PHP. The 

reported version of OrangeHRM is: \n %L \n\nThe version of OrangeHRM installed on the 

remote host fails to sanitize input to the 'Time Mod', 'Benefits Mod', 'Leave Mod', 'PIM 

Mod', and 'Admin Mod' parameters. Given this, an authenticated user may be able to 

bypass security restrictions and gain access to confidential data. In addition, the version of 

OrangeHRM is vulnerable to multiple cross-site scripting (XSS) attacks. An attacker, 

exploiting these XSS flaws, would be able to execute script code within the browser of an 

unsuspecting OrangeHRM user. 

Solution: Upgrade to version 2.4.2 or higher 


DB2 9.1 < Fix Pack 7 Information Disclosure 



RISK: 

MEDIUM 



Description: Synopsis : \n\nThe remote database server is affected by an information disclosure 

vulnerability\n\nAccording to its version, the installed version of DB2 server is older than 

9.1 Fix Pack 7. Such versions are reportedly affected by an information disclosure 

vulnerability. Specifically, in certain situations an INNER JOIN predicate is applied before 

the OUTER JOIN predicate, which could result in disclosure of sensitive information. 

(JR31886). The reported versoin of DB2 is: \n %L \n 

Solution: Apply DB2 Version 9.1 Fix Pack 7 or later. 

CVE-2009-1239 

Fortify 360 Web Interface Detection 


Description: The remote web server is running the web interface for Fortify 360, a web interface to 

analyze the results of source code audits. As this interface is likely to contain sensitive 

information, make sure only authorized personnel can log into this site. The interface is 

available via the following URI: %P 

Solution: Make sure the proper access controls are put in place 


Firefox 3.0.9 Memory Corruption 


Description: Synopsis : \n\nThe remote host contains a web browser that is affected by a memory 

corruption vulnerability.\n\nThe installed version of Firefox is 3.0.9. This version is 

potentially affected by a memory corruption vulnerability. Specifically : \n\n - An error in 

function '@nsTextFrame: : ClearTextRun()' could corrupt the memory. Successful 

exploitation of this issue may allow arbitrary code execution on the remote system. (MFSA 

2009-23)\n\nThe reported version of Firefox is: \n %L 

Solution: Upgrade to Firefox 3.0.10 or later. 

CVE-2009-1313 

ESET Anti-Virus Version Detection 



RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is Missing a critical security patch or upgrade\n\nThe 

remote client is running the ESET Anti-virus engine. The version information of the 

signature database and the core engine are: \n %L \n\nThis version of ESET is vulnerable to 

a flaw wherein attackers can bypass the scan engine by submitting files within specially 

formatted 'CAB' archives. An attacker, exploiting this flaw, would be able to pass malicious 

code through the scan engine. 


Solution: Upgrade to ESET update 4036 or higher. 


Citrix Web Interface 4.6/5.0/5.0.1 XSS 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a cross-site scripting attack.\n\nThe remote 

host is running Citrix Web Interface, a tool for connecting to Citrix services through a web 

browser. The reported version of Citrix Web Interface is: \n%L\n\nThe version of Citrix 

Web Interface installed on the remote host is affected by an unspecfied cross-site scripting 

vulnerability. An attacker, exploiting this cross-site scripting flaw, would be able to execute 

script code within the browser of an unsuspecting Citrix Web Interface user. 

Solution: Upgrade to Citrix Web Interface 5.1.0 or later. 

CVE-2009-2454 

Flash Media < 3.0.4/3.5.2 Privilege Escalation 


Description: Synopsis : \n\nThe remote host is vulnerable to a remote 'privilege escalation' flaw\n\nThe 

remote host is running Flash Media server version: \n %L \n\nThis version of Flash Media 

server is vulnerable to a flaw wherein malicious script code can be injected and executed 

via an RPC call. An attacker, exploiting this flaw, would need access to the application port 

and the ability to send malformed requests to the service port. An attacker, exploiting this 

flaw, would be able to escalate privileges on the remote system. 

Solution: Adobe has released Flash Media Server versions 3.04 and 3.5.2 to address these flaws 

CVE-2009-1365 



RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is vulnerable to multiple attack vectors\n\nThe version of 

MyBB installed on the remote host is vulnerable to an html-injection flaw. An attacker, 

exploiting this flaw, would be able to execute script code within the browser of an 

unsuspecting user. Allegedly, the host is also vulnerable to several unspecified 

vulnerabilities. While the details are sketchy, the vendor has addressed the issue. The 

reported version of MyBB is: \n %L \n 

Solution: Upgrade to MyBB 1.4.6 or later. 




ESET Anti-Virus Version Detection 


Description: The remote client is running the ESET Anti-virus engine. The version information of the 

signature database and the core engine are: \n %L 

Solution: N/A 


Avira Anti-Virus Version Detection 


Description: The remote client is running the Avira Anti-Virus engine. The version information of the 

signature database and the core engine are: \n %L 

Solution: N/A 


Avira Anti-Virus Zip File Scan Evasion 


RISK: 

MEDIUM 



remote client is running the Avira Ant-Virus engine. The version information of the 

signature database and the core engine are: \n %L \n\nThis version of the Avira scan engine 

is vulnerable to a flaw wherein attackers can bypass the scan engine by submitting files 

within specially formatted 'ZIP' archives. An attacker, exploiting this flaw, would be able to 

pass malicious code through the scan engine. 

Solution: Upgrade to Avira scan engine 8.2.0.148/7.9.0.148 



IBM Tivoli Storage Manager < 5.2.5.4/5.3.6.6/5.4.2.7/5.5.2 Multiple Vulnerabilities 



is running the IBM Tivoli Storage Manager version: \n %L \n\nThis version of TSM is 

reported vulnerable to multiple remote buffer overflows. An attacker, exploiting these 

flaws, would be able to execute arbitrary code on the remote system. In addition, the 

application is vulnerable to a flaw wherein attackers may be able to access confidential data 

on the remote system. Lastly, a vulnerability exists wherein attackers can execute 

man-in-the-middle attacks against the Windows and AIX SSL client. \n 


Solution: The vendor has released versions 5.2.5.4, 5.3.6.6, 5.4.2.7, and 5.5.2 to address these issues 

CVE-2008-4828 

Mort Bay Jetty < 6.1.17 Multiple Vulnerabilities 


Description: Synopsis : \n\nThe remote host is vulnerable to multiple attack vectors\n\nThe remote 

instance of Mort Bay Jetty is vulnerable to a number of flaws. First, the application is 

vulnerable to a cross-site-scripting flaw when displaying web directory listings. Secondly, 

the application is prone to an information disclosure flaw which can be used to read files 

outside the web root. Note: in order for the second flaw to be executed, Jetty must have 

been configured to have DefaultServlet with support for aliases turned on. For your 

information, the reported version of Jetty is: \n %L \n 

Solution: Upgrade to Mort Bay Jetty 6.1.17 or later. 

CVE-2009-1524 

Openfire < 3.6.4 Arbitrary Password Manipulation 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote server can be tricked into modifying user credentials\n\nThe 

remote host is running Openfire / Wildfire, an instant messaging server supporting the 

XMPP protocol. According to its version, the installation of Openfire or Wildfire is 

affected by a vulnerability which would allow a remote attacker to change the password of 

any users. In particular, input sent to the 'passwd_change' parameter of the jabber: iq: auth 

routine is not sufficiently sanitized. An attacker, exploiting this flaw, would be able to gain 

access to any user account.\n\nThe reported version of Openfire is: \n %L \n 

Solution: Upgrade to Openfire version 3.6.4 or later. 

CVE-2009-1596 

IceWarp Merak WebMail Server < 9.4.2 Multiple Vulnerabilities 



RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote webmail server is vulnerable to multiple attack vectors.\n\nThe 

remote host is running IcewWarp WebMail Server - a webmail server for Windows and 

Linux. According to its banner, the version of IceWarp installed on the remote host is 

earlier 9.4.2. Such versions are reportedly affected by multiple vulnerabilities : \n\n -A SQL 

injection vulnerability in the search form of the web-based groupware component. 

(CVE-2009-1468)\n\n -A cross-site scripting vulnerability exists because the application 

fails to properly sanitize HTML emails. An attacker can exploit this flaw through the 

'cleanHTML()' function of the 'html/webmail/server/inc/tools.php' script. 


(CVE-2009-1467)\n\n - A cross site-scripting vulnerability exists because the applciation 

fails to properly sanitize RSS feeds. An attacker can exploit this flaw through the 

'cleanHTML()' function of the 'html/webmail/server/inc/rss/rss.php' script. 

(CVE-2009-1467)\n\n - An input validation flaw in the 'Forgot Password' function on the 

login page. (CVE-2009-1469)\n\nAn attacker could exploit these flaws to steal sensitive 

information, upload files, or possibly execute arbitrary code subject to the privileges of the 

affected application.\n\nFor your information, the version of IceWarp installed is : \n %L 

Solution: Upgrading to IceWarp Merak WebMail Server version 9.4.2 or later reportedly resolves the 

issues. 

CVE-2009-1469 




vectors.\n\nThe version of Google Chrome installed on the remote host is earlier than 

1.0.154.64. Such versions are reportedly affected by multiple vulnerabilities : \n\n - A 

failure to properly validate input from a renderer (tab) process could allow an attacker to 

crash the browser and possibly run arbitrary code with the privileges of the logged on user. 

(CVE-2009-1441)\n\n - A failure to check the result of integer multiplication when 

computing image sizes could allow a specially-crafted image or canvas to cause a tab to 

crash and possibly allow an attacker to execute arbitrary code inside the (sandboxed) 

renderer process. (CVE-2009-1442)\n\nFor your information, the exact browser version is: 

\n %L 

Solution: Upgrade to Google Chrome 1.0.154.64 or newer. 

CVE-2009-1442 

AVG Scanning Engine UPX Parsing Denial of Service Vulnerability 


Description: Synopsis : \n\nThe remote host is vulnerable to a flaw which allows malcode to be 

passed\n\nAVG Anti-Virus is installed on the remote Windows host. The version of AVG 

Anti-Virus installed on the remote host is affected by a flaw wherein remote attackers can 

bypass the scanning engine by sending specially formatted 'rar' and 'zip' archive files. An 

attacker, exploiting this flaw, would only need the ability to send email to valid recipients 

on the target server. Successful exploitation would result in the attacker being able to pass 

malware through the AVG server. For your information, the reported version, build, and 

license key is: \n %L \n 

Solution: Upgrade to AVG 8.5 323 or later. 

CVE-2009-1784 

A-A-S Server Detection 




Description: The remote host is running the A-A-S Application Access Server, a web application which 

facilitates remote access. The reported version is: \n %L 

Solution: N/A 


Mac OS X 10.5 < 10.5.7 Multiple Vulnerabilities 




contains security fixes for the following products : \n\n- Apache\n- ATS\n- BIND\n- 

CFNetwork\n- CoreGraphics\n-Cscope\n- CUPS\n- Disk Images\n- enscript\n- Flash 

player\n- Help Viewer\n- iChat\n- Internation Components for Unicode\n- IPSec\n- 

Kerberos\n- Kernel\n- Launch Services\n- libxml\n- Net-SNMP\n- Network Time\n- 

Networking\n- OpenSSL\n- PHP\n- QuickDraw Manager\n- ruby\n- Safari\n- Spotlight\nsystem_cmds\n- 

telnet\n- WebKit\n- X11\n- Terminal\n\nThe reported version of Mac OS 

X is: \n %L \n 


CVE-2009-1717 



Description: Synopsis :\n\nThe remote host is vulnerable to multiple attack vectors\n\nThe version of 

Safari installed on the remote Windows host is earlier than 3.2.3. Such versions are 

potentially affected by several issues :\n\n - A heap buffer overflow issue in the libxml 

library when handling long entity names could lead to a crash or arbitrary code execution. 

(CVE-2008-3529)\n\n - Multiple input validation issues exist in Safari's handling of 'feed:' 

URLs, which could be abused to execute arbitrary JavaScript code. (CVE-2009-0162)\n\n - 

A memory corruption issue in WebKit's handling of SVGList objects could lead to arbitrary 

code execution. (CVE-2009-0945) 

Solution: Upgrade to Safari 3.2.3 or later. 

CVE-2009-0945 

Sendmail < 8.13.2 Remote Overflow 



RISK: 

MEDIUM 



Description: Synopsis : \n\nThe remote host is vulnerable to a buffer overflow\n\nAccording to it's 

banner, the remote Sendmail server is running a version less than 8.13.2. There is a flaw in 

versions of Sendmail less than 8.13.2 which would allow a remote attacker to execute 

arbitrary code on the Sendmail system through the use of malfored X headers. The reported 

version of Sendmail is: \n %L \n 

Solution: Upgrade to Sendmail 8.13.2 or newer. 

CVE-2009-1490 

Google Chrome < 1.0.154.65 Remote Code Execution 




1.0.154.65. Such versions are reportedly affected by a memory corruption issue. An 

attacker could exploit this flaw in order to run arbitrary code inside the Google Chrome 

sandbox.\n\nFor your information, the exact browser version is: \n %L 

Solution: Upgrade to Google Chrome 1.0.154.65 or newer. 

CVE-2009-0945 

Avira Anti-Virus PDF File Scan Evasion 


RISK: 

MEDIUM 



remote client is running the Avira Anti-Virus engine. The version information of the 


is vulnerable to a flaw wherein attackers can bypass the scan engine by submitting specially 

formatted 'PDF' files. An attacker, exploiting this flaw, would be able to pass malicious 

code through the scan engine. 



Coppermine < 1.4.23 injection 



Description: Synopsis : \n\nThe remote host is vulnerable to a SQL Injection attack\n\nThe remote host 

is running Coppermine version: \n %L \n\nCoppermine is a web-based photo album written 

in PHP. This version of Coppermine is vulnerable to a SQL injection vulnerability when 

handling malformed data sent to the 'thumbnails.php', 'db_input.php', and 

'displayecard.php'. An attacker, exploiting this flaw, would be able to execute arbitrary 

SQL commands on the database server used by Coppermine. 


Solution: When available, upgrade to version 1.4.23 or higher. 


Sun GlassFish Enterprise Server Detection 


Description: The remote host is running the Sun GlassFish Enterprise Server. The version is:\n '%L' 

Solution: N/A 


Sun GlassFish Enterprise Server Multiple Vulnerabilities 


RISK: 

MEDIUM 



is running the Sun GlassFish Enterprise Server earlier than 2.1 Patch02. Such versions are 

reportedly affected by multiple vulnerabilities : \n\n - There are multiple input validation 

flaws that could lead to cross-site scripting attacks.\n\n - A local denial of service 

vulnerability in the HTTP engine.\n\n For your information, the installed version is: \n %L 

Solution: Sun has release a fix for this version of their server. Apply the referenced patches. 

CVE-2009-1553 

Winamp < 5.552 Buffer Overflow 


Description: Synopsis : \n\nThe remote host is vulnerable to a buffer overflow\n\nThe remote host is 

running Winamp, a media player for Windows. The version of Winamp installed on the 

remote host is earlier than 5.552. Such versions reportedly contain a flaw in the way that it 

handles malformed '.maki' files. A malfored file will cause a buffer overflow within the 

'gen_ff.dll' library. Successful exploitation will result in the attacker executing arbitrary 

code. An attacker, exploiting this flaw, would need to be able to entice a user into opening 

a malformed '.maki' file. For your information, the reported version of Winamp is: \n %L \n 

Solution: Upgrade to Winamp version 5.552 or later. 

CVE-2009-1831 


Pidgin < 2.5.6 Multiple Buffer Overflow Vulnerabilities 



Description: Synopsis : \n\nThe remote host is affected by multiple remote buffer overflow 

vulnerabilities.\n\nThe remote host is running Pidgin earlier than 2.5.6. Such versions are 

reportedly affected by multiple remote buffer overflow vulnerabilities : \n\n - A buffer 

overflow issue in the 'decrypt_out()' function can be exploited through specially crafted 

'QQ' packets. (CVE-2009-1374)\n\n - A buffer maintained by PurpleCircBuffer which is 

used by XMPP and Sametime protocol plugins can be corrupted if it's exactly full and then 

more bytes are added to it. (CVE-2009-1375)\n\n - A buffer overflow is possible when 

initiating a file transfer to a malicious buddy over XMPP. (CVE-2009-1373)\n\n - An 

integer-overflow issue exists in the application due to a n incorrect typecasting of 'int64' to 

'size_t'. (CVE-2009-1376)\n\nSuccessful exploitation could allow an attacker to execute 

arbitrary code on the remote host.For your information, the installed version of Pidgin is: \n 

%L 

Solution: Upgrade to Pidgin 2.5.6 or later. 

BASE < 1.4.3 XSS 

CVE-2009-1376 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is vulnerable to an HTML Injection attack\n\nThe remote 

host is running BASE, a web-based tool for analyzing alerts from one or more SNORT 

sensors. The version of BASE installed on the remote host allows a remote attacker to 

inject HTML and perform cross-site scripting (XSS) attacks against unsuspecting users. In 

order to inject the malicious code, the attacker would need the ability to log into the BASE 

system. Successful exploitation would result in the attacker executing script code within the 

browser of other BASE users. The two php scripts which are vulnerable to injection are: 

'base_ag_main.php' and 'base_qry_main.php'. For your information, the reported version of 

BASE is: \n %L 

Solution: Upgrade to BASE version 1.4.3 or later. 


SoulSeek Version Detection 


Description: The remote host is running the SoulSeek Peer to Peer application. SoulSeek is used to 

download and share files. As such, it should be authorized with respect to corporate 

policies and guidelines. The version of SoulSeek is: \n %L 

Solution: N/A 


lighttpd < 1.4.24 Information Disclosure 




RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is vulnerable to a flaw which allows attackers to retrieve 

sensitive files or data\n\nAccording to its banner, the version of lighttpd installed on the 

remote host is older than 1.4.24. Such versions may be affected by an 

information-disclosure vulnerability. Specifically, Lighttpd does not correctly handle a file 

name which has a trailing '\'. An attacker, exploiting this flaw, can request any file within 

the web root to download or view. This may lead to the loss of condidential data. For your 

information, the reported version of Lighttpd is: \n %L \n 

Solution: Update lighttpd to version 1.4.24 or later. 


DocuWiki Version Detection 


Description: The remote host is running the open source DocuWiki software. DocuWiki allows remote 

users to contribute dynamic content to the web interface. The reported version of DocuWiki 

is: \n %L 

Solution: N/A 




RISK: 

MEDIUM 



is running SquirrelMail, a web-based email client. The installed version of SquirrelMail is 

affected by multiple vulnerabilities : \n\n - Multiple cross-site scripting vulnerabilities.\n\n - 

A code-injection vulnerability affects the 'map_yp_alias' function which an attacker could 

exploit to execute arbitrary code subject to the privileges of the web server.\n\n - Multiple 

session-fixation issues could allow an attacker to steal an unsuspecting user's 

session.\n\nFor your information, the installed version of SquirrelMail is : \n %L 

Solution: Upgrade to SquirrelMail 1.4.18 or newer. 

CVE-2009-1579 

Avira Anti-Virus Multiple Scan Evasions 



RISK: 

MEDIUM 




remote client is running the Avira Anti-Virus engine. The version information of the 


is vulnerable to a flaw wherein attackers can bypass the scan engine by submitting specially 

formatted 'ZIP', 'CAB', 'RAR', or 'LH' files. An attacer, exploiting this flaw, would be able 

to pass malicious code through the scan engine. 



Simple Machines < 1.1.9 / 2.0.0 RC1 XSS 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is vulnerable to a cross-site scripting attack.\n\nThe remote 

host is running Simple Machines Forum. The installed version is earlier than 1.1.9 / 2.0.0 

RC1-1. Such versions fail to properly sanitize user-supplied images identified as 

'image/bmp' MIME types. Successful exploitation would result in an attacker executing 

script code within the browsers of other users. For your information, the reported version of 

Simple Machines Forum is: \n %L 

Solution: Upgrade to Simple Machines Forum 1.1.9 / 2.0.0 RC1-1 


NSD packet.c Off-By-One Buffer Overflow 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote DNS server is vulnerable to a remote buffer overflow 

attack.\n\nThe remote host is running a version of NSD DNS Server which has a stack 

buffer overflow vulnerability. A remote attacker could overwrite one byte in memory, 

leading to a denial of service. It is possible, but unlikely, that this vulnerability could result 

in remote code execution. For your information, the reported version of NSD is: \n %L 

Solution: Upgrade to NSD version 3.2.2 or later, or apply the patch referenced in the vendor's 

advisory. 


iTunes < 8.2 Remote Overflow 



Description: Synopsis : \n\nThe remote host is vulnerable to a remote buffer overflow 

attack.\n\nAccording to its banner, the version of iTunes installed on the remote host is 

older than 8.2. Such versions may be affected by a remote buffer overflow when parsing 

'items: ' URLs. An attacker could exploit this flaw to execute arbitrary code on the remote 


host subject to the privileges of the user running the application. For your information, the 

installed version of iTunes is: \n %L 

Solution: Upgrade to iTunes 8.2 or later. 

CVE-2009-0950 



Description: Synopsis : \n\nThe remote host contains an application that is vulnerable to multiple attack 

vectors.\n\nThe version of QuickTime installed on the remote host is older than 7.6.2. Such 

versions contain multiple vulnerabilities : \n\n - A memory corruption issue exists in 

QuickTime's handling of 'Sorenson 3' video files. (CVE-2009-0188)\n\n - A heap buffer 

overflow exists in the handling of 'FLC' compression files. (CVE-2009-0951)\n\n - A 

buffer overflow may occur when processing compressed 'PSD' images. 

(CVE-2009-0952)\n\n - An integer overflow exists in the handling of 'PICT' images could 

lead to a heap buffer overflow. (CVE-2009-0010), (CVE-2009-0953)\n\n - A heap buffer 

overflow could occur when handling 'Clipping Region' atom types in a movie file. 

(CVE-2009-0954)\n\n - A heap buffer overflow exists in the handling of 'MS ADPCM' 

encoded audio data. (CVE-2009-0185)\n\n - A sign extension issue exists in the handling of 

image description atoms. (CVE-2009-0955)\n\n - An uninitialized memory access issue 

exists when handling movie files with a zero user data atom size. (CVE-2009-0956)\n\n - A 

heap buffer overflow exists in the handling of 'JP2' images. (CVE-2009-0957)\n\nFor your 

information, the installed version of QuickTime is : \n %L 

Solution: Upgrade to QuickTime 7.6.2 or later. 

CVE-2009-0957 

DB2 9.1 < Fix Pack 7 / 9.5 < Fix Pack 4 Multiple Vulnerabilities 


RISK: 

MEDIUM 



its version, the installation of DB2 9.1 / 9.5 on the remote host is affected by one or more of 

the following issues : \n\n - A denial-of-service issue when the application processes 

crafted IPv6 addresses in the correlation token. (IZ38874)\n\n - A security-bypass issue 

exists in the application when LDAP-based authentication is used. (LI73778)\n\nFor your 

information, the observed version of DB2 was: \n %L 

Solution: Apply DB2 9.1 Fix Pack 7 or DB2 9.5 Fix Pack 4 

CVE-2009-1906 


Apache Tomcat < 4.1.40 / 5.5.28 / 6.0.20 Multiple Vulnerabilities 



RISK: 

MEDIUM 

Description: Synopsis : \n\nThe remote web server is affected by multiple vulnerabilities.\n\nThe 

version of Apache Tomcat installed on the remote host is affected by a multiple 

vulnerabilities : \n\n - A username enumeration vulnerability exists when FORM based 

authentication with either the MemoryRealm, DataSourceRealm, or JDBCRealm is used. 

(CVE-2009-0580)\n\n - A denial of service exists if Tomcat receives a request with invalid 

headers via the Java AJP connector. (CVE-2009-0033)\n\n - A remote 

information-disclosure vulnerability exists in the 'RequestDispatcher' can be exploited to 

gain access to content in the 'WEB-INF' directory. (CVE-2008-5515)\n\n - It is possible for 

a web application to replace the XML parser used by Tomcat to process 'web.xml', 

'context.xml', and 'tld' files.\n\nFor your information, the reported version of Apache 

Tomcat is : \n %L 

Solution: Upgrade to Apache Tomcat 4.1.40 / 5.5.28 / 6.0.20 

CVE-2009-0783 

LogMeIn 'cfgadvanced.html' HTTP Header Injection 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is affected by a HTTP header injection 

vulnerability.\n\nThe remote host is a LogMeIn server awaiting remote connections. The 

installed version of LogMeIn is 4.0.784 or earlier. Such versions are reportedly affected by 

a HTTP header injection vulnerability. An attacker could exploit this in order to launch 

various attacks including cross-site scripting, and cross-site request forgery. For your 

information, the installed version is: \n %L 

Solution: Disable this service if it is not needed. 





issues.\n\nThe version of Safari installed on the remote host is earlier than 4.0. Such 

versions are potentially affected by numerous issues in the following components : \n\n - 

CFNetwork\n\n - CoreGraphics\n\n - ImageIO\n\n - International Components for 

Unicode\n\n - libxml\n\n - Safari\n\n - Safari Windows Installer\n\n - WebKit\n\nFor your 

information, the reported version of Safari is : \n %L 

Solution: Upgrade to Safari 4.0 or later. 

CVE-2009-1718 



Microsoft SharePoint Detection 


Description: The remote host is running a Microsoft SharePoint Server. The reported version of 

Microsoft SharePoint is: \n %L 

Solution: N/A 


Kerio MailServer < 6.6.2 Patch 3 / 6.7.0 Patch 1 XSS 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote mail server is vulnerable to cross-site scripting attacks.\n\nThe 

remote Kerio MailServer is earlier than 6.6.2 Patch 3 / 6.7.0 Patch 1. Such versions are 

reportedly affected by a cross-site scripting vulnerability in the 'Integration' page. For your 

information, the reported version of Kerio MailServer is : \n %L 

Solution: Upgrade to Kerio MailServer 6.6.2 Patch 3 / 6.7.0 Patch 1 

CVE-2009-2636 



Description: Synopsis :\n\nThe remote host contains a web browser that is vulnerable to multiple attack 


2.0.172.31. Such versions are reportedly affected by multiple issues :\n\n - A memory 

corruption issue exists in the way the WebKit handles recursion in certain DOM event 

handlers. (CVE-2009-1690)\n\n - WebKit's handling of drag events is affected by an 

information disclosure vulnerability. (CVE-2009-1718)\n\nFor your information, the 

reported browser version is \n%L 

Solution: Upgrade to Google Chrome 2.0.172.31 or later. 

CVE-2009-1718 

Cisco IronPort Detection 


Description: The remote host is running Cisco IronPort, an appliance for email and web security. Be 

sure that the installed version has the latest patches installed. For your information, the 

displayed banner is : \n %L 

Solution: N/A 




TACACS Client Detection 


Description: The remote host is configured to use TACACS authentication. Further, the client is 

configured to send authentication in plaintext. The observed UserID was: \n %L 

Solution: N/A 


TACACS Server Detection 


Description: The remote server is a TACACS authentication server. 

Solution: N/A 


SMB AndX File Handle Detection (client) 

PVS ID: 5053 FAMILY: Samba RISK: INFO NESSUS ID:Not Available 

Description: The remote client requested the following file: \n %L 

Solution: N/A 

realtimeonly 


SMB AndX File Handle Detection (server) 


Description: The remote server is hosting the following file:\n%P 

Solution: N/A 

realtimeonly 


FTP Server File Detection 




Description: The remote FTP server is hosting the following file:\n%P 

Solution: N/A 

realtimeonly 


FTP Client File Download Detection 


Description: The remote FTP client just downloaded the following file: \n %L 

Solution: N/A 

realtimeonly 


Big-IP Web Application Firewall Detection 


Description: Based on the modified HTTP headers, PVS has determined that the remote server is 

running the Big-IP web application firewall (WAF). A WAF is a security solution 

which applies rules based on HTTP content. For your information, the request sent 

by the client was: '%P' and the response was '%L'. 

Solution: N/A 


WebKnight Web Application Firewall Detection 


Description: Based on the modified HTTP headers, PVS has determined that the remote server is 

running the WebKnight web application firewall (WAF). A WAF is a security solution 

which applies rules based on HTTP content. For your information, the request sent by the 

client was: '%P' and the response was '%L'. 

Solution: N/A 


AirLock Web Application Firewall Detection 




Description: Based on the software 'Cookie', PVS has determined that the remote server is running the 

AirLock web application firewall (WAF). A WAF is a security solution which applies rules 

based on HTTP content. For your information, the request sent by the client was: '%P' and 

the response was '%L'. 

Solution: N/A 


Barracuda Web Application Firewall Detection 



Barracuda web application firewall (WAF). A WAF is a security solution which applies 

rules based on HTTP content. For your information, the request sent by the client was: '%P' 

and the response was '%L'. 

Solution: N/A 


F5 ASM Web Application Firewall Detection 



F5 ASM web application firewall (WAF). A WAF is a security solution which applies rules 



Solution: N/A 


F5 TrafficShield Web Application Firewall Detection 


Description: Based on the 'Server' HTTP headers, PVS has determined that the remote server is 

running the F5 TrafficShield web application firewall (WAF). A WAF is a security 

solution which applies rules based on HTTP content. For your information, the 

request sent by the client was: '%P' and the response was '%L'. 

Solution: N/A 


Teros Web Application Firewall Detection 




Description: Based on the software 'Cookies', PVS has determined that the remote server is running the 

Teros web application firewall (WAF). A WAF is a security solution which applies rules 



Solution: N/A 


NetContinuum Web Application Firewall Detection 


Description: Based on the software 'Cookies', PVS has determined that the remote server is running the 

NetContinuum web application firewall (WAF). A WAF is a security solution which 

applies rules based on HTTP content. For your information, the request sent by the client 

was: '%P' and the response was '%L'. 

Solution: N/A 


BinarySEC Web Application Firewall Detection 


Description: Based on the HTTP 'Server' header, PVS has determined that the remote server is running 

the BinarySEC web application firewall (WAF). A WAF is a security solution which 


was: '%P'.\n\nThe reported version of BinarySEC is: \n %L 

Solution: N/A 


HyperGuard Web Application Firewall Detection 


Description: Based on the HTTP 'Cookie' header, PVS has determined that the remote server is running 

the HyperGuard web application firewall (WAF). A WAF is a security solution which 


was: '%P' and the response was '%L' 

Solution: N/A 


Profense Web Application Firewall Detection 




Description: Based on the HTTP 'Server' header, PVS has determined that the remote server is running 

the Profense web application firewall (WAF). A WAF is a security solution which applies 


and the response was '%L' 

Solution: N/A 


Netscaler Web Application Firewall Detection 


Description: Based on the HTTP headers, PVS has determined that the remote server is running the 

Netscaler web application firewall (WAF). A WAF is a security solution which applies 



Solution: N/A 


dotDefender Web Application Firewall Detection 


Description: Based on the HTTP headers, PVS has determined that the remote server is running the 

dotDefender web application firewall (WAF). A WAF is a security solution which applies 



Solution: N/A 


NFS Directory Detection 


Description: The remote host is an NFS server and the following directory is accessible 

remotely:\n%P 

Solution: N/A 

NFS File Detection 

realtimeonly 





Description: The remote host is an NFS server hosting the following file:\n%P 

Solution: N/A 

realtimeonly 




Description: Synopsis : \n\nThe remote host contains a web browser that is susceptible to multiple attack 

vectors.\n\nThe installed version of Firefox is earlier than 3.0.11. Such versions are 

potentially affected by the following security issues : \n\n - Multiple memory corruption 

vulnerabilities could potentially be exploited to execute arbitrary code. (MFSA 

2009-24)\n\n - Certain invalid Unicode characters, when used as a part of IDN, can be 

displayed as a whitespace in the location bar. An attacker can exploit this vulnerability to 

spoof the location bar. (MFSA 2009-25)\n\n - It may be possible for local resources loaded 

via 'file: ' protocol to access any domain's cookies saved on a user's system. (MFSA 

2009-26)\n\n - It may be possible to tamper with SSL date via non-200 responses to proxy 

CONNECT requests. (MFSA 2009-27)\n\n - A race condition exists in 

'NPObjWrapper_NewResolve' when accessing the properties of a NPObject, a wrapped 

JSObject. (MFSA 2009-28)\n\n - If the owner document of an element becomes a null after 

garbage collection, then it may be possible to execute the event listeners within the wrong 

JavaScript context. An attacker can potentially exploit this vulnerability to execute arbitrary 

JavaScript with chrome privileges. (MFSA 2009-29)\n\n - When the 'file: ' resource is 

loaded from the location bar, the resource inherits principal of the previously loaded 

document. This could potentially allow unauthorized access to local files. 

(MFSA-2009-30)\n\n - While loading external scripts into XUL documents content-loading 

policies are not checked. (MFSA 2009-31)\n\n - It may also be possible for scripts from 

page content to run with elevated privileges. (MFSA 2009-32)\n\n For your information, 

the reported version of Firefox is : \n %L 


CVE-2009-1841 

ClamAV < 0.95.2 File Scan Evasion 



RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is running an anti-virus application that is affected by a file 

scan evasion vulnerability.\n\nAccording to its version, the clamd anti-virus daemon on the 

remote host is earlier than 0.95.2. Such versions are reportedly affected by a file scan 

evasion vulnerability. An attacker could exploit this flaw by embedding malicious code in a 

specially crafted 'CAB', 'RAR', or 'ZIP' archive in order to bypass the anti-virus software. 

For your information, the reported version of ClamAV on the remote host is: \n %L 


Solution: Upgrade to ClamAV 0.95.2 or later. 


Apple iPhone 3.x Detection 


Description: The remote host is an iPhone version 3.x mobile phone. The observed banner was: \n %L 

Solution: N/A 


Palm Pre Mobile Phone Detection 


Description: The remote host is a Palm Pre mobile phone. The observed banner was: \n %L 

Solution: N/A 




RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is running a web server that is vulnerable to multiple attack 

vectors.\n\nIBM WebSphere Application Server 6.0.2 before Fix Pack 35 appears to be 

running on the remote host. Such versions are reportedly affected by multiple 

vulnerabilities : \n\n - The administrative component's secure login page fails to redirect to 

an 'https: //' page when it receives an 'http: //' request. (PK77010)\n\n - An unspecified 

security issue affects 'wsadmin' in the 'SystemManagement/Repository' component. 

(PK77235)\n\n - An information disclosure vulnerability affects the 'Configservice APIs' in 

the Administrative Console' component. (PK84999)\n\n - An unspecified vulnerability 

affects the 'Security' component, which permits 'non-standard HTTP methods'. 

(PK773246)\n\nFor your information, the installed version of WebSphere is : \n %L 


CVE-2009-1901 






running on the remote host. Such versions are reportedly affected by multiple 


vulnerabilities : \n\n - The administrative component's secure login page fails to redirect to 

an 'https: //' page when it receives an 'http: //' request. (PK77010)\n\n - An unspecified 

security issue affects 'wsadmin' in the 'SystemManagement/Repository' component. 

(PK77235)\n\n - An information disclosure vulnerability affects the 'Configservice APIs' in 

the Administrative Console' component. (PK84999)\n\n - An unspecified vulnerability 

affects the 'Security' component, which permits 'non-standard HTTP methods'. 

(PK773246)\n\n - A security-bypass vulnerability when users use JAX-WS applications 

with a WS-Security policy set at the operational level. (PK87767)\n\n - A denial-of-service 

vulnerability caused because the application uses insecure obfuscation in web services. 

(PK79275)\n\n - An information disclosure vulnerability affecting the Migration 

component when WAS is migrated from version 6.1 to 7.0 and tracing is enabled. 

(PK80337)\n\n - A security-bypass issue caused by an error in the Single Sign-on with 

SPNEGO implementation. (PK77465)\n\n - A security-bypass vulnerability due to an 

unspecified error when configured with CSIv2 Security with Identity Assertion. 

(PK83097)\n\nFor your information, the installed version of WebSphere is : \n %L 


CVE-2009-0904 

RT: Request Tracker 'ShowConfigTab' Security Bypass 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is running a web application that is affected by a security 

bypass vulnerability.\n\nThe remote host is running RT: Request Tracker, an 

enterprise-grade ticketing system. The version detected is affected by a security bypass 

vulnerability because the 'ShowConfigTab' right unintentionally enabled users to edit 

global RT at a Glance. An attacker could exploit this to edit the application's configuration. 

For your information, the reported version of RT is : \n %L 

Solution: Upgrade to RT 3.6.8 / 3.8.4 





RISK: 

MEDIUM 




1.0.154.53. Such versions are reportedly affected by a multiple vulnerabilities : \n\n - The 

browser uses the HTTP Host header to determine the context of a 4xx/5xx CONNECT 

response from a proxy server. This could allow a man-in-the-middle attacker to execute 

arbitrary script code in the context of a legitimate server. (CVE-2009-2060)\n\n - The 

browser displays a cached certificate for 4xx/5xx CONNECT response pages from a proxy 

server. A man-in-the-middle attacker could exploit this by displaying a spoofed web page 

with the valid certificate of a legitimate website.\n\n For your information, the reported 


version of Google Chrome is : \n %L 


CVE-2009-2071 



RISK: 

MEDIUM 



vulnerabilities.\n\nAccording to its banner, the version of PHP installed on the remote host 

is earlier than 5.2.10. Such versions are reportedly affected by multiple vulnerabilities : \n\n 

- A restriction-bypass vulnerability could allow the execution of arbitrary commands when 

'safe_mode' is enabled 'safe_mode_exec_dir' is not set. This issue only affects PHP on 

Windows. (bug 45997)\n\n - A denial of service vulnerability is triggered when an 

application processes a 'JPEG' image file through a call to the 'exif_read_data()' function. 

(bug 48378).\n\nFor your information, the reported version of PHP is : \n %L 

Solution: Upgrade to PHP version 5.2.10 or later. 

CVE-2009-2687 

Microsoft .NET Hidden 'ViewState' Detection 


Description: The remote .NET application stores state information within a hidden form field. Further, 

the information is not hashed. Given this, an attacker can modify the ViewState string in 

transit and possibly alter the state or output of the .NET application. The path to the 

application is: %P 

Solution: Enable hashing of the ViewState string. This can be accomplished by setting 

'enableViewStateMac 



Google Chrome < 2.0.172.33 Buffer Overflow vulnerability 


Description: Synopsis : \n\nThe remote host contains a web browser that is vulnerable to a buffer 

overflow attack.\n\nThe version of Google Chrome installed on the remote host is earlier 

than 2.0.172.33. Such versions are reportedly affected by a buffer overflow vulnerability 

when handling certain responses from HTTP servers. An attacker could exploit this issue to 

cause a denial of service, or execute arbitrary code with the privileges of the logged on 

user. For you information, the reported version is : \n %L 



CVE-2009-2121 

Last Seen FTP Client Name 


Description: PVS observed at least one FTP session originating from this client address. PVS 

maintains the most recently seen FTP account used to download files. The detected 

user login string was:\n %L 

realtime 

Solution: N/A 




Description: Synopsis : \n\nThe remote host is running a web browser that is vulnerable to multiple 

attack vectors.\n\nThe remote host is running a version of Mozilla SeaMonkey earlier than 

1.1.17. Such versions are reportedly affected by multiple vulnerabilities : \n\n - Multiple 

remote memory-corruption vulnerabilities.\n\n - Content injection vulnerabilities.\n\n - An 

information disclosure vulnerability.\n\n - A cross-site scripting vulnerability.\n\n - A 

privilege escalation vulnerability.\n\n - A security bypass vulnerability.\n\n - A URI 

spoofing vulnerability.\n\nFor your information, the reported version of SeaMonkey is : \n 

%L 

Solution: Upgrade to SeaMonkey 1.1.17 or later. 

CVE-2009-1841 



Description: Synopsis : \n\nThe remote web server is running a PHP application that is 

vulnerable to a SQL-injection attack.\n\nThe remote web server is running a 

version of MyBB earlier than 1.4.7. Such versions reportedly fail to properly 

sanitize user-supplied data to the 'birthdayprivacy' parameter of the 'usercp.php' 

script before using it in an SQL query. An attacker could exploit this flaw to 

access or modify sensitive information. For your information, the reported version 

of MyBB is: \n %L 


CVE-2009-2230 

BASE < 1.2.5 Authentication Bypass 




RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is running a PHP application that is vulnerable to an 

authentication bypass attack.\n\nThe remote host is running BASE, a web-based tool for 

analyzing alerts from one or more SNORT sensors. The version of BASE installed on the 

remote host is earlier than 1.2.5. Such versions are reportedly fail to sufficiently validate 

'user', 'role', or passwords against the database in the 'readRoleCookie()' function of the 

'includes/base_auth.inc/php' script. An attacker could exploit this in order to bypass 

authentication and gain unauthorized access to the application. For your information, the 

reported version of BASE is: \n %L 

Solution: Upgrade to BASE version 1.2.5 


Samba < 3.3.6/3.2.13/3.0.35 Multiple Vulnerabilities 

PVS ID: 5087 FAMILY: Samba RISK: HIGH NESSUS ID:Not Available 

Description: Synopsis : \n\nThe remote Samba server may be affected by an unauthorized access 


host has a security bypass vulnerability. Access restrictions can be bypassed due to a read 

of uninitialized data in smbd. This could allow a user to modify an access control list 

(ACL), even when they should be denied permission.\n\nNote the 'dos filemode' parameter 

must be set to 'yes' in smb.conf in order for an attack to be successful (the default setting is 

'no'). For your information, the reported version of SAMBA is: \n %L 

Solution: Upgrade to Samba 3.3.6 / 3.2.13 / 3.0.35 or later, or apply the appropriate patch referenced 

in the project's advisory. 

CVE-2009-1886 



RISK: 

MEDIUM 



is running Movable Type, a blogging software for Unix and Windows platforms. The 

installed version is earlier than 4.26. Such versions are reportedly affected by multiple 

vulnerabilities : \n\n - An unspecified cross-site scripting vulnerability.\n\n - A 

security-bypass issue in the 'mt-wizard.cgi' script.\n\nFor your information, the reported 

version of Movable Type is : \n %L 

Solution: Upgrade to Movable Type 4.26 or later. 

CVE-2009-2481 

MyBB < 1.4.8 Multiple XSS 




RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server is running a PHP application that is affected by 

multiple attack vectors.\n\nThe remote web server is running a version of MyBB earlier 

than 1.4.8. Such versions reportedly fail to properly sanitize user-supplied data to 

unspecified parameters in the 'Archive' and 'Attachment' features of the application. An 

attacker could exploit this flaw to launch cross-site scripting attacks. For your information, 

the reported version of MyBB is: \n %L 



FireStats < 1.6.2 SQL Injection Vulnerability 


Description: Synopsis : \n\nThe remote web server is running a PHP application that is affected by 

multiple attack vectors.\n\nThe remote web server is running FireStats, a PHP-based 

website statistics application. The installed version of FireStats is earlier than 1.6.2. Such 

versions are reportedly affected by a SQL-injection vulnerability through an unspecified 

vector.\n\nFor your information, the reported version of FireStats is: \n %L 

Solution: Upgrade to FireStats 1.6.2 or later. 

CVE-2009-2144 

Joomla! < 1.5.12 Multiple Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server contains a PHP application that is vulnerable to 

multiple attack vectors.\n\nThe installed version of Joomla! is earlier than 1.5.12. Such 

versions are reportedly affected by multiple vulnerabilities : \n\n - A cross-site scripting 

vulnerability in the 'PHP_SELF' property. (20090605)\n\n - A cross-site scripting 

vulnerability in the 'HTTP_REFERER' parameter. (20090604)\n\n - An information 

disclosure vulnerability because several files were missing checks for JEXEC. 

(20090606)\n\nFor your information, the reported version of Joomla was: \n %L 

Solution: Upgrade to Joomla! 1.5.12 or later. 


Horde Passwd Module < 3.1.1 XSS 



RISK: 

MEDIUM 




cross-site scripting attacks.\n\nThe installation of Horde is using the Passwd module which 

provides support for changing passwords. The installed version of this module is earlier 

than 3.1.1. Such versions are reportedly affected by a cross-site scripting vulnerability that 

affects the 'backend' parameter of the 'main.php' script. An attacker can exploit this to 

execute arbitrary script code in the browser of an authenticated user.\nFor your 

information, the reported version of the Horde Passwd module is: \n %L 

Solution: Upgrade to Passwd H3 3.1.1 or later. 

CVE-2009-2360 

SMTP Client Account Detection 


Description: The host is an SMTP client using the following email address. 

realtime 

Solution: N/A 





Safari installed on the remote host is earlier than 4.0.2. Such versions are potentially 

affected by two issues : \n\n - A vulnerability in WebKit's handling of parent and top 

objects may allow for cross-site scripting attacks. (CVE-2009-1724)\n\n - A memory 

corruption in WebKit's handling of numeric character references could lead to a crash or 

arbitrary code execution. (CVE-2009-1725)\n\nFor your information, the reported version 

of Safari is: \n %L 


CVE-2009-1725 

Bugzilla < 3.2.4/3.4 RC1 Security-Bypass Vulnerability 



RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is affected by a security bypass vulnerability.\n\nThe 

remote web server is running a version of Bugzilla earlier than 3.2.4/3.4 RC1. Such 

versions reportedly allow authenticated users who do not belong to the 'canconfirm' group 

to modify the status of bugs. An attacker could exploit this to change the status of bug 

reports. The reported version of Bugzilla is: \n %L 


Solution: Upgrade to Bugzilla 3.2.4/3.4 RC1 




RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server is running a PHP application that is vulnerable to 

multiple attack vectors.\n\nThe remote host is running a version of WordPress earlier than 

2.8.1. Such versions are reportedly affected by multiple vulnerabilities : \n\n - A username 

enumeration weakness caused by the application displaying different responses to login 

requests depending on the existence of the supplied username. (CVE-2009-2334)\n\n - A 

security-bypass vulnerability in the 'wp-admin/admin.php' script when it is called with the 

'pages' parameter set to a plug-in configuration page. An authenticated attacker could 

exploit this to gain access to configuration scripts. (CVE-2009-2335)\n\nThe reported 

version of WordPress is: \n %L 

Solution: Upgrade to WordPress 2.8.1/WordPress MU 2.8.1 or later. 

CVE-2009-2336 

MediaWiki 1.14.0/1.15.0 Cross-Site Scripting Vulnerability 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server is running a PHP application that is affected by a 

cross-site scripting vulnerability.\n\nThe remote web server is running MediaWiki 1.14.0 or 

1.15.0. These versions reportedly fail to properly supply user-supplied input to the 'ip' 

parameter of the 'Special: Blocks' page. An attacker could exploit this flaw to launch 

cross-site scripting attacks. The reported version of MediaWiki is: \n %L 

Solution: Upgrade to MediaWiki 1.14.1/1.15.1 or later. 

CVE-2009-4589 

eDirectory < 8.8 SP5 Multiple Vulnerabilities 



RISK: 

MEDIUM 



is running eDirectory, a directory service from Novell. The installed version is earlier than 

8.8 SP5. Such versions are reportedly affected by multiple vulnerabilities : \n\n - An HTTP 

request containing a specially crafted 'Accept-Language' header can trigger a stack-based 

buffer-overflow. This issue affects the iMonitor service. (Bug 484007/446342)\n\n - A 

denial of service vulnerability exists when multiple wild-cards are used in RDN. (Bug 

458504)\n\n - A malformed bind LDAP packet can cause eDir to crash. (Bug 


492592)\n\nThe reported version of eDirectory is : \n %L 

Solution: Upgrade to eDirectory 8.8 SP5 or later. 

CVE-2009-0192 

Google Chrome < 2.0.172.37 Buffer Overflow 


Description: Synopsis : \n\nThe remote host contains a web browser that is vulnerable multiple attack 


2.0.172.37. Such versions are reportedly affected by multiple vulnerabilities : \n\n - A heap 

overflow exists when evaluating specially crafted regular expressions in Javascript. This 

could lead to a denial of service or the remote execution of arbitrary code withing the 

Google Chrome sandbox.\n\n - A memory corruption issue exists in the renderer process 

that could cause a denial of service or possibly allow arbitrary code execution with the 

privileges of the logged on user. \n\n - A denial-of-service issue when the application 

handles a maliciously crafted webpage containing a 'HTMLSelectElement' object with a 

large length attribute.\n\nThe reported version of Google Chrome is: \n %L 


CVE-2009-2535 

RealNetworks Helix Server 12.x Multiple DoS 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote media streaming server is affected by multiple denial of service 

vulnerabilities.\n\nAccording to its banner, The remote host is running version 12.x of 

RealNetworks Helix Server / Helix Mobile Server. Such versions are reportedly affected by 

multiple issues :\n\n - By sending a specially crafted 'RTSP' (SET_PARAMETERS) 

request with 'DataConvertBuffer' parameter set to empty, an attacker may be able to crash 

the remote Helix server process. (CVE-2009-2533)\n\n - By sending a 'SETUP' request 

without including a '/' character in it, a remote attacker may be able to crash the remote 

Helix server process. (CVE-2009-2534) 

Solution: Update to RealNetworks Helix Server / Helix Mobile Server 13.0.0 or later. 

CVE-2009-2534 






following security issues :\n\n - Multiple memory corruption vulnerabilities could 

potentially be exploited to execute arbitrary code. (MFSA 2009-34)\n\n - It may be possible 


to crash the browser or potentially execute arbitrary code by using a flash object that 

presents a slow script dialog. (MFSA 2009-35)\n\n - Glyph rendering libraries are affected 

by multiple heap/integer overflows. (MFSA 2009-36)\n\n - A vulnerability involving SVG 

element could be exploited to crash the browser or execute arbitrary code on the remote 

system. (MFSA 2009-37)\n\n - A vulnerability in 'setTimeout' could allow unsafe access to 

the 'this' object from chrome code. An attacker could exploit this flaw to run arbitrary 

JavaScript with chrome privileges. (MFSA 2009-39)\n\n - It may be possible for JavaScript 

from one website to bypass cross-origin wrapper, and unsafely access properties of an 

object from another website. (MFSA 2009-40) 


CVE-2009-2472 




version of Joomla! is earlier than 1.5.13. Such versions are reportedly affected by multiple 

vulnerabilities :\n\n - A flaw which affects the TinyMCE editor would allow a remote 

attack to upload and execute arbitrary files\n\n - A failure to parse user-supplied input to 

'JEXEC' would allow a remote attacker to glean internal path information 



RaidenHTTPD workspace.php ulang Parameter Local File Inclusion 



include attack.\n\nThe remote host is running RaidenHTTPD, a web server for Windows. 

The version of RaidenHTTPD installed on the remote host fails to sanitize user-supplied 

input to the 'ulang' parameter in scripts '/raidenhttpd-admin/workspace.php' and 

'/raidenhttpd-admin/menu.php' before using it to include PHP code. Provided the server's 

WebAdmin feature has been enabled, an unauthenticated remote attacker can leverage this 

issue to view arbitrary files or to execute arbitrary PHP code on the remote host, subject to 

the privileges under which the server operates, which is SYSTEM by default. 

Solution: Upgrade to RaidenHTTPD Server 2.0.27 or later. 

CVE-2007-6453 

CommuniGate Pro POP3 < 5.1c2 Buffer Overflow 



RISK: 

MEDIUM 



Description: Synopsis : \n\nThe remote host is vulnerable to an HTML Injection attack\n\nThe version 

of CommuniGate Pro running on the remote host is prone to an HTML injection flaw. The 

root cause of this flaw is a failure within the CommuniGate software when processing a 

specially formatted URI. An attacker, exploiting this flaw, would need to be able to entice a 

user into opening an email. Upon opening the email, the attacker would be able to execute 

arbitrary script code.\n\nFor your information, the reported version of CommuniGatePro is: 

\n %L \n 

Solution: Upgrade to CommuniGate Pro 5.2.15 or newer. 


Snitz Forum < 3.4.0.08 SQL Injection 



seems to be running Snitz Forum, a web forum application implemented in ASP. This 

version of Snitz ('%L') is reported vulnerable to a SQL injection flaw within the 'email' 

parameter of the 'register.asp' script. An attacker, exploiting this flaw, would send specially 

formed HTTP queries to the register.asp script. These queries would include SQL 

statements which would ultimately be executed on the database utilized by Snitz. 

Solution: Upgrade to Snitz Forum 3.4.0.08 or higher 

CVE-2003-0286 



RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is vulnerable to a cross-site scripting (XSS) attack\n\nThe 

remote host is running a version of WordPress earlier than 2.8.2. Such versions are 

reportedly affected by a cross-site scripting vulnerability. In particular, the 'uri' parameter 

of the 'wp-comments-post.php' script is not sufficiently sanitized. An attacker, exploiting 

this flaw, would be able to inject script code which would be executed within the browser. 

In order to exploit this flaw, the attacker would need to be able to entice an unsuspecting 

user into opening a specially formatted URI. For your information, the reported version of 

WordPress is: \n %L \n 

Solution: Upgrade to WordPress 2.8.1/WordPress MU 2.8.2 or later. 


ISC BIND Dynamic Update Message Handling Remote DoS 



RISK: 

MEDIUM 




version of BIND installed on the remote host suggests that it suffers from a denial of 

service vulnerability, which may be triggered by sending a malicious dynamic update 

message to a zone for which the server is the master, even if that server is not configured to 

allow dynamic updates. Note that PVS obtained the version by observing the response to a 

'version.bind', the value of which can be and sometimes is tweaked by DNS administrators. 

Solution: Upgrade to BIND 9.4.3-P3 / 9.5.1-P3 / 9.6.1-P3 or later 

CVE-2009-0696 

Squid 3.0.STABLE16 / 3.10.11 Remote DoS 


RISK: 

MEDIUM 



attack\n\nAccording to its banner, the version of the Squid proxy caching server installed 

on the remote host is older than 3.0.STABLE17 or 3.1.0.12. Such versions reportedly use 

incorrect bounds checking when processing some requests or responses. Squid-2.x releases 

are not vulnerable. 

Solution: Either upgrade to Squid version 3.0.STABLE17 or 3.1.0.12 or later or apply the patch 

referenced in the project's advisory above. 

CVE-2009-2622 

Adobe AIR < 1.5.2 Multiple Vulnerabilities (APSB09-10) 


Description: Synopsis :\n\nThe remote host is vulnerable to multiple attack vectors\n\nThe remote 

Windows host contains a version of Adobe AIR Player that is earlier than 1.5.2. Such 

versions are reportedly affected by multiple vulnerabilities :\n\n - A memory corruption 

vulnerability that could potentially lead to code execution. (CVE-2009-1862)\n\n - A 

privilege escalation vulnerability that could potentially lead to code execution. 

(CVE-2009-1863)\n\n - A heap overflow vulnerability that could potentially lead to code 

execution. (CVE-2009-1864)\n\n - A null pointer vulnerability that could potentially lead to 

code execution. (CVE-2009-1865)\n\n - A stack overflow vulnerability that could 

potentially lead to code execution. (CVE-2009-1866)\n\n - A clickjacking vulnerability that 

could allow an attacker to lure a web browser user into unknowingly clicking on a link or 

dialog. (CVE-2009-1867)\n\n - A URL parsing heap overflow vulnerability that could 

potentially lead to code execution. (CVE-2009-1868)\n\n - An integer overflow 

vulnerability that could potentially lead to code execution. (CVE-2009-1869)\n\n - A local 

sandbox vulnerability that could potentially lead to information disclosure when SWFs are 

saved to the hard drive. CVE-2009-1870) 

Solution: Upgrade to Adobe AIR version 1.5.2 or later." 

CVE-2009-1870 



Apple iPhone < 3.0.1 Overflow 


Description: Synopsis : \n\nThe remote host is vulnerable to a buffer overflow\n\nThe remote host is an 

iPhone version 3.x mobile phone. The observed banner was: \n %L \n\nThis version of 

iPhone is vulnerable to a flaw in the way that it handles malformed SMS text messages. An 

attacker, exploiting this flaw, would be able to execute arbitrary code on the remote system. 

Solution: Upgrade to iPhone version 3.0.1 or higher 

CVE-2009-2204 



RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server may be affected by several issues.\n\nAccording to 

its banner, the version of Apache 2.2 installed on the remote host is older than 2.2.12. Such 

versions may be affected by several issues : \n\n - A denial-of-service vulnerability in the 

'mod_proxy' module could be exploited to cause the process to consume large amounts of 

CPU resources. (CVE-2009-1890)\n\n - The 'mod_deflate' module is prone to a remote 

denial-of-service vulnerability when large file downloads are terminated before completing. 

(CVE-2009-1891)\n\nPVS cannot determine whether the affected modules are in use. The 

installed version of Apache is: \n %L 

Solution: Either ensure that the affected modules are not in use or upgrade to Apache version 2.2.12 

or later. 

CVE-2009-1891 

VLC Media Player < 1.0.1 Remote Integer Underflow 


Description: Synopsis : \n\nThe remote host contains an application that is affected by an integer 

underflow vulnerability.\n\nThe version of VLC media player installed on the remote host 

is earlier than 1.0.1. Such versions contain a flaw in the 'modules/access/rtsp/real.c' file of 

VLC Player. If an attacker can trick a user into opening a specially crafted RDT data 

stream, he may be able to execute arbitrary code within the context of the affected 

application. The reported version of VLC is: \n %L 

Solution: Upgrade to VLC Media Player 1.0.1 or later. 


Firefox < 3.0.13/3.5.0 Multiple Vulnerabilities 




Description: Synopsis : \n\nThe remote host is vulnerable to multiple attack vectors.\n\nThe 

installed version of Firefox is earlier than 3.0.13/3.5.0. Such versions are 

reportedly potentially affected by the following security issues : \n\n - The browser 

can be fooled into trusting a malicious SSL server certificate with a null character 

in the host name. (MFSA 2009-42)\n\n - A heap overflow in the code that handles 

regular expressions in certificate names can lead to arbitrary code execution. 

(MFSA 2009-43)\n\nThe reported version of Firefox is: \n %L 

Solution: Upgrade to Firefox 3.5.0/3.0.13 or later. 

CVE-2009-2408 

Mozilla Firefox < 3.5.2/3.0.12 Multiple Vulnerabilities 



version of Mozilla Firefox is earlier than 3.5.2/3.0.12. Such versions are potentially 

affected by multiple issues : \n\n - A denial-of-service vulnerability when Firefox receives a 

reply from a SOCKS5 proxy which contains a DNS name longer than 15 characters. 

(CVE-2009-2470)\n\n - Multiple flaws exist in the 'libvorbis' library could lead to remote 

code execution. (CVE-2009-2663)\n\nThe reported version of Mozilla Firefox was: \n %L 

Solution: Upgrade to Mozilla Firefox 3.5.2/3.0.12 or later. 

CVE-2009-2663 

Mozilla Firefox < 3.0.13/3.5.2 Proxy Response DoS 



version of Firefox is earlier than 3.0.13/3.5.2. Such versions are reportedly affected by 

multiple memory corruption vulnerabilities. An attacker could exploit one of these issues to 

corrupt memory on the affected host and potentially run arbitrary code in the context of the 

user running the affected application. The reported version of Mozilla Firefox was: \n %L 


CVE-2009-2664 

Mozilla Firefox 3.5 < 3.5.2 Proxy Response DoS 



Description: Synopsis :\n\nThe remote host is affected by a privilege escalation vulnerability.\n\nThe 

installed version of Mozilla Firefox 3.5 is earlier than 3.5.2. Such versions are potentially 

affected by a privilege-escalation vulnerability. The issues exists when the browser with an 

add-on implementing a Content Policy opens pages that have a 'Link:' HTTP header. An 

attacker can exploit this issue to execute arbitrary JavaScript code with chrome 

privileges.\n%L 



CVE-2009-2665 

LoJack Software Detection 


Description: The remote host is running the 'Lojack' software for laptops. This software registers itself 

with a central Internet server which allows stolen devices to be tracked. 

Solution: N/A 


Apple GarageBand < 5.1 Information Disclosure 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is vulnerable to an information disclosure 

vulnerability.\n\nThe remote host is running Apple GarageBand, an application used to 

created music. The installed version of GarageBand is earlier than 5.1. Such versions 

potentially are affected by an issue caused by GarageBand changing the Apple Safari 

browser's preferences to cause the browser to accept cookies from third party sites. An 

attacker could exploit this to obtain sensitive information and track a user's web activities. 

The reported version of Apple GarageBand is: \n %L 

Solution: Upgrade to Apple GarageBand 5.1 or later. 

CVE-2009-2198 

IBM DB2 Client Detection 


Description: The remote host is an IBM DB2 client 

Solution: N/A 


WordPress < 2.8.3 Multiple Security Bypass Vulnerabilities 



RISK: 

MEDIUM 



is running a version of WordPress earlier than 2.8.3. Such versions are reportedly affected 

by multiple security-bypass vulnerabilities in the 'wp-admin' administrative scripts. 


Authenticated attackers can exploit this issue to gain access to administrative functions. For 

your information, the reported version of WordPress is: \n %L 

Solution: Upgrade to WordPress 2.8.3 or later. 


Bugzilla < 3.4.1 Information Disclosure 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to an information disclosure flaw.\n\nThe 

remote host is running Bugzilla, a bug-tracking software with a web interface. The version 

of Bugzilla on the remote host suffers from flaw which allows authenticated users who can 

edit bugs to view names of all products through the 'show_bug.cgi' script. 

Solution: Upgrade to Bugzilla 3.4.1 or later. 






contains security fixes for the following products : \n\n - bzip2\n - CFNetwork\n - 

ColorSync\n - CoreTypes\n - Dock\n - Image RAW\n - ImageIO\n - Kernel\n - launched\n 

- Login Window\n - MobileMe\n - Networking\n - XQuery\n\nFor your information, the 

reported version of Mac OS X is: \n %L 


CVE-2009-2194 

CMS Made Simple < 1.6.3 Local File Include Vulnerability 



RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server is running a PHP application that is affected by an 

information disclosure vulnerability.\n\nThe remote host is running CMS Made Simple, a 

web-based content manager written in PHP. The installed version of CMS Made Simple is 

earlier than 1.6.2. Such versions are potentially affected by an information disclosure 

vulnerability because they fail to properly sanitize user supplied data to the 'url' parameter 

of the 'modules/Printing/output.php' script. For your information, the reported version of 

CMS Made Simple is: \n %L 

Solution: Upgrade to CMS Made Simple 1.6.3 or later. 



Oracle Secure Enterprise Search 10.x Version Detection 


Description: The remote web server is running the Oracle Secure Enterprise Search version %L 

Solution: N/A 






affected by several issues : \n\n - A buffer overflow exists in the handling of EXIF 

metadata could lead to a crash or arbitrary code execution. (CVE-2009-2188)\n\n - A 

vulnerability in WebKit's parsing of floating point numbers may allow for remote code 

execution. (CVE-2009-2195)\n\n - A vulnerability in Safari may let a malicious website to 

be promoted in Safari's Top Sites. (CVE-2009-2196)\n\n - A vulnerability in how WebKit 

renders an URL with look alike characters could be used to masquerade a website. 

(CVE-2009-2199)\n\n - A vulnerability in WebKit may lead to the disclosure of sensitive 

information. (CVE-2009-2200)\n\n - A heap buffer overflow in CoreGraphics involving the 

drawing of long text strings could lead to a crash or arbitrary code execution. 

(CVE-2009-2468)\n\nFor your information, the reported version of Safari is: \n %L 


CVE-2009-2468 

WordPress < 2.8.4 Security Bypass Vulnerability 


RISK: 

MEDIUM 



remote host is running a version of WordPress earlier than 2.8.4. Such versions are 

potentially affected by a flaw in the 'reset_password()' function of the 'wp-login.php' script 

which allows an attacker to reset the password for the first account without a key in the 

database (usually the admin account). For your information, the reported version of 

WordPress is: \n %L 


CVE-2009-2762 

Microsoft IIS 7.0 Webserver Detection 




Description: The remote host is running an IIS 7.0 web server 

Solution: N/A 


MS09-036: Vulnerability in ASP.NET in Microsoft Windows Could Allow Denial of Service (970957) 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote .Net Framework is susceptible to a denial of service 

attack\n\nThe remote host is running a version of the .NET Framework component of 

Microsoft Windows that is suspectible to a denial of service attack due to the way 

ASP.NET manages request scheduling. Using specially crafted anonymous HTTP requests, 

an anonymous remote attacker can cause the web server to become unresponsive until the 

associated application pool is restarted. Note that the vulnerable code in the .NET 

Framework is exposed only through IIS 7.0 when operating in integrated mode. \nIAVB 

Reference : 2009-B-0036\nSTIG Finding Severity : Category I 

Solution: Microsoft has released a set of patches for .NET Framework 2.0 and 3.5 

CVE-2009-1536 

Microsoft SQL Client Detection 


Description: Detects Microsoft SQL clients. 

Solution: N/A 


Curl < 7.19.6 Certificate Validation Bypass Vulnerability 

RISK: Risk 

not available 



Description: Synopsis : \n\nThe remote host may be affected by a security bypass vulnerability.\n\nThe 

remote host is running Curl, a download client for various protocols. This version of Curl 

reportedly fails to properly validate the domain name in a signed CA certificate because the 

application stops reading the domain name when it encounters a NULL character. An 

attacker can exploit this by obtaining a legitimate certificate for a subdomain that contains a 

NULL character. This issue only affects Curl when it is compiled against OpenSSL. For 

your information, the reported version of Curl is: \n %L 

Solution: Upgrade to Curl version 7.19.6 



CVE-2009-2417 

ViewVC < 1.0.9 Multiple Vulnerabilities 


RISK: 

MEDIUM 



is running ViewVC, a web-based interface for CVS and Subversion. The installed version 

of ViewVC is earlier than 1.0.9. Such versions are potentially affected by multiple issues : 

\n\n - A cross-site scripting vulnerability in the 'view' parameter.\n\n - An unspecified 

vulnerability that may allow attackers to print illegal parameter names and values.\n\nFor 

your information, the reported version of ViewVC is: \n %L 

Solution: Upgrade to ViewVC 1.0.9 or later. 


Sun Java System Access Manager 7.1 < Patch 2 Multiple Vulnerabilities 


RISK: 

MEDIUM 



is running a version of Sun Java System Access Manager 7.1 earlier than Patch 2. Such 

versions are potentially affected by multiple issues : \n\n - A vulnerability may allow 

unauthorized access to resources by revealing passwords to remote users who have 

privileges to access the administration console. (1-66-242166-1)\n\n - A sub-realm 

administrator may be able to escalate their privileges and access the root realm as an 

administrator. (1-66-249106-1)\n\n - A username-enumeration weakness could allow an 

attacker to determine valid user-names. (1-66-242026-1)\n\nFor your information, the 

installed version of Sun Java System Access Manager is: \n %L \nIAVT Reference : 


Solution: Upgrade to Sun Java System Access Manager 7.1 Patch 2. This may require different 

patches depending on your installation type. 

CVE-2009-0348 


Sun Java System Access Manager 7.1 < Patch 3 Multiple Vulnerabilities 



is running a version of Sun Java System Access Manager 7.1 earlier than Patch 3. Such 

versions are potentially affected by multiple issues :\n\n - A vulnerability related to the 

CDCServlet component may result in policy advice being presented to the wrong client. 

(1-66-25968-1)\n\n - The software amy disclose clear text passwords in debug files when 

the debug flag is enabled. A local unprivileged user could gain unauthorized access to user 

identities.\n\n - A vulnerability may exist when the server processes specially crafted XML 


documents which may allow an attacker to crash the service or possibly execute arbitrary 

code.\n\nFor your inforation, the installed version of Sun Java System Access Manager 

is:\n\n%L 

Solution: Upgrade to Sun Java System Access Manager 7.1 Patch 3 or later. This may required 

different patches depending your installation type. 

CVE-2008-4226 

Sun OpenSSO Enterprise 8.0 < Patch1 Update1 Memory Corruption 


Description: Synopsis : \n\nThe remote host is vulnerable to a denial-of-service attack.\n\nThe remote 

host is running a version of Sun OpenSSO Enterprise 8.1 earlier than Patch1 Update1. Such 

versions are potentially affected by a memory corruption vulnerability which an attacker 

could exploit to crash the affected service, or potentially execute arbitrary code through a 

specially crafted XML document. For your information, the reported version of Sun 

OpenSSO Enterprise is: \n %L 

Solution: Upgrade to Sun OpenSSO Enterprise 8.0 Patch1 Update1. This may require different 

patches depending on your installation type. 

CVE-2008-4226 

MySQL Database Server Detection 


Description: The remote web server is running the MySQL database server 

Solution: N/A 


MySQL Database Client Detection 


Description: The remote web server is running a MySQL database client 

Solution: N/A 


Pidgin < 2.5.9 Buffer Overflow 




Description: Synopsis : \n\nThe remote host is affected by a buffer overflow vulnerability.\n\nThe 

remote host is running Pidgin 2.5.9. Such versions reportedly trigger an memcpy to an 

invalid location in memory when receiving two consecutive specially crafted SLP message. 

For your information, the reported version of Pidgin is: \n %L 


CVE-2009-2694 

Buildbot < 0.7.11p3 Multiple Cross-site Scripting Vulnerabilities 


RISK: 

MEDIUM 



is running Buildbot, a software project to automate the compile test cycle for software 

projects. The installed version is earlier than 0.7.11p3. Such versions are potentially 

affected by multiple cross-site scripting vulnerabilities. For your information, the reported 

version of Buildbot was: \n %L 

Solution: Upgrade to Buildbot 0.7.11p3 or later. 

CVE-2009-2967 

TortoiseSVN < 1.5.6 / 1.6.0-1.6.3 Multiple Integer Overflows 



version of the TortoiseSVN is affected by multiple heap overflow issues. Specifically, the 

'libsvn_delta' library fails to perform sufficient boundary checks before processing certain 

svndiff streams. An attacker with commit access to a vulnerable Subversion server could 

exploit this vulnerability from a Subversion client to trigger a heap overflow on the server. 

Typically such an attack would result in a denial of service condition or arbitrary code 

execution. An attacker could also trigger this issue from a rogue Subversion server on a 

Subversion client in response to a checkout or update request. For your information, the 

reported version of TortoiseSVN is: \n %L 

Solution: Upgrade to TortoiseSVN 1.5.7/1.6.4 or later. 

CVE-2009-2411 


SVN < 1.5.6 / 1.6.0-1.6.3 Multiple Integer Overflows 



version of SVN is affected by multiple heap overflow issues. Specifically, the 'libsvn_delta' 

library fails to perform sufficient boundary checks before processing certain svndiff 

streams. An attacker with commit access to a vulnerable Subversion server could exploit 

this vulnerability from a Subversion client to trigger a heap overflow on the server. 


Typically such an attack would result in a denial of service condition or arbitrary code 

execution. An attacker could also trigger this issue from a rogue Subversion server on a 

Subversion client in response to a checkout or update request. For your information, the 

reported version of SVN is: \n %L 

Solution: Upgrade to SVN 1.5.7/1.6.4 or later. 

CVE-2009-2411 



Description: Synopsis : \n\nThe remote host contains a web browser that is vulnerable to a remote code 

execution attack.\n\nThe version of Google Chrome installed on the remote host is earlier 

than 2.0.172.43. Such versions have a flaw in the V8 Javascript engine which could 

potentially allow specially-crafted Javascript on a eb page to read unauthorize memory, 

bypassing security checks. An attacker could exploit this to run arbitrary code within the 

Chrome sand-box. For your information, the reported version of Google Chrome is: \n %L 


CVE-2009-2935 




Description: Synopsis : \n\nThe remote host is vulnerable to multiple attack 

vectors.\n\nIBM WebSphere Application Server 7.0 before Fix Pack 

5 appears to be running on the remote host. Such versions are 

reportedly affected by multiple vulnerabilities.\n\n - Invoking an 

MBean that does not have type key-property results in a 

NullPointerException. (PK78743)\n\n - Deployment fails to properly 

handle password in webservices client modules. (PK79275)\n\n - 

IBM-portlet-ext.xmi is not reading correctly the portlet serving 

enable parameter. (PK89385)\n\n - An attacker may be able to obtain 

sensitive information, caused by an error during the migration from 

WebSphere Application Server 6.1 to 7.0 when tracing is enabled. 

(PK80337)\n\n - Deploying new applications on WebSphere 

Application Server for z/OS prior to 1.8 can result in the application 

being saved on the file system with insecure permissions. 

(PK83308)\n\n - A security-bypass vulnerability due to a design 

error in the Single Sign-on with SPENEGO implementation. When 

setting the custom property 

'ws.webcontainer.invokefilterscompatibility' to true, an attacker can 

bypass the SSO authentication on security URLs. (PK77465)\n\n A 

security-bypass vulnerability due to an unspecified error when 

configured with CSIv2 Security is configured with Identity 

Assertion. (PK83097)\n\nFor your information, the reported version 


of WebSphere is: \n %L 


CVE-2009-2092 

Altiris Deployment Solution < 6.9.430 Multiple Vulnerabilities 


Description: Synopsis : \n\nThe remote Windows host is vulnerable to multiple attack vectors.\n\nThe 

version of Altiris Deployment Solution installed on the remote host is earlier than 6.9 SP3 

Build 430. Such versions are potentially affected by multiple issues : \n\n - An 

authentication bypass vulnerability when 'DBManager' authentication is used.\n\n - An 

authentication-bypass vulnerability caused by a race condition when files are transfered 

from the server to a client.\n\n A local privilege escalation vulnerability in the 'Aclient' 

client GUI. \n\n - A race-condition exists in the 'AClient' client application that an attacker 

can exploit to execute malicious commands with SYSTEM-level privileges. \n\nFor your 

information, the reported version of Altiris Deployment Solution is: \n %L 

Solution: Upgrade to Altiris Deployment Solution 6.9 SP3 Build 430 

CVE-2009-3109 

FlexCMS < 3.0 'CookieUsername' Parameter SQL Injection 


Description: Synopsis : \n\nThe remote host is vulnerable to a SQL injection attack.\n\nThe remote host 

is running FlexCMS, a content management system written in PHP. The installed version 

of FlexCMS is earlier than 3.0. Such versions are potentially affected by a SQL injection 

vulnerability in the 'CookieUsername' cookie parameter. An attacker, exploiting this flaw, 

may be able to compromise the application. Note, that this requires magic_quotes_gpc to be 

turned off.\n\nFor your information, the reported version of FlexCMS was: \n %L 

Solution: Upgrade to FlexCMS 3.0 or later. 


OpenOffice < 3.1.1 Multiple Vulnerabilities 



Description: Synopsis : \n\nThe remote host has a program that is vulnerable to multiple attack 

vectors.\n\nThe version of OpenOffice is earlier than 3.1.1. Such versions are potentially 

affected by several issues : \n\n - A boundary error when parsing certain records can be 

exploited to cause a heap-based buffer overflow via a specially crafted document. 

(CVE-2009-0201)\n\n - An integer underflow error when parsing certain records in the 

document table. (CVE-2009-0200)\n\n - A vulnerability in the parser of EMFS files can 

lead to the execution of arbitrary commands. (CVE-2009-2139)\n\nFor your information, 

the reported version of OpenOffice is: \n %L 



CVE-2009-0201 



RISK: 

MEDIUM 



Opera installed on the remote host is earlier than 10.00 and thus potentially affected by 

multiple issues : \n\n - The collapsed Address bar can in some cases temporarily show the 

previous domain of the present site. (930)\n\n - Certificates which use a wild card 

immediately before the top level domain, or nulls in the domain name, may pass validation 

checks in Opera. (934)\n\n - Some Unicode characters are treated incorrectly which might 

cause international domain names that use them to be shown in the wrong format. Showing 

these addresses in Unicode instead of punycode could allow for limited address spoofing. 

(932)\n\n - Opera does not check the revocation status for intermediate certificates not 

served by the server. (929)\n\nFor your information, the reported version of Opera is: \n 

%L 

Solution: Upgrade to Opera 10.00 or later. 




RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to cross-site request forgery.\n\nThe remote 

host is running SquirrelMail, a web-based email client. The installed version of 

SquirrelMail is potentially affected by cross-site request forgery vulnerabilities on all form 

submissions. For your information, the installed version of SquirrelMail is:%L 

Solution: Upgrade to SquirrelMail 1.4.20 RC1 or later. 

CVE-2009-2964 

Sybase SQL-Anywhere Database Server Detection 


Description: The remote server is running the Sybase SQL-Anywhere database server 

Solution: N/A 




Sybase SQL-Anywhere Database Client Detection 


Description: The remote web server is running a Sybase SQL-Anywhere database client 

Solution: N/A 


Sybase SQL-Anywhere Database Server Default Credentials 



credentials\n\nThe remote web server is running the Sybase SQL-Anywhere database 

server with default credentials. That is, the Sybase SQL Anywhere server ships with the 

default administrative credentials of 'dba/sql'. The PVS has just observed a user logging in 

using those credentials. 

Solution: Change the credentials and require an encrypted login 


Sun GlassFish Server 3.0 Preview Multiple Vulnerabilities 


RISK: 

MEDIUM 



is running the Sun GlassFish Server 3.0 Preview. This versions is potentially affected by 

multiple issues : \n\n - An information disclosure vulnerability affects the 'filename' and 

'file' parameters of the 'jsft_resource.jsf' script.\n\n - An information disclosure 

vulnerability affects the 'file' and 'filename' parameters of the 'scale_static_resource.jsf' 

script.\n\nFor your information, the reported version of Sun GlassFish is: \n %L 

Solution: Use the current stable version 2 of Sun GlassFish Enterprise Server. 







1.1.18. Such versions are potentially affected by multiple vulnerabilities : \n\n - A heap 

overflow vulnerability in the code that handles regular expressions in certificate names. 

(MFSA-2009-43)\n\n - A mismatch in the treatment of domain names in SSL certificates 

between SSL clients and the Certificate Authorities which issue server certificates. 

(MFSA-2009-42)\n\nFor your information, the reported version of SeaMonkey is: \n %L 



CVE-2009-2408 

Windows Media Services Remote Code Execution (MS09-047) 


Description: Synopsis : \n\nThe remote media streaming server is vulnerable to multiple remote code 

execution attack.\n\nThe remote host is running a version of Windows Media Services that 

is potentially affected by a remote code execution vulnerability when processing specially 

crafted media files. For your information, the reported version of Windows Media Services 

was: \n %L \nIAVA Reference : 2009-A-0076\nSTIG Finding Severity : Category II 

Solution: Apply the patches from Microsoft referenced above. 

CVE-2009-2499 

Windows Media Services Version Detection 


Description: The remote server is running Windows Media Services, an application for streaming video 

and audio files to remote hosts. The installed version of Windows Media Services is: \n %L 

Solution: N/A 


Sybase ASE (Adaptive Server Enterprise) Database Server Detection 


Description: The remote server is running the Sybase ASE (Adaptive Server Enterprise) database server 

Solution: N/A 


Sybase ASE (Adaptive Server Enterprise) Database Client Detection 


Description: The remote web server is running a Sybase ASE (Adaptive Server Enterprise) database 

client 

Solution: N/A 




Sybase ASE (Adaptive Server Enterprise) Database Server Default Credentials 



credentials\n\nThe remote web server is running the Sybase ASE (Adaptive Server 

Enterprise) database server with default credentials. That is, the Sybase ASE server ships 

with the default administrative credentials of 'sa/NULL'. The PVS has just observed a user 

logging in using those credentials. 

Solution: Change the credentials and require an encrypted login 


Flash Client Version Detection 


Description: The remote host is running the Flash client version: \n %L 

Solution: N/A 






versions contain multiple issues : \n\n - A memory corruption issue exists in the handling of 

H.264 movie files. (CVE-2009-2202)\n\n - A buffer overflow in the handling of MPEG-4 

video files. (CVE-2009-2203)\n\n - A heap buffer overflow exists in the handling of 

FlashPix files. (CVE-2009-2798)\n\n - A heap buffer overflow exists in the handling of 

H.264 movie files. (CVE-2009-2799)\n\nFor your information, the installed version of 

QuickTime is: \n %L 


CVE-2009-2799 

Apple iPhone < 3.1 Multiple Vulnerabilities 




is an Apple iPhone with an OS earlier than 3.1. Such versions are potentially affected by 

multiple issues: \n\n - An issue in WebKit's handling of the parent and top objects could 

result in cross-site scripting attacks. (CVE-2009-1724)\n\n - A memory corruption issue in 

WebKits's handling of numeric character references. (CVE-2009-1725)\n\n - The 

International Domain Name support and Unicode fonts embedded in Safari could be used 


to create a URL which contains look-alike characters. (CVE-2009-2199)\n\n - A heap 

buffer overflow exists in the handling of AAC or MP3 files. (CVE-2009-2206)\n\n - 

Spotlight finds and allows access to deleted messages in Mail folders on the device. 

(CVE-2009-2207)\n\n - The iPhone OS allows users to specify a 'Require Passcode' setting 

that may be greater than the 'Maximum Inactivity time lock' setting from Microsoft 

Exchange servers. (CVE-2009-2794)\n\n - A heap buffer overflow exists in Recovery 

Mode command parsing. (CVE-2009-2795)\n\n - When a character in a password is 

deleted, and the deletion is undone, the character is briefly made visible. 

(CVE-2009-2796)\n\n - Safari includes the user name and password from the original URL 

in the referer header. (CVE-2009-2797)\n\n - A null pointer dereference issue exists in the 

handling of SMS arrival notifications. (CVE-2009-2815)\n\nFor your information, the 

observed banner was: \n %L 

Solution: Upgrade to Apple iPhone OS 3.1 

CVE-2009-2815 

Mozilla Firefox < 3.0.14 / 3.5.3 Multiple Vulnerabilities 



version of Mozilla Firefox is earlier than 3.0.14 / 3.5.3. Such versions are potentially 

affected by multiple issues : \n\n - Multiple memory corruption vulnerabilities in the 

browser engine. (MFSA 2009-47)\n\n - When security modules are added or removed via 

pkcs11.addmodule or pkcs11.deletemodule, the resulting dialogue was not sufficiently 

informative which could lead an attacker to entice a victim to install a malicious PKCS11 

module. Note that Firefox 3.5.x releases are not affected. (MFSA 2009-38)\n\n - The 

columns of a XUL tree element could be manipulated in a particular way which would 

leave a pointer owned by the column pointing to freed memory. (MFSA 2009-49)\n\n - The 

default Windows font used to render the locationbar and other text fields was improperly 

displaying certain Unicode characters with tall line-height. (MFSA 2009-50)\n\n - The 

'BrowserFeedWriter' could be leveraged to run JavaScript code from web content with 

elevated privileges. (MFSA 2009-51)\n\nFor your information, the installed version of 

Firefox is: \n %L 


CVE-2009-3079 





contains security fixes for the following product : \n\n - Flash Player plug-in\n\nFor your 

information, the reported version of Mac OS X is: \n %L 




CVE-2009-1870 

MS09-047: Vulnerabilities in Windows Media Format (Windows 2000) 


Description: Synopsis : \n\nThe remote Windows host is affected by multiple attack vectors.\n\nThe 

remote Windows host contains a version of the Windows Media Format Runtime that is 

affected by multiple issues : \n\n - The ASF parser has an invalid free vulnerability. A 

remote attacker could exploit this by tricking a user into opening a specially crafted ASF 

file, which could lead to arbitrary code execution. (CVE-2009-2498)\n\n - The MP3 parser 

has a memory corruption vulnerability. A remote attacker could exploit this by tricking a 

user into opening a specially crafted MP3 file, which could lead to arbitrary code 

execution. (CVE-2009-2499)\n\nNote, that this patch is not available for unsupported 

Service Packs. For your information, the installed version of Windows Media Format 

Runtime is: \n %L \nIAVA Reference : 2009-A-0076\nSTIG Finding Severity : Category II 

Solution: Apply the patches in the Microsoft bulletin. 

CVE-2009-2499 

MS09-047: Vulnerabilities in Windows Media Format (Windows Server 2003) 









execution. (CVE-2009-2499)\n\nNote that this patch is not available for unsupported 




CVE-2009-2499 


MS09-047: Vulnerabilities in Windows Media Format (Windows XP 32-bit) 














CVE-2009-2499 

MS09-047: Vulnerabilities in Windows Media Format (Windows XP 64-bit) 













CVE-2009-2499 

MS09-047: Vulnerabilities in Windows Media Format (Windows Vista / Server 2008) 









execution. (CVE-2009-2499)\n\nFor your information, the installed version of Windows 

Media Format Runtime is: \n %L \nIAVA Reference : 2009-A-0076\nSTIG Finding 

Severity : Category II 


CVE-2009-2499 

Pidgin < 2.6.1 Multiple Vulnerabilities 


PVS ID: 5168 FAMILY: Internet Messengers NESSUS ID:40986 


RISK: 

MEDIUM 


is running Pidgin < 2.6.1. Such versions are potentially affected by multiple issues : \n\n - 

A denial-of-service vulnerability because it fails to properly handle malformed links sent 

via the Yahoo Instant Messenger protocol. (CVE-2009-3025)\n\n - A man-in-the-middle 

vulnerability exists because the application does not require the TLS/SSL preference to be 

enabled when connecting to older Jabber servers. (CVE-2009-3026)\n\nFor your 

information, the reported version of Pidgin is: \n %L 


CVE-2009-3026 

Bugzilla < 3.0.9/3.2.5/3.4.2 Multiple Vulnerabilities 



is running Bugzilla, a bug-tracking software with a web interface. The version of Bugzilla 

on the remote host is potentially affected by multiple flaws : \n\n - A SQL injection 

vulnerability in the 'Bug.search' WebService function. (CVE-2009-3125)\n\n - A SQL 

injection vulnerability in the 'Bug.create WebService function. (CVE-2009-3165)\n\n - 

When a user reset their password and then logged in immediately afterward, their password 

would appear in the URL of their browser. (CVE-2009-3166)\n\nFor your information, the 

installed version of Bugzilla is: \n %L 

Solution: Upgrade to Bugzilla 3.0.9, 3.2.5, or 3.4.2. 

CVE-2009-3166 




RISK: 

MEDIUM 



is running PostgreSQL, a database application. The version of PostgreSQL is potentially 

affected by multiple issues : \n\n - Authenticated non-superusers can shut down the 

backend server by re-LOAD-ing libraries in $libdir/plugins, if any libraries are present 

there.\n\n - A privilege escalation issue allows some actions to be performed with superuser 

privileges instead of table owner privileges. This is related to the fix for CVE-2007-6600 

which failed to include protection against misuse of 'RESET SESSION 

AUTHORIZATION'.\n\n - If PostgreSQL is configured with LDAP authentication, and 

your LDAP configuration allows anonymous binds, it is possible for a user to authenticate 

themselves with an empty password.\n\nFor your information, the installed version of 

PostgreSQL is: \n %L 

Solution: Upgrade to PostgreSQL 8.0.22, 8.1.18, 8.2.14, 8.3.8, or 8.4.1. 


CVE-2009-3231 

Horde < 3.3.4 / 3.3.5 Multiple Vulnerabilities 


RISK: 

MEDIUM 



multiple attack vectors.\n\nThe version of Horde, Horde Groupware, or Horde Groupware 

Webmail Edition installed on the remote host is potentially affected by multiple issues : 

\n\n - A vulnerability in the form library that allows the overwriting of arbitrary local files, 

subject to the permissions of the web server user. This issue occurs only when the 

application uses image form fields such as Turba H3 or Ansel.\n\n - Two cross-site 

scripting vulnerabilities in the preference system and the MIME viewer library.\n\nFor your 

information, the installed version of Horde is: \n %L 

Solution: Upgrade to Horde version 3.2.5 / 3.3.5 or later. 

Aria2 Detection 



Description: The remote host is running aria2, a client application used to download files via a number 

of protocols. 

Solution: N/A 


nginx Webserver Detection 


Description: The remote host is running nginx web server. 

Solution: N/A 


nginx HTTP Request Remote Buffer Overflow 



Description: Synopsis : \n\nThe remote web server is affected by a remote buffer overflow 

vulnerability.\n\nThe remote host is running a version of nginx web server that is 

potentially affected by a remote buffer overflow vulnerability. Using a specially crafted 

HTTP request, an attacker can cause web server to crash, or potentially run arbitrary code 

subject to the privileges of the web server user.\n\nFor your information, the reported 


version of nginx is: \n %L 

Solution: Upgrade to nginx 0.5.38, 0.6.39, 0.7.62, or 0.8.15. 

CVE-2009-2629 

Debian devscripts 'uscan' Input Validation Vulnerability 


Description: Synopsis : \n\nThe remote host is vulnerable to a remote code execution 

attack.\n\nThe remote host is running a version of devscripts uscan that is 

potentially affected by a code execution vulnerability. The application runs Perl 

code downloaded from potentially untrusted sources to implement its URL and 

version mangling functionality. An attacker could exploit this flaw to execute 

arbitrary code on the remote host. For your information, the reported version of 

devscripts uscan is: \n %L 

Solution: Upgrade to devscripts uscan 2.9.6 / 2.10.35 

CVE-2009-2946 



RISK: 

MEDIUM 




3.0.195.21. Such versions are potentially affected by multiple issues : \n\n - Google 

Chrome's inbuilt RSS/ATOM reader renders untrusted JavaScript in an RSS/ATOM feed. 

(#21238)\n\n - It may be possible to bypass the same origin policy via the 

getSVGDocument() function (#21338)\n\nFor your information, the reported version of 

Google Chrome is: \n %L 


CVE-2009-3264 

Best Practical Request Tracker 'Custom Field' HTML Injection Vulnerability 



RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is running a web application that is affected by a 

HTML-injection vulnerability.\n\nThe remote host is running Best Practical Solutions RT, 

an enterprise-grade ticketing system. The version detected is potentially affected by an 

HTML-injection vulnerability caused by the application failing to properly sanitize 

user-supplied input to 'Custom Field' values. Note that this issue only exists if the 

installation is using Custom Fields. For your information, the reported version of RT is : \n 

%L 


Solution: Upgrade to RT 3.6.9 / 3.8.5 




RISK: 

MEDIUM 




is earlier than 5.2.11. Such versions are reportedly affected by multiple issues : \n\n - An 

unspecified error occurs in certificate validation inside 

'php_openssl_apply_verification_policy'.\n\n - An unspecified input validation 

vulnerability affects the color index in 'imagecolortransparent()'.\n\n - A denial-of-service 

vulnerability related to 'popen' when invalid modes are used. (Bug 44683)\n\nFor your 

information, the reported version of PHP is: \n %L 


CVE-2009-5016 



RISK: 

MEDIUM 




than 1.4.9. Such versions are potentially affected by multiple issues : \n\n - A SQL injection 

vulnerability in avatar extension checking and validating. (Bug 464)\n\n - It is possible to 

copy another users name and put a zero-width space somewhere in it. (Bug 418)\n\nFor 

your information, the reported version of MyBB is: \n %L 



Interchange Search Request Information Disclosure 



RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server is affected by an information-disclosure 

vulnerability.\n\nThe remote web server is running Interchange, a web-based application 

server. The installed version is potentially affected by an information disclosure 

vulnerability. It is possible to remotely query any table configured withing Interchange by 

using a specially crafted search request because the application fails to limit which tables 

can be searched on. For your information, the reported version of Interchange is: \n %L 


Solution: Upgrade to Interchange 5.7.2, 5.6.2, or 5.4.4. 


Firebird Database Client Detection 


Description: The remote host is running a Firebird Database client. 

Solution: N/A 


iTunes < 9.0.1 Remote Code Execution 


Description: Synopsis : \n\nThe remote host is vulnerable to a remote code execution 

attack.\n\nAccording to its banner, the version of iTunes installed on the remote host is 

older than 9.0.1. Such versions are potentially affected by a remote buffer overflow when 

opening specially crafted '.pls' files. An attacker could exploit this flaw to execute arbitrary 

code on the remote host subject to the privileges of the user running the application. For 

your information, the reported version of iTunes is: \n %L 

Solution: Upgrade to iTunes 9.0.1 or later. 

CVE-2009-2817 



RISK: 

MEDIUM 




running on the remote host. Such versions are potentially affected by multiple issues : \n\n - 

Eclipse help system included with WebSphere Application Server is affected by a cross-site 

scripting vulnerability. (PK78917)\n\n - It may be possible to bypass security restrictions 

using a specially crafted HTTP HEAD method. (PK83258)\n\n - New applications 

deployed in WebSphere Application Server for z/OS prior to 1.8 are saved on the file 

system with insecure privileges resulting in disclosure of sensitive information. 

(PK83308)\n\n - If JAAS-J2C Authentication Data is configured using wsadmin scripts, the 

password value may appear in FFDC logs. (PK86137)\n\n - Apache APR-util is affected by 

a denial of service issue. (PK88341)\n\n - Due to an error in expat XML parser APR-util is 

affected by a denial of service issue. (PK88342)\n\n - It may be possible to trigger a denial 

of service attack due to errors in fix packs 6.1.0.23 and 6.1.0.25. (PK91709)\n\nFor your 

information, the reported version of WebSphere is: \n %L 




CVE-2009-3106 

Ability Mail Server < 2.70 Remote Denial of Service 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote mail server is affected by a denial of service 

vulnerability.\n\nThe remote host appears to be running Ability Mail Server < 2.70. Such 

versions are potentially affected by an issue caused by an unspecified error when handling 

IMAP version 4 FETCH commands. An attacker could exploit this flaw to crash the 

affected service. For your information, the reported version of Ability Mail Server is: \n 

%L 

Solution: Upgrade to Ability Mail Server 2.70 or later. 

CVE-2009-3445 



RISK: 

MEDIUM 







%L 


CVE-2009-3445 



RISK: 

MEDIUM 







%L 


CVE-2009-3445 





RISK: 

MEDIUM 







%L 


CVE-2009-3445 

VLC Media Player < 1.0.2 Multiple Buffer Overflows 



vectors.\n\nThe version of VLC media player installed on the remote host that is earlier 

than 1.0.2. Such versions are potentially vulnerable to a stack overflow when parsing a 

MPF, ASF, or AVI file with an overly deep box structure. If an attacker can trick a user 

into opening a specially crafted MP4, ASF, or AVI file with the affected application, he 

may be able to execute arbitrary code subject to the user's privileges. For your information, 

the reported version of VLC is: \n %L 

Solution: Upgrade to VLC Media Player 1.0.2 or later. 


BlackBerry Dialog Box Certificate Mismatch 

PVS ID: 5189 FAMILY: Mobile Devices 

RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is affected by a certificate mismatch vulnerability.\n\nThe 

remote host is running the BlackBerry Browser. The installed version of the browser is 

potentially affected by an issue wherein a malicious user could create a web site that 

includes a certificate that is purposely altered using null characters in the certificate's 

Common Name (CN) field to deceive a user into believing they are accessing a trusted site. 

For your information, the reported version of the BlackBerry browser is: \n %L 

Solution: Upgrade the browser to 4.5.0.173, 4.6.0.303, 4.6.1.309, 4.7.0.179, or 4.7.1.57 

CVE-2009-3477 



PVS ID: 5190 FAMILY: Database NESSUS ID:42044 


RISK: 

MEDIUM 

Description: Synopsis : \n\nThe remote database server is vulnerable to multiple attack 

vectors.\n\nAccording to its version, the installation of DB2 9.1 on the remote host is 

affected by one or more of the following issues : \n\n - MODIFIED SQL DATA table 

function is not dropped when definer loses required privileges to maintain the objects. 

(IZ46773/IZ46774)\n\n - A user without sufficient privileges could insert, update, or delete 

rows in a table. (IZ50078/IZ50079)\n\n - A user can perform 'SET SESSION 

AUTHORIZATION' without 'SETSESSIONUSER' privilege. (IZ55883)\n\nFor your 

information, the observed version of DB was : \n %L 

Solution: Upgrade to DB2 9.1 Fix Pack 8 

CVE-2009-3474 

Informix Dynamic Server Long Password Remote Denial of Service 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is vulnerable a remote denial of service attack.\n\nThe 

remote host is running the Informix Dynamic server. According to its banner, the installed 

version is vulnerable to a remote denial of service attack when the application processes 

passwords of length greater than 512 bytes through a JDBC connection. For your 

information, the observed version of Informix Dynamic Server is: \n %L \n 

Solution: Upgrade to Informix Dynamic Server 10.00.xC11, 11.10.xC4, or 11.50.xC5 

CVE-2009-3470 

Websense Proxy Detection 


Description: The remote host is a Websense proxy. The detected version is: \n %L 

Solution: N/A 





RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host contains a web browser that is vulnerable to remote code 

execution attacks.\n\nThe version of Google Chrome installed on the remote host is earlier 

than 3.0.195.24. Such versions are potentially affected by a remote code execution 

vulnerability. The 'v8' engine usees a common 'dtoa()' implementation to parse strings into 

floating point numbers. An attacker, exploiting this flaw, can execute arbitrary code in the 


Google Chrome sandbox. For your information, the observed version of Google Chrome is: 

\n %L 


CVE-2009-0689 

Samba < 3.0.37 / 3.2.15 / 3.3.8 / 3.4.2 Multiple Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote Samba server is vulnerable to multiple attack 

vectors.\n\nAccording to its banner, the version of Samba server on the remote host is 

potentially affected by multiple vulnerabilities : \n\n - If a user in '/etc/passwd' is 

misconfigured to have an empty home directory then connecting to the home share of this 

user will use the root of the filesystem as the home directory. (CVE-2009-2813)\n\n - 

Specially crafted SMB requests on authenticated SMB connections can send smbd into a 

100% loop, causing a denial of service. (CVE-2009-2906)\n\n - When 'mount.cifs' is 

installed as a setuid program, a user can pass it a credential or password path to which he or 

she does not have access and then use the '--verbose' option to view the first line of that file. 

(CVE-2009-2948)\n\nFor your information, the observed version of SAMBA is: \n %L 

Solution: Upgrade to Samba 3.0.37, 3.2.15, 3.3.8, 3.4.2, or later. 

CVE-2009-2948 

Serv-U < 9.0.0.1 Multiple Vulnerabilities 


RISK: 

MEDIUM 



is running Serv-U File Server, an FTP server for Windows. The installed version is earlier 

than 9.0.0.1. Such versions are potentially affected by multiple issues : \n\n - A remote 

denial-of-service when processing specially crafted 'SITE SET TRANSFERPROGRESS 

ON' commands. An authenticated attacker can exploit this flaw to cause a denial-of-service 

when 'SITE SET' commands are enabled on the server.\n\n - An unprivileged user may be 

able to view all drives and virtual paths for drive '\\'.\n\nFor your information, the observed 

version of Serv-U File Server is : \n %L 

Solution: Upgrade to Serv-U version 9.0.0.1 or later. 






Description: Synopsis : \n\nThe remote web server is vulnerable to multiple attack 

vectors.\n\nAccording to its banner, the version of Apache 2.2 installed on the remote host 

is older than 2.2.14. Such versions are potentially affected by multiple vulnerabilities : \n\n 

- Faulty error handling in the Solaris pollset support (Event Port backend) which could 

trigger hangs in the prefork and event MPMs on that platform (CVE-2009-2699)\n\n - The 

'ap_proxy_ftp_handler' function in 'modules/proxy/proxy_ftp.c in the 'mod_proxy_ftp' 

module allows remote FTP servers to cause a denial-of-service via a malformed reply to an 

EPSV command. (CVE-2009-3094)\n\n - The 'mod_proxy_ftp' module allows remote 

attackers to bypass intended access restrictions and send arbitrary commands to an FTP 

server. (CVE-2009-3095)\n\nPVS cannot determine whether the affected module is in use. 

For your information, the observed version of Apache is: \n %L 

Solution: Either ensure the affected module is not in use or upgrade to Apache version 2.2.14 or later. 

OSSProxy Detection 

CVE-2009-3095 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is running software that should be authorized with respect 

to corporate policy\n\nThe remote client is running OSSProxy.exe, an application that is 

marketed to end users as a tool to speed up their Internet connection. The application routes 

all web connections through a 3rd party proxy which is made available by NetSetter 

(MarketScore). For your information, the User-Agent banner is: \n %L 

Solution: Ensure that this software is in line with corporate policies and guidelines. 


Apple iPhone Wireless Connection Detection 


Description: The remote host is running an Apple iOS operating system. Further, the iPhone is 

connected to the network via a wireless connection. 

Solution: Ensure that the wireless connection is secured and operating within corporate guidelines. 


Sophos Enterprise Anti-virus Version Detection 


Description: The remote host is running the Sophos Enterprise version: %L 

Solution: N/A 




Pandora Version Detection 


Description: The remote host is running the Pandora application for Mac. Pandora is a media web 

spider. The reported version of Pandora is: 

Solution: N/A 


Ubicom Embedded Web Server Detection 


Description: The remote server is running the Ubicom embedded HTTP server software. This software 

is commonly used on many wireless devices and is used for remote administration. 

Solution: Ensure that this device is in line with corporate policies. 


QuickBooks Accounting Software Version Detection 


Description: The remote host is running the QuickBooks accounting software. QuickBooks commonly 

accesses confidential data. The reported version of QuickBooks is: %L 

Solution: N/A 

GtekClient Detection 



RISK: 

MEDIUM 



to corporate policy\n\nThe remote client is running the GtekClient software, an application 

which is marketed to many large companies and embedded within the system software. The 

software commonly "phones home" and may pass system or configuration information to 

the vendor. 

Solution: Ensure that this software is in line with corporate policies and guidelines. 


Unsupported Software Detection (Windows 98) 




Description: The remote client appears to be running Windows 98. Windows 98 is an older operating 

system and is no longer supported by Microsoft. In addition, there are many malware 

programs that use the string "Windows 98" within their headers. The reported banner which 

triggered this alert is: \n %L 

Solution: Manually inspect the workstation to ensure that it is not running software which may 

impact the security of the entire network. 


Policy - Dopewars Gaming Server Detection 



questionable.\n\nThe remote server is acting as a Dopewars game server. 



Symantec SecurityExpressions Audit and Compliance Server Multiple XSS 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web application is affected by multiple cross-site scripting 

vulnerabilities.\n\nThe remote web server is running Symantec SecurityExpressions Audit 

and Compliance Server. The installed version is potentially affected by multiple cross-site 

scripting vulnerabilities : \n\n - The web console fails to sanitize user supplied input to 

certain unspecified parameters. An authorized user may be able to exploit this issue to 

inject arbitrary HTML script code into an user's browser to be executed within the security 

context of the affected site.\n\n - Certain error messages are not properly encoded which 

could be exploited by an attacker to inject arbitrary HTML content into an user's browser 

session.\n\nFor your information, the observed version of Symantec SecurityExpressions 

Audit and Compliance Server is: \n %L 

Solution: Apply Hot Fix 1 referenced in article KB49452 

CVE-2009-3030 

OpenCms Multiple Input Validation Vulnerabilities 



RISK: 

MEDIUM 



Description: Synopsis : \n\nThe remote web server is vulnerable to multiple attack vectors.\n\nThe 

remote web server is running Alkacon OpenCms, a web-based content management 

system. The installed version is earlier than 7.5.1. Such versions are potentially affected by 

multiple issues : \n\n - Multiple cross-site scripting issues.\n\n - Multiple SQL-injection 

issues.\n\n - Multiple input-validation vulnerabilities that allow 'phishing through frames' 

attacks.\n\n - Multiple input-validation vulnerabilities that may results in information 

disclosure.\n\nFor your information, the observed version of OpenCms is: \n %L 

Solution: Upgrade to OpenCms 7.5.1 or later. 


Achievo < 1.4.0 Multiple Vulnerabilities 


Description: Synopsis : \n\nThe remote web server is hosting a PHP application that is vulnerable to 

multiple attack vectors.\n\nThe remote web server is hosting Achievo, a web-based 

resource management tool. The installed version of Achievo is earlier than 1.4.0. Such 

versions are potentially affected by multiple issues : \n\n - A persistent cross-site scripting 

vulnerability in the 'tittle' parameter of the scheduler module. (CVE-2009-2733)\n\n - 

Multiple cross-site scripting vulnerabilities in the 'atksearch[contractnumber]', 

'atksearch_AE_customer[customer]', and 'atksearchmode[contracttype]' parameters of the 

'Organisation Contracts' administration page. (CVE-2009-2733)\n\n - A SQL injection 

vulnerability exists in the 'user_id' parameter of the 'dispatch.php' script. 

(CVE-2009-2734)\n\n - A remote file-include vulnerability becuase the application fails to 

sufficiently sanitize user-supplied input to the 'config_atkroot' parameter of the 

'debugger.php' script.\n\nFor your information, the observed version of Achievo is: \n %L 

Solution: Upgrade to Achievo 1.4.0 or later, as this reportedly fixes the issue. 

CVE-2009-2734 

phpMyAdmin < 2.11.9.6 / 3.2.2.1 Multiple Vulnerabilities 



multiple attack vectors.\n\nThe remote web server is running a version of phpMyAdmin 

earlier than 2.11.9.6 / 3.2.2.1. Such versions are potentially affected by multiple issues : 

\n\n - Unspecified cross-site scripting vulnerabilities.\n\n - Unspecified SQL Injection 

vulnerabilities.\n\nFor your information, the observed version of phpMyAdmin is: \n %L 

Solution: Upgrade to phpMyAdmin 2.11.9.6 or 3.2.2.1 or later. 

CVE-2009-3697 


MapServer < 4.10.5/5.2.3/5.4.2 Integer Overflow Vulnerability 



Description: Synopsis : \n\nThe remote web server contains a CGI application that is vulnerable to a 

remote code execution attack.\n\nThe remote web server is running a version of MapServer 

earlier than 4.10.5 / 5.2.3 / 5.4.2. Such versions are potentially affected by an 

integer-overflow vulnerability when the application handles large HTTP requests 

containing specially crafted 'Content-Length' values. For your information, the observed 

version of MapServer is: \n %L 

Solution: Upgrade to MapServer 4.10.5, 5.2.3, or 5.4.2. 

CVE-2009-0840 

BASE < 1.4.4 Multiple Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is running a PHP application that is vulnerable to multiple 

attack vectors.\n\nThe remote host is running BASE, a web-based tool for analyzing alerts 

from one or more SNORT sensors. The version of BASE installed on the remote host is 

earlier than 1.4.4. Such versions are potentially affected by multiple issues : \n\n - A 

SQL-injection flaw.\n\n - A cross-site scripting vulnerability in 'base_local_rules.php'.\n\n - 

A local file include vulnerability in 'base_local_rules.php'.\n\nFor your information, the 

observed version of BASE is: \n %L 

Solution: Upgrade to BASE version 1.4.4 or later. 


GNU Wget SSL Certificate Security Bypass 


RISK: 

MEDIUM 



remote host is using a version of Wget earlier than 1.12. Such versions are potentially 

affected by a security bypass vulnerability because the application fails to properly handle 

Common Name fields n X.509 certificates that contain an ASCII NULL character. For your 

information, the observed version of Wget is: \n %L 

Solution: Upgrade to Wget 1.12 or later. 

CVE-2009-3490 

Windows NETBIOS Workstation Name Detection 



RISK: Risk 

not available 



Description: The remote host is a NETBIOS workstation 

Solution: N/A 


XML Request Possible userID / password Cleartext Remote Disclosure 


Description: The remote XML client posted a request with what appears to be an embedded 

userID and/or password. You should manually verify that confidential data is not 

being leaked from the network. The observed XML request was: \n %L 

Solution: Ensure that confidential data is not passed via plain text form fields. 


Database Client Detection 


Description: The remote web server is running a database client 

Solution: N/A 

realtimeonly 


nginx HTTP Request Header Remote Buffer Overflow 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server is affected by a remote denial of service 

vulnerability.\n\nThe remote host is running a version of nginx web server earlier than 

0.5.38, 0.6.39, or 0.7.62. Such versions are potentially affected by a remote denial of 

service vulnerability because the application fails to to perform adequate bounds checking 

in the 'ngx_http_process_request_headers()' function of the 'src/http/ngx_http_request.c' 

source file. An attacker, exploiting this flaw, can cause the web server to crash, or 

potentially run arbitrary code subject to the privileges of the web server process.\n\nFor 

your information, the observed version of nginx is: \n %L 

Solution: Apply the patch from the vendor, or upgrade to nginx 0.5.38, 0.6.39, or 0.7.62 

CVE-2009-3896 






Opera installed on the remote host is earlier than 10.01. Such versions are potentially 

affected by multiple vulnerabilities : \n\n - Specially crafted domain names can cause a 

memory corruption in Opera, which may lead to a crash or possibly remote code execution. 

(938)\n\n - Opera may allow scripts to run on the feed subscription page, thereby gaining 

access to the feeds object. (939)\n\n - In some cases, a Web font intended to be used for 

page content could be incorrectly used by Opera to render parts of the user interface, 

including the address field. (940)\n\nFor your information, the observed version of Opera 

is: \n %L 


CVE-2009-3832 



Description: Synopsis : \n\nThe remote host has a web browser installed that is vulnerable to multiple 

attack vectors.\n\nThe remote host has a version of Mozilla Firefox earlier than 3.0.15 / 

3.5.4 installed. Such versions are potentially affected by multiple vulnerabilities : \n\n - A 

user's form history, both from web content as well as the smart location bar, was vulnerable 

to theft. (MFSA 2009-52)\n\n - The file naming scheme used for downloading a file which 

already exists in the download folder is predictable. An attacker with local access could 

exploit this to trick the browser into opening the incorrect downloaded file. (MFSA 

2009-53)\n\n - Recursive creation of JavaScript web-workers can be used to create a set of 

objects whose memory could be freed prior to their use. Note that this only affects Firefox 

3.5.x. (MFSA 2009-54)\n\n - A flaw exists in the parsing of regular expressions used in 

Proxy Auto-configuration (PAC) files. (MFSA 2009-55)\n\n - A heap-based overflow 

exists in Mozilla's GIF image parser. (MFSA 2009-56)\n\n - The XPCOM utility 

'XPCVariant: : VariantDataToJS' unwrapped doubly-wrapped objects before returning 

them to chrome callers which could lead to chrome privileged code calling methods on an 

object which had previously been created or modified by web content. (MFSA 

2009-57)\n\n - A heap-based overflow exists in Mozilla's string to floating point number 

conversion routines. (MFSA 2009-59)\n\n - The text within a selection on a web page can 

be read by JavaScript in a different domain using the 'document.getSelection' function, 

violating the same-origin policy. (MFSA 2009-61)\n\n - When downloading a file 

containing a right-to-left override character (RTL) in the filename, the name displayed in 

the dialog title bar conflicts with the name of the file shown in the dialog body. (MFSA 

2009-62)\n\n - Multiple memory safety and stability bugs exist in the 'liboggz', 'libvorbis', 

and 'liboggplay' libraries. Note that this issue only affects Firefox 3.5.x. (MFSA 

2009-63)\n\n - Several memory corruption issues exist in the browser engine. (MFSA 

2009-64)\n\nFor your information, the observed version of Mozilla Firefox is: \n %L 

Solution: Upgrade to Mozilla Firefox 3.0.15, 3.5.4, or later. 

CVE-2009-3383 

Mozilla SeaMonkey < 2.0 Multiple Vulnerabilities 






2.0. Such versions are potentially affected by multiple vulnerabilities : \n\n - A flaw exists 

in the parsing of regular expressions used in Proxy Auto-configuration (PAC) files. (MFSA 

2009-55)\n\n - A heap-based buffer overflow exists in Mozilla's GIF image parser. (MFSA 

2009-56)\n\n - When downloading a file containing a right-to-left override character (RTL) 

in the filename, the name displayed in the dialog title bar conflicts with the name of the file 

shown in the dialog body. (MFSA 2009-62)\n\nFor your information, the observed version 

of Mozilla SeaMonkey is: \n %L 

Solution: Upgrade to Mozilla SeaMonkey 2.0 or later. 

CVE-2009-3376 

MS09-061: Vulnerabilities in the Microsoft .NET Framework 1.1 Common Language Runtime Could 

Allow Remote Code Execution (974378) 


Description: Synopsis :\n\nThe remote .NET Framework 1.1 is vulnerable to remote code execution 

attacks.\n\nThe remote host is running a version of the .NET Framework 1.1 which is 

potentially affected by multiple vulnerabilities :\n\n - A remote code execution 

vulnerability exists in the Microsoft .NET Framework that could allow a malicious 

Microsoft .NET Framework application to obtain a managed pointer to stack memory that 

is no longer used. (CVE-2009-0090)\n\n - A remote code execution vulnerability exists in 

the Microsoft .NET Framework that could allow a malicious Microsoft .NET application to 

bypass a type equality check. (CVE-2009-0091)\n\n - A remote code execution 

vulnerability exists in the Microsoft .NET Framework that can allow a malicious Microsoft 

.NET application to modify memory of the attacker's choice. (CVE-2009-2497)\n\nFor 

your information, the observed version of Microsoft .NET is\n%L 

Solution: Apply the patches referenced in Microsoft's security bulletin. 

CVE-2009-0091 


MS09-061: Vulnerabilities in the Microsoft .NET Framework 2.0 Common Language Runtime Could 

Allow Remote Code Execution (974378) 


Description: Synopsis :\n\nThe remote .NET Framework 2.0 is vulnerable to remote code execution 

attacks.\n\nThe remote host is running a version of the .NET Framework 2.0 which is 












CVE-2009-0091 

MS09-061: Vulnerabilities in the Microsoft .NET Framework 2.0 SP1 Common Language Runtime 

Could Allow Remote Code Execution (974378) 


Description: Synopsis :\n\nThe remote .NET Framework 2.0 SP1 is vulnerable to remote code execution 

attacks.\n\nThe remote host is running a version of the .NET Framework 2.0 SP1 which is 











CVE-2009-0091 

MS09-061: Vulnerabilities in the Microsoft .NET Framework 2.0 SP2 Common Language Runtime 



Description: Synopsis :\n\nThe remote .NET Framework 2.0 SP2 is vulnerable to remote code execution 

attacks.\n\nThe remote host is running a version of the .NET Framework 2.0 SP2 which is 











CVE-2009-0091 



MS09-061: Vulnerabilities in the Microsoft .NET Framework 3.5.1 Common Language Runtime 



Description: Synopsis :\n\nThe remote .NET Framework 3.5.1 is vulnerable to remote code execution 

attacks.\n\nThe remote host is running a version of the .NET Framework 3.5.1 which is 











CVE-2009-0091 





than 3.0.195.32. Such versions are potentially affected by multiple vulnerabilities : \n\n - 

The user is not warned about certain possibly dangerous file types such as 'SVG', 'MHT', 

and 'XML' files. In some browsers, JavaScript can execute within these types of files. 

(23979)\n\n - A malicious site could use the Gears SQL API to put SQL metadata into a 

bad statement which could cause a subsequent memory corruption. This could lead to a 

Gears plugin crash or possibly arbitrary code execution. (26179)\n\nFor your information, 

the observed version of Google Chrome is: \n %L 


CVE-2009-3934 

eDirectory < 8.8.5 ftf1/8.7.3.10 ftf2 NULL Base DN DoS 



RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is vulnerable to a denial of service attack.\n\nThe remote 

host is running eDirectory, a directory service from Novell. The installed version is earlier 

than 8.8 SP5 ftf1, or 8.7.3.10 ftf2. Such versions are affected by a denial of service 

vulnerability when handling search requests with an undefined BaseDN. For your 

information, the observed version of Novell eDirectory is: \n %L 

Solution: Upgrade to eDirectory 8.8 SP5 ftf1 / 8.7.3.10 ftf2 or later. 


CVE-2009-3862 





contains security fixes for the following products : \n\n - Adaptive Firewall\n\n - 

Apache\n\n - Apache Protable Runtime\n\n - Certificate Assistant\n\n - CoreMedia\n\n - 

CUPS\n\n - DoveCot\n\n - fetchmail\n\n - file\n\n - FTP Server\n\n - Help Viewer\n\n - 

ImageIO\n\n - IOKit\n\n - IPSec\n\n - Kernel\n\n - Launch Services\n\n - libsecurity\n\n - 

libxml\n\n Login Window\n\n - OpenLDAP\n\n - QuickDraw Manager\n\nQuickTime\n\n - 

Screen Sharing\n\n - Subversion\n\nFor your information, the observed version of Mac OS 

X is: \n %L 


CVE-2009-2840 

Avigilon Security Camera Detection 


Description: The remote host is a security camera. The camera streams images to a central server. As 

this traffic is passed unencrypted, it is possible for a passive listener to "eavesdrop" on the 

stream and reconstruct the images. It is usually recommended to run this sort of streaming 

service on a private VLAN. The reported version number was: \n %L 

Solution: If possible, use a private VLAN for this sort of traffic. 

IPP Device Detection 



Description: The remote host is a printer configured with the Internet Printer Protocol (IPP). The 

detected URI and configuration information is: \n %L 

Solution: N/A 

CUPS < 1.4.2 XSS 





Description: Synopsis : \n\nThe remote host is running a web application that is affected by a cross-site 

scripting vulnerability.\n\nAccording to its banner, the version of CUPS installed on the 

remote host is earlier than 1.4.2. Such versions are potentially affected by a cross-site 

scripting vulnerability because the application fails to properly sanitize the 'kerberos' 

parameter. For your information, the observed version of CUPS is: \n %L 

Solution: Upgrade to CUPS version 1.4.2 or later. 

CVE-2009-2820 

Ingenico Point of Sales (POS) Device Detection 


Description: The remote host is an Ingenico Point of Sales device. 

Solution: N/A 






affected by multiple issues : \n\n - An integer overflow exists in the handling of images 

with an embedded color profile, which may lead to a heap buffer overflow. 

(CVE-2009-2804)\n\n - Multiple use-after-free issues exist in libxml2, the most serious of 

which may lead to an unexpected application termination. (CVE-2009-2414, 

CVE-2009-2416)\n\n - An issue exists in Safari's handling of navigations initiated via the 

"Open Image in New Tab", "Open Image in New Window", or "Open Link in New Tab" 

shortcut menu options. Using these options within a maliciously crafted website could load 

a local HTML file, leading to the disclosure of sensitive information. (CVE-2009-2842)\n\n 

- An issue exists in WebKit's implementation of Cross-Origin Resource Sharing which 

could lead to cross-site request forger attacks. (CVE-2009-2816)\n\n - Multiple 

vulnerabilities exist in WebKit's handling of FTP directory listings. Accessing a 

maliciously crafted FTP server may lead to information disclosure, unexpected application 

termination, or execution of arbitrary code. (CVE-2009-3384)\n\n - When WebKit 

encounters an HTML 5 Media Element pointing to an external resource, it does not issue a 

resource load callback to determine if the resource should be loaded. This may result in 

undesired requests to remote servers. (CVE-2009-2841)\n\nFor your information, the 

observed version of Safari is: \n %L \nIAVT Reference : 2009-T-0049\nSTIG Finding 

Severity : Category I 


CVE-2009-3384 





RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server is hosting a web application that is vulnerable to 

multiple attack vectors.\n\nThe remote host is running a version of WordPress earlier than 

2.8.6. Such versions are potentially affected by multiple vulnerabilities : \n\n - A 

file-upload and code execution vulnerability in the 'wp-admin/includes/file.php' script.\n\n - 

A cross-site scripting vulnerability in 'Press This'.\n\nFor your information, the observed 

version of WordPress is: \n %L 



Google Chrome < 3.0.195.33 Security Bypass Vulnerability. 


RISK: 

MEDIUM 




than 3.0.195.33. Such versions are potentially affected by a security bypass vulnerability 

caused by custom headers being incorrectly sent for 'CORS OPTIONS' requests. A 

malicious web site operator could set custom HTTP headers on cross-origin 'OPTIONS' 

requests. For your information, the observed version of Google Chrome is: \n %L 


CVE-2009-2816 



RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is running an application server that is vulnerable to 

multiple attack vectors.\n\nThe remote host appears to be running IBM WebSphere 

Application Server 7.0 before fix pack 7. Such versions are potentially affected by multiple 

issues : \n\n - A cross-site request forgery vulnerability exists due to insufficient validation 

of user supplied input to the administrative console. (PK87176)\n\n - Due to an error in 

Java Naming and Directory Interface, it may be possible to obtain sensitive information. 

(PK91414)\n\n - The administrative console is affected by a cross-site scripting 

vulnerability. (PK92057)\n\n - It may be possible to bypass security restrictions using a 

specially crafted HTTP HEAD method. (PK83258)\n\nFor your information, the observed 

version of WebSphere Application Server is: \n %L 


CVE-2009-2747 



RhinoSoft Serv-U Web Client HTTP Request Remote Buffer Overflow 


Description: Synopsis : \n\nThe remote host is running an FTP server that is vulnerable to a remote 

command execution attack.\n\nThe remote host appears to be running RhinoSoft Serv-U 

FTP server earlier than 9.1.0.0 with the web client enabled. Such versions are potentially 

affected by a remote buffer overflow vulnerability because the application fails to properly 

handle overly long session cookies. For your information, the observed version of Serv-U 

is: \n %L 


CVE-2009-4873 

Serv-U < 9.1.0.0 TEA Decoder Remote Stack Buffer Overflow 


Description: Synopsis : \n\nThe remote host is vulnerable to a remote buffer overflow attack.\n\nThe 

remote host is running Serv-U File Server, an FTP server for Windows. The installed 

version is earlier than 9.1.0.0. Such versions are potentially affected by a remote buffer 

overflow vulnerability caused by a boundary error in a function when processing a 

hexadecimal representation of a string using a TEA decoding algorithm. For your 

information, the observed version of Serv-U is: \n %L 


CVE-2009-4006 

Bugzilla < 3.4.4/3.5.2 Information Disclosure Vulnerability 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is affected by an information disclosure 

vulnerability.\n\nThe remote host is running Bugzilla, a bug-tracking software with a web 

interface. The version of Bugzilla on the remote host is potentially affected by an 

information disclosure vulnerability because the application displays aliases for hidden 

bugs in the 'Depends On' and 'Blocks' list for users who don't have permission to see them. 

For your information, the observed version of Bugzilla is: \n %L 

Solution: Upgrade to Bugzilla 3.4.4, 3.5.2, or later. 

CVE-2009-3386 

McAfee Common Management Agent Remote Denial of Service 



RISK: 

MEDIUM 



Description: Synopsis : \n\nThe remote web server is vulnerable to a remote denial of service 

attack.\n\nThe remote web server is hosting McAfee Common Management Agent, a 

management related component for various McAfee products. The installed version of 

McAfee Common Management Agent is earlier than 3.6.0.603. Such versions are 

potentially affected by a remote denial of service vulnerability in the 

'FrameworkService.exe' component when handling multiple large HTTP requests. For your 

information, the observed version of McAfee Common Management Agent is: \n %L 

Solution: Upgrade to Common Management Agent 3.6.0 Patch 3 with HotFix 10 or later. 

CVE-2007-6584 



RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote database server is vulnerable to multiple attack vectors.\n\nThe 

remote host is running MySQL Community server < 5.1.41. Such versions are potentially 

affected by multiple issues : \n\n - The application fails to correctly handle the data 

directory path name if it contains symlinked directories in its path which could lead to a 

local privilege escalation. (Bug 32167)\n\n - MySQL clients linked against OpenSSL did 

not check server certificates presented by a server linked against yaSSL. (Bug 47320)\n\n - 

An error related to the handling of certain SELECT statements containing subqueries.\n\n - 

A failure to preserve unspecified 'null_value' flags when executing statements that use the 

'GeomFromWKB' function.\n\nFor your information, the observed version of MySQL is: \n 

%L 

Solution: Upgrade to MySQL Community server 5.1.41 or later. 

CVE-2009-4019 





affected by multiple vulnerabilities : \n\n - Error messages can leak onto unrelated sites, 

potentially leading to cross-site scripting attacks. (941)\n\n - A heap buffer overflow in 

string to number conversion. (942)\n\nFor your information, the observed version of Opera 

is: \n %L 


CVE-2009-0689 

PHP 5.3.x < 5.3.1 Multiple Vulnerabilities 




RISK: 

MEDIUM 

Description: Synopsis : \n\nThe remote web server uses a version of PHP that is vulnerable to multiple 

attack vectors.\n\nAccording to its banner, the version of PHP 5.3.x installed on the remote 

host is earlier than 5.3.1. Such versions are potentially affected by multiple issues : \n\n - 

Sanity checks are missing in exif processing.\n\n - It is possible to bypass the 'safe_mode' 

configuration setting using 'tempnam()'.\n\n - It is possible to bypass the 'open_basedir' 

configuration setting using 'posix_mkfifo()'.\n\n - The 'safe_mode_include_dir' 

configuration setting may be ignored.\n\n - Calling 'popen()' with an invalid mode can 

cause a crash.\n\n - A safe_mode restriction-bypass vulnerability because environment 

variables specified for 'proc_open' are passed without checking them.\n\nFor your 

information, the observed version of PHP is: \n %L 


CVE-2009-4018 

BIND 9 DNSSEC Query Response Remote Cache Poisoning 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote DNS Server is vulnerable to a remote cache-poisoning 

attack.\n\nThe remote DNS Server is running BIND 9 earlier than 9.4.3-P4, 9.5.2-P1, or 

9.6.1-P2. Such versions may incorrectly ad records to its cache from the additional section 

of responses received during resolution of a recursive client query. This behavior only 

occurs when processing client queries with checking disabled (CD) at the same time as 

requesting DNSSEC records (DO). For your information, the observed version of BIND 9 

is\n%L 

Solution: Upgrade to BIND 9.4.3-P4 / 9.5.2-P1 / 9.6.1-P2 or later. 

CVE-2009-4022 

IBM Solid Database < 6.30.0.37 Remote Denial of Service 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote database server is vulnerable to a denial-of-service 

attack.\n\nThe remote host is running IBM SolidDB. The installed version of SolidDB is 

earlier than 6.30.0.37. Such versions are potentially affected by a denial-of-service in 

'solid.exe' when handling a specially crafted network packet containing an invalid error 

code. For your information, the observed version of IBM SolidDB is : \n %L 

Solution: Upgrade to IBM SolidDB 6.30.0.37 or later. 

CVE-2009-3840 



IBM Solid Database < 6.30.0.37 Remote Denial of Service 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote database server is vulnerable to a denial-of-service 

attack.\n\nThe remote host is running IBM SolidDB. The installed version of SolidDB is 

earlier than 6.30.0.37. Such versions are potentially affected by a denial-of-service in 

'solid.exe' when handling a specially crafted network packet containing an invalid error 

code. For your information, the observed version of IBM SolidDB is : \n %L 

Solution: Upgrade to IBM SolidDB 6.30.0.37 or later. 

CVE-2009-3840 

OpenX < 2.8.2 Arbitrary File Upload 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server is vulnerable to a remote file upload attack.\n\nThe 

remote web server is hosting OpenX, a web-based ad server. The installed version is earlier 

than 2.8.2. Such versions are potentially affected by a remote file upload vulnerability. The 

application fails to verify the MIME type associated with an uploaded file. An attacker, 

exploiting this flaw, could execute arbitrary code on the remote server. For your 

information, the observed version of OpenX is: \n %L 

Solution: Upgrade to OpenX 2.8.2 or later. 

CVE-2009-4098 

Sun Solaris sshd Timeout Mechanism Remote Denial of Service 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote SSH server is vulnerable to a remote denial of service 

attack.\n\nThe remote Solaris 10 host appears to be running the Solaris sshd daemon earlier 

than version 1.1.3. Such versions are potentially affected by a denial-of-service 

vulnerability in the timeout mechanism. An unprivileged attacker, exploiting this flaw, 

could crash the affected service. For your information, the observed version of Solaris sshd 

is: \n %L 

Solution: Apply patch 143140-01 or later, as referenced above. 

CVE-2009-4075 

RT: Request Tracker Session Fixation Vulnerability 



RISK: 

MEDIUM 



Description: Synopsis : \n\nThe remote host is running a web application that is affected by a session 

fixation vulnerability.\n\nThe remote host is running RT: Request Tracker, an 

enterprise-grade ticketing system. The version detected is affected by a session fixation 

vulnerability. An attacker, exploiting this flaw, could gain unauthorized access to the 

application. For your information, the observed version of RT is: \n %L 

Solution: Upgrade to RT 3.8.6, 3.6.10, or later. 

CVE-2009-3585 

AWStats < 6.95 awredir.pl Redirect 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server is hosting a PERL script that has an open 

redirect.\n\nThe remote web server is hosting AWStats. The AWStats contains a version of 

the awredir.pl script that has an open redirect. An attacker may be able to exploit this issue 

to conduct phishing attacks by tricking users into visiting malicious websites. For your 

information, the observed version of AWStats is: \n %L 

Solution: Upgrade to AWStats 6.95 or later. 


Simple Machines Forum < 1.1.11 Multiple Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server is hosting a CGI application that is vulnerable to 

multiple attack vectors.\n\nThe remote web servers is hosting Simple Machines Forum 

earlier than 1.1.11. Such versions are potentially affected by multiple cross-site scripting 

issues. For your information, the observed version of Simple Machines Forum is: \n %L 

Solution: Upgrade to Simple Machines Forum 1.1.11 or later. 



eDirectory < 8.8.5.2/8.7.3.10 ftf2 'NDS Verb 0x1' Buffer Overflow 


Description: Synopsis : \n\nThe remote host is vulnerable to a remote command execution 

attack.\n\nThe remote host is running eDirectory, a directory service from Novell. The 

installed version is earlier than 8.8 SP5 ftf2, or 8.7.3.10 ftf2. Such versions are potentially 

affected by a remote buffer overflow vulnerability when handling specially crafted 'NDS 

Verb 0x1' requests. An attacker, exploiting this flaw, could execute arbitrary commands on 

the host subject to the privileges of the affected software. For your information, the 

observed version of Novell eDirectory is: \n %L 


Solution: Upgrade to eDirectory 8.8 SP5 ftf2 / 8.7.3.10 ftf2 or later. 

CVE-2009-0895 

HTTP Server Basic Authorization Detection 


Description: Detect default HTTP credentials. 

Solution: N/A 

realtimeonly 


Client .exe Download Detection 


Description: The remote client was just observed download the following executable file: \n %L 

realtimeonly 

Solution: Ensure that this application is in alignment with existing policies and guidelines 


Novell iPrint Client < 5.32 Multiple Buffer Overflow Vulnerabilities 


Description: Synopsis : \n\nThe remote Windows host has an application that is vulnerable to multiple 

attack vectors.\n\nThe installed version of Novell iPrint Client is affected by multiple 

buffer overflow vulnreabilities : \n\n - A stack-based buffer overflow exists due to 

insufficient boudnary checks on the 'target-frame' parameter. (CVE-2009-1568)\n\n - A 

stack-based buffer overflow exists due to insufficient validation of time information. 

(CVE-2009-1569)\n\nFor your information, the observed version Novell iPrint client is: \n 

%L 

Solution: Upgrade to Novell iPrint Client version 5.32 or later. 

CVE-2009-1569 


Adobe AIR < 1.5.3 Multiple Vulnerabilities (APSB09-19) 



Description: Synopsis : \n\nThe remote host is vulnerable to multiple attack vectors.\n\nThe remote 

Windows host contains a version of Adobe AIR player that is earlier than 1.5.3. Such 

versions are reportedly affected by multiple vulnerabilities : \n\n - A vulnerability in the 

parsing of JPEG data that could potentially lead to code execution. (CVE-2009-3794)\n\n - 

A data injection vulnerability that could potentially lead to code execution. 

(CVE-2009-3796)\n\n - A memory corruption vulnerability that could potentially lead to 

code execution. (CVE-2009-3797)\n\n - A memory corruption vulnerability that could 

potentially lead to code execution. (CVE-2009-3798)\n\n - An integer overflow 

vulnerability that could potentially lead to code execution. (CVE-2009-3799)\n\n - Multiple 

crash vulnerabilities that could potentially lead to code execution. (CVE-2009-3800)\n\n - 

A Windows-only local file name access vulnerability in the Flash Player ActiveX control 

that could potentially lead to information disclosure. (CVE-2009-3951)\n\nFor you 

information, the observed version of Adobe AIR is: \n %L 

Solution: Upgrade to Adobe AIR 1.5.3 or later. 

CVE-2009-3951 

Moodle < 1.8.11 / 1.9.7 Multiple Vulnerabilities 



Moodle installed on the remote host is potentially vulnerable to multiple flaws.\n\n - 

Multiple cross-site request forger issues. (MSA-09-0022)\n\n - User account disclosure in 

LAMS module. (MSA-09-0023)\n\n - Insufficient access control may allow unauthorized 

users to view glossary entries. (MSA-09-0024)\n\n - Invalid application access control in 

MNET interface could allow execution of any MNET function from all registered remote 

servers. (MSA-09-0026)\n\n - Login information can be sent unsecured even when a site is 

configured to use SSL for logins. (MSA-09-0027)\n\n - A SQL injection issue in the 

SCORM module. (MSA-09-0031)\n\nFor your information, the observed version of 

Moodle is: \n %L 

Solution: Upgrade to Moodle version 1.8.11, 1.9.7, or later. 

CVE-2009-4305 

TestLink < 1.8.5 Multiple Vulnerabilities 



RISK: 

MEDIUM 



remote web server is hosting TestLink, a PHP-based testing suite. The installed version of 

TestLink is earlier than 1.8.5. Such versions are potentially affected by multiple 

vulnerabilities.\n\n - A cross-site scripting vulnerability in the 'req' parameter of the 

'login.php' script which does not require credentials to exploit.\n\n - Cross-site scripting 

vulnerabilities in the 'key' parameter of the '/lib/general/staticPage.php script, the 

'tableName' parameter of the '/lib/attachments/attachmentupload.php' script, and the 

'startDate', 'endDate', and 'logLevel' parameters of the '/lib/events/eventviewer.php' script. - 


Multiple SQL-injection vulnerabilities in the 'Test Case ID' field of the 

'/lib/general/navBar.php' script, and the 'logLevel' parameter of the 

'/lib/events/eventviewer.php' script.\n\nFor your information, the observed version of 

TestLink is: \n %L 

Solution: Upgrade to TestLink 1.8.5 or later. 

CVE-2009-4238 



RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote database server is vulnerable to multiple attack vectors.\n\nThe 

remote host is running MySQL Community server < 5.0.88. Such versions are potentially 

affected by multiple issues : \n\n - MySQL clients linked against OpenSSL are vulnerable 

to man-in-the-middle attacks. (Bug #47320)\n\n - The GeomFromWKB() function can be 

manipulated to cause a denial of service. (Bug #47780)\n\n - Specially crafted SELECT 

statements containing sub-queries in the WHERE clause can cause the server to crash. (Bug 

48291)\n\nFor your information, the observed version of MySQL is: \n %L 

Solution: Upgrade to MySQL Community server 5.0.88 or later. 

CVE-2009-4019 

Invision Power Board < 3.0.5 Multiple Vulnerabilities 


RISK: 

MEDIUM 



is running Invision Power Board, a PHP bulletin board application. The installed version of 

Invision Power Board is potentially affected by multiple vulnerabilities : \n\n - A local-file 

include vulnerability that affects the 'section' parameter sent to the 'forum/index.php' 

script.\n\n - A sql-injection vulnerability that affects the 'starter' and 'state' parameters of the 

'admin/applications/forum/modules_public/moderate/moderate.php' script.\n\n - A 

cross-site scripting vulnerability caused by incorrect handling of '.txt' file 

attachments.\n\nFor your information, the observed version of Invision Power Board is: \n 

%L 

Solution: Upgrade to Invision Power Board 3.0.5 or later. 


PostgreSQL < 8.4.2/8.3.9/8.2.15/8.1.19/8.0.23/7.4.27 Multiple Vulnerabilities 



RISK: 

MEDIUM 




is running a version of PostgreSQL that is earelir than 8.4.2, 8.3.9, 8.2.15, 8.1.19, 8.0.23, or 

7.4.27. Such versions are potentially affected by multiple vulnerabilities : \n\n - NULL 

Bytes in SSL Certificates can be used to falsify client or server authentication. 

(CVE-2009-4034)\n\n - Privilege escalation via changing session state in an index function. 

(CVE-2009-4136) - An integer overflow in the 'ExecChooseHashTableSize()' function of 

the 'backend/executor/nodeHash.c' source file which could lead to a denial of service. 

(CVE-2010-0733)\n\nFor your information, the observed version of PostgreSQL is: \n %L 

Solution: Upgrade to PostgreSQL 7.4.27, 8.0.23, 8.1.19, 8.2.15, 8.3.9, 8.4.2, or later. 

CVE-2010-0733 

DB2 9.5 < Fix Pack 5 Unspecified Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote database server is vulnerable to multiple attack 

vectors.\n\nAccording to its version, the installation of DB2 9.5 is earlier than Fix Pack 5. 

Such versions are potentially affected by multiple unspecified vulnerabilities. For your 

information, the observed version of DB2 is: \n %L 

Solution: Upgrade to IBM DB2 9.5 Fix Pack 5 

CVE-2009-4335 

Piwik < 0.5 unserialize() PHP Code Execution Vulnerability 


Description: Synopsis : \n\nThe remote web server is hosting a PHP application that is vulnerable to a 

remote code execution vulnerability.\n\nThe remote web server is hosting Piwik, a web 

analytics application written in PHP. The installed version is earlier than 0.5. Such versions 

are potentially affected by a remote PHP code execution vulnerability because the 

application unserializes data from user supplied cookies. An attacker could send a specially 

crafted cookie which, when unserialized, could be used to upload arbitrary files or possibly 

execute arbitrary PHP code. For your information, the observed version of Piwik is: \n %L 

Solution: Upgrade to Piwik 0.5 or later. 





Description: Synopsis : \n\nThe remote host has a web browser installed that is affected by multiple 

attack vectors.\n\nThe remote host is running a version of Mozilla Firefox earlier than 

3.0.16 or 3.5.6. Such versions are potentially affected by multiple vulnerabilities : \n\n - 

Multiple crashes that could result in arbitrary code execution. (MFSA 2009-65)\n\n - 


Multiple vulnerabilities in 'liboggplay' which could lead to arbitrary code execution. Note 

that this only affects the 3.5.x branch. (MFSA 2009-66)\n\n - An integer overflow in the 

'Theora' video library which could lead to a crash or the execution of arbitrary code. Note 

that this only affects the 3.5.x branch. (MFSA 2009-67)\n\n - The NTML implementation is 

vulnerable to reflection attacks in which NTML credentials from one application could be 

forwarded to another application. (MFSA 2009-68)\n\n - Multiple location bar spoofing 

vulnerabilities. (MFSA 2009-69)\n\n - A content window which is opened by a chrome 

window retains a reference to the chrome window via the 'window.opener' property which 

could lead to a privilege escalation. (MFSA 2009-70)\n\n - The exception messages 

generated by the 'GeckoActiveXObject' differ based on whether or not the requested COM 

object's ProgID is present in the system registry. (MFSA 2009-71)\n\nFor your information, 

the observed version of Firefox is: \n %L 

Solution: Upgrade to Mozilla Firefox 3.0.16, 3.5.6, or later. 

CVE-2009-3987 



Description: Synopsis : \n\nThe remote host has a web browser installed that is affected by multiple 


2.0.1. Such versions are potentially affected by multiple vulnerabilities : \n\n - Multiple 

crashes that could result in arbitrary code execution. (MFSA 2009-65)\n\n - Multiple 

vulnerabilities in 'liboggplay' which could lead to arbitrary code execution. Note that this 

only affects the 3.5.x branch. (MFSA 2009-66)\n\n - An integer overflow in the 'Theora' 

video library which could lead to a crash or the execution of arbitrary code. Note that this 

only affects the 3.5.x branch. (MFSA 2009-67)\n\n - The NTML implementation is 

vulnerable to reflection attacks in which NTML credentials from one application could be 

forwarded to another application. (MFSA 2009-68)\n\n - Multiple location bar spoofing 

vulnerabilities. (MFSA 2009-69)\n\n - A content window which is opened by a chrome 

window retains a reference to the chrome window via the 'window.opener' property which 

could lead to a privilege escalation. (MFSA 2009-70)\n\n - The exception messages 

generated by the 'GeckoActiveXObject' differ based on whether or not the requested COM 

object's ProgID is present in the system registry. (MFSA 2009-71)\n\nFor your information, 

the observed version of SeaMonkey is: \n %L 

Solution: Upgrade to Mozilla SeaMonkey 2.0.1 or later. 


CVE-2009-3987 


Description: The remote host issued the following GET request : \n%L 

realtimeonly 



Solution: N/A 


Winamp < 5.57 Multiple Vulnerabilities 


Description: Synopsis : \n\nThe remote host has a media player installed that is vulnerable to multiple 

attack vectors.\n\nThe remote host is running Winamp, a media player for Windows. The 

version of Winamp installed on the remote host is earlier than 5.57. Such versions are 

potentially affected by multiple vulnerabilities : \n\n - A boundary error in the Module 

Decoder Plug-in exists when parsing samples and can be exploited to cause a heap-based 

buffer overflow via a specially crafted 'Impulse Tracker' file. (CVE-2009-3995)\n\n - An 

error in the Module Decoder Plug-in when parsing 'Ultratracker' files can be exploited to 

cause a heap-based buffer overflow. (CVE-2009-3996)\n\n - An integer overflow error 

exists in the Module Decoder Plug-in when parsing 'Oktalyzer' files and can be exploited to 

cause a heap-based buffer overflow.\n\n - Multiple integer overflow vulnerabilities in the 

'jpeg.w5s' and 'png.w5s' filters when processing malformed 'JPEG' and 'PNG' data.\n\nFor 

your information, the observed version of Winamp is: \n %L 


CVE-2009-3997 

Zabbix < 1.6.6 Null Pointer Dereference DoS 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is vulnerable to denial-of-service attack.\n\nThe remote 

host is running Zabbix, an IT monitoring service. The installed version of Zabbix is earlier 

than 1.6.6. Such versions are potentially affected by a Null Pointer Dereference 

vulnerability in the 'process_trap()' function of the 'zabbix_server/trapper/trapper.c' source 

file. An attacker can exploit this flaw to crash the affected service. For your information, 

the observed version of Zabbix is: \n %L 

Solution: Upgrade to Zabbix 1.6.6 or later. 


Zabbix < 1.6.7 Security Bypass Vulnerability 




remote host is running Zabbix, an IT monitoring service. The installed version of Zabbix is 

earlier than 1.6.7. Such versions are potentially affected by a security bypass vulnerability 

because the application does not prevent unauthenticated users from executing arbitrary 

SQL queries (ZBX-1031). For your information, the observed version of Zabbix is: \n %L 




Zabbix < 1.6.8 Multiple Vulnerabilities 



is running Zabbix, an IT monitoring service. The installed version of Zabbix is earlier than 

1.6.8. Such versions are potentially affected by multiple vulnerabilities : \n\n - A 

denial-of-service vulnerability in the 'zbx_get_next_field()' function. (ZBX-1355)\n\n - A 

SQL-injection vulnerability in the 'send_history_last_id()' function of the 

'zabbix_server/trapper/nodehistory.c' source file. (ZBX-1031)\n\n - It is possible for remote 

unatuthenticated usres to execute OS commands. (ZBX-1030)\n\nFor your information, the 

observed version of Zabbix is: \n %L 


CVE-2009-4499 

Myspace Usage Detection 


Description: The remote client was observed logging into a myspace.com account. Myspace is a social 

networking site which features a personal blog, instant messaging, bulletin boards, and 

more. You should ensure that such behavior is in alignment with Corporate Policies and 

guidelines. 

realtime 

Solution: N/A 


Facebook Usage Detection 


Description: The remote client was observed accessing the Facebook social networking site. You should 

ensure that such behavior is in alignment with Corporate Policies and guidelines. 

realtime 

Solution: N/A 


YouTube Usage Detection 




Description: The remote client was observed accessing youtube.com. Youtube is a public site which 

features videos from all over the world. You should ensure that such behavior is in 

alignment with Corporate Policies and guidelines. 

realtime 

Solution: N/A 


classmates.com Usage Detection 


Description: The remote client was observed logging into classmates.com. Classmates.com is a social 

networking site which allows users to reconnect with former friends and colleagues. You 

should ensure that such behavior is in alignment with Corporate Policies and guidelines. 

Solution: N/A 

Gmail Usage Detection 



Description: The remote client is a gmail.com email client. Gmail is a web-based email client. You 

should ensure that such behavior is in alignment with Corporate Policies and guidelines. 

For your information, the client email address is %L 

realtime 

Solution: N/A 


XM Radio Usage Detection 


Description: The remote client was observed logging into their XM radio account. You should ensure 

that such behavior is in alignment with Corporate Policies and guidelines. For your 

information, the user account was logged as:\n %L 

realtime 

Solution: N/A 




Synapse Client Detection 


Description: The remote host is running a Synapse client. Synapse is used to connect clients into a 

Peer To Peer (p2p) network. The reported version is\n %L 


appropriate network usage 


Web Server - JavaScript Hosted on 3rd Party Server 


Description: The remote web server utilizes JavaScript on its pages. Further, the web server seems to be 

using JavaScript from an external source. The source of the JavaScript is: \n %L \n\nThe 

JavaScript is embedded within the following web document: \n%P 

Solution: Ensure that loading client-side JavaScript from a 3rd party is authorized according to 



Yahoo! Web Mail Usage Detection 


Description: The remote client is a Yahoo.com email client. Yahoo provides a web-based email client 

for users of their @yahoo.com domain. You should ensure that such behavior is in 

alignment with Corporate Policies and guidelines. For your information, the client 

username is %L 

Solution: N/A 


whatismyip.com Client Detection 


Description: The remote client was just observed connecting to 'whatismyip.com'. This sort of query is 

often used by Botnet clients to determine their external (routable) IP address. 

realtime 

Solution: N/A 






RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server uses a version of PHP that is vulnerable to multiple 

attack vectors.\n\nAccording to its banner, the version of PHP 5.2.x installed on the remote 

host is earlier than 5.2.12. Such versions are potentially affected by multiple vulnerabilities 

: \n\n - A safe_mode bypass in tempnam(). (CVE-2009-3557)\n\n - An open_basedir 

bypass in posix_mkfifo(). (CVE-2009-3558)\n\n - A possible denial-of-service via 

temporary file exhaustion caused by a failure to limit the number of file uploads per 

request. (CVE-2009-4017)\n\n - An arbitrary code execution vulnerability in the 

'session.save_path()' function and the '$_SESSION' data structure. (CVE-2009-4143)\n\n - 

A cross-site scripting vulnerability becuase the 'htmlspecialcharacters()' function fails to 

properly handle some malformed multibyte character sequences.\n\nFor your information, 

the observed version of PHP is: \n %L 


CVE-2009-4143 

Serv-U < 9.2.0.1 User Directory Information Disclosure 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote FTP server is affected by an information disclosure 

vulnerability.\n\nThe remote FTP server is running Serv-U file Server, an FTP server for 

Windows. The installed version is earlier than 9.2.0.1. Such versions are potentially 

affected by an information disclosure vulnerability which could allow an attacker to view 

directories that are above the user's root directory. For your information, the observed 

version of Serv-U is: \n %L 


CVE-2009-4815 


Adobe Flash Media Server < 3.0.5 / 3.5.3 Multiple Vulnerabilities (APSB09-018) (RTMP over HTTP) 



is running Adobe Flash Media server. The installed version of Adobe Flash Media server 

appears to be earlier than 3.0.5 or 3.5.3. Such versions are potentially affected by multiple 

vulnerabilities : \n\n - A resource exhaustion vulnerability that could lead to a denial of 

service. (CVE-2009-3791)\n\n - A directory traversal vulnerability that could lead to FMS 

loading arbitrary DLLs present on the server. (CVE-2009-3792)\n\nFor your information, 

the observed version of Adobe Flash Media Server is: \n %L 


Solution: Upgrade to Adobe Flash Media Server 3.0.5, 3.5.3 or later. 

CVE-2009-3792 

Adobe Flash Media Server < 3.5.3 Multiple Vulnerabilities (APSB09-018) (RTMP) 



is running Adobe Flash Media server. The installed version of Adobe Flash Media server 

appears to be earlier than 3.5.3. Such versions are potentially affected by multiple 

vulnerabilities : \n\n - A resource exhaustion vulnerability that could lead to a denial of 

service. (CVE-2009-3791)\n\n - A directory traversal vulnerability that could lead to FMS 

loading arbitrary DLLs present on the server. (CVE-2009-3792)\n\nFor your information, 

the observed version of Adobe Flash Media Server is: \n %L 

Solution: Upgrade to Adobe Flash Media Server 3.5.3 or later. 

CVE-2009-3792 

OpenX < 2.8.3 Authentication-Bypass 


Description: Synopsis : \n\nThe remote web server is vulnerable to an authentication bypass 

attack.\n\nThe remote web server is hosting OpenX, a web-based ad server. The installed 

version is earlier than 2.8.3. Such versions are potentially affected by an authentication 

bypass vulnerability because the application allows anonymous access to the administrative 

interface. For your information, the observed version of OpenX is: \n %L 

Solution: Upgrade to OpenX 2.8.3 or later. 

CVE-2009-4830 

Web Server - BitTorrent .torrent File Detection 


Description: The remote web server is hosting .torrent files. These are files which are used by various 

BitTorrent clients to initiate a torrent download. As an example, consider the following file 


that such file sharing is authorized with respect to policies and guidelines. 

Solution: N/A 


Android Mobile Device Detection 




Description: The remote client is an Android mobile device version: \n %L 

Solution: Ensure that such devices are within corporate standards 


ViewVC < 1.1.3 Multiple Vulnerabilities 


RISK: 

MEDIUM 



remote web server is running ViewVC, a web-based interface for CVS and Subversion. The 

installed version of ViewVC is earlier than 1.1.3. Such versions are potentially affected by 

multiple issues : \n\n - A security vulnerability that involves root listing support of per-root 

authorization configuration.\n\n - A security vulnerability in the 'query.py' involving the 

'forbidden' authorizer.\n\nFor your information, the observed version of ViewVC is: \n %L 

Solution: Upgrade to ViewVC 1.1.3 or later. 


Sun Java System Directory Proxy Server 6.x < 6.3.1 Update 1 Multiple Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is running the Sun Java system Directory Proxy Server, and 

LDAP proxy server from Sun Microsystems. The installed version is earlier than 6.3.1 

Update 1. Such versions are potentially affected by multiple vulnerabilities : \n\n - Under 

certain conditions simultaneous long binds are incorrectly assigned the same backed 

connections. An attacker may exploit this flaw to hijack an authenticated user's session and 

perform unauthorized operations. (CVE-2009-4440)\n\n - 'SO_KEEPALIVE' socket option 

is not enabled, and hence it may be possible for a remote attacker to trigger a denial of 

service condition by exhausting available connection slots. (CVE-2009-4441)\n\n - 

'max-client-connections' configuration setting is not correctly implemented, thus it may be 

possible for a remote attacker to trigger a denial of service condition. (CVE-2009-4442)\n\n 

- An unspecified vulnerability in the 'psearch' functionality could allow an attacker to 

trigger a denial of service condition. (CVE-2009-4443)\n\nFor your information, the 

observed version of Sun Java System Directory Proxy server is: \n %L \nIAVB Reference : 

2010-B-0002\nSTIG Finding Severity : Category I 

Solution: Upgrade to Sun Java System Directory Server 6.3.1 and apply patch 141958-01 

CVE-2009-4443 

Centreon < 2.1.4 Security Bypass 




Description: Synopsis : \n\nThe remote web server is hosting a web application that is affected by a 

security-bypass vulnerability.\n\nThe remote web server is hosting Centreon, a PHP-based 

application for monitoring networks.\n\nThe installed version of Centreon is earlier than 

2.1.4. Such versions are potentially affected by a security-bypass vulnerability which would 

allow an attacker to gain access to functionality such as ping or traceroute and access to 

LDAP import information. For your information, the observed version of Centreon is: \n 

%L 

Solution: Upgrade to Centreon 2.1.4 or later. 

CVE-2009-4368 

phpLDAPadmin < 1.2 Local File Inclusion 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server is hosting an application that is vulnerable to a local 

file inclusion attack.\n\nThe remote web server is hosting phpLDAPadmin, a web-based 

LDAP client. The installed version of phpLDAPadmin is earlier than 1.2.0. Such versions 

are potentially affected by a local file inclusion vulnerability because the application fails to 

properly sanitize user-supplied input to the 'cmd' parameter of the 'cmd.php' script. An 

unauthenticated user could exploit this flaw to view arbitrary files or possibly execute 

arbitrary PHP code on the remote host subject to the privileges of the web server user id. 

For your information, the observed version of phpLDAPadmin is : \n %L 

Solution: Upgrade to phpLDAPadmin 1.2.0 or later. 

CVE-2009-4427 

Transmission Client Detection 


RISK: 

MEDIUM 



to Corporate policy.\n\nThe remote host is running the Transmission client version 

%L\nTransmission is a client application which allows users to quickly download files 

from multiple locations over the BitTorrent protocol. 

Solution: Ensure that Transmission is allowed with respect to Corporate policies and guidelines. 



Sendmail < 8.14.4 SSL Certificate NULL Character Spoofing 



Description: Synopsis : \n\nThe remote host is vulnerable to a man-in-the-middle attack.\n\nThe remote 

mail server is running a version of Sendmail earlier than 8.14.4. Such versions are 

potentially affected by a flaw that my allow an attacker to spoof SSL certificates by using a 

NULL character in certain certificate fields. For your information, the observed version of 

Sendmail is: \n %L \nIAVA Reference : 2010-A-0002\nSTIG Finding Severity : Category I 

Solution: Upgrade to Sendmail 8.14.4 or later. 

CVE-2009-4565 

Dada Mail < 4.0.2 List Membership Requirement Bypass 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server is hosting an application that is affected by a security 

bypass vulnerability.\n\nThe remote web server is hosting Dada Mail, a web-based mailing 

list application. The installed version is earlier than 4.0.2. Such versions, when using the 

'Dada Bridge' plugin, are potentially affected by a security bypass vulnerability because the 

application does not verify that the sender of an email is a member of a list. An attacker 

could exploit this flaw to spam the email list. For your information, the observed version of 

Dada Mail is: \n %L 

Solution: Upgrade to Dada Mail 4.0.2 or later. 


Novell iManager < 2.7 SP3 eDirectory Plugin Buffer Overflow Vulnerability 


Description: Synopsis : \n\nThe remote web server is affected by a buffer overflow 

vulnerability.\n\nNovell iManager is installed on the remote host. The version of iManager 

is earlier than 2.7 SP3 and is therefore potentially affected by a buffer overflow 

vulnerability in the eDirectory plugin. A remote attacker, exploiting this flaw, could 

potentially execute arbitrary code. For your information, the observed version of Novell 

iManager is: \n %L 

Solution: Upgrade to Novell iManager 2.7 SP3 (iManager 2.7.3). 

CVE-2009-4486 

Liferay Portal 'p_p_id' Parameter HTML Injection 



RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server is hosting an application that is vulnerable to a 

HTML-injection attack.\n\nThe remote web server is running Liferay Portal, a Java-based 

web portal. The installed version is earlier than 5.3.0. Such versions are potentially affected 

by an HTML injection vulnerability because the application fails to properly sanitize 


user-supplied input to the 'p_p_id' parameter. An unauthenticated can supply malicious data 

which is then displayed to an administrator in another page. For your information, the 

observed version of Liferay Portal is: \n %L 

Solution: Upgrade to Liferay Portal 5.3.0 or later. 

CVE-2009-3742 

Trac < 0.11.6 Multiple Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server is hosting an application that is vulnerable to 

multiple attack vectors.\n\nThe remote web server is hosting Trac, a web-based software 

management application. The installed version of Trac is earlier than 0.11.6. Such versions 

are potentially affected by multiple vulnerabilities : \n\n - Fixed the policy checks in report 

results when using alternate formats.\n\n - Added a check for the 'raw' role that is missing 

in docutils < 0.6.\n\nFor your information, the observed version of Trac is: \n %L 

Solution: Upgrade to Trac 0.11.6 or later. 


Pidgin < 2.6.5 Information Disclosure Vulnerability 


RISK: 

MEDIUM 



is running Pidgin < 2.6.5. Such versions are potentially affected by an information 

disclosure vulnerability because the MSN protocol plugin axtracts the filename of a custom 

emoticon from an incoming request and uploads that file without correlating the filename to 

a valid custom emoticon. For your information, the observed version of Pidgin is: \n %L 



CVE-2010-0013 


Description: The remote host is using the following Web client : \n%L 

Solution: N/A 

realtimeonly 




TurboFTP 'DELE' FTP Command Remote Buffer Overflow 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote FTP server is vulnerable to a remote denial of service 

attack.\n\nThe remote host is running the TurboFTP FTP server. The installed version of 

TurboFTP is earlier than 1.00.720. Such versions are potentially affected by a remote 

buffer overflow vulnerability when handling an overly large string that is passed to the 

'DELE' FTP command. An attacker, exploiting this flaw, could crash the affected service. 

For your information, the observed version of TurboFTP is: \n %L 

Solution: Upgrade to TurboFTP 1.00.720 


Zope 'standard_error_message' Cross-Site Scripting Vulnerability 


RISK: 

MEDIUM 



cross-site scripting attack.\n\nThe remote Zope server is vulnerable to a cross-site scripting 

flaw related to the 'standard_error_message' template. An attacker, exploiting this flaw, 

could execute arbitrary script code in a user's browser. For your information, the observed 

version of Zope server is: \n %L 

Solution: Upgrade to Zope 2.8.12, 2.9.12, 2.10.22, 2.11.6, 2.12.3, or later. 

CVE-2010-1104 

DokuWiki < DokuWiki Release 2009-12-25 Multiple Vulnerabilities 


RISK: 

MEDIUM 



multiple attack vectors.\n\nThe remote web server is hosting a release of DokuWiki earlier 

than DokuWiki 2009-12-25. Such versions are potentially affected by multiple 

vulnerabilities : \n\n - A security-bypass vulnerability that can be exploited through the 

'cmd[save]', 'cmd[del]', and 'cmd[update]' parameters of the 'lib/plugins/acl/ajax.php' 

script.\n\n - An information-disclosure vulnerability in the 'ns' parameter of the 'ajax.php' 

script.\n\nFor your information, the observed version of DokuWiki is: \n %L 

Solution: Upgrade to DokuWiki Release 2009-12-25 or later. 

CVE-2010-0288 


Sun Java System Identity Manager 8.1 Privilege Escalation Vulnerability 



Description: Synopsis : \n\nThe remote host is vulnerable to a privilege escalation attack.\n\nThe remote 

host is running Sun Java System Identity Manager 8.1 with Patch 5 or 6. Such versions are 

potentially affected by a privileges escalation vulnerability when it is configured with Sun 

Java System Access Manager, OpenSSO Enterprise 8.0, or IBM Tivoli Access Manager. 

An attacker, exploiting this flaw, could gain administrative privileges on the affected 

application. For your information, the observed version of Sun Java System Identity 

Manager is: \n %L 

Solution: Apply Patch 7 from the Sun reference. 

CVE-2010-0311 

phpMyAdmin < 2.11.10 Multiple Vulnerabilities 



multiple attack vectors.\n\nThe remote web server is running a version of phpMyAdmin 

earlier than 2.11.10. Such versions are potentially affected by multiple vulnerabilities : \n\n 

- A cross-site request forgery attack because the application uses the 'unserialize()' PHP 

function on potentially unsafe data in the setup script.(CVE-2009-4605)\n\n - An insecure 

file creation and deletion vulnerability due to the way phpMyAdmin creates temporary 

files.\n\nFor your information, the observed version of phpMyAdmin is: \n %L 

Solution: Upgrade to phpMyAdmin 2.11.10, 3.0.0, or later. 

CVE-2009-4605 

Windows-Vista VPN Detection 


Description: The remote host is running the Windows-Vista VPN Server. A VPN (Virtual 

Private Network) allows remote users to connect to an internal network as if they 

were local users. A VPN which allows split-tunneling will essentially serve as a 

bridge between the remote network and the internal network. Special care should 

be taken to ensure that remote VPN clients connect securely and do not introduce 

an unacceptable level of Risk to the internal computing environment. 

Solution: Ensure that the VPN is acceptable with respect to Corporate Guidelines and Policies. 


Dead Peer Detection v1.0 VPN Detection 



Description: The remote host is running the Dead Peer Detection v1.0 VPN Server. A VPN (Virtual 


local users. A VPN which allows split-tunneling will essentially serve as a bridge between 

the remote network and the internal network. Special care should be taken to ensure that 


emote VPN clients connect securely and do not introduce an unacceptable level of Risk to 




strongSwan 4.0.5 VPN Detection 


Description: The remote host is running the strongSwan 4.0.5 VPN Server. A VPN (Virtual Private 


A VPN which allows split-tunneling will essentially serve as a bridge between the remote 


clients connect securely and do not introduce an unacceptable level of Risk to the internal 














































































































Netscreen-14 VPN Detection 


Description: The remote host is running the Netscreen-14 VPN Server. A VPN (Virtual Private 






























Symantec-Raptor-v8.1 VPN Detection 


Description: The remote host is running the Symantec-Raptor-v8.1 VPN Server. A VPN (Virtual Private 








Symantec-Raptor VPN Detection 


Description: The remote host is running the Symantec-Raptor VPN Server. A VPN (Virtual Private 








BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning 



RISK: 

MEDIUM 



Description: Synopsis : \n\nThe remote DNS Server is vulnerable to a remote cache-poisoning 

attack.\n\nThe remote DNS Server is running Bind 9 earlier than 9.4.3-P5, 9.5.2-P1, or 

9.6.1-P3. Such versions are potentially affected by a remote cache-poisoning attack. An 

error exists in the DNSSEC NSEC/NSEC3 validation code taht could cause bogus 

NXDOMAIN responses to be cached as if they had validated correctly. For your 

information, the observed version of BIND 9 is: \n %L 

Solution: Upgrade to BIND 9.4.3-P5, 9.5.2-P2, 9.6.1-P3, or later. 

CVE-2010-0097 

HP Power Manager < 4.2.10 Multiple Vulnerabilities 


Description: Synopsis : \n\nThe power management application installed on the remote host is 

vulnerable to multiple attack vectors.\n\nThe installed version of HP Power Manager is 

earlier than 4.2.10. Such versions are potentially affected by the following vulnerabilities : 

\n\n - Adequate bounds checking is not performed on the 'Login' parameter of the login 

page, which could lead to a buffer overflow. A remote unauthenticated attacker could 

exploit this to execute arbitrary code as SYSTEM. (CVE-2009-2685)\n\n - Adequate 

bounds checking is not performed on the 'fileName' or 'LogType' parameter of 

'formExportDataLogs', which could lead to a buffer overflow. A remote authenticated 

attacker could exploit this to execute arbitrary code as SYSTEM. (CVE-2009-3999)\n\n - 

The 'filename' parameter of 'formExportDataLogs' has a directory traversal vulnerability. A 

remote authenticated attacker could exploit this to overwrite arbitrary files with almost 

arbitrary data. This could result in a denial of service, or arbitrary code execution as 

SYSTEM. (CVE-2009-4900)\n\nFor your information, the observed version of HP Power 

Manager is: \n %L 

Solution: Upgrade to HP Power Manager 4.2.10 or later. 

CVE-2009-4000 


Real Networks RealPlayer < RealPlayer SP 1.0.5 Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote host is running an application that is vulnerable to multiple attack 

vectors.\n\nThe remote host is running a version of RealPlayer earlier than RealPlayer SP 

1.0.5. Such versions are potentially affected by multiple vulnerabilities :\n\n - A RealPlayer 

'ASM' Rulebook heap-based buffer overflow. (CVE-2009-4241)\n\n - A RealPlayer 'GIF' 

file heap overflow. (CVE-2009-4242)\n\n - A RealPlayer media overflow (http chunck 

encoding). (CVE-2009-4243)\n\n - A RealPlayer 'IVR' file processing buffer overflow. 

(CVE-2009-0375)\n\n - A RealPlayer 'IVR' file heap overflow. (CVE-2009-0376)\n\n - A 

RealPlayer 'SIPR' codec heap overflow. (CVE-2009-4244)\n\n - A RealPlayer compressed 

'GIF' heap overflow. (CVE-2009-4245)\n\n - A RealPlayer 'SMIL' parsing heap overflow. 

(CVE-2009-4257)\n\n - A RealPlayer skin parsing stack overflow. (CVE-2009-4246)\n\n - 

A RealPlayer 'ASM' RuleBook array overflow. (CVE-2009-4247)\n\n - A RealPlayer 'rtsp' 

'set_parameter' buffer overflow. (CVE-2009-4248)\n\nNote that different versions are 


affected by different vulnerabilities.\nIAVA Reference : 2010-A-0022\nSTIG Finding 


Solution: Upgrade to RealPlayer SP 1.0.5 or later. 

CVE-2009-4248 

DNS Client Query Detection 


Description: The remote client has issued a name query for the following FQDN 

Solution: N/A 

realtimeonly 


Apache Tomcat < 5.5.29 / 6.0.24 


RISK: 

MEDIUM 



version of Apache Tomcat installed on the remote host is earlier than 5.5.29, or 6.0.24. 

Such versions are potentially affected by multiple vulnerabilities : \n\n - When deploying 

WAR files, the WAR files are not checked for directory traversal attempts. This allows an 

attacker to create arbitrary content outside of the web root by including entries such as 

'../../bin/catalina.sh' in the WAR. (CVE-2009-2693)\n\n - By default, Tomcat automatically 

deploys any directories placed in a host's appBase. Depending on circumstances, files 

normally protected by one or more security constraints may be deployed without those 

security constraints, making them accessible without authentication. (CVE-2009-2901)\n\n 

- When deploying WAR files, the WAR file names are not checked for directory traversal 

attempts, which could lead to the deletion of arbitrary files in the host's work directory. 

(CVE-2009-2902)\n\nFor your information, but observed version of Apache Tomcat is : \n 

%L 

Solution: Upgrade to Apache Tomcat 5.5.29, 6.0.24, or later. 

CVE-2009-2902 






4.0.249.78. Such versions are potentially affected by multiple vulnerabilities : \n\n - A 

pop-up blocker bypass. (3275)\n\n - Cross-domain theft due to CSS design error. 

(9877)\n\n - Browser memory error with stale pop-up block menu. (12523)\n\n - An 


unspecified error allows XMLHttpRequests to directories. (20450)\n\n - An unspecified 

error exists related to escaping characters in shortcuts. (23693)\n\n - Renderer memory 

error exist when drawing on canvases. (8864, 24701, 24646)\n\n - An image decoding 

memory error. (28566)\n\n - An unspecified error exists, which may result in failure to strip 

'Referer'. (29920)\n\n - An unspecified cross-domain access error. (30660)\n\n - An 

unspecified bitmap deserialization error. (31307)\n\n - An unspecified browser crash 

related to nested URLs. (31517)\n\nFor your information, the observed version of Google 

Chrome is: \n %L 


CVE-2010-0664 

SilverStripe < 2.3.5 Cross-site Scripting Vulnerability 


RISK: 

MEDIUM 



cross-site scripting attack.\n\nThe remote web server is hosting SilverStripe CMS. The 

installed version of SilverStripe is earlier than 2.3.5. Such versions are potentially affected 

by a persistent cross-site scripting vulnerability becase the application fails to properly 

sanitize user-supplied input to the 'CommenterURL' parameter in the comment posting 

mechanism. An attacker could exploit this flaw in order to execute arbitrary script code in a 

user's browser. For your information, the observed version of SilverStripe is: \n %L 

Solution: Upgrade to SilverStripe 2.3.5 or later. 

CVE-2010-1593 

Symantec Altiris Notification Server 6.0 < SP3 R12 Static Encryption Key 


Description: Synopsis : \n\nThe remote host is vulnerable to an information disclosure 

vulnerability.\n\nThe remote host is running Symantec Altiris Notification Server 6.0 

earlier than SP3 R12. Such versions are potentially affected by a local information 

disclosure vulnerability because the application uses a static encryption key for encrypted 

credentials entered by the administrator. An attacker, exploiting this flaw, could view 

unauthorized information or possibly execute code. For your information, the observed 

version of Symantec Altiris Notification Server is: \n %L 

Solution: Upgrade to Altiris Notification Server 6.0 SP3 R12 or later. 

CVE-2009-3035 

Bugzilla < 3.0.11 / 3.2.6 / 3.4.5 / 3.5.3 Multiple Vulnerabilities 



RISK: 

MEDIUM 




multiple attack vectors.\n\nThe remote web server is hosting a version of Bugzilla that is 

earlier than 3.0.11, 3.2.6, 3.4.5, or 3.5.3. Such versions are potentially affected by multiple 

vulnerabilities : \n\n - Bugzilla allows web browsers to serve the contents of files in the 

'CVS/', 'contrib/', 'docs/en/xml', and 't/' directories as well as the 'old-params.txt' file.\n\n - 

When moving a bug from one product to another, an intermediate web page is displayed 

letting you select the groups the bug should be restricted to in the new product. Because of 

a regression in Bugzilla 3.4.x involving groups, a private bug could temporarily become a 

public.\n\nFor your information, the observed version of Bugzilla is: \n %L 

Solution: Upgrade to Bugzilla 3.0.11, 3.2.6, 3.4.5, 3.5.3, or later. 

CVE-2009-3989 

Squid 3.0STABLE23 / 3.1.0.16 Remote DoS 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is vulnerable to a Denial of Service (Dos) 

attack.\n\nAccording to its banner, the version of Squid proxy caching server installed on 

the remote host is 2.x or 3.x earlier than 3.0.STABLE23 or 3.1.0.16. Such versions 

reportedly use incorrect data validation when processing specially crafted DNS packets. An 

attacker, exploiting this flaw, could cause a short term denial of service. For your 

information, the observed version of Squid is: \n %L 

Solution: Either upgrade to Squid version 3.0.STABLE23 or 3.1.0.16 or later, or apply the patch 

referenced in the project's advisory above. 

CVE-2010-0308 

MySQL 6.0 < 6.0.9 CREATE TABLE Security Bypass 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is vulnerable to security bypass attack.\n\nThe version of 

MySQL 6.0 installed on the remote host is earlier than 6.0.9, and thus potentially affected 

by a security bypass vulnerability. The application allwos an attacker to bypass certain 

checks when creating a table with ceratin 'DATA DIRECTORY' and 'INDEX 

DIRECTORY' options that are within the MySQL home data directory. For you 

information, the observed version of MySQL is: \n %L 

Solution: Upgrade to MySQL Community Server version 6.0.9 or later. 

CVE-2008-7247 


OTRS Core System Multiple Unspecified SQL Injection Vulnerabilities 



RISK: 

MEDIUM 


multiple sql-injection attacks.\n\nThe remote web server is hosting OTRS, an Open source 

Ticket Request System written in Perl. The installed version is earlier than 2.1.9, 2.2.9, 

2.3.5, or 2.4.7. Such versions are potentially affected by multiple unspecified sql-injection 

vulnerabilities. An attacker, with a valid Agent or Customer-session, could exploit this flaw 

to read or modify records in the database. For your information, the observed version of 

OTRS is: \n %L 

Solution: Upgrade to OTRS 2.1.9, 2.2.9, 2.3.5, 2.4.7, or later. 

CVE-2010-0438 

cURL < 7.20.0 CURLOPT_ENCODING Option Buffer Overflow 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is running a download client that is vulnerable to a buffer 

overflow attack.\n\nThe remote host is running cURL, a download client for various 

protocols. The installed version of cURL is earlier than 7.20.0. Such versions are 

potentially affected by a buffer overflow vulnerability when downloading compressed files 

over HTTP and automatically decompressing the file with the 'CURLOPT_ENCODING' 

option. This issue only occurs in versions of cURL that are built with zlib enabled. For your 

information, the observed version of cURL is: \n %L 

Solution: Upgrade to cURL 7.20.0 or later. 






4.0.249.89. Such versions are potentially affected by multiple vulnerabilities : \n\n - Two 

errors when resolving domain names and when interpreting configured proxy lists can be 

exploited to disclose sensitive data. (12303, 22914)\n\n - Multiple integer overflows in the 

V8 engine. (31009)\n\n - An unspecified error when processing the '' tag. 

(31692)\n\n - Chrome leaks redirection targets via the '' href. (32309)\n\n - An 

unspecified error when displaying domain names in HTTP authentication dialogs. 

(37218)\n\n - An integer overflow when deserializing sandbox messages. (32915)\n\nFor 

your information, the observed version of Google Chrome is: \n %L 


CVE-2010-0649 



Apple iPhone OS < 3.1.3 Multiple Vulnerabilities 



is an iPhone with an OS version earlier than 3.1.3. Such versions are potentially affected by 

multiple vulnerabilities : \n\n - A buffer overflow exists in the handling of mp4 audio files. 

(CVE-2010-0036)\n\n - A buffer underflow exists in ImageIO's handling of TIFF images. 

(CVE-2009-2285)\n\n - A memory corruption issue exists in the handling of a certain USB 

control message. (CVE-2010-0038)\n\n - Multiple input validation issues exist in WebKit's 

handling of FTP directory listings. (CVE-2009-3384)\n\n - When WebKit encounters an 

HTML 5 Media Element pointing to an external resource, it does not issue a resource load 

callback to determine if the resource should be loaded. (CVE-2009-2841)\n\nFor your 

information, the observed version of iPhone OS is: \n %L 

Solution: Upgrade to iPhone OS 3.1.3 or later. 

CVE-2010-0038 

Flash Player < 10.0.45.2 Multiple Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host contains a browser plug-in that is vulnerable to multiple 

attack vectors.\n\nThe remote host conatains a version of Adobe Flash Player that is earlier 

than 10.0.45.2. Such versions are potentially affected by multiple vulnerabilities : \n\n - An 

issue which could subvert the domain sandbox and make unauthorized cross-domain 

requests. (CVE-2010-0186)\n\n - An unspecified denial of service. 

(CVE-2010-0187)\n\nFor your information, the observed version of Flash player is: \n %L 

Solution: Upgrade to Adobe Flash Player 10.0.45.2 or later. 

CVE-2010-0187 




Description: Synopsis : \n\nThe remote host has a program that is vulnerable to multiple attack 

vectors.\n\nThe version of OpenOffice installed on the remote host is earlier than 3.2. Such 

versions are potentially affected by several issues : \n\n - Signatures may not be handled 

properly due to a vulnerability in the libxml2 library. (CVE-2006-4339)\n\n - There is an 

HMAC truncation authentication bypass vulnerability in the libxmlsec library. 

(CVE-2009-0217)\n\n - The application is bundled with a vulnerable version of the 

Microsoft VC++ runtime. (CVE-2009-2493)\n\n - Specially crafted XPM files are not 

processed properly, which could lead to arbitrary code execution. (CVE-2009-2949)\n\n - 

Specially crafted GIF files are not processed properly, which could lead to arbitrary code 

execution. (CVE-2009-2950)\n\n - Specially crafted Microsoft Word documents are not 

processed properly, which could lead to arbitrary code execution. (CVE-2009-3301 / 

CVE-2009-3302)\n\nFor your information, the observed version of OpenOffice is: \n %L 


Solution: Upgrade to OpenOffice version 3.2 or later. 

CVE-2009-3302 

Squid < 3.0STABLE24 HTCP Request Denial of Service 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is vulnerable to a Denial of Service (DoS) 

attack.\n\nAccording to its banner, the version of Squid proxy caching server installed on 

the remote host is 2.x or 3.0.x earlier than 3.0.STABLE24. Such versions are potentially 

affected by a denial-of-service vulnerability due to incorrect processing of specially crafted 

HTCP packets. For your information, the observed version of Squid is: \n %L 

Solution: Either upgrade to Squid version 3.0.STABLE24 or later, or apply the patch referenced in 

the project's advisory above. 

CVE-2010-0639 

Novell eDirectory < 8.8 SP5 Patch 3 eMBox SOAP Request DoS 


RISK: 

MEDIUM 



host is running eDirectory, a directory service software from Novell. The eMBox service 

included with the installed version of eDirectory is affected by a denial of service 

vulnerability. By sending a specially crafted HTTP SOAP request, it may be possible for a 

remote attacker to crash the remote service. For your information, the observed version of 

eDirectory is: \n %L 

Solution: Upgrade to eDirectory 8.8 SP5 Patch 3 or later. 

CVE-2010-0666 


Mozilla Firefox < 3.0.18 / 3.5.8 / 3.6 Multiple Vulnerabilities 




3.0.18, 3.5.8, 3.6. Such versions are potentially affected by multiple vulnerabilities : \n\n - 

Several crashes can result in arbitrary code execution. (MFSA 2010-01)\n\n - The 

implementation of 'Web Workers' contains an error in its handling of array data types when 

processing posted messages. (MFSA 2010-02)\n\n - The HTML parser incorrectly frees 

used memory when insufficient space is available to process remaining input. (MFSA 

2010-03)\n\n - A cross-site scripting issue due to 'window.dialogArguments' being readable 

cross-domain. (CVE-2010-04)\n\n - A cross-site scripting issue when using SVG 

documents and binary Content-Type. (MFSA 2010-05)\n\n - Multiple crashes can result in 


arbitrary code execution. (MFSA 2010-011)\n\n - A cross-site scripting issue when using 

'addEventListener' and 'setTimeout' on a wrapped object. (MFSA 2010-12)\n\n - It is 

possible to corrupt a user's XUL cache. (MFSA 2010-14)\n\nFor your information, the 

observed version of Firefox is: \n %L 

Solution: Upgrade to Mozilla Firefox 3.0.18, 3.5.8, 3.6, or later. 

CVE-2010-0171 





2.0.3. Such versions are potentially affected by multiple vulnerabilities : \n\n - Several 

crashes can result in arbitrary code execution. (MFSA 2010-01)\n\n - The implementation 

of 'Web Workers' contains an error in its handling of array data types when processing 

posted messages. (MFSA 2010-02)\n\n - The HTML parser incorrectly frees used memory 

when insufficient space is available to process remaining input. (MFSA 2010-03)\n\n - A 

cross-site scripting issue due to 'window.dialogArguments' being readable cross-domain. 

(CVE-2010-04)\n\n - A cross-site scripting issue when using SVG documents and binary 

Content-Type. (MFSA 2010-05)\n\n - Multiple crashes can result in arbitrary code 

execution. (MFSA 2010-11)\n\n - A cross-site scripting issue when using 

'addEventListener' and 'setTimeout' on a wrapped object. (MFSA 2010-12)\n\nFor your 

information, the observed version of SeaMonkey is: \n %L 


CVE-2010-0171 

Sawmill < 7.2.18 Unspecified Cross-Site Scripting Vulnerability 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server is vulnerable to a cross-site scripting attack.\n\nThe 

host is running Sawmill, a log analysis and reporting application. The installed version of 

Sawmill is earlier than 7.2.18. Such versions are potentially affected by a cross-site 

scripting vulnerability. An attacker, exploiting this flaw, could execute arbitrary script code 

in a user's browser. For your information, the observed version of Sawmill is: \n %L 

Solution: Upgrade to Sawmill 7.2.18 or later. 

CVE-2010-1079 

SilverStripe < 2.3.6 Multiple Vulnerabilities 



RISK: 

MEDIUM 




multiple attack vectors.\n\nThe remote web server is hosting SilverStripe CMS. The 

installed version of SilverStripe is earlier than 2.3.6. Such versions are potentially affected 

by multiple vulnerabilities : \n\n - A cross-site scripting vulnerability in the 'DataObjectSet' 

pagination.\n\n A cross-site scripting vulnerablity in the 'user' parameter of the 

'jsparty/jquery/plugins/validate/demo/form.php' script.\n\n- An information disclosure 

vulnerability through 'profile_trace' and 'debug_profile' GET parameters. (98229, 

98230)\n\n - The 'sapphire/core/control/Director.php' script displays the output of the 

'memory_get_peak_usage()' function in an insecure manner.\n\nFor your information, the 

observed version of SilverStripe is: \n %L 

Solution: Upgrade to SilverStripe 2.3.6 or later. 

CVE-2010-5188 



RISK: 

MEDIUM 




is earlier than 5.3.2 / 5.2.13. Such versions are potentially affected by multiple 

vulnerabilities : \n\n - A safe_mode validation issue inside 'tempnam()' when the directory 

path does not end with a '/'.\n\n - A possible open_basedir/safe_mode bypass in the session 

extension.\n\nFor your information, the observed version of PHP is: \n %L 

Solution: Upgrade to PHP version 5.3.2 / 5.2.13 or later. 

CVE-2010-1129 

XMail < 1.27 Insecure Temporary File Creation 


Description: Synopsis : \n\nThe remote SMTP server is vulnerable to a symlink attack.\n\nThe remote 

mail server is running a version of XMail earlier than 1.27. Such versions are potentially 

affected by a flaw that may allow an attacker with local access to the host to delete or 

corrupt arbitrary files, due to the application creating temporary files in an insecure manner. 

For your information, the observed version of XMail is: \n %L 

Solution: Upgrade to XMail 1.27 or later. 


Website Baker < 2.8.1 Security Bypass Vulnerability 



RISK: 

MEDIUM 



Description: Synopsis : \n\nThe remote web server is hosting a web application that is affected by 

security bypass vulnerability.\n\nThe remote web server is hosting Website Baker. The 

installed version of Website Baker is potentially affected by a security bypass vulnerability 

in the 'print_error()' function of the 'framework/class.wb.php' script. An attacker, exploiting 

this flaw, can impersonate registered users. For your information, the observed version of 

Website Baker is: \n %L 

Solution: Upgrade to Website Baker 2.8.0 




RISK: 

MEDIUM 




affected by multiple vulnerabilities : \n\n - An error in the TLS protocol when handling 

session re-negotiations. (944)\n\n - An unspecified vulnerability.\n\nFor your information, 

the observed version of Opera is: \n %L \nIAVA Reference : 2011-A-0107\nIAVB 



CVE-2009-3555 

Symantec IM Manager Multiple Vulnerabilities 


Description: Synopsis : \n\nThe remote host contains a web application that is vulnerable to multiple 

attack vectors.\n\nThe remote host is running a version of the Symantec IM Manager 

earlier than build 8.4.13. Such versions are potentially affected by multiple vulnerabilities : 

\n\n - An unspecified cross-site scripting vulnerability. (CVE-2009-3036)\n\n - A buffer 

overflow vulnerability in the Autonomy KeyView module. (CVE-2009-3032)\n\nFor your 

information, the observed version of Symantec IM Manager is: \n %L 

Solution: Upgrade to Symantec IM Manager build 8.4.13 or later. 

CVE-2009-3036 

Client PDF Download Detection 



Description: The remote client was just observed download the following pdf file: \n %L 

Solution: Ensure that this document is in alignment with existing policies and guidelines 



Client ZIP Download Detection 


Description: The remote client was just observed download the following zip file: \n %L 

Solution: Ensure that this compressed file is in alignment with existing policies and guidelines 


Mozilla Thunderbird < 2.0.0.23 Certificate Authority (CA) Common Null Byte Handling SSL MiTM 

Weakness 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host contains a mail client that is affected by a security bypass 

vulnerability.\n\nThe installed version of Mozilla Thunderbird is earlier than 2.0.0.23. Such 

versions are potentially affected by the following security issue : \n\n - The client can be 

fooled into trusting a malicious SSL server certificate with a null character in the host 

name. (MFSA 2009-42)\n\nFor your information, the observed version of Thunderbird is: 

\n %L 

Solution: Upgrade to Thunderbird 2.0.0.23 or later. 

CVE-2009-2408 



Description: Synopsis : \n\nThe remote host contains a mail client that is affected by multiple 

vulnerabilities.\n\nThe installed version of Mozilla Thunderbird is earlier than 3.0.1. Such 

versions are potentially affected by the following security issues : \n\n - Multiple crashes 

can result in arbitrary code execution. (MFSA 2009-65)\n\n - Multiple vulnerabilities in 

'liboggplay' can lead to arbitrary code execution. (MFSA 2009-66)\n\n - An integer 

overflow in the 'Theora' video library can lead to a crash or the execution of arbitrary code. 

(MFSA 2009-67)\n\nFor your information, the observed version of Thunderbird is: \n %L 

Solution: Upgrade to Mozilla Thunderbird 3.0.1 or later. 

CVE-2009-3982 





Description: Synopsis : \n\nThe remote host contains a mail client that is affected by multiple 

vulnerabilities.\n\nThe installed version of Mozilla Thunderbird is earlier than 3.0.2. Such 

versions are potentially affected by the following security issues : \n\n - Multiple crashes 

can result in arbitrary code execution. (MFSA 2010-01)\n\n - The HTML parser incorrectly 

frees used memory when insufficient space is available to process remaining input. (MFSA 

2010-03)\n\n - Multiple crashes can result in arbitrary code execution. (MFSA 

2010-11)\n\n - A cross-site scripting issue when using 'addEventListener' and 'setTimeout' 

on a wrapped object. (MFSA 2010-12)\n\n - It is possible to corrupt a user's XUL cache. 

(MFSA 2010-14)\n\nFor your information, the observed version of Thunderbird is: \n %L 


CVE-2010-0171 




vectors.\n\nAccording to its banner, the version of Apache 2.2 installed on the remote host 

is older than 2.2.15. Such versions are potentially affected by multiple vulnerabilities : \n\n 

- A TLS renegotiation prefix attack is possible. (CVE-2009-3555)\n\n - The 

'mod_proxy_ajp' module returns the wrong status code if it encounters an error which 

causes the back-end server to be put into an error state. (CVE-2010-0408)\n\n - The 

'mod_isapi' module attempts to unload the 'ISAPI.DLL' when it encounters various error 

states which could leave call-backs in an undefined state. (CVE-2010-0425)\n\n - A flaw in 

the core sub-request process code can lead to sensitive information from a request being 

handled by the wrong thread if a multi-threaded environment is used. 

(CVE-2010-0434)\n\nFor your information, the observed version of Apache is: \n %L 

\nIAVA Reference : 2011-A-0107\nIAVB Reference : 2012-B-0038\nSTIG Finding 



CVE-2010-0434 

Trojan/Backdoor - Arugizer Detection 



program\n\nArugizer backdoor activity has been detected. This indicates that a successful 

reply to a YES command sent to the Arugizer backdoor has been seen, which is a clear sign 

that the backdoor is installed and responding to commands. 

Solution: Update your Antivirus and perform a full scan of the remote operating system. 

CVE-2010-0103 

OpenSSL < 0.9.8m Multiple Vulnerabilities 





banner, the remote host is running a version of OpenSSL older than 0.9.8m. Such versions 

potentially have the following vulnerabilities : \n\n - Session renegotiations are not handled 

properly, which could be exploited to insert arbitrary plaintext by a man-in-the-middle. 

(CVE-2009-3555)\n\n - The library does not check for a NULL return value from calls to 

the bn_wexpand() function, which has unspecified impact. (CVE-2009-3245)\n\nFor your 

information, the observed version of OpenSSL is: \n %L \nIAVA Reference : 

2011-A-0107\nIAVB Reference : 2012-B-0038\nSTIG Finding Severity : Category I 

Solution: Upgrade to OpenSSL 0.9.8m or later. 

CVE-2009-3555 

Mozilla Firefox cpe Version Detection 


Description: The remote host is running Firefox version: %L 

Solution: N/A 


Samba 3.3.11 / 3.4.6 / 3.5.0 Security Bypass Vulnerability 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote Samba server is vulnerable to a security bypass 

attack.\n\nAccording to its banner, the version of Samba Server on the remote host is 

potentially affected by a security bypass vulnerability. A flaw exists that causes all smbd 

processes to inherit CAP_DAC_OVERRIDE capabilities, allowing all file system access to 

be allowed even when permissions should have denied access. For your information, the 

observed version of Samba is: \n %L 

Solution: Upgrade to Samba 3.3.12, 3.4.7, 3.5.1 

CVE-2010-0728 





vectors.\n\nThe version of Safari installed on the remote host is earlier than 4.0.5. Such 

versions are potentially affected by several issues : \n\n A buffer underflow in ImageIO's 

handling of TIFF images could lead to a crash or arbitrary code execution. 

(CVE-2009-2285)\n\n - An integer overflow in the handling of images with an embedded 

color profile could lead to a crash or arbitrary code execution. (CVE-2010-0040)\n\n - An 


uninitialized memory access issue in ImageIO's handling of BMP images could result in 

sending of data from Safari's memory to a website. (CVE-2010-0041)\n\n - An uninitialized 

memory access issue in ImageIO's handling of TIFF images could result in sending of data 

from Safari's memory to a website. (CVE-2010-0042)\n\n - A memory corruption issue in 

the handling of TIFF images could lead to a crash or arbitrary code execution. 

(CVE-2010-0043)\n\n - An implementation issue in the handling of cookies set by RSS and 

Atom feeds could result in a cookie being set when visiting or updating a feed even if 

Safari is configured to block cookies via the 'Accept Cookies' preference. 

(CVE-2010-0044)\n\n - An issue in Safari's handling of external URL schemes could cause 

a local file to be opened in response to a URL encountered on a web page, which could 

allow a malicious web server to execute arbitrary code. (CVE-2010-0045)\n\n - A memory 

corruption issue in WebKit's handling of CSS format() arguments could lead to a crash or 

arbitrary code execution. (CVE-2010-0046)\n\n - A use-after-free issue in the handling of 

HTML object element fallback content could lead to a crash or arbitrary code execution. 

(CVE-2010-0047)\n\n - A use-after-free issue in WebKit's parsing of XML documents 

could lead to a crash or arbitrary code execution. (CVE-2010-0048)\n\n - A use-after-free 

issue in the handling of HTML elements containing right-to-left displayed text could lead 

to a crash or arbitrary code execution. (CVE-2010-0049)\n\n - A use-after-free issue in 

WebKit's handling of incorrectly nested HTML tags could lead to a crash or arbitrary code 

execution. (CVE-2010-0050)\n\n - An implementation issue in WebKit''s handling of 

cross-origin stylesheet requests when visiting a malicious website could result in disclosure 

of the content of protected resources on another website. (CVE-2010-0051)\n\n - A 

use-after-free issue in WebKit's handling of callbacks for HTML elements could lead to a 

crash or arbitrary code execution. (CVE-2010-0052)\n\n - A use-after-free issue in the 

rendering of content with a CSS display property set to 'run-in' could lead to a crash or 

arbitrary code execution. (CVE-2010-0053)\n\n - A use-after-free issue in WebKit's 

handling of HTML image elements could lead to a crash or arbitrary code execution. 

(CVE-2010-0054)\n\nFor your information, the observed version of is: \n %L 


CVE-2010-0054 

Skype < 4.2.0.155 URI Handler Security Vulnerability 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is running an instant messaging application that is 

vulnerable to a security bypass attack.\n\nThe version of Skype installed on the remote host 

is earlier than 4.2.0.155. Such versions are potentially affected by a flaw in the handling of 

specially crafted 'skype: ' URIs. An attacker, exploiting this flaw, could control certain 

Skype settings and possibly gain access to sensitive information. For your information, the 

observed version of Skype is: \n %L 

Solution: Upgrade to Skype 4.2.0.155 or later. 


eScan Anti-Virus Detection 




Description: The remote host is running eScan Anti-Virus, a virus scanning application for Linux. Check 

that the latest virus definitions are installed. 

Solution: N/A 




Description: Synopsis : \n\nThe remote host is using a web client that is vulnerable to multiple attack 


4.1.249.1036. Such versions are potentially affected by multiple vulnerabilities : \n\n - 

Multiple race conditions and pointer errors in the sandbox infrastructure. (28804, 

31880)\n\n - An error relating to persisted metadata such as web Databases and STS. 

(20801, 33445)\n\n - HTTP headers are processed before the SafeBrowsing check. 

(33572)\n\n - A memory error with malformed SVG. (34978)\n\n - Multiple integer 

overflows in WebKit JavaScript objects. (35724)\n\n - The HTTP basic auth dialog 

truncates URLs. (36772)\n\n - It is possible to bypass the download warning dialog. 

(37007)\n\n - An unspecified cross-origin bypass vulnerability. (37383)\n\n - A memory 

error relating to empty SVG elements. Note that this only affects Chrome Beta version. 

(37061)\n\nFor your information, the observed version of Google Chrome is: \n %L 

Solution: Upgrade to Google Chrome 4.1.249.1036 


eGroupWare < 1.6.003 Mutiple Vulnerabilities 



multiple attack vectors.\n\nThe remote web server is hosting eGroupWare, a web based 

groupware application written in PHP. The installed version is earlier than 1.6.003. Such 

versions are potentially affected by multiple vulnerabilities : \n\n - A remote command 

execution vulnerability in the 'spellchecker_lang' and 'aspell_path' parameters of the 

'spellchecker.php' script.\n\n - A cross-site scripting vulnerability in the 'lang' parameter of 

the 'login.php' script.\n\nFor your information, the observed version of eGroupWare is: \n 

%L 

Solution: Upgrade to eGroupWare 1.6.003 or later. 

DB2 Trace Enabled 





Description: The remote DB2 client was just observed running a trace command. The observed 

command was: \n %L 

Solution: N/A 

DB2 Trace Disabled 



Description: The remote DB2 client was just observed disabling the trace command. The observed 


Solution: N/A 


DB2 Suspicious Command Detection 


Description: The remote DB2 client was just observed issuing a "grant all" command. The entire 

observed command was: \n %L 

Solution: N/A 




Description: The remote DB2 client was just observed issuing a "grant dbadm" command. The entire 


Solution: N/A 




Description: The remote DB2 client was just observed issuing a "grant option" command. The entire 


Solution: N/A 






Description: The remote DB2 client was just observed issuing a server configuration change. The entire 


Solution: N/A 




Description: The remote DB2 client was just observed making a system table change. The entire 


Solution: N/A 




Description: The remote DB2 client was just observed dropping a database. The entire observed 


Solution: N/A 




Description: The remote DB2 client was just observed creating or altering a database. The entire 


Solution: N/A 





Description: The remote DB2 client was just observed dropping a database table. The entire observed 



Solution: N/A 




Description: The remote DB2 client was just observed altering a database table. The entire observed 


Solution: N/A 




Description: The remote DB2 client was just observed adding a database user. The entire observed 


Solution: N/A 




Description: The remote DB2 client was just observed dropping a database user. The entire observed 


Solution: N/A 




Description: The remote DB2 client was just observed altering a database users privileges. The entire 


Solution: N/A 






Description: The remote DB2 client was just observed changing the database schema privileges. The 

entire observed command was: \n %L 

Solution: N/A 




Description: The remote DB2 client was just observed creating a database procedure. The entire 


Solution: N/A 




Description: The remote DB2 client was just observed modifying a database schema. The entire 


Solution: N/A 


Microsoft SQL Server Native Auditing Accessed 


Description: The remote Microsoft SQL client was just observed running the following native auditing 

function: \n %L 

Solution: N/A 


Microsoft SQL Server Native Auditing Enabled 


Description: The remote Microsoft SQL client was just observed running the following 'native auditing' 

command\n%L 

Solution: N/A 




Microsoft SQL Server Extended Procedure Detection 


Description: The remote Microsoft SQL client was just observed running the following extended 

procedure: \n %L 

Solution: N/A 


Microsoft SQL Server Native Auditing Accessed 


Description: The remote Microsoft SQL client was just observed running the following native auditing 

function: \n %L 

Solution: N/A 


Microsoft SQL Server Suspicious Command Detection 


Description: The remote Microsoft SQL client was just observed running the following suspicious 

command: \n %L 

Solution: N/A 






Solution: N/A 








Solution: N/A 






Solution: N/A 




Description: The remote Microsoft SQL client was just observed running a command which 

would modify the server configuration: \n %L 

Solution: N/A 






Solution: N/A 






Solution: N/A 








Solution: N/A 




Description: The remote Microsoft SQL client was just observed running a command which would drop 

a database: \n %L 

Solution: N/A 




Description: The remote Microsoft SQL client was just observed running a command which would 

create a new database: \n %L 

Solution: N/A 




Description: The remote Microsoft SQL client was just observed running a command which would alter 

the database: \n %L 

Solution: N/A 





modify the server configuration by adding a login: \n %L 

Solution: N/A 







modify the server configuration by dropping a login: \n %L 

Solution: N/A 





modify the server configuration by adding a user: \n %L 

Solution: N/A 





modify the server configuration by dropping a user account: \n %L 

Solution: N/A 






Solution: N/A 








Solution: N/A 


MySQL Server Suspicious Command Detection 


Description: The remote MySQL client was just observed running the following suspicious command: 

\n %L 

Solution: N/A 





\n %L 

Solution: N/A 




Description: The remote MySQL client was just observed running a command which would alter the 

system table: \n %L 

Solution: N/A 





\n %L 

Solution: N/A 







\n %L 

Solution: N/A 





\n %L 

Solution: N/A 





\n %L 

Solution: N/A 





\n %L 

Solution: N/A 





\n %L 

Solution: N/A 







\n %L 

Solution: N/A 




Description: The remote MySQL client was just observed running the following command. Such a 

command would grant a user escalated privileges: \n %L 

Solution: N/A 





\n %L 

Solution: N/A 





\n %L 

Solution: N/A 






\n %L 


Solution: N/A 





\n %L 

Solution: N/A 





\n %L 

Solution: N/A 


Oracle Server Suspicious Command Detection 


Description: The remote Oracle client was just observed running the following audit procedure: \n %L 

Solution: N/A 





Solution: N/A 






Description: The remote Oracle client was just observed disabling the native auditing: \n %L 

Solution: N/A 




Description: The remote Oracle client was just observed running the following suspicious command: \n 

%L 

Solution: N/A 





%L 

Solution: N/A 




Description: The remote Oracle client was just observed running the following system table 

change: \n %L 

Solution: N/A 





Solution: N/A 







Solution: N/A 




Description: The remote Oracle client was just observed running the following policy change: \n %L 

Solution: N/A 





%L 

Solution: N/A 





%L 

Solution: N/A 





%L 

Solution: N/A 







%L 

Solution: N/A 





%L 

Solution: N/A 




Description: The remote Oracle client was just observed making the following configuration change: \n 

%L 

Solution: N/A 





%L 

Solution: N/A 




Description: The remote Oracle client was just observed running the following system command: \n %L 

Solution: N/A 






Description: The remote Oracle client was just observed running the following database configuration 


Solution: N/A 




Description: The remote Oracle client was just observed running the following system configuration 

change: \n %L 

Solution: N/A 




Description: The remote Oracle client was just observed running the following command to add a user: 

\n %L 

Solution: N/A 




Description: The remote Oracle client was just observed running the following command to delete a user 

account: \n %L 

Solution: N/A 






Description: The remote Oracle client was just observed running the following command to alter a users 

privileges: \n %L 

Solution: N/A 




Description: The remote Oracle client was just observed running the following configuration change: \n 

%L 

Solution: N/A 





%L 

Solution: N/A 




Description: The remote Oracle client was just observed making the following changes to a procedure: 

\n %L 

Solution: N/A 


Sybase ASE Server Suspicious Command Detection 


Description: The remote Sybase ASE client was just observed running the following suspicious 


Solution: N/A 








Solution: N/A 






Solution: N/A 






Solution: N/A 






Solution: N/A 








Solution: N/A 






Solution: N/A 






Solution: N/A 






Solution: N/A 






Solution: N/A 








Solution: N/A 






Solution: N/A 






Solution: N/A 






Solution: N/A 






Solution: N/A 








Solution: N/A 






Solution: N/A 


Sybase SQL Anywhere Server Suspicious Command Detection 


Description: The remote Sybase SQL Anywhere client was just observed running the following 

suspicious command: \n %L 

Solution: N/A 






Solution: N/A 








Solution: N/A 






Solution: N/A 






Solution: N/A 






Solution: N/A 






Solution: N/A 








Solution: N/A 






Solution: N/A 






Solution: N/A 






Solution: N/A 






Solution: N/A 








Solution: N/A 






Solution: N/A 






Solution: N/A 






Solution: N/A 


DB2 Audited Procedure Accessed 


Description: The remote DB2 client was just observed running the following Audited procedure 

Solution: N/A 








1.1.19. Such versions are potentially affected by multiple vulnerabilities : \n\n - The 

columns of a XUL tree element could be manipulated in a particular way which would 

leave a pointer owned by the column pointing to freed memory. (MFSA 2009-49)\n\n - A 

heap-based overflow exists in Mozilla's string to floating point number conversion routines. 

(MFSA 2009-59)\n\n - It is possible to obfuscate the name of files to be downloaded by 

using a right-to-left override character (RTL). (MFSA 2009-62)\n\n - Mozilla's NTLM 

implementation is vulnerable to reflection attacks in which NTLM credentials from one 

application could be forwarded to another arbitrary application. (MFSA 2009-68)\n\n - 

Scriptable plugin content, such as Flash objects, can be loaded and executed by embedding 

the content in an iframe inside the message. (MFSA 2010-06)\n\n - Multiple memory 

corruption vulnerabilities which could potentially lead to the execution of arbitrary code. 

(MFSA 2010-07)\n\nFor your information, the observed version of SeaMonkey is: \n %L 


CVE-2010-0163 



Description: Synopsis : \n\nThe remote host contains a mail client that is vulnerable to multiple attack 

vectors.\n\nThe isntalled version of Mozilla Thunderbird is earlier than 2.0.0.24. Such 

version are potentially affected by multiple vulnerabilities : \n\n - The columns of a XUL 

tree element can be manipulated in a particular way which would leave a pointer owned by 

the column pointing to freed memory. (MFSA 2009-49)\n\n - A heap-based buffer 

overflow exists in Mozilla's string to floating point number conversion routines. (MFSA 

2009-59)\n\n - It is possible to obfuscate the name of files to be downloaded by using a 

right-to-left override character (RTL). (MFSA 2009-62)\n\nFor your information, the 

observed version of Mozilla Thunderbird is: \n %L 

Solution: Upgrade to Mozilla Thunderbird 2.0.0.24 or later. 

CVE-2010-0163 

Mozilla Firefox Unsupported Version Detection 



Description: Synopsis : \n\nThe remote host contains an out of date application.\n\nThe version of 

Mozilla Firefox installed on the remote host is no longer supported by the Mozilla 

Foundation. The following versions of Firefox are no longer supported : \n\n - 3.0.x\n\n - 


2.0.0.x\n\n - 1.5.0.x\n\n - 1.0.x\n\n - 0.x\n\nThese versions have publicly known security 

vulnerabilities, but are no longer maintained by Mozilla. For your information, the 


Solution: Upgrade to an actively maintained version. 


Mozilla SeaMonkey Unsupported Version Detection 



SeaMonkey installed on the remote host is no longer supported by the Mozilla Foundation. 

The following versions of SeaMonkey are no longer supported : \n\n - 1.1.x\n\n - 1.0.x\n\n - 

0.x\n\nThese versions have publicly known security vulnerabilities, but are no longer 

maintained by Mozilla. For your information, the observed version of SeaMonkey is: \n %L 



Mozilla Thunderbird Unsupported Version Detection 



Mozilla Thunderbird installed on the remote host is no longer supported by the Mozilla 

Foundation. The following versions of Thunderbird are no longer supported : \n\n - 

3.0.x\n\n - 2.0.x\n\n - 1.5.x\n\n - 1.0.x\n\n - 0.x\n\nThese versions have publicly known 

security vulnerabilities, but are no longer maintained by Mozilla. For your information, the 

observed version of Thunderbird is: \n %L 







affected by multiple vulnerabilities : \n\n - Large values in the HTTP Content-Length 

header can be used to execute arbitrary code. (948)\n\n - XSLT can be used to retrieve 

random contents of unrelated documents. (949)\n\nFor your information, the observed 

version of Opera is: \n %L 




CVE-2010-1349 

Mozilla Firefox < 3.6.2 Multiple Vulnerabilities. 



attack vectors.\n\nThe remote host is running a version of Mozilla Firefox 3.6.x earlier than 

3.6.2. Such versions are potentially affected by multiple security issues : \n\n - The WOFF 

decoder contains an integer overflow in a font decrompression routine. (MFSA 

2010-08)\n\n - Deleted image frames are reused when handling 'multipart/x-mixed-replace' 

images. (MFSA 2010-09)\n\n - The 'window.location' object is made a normal overridable 

object. (MFSA 2010-10)\n\n - Multiple crashes can result in arbitrary code execution. 

(MFSA 2010-11)\n\n - A cross-site scripting issue when using 'addEventListener' and 

'setTimeout' on a wrapped object. (MFSA 2010-12)\n\n - Documents fail to call certain 

security checks when attempting to preload images. (MFSA 2010-13)\n\n - It is possible to 

corrupt a user's XUL cache. (MFSA 2010-14)\n\n - The asynchronous Authorization 

Prompt is not always attached to the correct window. (MFSA 2010-15)\n\n - Multiple 

crashes cna result in arbitrary code execution. (MFSA 2010-16)\n\n - An error exists in the 

way '' elements are inserted into a XUL tree ''. (MFSA 2010-18)\n\n - 

An error exists in the implementation of the 'windows.navigator.plugins' object. (MFSA 

2010-19)\n\n - A browser applet can be used to turn a simple mouse click into a 

drag-and-drop action, potentially resulting in the unintended loading of resources in a user's 

browser. (MFSA 2010-20)\n\n - Session renegotiations are not handled properly, which can 

be exploited to insert arbitrary plaintext by a man-in-the-middle. (MFSA 2010-22)\n\n - 

When an image points to a resource that redirects to a 'mailto: ' URL, the external mail 

handler application is launched. (MFSA 2010-23)\n\n - XML documents fail to call certain 

security checks when loading new content. (MFSA 2010-24)\n\nFor your information, the 


Solution: Upgrade to Mozilla Firefox 3.6.2 or later. 

CVE-2010-1028 




RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote FTP server is vulnerable to multiple attack vectors.\n\nThe 

remote host is running Serv-U File Server, an FTP server for Windows. According to its 

banner, the installed version of Serv-U is earlier than 9.4.0.0, and is therefore potentially 

affected by the following issues : \n\n - When importing users, restricted administrators 

could create user accounts outside their home directory.\n\n - When exporting users, 

restricted administrators could see a user's full path for home directory, virtual paths, and 

directory access rules.\n\n - A restricted domain administrator could create a user or group 

that was not locked in the user's home directory.\n\n - A denial of service issue when 

handling a large number of concurrent HTTP requests.\n\nFor your information, the 

observed version of Serv-U is: \n %L 




OpenSSL < 0.9.8n Multiple Vulnerabilities 


RISK: 

MEDIUM 



vectors.\n\nAccording to its banner, the remote web server is running a version of 

OpenSSL older than 0.9.8n. Such versions have the following vulnerabilities : \n\n - 

Kerberos-enabled versions of OpenSSL do not check the return value when Kerberos 

configuration files cannot be opened, leading to a crash. (CVE-2010-0433)\n\n - Rejecting 

a SSL/TLS record with and incorrect version number can lead to a crash. This only affects 

version 0.9.8m if a 'short' is 1 bits. Otherwise it affects all versions back to and including 

0.9.8f. (CVE-2010-0740)\n\nFor your information, the observed version of OpenSSL is: \n 

%L 

Solution: Upgrade to OpenSSL 0.9.8n or later. 

CVE-2010-0740 

Interchange HTTP Response Splitting Vulnerability 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server is affected by a HTTP response splitting 

vulnerability.\n\nThe remote web server is running Interchange, a web-based application 

server. The installed version is potentially affected by an HTTP response splitting 

vulnerability when the 'BounceReferrals' or 'BounceRobotSessionURL' directives are 

enabled.\nFor your information, the observed version of Interchange is: \n %L 

Solution: Upgrade to Interchange 5.4.5, 5.6.3, 5.7.6, or later. 







10.6.3. Mac OS X 10.6.3 contains security fixes for the following products :\n\n - AFP 

Server\n\n - Apache\n\n - CoreAudio\n\n - CoreMedia\n\n - CoreTypes\n\n - CUPS\n\n - 

DesktopServices\n\n - Disk Images\n\n - Directory Services\n\n - Dovecot\n\n - Event 

Monitor\n\n - FreeRADIUS\n\n - FTP Server\n\n - iChat Server\n\n - ImageIO\n\n - Image 

RAW\n\n - Libsystem\n\n - Mail\n\n - MySQL\n\n - OS Services\n\n - Password Server\n\n 

- PHP\n\n - Podcast Producer\n\n - Preferences\n\n - PS Normalizer\n\n - QuickTime\n\n - 

Ruby\n\n - Server Admin\n\n - SMB\n\n - Tomcat\n\n - Wiki Server\n\n - X11\n\nFor your 

information, the observed version of Mac OS X is\n%L\nIAVA Reference : 




CVE-2010-0537 

Trac < 0.11.7 Security Bypass Vulnerability 


RISK: 

MEDIUM 



security bypass attack.\n\nThe remote web server is hosting Trac, a web-based software 

management application. The installed version of Trac is earlier than 0.11.7. Such versions 

are potentially affected by a security bypass flaw which allows unauthorized users to 

modify the status and resolution of a ticket.\nFor your information, the observed version of 

Trac is: \n %L 

Solution: Upgrade to Trac 0.11.7 or later. 





vectors.\n\nThe remote version of iTunes is older than 9.1. Such versions may be affected 

by multiple vulnerabilities : \n\n - A buffer underflow in ImageIO's handling of TIFF 

images may lead to an application crash or arbitrary code execution. (CVE-2009-2285)\n\n 

- An integer overflow in the application's handling of images with an embedded color 

profile may lead to an application crash or arbitrary code execution. (CVE-2010-0040)\n\n 

- An uninitialized memory access issue in ImageIO's handling of BMP images may result 

in sending data from Safari's memory to a website under an attacker's control. 

(CVE-2010-0041)\n\n - An uninitialized memory access issue in ImageIO's handling of 

TIFF images may result in sending data from Safari's memory to a website under an 

attacker's control. (CVE-2010-0042)\n\n - A memory corruption issue in the application's 

handling of TIFF images may lead to an application crash or arbitrary code execution. 

(CVE-2010-0043)\n\n - An infinite loop in the application's handling of imported MP4 

podcast files may lead to an application crash and prevent subsequent operation. 

(CVE-2010-0531)\n\n - A race condition during the installation process may allow a local 

user modify a file that is then executed with SYSTEM privileges. (CVE-2010-0532)\n\n - 

A path searching issue may allow code execution if an attacker can place a specially crafted 

DLL in a directory and have a user open anothe file using iTunes in that directory. 

(CVE-2010-1795)\n\n - Syncing a mobile device may allow a local user to gain the 

priviliges of the console user due to an insecure file operation in the handling of log files. 

(CVE-2010-1768)\n\nFor your information, the observed version of iTunes is: \n %L 




CVE-2010-1795 





versions contain several vulnerabilities : \n\n - A heap buffer overflow in QuickTime's 

handling of PICT images may lead to an application crash or arbitrary code execution. 

(CVE-2009-2837)\n\n - A memory corruption issue in QuickTime's handling of QDM2 

encoded audio content may lead to an application crash or arbitrary code execution. 

(CVE-2010-0059)\n\n - A memory corruption issue in QuickTime's handling of QDMC 

encoded audio content may lead to an application crash or arbitrary code execution. 

(CVE-2010-060)\n\n - A heap buffer overflow in QuickTime's handling of H.263 encoded 

movie file may lead to an application crash or arbitrary code execution. 

(CVE-2010-0062)\n\n - A heap buffer overflow in QuickTime's handling of H.261 encoded 


(CVE-2010-0514)\n\n - A memory corruption issue in QuickTime's handling of H.264 

encoded movie files may lead to an application crash or arbitrary code execution. 

(CVE-2010-0515)\n\n - A heap buffer overflow in QuickTime's handling of RLE encoded 


(CVE-2010-0516)\n\n - A heap buffer overflow in QuickTime's handling of M-JPEG 


(CVE-2010-0517)\n\n - A memory corruption issue in QuickTime's handling of Sorensen 


(CVE-2010-0518)\n\n - An integer overflow in QuickTime's handling of FlashPix encoded 


(CVE-2010-0519)\n\n - A heap buffer overflow in QuickTime's handling of FLC encoded 


(CVE-2010-0520)\n\n - A heap buffer overflow in QuickTime's handling of MPEG 


(CVE-2010-0526)\n\n - An integer overflow in QuickTime's handling of PICT images may 

lead to an application crash or arbitrary code execution. (CVE-2010-0527)\n\n - A memory 

corruption issue in QuickTime's handling of color tables in movie files may lead to an 

application crash or arbitrary code execution. (CVE-2010-0528)\n\n - A heap buffer 

overflow in QuickTime's handling of PICT images may lead to an application crash or 

arbitrary code execution. (CVE-2010-0529)\n\n - A memory corruption issue in 

QuickTime's handling of BMP images may lead to an application crash or arbitrary code 

execution. (CVE-2010-0536)\n\nFor your information, the observed version of QuickTime 

is: \n %L 


CVE-2010-0536 







3.0.19. Such versions are potentially affected by multiple security issues : \n\n - Multiple 

crashes can result in arbitrary code execution. (MFSA 2010-16)\n\n - A select event 

handler for XUL tree items can be called after the item is deleted. (MFSA 2010-17)\n\n - 

An error exists in the way '' elements are inserted into a XUL tree ''. 

(MFSA 2010-18)\n\n - An error exists in the implementation of the 

'windows.navigator.plugins' object. (MFSA 2010-19)\n\n - A browser applet can be used to 

turn a simple mouse click into a drag-and-drop action, potentially resulting in the 

unintended loading of resources in a user's browser. (MFSA 2010-20)\n\n - The 

XMLHttpRequestSpy module in the Firebug add-on exposes an underlying chrome 

privilege escalation vulnerability. (MFSA 2010-21)\n\nFor your information, the observed 



CVE-2010-0179 












unintended loading of resources in a user's browser. (MFSA 2010-20)\n\n Session 

renegotiations are not handled properly, which can be exploited to insert arbitrary plaintext 

by a man-in-the-middle. (MFSA 2010-22)\n\n - When an image points to a resource that 

redirects to a 'mailto: ' URL, the external mail handler application is launched. (MFSA 

2010-23)\n\n - XML documents fail to call certain security checks when loading new 

content. (MFSA 2010-24)\n\nFor your information, the observed version of Firefox is: \n 

%L \nIAVA Reference : 2011-A-0107\nIAVB Reference : 2012-B-0038\nSTIG Finding 



CVE-2010-0182 














unintended loading of resources in a user's browser. (MFSA 2010-20)\n\n Session 

renegotiations are not handled properly, which can be exploited to insert arbitrary plaintext 

by a man-in-the-middle. (MFSA 2010-22)\n\n - When an image points to a resource that 

redirects to a 'mailto: ' URL, the external mail handler application is launched. (MFSA 

2010-23)\n\n - XML documents fail to call certain security checks when loading new 

content. (MFSA 2010-24)\n\nFor your information, the observed version of SeaMonkey is: 

\n %L \nIAVA Reference : 2011-A-0107\nIAVB Reference : 2012-B-0038\nSTIG Finding 



CVE-2010-0182 




attack vectors.\n\nThe remote host is running a version of Mozilla Thunderbird earlier than 





(MFSA 2010-18)\n\n Session renegotiations are not handled properly, which can be 

exploited to insert arbitrary plaintext by a man-in-the-middle. (MFSA 2010-22)\n\n - XML 

documents fail to call certain security checks when loading new content. (MFSA 

2010-24)\n\nFor your information, the observed version of Thunderbird is: \n %L \nIAVA 


Category I 


CVE-2010-0182 

DNS Generic Query Detection 


Description: DNS query for: 

realtimeonly 



Solution: N/A 


DNS Generic Query Detection 


Description: DNS query for: 

Solution: N/A 

DNS Query Failed 

realtimeonly 



Description: DNS query failed for: 

Solution: N/A 

DNS Query Failed 

realtimeonly 



Description: DNS query failed for: 

Solution: N/A 

realtimeonly 


ViewVC < 1.0.11 / 1.1.5 Regex Search Cross-Site Scripting Vulnerability 



RISK: 

MEDIUM 



remote web server is running ViewVC, a web-based interface for CVS and Subversion. The 

installed version of ViewVC is earlier than 1.0.11 or 1.1.5. Such versions are potentially 

affected by a cross-site scripting vulnerability because the application fails to properly 

sanitize user supplied data to the regular expression search feature.\nFor your information, 


the observed version of ViewVC is: \n %L 

Solution: Upgrade to ViewVC 1.0.11, 1.1.5, or later. 

CVE-2010-0132 

Firefox < 3.6.3 Remote Code Execution Vulnerability 


Description: Synopsis : \n\nThe remote host has a web browser installed that is vulnerable to a remote 

code execution attack.\n\nThe remote host is running a version of Mozilla Firefox 3.6.x 

earlier than 3.6.3. Such versions are potentially affected by a memory corruption flaw 

caused by the re-use of a freed object when moving DOM nodes between documents. A 

remote attacker, exploiting this flaw, could execute arbitrary code on the remote host 

subject to the privileges of the user running the affected application.\nFor your information, 

the observed version of Firefox is: \n %L 


CVE-2010-1121 

CouchDB < 0.11.0 Timing Attack Vulnerability 


RISK: 

MEDIUM 



vulnerability.\n\nThe remote host is running CouchDB, a document-oriented database. The 

installed version of CouchDB is earlier than 0.11.0. Such versions are potentially affected 

by an information disclosure vulnerability via a timing attack caused by a break-on-equality 

string comparison when verifying hashes or passwords.\nFor your information, the 

observed version of CouchDB is: \n %L 

Solution: Upgrade to CouchDB 0.11.0 or later. 

CVE-2010-0009 





Moodle installed on the remote host is potentially vulnerable to multiple flaws.\n\n - 

Multiple unspecified cross-site scripting vulnerabilities in the KSES text cleaning library. 

(MSA-10-0001)\n\n - A cross-site scripting vulnerability exists in the PHP CAS client 

library. Note that this only affects Moodle installations that use CAS authentication. 

(MSA-10-0002)\n\n - An issue exists in the course profile page which allows ordinary users 

to find out the names of other users. (MSA-10-0003)\n\n - The restoring of courses 

sometimes results in creation of new roles. (MSA-10-0004)\n\n - A SQL injection 

vulnerability exists in several forms. (MSA-10-0005)\n\n - Data passed to the 'add_to_log()' 


function in the wiki module is not properly sanitized which could allow SQL injection 

attacks. (MSA-10-0006)\n\n - A problem exists in the handling of user submitted data in 

global search forms. (MSA-10-0007)\n\n - A persistent cross-site scripting issue exists 

when an admin uses the Login-as feature. (MSA-10-0008)\n\n - The 'Regenerate session id 

during login' setting is not enabled by default. (MSA-10-0009)\n\nFor your information, the 

observed version of Moodle is: \n %L 





Description: Synopsis : \n\nThe remote host is running an anti-virus application that is vulnerable to 

multiple attack vectors.\n\naccording to its version, the clamd anti-virus daemon on the 

remote host is earlier than 0.96. Such versions are reportedly affected by multiple 

vulnerabilities : \n\n - An attacker could bypass anti-virus detection by embedding 

malicious code in a specially crafted 'CAB' file. (1826)\n\n - An error in the 

'qtm_decompress()' function in 'libclamav/mspack.c' could lead to memory corruption 

when scanning a specially crafted Quantum-compressed file. (1771)\n\nFor your 

information, the observed version of ClamAV is: \n %L 

Solution: Upgrade to ClamAV 0.96 or later. 

CVE-2010-1311 

AjaXplorer < 2.6 Multiple Vulnerabilities 



multiple attack vectors.\n\nThe remote web server is hosting AjaXplorer, a web-based file 

management application. The installed version is earlier than 2.6. Such versions are 

potentially affected by multiple vulnerabilities : \n\n - A command-injection vulnerability 

via the 'destserver' parameter of the 'plugins/access.ssh/checkInstall.php' script.\n\n - 

Unspecified input is not properly validated before being used to read files.\n\nFor your 

information, the observed version of AjaXplorer is: \n %L 

Solution: Upgrade to AjaXplorer 2.6 or later. 






Description: The remote client is actually a LogMeIn server awaiting remote connection. 

LogMeIn is an application which allows users to access their computers (work or 

home) from anywhere in the world via a web browser. LogMeIn works by installing 

an agent on the computer that is to be access remotely. The application then 

establishes a client connection to an Internet server and awaits the user to connect 

over the established HTTPS connection. As such, LogMeIn has the ability to bypass 

firewalls and proxies. 

Solution: Ensure that such usage is in alignment with Corporate policies regarding remote access. 


Possible RBL/CBL Blacklisting Message Detected 


Description: The remote host is either a client sending email or a server forwarding email. The 

monitored host appears to be sending email which is being flagged, remotely, as spam. 

Please examine the following error code to ensure that your network is not being 

blacklisted. %P 

Solution: N/A 

realtimeonly 


Possible RBL/CBL Blacklisting Message Detected 


Description: The remote host is either a client sending email or a server forwarding email. The 

monitored host appears to be sending email which is being flagged, remotely, as spam. 

Please examine the following error code to ensure that your network is not being 

blacklisted. %L 

Solution: N/A 

realtimeonly 


MS10-024: Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of 

Service (981832) 



RISK: 

MEDIUM 



Description: Synopsis : \n\nThe remote mail server may be affected by multiple vulnerabilities.\n\nThe 

installed version of Windows SMTP Service is affected by at least one vulnerability : \n\n - 

Incorrect parsing of DNS Mail Exchanger (MX) resource records could cause the Windows 

Simple Mail Transfer Protocol (SMTP) component to stop responding until the service is 

restarted. (CVE-2010-0024)\n\n - Improper allocation of memory for interpreting SMTP 

command responses may allow an attacker to read random e-mail message fragments 

stored on the affected server. (CVE-2010-0025)\n\nFor your information, the observed 

version of the SMTP service is : \n %L \nIAVB Reference : 2010-B-0029\nSTIG Finding 


Solution: Microsoft has released a set of patches for Windows 2000, XP, 2003, and 2008. 

CVE-2010-0025 

RealNetworks Helix Server 11.x / 12.x / 13.x Multiple Vulnerabilities 


Description: Synopsis : \n\nThe remote media streaming server is affected by multiple 

vulnerabilities.\n\nAccording to its banner, the remote host is running version 11.x, 12.x, or 

13.x of RealNetworks Helix Server / Helix Mobile Server. Such versions are potentially 

affected by multiple vulnerabilities.\n\n - A heap overflow exists in the NTLM 

authentication code related to invalid Base64 encoding. (CVE-2010-1317)\n\n - A 

stack-based buffer overflow within AgentX++ could lead to arbitrary code execution. 

(CVE-2010-1318)\n\n - An integer overflow within AgentX++ could lead to arbitrary code 

execution. (CVE-2010-1319)\n\nFor your information, the observed version of Helix 

Server is: \n %L 

Solution: Upgrade to RealNetworks Helix Server / Helix Mobile Server 14.0.0 or later. 

CVE-2010-1319 




RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is running a web application that is affected by multiple 

attack vectors.\n\nAccording to its banner, the version of CUPS installed on the remote host 

is earlier than 1.4.3. Such versions are affected by several vulnerabilities : \n\n - A pointer 

use-after-free vulnerability exists in the abstract file descriptor handling code in the 

'cupsdDoSelect' function in scheduler/select.c. A remote attacker may be able to leverage 

this to hang or crash the cupsd daemon by disconnecting while receiving a listing with a 

large number of print jobs. (STR #3200)\n\n - The lppasswd utility, when its setuid bit is 

enabled, allows a local user to escalate his or her privileges because it uses an environment 

variable to override CUPS' default directories and determine the location of a file with 

localized message strings. (STR #3482)\n\nFor your information, the observed version of 

CUPS is: \n %L 

Solution: Upgrade to CUPS version 1.4.3 or later. 


CVE-2010-0393 





than 1.4.12. Such versions are potentially affected by multiple issues : \n\n - There is a 

weakness in the mechanism for generating random passwords. (Bug 843)\n\n - It is possible 

to inject arbitrary headers into email sent to MyBB users.\n\n - An unspecified XSRF issue 

exists in the usercp2.php script. (Bug 852)\n\nFor your information, the observed version of 

MyBB is: \n %L 



Memcached < 1.4.3 No Newline Memory Consumption DoS 


RISK: 

MEDIUM 



host is running memcached, a distributed memory object caching system. The installed 

version of memcached is earlier than 1.4.3. Such versions are potentially affected by a 

denial of service vulnerability because the application continues to read in new data, 

reallocating its input buffer until a newline character is received which could lead to 

excessive memory consumption. An attacker, exploiting this flaw, could crash the affected 

service.\nFor your information, the observed version of memcached is: \n %L 

Solution: Upgrade to memcached 1.4.3 or later. 

CVE-2010-1152 

Altiris Deployment Solution < 6.9 SP4 DBManager DoS (SYM10-007) 



RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote Windows host has a deployment server that is affected by a 

denial of service vulnerability.\n\nThe version of Altiris Deployment Solution installed on 

the remote host is earlier than 6.9 SP4. Such versions are reportedly affected by a denial of 

service vulnerability. The DBManager component has a user-after-free error when 

processing specially crafted 'CreateSession' and 'PXEManagerSignOn' requests. A remote 

attacker could exploit this to crash the DBManager service.\nFor your information, the 

observed version of Altiris Deployment Solution is: \n %L 

Solution: Upgrade to Altiris Deployment Solution Server 6.9 SP4 or later. 


CVE-2010-0109 





4.1.249.1059. Such versions are reportedly affected by multiple vulnerabilities : \n\n - An 

error related to type confusion with forms. (39443)\n\n - An HTTP request error leading to 

a possible cross-site request forgery. (39698)\n\n - A local file reference through developer 

tools. (40136)\n\n - A cross-site scripting issue in chrome: //net-internals. (40137)\n\n - A 

cross-site scripting issue in chrome: //downloads. (40138)\n\n - Pages might load with the 

privileges of the new tab page. (40575)\n\n - A memory corruption vulnerability in the V8 

bindings. (40635)\n\nFor your information, the observed version of Google Chrome is: \n 

%L 


CVE-2010-1767 

Alt-N MDaemon < 11.0.1 Multiple Remote DoS Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote Windows host contains a program that is vulnerable to multiple 

attack vectors.\n\nThe remote Windows host is running the Alt-N MDaemon mail server. 

The installed version of MDaemon is earlier than 11.0.1. Such versions are potentially 

affected by multiple unspecified denial of service vulnerabilities.\nFor your information, 

the observed version of MDaemon is: \n %L 

Solution: Upgrade to MDaemon 11.0.1 or later. 




RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server has an application installed that is vulnerable to 

multiple attack vectors.\n\nThe remote web server is hosting a version of Joomla! earlier 

than 1.5.16. Such versions are potentially affected by multiple security issues : \n\n - If a 

user enters a URL with a negative query limit or offset, a PHP notice displays revealing 

information about the system.\n\n - The migration script in the Joomla! installer does not 

check the file type being uploaded.\n\n - A user's session ID doesn't get modified when the 

user logs on.\n\n - When a user requests a password reset, the reset token is stored in plain 

text in the database.\n\nFor your information, the observed version of Joomla! is: \n %L 





Zabbix 1.8.x < 1.8.2 'DBCondition' Parameter SQL Injection 


Description: Synopsis : \n\nThe remote host is running a web application that is vulnerable to a 

SQL-injection attack.\n\nThe remote host is running Zabbix, an IT monitoring service. The 

installed version of Zabbix is earlier than 1.8.2. Such versions are potentially affected by a 

SQL-injection vulnerability in the 'user' parameter of the 'api.jsonrpc.php' script. A remote, 

unauthenticated attacker could exploit this flaw to gain control of the affected 

application.\nFor your information, the observed version of Zabbix Front-end is: \n %L 


CVE-2010-1277 





4.1.249.1064. Such versions are reportedly affected by multiple vulnerabilities : \n\n - A 

cross-origin bypass in Google URL. (40445)\n\n - A memory corruption vulnerability in 

HTML5 media handling. (40487)\n\n - A memory corruption vulnerability in font handling. 

(42294)\n\nFor your information, the observed version of Google Chrome is: \n %L 


CVE-2010-1665 

JBoss EAP < 4.2.0.CP09 / 4.3.0.CP08 Multiple Vulnerabilities 



RISK: 

MEDIUM 



remote host is running JBoss Enterprise Application Platform (JBEAP) < 4.2.0.CP09 / 

4.3.0.CP08. Such versions are potentially affected by multiple vulnerabilities.\n\n - The 

JMX Console configuration only specified an authentication requirement for requests that 

used the GET and POST HTTP 'verbs'. A remote attacker could create an HTTP request 

that does not specify GET or POST, causing it to be executed by the default GET handler 

without authentication. (CVE-2010-0738)\n\n - It is possible to bypass authentication for 

/web-console by specifying a HTTP method other than GET or POST. 

(CVE-2010-1428)\n\n - An information disclosure vulnerability that allows attackers to 

acquired details about deployed web contexts. (CVE-2010-1429)\n\nFor your information, 

the observed version of JBoss Enterprise Application Platform is: \n %L \nIAVB Reference 

: 2010-B-0042\nSTIG Finding Severity : Category I 


Solution: Upgrade to JBoss EAP version 4.2.0.CP09, 4.3.0.CP08, or later. 

CVE-2010-1429 

MODx < 1.0.3 Multiple Vulnerabilities 



multiple attack vectors.\n\nThe remote web server is hosting MODx, a content management 

system written in PHP. The installed version of MODx is earlier than 1.0.3. Such versions 

are potentially affected by multiple vulnerabilities : \n\n - A cross-site scripting 

vulnerability in the 'SearchHighlight' plugin. (CVE-2010-1427)\n\n - A SQL-injection 

vulnerability related to WebLogin. (CVE-2010-1426)\n\nFor your information, the 

observed version of MODx is: \n %L 

Solution: Upgrade to MODx 1.0.3 or later. 

CVE-2010-1427 

Wing FTP Server < 3.4.1 Multiple Information Disclosure Vulnerabilities 


RISK: 

MEDIUM 



is running Wing FTP server. The installed version of Wing FTP is earlier than 3.4.1. Such 

versions are potentially affected by multiple information disclosure vulnerabilities : \n\n - 

Input passed to the web client is not properly sanitized before being used.\n\n - An 

unspecified error when using the HTTP protocol can be exploited to disclose sensitive 

information.\n\nFor your information, the observed version of Wing FTP Server is: \n %L 

Solution: Upgrade to Wing FTP Server 3.4.1 or later. 


Wing FTP Server < 3.4.5 HTTP Request Directory Traversal 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is vulnerable to a directory traversal attack.\n\nThe remote 

host is running Wing FTP server. The installed version of Wing FTP is earlier than 3.4.5. 

Such versions are potentially affected by a directory traversal vulnerability over the HTTP 

protocol. An attacker, exploiting this flaw, could access arbitrary files on the affected 

host..\n\nFor your information, the observed version of Wing FTP Server is: \n %L 

Solution: Upgrade to Wing FTP Server 3.4.5 or later. 




Microsoft Media Server Version Detection 


Description: The remote host is running the Microsoft Media Server. 

Solution: N/A 


Trojan/Backdoor - Storm/Pecoan.AG Worm Detection 



program\n\nActivity generated by the Storm/Pecoan.AG worm have been detected by PVS. 

This activity indicates that the host in question is currently communicating with a Storm 

Command and Control server, and is likely participating in spamming activities. 

realtime 



Opera < 10.53 Asynchronous Content Modification Uninitialized Memory Access 


Description: Synopsis : \n\nThe version of Opera installed on the remote host is earlier than 10.53. Such 

versions are potentially affected by the following issue : \n\n - Multiple asynchronous calls 

to a script that modifies document content can be abused to reference an uninitialized value, 

leading to an application crash or possibly allowing execution of arbitrary code. 

(953)\n\nFor your information, the observed version of Opera is: \n %L 


X Server Detection 

CVE-2010-1728 


Description: The remote host is running the X Server software. 

Solution: N/A 



Beyond Compare < 3.1.11 Zip File Buffer Overflow 



Description: Synopsis : \n\nThe remote host contains an application that is vulnerable to a buffer 

overflow attack.\n\nThe remote host contains Beyond Compare, a file comparison 

application. The installed version of Beyond Compare is earlier than 3.1.11. Such version 

are potentially affected by a buffer overflow vulnerability when handling zip files with an 

overly large filename. An attacker, exploiting this flaw, could potentially execute arbitrary 

code on the remote host subject to the privileges of the user running the application.\nFor 

your information, the observed version of Beyond Compare is: \n %L 

Solution: Upgrade to Beyond Compare 3.1.11 or later. 


CMS Made Simple < 1.7.1 Cross-Site Scripting Vulnerability 


Description: Synopsis : \n\nThe remote web server is running a PHP application that is affected by a 

cross-site scripting vulnerability.\n\nThe remote host is running CMS Made Simple, a 

web-based content management application written in PHP. The installed version of CMS 

Made Simple is earlier than 1.7.1. Such versions are potentially affected by a cross-site 

scripting vulnerability because the application fails to properly sanitize user supplied input 

to the 'date_format_string' variable of the 'admin/editprefs.php' script. An attacker with 

administrator privileges, could exploit this flaw to execute arbitrary script code in a user's 

browser.\nFor your information, the observed version of CMS Made Simple is: \n %L 


CVE-2010-1482 

OrangeHRM < 2.5.5 Multiple Vulnerabilities 



is running OrangeHRM, a human resource management system written in PHP. The 

reported version of OrangeHRM is: \n %L \n\nThe version of OrangeHRM installed on the 

remote host fails to sanitize input to multiple forms which would allow an attacker to insert 

HTML, execute cross-site-scripting (XSS) attacks, execute SQL injection attacks, and 

execute arbitrary commands. In all instances, code/commands would be executed with the 

privileges of the web process. 

Solution: Upgrade to version 2.5.5 or higher when available. In the interim, either disable the service 

or only allow trusted users access to the application. 



Drupal Context module < 6.x-2.0-rc4 HTML Injection 



RISK: 

MEDIUM 

Description: Synopsis :\n\nThe remote host is vulnerable to an HTML Injection attack\n\nThe remote 

host is running an older version of the Drupal Context module. Context is a module used to 

manage contextual conditions for different portions of the Drupal web site. The reported 

version ( %L ) is reported vulnerable to an HTML injection flaw wherein a remote attacker, 

with certain administrative rights, can insert HTML script code that would be executed 

within the browser of clients. 

Solution: Upgrade to Context version 6.x-2.0-rc4 or later 

CVE-2010-1584 

NETBIOS Domain/workgroup Detection 


RISK: Risk 

not available 


Description: The remote host is a NETBIOS workstation which is a part of the following Domain or 

workgroup 

realtime 

Solution: N/A 


Samba < 3.5.2/3.4.8 Multiple DoS 



attack\n\nAccording to its banner, the version of Samba Server on the remote host is 

potentially affected by a flaw which would allow a remote attacker to disable the service. 

An attacker, exploiting this flaw, would need network access to the SAMBA server. 

Solution: upgrade to Samba 3.5.2 or 3.4.8 

CVE-2010-1642 




RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a cross-site scripting (XSS) attack\n\nThe 


platforms. The installed version is earlier than 5.02. Such versions are reportedly affected 

by a cross-site scripting flaw. An attacker, exploiting this flaw, would be able to post script 

code which would be executed in the browser of the blog readers. 


Solution: Upgrade to Movable Type 5.02 or later. 


Drupal AutoAssign Role Module < 6.x-1.2 Authentication Bypass 



Authentication\n\nThe remote host is running an older version of the Drupal AutoAssign 

Role module. The reported version of AutoAssign Role is %L\n\nThere is a flaw in this 

version of AutoAssign which would allow a valid user to access controls and data which 

belong to another user. 

Solution: Upgrade to Drupal AutoAssign Role 6.x-1.2. 


Drupal Services Module < 6.x-2.1 Authentication Bypass 



Authentication\n\nThe remote host is running an older version of the Drupal Services 

module. The reported version of Services is %L\n\nThere is a flaw in this version of 

Services which would allow a valid user to access controls and data which belong to 

another user. 

Solution: Upgrade to Drupal Services 6.x-2.1 


Microsoft Group Policy Client Detection 


Description: The remote client is a Microsoft Group Policy client. 

Solution: N/A 


Konqueror < 4.4.3 Multiple Vulnerabilities 



Description: Synopsis :\n\nThe remote host is vulnerable to multiple attack vectors\n\nThe remote host 

is running Konqueror version '%L'\n\nThis version of Konqueror shipped with an 

application called 'Kget' which is prone to a security-bypass flaw as well as a 

directory-traversal flaw. An attacker would need to be able to entice a user into browsing to 


a malicious website. Successful exploitation would result in the remote site gaining partial 

access to the filesystem on the client machine. 

Solution: Upgrade to version 4.4.3 or newer 

CVE-2010-1511 

Microsoft Group Policy File Download Detection 



Solution: N/A 

realtimeonly 





Solution: N/A 

realtimeonly 





Solution: N/A 

realtimeonly 





realtimeonly 



Solution: N/A 





Solution: N/A 

realtimeonly 


PHPGroupWare < 0.9.16.016 Multiple Vulnerabilities 



appears to be running PHPGroupWare, a groupware system implemented in PHP. The 

reported version is: %L\n\nThis version is reported to be vulnerable to a SQL injection 

flaw. An attacker, exploiting this flaw, would be able to execute arbitrary SQL commands 

against the database server. In addition, there is a local 'file-include' vulnerability which 

would allow a valid user the ability to modify the integrity of files used by the web server. 

Solution: Upgrade to PHPGroupWare 0.9.16.016 or higher. 

CVE-2010-0404 

PostgreSQL < 8.4.4/8.3.11/8.2.17/8.1.21/8.0.25/7.4.29 Multiple Vulnerabilities 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote database server is vulnerable to multiple attack vectors.\n\nThe 

remote host is running PostgreSQL earlier than 8.4.4, 8.3.11, 8.2.17, 8.1.21, 8.0.25, or 

7.4.29. The reported version of PostgreSQL is %L. Such versions are potentially affected 

by multiple vulnerabilities.\n\n - A vulnerability in Safe.pm and PL/Perl can allow an 

authenticated user to run arbitrary Perl code on the database server if PL/Perl is installed 

and enabled. (CVE-2010-1169)\n\n - Insecure permissions on the pltcl_modules table could 

allow an authenticated user to run arbitrary Tcl code on the database server i PL/Tcl is 

installed and enabled. (CVE-2010-1170)\n\n - The application does not properly check 

privileges during certain RESET ALL operations, which could allow a remote 

authenticated ser to remove arbitrary parameter settings via ALTER USER or ALTER 

DATABASE statements. 

Solution: Upgrade to PostgreSQL 8.4.4, 8.3.11, 8.2.17, 8.1.21, 8.0.25, 7.4.29, or later. 


CVE-2010-1975 

MySQL Community Server 5.1 < 5.1.46 Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote database server is vulnerable to multiple attack vectors.\n\nThe 

reported version of MySQL Community Sever 5.1 on the remote host is %L.\n\nVersions 

of MySQL Community Server 5.1 earlier than 5.1.46 are potentially affected by the 

following vulnerabilities :\n\n - A local user may be able to issue a 'DROP TABLE' 

command for one MyISAM table and remove the data and index files of a different 

MyISAM table. (Bug #40980)\n\n - The application does not correct check privileges in 

calls to 'UNINSTALL PLUGIN', which could be abused by an unprivileged user to 

uninstall plugins loaded dynamically. (BUG #51770) 

Solution: Upgrade to MySQL Community Server 5.1.46 or later. 

CVE-2010-1626 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is running an anti-virus application that is vulnerable to 

multiple attack vectors.\n\nThe reported version of ClamAV on the remote host is %L. 

Versions of ClamAV earlier than 0.96.1 are potentially affected by multiple vulnerabilities 

:\n\n - An error exists within the 'cli_pdf()' function in 'libclamav/pdf.c' when processing 

certain PDF files. (2016)\n\n - An error exists within the 'parseicon()' function in 

'libclamav/pe_icons.c' when processing PE icons. This can be exploited to trigger an 

out-of-bounds access when reading data and potentially cause a crash via a specially crafted 

PE file. (2031) 


CVE-2010-1640 

Trojan/Backdoor - Warbot Detection 



program\n\nA host is making HTTP requests that are formatted as a Warbot command 

would be. This is indicitive of an infection by the Warbot trojan. The Warbot trojan allows 

for arbitrary code to be executed on the system, as well as enables it to be used in various 

DDoS attacks. 

realtime 





Microsoft SQL client Detection (TDS) 


Description: Detects Microsoft SQL clients 

Solution: N/A 


Microsoft SQL Server Detection (TDS) 


Description: Detects Microsoft SQL servers 

Solution: N/A 


Database Client Detection 

RISK: Risk 

not available 

RISK: Risk 

not available 




Description: The remote SQL command issued the following command: %L 

Solution: N/A 

realtimeonly 






vectors.\n\nFor your information, the reported version of Google Chrome installed on the 

remote host is : %L\n\nVersions of Google Chrome earlier than 5.0.357.55 are potentially 

affected by multiple vulnerabilities :\n\n - URLs do not closely enough match the Safe 

Browsing specification. (Bug 7713)\n\n - It is possible to spoof URLs with unload event 

handlers. (Bug 16535)\n\n - A memory error exists in the Safe Browsing interaction. (Bug 

30079)\n\n - It is possible to bypass the whitelist-mode plugin blocker. (Bug 39740)\n\n - A 

memory error exists with drag and drop. (Bug 41469)\n\n - Javascript is incorrectly 

executed in the extension context. (Bug 42228) 




Apache Axis2 < 1.5 'xsd' Parameter Directory Traversal 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server hosts a web application that is vulnerable to a 

directory traversal attack.\n\nThe remote web server is hosting Axis2, a web services 

engine. For your information, the observed version of Axis2 is : %L\n\nVersions of Axis2 

earlier than 1.5 are potentially affected by a directory traversal vulnerability in the 'xsd' 

parameter in activated services. An attacker, exploiting this flaw, can read arbitrary files on 

the affected host. 

Solution: Upgrade to Apache Axis2 1.5 or later. 


Acme thttpd Version Detection 


Description: N/A 

Solution: N/A 




RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote database server is vulnerable to multiple attack vectors.\n\nFor 

your information, the observed version of IBM DB2 is %L\n\nVersions of IBM DB2 9.7 

earlier than Fix Pack 2 are potentially affected by multiple vulnerabilities :\n\n - If the 

database configuration parameter 'AUTO_REVAL' is set to 'IMMEDIATE', system granted 

privileges are note regenerated. (IC67008)\n\n - 'Monitor Administrative Views' available 

in the SYSIBMADM schema are publicly viewable. (IC67819)\n\n - A weakness in the 

SSL v3 / TLS protocol involving session renegotiation may allow an attacker to inject an 

arbitrary amount of plaintext into the beginning of the application protocol stream, which 

could facilitate man-in-the-middle attacks. (IC68055)\n\n - By sending a specially crafted 

packet to Tivoli Monitoring Agent (KUDDB2) listening on TCP port 6014, it may be 

possible to trigger a denial of service condition. (IC68762) 

Solution: Upgrade to IBM DB2 9.7 Fix Pack 2 

CVE-2010-0472 

Exim < 4.72 Multiple Vulnerabilities 




RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote mail server is vulnerable to multiple attack vectors.\n\nThe 

remote host is running Exim, a message transfer agent. For your information, the observed 

version of Exim is %L.\n\nVersions of Exim earlier than 4.72 are potentially affected by 

multiple vulnerabilities :\n\n - An error when handling hardlinks within the mail directory 

during the email delivery process can be exploited to perform unauthorized actions. 

(CVE-2010-2023)\n\n - When MBX locking is enabled, a race condition exists which could 

allow an attacker to change permissions of other non-rot users' files, leading to 

denial-of-service conditions or potentially privilege escalation. (CVE-2010-2024) 

Solution: Upgrade to Exim 4.72 or later when it becomes available. 

CVE-2010-2024 

Mozilla Thunderbird Version Detection 



Solution: N/A 


OpenSSL < 0.9.8o / 1.0.0a Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote web server is vulnerable to multiple attack vectors.\n\nFor your 

information, the observed version of OpenSSL is %L.\n\nVersions of OpenSSL earlier than 

0.9.8o and 1.0.0a are potentially affected by multiple vulnerabilities :\n\n - CMS structures 

containing 'OriginatorInfo' are mishandled which can cause the application to write to 

invalid memory addresses or free up memory twice. Note that this only affects OpenSSL 

with CMS code present. (CVE-2010-0742)\n\n - When verification recovery fails for RSA 

keys, an uninitialized buffer with an undefined length is returned instead of an error code. 

Note that this only affects OpenSSL 1.0.0. (CVE-2010-1633) 

Solution: Upgrade to OpenSSL 0.9.8o, 1.0.0, or later. 

CVE-2010-1633 

MySQL Version Detection 



Solution: N/A 




Kerio MailServer / Connect < 7.0.1 Administration Console File Disclosure and File Corruption 

Vulnerability 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote mail server is vulnerable to a file disclosure and corruption 

vulnerability.\n\nFor your information, the observed version of Kerio Mail Server / 

Connect is %L.\n\nVersions of Kerio Mail Server / Connect earlier than 7.0.1 are 

potentially affected by a file disclosure and corruption vulnerability. An attacker, with full 

administrative rights, can modify the administrative console to change the product 

configuration to read or corrupt arbitrary files on the server. 

Solution: Upgrade to Kerio Connect 7.0.1 or later. 


nginx 8.3 Filename Alias Request Access Rules / Authentication Bypass 


RISK: 

MEDIUM 



sensitive files or data\n\nFor your information, the observed version of nginx is 

%L.\n\nVersions of nginx earlier than 0.7.65 are potentially affected by a security bypass 

vulnerability. By appending %20 to a requested file, an attacker can view the source code 

of potentially sensitive scripts. 

Solution: Upgrade to nginx 0.7.65 or later. 


OpenSSL Version Detection 



Solution: N/A 


OpenOffice < 3.2.1 Multiple Vulnerabilities 




Description: Synopsis :\n\nThe remote host has a program that is affected by multiple 

vulnerabilities.\n\nThe version of OpenOffice installed on the remote host is earlier than 

3.2.1. Such version are affected by several issues :\n\n - There is a TLS/SSL renegotiation 

vulnerability in the included third-party OpenSSL library. (CVE-2009-3555)\n\n - There is 

a python scripting vulnerability which may lead to undesired code execution when using 

the OpenOffice scripting IDE. (CVE-2010-0395)\nIAVA Reference : 2011-A-0107\nIAVB 



PHP Version Detection 

CVE-2010-0395 



Solution: N/A 


Safari < 4.1 / 5.0 Multiple Vulnerabilities 




vectors.\n\nFor your information, the observed version of Safari is %L.\n\nVersions of 

Safari earlier than 4.1 / 5.0 are potentially affected by multiple vulnerabilities :\n\n - A heap 

buffer overflow exists in the handling of images with an embedded ColorSync profile. 

(CVE-2009-1726)\n\n - Safari supports the inclusion of user information in URLs, which 

allows the URL to specify a username and password to authenticate the user to the named 

server. (CVE-2010-1384)\n\n - A use after free issue exists in Safari's management of 

windows. (CVE-2010-1750)\n\n - An implementation issue exists in WebKit's handling of 

URLs in the clipboard. (CVE-2010-1388)\n\n - Dragging or pasting a selection from one 

site to another may allow scripts contained in the selection to be executed in the context of 

the new site. (CVE-2010-1389)\n\n - A cononicalization issue exists in WebKit's handling 

of UTF-7 encoded text. (CVE-2010-1390)\n\n - A path traversal issue exists in WebKit's 

support for Local Storage and Web SQL database. (CVE-2010-1391)\n\n - A use after free 

issue exists in WebKit's rendering of HTML buttons. (CVE-2010-1392)\n\n - An 

information disclosure issue exists in WebKit's handling of Cascading Stylesheets. 

(CVE-2010-1393)\n\n - A use after free issue exists in WebKit's handling of attribute 

manipulation. (CVE-2010-1119)\n\n - A design issue exists in WebKit's handling of HTML 

document fragments. (CVE-2010-1394)\n\n - An implementation issue exists in WebKit's 

handling of keyboard focus. (CVE-2010-1422)\n\n - A scope management issue exists in 

WebKit's handling of DOM constructor objects. (CVE-2010-1395)\n\n - A use after free 

issue exists in WebKit's handling of the removal of container elements. 

(CVE-2010-1396)\n\n - A use after free issue exists in WebKit's rendering of a selection 

when the layout changes. (CVE-2010-1397)\n\n - A memory corruption issue exists in 

WebKit's handling of ordered list insertions. (CVE-2010-1398)\n\n - An uninitialized 


memory access issue exists in WebKit's handling of selection changes on form input 

elements. (CVE-2010-1399)\n\n - A use after free issue exists in WebKit's handling of 

caption elements. (CVE-2010-1400)\n\n - A use after free issue exists in WebKit's handling 

of the ':first-letter' pseudo-element in cascading stylesheets. (CVE-2010-1401)\n\n - a 

double free issue exists in WebKit's handling of event listeners in SVG documents. 

(CVE-2010-1402)\n\n - An uninitialized memory access issue exists in WebKit's handling 

of 'use' elements in SVG documents. (CVE-2010-1403)\n\n - A use after free issue exists in 

WebKit's handling of SVG documents with multiple 'use' elements. (CVE-2010-1404)\n\n - 

A memory corruption issue exists in WebKit's handling of nested 'use' elements in SVG 

documents. (CVE-2010-1410)\n\n - A use after free issue exists in WebKit's handling of 

CSS run-ins. (CVE-2010-1749)\n\n - A use after free issue exists in WebKit's handling of 

HTML elements with custom vertical positioning. (CVE-2010-1405)\n\n - When WebKit is 

redirected from an HTTPS site to an HTTP site, the Referer header is passed to the HTTP 

site. (CVE-2010-1406)\n\n - An integer truncation issue exists in WebKit's handling of 

requests to non-default TCP ports. (CVE-2010-1408)\n\n - Common IRC service ports are 

not included in WebKit's port blacklist. (CVE-2010-1409)\n\n - A use after free issue exists 

in WebKit's handling of hover events. (CVE-2010-1412)\n\n - In certain circumstances, 

WebKit may send NTLM credentials in plain text. (CVE-2010-1413)\n\n - A use after free 

issue exists in WebKit's handling of the removeChild DOM method. (CVE-2010-1414)\n\n 

- An API abuse issue exists in WebKit's handling of libxml contexts. (CVE-2010-1415)\n\n 

- A cross-site image capture issue exists in WebKit. (CVE-2010-1416)\n\n - A memory 

corruption issue exists in WebKit's rendering of CSS-styled HTML content with multiple 

:after pseudo-selectors. (CVE-2010-1417)\n\n - An input validation issue exists in WebKit's 

handling of the src attribute of the frame element (CVE-2010-1418)\n\n - A use after free 

issue exists in WebKit's handling of drag and drop when the window acting as a source of a 

drag operation is closed before the drag operation is completed. (CVE-2010-1419)\n\n - A 

design issue exists in the implementation of the JavaScript function execCommand. 

(CVE-2010-1421)\n\n - An issue in WebKit's handling of malformed URLs may result in a 

cross-site scripting attack when visiting a maliciously crafted website. 

(CVE-2010-0544)\n\n - A use after free issue exists in WebKit's handling of DOM Range 

objects. (CVE-2010-1758)\n\n - A use after free issue exists in WebKit's handling of the 

Node.normalize method. (CVE-2010-1759)\n\n - A use after free issue exist sin WebKit's 

rendering of HTML document subtrees. (CVE-2010-1761)\n\n - A design issue exists in the 

handling of HTML contained in textarea elements. (CVE-2010-1762)\n\n - A design issue 

exists in WebKit's handling of HTTP redirects. (CVE-2010-1764)\n\n - A type checking 

issue exists in WebKit's handling of text nodes. (CVE-2010-1770)\n\n - A use after free 

issue exists in WebKit's handling of fonts. (CVE-2010-1771)\n\n - An out of bounds 

memory access issue exists in WebKit's handling of HTML tables. (CVE-2010-1774)\n\n - 

A design issue exists in WebKit's handling of the CSS :visited pseudo-class. 

Solution: Upgrade to Safari 4.1, 5.0, or later. 

CVE-2010-2264 






vectors.\n\nFor your information, the observed version of Google Chrome installed on the 


affected by multiple vulnerabilities :\n\n - A cross-origin keystroke redirection 

vulnerability. (Bug 15766)\n\n - A cross-origin bypass in DOM methods. (Bug 39985)\n\n - 

A memory error exists in table layout. (Bug 42723)\n\n - It is possible to escape the 

sandbox in Linux. (Bug 43304)\n\n - A stale pointer exists in bitmap. (Bug 43307) - A 

memory corruption vulnerability exists in DOM mode normalization. (Bug 43315)\n\n - A 

memory corruption vulnerability exists in text transforms. (Bug 43487)\n\n - A cross-site 

scripting vulnerability exists in the innerHTML property of textarea. (Bug 43902)\n\n - A 

memory corruption vulnerability exists in font handling. (Bug 44740)\n\n - Geolocation 

events fire after document deletion. (Bug 44868)\n\n - A memory corruption vulnerability 

exists in the rendering of list markers. (44955) 


CVE-2010-1773 

PRTG Traffic Grapher < 6.2.1.963 / 9.2.1.964 Cross-Site Scripting Vulnerability 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host contains a web application that is vulnerable to a cross-site 

scripting attack.\n\nThe remote host is running PRTG Traffic Grapher, a web-based 

application for monitoring network traffic. For your information, the observed version of 

PRTG Traffic Grapher on the remote host is %L.\n\nVersions of PRTG Traffic Graher 

earlier than 6.2.1.963 / 9.2.1.964 are potentially affected by a cross-site scripting 

vulnerability in the 'url' parameter of the 'login.htm' script. An unauthenticated remote 

attacker, exploiting this flaw, could execute arbitrary script code in a user's browser. 

Solution: Upgrade to PRTG Traffic Grapher 6.2.1.963, 6.2.1.964, or later. 


Flash Player < 10.1.53.64 / 9.0.277.0 Multiple Vulnerabilities (APSB10-14) 


Description: Synopsis :\n\nThe remote host contains a browser plug-in that is vulnerable to multiple 

attack vector.\n\nFor your information, the observed version of Flash player is 

%L.\n\nVersions of Flash Player earlier than 10.1.53.64 are potentially affected by multiple 

vulnerabilities, such as memory corruption, buffer overflows, and memory exhaustion, that 

could be exploited to cause an application crash or even allow execution of arbitrary code. 

Solution: Upgrade to Flash Player 10.1.53.64 / 9.0.277.0 or later. 

CVE-2010-2189 


Novell eDirectory < 8.8 SP5 Patch 4 Multiple Vulnerabilities 



Description: Synopsis :\n\nThe remote directory service is vulnerable to multiple attack vectors.\n\nThe 

remote host is running eDirectory, a directory service software from Novell. For your 

information, the observed version of eDirectory is :%L.\n\nVersions of eDirectory earlier 

than 8.8 SP5 Patch 4 are potentially affected by multiple vulnerabilities :\n\n - A 

denial-of-service vulnerability in NDSD when handling a malformed verb. (Bug 

571244)\n\n - A stack-based buffer overflow in the dhost module for Windows. (Bug 

588883)\n\n - A predictable session cookie in DHOST. (Bug 586854) 

Solution: Upgrade to eDirectory 8.8 SP5 Patch 4 or later. 

CVE-2009-4653 




issues.\n\nFor your information, the observed version of Mac OS X is %L.\n\nVersions of 

Mac OS X 10.6 earlier than 10.6.4 are potentially affected by multiple vulnerabilities. Mac 

OS X 10.6.4 contains security fixes for the following products :\n\n - CUPS\n\n - 

DesktopServices\n\n - Flash Player plug-in\n\n - Folder Manager\n\n - Help Viewer\n\n - 

iChat\n\n - ImageIO\n\nKerberos\n\n - libcurl\n\n - Network Authorization\n\n - Open 

Directory\n\n - Printer Setup\n\n - Printing\n\n - Ruby\n\n - SMB File Server\n\n - 

SquirrelMail\n\n - Wiki Server\nIAVB Reference : 2010-B-0035\nSTIG Finding Severity : 

Category I 


CVE-2010-1748 

Samba 3.x < 3.3.13 SMB1 Packet Chaining Memory Corruption 


Description: Synopsis :\n\nThe remote service is affected by a memory corruption vulnerability.\n\nFor 

your information, the observed version of Samba is :%L\n\nVersions of Samba 3.x earlier 

than 3.3.13 are potentially affected by a memory corruption vulnerability when handling 

specially crafted SMB1 packets. A remote unauthenticated attacker, exploiting this flaw, 

could crash the affected service or potentially execute arbitrary code subject to the 

privileges of the user running the affected application. 

Solution: Upgrade to Samba 3.3.13 or later. 

CVE-2010-2063 





Description: Synopsis :\n\nThe remote host contains an application that is vulnerable to multiple attack 

vectors.\n\nFor your information, the observed version of iTunes is %L.\n\nVersions of 

iTunes older than 9.2 are potentially affected by multiple vulnerabilities :\n\n - A heap 

buffer overflow in the handling of images with an embedded ColorSync profile may lead to 

an application crash or arbitrary code execution. (CVE-2009-1726)\n\n - Multiple integer 

overflows in ImageIO's handling of TIFF files may lead to an application crash or arbitrary 

code execution. (CVE-2010-1411)\n\n - Multiple vulnerabilities in WebKit may have a 

variety of effects, including arbitrary code execution. (CVE-2010-0544, CVE-2010-1119, 

CVE-2010-1387, CVE-2010-1390, CVE-2010-1392, CVE-2010-1393, CVE-2010-1395, 







CVE-2010-1774) 

Solution: Upgrade to iTune 9.2 or later. 

CVE-2010-1774 




is running CUPS, an open source print server. For your information, the observed version 

of CUPS is %L.\n\nVersions of CUPS earlier than 1.4.4 are potentially affected by multiple 

vulnerabilities.\n\n - The texttops filter does not check the results of memory allocations. 

(STR #3715)\n\n - A use-after-free vulnerability in the abstract file-descriptor handling 

interface. Note that this is related to an incomplete patch for CVE-2009-3553. (STR 

#3490)\n\n - In certain instances, the web interface can disclose the contents of memory. 

(STR #3577)\n\n - CUPS can overwrite files as root in directories not owned or writeable 

by non-root users. (STR #3510)\n\n - An infinite loop can occur when CUPS is not 

compiled with HAVE_GSSAPI. (STR #3518) 

Solution: Upgrade to CUPS 1.4.4 or later. 

CVE-2010-2432 




Description: Synopsis :\n\nThe remote host is vulnerable to multiple attack vectors.\n\nThe remote web 

server hosts Moodle, an open-source course management system. For your information, the 

observed version of Moodle is %L.\n\nVersions of Moodle prior to 1.8.13 or 1.9.9 are 

potentially affected by multiple vulnerabilities :\n\n - A persistent cross-site scripting 

vulnerability in the MNET access control interface. (MSA-10-0010)\n\n - A cross-site 

scripting vulnerability in blog/index.php. (MSA-10-0011)\n\n - The KSES text cleaning 


filter may allow registered users to launch persistent cross-site scripting attacks. 

(MSA-10-012)\n\n - A potential cross-site request forgery vulnerability exists in Quiz 

reports.\n\n (MSA-10-013) 





Description: Synopsis :\n\nThe remote host has a web browser that is vulnerable to multiple attack 

vectors.\n\nThe remote host is running the Opera web browser. For your information, the 

observed version of Opera is %L.\n\nVersions of Opera earlier than 10.54 are potentially 

affected by multiple vulnerabilities :\n\n - Opera may be used as a vector for a font issue in 

the underlying operating system. (KB 954)\n\n - An extremely severe issue due to an 

undisclosed error.\n\n - A highly severe issue due to an undisclosed error.\n\n - A 

moderately severe issue due to an undisclosed issue.\n\n - A less severe issue due to an 

undisclosed error. 


CVE-2010-2666 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server hosts an application that is vulnerable to multiple 

attack vectors.\n\nAtlassian JIRA, a web-based application for bug tracking, issue tracking, 

and project management is installed on the remote web server. For your information, the 

observed version of Atlassian JIRA is %L.\n\nVersions of JIRA earlier than 4.1.2 are 

potentially affected by multiple vulnerabilities :\n\n - Multiple cross-site scripting 

vulnerabilities in URL query strings.\n\n - JIRA standalone fails to properly protect 

sensitive cookie data with the 'HTTPOnly' protection mechanism.\n\n - Users without the 

'JIRA Users' permission can login via crowd single-sign-on.\n\nA cross-site request forgery 

in the 'logout' action.\n\n - Multiple vulnerabilities in the FishEye plugin.\n\n - A security 

vulnerability in the Bamboo plugin. 

Solution: Upgrade to Atlassian JIRA 4.1.2. 



Apple iPhone/iPad OS < 4.0 Multiple Vulnerabilities 




remote host is an iPhone, iPod Touch, or iPad running iOS. For your information, 

the observed version of iOS is %L.\n\nVersions of iOS earlier than 4.0 are 

potentially affected by multiple vulnerabilities. iOS 4.0 contains security fixes for 

the following products :\n\n - Application Sandbox\n\n - CFNetwork\n\n - 

ImageIO\n\n - LibSystem\n\n - libxml\n\n - Passcode Lock\n\n - Safari\n\n - 

Settings\n\n - WebKit 

Solution: Upgrade to iOS 4.0 or later. 

CVE-2010-2660 



Description: Synopsis :\n\nThe remote host has a web browser installed that is vulnerable to multiple 

attack vectors.\n\nFor your information, the observed version of Firefox is %L.\n\nVersions 

of Firefox earlier than 3.5.10 are potentially affected by multiple vulnerabilities :\n\n - A 

re-use of a freed object due to scope confusion. (MFSA 2010-25)\n\n - Multiple crashes can 

result in code execution. (MFSA 2010-26)\n\n - A use-after-free error in 

nsCycleCollector::MarkRoots(). (MFSA 2010-27)\n\n - Freed object reuse across plugin 

instances. (MFSA 2010-28)\n\n - A heap buffer overflow in 

nsGenericDOMDataNode::SetTextInternal. (MFSA 2010-29)\n\n - An integer overflow in 

XSLT node sorting. (MFSA 2010-30)\n\n The focus() behavior can be used to inject or 

steal keystrokes. (MFSA 2010-31)\n\n- The 'Content-Disposition: attachment' HTTP 

header is ignored when 'Content-Type: multipart' is also present. (MFSA 2010-32)\n\nIt is 

possible to reverse engineer the value used to seed Math.random(). (MFSA 2008-33) 


CVE-2010-1203 

Firefox 3.6.x < 3.6.4 Multiple Vulnerabilities 





of Firefox 3.6.x earlier than 3.6.4 are potentially affected by multiple vulnerabilities :\n\n - 

Multiple crashes can result in code execution. (MFSA 2010-26)\n\n - Freed object reuse 

across plugin instances. (MFSA 2010-28)\n\n - A heap buffer overflow in 








CVE-2010-1203 




attack vectors.\n\nFor your information, the observed version of SeaMonkey is 

%L.\n\nVersions of SeaMonkey earlier than 2.0.5 are potentially affected by multiple 

vulnerabilities :\n\n A re-use of a freed object due to scope confusion. (MFSA 2010-25)\n\n 

- Multiple crashes can result in code execution. (MFSA 2010-26)\n\n - A use-after-free 

error in nsCycleCollector::MarkRoots(). (MFSA 2010-27)\n\n - Freed object reuse across 

plugin instances. (MFSA 2010-28)\n\n - A heap buffer overflow in 







CVE-2010-1203 



Description: Synopsis :\n\nThe remote host has an email client that is vulnerable to multiple attack 

vectors.\n\nFor your information, the observed version of Thunderbird is %L.\n\nVersions 

of Thunderbird earlier than 3.0.5 are potentially affected by multiple vulnerabilities :\n\n - 

A re-use of a freed object due to scope confusion. (MFSA 2010-25)\n\n - Multiple crashes 

can result in arbitrary code execution. (MFSA 2010-26)\n\n - A heap buffer overflow in 

nsGenericDOMDataNode::SetTextInternal. (MFSA 2010-29)\n\nAn integer overflow in 

XSLT node sorting. (MFSA 2010-30) 


CVE-2010-1203 

EvoCam < 3.6.8 GET Request Buffer Overflow 



Description: Synopsis :\n\nThe remote host contains an application that is affected by a buffer overflow 

vulnerability.\n\nThe remote host is running EvoCam, a webcam application for Mac OS 

X. For your information, the observed version of EvoCam is %L.\n\nVersions of EvoCam 

earlier than 3.6.8 are potentially affected by a buffer overflow vulnerability in the web 

server when handling specially crafted GET requests. An attacker, exploiting this flaw, 

could execute arbitrary code on the remote host subject to the privileges of the user running 

the affected software. 


Solution: Upgrade to EvoCam 3.6.8 or later. 

CVE-2010-2309 






affected by multiple vulnerabilities :\n\n - A cross-site scripting vulnerability in 

'application/json' responses. (Bug 38105)\n\n - A memory error in video handling. (Bug 

43322)\n\n - A subresource is displayed in omnibox loading. (Bug 43967)\n\n - A memory 

error in video handling. (Bug 45267)\n\n - A stale pointer in x509-user-cert response. (Bug 

46126) 





RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server is hosting an application that is vulnerable to multiple 

attack vectors.\n\nThe remote web server is hosting Bugzilla, a web-based bug tracking 

application. For your information, the observed version of Bugzilla is %L.\n\nVersions of 

Bugzilla earlier than 3.2.7, 3.4.x earlier than 3.4.7, and 3.6.x earlier than 3.6.1 are 

potentially affected by multiple vulnerabilities :\n\n - It is possible to determine 

time-tracking information for bugs through specially crafted search URLs. 

(CVE-2010-1204)\n\n - If '$use_suexec' is set to '1' in the localconfig file, the localconfig 

file's permissions were set as world-readable by checksetup.pl. (CVE-2010-0180) 

Solution: Upgrade to Bugzilla 3.2.7, 3.4.7, 3.6.1, or later. 

Web Server Detection 

CVE-2010-1204 


Description: A web server is running on this port : %L 

Solution: N/A 

realtimeonly 




MySQL Community Server < 5.1.47 / 5.0.91 Multiple Vulnerabilities 


RISK: 

MEDIUM 



your information, the observed version of MySQL Community Server is %L.\n\nVersions 

of MySQL server earlier than 5.1.47 / 5.0.91 are potentially affected by the following 

vulnerabilities :\n\n - The server may continue reading packets indefinitely if it receives a 

packet larger than the maximum size of one packet, which could allow an unauthenticated 

remote attacker to consume a high level of CPU and bandwidth. (Bug #50974)\n\n - Using 

an overly long table name argument to the 'COM_FIELD_LIST' command, an 

authenticated user can overflow a buffer and execute arbitrary code on the affected host. 

(Bug #53237)\n\n - Using a specially crafted table name argument to 'COM_FIELD_LIST', 

an authenticated user can bypass almost all forms of checks for privileges and table-level 

grants. (Bug #53371) 

Solution: Upgrade to MySQL Community Server 5.0.91, 5.1.47, or later. 

CVE-2010-1850 

MySQL Community Server 5.1 < 5.1.48 Denial of Service Vulnerability 


Description: Synopsis :\n\nThe remote database server is vulnerable to a denial of service attack.\n\nFor 

your information, the observed version of MySQL Community Server is %L.\nVersions of 

MySQL Community Server 5.1 earlier than 5.1.48 are potentially affected by a 

denial-of-service vulnerability. The 'ALTER DATABASE' command can be misused by a 

user with 'ALTER' privileges to cause the MySQL data directory to become unusable. 


CVE-2010-2008 






affected by multiple vulnerabilities :\n\n - Double clicking a link can unexpectedly run a 

program from the Internet. (KB 957)\n\n - Users can be tricked into uploading unexpected 

files. (KB 958) 


CVE-2010-2664 


Snare for Windows < 3.1.8 Web Interface Cross-Site Request Forgery 



Description: Synopsis :\n\nThe remote host is vulnerable to a cross-site request forgery attack.\n\nThe 

remote host is running Snare for Windows, a central logging application with the web 

interface enabled. For your information, the observed version of Snare is :%L\n\nVersions 

of Snare for Windows earlier than 3.1.8 are potentially affected by a cross-site request 

forgery vulnerability in the web administration interface. An attacker, exploiting this flaw, 

could execute arbitrary script code in a user's browser. 

Solution: Upgrade to Snare for Windows 3.1.8 or later. 

CVE-2010-2594 





remote host is %L.\n\nVersions of Google Chrome earlier than 5.0.375.99 are potentially 

affected by multiple vulnerabilities :\n\n - An unspecified issue in WebGL can trigger an 

OOB read. (Bug 42396)\n\n - Sandboxed iframes are not isolated strongly enough. (Bug 

42575)\n\n - A memory corruption issue exists with invalid SVGs. (Bug 43488)\n\n - A 

memory corruption issue exists in the bidi algorithm. (Bug 44424)\n\n - A memory 

corruption issue exists with invalid PNGs. (Bug 45983)\n\n - A memory corruption exists 

in CSS style rendering. (Bug 46360)\n\n - An unspecified issue with print dialogs. (Bug 

46575)\n\n - An unspecified crash relating to modal dialogs. (Bug 47056) 


CVE-2010-2652 

WordPress WP-UserOnline plugin URL HTML Injection Vulnerability 


Description: Synopsis :\n\nThe remote web server hosts a web application that is vulnerable to an 

HTML-injection vulnerability.\n\nThe remote web server hosts WordPress with the 

WP-UserOnline plugin, a plugin to display how many users are online with detailed 

statistics. For your information, the observed version of the WP-UserOnline plugin is 

%L.\n\nVersions of WP-UserOnline earlier than 2.70 are potentially affected by an 

HTML-injection vulnerability. An attacker, exploiting this flaw, could potentially execute 

arbitrary script code in a user's browser. 

Solution: Upgrade to WP-UserOnline 2.70 or later. 


XLight FTP Server SFTP Directory Traversal 


PVS ID: 5593 FAMILY: SSH NESSUS ID:47680 


RISK: 

MEDIUM 

Description: Synopsis :\n\nThe remote SFTP service is vulnerable to a directory traversal attack.\n\nThe 

remote host is running XLight FTP server with the SFTP service enabled. For your 

information, the observed version of XLight SFTP is %L.\n\nVersions of XLight FTP 

server 3.x earlier than 3.6.0 are potentially affected by a directory traversal vulnerability in 

the SFTP service. A remote authenticated attacker, exploiting this flaw, can read arbitrary 

files on the affected host. 

Solution: Upgrade to XLight FTP Server 3.6 or later. 

CVE-2010-2695 

Bugzilla 3.7.x < 3.7.2 Information Disclosure Vulnerability 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server is hosting an application that is affected by an 

information disclosure vulnerability.\n\nThe remote web server is hosting Bugzilla, a 

web-based bug tracking application. For your information, the observed version of Bugzilla 

is %L.\n\nVersions of Bugzilla 3.7.x earlier than 3.7.2 fail to restrict access to bugs created 

with the inboud email interface (email_in.pl) or with the 'Bug.create' method in the 

WebServices interface to the 'mandatory; or 'Default' groups. This could allow bug 

information to become publicly available instead of being restricted to certain groups. 

Solution: Upgrade to Bugzilla 3.7.2 or later. 


Database Client Login Detection 


Description: The remote client is logging in with the following credentials 

Solution: N/A 

realtimeonly 


Database Client Login Detection 


Description: The remote client is logging in with the following credentials 

realtimeonly 



Solution: N/A 




Description: Synopsis :\n\nThe remote host has a media player installed that is vulnerable to multiple 

attack vectors.\n\nThe remote host is running Winamp, a media player for Windows. For 

your information, the observed version of Winamp is %L.\n\nVersions of Winamp earlier 

than 5.58 are potentially affected by multiple vulnerabilities :\n\n - A stack-based buffer 

overflow when loading a malformed whatsnew.txt file.\n\n - A stack-based buffer overflow 

when parsing VP6 video content.\n\nAn attacker, exploiting these flaws, can execute 

arbitrary code in the context of the affected application. 



CMS Made Simple < 1.8.1 Local File Include Vulnerability 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server is running a PHP application that is affected by a 

local file include vulnerability.\n\nThe remote host is running CMS Made Simple, a 

web-based content-management application written in PHP. For your information, the 

observed version of CMS Made Simple is %L.\n\nVersions of CMS Made Simple earlier 

than 1.8.1 are potentially affected by a local file include vulnerability because the 

application fails to properly sanitize user supplied input to the 'default_lang' parameter of 

the 'translation.functions.php' script. A remote, authenticated attacker, exploiting this flaw 

could execute arbitrary code subject to the privileges of the user running the affected web 

server. 




IBM Solid Database < 6.5 Service Pack 2 Handshake Request Username Field Remote Code 

Execution 


Description: Synopsis :\n\nThe remote database server is vulnerable to a remote code execution 

attack.\n\nThe remote host is running IBM SolidDB. For your information, the observed 

version of SolidDB is :%L.\n\nVersions of SolidDB earlier than 6.5.0.2 are potentially 

affected by a remote code execution vulnerability because the application fails to properly 

validate the length of the username field. An attacker, exploiting this flaw, could execute 

arbitrary code subject to the privileges of the user running the affected application. 


Solution: Upgrade to IBM SolidDB 6.5 SP2 or later. 

CVE-2010-2771 

Ipswitch IMail Server < 11.02 Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote mail server is vulnerable to multiple attack vectors.\n\nThe 

remote host is running Ipswitch IMail server. For your information, the observed version of 

Ipswitch IMail is %L.\n\nVersions of IMail earlier than 11.02 are potentially affected by 

multiple vulnerabilities :\n\n - By sending a specially crafted message to imailsrv.exe with 

multiple 'Reply-To' headers set, it may be possible for a remote unauthenticated attacker to 

execute arbitrary code on the remote system. (ZDI-10-126)\n\n - By sending a specially 

crafted message containing '?Q' operator, it may be possible for a remote authenticated 

attacker to execute arbitrary code on the remote system with SYSTEM privileges. 

(ZDI-10-127)\n\n - By sending a specially crafted message with an overly long '-NOTIFY' 

argument, it may be possible for a remote unauthenticated attacker to execute arbitrary 

code on the remote system. (ZDI-10-128) 

Solution: Upgrade to Ipswitch IMail Server version 11.02 or later. 


BIND 9.7.1 < 9.7.1 P2 'RRSIG' Record Type Remote DoS 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote DNS server is vulnerable to a remote denial of service 

attack.\n\nThe remote host is running BIND, an open source name server. For your 

information, the observed version of BIND is %L.\n\nVersions of BIND 9.7.1 earlier than 

9.7.1 P2 are potentially affected by a remote denial of service vulnerability when handling 

specially crafted queries for 'RRSIG' records. 

Solution: Upgrade to BIND 9.7.1 P2 or later. 

CVE-2010-0213 

Client .dat Download Detection 


Description: The remote client was just observed download the following '.dat' file: \n %L 



Client .dat Download Detection 




Description: The remote client was just observed download the following '.dat' file: \n %L 





RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server has an application that is vulnerable to multiple attack 

vectors.\n\nThe remote web server is hosting Joomla!, a content management system 

written in PHP. For your information, the observed version of Joomla! is %L.\n\nVersions 

of Joomla earlier than 1.5.20 are potentially affected by multiple vulnerabilities :\n\n - A 

back-end user can inject SQL code which will lead to a MySQL error which shows internal 

path information. (Bug 20100701)\n\n - Multiple cross-site scripting vulnerabilities in 

various administrative screens. (Bug 20100702, Bug 201000703, Bug 20100704) 



iTunes < 9.2.1 'itpc:' Buffer Overflow Vulnerability 



vectors.\n\nThe remote host has iTunes installed, a popular media player for Windows and 

Mac OS. For your information, the observed version of iTunes is %L.\n\nVersions of 

iTunes earlier than 9.2.1 are potentially affected by a buffer overflow vulnerability in the 

handling of 'itpc:' URLs which may allow an attacker to execute arbitrary code on the 

remote host. To exploit this flaw, an attacker would need to send a malformed itpc: link to a 

user on the remote host and wait for him to click on it. 


CVE-2010-1777 






of Firefox 3.5.x earlier than 3.5.11 are potentially affected by multiple vulnerabilities :\n\n 

Multiple memory safety bugs could result in memory corruption, potentially resulting in 

arbitrary code execution. (MFSA 2010-34)\n\n - An error in DOM attribute cloning could 

result in arbitrary code execution. (MFSA 2010-35)\n\n - An error in Mozilla's 


'NodeIterator' implementation could lead to arbitrary code execution. (MFSA 2010-36)\n\n 

An error in the code to store the names and values of plugin parameters could lead to 

arbitrary code execution. (MFSA 2010-37)\n\n - The array class used to store CSS values is 

affected by an integer overflow vulnerability. (MFSA 2010-39)\n\n - An integer overflow 

vulnerability exists in the 'selection' attribute of the XUL tree element. (MFSA 

2010-40)\n\n - A buffer overflow exists in Mozilla graphics code could lead to arbitrary 

code execution. (MFSA 2010-41)\n\n - It is possible to read and parse resources from other 

domains even when the content is not valid javascript leading to cross-domain data 

disclosure. (MFSA 2010-42)\n\n - Multiple location bar spoofing vulnerabilities exist. 

(MFSA 2010-45)\n\n - It is possible to read data across domains by injecting bogus CSS 

selectors into a target site. (MFSA 2010-46)\n\n - Potentially sensitive URL parameters 

could be leaked across domains via script errors. (MFSA 2010-47) 


CVE-2010-2754 





of Firefox 3.6.x earlier than 3.6.7 are potentially affected by multiple vulnerabilities :\n\n 

Multiple memory safety bugs could result in memory corruption, potentially resulting in 

arbitrary code execution. (MFSA 2010-34)\n\n - An error in DOM attribute cloning could 

result in arbitrary code execution. (MFSA 2010-35)\n\n - An error in Mozilla's 

'NodeIterator' implementation could lead to arbitrary code execution. (MFSA 2010-36)\n\n 

An error in the code to store the names and values of plugin parameters could lead to 

arbitrary code execution. (MFSA 2010-37)\n\n - It may be possible to run arbitrary 

JavaScript with chrome privileges using SJOW and fast native function. (MFSA 

2010-38)\n\n - The array class used to store CSS values is affected by an integer overflow 

vulnerability. (MFSA 2010-39)\n\n - An integer overflow vulnerability exists in the 

'selection' attribute of the XUL tree element. (MFSA 2010-40)\n\n - A buffer overflow 

exists in Mozilla graphics code could lead to arbitrary code execution. (MFSA 

2010-41)\n\n - It is possible to read and parse resources from other domains even when the 

content is not valid javascript leading to cross-domain data disclosure. (MFSA 

2010-42)\n\n - The canvas element can be used to read data from another site leading to a 

same-origin bypass vulnerability. (MFSA 2010-43)\n\n - Characters mapped to U+FFFD in 

8 bit encodings cause subsequent characteres to dissapear, potentially contributing to 

cross-site scripting issues on certain websites. (MFSA 2010-44)\n\n - Multiple location bar 

spoofing vulnerabilities exist. (MFSA 2010-45)\n\n - It is possible to read data across 

domains by injecting bogus CSS selectors into a target site. (MFSA 2010-46)\n\n - 

Potentially sensitive URL parameters could be leaked across domains via script errors. 

(MFSA 2010-47) 


CVE-2010-2754 



Thunderbird 3.0.x < 3.0.6 Multiple Vulnerabilities 



attack vectors.\n\nFor your information, the observed version of Thunderbird is 

%L.\n\nVersions of Thunderbird 3.0.x earlier than 3.0.6 are potentially affected by multiple 

vulnerabilities :\n\n Multiple memory safety bugs could result in memory corruption, 

potentially resulting in arbitrary code execution. (MFSA 2010-34)\n\n - The array class 

used to store CSS values is affected by an integer overflow vulnerability. (MFSA 

2010-39)\n\n - An integer overflow vulnerability exists in the 'selection' attribute of the 

XUL tree element. (MFSA 2010-40)\n\n - A buffer overflow exists in Mozilla graphics 

code could lead to arbitrary code execution. (MFSA 2010-41)\n\n - It is possible to read 

and parse resources from other domains even when the content is not valid javascript 

leading to cross-domain data disclosure. (MFSA 2010-42)\n\n - It is possible to read data 

across domains by injecting bogus CSS selectors into a target site. (MFSA 2010-46)\n\n - 

Potentially sensitive URL parameters could be leaked across domains via script errors. 

(MFSA 2010-47) 


CVE-2010-2754 

Thunderbird 3.1.x < 3.1.1 Multiple Vulnerabilities 




%L.\n\nVersions of Thunderbird 3.1.x earlier than 3.1.1 are potentially affected by multiple 


potentially resulting in arbitrary code execution. (MFSA 2010-34)\n\n - It may be possible 

to run arbitrary JavaScript with chrome privileges using SJOW and fast native function. 

(MFSA 2010-38)\n\n - The array class used to store CSS values is affected by an integer 

overflow vulnerability. (MFSA 2010-39)\n\n - An integer overflow vulnerability exists in 

the 'selection' attribute of the XUL tree element. (MFSA 2010-40)\n\n - A buffer overflow 

exists in Mozilla graphics code could lead to arbitrary code execution. (MFSA 

2010-41)\n\n - It is possible to read and parse resources from other domains even when the 

content is not valid javascript leading to cross-domain data disclosure. (MFSA 

2010-42)\n\n - The canvas element can be used to read data from another site leading to a 

same-origin bypass vulnerability. (MFSA 2010-43)\n\n - Characters mapped to U+FFFD in 

8 bit encodings cause subsequent characteres to dissapear, potentially contributing to 

cross-site scripting issues on certain websites. (MFSA 2010-44)\n\n - It is possible to read 

data across domains by injecting bogus CSS selectors into a target site. (MFSA 

2010-46)\n\n - Potentially sensitive URL parameters could be leaked across domains via 

script errors. (MFSA 2010-47) 


CVE-2010-2754 



SeaMonkey 2.0.x < 2.0.6 Multiple Vulnerabilities 




%L.\n\nVersions of SeaMonkey 2.0.x earlier than 2.0.6 are potentially affected by multiple 


potentially resulting in arbitrary code execution. (MFSA 2010-34)\n\n - An error in DOM 

attribute cloning could result in arbitrary code execution. (MFSA 2010-35)\n\n - An error 

in Mozilla's 'NodeIterator' implementation could lead to arbitrary code execution. (MFSA 

2010-36)\n\n An error in the code to store the names and values of plugin parameters could 

lead to arbitrary code execution. (MFSA 2010-37)\n\n - The array class used to store CSS 

values is affected by an integer overflow vulnerability. (MFSA 2010-39)\n\n - An integer 

overflow vulnerability exists in the 'selection' attribute of the XUL tree element. (MFSA 

2010-40)\n\n - A buffer overflow exists in Mozilla graphics code could lead to arbitrary 

code execution. (MFSA 2010-41)\n\n - It is possible to read and parse resources from other 

domains even when the content is not valid javascript leading to cross-domain data 

disclosure. (MFSA 2010-42)\n\n - Multiple location bar spoofing vulnerabilities exist. 

(MFSA 2010-45)\n\n - It is possible to read data across domains by injecting bogus CSS 

selectors into a target site. (MFSA 2010-46)\n\n - Potentially sensitive URL parameters 

could be leaked across domains via script errors. (MFSA 2010-47) 


CVE-2010-2754 

MapServer < 5.6.4 / 4.10.6 Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote web server contains a CGI script that is vulnerable to multiple 

attack vectors.\n\nThe remote web server hosts MapServer, an open source platform for 

publishing spacial data and interactive mapping applications to the web. For your 

information, the observed version of MapServer is %L.\n\nVersions of MapServer earlier 

than 5.6.4, or 4.10.6 are potentially affected by multiple vulnerabilities :\n\n - A buffer 

overflow vulnerability in the 'ForcedTmpBase' parameter of 'msTmpFile()'. (Ticket 

3484)\n\n - Unspecified security vulnerabilities in multiple debug command-line 

arguments. (Ticket 3485) 

Solution: Upgrade to MapServer 4.10.6, 5.6.4, or later. 

CVE-2010-2540 

Axon Virtual PBX < 2.13 /logon Multiple Parameter XSS 



RISK: 

MEDIUM 



Description: Synopsis :\n\nThe remote web server hosts an application that is vulnerable to a cross-site 

scripting attack.\n\nThe remote web server is the internal web server component included 

with Axon Virtual PBX, a Windows application used to manage phone calls. For your 

information, the observed version of Axon Virtual PBX is %L.\n\nVersions of Axon 

Virtual PBX earlier than 2.13 are potentially affected by a cross-site scripting vulnerability 

in multiple parameters of the '/logon' script. An attacker, exploiting this flaw, can execute 

arbitrary script code in a user's browser. 

Solution: Upgrade to Axon Virtual PBX 2.13 or later. 

CVE-2009-4038 

Firefox 3.6.7 Remote Code Execution Vulnerability 



attack vectors.\n\nFor your information, the observed version of Firefox is %L.\n\nFirefox 

3.6.7 is potentially affected by a memory corruption vulnerability that could lead to 

arbitrary cod execution. 


CVE-2010-2755 






affected by multiple vulnerabilities :\n\n - It is possible for memory contents to be disclosed 

in layout code. (Bug 42735)\n\n - An unspecified issue with large canvases. (Bug 

43813)\n\n - A memory corruption issue in rendering code. (Bug 47866)\n\n - A memory 

corruption issue in SVG handling. (Bug 48284)\n\n - It is possible for hostnames to be 

truncated. (Bug 48597) 


CVE-2010-2903 

Apache 2.2 < 2.2.16 Multiple Vulnerabilities 




information, the observed version of Apache HTTP server is %L.\n\nVersions of Apache 

2.2 earlier than 2.2.16 are potentially affected by multiple vulnerabilities :\n\n - A 

denial-of-service vulnerability in mod_cache and mod_dav. (CVE-2010-1452)\n\n - An 

information disclosure vulnerability in mod_proxy_http relating to timeout conditions. 


(CVE-2010-2068) 


CVE-2010-2068 




vulnerabilities.\n\nAccording to its banner the version of PHP installed on the remote host 

is earlier than 5.3.3 / 5.2.14. Such version are potentially affected by multiple 

vulnerabilities :\n\n - An information disclosure vulnerability in var_export() when a fatal 

error occurs.\n\n - A resource destruction issue in shm_put_var().\n\n - A possible 

information leak because of an interruption of XOR operator.\n\n - A memory corruption 

issue caused by an unexpected call-time pass by reference and the following memory 

clobbering through callbacks.\n\n - A memory corruption issue in 

ArrayObject::uasort().\n\n - A memory corruption issue in parse_str().\n\n - A memory 

corruption issue in pack().\n\n - A memory corruption issue in substr_replace().\n\n - A 

memory corruption issue in addcslashes().\n\n - A stack exhaustion issue in fnmatch().\n\n - 

A buffer overflow vulnerability in the dechunking filter.\n\n - An arbitrary memory access 

issue in the sqlite extension.\n\n - A string format validation issue in the phar extension.\n\n 

- An unspecified issue relating to the handling of session variable serialization on certain 

prefix characters.\n\n - A NULL pointer dereference issue when processing invalid 

XML-RPC requests.\n\n - An unserialization issue in SplObjectStorage.\n\n - Buffer 

overflow vulnerabilities in mysqlnd_list_fields and mysqlnd_change_user.\n\n - Buffer 

overflows when handling error packets in mysqlnd. 

Solution: Upgrade to PHP version 5.2.14, 5.3.3, or later. 

CVE-2010-2531 

Safari < 4.1.1 / 5.0.1 Multiple Vulnerabilities 




vectors.\n\nFor your information, the observed version of Safari is %L.\n\nThe remote host 

has Safari installed. For your information, the observed version of Safari is 

%L.\n\nVersions of Safari earlier than 4.1.1 / 5.0.1 are potentially affected by multiple 

vulnerabilities :\n\n - Safari's AutoFill feature may disclose information to websites without 

user interaction. (CVE-2010-1796)\n\n - A use after free issue exists in WebKit's handling 

of element focus may lead to an application crash or arbitrary code execution. 

(CVE-2010-1780)\n\n - A memory corruption issue exists in WebKit's rendering of inline 

elements . (CVE-2010-1782)\n\n - A memory corruption issue exists in WebKit's handling 

of dynamic modifications to text nodes .\n\n - A memory corruption issue exists in 

WebKit's handling of CSS counters . (CVE-2010-1784)\n\n - An uninitialized memory 

access issue exists in WebKit's handling of the ':first-letter' and ':first-line' pseudo-elements 

in SVG text elements . (CVE-2010-1785)\n\n - A use after free issue exists in WebKit's 


handling of foreignObject elements in SVG documents. (CVE-2010-1786)\n\n - A memory 

corruption issue exists in WebKit's handling of floating elements in SVG documents. 

(CVE-2010-1787)\n\n - A memory corruption issue exists in WebKit's handling of 'use' 

elements in SVG documents. (CVE-2010-1788)\n\n - A heap buffer overflow exist sin 

WebKit's handling of JavaScript string objects. (CVE-2010-1789)\n\n - A re-entrancy issue 

exists in WebKit's handling of just-in-time compiled JavaScript stubs. 

(CVE-2010-1790)\n\n - A signedness issue exists in WebKit's handling of JavaScript 

arrays. (CVE-2010-1791)\n\n - A memory corruption issue exists in WebKit's handling of 

regular expressions. (CVE-2010-1792)\n\n - A use after free issue exists in WebKit's 

handling of 'font-face' and 'use' elements in SVG documents. (CVE-2010-1793) 

Solution: Upgrade to Safari 4.1.1, 5.0.1, or later. 

CVE-2010-1796 

Piwik 0.6 < 0.6.4 Remote File Include Vulnerability 


Description: Synopsis :\n\nThe remote web server is hosting a PHP application that is 

vulnerable to a remote file include attack.\n\nThe remote web server is hosting 

Piwik, a web analytics application written in PHP. For your information, the 

observed version of Piwik is %L.\n\nVersions of Piwik 0.6 < 0.6.4 are potentially 

affected by an unspecified remote file include vulnerability. An attacker, 

exploiting this flaw, could read arbitrary files or potentially execute arbitrary script 

code subject to the privileges of the affected web server. 

Solution: Upgrade to Piwik 0.6.4 or later. 

CVE-2010-2786 

Mantis 1.2.x < 1.2.2 Cross-Site Scripting Vulnerability 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server is hosting a web application that is vulnerable to a 

cross-site scripting attack.\n\nThe remote web server is hosting Mantis, an open source 

bugtracking application written in PHP. For your information, the observed version of 

Mantis is %L.\n\nVersions of Mantis 1.2.x are potentially affected by a cross-site scripting 

vulnerability. The application does not properly validate inline attachments before 

rendering them. An attacker, exploiting this flaw, could execute arbitrary script code in a 

users browser. 

Solution: Upgrade to Mantis 1.2.2 or later. 


SSL Server Certificate Exchange Detection 




Description: The remote host is an SSL/TLS server 

Solution: N/A 

realtimeonly 


VxWorks 'debug' Port Detection 


Description: The remote host is running the VxWorks 'debug' service on port 17185/udp. The reported 

version number is: %L 

Solution: Manually inspect the service to ensure that it is patched and necessary on your network 

VxWorks Detection 



Description: The remote host is running VxWorks embedded Operating System. The reported version 

number is: %L 


VxWorks Detection 



Description: The remote host is running VxWorks embedded Operating System. The reported version 

number is: %L 




Adobe Flash Media server < 3.0.6 / 3.5.4 Multiple Vulnerabilities (APSB10-19) 



is running Adobe Flash Media Server. For your information, the observed version of Adobe 

Flash Media Server is %L.\n\nVersions of Adobe Flash Media Server earlier than 3.0.6 / 

3.5.4 are potentially affected by multiple vulnerabilities :\n\n - An issue in a JS method 


could result in a denial of service condition. (CVE-2010-2218)\n\n - An issue in a JS 

method could allow arbitrary code execution. (CVE-2010-2217)\n\n - A memory 

exhaustion issue could lead to a denial of service condition. (CVE-2010-2219)\n\n - An 

input validation issue could lead to a denial of service condition. (CVE-2010-2220) 

Solution: Upgrade to Flash Media Server 3.0.6, 3.5.4, or later. 

CVE-2010-2220 

Flash Player Multiple Vulnerabilities (APSB10-16) 



attack vectors.\n\nThe remote host has Adobe Flash Player installed. For your information, 

the observed version of Adobe Flash Player is %L.\n\nVersions of Flash Player 9.x earlier 

than 9.0.280 and 10.x earlier than 10.1.82.76 are potentially affected by multiple memory 

corruption issues and a click-jacking vulnerability. 

Solution: Upgrade to Flash Player 10.1.82.76 / 9.0.280 or later. 

CVE-2010-2216 






affected by multiple vulnerabilities :\n\n - A heap overflow when performing painting 

operations on an HTML5 canvas can result in execution of arbitrary code, (KB 966)\n\n - 

An issue with tab focus is open to an attack where it is used to obscure a download dialog 

that is in another tab. The user can be tricked into clicking buttons in the dialog, resulting in 

the downloaded file being executed. (KB 967)\n\n - Certain types of content concerning the 

news feed preview do not have their scripts removed properly, possibly resulting in 

subscription of feeds without the user's consent. (KB 968)\n\nLoading an animated PNG 

image may cause high CPU usage with no response from the browser. 

(CVE-2010-3021)\n\nA memory corruption issue exists when handling an html page with a 

very large SIZE parameter in the SELECT tag. (CVE-2011-1824) 


CVE-2011-1824 

Bugzilla < 3.2.8 / 3.4.8 / 3.6.2 / 3.7.3 Multiple Vulnerabilities 



RISK: 

MEDIUM 






Bugzilla 3.2.x earlier than 3.2.8, 3.4.x earlier than 3.4.8, 3.6.x earlier than 3.6.2, and 3.7.x 

earlier than 3.7.3 are potentially affected by multiple vulnerabilities :\n\n - It is possible to 

(at least partially) determine the membership of any group using the Search interface. 

(CVE-2010-2756).\n\n - It is possible to use the 'sudo' feature without sending a 

notification to the user being impersonated. (CVE-2010-2757)\n\n - The 'Reports' and 

'Duplicates' pages let you guess the name of products you can't see, due to the error 

message that is thrown. (CVE-2010-2758)\n\n - For installations using PostgreSQL, 

specifying "bug X" or "Attachment X" in a comment can deny access to the bug if X is 

larger than the maximum 32-bit signed integer size. (CVE-2010-2759) 

Solution: Upgrade to Bugzilla 3.2.8, 3.4.8, 3.6.2, 3.7.3, or later. 

CVE-2010-2759 

QuickTime < 7.6.7 QuickTimeStreaming.qtx SMIL File Debug Logging Overflow (Windows) 


Description: Synopsis :\n\nThe remote host contains an application that is affected by a stack overflow 

vulnerability.\n\nFor your information, the observed version of QuickTime is 

%L.\n\nVersions of QuickTime earlier than 7.6.7 are potentially affected by a stack 

overflow in the application's error logging when debug logging is enabled. If an attacker 

can trick a user on the host into viewing a specially crafted movie file, he may be able to 

cause an application crash or even execute arbitrary code subject to the user's privileges. 

Note that this issue only affects QuickTime on Windows. 


CVE-2010-1799 



Description: Synopsis :\n\nThe remote web server if vulnerable to a denial-of-service attack.\n\nThe 

remote host is running SquirrelMail, a web-based email client. For your information, the 

observed version of SquirrelMail is %L.\n\nVersions of SquirrelMail earlier than 1.4.21 are 

potentially affected by a denial-of-service vulnerability. By submitting a random login with 

8-bit characters in the password, it is possible to cause SquirrelMail to create a preferences 

file even if the login is not valid. An attacker, exploiting this flaw, could create enough files 

to cause the server to run out of disk space. 

Solution: Upgrade to SquirrelMail 1.4.21 or later. 

CVE-2010-2813 

Zoiper < 2.24 SIP INVITE Request Remote DoS 




RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is vulnerable to a denial-of-service attack.\n\nThe remote 

host is running Zoiper, a cross-platform VoIP solution. For your information, the observed 

library version of Zoiper %L.\n\nVersions of Zoiper earlier than 2.24 Library 5324 are 

potentially affected by a denial-of-service vulnerability because the application fails to 

properly handle specially crafted SIP INVITE Requests. An attacker, exploiting this flaw, 

could potentially crash the affected application. 

Solution: Upgrade to Zoiper 2.24 Library 5324 or later. 

CVE-2009-3704 

Drupal Devel module < 6.x-1.22 Cross-Site Scripting Vulnerability 



cross-site scripting attack.\n\nThe remote web server hosts a Drupal install that uses the 

Devel module, a performance logging component. For your information, the observed 

version of the Devel Module is %L.\n\nVersions of the Drupal Devel module earlier than 

6.x-1.22 are potentially affected by a cross-site scripting vulnerability because the 

application fails to properly sanitize URLs comprised of node paths. A remote attacker with 

the ability to to add URL aliases could exploit this flaw to execute arbitrary script code in a 

user's browser. 

Solution: Upgrade to Drupal Devel module 6.x-1.22 or later. 

CVE-2010-3022 

Drupal OpenID module < 5.x-1.5 Authentication Bypass Vulnerability 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server is hosting a web application that is affected by an 

authentication bypass vulnerability.\n\nThe remote web server hosts a Drupal install that 

uses the OpenID module, a module that allows users to authenticate via OpenID. For your 

information, the observed version of the Drupal OpenID module is %L.\n\nVersions of 

Drupal OpenID module earlier than 5.x-1.5 are potentially affected by an authentication 

bypass vulnerability because the application fails to implement all the required verifications 

from the OpenID 2.0 protocol. A remote attacker, exploiting this flaw, could gain 

unauthorized access to the affected Drupal install. 

Solution: Upgrade to Drupal OpenID module 5.x-1.5 or later. 

CVE-2010-3686 

MySQL Server Failed Login Detection 




Description: The PVS has observed a failed SQL login to an MySQL server. The following UserID has 

just failed to login: %L 

Solution: N/A 

realtimeonly 


Drupal Ubercart Module < 5.x-1.10 / 6.x-2.4 Multiple Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server is hosting a web application that is affected by an 

authentication bypass vulnerability.\n\nThe remote web server hosts a Drupal install that 

uses the Ubercart, an e-commerce module for Drupal CMS. For your information, the 

observed version of Drupal Ubercart module is %L.\n\nVersions of Ubercart earlier than 

5.x-1.10 / 6.x-2.4 are potentially affected by multiple vulnerabilities :\n\n - The 2Checkout 

gateway module does not properly verify payment notification information. Note that this 

module must be enabled for the Drupal install to be affected.\n\n - The Paypal module's 

WPS payment method does not properly verify the payment notification information. Note 

that this module must be enabled for the Drupal install to be affected.\n\n - The Ubercart 

Cart Links module is vulnerable to both an Access Bypass and Cross Site Request Forgery 

where a malicious user can trick other users into adding or removing items from their cart 

and add items to a cart which are not published on the site. Note that this module must be 

enabled for the Drupal install to be affected. 

Solution: Upgrade to Drupal Ubercart Module 5.x-1.10 / 6.x-2.4 or later. 





RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote FTP server is vulnerable to multiple attack vectors.\n\nThe 

remote host is running Serv-U File Server, an FTP Server for Windows. For your 

information, the observed version Serv-U is %L.\n\nVersions of Serv-U earlier than 

10.2.0.0 are potentially affected by multiple vulnerabilities :\n\n - It is possible to create a 

directory, when using virtual paths and various combinations of permissions, where the 

end-user does not have permission to create the directory. Note that this issue was 

introduced in Serv-U 9.2.0.1 and does not affect earlier version.\n\n - Certain web client 

invalid URL parameters could cause the affected application to crash. 




Drupal FileField Source Module < 6.x-1.2 Arbitrary Code Execution 


RISK: 

MEDIUM 



remote code execution attack.\n\nThe remote web server hosts a Drupal install that uses the 

FileField Source module. For your information, the observed version of Drupal FileField 

Sources module is %L.\n\nVersions of FileField Sources earlier than 6.x-1.2 are potentially 

affected by a remote code execution vulnerability because the application fails to properly 

sanitize the file extensions of files that have been transferred from remote servers. 

Solution: Upgrade to Drupal FileField Sources module 6.x-1.2 or later. 

QNX Detection 



Description: The remote host is running the QNX embedded Operating System. 



QNX 'debug' Service Detection 


Description: A QNX 'debug' service is listening on this port. 



QNX qconn Service Detection 


Description: A QNX qconn service is listening on this port. 



QCONN Version Detection 




Description: The remote host is running the QNX embedded operating system. The reported version 

information (via the qconn service) is: %L 

Solution: Verify that the software is up to date 

QNX Detection 



Description: The remote host is running the QNX embedded Operating System. 



CouchDB < 0.11.2 Futon Admin Interface Cross-Site Request Forgery 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote database server is vulnerable to a cross-site request forgery 

attack.\n\nThe remote host is running CouchDB, a document-oriented database. For your 

information, the observed version of CouchDB is %L.\n\nVersions of CouchDB earlier 

than 0.11.2 are potentially affected by a cross-site request forgery vulnerability. The 

application fails to properly sanitize user-supplied input before it is used in the Futon 

administrative interface.\n\n remote attacker could exploit this to execute arbitrary script 

code in the security context of CouchDB's admin interface. 


CVE-2010-2234 

Drupal CCK "Node Reference" Module < 6.x-2.8 Security Bypass Vulnerability 


RISK: 

MEDIUM 



security bypass attack.\n\nThe remote web server hosts a Drupal install that uses the CCK 

"Node Reference" module. Versions of the CCK Module earlier than 6.x-2.8 are potentially 

affected by a security bypass vulnerability. The application provides a backend URL that is 

used for asynchronous requests by the 'autocomplete' widget which fails to correctly check 

that the user had field level access to the source field. 

Solution: Upgrade to Drupal CCK module 6.x-2.8 or later. 









affected by multiple vulnerabilities :\n\nA memory corruption issue with file dialog. (Bug 

45400)\n\nA memory corruption issue with SVGs. (Bug 49596)\n\nAn issue relating to a 

bad cast with text editing. (Bug 49268)\n\n - A possible address bar spoofing vulnerability 

caused by a history bug. (Bug 49964)\n\n - A memory corruption issue in MIME type 

handling. (Bugs 50515, 51835)\n\nA crash on shutdown due to a notifications bug. (Bug 

50553)\n\nOmnibox autosuggest is enabled when a user might be typing a password. (Bug 

51146)\n\nA memory corruption issue in Ruby support. (Bug 51654)\n\nA memory 

corruption issue in Geolocation support. (51670) 


CVE-2010-3120 

Database TDS Failed Login Detection 


Description: The following UserID just failed a SQL login 

Solution: N/A 

realtimeonly 


MySQL Community Server 5.1 < 5.1.49 Multiple Denial of Service Vulnerabilities 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote database server is vulnerable to multiple denial of service 

attacks.\n\nFor your information, the observed version of MySQL Community Server is 

%L.\n\nVersions of MySQL Community Server 5.1 earlier than 5.1.49 are potentially 

affected by multiple vulnerabilities :\n\n - After changing the values of the 

'innodb_file_format' or 'innodb_file_per_table' configuration parameters, DDL statements 

could cause a server crash. (Bug #55039)\n\nJoins involving a table with a unique SET 

column could cause a server crash. (Bug #54575)\n\nIncorrect handling of NULL 

arguments could lead to a crash for IN() or CASE operations when ULL arguments were 

either passed explicitly as arguments (for IN()) or implicitly generated by the WITH 

ROLLUP modifier which could lead to a crash. (Bug #54477)\n\n - A malformed argument 

to the BINLOG statement could result in Valgrind warnings or a server crash. (Bug 

#54393)\n\n - Use of TEMPORARY InnoDB tables with nullabale columns could cause a 

server crash. (Bug #54044)\n\n - The server could crash if there were alternate reads from 

two indexes on a table using the HANDLER interface. (Bug #54007)\n\n - Using 


EXPLAIN with specially crafted queries could lead to a crash. (Bug #52711)\n\n - 'LOAD 

DATA INFILE' did not check for SQL errors and sent an OK packet even when errors were 

already reported. (Bug #52512) 


CVE-2010-3683 

Novell iPrint Client < 5.42 Multiple Vulnerabilities 



vectors.\n\nFor your information, the observed version of Novell iPrint Client is 

%L\n\nVersions of Novell iPrint Client earlier than 5.42 are potentially affected by 

multiple vulnerabilities :\n\n - Due to a flaw in the nipplib.dll module, it may be possible 

for a remote attacker to delete arbitrary files from the remote system via the 

'CleanUploadFiles' method provided by an ActiveX control. (TPTI-10-05)\n\n - By passing 

a specially crafted value to the 'debug' parameter in the ActiveX control ienipp.ocx, it may 

be possible for an attacker to trigger a stack-based buffer overflow, potentially resulting in 

arbitrary code execution within the context of the user running the browser. 

(TPTI-10-06)\n\n - Due to improper validation of plugin parameters, it may be possible for 

an attacker to trigger a buffer overflow condition resulting in arbitrary code execution 

within the context of the user running the browser. (ZDI-10-139)\n\nDue to improper 

validation of plugin parameters it may be possible for an attacker to trigger a stack-based 

buffer overflow, potentially resulting in arbitrary code execution within the context of the 

user running the browser. (ZDI-10-140) 

Solution: Upgrade to Novell iPrint Client 5.42 or later. 

CVE-2010-3109 





%L.\n\nVersions of Novell iPrint Client earlier than 5.44 are potentially affected by 

multiple vulnerabilities :\n\n - A buffer overflow was discovered in how iPrint client 

handles the 'call-back-url' parameter value for a 'op-client-interface-version' operation 

where the 'result-type' parameter is set to 'url'.\n\n - An uninitialized pointer vulnerability in 

ienipp.ocx was discovered and allows an attacker to exploit an issue where the uninitialized 

pointer is called and the process jumps to an address space controllable by the attacker. 


CVE-2010-3105 

Linksys WAP Default Credentials Detection 





credentials\n\nThe remote host is a wireless access point (WAP). This version of Linksys 

shipped with a default userID and password which can be used to gain elevated access to 

the device. In this case, the credentials are Gemtek/gemtekswd . Since these credentials are 

hard coded into the device image, there is not a way to change them via the administrative 

tools. 

Solution: obtain a fix from the vendor 

CVE-2010-1573 

Real Networks RealPlayer SP < 1.1.5 Multiple Vulnerabilities 



vectors.\n\nThe remote host is running RealPlayer, a multi-media application. For your 

information, the observed build of RealPlayer SP is %L.\n\nRealPlayer SP builds earlier 

than 12.0.0.879 are potentially affected by multiple vulnerabilities :\n\n - A RealPlayer 

malformed 'IVR' pointer index code execution vulnerability exists. (CVE-2010-2996, 

CVE-2010-2998)\n\nA RealPlayerActiveX unauthorized file access vulnerability exists. 

(CVE-2010-3002)\n\nA RealPlayer 'QCP' file parsing integer overflow vulnerability exists. 

(CVE-2010-0116)\n\nA vulnerability exists in the way RealPlayer processes the 

dimensions in the 'YUV420' transformation of 'MP4' content. (CVE-2010-0117)\n\nA 

heap-based buffer overflow vulnerability exists in RealPlayer's 'QCP' parsing. 

(CVE-20010-0120)\n\nA vulnerability exists in the ActiveX IE plugin relating to the 

opening of multiple browser windows. (CVE-2010-3001)\n\n - An uninitialized pointer 

vulnerability exists in the CDDA URI ActiveX Control. (CVE-2010-3747) - A remote code 

execution vulnerability exists in RJMDSections. (CVE-210-3750) - A RealPlayer 'QCP' 

parsing heap-based buffer overflow vulnerability exists. (CVE-2010-2578)\n\n - A remote 

code execution issue exists in multiple protocol handlers for the RealPlayer ActiveX 

control. (CVE-2010-3751)\n\n - A stack overflow vulnerability exists in the RichFX 

component. (CVE-2010-3748)\n\n - A paramenter injection vulnerability exists in the 

RecordClip browser extension. (CVE-2010-3749) 

Solution: Upgrade to RealPlayer SP 1.1.5 or later. 

CVE-2010-3751 


VLC Media Player < 1.1.4 Patch Subversion Arbitrary DLL Injection Code Execution 


Description: Synopsis :\n\nThe remote host contains an application that allows arbitrary code 

execution.\n\nThe remote host contains VLC player, a multi-media application. For your 

information, the observed version of VLC is %L.\n\nVersions of VLC media player earlier 

than 1.1.4 are potentially affected by a code execution vulnerability. The application 

insecurely looks in its current working directory when resolving DLL dependencies, such 

as for 'wintab32.dll'. If a malicious DLL with the same name as a required DLL is located 


in the application's current working directory, the malicious DLL will be loaded. 

Solution: Upgrade to VLC Media Player version 1.1.4 or later. 

CVE-2010-3124 

phpMyAdmin 3.x < 3.3.6 Cross-Site Scripting Vulnerability 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server contains a PHP application that is vulnerable to a 

cross-site scripting attack.\n\nFor your information, the observed version of phpMyAdmin 

is %L.\n\nVersions of phpMyAdmin earlier than 3.3.6 are potentially affected by a 

cross-site scripting vulnerability via error messages in PHP backtrace. 

Solution: Upgrade to phpMyAdmin 3.3.6 or later. 







iTunes earlier than 10.0 are potentially affected by multiple vulnerabilities in the WebKit 

component. Note that these issues only affect WebKit for Windows. 


CVE-2010-1793 







affected by multiple vulnerabilities :\n\n - It is possible to bypass the pop-up blocker with a 

blank frame target. (Bug 34414)\n\n - It is possible to visually spoof the URL bar with 

homographic sequences. (Bug 37201)\n\n - Restrictions on setting clipboard content are not 

strict enough. (Bug 41654)\n\n - A stale pointer exists in SVG filters. (Bug 45659)\n\n - It 

may be possible to enumerate installed extensions. (Bug 45876)\n\n - An unspecified 

vulnerability in WebSockets could lead to a browser NULL crash. (Bugs 46750, 51846)\n\n 

- A use-after-free error exists in the Notifications presenter. (Bug 50386)\n\n - An 

unspecified memory corruption issue exists in Notification permissions. (Bug 50839)\n\n - 

Multiple unspecified integer errors exists in WebSockets. (Bugs 51360, 51739)\n\n - A 

memory corruption issue exists with counter nodes. (Bug 51653)\n\n - Chrome may store 


an excessive amount of autocomplete entries. (Bug 51727)\n\n - A stale pointer exists in 

focus handling. (Bug 52433)\n\n - A Sandbox parameter deserialization error exists. (Bug 

52682)\n\n - An unspecified cross-origin image theft issue exists. (Bug 53001) 








%L.\n\nVersions of Safari earlier than 4.1.2 / 5.0.2 are potentially affected by several issues 

in the following component :\n\n - Webkit 


CVE-2010-1807 






of Firefox earlier than 3.5.12 are potentially affected by multiple vulnerabilities :\n\n - 

Multiple memory safety issues that could lead to arbitrary code execution. (MFSA 

2010-49)\n\n - The implementation of the HTML frameset element contains an integer 

overflow vulnerability. (MFSA 2010-50)\n\n - A dangling pointer vulnerability exists in the 

implementation of 'navigator.plugins' in which the 'navigator' object could retain a pointer 

to the plugins array even after it has been destroyed. (MFSA 2010-51)\n\n - Firefox can be 

used to load a malicious code library that has been planted on a victim's computer. (MFSA 

2010-52)\n\n - A heap buffer overflow exists in code routines responsible for transforming 

text runs. (MFSA 2010-53)\n\n - A dangling pointer issue remains leftover from the fix for 

CVE-2010-2753. (MFSA 2010-54)\n\n - XUL '' objects can be manipulated such that 

the setting of certain properties on the object would trigger the removal of the tree from the 

DOM and cause certain sections of deleted memory to be accessed. (MFSA 2010-55)\n\n - 

The implementation of the XUL '' content view contains a dangling pointer 

vulnerability. (MFSA 2010-56)\n\n - The code used to normalize a document contains a 

logical flaw that could be leveraged to run arbitrary code. (MFSA 2010-57)\n\n - A 

specially crafted font can be applied to a document and cause a crash on Mac systems. 

(MFSA 2010-58)\n\n - The wrapper class 'XPCSafeJSObjectWrapper (SJOW) has a logical 

error in its scripted function implementation that allows the caller to run the function within 

the context of another site. (MFSA 2010-60)\n\n - The 'type' attribute of an tag 

can override the charset of a framed HTML document even when the document is included 

across origins. (MFSA 2010-61)\n\n - When an HTML selection containing JavaScript is 

copy-and-pasted or dropped onto a document with designMode enabled, the JavaScript will 


e executed within the context of the site where the code was dropped. (MFSA 

2010-62)\n\n - The 'statusText' property of an 'XMLHttpRequest' object is readable by the 

requestor even when the request is made across origins. (MFSA 2010-63) 


CVE-2010-3169 





of Firefox earlier than 3.6.9 are potentially affected by multiple vulnerabilities :\n\n - 

Multiple memory safety issues that could lead to arbitrary code execution. (MFSA 

2010-49)\n\n - The implementation of the HTML frameset element contains an integer 

overflow vulnerability. (MFSA 2010-50)\n\n - A dangling pointer vulnerability exists in the 

implementation of 'navigator.plugins' in which the 'navigator' object could retain a pointer 

to the plugins array even after it has been destroyed. (MFSA 2010-51)\n\n - Firefox can be 

used to load a malicious code library that has been planted on a victim's computer. (MFSA 

2010-52)\n\n - A heap buffer overflow exists in code routines responsible for transforming 

text runs. (MFSA 2010-53)\n\n - A dangling pointer issue remains leftover from the fix for 

CVE-2010-2753. (MFSA 2010-54)\n\n - XUL '' objects can be manipulated such that 

the setting of certain properties on the object would trigger the removal of the tree from the 

DOM and cause certain sections of deleted memory to be accessed. (MFSA 2010-55)\n\n - 

The implementation of the XUL '' content view contains a dangling pointer 

vulnerability. (MFSA 2010-56)\n\n - The code used to normalize a document contains a 

logical flaw that could be leveraged to run arbitrary code. (MFSA 2010-57)\n\n - A 

specially crafted font can be applied to a document and cause a crash on Mac systems. 

(MFSA 2010-58)\n\n - The wrapper class 'XPCSafeJSObjectWrapper' (SJOW) creates 

scope chains ending in outer objects. (MFSA 2010-59)\n\n - The 'type' attribute of an 

tag can override the charset of a framed HTML document even when the 

document is included across origins. (MFSA 2010-61)\n\n - When an HTML selection 

containing JavaScript is copy-and-pasted or dropped onto a document with designMode 

enabled, the JavaScript will be executed within the context of the site where the code was 

dropped. (MFSA 2010-62)\n\n - The 'statusText' property of an 'XMLHttpRequest' object is 

readable by the requestor even when the request is made across origins. (MFSA 2010-63) 


CVE-2010-3169 


Thunderbird < 3.0.x < 3.0.7 Multiple Vulnerabilities 




%L.\n\nVersions of Thunderbird earlier than 3.0.7 are potentially affected by multiple 


vulnerabilities :\n\n - Multiple memory safety issues that could lead to arbitrary code 

execution. (MFSA 2010-49)\n\n - The implementation of the HTML frameset element 

contains an integer overflow vulnerability. (MFSA 2010-50)\n\n - A dangling pointer 

vulnerability exists in the implementation of 'navigator.plugins' in which the 'navigator' 

object could retain a pointer to the plugins array even after it has been destroyed. (MFSA 

2010-51)\n\n - Thunderbird can be used to load a malicious code library that has been 

planted on a victim's computer. (MFSA 2010-52)\n\n - A heap buffer overflow exists in 

code routines responsible for transforming text runs. (MFSA 2010-53)\n\n - A dangling 

pointer issue remains leftover from the fix for CVE-2010-2753. (MFSA 2010-54)\n\n - 

XUL '' objects can be manipulated such that the setting of certain properties on the 

object would trigger the removal of the tree from the DOM and cause certain sections of 

deleted memory to be accessed. (MFSA 2010-55)\n\n - The implementation of the XUL 

'' content view contains a dangling pointer vulnerability. (MFSA 2010-56)\n\n - The 

code used to normalize a document contains a logical flaw that could be leveraged to run 

arbitrary code. (MFSA 2010-57)\n\n - A specially crafted font can be applied to a document 

and cause a crash on Mac systems. (MFSA 2010-58)\n\n - The wrapper class 

'XPCSafeJSObjectWrapper (SJOW) has a logical error in its scripted function 

implementation that allows the caller to run the function within the context of another site. 

(MFSA 2010-60)\n\n - The 'type' attribute of an tag can override the charset of a 

framed HTML document even when the document is included across origins. (MFSA 

2010-61)\n\n - When an HTML selection containing JavaScript is copy-and-pasted or 

dropped onto a document with designMode enabled, the JavaScript will be executed within 

the context of the site where the code was dropped. (MFSA 2010-62)\n\n - The 'statusText' 

property of an 'XMLHttpRequest' object is readable by the requestor even when the request 

is made across origins. (MFSA 2010-63) 


CVE-2010-3169 

Thunderbird < 3.1.3 Multiple Vulnerabilities 





%L.\n\nVersions of Thunderbird earlier than 3.1.3 are potentially affected by multiple 






2010-51)\n\n - Thunderbird can be used to load a malicious code library that has been 











and cause a crash on Mac systems. (MFSA 2010-58)\n\n - The wrapper class 

'XPCSafeJSObjectWrapper' (SJOW) creates scope chains ending in outer objects. (MFSA 

2010-59)\n\n - The 'type' attribute of an tag can override the charset of a framed 

HTML document even when the document is included across origins. (MFSA 2010-61)\n\n 

- When an HTML selection containing JavaScript is copy-and-pasted or dropped onto a 

document with designMode enabled, the JavaScript will be executed within the context of 

the site where the code was dropped. (MFSA 2010-62)\n\n - The 'statusText' property of an 

'XMLHttpRequest' object is readable by the requestor even when the request is made across 

origins. (MFSA 2010-63) 


CVE-2010-3169 





%L.\n\nVersions of SeaMonkey earlier than 2.0.7 are potentially affected by multiple 






2010-51)\n\n - SeaMonkey can be used to load a malicious code library that has been 










and cause a crash on Mac systems. (MFSA 2010-58)\n\n - The 'type' attribute of an 

tag can override the charset of a framed HTML document even when the 

document is included across origins. (MFSA 2010-61)\n\n - When an HTML selection 

containing JavaScript is copy-and-pasted or dropped onto a document with designMode 

enabled, the JavaScript will be executed within the context of the site where the code was 

dropped. (MFSA 2010-62)\n\n - The 'statusText' property of an 'XMLHttpRequest' object is 

readable by the requestor even when the request is made across origins. (MFSA 2010-63) 


CVE-2010-3169 



Opera < 10.62 Path Subversion Arbitrary DLL Injection Code Execution 


Description: Synopsis :\n\nThe remote host has a web browser that is affected by an arbitrary code 

execution vulnerability.\n\nThe remote host is running the Opera web browser. For your 

information, the observed version of Opera is %L.\n\nVersions of Opera earlier than 10.62 

may unintentionally load malicious DLL files and execute arbitrary code due to Opera's 

DLL search methods. (970) 



Squid < 3.1.8 / 3.2.0.2 NULL Pointer Dereference Denial of Service Vulnerability 


RISK: 

MEDIUM 



remote host is running Squid, a web proxy application. For your information, the observed 

version of Squid is %L.\n\nVersions of Squid earlier than 3.1.8 / 3.2.0.2 are potentially 

affected by a denial of service vulnerability caused by an internal error in its string 

handling. A remote attacker, exploiting this flaw, could crash the affected service. 

Solution: Upgrade to Squid version 3.1.8, 3.2.0.2, or later. 

CVE-2010-3072 

Samba 3.x < 3.5.5 / 3.4.9 / 3.3.14 sid_parse Buffer Overflow 


Description: Synopsis :\n\nThe remote Samba server is affected by a buffer overflow 

vulnerability.\n\nFor your information, the observed version of Samba is 

%L.\n\nAccording to its banner, the version of Samba 3.x running on the remote host is 

earlier than 3.5.5. The 'sid_parse()' and related 'dom_sid_parse()' functions in such versions 

fail to correctly check their input lengths when reading a binary representation of a 

Windows SID (Security ID). An attacker who is able to get a connection to a file share, 

either authenticated or via a guest connection, can leverage this issue to launch a stack 

buffer overflow attack against the affected smbd service and possibly execute arbitrary 

code. 

Solution: Either apply one of the patches referenced in the project's advisory or upgrade to 3.5.5 / 

3.4.9 / 3.3.14 or later. 

CVE-2010-3069 






vectors.\n\nFor your information, the observed version of Google Chrome is 

%L.\n\nVersions of Google chrome earlier than 6.0.472.59 are potentially affected by 

multiple vulnerabilities :\n\n - A use-after-free error exists when using document APIs 

during parse. (Bug 50250)\n\n - A use-after-free error exists in SVG styles. (Bug 

50712)\n\n - A use-after-free error exists with nested SVG elements. (Bug 51252)\n\n - A 

possible browser assert exists in cursor handling. (Bug 51709)\n\n - A race condition exists 

in console handling. (Bug 51919)\n\n - An unlikely browser crash exists in pop-up 

blocking. (Bug 53176)\n\n - Bug 45400 is incorrectly fixed on Mac. (Bug 53361)\n\n - A 

memory corruption error exists in Geolocation. (Bug 53394)\n\n - A memory corruption 

issue exists in Khmer handling. Note that this only affects Chrome for Linux. (Bug 

53930)\n\n - An error exists because Chrome fails to prompt for extension history access. 

(Bug 54006) 


CVE-2010-3417 

QuickTime < 7.6.8 Multiple Vulnerabilities (Windows) 



vectors.\n\nFor your information, the observed version of QuickTime is %L.\n\nVersions 

of QuickTime earlier than 7.6.8 are potentially affected by multiple vulnerabilities :\n\nAn 

input validation issue in the QTPlugin.ocx ActiveX control could allow an attacker to force 

the application to jump to a location in memory controlled by the attacker through the 

optional '_Marshaled_pUnk' parameter and in turn to execute remote code under the 

context of the user running the web browser. (CVE-2010-1818)\n\n - QuickTime Picture 

Viewer uses a fixed path to look for specific files or libraries, such as 'cfnetwork.dll' and 

'corefoundation.dll', and this path includes directories that may not be trusted or under user 

control. If an attacker places a maliciously crafted DLL in the same directory as an image 

file, opening the image file with QuickTime Picture Viewer will cause the malicious DLL 

to be loaded. (CVE-2010-1819) 


CVE-2010-1819 

Squid 3.1.6 DNS Replay Denial of Service 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote proxy server is vulnerable to a denial-of-service attack.\n\nFor 

your information, the observed version of Squid is %L.\n\nSquid 3.1.6 is potentially 

affected by a denial of service vulnerability that is caused by an assertion failure when 

contacting IPv4-only DNS resolvers. 

Solution: Upgrade to Squid 3.1.7 or later. 



CVE-2010-2951 

HP System Management Homepage < 6.2 Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote web server is vulnerable to multiple attack vectors.\n\nThe 

remote host is running HP System Management Homepage (HPSMH), a web-based 

interface for managing individual ProLiant and Integrity servers. For your information, the 

observed version of HP System Management Homepage is %L.\n\nVersions of HP System 

Management Homepage earlier than 6.2 are potentially affected by the following 

vulnerabilities :\n\n - Session renegotiations are not handled properly, which could be 

exploited to insert arbitrary plaintext in a man-in-the-middle attack. (CVE-2009-3555)\n\n - 

An attacker may be able to upload files using a POST request with 'multipart/form-data' 

content even if the target script doesn't actually support file uploads per se. 

(CVE-2009-4017)\n\n - PHP's 'proc_open' function can be abused to bypass 

'safe_mode_allowed_env_vars' and 'safe_mode_protected_env_vars' directives. 

(CVE-2009-4018)\n\n - PHP does not properly protect session data as relates to interrupt 

corruption of '$_SESSION' and the 'session.save_path' directive. (CVE-2009-4143)\n\n - 

An information disclosure vulnerability exists in Apache's mod_proxy_ajp, 

mod_reqtimeout, and mod_proxy_http relating to timeout conditions. Note that this issue 

only affects HPSMH on Windows. (CVE-2010-2068)\n\n - An as-yet unspecified 

information disclosure vulnerability may allow an authorized user to gain access to 

sensitive information, which in turn could be leveraged to obtain root access on Linux 

installs of HPSMH. (CVE-2010-3009)\n\n - There is an as-yet unspecified XSS issue. 

(CVE-2010-3011)\n\n - There is an as-yet unspecified HTTP response splitting issue. 

(CVE-2010-3011)\nIAVA Reference : 2011-A-0107\nIAVB Reference : 


Solution: Upgrade to HP System Management Homepage 6.2.0 or later. 

CVE-2010-3284 

Nagios XI < 2009R1.3B Multiple Unspecified XSS 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server is hosting a web application that is vulnerable to 

multiple cross-site scripting attacks.\n\nFor your information, the observed version of 

Nagios XI installed on the remote host is %L.\n\nVersions of Nagios XI earlier than 

2009R1.3B are potentially affected by multiple unspecified cross-site scripting 

vulnerabilities in the status and dashboard pages. 

Solution: Upgrade to Nagios 2009R1.3B or later. 









multiple vulnerabilities :\n\n - It is possible to execute arbitrary code via the Adobe Flash 

Player plugin. (CVE-2010-2884)\n\n - There is a bad cast wit malformed SVGs. 

(55114)\n\n - The buffer is mismanaged in the SDPY protocol. (55119)\n\n - A cross-origin 

property pollution issue exists. (55350) 


CVE-2010-3730 

Flash Player Unspecified Code Execution (APSB10-22) 


Description: Synopsis :\n\nThe remote host contains a browser plug-in that is vulnerable to a code 

execution attack.\n\nThe remote host has Adobe Flash Player installed. For your 

information, the observed version of Adobe Flash Player is %L.\nVersions of Flash Player 

9.x earlier than 9.0.283 and 10.x earlier than 10.1.85.3 are potentially affected by an 

unspecified code execution vulnerability. 


CVE-2010-2884 

Syncrify < 2.1 Build 420 Multiple Security Bypass Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server is hosting a web application that is affected by 

multiple security bypass vulnerabilities.\n\nThe remote web server is hosting Syncrify, a 

web-based incremental backup application.\n\nFor your information, the observed version 

of Syncrify is %L.\n\nVersions of Syncrify earlier than 2.1 Build 420 are potentially 

affected by multiple security bypass vulnerabilities :\n\n - The application fails to restrict 

access to the password management page and allows users to change the administrator's 

password by directly accessing that page.\n\n - It is possible for users to browse and 

download unauthorized files by accessing them directly. 

Solution: Upgrade to Syncrify 2.1 Build 420 or later. 


ClamAV < 0.96.3 Denial-of-Service Vulnerability 






Versions of ClamAV earlier than 0.96. are potentially affected by a denial-of-service 

vulnerability because the application fails to properly handle specially crafted PDF files. 

An attacker, exploiting this flaw, can crash the affected service.\nIAVB Reference : 

2010-B-0083\nSTIG Finding Severity : Category II 


CVE-2010-3434 

BIND 9.7 < 9.7.2 P2 Multiple Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote DNS server is vulnerable to multiple attack vectors.\n\nThe 

remote host is running BIND, and open source name server. For your information, the 

observed version of BIND is %L.\n\nVersions of BIND 9.7 earlier than 9.7.2 P2 are 

potentially affected by multiple vulnerabilities :\n\n - If BIND, acting as a DNSSEC 

validating server, has two or more trust anchors configured in named.conf for the same 

zone and the response for a record in that zone from the authoritative server includes a bad 

signature, the validating server will crash while trying to validate the query.\n\n - A flaw 

exists that allows access to a cache via recursion even if the ACL disallows it. 

Solution: Upgrade to BIND 9.7.1 P2 or later. 

CVE-2010-3762 

Web Server Parameters (POST) 


Description: The following parameters are used by the web application 

Solution: N/A 

realtimeonly 


Web Server Parameters (GET) 


Description: The following parameters are used by the web application 

Solution: N/A 

realtimeonly 




Mantis 1.2.x < 1.2.3 Cross-Site Scripting Vulnerability 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server is hosting a web application that is vulnerable to 

multiple cross-site scripting attacks.\n\nThe remote web server is hosting Mantis, an open 

source bugtracking application written in PHP. For your information, the observed version 

of Mantis is %L.\n\nVersions of Mantis 1.2.x prior to 1.2.3 are potentially affected by 

multiple cross-site scripting vulnerabilities :\n\n - A cross-site scripting issue exists when 

viewing the Summary page. (Bug 0012309)\n\n - A cross-site scripting issue exists in 

print_all_bug_page_word.php when printing project and category names. (Bug 

0012238)\n\n - Multiple cross-site scripting issues exist which relate to custom field 

enumeration values. (Bug 0012232)\n\n - A cross-site scripting vulnerability exists when 

deleting maliciously named categories. (Bug 012230)\n\n - A cross-site scripting issue 

exists in NuSOAP WSDL. (Bug 0012312) 

Solution: Upgrade to Mantis 1.2.3 or later. 

CVE-2010-3070 



RISK: 

MEDIUM 



your information, the observed version of MySQL Community Server is %L.\n\nVersions 

of MySQL Community Server 5.1 earlier than 5.1.51 are potentially affected by multiple 

vulnerabilities :\n\n - A privilege escalation vulnerability exists when using 

statement-based replication. Version specific comments used on a master server with a 

lesser release version than its slave can allow the MySQL privilege system on the slave 

server to be subverted. (49124)\n\n - The improper handling of type errors during argument 

evaluation in extreme-value functions, e.g., 'LEAST()' or 'GREATEST()' caused server 

crashes. (55826)\n\n - The creation of derived tables needing a temporary grouping table 

caused server crashes. (55568)\n\n - The re-evaluation of a user-variable assignment 

expression after the creation of a temporary table caused server crashes. (55564)\n\n - The 

pre-evaluation of 'LIKE' predicates while preparing a view caused server crashes. 

(54568)\n\n - The use of 'GROUP_CONCAT()' and 'WITH ROLLUP' caused server 

crashes. (54476)\n\n - The use of an intermediate temporary table and queries containing 

calls to 'GREATEST()' or 'LEAST()', having a list of both numeric and 'LONGBLOB' 

arguments, caused server crashes. (54461)\n\n - The use of nested joins in prepared 

statements or stored procedures could result in infinite loops. (53544) 


CVE-2010-3840 








affected by multiple vulnerabilities :\n\n - It is possible to bypass cross-domain checks, and 

allow partial data theft by using CSS. (971)\n\n - It is possible to spoof the page address by 

modifying the size of the browser window. (972)\n\n - Carefully timed reloads and 

redirects could allow spoofing and cross-site scripting attacks. Using this XSS vector it 

may be possible to modify Opera's configuration, which could allow arbitrary code 

execution on the remote system. (973)\n\n - It is possible to intercept private video streams. 

(974)\n\n - An error while displaying invalid URL's could allow cross-site scripting attacks. 

(976) 


CVE-2010-4050 

iDisk User Enumeration 


Description: The remote client is running an Apple application which stores and synchronizes files 

online via the MobileMe web application. A part of the MobileMe suite includes 'iDisk', a 

virtual hard drive which is used to store data files from multiple Apple devices in a single 

location. Users accessing MobileMe pass their user information in plain text across the 

network. The following UserID and "realm" were logged by the PVS: \n %L 









multiple vulnerabilities :\n\n - It is possible to spam profiles via autofill / autocomplete. 

(48225, 51727)\n\n - An unspecified crash exists relating to forms. (48857)\n\n - A browser 

crash exists relating to form autofill. (50428)\n\n - It is possible to spoof the URl on page 

unload. (51680)\n\n - It is possible to bypass the pop-up blocker. (53002)\n\n - A crash on 

shutdown exists relating got Web Sockets. (53985)\n\n - A possible memory corruption 

exists with animated GIF files. (54500)\n\n - Stale elements exist in the element map. 

(56451) 



CVE-2010-4042 

Mozilla Firefox 3.5.x < 3.5.14 Multiple Vulnerabilities 



attack vectors.\n\nFor your information, the observed version of Firefox is 

:%L.\n\nVersions of Firefox 3.5.x earlier than 3.5.14 are potentially affected by multiple 

vulnerabilities :\n\n - Multiple memory safety bugs could lead to memory corruption, 

potentially resulting in arbitrary code execution. (MFSA 2010-64)\n\n - By passing an 

excessively long string to 'document.write' it may be possible to trigger a buffer overflow 

condition resulting in arbitrary code execution on the remote system. (MFSA 2010-65)\n\n 

- A use-after-free error in nsBarProp could allow arbitrary code execution on the remote 

system. (MFSA 2010-66)\n\n - A dangling pointer vulnerability in LookupGetterOrSetter 

could allow arbitrary code execution. (MFSA 2010-67)\n\n - The Gopher parser is affected 

by a cross-site scripting vulnerability. (MFSA 2010-68)\n\n - It is possible to steal 

information from a site in a different domain using modal calls. (MFSA 2010-69)\n\n - It is 

possible to establish a valid SSL connection to a remote host, provided the SSL certificate 

was created with a common name containing a wild card followed by the partial IP address 

of the remote host. (MFSA 2010-70)\n\n - A function used to load external libraries on the 

Windows platform could allow loading of unsafe DLL's thus allowing binary planting 

attack. (MFSA 2010-71)\n\n - The SSL implementation allows servers to use 

Diffie-Hellman mode (DHE) with a very short key length. Such key lengths could be easily 

breakable with modern hardware. (MFSA 2010-72) 


CVE-2010-3183 

























CVE-2010-3183 

Mozilla Thunderbird 3.0.x < 3.0.9 Multiple Vulnerabilities 




:%L.\n\nVersions of Thunderbird 3.0.x earlier than 3.0.9 are potentially affected by 

multiple vulnerabilities :\n\n - Multiple memory safety bugs could lead to memory 

corruption, potentially resulting in arbitrary code execution. (MFSA 2010-64)\n\n - By 

passing an excessively long string to 'document.write' it may be possible to trigger a buffer 

overflow condition resulting in arbitrary code execution on the remote system. (MFSA 

2010-65)\n\n - A use-after-free error in nsBarProp could allow arbitrary code execution on 

the remote system. (MFSA 2010-66)\n\n - A dangling pointer vulnerability in 

LookupGetterOrSetter could allow arbitrary code execution. (MFSA 2010-67)\n\n - It is 

possible to steal information from a site in a different domain using modal calls. (MFSA 

2010-69)\n\n - It is possible to establish a valid SSL connection to a remote host, provided 

the SSL certificate was created with a common name containing a wild card followed by 

the partial IP address of the remote host. (MFSA 2010-70)\n\n - A function used to load 

external libraries on the Windows platform could allow loading of unsafe DLL's thus 

allowing binary planting attack. (MFSA 2010-71)\n\n - The SSL implementation allows 

servers to use Diffie-Hellman mode (DHE) with a very short key length. Such key lengths 

could be easily breakable with modern hardware. (MFSA 2010-72) 

Solution: Upgrade to Thunderbird 3.0.9 or later. 

CVE-2010-3183 







multiple vulnerabilities :\n\n - Multiple memory safety bugs could lead to memory 

corruption, potentially resulting in arbitrary code execution. (MFSA 2010-64)\n\n - By 

passing an excessively long string to 'document.write' it may be possible to trigger a buffer 

overflow condition resulting in arbitrary code execution on the remote system. (MFSA 

2010-65)\n\n - A use-after-free error in nsBarProp could allow arbitrary code execution on 

the remote system. (MFSA 2010-66)\n\n - A dangling pointer vulnerability in 

LookupGetterOrSetter could allow arbitrary code execution. (MFSA 2010-67)\n\n - It is 

possible to steal information from a site in a different domain using modal calls. (MFSA 

2010-69)\n\n - It is possible to establish a valid SSL connection to a remote host, provided 


the SSL certificate was created with a common name containing a wild card followed by 

the partial IP address of the remote host. (MFSA 2010-70)\n\n - A function used to load 

external libraries on the Windows platform could allow loading of unsafe DLL's thus 

allowing binary planting attack. (MFSA 2010-71)\n\n - The SSL implementation allows 

servers to use Diffie-Hellman mode (DHE) with a very short key length. Such key lengths 

could be easily breakable with modern hardware. (MFSA 2010-72) 


CVE-2010-3183 

Mozilla SeaMonkey 2.0.x < 2.0.9 Multiple Vulnerabilities 




:%L.\n\nVersions of SeaMonkey 2.0.x earlier than 2.0.9 are potentially affected by multiple 


















CVE-2010-3183 

HTTP File Upload Detection 

PVS ID: 5686 FAMILY: Data Leakage RISK: NONE NESSUS ID:Not Available 

Description: The following file was just uploaded via HTTP: \n %L 

realtime 

Solution: N/A 




XMPP Client Detection 


Description: The following host is an XMPP client. The client application which is using XMPP is:\n 

%L 

Solution: N/A 

LDAP Server Detection 



Description: The remote host is an LDAP server 

Solution: Ensure that this server is authorized with respect to Corporate standards and policies. 


Winamp < 5.59 Build 3033 Multiple Vulnerabilities 





than 5.59 build 3033 are potentially affected by multiple vulnerabilities :\n\n - Winamp 

loads libraries in an insecure manner. (CVE-2010-3137)\n\n - An integer overflow 

vulnerability exists in the 'in_mkv.dll' plugin when parsing MKV content.\n\n - A 

heap-based buffer overflow vulnerability exists in the 'in_midi.dll' plugin when parsing 

MIDI content.\n\n - A stack-based buffer overflow vulnerability exists in the 'in_mod.dll' 

plugin when parsing Multitracker Module files.\n\n - A heap-based buffer overflow 

vulnerability exists in the 'in_nsv.dll' plugin when parsing NSV content.\n\n - A heap-based 

buffer overflow vulnerability exists when parsing VP6 video content. 

Solution: Upgrade to Winamp 5.59 build 3033 or later. 

CVE-2010-3137 


Mozilla Firefox 3.5.x < 3.5.15 Buffer Overflow Vulnerability 


Description: Synopsis :\n\nThe remote host has a web browser installed that is vulnerable to a buffer 

overflow attack.\n\nFor your information, the observed version of Firefox is 

:%L.\n\nVersions of Firefox 3.5.x earlier than 3.5.15 are potentially affected by a buffer 

overflow vulnerability when mixing 'document.write()' and DOM insertions. (MFSA 

2010-73) 



CVE-2010-3765 

Mozilla Firefox 3.6.x < 3.6.12 Buffer Overflow Vulnerability 



overflow attack.\n\nFor your information, the observed version of Firefox is 

:%L.\n\nVersions of Firefox 3.6.x earlier than 3.6.12 are potentially affected by a buffer 


2010-73) 


CVE-2010-3765 

Mozilla Thunderbird 3.0.x < 3.0.10 Buffer Overflow Vulnerability 



overflow attack.\n\nFor your information, the observed version of Thunderbird is 

:%L.\n\nVersions of Thunderbird 3.0.x earlier than 3.0.10 are potentially affected by a 

buffer overflow vulnerability when mixing 'document.write()' and DOM insertions. (MFSA 

2010-73) 


CVE-2010-3765 

Mozilla Thunderbird 3.1.x < 3.1.6 Buffer Overflow Vulnerability 



overflow attack.\n\nFor your information, the observed version of Thunderbird is 

:%L.\n\nVersions of Thunderbird 3.1.x earlier than 3.1.6 are potentially affected by a buffer 


2010-73) 


CVE-2010-3765 


Mozilla SeaMonkey 2.0.x < 2.0.10 Buffer Overflow Vulnerability 




overflow attack.\n\nFor your information, the observed version of SeaMonkey is 

:%L.\n\nVersions of SeaMonkey 2.0.x earlier than 2.0.10 are potentially affected by a 

buffer overflow vulnerability when mixing 'document.write()' and DOM insertions. (MFSA 

2010-73) 


CVE-2010-3765 

YouSendIt Client Detection 


Description: The remote client is utilizing the 'YouSendIt' service. YouSendIt allows users to send 

large attachments via email. YouSendIt is a web-based service. Given this, internal 

corporate users can use this service to bypass outbound mail scrutiny. The reported 

license and version number is : \n %L 

Solution: Ensure that such usage is in alignment with Corporate policies regarding remote access 




Description: The remote host issued the following POST request : \n%L 

Solution: N/A 


realtimeonly 



Description: The remote host is running Firesheep, an application used to sniff confidential data 

from an insecure network. 

Solution: Ensure that this software is authorized 








%L.\n\nVersions of Google Chrome earlier than 7.0.517.44 are potentially affected by 

multiple vulnerabilities :\n\n - A use-after-free error exists in text editing. (51602)\n\n - A 

memory corruption error exists relating to enormous text area. (55257)\n\n - A bad cast 

exists with the SVG use element. (58657)\n\n - An invalid memory read exists in XPath 

handling. (58731)\n\n - A use-after-free error exists in text-control-selections. (58741)\n\n - 

Multiple integer overflows exists in font handling. (59320)\n\n - A memory corruption 

issue exists in libvpx. (60055)\n\n - A bad use of a destroyed frame object exists. 

(60238)\n\n - Multiple type confusions exists with event objects. (60327, 60769, 

61255)\n\n - An out-of-bounds array access exists in SVG handling. (60688) 


CVE-2010-4206 

Flash Player < 9.0.289 / 10.1.102.64 Multiple Vulnerabilities (APSB10-26) 




the observed version of Adobe Flash Player is %L.\nVersions of Flash Player 9.x earlier 

than 9.0.289 and 10.x earlier than 10.1.102.64 are potentially affected by multiple 

vulnerabilities :\n\n - A memory corruption vulnerability exists that could lead to code 

execution. Note that there are reports that this is being actively exploited in the wild. 

(CVE-2010-3654)\n\n - An input validation issue exists that could lead to a bypass of 

cross-domain policy file restrictions with certain server encodings. (CVE-2010-3636)\n\n - 

A memory corruption vulnerability exists in the ActiveX component. 

(CVE-2010-3637)\n\n - An unspecified information disclosure vulnerability exists. Note 

that this issue only affects Flash Player on Safari. (CVE-2010-3638)\n\n - An unspecified 

issue exists which could lead to a denial-of-service or potentially arbitrary code execution. 

(CVE-2010-3639)\n\n - Multiple memory corruption issues exists that could lead to 

arbitrary code execution. (CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, 


CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652)\n\n - A 

library-loading vulnerability could lead to code execution. (CVE-2010-3639) 


CVE-2010-3976 




RISK: 

MEDIUM 






Bugzilla 3.2.x earlier than 3.2.9, 3.4.x earlier than 3.4.9, and 3.6.x earlier than 3.6.3 are 

potentially affected by multiple vulnerabilities :\n\n - By inserting a certain string into a 

URL, it is possible to inject both headers and content to any browser that supports "Server 

Push". (CVE-2010-3172)\n\n - The Charts system generates graphs with predictable names 

into the 'graphs/' directory, which can also be browsed to see its contents. 

(CVE-2010-3764)\n\n - YUI 2.8.1 is vulnerable to a cross-site scripting vulnerability in 

certain .swf files. 

Solution: Upgrade to Bugzilla 3.2.9, 3.4.9, 3.6.3 or later. 

CVE-2010-3764 

Microsoft Executable in Transit Detection 


Description: Synopsis :\n\nThe remote host may be compromised\n\nThis service appears to send a 

Microsoft Windows executable when a connection to it is established. This may be 

evidence of some malware which are known to propagate in this manner 

realtime 

Solution: Check the host and disinfect / reinstall it if necessary. 


SmartFTP Directory Traversal Vulnerability 

PVS ID: 5702 FAMILY: FTP Clients RISK: HIGH NESSUS ID:Not Available 

Description: Synopsis :\n\nThe remote host has a FTP client installed that is vulnerable to a directory 

traversal attack\n\nThe remote host is running SmartFTP, a FTP client for Windows. For 

your information, the observed version of SmartFTP is %L\n\nVersions of SmartFTP 

earlier than 4.0.1124 are potentially affected by a directory traversal vulnerability. An 

attacker, exploiting this flaw, could trick a user into downloading a malicious file into a 

user's Startup folder. 

Solution: Upgrade to SmartFTP 4.0.1124 or later. 

CVE-2010-3099 

SmartFTP filename Unspecified Vulnerability 


PVS ID: 5703 FAMILY: FTP Clients RISK: HIGH NESSUS ID:50575 

Description: Synopsis :\n\nThe remote host has a FTP client installed that is affected by an unspecified 

vulnerability.\n\nThe remote host is running SmartFTP, a FTP client for Windows. For 

your information, the observed version of SmartFTP is %L\n\nVersions of SmartFTP 

earlier than 4.0.1142 are potentially affected by an unspecified vulnerability relating to 

filenames. 


Solution: Upgrade to SmartFTP 4.0.1142 or later. 


Adobe Flash Media server < 3.0.7 / 3.5.5 / 4.0.1 Multiple Vulnerabilities (APSB10-27) 



is running Adobe Flash Media Server. For your information, the observed version of Adobe 

Flash Media Server is %L.\n\nVersions of Adobe Flash Media Server earlier than 3.0.7, 

3.5.5, or 4.0.1 are potentially affected by multiple vulnerabilities :\n\n - The server is 

vulnerable to a denial of service attack due to an unspecified memory leak error. 

(CVE-2010-3633)\n\n - The server is vulnerable to a denial of service attack due to an 

unspecified error in the server's 'edge process'. (CVE-2010-3634)\n\n - An unspecified error 

exists which can allow an attacker to cause a segmentation fault and may lead to arbitrary 


Solution: Upgrade to Flash Media Server 3.0.7, 3.5.5, 4.0.1, or later. 

CVE-2010-3635 




issues.\n\nFor your information, the observed version of Mac OS X is %L.\n\nVersions of 

Mac OS X 10.6 earlier than 10.6.5 are potentially affected by multiple vulnerabilities. Mac 

OS X 10.6.5 contains security fixes for the following products :\n\n - AFP Server\n\n - 

Apache mod_perl\n\n - Apache\n\n - AppKit\n\n - ATS\n\n - CFNetwork\n\n - 

CoreGraphics\n\n - CoreText\n\n - CUPS\n\n - Directory Services\n\n - 

diskdev_cmds\n\nDisk Images\n\n - Flash Player plug-in\n\n - gzip\n\n - Image Capture\n\n 

- ImageIO\n\n - Image RAW\n\n - Kernel\n\n - MySQL\n\n - neon\n\n - Networking\n\n - 

OpenLDAP\n\n - OpenSSL\n\n - Password Server\n\n - PHP\n\n - Printing\n\n - python\n\n 

- QuickLook\n\n - QuickTime\n\n - Safari RSS\n\n - Time Machine\n\n - Wiki Server\n\n - 

X11\n\n - xar 


CVE-2010-3976 

Microsoft Executable in Transit Detection (Client) 



Description: Synopsis :\n\nThe remote host may be compromised\n\nThis client connected to a server 

and immediately downloaded an executable. This may be evidence of some malware which 

are known to propagate in this manner 


ealtime 

Solution: Check the host and disinfect / reinstall it if necessary. 


MaxDB User Login Detection 


Description: The following user just logged into the SAP MaxDB database: %L 

Solution: N/A 

Ricoh Printer Detection 



Description: The remote host is a Ricoh printer version %L 

Solution: N/A 



Real Networks RealPlayer < 14.0.1.609 (Build 12.0.1.609) Multiple Vulnerabilities 




information, the observed build of RealPlayer is %L.\n\nRealPlayer builds earlier than 

12.0.1.609 are potentially affected by vulnerabilities :\n\n - An uncontrolled array index 

vulnerability exists in RealMedia media properties. (CVE-2010-4384)\n\n - A heap 

overflow vulnerability exists in multi-rate audio handling. (CVE-2010-4375)\n\n - A heap 

corruption vulnerability exists in the SMIL file format StreamTitle. (CVE-2010-2997)\n\n - 

An integer overflow exists in AAC MLLT Atom parsing. (CVE-2010-2999)\n\n - An 

integer overflow exists in AAC TIT2 Atom parsing. (CVE-2010-4397)\n\n - A heap 

overflow vulnerability exists in RTSP GIF parsing. (CVE-2010-4376)\n\n - A heap 

corruption vulnerability exist in the Cook Audio Codec. (CVE-2010-4377)\n\n - A heap 

corruption vulnerability exists in RV20 parsing. (CVE-2010-4378)\n\n - An error exists in 

the Cook codec initialization function. (CVE-2010-0121)\n\n - A memory access 

vulnerability exists in the Cook codec relating to an uninitialized number of channels. 

(CVE-2010-2579)\n\n - An unspecified vulnerability exists in AAC spectral data parsing. 

(CVE-2010-0125)\n\n - A heap overflow vulnerability exists in SIPR. 

(CVE-2010-4379)\n\n - A heap overflow exists in SOUND. (CVE-2010-4380)\n\n - A heap 

overflow exists in AAC. (CVE-2010-4381)\n\n - Multiple heap overflow vulnerabilities in 

RealMedia. (CVE-2010-4382)\n\n - A heap overflow vulnerability in RA5. 

(CVE-2010-4383)\n\n - An integer overflow in SIPR stream frame dimensions. 

(CVE-2010-4385)\n\n - RealMedia Memory heap corruption. (CVE-2010-4386)\n\n - A 


memory corruption vulnerability in the RealAudio codec. (CVE-2010-4387)\n\n - A 

cross-zone scripting vulnerability in the ActiveX HandleAction Method. 

(CVE-2010-4396)\n\n - A cross domain scripting vulnerability is exploitable via local 

HTML files. (CVE-2010-4388)\n\n - A heap overflow vulnerability exists in the Cook 

codec initialization buffer index.(CVE-2010-4389)\n\n - A heap overflow vulnerability 

exists in the IVR file header. (CVE-2010-4390)\n\n - A heap overflow vulnerability exists 

in the RMX header. (CVE-2010-4391)\n\n - A heap overflow vulnerability exists in 

ImageMap. (CVE-2010-4392)\n\n - A heap overflow vulnerability exists in RealPix server 

header. (CVE-2010-4394)\n\n - A heap overflow exists in the Advanced audio coding. 

(CVE-2010-4395) 

Solution: Upgrade to RealPlayer 14.0.1.609 (Build 12.0.1.609) or later. 

CVE-2010-4397 

VLC Media Player < 1.1.5 Samba Share Access Module Code Execution 





than 1.1.5 are potentially affected by a code execution vulnerability. Due to an error in the 

declaration of code calling conventions, VLC suffers from a stack smashing attack in the 

Samba network share access module which could lead to arbitrary code execution. Note 

that this issue only affects VLC for Windows. 








%L.\n\nVersions of Safari earlier than 4.1.3 / 5.0.3 are potentially affected by several issues 

in the following component :\n\n - Safari\n\n - Webkit 


CVE-2010-3826 

Serv-U < 10.3.0.1 SFTP Server Authentication Bypass Vulnerability 



RISK: 

MEDIUM 



Description: Synopsis :\n\nThe remote SFTP server is affected by an authentication bypass 

vulnerability.\n\nThe remote host is running Serv-U File Server, an FTP/SFTP Server for 

Windows. For your information, the observed version of Serv-U is %L.\n\nVersions of 

Serv-U earlier than 10.3.0.1 are potentially affected by a security bypass vulnerability in 

the SFTP module. By supplying a valid username and blank password, an attacker can gain 

unauthorized access to the affected application. 



FileCOPA < 6.01.01 Multiple Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote FTP server is vulnerable to a directory traversal attack.\n\nThe 

remote host is running FileCOPA, an FTP Server for Windows. For your information, the 

observed version of FileCOPA is %L.\n\nVersions of FileCOPA earlier than 6.01.01 are 

potentially affected by an unspecified directory traversal attack. An attacker, exploiting this 

flaw, could download arbitrary files subject to the privileges of the user running the 

affected application. 

Solution: Upgrade to FileCOPA 6.01.01 or later. 


FreeNAS < 0.7.2 Revision 5543 Command Execution Vulnerability 


Description: Synopsis :\n\nA web application on the remote host is affected by an arbitrary command 

execution vulnerability.\n\nThe remote host is running FreeNAS, a network attached 

storage distribution based on FreeBSD. For your information, the observed version of 

FreeNAS on the remote running on the remote host is %L.\n\nVersions of FreeNAS earlier 

than 0.7.2 Revision 5543 are potentially affected by a remote command execution 

vulnerability because the application fails to restrict access to the 'exec_raw.php' script. A 

remote, unauthenticated attacker can pass arbitrary commands through the script's 'cmd' 

parameter and have them executed with root privileges. 

Solution: Upgrade to FreeNAS 0.7.2 Revision 5543 or later. 



Apple iPhone/iPad iOS < 4.2 Multiple Vulnerabilities 




is an iPhone, iPod Touch, or iPad running iOS. For your information, the observed version 

of iOS is %L.\n\nVersions of iOS earlier than 4.2 are potentially affected by multiple 

vulnerabilities. iOS 4.2 contains security fixes for the following products :\n\n - 

Configuration Policies\n\n - CoreGraphics\n\n - FreeType\n\n - iAd Content Display\n\n - 

ImageIO\n\n - libxml\n\n - Mail\n\n - Networking\n\n - OfficeImport\n\n - Photos\n\n - 

Safari\n\n - Telephony\n\n - WebKit\n\n - Multiple components 


CVE-2010-4008 

phpMyAdmin 2.x < 2.11.11.1 / 3.x < 3.3.8.1 Cross-Site Scripting Vulnerability 


Description: Synopsis :\n\nThe remote web server contains a PHP application that is vulnerable to a 

cross-site scripting attack.\n\nFor your information, the observed version of phpMyAdmin 

is %L.\n\nVersions of phpMyAdmin earlier than 2.11.11.1 / 3.3.8.1 are potentially affected 

by a cross-site scripting vulnerability in the database search tool. 

Solution: Upgrade to phpMyAdmin 2.11.11.1, 3.3.8.1, or later. 

CVE-2010-4329 






than 5.6 are potentially affected by multiple vulnerabilities :\n\n - An integer overflow 

vulnerability exists in the 'in_nsv.dll' plugin when parsing the table of contents of a 

NullSoft Video (NSV) stream or file. (CVE-2010-2586)\n\n - A heap-base buffer overflow 

vulnerability exists in the 'in_midi.dll' plugin when parsing MIDI content. 

(CVE-2010-4370)\n\n - A buffer overflow vulnerability exists in the 'in_mod' plugin and is 

related to the comment box. (CVE-2010-4371)\n\n - An integer overflow vulnerability 

exists in the 'in_nsv plugin due to improper memory allocation for Nullsoft Video (NSV) 

metadata. (CVE-2010-4372)\n\n - An error exists in the 'in_mp4' plugin which allows 

remote attackers to use either crafted metadata or album art in an MP4 file to cause a denial 

of service. (CVE-2010-4373)\n\n - An error exists in the 'in_mkv' plugin which allows 

remote attackers to use a crafted Matroska Video (MKV) file to cause a denial of service. 

(CVE-2010-4374) 

Solution: Upgrade to Winamp 5.60 or later. 

CVE-2010-4374 



BIND 9.4-ESV < 9.4-ESV-R4 / 9.6.2 < 9.6.2-P3, 9.6-ESV < 9.6-ESV-R3 / 9.7.x < 9.7.2-P3 Multiple 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote DNS server is vulnerable to multiple attack vectors.\n\nThe 

remote host is running BIND, and open source name server. For your information, the 

observed version of BIND is %L.\n\nVersions of BIND 9.4-ESV < 9.4-ESV-R4, 9.6.2 < 

9.6.2-P3, 9.6-ESV < 9.6-ESV < R3, and 9.7.x < 9.7.2-P3 are potentially affected by 

multiple vulnerabilities :\n\n - Failure to clear existing RRSIG records when a NO DATA 

is negatively cached could cause subsequent lookups to crash named. 

(CVE-2010-3613)\n\n - Named, when acting as a DNSSEC validating resolver, could 

incorrectly mark zone data as insecure when the zone being queried is undergoing a key 

algorithm rollover. (CVE-2010-3614)\n\n - Using 'allow-query' in the 'options' or 'view' 

statements to restrict access to authorize zones has no effect. (CVE-2010-3615) 

Solution: Upgrade to BIND 9.4-ESV-R4, 9.6.2-P3, 9.6-ESV-R3, 9.7.2-P3, or later. 

CVE-2010-3615 






multiple vulnerabilities :\n\n - It may be possible to bypass the pop-up blocker. (17655)\n\n 

- A cross-origin video theft vulnerability exists related to canvas. (55747) - An unspecified 

crash exists when handling HTML5 databases. (56237) - Excessive file dialogs could lead 

to a browser crash. (58329) - A use after free error exists in history handling. (59554) - It 

may be possible to crash the browser when performing http proxy authentication. (61701) - 

An out-of-bounds read regression exists in the WebM video support. (61653)\n\n - It may 

be possible to crash the browser due to bad indexing with malformed video. (62127)\n\n - 

A memory corruption issue exists relating t malicious privileged extension. (62168)\n\n - A 

use-after-free error exists in the mouse dragging event handling. (63051)\n\n - A double 

free error exists in XPath handling. (63444) 


CVE-2010-4494 

OpenSSL < 0.9.8q / 1.0.0c Multiple Vulnerabilities 



RISK: 

MEDIUM 




0.9.8q and 1.0.0c are potentially affected by multiple vulnerabilities :\n\n - It may be 


possible to downgrade the ciphersuite to a weaker version by modifying the stored session 

cache cipher suite.\n\n - An error exists in the J-PAKE implementation which could lead to 

successful validation by someone with no knowledge of the shared secret.\nIAVA 


Category I 

Solution: Upgrade to OpenSSL 0.9.8q, 1.0.0c, or later. 

CVE-2010-4252 

Stuxnet Traffic Detection 


Description: The remote host is passing RPC traffic which is requesting an RPC UUID which is 

synonymous with the Stuxnet trojan. This may indicate that either the host is infected with 

Stuxnet or the host is scanning for Stuxnet-infected machines. 

Solution: Ensure that the system is not infected. If it is not infected, ensure that the system is 

authorized to be running security scans on the network. 






Versions of ClamAV earlier than 0.96.5 are potentially affected by multiple vulnerabilities 

:\n\n - Multiple error exists in the PDF processing functions in 'libclamav/pdf.c' which may 

lead to application crashes. (Bugs 2358, 2380, 2396)\n\n - An off-by-one error exists in the 

handling of icons such that a crafted icon may be used to cause an integer overflow. (Bug 

2344) 


CVE-2010-4479 

JavaScript eval() Usage on Web Server 

PVS ID: 5723 FAMILY: Policy RISK: HIGH NESSUS ID:Not Available 


application\n\nThe remote web server utilizes JavaScript on it's pages. The use of the 

JavaScript 'eval()' function is considered very dangerous. The Javascript in question is %P. 

Solution: Remove calls to 'eval()' from javascript source code 




JavaScript Usage on Web Server Detection 


Description: The remote web server utilizes JavaScript within the following file : %P 

realtimeonly 

Solution: Ensure that JavaScript is authorized and is part of your Security Development Lifecycle 

(SDL) 






of QuickTime earlier than 7.6.9 are potentially affected by multiple vulnerabilities :\n\n - A 

filesystem permission issue may allow a local user on a Windows system to access the 

contents of the 'Apple Computer' directory in the user's profile. (CVE-2010-0530)\n\n - A 

heap buffer overflow in QuickTime's handling of Track Header (tkhd) atoms may lead to 

an application crash or arbitrary code execution on Windows systems. 

(CVE-2010-1508)\n\n - A heap buffer overflow in Quicktime's handling of JP2 images may 

lead to an application crash or arbitrary code execution. (CVE-2010-3787)\n\n - 

Uninitialized memory access issue in QuickTime's handling of JP2, FlashPix, and GIF 

images may lead to an application crash or arbitrary code execution. (CVE-2010-3788, 

CVE-2010-3794, CVE-2010-3795)\n\n - Memory corruption issues in QuickTime's 

handling of AVI files, movie files, Sorenson encoded movie files, PICT files, FlashPix 

images, and panorama atoms in QTVR (QuickTime Virtual Reality) movie files may lead 

to an application crash or arbitrary code execution. (CVE-2010-3789, CVE-2010-3790, 

CVE-2010-3793, CVE-2010-3800, CVE-2010-3801, CVE-2010-3802)\n\n - A buffer 

overflow in QuickTime's handling of MPEG-encoded movie files may lead to an 

application crash or arbitrary code execution. (CVE-2010-3791)\n\n - A signedness issue in 

QuickTime's handling of MPEG-encoded movie files may lead to an application crash or 

arbitrary code execution. (CVE-2010-3792)\n\n - An integer overflow in QuickTime's 

handling of movie files may lead to an application crash or arbitrary code execution. 

(CVE-2010-4009) 


CVE-2010-4009 


Winamp < 5.601 MIDI Timestamp Stack Buffer Overflow 


Description: Synopsis :\n\nThe remote host has a media player installed that is vulnerable to a buffer 

overflow attack.\n\nThe remote host is running Winamp, a media player for Windows. For 



than 5.601 are potentially affected by a stack buffer overflow vulnerability due to an error 

in the 'in_midi.dll' plugin which improperly serializes timestamps in MIDI file. A specially 

crafted MIDI file can cause the application to overwrite the saved base pointer and allows 

execution of arbitrary code. 








vulnerabilities :\n\n - Multiple memory corruption issues could lead to arbitrary code 

execution. (MFSA 2010-74)\n\n - On the Windows platform, when 'document.write()' is 

called witha very long string a buffer voerflow could be triggered. (MFSA 2010-75)\n\n - A 

privilege escalation vulnerability exists with 'window.open' and the '' element. 

(MFSA 2010-76)\n\n - Arbitrary code execution is possible when using HTML tags inside 

a XUL tree. (MFSA 2010-77)\n\n - Downloadable fonts could expose vulnerabilities in the 

underlying OS font code. (MFSA 2010-78)\n\n - A Java security bypass vulnerability when 

LiveConnect is loaded via a 'data:' URL meta refresh. (MFSA 2010-79)\n\n - A use-after 

free error exists with nsDOMAttribute MutationObserver. (MFSA 2010-80)\n\n - An 

integer overflow exists in NewIdArray. (MFSA 2010-81)\n\n - It is possible to circumvent 

the fix for CVE-2010-0179. (MFSA 2010-82)\n\n - It is possible to spoof SSL in the 

location bar using the network error page. (MFSA 2010-83)\n\n - A cross-site scripting 

hazard exists in multiple character encodings. (MFSA 2010-84) 


CVE-2010-3777 





attack vectors..\n\nFor your information, the observed version of Firefox is 


vulnerabilities :\n\n - Multiple memory corruption issues could lead to arbitrary code 

execution. (MFSA 2010-74)\n\n - On the Windows platform, when 'document.write()' is 

called with a very long string a buffer overflow could be triggered. (MFSA 2010-75)\n\n - 

A privilege escalation vulnerability exists with 'window.open' and the '' element. 




LiveConnect is loaded via a 'data:' URL meta refresh. (MFSA 2010-79)\n\n - A 

use-after-free error exists with nsDOMAttribute MutationObserver. (MFSA 2010-80)\n\n - 


An integer overflow exists n NewIdArray. (MFSA 2010-81)\n\n - It is possible to 

circumvent the fix for CVE-2010-0179. (MFSA 2010-82)\n\n - It is possible to spoof SSL 

in the location bar using the network error page. (MFSA 2010-83)\n\n - A cross-site 

scripting hazard exists in multiple character encodings. (MFSA 2010-84) 


CVE-2010-3778 



Description: Synopsis :\n\nThe remote host has an email client installed that is vulnerable to multiple 



multiple vulnerabilities :\n\n - Multiple memory corruption issues could lead to arbitrary 

code execution. (MFSA 2010-74)\n\n - On the Windows platform, when 'document.write()' 

is called with a very long string a buffer overflow could be triggered. (MFSA 2010-75)\n\n 

- Downloadable fonts could expose vulnerabilities in the underlying OS font code. (MFSA 

2010-78) 


CVE-2010-3778 









- Downloadable fonts could expose vulnerabilities in the underlying OS font code. (MFSA 

2010-78) 


CVE-2010-3778 






:%L.\n\nVersions of SeaMonkey 2.0.x earlier than 2.0.11 are potentially affected by 





- A privilege escalation vulnerability exists with 'window.open' and the '' element. 




LiveConnect is loaded via a 'data:' URL meta refresh. (MFSA 2010-79)\n\n - A 

use-after-free error exists with nsDOMAttribute MutationObserver. (MFSA 2010-80)\n\n - 

An integer overflow exists in NewIdArray. (MFSA 2010-81)\n\n - It is possible to 

circumvent the fix for CVE-2010-0179. (MFSA 2010-82)\n\n - It is possible to spoof SSL 

in the location bar using the network error page. (MFSA 2010-83)\n\n - A cross-site 

scripting hazard exists in multiple character encodings. (MFSA 2010-84) 


CVE-2010-3778 

PHP 5.3 < 5.3.4 Multiple Vulnerabilities 





is 5.3.x earlier than 5.3.4. Such versions are potentially affected by multiple vulnerabilities 

:\n\n - A crash in the zip extract method.\n\n - A stack buffer overflow in impagepstext() of 

the GD extension.\n\n - An unspecified vulnerability related to symbolic resolution when 

using a DFS share.\n\n - A security bypass vulnerability related to using pathnames 

containing NULL bytes. (CVE-2006-7243)\n\n - Multiple format string vulnerabilities. 

(CVE-2010-2094, CVE-2010-2950)\n\n - An unspecified security bypass vulnerability in 

open_basedir(). (CVE-2010-3436)\n\n - A NULL pointer dereference in 

ZipArchive::getArchiveComment. (CVE-2010-3709)\n\n - Memory corruption in 

php_filter_validate_email(). (CVE-2010-3710)\n\n - An input validation vulnerability in 

xml_utf8_decode(). (CVE-2010-3870)\n\n - A possible double free in the IMAP extension. 

(CVE-2010-4150)\n - An information disclosure vulnerability in 'mb_strcut()'. 

(CVE-2010-4156)\n\n - An integer overflow vulnerability in 'getSymbol()'. 

(CVE-2010-4409)\n\n - A use-after-free vulnerability in the Zend engine when a '__set()', 

'__get()', '__isset()' or '__unset()' method is called can allow for a denial of service attack. 

(Bug #52879 / CVE-2010-4697)\n\n - A stack-based buffer overflow exists in the 

'imagepstext()' function in the GD extension. (Bug #53492 / CVE-2010-4698)\n\n - The 

'iconv_mime_decode_headers()' function in the iconv extension fails to properly handle 

encodings that are not recognized by the iconv and mbstring implementations. (Bug #52941 

/ CVE-2010-4699)\n\n - The 'set_magic_quotes_runtime()' function when the MySQLi 

extension is used does not properly interact with the 'mysqli_fetch_assoc()' function. (Bug 

#52221 / CVE-2010-4700)\n\n - A race condition exists in the PCNTL extension. 

(CVE-2011-0753)\n\n - The SplFileInfo::getType function in the Standard PHP Library 

extension does not properly detect symbolic links. (CVE-2011-0754)\n\n - An integer 

overflow exists in the mt_rand function. (CVE-2011-0755) 



CVE-2011-0755 





is earlier than 5.2.15. Such versions are potentially affected by multiple vulnerabilities :\n\n 

- A crash in the zip extract method.\n\n - A possible double free exists in the IMAP 

extension. (CVE-2010-4150)\n\n - An unspecified flaw exists in 'open_basedir'. 

(CVE-2010-3436)\n\n - A possible crash could occur in 'mssql_fetch_batch()'.\n\n - A 

NULL pointer dereference exists in 'zipArchive::getArchiveComment'. 

(CVE-2010-3709)\n\n - A crash exists if anti-aliasing steps are invalid. (Bug 53492)\n\n - 

A crash exists in pdo_firebird get_Attribute(). (Bug 53323)\n\n - A use-after-free 

vulnerability in the Zend engine when a '__set()', '__get()', or '__unset()' method is called 

can allow for a denial of service attack. (Bug #52879 / CVE-2010-4697)\n\n - A 

stack-based buffer overflow exists in the 'imagepstext()' function in the GD extension. (Bug 

#53492 / CVE-2010-4698)\n\n - The extract function does not prevent use of the 

EXTR_OVERWRITE parameter to overwrite the GLOBALS superglobal array and the 

'this' variable, which allows attackers to bypass intended access restrictions. 

(CVE-2011-0752) 


CVE-2010-0752 






multiple vulnerabilities :\n\n - A bad validation exists in message deserialization on 64-bit 

Linux builds. (56449)\n\n - A bad extension can cause the browser to crash in tab handling. 

(60761)\n\n - A NULL pointer can lead to a browser crash in web worker handling. 

(63592)\n\n - An out-of-bounds read can occur in CSS parsing. (63866)\n\n - Stale pointers 

could occur in cursor handling. (64959) 


CVE-2010-4578 








affected by multiple vulnerabilities :\n\n - An error exists such that web page content can be 

displayed over dialog boxes leading to security warning misrepresentation. (977)\n\n - An 

error exists such that WAP form contents can be leaded to third-party sites. (979)\n\n - Two 

unspecified, high-severity vulnerabilities exists. 


CVE-2010-4587 

HP Power Manager < 4.3.2 Buffer Overflow Vulnerability 


Description: Synopsis : \n\nThe power management application installed on the remote host is 

vulnerable to multiple attack vectors.\n\nFor your information, the observed version of HP 

Power Manager is : \n %L \n\nVersions of HP Powere Manager earlier than 4.3.2 are 

potentially affected by a buffer overflow vulnerability because the application fails to 

properly sanitize user supplied in put to the 'Login' parameter of the login page. An 

unauthenticated, remote attacker could exploit this by sending a specially crafted HTTP 

request, resulting in arbitrary code execution. 

Solution: Upgrade to HP Power Manager 4.3.2 or later. 

CVE-2010-4113 

Android < 2.3 Multiple Vulnerabilities 


Description: Synopsis : \n\nThe remote host is vulnerable to multiple attack vectors.\n\nFor your 

information, the observed version of Android OS installed on the remote device is : \n %L 

\n\nVersions of Android OS earlier than 2.3 are potentially affected by multiple 

vulnerabilities : \n\n - A privilege escalation vulnerability exists in the Zygote/Dalvik 

virtual machine framework.\n\n - A denial-of-service issue exists that can cause 'dexdump' 

to crash. 

Solution: Upgrade to Android 2.3 or later. 


Stuxnet Infected Host Detection 



program\n\nThe remote host is running the Stuxnet trojan. This was determined based on 

the RPC UUID. Stuxnet is a Trojan which uses multiple vulnerabilities to infect and spread 

to nearby hosts. Ultimately, the Trojan attempts to gain access to a SCADA network. 

Solution: Manually clean the infected machine 







issue.\n\nFor your information, the observed version of Mac OS X is %L.\n\nVersions of 

Mac OS X 10.6 earlier than 10.6.6 are potentially affected by a security issue. Mac OS X 

10.6.6 contains a security fix for the following product :\n\n - PackageKit 


CVE-2010-4013 

PHP 5.2 < 5.2.17 / 5.3 < 5.3.5 String To Double Conversion DoS 


Description: Synopsis :\n\nThe remote web server uses a version of PHP that is affected by a denial of 

service vulnerability.\n\nAccording to its banner the version of PHP installed on the remote 

host is either 5.2 earlier than 5.2.17 or 5.3 earlier than 5.3.5. Such versions may experience 

a crash while performing string to double conversion for certain numeric values. Only x86 

32-bit PHP processes are known to be affected by this issue regardless of whether the 

system running PHP is 32-bit or 64-bit. 

Solution: Upgrade to PHP version 5.2.17/5.3.5 or later. 

CVE-2010-4645 

Rocket Software UniVerse < 10.3.9 Remote Code Execution Vulnerability 


Description: Synopsis :\n\nThe remote host contains a database application that is affected by a remote 

code execution vulnerability.\n\nThe remote host has Rocket Software UniVerse installed. 

For your information, the installed version of UniVerse is %L.\n\nVersions of UniVerse 

earlier than 10.3.9 are potentially affected by a remote code execution vulnerability because 

the application fails to properly validate a size value in a RPC packet header before using it 

to determine the number of bytes to receive. A remote unauthenticated attacker, exploiting 

this flaw, could execute arbitrary code on the remote host with SYSTEM level privileges. 

Solution: Upgrade to UniVerse 10.3.9 or later. 









multiple vulnerabilities :\n\n - A browser crash exists in extensions notification handling. 

(58053)\n\n - Bad pointer handling exists in node iteration. (65764)\n\n - Multiple crashes 

exist when printing multi-page PDFs. (66334)\n\n - A stale pointer exists with CSS + 

canvas. (66560)\n\n - A stale pointer exists with CSS + cursors. (66748)\n\n - A use after 

free error exists in PDF handling. (67100)\n\n - A stack corruption error exists after PDF 

out-of-memory conditions. (67208)\n\n - A bad memory access issue exists when handling 

mismatched video frame sizes. (67303)\n\n -A stale pointer exists with SVG use elements. 

(67363)\n\n - An uninitialized pointer exists in the browser which is triggered by rogue 

extensions. (67393)\n\n - Multiple buffer overflows exists in the Vorbis decoder. 

(68115)\n\n - A buffer overflow exists in PDF shading. (68170)\n\n - A bad cast exists in 

anchor handling. (68178)\n\n - A bad cast exists in video handling. (68181)\n\n - A stale 

rendering node exists after DOM node removal. (68439)\n\n - A stale pointer exists in 

speech handling. (68666) 


CVE-2011-0485 

Piwik < 1.1.0 Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote web server is hosting a PHP application that is vulnerable to 

multiple attack vectors.\n\nThe remote web server is hosting Piwik, a web analytics 

application written in PHP. For your information, the observed version of Piwik is 

%L.\n\nVersions of Piwik earlier than 1.1.0 are potentially affected by multiple 

vulnerabilities :\n\n - A flaw exists in the 'Piwik_Common::getIP' function which fails to 

properly determine the client IP address. (Bug 457)\n\n - Piwik fails to prevent the login 

form from being framed in another website. (Bug 1679)\n\n - An unspecified flaw exists 

relating to Cookie.php's failure to set the secure flag for the session cookie in https sessions. 

(Bug 1795)\n\n - A denial-of-service vulnerability exists because Piwik fails to properly 

limit the number of files stored under '/tmp/sessions/' (Bug 1910)\n\n - An unspecified 

cross-site scripting vulnerability exists. 

Solution: Upgrade to Piwik 1.1.0 or later. 

CVE-2011-0401 




RISK: 

MEDIUM 





Bugzilla 3.2.x earlier than 3.2.10, 3.4.x earlier than 3.4.10, and 3.6.x earlier than 3.6.4 are 


potentially affected by multiple vulnerabilities :\n\n - A weakness could allow a user to 

gain unauthorized access to another Bugzilla account.\n\n - A weakness in the Perl CGI.pm 

module allows injecting HTTP headers and content to users via several pages.\n\n - It is 

possible to insert harmful 'javascript:' or 'data:' URLs into Bugzilla's 'URL' field which in 

some cases Buzilla will make clickable.\n\n - Various pages lack protection against 

cross-site request forgeries. 

Solution: Upgrade to Bugzilla 3.2.10, 3.4.10, 3.6.4 or later. 

CVE-2011-0048 



Description: Synopsis :\n\nThe remote host has a program that is affected by multiple 

vulnerabilities.\n\nFor your information, the observed version of OpenOffice is 

%L.\n\nVersions of OpenOffice earlier than 3.3 are potentially affected by several issues 

:\n\n - Issues exist relating to PowerPoint document parsing that may lead to arbitrary code 

execution. (CVE-2010-2935, CVE-2010-2936)\n\n - A directory traversal vulnerability 

exists in zip / jar package extraction. (CVE-2010-3450)\n\n - Issues exist relating to RTF 

document processing that may lead to arbitrary code execution. (CVE-2010-3451, 

CVE-2010-3452)\n\n - Issues exist relating to Word document processing that may lead to 

arbitrary code execution. (CVE-2010-3453, CVE-2010-3454)\n\n - The OpenOffice.org 

start script and other shell scripts expand the LD_LIBRARY_PATH in a way that the 

current directory might be searched for libraries before /lib and /usr/lib. 

(CVE-2010-3689)\n\n - Issues exist in the third party XPDF library relating to PDf 

processing that may allow arbitrary code execution. (CVE-2010-3702, 

CVE-2010-3704)\n\n - OpenOffice.org includes a version of LIBXML2 that is affected by 

multiple vulnerabilities. (CVE-2010-4008, CVE-2010-4494)\n\n - An issue exists with 

PNG file processing that may allow arbitrary code execution. (CVE-2010-4253)\n\n - An 

issue exists with TGA file processing that may allow arbitrary code execution. 

(CVE-2010-4643) 

Solution: Upgrade to OpenOffice version 3.3 or later. 

CVE-2010-4643 

VLC Media Player < 1.1.6 Multiple Vulnerabilities 






than 1.1.6 are potentially affected by multiple vulnerabilities :\n\n - An integer overflow 

vulnerability exists due to a failure to properly parse the header of a Real Media, which 

could then trigger a heap-based buffer overflow. It is not yet known if this issue can be 

exploited to execute arbitrary code. (CVE-2010-3907)\n\n - There are two heap corruption 

vulnerabilities in the CDG decoders that arise because of a failure to validate indices into 


statically-sized arrays on the heap, which could allow for arbitrary code execution. 

(CVE-2011-0021)\n\n - A heap-based memory corruption vulnerability exists i the 

StripTags function in the USF decoder. (CVE-20111-0522) 


CVE-2011-0522 






affected by multiple vulnerabilities :\n\n - When certain large form inputs appear on a web 

page, they can lead to memory corruption which could be used to execute arbitrary code. 

(982)\n\n - It is possible to bypass restrictions on 'opera:' URLs to launch clickjacking 

attacks. (983)\n\n - Certain types of HTTP responses and redirections can cause Opera to 

mistakenly give elevated privileges to remote web pages. (984)\n\n - When using 'Delete 

Private Data' and selecting the option to 'Clear all email account passwords', the passwords 

are not deleted immediately and continue to be available until the browser is restarted. 

(986)\n\n - In certain cases, the wrong executable is used to display a downloaded file in its 

folder. (985) 


CVE-2011-0687 

Real Networks RealPlayer < 14.0.2.633 (Build 12.0.1.633) Multiple Remote Code Execution 






12.0.1.633 are potentially affected by multiple code execution vulnerabilities : - A heap 

corruption vulnerability when handling specially crafted AVI headers. 

(CVE-2010-4393)\n\n - A flaw exists in the temporary file naming scheme used for storage 

which can be combined with the OpenURLinPlayerBrowser function to execute arbitrary 

code. (CVE-2011-0694) 


CVE-2011-0694 







earlier than Fix Pack 10 are potentially affected by multiple vulnerabilities :\n\n - Multiple 

buffer overflow vulnerabilities exist in the DB2 Administrative Service (DAS) which could 

lead to a denial-of-service, or the execution of arbitrary code. (IC69986, IC71203)\n\n - 

Users continue to have privilege to execute a non-DDL statement after their DBADM 

authority has been revoked. (IC66811)\nIAVB Reference : 2011-B-0013\nSTIG Finding 


Solution: Upgrade to IBM DB2 9.1 Fix Pack 10 or later. 

CVE-2010-3731 





earlier than Fix Pack 7 are potentially affected by multiple issues :\n\n - A buffer overflow 

vulnerability exists in the DB2 Administrative Service (DAS). (IC72028)\n\n - It is possible 

to update statistics for tables without appropriate privileges. (IC71413)\n\n - It is possible 

for a user to execute a non-DDL statement after role memebership has been revoked from 

its group. (IC71263)\nIAVB Reference : 2011-B-0013\nSTIG Finding Severity : Category I 


CVE-2011-1847 





earlier than Fix Pack 3 are potentially affected by multiple vulnerabilities :\n\n - When 

privileges on a database object are revoked from PUBLIC, the dependent functions are not 

marked INVALID. As a result, users with execute privilege on the function are still able to 

call it successfully. (IC68015)\n\n - If a compound SQL (compiled) statement has been 

issued by a user that is properly authorized, this is cached in the dynamic SQL cache. Once 

cached, this same query can be executed by an user if that user has the proper authority. 

(IC70406)\n\n - Multiple buffer overflow vulnerabilities exist in the DB2 Administrative 

Server (DAS). (IC70539, IC72029)\nIAVB Reference : 2011-B-0013\nSTIG Finding 



CVE-2011-0731 


Exim < 4.74 Local Privilege Escalation Vulnerability 



Description: Synopsis :\n\nThe remote mail server is affected by a local privilege escalation 

vulnerability.\n\nThe remote host is running Exim, a message transfer agent. For your 

information, the observed version of Exim is %L.\n\nVersions of Exim earlier than 4.74 are 

potentially affected by a local privilege escalation vulnerability. Attackers can exploit this 

flaw to append arbitrary data to files through symbolic link attacks. Successfully exploiting 

this issue allows local attackers with 'exim' run-time privileges to perform certain actions 

with superuser privileges, leading to a complete compromise of an affected computer. Note 

that this issue only affects Exim on Linux. 

Solution: Upgrade to Exim 4.74 or later. 

CVE-2011-0017 

HP Performance Insight Detection 


Description: Synopsis : \n\nA performance monitoring application was detected on the remote web 

server.\n\nThe web interface for HP OpenView Performance Insight was detected on the 

remote host. This software helps assess the availability and performance of network 

services. For your information, the observed version of HP OpenView Performance Insight 

was : \n %L 

Solution: N/A 


HP OpenView Performance Insight Server Backdoor Account 


Description: Synopsis :\n\nThe remote host contains a web application that has a hidden account.\n\nThe 

installation of HP OpenView Performance Insight on the remote host allows the use of a 

hidden account for logging in. The 'hch908v' user, hardcoded in the 

com.trinagy.security.XMLUserManager class, is hidden and has administrative privileges. 

A remote, unauthenticated attacker could exploit this by logging in as the hidden user, 

giving them administrative access to the Performance Insight installation. After gaining 

administrative access to the web application, escalation of privileges may be possible. 

Solution: Apply the hotfix referenced in the HP advisory. 

CVE-2011-0276 

CouchDB < 1.0.2 Cross Site Scripting Issue 



RISK: 

MEDIUM 



Description: Synopsis :\n\nThe remote database server is vulnerable to a cross-site attack.\n\nThe 

remote host is running CouchDB, a document-oriented database. For your information, the 

observed version of CouchDB is %L.\n\nVersions of CouchDB earlier than 1.0.2 are 

potentially affected by a cross-site scripting vulnerability. The application fails to properly 

sanitize user-supplied input before it is used in the Futon administrative interface. A remote 

attacker could exploit this to execute arbitrary script code in the security context of 

CouchDB's admin interface. 


CVE-2010-3854 

VLC Media Player < 1.1.7 Code Execution Vulnerability 





than 1.1.7 are potentially affected by a code execution vulnerability due to insufficient 

input validation when parsing a specially crafted Matroska or WebM (MKV) file. 


CVE-2011-0531 

PostgreSQL < 9.0.3 / 8.4.7 / 8.3.14 / 8.2.20 Code Execution Vulnerability 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote database server is affected by a buffer overflow 

vulnerability.\n\nFor your information, the version of PostgreSQL installed on the remote 

host is %L.\n\n Versions of PostgreSQL earlier than 9.0.3, 8.4.7, 8.3.14, or 8.2.20 are 

potentially affected by a buffer overflow vulnerability in the contrib module intarray's input 

function for the query_int type. An attacker, exploiting this flaw, could potentially execute 

arbitrary code on the remote host subject to the privileges of the user running the affected 

application. 

Solution: Upgrade to PostgreSQL 9.0.3, 8.4.7, 8.3.14, 8.2.20, or later. 

CVE-2010-4015 







multiple vulnerabilities :\n\n - A minor sandbox leak exists in stat(). Note this issue only 


affects Google Chrome on Mac OS. (429889)\n\n - A use-after-free issue exists in image 

loading. (55381)\n\n - An unspecified issue exists relating to cross-origin drag and drop. 

(59081)\n\n - A browser crash can occur when handling extensions with a missing key. 

(62791)\n\n - A browser crash issue exists relating to the PDF event handler. (64051)\n\n - 

An unspecified issue exists relating t the merging of autofill profiles. (65669)\n\n - A 

potential crash exists in the Mac OS 10.5 SSL libraries. Note that this issue only affects 

Google Chrome on Mac OS. (66931)\n\n - A browser crash issue exists relating to bad 

volume settings (68244)\n\n - A race condition exists in audio handling. (69195) 


CVE-2011-0784 

Generic Protocol Detection 


Description: the remote host is running the following protocol 

realtime 

Solution: N/A 





realtime 

Solution: N/A 





Solution: N/A 







Solution: N/A 





Solution: N/A 





Solution: N/A 





Solution: N/A 





Solution: N/A 



PVS ID: ID 

not available 


FAMILY: Generic RISK: INFO NESSUS ID:Not Available 



Solution: N/A 





Solution: N/A 





Solution: N/A 





Solution: N/A 





Solution: N/A 







Solution: N/A 





Solution: N/A 





Solution: N/A 





Solution: N/A 





Solution: N/A 







Solution: N/A 





Solution: N/A 


Lexmark Printer Service Detection 


Description: A Lexmark print server is listening on this port. 

Solution: Manually inspect the service to ensure that it is patched and necessary on your network. 







multiple vulnerabilities :\n\n - A stale pointer exists in animation event handling. (67234) - 

A use-after-free issue exists in SVG font faces. (68120)\n\n - A stale pointer exists with 

anonymous block handling. (69556)\n\n - An out-of-bounds read exists in plug-in handling. 

(69970)\n\n - An error exists in the handling of out-of-memory conditions and does not 

always allow processes to be properly terminated. (70456)\n\n - This version bundles a 

version of Adobe Flash affected by numerous vulnerabilities. (CVE-2011-0558, 



CVE-2011-0607, CVE-2011-0608) 


CVE-2011-0985 


Flash Player < 10.2.152.26 Multiple Vulnerabilities (APSB11-02) 





the observed version of Adobe Flash Player is %L.\nVersions of Flash Player earlier than 

10.2.152.26 are potentially affected by multiple vulnerabilities :\n\n - An integer overflow 

vulnerability exisst that could lead to code execution. (CVE-2011-0558)\n\n - Multiple 

memory corruption vulnerabilities exist that could lead to code execution. 

(CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, 

CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, 

CVE-2011-0608)\n\n - A library-loading vulnerability exists that could lead to code 

execution. (CVE-2011-0575)\n\n - A font-parsing vulnerabiity exists that could lead to 


Solution: Upgrade to Flash Player 10.2.152.26 or later. 

CVE-2011-0608 

OpenSSL < 0.9.8r / 1.0.0d OCSP Stapling Denial of Service 


RISK: 

MEDIUM 




0.9.8r and 1.0.0d are potentially affected by a vulnerability wherein an incorrectly 

formatted ClientHello handshake message could cause OpenSSL to parse past the end of 

the message which could cause the web server to crash. There is also the potential for 

information disclosure if OCSP nonce extensions are used. 

Solution: Upgrade to OpenSSL 0.9.8r, 1.0.0d, or later. 

CVE-2011-0014 

Flash Player Unsupported Version Detection 


Description: Synopsis :\n\nThe remote host contains an unsupported version of Flash Player.\n\nThe 

remote host has Adobe Flash Player installed. For your information, the observed version 

of Adobe Flash Player is %L.\nOne or more versions of Flash Player earlier than 10.x are 

installed on the remote host. Such versions are no longer supported by Adobe and are likely 

to contain security vulnerabilities. 

Solution: Upgrade to an actively maintained version of Flash player. 


OpenSSH Legacy Certificate Signing Information Disclosure 



RISK: 

MEDIUM 




vulnerability.\n\nFor your information, the observed version of OpenSSH installed on the 

remote host is : \n %L \n\nOpenSSH 5.6 and 5.7 contain an information disclosure 

vulnerability which may cause the contents of the stack to be copied into an SSH 

certificate, which is visible to a remote attacer. This information may lead to further 

attacks. 

Solution: Upgrade to OpenSSH version 5.8 or later. 

CVE-2011-0539 



RISK: 

MEDIUM 



multiple attack vectors.\n\nFor your information, the observed version of WordPress is : \n 

%L \n\nVersions of WordPress earlier than 3.0.5 are potentially affected by multiple 

vulnerabilities : \n\n - The application is prone to multiple cross-site scripting 

vulnerabilities. An attacker can exploit these issues through the 'title' field of the 

'Quick/Bulk Edit' section and the 'tags meta box' section. An attacker would require Author 

or Contributor privileges to take advantage of this.\n\n - The application is prone to an 

information-disclosure vulnerability. An attacker can exploit this issue through the media 

uploader, disclosing posts. This information may assist in further attacks. An attacker 

would require Author privileges to take advantage of this. 


CVE-2011-0701 

Apache Tomcat 5.5.x < 5.5.30 Multiple Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server is vulnerable to multiple attack vectors.\n\nFor your 

information, the observed version of Apache Tomcat installed on the remote host is : \n %L 

\n\nVersions of Tomcat 5.x earlier than 5.5.30 are potentially affected by multiple 

vulnerabilities : \n\n - The 'WWW-Authenticate' HTTP header for BASIC and DIGEST 

authentcation may expose the local host name or IP address of the machine running 

Tomcat. (CVE-2010-1157)\n\n - Several flaws in the handling of the 'Tansfer-Encoding' 

header could prevent the recycling of buffer. (CVE-2010-2227)\n\n - When running under a 

SecurityManager, it is possible for web applications to be granted read/write permissions to 

any area on the file system. (CVE-2010-3718) 

Solution: Upgrade to Apache Tomcat 5.5.30 or later. 

CVE-2010-3718 



Apache Tomcat 5.5.x < 5.5.32 Cross-site Scripting Vulnerability 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server is affected by a cross-site scripting 

vulnerability\n\nFor your information, the observed version of Apache Tomcat installed on 

the remote host is : \n %L \n\nVersions of Tomcat 5.x earlier than 5.5.32 are potentially 

affected by a cross-site scripting vulnerability because the HTML Manager interface 

displays web application provided data, such as display names, without filtering. 


CVE-2011-0013 



RISK: 

MEDIUM 





vulnerabilities : \n\n - The 'WWW-Authenticate' HTTP header for BASIC and DIGEST 

authentication could potentially expose the local host name or IP adddress of the machine 

running Tomcat. (CVE-2010-1157)\n\n - Several flaws in handling of the 

'Transfer-Encoding' header exist that could prevent the recycling of a buffer. 

(CVE-2010-2227) 


CVE-2010-2227 




RISK: 

MEDIUM 





vulnerabilities : \n\n - When running under a SecurityManager it is possible for a web 

application to gain read/write permissions to any area on the file system. 

(CVE-2010-3718)\n\n - It is possible to conduct cross-site scripting attacks via the 'sort' and 

'orderBy' parameers of the Manager application. (CVE-2010-4172)\n\n - The HTML 

Manager interface displays web application provided data, such as display names, without 

filtering. (CVE-2011-0013) 



CVE-2011-0013 

Apache Tomcat 6.0.x < 6.0.32 Denial of Service Vulnerability 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server is vulnerable to a denial of service attack.\n\nFor 

your information, the observed version of Apache Tomcat installed on the remote host is : 

\n %L \n\nVersions of Tomcat 6.x earlier than 6.0.32 are potentially affected by a denial of 

service vulnerability because the NIO connector expands its buffer endlessly during request 

line processing. 


CVE-2011-0534 



RISK: 

MEDIUM 




\n %L \n\nVersions of Tomcat 7.0.x earlier than 7.0.2 are potentially affected by a denial of 

service vulnerability because several flaws in the handling of the 'Transfer-Encoding header 

could prevent the recycling of a buffer. 


CVE-2010-2227 

Apache Tomcat 7.0.x < 7.0.4 File Permission Bypass Vulnerability 


Description: Synopsis : \n\nThe remote web server is affected by a security bypass vulnerability.\n\nFor 


\n %L \n\nVersions of Tomcat 7.0.x earlier than 7.0.4 are potentially affected by a security 

bypass vulnerability. When running under a SecurityManager, it is possible to grant a web 

application read/write permissions to any area on the file system. 


CVE-2010-3718 

Apache Tomcat 7.0.x < 7.0.5 Cross-Site Scripting Vulnerability 



RISK: 

MEDIUM 




vulnerability.\n\nFor your information, the observed version of Apache Tomcat installed on 

the remote host is : \n %L \n\nVersions of Tomcat 7.0.x earlier than 7.0.5 are potentially 

affected by a cross-site scripting vulnerability because the application uses the user 

supplied parameters 'sort' and 'orderBy' directly wihtout filtering. 


CVE-2010-4172 

Apache Tomcat 7.0.x < 7.0.6 Cross-Site Scripting Vulnerability 


RISK: 

MEDIUM 





affected by a cross-site scripting vulnerability because the HTML Manager interface 

display web application provided data, such as display names, without filtering. 


CVE-2011-0013 



RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server is affected by a denial of service 



affected by a denial of service vulnerability becasue the NIO connector expands its buffer 

endlessly during request line processing. 


CVE-2011-0534 




Description: Synopsis : \n\nThe remote host is running an anti-virus application that is vulnerable to 

multiple attack vectors.\n\nThe reported version of ClamAV on the remote host is : \n %L 

\n\nVersions of ClamAV earlier than 0.97 are potentially affected by multiple 

vulnerabilities : \n\n - As-yet unspecified double-free issue involving an error path exists in 

'libclamav/vba_extract.c' and 'shared/cdiff.c'. (Bug 2486 and report from 

)\n,br. - 'libclamav/pdf.c' may miss detection. (Bug 2455)\n\n - Multiple 

as-yet unspecified error path leaks exist in 'clamav-milter/whitelist.c', 'clamscan/manager.c' 


and 'libclamav/sis.c'. (Report from ) 

Solution: Upgrade to ClamAV 0.97 or later. 

CVE-2011-1003 

phpMyAdmin 2.x < 2.11.11.3 / 3.x < 3.3.9.2 SQL Injection Vulnerability (PMASA-2011-2) 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server contains a PHP application that is vulnerable to a 

SQL-injection attack.\n\nFor your information, the observed version of phpMyAdmin is : 

\n %L \n\nVersions of phpMyAdmin earlier than 2.11.11.3 / 3.3.9.2 are potentially affected 

by a SQL-injection vulnerability, because the application makes it possible to create a 

bookmark which would be executed unintentionally by other users. 


CVE-2011-0987 

MySQL Eventum < 2.3.1 Multiple HTML Injection Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server hosts a web application that is affected by multiple 

cross-site scripting vulnerability.\n\nThe remote web server host MySQL Eventum, a 

web-based issue tracking application. For your information, the observed version of 

MySQL Eventum is : \n %L \n\nVersions of MySQL Eventum earlier than 2.3.1 are 

potentially affected by multiple cross-site scripting vulnerabilities : \n\n - The application 

fails to properly sanitize user-supplied input to the 'keywords' parameter of the 'list.php' 

script.\n\n - The application fails to properly sanitize user-supplied input to the 

'REQUEST_URI' variable of the 'forgot_password.php' and 'select_project.php' scripts. 

Solution: Upgrade to MySQL Eventum 2.3.1 or later. 


Web Server HttpOnly Cookies Not In Use 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote server does not adequately protect data stored with 

cookies\n\nBased on the HTTP 'Cookie' header, PVS has determined that the remote server 

is not using the 'HttpOnly' cookie setting. By not using this setting, client side script can 

access the cookie. This can allow attackers to access cookies with potentially confidential 

data. 


Solution: Configure your web server or application to use the 'HttpOnly' tag. 


Web Server CSS Hosted on 3rd-party Server 


Description: The remote web server utilizes Cascading Style Sheets (CSS) on it's pages. Further, the 

web server seems to be using CSS from an external source. This can be a risk in that script 

code can be embedded within the CSS which would potentially execute within the user 

browser. The source of the CSS is: \n %L \n\nThe CSS is embedded within the following 

web document: \n%P 

Solution: Ensure that loading client-side CSS from a 3rd party is authorized with respect to policies 

and guidelines. 


Web Site Cross-Domain Policy File Detection 


Description: The remote web server contains a 'crossdomain.xml' file. This is a simple XML file used by 

Adobe's Flash Player to allow access to data that resides outside the exact web domain from 

which a Flash movie file originated. The source of the XML file is: \n %L \n\nThe file can 

be found at : %P 

Solution: Review the contents of the policy file carefully. Improper policies, especially an 

unrestricted one with just '*', could allow for cross-site request forgery and cross-site 

scripting attacks against the web server. 



Asterisk main/udptl.c Buffer Overflows (AST-2011-002) 


Description: Synopsis : \n\nThe remote VoIP server is affected by multiple buffer overflow 

vulnerabilities.\n\nFor your information, the observed version of Asterisk is : \n %L 

\n\nThe version of Asterisk running on the remote host may be vulnerable to heap- and 

stack-buffer overflow attacks with specially crafted UDPTL packets.\n\nSuccessful 

exploitation requires T.38 support to be enabled on the target, which is not the default, and 

can allow execution of arbitrary code in the context of the Asterisk server or an application 

crash. 

Solution: Upgrade to Asterisk 1.4.39.2, 1.6.1.22, 1.6.2.16.2, 1.8.2.4, or later or Asterisk Business 

Edition C.3.6.3 or later.\nAlternatively, disable T.38 support by setting 't38pt_udptl' to 'no' 

in sip.conf and ensuring that the chan_ooh323 module is not loaded. 


CVE-2011-1147 

BIND 9.7.1-9.7.2-P3 IXFR /DDNS Update Combinded with High Query Rate DoS 


Description: Synopsis : \n\nThe remote DNS server is vulnerable to a denial of service attack.\n\nThe 

remote host is running Bind, a popular name server. For your information, the observed 

version of Bind is : \n %L \n\nVersions of Bind 9.7.1-9.7.2-P3 are affected by a denial of 

service vulnerability. There is a small window of time after an authoritative server 

processes a successful IXFR transfer or a dynamic update during which the IXFR / update 

coupled with a query may cause a deadlock to occur. A server experiencing a high query 

and/or update rate will have a higher chance of being deadlocked. 

Solution: Upgrade to BIND 9.7.3 or later. 

CVE-2011-0414 

Email Attachment Detection (client) 


Description: The remote host sent an email with the following attachment 

Solution: N/A 

realtimeonly 


Symantec Enterprise AV Client Detection 


Description: The remote host is an Symantec Enterprise AV client 

Solution: N/A 








iTunes earlier than 10.2 are potentially affected by numerous issues in the following 

components :\n\n - ImageIO\n\n - libxml\n\n - WebKit\n\nNote that these issues only affect 

iTunes on Windows. 



CVE-2011-0192 






multiple vulnerabilities :\n\n - An unspecified error exists in the URL bar operations which 

can allow spoofing attacks. (54262)\n\n - An unspecified error exists in the processing of 

JavaScript dialogs. (63732)\n\n - An unspecified error exists in the processing of CSS 

nodes which can leave stale pointers in memory. (68263)\n\n - An unspecified error exists 

in the processing of key frame rules which can leave stale pointers in memory. (68741)\n\n 

- An unspecified error exists in the processing of form controls which can lead to 

application crashes. (70078)\n\n - An unspecified error exists in the rendering of SVG 

animations and other SVG content which can leave stale pointers in memory. (70244, 

71296)\n\n - An unspecified error exists in the processing of tables which can leave stale 

nodes behind. (71114)\n\n - An unspecified error exists in the processing of tables which 

can leave stale pointers in memory. (71115)\n\n - An unspecified error exists in the 

processing of XHTML which can leave stale nodes behind. (71386)\n\n - An unspecified 

error exists in the processing of textarea elements which can lead to application crashes. 

(71388)\n\n - An unspecified error exists in the processing of device orientation which can 

leave stale pointers in memory. (71595)\n\n - An unspecified error exists in WebGL which 

allows out-of-bounds memory accesses. (71717, 71960)\n\n - An integer overflow exists in 

the processing of textarea elements which can lead to application crashes. (71855)\n\n - A 

use-after-free error exists in the processing of blocked plugins. (72437)\n\n - An 

unspecified error exists int he processing of layouts which can leave stale pointers in 

memory. (73235) 


CVE-2011-1125 







vulnerabilities :\n\n - Multiple memory corruption issues exists which could lead to 

arbitrary code execution. (MFSA 2011-01)\n\n - An error exists in the processing of 

recusrive calls to 'eval()' when the call is wrapped in a try/catch statement. This error causes 

dialog boxes to be displayed with no content and non-functioning buttons. Closing the 

dialog results in default acceptance of the dialog. (MFSA 2011-02)\n\n - A use-after-free 

error exists in a method used by 'JSON.stringify' and can allow arbitrary code execution. 

(MFSA 2011-03)\n\n - A buffer-overflow vulnerability exists in the JavaScript engine's 

internal memory mapping of non-local variables and may lead to cde execution. (MFSA 


2011-04)\n\n - A buffer overflow vulnerability exists in the JavaScript engine's internal 

mapping of string values and may lead to code execution. (MFSA 2011-05)\n\n - A 

use-after-free error exists such that a JavaScript 'Worker' can be used to keep a reference to 

an object which can be freed during garbage collection. This vulnerability may lead to 

arbitrary code execution. (MFSA 2011-06)\n\n - A buffer overflow error exists related to 

the creation of very long strings and the insertion of those strings into an HTML document. 

This vulnerability may lead to arbitrary code execution. (MFSA 2011-07)\n\n - An input 

validation error exists int he class, 'ParanoidFragmentSink', which allows inline JavaScript 

and 'javascript:' URLs in a chrome document. Note that no unsafe usage occurs in Mozilla 

products, however community generated extensions could. (MFSA 2011-08)\n\n - A buffer 

overflow exist related to JPEG decoding and may lead to arbitrary code execution. (MFSA 

2011-09)\n\n - A cross-site request forgery (CSRF) vulnerability exists when an HTTP 307 

redirect is received in response to a plugin's request. The request is forwarded to the new 

location without the plugin's knowledge and with custom headers intact, even across 

origins. (MFSA 2011-10) 


CVE-2011-0062 







vulnerabilities :\n\n - Multiple memory corruption issues exists which could lead to 

arbitrary code execution. (MFSA 2011-01)\n\n - An error exists in the processing of 
















products, however community generated extensions could. (MFSA 2011-08)\n\n - A 

cross-site request forgery (CSRF) vulnerability exists when an HTTP 307 redirect is 

received in response to a plugin's request. The request is forwarded to the new location 

without the plugin's knowledge and with custom headers intact, even across origins. 

(MFSA 2011-10) 



CVE-2011-0059 






multiple vulnerabilities :\n\n - Multiple memory corruption issues exists which could lead 

to arbitrary code execution. (MFSA 2011-01)\n\n - An input validation error exists int he 

class, 'ParanoidFragmentSink', which allows inline JavaScript and 'javascript:' URLs in a 

chrome document. Note that no unsafe usage occurs in Mozilla products, however 

community generated extensions could. (MFSA 2011-08)\n\n - A buffer overflow exist 

related to JPEG decoding and may lead to arbitrary code execution. (MFSA 2011-09) 


CVE-2011-0062 






:%L.\n\nVersions of SeaMonkey 2.0.x earlier than 2.0.12 are potentially affected by 

multiple vulnerabilities :\n\n - Multiple memory corruption issues exists which could lead 

to arbitrary code execution. (MFSA 2011-01)\n\n - An error exists in the processing of 
















products, however community generated extensions could. (MFSA 2011-08)\n\n - A 

cross-site request forgery (CSRF) vulnerability exists when an HTTP 307 redirect is 

received in response to a plugin's request. The request is forwarded to the new location 

without the plugin's knowledge and with custom headers intact, even across origins. 

(MFSA 2011-10) 



CVE-2011-0062 






multiple vulnerabilities :\n\n - It may be possible to navigate or close the top location in a 

sandboxed frame. (42574, 42765)\n\n - An X server bug exists which could cause the 

application to crash with long messages. Note that this issue only affects Google Chrome 

on Linux. (49747)\n\n - It is possible to crash the browser with parallel prints. Note that this 

issue only affects Google Chrome on Linux. (66962)\n\n - A cross-origin error message 

leak exists (69187)\n\n - A memory corruption issue exists with counter nodes. (69628)\n\n 

- An unspecified issue exists with stale nodes in box layout. (70027)\n\n - A cross-origin 

error message leak exists with workers. (70336)\n\n - A use-after-free error exists with 

DOM URL handling. (70442)\n\n - An out-of-bounds read exists when handling unicode 

ranges. (70779)\n\n - A same origin policy bypass exists in V8. (70877)\n\n - It may be 

possible to bypass the pop-up blocker. (70885, 71167)\n\n - A use-after-free error exists in 

document script lifetime handling. (71763)\n\n - An out-of-bounds write issue exists in the 

OGG container. (71788)\n\n - A stale pointer exists in table painting. (72028)\n\n - A 

corrupt out-of-bounds structure may be used in video code. (73026)\n\n - It may be possible 

to crash the application with the DataView object. (73066)\n\n - A bad cast exists in text 

rendering. (73134)\n\n - A stale pointer exists in the WebKit context code. (73196)\n\n - It 

may be possible for heap addresses to leak in XSLT. (73716)\n\n - A stale pointer exists 

with SVG cursors. (73746)\n\n - It is possible for the DOM tree to be corrupted with 

attribute handling. (74030)\n\n - An unspecified corruption exists via re-entrancy of 

RegExp code. (74662)\n\n - An invalid memory access exists in v8. (74675) 


CVE-2011-1413 






%L.\n\nVersions of Safari earlier than 5.0.4 are potentially affected by several issues in the 

following component :\n\n - ImageIO\n\n - libxml\n\n - WebKit 


CVE-2011-0192 



Apple iPhone/iPad OS < 4.3 Multiple Vulnerabilities 




of iOS is %L.\n\nVersions of iOS earlier than 4.3 are potentially affected by multiple 


CoreGraphics\n\n - ImageIO\n\n - libxml\n\n - Networking\n\n - Safari\n\n - WebKit\n\n - 

Wi-Fi 


CVE-2011-0192 

Dropbox Client Retrieval Detection 


Description: Dropbox is a service to allow the transfer of large files which often cannot (or should not) 

be transferred via email. The remote host retrieved the following file from dropbox.com : 

%L 

Solution: N/A 


Apache Tomcat 7.0.x < 7.0.11 Security Bypass Vulnerability 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server is affected by security bypass vulnerability.\n\nFor 


\n %L \n\nVersions of Tomcat 7.0.x earlier than 7.0.11 are potentially affected by a 

security bypass vulnerability. When a web application is started, 'ServletSecurity' 

annotations might be ignored which could lead to some areas of the application not being 

protected as expected. 


CVE-2011-1419 

Facebook Chat Client Detection 



Description: The remote host is running the Facebook chat application. 




Google Chrome < 10.0.648.133 Code Execution Vulnerability 


Description: Synopsis :\n\nThe remote host contains a web browser that is affected by a code execution 

vulnerability.\n\nFor your information, the observed version of Google Chrome is 

%L.\n\nVersions of Google Chrome earlier than 10.0.648.133 are potentially affected by a 

memory corruption vulnerability in style handling. By tricking a user into opening a 

specially crafted web page, a remote unauthenticated attacker could execute arbitrary script 

code on the host subject to the privileges of the user running the affected application. 


CVE-2011-1290 

Facebook Chat Client Username Detection 


Description: The remote host is running the Facebook chat application. The logged UserID associated 

with this client account is : %P 

realtime 



Social Security Number Cleartext Transmission (Client) 

PVS ID: 5820 FAMILY: Data Leakage RISK: HIGH NESSUS ID:Not Available 

Description: The remote client sent a plaintext message which seems to contain a Social Security 

Number. Examine the following for possible confidential data : %L 

realtimeonly 

Solution: Ensure that confidential data is encrypted while in transit 






realtimeonly 









realtimeonly 







%L.\n\nVersions of Google Chrome earlier than 10.0.648.134 contain a vulnerable version 

of Adobe Flash Player. remote attacker could exploit this by tricking a user into viewing 

unspecified, malicious SWF content, resulting in arbitrary code execution. Note that this 

issue is currently being exploited in the wild. 


CVE-2011-0609 

PHP 5.3 < 5.3.6 String To Double Conversion DoS 



Description: Synopsis : \n\nThe remote web server uses a version of PHP that is affected by a denial of 

service vulnerability.\n\nFor your information, the version of PHP installed on the remote 

host is : \n %L \n\nVersions of PHP 5.3 earlier than 5.3.6 are potentially affected by 

multiple vulnerabilities : \n\n - An error exists in the function '_zip_name_locate()' in the 

file 'ext/zip/lib/zip_name_locate.c' which allows a NULL pointer to be dereferenced when 

processing an empty archive. (CVE-2011-0421)\n\n - A variable casting error exists in the 

Exif extension's C function 'exif_process_IFD_TAG()' in the file 'ext/exif/exif.c' could 

allow arbitrary code execution. (CVE-2011-0708)\n\n - An integer overflow vulnerability 

exists in the implementation of the PHP function 'shmop_read' in the file 

'ext/shmop/shmop.c'. (CVE-2011-1092)\n\n - An error exists in the file 'phar/phar_object.c' 

n which calls to 'zend_throw_exception_ex()' pass data as a string format parameter which 

could lead to information disclosure or memory corruption when handling PHP archives. 

(CVE-2011-1153)\n\n - A buffer overflow error exists in the C function 

'xbuf_format_converter' in the file 'main/snprintf.c' when the PHP configuration setting for 


'precision' is set to a large value. (Bug 54055)\n\n - An unspecified error exists in the 

security enforcement regarding the parsing of the fastcgi protocol with the 'FastCGI 

Process Manager' (FPM) SAPI. 


CVE-2011-1471 

Asterisk Multiple Denial of Service Vulnerabilities (AST-2011-003/AST-2011-004) 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote VoIP server is affected by denial of service 

vulnerabilities.\n\nFor your information, the observed version of Asterisk is : \n %L 

\n\nThe version of Asterisk running on the remote host may be vulnerable to multiple 

denial of service vulnerabilities : \n\n - A resource exhaustion issue exists in the Asterisk 

manager interface. (AST-2011-003)\n\n - A NULL pointer dereference issue exists in the 

TCP/TLS server. (AST-2011-004) 

Solution: Upgrade to Asterisk 1.6.1.24, 1.6.2.17.2, 1.8.3.2, or later. 

CVE-2011-1175 






10.6.7 contains a security fix for the following products :\n\n - Airport\n\n - Apache\n\n - 

AppleScript\n\n - ATS\n\n - bzip2\n\n - CarbonCore\n\n - ClamAV\n\n - CoreText\n\n - 

HFS\n\n - ImageIO\n\n - Image RAW\n\n - Installer\n\n - Kerberos\n\n - Kernel\n\n - 

Libinfo\n\n - libxml\n\n - Mailman\n\n - PHP\n\n - QuickLook\n\n - QuickTime\n\n - 

Ruby\n\n - Samba\n\n - Subversion\n\n - Terminal\n\n - X11\nIAVB Reference : 

2010-B-0083\nIAVB Reference : 2010-B-0106\nSTIG Finding Severity : Category I 


CVE-2011-1417 


Flash Player < 10.2.152.33 Unspecified Memory Corruption (APSB11-05) 


Description: Synopsis : \n\nThe remote host contains a browser plug-in that is affected by a memory 

corruption vulnerability.\n\nThe remote host has Adobe Flash Player installed. For your 

information, the observed version of Adobe Flash Player is : \n %L .\n\nVersions of Flash 

Player earlier than 10.2.152.33 are potentially affected by an unspecified memory 

corruption vulnerability. A remote attacker could exploit this by tricking a user into 


viewing maliciously crafted SWF content, resulting in arbitrary code.\n\nThis bug is 

currently being exploited in the wild. 


CVE-2011-0609 

Credit Card Number Cleartext Transmission (Client)Social Security Number Cleartext Transmission 

(Client) 




realtimeonly 



Credit Card Number Cleartext Transmission (Client) 




realtimeonly 







realtimeonly 









realtimeonly 







realtimeonly 





Description: The remote client sent a plaintext message which seems to contain a Credit Card Number. 

Examine the following for possible confidential data : %L 

realtimeonly 



SSL Revoked Certificate Detection 



program\n\nThe remote SSL server is using a certificate which has been revoked. The 

particular SSL certificate has a serial number of 

'\x92\x39\xd5\x34\x8f\x40\xd1\x69\x5a\x74\x54\x70\xe1\xf2\x3f\x43' and an Issuer of 

USERTRUST. 

Solution: There is a high probability that your server has been compromised. You should manually 

inspect and fix this system. 









'\xd8\xf3\x5f\x4e\xb7\x87\x2b\x2d\xab\x06\x92\xe3\x15\x38\x2f\xb0' and an Issuer of 

USERTRUST. 









'\x72\x03\x21\x05\xc5\x0c\x08\x57\x3d\x8e\xa5\x30\x4e\xfe\xe8\xb0' and an Issuer of 

USERTRUST. 









'\xb0\xb7\x13\x3e\xd0\x96\xf9\xb5\x6f\xae\x91\xc8\x74\xbd\x3a\xc0' and an Issuer of 

USERTRUST. 











'\xe9\x02\x8b\x95\x78\xe4\x15\xdc\x1a\x71\x0a\x2b\x88\x15\x44\x47' and an Issuer of 

USERTRUST. 









'\xd7\x55\x8f\xda\xf5\xf1\x10\x5b\xb2\x13\x28\x2b\x70\x77\x29\xa3' and an Issuer of 

USERTRUST. 









'\x04\x7e\xcb\xe9\xfc\xa5\x5f\x7b\xd0\x9e\xae\x36\xe1\x0c\xae\x1e' and an Issuer of 

USERTRUST. 










'\x00\xf5\xc8\x6a\xf3\x61\x62\xf1\x3a\x64\xf5\x4f\x6d\xc9\x58\x7c\x06' and an Issuer of 

USERTRUST. 





Mozilla Firefox 3.6.x < 3.6.16 Invalid HTTP Certificates 


RISK: 

MEDIUM 




:%L.\n\nVersions of Firefox 3.6.x earlier than 3.6.16 have an out-of-date SSL certificate 

blacklist. A certificate authority (CA) has revoked a number of fraudulent SSL certificates 

for several prominent public websites.\n\nIf an attacker can trick someone into using the 

affected browser and visiting a malicious site using one of the fraudulent certificates, he 

may be able to fool that user into believing the site is a legitimate one. In turn, the user 

could send credentials to the malicious site or download and install applications. 



Mozilla Firefox 3.5.x < 3.5.18 Invalid HTTP Certificates 


RISK: 

MEDIUM 




:%L.\n\nVersions of Firefox earlier than 3.5.18 have an out-of-date SSL certificate 








Mozilla SeaMonkey 2.0.x < 2.0.13 Invalid HTTP Certificates 



RISK: 

MEDIUM 




:%L.\n\nVersions of SeaMonkey earlier than 2.0.13 have an out-of-date SSL certificate 














multiple vulnerabilities :\n\n - A buffer error exists in string handling functions. 

(72517)\n\n - A use-after-free error exists in the process for loading frames. (73216)\n\n - A 

use-after-free error exists in the processing of HTML Collections. (73595)\n\n - An error 

exists in the processing of CSS which leaves stale pointers behind. (74562)\n\n - An 

unspecified error allows DOM tree corruption related to broken node-hierarchy. 

(74991)\n\n - An error exists in the processing of SVG text which leaves stale pointers 

behind. (75170) 


CVE-2011-1296 

VLC Media Player < 1.1.8 Multiple Buffer Overflows 





than 1.1.8 are potentially affected by buffer overflow vulnerabilities when handling 

specially crafted AMV and NSV files, which could result in arbitrary code execution. 


CVE-2010-3276 

Generic Credit Card Signature Detection 


Description: Generic credit card sigs 

Solution: N/A 







Solution: N/A 

realtimeonly 





Solution: N/A 

realtimeonly 





Solution: N/A 

realtimeonly 





Solution: N/A 

realtimeonly 







Solution: N/A 

realtimeonly 





Solution: N/A 

realtimeonly 





Solution: N/A 

realtimeonly 





Solution: N/A 

realtimeonly 







Solution: N/A 

realtimeonly 





Solution: N/A 

realtimeonly 





Solution: N/A 

realtimeonly 


Liferay Portal < 5.2.3 'exportFileName' File Creation Remote Code Execution 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server hosts a web application that is vulnerable to a code 

execution attack.\n\nThe remote web server hosts Liferay Portal, a web portal for building 

business solutions. For your information, the observed version of Liferay Portal installed on 

the remote host is : \n %L \n\nVersions of Liferay Portal earlier than 5.3.2 are potentially 

affected by a code execution vulnerability in the Liferay Calendar module. A remote 

attacker, who gains poweruser access, can execute arbitrary JSP code on the remote host. 



Liferay Portal < 6.0.6 Multiple Vulnerabilities 




RISK: 

MEDIUM 

Description: Synopsis : \n\nThe remote web server hosts a web application that is vulnerable to multiple 

attack vectors.\n\nThe remote web server hosts Liferay Portal, a web portal for building 

business solutions. For your information, the observed version of Liferay Portal installed on 

the remote host is : \n %L \n\nVersions of Liferay Portal earlier than 6.0.6 are potentially 

affected by multiple vulnerabilities : \n\n - An unspecified command execution 

vulnerability exists in the portlet 'XSL content'. (LPS-14726)\n\n - An arbitrary file 

disclosure vulnerability exists in XXE. (LPS-14927)\n\n - It is possible to read arbitrary 

XSL and XML files on the remote host via the 'file: ///' path. (LPS-13762)\n\n - An 

unspecified cross-site scripting vulnerability may exist. (LPS-11506)\n\n - A cross-site 

scripting vulnerability exists in message board search. (LPS-12628) 



Web Server Pornographic Material Detected 


RISK: 

MEDIUM 


Description: The remote server is serving pornographic materials. The observed request 

was:\n%P\n\nThe observed response from the web server was\n%L\n 

Solution: Ensure that the content on this webserver is in compliance with the standards and policies 

regarding web content. 




RISK: 

MEDIUM 










RISK: 

MEDIUM 










RISK: 

MEDIUM 









RISK: 

MEDIUM 









RISK: 

MEDIUM 










RISK: 

MEDIUM 










RISK: 

MEDIUM 









RISK: 

MEDIUM 









RISK: 

MEDIUM 










RISK: 

MEDIUM 










RISK: 

MEDIUM 









RISK: 

MEDIUM 









RISK: 

MEDIUM 







Wikipedia Page 'edit' Detection 




Description: The remote client was just logged editing the following Wikipedia article: '%L'\nYou 

should ensure that such actions are in alignment with Corporate policies and guidelines. 

Solution: N/A 


Microsoft .NET Verbose Error Reporting Detection 


RISK: 

MEDIUM 



attacks\n\nThe remote .NET server has enabled verbose error reporting. By default, such 

reports are only accessible via localhost (127.0.0.1). If enabled, remote attackers can gain 

useful information for future attacks. Information displayed includes: source code, stack 

trace, physical path of the application, error codes, and more. In addition, there have been 

flaws in the way that .NET 'ValidateRequest' handles malicious inputs. The request which 

generated the verbose error was: \n%P\n\nAnd the error was generated in: \n %L 

Solution: Disable verbose error reporting in .NET applications 


Web Server iFrame Source Hosted on 3rd-party Server 


Description: The remote web server has an iFrame tag which pulls its source from another web server. 

The iFrame in question is: %L\n\nThe location of the code which embeds this iFrame is: 

%P 

Solution: Ensure that the iFrame points to a web server which is a trusted site. 


Joomla! 1.6 < 1.6.1 Multiple Vulnerabilities 



RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server has an application that is vulnerable to multiple 

attack vectors.\n\nThe remote web server is hosting Joomla!, a content management system 

written in PHP. For your information, the observed version of Joomla! is : \n %L 

.\n\nVersions of Joomla 1.6 earlier than 1.6.1 are potentially affected by multiple 

vulnerabilities : \n\n - An unspecified SQL injection and path disclosure issue. 

(20110201)\n\n - An uncaught exception could cause full path disclosure. (20110202)\n\n - 

Inadequate checking for double URI encoding could lead to cross-site scripting 

vulnerabilities. (20110203)\n\n - Inadequate filtering exposes cross-site scripting 

vulnerabilities. (20110204)\n\n - Inadequate access checking leads to information 

disclosure. (20110301)\n\n - There is inadequate checking of redirect URLs. 


(20110302)\n\n - Inadequate filtering causes information disclosure. (20110303)\n\n - 

There is inadequate control of which files can be edited by authenticated users. 

(20110304)\n\n - Inadequate token checking leads to a cross-site request forgery 

vulnerability. (20110305)\n\n - Editor caching can cause a denial of service by filling up 

the disk. (20110306)\n\n - Inadequate filtering exposes cross-site scripting vulnerabilities. 

(20110307)\n\n - Inadequate token checking leads to a cross-site request forgery 

vulnerability. (20110308) 



MyBB < 1.4.15 / 1.6 < 1.6.2 Multiple Vulnerabilities 


RISK: 

MEDIUM 



multiple attack vectors.\n\nThe remote web server hosts MyBB, a web-based discussion 

board application. For your information, the observed version of MyBB is : \n %L 

\n\nVersions of MyBB earlier than 1.4.15, or 1.6.x earlier than 1.6.2 are potentially affected 

by multiple issues : \n\n - A cross-site scripting vulnerability exists in the modcp.php script. 

(1464)\n\n - A cross-site scripting vulnerabililty exists in the 'xmlhttp.php' script. 

(1460)\n\n - A cross-site scripting issue exists relating to HTML content in posts. (1422) 

Solution: Upgrade to MyBB 1.4.15, 1.6.2, or later. 


LizaMoon Malware Detection 


Description: Synopsis :\n\nThe remote web server seems to have been compromised by 

LizaMoon.\n\nThe remote web site seems to link to malicious javascript files hosted on a 

third party web site related to the LizaMoon Malware. This typically means that the remote 

web site has been compromised, likely through SQL injection, and it may infect its visitors 

as well. 

Solution: Restore your website to its original state and audit your dynamic pages for SQL injection 



Joomla! 1.5 < 1.5.23 Information Disclosure Vulnerability 



RISK: 

MEDIUM 



Description: Synopsis : \n\nThe remote web server has an application that is affected by an information 

disclosure vulnerability.\n\nThe remote web server is hosting Joomla!, a content 

management system written in PHP. For your information, the observed version of Joomla! 

is : \n %L .\n\nVersions of Joomla! 1.5.x earlier than 1.5.23 are potentially affected by an 

information disclosure vulnerability caused by insufficient error checking. 





RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server is affected by security bypass vulnerability.\n\nFor 


\n %L \n\nVersions of Tomcat 7.0.x earlier than 7.0.12 are potentially affected by multiple 

vulnerabilities : \n\n - An information disclosure exists in the HTTP BIO connector. 

(CVE-2011-1475)\n\n - A security bypass vulnerability exists due to a regression in the fix 

for CVE-2011-1088. Note that this issue only affects Tomcat 7.0.11.(CVE-2011-1183) 


CVE-2011-1475 

VLC Media Player < 1.1.9 Heap Corruption Vulnerability 





than 1.1.9 are potentially affected by heap corruption vulnerability in the MP4 

demultiplexer which could lead to arbitrary code execution. 


CVE-2011-1684 

Facebook Status Update Detection 


Description: The remote host is running the Facebook chat application and was just observed updating 

their status 

realtime 





Facebook Status Update Detection 


Description: The remote host is running the Facebook chat application and was just observed updating 

their status to : %L 

realtimeonly 








12.0.1.647 are potentially affected by multiple code execution vulnerabilities :\n\n - An 

error exists in the function 'OpenURLInDefaultBrowser' which mishandles certain file 

types and can allow arbitrary code execution via crafted RealPlayer audio or settings 

(RNX) files. (CVE-2011-1426)\n\n - A heap based buffer overflow vulnerability exists and 

can be exploited when RealPlayer is processing certain Internet Video Recording (IVR) 

files. (CVE-2011-1525) 


CVE-2011-1525 

Facebook Profile Edit Detection 


Description: The remote host is running the Facebook application and was just observed making 

changes to their profile 

realtimeonly 




Apple iPhone/iPad OS < 4.3.2 Multiple Vulnerabilities 





of iOS is %L.\n\nVersions of iOS earlier than 4.3.2 are potentially affected by multiple 

vulnerabilities. iOS 4.3.2 contains security fixes for the following products :\n\n - 

Certificate Trust Policy\n\n - libxslt\n\n - QuickLook\n\n - WebKit 

Solution: Upgrade to iOS 4.3.2 or later. 

CVE-2011-1417 

Apple iPhone/iPad OS 4.2.5 / 4.2.6 Multiple Vulnerabilities 




of iOS is %L.\n\nVersions of iOS 4.2.5 or 4.2.6 are potentially affected by multiple 

vulnerabilities. iOS 4.2.7 contains security fixes for the following products :\n\n - 

Certificate Trust Policy\n\n - QuickLook\n\n - WebKit 


CVE-2011-1417 




vectors.\n\nThe remote host has Safari installed. For your information, the observed version 

of Safari is %L.\n\nVersions of Safari earlier than 5.0.5 are potentially affected by several 

issues in the following component :\n\n - WebKit 


CVE-2011-1344 







multiple vulnerabilities :\n\n - Chrome uses a version of Adobe Flash player that is affected 

by an unspecified security vulnerability. (CVE-2011-0611)\n\n - An off-by-three error 

exists in the GPU process. (70070)\n\n. - A use-after-free issue exists in the GPU process. 

(75629)\n\n - A heap overflow issue exists in the GPU process. (78524) 



CVE-2011-1302 

Flash Player < 10.2.159.1 Unspecified Memory Corruption (APSB11-07) 





Player earlier than 10.2.159.1 are potentially affected by a memory corruption 

vulnerability. By tricking a user on the affected system into opening a specially crafted 

document with Flash content, such as a SWF file embedded in a Microsoft Word 

document, and attacker can potentially leverage this issue to execute arbitrary code 

remotely on the system subject to the user's privileges.\n\nNote that there are reports that 

this issue is being exploited in the wild as of April 2011. 


CVE-2011-0611 

Joomla! 1.6 < 1.6.2 Multiple Vulnerabilities 


RISK: 

MEDIUM 






vulnerabilities : \n\n - Multiple inadequate error checking issues could lead to information 

disclosure. (20110402, 20110403)\n\n - Unescaped values in the administrative modal 

windows causes potential cross-site scripting vulnerabilities. (20110404)\n\n - Multiple 

inadequate filtering issues could lead to cross-site scripting attacks. (20110405, 

20110406)\n\n - Inadequate permissions checking could allow unauthorised access. 

(20110407)\n\n - Unescaped values in a query could lead to a SQL injection vulnerability. 

(20110408)\n\n - Inadequate protection could lead to a clickjacking vulnerability. 

(20110409) 



iTunes < 10.2.2 Multiple Vulnerabilities 






iTunes earlier than 10.2.2 are potentially affected by several issues :\n\n - An integer 


overflow issue in the handling of nodesets could lead to a crash or arbitrary code execution. 

(CVE-2011-1290)\n\n - A use after free issue in the handling of text nodes could lead to a 

crash or arbitrary code execution. (CVE-2011-1344) 


CVE-2011-1344 

TodouVA Proxy Detection 


Description: Synopsis :\n\nThe remote host is operating an open proxy.\n\nThe remote host is running 

the TodouVA proxy. The version installed accepts unauthenticated HTTP requests. By 

routing requests through the affected proxy, a user may be able to gain some degree of 

anonymity while browsing web sites, which will see requests as originating from the 

remote host itself rather than the user's host. 

Solution: Make sure access to the proxy is limited to valid users / hosts. 




RISK: 

MEDIUM 




earlier than Fix Pack 4 are potentially affected by multiple vulnerabilities :\n\n - It may be 

possible for users to updates statistics for tables without appropriate privileges. 

(IC72119)\n\n - Users continue to have privilege to execute a non-DDL statement after role 

membership has been revoked from its group. (IC71375)\nIAVB Reference : 



CVE-2011-1847 

Asterisk Multiple Vulnerabilities (AST-2011-005/AST-2011-006) 



RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote VoIP server is vulnerable to multiple attack vectors.\n\nFor your 

information, the observed version of Asterisk is : \n %L \n\nThe version of Asterisk 

running on the remote host is potentially affected by multiple issues : \n\n - On systems that 

have the Asterisk Manager interface, Skinny, SIP over TCP, or the built in HTTP server 

enabled, it is possible for an attacker to open as many connections to asterisk as he wishes 

which would cause Asterisk to run out of available file descriptors and stop processing any 

new calls. (AST-2011-005)\n\n - It is possible to bypass a security check and execute shell 


commands when they should not have that ability. Note that only users with the 'system' 

privileges should be able to do this. (AST-2011-006) 

Solution: Upgrade to Asterisk 1.4.40.1, 1.6.1.25, 1.6.2.17.3, 1.8.3.3, Business Edition C.3.6.4, or 

later. 

CVE-2011-1599 

Skype Detection (User-Agent) 



corporate policy\n\nThe remote host is using the Skype program, a peer to peer chat and 

VoIP software. The reported version number is : %L 

Solution: Ensure that the use of this software is in accordance with organizational security policies. 








multiple vulnerabilities :\n\n - A stale pointer exists in floating point handling. (61502)\n\n 

- It may be possible to bypass the pop-up blocker via plug-ins. (70538)\n\n - A linked-list 

race issue exists in database handling. Note that this issue only affects Chrome on Linux 

and Mac OS. (70589)\n\n - There is a lack of thread safety in MIME handling. (71586)\n\n 

- A bad extension with 'tabs' permission can capture local files. (72523)\n\n - It is possible 

to crash the browser due to bad interaction with X. Note that this issue only affects Chrome 

on Linux. (72910)- Multiple integer overflows exist in float rendering. (73526)\n\n - A 

same origin policy violation exists with blobs. (74653)\n\n - A use-after-free error exists 

with ruby tags and CSS. (75186)\n\n - A bad cast exists with floating select lists. 

(75347)\n\n - Corrupt node trees exists with mutation events. (75801)\n\n - Multiple stale 

pointers exist in layering code. (76001)\n\n - A race condition exists in the sandbox 

launcher. (76542)\n\n - An out-of-bounds read exists in SVG. (76646)\n\n - It is possible to 

spoof the URL bar with navigation errors and interrupted loads. (76666, 77507, 78031)\n\n 

- A stale pointer exists in drop-down list handling. (76966)\n\n - A stale pointer exists in 

height calculations. (77130)\n\n - A use-after-free error exists in WebSockets. (77346)\n\n - 

Multiple dangling pointers exist in file dialogs. (77349)\n\n - Multiple dangling pointers 

exist in DOM id map. (77463)\n\n - It is possible to spoof the URL bar with redirect and 

manual reload. (77786)\n\n - A use-after-free issue exists in DOM id handling. (79199)\n\n 

- An out-of-bounds read exists when handling multipart-encoded PDFs. (79361)\n\n - 

Multiple stale pointers exist with PDF forms. (79364) 



CVE-2011-1456 




attack vectors.\n\nFor your information, the observed version of Firefox is : \n %L 

\n\nVersions of Firefox earlier than 3.5.19 are potentially affected by multiple 

vulnerabilities : \n\nMultiple memory corruption issues could lead to arbitrary code 

execution. (MFSA2011-12)\n\n - Multiple dangling pointer vulnerabilities exist. 

(MFSA2011-13)\n\n - A Java applet could be used to mimic interaction with form 

autocomplete controls and steal entries from the form history. (MFSA2011-14)\n\n - The 

Java Embedding Plugin (JEP) shipped with the Mac OS X versions of Firefox could be 

exploited to obtain elevated access to resources on a user's system. (MFSA2011-15)\n\n - 

The 'resource: ' protocol could be exploited to allow directory traversal on Windows and 

the potential loading of resources from non-permitted locations. (MFSA2011-16)\n\n - The 

XSLT 'generate-id()' function returns may return a string that reveals a specific valid 

address of an object on the memory heap. (MFSA2011-18) 


CVE-2011-1202 





\n\nVersions of Firefox 3.6.x earlier than 3.6.17 are potentially affected by multiple 





Java Embedding Plugin (JEP) shipped with the Mac OS X versions of Firefox could be 




XSLT 'generate-id()' function returned a string that revealed a specific valid address of an 

object on the memory heap. (MFSA2011-18) 


CVE-2011-1202 









execution. (MFSA2011-12)\n\n - Multiple vulnerabilities in the WebGL feature and 

WebGLES could be exploited to execute arbitrary code or bypass ASLR protection on 

Windows. (MFSA2011-17) - The XSLT 'generate-id()' function returned a string that 

revealed a specific valid address of an object on the memory heap. (MFSA2011-18) 


CVE-2011-1202 







code execution. (MFSA2011-12)\n\n - The 'resource:' protocol could be exploited to allow 

directory traversal on Windows and the potential loading of resources from non-permitted 

locations. (MFSA2011-16) 


CVE-2011-0081 




attack vectors.\n\nFor your information, the observed version of SeaMonkey is : \n %L 

\n\nVersions of SeaMonkey earlier than 2.0.14 are potentially affected by multiple 





Java Embedding Plugin (JEP) shipped with the Mac OS X versions of SeaMonkey could be 




XSLT 'generate-id()' function returned a string that revealed a specific valid address of an 

object on the memory heap. (MFSA2011-18) 


CVE-2011-1202 



HP Network Node Manager i (NNMi) Multiple Vulnerabilities 


RISK: 

MEDIUM 



attack vectors.\n\nThe remote host contains HP Network Node Manager i, a fault 

management application.\n\nFor your information, the observed version of HP Network 

Node Manager i is : \n %L \n\nVersions of HP Network Node Manager i earlier than 

9.01.003 are potentially affected by multiple issues : \n\n - An unspecified vulnerability 

allows local users to read arbitrary files via unknown vectors. (CVE-2011-0897)\n\n - A 

cross-site scripting vulnerability exists. (CVE-2011-0898) 

Solution: Apply the patch supplied by HP. 

CVE-2011-0898 

IBM Solid Database < 4.5.182 / 6.0.1069 / 6.3.49 / 6.5.0.4 Denial of Service Vulnerability 


Description: Synopsis :\n\nThe remote database server is vulnerable to a remote code execution 

attack.\n\nThe remote host is running IBM solidDB. For your information, the observed 

version of solidDB is :%L.\n\nVersions of solidDB earlier than 4.5.182, 6.0.x earlier than 

6.0.1069, 6.3.x earlier than 6.3 Fix Pack 8, and 6.5.x earlier than 6.5.0.4 are potentially 

affected by a denial of service vulnerability due to a flaw in the way the application handles 

the rpc_test_svc_readwrite and rpc_test_svc_done commands. A remote unauthenticated 

attacker, exploiting this flaw, could crash the affected host. 

Solution: Upgrade to IBM solidDB 4.5.182, 6.0.1069, 6.3 Fix Pack 8, 6.5 Fix Pack 4, or later. 

CVE-2011-1208 

Novell File Reporter Agent XML Parsing Remote Code Execution 


Description: Synopsis : \n\nThe remote host contains a service that is vulnerable to a remote buffer 

overflow attack.\n\nNovell File Reporter Agent, a tool for identifying files stored on the 

network, is installed on the remote host. For your information, the observed version of 

Novell File Reporter Agent is : \n %L \n\nVersions of Novell File Reporter Agent earlier 

than 1.0.4.2 are potentially affected by a buffer overflow vulnerability because the service, 

which listens by default on TCP port 3037, blindly copies user-supplied data into a 

fixed-length buffer on the stack when handling the contents of an XML tag. An 

unauthenticated remote attacker who can access the agent service can leverage this issue to 

execute arbitrary code under the context of the user running the affected application. 

Solution: Upgrade to Novell File Reporter 1.0.2, which includes NFR Agent version 1.0.4.2. 

CVE-2011-0994 



Oracle Database Client Traffic Detection 


Description: The remote web server is running a database client 

realtime 

Solution: N/A 


Bind9 9.8.0 RRSIG Query Type Remote Denial of Service Vulnerability 


RISK: 

MEDIUM 




version of Bind is : \n %L \n\nBind9 9.8.0 is potentially affected by a denial of service 

vulnerability. This issue only affects BIND users who use the RPZ feature configured for 

RRset replacement. When RPZ is being used, a query of type RRSIG for a name 

configured for RRset replacement will trigger an assertion failure and cause the name 

server process to exit. 

Solution: Upgrade to BIND 9.8.0-P1 or later. 

CVE-2011-1907 

Exim < 4.70 string_format Function Remote Overflow 


Description: Synopsis : \n\nThe remote mail server is vulnerable to a command execution 

attack.\n\nThe remote host is running Exim, a message transfer agent. For your 

information, the observed version of Exim is : \n %L .\n\nVersions of Exim earlier 

than 4.70 are potentially affected by a heap overflow vulnerability. By sending a 

specially crafted message to the server, a remote attacker can leverage this 

vulnerability to execute arbitrary code on the server subject to the privileges of the 

user running the affected application. 


CVE-2010-4344 

Exim < 4.76 dkim_exim_verify_finish Remote Format String Vulnerability 



RISK: 

MEDIUM 



Description: Synopsis : \n\nThe remote mail server is vulnerable to a command execution attack.\n\nThe 

remote host is running Exim, a message transfer agent. For your information, the observed 

version of Exim is : \n %L .\n\nVersions of Exim earlier than 4.76 are potentially affected 

by a format string vulnerability in logging DKIM information from an inbound email. By 

sending a specially crafted message to the server, a remote attacker can leverage this 

vulnerability to execute arbitrary code on the server subject to the privileges of the user 

running the affected application. 


CVE-2011-1764 





\n%L.\n\nVersions of Google Chrome earlier than 11.0.696.68 are potentially affected by 

multiple vulnerabilities :\n\n - Bad casts exist in Chromium WebKit glue. 

(CVE-2011-1799)\n\n - Integer overflows exist in the SVG filters. (CVE-2011-1800) 


CVE-2011-1800 

FTP Client Data Leakage 


Description: The remote host is running an FTP client which appears to be leaking the following 

confidential data: %L 

Solution: N/A 

realtimeonly 






Solution: N/A 

realtimeonly 








Solution: N/A 

realtimeonly 







Player earlier than 10.3.181.14 are potentially affected by multiple vulnerabilities : \n\n - A 

design flaw exists that could lead to information disclosure. (CVE-2011-0579)\n\n - An 

integer overflow exists that could lead to code execution. (CVE-2011-0618, 

CVE-2011-0628)\n\n - Multiple memory corruption issues exist that could lead to code 

execution. (CVE-2011-0619, CVE-2011-0620, CVE-2011-0621, CVE-2011-0622, 

CVE-2011-0627)\n\n - Multiple bounds checking issues exist that could lead to code 

execution. (CVE-2011-0623, CVE-2011-0624, CVE-2011-0625, CVE-2011-0626) 


CVE-2011-0628 





Solution: N/A 

realtimeonly 








Solution: N/A 

realtimeonly 






Solution: N/A 

realtimeonly 






Solution: N/A 

realtimeonly 






Solution: N/A 

realtimeonly 








Solution: N/A 

realtimeonly 






Solution: N/A 

realtimeonly 




RISK: 

MEDIUM 



is running Adobe Flash Media server. For your information, the observed version of Adobe 

Flash Media Sever is : \n %L \n\nVersions of Adobe FLash Media Server earlier than 3.5.6 

or 4.0.2 are potentially affected by multiple vulnerabilities : \n\n - A memory corruption 

issue exists due to a race condition in the TLS extension code provided by the bundled 

version of OpenSSL. (CVE-2010-3864)\n\n - An unspecified error relating to processing 

certain XML content could lead to a denial of service. (CVE-2011-0612) 


CVE-2010-3864 

Opera < 11.11 Frameset Memory Corruption 



Description: Synopsis :\n\nThe remote host has a web browser installed that is affected by a memory 

corruption vulnerability.\n\nThe remote host is running the Opera web browser. For your 

information, the observed version of Opera is \n%L\n\nVersions of Opera earlier than 

11.11 are potentially affected by a memory corruption vulnerability because the application 

does not properly handle specific framesets when unloading a page. An attacker could craft 

a web page that will trigger the vulnerability which may allow arbitrary code execution 

subject to the privileges of the user running the affected application. 




HP Intelligent Management Center Detection 


Description: Synopsis : \n\nThe remote host has a network management application installed.\n\nHP 

Intelligent Management Center, a network management application, is installed on the 

remote host. For your information, the observed version of HP Intelligent Management 

Center is : \n %L \n\n 

Solution: n/a 


HP Intelligent Management Center < 5.0 E0101-L02 Multiple Vulnerabilities 


Description: Synopsis : \n\nThe remote host has an application installed that is affected by multiple 

vulnerabilities.\n\nFor your information, the version of HP Intelligent Management Center 

installed on the remote host is : \n %L \n\nVersions of HP Intelligent Management Center 

earlier than 5.0 E0101-L02 are potentially affected by multiple vulnerabilities : \n\n - A 

stack-based buffer overflow vulnerability exists in the 'img.exe' component. 

(CVE-2011-1848)\n\n - An unspecified vulnerability in the 'tftpserver.exe' component 

exists which could allow an attacker to create arbitrary files on the server. 

(CVE-2011-1849)\n\n - A stack-based buffer overflow vulnerability exists in the 

'dbman.exe' component. (CVE-2011-1850)\n\n - Multiple buffer overflow vulnerabilities 

exist in the 'tftpserver.exe' component. (CVE-2011-1851, CVE-2011-1852, 

CVE-2011-1853)\n\n - A use-after-free vulnerability exists in the 'imcsyslogdm.exe' 

component. (CVE-2011-1854) 

Solution: Upgrade to HP Intelligent Management Center 5.0 E0101-L02 or later. 

CVE-2011-1854 




RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote database server is vulnerable to multiple attack vectors.\n\nFor 

your information, the observed version of MySQL Community Server is : \n %L 

\n\nVersions of MySQL Community Server 5.1 earlier than 5.1.52 are potentially affected 

by multiple vulnerabilities : \n\n - An error exists in the handling of 'EXPLAIN' for a 

'SELECT' statement from a derived table which can cause the server to crash. (54488)\n\n - 

An error exists int he handling of 'EXPLAIN EXTENDED' when used in some prepared 

statements, which can cause the server to crash. (54494)\n\n - The server does not check the 


type of values assigned to items of type 'GeometryCollection'. Such assignments can cause 

the server to crash. (55531) 



Checkpoint Firewall ESMTP Service Detection 


Description: The remote host is a Checkpoint Firewall ESMTP server. The banner is: %L 

Solution: N/A 


phpMyAdmin 3.3.x < 3.3.10.1 / 3.4.x < 3.4.1 Multiple Vulnerabilities 


RISK: 

MEDIUM 



multiple attack vectors.\n\nFor your information, the observed version of phpMyAdmin is : 

\n %L \n\nVersions of phpMyAdmin 3.3.x earlier than 3.3.10.1 and 3.4.x earlier than 3.4.1 

are potentially affected by multiple vulnerabilities : \n\n - It is possible to create a crafted 

table name that could lead to a cross-site scripting attack. (PMASA-2011-3)\n\n - It is 

possible to redirect to an arbitrary, untrusted site, leading to a possible phishing site. 

(PMASA-2011-4) 

Solution: Upgrade to phpMyAdmin 3.3.10.1, 3.4.1, or later. 







multiple vulnerabilities :\n\n - It may be possible to bypass the pop-up blocker. 

(CVE-2011-1801)\n\n - A stale pointer exists in floats rendering. (CVE-2011-1804)\n\n - A 

memory corruption issue exists in the GPU command buffer. (CVE-2011-1806)\n\n - An 

out-of-bounds write exists in blob handling. (CVE-2011-1807) 


CVE-2011-1807 



IBM Tivoli Management Framework Endpoint '/addr' Remote Buffer Overflow 


Description: Synopsis : \n\nThe remote host is running a web server that is affected by a buffer overflow 

vulnerability.\n\nThe remote host is running IBM Tivoli Endpoint, a component of Tivoli 

Management Framework. For your information, the observed version of IBM Tivoli 

Endpoint is : \n %L \n\nVersions of IBM Tivoli Endpoint earlier than 4.1.1-LCF-0076 or 

4.3.1-LCF-0012LA are potentially affected by a buffer overflow vulnerability because 

input to the 'opts' parameter of '/addr' is not properly validated. A remote, authenticated 

attacker could exploit this by sending a malicious POST request to the server, resulting in 

arbitrary code execution. \nIAVA Reference : 2011-A-0072\nSTIG Finding Severity : 

Category I 

Solution: Upgrade to Tivoli Endpoint 4.1.1-LCF-0076 / 4.3.1-LCF-0012LA or later. Alternatively, 

use the workaround described in the IBM advisory. 

CVE-2011-1220 

ISC BIND 9 Large RRSIG RRsets Negative Caching Remote DoS 


RISK: 

MEDIUM 




version of Bind is : \n %L \n\nVersions of BIND 9.4 earlier than 9.4-ESV-R4-P1, 9.6 

earlier than 9.6-ESV-R4-P1, 9.7 earlier than 9.7.3-P1, and 9.8 earlier than 9.8.0-P2 are 

potentially affected by a denial of service vulnerability. If BIND queries a domain with 

large RRSIG resource record sets it may trigger an assertion failure and cause the name 

server process to crash due to an off-by-one error in the buffer size check. 

Solution: Upgrade to BIND 9.4-ESV-R4-P1 / 9.6-ESV-R4-P1, 9.7.3-P1, 9.8.0-P2, or later. 

VNC Detection 

CVE-2011-1910 


Description: VNC (Virtual Network Computing) is installed on this host on this port. Disable this 

service if it is not used actively and for a legitimate purpose. 

Solution: N/A 

realtimeonly 






Description: The remote host is running Terminal Services or Remote Desktop Protocol (RDP). This 

protocol is used to manage remote servers and is installed, by default, on Windows XP 

Systems. An attacker can use this port to brute force the user accounts present on the 

server. 

realtimeonly 



PVS-SSH-Server-Session_Start 


Description: The remote host is running a SSH server : \n %L 

Solution: N/A 

realtimeonly 

PVS-SSH-Session_Start 



Description: The remote host client just initiated a SSH session 

Solution: N/A 

SSL Client Detection 

realtimeonly 



Description: The remote host is an SSL/TLS client 

Solution: N/A 

realtimeonly 



Asterisk SIP Channel Driver Denial of Service (AST-2011-007) 



RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote VoIP server is vulnerable to a denial of service attack.\n\nFor 

your information, the observed version of Asterisk is : \n %L \n\nThe version of Asterisk 

running on the remote host is potentially affected by a denial of service vulnerability. If a 

remote attacker initiates a SIP call and the recipient picks up, the remote user can reply 

with a malformed Contact header that will cause Asterisk to crash. 

Solution: Upgrade to Asterisk 1.8.4.2 or later. 

CVE-2011-2216 

Havij SQL Injection Tool Detection 



corporate policy.\n\nThe remote host is running the Havij SQL injection tool. Havij is a 

web application testing tool that allows users to automatically scan web application servers 

for SQL injection vulnerabilities. 



Flash Player < 10.3.181.22 Cross-Site Scripting (APSB11-13) 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host contains a browser plug-in that is affected by a cross-site 

scripting vulnerability.\n\nThe remote host has Adobe Flash Player installed. For your 


Player earlier than 10.3.181.22, or 10.3.181.23 for the ActiveX control, are potentially 

affected by an unspecified cross-site scripting vulnerability. 

Solution: Upgrade to Flash Player 10.3.181.22 (10.3.181.23 for ActiveX) or later. 

CVE-2011-2107 






%L.\n\nVersions of Novell iPrint Client earlier than 5.64 are potentially affected by 

multiple vulnerabilities :\n\n - The nipplib.dll component, as used by both types of browser 

plugins, does not properly handle the uri parameter from the user specified printer-url 

before passing it to a fixed-length buffer on the heap. (ZDI-11-172 / CVE-2011-1699)\n\n - 


The nipplib.dll component, as used by both types of browser plugins, does not properly 

handle the profile time parameter from the user specified printer-url before passing it to a 

fixed-length buffer on the heap. (ZDI-11-173 / CVE-2011-1700)\n\n - The nipplib.dll 

component, as used by both types of browser plugins, does not properly handle the 

profile-name parameter from the user specified printer url before passing it to a 


component, as used by both types of browser plugins, does not properly handle the 

file-date-time parameter from the user specified printer-url before passing it to a 


component, as used by both types of browser plugins, does not properly handle the driver 

version parameter from the user-specified printer-url before passing it to a fixed-length 

buffer on the heap. (ZDI-11-176 / CVE-2011-1703)\n\n - The nipplib.dll component, as 

used by both types of browser plugins, does not properly handle the core-package 

parameter from the user specified printer-url before passing it to a fixed-length buffer on 

the heap. (ZDI-11-177 / CVE_2011-1704)\n\n - The nipplib.dll component, as used by both 

types of browser plugins, does not properly handle the client-file-name parameter from the 

user specified printer-url before passing it to a fixed-length buffer on the heap. 

(ZDI-11-178 / CVE-2011-1705)\n\n - The nipplib.dll component, as used by both types of 

browser plugins, does not properly handle the iprint-client-config-info parameter form the 



browser plugins, does not properly handle the op-printer-list-all-jobs parameter from the 



browser plugins, does not properly handle the op-printer-list-all-jobs parameter from the 


(ZDI-11-181 / CVE-2011-1707) 


CVE-2011-1708 







multiple vulnerabilities :\n\n - A use-after-free issue exists due to integer issues in float 

handling. (Issue 73962, 79746)\n\n - A use-after-free issue exists in accessibility support. 

(Issue 75496)\n\n - A visit history information leak exists in CSS. (Issue 75643)\n\n - It is 

possible to crash the browser with lots of form submissions. (Issue 76034)\n\n - An 

extensions permission bypass exists. (Issue 77026)\n\n - A stale pointer exists in the 

extension framework. (Issue 78516)\n\n - It is possible to read from an uninitialized 

pointer. (Issue 79362)\n\n - It is possible to perform script injection into the new tab page. 

(Issue 79862)\n\n - A use-after-free issue exists in developer tools. (Issue 80358)\n\n - A 

memory corruption issue exists in history deletion. (Issue 81916)\n\n - A use-after-free 

issue exists in the image loader. (Issue 81949)\n\n - It is possible to perform an extension 

injection into chrome:// pages. (Issue 83010\n\n - A same origin bypass exists in V8. (Issue 


83275)\n\n - A same origin bypass exists in DOM. (Issue 83743) 


CVE-2011-2342 

Hulu Username Detection 


Description: The following Hulu username is being used to access Hulu video resources: %L 

realtimeonly 

Solution: Ensure that such usage is in alignment with existing policies and guidelines regarding 

network/pc resources 


Hulu Start Video Session Detection 


Description: The remote Hulu client just started watching: %L 

realtimeonly 




VLC Media Player < 1.1.10 XSPF Playlist Parser Integer Overflow 


Description: Synopsis : \n\nThe remote host contains an application that allows arbitrary code 


information, the observed version of VLC is : \n %L .\n\nVersions of VLC media player 

earlier than 1.1.10 are potentially affected by an integer overflow in the XSPF playlist 

parser. Exploiting this vulnerability can lead to application crashes and possibly code 

execution. 


CVE-2011-2194 

BitTorrent Protocol Traffic Detection 




Description: The remote host has just passed BitTorrent client/server traffic. 

realtimeonly 


Box.net Client Detection 



Description: The remote host is a Box.net client. Box.net is used to share files with multiple recipients. 

Solution: Ensure that Box.net is allowed with respect to corporate policies and guidelines. 


Box.net File Share Detection 



The following email recipients were sent a box.net file: %L 

realtimeonly 






The following file was just uploaded to box.net: %L 

realtimeonly 








The following file was just uploaded to box.net: %L 

realtimeonly 



Movable Type < 4.361 / 5.051 / 5.11 Multiple Unspecified Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is vulnerable to multiple unspecified vulnerabilities\n\nThe 


platforms. For your information, the observed version of Movable Type is : \n %L 

\n\nVersions of Movable Type earlier than 4.361, 5.0x earlier than 5.051, or 5.1x earlier 

than 5.11, are reportedly affected by multiple unspecified vulnerabilities. 

Solution: Upgrade to Movable Type 4.361, 5.051, 5.11, or later. 


Hulu Start Video Session Detection 


Description: The remote Hulu client just started watching: %L 

realtimeonly 






Description: The remote RDP server was just logged into 

realtimeonly 



LinkedIn Status Update Detection 




Description: The remote client updated their LinkedIn status with: %L 

realtimeonly 




Symantec Enterprise AV Server detection 


Description: The remote host is an Symantec Enterprise AV Server 

Solution: N/A 


LinkedIn Profile Update Detection 


Description: The remote client edited their LinkedIn profile 

realtimeonly 




LinkedIn Message Inbox Access Detection 


Description: The remote client accessed their LinkedIn message inbox 

realtimeonly 




LinkedIn Message Creation Detection 




Description: The remote client accessed their LinkedIn mail and created a new message to : %L 

realtimeonly 




LinkedIn User Name Detection 


Description: The remote client is using LinkedIn. The name used within LinkedIn is: %L 

realtimeonly 




Xbox Live Login Detection 


Description: The remote host is running Xbox Live and just logged into the network. 

realtimeonly 

Solution: Ensure that such systems are authorized with respect to corporate policies. 


XM Radio Usage Detection 


Description: The remote client was observed logging into their XM radio account. The user account was 

logged as:\n %L 

Solution: N/A 

realtimeonly 


Hotmail UserID Detection 




Description: Hotmail UserID is: %P 

Solution: N/A 

realtimeonly 







vulnerabilities : \n\n - Multiple memory safety issues can lead to application crashes and 

possibly remote code execution. (CVE-2011-2374, CVE-2011-2376, CVE-2011-2364, 

CVE-2011-2365, CVE-2011-2605)\n\n - A use-after-free issue when viewing XUL 

documents with scripts disabled could lead to code execution. (CVE-2011-2373)\n\n - A 

memory corruption issue due to multipart/x-mixed-replace images could lead to memory 

corruption. (CVE-2011-2377)\n\n - When a JavaScript Array object has its length set to an 

extremely large value, the iteration of array elements that occurs when its reduceRight 

method is called could result in code execution due to an invalid index value being used. 

(CVE-211-2371)\n\n - Multiple dangling pointer vulnerabilities could lead to code 

execution. (CVE-2011-0083, CVE-2011-2363, CVE-2011-0085)\n\n - An error in the way 

cookies are handled could lead to information disclosure. (CVE-2011-2362) 


CVE-2011-2605 


Mozilla Firefox > 4.0 and < 5.0 Multiple Vulnerabilities 



attack vectors.\n\nThe remote host has a web browser installed that is vulnerable to 

multiple attack vectors.\n\nFor your information, the observed version of Firefox is : \n %L 

\n\nVersions of Firefox greater than 4.0 and earlier than 5.0 are potentially affected by 

multiple vulnerabilities : \n\n - Multiple memory safety issues can lead to application 

crashes and possibly remote code execution. (CVE-2011-2374, CVE-2011-2375, 

CVE-2011-2605)\n\n - A use-after-free issue when viewing XUL documents with scripts 

disabled could lead to code execution. (CVE-2011-2373)\n\n - A memory corruption issue 

due to multipart/x-mixed-replace images could lead to memory corruption. 

(CVE-2011-2377)\n\n - When a JavaScript Array object has its length set to an extremely 

large value, the iteration of array elements that occurs when its reduceRight method is 

called could result in code execution due to an invalid index value being used. 

(CVE-2011-2371)\n\n - It is possible for an image from a different domain to be loaded 

into a WebGL texture which could be used to steal image data from a different site. 

(CVE-2011-2366)\n\n - An out-of-bounds read issue and an invalid write issue could cause 


the application to crash. (CVE-2011-2367, CVE-2011-2368)\n\n - HTML-encoded entities 

are improperly decoded when displayed inside SVG elements which could lead to 

cross-site scripting attacks. (CVE-2011-2369)\n\n - It is possible for a non-whitelisted site 

to trigger an install dialog for add-ons and themes. (CVE-2011-2370) 

Solution: Upgrade to Firefox 5.0 or later. 

CVE-2011-2605 






multiple vulnerabilities :\n\n - Multiple memory safety issues can lead to application 

crashes and possibly remote code execution. (CVE-2011-2374, CVE-2011-2376, 

CVE-2011-2364, CVE-2011-2365, CVE-2011-2605)\n\n - A use-after-free issue when 

viewing XUL documents with scripts disabled could lead to code execution. 

(CVE-2011-2373)\n\n - A memory corruption issue due to multipart/x-mixed-replace 

images could lead to memory corruption. (CVE-2011-2377)\n\n - When a JavaScript Array 

object has its length set to an extremely large value, the iteration of array elements that 

occurs when its reduceRight method is called could result in code execution due to an 

invalid index value being used. (CVE-2011-2371)\n\n - Multiple dangling pointer 

vulnerabilities could lead to code execution. (CVE-2011-0083, CVE-2011-2363, 

CVE-2011-0085)\n\n - An error in the way cookies are handled could lead to information 

disclosure. (CVE-2011-2362) 


CVE-2011-2605 

Flash Player < 10.3.181.26 Code Execution Vulnerability (APSB11-18) 





Player earlier than 10.3.181.26 are potentially affected by a memory corruption 

vulnerability that could allow an attacker to execute arbitrary code subject to the privileges 

of the user running the affected application. This issue is reportedly being exploited in the 

wild in targeted attacks as of June 2011. 


CVE-2011-2110 








10.6.8 contains a security fix for the following products :\n\n - App Store\n\n - ATS\n\n - 

Certificate Trust Policy\n\n - CoreFoundation\n\n - CoreGraphics\n\n - FTP Server\n\n - 

ImageIO\n\n - International Components for Unicode\n\n - Kernel\n\n - Libsystem\n\n - 

libxslt\n\n - MobileMe\n\n - MySQL\n\n - OpenSSL\n\n - patch\n\n - QuickLook\n\n - 

QuickTime\n\n - Samba\n\n - servermgrd\n\n - subversion\nIAVA Reference : 



CVE-2011-1132 

Asterisk Multiple Channel Drivers Denial of Service (AST-2011-008/AST-2011-009/AST-2011-010) 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote VoIP server is vulnerable to multiple denial of service 

attacks.\n\nFor your information, the observed version of Asterisk is : \n %L 

\n\nThe version of Asterisk running on the remote host is potentially affected by 

multiple denial of service vulnerabilities : \n\n - If a remote user sends a SIP 

packet with a null, Asterisk reads data past the null even though the buffer is 

actually truncated when copied, which could lead to an application crash. 

(AST-2011-008)\n\n - A remote user sending a SIP packet containing a Contact 

header with a missing left angle bracket causes Asterisk to access a null pointer 

which could cause the application to crash. (AST-2011-009)\n\n - A memory 

address can be inadvertently transmitted over the network via IAX2 via an 

option control frame which would cause the remote party to try to access it. 

(AST-2011-010) 

Solution: Upgrade to Asterisk 1.4.41.1, 1.6.2.18.1, 1.8.4.3, Asterisk Business C.3.7.3, or later. 

CVE-2011-2535 







multiple vulnerabilities :\n\n - An out-of-bounds read in NPAPI string handling exists. 

(Issue 77493)\n\n - A user-after-free issue exists in SVG font handling. (Issue 84355)\n\n - 

A memory corruption issue exists in CSS parsing. (Issue 85003)\n\n - Multiple lifetime and 

re-entrancy issues exist in the HTML parser. (Issue 85102)\n\n - A bad bounds check exists 

in v8. (Issue 85177)\n\n - A use-after-free issue exists with the SVG use element. (Issue 

85211)\n\n - A use-after-free issue exists in text selection. (Issue 85418) 



CVE-2011-2351 



RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host has a web browser installed that is affected by a memory 


information, the observed version of Opera is : \n %L \n\nVersions of Opera earlier than 

11.50 are potentially affected by multiple vulnerabilities : \n\n - An error in the handling of 

data URIs that allows cross-site scripting in some unspecified cases. (Issue 995)\n\n - An 

error exists in the browser's handling of error pages. Opera generates error pages in 

response to an invalid URL. If enough invalid URLs are attempted, the host's disk space is 

eventually filled, the browser crashes and the error files are left behind. (Issue 996)\n\n - 

An additional, moderately severe and unspecified error exists. Details regarding this error 

are to be released in the future. (CVE-2011-2610)\n\n - Several unspecified errors exist that 

can cause application crashes. Affected items or functionality are : printing, unspecified 

web content, JavaScript, Array.prototype.join method, drawing paths with many characters, 

selecting text nodes, iframes, closed or removed pop-up windows, moving audio or video 

elements between windows, canvas elements, SVG items, CSS files, form layouts, web 

workers, SVG BiDi, large tables and print preview, select elements with many items, and 

the src attribute of the iframe element. (CVE-2011-2611, CVE-2011-2612, 



CVE-2011-2623, CVE-2011-2624, CVE-2011-2625, CVE-2011-2626, CVE-2011-2627) 


CVE-2011-2627 

FTP Server Session Initiated 


Description: An FTP server is running on this port. The following user just logged into it: %P 

Solution: N/A 

realtimeonly 


FTP Client Session Initiated 




Description: The following user just logged into an FTP server: %L 

Solution: N/A 

realtimeonly 


MetaSploit Exploited Machine Detection 


Description: The remote host has been compromised by a MetaSploit server. The machine was just 

observed downloading the staging executable from the server at %L 

realtimeonly 

Solution: Ensure that this application is authorized for your network 


MetaSploit Exploited Machine Detection 


Description: The remote host has been compromised by a MetaSploit server. The machine was just 

observed connecting to the server to register itself as a connection. The server is at %L 

realtimeonly 





Description: The remote host is a MetaSploit server and has just exploited a machine and is currently 

controlling it via the reverse HTTP meterpreter. The meterpreter is listing on %P 

realtimeonly 


SSL Client Detection 





Description: The remote host is an SSL/TLS client 

Solution: N/A 


Port 80 Non-HTTP Traffic Detection 


Description: The remote host is running non-HTTP traffic over port 80 

realtimeonly 


TeamViewer Detection 



Description: The remote host is running TeamViewer, an application for managing machines remotely. 

TeamViewer relies on the host computer (usually behind a firewall) initiating an outbound 

connection on port 443. Given this, TeamViewer can subvert firewall rules by allowing 

direct access to an internal machine from untrusted networks. 





Description: The remote host is running a Yahoo Instant Messenger client. 



ISC BIND Response Policy Zones (RPZ) DNAME / CNAME Parsing Remote DoS 



RISK: 

MEDIUM 




version of Bind is : \n %L \n\nVersions of BIND 9.8 earlier than 9.8.0-P3 are potentially 

affected by a denial of service vulnerability. If an attacker sends a specially crafted request 

to a BIND server that has recursion enabled and Response Policy Zones (RPZ) configured, 


it may cause the name server process to crash. 

Solution: Upgrade to BIND 9.8.0-P3 or later. 

CVE-2011-2465 

ISC BIND 9 Unspecified Packet Processing Remote DoS 


RISK: 

MEDIUM 




version of Bind is : \n %L \n\nVersions of BIND 9.6 earlier than 9.6-ESV-R4-P3, 9.7 

earlier than 9.7.3-P3, and 9.8 earlier than 9.8.0-P4 are potentially affected by a denial of 

service vulnerability. If an attacker sends a specially crafted request to a BIND server it 

may cause the name server process to crash. 

Solution: Upgrade to BIND 9.6-ESV-R4-P3, 9.7.3-P3, 9.8.0-P4, or later. 

CVE-2011-2464 

HP Intelligent Management Center User Access Manager < 5.0 E0101P03 Code Execution 

Vulnerability 


Description: Synopsis : \n\nThe remote host has an application installed that is vulnerable to a code 

execution attack.\n\nFor your information, the version of HP Intelligent Management 

Center installed on the remote host is : \n %L \n\nVersions of HP Intelligent Management 

Center User Access Manager earlier than 5.0 E0101P03 are potentially affected by a code 

execution vulnerability in the 'iNOdeMngChecker.exe' component which listens by default 

on TCP port 9090 because the application fails to validate user supplied data when 

handling a '0x0A0BF007' packet type. A remote unauthenticated attacker, exploiting this 

flaw, could potentially execute arbitrary code on the remote host subject to the privileges of 

the user running the affected application. 

Solution: Upgrade to HP Intelligent Management Center User Access Manager 5.0 E0101P03 or 

later. 

CVE-2011-1867 


HP Intelligent Management Center Endpoint Admission Defense < 5.0 E0101P03 Code Execution 

Vulnerability 


Description: Synopsis : \n\nThe remote host has an application installed that is vulnerable to a code 

execution attack.\n\nFor your information, the version of HP Intelligent Management 

Center installed on the remote host is : \n %L \n\nVersions of HP Intelligent Management 

Center Endpoint Admission Defense earlier than 5.0 E0101P03 are potentially affected by a 


code execution vulnerability in the 'iNOdeMngChecker.exe' component which listens by 

default on TCP port 9090 because the application fails to validate user supplied data when 

handling a '0x0A0BF007' packet type. A remote unauthenticated attacker, exploiting this 

flaw, could potentially execute arbitrary code on the remote host subject to the privileges of 

the user running the affected application. 

Solution: Upgrade to HP Intelligent Management Center Endpoint Admission Defense 5.0 E0101P03 

or later. 

CVE-2011-1867 

phpMyAdmin 3.3.x < 3.3.10.2 / 3.4.x < 3.4.3.1 Multiple Vulnerabilities 


RISK: 

MEDIUM 




\n %L \n\nVersions of phpMyAdmin 3.3.x earlier than 3.3.10.2 and 3.4.x earlier than 

3.4.3.1 are potentially affected by multiple vulnerabilities : \n\n - It is possible to 

manipulate the PHP session superglobal usig some of the Swekey authentication code. 

(PMASA-2011-5)\n\n - An unsanitized key from the Servers array is written in a comment 

of the generated config, which could allow an attacker to close the comment and inject 

code. (PMASA-2011-6)\n\n - It is possible to use a null byte to truncate the pattern string 

which would allow an attacker to inject the /e modifier causing the pre_replace function to 

execute its second argument as PHP code. (PMASA-2011-7)\n\n - An issue exists in the 

MIME-type transformation code, which allows for directory traversal. (PMASA-2011-8) 


CVE-2011-2508 

Apple iPhone/iPad iOS < 4.3.4 and iOS 4.2.5 through 4.2.9 Multiple Vulnerabilities 




of iOS is %L.\n\nVersions of iOS 4.2.5 through 4.2.9 and 3.0 through 4.3.4 are potentially 

affected by multiple vulnerabilities. iOS 4.2.9 and 4.3.4 contain security fixes for the 

following products :\n\n - CoreGraphics\n\n - IOMobileFrameBuffer 

Solution: Upgrade to iOS 4.2.9, 4.3.4, or later. 

CVE-2011-0227 


VLC Media Player > 0.5.0 and < 1.1.11 Multiple Code Execution Vulnerabilities 




vectors\n\nThe remote host contains VLC player, a multi-media application. For your 


earlier than 1.1.11 are potentially affected by multiple vulnerabilities : \n\n - A buffer 

overflow vulnerability exists in the Read Media file parser. (SA-1105)\n\n - A heap 

overflow vulnerability exists in the AVI file parser. (SA-1106) 


CVE-2011-2588 



Description: Synopsis : \n\nThe remote host has a web browser that is vulnerable to multiple attack 


observed version of Opera is : \n %L .\n\nVersions of Opera earlier than 11.10 are 

potentially affected by multiple vulnerabilities : - An unspecified vulnerability allows 

remote attackers to hijack searches and customizations using unspecified third-party 

applications. (CVE-2011-2634)\n\n - Several errors exist that can cause application crashes. 

Affected items or functionalities are the handling of the CSS pseudo-class ': hover' if used 

with transforms on a floated element, unspecified web content, and the handling of an 

embedded Java applet with empty parameters. (CVE-2011-2635, CVE-2011-2636, 

CVE-2011-2637, CVE-2011-2638, CVE-2011-2640)\n\n - An error in the handling of 

hidden animated GIF images can cause a denial of service through CPU consumption as 

image repaints are triggered. (CVE-2011-2639) 


CVE-2011-2640 

Symantec Web Gateway Detection 


Description: Synopsis :\n\nThe remote host is a web security appliance.\n\nThe remote host is running 

Symantec Web Gateway, a web security gateway appliance. 

Solution: N/A 



Symantec Web Gateway login.php Blind SQL Injection (SYM11-001) 


Description: Synopsis : \n\nThe web security application running on the remote host has a SQL injection 

vulnerability.\n\nFor your information, the observed version of Symantec Web Gateway 

installed on the remote host is : \n %L \n\nVersions of Symantec Web Gateway 4.5 earlier 

than 4.5.0.376 are potentially affected by a SQL injection vulnerability. Input to the 


'USERNAME' parameter of the 'login.php' script is not properly sanitized. A remote, 

unauthenticated attacker could exploit this to execute arbitrary SQL queries. 

Solution: Upgrade to Symantec Web Gateway version 4.5.0.376 or later. 

CVE-2010-0115 

Symantec Web Gateway forget.php Blind SQL Injection (SYM11-008) 


Description: Synopsis : \n\nThe web security application running on the remote host has a SQL injection 

vulnerability.\n\nFor your information, the observed version of Symantec Web Gateway 

installed on the remote host : \n %L \n\nVersions of Symantec Web Gateway 4.5.x are 

potentially affected by a SQL injection vulnerability. Input to the 'username' parameter of 

the 'forget.php' script is not properly sanitized. A remote, unauthenticated attacker could 

exploit this to execute arbitrary SQL queries. 

Solution: Upgrade to Symantec Web Gateway version 5.0.1 or later. 

CVE-2011-0549 





of Safari is %L.\n\nVersions of Safari earlier than 5.1 are potentially affected by several 

issues in the following component :\n\n - CFNetwork\n\n - ColorSync\n\n - 

CoreFoundation\n\n - CoreGraphics\n\n - International Components for Unicode\n\n - 

ImageIO\n\n - libxslt\n\n - libxml\n\n - Safari\n\n - WebKit 


CVE-2011-1797 

Apple iOS < 4.2.10 / 4.3.5 Data Security Certificate Verification Vulnerability 


RISK: 

MEDIUM 



remote host is an iPhone, iPod Touch, or iPad running iOS. For your information, the 

observed version of iOS is : \n %L \n\nVersions of iOS 3.0 through 4.3.4 for iPhone, 3.1 

through 4.3.4 for the iPod touch, and 3.2 through 4.3.4 for the iPad are potentially affected 

by a security bypass vulnerability due to a certificate chain validation issue in the handling 

of X.509 certificates. 

Solution: Upgrade to iOS 4.2.10, 4.3.5, or later. 



CVE-2011-0228 

ClamAV < 0.97.2 'cli_hm_scan' Denial of Service 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is running an anti-virus application that is vulnerable to a 

denial of service attack.\n\nThe reported version of ClamAV on the remote host is : \n %L 

\n\nVersions of ClamAV earlier than 0.97.2 are potentially affected by a denial of service 

vulnerability. An off-by-one error exists in the 'cli_hm_scan' function in the file 

'libclamav/matcher-hash.c' that can be exploited by a specially crafted message causing the 

clamd daemon to crash. 



phpMyAdmin 3.3.x < 3.3.10.3 / 3.4.x < 3.4.3.2 Multiple Vulnerabilities 


RISK: 

MEDIUM 




\n %L \n\nVersions of phpMyAdmin 3.3.x earlier than 3.3.10.3 and 3.4.x earlier than 

3.4.3.2 are potentially affected by multiple vulnerabilities : \n\n - A cross-site scripting 

vulnerability exists in the table Print view. (PMASA-2011-9)\n\n - A local file inclusion 

vulnerability can be exploited via a specially crafted MIME-type transformation parameter. 

(PMASA-2011-10)\n\n - In the 'relational schema' code a parameter is not sanitized before 

being used to concatenate a class name which could lead to a local file inclusion or code 

execution. (PMASA-2011-11)\n\n - It is possible to manipulate the PHP superglobals 

(including SESSION) using some of the Swekey authentication code. (PMASA-2011-12) 


CVE-2011-2643 




RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server is affected by multiple vulnerabilities.\n\nFor your 


\n\nVersions of Tomcat 7.0.x earlier than 7.0.19 are potentially affected by multiple 

vulnerabilities : \n\n - An issue exists in the error handling related to the 

MemoryUserDatabase that allows user passwords to be disclosed through log files. 

(CVE-2011-2204)\n\n - An input validation issue exists that allows a local attacker to either 

bypass security or carry out denial of service attacks when the APR or NIO connectors are 


enabled. (CVE-2011-2526) 


CVE-2011-2526 

Android OS 2.3.4 / 3.1 Sandbox Bypass Vulnerability 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host is affected by a sandbox bypass vulnerability.\n\nFor your 

information, the observed version of Android OS installed on the remote device is : \n %L 

\n\nAndroid OS 2.3.4 and 3.1 are affected by a cross-application scripting vulnerability that 

could be exploited to bypass the sandbox. 

Solution: Upgrade to Android 2.3.5, 3.2, or later. 

CVE-2011-2357 







multiple vulnerabilities :\n\n - It is possible to install an extension without a confirmation 

dialog. (Issue 75821)\n\n - A stale pointer exists due to bad line box tracking in rendering. 

(Issue 78841)\n\n - It is possible to bypass the dangerous file prompt. (Issue 79266)\n\n - 

An unspecified issue exists relating to the designation of strings in the basic auth dialog. 

(Issue 79426)\n\n - A file permissions error exists with drag and drop. Note that this issue 

only affects Chrome on Linux. (Issue 81307)\n\n - Developer mode NPAPI extension 

installs are not always confirmed via browser dialog boxes. (Issue 83273)\n\n - It is 

possible for the local file path to be disclosed via a GL program log. (CVE-2011-2784)\n\n 

- The homepage URL in extensions is not properly sanitized. (Issue 84402)\n\n - The 

speech-input bubble is not always displayed on-screen. (Issue 84600)\n\n - It is possible to 

crash the browser due to a GPU lock re-entrancy issue. (Issue 84805)\n\n - A buffer 

overflow issue exists in inspector serialization. (Issue 85559)\n\n - A use-after-free issue 

exists in the Pepper plug-in installation. (Issue 85808)\n\n - A use-after-free issue exists 

with floating styles. (Issue 86502)\n\n - An out-of-bounds write exists in ICU. (Issue 

86900)\n\n - A use-after-free issue exists with float removal. (Issue 87148)\n\n - A 

use-after-free issue exists in media selectors. (Issue 87227)\n\n - An out-of-bounds read 

exists in text iteration. (Issue 87298)\n\n - A leak exists relating to cross-frame functions. 

(Issue 87339)\n\n - A use-after-free issue exists in Skia. (Issue 87548)\n\n - A use-after-free 

issue exists in resource caching. (Issue 87729)\n\n - Several unspecified internal schemes 

are web accessible. (Issue 87815)\n\n - A use-after-free issue exists in HTML range 

handling. (Issue 87925)\n\n - It is possible for a client side redirect target to be leaked. 

(Issue 88337)\n\n - It is possible for v8 to crash with const lookups. (Issue 88591)\n\n - A 

use-after-free issue exists in the frame loader. (Issue 88846)\n\n - A use-after-free issue 


exists in display box rendering. (Issue 88889)\n\n - A PDF crash exists with nested 

functions. (Issue 89142)\n\n - A cross-origin script injection issue exists. (Issue 89520)\n\n 

- A cross-origin violation exists in base URI handling. (Issue 90222) 


CVE-2011-2819 

Apple FaceTime Detection 


Description: The remote mobile device is running FaceTime, a video calling application from Apple. 

Solution: N/A 







of QuickTime earlier than 7.7 are potentially affected by multiple vulnerabilities :\n\n - A 

buffer overflow in QuickTime's handling of pict files may lead to an application crash or 

arbitrary code execution. (CVE-2011-0245)\n\n - A buffer overflow in QuickTime's 

handling of JPEG2000 files may lead to an application crash or arbitrary code execution. 

(CVE-2011-0186)\n\n - A cross-origin issue in QuickTime plug-in's handling of cross-site 

redirects may lead to disclosure of video data from another site. (CVE-2011-0187)\n\n - An 

integer overflow in QuickTime's handling of RIFF WAV files may lead to an application 

crash or arbitrary code execution. (CVE-2011-0209)\n\n - A memory corruption issue in 

QuickTime's handling of sample tables in QuickTime movie files may lead to an 

application crash or arbitrary code execution. (CVE-2011-0210)\n\n - An integer overflow 

in QuickTime's handling of audio channels in movie files may lead to an application crash 

or arbitrary code execution. (CVE-2011-0211)\n\n - A buffer overflow in QuickTime's 

handling of JPEG files may lead to an application crash or arbitrary code execution. 

(CVE-2011-0213)\n\n - A heap buffer overflow in QuickTime's handling of GIF files may 

lead to an application crash or arbitrary code execution. (CVE-2011-0246)\n\n - Multiple 

stack buffer overflows in QuickTime's handling of H.264 encoded movie files may lead to 

an application crash or arbitrary code execution. (CVE-2011-0247)\n\n - A stack buffer 

overflow in QuickTime ActiveX's handling of QTL files may lead to an application crash 

or arbitrary code execution. (CVE-2011-0248)\n\n - A heap buffer overflow in 

QuickTime's handling of STSC atoms in QuickTime movie files may lead to an application 

crash or arbitrary code execution. (CVE-2011-0249)\n\n - A heap buffer overflow in 

QuickTime's handling of STSS atoms in QuickTime movie files may lead to an application 


QuickTime's handling of STSZ atoms in QuickTime movie files may lead to an application 


QuickTime's handling of STTS atoms in QuickTime movie files may lead to an application 


crash or arbitrary code execution. (CVE-2011-0252) 

Solution: Upgrade to QuickTime 7.7 or later. 

CVE-2011-0252 





the observed version of Adobe Flash Player is : \n %L .\n\nVersions of Flash Player earlier 

than 10.3.183.5 are potentially affected by multiple vulnerabilities : \n\n - Multiple buffer 

overflow vulnerabilities could lead to code execution. (CVE-2011-2130, CVE-2011-2134, 

CVE-2011-2137, CVE-2011-2414, CVE-2011-2415)\n\n - Multiple memory corruption 

vulnerabilities could lead to code execution. (CVE-2011-2135, CVE-2011-2140, 

CVE-2011-2417, CVE-2011-2425)\n\n - Multiple integer overflow vulnerabilities could 

lead to code execution. (CVE-2011-2136, CVE-2011-2138, CVE-2011-2416)\n\n - A 

cross-site information disclosure vulnerability exists that could lead to code execution. 

(CVE-2011-2139) 


CVE-2011-2425 




host is running Adobe Flash Media server. For your information, the observed version of 

Adobe Flash Media Sever is : \n %L \n\nVersions of Adobe Flash Media Server earlier than 

3.5.7 or 4.0.3 are potentially affected by a memory corruption issue that could lead to a 

denial of service.\nIAVA Reference : 2011-A-0109\nSTIG Finding Severity : Category I 


CVE-2011-2132 


Adobe Flash Media Server Unsupported Version Detection 


Description: Synopsis : \n\nThe remote host contains an unsupported version of Adobe Flash Media 

Server.\n\nThe remote host is running Adobe Flash Media server. For your information, the 

observed version of Adobe Flash Media Sever is : \n %L \n\nThe version of Adobe Flash 

Media Server installed on the remote host is no longer supported. As a result, it is likely to 

contain security vulnerabilities. 


Solution: Upgrade to a version of Flash Media Server that is currently supported. 


Oracle Database Unsupported Version Detection 


Description: Synopsis : \n\nThe remote host is running an unsupported version of a database 

server.\n\nThe remote host is running Oracle Database. For your information, the version of 

Oracle Database installed on the remote host is : \n %L \n\nThe version of Oracle Database 

installed on the remote host is no longer supported. As a result, it is likely to contain 

security vulnerabilities. 

Solution: Upgrade to a version of Oracle Database that is currently supported. 

DNS Client Detection 



Description: DNS TCP Client 

Solution: N/A 

DNS Client Detection 

realtimeonly 



Description: DNS UDP client 

Solution: N/A 

realtimeonly 


Apache Tomcat 7.0.x < 7.0.20 'jsvc' Information Disclosure 



RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server is affected by an information disclosure 



affected by an information disclosure vulnerability. A component that Apache Tomcat 


elies on called 'jsvc' contains an error in that it does not drop capabilities after starting and 

can allow access to sensitive files owned by the super user. Note that this vulnerability only 

affects Linux operating systems and only when the following are true : \n\n - jsvc is 

compiled with libpcap.\n\n - The '-user' parameter is used 


CVE-2011-2729 

Mozilla Firefox 5.0 Multiple Vulnerabilities 





\n\nVersions of Firefox 5 are potentially affected by the following security issues : \n\n - A 

dangling pointer vulnerability exists in an SVG text manipulation routine. 

(CVE-2011-0084)\n\n - Several memory safety bugs exist in the browser engine that may 

permit remote code execution. (CVE-2011-2985, CVE-2011-2989, CVE-2011-2991, 

CVE-2011-2992)\n\n - A cross-origin data theft vulnerability exists when using CANVAS 

and Windows D2D hardware acceleration. (CVE-2011-2986)\n\n - A heap overflow 

vulnerability exists in WebGL's ANGLE library. (CVE-2011-2987)\n\n - A buffer overflow 

vulnerability exists in WebGL when using an overly long shader program. 

(CVE-2011-2988)\n\n - Two errors exist related to Content Security Policy that can lead to 

information disclosure. (CVE-2011-2990)\n\n - An unspecified error exists that can allow 

unsigned JavaScript to call into a signed JAR and inherit the signed JAR's permissions and 

identity. (CVE-2011-2993) 


CVE-2011-2993 


Mozilla Firefox 3.6 < 3.6.20 Multiple Vulnerabilities 





\n\nVersions of Firefox 3.6 earlier than 3.6.20 are potentially affected by the following 

security issues : \n\n - A dangling pointer vulnerability exists in an SVG text manipulation 

routine. (CVE-2011-0084)\n\n. -A DOM accounting error exists in the 'appendChild' 

JavaScript function that can allow an invalid pointer to be dereferenced. 

(CVE-2011-2378)\n\n - An error exists in 'ThinkPadSensor: : Startup' that can allow 

malicious DLLs to be loaded. (CVE-2011-2980)\n\n - An error exists in the event 

management code that can allow JavaScript to execute in the context of a different website 

and possibly in the chrome-privileged context. (CVE-2011-2981)\n\n - Various unspecified 

memory safety issues exist. (CVE-2011-2982)\n\n - A cross-domain information disclosure 

vulnerability exists if the configuration option 'RegExp.input' is set. (CVE-2011-2983)\n\n - 


A privilege escalation vulnerability exists if web content is registered to handle 'drop' 

events and a browser tab is dropped in that element's area. This can allow the web content 

to execute with browser chrome privileges. (CVE-2011-2984) 


CVE-2011-2984 

Mozilla Thunderbird 5 Multiple Vulnerabilities 




:%L.\n\nVersions of Thunderbird 5.x are potentially affected by multiple vulnerabilities 

:\n\n - Several memory safety bugs exist in the browser engine that may permit remote code 

execution. (CVE-2011-2985, CVE-2011-2989, CVE-2011-2991, CVE-2011-2992)\n\n - A 

dangling pointer vulnerability exists in an SVG text manipulation routine. 

(CVE-2011-0084)\n\n - A buffer overflow vulnerability exists in WebGL when using an 

overly long shader program. (CVE-2011-2988)\n\n - A heap overflow vulnerability exists 

in WebGL's ANGLE library. (CVE-2011-2987)\n\n - A cross-origin data theft vulnerability 

exists when using canvas and Windows D2D hardware acceleration. (CVE-2011-2986) 

Solution: Upgrade to Thunderbird 6.0 or later. 

CVE-2011-2992 

Mozilla Thunderbird 3.1 < 3.1.12 Multiple Vulnerabilities 




:%L.\n\nVersions of Thunderbird 3.1 earlier than 3.1.12 are potentially affected by multiple 

vulnerabilities :\n\n - Several memory safety bugs exist in the browser engine that may 

permit remote code execution. (CVE-2011-2982)\n\n - A dangling pointer vulnerability 

exists in an SVG text manipulation routine. (CVE-2011-0084)\n\n - A dangling pointer 

vulnerability exists in appendChild, which did not correctly account for DOM objects it 

operated upon. (CVE-2011-2378)\n\n - A privilege escalation vulnerability in the event 

management code could permit JavaScript to be run in the wrong context. 

(CVE-2011-2981)\n\n - A privilege escalation vulnerability exists if a web page registered 

for drop events and a browser tab element was dropped into the content area. 

(CVE-2011-2984)\n\n - A binary planing vulnerability in ThinkPadSensor::Startup could 

permit loading a malicious DLL into the running process. (CVE-2011-2980)\n\n - A data 

leakage vulnerability triggered when RegExp.input was set could allow data from other 

domains to be read. (CVE-2011-2983)< 


CVE-2011-2984 



Mozilla SeaMonkey 2.x < 2.3.0 Multiple Vulnerabilities 





vulnerabilities : \n\n - An error in SVG text manipulation code createes a dangling pointer 

vulnerability. (CVE-2011-0084)\n\n - Multiple unspecified memory safety issues exist. 

(CVE-2011-2985)\n\n - An errir in the D2D hardware acceleration code can allow image 

data from one domain to be read by another domain. (CVE-2011-2986)\n\n - An error in 

the ANGLE library used by the WebGL implementation can allow heap overflows, 

possibly leading to code execution. (CVE-2011-2987)\n\n - An error in the shader program 

handling code can allow a large shader program to overflow a buffer and crash. 

(CVE-2011-2988)\n\n - An unspecified error exists related to WebGL. 

(CVE-2011-2989)\n\n - Two errors exist related to Content Security Policy and can lead to 

information disclosure. (CVE-2011-2990)\n\n - An unspecified error exists that can allow 

JavaScript crashes. (CVE-2011-2991)\n\n - An unspecified error exists that can allow the 

Ogg reader to crash. (CVE-2011-2992)\n\n - An unspecified error exists that can allow 

unsigned JavaScript to call into a signed JAR and inherit the signed JAR's permissions and 

identity. (CVE-2011-2993) 


DHCP Client Detection 

CVE-2011-2993 


Description: A DHCP client is running on this host. 

Solution: N/A 

realtimeonly 

mDNS Client Queries 



Description: The remote client has issued a name query for the following resource name. 

Solution: N/A 

realtimeonly 


PHP 5.3 < 5.3.7 Multiple Vulnerabilities 




Description: Synopsis \n\nThe remote web server uses a version of PHP that is affected by multiple 

vulnerabilities.\n\nFor your information, the version of PHP installed on the remote host is : 

\n %L \n\nVersions of PHP 5.3 earlier than 5.3.7 are potentially affected by multiple 

vulnerabilities : \n\n - A stack buffer overflow exists in socket_connect(). 

(CVE-2011-1938)\n\n - A use-after-free vulnerability exists in substr_replace(). 

(CVE-2011-1148)\n\n - A code execution vulnerability exists in ZipArchive: : addGlob(). 

(CVE-2011-1657)\n\n - crypt_blowfish was updated to 1.2. (CVE-2011-2483)\n\n - 

Multiple null pointer dereferences exist.\n\n - An unspecified crash exists in 

error_log().\n\n - A buffer overflow vulnerability exists in crypt(). 


CVE-2011-3268 





\n%L\n\nVersions of Google Chrome earlier than 13.0.782.215 are potentially affected by 

multiple vulnerabilities :\n\n - An unspecified error related to command line URL parsing. 

(Issue #72892)\n - Use-after-free errors related to line box handling, counter nodes, custom 

fonts, and text searching. (Issue #82552, #88216, #88670, #90668)\n - A double-free error 

related to libxml XPath handling. (Issue #89402)\n - An error related to empty origins 

exists that can allow cross-domain violation. (Issue #87453)\n - A memory corruption error 

exists related to vertex handling. (Issue #89836)\n - An out-of-bounds write error exists in 

the v8 JavaScript engine. (Issue #91517)\n - An integer overrun error exists in the handling 

of uniform arrays. (Issue #91598)\n - An unspecified issue exists in memset() in PDF. 


CVE-2011-2839 

PHP 5.3.7 crypt() MD5 Incorrect Return Value 


Description: Synopsis : \n\nThe remote web server uses a version of PHP that is affected by a security 

bypass vulnerability.\n\nFor your information, the version of PHP installed on the remote 

host is : \n %L \n\nPHP version 5.3.7 contains a bug in the crypt() function when 

generating salted MD5 hashes. The function only returns the salt rather than the salt and 

hash. Any authentication mechanism that uses crypt() could authorize all authentication 

attempts due to this bug. 







RISK: 

MEDIUM 





vulnerabilities : \n\n - An error handling issue exists related to the MemoryUserDatabase 

that allows user passwords to be disclosed through log files. (CVE-2011-2204)\n\n - An 

input validation error exists that allows a local attacker to either bypass security or carry out 

denial of service attacks when the APR or NIO connectors are enabled. 

(CVE-2011-2526)\n\n - A component that Apache Tomcat relies on called 'jsvc' contains an 

error in that it does not drop capabilities after starting and can allow access to sensitive files 

owned by the super user. Note this vulnerability only affects Linux operating systems and 

only when the following are true: jsvc is compiled with libpcap and the '-user' parameter is 

used. (CVE-2011-2729) 


CVE-2011-2729 



Description: Synopsis : \n\nThe remote host has a web browser installed that is affected by a memory 



11.51 are potentially affected by multiple vulnerabilities : \n\n - Unsecured web content 

could appear secure. (Issue 1000)\n\n - An unspecified issue. 


CVE-2011-3389 

Google Chrome < 13.0.782.218 Out of Date CA List 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host contains a web browser that uses an out of date certificate 

authority list.\n\nFor your information, the observed version of Google Chrome is 

\n%L\n\nVersions of Google Chrome earlier than 13.0.782.218 use an out of date 

certificate authority list. Due to the issuance of several fraudulent SSL certificates, the 

certificate authority DigiNotar has been disabled in Google Chrome. 







Description: Synopsis :\n\nThe remote web server is vulnerable to a denial of service attack.\n\nFor your 

information, the observed version of Apache HTTP server is \n%L\n\nVersions of Apache 

2.2 earlier than 2.2.20 are potentially affected by a denial of service vulnerability. Making a 

series of HTTP requests with overlapping ranges in the Range or Request-Range request 

headers can result in memory and CPU exhaustion. A remote, unauthenticated attacker 

could exploit this flaw to make the system unresponsive. 

Solution: Upgrade to Apache version 2.2.20 or later or use one of the workarounds in Apache's 

advisories for CVE-2011-3192. 

CVE-2011-3192 

OpenSSL 1.x < 1.0.0e Multiple Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server is affected by multiple vulnerabilities.\n\nFor your 

information, the observed version of OpenSSL is : \n %L \n\nVersions of OpenSSL 1.0.0 

earlier than and 1.0.0e are potentially affected by the following vulnerabilities : \n\n - An 

error exists in the internal certificate verification process that can allow improper 

acceptance of a certificate revolcation list (CRL) if the lists's 'nextUpdate' field contains a 

date in teh past. Note that this internal CRL checking is not enabled by defaut. 

(CVE-2011-3207)\n\n - An error exists in the code for the ephemeral (EC)DH ciphersuites 

that can allow a remote attacker to crash the process. (CVE-2011-3210) 

Solution: Upgrade to OpenSSL 1.0.0e or later. 

CVE-2011-3210 




vectors.\n\nFor your information, the observed version of Google Chrome is : \n %L 

\n\nVersions of Google Chrome earlier than 14.0.835.186 contain a vulnerable version of 

Adobe Flash Player that is affected by the following vulnerabilities : \n\n - An unspecified, 

critical error for which no further details are available at this time.\n\n - An unspecified 



2011-2444 







\n\nVersions of Google Chrome earlier than 14.0.835.163 are affected by multiple 

vulnerabilities : \n\n - A race condition exists related to the certificate cache. (Issue 

49377)\n\n - The Windows Media Player plugin allows click-free access to the system 

Flash. (Issue 51464)\n - PIC / pie compiler lags are not used. (Linux only)(Issue 57908)\n - 

MIME types are not treated authoritatively at plugin load time. (Issue 75070)\n - An 

unspecified error allows V8 script object wrappers to crash. (Issue 76771)\n - The included 

PDF functionality contains a garbage collection error. (Issue 78639)\n - The Mac installer 

insecurely handles lock files. (Mac only)(Issue 80680) - Out-of-bounds read issues exist 

related to media buffers, mp3 files, box handling, Khmer characters, video handling, 

Tibetan characters, and triangle arrays. (Issues 82438, 85041, 89991, 90134, 90173, 95563, 

95625)\n - An unspecified error allows data displayed in the URL to be spoofed. (Issue 

83031)\n - Use-after-free error exist related to unload event handling, the document loader, 

plugin handling, ruby table style handling, and the focus controller. (Issues 89219, 89330, 

91197, 92651, 94800, 93420, 93587)\n - The URL bar can be spoofed in an unspecified 

manner related to the forward button. (Issue 89564)\n - A NULL pointer error exists related 

to WebSockets. Issue 89795)\n An off-by-one error exists related to the V8 JavaScript 

engine. (Issue 91120)\n - A stale node error exists related to CSS stylesheet handling. 

(Issue 92959)\n - A cross-origin bypass error exists related to the V8 JavaScript engine. 

(Issue 93416)\n - A double-free error exists related to XPath handling in libxml. (Issue 

93472)\n - Incorrect permissions are assigned to non-gallery pages. (Issue 93497)\n - An 

improper string read occurs in the included PDF functionality. (Issue 93596)\n - An 

unspecified error allows unintended access to objects build in to the V8 JavaScript engine. 

(Issue 93906)\n - Self-signed certificates are not pinned properly. (Issue 95917)\n - A 

variable-type confusion issue exists in the V8 JavaScript engine related to object sealing. 

(Issue 95920) 


CVE-2011-3234 




Description: Synopsis : \n\nThe remote host contains a browser plug-in that is vulnerable to multiple 


the observed version of Adobe Flash Player is : \n %L \nVersions of Flash Player earlier 

than 10.3.183.10 are potentially affected by multiple vulnerabilities : \n - Multiple AVM 

stack overflow vulnerabilities could lead to code execution. (CVE-2011-2426, 

CVE-2011-2427)\n - A logic error issue could lead to code execution or a browser crash. 

(CVE-2011-2428)\n - A Flash Player security control bypass vulnerability could lead to 

information disclosure. (CVE-2011-2429)\n - A streaming media logic error vulnerability 

could lead to code execution. (CVE-2011-2430)\n - A universal cross-site scripting 

vulnerability could be abused to take actions on a user's behalf on any website if the user is 

tricked into visiting a malicious website. Note that this issue is reportedly being actively 

exploited in targeted attacks. (CVE-2011-2444) 



CVE-2011-2444 

phpMyAdmin 3.4.x < 3.4.5 Cross-site Scripting (PMASA-2011-14) 


Description: Synopsis : \n\nThe remote web server contains a PHP application that is affected by 

multiple cross-site scripting vulnerabilities.\n\nFor your information, the observed version 

of phpMyAdmin is : \n %L \n\nVersions of phpMyAdmin 3.4.x earlier than 3.4.5 are 

potentially affected by multiple cross-site scripting vulnerabilities : \n - The data used in the 

row content display after inline editing is not properly sanitized before it is passed back to 

the browser.\n - The data passed in as table, column, and index names is not properly 

sanitized before it is passed back to the browser.\nA remote attacker may use these issues 

to cause arbitrary code to be executed in a user's browser, to steal authentication cookies 

and the like. 

Solution: Apply the vendor patches or upgrade to phpMyAdmin 3.4.5 or later. 


Mozilla Firefox 3.6 < 3.6.23 Multiple Vulnerabilities 





\n\nVersions of Firefox 3.6 earlier than 3.6.23 are potentially affected by the following 

security issues : \n - An integer underflow exists when handling a large JavaScript 'RegExp' 

expression that can allow a potentially exploitable crash. (Issue 684815)\n - If an attacker 

could trick a user into holding down the 'Enter' key, via a malicious game for example, a 

malicious application or extension could be downloaded and executed. (CVE-2011-2372)\n 

- Unspecified error exist that can be exploited to corrupt memory. No additional 

information is available at this time. (CVE-2011-2995, CVE-2011-2996)\n - There is an 

error in the implementation of the 'window.location' JavaScript object when creating named 

frames. This can be exploited to bypass the same-origin policy and potentially conduct 

cross-site scripting attacks. (CVE-2011-2999)\n - A weakness exists when handling the 

'Location' header. This can lead to response splitting attacks when visiting a vulnerable web 

server. The same fix has been applied to the headers 'Content-Length' and 

'Content-Disposition'. (CVE-2011-3000) 


CVE-2011-3000 








\n\nVersions of Firefox 6.0 are potentially affected by the following security issues : \n\n - 

If an attacker could trick a user into holding down the 'Enter' key, via a malicious game, for 

example, a malicious application or extension could be downloaded and executed. 

(CVE-2011-2372)\n\n - Unspecified errors exist that can be exploited to corrupt memory. 

No additional information is available at this time. (CVE-2011-2995, CVE-2011-2997)\n\n 

- A weakness exists when handling the 'Location' header. This can lead to response splitting 

attacks when visiting a vulnerable web server. The same fix has been applied to the headers 

'Content-Length' and 'Content-Disposition'. (CVE-2011-3000)\n\n - An error exists within 

WebGL's ANGLE library. It does not properly check for return values from the 

'GrowAtomTable()' function. This vulnerability can be exploited to cause a buffer overflow 

by sending a series of requests. Additionally, an unspecified error exists within WebGL that 

can be exploited to corrupt memory. (CVE-2011-3002, CVE-2011-3003)\n\n - There is an 

error within the JSSubScriptLoader that incorrectly unwraps 'XPCNativeWrappers'. By 

tricking a user into installing a malicious plug-in, an attacker could exploit this issue to 

execute arbitrary code. (CVE-2011-3004)\n\n - A use-after-free error exists when parsing 

OGG headers. (CVE-2011-3005)\n\n - There is an unspecified error within the YARR 

regular expression library that can be exploited to corrupt memory. (CVE-2011-3232) 


CVE-2011-3232 





:%L.\n\nThunderbird 6.0 is potentially affected by multiple vulnerabilities :\n\n - If an 

attacker could trick a user into holding down the 'Enter' key, via a malicious game, for 

example, a malicious application or extension could be downloaded or executed. 

(CVE-2011-2372, CVE-2011-3001)\n\n - Unspecified errors exist that can be exploited to 

corrupt memory. No additional information is avialable at this time. (CVE-2011-2995, 

CVE-2011-2997)\n\n - A weakness exists when handling the 'Location' header. This can 

lead to response splitting attacks when visiting a vulnerable web server. The same fix has 

been applied to the headers 'Content-Length' and 'Content-Disposition. 

(CVE-2011-3000)\n\n - A use-after-free error exists when parsing OGG headers. 

(CVE-2011-3005)\n\n - There is an unspecified error within the YARR regular expression 

library that can be exploited to corrupt memory. (CVE-2011-3232) 


CVE-2011-3232 








vulnerabilities : \n\n - If an attacker could trick a user into holding down the 'Enter' key, via 

a malicious game, for example, a malicious application or extension could be downloaded 

and executed. (CVE-2011-2372, CVE-2011-3001)\n\n - Unspecified errors exist that can be 

exploited to corrupt memory. No additional information is available at this time. 

(CVE-2011-2995, CVE-2011-2997)\n\n - A weakness exists when handling the 'Location' 

header. This can be lead to response splitting attacks when visiting a vulnerable web server. 

The same fix has been applied to the headers 'Content-Length' and 'Content-Disposition'. 

(CVE-2011-3000)\n\n - An error exists with WebGL's ANGLE library. It does not properly 

check for return values from the 'GrowAtomTable()' function. This vulnerability can be 

exploited to cause a buffer overflow by sending a series of requests. Additionally, an 

unspecified error exists within WebGL that can be exploited to corrupt memory. 

(CVE-2011-3002, CVE-2011-3003)\n\n - There is an error within the JSSubScriptLoader 

that incorrectly unwraps 'XPCNativeWrappers'. By tricking a user into installing a 

malicious plug-in, an attacker could exploit this issue to execute arbitrary code. 

(CVE-2011-3004)\n\n - A use-after-free error exists when parsing OGG headers. 

(CVE-2011-3005)\n\n - There is an unspecified error within the YARR regular expression 

library that can be exploited to corrupt memory. (CVE-2011-3232) 


CVE-2011-3232 

Symantec IM Manager < 8.4.18 Multiple Vulnerabilities (SYM11-012) 


RISK: 

MEDIUM 



attack vectors.\n\nThe remote host is running Symantec IM Manager, an application for 

managing instant messaging traffic. For your information, the observed version of 

Symantec IM Manager is : \n %L \n\nVersions of Symantec IM Manager earlier than build 

8.4.18 are potentially affected by multiple vulnerabilities : \n\n - An unspecified cross-site 

scripting vulnerability. (CVE-2011-0552)\n\n - An unspecified SQL injection vulnerability. 

(CVE-2011-0553)\n\n - An unspecified code injection vulnerability. (CVE-2011-0554) 

Solution: Upgrade to Symantec IM Manager build 8.4.18 or later. 

CVE-2011-0554 






.\n\nVersions of Google Chrome earlier than 14.0.835.202 are affected by multiple 

vulnerabilities : \n\n - A use-after-free issue exists in text line box handling. (Issue 


93788)\n\n - A stale font issue exists in SVG text handling. (Issue 95072)\n\n - An 

inappropriate cross-origin access to the window prototype exists. (Issue 95671)\n\n - 

Lifetime and threading issues exist in audio node handling. (Issue 96150)\n\n - A 

use-after-free issue exists in the v8 bindings. (Issues 97451, 97520, 97615)\n\n - A memory 

corruption issue exists in v8 hidden objects. (Issue 97784)\n\n - A memory corruption issue 

exists in the shader translator. (Issue 98089) 


CVE-2011-3873 

'.dll' File Download Detection 


Description: The remote web client downloaded a .dll file. The file downloaded was %L 

Solution: N/A 

realtimeonly 





Solution: N/A 

realtimeonly 





Solution: N/A 

realtimeonly 







Solution: N/A 

realtimeonly 






Mac OS. For your information, the observed version of iTunes is \n%L.\n\nVersions of 

iTunes earlier than 10.5 are potentially affected by numerous issues in the following 

components :\n\n - CoreFoundation\n\n - ColorSync\n\n - CoreAudio\n\n - CoreMedia\n\n - 

ImageIO\n\n - WebKit 


CVE-2011-3252 





of Safari is : \n %L .\n\nVersions of Safari earlier than 5.1.1 are potentially affected by 

several issues in the following components : \n\n - Safari\n\n - WebKit 


CVE-2011-3243 




Description: Synopsis : \n\nThe remote host is missing a Mac OS X update that fixes a security 

issue.\n\nFor your information, the observed version of Mac OS X is : \n %L \n\nVersions 

of Mac OS X 10.7 earlier than 10.7.2 are potentially affected by a security issue. Mac OS X 

10.7.2 contains a security fix for the following products : \n\n - Apache\n\n - Application 

Firewall\n\n - ATS\n\n - BIND\n\n - Certificate Trust Policy\n\n - CFNetwork\n\n - 

CoreMedia\n\n - CoreProcesses\n\n - CoreStorage\n\n - File Systems\n\n - iChat Server\n\n 

- Kernel\n\n - libsecurity\n\n - Open Directory\n\n - PHP\n\n - python\n\n - QuickTime\n\n 

- SMB File Server\n\n - X11\nIAVA Reference : 2012-A-0020\nIAVA Reference : 




NetFlix User Detection 

CVE-2011-3437 


Description: The remote host is running a NetFlix client. NetFlix is an online service which allows users 

to stream videos to their computer or network equipment. 

realtime 



Apple iOS 3.0 through 4.3.5 Multiple Vulnerabilities 




of iOS is : \n %L \n\nVersions of iOS 3.0 through 4.3.5 are potentially affected by multiple 

vulnerabilities. iOS 5.0 contains security fixes for the following products : \n\n - 

CalDAV\n\n - Calendar\n\n - CFNetwork\n\n - CoreFoundation\n\n - CoreGraphics\n\n - 

CoreMedia\n\n - Data Access\n\n - Data Security\n\n - Home security\n\n - ImageIO\n\n - 

Kernel\n\n - Keyboards\n\n - libxml\n\n - OfficeImport\n\n - Safari\n\n - Settings\n\n - 

UIKit Alerts\n\n - WebKit\n\n - WiFi\nIAVB Reference : 2012-B-0006\nSTIG Finding 



NetFlix User Detection 

CVE-2011-3434 


Description: The remote host is running a NetFlix client. NetFlix is an online service which allows users 

to stream videos to their computer or network equipment. 

realtime 

Solution: Ensure that this application is authorized for your network. 



Asterisk Remote Crash Vulnerability in SIP Channel Driver (AST-2011-012) 

PVS ID: 6043 FAMILY: Generic NESSUS ID:56922 


RISK: 

MEDIUM 

Description: Synopsis :\n\nThe remote VoIP server is vulnerable to a denial of service attack.\n\nFor 

your information, the observed version of Asterisk is : \n %L \n\nVersions of Asterisk 1.8.x 

earlier than 1.8.7.1 are potentially affected by a denial of service attack in the SIP channel 

driver. A remote authenticated attacker can cause a crash with a malformed request due to 

an uninitialized variable. 

Solution: Upgrade to Asterisk 1.8.7.1 

CVE-2011-4063 

ClamAV < 0.97.3 Unspecified Denial of Service 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is running an anti-virus application that is vulnerable to a 

denial of service attack.\n\nThe reported version of ClamAV on the remote host is : \n %L 

\n\nVersions of ClamAV earlier than 0.97.3 are potentially affected by an unspecified 

denial of service vulnerability that can be exploited to cause the clamd daemon to crash. 


CVE-2011-3627 

Joomla! 1.5 < 1.5.24 Information Disclosure Vulnerability 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote web server has an application that is affected by an information 

disclosure vulnerability.\n\nThe remote web server is hosting Joomla!, a content 

management system written in PHP. For your information, the observed version of Joomla! 

is : \n %L .\n\nVersions of Joomla! 1.5.x earlier than 1.5.24 are potentially affected by an 

information disclosure vulnerability due to the use of weak encryption. 



Joomla! 1.7 < 1.7.2 Multiple Information Disclosure Vulnerabilities 



RISK: 

MEDIUM 







information disclosure vulnerabilities : \n\n - A weak encryption mechanism could lead to 

information disclosure.\n\n - Inadequate error checking could lead to information 

disclosure. 



Tumblr Blog Edit Detection 


Description: The remote host is running a Tumblr client. Tumblr is a network service which allows for 

sharing of blog posts, images, and videos. The PVS has just observed the client updating 

their blog. 

realtimeonly 



Tumblr Photo Upload Detection 


Description: The remote host is running a Tumblr client. Tumblr is a network service which allows for 

sharing of blog posts, images, and videos. The PVS has just observed the client uploading a 

photo. 

realtimeonly 



iHeartRadio Stream Detection 


Description: The remote host was observed accessing an iHeartRadio stream. 

realtimeonly 









.\n\nVersions of Google Chrome earlier than 15.0.874.102 are affected by multiple 

vulnerabilities : \n\n - Several URL bar spoofing errors exist related to history handling and 

drag-and-drop of URLs. (CVE-2011-28245, CVE-2011-3875)\n\n - Whitespace is stripped 

from the end of download filenames. (CVE-2011-3876)\n\n - A cross-site scripting issue 

exists related to the appcache internals page. (CVE-2011-3877)\n\n - A race condition 

exists related to working process initialization. (CVE-2011-3878)\n\n - An error exists 

related to redirection to chrome scheme URIs. (CVE-2011-3879)\n\n - Unspecified special 

characters may be used as delimiters in HTTP headers. (CVE-2011-3880)\n\n - Several 

cross-origin policy violation issues exist. (CVE-2011-3881)\n\n - Several use-after-free 

errors exist related to media buffer handling, counter handling, stale styles, plugins and 

editing, and video source handling. (CVE-2011-3882, CVE-2011-3883, CVE-2011-3885, 

CVE-2011-3888, CVE-2011-3890)\n\n - Timing issues exist related to DOM traversal. 

(CVE-2011-3884)\n\n - An out-of-bounds write error exists in the V8 JavaScript engine. 

(CVE-2011-3886)\n\n - Cookie theft is possible via JavaScript URIs. (CVE-2011-3887)\n\n 

- A heap overflow issue exists related to Web Audio. (CVE-2011-3889)\n\n - Functions 

internal to the V8 JavaScript engine are exposed. (CVE-2011-3891) 


CVE-2011-3891 

Apple iTunes Client Detection 


Description: The remote host is an iTunes client. 

Solution: N/A 

realtimeonly 







of QuickTime earlier than 7.7.1 are potentially affected by multiple vulnerabilities :\n\n - A 

buffer overflow exists in the handling of H.264 encoded movie files. (CVE-2011-3219)\n\n 

- An uninitialized memory access issue exists in the handling of URL data handlers within 

movie file. (CVE-2011-3220)\n\n - An implementation issue exists in the handling of the 

atom hierarchy within a movie files. (CVE-2011-3221)\n\n - A cross-site scripting issue 

exists int he Save for Web export. (CVE-2011-3218)\n\n - A buffer overflow exists in the 

handling of FlashPix files. (CVE-2011-3222)\n\n - A buffer overflow exists in the handling 

of FLIC files. (CVE-2011-3223)\n\n - Multiple memory corruption issues exist in the 

handling of movie files. (CVE-2011-3228)\n\n - An integer overflow issue exists in the 


handling of PICT files. (CVE-2011-3247)\n\n - A signedness issue exists in the handling of 

font tables embedded n QuickTime movie files.\n\n - A buffer overflow issue exists in the 

handling of FLC encoded movie files. (CVE-2011-3249)\n\n - An integer overflow issue 

exists in the handling of JPEG2000 encoded movie files. (CVE-2011-3250)\n\n - A 

memory corruption issue exists in the handling of TKHD atoms in QuickTime movie files. 

(CVE-2011-3251) 


CVE-2011-3251 




attack vectors.\n\nThe remote host is running the Opera web browser. For your 


11.52 are potentially affected by multiple vulnerabilities : \n\n - An error exists in the 

handling of certain font manipulations inside dynamically added or specifically embedded 

SVG images or SVG content in nested frames. This error can cause the application to crash 

and can possibly allow arbitrary code execution. (Issue 1002)\n\n - Several unspecified 

error exist that can allow stack overflows leading to browser crashes. 



Novell iPrint Client < 5.72 Code Execution Vulnerability 


Description: Synopsis :\n\nThe remote host contains an application that is affected by a code execution 

vulnerability.\n\nThe remote host has the Novell iPrint client installed. For your 

information, the observed version of Novell iPrint Client is : \n %L .\n\nVersions of Novell 

iPrint Client earlier than 5.72 are potentially affected by a buffer overflow vulnerability in 

the GetDriverSettings method of the nipplib.dll component. A remote, unauthenticated 

attacker, exploiting this flaw, could execute arbitrary code on the remote host subject to the 



GoToMyPC Detection 

CVE-2011-3173 



RISK: 

MEDIUM 



Description: The remote host is running GoToMyPC, a remote administration tool that allows access to 

a PC. This software uses a backchannel (viewed as an outgoing connection by your 

firewall) to communicate with the vendor's computers that then broker a connection back to 

the remote client accessing this computer. 

realtimeonly 

Solution: Verify that this conforms to your security policy. 




Description: Synopsis : \n\nThe remote host has a media player installed that is vulnerable to multiple 


your information, the observed version of Winamp is : \n %L \n\nVersions of Winamp 

earlier than 5.622 are potentially affected by the following overflow vulnerabilities : \n\n - 

A heap-based buffer overflow exists in the plugin in_midi.dll when processing the 

iOffsetMusic value in the Creative Music Format (CMF) header.\n\n - A heap-based buffer 

overflow exists in the plugin in_mod.dll when processing the channels value in the 

Advanced Module Format (AMF) header.\n\n - A heap-based buffer overflow exists in the 

plugin in_nsv.dll when processing the toc_alloc value in the Nullsoft Streaming Video 

(NSF) header.\n\n - Integer overflow errors exist in the TSCC RGB and YUV decoders. 



Novell Messenger Server < 2.2.1 Memory Information Disclosure 


RISK: 

MEDIUM 


Description: Synopsis : \n\nThe remote host has an instant messaging server product installed that is 

affected by an information disclosure vulnerability.\n\nThe remote host is running Novell 

Messenger Server, formerly Groupwise Messenger, an instant messaging server 

application. For your information, the observed version of Novell Messenger Server is : \n 

%L \n\nVersions of Novell Messenger Server earlier than 2.2.1 are potentially affected by 

an information disclosure vulnerability whereby a remote, unauthenticated attacker could 

send commands that would force the Messenger server process to return the contents of 

arbitrary memory locations. This data could potentially include strings containing the 

credentials used by Messenger to authenticate to directory services. 

Solution: Upgrade to Novell Messenger 2.2.1 or later. 

CVE-2011-3179 

TimThumb Application Detection 




Description: The remote host is running TimThumb, a PHP application which allows for image sizing 

on demand. 

Solution: Ensure that you are running the latest version of this product. 


TimThumb Arbitrary Code Injection 


Description: Synopsis :\n\nThe remote host is running software which allows arbitrary code 

injection\n\nThe remote host is running TimThumb, a PHP application which allows for 

image sizing on demand. This version of TimThumb is vulnerable to a flaw in the way that 

it parses valid 'allowed sites'. By default, TimThumb ships with a predefined list of trusted 

domains. However, when parsing client-issued URLs, it does not ensure that the domain is 

valid. So, for instance, an attacker can use a domain like flickr.com.myhost.com and 

TimThumb will download from that site because it contains the string 'flickr.com'. The 

domain which PVS observed being passed to TimThumb was %P 



TimThumb Version Detection 


Description: The remote host is running TimThumb version : %L 



World of Warcraft/Battle.net Detection 

PVS ID: 6061 FAMILY: Internet Services 

RISK: 

MEDIUM 


Description: The remote host is running World of Warcraft or another Battle.net-compatible game. 

realtimeonly 

Solution: Verify that this conforms to your security policy. 


Apache 2.2 < 2.2.21 mod_proxy_ajp DoS 





your information, the observed version of Apache HTTP server is : \n %L \n\nVersions of 

Apache 2.2 earlier than 2.2.21 are potentially affected by a denial of service vulnerability. 

An error exists in the mod_proxy_ajp module that can allow specially crafted HTTP 

requests to cause a backend server to temporarily enter an error state. This vulnerability 

only occurs when mod_proxy_ajp is used along with mod_proxy_balancer. 

Solution: Upgrade to Apache version 2.2.21 or later. 

PS3 Login Detection 

CVE-2011-3348 


Description: The remote host has logged into the PS3 network. 

realtimeonly 

Solution: Ensure that this product is authorized with respect to Corporate policy. 

PS3 Version Detection 



Description: The remote host is running a PS3 gaming console version : %L 

Solution: Ensure that this product is authorized with respect to Corporate policy. 


VNC Client Session Started 


Description: The remote client has just initiated a VNC connection. 

Solution: N/A 

realtimeonly 


Android Market Detection 




Description: The remote device just accessed the Android Market. 

realtimeonly 

Solution: Ensure that this product is authorized with respect to corporate policy. 


Android version Detection 


Description: The remote host is an Android mobile device version: %L 

Solution: Ensure that this product is authorized with respect to corporate policy. 


BlackBerry Version Detection 


Description: The remote host is running the BlackBerry operating system version: %L 

Solution: N/A 


DELL Mobile Device Version Detection 


Description: The remote host is running a DELL mobile device version: %L 

Solution: N/A 


HP Tablet Mobile Device Version Detection 


Description: The remote host is running an HP Tablet mobile device version: %L 

Solution: N/A 


HP Tablet Mobile Device Version Detection 




Description: The remote host is running an HP Tablet mobile device version: %L 

Solution: N/A 


HTC Mobile Device Version Detection 


Description: The remote host is running an HTC mobile device version: %L 

Solution: N/A 





Solution: N/A 





Solution: N/A 


Kindle Mobile Device Version Detection 


Description: The remote host is running a Kindle mobile device version: %L 

Solution: N/A 


LG Mobile Device Version Detection 




Description: The remote host is running an LG mobile device version: %L 

Solution: N/A 


Nokia Mobile Device Version Detection 


Description: The remote host is running a Nokia mobile device version: %L 

Solution: N/A 


Nook Mobile Device Version Detection 


Description: The remote host is running a Nook mobile device version: %L 

Solution: N/A 


Samsung Mobile Device Version Detection 


Description: The remote host is running a Samsung mobile device version: %L 

Solution: N/A 





Solution: N/A 







Solution: N/A 





Solution: N/A 





Solution: N/A 


PalmOS Mobile Device Version Detection 


Description: The remote host is running a PalmOS mobile device version: %L 

Solution: N/A 


Symbian Mobile Device Version Detection 


Description: The remote host is running a Symbian series 60 mobile device 

Solution: N/A 


Motorola Mobile Device Version Detection 




Description: The remote host is running a Motorola mobile device version: %L 

Solution: N/A 


Symantec pcAnywhere Detection 


Description: The remote host is running pcAnywhere, an application that allows remote users to connect 

to a Windows desktop and work remotely. 

realtimeonly 

Solution: Ensure that you are running the latest version of pcAnywhere. 


SSH Server Detection (realtime) 


Description: The remote host is running a SSH server and was just logged into by a client. 

Solution: N/A 

realtimeonly 


SSH Client login detected (realtime) 


Description: The remote SSH client has just logged into a server 

Solution: N/A 

realtimeonly 


Google Music Client Detection 


Description: The remote client is running the Google Music application version : %L 

Solution: N/A 




Google Music Client Upload Detection 


Description: The remote client is uploading the following music file to Google Music : %L 

Solution: N/A 

realtimeonly 


Google Music Client Session Initiated 


Description: The remote user has just logged into Google Music, a site which allows remote streaming 

of a user's music files 

Solution: N/A 

realtimeonly 


ISC BIND 9 Query.c Logging Resolver Denial of Service 


Description: Synopsis :\n\nThe remote DNS server is vulnerable to a denial of service attack.\n\nThe 


version of Bind is :\n %L \n\nVersions of BIND 9.4-ESV earlier than 9.4-ESV-R5-P1, 

9.6-ESV earlier than 9.6-ESV-R5-P1, 9.7.x earlier than 9.7.4-P1, and 9.8.x earlier than 

9.8.1-P1 are potentially affected by a denial of service vulnerability. An unidentified 

network event causes BIND9 resolvers to cache an invalid record, subsequent queries for 

which could crash the resolvers with an assertion failure. 

Solution: Upgrade to BIND 9.4-ESV-R5-P1 / 9.6-ESV-R5-P1, 9.7.4-P1, 9.8.1-P1, or later. 

CVE-2011-4313 






:\n%L.\n\nVersions of Google Chrome earlier than 15.0.874.120 are affected by multiple 


vulnerabilities :\n\n - A double-free error exists in the Theora decoder. 

(CVE-2011-3892)\n\n - Out-of-bounds read errors exist in the MVK and Vorbis media 

handlers. (CVE-2011-3892)\n\n - A memory corruption error exists in the VP8 decoding. 

(CVE-2011-3894)\n\n - A heap overflow error exists in the Vorbis decoder. 

(CVE-2011-3895)\n\n - A buffer overflow error exists in the shader variable mapping 

functionality. (CVE-2011-3896)\n\n - A use-after-free error exists related to unspecified 

editing. (CVE-2011-3897)\n\n - In JRE7, applets are allowed to run without the proper 

permissions. (CVE-2011-3898) 


CVE-2011-3898 





:\n%L.\n\nVersions of Google Chrome earlier than 15.0.874.121 are affected by a code 

execution vulnerability due to an out-of-bounds write in v8. A remote, unauthenticated 

attacker, exploiting this flaw, could execute arbitrary code on the remote host subject to the 



CVE-2011-3900 

Apple iOS 3.0 through 5.0 Multiple Vulnerabilities 




of iOS is : \n %L \n\nVersions of iOS 3.0 through 5.0 are potentially affected by multiple 


CFNetwork\n\n - CoreGraphics\n\n - Data Security\n\n - Kernel\n\n - libinfo\n\n - Passcode 

Lock 


CVE-2011-3442 






the observed version of Adobe Flash Player is : \n %L \n\nVersions of Flash Player earlier 

than 10.3.183.11 / 11.1.102.55 are potentially affected by multiple vulnerabilities :\n\n - 


Several unspecified memory corruption errors exist that could lead to code execution. 


CVE-2011-2455, CVE-2011-2459, CVE-2011-2460)\n\n - An unspecified heap corruption 

error exists that could lead to code execution. (CVE-2011-2450)\n\n - An unspecified 

buffer overflow error exists that could lead to code execution. (CVE-2011-2456)\n\n - An 

unspecified stack overflow error exists that could lead to code execution. 

(CVE-2011-2457)\n\n - An unspecified error related to Internet Explorer can allow 

cross-domain policy violations. (CVE-2011-2458) 

Solution: Upgrade to Flash Player 10.3.183.11, 11.1.102.55 or later. 

CVE-2011-2460 

iTunes < 10.5.1 Update Authenticity Verification Weakness 


Description: Synopsis :\n\nThe remote host contains an application that is susceptible to a 

man-in-the-middle attack.\n\nThe remote host has iTunes installed, a popular media player 

for Windows and Mac OS. For your information, the observed version of iTunes is 

:\n%L.\n\nVersions of iTunes earlier than 10.5.1 use an unsecured HTTP connection when 

checking for or retrieving software updates, which could allow a man-in-the-middle 

attacker to provide a Trojan horse update that appears to originate from Apple. 


CVE-2008-3434 

DB2 9.7 < Fix Pack 5 Local Denial of Service Vulnerability 


Description: Synopsis :\n\nThe remote database server is vulnerable to a denial of service attack.\n\nFor 

your information, the observed version of IBM DB2 is : \n %L \n\nVersions of IBM DB2 

9.7 earlier than Fix Pack 5 are potentially affected by a local denial of service vulnerability. 

On Unix and Unix-like systems with both the Self Tuning Memory manager (STMM) 

feature enabled and the 'DATABASE_MEMORY' option set to 'AUTOMATIC', local users 

are able to carry out denial of service attacks via unknown vectors. 

Solution: Disable automatic tuning of 'DATABASE_MEMORY' or upgrade to IBM DB2 9.7 Fix 

Pack 5 or later. 

CVE-2011-1373 

Sony Blu-Ray Player Detection 




Description: The remote host is a Blu-Ray player. These devices can be used to stream content from the 

Internet. The User-Agent string may be of use in determining the MAC address and model 

information of this device: \n %L 

Solution: Ensure that such devices are authorized for your network 


ProFTPD < 1.3.3g / 1.3.4 Response Pool Use-After-Free Code Execution 


Description: Synopsis :\n\nThe remote FTP server is affected by a code execution vulnerability.\n\nThe 

remote host is using ProFTPD, a free FTP server for Unix and Linux. For your information, 

the observed version of ProFTPD is : \n %L \n\nVersions of ProFTPD earlier than 1.3.3g / 

1.3.4 are potentially affected by a code execution vulnerability due to how the server 

manages the response pool that is used to send responses from the server to the client. A 

remote, authenticated attacker, exploiting this flaw, could execute arbitrary code on the 

remote host subject to the privileges of the user running the affected application. 

Solution: Upgrade to version 1.3.3g, 1.3.4, or later. 

CVE-2011-4130 

OpenVAS Server Detection 



corporate policy.\n\nThe remote server is running an OTP (OpenVas Transport Protocol) 

server. OpenVAS is an open source tool that is used for performing security scans. 



FTP File Upload Detection 


Description: PVS observed at least one FTP session originating from this client address. The client just 

uploaded the following file. %L 

Solution: N/A 

realtimeonly 



CA eTrust Directory SNMP Packet Parsing Denial of Service 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote directory service is vulnerable to a denial of service 

attack.\n\nThe remote host is running CA eTrust Directory Server, a directory service 

application from CA. For your information, the observed version of CA eTrust Directory 

Server is :\n %L \n\nVersions of CA eTrust Directory 8.1, and R12 earlier than service 

pack 7 CR1 are potentially affected by a denial of service vulnerability due to the way the 

application parses SNMP packets. A remote, unauthenticated attacker, exploiting this flaw, 

could crash the affected service. 

Solution: Upgrade to CA eTrust Directory R12 SP7 CR1 or later. 

CVE-2011-3849 






11.60 are potentially affected by multiple vulnerabilities : \n\n - Top level domain 

separation rules are not honored for two-letter top level domains, e.g., .us or .uk and some 

three-letter top-level domains. This error can allow sites to set the scripting context to the 

top level domain. Further, this can allow sites to set and read cookies from other sites 

whose scripting context is set to the same top level domain. (Issue 1003)\n\n - An error 

exists in the SSLv3 and TLSv1.3 specification that can allow the BEAST attack. (Issue 

1004)\n\n - An error exists in the implementation of the JavaScript 'in' operator that can 

allow sites to verify the existence of variables of sites in other domains. (Issue 1005)\n\n - 

An unspecified, moderately sever issue exists. Details are to be disclosed by the vendor at a 

later date.\nIAVB Reference : 2012-B-0006\nSTIG Finding Severity : Category I 


Mac OS X Detection 

CVE-2011-4687 


Description: The remote host is running Mac OS X 

Solution: Solution Not Available 


Windows Version Detection 




Description: The remote host is running Windows : %L 

Solution: N/A 





vectors.\n\nFor your information, the observed version of Google Chrome is :\n %L 

\n\nVersions of Google Chrome earlier than 16.0.912.63 are potentially affected by 

multiple vulnerabilities :\n\n - Out-of-bounds read errors exist related to regex matching, 

libxml, the PDF parser, the SVG parser, YUV video frame handling, il8n handling in V8 

and PDF cross references. (CVE-2011-3903, CVE-2011-3905, CVE-2011-3906, 

CVE-2011-3908, CVE-2011-3910, CVE-2011-3911, CVE-2011-3914, 

CVE-2011-3916)\n\n - Use-after-free errors exist related to SVG filters, Range handling 

and bidi handling. (CVE-2011-3904, CVE-2011-3912, CVE-2011-3913)\n\n - URL bar 

spoofing is possible due to an error related to 'view source'. (CVE-2011-3907)\n\n - A 

memory corruption error exists related to arrays of CSS properties. (CVE-2011-3909)\n\n - 

A buffer overflow exists related to PDF font handling. (CVE-2011-3915)\n\n - A 

stack-based buffer overflow exists related to the 'FileWatcher'. (CVE-2011-3917) 


CVE-2011-3917 







An out-of-bounds memory access error exists in the 'SVG' implementation and can be 

triggered when 'SVG' elements are removed during a 'DOMAttrModified' event handler. 

(CVE-2011-3658)\n\n - Various memory safety errors exist that can lead to memory 

corruption and possible code execution. (CVE-2011-3660)\n\n - An error exists in the 

'YARR' regular expression library that can cause application crashes when handling certain 

JavaScript statements. (CVE-2011-3661)\n\n - It is possible to detect keystrokes using 

'SVG' animation 'accesskey' events even when JavaScript is disabled. 

(CVE-2011-3663)\n\n - AN error exists related to plugins that can allow a null pointer to be 

dereferenced when a plugin deletes its containing DOM frame during a call from that 

frame. It may be possible for a non-null pointer to be dereferenced thereby opening up the 

potential for further exploitation. (CVE-2011-3664)\n\n - It is possible to crash the 

application when 'OGG' 'video' elements are scaled to extreme sizes. (CVE-2011-3665) 




CVE-2011-3665 



Description: Synopsis :\n\nThe remote host has a email client installed that is vulnerable to multiple 

attack vectors.\n\nThe remote host has a email client installed that is vulnerable to multiple 

attack vectors.\n\nFor your information, the observed version of Thunderbird is : \n %L 

\n\nVersions of Thunderbird 8.0 are potentially affected by the following security issues : 

\n\n - An out-of-bounds memory access error exists in the 'SVG' implementation and can be 

triggered when 'SVG' elements are removed during a 'DOMAttrModified' event handler. 

(CVE-2011-3658)\n\n - Various memory safety errors exist that can lead to memory 

corruption and possible code execution. (CVE-2011-3660)\n\n - An error exists in the 

'YARR' regular expression library that can cause application crashes when handling certain 

JavaScript statements. (CVE-2011-3661)\n\n - It is possible to detect keystrokes using 

'SVG' animation 'accesskey' events even when JavaScript is disabled. 

(CVE-2011-3663)\n\n - AN error exists related to plugins that can allow a null pointer to be 

dereferenced when a plugin deletes its containing DOM frame during a call from that 

frame. It may be possible for a non-null pointer to be dereferenced thereby opening up the 

potential for further exploitation. (CVE-2011-3664)\n\n - It is possible to crash the 

application when 'OGG' 'video' elements are scaled to extreme sizes. (CVE-2011-3665) 


Windows OS detection 

CVE-2011-3665 


Description: The remote host is running a windows device version: %L 

Solution: N/A 


Shavlik Software Management Detection 


Description: The remote host is running the Shavlik software management package. This tool is used to 

track and monitor software being utilized on the client system. 

Solution: N/A 



HP Managed Printing Administration < 2.6.4 Multiple Vulnerabilities 




attack vectors.\n\nThe remote web server is hosting HP Managed Printing Administration, 

a printer management application. For your information, the observed version of HP 

Managed Printing Administration is :\n %L \n\nVersions of HP Managed Printing 

Administration earlier than 2.6.4 are potentially affected by multiple vulnerabilities :\n\n 

Null injection and directory traversal can be used in the form data passed to 

MPAUploader.Uploader.1.UploadFiles() to remotely create arbitrary files. 

(CVE-2011-4166)\n\n - An extended length string can be passed into scripts within the 

management website and ultimately to MPAUploader.dll which could be exploited to 

execute arbitrary code. (CVE-2011-4167)\n\n - Null injection and directory traversal can be 

used in the form data passed to \Inetpub\wwwroot\hpmpa\jobDelivery\Default.asp to 

remote create arbitrary files. (CVE-2011-4168) 

Solution: Upgrade to HP Managed Printing Administration 2.6.4 or later. 

CVE-2011-4169 

Kindle Mobile Device Detection 


Description: The remote host is running an Amazon Kindle reader/tablet. 

Solution: N/A 


Windows OS Version Information 


Description: The remote host is running Microsoft Windows version : %L 

Solution: N/A 





Solution: N/A 







Solution: N/A 





Solution: N/A 





Solution: N/A 





Solution: N/A 





Solution: N/A 







Solution: N/A 





Solution: N/A 

BingToolbar Installed 



Description: The remote host has attempted to installed the Bing Toolbar version: %L 

Solution: Ensure that this behavior is in aligment with company policy 





Solution: N/A 


Policy - .xxx Domain Access Attempt 


Description: The remote client was observed attempting to contact an .xxx domain. This may indicate 

inappropriate use of network resources. 








Description: The remote host is running Microsoft Windows version: %L 

Solution: N/A 

Spotify Installed 



Description: The remote host has attempted to installed the Spotify music application. 

Solution: N/A 


OpenSSL 0.9.8 < 0.9.8s / 1.x < 1.0.0f Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote web server is affected by multiple vulnerabilities.\n\nFor your 

information, the observed version of OpenSSL is : \n %L \n\nVersions of OpenSSL 0.9.8 

earlier than 0.9.8s, and 1.0.0 earlier than 1.0.0f are potentially affected by the following 

vulnerabilities :\n\n - An extension of the Vaudenay padding oracle attack exists against 

CBC mode encryption which enables an efficient plaintext recovery attack against the 

OpenSSL implementation of DTLS. (CVE-2011-4108)\n\n - If 

x509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy check failure can 

lead to a double-free. (CVE-2011-4109)\n\n - OpenSSL fails to clear the bytes used as 

block cipher padding in SSL 3.0 records. As a result, in each record, up to 15 bytes of 

uninitialized memory may be sent, encrypted, to the SSL peer. (CVE-2011-4576)\n\n - 

RFC 3779 data can be included in certificates, and if it is malformed, may trigger an 

assertion failure. This could be used in a denial-of-service attack. (CVE-2011-4577)\n\n - 

Support for handshake restarts for server gated cryptography (SGC) can be used in a 

denial-of-service attack. (CVE-2011-4619)\n\n - A malicious TLS client can send an 

invalid set of GOST parameters which will cause the server to crash due to a lack of error 

checking. (CVE-2012-0027) 

Solution: Upgrade to OpenSSL 0.9.8s, 1.0.0f, or later. 

CVE-2012-0027 

Successful Shell Attack Detected - Linux Failed 'cd' Command 


Description: The results of a failed 'cd' command occurred in a TCP session normally used for a 

standard service. This may indicate a successful compromise of this service has occurred. 

realtimeonly 



Solution: The command activity observed is indicative of a possible compromise. Consider 

performing a full audit of the system to investigate further. 


Successful Shell Attack Detected - Linux Failed 'cp' Command 


Description: The results of a failed 'cp' command occurred in a TCP session normally used for a 


realtimeonly 




Successful Shell Attack Detected - Linux Failed 'su' Command 


Description: A failed 'su' command occurred in a TCP session normally used for a standard service. 

realtimeonly 




Successful Shell Attack Detected - FreeBSD Failed 'su' Command 


Description: A failed 'su' command occurred in a TCP session normally used for a standard service. 

realtimeonly 





Successful Shell Attack Detected - Unix Failed 'wget' Command 



Description: The results of a failed 'wget' command occurred in a TCP session normally used for a 


realtimeonly 




Successful Shell Attack Detected - IRIX 'id' Command 


Description: A successful 'id' command occurred in a TCP session normally used for a standard service. 

realtimeonly 




Successful Shell Attack Detected - Linux 'id' Command 


Description: A successful 'id' command occurred in a TCP session normally used for a standard service. 

realtimeonly 




Successful Shell Attack Detected - Linux 'ifconfig' Command 


Description: An 'ifconfig' command occurred in a TCP session normally used for a standard service. 

realtimeonly 





Successful Shell Attack Detected - FreeBSD 'ifconfig' Command 



Description: An 'ifconfig' command occurred in a TCP session normally used for a standard service. 

realtimeonly 




Successful Shell Attack Detected - Unix 'ls -a' Command 


Description: A successful 'ls -a' command occurred in a TCP session normally used for a standard 

service. 

realtimeonly 




Successful Shell Attack Detected - Unix 'ls -l' Command 


Description: A successful 'ls -l' command occurred in a TCP session normally used for a standard 

service. 

realtimeonly 




Successful Shell Attack Detected - Linux Failed 'ls' Command 


Description: The results of a failed 'ls' command occurred in a TCP session normally used for a standard 

service. This may indicate a successful compromise of this service has occurred. 

realtimeonly 






Successful Shell Attack Detected - Linux 'lsof' command 


Description: A 'lsof' command occurred in a TCP session normally used for a standard service. 

realtimeonly 




Successful Shell Attack Detected - Linux 'passwd' Command Changed Password 


Description: A 'passwd' command occurred in a TCP session normally used for a standard service. This 

indicate that successful compromise of this service has occurred. 

realtimeonly 




Successful Shell Attack Detected - Linux 'passwd' Command 


Description: A 'passwd' command occurred in a TCP session normally used for a standard service. 

realtimeonly 




Successful Shell Attack Detected - Linux 'passwd' Command 



realtimeonly 






Successful Shell Attack Detected - IRIX 'passwd' Command 



realtimeonly 




Successful Shell Attack Detected - Linux 'netstat' Command 


Description: A successful 'netstat' command occurred in a TCP session normally used for a standard 

service. 

realtimeonly 




Successful Shell Attack Detected - Linux 'ping' Command 


Description: A successful ping command occurred in a TCP session normally used for a standard 

service. 

realtimeonly 





Successful Shell Attack Detected - Linux 'ps' Command 



Description: A successful 'ps -aux' command occurred in a TCP session normally used for a standard 

service. 

realtimeonly 




Successful Shell Attack Detected - FreeBSD 'ps -aux' Command 


Description: A successful 'ps -aux' command occurred in a TCP session normally used for a standard 

service. 

realtimeonly 




Successful Shell Attack Detected - Linux 'rpcinfo' Command 


Description: An 'rpcinfo' command occurred in a TCP session normally used for a standard service. 

realtimeonly 




Successful Shell Attack Detected - Linux 'traceroute' Command 


Description: A successful 'traceroute' command occurred in a TCP session normally used for a standard 

service. 

realtimeonly 






Successful Shell Attack Detected - Linux 'w' Command 


Description: A successful 'w' command occurred in a TCP session normally used for a standard service. 

realtimeonly 




Successful Shell Attack Detected - IRIX 'w' Command 



realtimeonly 




Successful Shell Attack Detected - FreeBSD 'w' Command 



realtimeonly 




Successful Shell Attack Detected - Linux 'rm' Command 


Description: A successful 'rm' command occurred in a TCP session normally used for a standard service. 

realtimeonly 






Successful Shell Attack Detected - Unix Failed 'tcpdump' Command 


Description: A failed 'tcpdump' command occurred in a TCP session normally used for a standard 

service. 

realtimeonly 




Successful Shell Attack Detected - Unix Failed 'which' Command 


Description: A failed 'which' command occurred in a TCP session normally used for a standard service. 

realtimeonly 




Successful Shell Attack Detected - Unix Failed 'which' Command 


Description: A failed 'which' command occurred in a TCP session normally used for a standard service. 

realtimeonly 




Successful Shell Attack Detected - Unix SSH Initial Connetion Detection 


Description: An SSH session was observed which may be an initial connection which may also be 

present in a command line shell of a successful buffer overflow. 

realtimeonly 






Successful Shell Attack Detected - Unix Failed 'lynx' Command 


Description: A failed 'lynx' command occurred in a TCP session normally used for a standard service. 

realtimeonly 




Successful Shell Attack Detected - Unix 'wget' File Download 


Description: The results of a 'wget' command used to download a file occurred in a TCP session 

normally used for a standard service. This may indicate a successful compromise of this 

service has occurred. 

realtimeonly 




Successful Shell Attack Detected - 'nmap' Tool 


Description: The results of an 'nmap' session were observed in a TCP session normally used for a 


realtimeonly 





Successful Shell Attack Detected - Linux 'netstat -rn' Command 



Description: A successful 'netstat -rn' command occurred in a TCP session normally used for a standard 

service. 

realtimeonly 




Successful Shell Attack Detected - FreeBSD 'netstat -rn' Command 


Description: A successful 'netstat -rn' command occurred in a TCP session normally used for a standard 

service. 

realtimeonly 




Successful Shell Attack Detected - FreeBSD 'netstat' Command 



service. 

realtimeonly 




Successful Shell Attack Detected - Linux 'nslookup' Command 


Description: A successful 'nslookup' command occurred in a TCP session normally used for a standard 

service. 

realtimeonly 






Successful Shell Attack Detected - Unix 'hping2' Tool 


Description: A successful 'hping2' command occurred in a TCP session normally used for a standard 

service. 

realtimeonly 




Successful Shell Attack Detected - Unix 'hping2' Tool 



service. 

realtimeonly 




Successful Shell Attack Detected - Unix 'hping2' Tool (Listen Mode) 



service. 

realtimeonly 





Successful Shell Attack Detected - Unix 'date' Command 


Description: A successful 'date' command occurred in a TCP session normally used for a standard 

service. 


ealtimeonly 




Successful Shell Attack Detected - Unix 'route' Command 


Description: A successful 'route' command occurred in a TCP session normally used for a standard 

service. 

realtimeonly 




Successful Shell Attack Detected - Unix 'snort' Tool 


Description: A successful 'snort' command occurred in a TCP session normally used for a standard 

service. 

realtimeonly 




Successful Shell Attack Detected - Unix 'ngrep' Command 


Description: A successful 'ngrep' command occurred in a TCP session normally used for a standard 

service. 

realtimeonly 





Successful Shell Attack Detected - Unix 'tethereal' Tool 



Description: A successful 'tethereal' command occurred in a TCP session normally used for a standard 

service. 

realtimeonly 




Successful Shell Attack Detected - Unix 'history' Command 


Description: A successful 'history' command occurred in a TCP session normally used for a standard 

service. 

realtimeonly 




Successful Shell Attack Detected - Windows 'copy' Command 


Description: The results of the Windows copy command occurred in a TCP session normally used for a 


realtimeonly 




Successful Shell Attack Detected - Windows Failed 'cd' Command 


Description: The results of an unsuccessful attempt to change drives on a Windows machine occurred in 

a TCP session normally used for a standard service. This may indicate a successful 

compromise of this service has occurred. 

realtimeonly 






Successful Shell Attack Detected - Windows Unknown Shell Command 


Description: The results of an attempt to execute an unknown Windows command occurred in a TCP 

session normally used for a standard service. This may indicate a successful compromise of 

this service has occurred. 

realtimeonly 




Successful Shell Attack Detected - Windows 'dir' Command Execution 


Description: The results of a Windows directory listing command occurred in a TCP session normally 

used for a standard service. This may indicate a successful compromise of this service has 

occurred. 

realtimeonly 




Successful Shell Attack Detected - Windows 'netstat' Command 



service. 

realtimeonly 





Successful Shell Attack Detected - Windows 'net view' Command 



Description: A successful 'net view' command occurred in a TCP session normally used for a standard 

service. 

realtimeonly 




Successful Shell Attack Detected - Windows 'net share' Command 


Description: A successful 'net view' command occurred in a TCP session normally used for a standard 

service. 

realtimeonly 




Successful Shell Attack Detected - 'nslookup' Command 


Description: A successful 'nslookup' command occurred in a TCP session normally used for a standard 

service. 

realtimeonly 




Successful Shell Attack Detected - Windows 'tftp' Command 


Description: A successful 'tftp' command occurred in a TCP session normally used for a standard 

service. 

realtimeonly 






Successful Shell Attack Detected - Windows 'nbtstat' Command 


Description: A successful 'nbtstat' command occurred in a TCP session normally used for a standard 

service. 

realtimeonly 




Successful Shell Attack Detected - Windows 'net user' Command 


Description: A successful 'net user' command occurred in a TCP session normally used for a standard 

service. 

realtimeonly 




Successful Shell Attack Detected - Windows 'date' Command 


Description: A successful 'date' command occurred in a TCP session normally used for a standard 

service. 

realtimeonly 





Successful Shell Attack Detected - Windows 'time' Command 



Description: A successful 'time' command occurred in a TCP session normally used for a standard 

service. 

realtimeonly 




Successful Shell Attack Detected - Windows 'Fport' Command 


Description: A successful 'Fport' command occurred in a TCP session normally used for a standard 

service. 

realtimeonly 




Successful Shell Attack Detected - Windows 'PsList' Command 


Description: A successful 'PsList' command occurred in a TCP session normally used for a standard 

service. 

realtimeonly 




Successful Shell Attack Detected - Windows 'arp -a' Command 


Description: A successful 'arp -a' command occurred in a TCP session normally used for a standard 

service. 

realtimeonly 






Successful Shell Attack Detected - 'ftp' Command 


Description: A successful 'ftp' command occurred in a TCP session normally used for a standard service. 

realtimeonly 




Successful Shell Attack Detected - Windows 'ipconfi' Command 


Description: A successful 'ipconfig' command occurred in a TCP session normally used for a standard 

service. 

realtimeonly 




Successful Shell Attack Detected - Windows 'route print' Command 


Description: A successful 'route print' command occurred in a TCP session normally used for a standard 

service. 

realtimeonly 




Successful Shell Attack Detected - Windows 'route print' Command 


Description: A successful 'route print' command occurred in a TCP session normally used for a standard 

service. 

realtimeonly 






Successful Shell Attack Detected - Windows 'ping' Command 


Description: A successful 'ping' command occurred in a TCP session normally used for a standard 

service. 

realtimeonly 




Successful Shell Attack Detected - Windows 'net user' Command 


Description: A successful 'net user' command occurred in a TCP session normally used for a standard 

service. 

realtimeonly 




Successful Shell Attack Detected - Windows 'tsgrinder.exe' Tool 


Description: A successful 'tsgrinder.exe' command occurred in a TCP session normally used for a 

standard service. This tool is used to crack hashed passwords. 

realtimeonly 





Successful Shell Attack Detected - Windows 'fscan' Tool 



Description: The results of an 'fscan' (now called Scanline) session were observed in a TCP session 

normally used for a standard service. This may indicate a successful compromise of this 

service has occurred. 

realtimeonly 




Successful Shell Attack Detected - Windows 'net use' Command 


Description: A successful 'net use' command occurred in a TCP session normally used for a standard 

service. 

realtimeonly 




Successful Shell Attack Detected - Cisco 'show privilege' Command 


Description: The results of a Cisco IOS command occurred in a TCP session normally used for a 

standard service. This may indicate that a successful compromise of the router or switch 

has occurred. 

realtimeonly 




Successful Shell Attack Detected - Cisco 'show version' Command 




has occurred. 

realtimeonly 






Successful Shell Attack Detected - Cisco 'show ip bgp' Command 


Description: The results of Cisco IOS command occurred in a TCP session normally used for a standard 

service. This may indicate a successful compromise of this service has occurred. 

realtimeonly 




Successful Shell Attack Detected - Cisco 'show version' Command 




has occurred. 

realtimeonly 




Successful Shell Attack Detected - Cisco 'show proc' Command 




has occurred. 

realtimeonly 





Successful Shell Attack Detected - Cisco 'show access-list' Command 





has occurred. 

realtimeonly 




Successful Shell Attack Detected - Cisco 'show mac-address-table' Command 




has occurred. 

realtimeonly 




Successful Shell Attack Detected - Cisco 'show running-config' Command 




has occurred. 

realtimeonly 





Successful Shell Attack Detected - Cisco 'show ip interface' Command 




has occurred. 


ealtimeonly 




Finger Attack - Successful Finger Query to Multiple Users 


Description: A response from a known finger daemon was observed which indicated that the attacker 

was able to retrieve a list of three or more valid user names. 

realtimeonly 

Solution: Disable the finger service, or restrict access to this service. 


TFTP Attack - /etc/passwd File Obtained via TFTP 


Description: A file which looks like an /etc/passwd file was downloaded from a TFTP server. 

realtimeonly 

Solution: Disable the TFTP service as it does not provide sufficient authentication. 


TFTP Attack - Cisco Router Config File Obtained via TFTP 


Description: A file which looks like a Cisco router configuration file was downloaded from a TFTP 

server. 

realtimeonly 



FTP Attack - Hidden Directory Created 




Description: An FTP user successfully created a hidden directory. This may potentially be an attempt to 

hide unauthorized data on the FTP server. 

realtimeonly 

Solution: Inspect and repair this vulnerability 


FTP Attack - File Hidden 


Description: An FTP user successfully renamed a file to a hidden name. This may potentially be an 

attempt to hide unauthorized data on the FTP server. 

realtimeonly 



FTP Attack - Passive Port Scan 


Description: An FTP user issued a successful passive port request which enumerated a port less than 

1024, and other than 21 or 20. This may indicate that your FTP server is being used for port 

scanning by hackers who wish to hide their identity or possibly mail spammers who are 

looking for open port 25 devices. 

realtimeonly 



FTP Attack - Successful SITE EXEC Command 


Description: An FTP user issued a successful SITE EXEC command. The SITE EXEC command is 

often attempted by remote hackers to run UNIX and Windows commands directly on the 

FTP server. This PVS rule detects a successful command execution, not an attempt. 

realtimeonly 

Solution: Disable the FTP service or restrict access to it. 




Trojan/Backdoor Detection - BACKDOOR Infector.1.x 


Description: The remote host seems to be running a trojan or 'backdoor' program -- BACKDOOR 

Infector.1.x. This is typically an indicator that the machine has been compromised and is 

now being remotely controlled 

realtimeonly 

Solution: As the system appears to be compromised, you should both inspect and manually clean the 



Trojan/Backdoor Detection - BACKDOOR SatansBackdoor.2.0.Beta 


Description: The remote host seems to be running a trojan or 'backdoor' program - BACKDOOR 

SatansBackdoor.2.0.Beta. This is typically an indicator that the machine has been 

compromised and is now being remotely controlled 

realtimeonly 




Trojan/Backdoor Detection - GateCrasher 


Description: The remote host seems to be running a trojan or 'backdoor' program - GateCrasher. This is 

typically an indicator that the machine has been compromised and is now being remotely 

controlled 

realtimeonly 





Trojan/Backdoor Detection - BACKDOOR Matrix 2.0 Client 



Description: The remote host seems to be running a trojan or 'backdoor' program - BACKDOOR Matrix 

2.0 Client connect. This is typically an indicator that the machine has been compromised 

and is now being remotely controlled 

realtimeonly 




Trojan/Backdoor Detection - win-trin00 


Description: The remote host seems to be running a trojan or 'backdoor' program - win-trin00. This is 


controlled 

realtimeonly 




Trojan/Backdoor Detection - QAZ Worm 


Description: The remote host seems to be running a trojan or 'backdoor' program - QAZ Worm remote 

access. This is typically an indicator that the machine has been compromised and is now 

being remotely controlled 

realtimeonly 




Trojan/Backdoor Detection - Doly 2.0 


Description: The remote host seems to be running a trojan or 'backdoor' program - Doly 2.0. This is 


controlled 

realtimeonly 






Trojan/Backdoor Detection - netbus 


Description: The remote host seems to be running a trojan or 'backdoor' program - netbus. This is 


controlled. 

realtimeonly 

Solution: Manually inspect and repair the infected host 


Trojan/Backdoor Detection - Subseven 


Description: The remote host seems to be running a trojan or 'backdoor' program - BACKDOOR 

subseven 22. This is typically an indicator that the machine has been compromised and is 

now being remotely controlled. 

realtimeonly 

Solution: Manually inspect and repair the infected host 


Trojan/Backdoor Detection - RXBOT / RBOT Exploit Report 


Description: The remote machine is infected with the RXBOT virus/backdoor. 

realtime 

Solution: Remove the virus using your Corporate standard for anti-virus 



Trojan/Backdoor Detection - RXBOT / RBOT Vulnerability Scan 



Description: The remote machine is infected with the RXBOT virus/backdoor. 

realtime 



Trojan/Backdoor Detection - Windows Command Shell as Service 


Description: When discovering a Windows command shell running as a service, it almost always 

indicates the system has been compromised. 

realtime 

Solution: Treat this system as compromised 


Windows Command Shell as Service 


Description: When discovering a Windows command shell running as a service, it almost always 

indicates the system has been compromised. 

realtime 

Solution: Treat this system as compromised 


SMTP Proxy Traffic Detected 


RISK: 

MEDIUM 


Description: The remote proxy allows SMTP connections to be tunneled using the HTTP CONNECT 

method. If this an open proxy (i.e. it is remotely accessible by those outside the corporate 

network), then this feature may be used to send unsolicited bulk email (SPAM). 

realtime 

Solution: Lock down which port numbers the proxy will tunnel connections to for client CONNECT 

requests. Also, ensure that only authorized users are allowed to connect to the proxy. 




Trojan/Backdoor Detection - WinEggDrop Infected Host Detection 


Description: The remote machine is infected with the WinEggDrop virus/backdoor. 

realtimeonly 



TFTP Attack - c:\winnt\repair\sam File Obtained via TFTP 


Description: A file that looks like the Windows SAM file was downloaded from a TFTP server. 

realtimeonly 



Meebo Messenger Detected 


Description: The remote host is accessing the Meebo Messenger application. This web site allows users 

to login with AIM, Yahoo Messenger, or Windows Live instant messenger credentials and 

chat via the site instead of the native clients. This site is often used to circumvent corporate 

policy that prevents instant messaging software. 

Solution: Ensure this web application meets corporate guidelines for employee use. 

Evony Game Detected 



Description: The remote host is accessing the Evony web-based game. Users may create an account via 

the site, or authenticate via their Facebook credentials. 

Solution: Ensure this application meets corporate guidelines for employee use. 


Desert Operations Game Detected 




Description: The remote host is accessing the Desert Operations game by Looki. 



Empire Universe 2 Game Detected 


Description: The remote host is accessing the Empire Universe 2 (EU2) game by Looki. 



Gilfor's Tale Game Detected 


Description: The remote host is accessing the Gilfor's Tale game by Looki. 



MechRage Game Detected 


Description: The remote host is accessing the MechRage game by Looki. 



Romadoria Game Detected 


Description: The remote host is accessing the Romadoria game by Looki. 



Space Pioneers 2 Game Detected 




Description: The remote host is accessing the Space Pioneers 2 game by Looki. 


eBay Auction Detected 



Description: The remote host is accessing an auction on eBay. 

realtime 



Orkut Social Application Detected 


Description: The remote host is accessing the Orkut social application, now owned by Google. 

realtime 


Java version detection 



Description: The remote host is running Java version : %L 

Solution: Ensure that you are running the latest version of Java 


Flash Player version detection 


Description: The remote client is running Flash Player version : %L 

Solution: Ensure that you are running the latest version of Flash Player 




FTP Client Initiated from an SMTP Server 


Description: The remote SMTP server has just been observed initiating an FTP outbound session and 

retrieving a file. This may be an indicator that the system has been compromised and 

attackers are now retrieving files to the local server. 

realtimeonly 

Solution: Disable the SMTP service if it is not required. Additionally, the observed behavior is 

indicative of a system compromise. 


Distributed Network Protocol v3 'Disable Unsolicited' Alert (SCADA) 


RISK: 

MEDIUM 


Description: SCADA Alert - Distributed Network Protocol v3 'Disable Unsolicited' alert. The remote 

host is running the Distributed Network Protocol version 3. This protocol is common on 

SCADA networks. PVS has just detected a client sending the server a code 15 message. 

This message instructs the DNPv3 server to stop sending unsolicited messages. 

realtimeonly 

Solution: Ensure that the disabling of automated alerts was planned by network administrators. 


Distributed Network Protocol v3 'Cold Restart' Alert (SCADA) 


RISK: 

MEDIUM 


Description: SCADA Alert - Distributed Network Protocol v3 'Cold Restart' alert. The remote host is 

running the Distributed Network Protocol version 3. This protocol is common on SCADA 

networks. PVS has just detected a client sending the server a code '0D' message. This 

message instructs the remote server to do a cold restart. That is, the server will be 

unavailable for some time as it restarts and runs all power-up tests. 

realtimeonly 

Solution: If the PLC server supports it, disable 'Cold Restarts' except from trusted systems. 

Otherwise, ensure that SCADA network is only accessible by trusted hosts. 



Distributed Network Protocol v3 'Unauthorized Read Request' Alert (SCADA) 



Description: SCADA Alert - Distributed Network Protocol v3 'Unauthorized Read Request' alert. The 

remote host is running the Distributed Network Protocol version 3. This protocol is 

common on SCADA networks. PVS has just detected a client sending the server a code '01' 

message. This message instructs the remote server to divulge potentially sensitive 

information. An attacker, exploiting this feature, would be able to gain information useful 

for future attacks. 

realtimeonly 

Solution: Ensure that SCADA network is only accessible by trusted hosts. 


Distributed Network Protocol v3 'Stop Application' Alert (SCADA) 


RISK: 

MEDIUM 


Description: SCADA Alert - Distributed Network Protocol v3 'Stop Application' alert. The remote host 

is running the Distributed Network Protocol version 3. This protocol is common on 

SCADA networks. PVS has just detected a client sending the server a code '12' message. 

This message instructs the remote server to stop the application. An attacker, exploiting this 

flaw, would need access to the SCADA network. Successful exploitation would result in 

the disabling of a portion (or all) of the SCADA network. 

realtimeonly 



Distributed Network Protocol v3 'Warm Restart' Alert (SCADA) 


RISK: 

MEDIUM 


Description: SCADA Alert - Distributed Network Protocol v3 'Warm Restart' alert. The remote host is 


networks. PVS has just detected a client sending the server a code '0E' message. This 

message instructs the remote server to perform a warm reboot. That is, the server will be 

unavailable for some time as it restarts. 

realtimeonly 





Distributed Network Protocol v3 'Broadcast Request' Alert (SCADA) 


RISK: 

MEDIUM 


Description: SCADA Alert - Distributed Network Protocol v3 'Broadcast request'. The remote host is 


networks. PVS has just detected broadcast traffic on the SCADA network. Broadcast is 

enabled, by default, on many DNPv3 devices. Given this, an attacker can attack many 

servers simultaneously. This can also be used by an unauthorized attacker to cause a Denial 

of Service (DoS) on the remote network. 

realtimeonly 



ICCP Invalid Destination Address (SCADA) 


Description: The remote ICCP server has just been connected to by an ICCP client with an invalid 

destination TSAP address. 

realtimeonly 



ICCP Invalid Client Disconnect (SCADA) 


Description: The remote ICCP server has just disconnected an ICCP client due to a protocol 

error. Receiving a number of these alerts might be an indicator of an ongoing 

attack, a saturated SCADA network, or a misconfigured client/server architecture. 

realtimeonly 



ICCP Invalid OSI-SSEL (SCADA) 




Description: The remote ICCP server has just sent a 'Session Refuse PDU' message in response to an 

invalid OSI Layer Selector (SSEL) value. As SSEL values are typically only 2 to 4 bytes 

long, this could indicate that a client is 'brute-forcing' a valid SSEL value. This sort of 

attack can also impact Availability to the server. 

realtimeonly 



ICCP Invalid OSI-PSEL (SCADA) 


Description: The remote ICCP server has just sent an ACSE Abort Message in response to an invalid 

Presentation Layer Selector (PSEL) value. As PSEL values are typically only 2 to 4 bytes 

long, this could indicate that a client is 'brute-forcing' a valid PSEL value. This sort of 

attack can also impact Availability to the server. 

realtimeonly 



MODBUS Client 'Force Listen Only Mode' Request (SCADA) 



or process control networks. PVS has just observed a Modbus TCP 'force listen only mode' 

request. An attacker can use this functionality to repeatedly disable the remote server from 

responding. 

realtimeonly 

Solution: You should ensure that this sort of network traffic is restricted to protected networks only. 

Further, you should ensure that only valid clients are allowed to send commands to the 

server. 



MODBUS Client 'Restart Communications' Request (SCADA) 



or process control networks. PVS has just observed a Modbus 'Restart Communications' 

request. This sort of request can be used by a malicious client to force the PLC server to 

continuously power cycle. This can deny services to valid devices. 


ealtimeonly 



MODBUS Client 'Clear Counters and Diagnostic Registers' Request (SCADA) 



or process control networks. PVS has just observed a Modbus 'Clear Counters and 

Diagnostic Registers' request. This sort of request, if fulfilled, allows remote attacks to 

clear audit data which the server may use to track unauthorized traffic. 

realtimeonly 



MODBUS Client 'Read Device Identification' Request (SCADA) 



or process control networks. PVS has just observed a Modbus 'Read Device Identification' 

request. This request can be used to query a server for vendor information, product version 

number, and other informational items which would enable an attacker to perform future 

attacks. 

realtimeonly 



MODBUS Client 'Report Server Information' Request (SCADA) 



or process control networks. PVS has just observed a Modbus 'Report Server Information' 

request. This request can be used to query a server for configuration information. This sort 

of information would enable an attacker to perform future attacks. 

realtimeonly 










multiple vulnerabilities :\n\n - A heap-based buffer overflow exists in libxml. 

(CVE-2011-3919)\n\n - A use-after-free error exists related to animation frames. 

(CVE-2011-3921)\n\n - A stack-based-buffer overflow exists related to glyph processing. 

(CVE-2011-3922) 


CVE-2011-3922 




vulnerabilities.\n\nFor your information, the version of PHP installed on the remote host is 

:\n\n %L \nVersions of PHP earlier than 5.3.9 are potentially affected by multiple 

vulnerabilities :\n\n - It is possible to create a denial of service condition by sending 

multiple, specially crafted requests containing parameter values that cause hash collisions 

when computing the hash values for storage in a hash table. (CVE-2011-4885)\n\n - An 

integer overflow exists in the exif_process_IFD_TAG function in exif.c that can allow a 

remote attacker to read arbitrary memory locations or cause a denial of service condition. 

This vulnerability only affects PHP 5.4.0beta2 on 32-bit platforms. (CVE-2011-4566)\n\n - 

Calls to libxslt are not restricted via xsltSetSecurityPrefs(), which could allow an attacker 

to create or overwrite files, resulting in arbitrary code execution. (CVE-2012-0057)\n\n - 

An error exists in the function 'tidy_diagnose' that can allow an attacker to cause the 

application to dereference a null pointer. This causes the application to crash. 

(CVE-2012-0781)\n\n - The 'PDORow' implementation contains an error that can cause 

application crashes when interacting with the session feature. C(VE-2012-0788)\n\n - An 

error exists in the timezone handling such that repeated calls to the function 'strtotime' can 

allow a denial of service attack via memory consuption. (CVE-2012-0789) 


CVE-2012-0789 

MySQL Server 5.1 < 5.1.61 / 5.5 < 5.5.20 Multiple Unspecified Vulnerabilities 



RISK: 

MEDIUM 





\n\nVersions of MySQL Community Server 5.1 earlier than 5.1.61 and 5.5 earlier than 

5.5.20 are potentially affected by multiple unspecified vulnerabilities. 


CVE-2012-0496 

Schweitzer Engineering Laboratories (SEL) Telnet Account Detection (SCADA) 


Description: The remote client is connecting to a SCHWEITZER ENGINEERING LABORATORIES 

(SEL) management server on the telnet port for level 1 access with the following 

credentials : %L 

realtimeonly 

Solution: Ensure that use of the telnet protocol is acceptable within company policy. 


Schweitzer Engineering Laboratories (SEL) Management Server Detection (SCADA) 


Description: The remote server is a SCHWEITZER ENGINEERING LABORATORIES (SEL) 

management server. 

Solution: N/A 


Schweitzer Engineering Laboratories (SEL) Default telnet Account Detection (SCADA) 


Description: The remote system is a SCHWEITZER ENGINEERING LABORATORIES (SEL) client. 

realtime 

Solution: N/A 



Schweitzer Engineering Laboratories (SEL) Default telnet Account/Password Detection (SCADA) 



Description: The remote client just logged into a SCHWEITZER ENGINEERING LABORATORIES 

(SEL) server (level 2 access) using the default password of TAIL. 

Solution: Change all default passwords upon software/server installation. 


Schweitzer Engineering Laboratories (SEL) Default telnet Account Detection (SCADA) 


Description: The remote server is a SCHWEITZER ENGINEERING LABORATORIES (SEL) 

management server and is configured with the default level 2 Password of TAIL 

Solution: Change default credentials on this machine 


GE D20 TFTP Client Access Detection (SCADA) 


Description: The remote system is a GE D20 tftp client. 

Solution: N/A 


GE D20 TFTP Client Access Detection (SCADA) 


Description: The remote system is a GE D20 tftp client. The client has requested the file : %L 

Solution: N/A 

realtimeonly 


GE D20 Server TFTP File Transfer Detection (SCADA) 


Description: The remote server is a GE D20 SCADA device. This device allows TFTP access. 

Solution: N/A 




GE D20 Server TFTP File Transfer Detection (SCADA) 


RISK: 

MEDIUM 


Description: The remote server is a GE D20 SCADA device. This device allows TFTP access. Files 

available on the TFTP server may contain confidential data such as configuration or userID 

information. 

Solution: Block access to the tftp service except from trusted machines or networks. 


Modicon FTP Client Detection (SCADA) 


Description: The remote client is connecting to a Modicon SCADA device with the default user account 

of qbf77101. 

Solution: N/A 


Modicon FTP Server Detection (SCADA) 


Description: The remote host is a Modicon SCADA device offering FTP service. 

Solution: N/A 


Modicon FTP Default Account/Password Usage (SCADA) 


Description: The remote client is connecting to a Modicon SCADA device with the default user account 

of qbf77101 and the default password of hexakisoctahedron. 

Solution: Change all default passwords upon server/software installation. 



Modicon FTP Default Account/Password Usage (SCADA) 



Description: The remote Modicon SCADA device is configured with the default user account of 

qbf77101 and the default password of hexakisoctahedron. These credentials were observed 

on the FTP port. 

Solution: Change all default passwords upon server/software installation. 


Modicon telnet Default Account Detection (SCADA) 


Description: The remote client is connecting to a Modicon SCADA server with the default account 

name of ntpupdate. 

Solution: N/A 


Modicon telnet Default Account/Password Detection (SCADA) 


Description: The remote client is connecting to a Modicon SCADA server with the default userID of 

ntpupdate and password of fZ*imnw}l 

Solution: N/A 


Modicon telnet Default Account/Password Detection (SCADA) 


Description: The remote Modicon SCADA server is configured with the default userID of ntpupdate and 

password of fZ*imnw}l 

Solution: Change default credentials on this device. 


GE PLC telnet Server Detection (SCADA) 


Description: The remote host is a GE PLC telnet server used to control and monitor substations. 

Solution: Restrict access to the server to authorized personnel only. 




GE PLC telnet Server Default Account/Password (SCADA) 


Description: The remote host is a GE PLC server which is used to monitor and control substations. The 

server is configured with the default or easily-guessed credentials. 

Solution: N/A 


GE PLC telnet Server Default Account/Password (SCADA) 


Description: The remote host is a GE PLC server that is used to monitor and control substations. The 

server is configured with the default or easily-guessed credentials. 

Solution: Disable any unnecessary accounts and/or change the default credentials. 


Rockwell Automation PLC HTTP Server Detection (SCADA) 


Description: The remote host is a Rockwell Automation PLC HTTP server which is used to control and 

monitor various applications such as SCADA, printing, packaging or pharmaceutical 

systems. 

Solution: Restrict access to the server to authorized personnel only. 


Rockwell Automation PLC HTTP Server Administrator Access Detection (SCADA) 


RISK: 

MEDIUM 


Description: The remote host has attempted and succeeded in logging into a Rockwell Automation PLC 

HTTP server as an administrator with the following ID : %P 

Solution: Ensure that the host is a valid host and has the correct authorization to log into the system 

as an administrator. 



Rockwell Automation PLC - Micrologix Controller Version Detection (SCADA) 



Description: The remote host has been identified as a Micrologix PLC controller as the following 

version: %L 

Solution: N/A 


Modicon PLC HTTP Default Account/Password Detection (SCADA) 


Description: The remote Modicon PLC HTTP SCADA server is configured with the default account of 

USER and password of USER. 

Solution: Change the default credentials on this remote server. 


OpenSSL 0.9.8s / 1.0.0f DTLS Denial of Service 


RISK: 

MEDIUM 



information, the observed version of OpenSSL is : \n %L \n\nOpenSSL version 0.9.8s and 

1.0.0f are potentially affected by a flaw in the implementation of the fix for 

CVE-2011-4108. The Datagram Transport Layer Security (DTLS) implementation is 

vulnerable to a denial of service attack. 

Solution: Upgrade to OpenSSL 0.9.8t, 1.0.0g, or later. 

CVE-2012-0050 

Polycom Audio/Video Server Detection 


Description: Synopsis:\n\nThe remote server is used as an audio/video device.\n\nThe remote host is a 

Polycom Audio/Video server. The exact product name is : %L 

Solution: Ensure that this service is authorized for your network. 


DCS Video Server Detection 





DCS video server. The exact product name is : %L 

Solution: Ensure that this service is authorized for your network 




Description: Synopsis:\n\nThe remote server is used as an audio/video device.\n\nThe remote host is 

using the Session Initiation Protocol (SIP) which is a communication protocol for video and 

voice calls over the Internet. 



Netwave Video Server Detection 



Netwave video server. The exact product name is : %L 



Schweitzer Engineering Laboratories (SEL) Management Server Detection Default Level 1 

Credentials (SCADA) 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote SCADA device is configured with default credentials\n\nThe 

remote server is a SCHWEITZER ENGINEERING LABORATORIES (SEL) management 

server. The server is configured with the default password of 'OTTER' for level 1 access. 

Solution: Change default passwords 









multiple vulnerabilities :\n\n - Use-after-free errors exist related to DOM selections, DOM 

handling, and Safe Browsing functionality. (CVE-2011-3924, CVE-2011-3925, 

CVE-2011-3928)\n\n - A heap-based buffer overflow exists in the 'tree builder'. 

(CVE-2011-3926)\n\n - An error exists related to an uninitialized value in 'Skia'. 

(CVE-2011-3927) 


CVE-2011-3928 






11.61 are potentially affected by multiple vulnerabilities :\n\n - It is possible to manipulate 

framed content in a way that allows cross-site scripting. (Issue 1007)\n\n - Script events can 

be used to reveal the presence of local files. (Issue 1008) 



CentOS Version Detection 


Description: The remote host is running CentOS version: %L. 

Solution: Ensure that host is up to date on security updates and in accordance to company policy. 


Android 2.3 < 2.3.6 Information Disclosure 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote host is affected by an information disclosure 

vulnerability.\n\nFor your information, the observed version of Android OS installed on the 

remote device is : \n %L \n\nVersions of Android OS earlier than 2.3.6 are potentially 

affected by an information disclosure vulnerability. The bluetooth stack used by Android 

2.3 allows a physically proximate attacker to obtain contact information from a target 

device via AT phonebook transfer. 


Solution: Upgrade to Android 2.3.6 or later. 

CVE-2011-4276 

PCAnywhere Detection 


Description: The remote host is running PCAnywhere, an application that allows remote users to 

connect to a Windows desktop and work remotely. 

Solution: Ensure that you are running the latest version of PCAnywhere. 


Samba 3.6.x < 3.6.3 Denial of Service 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote Samba server is affected by a denial of service 

vulnerability.\n\nFor your information, the observed version of Samba is :\n %L 

\n\nAccording to its banner, the version of Samba 3.6.x running on the remote host is 

earlier than 3.6.3. Errors exist in the files 'source3/lib/substitute.c' and 

'source3/smbd/server.c' that leak small amounts of memory when processing every 

connection attempt.\n\nAn attacker can continually make connections to the server and 

cause a denial of service attack against the affected smbd service. 

Solution: Either apply one of the patches referenced in the project's advisory or upgrade to 3.6.3 or 

later. 

CVE-2012-0817 

OpenSSH < 5.7 Multiple Vulnerabilities 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote SSH service may be affected by multiple vulnerabilities.\n\nFor 

your information, the observed version of OpenSSH installed on the remote host is : \n %L 

\n\nVersions of OpenSSH server before 5.7 may be affected by the following 

vulnerabilities :\n\n - A security bypass vulnerability because OpenSSH does not properly 

validate the public parameters in the J-PAKE protocol. This could allow an attacker to 

authenticate without the shared secret. Note that this issue is only exploitable when 

OpenSSH is built with J-PAKE support, which is currently experimental and disabled by 

default. (CVE-2010-4478)\n\n - The auth_parse options function in auth-options.c in sshd 

provides debug messages containing authorized_keys command options, which allows 

remote authenticated users to obtain potentially sensitive information by reading these 

messages. (CVE-2012-0841) 

Solution: Upgrade to OpenSSH version 5.7 or later. 


CVE-2012-0814 

RealWin Management Server Detection (SCADA) 


Description: The remote server is running the RealWin Management Server. This software server is 

used to manage a wide range of SCADA devices. 

Solution: N/A 





information, the observed version of Apache HTTP server is : \n %L \n\nVersions of 

Apache 2.2 earlier than 2.2.22 are potentially affected by the following vulnerabilities :\n\n 

- When configured as a reverse proxy, improper use of the RewriteRule and 

ProxyPasssMatch directives could cause the web server to proxy requests to arbitrary hosts. 

This could allow a remote attacker to indirectly send request to intranet servers. 

(CVE-2011-3368, CVE-2011-4317)\n\n - A heap-based buffer overflow exists when 

mod_setenvif module is enabled and both a maliciously crafted 'SetEnvIf' directive and a 

maliciously crafted HTTP request header are used. (CVE-2011-3607)\n\n - A format string 

handling error can allow the server to be crashed via maliciously crafted cookies. 

(CVE-2012-0021)\n\n - An error exists in 'scoreboard.c' that can allow local attackers to 

crash the server during shutdown. (CVE-2012-0031)\n\n - An error exists in 'protocol.c' 

that can allow 'HTTPOnly' cookies to be exposed to attackers through the malicious use of 

either long or malformed HTTP headers. (CVE-2012-0053)\n\n - An error in the 

mod_proxy_ajp module when used to connect to a backend server that takes an overly long 

time to respond could lead to a temporary denial of service. (CVE-2012-4557)\nIAVA 

Reference : 2012-A-0017\nSTIG Finding Severity : Category I 


CVE-2012-4557 





issue.\n\nFor your information, the observed version of Mac OS X is : \n %L \n\nThe 

remote host is running a version of Mac OS X 10.7 that is older than version 10.7.3. The 

newer version contains numerous security-related fixes for the following components :\n\n 

- Address Book\n - Apache\n - ATS\n - CFNetwork\n - CoreMedia\n - CoreText\n - 

CoreUI\n - curl\n - Data Security\n - dovecot\n - filecmds\n - ImageIO\n - Internet 

Sharing\n - Libinfo\n - libresolv\n - libsecurity\n - OpenGL\n - PHP\n - QuickTime\n - 


Subversion\n - Time Machine\n - WebDAV Sharing\n - Webmail\n - X11\nIAVA 

Reference : 2012-A-0020\nIAVA Reference : 2012-A-0085\nIAVB Reference : 



CVE-2011-3463 

PHP 5.3.9 php_register_variable_ex() Code Execution 


Description: Synopsis :\n\nThe remote web server uses a version of PHP that is affected by a code 

execution vulnerability.\n\nFor your information, the version of PHP installed on the 

remote host is :\n %L \n\nPHP version 5.3.9 is reportedly affected by a code execution 

vulnerability. Specifically, the fix for the hash collision denial of service vulnerability 

(CVE-2011-4885) itself has introduced a remote code execution vulnerability in the 

php_register_variable_ex() in the file php_variables.c. A new configuration variable, 

max_input_vars, was added as part of the fix. If the number of input variables exceeds this 

value and the variable being processed is an array, code execution can occur. 


CVE-2012-0830 

RealWin Management Server HMI Service Detection (SCADA) 



used to manage a wide range of SCADA devices. The Server has an HMI service listening 

on port 912/tcp. The PVS has just observed the following user logging into the Server : %P 

Solution: N/A 

realtimeonly 









A use-after-free error exists related to removed nsDOMAttribute child nodes. 

(CVE-2011-3659)\n\n - Various memory safety issues exist. (CVE-2012-0442, 

CVE-2012-0443)\n\n - Memory corruption errors exist related to the decoding of Ogg 

Vorbis files and processing of malformed XSLT stylesheets. (CVE-2012-0444, 


CVE-2012-0449)\n\n - The HTML5 frame navigation policy can be violated by allowing 

an attacker to replace a sub-frame in another domain's document. (CVE-2012-0445)\n\n - 

Scripts in frames are able to bypass security restrictions in XPConnect. This bypass can 

allow malicious web sites to carry out cross-site scripting attacks. (CVE-2012-0446)\n\n - 

An information disclosure issue exists when uninitialized memory is used as padding when 

encoding icon images. (CVE-2012-0447)\n\n - If a user chooses to export their Firefox 

Sync key the 'Firefox Recover Key.html' file is saved with incorrect permissions, making 

the file contents potentially readable by other users. Note that this issue only affects Firefox 

on Linux and Mac OS X systems. (CVE-2012-0450) 


CVE-2012-0450 






\n\nVersions of Firefox 3.6.x earlier than 3.6.26 are potentially affected by the following 

security issues : \n\n - A use-after-free error exists related to removed nsDOMAttribute 

child nodes. (CVE-2011-3659)\n\n - The IPv6 literal syntax in web addresses is not being 

properly enforced. (CVE-2011-3670)\n\n - Various memory safety issues exist. 

(CVE-2012-0442)\n\n - Memory corruption errors exist related to the decoding of Ogg 


CVE-2012-0449) 


CVE-2012-0449 

Mozilla Thunderbird 9.0 Multiple Vulnerabilities 





multiple attack vectors.\n\nFor your information, the observed version of Thunderbird is : 

\n %L \n\nVersions of Thunderbird 9.0 are potentially affected by the following security 

issues : \n\n - A use-after-free error exists related to removed nsDOMAttribute child nodes. 

(CVE-2011-3659)\n\n - Various memory safety issues exist. (CVE-2012-0442, 

CVE-2012-0443)\n\n - Memory corruption errors exist related to the decoding of Ogg 


CVE-2012-0449)\n\n - The HTML5 frame navigation policy can be violated by allowing 

an attacker to replace a sub-frame in another domain's document. (CVE-2012-0445)\n\n - 

Scripts in frames are able to bypass security restrictions in XPConnect. This bypass can 

allow malicious web sites to carry out cross-site scripting attacks. (CVE-2012-0446)\n\n - 

An information disclosure issue exists when uninitialized memory is used as padding when 


encoding icon images. (CVE-2012-0447)\n\n - If a user chooses to export their Thunderbird 

Sync key the 'Thunderbird Recover Key.html' file is saved with incorrect permissions, 

making the file contents potentially readable by other users. Note that this issue only affects 

Thunderbird on Linux and Mac OS X systems. (CVE-2012-0450) 


CVE-2012-0450 

Mozilla Thunderbird 3.1.x Multiple Vulnerabilities 




multiple attack vectors.\n\nFor your information, the observed version of Thunderbird is : 

\n %L \n\nVersions of Thunderbird 3.1.x earlier than 3.1.18 are potentially affected by the 

following security issues : \n\n - A use-after-free error exists related to removed 

nsDOMAttribute child nodes. (CVE-2011-3659)\n\n - The IPv6 literal syntax in web 

addresses is not being properly enforced. (CVE-2011-3670)\n\n - Various memory safety 

issues exist. (CVE-2012-0442)\n\n - Memory corruption errors exist related to the decoding 

of Ogg Vorbis files and processing of malformed XSLT stylesheets. (CVE-2012-0444, 

CVE-2012-0449) 


CVE-2012-0449 






multiple attack vectors.\n\nFor your information, the observed version of SeaMonkey is : \n 

%L \n\nVersions of SeaMonkey 2.x earlier than 2.7.0 are potentially affected by the 

following security issues : \n\n - A use-after-free error exists related to removed 

nsDOMAttribute child nodes. (CVE-2011-3659)\n\n - Various memory safety issues exist. 

(CVE-2012-0442, CVE-2012-0443)\n\n - Memory corruption errors exist related to the 

decoding of Ogg Vorbis files and processing of malformed XSLT stylesheets. 

(CVE-2012-0444, CVE-2012-0449)\n\n - The HTML5 frame navigation policy can be 

violated by allowing an attacker to replace a sub-frame in another domain's document. 

(CVE-2012-0445)\n\n - Scripts in frames are able to bypass security restrictions in 

XPConnect. This bypass can allow malicious web sites to carry out cross-site scripting 

attacks. (CVE-2012-0446)\n\n - An information disclosure issue exists when uninitialized 

memory is used as padding when encoding icon images. (CVE-2012-0447)\n\n - If a user 

chooses to export their SeaMonkey Sync key the 'SeaMonkey Recover Key.html' file is 

saved with incorrect permissions, making the file contents potentially readable by other 

users. Note that this issue only affects SeaMonkey on Linux and Mac OS X systems. 

(CVE-2012-0450) 



CVE-2012-0450 

Real Networks RealPlayer < 15.0.2.72 Multiple Vulnerabilities 




information, the observed build of RealPlayer is :\n %L \n\nRealPlayer versions earlier than 

15.0.2.72 are potentially affected by the following issues :\n\n - A remote code execution 

vulnerability exists related to rvrender RMFF Flags. (CVE-2012-0922)\n\n - A remote code 

execution vulnerability exists related to the RV20 Frame Size Array. (CVE-2012-0923)\n\n 

- A remote code execution vulnerability exists relating to VIDOBJ_START_CODE. 

(CVE-2012-0924)\n\n - A remote code execution vulnerability exists relating to RV40. 

(CVE-2012-0925)\n\n - A remote code execution vulnerability exists relating to RV10 

Encoded Height/Width. (CVE-2012-0926)\n\n - A remote code execution vulnerability 

exists relating to RealAudio coded_frame_size. (CVE-2012-0927)\n\n - A remote code 

execution vulnerability exists relating to Attrac Sample Decoding. (CVE-2012-0928) 

Solution: Upgrade to RealPlayer 15.0.2.72 or later. 

CVE-2012-0928 






\n\nVersions of Google Chrome earlier than 17.0.963.46 are potentially affected by the 

following vulnerabilities :\n\n - Clipboard monitoring after a paste action is possible. 

(CVE-2011-3953)\n\n - Application crashes are possible with excessive database usage, 

killing an 'IndexDB' transaction, signature checks and processing unusual certificates. 

(CVE-2011-3954, CVE-2011-3955, CVE-2011-3965, CVE-2011-3967)\n\n - Sandboxed 

origins are not handled properly inside extensions. (CVE-2011-3956)\n\n - Use-after-free 

errors exist related to PDF garbage collection, stylesheet error handling, CSS handling, 

SVG layout and 'mousemove' event handling. (CVE-2011-3957, CVE-2011-3966, 

CVE-2011-3968, CVE-2011-3969, CVE-2011-3971)\n\n - An error exists related to bad 

casting and column spans. (CVE-2011-3958)\n\n - A buffer overflow exists related to 

locale handling. (CVE-2011-3959)\n\n - Out-of-bounds read errors exist related to audio 

decoding, path clipping, PDF fax imaging, 'libxslt', and the shader translator. 

(CVE-2011-3960, CVE-2011-3962, CVE-2011-3963, CVE-2011-3970, 

CVE-2011-3972)\n\n - A race condition exists after a utility process crashes. 

(CVE-2011-3961)\n\n - An unspecified error exists related to the URL bar after drag and 

drop operations. (CVE-2011-3964) 



CVE-2011-3972 

ClearSCADA Management Server Detection (SCADA) 


Description: The remote server is running the ClearSCADA Management Server. This software server is 

used to manage a wide range of SCADA devices. The reported version of ClearSCADA is : 

%L 

Solution: N/A 





used to manage a wide range of SCADA devices. 

Solution: N/A 


Novell iPrint Client < 5.78 Multiple Code Execution Vulnerabilities 


Description: Synopsis :\n\nThe remote host contains an application that is affected by multiple code 

execution vulnerabilities.\n\nThe remote host has the Novell iPrint client installed. For your 

information, the observed version of Novell iPrint Client is : \n %L \n\nVersions of Novell 

iPrint Client earlier than 5.78 are potentially affected one or more of the following 

vulnerabilities that can allow for arbitrary code execution :\n\n - An unspecified issue exists 

in the GetDriverSettings realm in nipplib.dll. (CVE-2011-4187)\n\n - An unspecified issue 

exists in GetPrinterURLList2 in the ActiveX control. (CVE-2011-4185)\n\n - An 

unspecified issue exists in client-file-name parsing in nipplib.dll. (CVE-2011-4186) 


CVE-2011-4187 

InduSoft WebStudio Server detection (SCADA) 



Description: The remote host is a InduSoft WebStudio server use as a human-machine interface(HMI) 

that is linked to SCADA systems to provide trending, diagnostic data and management 

information. The following version was detected: %L 


Solution: Restrict access to the server to authorized personnel only, as well ensure that the software is 

patched. 


InduSoft WebStudio Server detection Version 6 (SCADA) 


RISK: 

MEDIUM 




information. The following version was detected: %L. This version is vulnerable a 

stack-based buffer overflow and a component in the Remote Agent module. 

Solution: Apply all the necassary patches, please reference the seealso section. Also restrict access to 

the server to authorized personnel only. 

CVE-2011-4052 

InduSoft WebStudio Server detection Version (SCADA) 


RISK: 

MEDIUM 




information. The following version was detected: %L. This version is vulnerable a 

stack-based buffer overflow and a component in the Remote Agent module. 

Solution: Apply all the necassary patches, please reference the seealso section. Also restrict access to 

the server to authorized personnel only. 

CVE-2011-4052 

Facebook/Twitter Pinterest Activity 


Description: The remote host is a Pinterest client. Pinterest is a 'pin board' application which is used in 

conjunction with Facebook or Twitter to post images, notes, and other media formats into a 

feed. The remote client has just signed up with the following email address : %L 

Solution: Ensure that such activity is authorized for your network 








feed. The remote client has just uploaded the following image : %L 

realtimeonly 







feed. The remote client has just 'pinned' the following image to their profile : %L 

realtimeonly 








following vulnerabilities :\n\n - Integer overflow errors exist related to PDF codecs and 

libpng. (CVE-2011-3015, CVE-2011-3026)\n\n - A read-after-free error exists related to 

'counter nodes'. (CVE-2011-3016)\n\n - Use-after-free errors exist related to database 

handling, subframe loading, and ddrag-and-drop functionality. (CVE-2011-3017, 

CVE-2011-3021, CVE-2011-3023)\n\n - Heap-overflow errors exist related to path 

rendering and 'MKV' handling. (CVE-2011-3018, CVE-2011-3019)\n\n - Unspecified 

errors exist related to the native client validator and HTTP use with translation scripts. 

(CVE-2011-3020, CVE-2011-3022)\n\n - Empty x509 certificates can cause browser 

crashes. (CVE-2011-3024)\n\n - An out-of-bounds read error exists related to h.264 

parsing. (CVE-2011-3025)\n\n - A bad variable cast exists related to column handling. 

(CVE-2011-3027) 


CVE-2011-3027 

7T-IGSS Server Login Attempt Detected (SCADA) 




Description: The remote host is a 7T Interactive Graphical SCADA System(IGSS) used to control and 

monitor programmable logic controllers(PLC) in industrial processes. There was an attempt 

to connect to the server listening on IP address: %L. 

Solution: Restrict access to the server to authorized personnel only. As well ensure that the product is 

up to date on all of its security patches. 


Mozilla Firefox 10.x < 10.0.1 Memory Corruption 



corruption vulnerability.\n\nFor your information, the observed version of Firefox is : \n 

%L \n\nVersions of Firefox 10.x earlier than 10.0.1 are potentially affected by a memory 

corruption vulnerability. A use-after-free error exists in the method 

'nxXBLDocumentInfo::ReadPrototypeBindings' and XBL bindings are not properly 

removed from a hash table in the event of failure. Clean up processes may then attempt to 

use this data and cause application crashes. These application crashes are potentially 

exploitable. 


CVE-2012-0452 

Mozilla Firefox 10.x < 10.0.2 'png_decompress_chunk' Integer Overflow 


Description: Synopsis :\n\nThe remote host has a web browser installed that is affected by an integer 

overflow vulnerability.\n\nFor your information, the observed version of Firefox is : \n %L 

\n\nVersions of Firefox 10.x earlier than 10.0.2 are potentially affected by an integer 

overflow vulnerability. An integer overflow error exists in 'libpng', a library used by this 

application. When decompressing certain PNG image files, this error can allow a 

heap-based buffer overflow which can crash the application or potentially allow code 

execution. 


CVE-2011-3026 


Mozilla Thunderbird 10.x < 10.0.1 Memory Corruption 


Description: Synopsis :\n\nThe remote host has a mail client installed that is affected by a memory 

corruption vulnerability.\n\nFor your information, the observed version of Thunderbird is : 

\n %L \n\nVersions of Thunderbird 10.x earlier than 10.0.1 are potentially affected by a 

use-after-free error in the method 'nsXBLDocumentInfo::ReadPrototypeBindings' and XBL 

bindings are not properly removed from a hash table in the event of failure. Clean up 


processes may then attempt to use this data and cause application crashes. These 

application crashes are potentially exploitable. 


CVE-2012-0452 

Mozilla Thunderbird 10.x < 10.0.2 'png_decompress_chunk' Integer Overflow 


Description: Synopsis :\n\nThe remote host has a mail client installed that is potentially affected by an 

integer overflow vulnerability.\n\nFor your information, the observed version of 

Thunderbird is : \n %L \n\nVersions of Thunderbird 10.x earlier than 10.0.2 are potentially 

affected by an integer overflow error in 'libpng', a library used by this application. When 

decompressing certain PNG image files, this error can allow a heap-based buffer overflow 

which can crash the application or potentially allow code execution. 


CVE-2011-3026 

Mozilla SeaMonkey 2.x < 2.7.1 Memory Corruption 



corruption vulnerability.\n\nFor your information, the observed version of SeaMonkey is : 

\n %L \n\nVersions of SeaMonkey 2.x earlier than 2.7.1 are potentially affected by a 

memory corruption vulnerability. A use-after-free error exists in the method 

'nsXBLDocumentInfo::ReadPrototypeBindings' and XBL bindings are not properly 

removed from a hash table in the event of failure. Clean up processes may then attempt to 

use this data and cause application crashes. These application crashes are potentially 

exploitable. 


CVE-2012-0452 


Mozilla SeaMonkey 2.x < 2.7.2 'png_decompress_chunk' Integer Overflow 


Description: Synopsis :\n\nThe remote host has a web browser installed that is affected by an integer 

overflow vulnerability.\n\nFor your information, the observed version of SeaMonkey is : \n 

%L \n\nVersions of SeaMonkey 2.x earlier than 2.7.2 are potentially affected by an integer 

overflow vulnerability in 'libpng', a library used by this application. When decompressing 

certain PNG image files, this error can allow a heap-based buffer overflow which can crash 

the application or potentially allow code execution. 



CVE-2011-3026 

7T-IGSS Server Detected (SCADA) 


Description: The remote host is a 7T Interactive Graphical SCADA System(IGSS) used to control and 

monitor programmable logic controllers(PLC) in industrial processes. The following 

version was detected: %L. 

Solution: Restrict access to the server to authorized personnel only. As well ensure that the product is 

up to date on all of its security patches. 


Apache Tomcat 5.5.x < 5.5.35 Hash Collision Denial of Service 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server is affected by a denial of service vulnerability.\n\nFor 


\n %L \n\nVersions of Tomcat 5.x earlier than 5.5.35 are potentially affected by a denial of 

service vulnerability. Large numbers of crafted form parameters can cause excessive CPU 

consumption due to hash collisions. 


CVE-2012-0022 






\n %L \n\nVersions of Apache Tomcat 6.0.35 are potentially affected by multiple 

vulnerabilities :\n\n - Specially crafted requests are incorrectly processed by Tomcat and 

can cause the server to allow injection of arbitrary AJP messages. This can lead to 

authentication bypass and disclosure of sensitive information. Note this vulnerability only 

occurs when the following are true (CVE-2011-3190):\n\n - the 

org.apache.jk.server.JkCoyoteHandler AJP connector is not used.\n - POST requests are 

accepted.\n - Large numbers of crafted form parameters can cause excessive CPU 

consumption due to hash collisions. (CVE-2011-4858, CVE-2012-0022)\nIAVB Reference 

: 2012-B-0035\nSTIG Finding Severity : Category I 



CVE-2012-0022 



RISK: 

MEDIUM 




\n\nVersions of Tomcat 7.0.x earlier than 7.0.22 are potentially affected by multiple 

vulnerabilities:\n\n - An information disclosure vulnerability exists. Request information is 

cached in two objects and these objects are not recycled at the same time. Further requests 

can obtain sensitive information if certain error conditions occur. (CVE-2011-3375)\n\n - 

The web server is not properly restricting access to the servlets that provide the 

functionality of the Manager application. This can allow untrusted web applications to 

access privileged internal functionality such as gathering information on running web 

applications and deploying additional web applications. (CVE-2011-3376)\nIAVB 



CVE-2011-3376 

Apache Tomcat 7.0.x < 7.0.23 Hash Collision Denial of Service 


RISK: 

MEDIUM 




\n %L \n\nVersions of Tomcat 7.0.x earlier than 7.0.23 are potentially affected by a denial 

of service vulnerability. Large numbers of crafted form parameters can cause excessive 

CPU consumption due to hash collisions. 


CVE-2012-0022 

IBM iSeries FTP Service Detection 


Description: The remote host is running the IBM iSeries OS. The FTP service is running on this host. 



PostgreSQL 8.3.x < 8.3.18 Multiple Vulnerabilities 


PVS ID: 6336 FAMILY: Database NESSUS ID:Not Available 


RISK: 

MEDIUM 


your information, the version of PostgreSQL installed on the remote host is:\n %L 

\n\nVersions of PostgreSQL 8.3.x earlier than 8.3.18 are potentially affected by the 

following vulnerabilities :\n\n - Permissions on a function called by a trigger are not 

properly checked. (CVE-2012-0866)\n\n - SSL certificate name checks are truncated to 32 

characters, allowing connection spoofing under some circumstances when using third party 

certificates. (CVE-2012-0867)\n\n - Line breaks in object names can be exploited to 

execute arbitrary SQL when reloading a pg_dump file. (CVE-2012-0868) 

Solution: Upgrade to PostgreSQL 8.3.18 or later. 

CVE-2012-0868 

PostgreSQL < 9.1.3 / 9.0.7 / 8.4.11 Multiple Vulnerabilities 


RISK: 

MEDIUM 



your information, the version of PostgreSQL installed on the remote host is:\n %L 

\n\nVersions of PostgreSQL earlier than 9.1.3, 9.0.7, 8.4.11 and are potentially affected by 

the following vulnerabilities :\n\n - Permissions on a function called by a trigger are not 

properly checked. (CVE-2012-0866)\n\n - SSL certificate name checks are truncated to 32 

characters, allowing connection spoofing under some circumstances when using third party 

certificates. (CVE-2012-0867)\n\n - Line breaks in object names can be exploited to 

execute arbitrary SQL when reloading a pg_dump file. (CVE-2012-0868) 

Solution: Upgrade to PostgreSQL 8.4.11, 9.0.7, 9.1.3, or later. 

CVE-2012-0868 

Dropbear SSH Server Channel Concurrency Use-after-free Remote Code Execution 


Description: Synopsis :\n\nThe remote ssh service is affected by a remote code execution 

vulnerability.\n\nDropbear, an SSH server, is installed on the remote host. For your 

information, the observed version of Dropbear is:\n %L \n\nVersions of Dropbear SSH 

before 2012.55 contain a flaw that might allow an attacker to run arbitrary code on the 

remote host with root privileges if they are authenticated using a public key and command 

restriction is enforced. 

Solution: Upgrade to Dropbear SSH 2012.55 or later. 

CVE-2012-0920 

Evernote Client Detection 




Description: The remote host is running the Evernote client. Evernote is an application which allows 

users to sync files across multiple devices, interact with social media sites, and do a host of 

other things. 

Solution: Ensure that such usage is in alignment with Corporate policy 


IBM Solid Database 6.5 < 6.5.0.8 Multiple Denial of Service Vulnerabilities 


Description: Synopsis :\n\nThe remote database server is vulnerable to a denial of service attack.\n\nThe 

remote host is running IBM solidDB. For your information, the observed version of 

solidDB is:\n %L \n\nVersions of solidDB 6.5 earlier than 6.5.0.8 are potentially affected 

by multiple denial of service vulnerabilities :\n\n - Sending packets with many integer 

fields can trigger several recursive calls of a certain function causing an excessive amount 

of stack memory consumption. (CVE-2010-4055, IC80074)\n\n - Upon receiving a packet 

containing only a single integer field, a NULL pointer dereference can occur causing a 

daemon crash. (CVE-2010-4056, IC80075)\n\n - When receiving a packet with many 

different integer fields containing two different values, an invalid memory access and 

daemon crash can occur. (CVE-2010-4057, IC80076) 

Solution: Upgrade to solidDB 6.5.0.8 or later. 

CVE-2010-4057 






following vulnerabilities :\n\n - Use-after-free errors exist related to 'v8 element wrapper', 

SVG value handling, SVG document handling, SVG use handling, multi-column handling, 

quote handling, class attribute handling, table section handling, flexbox with floats and 

SVG animation elements. (CVE-2011-3031, CVE-2011-3032, CVE-2011-3034, 


CVE-2011-3043, CVE-2011-3044)\n\n - An error exists in the 'Skia' drawing library that 

can allow buffer overflows. (CVE-2011-3033)\n\n - Casting errors exist related to line box 

handling and anonymous block splitting. (CVE-2011-3036, CVE-2011-3037)\n\n - An 

out-of-bounds read error exists related to text handling. (CVE-2011-3040) 


CVE-2011-3044 



iHeartRadio Stream Detection 


Description: The remote host was observed accessing an iHeartRadio stream. 

realtimeonly 



Apple's iCloud Service Access Detection 


Description: The remote host has potentially accessed Apple's iCloud service. Ensure that this activity is 

in accordance to company policy. 

Solution: Ensure that this application is authorized within your network. 


Apple iOS 3.0 through 5.0.1 Multiple Vulnerabilities 






CFNetwork\n\n - HFS\n\n - Kernel\n\n - libresolv\n\n - Passcode Lock\n\n - Safari\n\n - 

Siri\n\n - VPN\n\n - WebKit 


CVE-2012-0646 



Description: Synopsis :\n\nThe remote host contains an application that is susceptible to a 

man-in-the-middle attack.\n\nThe remote host has iTunes installed, a popular media player 

for Windows and Mac OS. For your information, the observed version of iTunes is:\n %L 

\n\nVersions of iTunes earlier than 10.6 are reportedly affected by numerous memory 

corruption vulnerabilities in its WebKit component. Note that these issues only affect 

iTunes on Windows. 




CVE-2012-0648 





of Safari is: \n %L \n\nVersions of Safari earlier than 5.1.4 are reportedly affected by 

several issues :\n\n - Look-alike characters in a URL could be used to masquerade a 

website. (CVE-2012-0584)\n\n - Web page visits may be recorded in browser history even 

when private browsing is active. (CVE-2012-0585)\n\n - Multiple cross-site scripting issues 

existed in WebKit. (CVE-2011-3881, CVE-2012-0586, CVE-2012-0587, CVE-2012-0588, 

CVE-2012-0589)\n\n - A cross-origin issue existed in WebKit, which may allow cookies to 

be disclosed across origins. (CVE-2011-3887)\n\n - Visiting a maliciously crafted website 

and dragging content with the mouse may lead to a cross-site scripting attack. 

(CVE-2012-0590)\n\n - Multiple memory corruption issues existed in WebKit. 















CVE-2012-0639, CVE-2012-0648(\n\n - Cookies may be set by third-parties, even when 

Safari is configured to block them. (CVE-2012-0640)\n\n - If a site uses HTTP 

authentication and redirects to another site, the authentication credentials may be sent to the 

other site. (CVE-2012-0647) 


CVE-2012-0648 






earlier than Fix Pack 9 are potentially affected by multiple issues : - Incorrect, 

world-writable file permissions are in place for the file 'NODES.REG'. (IC79518)\n\n - An 

unspecified error can allow attacks to cause a denial of service via unspecified vectors. 

(IC76899)\n\n - A local user can exploit a vulnerability in the bundled IBM Tivoli 

Monitoring Agent (ITMA) to escalate their privileges. (IC79970)\n\n - An unspecified error 


in the DB2 Administration Server (DAS) can allow remote privilege escalation or denial of 

service via unspecified vectors. Note that this issue does not affect Windows hosts. 

(IC80728)\n\n - An authorized user with 'CONNECT' privileges from 'PUBLIC' can cause 

a denial of service via unspecified methods related to DB2's XML feature. (IC81379)\n\n - 

An authorized user with 'CONNECT' and 'CREATEIN' privileges on a database can 

perform unauthorized reads on tables. (IC81387)\nIAVB Reference : 2012-B-0030\nSTIG 




Google Chrome < 17.0.963.78 Code Multiple Vulnerabilities 





following vulnerabilities :\n\n - The application does not properly handle history 

navigation.\n\n - An unspecified universal cross-site scripting issue exists.\n\nBy exploiting 

these vulnerabilities in combination, an attacker could bypass Chrome's sandbox and 

execute arbitrary code on the target machine as demonstrated in March 2012 at Google's 

Pwnium competition. 


CVE-2011-3046 

Google Chrome < 17.0.963.79 Memory Corruption Vulnerabilities 


Description: Synopsis :\n\nThe remote host contains a web browser that is affected by multiple memory 

corruption vulnerabilities.\n\nFor your information, the observed version of Google 

Chrome is :\n %L \n\nVersions of Google Chrome earlier than 17.0.963.79 are potentially 

affected by memory corruption vulnerabilities related to plugin loading and GPU 

processing. 


CVE-2011-3047 


Mozilla Firefox 10.x < 10.0.3 Multiple Vulnerabilities 




\n\nVersions of Firefox 10.x earlier than 10.0.3 are potentially affected by the following 

security issues :\n\n - Multiple memory corruption issues. By tricking a user into visiting a 


specially crafted page, these issues may allow an attacker to execute arbitrary code in the 

context of the affected application. (CVE-2012-0454, CVE-2012-0457, CVE-2012-0459, 

CVE-2012-0461, CVE-2012-0462, CVE-2012-0463, CVE-2012-0464)\n\n - Ah HTTP 

Header security bypass vulnerability that can be leveraged by attackers to bypass certain 

security restrictions and conduct cross-site scripting attacks. (CVE-2012-0451)\n\n - A 

security bypass vulnerability that can be exploited by an attacker if the victim can be 

tricked into setting a new home page by dragging a specially crafted link to the 'home' 

button URL, which will set the user's home page to a 'javascript:' URL. 

(CVE-2012-0458)\n\n - An information disclosure vulnerability due to an out of bounds 

read in SVG filters. (CVE-2012-0456)\n\n - A cross-site scripting vulnerability that can be 

triggered by dragging and dropping 'javascript:' links onto a frame. (CVE-2012-0455)\n\n - 

'window.fullScreen' is writeable by untrusted content, allowing attackers to perform UI 

spoofing attacks. (CVE-2012-0460) 

Solution: Upgrade to Firefox 10.0.3 ESR or later. 

CVE-2012-0464 





\n\nVersions of Firefox 3.6.x earlier than 3.6.28 are potentially affected by the following 




CVE-2012-0464)\n\n - A security bypass vulnerability that can be exploited by an attacker 

if the victim can be tricked into setting a new home page by dragging a specially crafted 

link to the 'home' button URL, which will set the user's home page to a 'javascript:' URL. 



triggered by dragging and dropping 'javascript:' links onto a frame. (CVE-2012-0455) 


CVE-2012-0464 


Mozilla Thunderbird 10.x < 10.0.3 Multiple Vulnerabilities 




\n\nVersions of Firefox 10.x earlier than 10.0.3 are potentially affected by the following 

















CVE-2012-0464 




attack vectors.\n\nFor your information, the observed version of Thunderbird is : \n %L 

\n\nVersions of Thunderbird 3.1.x earlier than 3.1.20 are potentially affected by the 

following security issues :\n\n - Multiple memory corruption issues. By tricking a user into 

visiting a specially crafted page, these issues may allow an attacker to execute arbitrary 

code in the context of the affected application. (CVE-2012-0457, CVE-2012-0461, 

CVE-2012-0462, CVE-2012-0463, CVE-2012-0464)\n\n - A security bypass vulnerability 

that can be exploited by an attacker if the victim can be tricked into setting a new home 

page by dragging a specially crafted link to the 'home' button URL, which will set the user's 

home page to a 'javascript:' URL. (CVE-2012-0458)\n\n - An information disclosure 

vulnerability due to an out of bounds read in SVG filters. (CVE-2012-0456)\n\n - A 

cross-site scripting vulnerability that can be triggered by dragging and dropping 'javascript:' 

links onto a frame. (CVE-2012-0455) 


CVE-2012-0464 


Mozilla SeaMonkey 2.x < 2.8 Multiple Vulnerabilities 




\n\nVersions of SeaMonkey 2.x earlier than 2.8 are potentially affected by the following 
















Solution: Upgrade to SeaMonkey 2.8 or later. 

CVE-2012-0464 

VLC Media Player < 2.0.1 Multiple Code Execution Vulnerabilities 



vectors\n\nThe remote host contains VLC player, a multi-media application. For your 


earlier than 2.0.1 are potentially affected by multiple vulnerabilities :\n\n - A stack 

overflow exists in MMS support. (CVE-2012-1775)\n\n - Multiple heap overflows exist in 

Real RTSP support. (CVE-2012-1776) 


CVE-2012-1776 



Description: Synopsis :\n\nThe remote host contains a web browser that is affected by multiple 

vulnerabilities.\n\nFor your information, the observed version of Google Chrome is :\n %L 


following vulnerabilities :\n\n - An unspecified integer issue exists in libpng. 

(CVE-2011-3045)\n\n - Use-after-free errors exist related to 'first-letter' handling, CSS 

cross-fade handling and block splitting. (CVE-2011-3050, CVE_2011-3051, 

CVE-2011-3053)\n\n - A memory corruption error exists related to WebGL canvas 

handling. (CVE-2011-3052)\n\n - An error exists related to webui privilege isolation. 

(CVE-2011-3054)\n\n - Installation of unpacked extensions does not use the application's 

native user interface for prompts. (CVE-2011-3055)\n\n - A cross-origin violation is 

possible with 'magic iframe'. (CVE-2011-3056)\n\n - The v8 JavaScript engine can allow 

invalid reads to take place. (CVE-2011-3057) 


CVE-2011-3056 

E-mail Client Detection 



PVS ID: 6357 FAMILY: SMTP Clients RISK: NONE NESSUS ID:Not Available 

Description: The remote host is running the following e-mail client: %L 

Solution: N/A 

realtimeonly 


Facebook Game - Zynga's Cafe World Detected 


Description: The remote host is accessing the Zynga game Cafe World via Facebook. 



Facebook Game - Zynga's Castleville Detected 


Description: The remote host is accessing the Zynga game CastleVille via Facebook. 



Facebook Game - Zynga's CityVille Detected 


Description: The remote host is accessing the Zynga game CityVille via Facebook. 



Facebook Game - Zynga's Empires & Allies Detected 


Description: The remote host is accessing the Zynga game Empires & Allies via Facebook. 



Facebook Game - Zynga's FarmVille Detected 




Description: The remote host is accessing the Zynga game FarmVille via Facebook. 



Facebook Game - Zynga's FishVille Detected 


Description: The remote host is accessing the Zynga game FishVille via Facebook. 



Facebook Game - Zynga's Hidden Chronicles Detected 


Description: The remote host is accessing the Zynga game Hidden Chronicles via Facebook. 



Facebook Game - Zynga's Indiana Jones Adventure World Detected 


Description: The remote host is accessing the Zynga game Indiana Jones Adventure World via 

Facebook. 



Facebook Game - Zynga's Mafia Wars 2 Detected 


Description: The remote host is accessing the Zynga game Mafia Wars 2 via Facebook. 



Facebook Game - Zynga's Mafia Wars Detected 




Description: The remote host is accessing the Zynga game Mafia Wars via Facebook. 



Facebook Game - Zynga's PetVille Detected 


Description: The remote host is accessing the Zynga game PetVille via Facebook. 



Facebook Game - Zynga's Pioneer Trail Detected 


Description: The remote host is accessing the Zynga game Pioneer Trail (formerly FrontierVille) via 

Facebook. 



Facebook Game - Zynga's Poker Detected 


Description: The remote host is accessing the Zynga Poker game via Facebook. 



Facebook Application - Zynga's RewardVille Detected 


Description: The remote host is accessing the Zynga RewardVille application via Facebook / 

zynga.com. This central application is used to reward players in a wide variety of Zynga 

games. 





Facebook Game - Zynga's Treasure Isle Detected 


Description: The remote host is accessing the Zynga game Treasure Isle via Facebook. 



Facebook Game - Zynga's Vampire Wars Detected 


Description: The remote host is accessing the Zynga game Vampire Wars via Facebook. 



Facebook Game - Zynga's Words With Friends Detected 


Description: The remote host is accessing the Zynga game Words With Friends via Facebook. 



Facebook Game - Zynga's YoVille Detected 


Description: The remote host is accessing the Zynga game YoVille via Facebook. 



Facebook Game - Wooga Bubble Island Detected 


Description: The remote host is accessing the Wooga Bubble Island game on Facebook. 



Facebook Game - Wooga Diamond Dash Detected 




Description: The remote host is accessing the Wooga Diamond Dash game on Facebook. 



Facebook Game - Wooga Happy Hospital Detected 


Description: The remote host is accessing the Wooga Happy Hospital game on Facebook. 



Facebook Game - Wooga Magic Land Detected 


Description: The remote host is accessing the Wooga Magic Land game on Facebook. 



Facebook Game - Wooga Monster World Detected 


Description: The remote host is accessing the Wooga Monster World game on Facebook. 



Facebook Game - Angry Birds Detected 


Description: The remote host is accessing the Angry Birds game via Facebook. 



Facebook Game - Backyard Monsters Detected 




Description: The remote host is accessing the Backyard Monsters application on Facebook. 



Facebook Game - Bejeweled Blitz Detected 


Description: The remote host is accessing the Bejeweled Blitz game on Facebook. 



Facebook Game - BINGO Blitz Detected 


Description: The remote host is accessing the BINGO Blitz application on Facebook. 



Facebook Game - Coco Girl Detected 


Description: The remote host is accessing the Coco Girl application on Facebook. 



Facebook Game - CSI Crime City Detected 


Description: The remote host is accessing the CSI Crime City game on Facebook. 



Facebook Game - Shadow Fight Detected 




Description: The remote host is accessing the Shadow Fight application on Facebook. 



Facebook Game - Social Empires, Land of Dragons & Castles Detected 


Description: The remote host is accessing the Social Empires - Land of Dragons & Castles application 

on Facebook. 



Facebook Game - Tetris Battle Detected 


Description: The remote host is accessing the Tetris Battle game on Facebook. 



Facebook Game - The Sims Social Detected 


Description: The remote host is accessing The Sims Social application on Facebook. 



Facebook Game - Top Eleven, Be a Football Manager Detected 


Description: The remote host is accessing the Top Eleven - Be a Football Manager application on 

Facebook. 



BitTorrent .torrent File Download Detection 




Description: The remote host has downloaded a .torrent file. Ensure that this activity is in accordance to 

company policy. Many torrent files are loaded with malware, as well as violate copyright 

infringement. The following file was detected: %L. 

realtimeonly 

Solution: Ensure that this activity does not violate company policy. 







realtimeonly 








realtimeonly 



Apple Jailbroken Device Detected 


Description: The remote host is running an Apple device which has been jailbroken. The host is running 

IOS version : %L 



Facebook Link Detection 




Description: The following link to your web server was posted to Facebook : %P 

realtimeonly 



Facebook Application Access 


Description: The remote host is accessing the following Facebook application: %L 

realtimeonly 



Tivoli Provisioning Manager Express for Software Distribution Multiple SQL Injection 



Description: Synopsis :\n\nThe remote web application is affected by multiple SQL injection 

vulnerabilities.\n\nThe remote web server hosts Tivoli Provisioning Manager Express for 

Software Distribution, a web-based application for distributing software. For your 

information, the observed version of Tivoli Provisioning Manager Express for Software 

Distribution is:\n %L\n\nTivoli Provisioning Manager Express for Software Distribution 

fails to properly sanitize user supplied input to the following servlets :\n\n - 

Printer.getPrinterAgentKey() in the SoapServlet servlet\n\n - User.updateUserValue() in 

the register.do servlet\n\n - User.isExistingUser() in the logon.do servlet\n\n - 

Asset.getHWKey() in the CallHomeExec servlet\n\n - Asset.getMimeType() in the 

getAttachment servlet\n\nAn unauthenticated, remote attacker, can leverage these issues to 

manipulate database queries, leading to disclosure of sensitive information, attacks against 

the underlying database, and the like. 

Solution: There is no replacement for Tivoli Provisioning Manager Express for Software 

Distribution. IBM recommends installing Tivoli Endpoint Manager for Lifecycle 

Management v8.1. 

CVE-2012-0199 








11.62 are potentially affected by multiple vulnerabilities :\n\n - Small windows can be used 

to trick users in to executing downloads. (Issue 1010)\n\n - Overlapping content can trick 

users into executing downloads. (Issue 1011)\n\n - History.state can leak the state data from 

cross domain pages. (Issue 1012)\n\n - Web page dialogs can be used to display the wrong 

address in the address field. (Issue 1013)\n\n - Carefully timed reloads and redirects can 

spoof the address field. (Issue 1014) 



OpenSSL 0.9.8 < 0.9.8u / 1.0.0 < 1.0.0h Multiple Vulnerabilities 


RISK: 

MEDIUM 



information, the observed version of OpenSSL is : \n %L \n\nOpenSSL versions earlier 

than 0.9.8u and 1.0.0h are potentially affected by multiple vulnerabilities :\n\n - A NULL 

pointer dereference flaw exists in mime_param_cmp. A specially crafted S/MIME input 

header could cause an application to crash during S/MIME message verification or 

decryption. (CVE-2012-1165)\n\n - A weakness in the OpenSSL CMS and PKCS 7 code 

can be exploited using Bleichenbacher's attack on PKCS 1 v1.5 RSA padding. Note that 

only users of CMS, PKCS 7, or S/MIME decryption operations are affected. 

Solution: Upgrade to OpenSSL 0.9.8u, 1.0.0h, or later. 

CVE-2012-1165 

Apache Traffic Server < 3.0.4 / 3.1.3 Buffer Overflow Vulnerability 


Description: Synopsis :\n\nThe remote caching server is affected by a heap-based buffer overflow 

vulnerability.\n\nApache Traffic Server, an open source caching server, is installed on the 

remote host. For your information, the observed version of Apache Traffic Server installed 

on the remote host is :\n %L \n\n Versions of Apache Traffic Server earlier than 3.0.4 or 

3.1.x earlier than 3.1.3 are potentially affected by a heap-based buffer overflow 

vulnerability when handling malicious HTTP host headers. By exploiting this flaw, a 

remote, unauthenticated attacker could execute arbitrary code on the remote host subject to 

the privileges of the user running the affected service. 

Solution: Upgrade to Apache Traffic Server 3.0.4, 3.1.3, or later. 

CVE-2012-0256 








following vulnerabilities :\n\n - An error exists in the v8 JavaScript engine that can allow 

invalid reads. (CVE-2011-3057)\n\n - An unspecified error exists related to bad interaction 

and 'EUC-JP'. This can lead to cross-site scripting attacks. (CVE-2011-3058)\n\n - 

Out-of-bounds read errors exist related to SVG text handling and text fragment handling. 

(CVE-2011-3059, CVE-2011-3060)\n\n - A certificate checking error exists related to the 

SPDY protocol. (CVE-2011-3061)\n\n - An off-by-one error exists in the 'OpenType 

Sanitizer'. (CVE-2011-3062)\n\n - Navigation requests from the renderer are not validated 

carefully enough. (CVE-2011-3063)\n\n - A use-after-free error exists related to SVG 

clipping. (CVE-2011-3064)\n\n - An unspecified memory corruption error exists related to 

'Skia'. (CVE-2011-3065)\n\n - The bundled version of Adobe Flash Player contains errors 

related to ActiveX and the NetStream class. These errors can allow memory corruption, 

denial of service via application crashes and possibly code execution. (CVE-2012-0772, 

CVE-2012-0773) 


CVE-2012-0773 






following vulnerabilities :\n\n - An out-of-bounds read issue exists related to 'Skia' 

clipping. (CVE-2011-3066)\n\n - An error exists related to cross-origin iframe replacement. 

(CVE-2011-3067)\n\n - Use-after-free errors exist related to 'run-in' handling, line box 

editing, v8 JavaScript engine bindings, 'HTMLMediaElemet', SVG resource handling, 

media handling, style command application, and focus handling. (CVE-2011-3068, 


CVE-2011-3075, CVE-2011-3076)\n\n - A cross-origin violation error exists related to 

pop-up windows. (CVE-2011-3072)\n\n - A read-after-free error exists related to script 

binding. (CVE-2011-3077)\\n - The bundled Adobe Flash Player is vulnerable to several 

memory corruption issues that can lead to arbitrary code execution. (CVE-2012-0724, 

CVE-2012-0725) 


CVE-2012-0725 

ashleymadison.com Access Detection 




Description: The remote host has registered to an online dating site ashleymadison.com. Ensure this 

activity does not violate company policy. 



ashleymadison.com Access Detection 


Description: The remote host has successfully logged into an online dating site ashleymadison.com. 

Ensure this activity does not violate company policy. 



chemistry.com Access Detection 


Description: The remote host has registered to an online the dating site chemistry.com. Ensure this 

activity does not violate company policy. The following email address was used: %L. 



chemistry.com Access Detection 


Description: The remote host has logged into an online the dating site chemistry.com. Ensure this 




craigslist.org Personals Section Access Detected 


Description: The remote host has access craigslist.org personals section. Ensure this activity does not 

violate company policy. 





craigslist.org Personals Access Detection 


Description: The remote host has access craigslist.org personals section and performed a search. Ensure 

this activity does not violate company policy. 



lavalife.com Access Detection 


Description: The remote host has browsed to an online the dating site lavalife.com. Ensure this activity 

does not violate company policy. The following email address was used: %L. 



lavalife.com Access Detection 


Description: The remote host has successfully logged into an online dating site lavalife.com. Ensure this 

activity does not violate company policy. The following email address was used: %P. 



eharmony.com Access Detection 


Description: The remote host has attempted to login into the dating site eharmony.com. Ensure this 







Description: The remote host has successfully login into the dating site eharmony.com. Ensure this 







Description: The remote host has successfully login into the dating site eharmony.com. Ensure this 

activity does not violate company policy. The following username was detected: %L. 



Facebook Game - 21 Questions Detected 


Description: The remote host is accessing the 21 questions application on Facebook. 



Facebook Game - Barn Buddy Detected 


Description: The remote host is accessing the Barn Buddy game on Facebook. 



Facebook Game - Bayou Blast Detected 


Description: The remote host is accessing the Bayou Blast game on Facebook. 



Facebook Game - Best Casino Detected 




Description: The remote host is accessing the Best Casino - Free Slots, Bingo, Poker & Blackjack game 

on Facebook. 



Facebook Game - Crime City Detected 


Description: The remote host is accessing the Crime City game on Facebook. 



Facebook Game - Family Feud Detected 


Description: The remote host is accessing the Family Feud game on Facebook. 



Facebook Game - Farkle Detected 


Description: The remote host is accessing the Farkle game on Facebook. 



Facebook Game - Fruit Ninja Frenzy Detected 


Description: The remote host is accessing the Fruit Ninja Frenzy game on Facebook. 



Facebook Game - Happy Aquarium Detected 




Description: The remote host is accessing the Happy Aquarium game on Facebook. 



Facebook Game - Happy Pets Detected 


Description: The remote host is accessing the Happy Pets game on Facebook. 



Facebook Game - Icy Tower Detected 


Description: The remote host is accessing the Icy Tower game on Facebook. 



Facebook Game - JackpotJoy Slot Machines Detected 


Description: The remote host is accessing the JackpotJoy Slot Machines game on Facebook. 



Facebook Game - Mesmo Games Detected 


Description: The remote host is accessing the Mesmo Games application on Facebook. 



Facebook Game - Mindjolt Detected 




Description: The remote host is accessing the Mindjolt game on Facebook. 



Facebook Game - Monster Galaxy Detected 


Description: The remote host is accessing the Monster Galaxy game on Facebook. 



Facebook Game - My Shops Detected 


Description: The remote host is accessing the My Shops game on Facebook. 



Facebook Game - Okey Detected 


Description: The remote host is accessing the Okey game on Facebook. 



Facebook Game - Restaurant City Detected 


Description: The remote host is accessing the Restaurant City game on Facebook. 



Facebook Game - Scrabble Detected 




Description: The remote host is accessing the Scrabble game on Facebook. 



Facebook Game - The Smurfs & Co Detected 


Description: The remote host is accessing the The Smurfs & Co game on Facebook. 



Facebook Game - Stardoll Detected 


Description: The remote host is accessing the Stardoll game on Facebook. 



Facebook Game - Sultan Bubble Detected 


Description: The remote host is accessing the Sultan Bubble game on Facebook. 



Facebook Game - Turkiye Texas Poker Detected 


Description: The remote host is accessing the Turkiye Texas Poker game on Facebook. 



Facebook Game - TubeHero Detected 




Description: The remote host is accessing the TubeHero game on Facebook. 



Facebook Game - Poker Texas Hold'em Boyaa Viet Nam Detected 


Description: The remote host is accessing the Poker Texas Hold'em Boyaa Viet Nam game on 

Facebook. 



Facebook Game - Miscrits of Volcano Island Detected 


Description: The remote host is accessing the Miscrits of Volcano Island game on Facebook. 



Facebook Game - War Commander Detected 


Description: The remote host is accessing the War Commander game on Facebook. 



Facebook Game - Zynga Slingo Detected 


Description: The remote host is accessing the Zynga Slingo application on Facebook. 




Samba 3.x < 3.6.4 / 3.5.14 / 3.4.16 RPC Multiple Buffer Overflows 



Description: Synopsis :\n\nThe remote Samba server is affected multiple buffer overflow 

vulnerabilities.\n\nFor your information, the observed version of Samba is :\n %L 

\n\nAccording to its banner, the version of Samba 3.x running on the remote host is earlier 

than 3.6.4 / 3.5.14 / 3.4.16. It is, therefore, affected by multiple heap-based buffer overflow 

vulnerabilities.\n\nAn error in the DCE/RPC IDL (PIDL) compiler causes the RPC 

handling code it generates to contain multiple heap-based buffer overflow vulnerabilities. 

This generated code can allow a remote, unauthenticated attacker to use malicious RPC 

calls to crash the application and possibly execute arbitrary code as the root user. 

Solution: Either install the appropriate patch referenced in the project's advisory or upgrade to 3.4.16, 

3.5.14, 3.6.4, or later. 

CVE-2012-1182 




used to manage a wide range of SCADA devices. A client has just attempted a 

INFOTAG/SET_CONTROL command. 

Solution: N/A 





used to manage a wide range of SCADA devices. The PVS has just observed a client 

connection to this server. 

Solution: N/A 


Wonderware Management Server Detection (SCADA) 


Description: The remote server is running the Wonderware Management Server. This software server is 

used to manage a wide range of SCADA devices. The PVS has just observed a client 

connection to this server. 

Solution: N/A 







used to manage a wide range of SCADA devices. A client has just sent a request which 

may cause an overflow in the HMI service. 

Solution: N/A 







Solution: N/A 







Solution: N/A 


7T Interactive Graphical SCADA System (IGSS) Server Detection (SCADA) 


Description: The remote server is running the 7T Interactive Graphical SCADA System(IGSS) Server. 

This software server is used to manage a wide range of SCADA devices. The PVS has just 

observed a client connection to this system. 

Solution: N/A 








connection. Given this, TeamViewer can subvert firewall rules by allowing direct access to 

an internal machine from untrusted networks. 








an internal machine from untrusted networks. 








Solution: N/A 







Solution: N/A 






Description: The remote host is running an application that is vulnerable to multiple attack 


information, the observed build of RealPlayer is:\n%L.\n\nRealPlayer builds earlier than 

12.0.1.666 are potentially affected by multiple code execution vulnerabilities :\n\n - A heap 

based buffer overflow vulnerability exits within qcpfformat.dll file, which only creates a 

static 256 byte allocation on the heap. This can be abused by a remote attacker to execute 

arbitrary code running in the context of the web browser. (CVE-2011-2950)\n\n - A flaw 

exists due to RealPlayer allowing users to run local HTML files with scripting enabled 

without any warning. Attackers can exploit this issue to execute arbitrary code within the 

context of the application(typically Internet Explorer) that uses the ActiveX control. 

(CVE-2011-2947)\n\n - A memory-corruption vulnerability exist due to an use-after-free 

condition that affects "Embedded AutoUpdate." Successful exploit will allow remote 

attackers to execute arbitrary code within the context of the affected application. 

(CVE-2011-2954)\n\n - A remote buffer-overflow vulnerability exists due to the software 

failing to perform adequate boundary-checks on user-supplied data. Successful exploit 

allow attackers to execute arbitrary code in the context of the vulnerable applications. 

(CVE-2011-2951)\n\n - A remote code-execution vulnerability exists when handling 

'DEFINEFONT' fields in Flash files. Successful exploit will allow remote attackers to 

execute arbitrary code within the context of the affected application. (CVE-2011-2948)\n\n 

- A remote code-execution vulnerability exist in the way the application uses 

'WideCharToMultiByte' call, resulting in a heap-based buffer overflow. Successful exploit 

will allow remote attackers to execute arbitrary code within the context of the affected 

application. (CVE-2011-2949)\n\n - A memory-corruption vulnerability exists due to an 

use-after-free condition, particularly affects the dialogue box. Successful exploit will allow 

remote attackers to execute arbitrary code within the context of the affected application. 

(CVE-2011-2952)\n\n\ - A memory-corruption vulnerability exists due to an use-after-free 

condition, particularly affects the Embedded Modal Dialog. Successful exploit will allow 

remote attackers to execute arbitrary code within the context of the affected application. 

(CVE-2011-2955)\n\n - A cross-zone scripting vulnerability exists due to the fact that the 

RealPlayer ActiveX control allows users to run local HTML files with scripting enabled 

without providing any warning. Attackers can exploit this issue to execute arbitrary code 

within the context of the application(typically Internet Explorer) that uses the ActiveX 

Control. (CVE-2011-121)\n 

Solution: Upgrade to RealPlayer 14.0.6 (Build 12.0.1.666) or later. 

CVE-2011-1221 

nginx < 1.0.10 DNS Resolver Remote Heap Buffer Overflow 



RISK: 

MEDIUM 


Description: Synopsis:\n\nThe remote web server is affected by a buffer-overflow vulnerability.\n\nThe 

remote host is running a nginx HTTP server. For your information, the observed version of 

nginx is:\n %L \n\nVersions earlier than 1.0.10 are vulnerable to a remote heap-based 

buffer-overflow vulnerability due to a failure to properly bounds check user-supplied input 

to the DNS resolver. The issue occurs specifically when the DNS resolver processes 

messages more than 255 bytes. Successfully exploiting this issue allows attackers to 

execute arbitrary code in the context of the application. (CVE-2011-4314)\n 


Solution: Upgrade to nginx 1.0.10 or later. 

CVE-2011-4315 

nginx < 1.0.14 / 1.1.x < 1.1.17 Information-Disclosure 


RISK: 

MEDIUM 


Description: Synopsis:\n\nThe remote web server is affected by an information disclosure 

vulnerability.\n\nThe remote host is running a nginx HTTP server. For your information, 

the observed version of nginx is:\n %L \n\n Versions earlier than 1.0.14(stable version) or 

versions earlier than 1.1.17(development version) are vulnerable to an 

information-disclosure vulnerability, when handling specially crafted HTTP responses. 

Attackers can exploit this issue to disclose the content of the previously freed memory. 

(CVE-2012-1180)\n 

Solution: Upgrade to nginx 1.0.14(stable version) or 1.1.17(development version) or later. 

CVE-2012-1180 

nginx < 1.0.15 / 1.1.x < 1.1.19 Buffer-Overflow Vulnerability 


RISK: 

MEDIUM 


Description: Synopsis:\n\nThe remote web server is affected by a buffer-overflow vulnerability.\n\n The 

remote host is running a nginx HTTP server. For your information, the observed version of 

nginx is:\n %L \n\n Versions earlier than 1.0.15(stable version) or versions earlier than 

1.1.19(development version) are vulnerable to a buffer-overflow vulnerability because it 

fails to perform adequate checks on user-supplied input. An attacker can exploit this issue 

by using a specially-crafted mp4 file, allowing the attacker to execute arbitrary code in the 

context of the application. (CVE-2012-2089)\n 



CVE-2012-2089 






an internal machine from untrusted networks. The version of TeamViewer is %L 



Skype Client Detection 



Description: The remote host is running a Skype client. 

Solution: Ensure that the use of this application is in alignment with existing policies and guidelines. 


Facebook Game - Wooga Game Detection (Generic) 


Description: The remote host is accessing the following Wooga game on Facebook. %L 



Rockwell Automation Service Detection 


Description: The remote host has been identified as a Rockwell automation server. The server is running 

an RNA process on this port. 

realtime 

Solution: N/A 






realtime 

Solution: N/A 








realtime 

Solution: N/A 






realtime 

Solution: N/A 






realtime 

Solution: N/A 






realtime 

Solution: N/A 








realtime 

Solution: N/A 






realtime 

Solution: N/A 






realtime 

Solution: N/A 






realtime 

Solution: N/A 








realtime 

Solution: N/A 






realtime 

Solution: N/A 

VoIP Client Detection 



Description: The remote client has just connected to a VoIP server. 

realtimeonly 

Solution: Ensure that this sort of traffic is authorized with respect to existing policies and guidelines 


Polycom VoIP Client Detection 


Description: The remote client has just connected to a VoIP server. The version of the Polycom 

client is %L 

Solution: Ensure that this sort of traffic is authorized with respect to existing policies and guidelines 


Policy - Usenet .nzb File Detection 




Description: The remote web server is hosting .nzb files. NZB files are used by USENET clients to 

download large files. As an example, consider the following file %P 

Solution: Ensure the use or hosting of NZB files are approved under corporate policy. 


Policy - Usenet .nzb Client File Detection 


Description: The remote client has just downloaded the following .nzb file : ' %L '. NZB files are used 

for file sharing via Usenet, including pirated content such as movies or TV. 

Solution: Ensure the use or hosting of NZB files are approved under corporate policy. 


IBM Tivoli Directory Server Web Admin tool 6.1.0.x < 6.1.0.48 / 6.2.0.x < 6.2.0.22 / 6.3.0.x < 6.3.0.11 

Cross-Site Scripting Vulnerability 


RISK: 

MEDIUM 


Description: Synopsis:\n\nThe remote server is prone to a cross-site scripting vulnerability.\n\nThe 

remote host is running the IBM Tivoli Directory Server Web Admin tool. For your 

information, the observed version of the tool is:\n %L \n\n Versions earlier than 6.1.0.48 

(Web Admin Version 4.0027), 6.2.0.22 (Web Admin Version 5.0015) or versions earlier 

than 6.3.0.11 (Web Admin Version 6.0006) are vulnerable to a cross-site scripting attack. 

The application fails to sanitize user-supplied input submitted to the Web Admin Tool. 

Attackers can exploit this issue to execute an arbitrary script in the context of the 

browser.\n 

Solution: Upgrade to Tivoli Directory Server 6.1.0.48 (Web Admin Version 4.0027), 6.2.0.22 (Web 

Admin version 5.0015), 6.3.0.11 (Web Admin version 6.0006) or later. 

CVE-2012-0740 

HTTP Server Insecure Authentication (Basic) 


Description: The remote web server accepts 'Basic' credentials. This means that the userID and password 

of users is passed in base64 encoding. Such encoding is not encrypted but merely base64 

obfuscated. It is trivial for a passive listener to obtain the credentials. 

Solution: N/A 




Epiphany Browser Version Detection 


Description: The remote host is running the Epiphany browser version: %L 

Solution: N/A 


Apple iOS 3.0 through 5.1 Multiple Vulnerabilities 





vulnerabilities. iOS 5.1.1 contains security fixes for the following products :\n\n - Safari\n\n 

- WebKit 


CVE-2012-0672 







- Login Windows\n - Bluetooth\n - curl\n - HFS\n - Kernel\n - libarchive\n - libsecurity\n - 

libxml\n - LoginUIFramework\n - PHP\n - Quartz Composer\n - QuickTime\n - Ruby\n - 

Security Framework\n - Time Machine\n - X11\nIAVB Reference : 2012-B-0006\nSTIG 



CVE-2012-0830 






of Safari is: \n %L \n\nVersions of Safari earlier than 5.1.7 are reportedly affected by 

several issues :\n\n - Two unspecified errors that can allow malicious sites to perform 

cross-site scripting attacks. (CVE-2011-3046, CVE-2011-3056)\n\n - An unspecified 

memory corruption error exists that can allows malicious sites to crash the application or 


potentially execute arbitrary code. (CVE-2012-0672)\n\n - A state-tracking issue exists that 

can allow malicious sites to populate HTML form values of other sites with arbitrary data. 

(CVE-2012-0676)\n 


CVE-2012-0676 

Dropbox Software Detection 

PVS ID: 6484 FAMILY: Internet Services RISK: INFO NESSUS ID:35717 

Description: Dropbox is installed on the remote host. Dropbox is an application for storing and 

synchronizing files between computers, possibly outside the organization. 



iTunes AppleTV client Detection 


Description: The remote client is running the iTunes AppleTV application version : %L 



Apple Hardware Detection 


Description: The remote host is running an Apple device version: %L. 

Solution: Ensure that this hardware is authorized for your network 








following vulnerabilities :\n\n - Video content with FTP can cause crashes. 

(CVE-2011-3083)\n\n - Internal links are not loaded in their own process. 

(CVE-2011-3084)\n\n - Lenghty auto-filled values can corrupt the user interface. 

(CVE-2011-3085)\n\n - User-after free errors exist related to style elements, table handling, 

indexed DBs, GTK 'omnibox' handling, and corrupt font enconding names related to PDF 


handling. (CVE-2011-3086, CVE-2011-3089, CVE-2011-3091, CVE-2011-3096, 

CVE-2011-3099)\n\n - An error exists related to windows navigation. 

(CVE-2011-3087)\n\n - Out-of-bounds read errors exist to hairline drawing, glyph 

handling, Tibetan, OGG containers, PDF sampled functions and drawing dash paths. 


CVE-2011-3100)\n\n - A race condition related to workers exists. (CVE-2011-3090)\n\n - 

An invalid write exists in the v8 regex processing. (CVE-2011-3092)\n\n - An error exists 

related to Windows Media Player plugin and the search path. (CVE-2011-3098)\n\n - An 

off-by-one out-of-bounds write error exists in libxml. (CVE-2011-3098) 


CVE-2011-3102 





information, the observed build of RealPlayer is:\n%L.\n\nRealPlayer builds earlier than 

15.0.4.53 are potentially affected by multiple vulnerabilities :\n\n - A memory corruption 

error exists related to the handling of 'MP4' files. (CVE-2012-1904)\n\n - An unspecified 

error exists related to the parsing of 'RealMedia ASMRuleBook' files that can lead to 

remote arbitrary code execution. (CVE-2012-2406)\n\n - A buffer overflow exists related to 

the parsing of 'RealJukebox Media' content. (CVE-2012-2411)\n 


CVE-2012-2411 






of QuickTime earlier thanolder than 7.7.2 are affected by the following vulnerabilities :\n\n 

- An uninitialized memory access issue exists in the handling of MP4 encoded files. 

(CVE-2011-3458)\n\n - An off-by-one buffer overflow exists in the handling of rdrf atoms 

in QuickTime movie files. (CVE-2011-3459)\n\n - A stack buffer overflow exists in the 

QuickTime plugin's handling of PNG files. (CVE-2011-3460)\n\n - A stack buffer overflow 

exists in QuickTime's handling of file paths. (CVE-2012-0265)\n\n - A buffer overflow 

exists in the handling of audio sample tables. (CVE-2012-0658)\n\n - An integer overflow 

exists in the handling of MPEG files. (CVE-2012-0659)\n\n - An integer underflow exists 

in QuickTime's handling of audio streams in MPEG files. (CVE-2012-0660)\n\n - A 

use-after-free issue exists in the handling of JPEG2000 encoded movie files. 

(CVE-2012-0661)\n\n - Multiple stack overflows exist in QuickTime's handling of TeXML 

files. (CVE-2012-0663)\n\n - A heap overflow exists in QuickTime's handling of text 

tracks. (CVE-2012-0664)\n\n - A heap overflow exists in the handling of H.264 encoded 


movie files. (CVE-2012-0665)\n\n - A stack buffer overflow exists in the QuickTime 

plugin's handling of QTMovie objects. (CVE-2012-0666)\n\n - A signedness issue exists in 

the handling of QTVR movie files. (CVE-2012-0667)\n\n - A buffer overflow exists in 

QuickTime's handling of Sorenson encoded movie files. (CVE-2012-0669)\n\n - An integer 

overflow exists in QuickTime's handling of sean atoms. (CVE-2012-0670)\n\n - A memory 

corruption issue exists in the handling of .pict files. (CVE-2012-0671) 


CVE-2012-0671 






following vulnerabilities :\n\n - An error exists in the v8 JavaScript engine that can cause 

application crashes during garbage collection. (CVE-2011-3103)\n\n - An out-of-bounds 

read error exists related to 'Skia'. (CVE-2011-3104)\n\n - Use-after-free errors exists related 

to 'first-letter handling', browser cache, and invalid encrypted PDFs. (CVE-2011-3105, 

CVE-2011-3108, CVE-2011-3112)\n\n - A memory corruption error exists related to 

websockets and SSL. (CVE-2011-3106)\n\n - An error exists related to plugin-in JavaScript 

bindings that can cause the application to crash. (CVE-2011-3107)\n\n - An out-of-bounds 

write error exists related to PDF processing. (CVE-2011-3110)\n\n - An invalid read error 

exists related to the v8 Java Script engine. (CVE-2011-3111)\n\n - An invalid cast error 

exists related to colorspace handling in PDF processing. (CVE-2011-3113)\n\n - A buffer 

overflow error exists related to PDF functions. (CVE-2011-3114)\n\n - A type corruption 

error exists related to the v8 JavaScript engine. (CVE-2011-3115)\n 


CVE-2011-3115 

MySQL Server 5.5 < 5.5.22 Multiple Unspecified Vulnerabilities 


RISK: 

MEDIUM 




\n\nVersions of MySQL Community Server 5.5 earlier than 5.5.22 are potentially affected 

by multiple unspecified vulnerabilities. 


Flame Worm Detection 

CVE-2012-1703 




Description: Synopsis :\n\nThe remote host is infected with a backdoor\n\nThe remote host appears to 

be infected with the Flame worm. This worm uses a multitude of exploit modules to gather 

information and exploit local machines. 

realtime 

Solution: The machine must be manually cleaned 


Game - Smurf's Village Detected 


Description: The remote host is accessing the Smurf's Village game. 



PHP 5.3.x < 5.3.13 CGI Query String Code Execution 




remote host is :\n %L \n\nPHP versions earlier than 5.3.13 are affected by a code execution 

vulnerability.\n\n The fix for CVE-2012-1823 does not completely correct the CGI query 

vulnerability. Disclosure of PHP source code and code execution via query paramenters are 

still possible.\n\nNote that his vulnerability is exploitable only when PHP is used by 

CGI-based configurations. Apache with 'mod-php' is not an exploitable configuration. 


CVE-2012-2336 






remote host is :\n %L \n\nPHP versions earlier than 5.4.3 are affected by the following 

vulnerabilities.\n\n - The fix for CVE-2012-1823 does not completely correct the CGI 

query parameter vulnerability. Disclosure of PHP source code and code execution via query 

paramenters are still possible. Note that his vulnerability is exploitable only when PHP is 

used by CGI-based configurations. Apache with 'mod-php' is not an exploitable 

configuration. (CVE-2012-2311, CVE-2012-2335, CVE-2012-2336)\n\n - An unspecified 

buffer overflow exists related to the function 'apache_request_headers'. (CVE-2012-2329) 



CVE-2012-2336 




vulnerabilities.\n\nFor your information, the observed version of SeaMonkey is : \n %L 


security issues :\n\n - An error exists in the ASN.1 decoder when handling zero length 

items that can lead to application crashes. (CVE-2012-0441)\n\n - Multiple memory 

corruption errors exist. (CVE-2012-1937, CVE-2012-1938)\n\n - Two heap-based buffer 

overflows and one heap-based use-after-free error exist and are potentially exploitable. 

(CVE-2012-1940, CVE-2012-1941, CVE-2012-1947)\n\n - Two arbitrary DLL load issues 

exist related to the application update and update service functionality. (CVE-2012-1942, 

CVE-2012-1943)\n\n - The inline-script blocking feature of the 'Content Security Policy' 

(CSP) does not properly block inline event handlers. This error allows remote attackers to 

more easily carry out cross-site scripting attacks. (CVE-2012-1944)\n\n - A use-after-free 

error exists related to replacing or inserting a node into a web document. 

(CVE-2012-1946)\n 


CVE-2012-1947 

Mozilla Firefox 12.x < 12 Multiple Vulnerabilities 



vulnerabilities.\n\nFor your information, the observed version of Firefox is : \n %L 

\n\nVersions of Firefox 12.x are potentially affected by the following security issues :\n\n - 

An error exists in the ASN.1 decoder when handling zero length items that can lead to 

application crashes. (CVE-2012-0441)\n\n - Multiple memory corruption errors exist. 

(CVE-2012-1937, CVE-2012-1038)\n\n - Two heap-based buffer overflows and one 

heap-based use-after-free error exist and are potentially exploitable. (CVE-2012-1940, 

CVE-2012-1941, CVE-2012-1947)\n\n - Two arbitrary DLL load issues exist related to the 

application update and update service functionality. (CVE-2012-1942, 





(CVE-2012-1946)\n 


CVE-2012-1947 



Mozilla Thunderbird 12.x < 12 Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote host has a mail client installed that is vulnerable to multiple 

vulnerabilities.\n\nFor your information, the observed version of Thunderbird is : \n %L 

\n\nVersions of Thunderbird 12.x are potentially affected by the following security issues 

:\n\n - An error exists in the ASN.1 decoder when handling zero length items that can lead 

to application crashes. (CVE-2012-0441)\n\n - Multiple memory corruption errors exist. 

(CVE-2012-1937, CVE-2012-1038)\n\n - Two heap-based buffer overflows and one 

heap-based use-after-free error exist and are potentially exploitable. (CVE-2012-1940, 

CVE-2012-1941, CVE-2012-1947)\n\n - Two arbitrary DLL load issues exist related to the 

application update and update service functionality. (CVE-2012-1942, 





(CVE-2012-1946)\n 


CVE-2012-1947 

Roving Constant Contact E-mail Marketing Client Detection 


Description: The remote host is running the Roving Constant Contact E-mail client. Roving 

Constant Contact is a software which includes the capability to launch e-mail 

marketing campaigns. 

Solution: Ensure that such software is authorized for your network 


iTunes < 10.6.3 Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote host contains a multimedia application that has multiple 

vulnerabilities.\n\nThe remote host has iTunes installed, a popular media player for 

Windows and Mac OS. For your information, the observed version of iTunes is:\n %L 

\n\nVersions of iTunes earlier than 10.6.3 are reportedly affected by the following 

issues:\n\n - A memory corruption issue exists in WebKit that can allow malicious websites 

to crash the application and possibly execute arbitrary code. (CVE-2012-0672)\n\n - A 

heap-based buffer overflow exists related to the handling of 'm3u' playlist files. This error 

can cause the application to crash or possibly allow arbitrary code execution. 

(CVE-2012-0677)\n 




CVE-2012-0677 

Facebook SocialCam Application Detection 


Description: The remote Facebook client is utilizing the SocialCam application. SocialCam is an 

application that allows users to watch videos from their Facebook timeline. 

Solution: Ensure that such usage is in alignment with corporate policies and guidelines 


RealNetworks Helix Server 14.x < 14.3.x Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote media streaming server is affected by multiple 

vulnerabilities.\n\nAccording to its banner, the remote host is running the following version 

of RealNetworks Helix Server / Helix Mobile Server: %L\n. Such versions are potentially 

affected by multiple vulnerabilities.\n\n - Administrative and user credentials are insecurely 

stored in a flat file database. This file may be accessed by local users to disclose passwords 

stored in clear text. (CVE-2012-1923)\n\n - A buffer overflow exists in the code that parses 

authentication credentials. It may be possible for a remote attacker to exploit this issue and 

execute arbitrary code. (CVE-2012-0942)\n\n - Multiple unspecified cross-site scripting 

vulnerabilities. (CVE-2012-1984)\n\n - A specially crafted malfored URL can cause the 

server process to crash if opened by an administrator. (CVE-2012-1985)\n\n - Establishing 

and immediately closing a TCP connection on port 705 can cause the SNMP Master Agent 

to crash (CVE-2012-2267)\n\n - A specially crafted Open-PDU request sent to the SNMP 

Master Agent can cause it to crash due to an unhandled exception. 

(CVE-2012-2268)\nIAVB Reference : 2012-B-0043\nSTIG Finding Severity : Category I 

Solution: Upgrade to RealNetworks Helix Server / Helix Mobile Server 14.3.x or later. 

CVE-2012-2268 

Facebook Viddy Application Detection 


Description: The remote Facebook client is utilizing the Viddy application. Viddy is an application that 

allows users to watch videos from their Facebook timeline. 



Facebook Viddy Application Detection 




Description: The remote Facebook client is utilizing the Viddy application. Viddy is an application that 

allows users to watch videos from their facebook timeline. The video viewed was : %L 

realtimeonly 



Flash player version detection 


Description: The remote host is running Flash player version : %L 

Solution: N/A 


Adobe Media player version detection 


Description: The remote host is running Adobe Media player version : %L 

Solution: N/A 


Outlook Social Connector version detection 


Description: The remote host is running Outlook Social Connector version : %L . The Outlook Social 

Connector allows users to interact with social network feeds from within Outlook. 

Solution: N/A 








following vulnerabilities :\n\n - An unspecified error allows access to iFrame fragment ID 

information, (CVE-2012-2815)\n\n - An unspecified issue is triggered when sandboxed 

processes interfere with one another. (CVE-2012-2816)\n\n - A user-after free issue exists 

in handling table sections which may allow for execution of arbitrary code. 


(CVE-2012-02817)\n\n - An unspecified use-after-free flaw exists in the counter layout 

which may allow for execution of arbitrary code. (CVE-2012-2818)\n\n - A flaw exists in 

the WebGL subsystem when the texSubImage2d implementation does not properly handle 

uploads to floating-point textures, which may allow a remote denial of service. 

(CVE-2012-2919)\n\n - An out-of-bounds read error occurs during the handling of SVG 

filters, which may allow a remote denial of service. (CVE-2012-2820)\n\n - A flaw exists 

in the autofill display. No further details have been provided. (CVE-2012-2821)\n\n - An 

out-of-bounds read error occurs during the handling of PDF files, which may allow 

multiple unspecified remote denial of service attacks. (CVE-2012-2822)\n\n - An 

user-after-free flaw exists during the handling of SVG resources, which may allow for 

execution of arbitrary code. (CVE-2012-2823, CVE-2012-2831)\n\n - An user-after-free 

flaw exists in SVG painting. No further details have been provided. (CVE-2012-2824)\n\n - 

An out-of-bounds read error occurs during texture conversion which may allow a remote 

denial of service. (CVE-2012-2826)\n\n - An use-after-free flaw in the Mac GUI. No 

further details have been provided. (CVE-2012-2827)\n\n - A flaw exists in improper 

sanitizing of user-supplied inputting resulting in multiple unspecified integer overflows 

with a specially crafted PDF file. (CVE-2012-2828)\n\n - An user-after-free flaw is 

triggered during handling of first letters. No further details have been provided. 

(CVE-2012-2829)\n\n - A flaw is triggered when an unspecified NULL pointer dereference 

occurs in array setting handling. (CVE-2012-2830)\n\n - A flaw is triggered when a NULL 

pointer dereference occurs in a PDF image codec. (CVE-2012-2832)\n\n - An overflow 

condition occurs when the PDF JS API fails to properly sanitize user-supplied input 

resulting in a buffer overflow. (CVE-2012-2833)\n\n - An overflow condition occurs in the 

Matroska container which fails to properly sanitize user-supplied input resulting in an 

integer overflow. (CVE-2012-2834)\n\n - A flaw exists in the way it loads 

dynamic-link-libraries (DLL). (CVE-2012-2764)\n\n - A flaw is triggered when an 

unspecified wild read occurs during the handling of XSL. (CVE-2012-2825)\n\n - This 

issue is only present on 64-bit Linux platforms. The libxml is prone to multiple unspecified 

overflow conditions. (CVE-2012-2807) 


FW/Proxy detection 

CVE-2012-2807 


Description: The remote host is a Firewall or Proxy device 

Solution: N/A 


Asterisk Remote Crash Vulnerability in Skinny Channel Driver (AST-2012-009) 



RISK: 

MEDIUM 



Description: Synopsis :\n\nThe remote VoIP server is affected by a denial of service attack.\n\nFor your 

information, the observed version of Asterisk is : \n %L \n\nAccording to the version in its 

SIP banner, the version of Asterisk running on the remote host is potentially affected by a 

vulnerability that could allow a remote attacker to crash the server. This issue may be 

exploited when the attacker has a valid SCCP (Skinny) ID and closes a connection when in 

certain call states. A null pointer is left behind and can cause the server to crash when the 

pointer is later dereferenced. 

Solution: Upgrade to Asterisk 10.5.1 or apply the patches listed in the Asterisk advisory 

CVE-2012-3553 

Asterisk Remote Crash Vulnerability in voice mail application (AST-2012-011) 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote VoIP server is affected by a denial of service attack.\n\nFor your 


SIP banner, the version of Asterisk running on the remote host is potentially affected by a 

vulnerability that could allow a remote attacker to crash the server. If a single voicemail 

account is manipulated by two parties simultaneously, a condition can occur where memory 

is freed twice causing a crash. 

Solution: Upgrade to Asterisk 1.8.13.1 / 10.5.2 

CVE-2012-3812 






following vulnerabilities :\n\n - Use-after-free errors exist related to counter handling and 

layout height tracking. (CVE-2012-2842, CVE-2012-2843)\n\n - An error exists related to 

JavaScript object accesses in PDF handling. (CVE-2012-2844)\n 


CVE-2012-2844 

Evernote Client Detection 



Description: The remote host is running the Evernote client. Evernote is an application which allows 

users to sync files across multiple devices, interact with social media sites, and do a host of 

other things. 


Solution: Ensure that such usage is in alignment with Corporate policy 

Java version detection 



Description: The remote host is running Java version : %L 

Solution: Ensure that you are running the latest version of Java 




RISK: 

MEDIUM 



your information, the observed version of MySQL Community Server is : \n %L \n\nThe 

version of MySQL 5.5 installed on the remote host is earlier than 5.5.24 and is, therefore, 

affected by the following vulnerabilities :\n\n - Several errors exist related to 'GIS 

Extension', 'Server', 'InnoDB' and 'Server Optimizer' components that can allow denial of 

service attacks. (CVE-2012-0540, CVE-2012-1734, CVE-2012-1735, CVE-2012-1756, 

CVE-2012-1757)\n\n - A security bypass vulnerability exists that occurs due to improper 

casting during user login sessions. (Bug #64884 / CVE-2012-2122)\n\n - An error exists 

related to key length and sort order index that can lead to application crashes. (Bug #59387 

/ CVE-2012-2749) 

Solution: Upgrade to MySQL Community Server 5.5.24 later. 

CVE-2012-2749 



RISK: 

MEDIUM 




version of MySQL 5.5 installed on the remote host is earlier than 5.5.23. As such, it is 

reportedly affected by an as yet unspecified vulnerability. 

Solution: Upgrade to MySQL Community Server 5.5.23 later. 

ActiveSync detection 

CVE-2012-2750 




Description: The remote host is a Mobile ActiveSync client 

Solution: N/A 

realtimeonly 


VLC Media Player < 2.0.2 Ogg_DecodePacket Function OGG File Handling Overflow 


Description: Synopsis :\n\nThe remote host contains an application that is vulnerable to a buffer 

overflow vulnerability\n\nThe remote host contains VLC player, a multi-media application. 

For your information, the observed version of VLC is : \n %L .\n\nVersions of VLC media 

player earlier than 2.0.2 are potentially affected by a heap-based buffer overflow 

vulnerability. An error exists in the function 'Ogg_DecodePacket' in the file 

'modules/demux/ogg.c' that does not properly validate input and can allow a heap-based 

buffer overflow. Opening a specially crafted file can result in the execution of arbitrary 

code. (CVE-2012-3377) 


CVE-2012-3377 

Mozilla Firefox 13.x < 13 Multiple Vulnerabilities 






Several memory safety issues exist, some of which could potentially allow arbitrary code 

execution. (CVE-2012-1948, CVE-2012-1949)\n\n - An error related to drag and drop can 

allow incorrect URLs to be displayed. (CVE-2012-1950)\n\n - Several memory safety 

issues exist related to the Gecko layout engine. (CVE-2012-1951, CVE-2012-1952, 

CVE-2012-1953, CVE-2012-1954)\n\n - An error related to JavaScript functions 

'history.forward' and 'history.back' can allow incorrect URLs to be displayed. 

(CVE-2012-1955)\n\n - Cross-site scripting attacks are possible due to an error related to 

the '' tag within an RSS '' element. (CVE-2012-1957)\n\n - A 

use-after-free error exists related to the method 'nsGlobalWindow::PageHidden'. 

(CVE-2012-1958)\n\n - An error exists that can allow 'same-compartment security 

wrappers' (SCSW) to be bypassed. (CVE-2012-1959)\n\n - An out-of-bounds read error 

exists related to the color management library (QCMS). (CVE-2012-1960)\n\n - The 

'X-Frames-Options' header is ignored if it is duplicated. (CVE-2012-1961)\n\n - A memory 

corruption error exists related to the method 'JSDependentString::undepend'. 

(CVE-2012-1962)\n\n - An error related to the 'Content Security Policy' (CSP) 

implementation can allow the disclosure of OAuth 2.0 access tokens and OpenID 

credentials. (CVE-2012-1963)\n\n - An error exists related to the 'feed:' URL that can allow 


cross-site scripting attacks. (CVE-2012-1965)\n\n - Cross-site scripting attacks are possible 

due to an error related to the 'data:' URL and context menus. (CVE-2012-1966)\n\n - An 

error exists related to the 'javascript:' URL that can allow scripts to run at elevated 

privileges outside the sandbox. (CVE-2012-1967) 


CVE-2012-1967 

Mozilla Thunderbird 13.x < 13 Multiple Vulnerabilities 





:\n\n - Several memory safety issues exist, some of which could potentially allow arbitrary 

code execution. (CVE-2012-1948, CVE-2012-1949)\n\n - Several memory safety issues 

exist related to the Gecko layout engine. (CVE-2012-1951, CVE-2012-1952, 







wrappers' (SCSW) to be bypassed. (CVE-2012-1959)\n\n - An out-of-bounds read error 






credentials. (CVE-2012-1963)\n\n - An error exists related to the 'javascript:' URL that can 

allow scripts to run at elevated privileges outside the sandbox. (CVE-2012-1967) 


CVE-2012-1967 







security issues :\n\n - Several memory safety issues exist, some of which could potentially 

allow arbitrary code execution. (CVE-2012-1948, CVE-2012-1949)\n\n - Several memory 

safety issues exist related to the Gecko layout engine. (CVE-2012-1951, CVE-2012-1952, 








wrappers' (SCSW) to be bypassed.(CVE-2012-1959)\n\n - An out-of-bounds read error 






credentials. (CVE-2012-1963)\n\n - An error exists related to the certificate warning page 

that can allow 'clickjacking' thereby tricking a user into accepting unintended certificates. 

(CVE-2012-1964)\n\n - An error exists related to the 'javascript:' URL that can allow 

scripts to run at elevated privileges outside the sandbox. (CVE-2012-1967) 


CVE-2012-1967 






of Safari is: \n %L \n\nVersions of Safari earlier than 6.0 are reportedly affected by several 

issues :\n\n - An unspecified cross-site scripting issue exists. (CVE-2012-0678)\n\n - An 

error in the handling of 'feed://' URLs can allow local files to be disclosed to remote 

servers. (CVE-2012-0679)\n\n - Password input elements are auto completed even when a 

webpage specifically forbids it. (CVE-2012-0680)\n\n - A cross-site scripting issue exists 

due to improper handling of the HTTP 'Content-Disposition' header value of 'attachment'. 

(CVE-2011-3426)\n\n - Numerous issues exist in WebKit. (CVE-2011-2845, 

























CVE-2012-3697) 


CVE-2012-3697 





Solution: N/A 


ESPN ScoreCenterXL Detection iOS 


Description: The remote host is running the ESPN ScoreCenterXL application. The ESPN 

ScoreCenterXL application is used to get updates, news, and scores on various sports. 

Solution: Ensure that such usage is in aligment with Corporate policy 


ESPN ScoreCenterXL Video Stream Detection iOS 


Description: The remote host is running the ESPN ScoreCenterXL application. The ESPN 

ScoreCenterXL application is used to get updates, news, and scores on various sports. The 

client has attempted to view a video using this application. 




NBCOlympics application detection for Apple iPad - (accessed) 



Description: The remote host is running the NBCOlympics application for Apple iPad. The application 

is used to get updates and news. It also allows for viewing of videos and streaming of live 

events. 



NBCOlympics application detection for Apple iPad. 


Description: The remote host is running the NBCOlympics application for Apple iPad. The application 

is used to get updates and news. It also allows for viewing of videos and streaming of live 

events. 








following vulnerabilities :\n\n - Re-prompts are not displayed for excessive downloads. 

(CVE-2012-2847)\n\n - Drag and drop file access restrictions are not restrictive enough. 

(CVE-2012-2848)\n\n - An off-by-one read error exists related to GIF decoding. 

(CVE-2012-2849)\n\n - Various, unspecified errors exist related to PDF processing. 

(CVE-2012-2850)\n\n - Various, unspecified integer overflows exist related to PDF 

processing. (CVE-2012-2851)\n\n - A use-after-free error exists related to object linkage 

and PDF processing. (CVE-2012-2852)\n\n - An error exists related to 'webRequest' and 

'Chrome Web Store' interference. (CVE-2012-2853)\n\n - Pointer values can be leaked to 

'WebUI' renderers. (CVE-2012-2854)\n\n - An unspecified use-after-free error exists 

related to PDF processing. (CVE-2012-2855)\n\n - Unspecified out-of-bounds reads exist 

related to the PDF viewer. (CVE-2012-2856) - A use-after-free error exists related to CSS 

DOM processing. (CVE-2012-2857) - A buffer overflow exists related to 'WebP' decoding. 

(CVE-2012-2858)\n\n - An out-of-bounds access error exists related to the date picker. 

(CVE-2012-2860) 


CVE-2012-2860 

nginx < 1.2.x / 1.3.x < 1.2.1 / 1.3.1 Vulnerabilities with Windows directory aliases 



RISK: 

MEDIUM 



Description: Synopsis:\n\nThe remote web server is affected by an access restriction bypass 

vulnerability.\n\nThe remote host is running a nginx HTTP server. For your information, 

the observed version of nginx is:\n %L \n\n Versions earlier than 1.2.1(stable version) or 

versions earlier than 1.3.1(development version) are vulnerable to an access restriction 

bypass vulnerability.\nBy using a request with a specially crafted directory name, such as 

'/directory::$index_allocation' in place of '/directory', an attacker may be able to bypass 

access restrictions.\nNote that this vulnerability only affects installs on Windows. 

(CVE-2012-4963) 


CVE-2011-4963 

PHP 5.4.x < 5.4.5 _php_sream_scandir Overflow 


Description: Synopsis :\n\nThe remote web server uses a version of PHP that is affected by an overflow 

vulnerability.\n\nFor your information, the version of PHP installed on the remote host is 

:\n %L \n\nPHP versions earlier than 5.4.5 are affected by the following vulnerabilities.\n\n 

- An unspecified overflow vulnerability in the function '_php_stream_scandir' in the file 

'main/streams/streams.c'\n 


CVE-2012-2688 

Android Mobile Device App Download Detection 


Description: The remote host is an Android mobile client which has just downloaded the following 

software : %L 

Solution: N/A 

realtimeonly 



Detection of uploading a file to scribd.com - (HTML method) 


Description: The remote host has uploaded a file to scribd.com via their HTML uploader. Scridb is the 

world's largest online library where one can share, view, and dowload documents across 

web and mobile clients. 




Detection of uploading a file to scribd.com - (Flash Method) 


Description: The remote host has uploaded a file to scribd.com via their flash uploader. Scridb is the 

world's largest online library where one can share, view, and dowload documents across 

web and mobile clients. 



Mozilla Firefox Android client 


Description: The remote host has the Mozilla Firefox Android client. For your information, the observed 

version of client is : \n %L 



Spotify app music streaming detection 


Description: The remote host is running the Spotify music streaming application. Spotify offers millions 

of tracks by streaming the music directly to the user's desktop. 



Google Chrome < 21.0.1180.60 Multiple PDF Viewer Vulnerabilities 





following vulnerabilities :\n\n - An unspecified use-after-free error exists in the PDF 

viewer. (CVE-2012-2862)\n\n - An unspecified out-of-bounds write error exists in the PDF 

viewer. (CVE-2012-2863)\n\n - Successful exploitation of either issue could lead to an 

application crash or even allow arbitrary code execution, subject to the user's privileges. 


CVE-2012-2863 



Tridium SCADA Server Detection 


Description: The remote host has been identified as a Tridium SCADA server version : %L 

Solution: Ensure that access to this server is restricted to only trusted hosts/networks 


Last.fm application music streaming on an Android mobile device 


Description: The remote Android mobile device is running the Last.fm application to stream music. 

Last.fm is an Internet radio service for streaming music across mobile devices. 



Last.fm application music streaming on an iOS device 


Description: The remote iOS mobile device is running the Last.fm application to stream music. 

Last.fm is an Internet radio service for streaming music across mobile devices. 



Pandora Internet radio streaming on an Android mobile device 


Description: The remote Android mobile device is running the Pandora Internet radio application to 

stream music. Pandora is an Internet radio service for streaming music across mobile 

devices. 




Pandora Internet radio streaming on an Apple iOS mobile device 


Description: The remote Apple iOS mobile device is running the Pandora Internet radio application to 

stream music. Pandora is an Internet radio service for streaming music across mobile 

devices. 




enteliTOUCH SCADA Server Detection 


Description: The remote host has been identified as an enteliTOUCH SCADA server. 



Electro Industries GaugeTech SCADA Server Detection 


Description: The remote host has been identified as an Electro Industries GaugeTech SCADA server. 



Flash Player < 11.3.300.271 Code Execution (APSB12-18) 


Description: Synopsis :\n\nThe remote host contains a browser plug-in that is affected by code execution 

vulnerability.\n\nThe remote host has Adobe Flash Player installed. For your information, 


than 11.3.300.271 is affected by an unspecified remoted code execution vulnerability :\n\n - 

Note that this vulnerability is reportedly being actively exploited in the wild.\n\nAlso note 

the vendor states 10.x versions are not affected by this vulnerability and the branch was not 

updated. 


CVE-2012-1535 




Description: Synopsis :\n\nThe remote host contains a browser plug-in that is affected by multiple 

vulnerabilities.\n\nThe remote host has Adobe Flash Player installed. For your information, 


than 10.3.183.20 / 11.3.300.257 are potentially affected by multiple vulnerabilities :\n\n - 

Multiple memory corruption vulnerabilities exist that could lead to code execution. 

(CVE-2012-2034, CVE-2012-2037)\n\n - A stack overflow vulnerability exists that could 


lead to code execution. (CVE-2012-2035)\n\n - An integer overflow vulnerability exists 

that could lead to code execution. (CVE-2012-2036)\n\n - A security bypass vulnerability 

exists that could lead to information disclosure. (CVE-2012-2038)\n\n - A null dereference 

vulnerability exists that could lead to code execution. (CVE-2012-2039)\n\n - A binary 

planting vulnerability exists in the Flash Player installer that could lead to code 

execution.(CVE-2012-2040)\n 


CVE-2012-2040 

NetFlix on-demand media streaming to the Apple iPad 


Description: The remote Apple iPad device is streaming media content from NetFlix. NetFlix is provider 

of on-demand Internet streaming media available as cross-platform client to both desktops 

and mobile devices. 



NetFlix on-demand media streaming to a Windows Desktop 


Description: The remote Windows host is streaming media content from NetFlix. NetFlix is provider of 

on-demand Internet streaming media available as cross-platform client to both desktops and 

mobile devices. 



VMWare VI Client Version Detection 


Description: The remote host is running the VMWare VI client version : %L . The VI client is used 

to manage virtual machines across a network. 

Solution: N/A 


Sophos Anti-virus Version Detection 




Description: The remote host is running the Sophos AV software version: %L 

Solution: N/A 




RISK: 

MEDIUM 


Description: Synopsis:\n\nThe remote web server is affected by multiple vulnerabilities.\n\nThe remote 

host is running a Apache HTTP server. For your information, the observed version of 

Apache is:\n %L \n\n Versions earlier than 2.4.3 are vulnerable to the following 

vulnerabilities :\n\n - An input validation error exists related to 'mod_negotiation', 

'Multiviews' and untrusted uploads that can allow cross-site scripting attacks. 

(CVE-2012-2687)\n\n - An error exists related to 'mod_proxy_ajp' and 'mod_proxy_http' 

that can allow connections to remain open. This condition can allow information disclosure 

when combined with specially crafted requests. (CVE-2012-3502) 

Solution: Upgrade to Apache version 2.4.3 or later 

CVE-2012-3502 






12.01 are potentially affected by multiple vulnerabilities :\n\n - An error exists in the 

handling of certain URLs that can lead to memory corruption and possible code execution. 

(1016)\n\n - Errors exist in the handling of DOM elements and certain HTML characters 

that can lead to cross-site scripting. (1025, 1026)\n\n - Download dialog boxes can be made 

small enough that users may not realize they are accepting a download and further, 

executing such a download. (1027)\n\n - An attacker could cause an application crash by 

tricking a user into connecting to a malicious site, as demonstrated by the Lenovo 'Shop 

Now' page. (CVE-2012-4146) 


CVE-2012-4146 

Hulu plus search detection on the Apple iPad 




Description: The remote Apple iPad device has launch the Hulu plus application. The client has 

searched for the following shows/movies:\n %L \n Hulu is provider of on-demand Internet 

streaming media available as cross-platform client to both desktops and mobile devices. 



Hulu on-demand media streaming to the Apple iPad 


Description: The remote Apple iPad device is streaming media content from Hulu. Hulu is provider of 

on-demand Internet streaming media available as cross-platform client to both desktops and 

mobile devices. 


Oracle Java SE 7 < 



Description: Synopsis :\n\nThe remote Windows host contains a programming platform that is affected 

by a code execution vulnerability.\n\nThe remote host is running Java version : %L. This 

version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host 

is 7 Update 6 or earlier and is, therefore, potentially affected by an unspecified code 

execution vulnerability. Note that this vulnerability is currently being exploited in the wild. 

Solution: Upgrade to JDK / JRE 7 Update 7 or later, and remove, if necessary, any affected versions. 

Flash Player < 

CVE-2012-4681 




the observed version of Adobe Flash Player is : \n %L \n\nVersions of Flash Player equal to 

or earlier than 11.4.402.264 is affected by multiple vulnerabilities :\n\n - Multiple memory 

corruption vulnerabilities could lead to code execution. (CVE-2012-4163, CVE-2012-4164, 

CVE-2012-4165, CVE-2012-4166)\n\n - An integer overflow vulnerability exists that could 

lead to code execution. (CVE-2012-4167)\n\n - A cross-domain information leak 

vulnerability exists. (CVE-2012-4168) 


CVE-2012-4171 





Description: Synopsis :\n\nThe remote web server uses a version of PHP that is affected by an multiple 

vulnerabilities.\n\nFor your information, the version of PHP installed on the remote host is 

:\n %L \n\nPHP versions 5.3.x earlier than 5.3.15 are affected by the following 

vulnerabilities.\n\n - - An unspecified overflow vulnerability exists in the function 

'_php_stream_scandir' in the file 'main/streams/streams.c'. (CVE-2012-2688)\n\n - An 

unspecified error exists that can allow the 'open_basedir' constraint to be bypassed. 

(CVE-2012-3365) 


CVE-2012-3365 

Opendrive Login Detection 


Description: The remote client has just logged into the opendrive.com HTTP interface. Opendrive is a 

'cloud' application which allows users to store files via an online service. The logged 

UserID was : %L 



Opendrive File Upload Detection 


Description: The remote client has just logged into the opendrive.com HTTP interface. Opendrive is a 

'cloud' application which allows users to store files via an online service. The user has just 

uploaded a file to the online service. 

realtimeonly 


Mozilla Firefox 14.x < 







An error exists related to 'Object.defineProperty' and the location object and can allow 

cross-site scripting attacks. (CVE-2012-1956)\n\n - Unspecified memory safety issues 


exist. (CVE-2012-1970,CVE-2012-1971)\n\n - Multiple use-after-free errors exist. 



CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964)\n\n - An error 

exists related to 'about:newtab' and the browser's history. This error can allow a newly 

opened tab to further open a new window and navigate to the privileged 'about:newtab' 

page leading to possible privilege escalation. (CVE-2012-3965)\n\n - An error exists 

related to bitmap (BMP) and icon (ICO) file decoding that can lead to memory corruption 

causing application crashes and potentially arbitrary code execution. (CVE-2012-3966)\n\n 

- A use-after-free error exists related to WebGL shaders. (CVE-2012-3968)\n\n - A buffer 

overflow exists related to SVG filters. (CVE-2012-3969)\n\n A use-after-free error exists 

related to elements having 'requiredFeatures' attributes. (CVE-2012-3970)\n\n - A 'Graphite 

2' library memory corruption error exists. (CVE-2012-3971)\n\n - An XSLT out-of-bounds 

read error exists related to 'format-number'. (CVE-2012-3972)\n\n - Remote debugging is 

possible even when disabled and the 'HTTPMonitor' extension is enabled. 

(CVE-2012-3973)\n\n - The installer can be ticked into running unauthorized executables. 

(CVE-2012-3974)\n\n - The DOM parser can unintentionally load linked resources in 

extensions. (CVE-2012-3975)\n\n - Incorrect SSL certificate information can be displayed 

in the address bar when two 'onLocationChange' events fire out of order. 

(CVE-2012-3976)\n\n - Security checks related to location objects can be bypassed if 

crafted calls are made to the browser chrome code. (CVE-2012-3978)\n\n - Calling 'eval' in 

the web console can allow injected code to be executed with browser chrome privileges. 

(CVE-2012-3980) 


CVE-2012-3980 

Mozilla Thunderbird 14.x < 






:\n\n - An error exists related to 'Object.defineProperty' and the location object that could 

allow cross-site scripting attacks. (CVE-2012-1956)\n\n - Unspecified memory safety 

issues exist. (CVE-2012-1970, CVE-2012-1971)\n\n - Multiple use-after-free errors exist. 



CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964)\n\n - An error 

exists related to bitmap (BMP) and icon (ICO) file decoding that can lead to memory 

corruption, causing application crashes and potentially arbitrary code execution. 

(CVE-2012-3966)\n\n - A use-after-free error exists related to WebGL shaders. 

(CVE-2012-3968)\n\n - A buffer overflow exists related to SVG filters. 

(CVE-2012-3969)\n\n - A use-after-free error exists related to elements having 

'requiredFeatures' attributes. (CVE-2012-3970)\n\n - A 'Graphite 2' library memory 

corruption error exists. (CVE-2012-3971)\n\n - An XSLT out-of-bounds read error exists 

related to 'format-number'. (CVE-2012-3972)\n\n - The installer can be tricked into running 

unauthorized executables. (CVE-2012-3974)\n\n - The DOM parser can unintentionally 


load linked resources in extensions. (CVE-2012-3975)\n\n - Security checks related to 

location objects can be bypassed if crafted calls are made to the browser chrome code. 

(CVE-2012-3978)\n\n - Calling 'eval' in the web console can allow injected code to be 

executed with browser chrome privileges. (CVE-2012-3980) 


CVE-2012-3980 






security issues :\n\n - An error exists related to 'Object.defineProperty' and the location 

object that could allow cross-site scripting attacks. (CVE-2012-1956)\n\n - Unspecified 

memory safety issues exist. (CVE-2012-1970, CVE-2012-1971)\n\n - Multiple 

use-after-free errors exist. (CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, 



CVE-2012-3964)\n\n - An error exists related to bitmap (BMP) and icon (ICO) file 

decoding that can lead to memory corruption, causing application crashes and potentially 

arbitrary code execution. (CVE-2012-3966)\n\n - A use-after-free error exists related to 

WebGL shaders. (CVE-2012-3968)\n\n - A buffer overflow exists related to SVG filters. 

(CVE-2012-3969)\n\n - A use-after-free error exists related to elements having 

'requiredFeatures' attributes. (CVE-2012-3970)\n\n - A 'Graphite 2' library memory 

corruption error exists. (CVE-2012-3971)\n\n - An XSLT out-of-bounds read error exists 

related to 'format-number'. (CVE-2012-3972)\n\n - The DOM parser can unintentionally 

load linked resources in extensions. (CVE-2012-3975)\n\n - Incorrect SSL certificate 

information can be displayed in the address bar when two 'onLocationChange' events fire 

out of order. (CVE-2012-3976)\n\n - Security checks related to location objects can be 

bypassed if crafted calls are made to the browser chrome code. (CVE-2012-3978) 


CVE-2012-3978 

Opera < 12.02 Truncated Dialog Vulnerability 



Description: Synopsis :\n\nThe remote host has a web browser installed that is vulnerable by a truncated 

dialog vulnerability.\n\nThe remote host is running the Opera web browser. For your 


12.02 are potentially affected by multiple vulnerabilities :\n\n - Certain user actions, when 

combined with specially crafted web pages, can cause displayed dialog boxes to be too 

small thus allowing the dialog buttons to be hidden. A user may be tricked into clicking 

what appear to be elements on the underlying page, but are actually the hidden dialog 


uttons. This can allow arbitrary code execution to occur. 








following vulnerabilities :\n\n - An out-of-bounds read error exists related to line-breaking. 

(CVE-2012-2865)\n\n - Variable casting errors exist related to 'run-ins' and XSL 

transformations. (CVE-2012-2866, CVE-2012-2871)\n\n - An unspecified error exists 

related to the SPDY protocol that can result in application crashes. (CVE-2012-2867)\n\n - 

A unspecified race condition exists related to 'workers' and XHR. (CVE-2012-2868)\n\n - 

An unspecified error exists related to stale buffers and URL loading. (CVE-2012-2869)\n\n 

- Memory management issues exist related to XPath processing. (CVE-2012-2870)\n\n - 

Cross-site scripting is possible during the SSL interstitial process. 

(CVE-2012-2872)\n\nSuccessful exploitation of any of these issue could lead to an 



CVE-2012-2872 

Ustream mobile Android app detection 


Description: The remote host is running the Ustream Android mobile application. Ustream app provides 

the user with the capiblity of broadcasting live using the phone's camera. It also allows for 

streaming of live events directly on the phone. 



Ustream mobile Android app streaming detection 



Description: The remote host is attempting to view a live stream using the Ustream Android mobile 

application. Ustream app provides the user with the capiblity of broadcasting live using the 

phone's camera. It also allows for streaming of live events directly on the phone. 




Mac Outlook Client Version Detection 


Description: The remote host is running the Mac Outlook client version : %L . 

Solution: N/A 


Spiceworks Client Version Detection 


Description: The remote host is running the Spiceworks client version : %L . Spiceworks is a free 

software package used to manage network devices. 

Solution: N/A 


Asterisk Peer IAX2 Call Handling ACL Rule Bypass (AST-2012-013) 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote VoIP server is affected by a security bypass vulnerability.\n\nFor 

your information, the observed version of Asterisk is : \n %L \n\nAccording to the version 

in its SIP banner, the version of Asterisk running on the remote host is potentially affected 

by a vulnerability that could allow a remote, authenticated attacker to bypass access 

controls on out-bound calls.\n\nInter-Asterisk eXchange (IAX2) out-bound call restrictions 

can be bypassed if peer credentials, defined in a dynamic Asterisk Realtime Architecture 

(ARA) backend, are used by an attacker. 

Solution: Upgrade to Asterisk 1.8.15.1 / 10.7.1 or apply the patches listed in the Asterisk advisory 

CVE-2012-4737 

Foursquare app on an Android mobile device 


Description: The remote Android mobile device is running the Foursquare app. Foursquare is a free app 

used to share and save places you visit. 





Carbonite 'Cloud' Backup Service Detection 


Description: The remote client is subscribed to the Carbonite Backup 'Cloud' service. This service 

automates backup of the hard drive to the Carbonite web servers on the Internet. 



Carbonite 'Cloud' Backup Service Detection 


Description: The remote client is subscribed to the Carbonite Backup 'Cloud' service. This service 

automates backup of the hard drive to the Carbonite web servers on the Internet. 



MS Skydrive 'Cloud' Backup Service Detection 


Description: The remote client is subscribed to the Skydrive Backup 'Cloud' service. This service 

automates backup of the hard drive to the Skydrive web servers on the Internet. 



Sprint TV app on Android mobile devices 


Description: The remote host has launched the SprintTV mobile app.Sprint TV provides the ability to 

view live tv shows ranging from sports, news and entertainment. Sprint TV offers a free 

version for Sprint customers, as well as offers a premium service which offers more 

channels.\n\nThe following device model was since:\n %L \n 







Description: Synopsis :\n\nThe remote host is running an application that is vulnerable to multiple 

vulnerabilities.\n\nThe remote host is running RealPlayer, a multi-media application. For 

your information, the observed build of RealPlayer is:\n %L .\n\nRealPlayer builds earlier 

than 15.0.6.14 are potentially affected by multiple vulnerabilities :\n\n - A buffer overflow 

error exists related to 'AAC' handling, specifically unpacking of the stream data. 

(CVE-2012-2407)\n\n - A heap-corruption error exists related to the 'AAC SDK' decoding. 

(CVE-2012-2408)\n\n - Two unspecified buffer overflow errors exist related to 

'RealMedia'. (CVE-2012-2409, CVE-2012-2410)\n\n - A divide-by-zero error exists related 

to 'RealAudio' and codec frame size. (CVE-2012-3234) 


CVE-2012-3234 



Description: Synopsis :\n\nThe remote host contains a multimedia application that has multiple 

vulnerabilities.\n\nThe remote host has iTunes installed, a popular media player for 

Windows and Mac OS. For your information, the observed version of iTunes is:\n %L 

\n\nVersions of iTunes earlier than 10.7 are reportedly affected by multiple memory 

corruption vulnerabilities in WebKit. 


CVE-2012-3712 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server uses a version of Apache that is affected by multiple 

vulnerabilities.\n\nFor your information, the version of Apache installed on the remote host 

is :\n %L \n\nApache versions earlier than 2.2.23 are affected by the following 

vulnerabilities.\n\n - The utility 'apachectl' can receive a zero-length directory name in the 

LD_LIBRARY_PATH via the 'envvars' file. A local attacker with access to that utility 

could exploit this to load a malicious Dynamic Shared Object (DSO), leading to arbitrary 

code execution. (CVE-2012-0883)\n\n - An input validation error exists related to 

'mod_negotiation', 'Multiviews' and untrusted uploads that can allow cross-site scripting 

attacks. (CVE-2012-2687) 


CVE-2012-2687 

JustCloud 'Cloud' Backup Service Detection 




Description: The remote client is subscribed to the JustCloud Backup 'Cloud' service. This service 

automates backup of the hard drive to the JustCloud web servers on the Internet. 



JustCloud 'Cloud' Backup Service Detection 


Description: The remote client is subscribed to the JustCloud Backup 'Cloud' service. This service 

automates backup of the hard drive to the JustCloud web servers on the Internet. 


Pushdo botnet detection 



Description: Synopsis :\n\nThe host is infected with a botnet\n\nThe remote host appears to be infected 

with the Pushdo botnet 

Solution: The machine should be manually inspected and cleaned 


Wunderlist 'Cloud' sync Detection 


Description: The remote client is subscribed to Wunderlist 'Cloud' service and has attempted to sync 

data. Wunderlist is a task management tool where one can create to-do list and share them 

with colleagues and friends. 



Wunderlist 'Cloud' Service Detection 



Description: The remote client is subscribed to Wunderlist 'Cloud' service. Wunderlist is a task 

management tool where one can create to-do list and share them with colleagues and 

friends. 




Mac OS X : Safari < 6.0.1 Multiple Vulnerabilities 



vulnerabilities.\n\nThe remote Mac OS X host has Safari installed. For your information, 

the observed version of Safari is: \n %L \n\nVersions of Safari earlier than 6.0.1 are 

reportedly affected by several issues :\n\n - A logic error in Safari's handling of the 

Quarantine attribute caused the safe mode not to be triggered on Quarantined files, which 

could lead to the disclosure of local file contents. (CVE-2012-3713)\n\n - A rare condition 

in the handling of Form Autofill could lead to the disclosure of information from the 

Address Book 'Me' card that was not included in the Autofill popover. 

(CVE-2012-3714)\n\n - A logic issue in the handling of HTTPS URLs in the address bar 

when pasting text could result in the request being sent over HTTP. (CVE-2012-3715)\n\n - 

Numerous issues exist in WebKit. (CVE-2011-3105, CVE-2012-2817, CVE-2012-2818, 




CVE-2012-3622,CVE-2012-3623, CVE-2012-3624, CVE-2012-3632, CVE-2012-3643, 

CVE-2012-3647, CVE-2012-3648, CVE-2012-3649, CVE-2012-3651, 

CVE-2012-3652,CVE-2012-3654, CVE-2012-3657, CVE-2012-3658,CVE-2012-3659, 

CVE-2012-3660, CVE-2012-3671,CVE-2012-3672, CVE-2012-3673, 


CVE-2012-3687, CVE-2012-3688,CVE-2012-3692, CVE-2012-3699, 


CVE-2012-3705, CVE-2012-3706,CVE-2012-3707, CVE-2012-3708, 

CVE-2012-3709,CVE-2012-3710, CVE-2012-3711, CVE-2012-3712) 


CVE-2012-3710 







- Apache\n\n - BIND\n\n - CoreText\n\n - Data Security\n\n - ImageIO\n\n - Installer\n\n - 

International Components for Unicode\n\n - Kernel\n\n - Mail\n\n - PHP\n\n - Profile 

Manager\n\n - QuickLook\n\n - QuickTime\n\n - Ruby\n\n - USB\nIAVA Reference : 

2012-A-0017\nIAVA Reference : 2012-A-0085\nIAVB Reference : 2012-B-0006\nSTIG 





CVE-2012-3723 







- BIND\n\n - Data Security\n\n - LoginWindow\n\ - Mobile Accounts\n\n - PHP\n\n 


CVE-2012-3720 

Salesforce Application Detection 


Description: The remote client is subscribed to the Salesforce service. 



Sugarsync 'Cloud' Backup Service Detection 


Description: The remote client is subscribed to the Sugarsync Backup 'Cloud' service. This service 

automates backup of the hard drive to the Sugarsync web servers on the Internet. 



Sugarsync 'Cloud' Backup Service Detection 


Description: The remote client is subscribed to the Sugarsync Backup 'Cloud' service. This service 

automates backup of the hard drive to the Sugarsync web servers on the Internet. 



SSL Client Hello Detection 




Description: The remote client has initiated an SSL Client Hello packet 

Solution: N/A 


Apple iOS < 6.0 Multiple Vulnerabilities 





of iOS is : \n %L \n\nVersions of iOS less than 6.0 are potentially affected by multiple 

vulnerabilities. Apple iOS 6.0 contains security fixes for the following products :\n\n - 

Numerous memory errors exist related to handling 'TIFF', 'PNG' and 'JPEG' images and 

'ImageIO' that can allow arbitrary code execution. (CVE-2011-1167, CVE-2011-3026, 

CVE-2011-3048, CVE-2011-3328, CVE-2012-1173, CVE-2012-3726)\n\n - Several issues 

exist related to 'CoreGraphics' and 'FreeType' (CVE-2012-1126, CVE-2012-1127, 




CVE-2012-1143, CVE-2012-1144)\n\n - Numerous issues exist related to libxml and can 

lead to application crashes or arbitrary code execution. (CVE-2011-1944, CVE-2011-2821, 

CVE-2011-2834, CVE-2011-3919)\n\n - A stack-based buffer overflow exists related to 

'locale ID' and 'International Components for Unicode' (ICU). (CVE-2011-4599)\n\n - An 

unitialized memory access issue exists related to 'Sorenson' encoded movie files and 

'CoreMedia'. (CVE-2012-3722)\n\n - An URL handling issue exists related to 'CFNetwork' 

that can disclose sensitive information. (CVE-2012-3724)\n\n - The 'DNAv4' protocol 

discloses sensitive information when connecting to unencrypted Wi-Fi networks. 

(CVE-2012-3725)\n\n - A buffer overflow error exists related to 'IPSec' and 'racoon' 

configuration files. (CVE-2012-3727)\n\n - An invalid pointer dereference error exists 

related to the kernel and packet filter ioctls. (CVE-2012-3728)\n\n - An uninitialized 

memory access error exists related to the kernel and the Berkeley Packet Filter interpreter. 

(CVE-2012-3729)\n\n - Several issues exist related to 'Mail' and the handling of 

attachments and 'S/MIME' signed messages. (CVE-2012-3730, CVE-2012-3731, 

CVE-2012-3732)\n\n - Information disclosure issues exist related to 'Messages', 'Office 

Viewer', system logs, and 'UIKit'. (CVE-2012-3733, CVE-2012-3734, CVE-2012-3743, 

CVE-2012-3746)\n\n - Memory corruption errors exist related to 'OpenGL'. 

(CVE-2011-3457)\n\n - Numerous errors exist related to 'Passcode Lock'. 


CVE-2012-3740)\n\n - An error exists in 'Restrictions' that can allow unauthorized 

purchases. (CVE-2012-3741)\n\n - Errors exist in 'Safari' that are related to misleading 

URL characters and password auto complete. (CVE-2012-3742, CVE-2012-0680)\n\n - A 

buffer overflow error exists related to 'Telephony' and SMS handling. 

(CVE-2012-3745)\n\n - Many errors exist related to the bundled 'WebKit' components. 






























CVE-2012-3710, CVE-2012-3747) 


CVE-2012-3747 

Accessing iTunes Store on an Apple iOS device 


Description: The remote Apple iOS device is browsing the iTunes Store. The iTunes Store is a 

software-based online digital media store operated by Apple. It offers millions of songs, 

videos, and apps. The following type of device and iOS version has been detected:\n %L% 

\n 

realtime 



Browsing Cydia software packages 




Description: The remote client is accessing the Cydia software packages. Cydia is an indepented 

third-party app distribution platform for Apple iOS. Cydia is mostly use for 

Jailbroken devices. The following iOS version was detected:\n %L \n 








following vulnerabilities :\n\n - Out-of-bounds write errors exist related to Skia and the 

PDF viewer. (CVE-2012-2874, CVE-2012-2883, CVE-2012-2895)\n\n - Various, 

unspecified errors exist related to the PDF viewer. (CVE-2012-2875)\n\n - A buffer 

overflow error exists related to 'SSE2' optimizations. (CVE-2012-2876)\n\n - An 

unspecified error exists related to extensions and modal dialogs that can allow application 

crashes. (CVE-2012-2877)\n\n - Use-after-free errors exist related to plugin handling, 

'onclick' handling, 'SVG' text references and the PDF viewer. (CVE-2012-2878, 

CVE-2012-2887, CVE-2012-2888, CVE-2012-2890)\n\n - An error exists related to 'DOM' 

topology corruption. (CVE-2012-2879)\n\n - Race conditions exist in the plugin paint 

buffer. (CVE-2012-2880)\n\n - 'DOM' tree corruption can occur with plugins. 

(CVE-2012-2881)\n\n - A pointer error exists related to 'OGG' container handling. 

(CVE-2012-2882)- An out-of-bounds read error exists related to Skia. 

(CVE-2012-2884)\n\n - The possibility of a double-free error exists related to application 

exit. (CVE-2012-2885)\n\n - Universal cross-site scripting issues exist related to the v8 

JavaScript engine bindings and frame handling. (CVE-2012-2886, CVE-2012-2889)\n\n - 

Address information can be leaked via inter process communication (IPC). 

(CVE-2012-2891)\n\n - A bypass error exists related to pop-up block. 

(CVE-2012-2892)\n\n - A double-free error exists related to 'XSL' transforms. 

(CVE-2012-2893)\n\n - An error exists related to graphics context handling. 

(CVE-2012-2894)\n\n - An integer overflow error exists related to 'WebGL'. 

(CVE-2012-2896)\nSuccessful exploitation of any of these issues could lead to an 



CVE-2012-2896 

Foursquare app on an Apple iOS mobile device 



Description: The remote Apple iOS mobile device is running the Foursquare app. Foursquare is a free 

app used to share and save places you visit. 




Slacker application music streaming on an Android mobile device 


Description: The remote Android mobile device is running the Slacker application to stream music. 

Slacker is an Internet radio service for streaming music across mobile devices. 



Slacker application music streaming on an Apple iOS mobile device 


Description: The remote Apple iOS mobile device is running the Slacker application to stream music. 

Slacker is an Internet radio service for streaming music across mobile devices. 



Slacker application music streaming leaking information 


Description: The remote mobile device is running the Slacker application to stream music. Slacker is an 

Internet radio service for streaming music across mobile devices. The application sents the 

device ID over clear text. The following ID was seen:\n %L 



IEC 60870-5-104 server detection 


Description: The remote server is running the IEC 60870-5-104 protocol. This protocol is 

typically used to control electric power transmission systems commonly found on 

SCADA networks. The IEC 60870-5-104 protocol runs over TCP/IP and allows 

these control devices to communicate over global networks. 










than 11.4.402.278 is affected by multiple vulnerabilities:\n\n - Several unspecified issues 

exist that can lead to buffer overflows and arbitrary code execution. (CVE-2012-5248, 




CVE-2012-5287)\n\n - Several unspecified issues exist that can lead to memory corruption 

and arbitrary code execution. (CVE-2012-5252, CVE-2012-5256, CVE-2012-5258, 


CVE-2012-5270, CVE-2012-5271, CVE-2012-5272)\n\n - An unspecified issue exists 

having unspecified impact. (CVE-2012-5673)\n 



CVE-2012-5273 





than 11.4.402.278 is affected by multiple vulnerabilities:\n\n - Several unspecified issues 

exist that can lead to buffer overflows and arbitrary code execution. (CVE-2012-5248, 




CVE-2012-5287)\n\n - Several unspecified issues exist that can lead to memory corruption 

and arbitrary code execution. (CVE-2012-5252, CVE-2012-5256, CVE-2012-5258, 


CVE-2012-5270, CVE-2012-5271, CVE-2012-5272)\n\n - An unspecified issue exists 

having unspecified impact. (CVE-2012-5673)\n 


CVE-2012-5273 







following vulnerabilities :\n\n - An unspecified error exists related to Skia text rendering 

can cause the application to crash. (CVE-2012-2900)\n\n - A race condition exists related 


to audio device handling. (CVE-2012-5108)\n\n - Out-of-bounds read errors exist related to 

'ICU' regular expressions and the compositor. (CVE-2012-5109, CVE-2012-5110)\n\n - 

The 'Pepper' plugins are missing crash monitoring. (CVE-2012-5111)\n\nSuccessful 

exploitation of any of these issues could lead to an application crash or even allow arbitrary 

code execution, subject to the user's privileges. 


CVE-2012-5111 






following vulnerabilities :\n\n - A use-after-free error exists related to SVG handling that 

can be used to exploit the renderer process.(Issue #154983) \n\n - An unspecified error 

exists related to IPC handling that can allow an attacker to escape the application sandbox. 

(Issue #154987)\n\nSuccessful exploitation of any of these issues could lead to an 




CVE-2012-5112 






Multiple memory-corruption vulnerabilities in the browser engine that could lead to 

arbitrary code execution. (CVE-2012-3982, CVE-2012-3983, CVE-2012-4191)\n\n - A 

URI-spoofing vulnerability due to an error when handling the '' dropdown menu. 

This issue can be exploited to display arbitrary content while showing the URL of another 

site. An attacker can also exploit this issue to cause click jacking attacks. (CVE-2012-3984, 

CVE-2012-5354)\n\n - A security-bypass vulnerability exists because it fails to properly 

enforce the same-origin policy. Specifically, the error occurs when handling 

'document.domain'. An attacker can exploit this issue to execute cross-site scripting attacks. 

(CVE-2012-3985)\n\n - Multiple security bypass vulnerabilities exists in the 

'nsDOMWindowUtils' methods. (CVE-2012-3986)\n\n - A cross-site scripting vulnerability 

exists because it fails to sufficiently sanitize user-supplied input. Specifically, this issue 

occurs when transitioning into Reader Mode. Note: This issue affects only Firefox for 

Android. CVE-2012-3987)\n\n - A use-after-free issue occurs when invoking full screen 

mode and navigating backwards in history. (CVE-2012-3988)\n\n - A denial-of-service 

vulnerability that occurs due to invalid cast error. Specifically, this issue occurs when using 

the instanceof operator on certain JavaScript objects. (CVE-2012-3989)\n\n - A 


security-bypass vulnerability exists because it fails to properly enforce the cross-origin 

policy. Specifically, this issue occurs when invoking the 'GetProperty()' function through 

JSAPI. An attacker can exploit this issue to perform arbitrary code-execution. 

(CVE-2012-3991)\n\n - A cross-site scripting vulnerability exists because it fails to 

sufficiently sanitize user-supplied input. Specifically, this issue occurs when handling the 

'location' property through binary plugins. (CVE-2012-3994)\n\n - A security-bypass 

vulnerability exists because of an error in the Chrome Object Wrapper (COW) when 

handling the 'InstallTrigger' object. An attacker can exploit this issue to access certain 

privileged functions and properties. (CVE-2012-4184, CVE-2012-3993)\n\n - An arbitrary 

code-execution occurs when handling the 'location.hash' property and history navigation. 

(CVE-2012-3992)\n\n - An out-of-bounds read error affects the 

'IsCSSWordSpacingSpace()' function. (CVE-2012-3995)\n\n - A use-after-free error affects 

the 'nsHTMLCSSUtils::CreateCSSPropertyTxn()' function. (CVE-2012-4179)\n\n - A 

heap-based buffer-overflow vulnerability exists in the 

'nsHTMLEditor::IsPrevCharInNodeWhitespace()' function. (CVE-2012-4180)\n\n - A 

use-after-free error affects the 'nsSMILAnimationController::DoSample()' function. 

(CVE-2012-4181)\n\n - A use-after-free error affects the 'nsTextEditRules::WillInsert()' 

function. (CVE-2012-4182)\n\n - A use-after-free error affects the 

'DOMSVGTests::GetRequiredFeatures()' function. (CVE-2012-4183)\n\n - A 

buffer-overflow vulnerability exists in the 'nsCharTraits::length()' function. 

(CVE-2012-4185)\n\n - A heap-based buffer-overflow vulnerability exists in the 

'nsWaveReader::DecodeAudioData()" function. (CVE-2012-4186)\n\n - A 

memory-corruption vulnerability exists in the 'insPos' property. (CVE-2012-4187)\n\n - A 

heap-based buffer-overflow exists in the 'Convolve3x3()' function. (CVE-2012-4188)\n\n - 

A use-after-free error affects the 'nsIContent::GetNameSpaceID()' function. 

(CVE-2012-3990)\n\n - A cross domain information disclosure exists due to improper 

access to the 'location' object. (CVE-2012-4192)\n\n - A security-bypass vulnerability 

exists due to an error in security wrappers does not unwrap the 'defaultValue()' function 

properly. An attacker can exploit this issue to gain access to the 'location' object. 

(CVE-2012-4193)\nThese vulnerabilities allow attackers to execute arbitrary script or 

HTML code, steal cookie-based authentication credentials, conduct phishing attacks, 

execute arbitrary code in the context of the vulnerable application, crash affected 

applications, obtain potentially sensitive information, gain escalated privileges, bypass 

security restrictions, and perform unauthorized actions; other attacks may also be possible. 


CVE-2012-5354 












site. An attacker can also exploit this issue to cause click jacking attacks. 

(CVE-2012-3984)\n\n - A security-bypass vulnerability exists because it fails to properly 








































(CVE-2012-4193)\nThese vulnerabilities allow attackers to execute arbitrary script or 








CVE-2012-5354 











site. An attacker can also exploit this issue to cause click jacking attacks. (CVE-2012-3984, 

CVE-2012-5354)\n\n - A security-bypass vulnerability exists because it fails to properly 









































(CVE-2012-4193)\n These vulnerabilities allow attackers to execute arbitrary script or 






BigFix Client Detection 

CVE-2012-5354 


Description: The remote host is a BigFix Client which is controlled by the server at %L 

Solution: N/A 


BigFix Client Version Detection 


Description: The remote host is a BigFix Client version %L 

Solution: N/A 

BigFix Server Detection 



Description: The remote host is a BigFix server 

Solution: N/A 

BigFix Server Detection 



Description: The remote host is a BigFix server which has a deployment serial number of %L 

Solution: N/A 



MySQL Server 5.5.x < 



RISK: 

MEDIUM 



your information, the observed version of MySQL Community server is \n %L \n\nThe 

version of MySQL 5.5 / 5.1 installed on the remote host is earlier than 5.5.26 / 5.1.64. As 

such, it is reportedly affected by the following vulnerabilities:\n\n - An exploitable 

vulnerability which allows successful authenticated network attacks via multiple protocols, 

can cause in some cases a Denial-of-Service. 

Solution: Upgrade to MySQL Community Server 5.5.26 / 5.1.64 later. 


CVE-2012-3173 






vulnerability which allows successful authenticated network attacks via multiple protocols. 

In some cases it can cause a Denial-of-Service or result in execution of arbitrary code. 



CVE-2012-3197 



RISK: 

MEDIUM 






vulnerability requiring logon to the Operating System which can result in unauthorized read 

access to a subset of MySQL Server accessible data. (CVE-2012-3160)\n\n - An 

exploitable vulnerability which allows successful authenticated network attacks via 

multiple protocols. A successful attack of this vulnerability can result in a 

Denial-of-Service. (CVE-2012-3177, CVE 2012-3180)\n 



CVE-2012-3180 

BigFix Client Patch Update 


Description: The remote host is a BigFix client downloading the following patches from the BigFix 

server 

Solution: N/A 

realtimeonly 






\n\nVersions of SeaMonkey 2.13.1 and earlier are potentially affected by the following 

security issues :\n\n - The true value of 'window.location' can be shadowed by user content 

through the use of the 'valueOf' method, which can be combined with some plugins to 

perform cross-site scripting attacks. (CVE-2012-4194)\n\n - The 'CheckURL' function of 

'window.location' can be forced to return the wrong calling document and principal, 

allowing a cross-site scripting attack. (CVE-2012-4195)\n\n - It is possible to use property 

injection by prototype to bypass security wrapper protections on the 'Location' object, 

allowing the cross-origin reading of the 'Location' object. (CVE-2012-4196)\n 


CVE-2012-4196 




RISK: 

MEDIUM 




\n\nVersions earlier than Thunderbird 16.0.2 are potentially affected by the following 

security issues :\n\n - The true value of 'window.location' can be shadowed by user content 

through the use of the 'valueOf' method, which can be combined with some plugins to 

perform cross-site scripting attacks. (CVE-2012-4194)\n\n - The 'CheckURL' function of 

'window.location' can be forced to return the wrong calling document and principal, 

allowing a cross-site scripting attack. (CVE-2012-4195)\n\n - It is possible to use property 

injection by prototype to bypass security wrapper protections on the 'Location' object, 

allowing the cross-origin reading of the 'Location' object. (CVE-2012-4196)\n 



CVE-2012-4196 

Apple iOS < 6.0.1 Multiple Vulnerabilities 




of iOS is : \n %L \n\nVersions of iOS < 6.0.1 are potentially affected by multiple 

vulnerabilities. Apple iOS 6.0.1 contains security fixes for the following products :\n\n - 

Kernel extension API responses containing an 'OSBundleMachOHeaders' key may include 

kernel addresses, which can aid in further attacks. (CVE-2012-3749)\n\n - The lock screen 

can provide 'Passbook' data to an attacker having physical device access but not a passcode. 

(CVE-2012-3750)\n\n - A time-of-check-to-time-of-use issue in the handling of JavaScript 

array in WebKit could lead to arbitrary, remote code execution. (CVE-2012-3748)\n\n - A 

use-after-free issue in the handling of SVG images in WebKit code could lead to arbitrary, 

remote code execution. (CVE-2012-5112)\n 


CVE-2012-5112 






following vulnerabilities :\n\n - Use-after-free errors exist related to SVG filter handling, 

video layout, extension tab handling and plug-in placeholder handling. (CVE-2012-5116, 

CVE-2012-5121, CVE-2012-5125, CVE-2012-5126)\n\n - An error exists related to 

inappropriate SVG subresource loading in the 'img' context. (CVE-2012-5117)\n\n - A race 

condition exists related to 'Pepper' buffer handling. (CVE-2012-5119)\n\n - A bad cast error 

exists related to input handling. (CVE-2012-5122)\n\n - Out-of-bounds reads exist related 

to Skia. (CVE-2012-5123)\n\n - A memory corruption error exists related to texture 

handling. (CVE-2012-5124)\n\n - An integer overflow error exists related to 'WebP' 

handling. This error can lead to out-of-bounds reads. (CVE-2012-5127)\n\n - An improper 

write error exists related to the 'v8' JavaScript engine. (CVE-2012-5128)\n\nSuccessful 

exploitation of any of these issues could lead to an application crash or even allow arbitrary 

code execution, subject to the user's privileges.\n 


CVE-2012-5128 

Steam Valve Client Detection 




Description: Synopsis :\n\nThe remote host is running a gaming console.\n\nThe remote host is running 

the Steam Valve Client. Steam Valve is an entertainment platform used for gaming, chat, 

and more. The remote version is %L 

Solution: Ensure that such usage is authorized with respect to existing policies and guidelines 




Description: Synopsis :\n\nThe remote host has a web browser installed that is vulnerable by multiple 

vulnerabilities.\n\nThe remote host is running the Opera web browser. For your 


12.10 are potentially affected by the following vulnerabilities :\n\n - An error exists related 

to certificate revocation checking that can allow the application to indicate that a site is 

secure even though the check has not completed. (1029)\n\n - An error exists related to 

Cross-Origin Resource Sharing (CORS) handling that can allow specially crafted requests 

to aid in disclosing sensitive data. (1030)\n\n - An error exists related to data URIs that 

allows bypassing of the 'Same Origin Policy' and cross-site scripting attacks. (1031)\n\n - 

An error exists related to SVG image handling that can result in arbitrary code execution. 

(1033)\n\n - Two unspecified errors exist having unspecified impact. 


2012-6467 

Microsoft Office365 Access 


Description: The remote client has initiated an SSL session to the Microsoft office365 portal 

Solution: N/A 



QuickTime < 7.7.3 Multiple Vulnerabilities (Windows) 




of QuickTime earlier thanolder than 7.7.3 are affected by the following vulnerabilities :\n\n 

- A buffer overflow exists in the handling of REGION records in PICT files. 

(CVE-2011-1374)\n\n - A memory corruption issue exists in the handling of PICT files. 

(CVE-2012-3757)\n\n - A use-after-free issue exists in the QuickTime plugin's handling of 

'_qtactivex_' parameters within an HTML object element. (CVE-2012-3751)\n\n - A buffer 

overflow exists in the handling of the transform attribute in text3GTrack elements in 

TeXML files. (CVE-2012-3758)\n\n - Multiple buffer overflows exist in the handling of 


style elements in TeXML files. (CVE-2012-3752)\n\n - A buffer overflow exists in the 

handling of MIME types. (CVE-2012-3753)\n\n - A use-after-free issue exists in the 

QuickTime ActiveX control's handling of the 'Clear()' method. (CVE-2012-3754)\n\n - A 

buffer overflow exists in the handling of Targa image files. (CVE-2012-3755)\n\n - A 

buffer overflow exists in the handling of 'rnet' boxes in MP4 files. 

(CVE-2012-3756)\nSuccessful exploitation of these issues could result in program 

termination or arbitrary code execution, subject to the user's privileges. 


CVE-2012-3758 






12.11 are potentially affected by the following vulnerabilities :\n\n - A heap-based buffer 

overflow error exists related to handling HTTP responses that can lead to application 

crashes or arbitrary code execution. (1036)\n\n - An issue exists related to the application's 

error handling that can allow a malicious website to determine the existence of and path to 

local files. (1037) 



Mac OS X : Safari < 6.0.2 Multiple Vulnerabilities 



vulnerabilities.\n\nThe remote Mac OS X host has Safari installed. For your information, 

the observed version of Safari is: \n %L \n\nVersions of Safari earlier than 6.0.2 are 

reportedly affected by several issues :\n\n - A time-of-check-to-time-of-use issue in the 

handling of JavaScript array in WebKit could lead to arbitrary, remote code execution. 

(CVE-2012-3748)\n\n - A use-after-free issue in the handling of SVG images in WebKit 

code could lead to arbitrary, remote code execution. (CVE-2012-5112) 


CVE-2012-5112 

Apache Tomcat 7.0.x < 7.0.28 Header Parsing Remote Denial of Service 



RISK: 

MEDIUM 



Description: Synopsis :\n\nThe remote web server is affected by a remote denial of service 

vulnerabily.\n\nFor your information, the observed version of Apache Tomcat installed on 


affected by a remote denial of service vulnerability:\n\n - A flaw exists within the 

parseHeaders() function that could allow for a crafted header to cause a remote denial of 

service (CVE-2012-2733)\n\n - An error exists related to the 'NIO' connector when HTTPS 

and 'sendfile' are enabled that can force the application into an infinite loop. 

(CVE-2012-4534) 


CVE-2012-4534 

Apache Tomcat 7.0.x < 7.0.30 DIGEST Authentication Multiple Security Weaknesses 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server is affected by multiple security weaknesses.\n\nFor 


\n %L \n\nVersions of Tomcat 7.0.x earlier than 7.0.30 are potentially affected by the 

following vulnerabilities:\n\n - Replay-countermeasure functionality in HTTP Digest 

Access Authentication tracks cnonce values instead of nonce values, which makes it easier 

for attackers to bypass access restrictions by sniffing the network for valid requests. 

(CVE-2012-5885)\n\n - HTTP Digest Access Authentication implementation caches 

information about the authenticated user, which could potentially allow an attacker to 

bypass authentication via session ID. (CVE-2012-5886)\n\n - HTTP Digest Access 

Authentication implementation does not properly check for stale nonce values with 

enforcement of proper credentials, which allows an attacker to bypass restrictions by 

sniffing requests. (CVE-2012-5887) 



CVE-2012-5887 






Several memory safety bugs exist in the browser engine used in Mozilla-based products 

that could be exploited to execute arbitrary code. (CVE-2012-5842, CVE-2012-5843)\n\n - 

An error exists in the method 'image::RasterImage::DrawFrameTo' related to GIF images 

that could allow a heap-based buffer overflow, leading to arbitrary code execution. 

(CVE-2012-4202)\n\n - An error exists related to SVG text and CSS properties that could 

lead to application crashes. (CVE-2012-5836)\n\n - A bookmarked, malicious 'javascript:' 

URL could allow execution of local executables. (CVE-2012-4203)\n\n - The JavaScript 

function 'str_unescape' could allow arbitrary code execution. (CVE-2012-4204)\n\n - 


'XMLHttpRequest' objects inherit incorrect principals when created in sandboxes that could 

allow cross-site request forgery attacks (XSRF). (CVE-2012-4205)\n\n - An error exists 

related to the application installer and DLL loading. (CVE-2012-4206)\n\n - 

'XrayWrappers' can expose DOM properties that are not meant to be accessible outside of 

the chrome compartment. (CVE-2012-4208)\n\n - Errors exist related to 'evalInSandbox', 

'HZ-GB-2312' charset, frames and the 'location' object, the 'Style Inspector', 'Developer 

Toolbar' and 'cross-origin wrappers' that could allow cross-site scripting (XSS) attacks. 


CVE-2012-5841)\n\n - Various use-after-free, out-of-bounds read and buffer overflow 

errors exist that could potentially lead to arbitrary code execution. (CVE-2012-4212, 



CVE-2012-5838, CVE-2012-5839, CVE-2012-5840) 


CVE-2012-5843 

Mozilla SeaMonkey 2.x < 



vulnerabilities.\n\nFor your information, the observed version of SeaMonkey is: \n %L 

\n\nVersions of SeaMonkey 2.13.x are potentially affected by the following security issues 

:\n\n - Several memory safety bugs exist in the browser engine used in Mozilla-based 

products that could be exploited to execute arbitrary code. (CVE-2012-5842, 

CVE-2012-5843)\n\n - An error exists in the method 'image::RasterImage::DrawFrameTo' 

related to GIF images that could allow a heap-based buffer overflow leading to arbitrary 

code execution. (CVE-2012-4202)\n\n - An error exists related to SVG text and CSS 

properties that could lead to application crashes. (CVE-2012-5836)\n\n - The JavaScript 



allow cross-site request forgery attacks (XSRF). (CVE-2012-4205)\n\n - 'XrayWrappers' 

can expose DOM properties that are not meant to be accessible outside of the chrome 

compartment. (CVE-2012-4208)\n\n - Errors exist related to 'evalInSandbox', 

'HZ-GB-2312' charset, frames and the 'location' object, and 'cross-origin wrappers' that can 

allow cross-site scripting (XSS) attacks. (CVE-2012-4201, CVE-2012-4207, 

CVE-2012-4209, CVE-2012-5841)\n\n - Various use-after-free, out-of-bounds read and 

buffer overflow errors exist that could potentially lead to arbitrary code execution. 



CVE-2012-5835, CVE-2012-5838, CVE-2012-5839, CVE-2012-5840) 


CVE-2012-5843 








:\n\n - Several memory safety bugs exist in the browser engine used in Mozilla-based 

products that could be exploited to execute arbitrary code. (CVE-2012-5842, 

CVE-2012-5843)\n\n - An error exists in the method 'image::RasterImage::DrawFrameTo' 

related to GIF images that could allow a heap-based buffer overflow, leading to arbitrary 

code execution. (CVE-2012-4202)\n\n - An error exists related to SVG text and CSS 

properties that could lead to application crashes. (CVE-2012-5836) - The JavaScript 



allow cross-site request forgery attacks (XSRF). (CVE-2012-4205)\n\n - 'XrayWrappers' 

can expose DOM properties that are not meant to be accessible outside of the chrome 

compartment. (CVE-2012-4208)\n\n - Errors exist related to 'evalInSandbox', 

'HZ-GB-2312' charset, frames and the 'location' object, and 'cross-origin wrappers' that 

could allow cross-site scripting (XSS) attacks. (CVE-2012-4201, CVE-2012-4207, 

CVE-2012-4209 CVE-2012-5841)\n\n - Various use-after-free, out-of-bounds read and 

buffer overflow errors exist that could potentially lead to arbitrary code execution. 



CVE-2012-5835, CVE-2012-5838, CVE-2012-5839, CVE-2012-5840) 


CVE-2012-5843 






following vulnerabilities :\n\n - An out-of-bounds read error exists related to 'Skia'. 

(CVE-2012-5130)\n\n - An unspecified error exists related to chunked encoding that can 

result in application crashes. (CVE-2012-5132)\n\n - Use-after-free errors exist related to 

'SVG' filters and printing. (CVE-2012-5133, CVE-2012-5135)\n\n - A buffer underflow 

error exists related to 'libxml'. (CVE-2012-5134)\n\n - A cast error exists related to input 

element handling. (CVE-2012-5136)\nSuccessful exploitation of any of these issues could 

lead to an application crash or even allow arbitrary code execution, subject to the user's 

privileges. 


CVE-2012-5136 








following vulnerabilities :\n\n - A use-after-free error exists related to media source 

handling. (CVE-2012-5137)\n\n - An unspecified error exists related to file path handling. 

(CVE-2012-5138)\nSuccessful exploitation of either of these issues could lead to an 



CVE-2012-5138 

Confidential data on server 


Description: The remote server is dispensing confidential data %L 

Solution: N/A 

realtimeonly 





Solution: N/A 

realtimeonly 





Solution: N/A 

realtimeonly 







Solution: N/A 

realtimeonly 





Solution: N/A 

realtimeonly 





Solution: N/A 

realtimeonly 





Solution: N/A 

realtimeonly 







Solution: N/A 

realtimeonly 





Solution: N/A 

realtimeonly 


Samsung / Dell Printer SNMP Backdoor 


Description: Synopsis :\n\nThe remote host has a backdoor administrator account\n\nThe remote host 

appears to be a Samsung printer, or a Dell printer manufactured by Samsung. It has a 

hardcoded SNMP read-write community string that allows access even when SNMP has 

been disabled in the printer management utility. A remote, unauthenticated attacker could 

exploit this to take control of the printer. 

Solution: Apply an optional firmware update. Contact the device's vendor for more information. In 

addition one can, disable SNMPv1/v2 on the printer and instead use the secure SNMPv3 

mode 

CVE-2012-4964 

DHCPv6 client detection 


Description: The remote client is a DHCPv6 client 

Solution: N/A 


DHCPv6 server detection 




Description: The remote server is a DHCPv6 server 

Solution: N/A 


Tectia SSH Server Authentication Bypass 


Description: Synopsis :\n\nThe remote SSH server is vulnerable to an authentication bypass 

vulnerability\n\nFor your information, the observed version of Tectia SSH Server is: \n %L 

\n\nVersion of Tectia SSH server earlier than 6.3.3 / 6.2.6 / 6.1.13 / 6.0.20 are vulnerable. 

A remote, unauthenticated attacker can bypass authentication by sending a specially crafted 

request, allowing the attackerto authenticate as root.\n\nThe software is only vulnerable 

when running on Unix or Unix-like operating systems. 

Solution: Upgrade to Tectia SSH server 6.3.3 / 6.2.6 / 6.1.13 / 6.0.20. Additionally one can disable 

password authentication in the ssh-server-config.xml configuration file (this file needs to be 

created if it does not already exists) 

CVE-2012-5975 






following vulnerabilities :\n\n - Use-after-free errors exist related to visibility events and 

the URL loader. (CVE-2012-5139, CVE-2012-5140)\n - An unspecified error exists related 

to instantiation of the 'Chromoting' client plugin. (CVE-2012-5141)\n - An unspecified 

error exists related to history navigation that can lead to application crashes. 

(CVE-2012-5142)\n - An integer overflow error exists related to the 'PPAPI' image buffers. 

(CVE-2012-5143)\n - A stack corruption error exists related to 'AAC' decoding. 

(CVE-2012-5144)\n - The bundled version of Adobe Flash Player contains flaws that can 

lead to arbitrary code execution. (CVE-2012-5676, CVE-2012-5677, CVE-2012-5678) 


CVE-2012-5678 

Apache Tomcat 7.0.x < 7.0.32 CSRF Filter Bypass 



Description: Synopsis :\n\nThe remote web server is affected by a security bypass vulnerability.\n\nFor 


\n %L \n\nVersions of Tomcat 7.0.x earlier than 7.0.32 are potentially affected by the 

following vulnerability:\n\n - An error exists in the file 'filters/CsrfPreventionFilter.java' 


that can allow cross-site request forgery (CSRF) attacks to bypass the filtering. This can 

allow access to protected resources without a session identifier. 



CVE-2012-4431 




the observed version of Adobe Flash Player is : \n %L \n\nVersions of Flash Player 11.x 

equal to or earlier than 11.5.502.110, or 10.x equal to or earlier than 10.3.183.43 are 

affected by multiple vulnerabilities:\n\n - An unspecified error exists that can allow a buffer 

overflow and arbitrary code execution. (CVE-2012-5676)\n\n - An unspecified error exists 

that can allow an integer overflow and arbitrary code execution. (CVE-2012-5677)\n\n - An 

unspecified error exists that can lead to memory corruption and arbitrary code execution. 

(CVE-2012-5678) 



CVE-2012-5678 










(CVE-2012-5678) 



CVE-2012-5678 












(CVE-2012-5678) 


CVE-2012-5678 

iPhone App Install Detected 


Description: An iPhone device on the network was detected installing a program from the iTunes store. 

The newly installed program was : \n %L 

Solution: N/A 

realtimeonly 




Description: Synopsis :\n\nThe remote host is running the Opera web browser. For your information, the 

observed version of Opera is : \n %L \n\nVersions of Opera earlier than 12.12 is reportedly 

affected by the following vulnerabilities :\n\n - An error exists related to GIF image file 

handling that can allow heap memory corruption and can lead to application crashes or 

arbitrary code execution. (1038)\n\n - An information-disclosure vulnerability exists due to 

improper profile folder permissions, that can allow access to read the sensitive contents of 

profile files such as cache, password, and Opera's configuration files. (This issue affects 

only Opera Linux/Unix) (1039)\n\n - An error exists related to URL handling and the 

address bar that can allow rapid, repeated web requests to cause the incorrect URL to be 

displayed. (1040) 


CVE-2012-6472 

Netsuite Client Detection 



Description: Synopsis :\n\nThe remote client is accessing the Netsuite cloud services.\n\nThe remote 

client is running the Netsuite application. Netsuite is a 'cloud' service which allows 

companies to manage business data remotely. 


Solution: N/A 


Instagram Upload Activity Detected 


Description: The remote host is utilizing an Instagram application to upload a photo. Instagram is a free 

photo-sharing application for mobile devices that can publish photos on Facebook, Twitter, 

and Tumblr, as well as its native application interface. The user has uploaded the image 

using the following username : %L 

realtimeonly 





Description: Synopsis :\n\nThe remote host is running a multimedia application that is vulnerable to 

multiple vulnerabilities.\n\nThe remote host is running RealPlayer application. For your 

information, the observed build of RealPlayer is:\n %L .\n\nRealPlayer builds earlier than 

16.0.0.282 are potentially affected by multiple vulnerabilities :\n\n - An error exists related 

to 'RealAudio' handling and invalid pointers that can allow arbitrary code execution. 

(CVE-2012-5690)\n\n - An error exists related to 'RealMedia' handling that can allow a 

buffer overflow leading to arbitrary code execution. (CVE-2012-5691) 


CVE-2012-5691 

MySQL Server 5.1 < 5.1.63 Multiple Vulnerabilities 



RISK: 

MEDIUM 




version of MySQL 5.1 installed on the remote host is earlier than 5.1.63 and is, therefore, 

affected by the following vulnerabilities :\n\n - Several errors exist related to 'GIS 

Extension' and 'Server Optimizer' components that can allow denial of service attacks. 

(CVE-2012-0540, CVE-2012-1689, CVE-2012-1734)\n\n - A security bypass vulnerability 

exists that occurs due to improper casting during user login sessions. (Bug #64884 / 

CVE-2012-2122)\n\n - An error exists related to key length and sort order index that can 

lead to application crashes. (Bug #59387 / CVE-2012-2749) 

Solution: Upgrade to MySQL Community Server 5.1.63 later 



CVE-2012-2749 






affected by multiple vulnerabilities:\n\n - Several unspecified issues exist that can lead to 

buffer overflows and arbitrary code execution. (CVE-2012-5274, CVE-2012-5275, 

CVE-2012-5276, CVE-2012-5277, CVE-2012-5280)\n\n - An unspecified security bypass 

issue exists that can lead to arbitrary code execution. (CVE-2012-5278)\n\n - An 

unspecified issue exists that can lead to memory corruption and arbitrary code execution. 

(CVE-2012-5279) 



CVE-2012-5280 











(CVE-2012-5279) 



CVE-2012-5280 













(CVE-2012-5279) 


CVE-2012-5280 



RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server is affected by multiple vunerabilities.\n\nFor your 

information, the observed version of Apache Tomcat 6.0 installed on the remote host is : \n 

%L \n\nVersions earlier than Apache Tomcat 6.0.36 are potentially affected by multiple 

vulnerabilities :\n\n - A flaw exists within the parseHeaders() function that could allow for 

a crafted header to cause a remote denial of service. (CVE-2012-2733)\n\n - An error exists 

related to FORM authentication that can allow security bypass if 'j_security_check' is 

appended to the request. (CVE-2012-3546)\n\n - An error exists in the file 

'filters/CsrfPreventionFilter.java' that can allow cross-site request forgery (CSRF) attacks to 

bypass the filtering. This can allow access to protected resources without a session 

identifier. (CVE-2012-4431)\n\n - An error exists related to the 'NIO' connector when 

HTTPS and 'sendfile' are enabled that can force the application into an infinite loop. 

(CVE-2012-4534)\n\n - Replay-countermeasure functionality in HTTP Digest Access 

Authentication tracks cnonce values instead of nonce values, which makes it easier for 

attackers to bypass access restrictions by sniffing the network for valid requests. 

(CVE-2012-5885)\n\n - HTTP Digest Access Authentication implementation caches 

information about the authenticated user, which could potentially allow an attacker to 

bypass authentication via session ID. (CVE-2012-5886)\n\n - HTTP Digest Access 

Authentication implementation does not properly check for stale nonce values with 

enforcement of proper credentials, which allows an attacker to bypass restrictions by 

sniffing requests. (CVE-2012-5887) 


CVE-2012-5887 

VLC Media Player < 2.0.5 Multiple Vulnerabilities 




vulnerabilities\n\nThe remote host contains VLC player, a multi-media application. For 

your information, the observed version of VLC is : \n %L .\n\nVersions of VLC media 

player earlier than 2.0.5 are potentially affected by the following vulnerabilities :\n\n - An 

error exists in the file 'modules/codec/subsdec.c' ('libsubsdec_plugin.dll') that does not 

properly validate input and can allow a buffer overflow. Opening a specially crafted file 

can result in the execution of arbitrary code. Note that the subtitles feature must be enabled 


for successful exploitation.\n\n - An error exists related to the 'freetype' renderer that does 

not properly validate input and can allow a buffer overflow. Opening a specially crafted file 

can result in the execution of arbitrary code.\n\n - Unspecified errors exist related to 

'libaiff_plugin.dll' and to the 'SWF' demuxer that have unspecified impact. 



Red Hat Satellite Client Communication 


Description: The remote host is a Red Hat Satellite client communicating with a Red Hat Satellite server 

in order to perform various administrative tasks. 

Solution: N/A 

realtimeonly 


Red Hat Satellite Client Communication 


Description: The remote host is a Red Hat Satellite client communicating with a Red Hat Satellite server 

in order to perform various administrative tasks. This pertains to package downloads from 

the server. 

Solution: N/A 

realtimeonly 


Red Hat Satellite Server Communication 


Description: The remote host is a Red Hat Satellite server communicating with a Red Hat Satellite client 

in order to perform various administrative tasks. 

Solution: N/A 

realtimeonly 



Red Hat Satellite Server Communication Channel Detection - Server-Side 



Description: The remote host is a Red Hat Satellite server communicating with a Red Hat Satellite client 

in order to perform various administrative task. Server-Side Channel Detection. 

Solution: N/A 

realtimeonly 







following vulnerabilities :\n\n - Use-after-free errors exist related to SVG layout, DOM 

handling, video seeking, PDF fields and printing. (CVE-2012-5145, CVE-2012-5147, 

CVE-2012-5150, CVE-2012-5156, CVE-2013-0832)\n\n - An error related to malformed 

URLs can allow a Same Origin Policy (SOP) bypass, thereby allowing cross-site scripting 

attacks. (CVE-2012-5146)\n\n - A user-input validation error exists related to filenames 

and hyphenation support. (CVE-2012-5148)\n\n - Integer overflow errors exist related to 

audio IPC handling, PDF JavaScript and shared memory allocation. (CVE-2012-5149, 

CVE-2012-5151, CVE-2012-5154)\n\n - Out-of-bounds read errors exist related to video 

seeking, PDF image handling, printing and glyph handling. (CVE-2012-5152, 

CVE-2012-5157, CVE-2012-0833, CVE-2012-0834)\n\n - An out-of-bounds stack access 

error exists in the v8 JavaScript engine. (CVE-2012-5153)\n\n - A casting error exists 

related to PDF 'root' handling. (CVE-2013-0828)\n\n - An unspecified error exists that can 

corrupt database metadata leading to incorrect file access. (CVE-2013-0829)\n\n - An error 

exists related to IPC and 'NUL' termination. (CVE-2013-0830)\n\n - An error exists related 

to extensions that may allow improper path traversals. (CVE-2013-0831)\n\n - An 

unspecified error exists related to geolocation. (CVE-2013-0835)\n\n - An unspecified error 

exists related to garbage collection in the v8 JavaScript engine. (CVE-2013-0836)\n\n - An 

unspecified error exists related to extension tab handling. (CVE-2013-0837)\n\n - The 

bundled version of Adobe Flash Player contains flaws that can lead to arbitrary code 

execution. (CVE-2013-0630)\nSuccessful exploitation of some of these issues could lead to 

an application crash or even allow arbitrary code execution, subject to the user's privileges. 



CVE-2013-0837 





by a code execution vulnerability.\n\nThe remote host is running Java version : %L. This 

version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host 

is 7 Update 10 or earlier and is, therefore, potentially affected by the following security 

issues:\n\n - An unspecified issue exists in the Libraries component. (CVE-2012-3174)\n\n 

- An error exists in the 'MBeanInstantiator.findClass' method that could allow remote, 

arbitrary code execution. (CVE-2013-0422)\n\nNote that, according the advisory, these 

issues apply to client deployments of Java only and can only be exploited through untrusted 

'Java Web Start' applications and untrusted Java applets 

Solution: Update to JDK / JRE 7 Update 11 or later and, if necessary, remove any affected versions. 


CVE-2013-0422 


Description: Synopsis :\n\nThe remote host has Adobe Flash player installed. For your information, the 

observed version of Adobe Flash Player is : \n %L \n\nVersions 10.x equal to or earlier 

than 10.3.183.48 or earlier than 11.5.502.135 is potentially affected by an unspecified 

buffer overflow that could lead to arbitrary code execution. (CVE-2013-0630) 

Solution: Upgrade to Flash Player 10.3.183.50 / 11.5.502.146 or later, or Google Chrome 

PepperFlash 11.5.31.137 or later. 


CVE-2013-0630 









CVE-2013-0630 











CVE-2013-0630 





Multiple, unspecified use-after-free, out-of-bounds read and buffer overflow errors exist. 


CVE-2013-0766, CVE-2013-0767, CVE-2013-0771)\n\n - Two intermediate certificates 

were improperly issued by TURKTRUST certificate authority. (CVE-2013-0743)\n\n - A 

use-after-free error exists related to displaying HTML tables with many columns and 

column groups. (CVE-2013-0744)\n\n - An error exists related to the 

'AutoWrapperChanger' class that does not properly manage objects during garbage 

collection. (CVE-2012-0745)\n\n - An error exists related to 'jsval', 'quickstubs', and 

compartmental mismatches that can lead potentially exploitable crashes. 

(CVE-2013-0746)\n\n - Errors exist related to events in the plugin handler that can allow 

same-origin policy bypass. (CVE-2013-0747)\n\n - An error related to the 'toString' method 

of XBL objects can lead to address information leakage. (CVE-2013-0748)\n\n - An 

unspecified memory corruption issue exists. (CVE-2013-0749, CVE-2013-0769, 

CVE-2013-0770)\n\n - A buffer overflow exists related to JavaScript string concatenation. 

(CVE-2013-0750)\n\n - An error exists related to multiple XML bindings with SVG 

content, contained in XBL files. (CVE-2013-0752)\n\n - A use-after-free error exists 

related to 'XMLSerializer' and 'serializeToStream'. (CVE-2013-0753)\n\n - A use-after-free 

error exists related to garbage collection and 'ListenManager'. (CVE-2013-0754)\n\n - A 

use-after-free error exists related to the 'Vibrate' library and 'domDoc'. 

(CVE-2013-0755)\n\n - A use-after-free error exists related to JavaScript 'Proxy' objects. 

(CVE-2013-0756)\n\n - 'Chrome Object Wrappers' (COW) can be bypassed by changing 

object prototypes and can allow arbitrary code execution. (CVE-2013-0757)\n\n - An error 

related to SVG elements and plugins can allow privilege escalation. (CVE-2013-0758)\n\n 

- An error exists related to the address bar that can allow URL spoofing attacks. 

(CVE-2013-0759)\n\n - An error exists related to SSL and threading that can result in 

potentially exploitable crashes. (CVE-2013-0764)\n\n - An error exists related to 'Canvas' 

and bad height or width values passed to it from HTML. (CVE-2013-0768) 


CVE-2013-0771 







\n\nVersions of Thunderbird less than 17.0.2 are potentially affected by the following 

security issues :\n\n - Two intermediate certificates were improperly issued by 

TURKTRUST certificate authority. (CVE-2013-0743)\n\n - A use-after-free error exists 

related to displaying HTML tables with many columns and column groups. 

(CVE-2013-0744)\n\n - An error exists related to the 'AutoWrapperChanger' class that does 

not properly manage objects during garbage collection. (CVE-2012-0745)\n\n - An error 

exists related to 'jsval', 'quickstubs', and compartmental mismatches that could lead to 

potentially exploitable crashes. (CVE-2013-0746)\n\n - Errors exist related to events in the 

plugin handler that could allow same-origin policy bypass. (CVE-2013-0747)\n\n - An 

error related to the 'toString' method of XBL objects could lead to address information 

leakage. (CVE-2013-0748)\n\n - An unspecified memory corruption issue exists. 

(CVE-2013-0749, CVE-2013-0769)\n\n - A buffer overflow exists related to JavaScript 

string concatenation. (CVE-2013-0750)\n\n - An error exists related to multiple XML 

bindings with SVG content, contained in XBL files. (CVE-2013-0752)\n\n - A 

use-after-free error exists related to 'XMLSerializer' and 'serializeToStream'. 

(CVE-2013-0753)\n\n - A use-after-free error exists related to garbage collection and 

'ListenManager'. (CVE-2013-0754)\n\n - A use-after-free error exists related to the 'Vibrate' 

library and 'domDoc'. (CVE-2013-0755)\n\n - A use-after-free error exists related to 

JavaScript 'Proxy' objects. (CVE-2013-0756)\n\n - 'Chrome Object Wrappers' (COW) can 

be bypassed by changing object prototypes, which could allow arbitrary code execution. 

(CVE-2013-0757)\n\n - An error related to SVG elements and plugins could allow 

privilege escalation. (CVE-2013-0758)\n\n - An error exists related to the address bar that 

could allow URL spoofing attacks. (CVE-2013-0759)\n\n - Multiple, unspecified 

use-after-free, out-of-bounds read and buffer overflow errors exist. (CVE-2013-0761, 

CVE-2013-0762, CVE-2013-0763, CVE-2013-0766, CVE-2013-0767, 

CVE-2013-0771)\n\n - An error exists related to SSL and threading that could result in 




CVE-2013-0771 

Mozilla SeaMonkey 2.x < 




vulnerabilities.\n\nFor your information, the observed version of SeaMonkey is: \n %L 

\n\nVersions of SeaMonkey 2.14.x are potentially affected by the following security issues 

:\n\n - Multiple, unspecified use-after-free, out-of-bounds read and buffer overflow errors 

exist. (CVE-2012-5829, CVE-2013-0760, CVE-2013-0761, CVE-2013-0762, 

CVE-2013-0763, CVE-2013-0766, CVE-2013-0767, CVE-2013-0771)\n\n - Two 

intermediate certificates were improperly issued by TURKTRUST certificate authority. 

(CVE-2013-0743)\n\n - A use-after-free error exists related to displaying HTML tables 

with many columns and column groups. (CVE-2013-0744)\n\n - An error exists related to 

the 'AutoWrapperChanger' class that does not properly manage objects during garbage 

collection. (CVE-2012-0745)\n\n - An error exists related to 'jsval', 'quickstubs', and 


compartmental mismatches that can lead potentially exploitable crashes. 

(CVE-2013-0746)\n\n - Errors exist related to events in the plugin handler that can allow 

same-origin policy bypass. (CVE-2013-0747)\n\n - An error related to the 'toString' method 

of XBL objects can lead to address information leakage. (CVE-2013-0748)\n\n - An 

unspecified memory corruption issue exists. (CVE-2013-0749, CVE-2013-0769, 

CVE-2013-0770)\n\n - A buffer overflow exists related to JavaScript string concatenation. 

(CVE-2013-0750)\n\n - An error exists related to multiple XML bindings with SVG 

content, contained in XBL files. (CVE-2013-0752)\n\n - A use-after-free error exists 

related to 'XMLSerializer' and 'serializeToStream'. (CVE-2013-0753)\n\n - A use-after-free 

error exists related to garbage collection and 'ListenManager'. (CVE-2013-0754)\n\n - A 

use-after-free error exists related to the 'Vibrate' library and 'domDoc'. 

(CVE-2013-0755)\n\n - A use-after-free error exists related to JavaScript 'Proxy' objects. 

(CVE-2013-0756)\n\n - 'Chrome Object Wrappers' (COW) can be bypassed by changing 

object prototypes and can allow arbitrary code execution. (CVE-2013-0757)\n\n - An error 

related to SVG elements and plugins can allow privilege escalation. (CVE-2013-0758)\n\n 

- An error exists related to the address bar that can allow URL spoofing attacks. 

(CVE-2013-0759)\n\n - An error exists related to SSL and threading that can result in 




CVE-2013-0770 

PHP 5.3.x < 5.3.21 cuRL X.509 Certificate Domain Name Matching MiTM Weakness 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote web server uses a version of PHP that is affected by a 

man-in-the-middle attack.\n\nFor your information, the version of PHP installed on the 

remote host is :\n %L \n\nPHP versions 5.3.x earlier than 5.3.21 are affected by a weakness 

in the cURL extension that call allow SSL spoofing and man-in-the-middle 

attacks.\n\nWhen attempting to validate a certificate, the cURL library (libcurl) fails to 

verify that a server hostname matches a domain name in an X.509 certificate's 'Subject 

Common Name' (CN) or 'SubjectAltName'.\n\nNote that this plugin does not attempt to 

verify whether the PHP install has been built with the cURL extention but instead relies 

only on PHP's self-reported version number. 



PHP 5.4.x < 5.4.11 cURL X.509 Certificate Domain Name Matching MiTM Weakness 



RISK: 

MEDIUM 



Description: Synopsis :\n\nThe remote web server uses a version of PHP that is affected by a 

man-in-the-middle attack.\n\nFor your information, the version of PHP installed on the 

remote host is :\n %L \n\nPHP versions 5.4.x earlier than 5.4.11 are affected by a weakness 

in the cURL extension that call allow SSL spoofing and man-in-the-middle 

attacks.\n\nWhen attempting to validate a certificate, the cURL library (libcurl) fails to 

verify that a server hostname matches a domain name in an X.509 certificate's 'Subject 

Common Name' (CN) or 'SubjectAltName'.\n\nNote that this plugin does not attempt to 

verify whether the PHP install has been built with the cURL extention but instead relies 

only on PHP's self-reported version number. 








following vulnerabilities :\n\n - A use-after-free vulnerability exists related to font handling 

and canvas. (CVE-2013-0839)\n\n - An error exists related to URL validation and the 

opening of new browser windows. (CVE-2013-0840)\n\n - An array index is not properly 

checked in relation to content blocking. (CVE-2013-0841)\n\n - An unspecified error exists 

related to handling null characters in embedded paths. (CVE-2013-0842)\n\nSuccessful 

exploitation of some of these issues could lead to an application crash or even allow 

arbitrary code execution, subject to the user's privileges. 


CVE-2013-0842 

MySQL Server 5.5.x < 5.5.29 Multiple Vulnerabilities 


Description: Synopsis :\n\nThe remote database server is affected by multiple vulnerabilities.\n\nFor 

your information, the observed version of MySQL server is \n %L \n\nThe version of 

MySQL 5.5 installed on the remote host is earlier than 5.5.29. Therefore, affected by 

vulnerabilities in the following components :\n\n - Information Schema\n\n - InnoDB\n\n - 

MyISAM\n\n - Server\n\n - Server Locking\n\n - Server Optimizer\n\n - Server Parser\n\n - 

Server Partition\n\n - Server Privileges\n\n - Server Replication\n\n - Stored Procedure 

Solution: Upgrade to MySQL Server 5.5.29 or later 

CVE-2013-0389 


MySQL Server 5.1.x < 5.1.67 Multiple Vulnerabilities 



Description: Synopsis :\n\nThe remote database server is affected by multiple vulnerabilities.\n\nFor 

your information, the observed version of MySQL server is \n %L \n\nThe version of 

MySQL 5.1 installed on the remote host is earlier than 5.1.67. Therefore, affected by 

vulnerabilities in the following components :\n\n - Information Schema\n\n - InnoDB\n\n - 

Server\n\n - Server Locking\n\n - Server Optimizer\n\n - Server Privileges\n\n - Server 

Replication 

Solution: Upgrade to MySQL Server 5.1.67 later. 

CVE-2013-0389 

Windows 8 App Store Access 


Description: The remote host has access Microsoft's Windows Store. Windows Store is the digital 

distribution platform for Windows 8 and Windows RT OS. One can obtain free and paid 

applications using the Windows Store. 



Windows 8 App Store Download Detected 


Description: The remote host has access attempted to download an application from Microsoft's 

Windows Store. Windows Store is the digital distribution platform for Windows 8 and 

Windows RT OS. One can obtain free and paid applications using the Windows Store. 



Windows 8 Tile Services Detection 


Description: The remote host is running Windows 8. It has attempted to sync data used for the windows 

live tiles for services such as sports, weather, news and finance. Windows 8 Live Tiles 

allow for live updates on various data feeds. The following service was seen to attempt to 

sync data :\n %L \n 



Apple iOS < 6.1 Multiple Vulnerabilities 






of iOS is : \n %L \n\nVersions of iOS < 6.1 are potentially affected by multiple 

vulnerabilities. Apple iOS 6.1 contains security fixes for the following products :\n\n - An 

error related to 'EUC-JP' encoding could allow cross-site scripting attacks. 

(CVE-2011-3058)\n\n - An out-of-bounds read error exists related to 802.11i information 

handling that could allow remote attackers to disable Wi-Fi. (CVE-2012-2619)\n\n - An 

error exists related to certificate-based 'Apple ID' authentication that could allow improper 

trust extension. (CVE-2013-0963)\n\n - An error exists related to the 'copyin' and 'copyout' 

functions that could allow a user-mode process to access the first page of kernel memory. 

(CVE-2013-0964)\n\n - An error exists related to Mobile Safari preferences that could 

improperly allow JavaScript to be enabled after a user has disabled it. 

(CVE-2013-0974)\n\n - Many errors exist related to the bundled 'WebKit' components. 





CVE-2013-0962, CVE-2013-0968)\n\n - Two intermediate certificates, improperly issued 

by TURKTRUST certificate authority, are incorrectly trusted. 


CVE-2013-0974 






12.13 are potentially affected by the following vulnerabilities :\n\n - An error exists related 

to DOM manipulation that could lead to application crashes or arbitrary code execution. 

(1042)\n\n - An error exists related to SVG 'clipPaths' that could lead to memory corruption 

or arbitrary code execution. (1043)\n\n - The application could fail to make the proper 

'pre-flight' Cross-Origin Resource Sharing (CORS) requests. In some situations this error 

could aid an attacker in cross-site request forgery (XSRF) attacks. (1045)\n\n - An 

unspecified, low severity issue exists that has an unspecified impact. 


CVE-2013-1639 





Description: The remote host is running Microsoft Windows build version : %L 

Solution: N/A 


Email Attachment Detection (client) 


Description: The remote host sent an email with the following attachment 

Solution: N/A 

realtimeonly 


Barracuda Networks device detection 


Description: The remote host is a Barracuda Networks security device 

Solution: N/A 


Barracuda Spam Firewall version detection 


Description: Synopsis :\n\nThe remote host is a security device\n\nThe remote host is running the 

Barracuda Spam Firewall version : %L 

Solution: N/A 






by multiple vulnerabilities.\n\nThe remote host is running Java version : %L. This version 

of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is 7 

Update 11 or earlier and is, therefore, potentially affected by security issues in the 

following components :\n\n - 2D\n\n - AWT\n\n - Beans\n\n - CORBA\n\n - 

Deployment\n\n - Install\n\n - JavaFX\n\n - JAXP\n\n - JAX-WS\n\n - JMX\n\n - JSSE\n\n 

- Libraries\n\n - Networking\n\n - RMI\n\n - Scripting\n\n - Sound 


Solution: Update to JDK / JRE 7 Update 13 or later and, if necessary, remove any affected versions. 

CVE-2013-1489 

Samba 3.x < 3.5.21 / 3.6.12 and 4.x < 4.0.2 SWAT Multiple Vulnerabilities 


RISK: 

MEDIUM 


Description: Synopsis :\n\nThe remote Samba server is affected by multiple vulnerabilities.\n\nFor your 

information, the observed version of Samba is :\n %L \n\nAccording to its banner, the 

version of Samba 3.x or 4.x running on the remote host is earlier than 3.5.21 / 3.6.12 or 

4.0.2. It is, therefore, affected by the following vulnerabilities :\n\n - An error exists in the 

SWAT interface that could allow 'clickjacking' attacks. (CVE-2013-0213, Issue #9576)\n\n 

- An error exists in the SWAT interface that could allow cross-site request forgery (XSRF) 

attacks. (CVE-2013-0214, Issue #9577)\n\nNote that these issues are only exploitable when 

SWAT is enabled and it is not enabled by default. 

Solution: Either install the appropriate patch referenced in the project's advisory or upgrade to 3.5.21 

/ 3.6.12 / 4.0.2 or later 


CVE-2013-0214 






affected by multiple vulnerabilities:\n\n - An unspecified error exists that could allow a 

buffer overflow leading to code execution. (CVE-2013-0633)\n\n - An unspecified error 

exists that could allow memory corruption leading to code execution. (CVE-2013-0634) 



CVE-2013-0634 







affected by multiple vulnerabilities:\n\n - Several unspecified issues exist that could lead to 



CVE-2013-1368, CVE-2013-0642, CVE-2013-1367)\n\n - Several unspecified 


use-after-free vulnerabilities exist that could lead to remote code execution. 

(CVE-2013-0649, CVE-2013-1374, CVE-2013-0644)\n\n - Two unspecified issues exist 

that could lead to memory corruption and arbitrary code execution. (CVE-2013-0638, 

CVE-2013-0647)\n\n - An unspecified information disclosure vulnerability exists. 

(CVE-2013-0637)\n\n - An unspecified integer overflow vulnerability 

exists.(CVE-2013-0639) 


CVE-2013-1374 

Siemens SIMATIC RF-MANAGER Detection (SCADA) 

PVS ID: 6689 FAMILY: SCADA RISK: INFO NESSUS ID:64682 

Description: The remote host has been identified as a Siemens SIMATIC RF-MANAGER. It is an RFID 

management system. 



Asterisk Peer Multiple Vulnerabilities (AST-2012-014 / AST-2012-015) 


Description: Synopsis :\n\nThe remote VoIP server is affected by multiple vulnerabilities.\n\nFor your 


SIP banner, the version of Asterisk running on the remote host is potentially affected by the 

following vulnerabilities :\n\n - A stack-based buffer overflow error exists related to SIP, 

HTTP and XMPP handling over TCP. Note that in the case of 'Certified Asterisk', SIP is 

not affected. Further note that in the case of XMPP, an attacker must establish an 

authenticated session first. (CVE-2012-5976)\n\n - An error exists related to device state 

cache and anonymous calls that could allow system resources to be exhausted. Note this 

vulnerability only affects systems configured to allow anonymous calls. (CVE-2012-5977) 

Solution: Upgrade to Asterisk 1.8.19.1 / 10.11.1 / 11.1.2, Certified Asterisk 1.8.11-cert10 or apply 

the patches listed in the Asterisk advisory 


CVE-2012-5977 





\n\nVersions of Firefox 18.x and older are potentially affected by the following security 

issues :\n\n - Numerous memory safety errors exist. (CVE-2013-0783, 

CVE-2013-0784)\n\n - An out-of-bounds read error exists related to the handling of GIF 

images. (CVE-2013-0772)\n\n - An error exists related to 'WebIDL' object wrapping that 


has an unspecified impact. (CVE-2013-0765)\n\n - An error exists related to Chrome 

Object Wrappers (COW) or System Only Wrappers (SOW) that could allow security 

bypass. (CVE-2013-0773)\n\n - The file system location of the active browser profile could 

be disclosed and used in further attacks. (CVE-2013-0774)\n\n - A use-after-free error 

exists in the function 'nsImageLoadingContent'. (CVE-2013-0775)\n\n - Spoofing HTTPS 

URLs is possible due to an error related to proxy '407' responses and embedded script code. 

(CVE-2013-0776)\n\n - A heap-based use-after-free error exists in the function 

'nsDisplayBoxShadowOuter::Paint'. (CVE-2013-0777)\n\n - An out-of-bounds read error 

exists in the function 'ClusterIterator::NextCluster'. (CVE-2013-0778)\n\n - An 

out-of-bounds read error exists in the function 'nsCodingStateMachine::NextState'. 


'nsOverflowContinuationTracker::Finish'. (CVE-2013-0780)\n\n - A heap-based 

use-after-free error exists in the function 'nsPrintEngine::CommonPrint'. 

(CVE-2013-0781)\n\n - A heap-based buffer overflow error exists in the function 

'nsSaveAsCharset::DoCharsetConversion'. (CVE-2013-0782) 


CVE-2013-0784 





\n\nVersions of Thunderbird less than 17.0.3 are potentially affected by the following 

security issues :\n\n- Numerous memory safety errors exist. (CVE-2013-0783, 



has an unspecified impact. (CVE-2013-0765\n\n - An error exists related to Chrome Object 

Wrappers (COW) or System Only Wrappers (SOW) that could allow security bypass. 

(CVE-2013-0773)\n\n - The file system location of the active browser profile could be 

disclosed and used in further attacks. (CVE-2013-0774)\n\n - A use-after-free error exists 

in the function 'nsImageLoadingContent'. (CVE-2013-0775)\n\n - Spoofing HTTPS URLs 

is possible due to an error related to proxy '407' responses and embedded script code. 


'nsDisplayBoxShadowOuter::Paint'. (CVE-2013-0777)\n\n\n\n - An out-of-bounds read 

error exists in the function 'ClusterIterator::NextCluster'. (CVE-2013-0778)\n\n - An 








CVE-2013-0784 



SeaMonkey < 2.16 Multiple Vulnerabilities 




%L.\n\nVersions of SeaMonkey earlier than 2.16 are potentially affected by multiple 

vulnerabilities :\n\n - Numerous memory safety errors exist. (CVE-2013-0783, 



has an unspecified impact. (CVE-2013-0765)\n\n - An error exists related to Chrome 

Object Wrappers (COW) or System Only Wrappers (SOW) that could allow security 

bypass. (CVE-2013-0773)\n\n - The file system location of the active browser profile could 

be disclosed and used in further attacks. (CVE-2013-0774)\n\n - A use-after-free error 

exists in the function 'nsImageLoadingContent'. (CVE-2013-0775)\n\n - Spoofing HTTPS 

URLs is possible due to an error related to proxy '407' responses and embedded script code. 


'nsDisplayBoxShadowOuter::Paint'. (CVE-2013-0777)\n\n - An out-of-bounds read error 

exists in the function 'ClusterIterator::NextCluster'. (CVE-2013-0778)\n\n - An 







Solution: Upgrade to Mozilla SeaMonkey 2.16 or later. 

CVE-2013-0784 







following vulnerabilities :\n\n - An unspecified memory corruption error exists related to 

'web audio node'. (CVE-2013-0879)\n\n - Use-after-free errors exist related to database and 

URL handling. (CVE-2013-0880, CVE-2013-0898)\n\n - Improper memory read errors 

exist related to Matroska, excessive SVG parameters, and Skia. (CVE-2013-0881, 

CVE-2013-0882, CVE-2013-0883, CVE-2013-0888)\n\n - An error exists related to 

improper loading of 'NaCl'. (CVE-2013-0884)\n\n - The 'web store' is granted too many 

API permissions. (CVE-2013-0885)\n\n - The developer tools process is granted too many 

permissions and trusts remote servers incorrectly. (CVE-2013-0887)\n\n - User gestures are 

not properly checked with respect to dangerous file downloads. (CVE-2013-0889)\n\n - An 

unspecified memory safety issue exists in the IPC layer. (CVE-2013-0890)\n\n - Integer 

overflow errors exist related to blob and 'Opus' handling. (CVE-2013-0891, 

CVE-2013-0899)\n\n - Numerous, unspecified, lower-severity issues exist related to the 

IPC layer. (CVE-2013-0892)\n\n - Race conditions exist related to media handling and 

ICU. (CVE-2013-0893, CVE-2013-0900)\n\n - A buffer overflow exists related to vorbis 


decoding. (CVE-2013-0894)\n\n - Memory management errors exist related to plugin 

message handling. (CVE-2013-0896)\n\n - An off-by-one read error exists related to PDF 

handling. (CVE-2013-0897)\n\nNote that the vendor states that WebKit's MathML 

implementation has been disabled in this release. This is due to several unspecified, high 

severity security issues. Successful exploitation of some of these issues could lead to an 



mDNS Client Queries 

CVE-2013-2268 


Description: The remote client has issued a response query for the following resource name. 

Solution: N/A 

realtimeonly 


MAC change detection (SNMP) 


Description: The remote client has just issued a trap which indicates a change of MAC Address 

realtimeonly 



Ecava IntegraXor < 4.00.4283 ActiveX Remote Buffer Overflow (SCADA) 

PVS ID: 6697 FAMILY: SCADA RISK: HIGH NESSUS ID:64630 

Description: Synopsis :\n\nThe remote Windows host contains a SCADA application that is affected by 

a buffer overflow vulnerability.\n\nFor you information, the observed version of the server 

is : \n %L \n\nThe IntegraXor server installed on the remote host is earlier than 4.00 Build 

4283. As such, it is reportedly affected by a buffer overflow vulnerability in the ActiveX 

file 'PE3DO32A.ocx'. If an attacker can trick a user on the affected host into visiting a 

specially crafted web page, they may be able to leverage this issue to conduct a denial of 

service (DoS) or execute arbitrary code on the host subject to user's privileges. 

Solution: Upgrade to version 4.00.4283 or later 

CVE-2012-4700 



Ecava IntegraXor Server Login Attempt (SCADA) 


Description: The remote host has attempted to login into a Ecava IntegraXor SCADA Server. The 

following username and password where transmitted in clear text:\n %L \n 



Oracle Java SE Multiple Vulnerabilities (February 2013 CPU Update 1) 



by multiple vulnerabilities.\n\nThe remote host is running Java version : %L. This version 

of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier 

than 7 Update 15, 6 Update 41, 5 Update 40. It is therefore, potentially affected by security 

issues in the following components :\n\n - Deployment\n\n - JMX\n\n - JSSE\n\n - 

Libraries 

Solution: Update to JDK / JRE 7 Update 15, 6 update 41, 5 update 40 or later and, if necessary, 

remove any affected versions. 

CVE-2013-1487

(PVS) Signatures - Tenable Network Security

Create successful ePaper yourself

Delete template?

Save as template?