[Openvas-commits] r6038 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Wed Dec 2 17:31:13 CET 2009
Author: mime
Date: 2009-12-02 17:30:58 +0100 (Wed, 02 Dec 2009)
New Revision: 6038
Added:
trunk/openvas-plugins/scripts/ISPworker_26277.nasl
trunk/openvas-plugins/scripts/simple_machines_forum_37182.nasl
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/cve_current.txt
trunk/openvas-plugins/scripts/gb_adobe_robohelp_server_detect.nasl
trunk/openvas-plugins/scripts/gb_adobe_robohelp_server_unspecified_vuln.nasl
trunk/openvas-plugins/scripts/gb_apple_safari_js_uri_xss_vuln_sep09.nasl
trunk/openvas-plugins/scripts/gb_avant_browser_addr_bar_spoofing_vuln.nasl
trunk/openvas-plugins/scripts/gb_dotnetnuke_auth_bypass_vuln.nasl
trunk/openvas-plugins/scripts/gb_dotnetnuke_detect.nasl
trunk/openvas-plugins/scripts/gb_dotnetnuke_installwizard_info_disc_vuln.nasl
trunk/openvas-plugins/scripts/gb_dotnetnuke_skin_sec_bypass_vuln.nasl
trunk/openvas-plugins/scripts/gb_firefox_data_uri_xss_vuln_sep09_lin.nasl
trunk/openvas-plugins/scripts/gb_firefox_detect_lin.nasl
trunk/openvas-plugins/scripts/gb_flock_detect_lin.nasl
trunk/openvas-plugins/scripts/gb_flock_detect_win.nasl
trunk/openvas-plugins/scripts/gb_google_chrome_js_uri_xss_vuln_sep09.nasl
trunk/openvas-plugins/scripts/gb_ibm_db2mc_detect.nasl
trunk/openvas-plugins/scripts/gb_ibm_db2mc_mult_unspecified_vuln.nasl
trunk/openvas-plugins/scripts/gb_icq_toolbar_actvx_ctrl_dos_vuln.nasl
trunk/openvas-plugins/scripts/gb_icq_toolbar_detect.nasl
trunk/openvas-plugins/scripts/gb_ikiwiki_detect.nasl
trunk/openvas-plugins/scripts/gb_k-meleon_detect.nasl
trunk/openvas-plugins/scripts/gb_lunascape_detect.nasl
trunk/openvas-plugins/scripts/gb_maxthon_detect.nasl
trunk/openvas-plugins/scripts/gb_mozilla_detect_win.nasl
trunk/openvas-plugins/scripts/gb_mozilla_prdts_addr_bar_spoofing_vuln_lin.nasl
trunk/openvas-plugins/scripts/gb_mozilla_prdts_addr_bar_spoofing_vuln_win.nasl
trunk/openvas-plugins/scripts/gb_ms_win2k3_dos_vuln_sep09.nasl
trunk/openvas-plugins/scripts/gb_netrisk_detect.nasl
trunk/openvas-plugins/scripts/gb_netrisk_sec_bypass_vuln.nasl
trunk/openvas-plugins/scripts/gb_openoffice_word_bof_vuln_lin.nasl
trunk/openvas-plugins/scripts/gb_openoffice_word_bof_vuln_win.nasl
trunk/openvas-plugins/scripts/gb_openpro_detect.nasl
trunk/openvas-plugins/scripts/gb_openpro_file_inc_vuln.nasl
trunk/openvas-plugins/scripts/gb_opera_js_uri_xss_vuln_sep09_lin.nasl
trunk/openvas-plugins/scripts/gb_opera_js_uri_xss_vuln_sep09_win.nasl
trunk/openvas-plugins/scripts/gb_opera_mult_url_spoof_vuln_sep09_lin.nasl
trunk/openvas-plugins/scripts/gb_opera_mult_url_spoof_vuln_sep09_win.nasl
trunk/openvas-plugins/scripts/gb_orca_browser_detect.nasl
trunk/openvas-plugins/scripts/gb_qtweb_detect.nasl
trunk/openvas-plugins/scripts/gb_sinecms_detect.nasl
trunk/openvas-plugins/scripts/gb_sinecms_file_incl_vuln.nasl
trunk/openvas-plugins/scripts/ms_telnet_overflow.nasl
trunk/openvas-plugins/scripts/secpod_asterisk_sip_channel_driver_dos_vuln.nasl
trunk/openvas-plugins/scripts/secpod_firefox_document_location_dos_vuln.nasl
trunk/openvas-plugins/scripts/secpod_google_chrome_chromehtml_dos_vuln.nasl
trunk/openvas-plugins/scripts/secpod_google_chrome_mult_vuln_aug09.nasl
trunk/openvas-plugins/scripts/secpod_kvirc_detect_win.nasl
trunk/openvas-plugins/scripts/secpod_ms09-046.nasl
trunk/openvas-plugins/scripts/secpod_ms09-047.nasl
trunk/openvas-plugins/scripts/secpod_ms09-048.nasl
trunk/openvas-plugins/scripts/secpod_ms_ie_addr_bar_spoofing_vuln.nasl
trunk/openvas-plugins/scripts/secpod_php_sec_bypass_vuln_aug09.nasl
trunk/openvas-plugins/scripts/secpod_projectbutler_file_inc_vuln.nasl
trunk/openvas-plugins/scripts/secpod_squirrelmail_csrf_vuln.nasl
trunk/openvas-plugins/scripts/showmount.nasl
trunk/openvas-plugins/scripts/yahoo_msg_running.nasl
Log:
Added new plugins. Removed unnecessary log messages
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/ChangeLog 2009-12-02 16:30:58 UTC (rev 6038)
@@ -1,3 +1,65 @@
+2009-12-02 Michael Wiegand <michael.wiegand at intevation.de>
+
+ * scripts/simple_machines_forum_37182.nasl,
+ scripts/ISPworker_26277.nasl:
+ Added new plugins.
+
+ * scripts/gb_flock_detect_win.nasl,
+ scripts/secpod_php_sec_bypass_vuln_aug09.nasl,
+ scripts/gb_apple_safari_js_uri_xss_vuln_sep09.nasl,
+ scripts/gb_k-meleon_detect.nasl,
+ scripts/ms_telnet_overflow.nasl,
+ scripts/gb_google_chrome_js_uri_xss_vuln_sep09.nasl,
+ scripts/gb_mozilla_prdts_addr_bar_spoofing_vuln_lin.nasl,
+ scripts/gb_adobe_robohelp_server_detect.nasl,
+ scripts/gb_opera_js_uri_xss_vuln_sep09_lin.nasl,
+ scripts/gb_openpro_file_inc_vuln.nasl,
+ scripts/secpod_google_chrome_mult_vuln_aug09.nasl,
+ scripts/secpod_ms09-046.nasl,
+ scripts/gb_dotnetnuke_skin_sec_bypass_vuln.nasl,
+ scripts/gb_maxthon_detect.nasl,
+ scripts/gb_mozilla_detect_win.nasl,
+ scripts/gb_opera_mult_url_spoof_vuln_sep09_lin.nasl,
+ scripts/gb_adobe_robohelp_server_unspecified_vuln.nasl,
+ scripts/gb_ibm_db2mc_mult_unspecified_vuln.nasl,
+ scripts/gb_sinecms_detect.nasl,
+ scripts/gb_firefox_detect_lin.nasl,
+ scripts/gb_openoffice_word_bof_vuln_lin.nasl,
+ scripts/gb_netrisk_sec_bypass_vuln.nasl,
+ scripts/gb_openpro_detect.nasl,
+ scripts/gb_ikiwiki_detect.nasl,
+ scripts/secpod_squirrelmail_csrf_vuln.nasl,
+ scripts/gb_flock_detect_lin.nasl,
+ scripts/gb_firefox_data_uri_xss_vuln_sep09_lin.nasl,
+ scripts/gb_icq_toolbar_detect.nasl,
+ scripts/gb_dotnetnuke_installwizard_info_disc_vuln.nasl,
+ scripts/secpod_ms09-048.nasl,
+ scripts/gb_orca_browser_detect.nasl,
+ scripts/gb_ibm_db2mc_detect.nasl,
+ scripts/gb_dotnetnuke_detect.nasl,
+ scripts/gb_netrisk_detect.nasl,
+ scripts/secpod_firefox_document_location_dos_vuln.nasl,
+ scripts/secpod_asterisk_sip_channel_driver_dos_vuln.nasl,
+ scripts/secpod_ms_ie_addr_bar_spoofing_vuln.nasl,
+ scripts/gb_ms_win2k3_dos_vuln_sep09.nasl,
+ scripts/yahoo_msg_running.nasl,
+ scripts/gb_dotnetnuke_auth_bypass_vuln.nasl,
+ scripts/secpod_kvirc_detect_win.nasl,
+ scripts/gb_mozilla_prdts_addr_bar_spoofing_vuln_win.nasl,
+ scripts/secpod_projectbutler_file_inc_vuln.nasl,
+ scripts/gb_opera_js_uri_xss_vuln_sep09_win.nasl,
+ scripts/gb_avant_browser_addr_bar_spoofing_vuln.nasl,
+ scripts/gb_sinecms_file_incl_vuln.nasl,
+ scripts/gb_opera_mult_url_spoof_vuln_sep09_win.nasl,
+ scripts/secpod_google_chrome_chromehtml_dos_vuln.nasl,
+ scripts/secpod_ms09-047.nasl,
+ scripts/gb_lunascape_detect.nasl,
+ scripts/gb_icq_toolbar_actvx_ctrl_dos_vuln.nasl,
+ scripts/showmount.nasl,
+ scripts/gb_openoffice_word_bof_vuln_win.nasl,
+ scripts/gb_qtweb_detect.nasl:
+ Removed unnecessary log messages.
+
2009-12-02 Chandrashekhar B <bchandra at secpod.com>
* scripts/gb_typsoft_ftp_server_dos_vuln.nasl,
Modified: trunk/openvas-plugins/cve_current.txt
===================================================================
--- trunk/openvas-plugins/cve_current.txt 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/cve_current.txt 2009-12-02 16:30:58 UTC (rev 6038)
@@ -326,3 +326,4 @@
CVE-2009-4110 SecPod svn R
CVE-2009-4105 SecPod svn R
CVE-2009-4108 SecPod svn R
+37182 Greenbone svn R
Added: trunk/openvas-plugins/scripts/ISPworker_26277.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ISPworker_26277.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/ISPworker_26277.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -0,0 +1,100 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# ISPworker Download.PHP Multiple Directory Traversal Vulnerabilities
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100370);
+ script_bugtraq_id(26277);
+ script_cve_id("CVE-2007-5813");
+ script_version ("1.0-$Revision$");
+
+ script_name("ISPworker Download.PHP Multiple Directory Traversal Vulnerabilities");
+
+desc = "Overview:
+ISPworker is prone to multiple directory-traversal vulnerabilities
+because it fails to sufficiently sanitize user-supplied input.
+
+Exploiting these issues may allow an attacker to obtain sensitive
+information that could aid in further attacks.
+
+These issues affect ISPworker 1.21 and 1.23; other versions may also
+be affected.
+
+References:
+http://www.securityfocus.com/bid/26277
+http://www.ispware.de/ispworker/index.php
+
+Risk factor : Medium";
+
+ script_description(desc);
+ script_summary("Determine if ISPworker is prone to multiple directory-traversal vulnerabilities");
+ script_category(ACT_GATHER_INFO);
+ script_family("Web application abuses");
+ script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH");
+ script_dependencies("find_service.nes", "http_version.nasl");
+ script_require_ports("Services/www", 80);
+ script_exclude_keys("Settings/disable_cgi_scanning");
+ exit(0);
+}
+
+include("http_func.inc");
+include("http_keepalive.inc");
+include("global_settings.inc");
+
+port = get_http_port(default:80);
+
+if(!get_port_state(port))exit(0);
+
+if(!can_host_php(port:port))exit(0);
+
+dirs = make_list("/ispworker",cgi_dirs());
+
+foreach dir (dirs) {
+
+ url = string(dir, "/module/biz/index.php");
+ req = http_get(item:url, port:port);
+ buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE);
+ if( buf == NULL )continue;
+
+ if(egrep(pattern: "Login - ISPworker", string: buf, icase: TRUE) &&
+ egrep(pattern: "start_authentication", string: buf, icase: TRUE)) {
+
+ url = string(dir,"/module/ticket/download.php?ticketid=../../../../../../../../../etc/passwd%00");
+ req = http_get(item:url, port:port);
+ buf = http_keepalive_send_recv(port:port, data:req,bodyonly:FALSE);
+ if( buf == NULL )exit(0);
+
+ if(egrep(pattern: "root:.*:0:[01]:.*", string: buf, icase: TRUE)) {
+
+ security_warning(port:port);
+ exit(0);
+
+ }
+ }
+}
+
+exit(0);
+
Property changes on: trunk/openvas-plugins/scripts/ISPworker_26277.nasl
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Modified: trunk/openvas-plugins/scripts/gb_adobe_robohelp_server_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_adobe_robohelp_server_detect.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/gb_adobe_robohelp_server_detect.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -55,7 +55,6 @@
if(!get_port_state(robohelpPort))
{
- log_message(data:"gb_adobe_robohelp_server_detect.nasl: Required HTTP port is not open.");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_adobe_robohelp_server_unspecified_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_adobe_robohelp_server_unspecified_vuln.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/gb_adobe_robohelp_server_unspecified_vuln.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -81,7 +81,6 @@
robohelpPort = get_http_port(default:8080);
if(!robohelpPort)
{
- log_message(data:"gb_adobe_robohelp_server_unspecified_vuln.nasl: Required HTTP port is not open.");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_apple_safari_js_uri_xss_vuln_sep09.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_apple_safari_js_uri_xss_vuln_sep09.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/gb_apple_safari_js_uri_xss_vuln_sep09.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -76,7 +76,6 @@
safariVer = get_kb_item("AppleSafari/Version");
if(isnull(safariVer))
{
- log_message(data:"gb_apple_safari_js_uri_xss_vuln_sep09.nasl:Exit due to NULL value return from KB for Apple Safari");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_avant_browser_addr_bar_spoofing_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_avant_browser_addr_bar_spoofing_vuln.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/gb_avant_browser_addr_bar_spoofing_vuln.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -76,7 +76,6 @@
abVer = get_kb_item("AvantBrowser/Ver");
if(!abVer){
- log_message(data:"gb_avant_browser_addr_bar_spoofing_vuln.nasl:Avant Browser is not installed");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_dotnetnuke_auth_bypass_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_dotnetnuke_auth_bypass_vuln.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/gb_dotnetnuke_auth_bypass_vuln.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -76,14 +76,11 @@
dnnPort = get_http_port(default:80);
if(!dnnPort){
- log_message(data:"gb_dotnetnuke_auth_bypass_vuln.nasl: Required port is not open.");
exit(0);
}
dnnVer = get_kb_item("www/" + dnnPort + "/DotNetNuke");
if(!dnnVer){
- log_message(data:"gb_dotnetnuke_auth_bypass_vuln.nasl:
- DotNetNuke is not installed.");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_dotnetnuke_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_dotnetnuke_detect.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/gb_dotnetnuke_detect.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -54,7 +54,6 @@
}
if(!get_port_state(dnnPort)){
- log_message(data:"gb_dotnetnuke_detect.nasl: Required port is not open.");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_dotnetnuke_installwizard_info_disc_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_dotnetnuke_installwizard_info_disc_vuln.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/gb_dotnetnuke_installwizard_info_disc_vuln.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -76,15 +76,11 @@
dnnPort = get_http_port(default:80);
if(!dnnPort){
- log_message(data:"gb_dotnetnuke_installwizard_info_disc_vuln.nasl:
- Required port is not open.");
exit(0);
}
dnnVer = get_kb_item("www/" + dnnPort + "/DotNetNuke");
if(!dnnVer){
- log_message(data:"gb_dotnetnuke_installwizard_info_disc_vuln.nasl:
- DotNetNuke is not installed.");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_dotnetnuke_skin_sec_bypass_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_dotnetnuke_skin_sec_bypass_vuln.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/gb_dotnetnuke_skin_sec_bypass_vuln.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -76,15 +76,11 @@
dnnPort = get_http_port(default:80);
if(!dnnPort){
- log_message(data:"gb_dotnetnuke_skin_sec_bypass_vuln.nasl:
- Required port is not open.");
exit(0);
}
dnnVer = get_kb_item("www/" + dnnPort + "/DotNetNuke");
if(!dnnVer){
- log_message(data:"gb_dotnetnuke_skin_sec_bypass_vuln.nasl:
- DotNetNuke is not installed.");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_firefox_data_uri_xss_vuln_sep09_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_firefox_data_uri_xss_vuln_sep09_lin.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/gb_firefox_data_uri_xss_vuln_sep09_lin.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -82,7 +82,6 @@
if(!ffVer)
{
- log_message(data:"gb_firefox_data_uri_xss_vuln_sep09_lin.nasl: Firefox is not installed.");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_firefox_detect_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_firefox_detect_lin.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/gb_firefox_detect_lin.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -54,7 +54,6 @@
fox_sock = ssh_login_or_reuse_connection();
if(!fox_sock)
{
- log_message(data:"gb_firefox_detect_lin.nasl:Unable to login through SSH.");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_flock_detect_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_flock_detect_lin.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/gb_flock_detect_lin.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -49,7 +49,6 @@
f_soc = ssh_login_or_reuse_connection();
if(!f_soc){
- log_message(data:"gb_flock_detect_win.nasl:SSH login failed");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_flock_detect_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_flock_detect_win.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/gb_flock_detect_win.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -52,12 +52,10 @@
if(!get_kb_item("SMB/WindowsVersion"))
{
- log_message(data:"gb_flock_detect_win.nasl:Non-Windows Platform found");
exit(0);
}
if(!registry_key_exists(key:"SOFTWARE\Flock\Flock")){
- log_message(data:"gb_flock_detect_win.nasl:Flock is not installed");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_google_chrome_js_uri_xss_vuln_sep09.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_google_chrome_js_uri_xss_vuln_sep09.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/gb_google_chrome_js_uri_xss_vuln_sep09.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -78,7 +78,6 @@
chromeVer = get_kb_item("GoogleChrome/Win/Ver");
if(isnull(chromeVer))
{
- log_message(data:"gb_google_chrome_js_uri_xss_vuln_sep09.nasl:Google Chrome not installed.");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_ibm_db2mc_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ibm_db2mc_detect.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/gb_ibm_db2mc_detect.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -55,7 +55,6 @@
if(!get_port_state(dmcPort))
{
- log_message(data:"gb_ibm_db2mc_detect.nasl: Required HTTP port is not open.");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_ibm_db2mc_mult_unspecified_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ibm_db2mc_mult_unspecified_vuln.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/gb_ibm_db2mc_mult_unspecified_vuln.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -81,14 +81,12 @@
dmcPort = get_http_port(default:80);
if(!dmcPort)
{
- log_message(data:"gb_ibm_db2mc_mult_unspecified_vuln.nasl: Required HTTP Port is not open");
exit(0);
}
dmcVer = get_kb_item("www/" + dmcPort + "/IBM/DB2MC");
if(!dmcVer)
{
- log_message(data:"gb_ibm_db2mc_mult_unspecified_vuln.nasl: IBM DB2 MC is not installed.");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_icq_toolbar_actvx_ctrl_dos_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_icq_toolbar_actvx_ctrl_dos_vuln.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/gb_icq_toolbar_actvx_ctrl_dos_vuln.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -82,7 +82,6 @@
cqVer = get_kb_item("ICQ/Toolbar/Ver");
if(!cqVer)
{
- log_message(data:"gb_icq_toolbar_actvx_ctrl_dos_vuln: ICQ Toolbar is not installed.");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_icq_toolbar_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_icq_toolbar_detect.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/gb_icq_toolbar_detect.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -51,7 +51,6 @@
include("secpod_smb_func.inc");
if(!get_kb_item("SMB/WindowsVersion")){
- log_message(data:"gb_icq_toolbar_detect.nasl: Not a Windows target.");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_ikiwiki_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ikiwiki_detect.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/gb_ikiwiki_detect.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -50,7 +50,6 @@
sock = ssh_login_or_reuse_connection();
if(!sock)
{
- log_message(data:"gb_ikiwiki_detect.nasl: SSH login failed.");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_k-meleon_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_k-meleon_detect.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/gb_k-meleon_detect.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -52,7 +52,6 @@
if(!get_kb_item("SMB/WindowsVersion"))
{
- log_message(data:"gb_k-meleon_detect.nasl: Not a Windows target.");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_lunascape_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_lunascape_detect.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/gb_lunascape_detect.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -52,7 +52,6 @@
if(!get_kb_item("SMB/WindowsVersion"))
{
- log_message(data:"gb_lunascape_detect.nasl:Not a Windows target.");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_maxthon_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_maxthon_detect.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/gb_maxthon_detect.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -52,7 +52,6 @@
if(!get_kb_item("SMB/WindowsVersion"))
{
- log_message(data:"gb_maxthon_detect.nasl: Not a Windows target.");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_mozilla_detect_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_mozilla_detect_win.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/gb_mozilla_detect_win.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -106,7 +106,6 @@
if(!get_kb_item("SMB/WindowsVersion")){
- log_message(data:"gb_mozilla_detect_win.nasl: Not a Windows target.");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_mozilla_prdts_addr_bar_spoofing_vuln_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_mozilla_prdts_addr_bar_spoofing_vuln_lin.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/gb_mozilla_prdts_addr_bar_spoofing_vuln_lin.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -84,7 +84,6 @@
version_is_equal(version:ffVer, test_version:"3.5.2"))
{
security_warning(0);
- log_message(data:"Exit due to Firefox Vulnerable version is Found");
exit(0);
}
}
Modified: trunk/openvas-plugins/scripts/gb_mozilla_prdts_addr_bar_spoofing_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_mozilla_prdts_addr_bar_spoofing_vuln_win.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/gb_mozilla_prdts_addr_bar_spoofing_vuln_win.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -84,7 +84,6 @@
version_is_equal(version:ffVer, test_version:"3.5.2"))
{
security_warning(0);
- log_message(data:"Exit due to Firefox Vulnerable version is Found");
exit(0);
}
}
Modified: trunk/openvas-plugins/scripts/gb_ms_win2k3_dos_vuln_sep09.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ms_win2k3_dos_vuln_sep09.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/gb_ms_win2k3_dos_vuln_sep09.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -80,8 +80,6 @@
include("secpod_smb_func.inc");
if(hotfix_check_sp(win2003:3) <= 0){
- log_message(data:"gb_ms_win2k3_dos_vuln_sep09.nasl:
- Installed OS is not vulnerable");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_netrisk_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_netrisk_detect.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/gb_netrisk_detect.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -55,7 +55,6 @@
if(!get_port_state(netriskPort))
{
- log_message(data:"gb_netrisk_detect.nasl: Required HTTP port is not open");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_netrisk_sec_bypass_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_netrisk_sec_bypass_vuln.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/gb_netrisk_sec_bypass_vuln.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -80,7 +80,6 @@
if(!netriskPort)
{
- log_message(data:"gb_netrisk_sec_bypass_vuln.nasl: Required HTTP port is not open.");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_openoffice_word_bof_vuln_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_openoffice_word_bof_vuln_lin.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/gb_openoffice_word_bof_vuln_lin.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -79,7 +79,6 @@
openVer = get_kb_item("OpenOffice/Linux/Ver");
if(!openVer)
{
- log_message(data:"gb_openoffice_word_bof_vuln_lin.nasl: OpenOffice is not installed.");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_openoffice_word_bof_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_openoffice_word_bof_vuln_win.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/gb_openoffice_word_bof_vuln_win.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -79,7 +79,6 @@
openVer = get_kb_item("OpenOffice/Win/Ver");
if(!openVer)
{
- log_message(data:"gb_openoffice_word_bof_vuln_win.nasl: OpenOffice is not installed.");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_openpro_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_openpro_detect.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/gb_openpro_detect.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -53,7 +53,6 @@
openPort = 80;
}
if(!get_port_state(openPort)){
- log_message(data:"gb_openpro_detect.nasl: Required HTTP port is not open");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_openpro_file_inc_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_openpro_file_inc_vuln.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/gb_openpro_file_inc_vuln.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -77,7 +77,6 @@
openPort = get_http_port(default:80);
if(!openPort){
- log_message(data:"gb_openpro_file_inc_vuln.nasl: Required HTTP port is not open");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_opera_js_uri_xss_vuln_sep09_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_opera_js_uri_xss_vuln_sep09_lin.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/gb_opera_js_uri_xss_vuln_sep09_lin.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -76,7 +76,6 @@
operaVer = get_kb_item("Opera/Build/Linux/Ver");
if(isnull(operaVer))
{
- log_message(data:"gb_opera_js_uri_xss_vuln_sep09_lin.nasl: Opera is not installed.");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_opera_js_uri_xss_vuln_sep09_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_opera_js_uri_xss_vuln_sep09_win.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/gb_opera_js_uri_xss_vuln_sep09_win.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -76,7 +76,6 @@
operaVer = get_kb_item("Opera/Build/Win/Ver");
if(isnull(operaVer))
{
- log_message(data:"gb_opera_js_uri_xss_vuln_sep09_win.nasl: Opera is not installed");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_opera_mult_url_spoof_vuln_sep09_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_opera_mult_url_spoof_vuln_sep09_lin.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/gb_opera_mult_url_spoof_vuln_sep09_lin.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -89,7 +89,6 @@
if(isnull(operaVer))
{
- log_message(data:"gb_opera_mult_url_spoof_vuln_sep09_lin.nasl: Opera is not installed.");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_opera_mult_url_spoof_vuln_sep09_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_opera_mult_url_spoof_vuln_sep09_win.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/gb_opera_mult_url_spoof_vuln_sep09_win.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -88,7 +88,6 @@
operaVer = get_kb_item("Opera/Win/Version");
if(isnull(operaVer))
{
- log_message(data:"gb_opera_mult_url_spoof_vuln_sep09_win.nasl: Opera is not installed.");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_orca_browser_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_orca_browser_detect.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/gb_orca_browser_detect.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -108,7 +108,6 @@
if(!get_kb_item("SMB/WindowsVersion"))
{
- log_message(data:"gb_orca_browser_detect.nasl: Not a Windows target.");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_qtweb_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_qtweb_detect.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/gb_qtweb_detect.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -52,7 +52,6 @@
if(!get_kb_item("SMB/WindowsVersion"))
{
- log_message(data:"gb_qtweb_detect.nasl: Not a Windows target.");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_sinecms_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_sinecms_detect.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/gb_sinecms_detect.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -55,7 +55,6 @@
if(!get_port_state(sinePort))
{
- log_message(data:"gb_sinecms_detect.nasl: Required HTTP port is not open.");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_sinecms_file_incl_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_sinecms_file_incl_vuln.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/gb_sinecms_file_incl_vuln.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -81,7 +81,6 @@
sinePort = get_http_port(default:80);
if(!sinePort)
{
- log_message(data:"gb_sinecms_file_incl_vuln.nasl: Required HTTP port is not open.");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/ms_telnet_overflow.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ms_telnet_overflow.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/ms_telnet_overflow.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -70,7 +70,6 @@
close(sock);
return(1);
}else{
- log_message(data:'Can\'t connect to port ' + port);
return(0);
}
}
Modified: trunk/openvas-plugins/scripts/secpod_asterisk_sip_channel_driver_dos_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_asterisk_sip_channel_driver_dos_vuln.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/secpod_asterisk_sip_channel_driver_dos_vuln.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -124,8 +124,6 @@
astk_sock = ssh_login_or_reuse_connection();
if(!astk_sock)
{
- log_message(data:"secpod_asterisk_sip_channel_driver_dos_vuln.nasl:
- Unable to login over ssh");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/secpod_firefox_document_location_dos_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_firefox_document_location_dos_vuln.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/secpod_firefox_document_location_dos_vuln.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -81,8 +81,6 @@
include("version_func.inc");
if(hotfix_check_sp(xp:4) <= 0){
- log_message(data:"secpod_firefox_document_location_dos_vuln.nasl:
- Installed OS is not Windows XP SP3 and below");
exit(0);
}
@@ -91,8 +89,6 @@
if(isnull(ffVer))
{
- log_message(data:"secpod_firefox_document_location_dos_vuln.nasl:
- Firefox is not installed");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/secpod_google_chrome_chromehtml_dos_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_google_chrome_chromehtml_dos_vuln.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/secpod_google_chrome_chromehtml_dos_vuln.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -78,8 +78,6 @@
chromeVer = get_kb_item("GoogleChrome/Win/Ver");
if(isnull(chromeVer)){
- log_message(data:"secpod_google_chrome_chromehtml_dos_vuln.nasl:
- Google Chrome is not installed");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/secpod_google_chrome_mult_vuln_aug09.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_google_chrome_mult_vuln_aug09.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/secpod_google_chrome_mult_vuln_aug09.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -82,8 +82,6 @@
chromeVer = get_kb_item("GoogleChrome/Win/Ver");
if(isnull(chromeVer)){
- log_message(data:"secpod_google_chrome_mult_vuln_aug09.nasl:
- Google Chrome is not installed");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/secpod_kvirc_detect_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_kvirc_detect_win.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/secpod_kvirc_detect_win.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -52,7 +52,6 @@
# Check for Windows OS
if(!get_kb_item("SMB/WindowsVersion")){
- log_message(data:"secpod_kvirc_detect_win.nasl:Target Machine is not a Windows OS");
exit(0);
}
@@ -102,7 +101,6 @@
}
else
{
- log_message(data:"Version is not Found in Readme.txt File");
exit(0);
}
}
Modified: trunk/openvas-plugins/scripts/secpod_ms09-046.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms09-046.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/secpod_ms09-046.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -81,14 +81,12 @@
include("secpod_smb_func.inc");
if(hotfix_check_sp(xp:4, win2k:5, win2003:3) <= 0){
- log_message(data:"Exit because installed OS is not vulnerable");
exit(0);
}
# MS09-046 Hotfix check
if(hotfix_missing(name:"956844") == 0)
{
- log_message(data:"secpod_ms09-046.nasl: Hotfix is installed.");
exit(0);
}
@@ -97,7 +95,6 @@
if(!dllPath)
{
- log_message(data:"secpod_ms09-046.nasl: Required dll is not found.");
exit(0);
}
@@ -108,7 +105,6 @@
dllVer = GetVer(file:file, share:share);
if(!dllVer)
{
- log_message(data:"secpod_ms09-046.nasl: Required dll is not found.");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/secpod_ms09-047.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms09-047.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/secpod_ms09-047.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -86,7 +86,6 @@
# MS09-047 Hotfix check
if((hotfix_missing(name:"968816") == 0)||(hotfix_missing(name:"972554") == 0))
{
- log_message(data:"secpod_ms09-047.nasl: Required hotfix is installed.");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/secpod_ms09-048.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms09-048.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/secpod_ms09-048.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -91,7 +91,6 @@
# MS09-048 Hotfix check
if(hotfix_missing(name:"967723") == 0)
{
- log_message(data:"secpod_ms09-048.nasl: Hotfix is installed.");
exit(0);
}
@@ -99,7 +98,6 @@
item:"Install Path");
if(!sysPath)
{
- log_message(data:"secpod_ms09-048.nasl: Required file is not present.");
exit(0);
}
@@ -110,7 +108,6 @@
sysVer = GetVer(file:file, share:share);
if(!sysVer)
{
- log_message(data:"secpod_ms09-048.nasl: Unable to get the version for the file Tcpip.sys.");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/secpod_ms_ie_addr_bar_spoofing_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms_ie_addr_bar_spoofing_vuln.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/secpod_ms_ie_addr_bar_spoofing_vuln.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -78,7 +78,6 @@
ieVer = get_kb_item("MS/IE/EXE/Ver");
if(!ieVer)
{
- log_message(data:"secpod_ms_ie_addr_bar_spoofing_vuln:Internet Explorer is not installed");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/secpod_php_sec_bypass_vuln_aug09.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_php_sec_bypass_vuln_aug09.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/secpod_php_sec_bypass_vuln_aug09.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -80,7 +80,6 @@
phpPort = get_http_port(default:80);
if(!phpPort)
{
- log_message(data:"secpod_php_sec_bypass_vuln_aug09.nasl: HTTP port is not open");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/secpod_projectbutler_file_inc_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_projectbutler_file_inc_vuln.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/secpod_projectbutler_file_inc_vuln.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -81,15 +81,11 @@
}
if(!get_port_state(pbPort)){
- log_message(data:"secpod_projectbutler_file_inc_vuln.nasl:
- Require port is not open");
exit(0);
}
if(safe_checks())
{
- log_message(data:"secpod_projectbutler_file_inc_vuln.nasl:
- Safe check is enabled, not proceeding");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/secpod_squirrelmail_csrf_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_squirrelmail_csrf_vuln.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/secpod_squirrelmail_csrf_vuln.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -86,7 +86,6 @@
if(isnull(squirrelPort))
{
- log_message(data:"secpod_squirrelmail_csrf_vuln.nasl: Required HTTP port is not open");
exit(0);
}
@@ -94,7 +93,6 @@
if(isnull(squirrelVer))
{
- log_message(data:"secpod_squirrelmail_csrf_vuln.nasl: SquirrelMail not installed");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/showmount.nasl
===================================================================
--- trunk/openvas-plugins/scripts/showmount.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/showmount.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -105,7 +105,6 @@
if(protocol == IPPROTO_UDP){
udp_sock = open_sock_udp(port);
if(isnull(udp_sock)) {
- log_message(data: "rpc_mountd_export: Error opening socket on udp port " + port);
return NULL;
}
send(socket: udp_sock, data: rpc_mountd_export_call);
@@ -114,43 +113,36 @@
}else if(protocol == IPPROTO_TCP){
tcp_sock = open_sock_tcp(port);
if(isnull(tcp_sock)){
- log_message(data: "rpc_mountd_export: Error opening socket on tcp port " + port);
return NULL;
}
send(socket: tcp_sock, data: rpc_mountd_export_call);
rpc_mountd_export_reply = recv(socket: tcp_sock, length: MSS);
close(tcp_sock);
}else {
- log_message(data: "rpc_mountd_export: Invalid protocol");
return NULL;
}
if(isnull(rpc_mountd_export_reply)){
- log_message(data: "rpc_mountd_export: No reply message");
return NULL;
}
#RPC reply
reply_xid = substr(rpc_mountd_export_reply,0,3);
if(reply_xid != XID){
- log_message(data: "rpc_mountd_export: xid don't match");
return NULL;
}
reply_msg_type = substr(rpc_mountd_export_reply,4,7);
if(reply_msg_type != raw_string(0x00, 0x00, 0x00, 0x01)){
- log_message(data: "rpc_mountd_export: Not a reply message");
return NULL;
}
reply_reply_state = substr(rpc_mountd_export_reply,8,11);
if(reply_reply_state != raw_string(0x00, 0x00, 0x00, 0x00)){
- log_message(data: "rpc_mountd_export: Call was denied by the server");
return NULL;
}
reply_verifier_flavor = substr(rpc_mountd_export_reply,12,15);
reply_verifier_length = substr(rpc_mountd_export_reply,16,19);
reply_accept_state = substr(rpc_mountd_export_reply,20,23);
if(reply_accept_state != raw_string(0x00, 0x00, 0x00, 0x00)){
- log_message(data: "rpc_mountd_export: Remote procedure returned an error");
return NULL;
}
#MOUNTD exportlist
@@ -168,7 +160,6 @@
export_list = rpc_mountd_export(port: RPC_MOUNTD_port, protocol: IPPROTO_UDP); #using UDP because get_rpc_port is written only for udp ports
if(isnull(export_list)){
- log_message(data: "rpc_mountd_export: FAIL!");
exit(-1);
}else{
VALUE_FOLLOWS = raw_string(0x00, 0x00, 0x00, 0x01);
Added: trunk/openvas-plugins/scripts/simple_machines_forum_37182.nasl
===================================================================
--- trunk/openvas-plugins/scripts/simple_machines_forum_37182.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/simple_machines_forum_37182.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -0,0 +1,101 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Simple Machines Forum Multiple Security Vulnerabilities
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100371);
+ script_bugtraq_id(37182);
+ script_version ("1.0-$Revision$");
+
+ script_name("Simple Machines Forum Multiple Security Vulnerabilities");
+
+desc = "Overview:
+Simple Machines Forum is prone to multiple security vulnerabilities:
+
+- A remote PHP code-execution vulnerability
+- Multiple cross-site scripting vulnerabilities
+- Multiple cross-site request-forgery vulnerabilities
+- An information-disclosure vulnerability
+- Multiple denial-of-service vulnerabilities
+
+ Attackers can exploit these issues to execute arbitrary script code
+ within the context of the webserver, perform unauthorized actions on
+ behalf of legitimate users, compromise the affected application,
+ steal cookie-based authentication credentials, obtain information
+ that could aid in further attacks or cause denial-of-service
+ conditions.
+
+Please note some of these issues may already be described in other
+BIDs. This BID will be updated if further analysis confirms this.
+
+These issues affect Simple Machines Forum 2.0 RC2. Some of these
+issues also affect version 1.1.10.
+
+Solution:
+Reportedly, the vendor fixed some of the issues in the release 1.1.11.
+
+References:
+http://www.securityfocus.com/bid/37182
+http://www.simplemachines.org/
+http://code.google.com/p/smf2-review/issues/list
+
+Risk factor : High";
+
+ script_description(desc);
+ script_summary("Determine if Simple Machines Forum is prone to multiple security vulnerabilities");
+ script_category(ACT_GATHER_INFO);
+ script_family("Web application abuses");
+ script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH");
+ script_dependencies("gb_simple_machines_forum_detect.nasl");
+ script_require_ports("Services/www", 80);
+ script_exclude_keys("Settings/disable_cgi_scanning");
+ exit(0);
+}
+
+include("http_func.inc");
+include("http_keepalive.inc");
+include("version_func.inc");
+
+port = get_http_port(default:80);
+if(!get_port_state(port))exit(0);
+
+if (!can_host_php(port:port)) exit(0);
+
+if(!version = get_kb_item(string("www/", port, "/SMF")))exit(0);
+if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0);
+
+vers = matches[1];
+
+if(!isnull(vers) && vers >!< "unknown") {
+
+ if(version_is_equal(version: vers, test_version: "1.1.10") ||
+ version_is_equal(version: vers, test_version: "2.0.RC2")) {
+ security_warning(port:port);
+ exit(0);
+ }
+}
+
+exit(0);
Property changes on: trunk/openvas-plugins/scripts/simple_machines_forum_37182.nasl
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Modified: trunk/openvas-plugins/scripts/yahoo_msg_running.nasl
===================================================================
--- trunk/openvas-plugins/scripts/yahoo_msg_running.nasl 2009-12-02 13:56:52 UTC (rev 6037)
+++ trunk/openvas-plugins/scripts/yahoo_msg_running.nasl 2009-12-02 16:30:58 UTC (rev 6038)
@@ -173,7 +173,6 @@
}
}else{
- log_message(data:"Can't open socket.");
exit(-1);
}
More information about the Openvas-commits
mailing list