[Openvas-commits] r6131 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Mon Dec 14 09:18:50 CET 2009


Author: chandra
Date: 2009-12-14 09:18:47 +0100 (Mon, 14 Dec 2009)
New Revision: 6131

Added:
   trunk/openvas-plugins/scripts/gb_ideal_administrator_bof_vuln.nasl
   trunk/openvas-plugins/scripts/gb_ideal_administrator_detect.nasl
   trunk/openvas-plugins/scripts/gb_image_hosting_script_dpi_detect.nasl
   trunk/openvas-plugins/scripts/gb_image_hosting_script_dpi_xss_vuln.nasl
   trunk/openvas-plugins/scripts/gb_panda_prdts_detect.nasl
   trunk/openvas-plugins/scripts/gb_panda_prdts_priv_esc_vuln.nasl
   trunk/openvas-plugins/scripts/gb_telepark_wiki_detect.nasl
   trunk/openvas-plugins/scripts/gb_telepark_wiki_mult_vuln.nasl
   trunk/openvas-plugins/scripts/gb_testlink_detect.nasl
   trunk/openvas-plugins/scripts/gb_testlink_xss_n_sql_inj_vuln.nasl
   trunk/openvas-plugins/scripts/secpod_ms09-074.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/cve_current.txt
   trunk/openvas-plugins/scripts/cpe.inc
   trunk/openvas-plugins/scripts/gb_cutenews_n_utf8cutenews_mult_vuln.nasl
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2009-12-12 12:41:25 UTC (rev 6130)
+++ trunk/openvas-plugins/ChangeLog	2009-12-14 08:18:47 UTC (rev 6131)
@@ -1,3 +1,21 @@
+2009-12-14  Chandrashekhar B <bchandra at secpod.com>
+
+	* scripts/gb_panda_prdts_priv_esc_vuln.nasl,
+	scripts/gb_panda_prdts_detect.nasl,
+	scripts/gb_image_hosting_script_dpi_xss_vuln.nasl,
+	scripts/gb_testlink_xss_n_sql_inj_vuln.nasl,
+	scripts/gb_image_hosting_script_dpi_detect.nasl,
+	scripts/gb_ideal_administrator_detect.nasl,
+	scripts/gb_testlink_detect.nasl,
+	scripts/gb_ideal_administrator_bof_vuln.nasl,
+	scripts/secpod_ms09-074.nasl,
+	scripts/gb_telepark_wiki_detect.nasl,
+	scripts/gb_telepark_wiki_mult_vuln.nasl:
+	Added new plugins.
+
+	* scripts/gb_cutenews_n_utf8cutenews_mult_vuln.nasl:
+	Added new CVE's.
+
 2009-12-12 Michael Meyer <michael.meyer at intevation.de>
 
 	* scripts/ePo_detect.nasl:

Modified: trunk/openvas-plugins/cve_current.txt
===================================================================
--- trunk/openvas-plugins/cve_current.txt	2009-12-12 12:41:25 UTC (rev 6130)
+++ trunk/openvas-plugins/cve_current.txt	2009-12-14 08:18:47 UTC (rev 6131)
@@ -366,4 +366,14 @@
 CVE-2009-4238			Greenbone	svn		R
 37248				Greenbone	svn		R
 37282				Greenbone	svn		R
-
+CVE-2009-4088			SecPod		svn		R
+CVE-2009-4087			SecPod		svn		R
+CVE-2009-4090			SecPod		svn		R
+CVE-2009-4089			SecPod		svn		R
+CVE-2009-4252			SecPod		svn		R
+CVE-2009-4265			SecPod		svn		L
+CVE-2009-4215			SecPod		svn		L
+CVE-2009-4237			SecPod		svn		R
+CVE-2009-4238			SecPod		svn		R
+CVE-2009-4250			SecPod		svn		R
+CVE-2009-4249			SecPod		svn		R

Modified: trunk/openvas-plugins/scripts/cpe.inc
===================================================================
--- trunk/openvas-plugins/scripts/cpe.inc	2009-12-12 12:41:25 UTC (rev 6130)
+++ trunk/openvas-plugins/scripts/cpe.inc	2009-12-14 08:18:47 UTC (rev 6131)
@@ -744,7 +744,14 @@
 "Golden/FTP/Free/Ver", "^([0-9.]+)", "cpe:/a:kmint21:golden_ftp_server:",
 "YahooMessenger/Ver", "^([0-9.]+)", "cpe:/a:yahoo:messenger:",
 "Serenity/Audio/Player/Ver", "^([0-9.]+)", "cpe:/a:malsmith:serenity_audio_player:",
-"Mplay/Audio/Player/Ver", "^([0-9.]+)", "cpe:/a:malsmith:serenity_audio_player:"
+"Mplay/Audio/Player/Ver", "^([0-9.]+)", "cpe:/a:malsmith:serenity_audio_player:",
+"www/*/Telepark.wiki", "^([0-9.]+)", "cpe:/a:telepark:telepark.wiki:",
+"www/*/ImageHostingScript/DPI", "^([0-9.]+)", "cpe:/a:image-host-script:image_hosting_script:",
+"IDEAL/Admin/Ver", "^([0-9.]+)", "cpe:/a:pointdev:ideal_administration_2009:",
+"Panda/InternetSecurity/Ver", "^([0-9.]+)", "cpe:/a:pandasecurity:panda_internet_security:",
+"Panda/GlobalProtection/Ver", "^([0-9.]+)", "cpe:/a:pandasecurity:panda_global_protection:",
+"Panda/Antivirus/Ver", "^([0-9.]+)", "cpe:/a:pandasecurity:panda_antivirus:",
+"www/*/TestLink", "^([0-9.]+)", "cpe:/a:teamst:testlink:"
 );
 
 

Modified: trunk/openvas-plugins/scripts/gb_cutenews_n_utf8cutenews_mult_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_cutenews_n_utf8cutenews_mult_vuln.nasl	2009-12-12 12:41:25 UTC (rev 6130)
+++ trunk/openvas-plugins/scripts/gb_cutenews_n_utf8cutenews_mult_vuln.nasl	2009-12-14 08:18:47 UTC (rev 6131)
@@ -7,6 +7,10 @@
 # Authors:
 # Antu Sanadi <santu at secpod.com>
 #
+# Udated By:
+# Antu Sanadi <santu at secpod.com> on 2009-12-10 #6147
+# Updated the CVE's and Description
+#
 # Copyright:
 # Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
 #
@@ -29,7 +33,8 @@
   script_id(801056);
   script_version("$Revision: 1.0 $");
   script_cve_id("CVE-2009-4113", "CVE-2009-4116", "CVE-2009-4115", "CVE-2009-4174",
-                "CVE-2009-4175", "CVE-2009-4173", "CVE-2009-4172");
+                "CVE-2009-4175", "CVE-2009-4173", "CVE-2009-4172","CVE-2009-4250",
+                "CVE-2009-4249");
   script_bugtraq_id(36971);
   script_name("CuteNews/UTF-8 CuteNews Multiple Vulneablities");
   desc = "
@@ -50,6 +55,12 @@
   - An error in 'modified id' parameter in a 'doeditnews' action allows remote
     users with Journalist or Editor access to bypass administrative moderation
     and edit previously submitted articles.
+  - An improper validation of user-supplied input by the result parameter to
+    'register.php', the user parameter to 'search.php', the cat_msg, source_msg,
+    postponed_selected, unapproved_selected, and news_per_page parameters in a list
+    action to the editnews module of 'index.php' and the link tag in news comments
+  - An error in lastusername and mod parameters to 'index.php' and the title parameter
+    to 'search.php' it allow attackers to inject arbitrary web script or HTML
 
   Impact:
   Successful exploitation could allow remote attackers to steal user credentials,
@@ -66,7 +77,7 @@
   http://korn19.ch/coding/utf8-cutenews/
 
   For CuteNews:
-  No solution or patch is available as on 05th December, 2009, Information
+  No solution or patch is available as on 10th December, 2009, Information
   regarding this issue will be updated once the solution details are available.
   For updates refer, http://cutephp.com/
 

Added: trunk/openvas-plugins/scripts/gb_ideal_administrator_bof_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ideal_administrator_bof_vuln.nasl	2009-12-12 12:41:25 UTC (rev 6130)
+++ trunk/openvas-plugins/scripts/gb_ideal_administrator_bof_vuln.nasl	2009-12-14 08:18:47 UTC (rev 6131)
@@ -0,0 +1,86 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_ideal_administrator_bof_vuln.nasl 6181 2009-12-11 20:27:29Z dec $
+#
+# IDEAL Administration '.ipj' File Processing Buffer Overflow Vulnerability
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801089);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-4265");
+  script_name("IDEAL Administration '.ipj' File Processing Buffer Overflow Vulnerability");
+  desc = "
+  Overview: This host is installed with IDEAL Administration and is prone to
+  Buffer Overflow Vulnerability.
+
+  Vulnerability Insight:
+  This flaw is caused due to a boundary error in the processing of Ideal Project
+  Files ('.ipj'). This can be exploited to cause a stack based buffer overflow
+  when a user is tricked into opening a specially crafted '.ipj' file through
+  the application.
+
+  Impact:
+  Successful exploitation will let the attacker execute arbitrary code or
+  compromise a user's system.
+
+  Impact level: System.
+
+  Affected Software/OS:
+  IDEAL Administration 9.7.1 and prior.
+
+  Fix:
+  No solution or patch is available as on 11th December, 2009. Information
+  regarding this issue will be updated once the solution details are available.
+  For further information refer, http://www.pointdev.com/en/download/index.php
+
+  References:
+  http://freetexthost.com/abydoz3jwu
+  http://secunia.com/advisories/37572
+  http://pocoftheday.blogspot.com/2009/12/ideal-administration-2009-v97-local.html
+
+  CVSS Score:
+    CVSS Base Score      : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score  : 8.4
+  Risk factor : Critical";
+
+  script_description(desc);
+  script_summary("Check for the version of IDEAL Administration");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
+  script_family("Buffer overflow");
+  script_dependencies("gb_ideal_administrator_detect.nasl");
+  script_require_keys("IDEAL/Admin/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+# Check for IDEAL Administration 2009 (v9.7.1) and prior
+if(iaVer = get_kb_item("IDEAL/Admin/Ver"))
+{
+  if(version_is_less_equal(version:iaVer, test_version:"9.7.1")){
+    security_hole(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_ideal_administrator_bof_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_ideal_administrator_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ideal_administrator_detect.nasl	2009-12-12 12:41:25 UTC (rev 6130)
+++ trunk/openvas-plugins/scripts/gb_ideal_administrator_detect.nasl	2009-12-14 08:18:47 UTC (rev 6131)
@@ -0,0 +1,73 @@
+##############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_ideal_administrator_detect.nasl 6181 2009-12-11 20:10:24Z dec $
+#
+# Ideal Administration Version Detection
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801087);
+  script_version("$Revision: 1.0 $");
+  script_name("Ideal Administration Version Detection");
+  desc = "
+  Overview : This script finds the installed Ideal Administration and saves the
+  version in KB.
+
+  Risk factor : Informational";
+
+  script_description(desc);
+  script_summary("Set Version of Ideal Administration in KB");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
+  script_family("Service detection");
+  script_dependencies("secpod_reg_enum.nasl");
+  script_require_keys("SMB/WindowsVersion");
+  script_require_ports(139, 445);
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+  exit(0);
+}
+
+if(!registry_key_exists(key:"SOFTWARE\Microsoft\Windows\CurrentVersion" +
+                            "\App Paths\IA.exe")){
+  exit(0);
+}
+
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+foreach item (registry_enum_keys(key:key))
+{
+  iadmName = registry_get_sz(key:key + item, item:"DisplayName");
+  if("IDEAL Administration" >< iadmName)
+  {
+    iadmVer = registry_get_sz(key:key + item, item:"DisplayVersion");
+    if(iadmVer != NULL){
+      set_kb_item(name:"IDEAL/Admin/Ver", value:iadmVer);
+    }
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_ideal_administrator_detect.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_image_hosting_script_dpi_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_image_hosting_script_dpi_detect.nasl	2009-12-12 12:41:25 UTC (rev 6130)
+++ trunk/openvas-plugins/scripts/gb_image_hosting_script_dpi_detect.nasl	2009-12-14 08:18:47 UTC (rev 6131)
@@ -0,0 +1,70 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_image_hosting_script_dpi_detect.nasl 6150 2009-12-10 16:25:36Z dec $
+#
+# Clixint Image Hosting Script DPI Version Detection
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801081);
+  script_version("Revision: 1.0 ");
+  script_name("Clixint Image Hosting Script DPI Version Detection");
+  desc = "
+  Overview: This script finds the installed Clixint Image Hosting Script
+  DPI version and saves the result in KB.
+
+  Risk factor: Informational";
+
+  script_description(desc);
+  script_summary("Set the version of Clixint Image Hosting Script DPI in KB");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
+  script_family("Service detection");
+  script_dependencies("find_service.nes");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+
+dpiPort = get_http_port(default:80);
+if(!dpiPort){
+  exit(0);
+}
+
+foreach path (make_list("/", "/DPI11F", "/dpi", "/dpi11f", cgi_dirs()))
+{
+  sndReq = http_get(item:string(path, "/index.php"), port:dpiPort);
+  rcvRes = http_send_recv(port:dpiPort, data:sndReq);
+  if("image hosting script" >< rcvRes && "DPI" >< rcvRes)
+  {
+    dpiVer = eregmatch(pattern:"DPI (([0-9.]+)( ?[a-zA-z]+)?)" , string:rcvRes);
+    if(dpiVer[1] != NULL)
+    {
+      version = ereg_replace(pattern:" ", replace:".", string:dpiVer[1]);
+      set_kb_item(name:"www/" + dpiPort + "/ImageHostingScript/DPI",
+           value:version + " under " + path);
+    }
+  }
+}

Added: trunk/openvas-plugins/scripts/gb_image_hosting_script_dpi_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_image_hosting_script_dpi_xss_vuln.nasl	2009-12-12 12:41:25 UTC (rev 6130)
+++ trunk/openvas-plugins/scripts/gb_image_hosting_script_dpi_xss_vuln.nasl	2009-12-14 08:18:47 UTC (rev 6131)
@@ -0,0 +1,97 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_image_hosting_script_dpi_xss_vuln.nasl 6150 2009-12-10 15:11:27Z dec $
+#
+# Clixint DPI Image Hosting Script Cross Site Scripting Vulnerability
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801082);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-4252");
+  script_name("Clixint DPI Image Hosting Script Cross Site Scripting Vulnerability");
+  desc = "
+  Overview: This host is running Flashlight Free Edition and is prone to Cross Site
+  Scripting Vulnerability.
+
+  Vulnerability Insight:
+  This flaw is due to an error in 'images.php' which doesn't verify user supplied
+  input before being used via 'date' parameter.
+
+  Impact:
+  Successful exploitation could allow remote attackers to execute arbitrary HTML
+  script codes in a user's established login session into the context of an
+  affected site running the vulnerable web application.
+
+  Impact Level: Network/Application.
+
+  Affected Software/OS:
+  Image Hosting Script DPI 1.1 Final and prior on all running platform.
+
+  Fix: Apply patch,
+  http://www.clixint.com/support/viewtopic.php?f=3&t=542
+
+  *****
+  NOTE: Ignore this warning, if above mentioned patch is already applied.
+  *****
+
+  References:
+  http://secunia.com/advisories/37456
+  http://www.exploit-db.com/exploits/10300
+
+  CVSS Score:
+    CVSS Base Score      : 4.3 (AV:N/AC:M/Au:NR/C:N/I:P/A:N)
+    CVSS Temporal Score  : 3.4
+  Risk factor: Medium";
+
+  script_description(desc);
+  script_summary("Check for the version of Clixint Image Hosting Script DPI");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
+  script_dependencies("gb_image_hosting_script_dpi_detect.nasl");
+  script_family("Web application abuses");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+dpiPort = get_http_port(default:80);
+if(!dpiPort){
+  exit(0);
+}
+
+dpiVer = get_kb_item("www/" + dpiPort + "/ImageHostingScript/DPI");
+if(!dpiVer){
+  exit(0);
+}
+
+dpiVer = eregmatch(pattern:"^(.+) under (/.*)$", string:dpiVer);
+if(dpiVer[1] != NULL)
+{
+  if(version_is_less_equal(version:dpiVer[1], test_version:"1.1.Final")){
+    security_hole(dpiPort);
+  }
+}

Added: trunk/openvas-plugins/scripts/gb_panda_prdts_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_panda_prdts_detect.nasl	2009-12-12 12:41:25 UTC (rev 6130)
+++ trunk/openvas-plugins/scripts/gb_panda_prdts_detect.nasl	2009-12-14 08:18:47 UTC (rev 6131)
@@ -0,0 +1,91 @@
+##############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_panda_prdts_detect.nasl 6091 2009-12-08 20:10:24Z dec $
+#
+# Panda Products Version Detection
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801079);
+  script_version("$Revision: 1.0 $");
+  script_name("Panda Products Version Detection");
+  desc = "
+  Overview : This script finds the installed Panda Products and saves the
+  version in KB.
+
+  Risk factor : Informational";
+
+  script_description(desc);
+  script_summary("Set Version of Panda Products in KB");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
+  script_family("Service detection");
+  script_dependencies("secpod_reg_enum.nasl");
+  script_require_keys("SMB/WindowsVersion");
+  script_require_ports(139, 445);
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+  exit(0);
+}
+
+if(!registry_key_exists(key:"SOFTWARE\Panda Software")){
+  exit(0);
+}
+
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+foreach item (registry_enum_keys(key:key))
+{
+  avName = registry_get_sz(key:key + item, item:"DisplayName");
+  ##  Check for the Internet Security
+  if("Panda Internet Security" >< avName)
+  {
+    pandaVer = registry_get_sz(key:key + item, item:"DisplayVersion");
+    if(pandaVer != NULL){
+     set_kb_item(name:"Panda/InternetSecurity/Ver", value:pandaVer);
+    }
+  }
+
+  ##  Check for the Global Protection
+  if("Panda Global Protection" >< avName)
+  {
+    pandaVer = registry_get_sz(key:key + item, item:"DisplayVersion");
+    if(pandaVer != NULL){
+      set_kb_item(name:"Panda/GlobalProtection/Ver", value:pandaVer);
+    }
+  }
+
+  ##  Check for the Antivirus
+  if("Panda Antivirus" >< avName)
+  {
+    pandaVer = registry_get_sz(key:key + item, item:"DisplayVersion");
+    if(pandaVer != NULL){
+      set_kb_item(name:"Panda/Antivirus/Ver", value:pandaVer);
+    }
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_panda_prdts_detect.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_panda_prdts_priv_esc_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_panda_prdts_priv_esc_vuln.nasl	2009-12-12 12:41:25 UTC (rev 6130)
+++ trunk/openvas-plugins/scripts/gb_panda_prdts_priv_esc_vuln.nasl	2009-12-14 08:18:47 UTC (rev 6131)
@@ -0,0 +1,104 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_panda_prdts_priv_esc_vuln.nasl 6091 2009-12-08 20:27:29Z dec $
+#
+# Panda Products Privilege Escalation Vulnerability
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801080);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-4215");
+  script_name("Panda Products Privilege Escalation Vulnerability");
+  desc = "
+  Overview: This host is running panda Products and is prone to Privilege
+  Escalation Vulnerability.
+
+  Vulnerability Insight:
+  This flaw is caused due to insecure permissions being set on the 'PavFnSvr.exe'
+  file (Everyone/Full Control) within the installation directory, which could be
+  exploited by malicious users to replace the affected file with a malicious
+  binary which will be executed with SYSTEM privileges.
+
+  Impact:
+  Successful exploitation will let the attacker replace the affected binary file
+  with a malicious binary which will be executed with SYSTEM privileges.
+
+  Impact level: System.
+
+  Affected Software/OS:
+  Panda AntiVirus Pro 2010 version 9.01.00 and prior.
+  Panda Internet Security 2010 version 15.01.00 and prior.
+  Panda Global Protection 2010 version 3.01.00 and prior.
+
+  Fix: Apply the security updates accordingly.
+  http://www.pandasecurity.com/homeusers/support/card?id=80164&idIdioma=2
+
+  References:
+  http://secunia.com/advisories/37373
+  http://www.securitytracker.com/id?1023121
+  http://www.vupen.com/english/advisories/2009/3126
+  http://www.securityfocus.com/archive/1/archive/1/507811/100/0/threaded
+
+  CVSS Score:
+    CVSS Base Score     : 7.2 (AV:L/AC:L/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 5.3
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Check for the version of Panda AntiVirus Products");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
+  script_family("Privilege escalation");
+  script_dependencies("gb_panda_prdts_detect.nasl");
+  script_require_keys("Panda/InternetSecurity/Ver", "Panda/GlobalProtection/Ver",
+                      "Panda/Antivirus/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+# Check for the Panda Antivirus 2010(9.01.00) and prior
+if(pandaVer = get_kb_item("Panda/Antivirus/Ver"))
+{
+  if(version_in_range(version:pandaVer, test_version:"9.0", test_version2:"9.01.00")){
+    security_hole(0);
+  }
+}
+
+# Check for the Panda Internet Security 2010(15.01.00) and prior
+else if(pandaVer = get_kb_item("Panda/InternetSecurity/Ver"))
+{
+  if(version_in_range(version:pandaVer, test_version:"15.0", test_version2:"15.01.00")){
+    security_hole(0);
+  }
+}
+
+#Check for the Panda Global Protection 2010 (3.01.00) and prrior.
+else if(pandaVer = get_kb_item("Panda/GlobalProtection/Ver"))
+{
+   if(version_in_range(version:pandaVer, test_version:"3.0", test_version2:"3.01.00")){
+    security_hole(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_panda_prdts_priv_esc_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_telepark_wiki_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_telepark_wiki_detect.nasl	2009-12-12 12:41:25 UTC (rev 6130)
+++ trunk/openvas-plugins/scripts/gb_telepark_wiki_detect.nasl	2009-12-14 08:18:47 UTC (rev 6131)
@@ -0,0 +1,69 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_telepark_wiki_detect.nasl 5962 2009-12-12 16:25:36Z dec $
+#
+# Telepark.wiki Version Detection
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801067);
+  script_version("Revision: 1.0 ");
+  script_name("Telepark.wiki Version Detection");
+  desc = "
+  Overview: This script finds the installed Telepark Wiki version and saves
+  the result in KB.
+
+  Risk factor: Informational";
+
+  script_description(desc);
+  script_summary("Set the version of Telepark Wiki in KB");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
+  script_family("Service detection");
+  script_dependencies("find_service.nes");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+
+telwikiPort = get_http_port(default:80);
+if(!telwikiPort){
+  exit(0);
+}
+
+foreach path (make_list("/", "/teleparkwiki", "/twiki", cgi_dirs()))
+{
+  sndReq = http_get(item: path + "/index.php", port:telwikiPort);
+  rcvRes = http_send_recv(port:telwikiPort, data:sndReq);
+  if("telepark.wiki" >< rcvRes)
+  {
+    telwikiVer = eregmatch(pattern:">[vV]([0-9.]+)", string:rcvRes);
+    if(telwikiVer[1] != NULL)
+    {
+      set_kb_item(name:"www/" + telwikiPort + "/Telepark.wiki",
+                        value:telwikiVer[1] + " under " + path);
+    }
+  }
+}

Added: trunk/openvas-plugins/scripts/gb_telepark_wiki_mult_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_telepark_wiki_mult_vuln.nasl	2009-12-12 12:41:25 UTC (rev 6130)
+++ trunk/openvas-plugins/scripts/gb_telepark_wiki_mult_vuln.nasl	2009-12-14 08:18:47 UTC (rev 6131)
@@ -0,0 +1,100 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_telpark_wiki_mult_vuln.nasl 5962 2009-12-03 19:24:29Z dec $
+#
+# Telepark.wiki Multiple Vulnerabilities
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801068);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-4087", "CVE-2009-4088", "CVE-2009-4089", "CVE-2009-4090");
+  script_name("Telepark.wiki Multiple Vulnerabilities");
+  desc = "
+  Overview: This host is running Telepark wiki and is prone to multiple
+  vulnerabilities.
+
+  Vulnerability Insight:
+  The multiple flaws are due to:
+  - An input appended to the URL after 'index.php' is not properly sanitised
+    before being returned to the user.
+  - An improper authentication verification error in '/ajax/deletePage.php'
+    can be exploited to delete pages without any user credentials.
+  - An improper authentication verification error in '/ajax/deleteComment.php'
+    can be exploited to delete comments without any user credentials.
+  - An input passed via various parameters to multiple scripts is not properly verified
+    before being used to include files.
+  - An error in the '/ajax/addComment.php' script not properly verifying uploaded
+    files.
+
+  Impact:
+  Successful exploitation will allow remote attackers to conduct cross-site
+  scripting attacks, bypass certain security restrictions, disclose sensitive
+  information, and compromise a vulnerable system.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  Telepark.wiki version prior to 2.4.25 on all platforms
+
+  Fix: Upgrade to Telepark.wiki version 2.4.25 or later,
+  http://www.telepark.com/Products/telepark-wiki/Download/
+
+  References:
+  http://secunia.com/advisories/37391
+  http://xforce.iss.net/xforce/xfdb/54327
+  http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt
+
+  CVSS Score:
+    CVSS Base Score      : 6.8 (AV:N/AC:M/Au:NR/C:P/I:P/A:P)
+    CVSS Temporal Score  : 5.3
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Check for the version of Telepark.wiki");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
+  script_family("Web application abuses");
+  script_dependencies("gb_telepark_wiki_detect.nasl");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+twikiPort = get_http_port(default:80);
+if(!twikiPort){
+  exit(0);
+}
+
+twikiVer = get_kb_item("www/" + twikiPort + "/Telepark.wiki");
+twikiVer = eregmatch(pattern:"^(.+) under (/.*)$", string:twikiVer);
+if(twikiVer[1] != NULL)
+{
+  if(version_is_less(version:twikiVer[1], test_version:"2.4.25")){
+    security_hole(twikiPort);
+  }
+}
+

Added: trunk/openvas-plugins/scripts/gb_testlink_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_testlink_detect.nasl	2009-12-12 12:41:25 UTC (rev 6130)
+++ trunk/openvas-plugins/scripts/gb_testlink_detect.nasl	2009-12-14 08:18:47 UTC (rev 6131)
@@ -0,0 +1,69 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_testlink_detect.nasl 6184 2009-12-11 17:25:36Z dec $
+#
+# Testlink Version Detection
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801085);
+  script_version("Revision: 1.0 ");
+  script_name("Testlink Version Detection");
+  desc = "
+  Overview: This script finds the installed Testlink version and saves the
+  result in KB.
+
+  Risk factor: Informational";
+
+  script_description(desc);
+  script_summary("Set the version of Testlink in KB");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
+  script_family("Service detection");
+  script_dependencies("find_service.nes");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+
+tlPort = get_http_port(default:80);
+if(!tlPort){
+  exit(0);
+}
+
+foreach path (make_list("/", "/testlink", "/Testlink", cgi_dirs()))
+{
+  sndReq = http_get(item:string(path, "/login.php"), port:tlPort);
+  rcvRes = http_send_recv(port:tlPort, data:sndReq);
+  if("TestLink" >< rcvRes && (rcvRes != NULL))
+  {
+    tlVer = eregmatch(pattern:"TestLink ([0-9.]+)" , string:rcvRes);
+    if(tlVer[1] != NULL)
+    {
+      set_kb_item(name:"www/" + tlPort + "/TestLink",
+           value:tlVer[1] + " under " + path);
+    }
+  }
+}

Added: trunk/openvas-plugins/scripts/gb_testlink_xss_n_sql_inj_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_testlink_xss_n_sql_inj_vuln.nasl	2009-12-12 12:41:25 UTC (rev 6130)
+++ trunk/openvas-plugins/scripts/gb_testlink_xss_n_sql_inj_vuln.nasl	2009-12-14 08:18:47 UTC (rev 6131)
@@ -0,0 +1,111 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_testlink_xss_sql_inje_vuln.nasl 6184 2009-12-11 18:11:27Z dec $
+#
+# TestLink Cross Site Scripting and SQL Injection Vulnerabilities
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801086);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-4237","CVE-2009-4238");
+  script_bugtraq_id(37258);
+  script_name("TestLink Cross Site Scripting and SQL Injection Vulnerabilities");
+  desc = "
+  Overview: The host is running TestLink and is prone to Cross Site Scripting
+  and SQL Injection Vulnerabilities.
+
+  Vulnerability Insight:
+  These flaws are due to an improper validation of user supplied input in the req
+  parameter to 'login.php' inside the key parameter for 'ib/general/staticPage.php',
+  inside the 'tableName' parameter for 'lib/attachments/attachmentupload.php', and
+  inside the 'startDate', 'endDate', 'logLevel' parameter for
+  'lib/events/eventviewer.php'.
+
+  Impact:
+  Successful exploitation could allow remote attackers to steal cookie-based
+  authentication credentials, compromise the application, access or modify data,
+  or exploit latest vulnerabilities in the underlying database.
+
+  Impact Level: Network/Application.
+
+  Affected Software/OS:
+  TestLink version prior to 1.8.5 on all running platform.
+
+  Fix: Upgrade to TestLink version 1.8.5 or later,
+  For updates refer, http://sourceforge.net/projects/testlink/files
+
+  References:
+  http://archives.neohapsis.com/archives/fulldisclosure/current/0221.html
+  http://www.teamst.org/index.php?option=com_content&task=view&id=84&Itemid=2
+  http://www.coresecurity.com/content/testlink-multiple-injection-vulnerabilities
+
+  CVSS Score:
+   CVSS Base Score       : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P)
+   CVSS Temporal Score   : 5.9
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Check for the version of TestLink");
+  script_category(ACT_MIXED_ATTACK);
+  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
+  script_dependencies("gb_testlink_detect.nasl");
+  script_family("Web application abuses");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+tlPort = get_http_port(default:80);
+if(!tlPort){
+  exit(0);
+}
+
+tlVer = get_kb_item("www/" + tlPort + "/TestLink");
+if(!tlVer){
+  exit(0);
+}
+
+tlVer = eregmatch(pattern:"^(.+) under (/.*)$", string:tlVer);
+if(!safe_checks() && tlVer[2] != NULL)
+{
+  request = http_get(item:tlVer[2] + "/login.php?req=%22%3E%3Ciframe%20src" +
+                     "=%27OpenVAS-XSS%27%20width=%27100%%27height=%27300%2" +
+                     "7%3E%3C/iframe%3E", port:tlPort);
+  response = http_send_recv(port:tlPort, data:request);
+  if("src='OpenVAS-XSS" >< response)
+  {
+    security_hole(tlPort);
+    exit(0);
+  }
+}
+
+if(tlVer[1] != NULL)
+{
+  if(version_is_less(version:tlVer[1], test_version:"1.8.5")){
+    security_hole(tlPort);
+  }
+}

Added: trunk/openvas-plugins/scripts/secpod_ms09-074.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms09-074.nasl	2009-12-12 12:41:25 UTC (rev 6130)
+++ trunk/openvas-plugins/scripts/secpod_ms09-074.nasl	2009-12-14 08:18:47 UTC (rev 6131)
@@ -0,0 +1,122 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_ms09-074.nasl  2009-12-10 03:48:09Z dec $
+#
+# Microsoft Office Project Remote Code Execution Vulnerability (967183)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(901069);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-0102");
+  script_name("Microsoft Office Project Remote Code Execution Vulnerability (967183)");
+  desc = "
+  Overview: This host has critical security update missing according to
+  Microsoft Bulletin MS09-074.
+
+  Vulnerability Insight:
+  This issue is caused due to application not properly validating resource allocations
+  when opening Project files.
+
+  Impact:
+  Successful exploitation will let the remote attackers to crash an affected
+  application or execute arbitrary code by tricking a user into opening a
+  specially crafted document.
+
+  Impact Level: System/Apllication
+
+  Affected Software/OS:
+  Microsoft Project 2002 Service Pack 1
+  Microsoft Project 2000 Service Release 1
+  Microsoft Office Project 2003 Service Pack 3
+
+  Fix:
+  Run Windows Update and update the listed hotfixes or download and
+  update mentioned hotfixes in the advisory from the below link.
+  http://www.microsoft.com/technet/security/bulletin/ms09-074.mspx
+
+  References:
+  http://support.microsoft.com/kb/961083
+  http://support.microsoft.com/kb/961079
+  http://support.microsoft.com/kb/961082
+  http://www.vupen.com/english/advisories/2009/3439
+  http://www.microsoft.com/technet/security/bulletin/MS09-074.mspx
+
+  Risk factor: Critical";
+
+  script_description(desc);
+  script_summary("Check for the version of Atlconv.dll file");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 SecPod");
+  script_family("Windows : Microsoft Bulletins");
+  script_dependencies("secpod_reg_enum.nasl");
+  script_require_ports(139, 445);
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+# MS09-074 Hotfix check
+if((hotfix_missing(name:"961082") == 0) || (hotfix_missing(name:"961083") == 0)
+   || (hotfix_missing(name:"961079") == 0)){
+   exit(0);
+}
+
+
+function find_version(filepath)
+{
+  share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:filepath);
+  file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:filepath);
+  dllVer = GetVer(file:file, share:share);
+  return dllVer;
+}
+
+dllPath = registry_get_sz(key:"SOFTWARE\Microsoft\Windows" +
+                         "\CurrentVersion", item:"ProgramFilesDir");
+if(!dllPath){
+  exit(0);
+}
+
+foreach path (make_list("\MS Project",
+                        "\Microsoft Office Project",
+                        "\Microsoft Office Project 10",
+                        "\Microsoft Office Project 9",
+                        "\Microsoft Office Project 11"))
+{
+  Ver = find_version(filepath:dllPath + "\Common Files\Microsoft Shared"
+                              + path + "\ATLCONV.DLL");
+  if(Ver)
+  {
+    # Grep for ATLCONV.DLL version <  9.0.2001.1109, 10.0.2108.2216,11.3.2008.1717
+    if(version_in_range(version:Ver, test_version:"9.0", test_version2:"9.0.2001.1108") ||
+       version_in_range(version:Ver, test_version:"10.0", test_version2:"10.0.2108.2215") ||
+       version_in_range(version:Ver, test_version:"11.0", test_version2:"11.3.2008.1716")){
+       security_hole(0);
+       exit(0);
+    }
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_ms09-074.nasl
___________________________________________________________________
Name: svn:executable
   + *



More information about the Openvas-commits mailing list