[Openvas-commits] r3312 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Mon May 11 08:41:13 CEST 2009


Author: chandra
Date: 2009-05-11 08:41:11 +0200 (Mon, 11 May 2009)
New Revision: 3312

Added:
   trunk/openvas-plugins/scripts/gb_adobe_fms_detect.nasl
   trunk/openvas-plugins/scripts/gb_adobe_fms_prv_esc_vuln.nasl
   trunk/openvas-plugins/scripts/gb_adobe_reader_dos_vuln_may09_lin.nasl
   trunk/openvas-plugins/scripts/gb_adobe_reader_dos_vuln_may09_win.nasl
   trunk/openvas-plugins/scripts/gb_foswiki_csrf_vuln.nasl
   trunk/openvas-plugins/scripts/gb_foswiki_detect.nasl
   trunk/openvas-plugins/scripts/gb_ibm_db2_info_disc_vuln_lin.nasl
   trunk/openvas-plugins/scripts/gb_ibm_db2_info_disc_vuln_win.nasl
   trunk/openvas-plugins/scripts/gb_merak_mail_server_bof_vuln.nasl
   trunk/openvas-plugins/scripts/gb_twiki_csrf_vuln.nasl
   trunk/openvas-plugins/scripts/gb_twiki_detect.nasl
   trunk/openvas-plugins/scripts/gb_wordpress_mult_vuln_may09.nasl
   trunk/openvas-plugins/scripts/gb_wordpressmu_xss_vuln_apr09.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/secpod_ibm_db2_detect_win_900218.nasl
   trunk/openvas-plugins/scripts/secpod_wordpress_detect_900182.nasl
   trunk/openvas-plugins/scripts/secpod_wordpress_php_code_exec_vuln_900183.nasl
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2009-05-10 17:03:43 UTC (rev 3311)
+++ trunk/openvas-plugins/ChangeLog	2009-05-11 06:41:11 UTC (rev 3312)
@@ -1,3 +1,24 @@
+2009-05-11 Chandrashekhar B <bchandra at secpod.com>
+	* scripts/gb_ibm_db2_info_disc_vuln_lin.nasl,
+	scripts/gb_twiki_csrf_vuln.nasl,
+	scripts/gb_foswiki_detect.nasl,
+	scripts/gb_adobe_reader_dos_vuln_may09_lin.nasl,
+	scripts/gb_adobe_fms_prv_esc_vuln.nasl,
+	scripts/gb_merak_mail_server_bof_vuln.nasl,
+	scripts/gb_foswiki_csrf_vuln.nasl,
+	scripts/gb_ibm_db2_info_disc_vuln_win.nasl,
+	scripts/gb_wordpressmu_xss_vuln_apr09.nasl,
+	scripts/gb_adobe_reader_dos_vuln_may09_win.nasl,
+	scripts/gb_twiki_detect.nasl,
+	scripts/gb_adobe_fms_detect.nasl,
+	scripts/gb_wordpress_mult_vuln_may09.nasl:
+	Added new plugins
+
+	* scripts/secpod_wordpress_php_code_exec_vuln_900183.nasl,
+	scripts/secpod_wordpress_detect_900182.nasl,
+	scripts/secpod_ibm_db2_detect_win_900218.nasl:
+	Modified to detect latest versions
+
 2009-05-10 Michael Meyer <mime at gmx.de>
 	* scripts/GlassFish_34824.nasl,
 	scripts/realty_web_base_detect.nasl,

Added: trunk/openvas-plugins/scripts/gb_adobe_fms_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_adobe_fms_detect.nasl	2009-05-10 17:03:43 UTC (rev 3311)
+++ trunk/openvas-plugins/scripts/gb_adobe_fms_detect.nasl	2009-05-11 06:41:11 UTC (rev 3312)
@@ -0,0 +1,69 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_adobe_fms_detect.nasl 2107 2009-05-04 15:56:14Z may $
+#
+# Adobe Flash Media Server Detection
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800559);
+  script_version("Revision: 1.0");
+  script_name(english:"Adobe Flash Media Server Detection");
+  desc["english"] = "
+
+  Overview: This script detects the version of Adobe Flash Media Server and
+  sets the result in the KB.
+
+  Risk factor: Informational";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the Version of Adobe Flash Media Server");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+  script_family(english:"Service detection");
+  script_dependencies("http_version.nasl");
+  script_require_ports("Services/www", 1111);
+  exit(0);
+}
+
+
+include("http_func.inc");
+
+fmsPort = get_http_port(default:1111);
+if(!fmsPort){
+  fmsPort = 1111;
+}
+
+if(!get_port_state(fmsPort)){
+  exit(0);
+}
+
+sndReq = string("GET / HTTP/1.1 \r\n\r\n");
+rcvRes = http_send_recv(port:fmsPort, data:sndReq);
+if("FlashCom" >< rcvRes)
+{
+  fmsVer = eregmatch(pattern:"FlashCom/([0-9.]+)", string:rcvRes);
+  if(fmsVer[1] != NULL){
+    set_kb_item(name:"www/" + fmsPort + "/Adobe/FMS", value:fmsVer[1]);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_adobe_fms_detect.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_adobe_fms_prv_esc_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_adobe_fms_prv_esc_vuln.nasl	2009-05-10 17:03:43 UTC (rev 3311)
+++ trunk/openvas-plugins/scripts/gb_adobe_fms_prv_esc_vuln.nasl	2009-05-11 06:41:11 UTC (rev 3312)
@@ -0,0 +1,90 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_adobe_fms_prv_esc_vuln.nasl 2107 04-05-2009 18:12:53Z may $
+#
+# Adobe Flash Media Server Privilege Escalation Vulnerability
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800560);
+  script_version("Revision: 1.0");
+  script_cve_id("CVE-2009-1365");
+  script_bugtraq_id(34790);
+  script_name(english:"Adobe Flash Media Server Privilege Escalation Vulnerability");
+  desc["english"] = "
+
+  Overview: This host has Adobe Flash Media Server installed and is prone to
+  Privilege Escalation vulnerability.
+
+  Vulnerability Insight:
+  This flaw is caused while executing RPC calls made to an ActionScript file
+  running under Flash Media Server.
+
+  Impact:
+  Successful attack could result in execution of crafted RPC Calls to the
+  ActionScript file and cause injection of remote procedures into the context
+  of the affected system.
+
+  Impact Level: System
+
+  Affected Software/OS:
+  Adobe Flash Media Server before 3.0.4, 3.5.x before 3.5.2 on all platforms.
+
+  Fix: Upgrade to Adobe Flash Media Server 3.5.2 or 3.0.4 or greater.
+  http://www.adobe.com/downloads
+
+  References:
+  http://www.adobe.com/support/security/bulletins/apsb09-05.html
+
+  CVSS Score:
+    CVSS Base Score     : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P)
+    CVSS Temporal Score : 5.5
+  Risk factor: High";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of Adobe Flash Media Server");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+  script_family(english:"Privilege escalation");
+  script_dependencies("gb_adobe_fms_detect.nasl");
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+mediaPort = get_http_port(default:1111);
+if(!mediaPort){
+  exit(0);
+}
+
+fmsVer = get_kb_item("www/" + mediaPort + "/Adobe/FMS");
+if(fmsVer == NULL){
+  exit(0);
+}
+
+if(version_in_range(version:fmsVer, test_version:"3.5", test_version2:"3.5.1")||
+    version_is_less(version:fmsVer, test_version:"3.0.4")){
+  security_hole(mediaPort);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_adobe_fms_prv_esc_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_adobe_reader_dos_vuln_may09_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_adobe_reader_dos_vuln_may09_lin.nasl	2009-05-10 17:03:43 UTC (rev 3311)
+++ trunk/openvas-plugins/scripts/gb_adobe_reader_dos_vuln_may09_lin.nasl	2009-05-11 06:41:11 UTC (rev 3312)
@@ -0,0 +1,89 @@
+##############################################i#################################
+# OpenVAS Vulnerability Test
+# $Id: gb_adobe_reader_dos_vuln_may09_lin.nasl 2116 2009-05-04 18:50:29Z may $
+#
+# Adobe Reader Denial of Service Vulnerability (May09)
+#
+# Authors:
+# Sujit Ghosal <sghosal at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800701);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-1493", "CVE-2009-1492");
+  script_bugtraq_id(34740, 34736);
+  script_name(english:"Adobe Reader Denial of Service Vulnerability (May09)");
+  desc["english"] = "
+
+  Overview: This host is installed with Adobe Reader and is prone to
+  Denial of Service vulnerability.
+
+  Vulnerability Insight:
+  These flaws are due to a memory corruption errors in 'customDictionaryOpen'
+  and 'getAnnots' methods in the JavaScript API while processing malicious PDF
+  files with a long string in the second argument.
+
+  Impact:
+  Successful exploitation will let the attacker cause memory corruption or
+  denial of service.
+
+  Impact level: System/Application.
+
+  Affected Software/OS:
+  Adobe Reader version 9.1 and prior on Linux.
+
+  Fix: No solution or patch is available as on 11th May, 2009. Information 
+  regarding this issue will be updated once the solution details are available.  
+  For further updates refer, http://www.adobe.com
+
+  References:
+  http://secunia.com/advisories/34924
+  http://xforce.iss.net/xforce/xfdb/50146
+  http://packetstorm.linuxsecurity.com/0904-exploits/spell.txt
+
+  CVSS Score:
+    CVSS Base Score     : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 8.4
+  Risk factor: Critical";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of Adobe Reader");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+  script_family(english:"Denial of Service");
+  script_dependencies("gb_adobe_prdts_detect_lin.nasl");
+  script_require_keys("Adobe/Reader/Linux/Version");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+readerVer = get_kb_item("Adobe/Reader/Linux/Version");
+readerVer = ereg_replace(pattern:"\_", replace:".", string:readerVer);
+if(readerVer == NULL){
+  exit(0);
+}
+
+# Grep for Adobe Reader version prior to 9.1
+if(version_is_less_equal(version:readerVer, test_version:"9.1")){
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_adobe_reader_dos_vuln_may09_lin.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_adobe_reader_dos_vuln_may09_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_adobe_reader_dos_vuln_may09_win.nasl	2009-05-10 17:03:43 UTC (rev 3311)
+++ trunk/openvas-plugins/scripts/gb_adobe_reader_dos_vuln_may09_win.nasl	2009-05-11 06:41:11 UTC (rev 3312)
@@ -0,0 +1,97 @@
+##############################################i#################################
+# OpenVAS Vulnerability Test
+# $Id: gb_adobe_reader_dos_vuln_may09_lin.nasl 2116 2009-05-04 18:50:29Z may $
+#
+# Adobe Reader/Acrobat Denial of Service Vulnerability (May09) (Win)
+#
+# Authors:
+# Sujit Ghosal <sghosal at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800706);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-1492");
+  script_bugtraq_id(34736);
+  script_name(english:"Adobe Reader/Acrobat Denial of Service Vulnerability (May09)");
+  desc["english"] = "
+
+  Overview: This host is installed with Adobe Reader/Acrobat and is prone to
+  Denial of Service vulnerability.
+
+  Vulnerability Insight:
+  This flaw is due to memory corruption error in 'getAnnots' methods in the
+  JavaScript API while processing malicious PDF files that calls this vulnerable
+  method with crafted integer arguments.
+
+  Impact:
+  Successful exploitation will let the attacker cause memory corruption or
+  denial of service.
+
+  Impact level: System/Application.
+
+  Affected Software/OS:
+  Adobe Reader/Acrobat version 9.1 and prior on Windows.
+
+  Fix: No solution or patch is available as on 11th May, 2009. Information
+  regarding this issue will be updated once the solution details are available.
+  For further updates refer, http://www.adobe.com
+
+  References:
+  http://secunia.com/advisories/34924
+  http://xforce.iss.net/xforce/xfdb/50145
+  http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html
+
+  CVSS Score:
+    CVSS Base Score     : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 8.4
+  Risk factor: Critical";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of Adobe Reader/Acrobat");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+  script_family(english:"Denial of Service");
+  script_dependencies("secpod_adobe_prdts_detect_win.nasl");
+  script_require_keys("Adobe/Reader/Win/Ver", "Adobe/Acrobat/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+readerVer = get_kb_item("Adobe/Reader/Win/Ver");
+acroVer = get_kb_item("Adobe/Acrobat/Win/Ver");
+
+if(readerVer != NULL)
+{
+  # Grep for Adobe Reader version prior to 9.1
+  if(version_is_less_equal(version:readerVer, test_version:"9.1")){
+    security_hole(0);
+  }
+}
+
+if(acroVer != NULL)
+{
+  # Grep for Adobe Acrobat version prior to 9.1
+  if(version_is_less_equal(version:acroVer, test_version:"9.1")){
+    security_hole(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_adobe_reader_dos_vuln_may09_win.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_foswiki_csrf_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_foswiki_csrf_vuln.nasl	2009-05-10 17:03:43 UTC (rev 3311)
+++ trunk/openvas-plugins/scripts/gb_foswiki_csrf_vuln.nasl	2009-05-11 06:41:11 UTC (rev 3312)
@@ -0,0 +1,95 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_foswiki_csrf_vuln.nasl 2120 2009-05-09 17:16:17Z may $
+#
+# Foswiki Cross-Site Request Forgery Vulnerability
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800613);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-1434");
+  script_name(english:"Foswiki Cross-Site Request Forgery Vulnerability");
+  desc["english"] = "
+
+  Overview:
+  The host is running Foswiki and is prone to Cross-Site Request Forgery
+  Vulnerability.
+
+  Vulnerability Insight:
+  An application allowing users to perform certain actions via HTTP requests
+  without performing any validity checks to verify the requests.
+
+  Impact:
+  Successful exploitation will let the attacker to gain administrative
+  privileges on the target application and can cause CSRF attack.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Foswiki version prior to 1.0.5
+
+  Fix: Upgrade to version 1.0.5 or later,
+  http://foswiki.org/Download
+
+  References:
+  http://secunia.com/advisories/34863
+  http://foswiki.org/Support/SecurityAlert-CVE-2009-1434
+
+  CVSS Score:
+    CVSS Base Score     : 6.8 (AV:N/AC:M/Au:NR/C:P/I:P/A:P)
+    CVSS Temporal Score : 5.0
+  Risk factor: Medium";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the Version of Foswiki");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+  script_family(english:"Web application abuses");
+  script_dependencies("gb_foswiki_detect.nasl");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+foswikiPort = get_http_port(default:80);
+
+if(!foswikiPort){
+  exit(0);
+}
+
+foswikiVer = get_kb_item("www/" + foswikiPort + "/Foswiki");
+
+if(foswikiVer != NULL)
+{
+  foswikiVer = eregmatch(pattern:"^(.+) under (/.*)$", string:foswikiVer);
+  if(foswikiVer[1] != NULL)
+  {
+    if(version_is_less(version:foswikiVer[1], test_version:"1.0.5")){
+      security_warning(foswikiPort);
+    }
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_foswiki_csrf_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_foswiki_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_foswiki_detect.nasl	2009-05-10 17:03:43 UTC (rev 3311)
+++ trunk/openvas-plugins/scripts/gb_foswiki_detect.nasl	2009-05-11 06:41:11 UTC (rev 3312)
@@ -0,0 +1,74 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_foswiki_detect.nasl 2120 2009-05-09 15:37:24Z may $
+#
+# Foswiki Version Detection
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800612);
+  script_version("Revision: 1.0");
+  script_name(english:"Foswiki Version Detection");
+  desc["english"] = "
+
+  Overview: This script detects the installed version of Foswiki and
+  sets the result in KB.
+
+  Risk factor: Informational";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Set Version of Foswiki in KB");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+  script_family(english:"Service detection");
+  script_dependencies("find_service.nes", "http_version.nasl");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+
+foswikiPort = get_http_port(default:80);
+
+if(!foswikiPort){
+  foswikiPort = 80;
+}
+
+if(!get_port_state(foswikiPort)){
+  exit(0);
+}
+
+foreach dir (make_list("/foswiki", "/", cgi_dirs()))
+{
+  sndReq = http_get(item:dir + "/bin/view/foswiki/WebHome", port:foswikiPort);
+  rcvRes = http_send_recv(port:foswikiPort, data:sndReq);
+  if("Powered by Foswiki" >< rcvRes )
+  {
+    foswikiVer = eregmatch(pattern:"Foswiki-([0-9.]+),", string:rcvRes);
+    if(foswikiVer[1] != NULL){
+      set_kb_item(name:"www/" + foswikiPort + "/Foswiki", value:foswikiVer[1] +
+                      " under " + dir);
+    }
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_foswiki_detect.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_ibm_db2_info_disc_vuln_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ibm_db2_info_disc_vuln_lin.nasl	2009-05-10 17:03:43 UTC (rev 3311)
+++ trunk/openvas-plugins/scripts/gb_ibm_db2_info_disc_vuln_lin.nasl	2009-05-11 06:41:11 UTC (rev 3312)
@@ -0,0 +1,95 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_ibm_db2_info_disc_vuln_lin.nasl 1465 2009-05-05 17:10:24Z may $
+#
+# IBM DB2 Information Disclosure Vulnerability (Linux)
+#
+# Authors:
+# Sujit Ghosal <sghosal at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800703);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-1239");
+  script_bugtraq_id(34650);
+  script_name(english:"IBM DB2 Information Disclosure Vulnerability (Linux)");
+  desc["english"] = "
+
+  Overview: This host is installed with IBM DB2 and is prone to Information
+  Disclosure Vulnerability.
+
+  Vulnerability Insight:
+  This flaw is due to the 'INNER JOIN' and 'OUTER JOIN' predicate which allows
+  remote attackers to execute arbitrary queries.
+
+  Impact:
+  Successful exploitation will let the attacker gain sensitive information of
+  the affected remote system.
+
+  Impact Level: Application/System
+
+  Affected Software/OS:
+  IBM DB2 Enterprise Server 9.1 before 9.1 FP7.
+  IBM DB2 Workgroup Server 9.1 before 9.1 FP7.
+  IBM DB2 Express Server 9.1 before 9.1 FP7.
+  IBM DB2 Personal Server 9.1 before 9.1 FP7.
+  IBM DB2 Connect Server 9.1 before 9.1 FP7.
+
+  Fix: Apply the security update.
+  http://www-01.ibm.com/support/docview.wss?rs=0&uid=swg24022678
+
+  *****
+  NOTE: Please, ignore the warning if Patch is already applied.
+  *****
+
+  References:
+  http://xforce.iss.net/xforce/xfdb/49864
+  http://www.vupen.com/english/advisories/2009/0912
+  http://www-01.ibm.com/support/docview.wss?uid=swg21381257
+
+  CVSS Score:
+    CVSS Base Score     : 5.0 (AV:N/AC:L/Au:NR/C:P/I:N/A:N)
+    CVSS Temporal Score : 3.7
+  Risk factor: Medium";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the Version of IBM DB2 Servers");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+  script_family(english:"Web application abuses");
+  script_dependencies("secpod_ibm_db2_detect_linux_900217.nasl");
+  script_require_keys("Linux/IBM_db2/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+appVer = get_kb_item("Linux/IBM_db2/Ver");
+if(appVer == NULL){
+  exit(0);
+}
+
+# Check for IBM DB2 Server Products Version 9.1 before 9.1 FP7 (9.1.0.7)
+# version 9.1 FP6 => 9.1.0.6
+if(version_in_range(version:appVer, test_version:"9.1", test_version2:"9.1.0.6")){
+  security_warning(0);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_ibm_db2_info_disc_vuln_lin.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_ibm_db2_info_disc_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ibm_db2_info_disc_vuln_win.nasl	2009-05-10 17:03:43 UTC (rev 3311)
+++ trunk/openvas-plugins/scripts/gb_ibm_db2_info_disc_vuln_win.nasl	2009-05-11 06:41:11 UTC (rev 3312)
@@ -0,0 +1,95 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_ibm_db2_info_disc_vuln_win.nasl 1465 2009-05-05 14:10:24Z may $
+#
+# IBM DB2 Information Disclosure Vulnerability (Win)
+#
+# Authors:
+# Sujit Ghosal <sghosal at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800702);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-1239");
+  script_bugtraq_id(34650);
+  script_name(english:"IBM DB2 Information Disclosure Vulnerability (Win)");
+  desc["english"] = "
+
+  Overview: This host is installed with IBM DB2 and is prone to Information
+  Disclosure Vulnerability.
+
+  Vulnerability Insight:
+  This flaw is due to the 'INNER JOIN' and 'OUTER JOIN' predicate which allows
+  remote attackers to execute arbitrary queries.
+
+  Impact:
+  Successful exploitation will let the attacker gain sensitive information of
+  the affected remote system.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  IBM DB2 Enterprise Server 9.1 before 9.1 FP7.
+  IBM DB2 Workgroup Server 9.1 before 9.1 FP7.
+  IBM DB2 Express Server 9.1 before 9.1 FP7.
+  IBM DB2 Personal Server 9.1 before 9.1 FP7.
+  IBM DB2 Connect Server 9.1 before 9.1 FP7.
+
+  Fix: Apply the security update.
+  http://www-01.ibm.com/support/docview.wss?rs=0&uid=swg24022678
+
+  *****
+  NOTE: Please, ignore the warning if Patch is already applied.
+  *****
+
+  References:
+  http://xforce.iss.net/xforce/xfdb/49864
+  http://www.vupen.com/english/advisories/2009/0912
+  http://www-01.ibm.com/support/docview.wss?uid=swg21381257
+
+  CVSS Score:
+    CVSS Base Score     : 5.0 (AV:N/AC:L/Au:NR/C:P/I:N/A:N)
+    CVSS Temporal Score : 3.7
+  Risk factor: Medium";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the Version of IBM DB2 Servers");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+  script_family(english:"Web application abuses");
+  script_dependencies("secpod_ibm_db2_detect_win_900218.nasl");
+  script_require_keys("Win/IBM-db2/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+appVer = get_kb_item("Win/IBM-db2/Ver");
+if(appVer == NULL){
+  exit(0);
+}
+
+# Check for IBM DB2 Server Products Version 9.1 before 9.1 FP7 (9.1.700.855)
+# version 9.1 FP6a => 9.1.601.768
+if(version_in_range(version:appVer, test_version:"9.1", test_version2:"9.1.601.768")){
+  security_warning(0);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_ibm_db2_info_disc_vuln_win.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_merak_mail_server_bof_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_merak_mail_server_bof_vuln.nasl	2009-05-10 17:03:43 UTC (rev 3311)
+++ trunk/openvas-plugins/scripts/gb_merak_mail_server_bof_vuln.nasl	2009-05-11 06:41:11 UTC (rev 3312)
@@ -0,0 +1,87 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_merak_mail_server_bof_vuln.nasl 2137 2009-05-07 15:21:13Z may $
+#
+# Merak Mail Server Stack Overflow Vulnerability
+#
+# Authors:
+# Sujit Ghosal <sghosal at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800705);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-1516");
+  script_bugtraq_id(34739);
+  script_name(english:"Merak Mail Server Stack Overflow Vulnerability");
+  desc["english"] = "
+
+  Overview: The host is running Merak Mail Server and is prone to Stack
+  Overflow vulnerability.
+
+  Vulnerability:
+  This flaw is due to IceWarpServer.APIObject ActiveX Control in api.dll
+  which allows context-dependent attackers to execute large value in the
+  second argument to Base64FileEncode function.
+
+  Impact:
+  Successful exploitation will enable the attacker cause arbitrary code
+  execution in the context of the affected mail server.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Merak Mail Server 9.4.1 or prior.
+
+  Fix: No solution or patch is available as on 11th May, 2009. Information
+  regarding this issue will be updated once the solution details are available.
+  For further updates refer,
+  http://www.icewarp.it/downloads/windows_platform/index.php
+  http://www.icewarp.it/downloads/linux_platform/index.php
+
+  References:
+  http://www.milw0rm.com/exploits/8542
+
+  CVSS Score:
+    CVSS Base Score     : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P)
+    CVSS Temporal Score : 6.7
+  Risk factor: High";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of Merak Mail Server");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+  script_family(english:"Buffer overflow");
+  script_dependencies("gb_merak_mail_server_detect.nasl");
+  script_require_keys("MerakMailServer/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+merakVer = get_kb_item("MerakMailServer/Ver");
+if(merakVer == NULL){
+  exit(0);
+}
+
+if(version_is_less_equal(version:merakVer, test_version:"9.4.1")){
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_merak_mail_server_bof_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_twiki_csrf_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_twiki_csrf_vuln.nasl	2009-05-10 17:03:43 UTC (rev 3311)
+++ trunk/openvas-plugins/scripts/gb_twiki_csrf_vuln.nasl	2009-05-11 06:41:11 UTC (rev 3312)
@@ -0,0 +1,91 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_twiki_csrf_vuln.nasl 2120 2009-05-06 17:16:17Z may $
+#
+# TWiki Cross-Site Request Forgery Vulnerability
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800400);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-1339");
+  script_name(english:"TWiki Cross-Site Request Forgery Vulnerability");
+  desc["english"] = "
+
+  Overview: The host is running TWiki and is prone to Cross-Site Request
+  Forgery Vulnerability.
+
+  Vulnerability Insight:
+  Remote authenticated user can create a specially crafted image tag that,
+  when viewed by the target user, will update pages on the target system
+  with the privileges of the target user via HTTP requests.
+
+  Impact:
+  Successful exploitation will let the attacker to gain administrative
+  privileges on the target application and can cause CSRF attack.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  TWiki version prior to 4.3.1
+
+  Fix: Upgrade to version 4.3.1 or later,
+  http://twiki.org/cgi-bin/view/Codev/DownloadTWiki
+
+  References:
+  http://secunia.com/advisories/34880
+  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526258
+  http://twiki.org/p/pub/Codev/SecurityAlert-CVE-2009-1339/TWiki-4.3.0-c-diff-cve-2009-1339.txt
+
+  CVSS Score:
+    CVSS Base Score     : 6.8 (AV:N/AC:M/Au:NR/C:P/I:P/A:P)
+    CVSS Temporal Score : 5.0
+  Risk factor: Medium";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the Version of TWiki");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+  script_family(english:"Web application abuses");
+  script_dependencies("gb_twiki_detect.nasl");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+twikiPort = get_http_port(default:80);
+if(!twikiPort){
+  exit(0);
+}
+
+twikiVer = get_kb_item("www/" + twikiPort + "/TWiki");
+twikiVer = eregmatch(pattern:"^(.+) under (/.*)$", string:twikiVer);
+if(twikiVer[1] != NULL)
+{
+  if(version_is_less(version:twikiVer[1], test_version:"4.3.1")){
+    security_warning(twikiPort);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_twiki_csrf_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_twiki_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_twiki_detect.nasl	2009-05-10 17:03:43 UTC (rev 3311)
+++ trunk/openvas-plugins/scripts/gb_twiki_detect.nasl	2009-05-11 06:41:11 UTC (rev 3312)
@@ -0,0 +1,74 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_twiki_detect.nasl 2120 2009-05-06 15:37:24Z may $
+#
+# TWiki Version Detection
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800399);
+  script_version("Revision: 1.0");
+  script_name(english:"TWiki Version Detection");
+  desc["english"] = "
+
+  Overview: This script detects the installed version of TWiki and
+  sets the result in KB.
+
+  Risk factor: Informational";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Set Version of TWiki in KB");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+  script_family(english:"Service detection");
+  script_dependencies("find_service.nes", "http_version.nasl");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+
+twikiPort = get_http_port(default:80);
+if(!twikiPort){
+  twikiPort = 80;
+}
+
+if(!get_port_state(twikiPort)){
+  exit(0);
+}
+
+foreach dir (make_list("/twiki", "/", cgi_dirs()))
+{
+  sndReq = http_get(item:dir + "/bin/view/TWiki/WebHome", port:twikiPort);
+  rcvRes = http_send_recv(port:twikiPort, data:sndReq);
+
+  if("Powered by TWiki" >< rcvRes )
+  {
+    twikiVer = eregmatch(pattern:"TWiki-([0-9.]+),", string:rcvRes);
+    if(twikiVer[1] != NULL){
+      set_kb_item(name:"www/" + twikiPort + "/TWiki", value:twikiVer[1] +
+                       " under " + dir);
+    }
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_twiki_detect.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_wordpress_mult_vuln_may09.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_mult_vuln_may09.nasl	2009-05-10 17:03:43 UTC (rev 3311)
+++ trunk/openvas-plugins/scripts/gb_wordpress_mult_vuln_may09.nasl	2009-05-11 06:41:11 UTC (rev 3312)
@@ -0,0 +1,95 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_wordpress_mult_vuln_may09.nasl 2025 2009-05-06 14:15:12Z may $
+#
+# Wordpress Multiple Vulnerabilities
+#
+# Authors:
+# Sujit Ghosal <sghosal at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800704);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2008-6767", "CVE-2008-6762");
+  script_name(english:"Wordpress Multiple Vulnerabilities");
+  desc["english"] = "
+
+  Overview: This host has Wordpress installed and is prone to Multiple
+  Vulnerabilities.
+
+  Vulnerability Insight:
+  Multiple flaws are due to lack of sanitization in user supplied data which
+  can be exploited through 'wp-admin/upgrade.php' via a direct request and
+  'wp-admin/upgrade.php' via a URL in the backto parameter.
+
+  Impact:
+  Attackers can exploit this issue to causes denial of service or to redirect
+  the URL to any malicious website and conduct phishing attacks.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Wordpress version 2.6.x
+
+  Fix: Upgrade your wordpress to the latest version 2.7.1
+  http://wordpress.org
+
+  References:
+  http://osvdb.org/52213
+  http://archives.neohapsis.com/archives/bugtraq/2008-12/0226.html
+
+  CVSS Score:
+    CVSS Base Score     : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 7.8
+  Risk factor: High";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of Wordpress");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+  script_family(english:"Web application abuses");
+  script_dependencies("secpod_wordpress_detect_900182.nasl");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("version_func.inc");
+include("http_func.inc");
+
+wordpressPort = get_http_port(default:80);
+if(!wordpressPort){
+  exit(0);
+}
+
+if(!get_port_state(wordpressPort)){
+  exit(0);
+}
+
+version = get_kb_item("www/" + wordpressPort + "/WordPress");
+version = eregmatch(pattern:"^(.+) under (/.*)$", string:version);
+if(version[1] == NULL){
+  exit(0);
+}
+
+if(version_in_range(version:version[1], test_version:"2.6", test_version2:"2.6.3")){
+  security_hole(wordpressPort);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_wordpress_mult_vuln_may09.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_wordpressmu_xss_vuln_apr09.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpressmu_xss_vuln_apr09.nasl	2009-05-10 17:03:43 UTC (rev 3311)
+++ trunk/openvas-plugins/scripts/gb_wordpressmu_xss_vuln_apr09.nasl	2009-05-11 06:41:11 UTC (rev 3312)
@@ -0,0 +1,91 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_wordpressmu_xss_vuln_apr09.nasl 1069 2009-04-23 15:31:09Z apr $
+#
+# WordPress MU Cross-Site Scripting Vulnerability - Apr09
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800376);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-1030");
+  script_bugtraq_id(34075);
+  script_name(english:"WordPress MU Cross-Site Scripting Vulnerability - Apr09");
+  desc["english"] = "
+
+  Overview: The host is running WordPress MU and is prone to Cross-Site
+  Scripting Vulnerability.
+
+  Vulnerability Insight:
+  The vulnerability is due to improper validation of user supplied input in
+  'wp-includes/wpmu-functions.php' for choose_primary_blog function.
+
+  Impact:
+  Successful exploitation will let the attacker execute malicious crafted
+  HTTP headers and conduct cross site scripting attacks to gain administrative
+  privileges into the affected web application.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  WordPress MU before 2.7 on all running platform.
+
+  Fix: Update to Version 2.7
+  http://mu.wordpress.org/download
+
+  References:
+  http://www.milw0rm.com/exploits/8196
+  http://xforce.iss.net/xforce/xfdb/49184
+  http://securitytracker.com/alerts/2009/Mar/1021838.html
+
+  CVSS Score:
+    CVSS Base Score     : 4.3 (AV:N/AC:M/Au:NR/C:N/I:P/A:N)
+    CVSS Temporal Score : 3.4
+  Risk factor: Medium";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the Version of WordPress MU");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+  script_family(english:"Web application abuses");
+  script_dependencies("secpod_wordpress_detect_900182.nasl");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+include("http_func.inc");
+include("version_func.inc");
+
+wpmuPort = get_http_port(default:80);
+if(!wpmuPort){
+  exit(0);
+}
+
+wpmuVer = get_kb_item("www/" + wpmuPort + "/WordPress-Mu");
+wpmuVer = eregmatch(pattern:"^(.+) under (/.*)$", string:wpmuVer);
+if(wpmuVer[1] != NULL)
+{
+  if(version_is_less(version:wpmuVer[1], test_version:"2.7")){
+    security_warning(wpmuPort);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_wordpressmu_xss_vuln_apr09.nasl
___________________________________________________________________
Name: svn:executable
   + *

Modified: trunk/openvas-plugins/scripts/secpod_ibm_db2_detect_win_900218.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ibm_db2_detect_win_900218.nasl	2009-05-10 17:03:43 UTC (rev 3311)
+++ trunk/openvas-plugins/scripts/secpod_ibm_db2_detect_win_900218.nasl	2009-05-11 06:41:11 UTC (rev 3312)
@@ -6,18 +6,21 @@
 #
 #  Date Written: 2008/09/12
 #
-#  Revision: 1.1 
+#  Modified by: Sujit Ghosal (sghosal at secpod.com) #1465
+#  Date: 5th May 2009
 #
+#  Revision: 1.2
+#
 #  Log: veerendragg
 #  Issue #0187
 #  ------------------------------------------------------------------------
-#  This program was written by SecPod and is licensed under the GNU GPL 
+#  This program was written by SecPod and is licensed under the GNU GPL
 #  license. Please refer to the below link for details,
 #  http://www.gnu.org/licenses/gpl.html
-#  This header contains information regarding licensing terms under the GPL, 
-#  and information regarding obtaining source code from the Author. 
-#  Consequently, pursuant to section 3(c) of the GPL, you must accompany the 
-#  information found in this header with any distribution you make of this 
+#  This header contains information regarding licensing terms under the GPL,
+#  and information regarding obtaining source code from the Author.
+#  Consequently, pursuant to section 3(c) of the GPL, you must accompany the
+#  information found in this header with any distribution you make of this
 #  Program.
 #  ------------------------------------------------------------------------
 ##############################################################################
@@ -26,129 +29,41 @@
 {
  script_id(900218);
  script_copyright(english:"Copyright (C) 2008 SecPod");
- script_version("Revision: 1.1 ");
+ script_version("Revision: 1.2 ");
  script_category(ACT_GATHER_INFO);
- script_family(english:"General");
+ script_family(english:"Service detection");
  script_name(english:"IBM DB2 Server Detection (Windows)");
  script_summary(english:"Set KB for IBM DB2 Server");
  desc["english"] = "
  This script detects the version of IBM DB2 Server and saves the
  results in KB.
- 
+
  Risk factor : Informational";
 
  script_description(english:desc["english"]);
  script_dependencies("secpod_reg_enum.nasl");
- script_require_keys("SMB/WindowsVersion"); 
+ script_require_keys("SMB/WindowsVersion");
  exit(0);
 }
 
 
- include("smb_nt.inc");
- include("secpod_smb_func.inc");
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
 
- name   =  kb_smb_name();
- login  =  kb_smb_login();
- pass   =  kb_smb_password();
- domain =  kb_smb_domain();
- port   =  kb_smb_transport();
- 
- if(!port){
-	port = 139;
- }
- 
- if(!get_port_state(port)){
-	exit(0);
- }
- 
- soc = open_sock_tcp(port);
- if(!soc){
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+foreach item (registry_enum_keys(key:key))
+{
+  if(registry_get_sz(key:key + item, item:"Publisher") =~ "IBM")
+  {
+    appName = registry_get_sz(item:"DisplayName", key:key + item);
+    if("DB2" >< appName)
+    {
+      appVer = registry_get_sz(key:key + item, item:"DisplayVersion");
+      if(appVer != NULL)
+      {
+        set_kb_item(name:"Win/IBM-db2/Ver", value:appVer);
         exit(0);
- }
-
- r = smb_session_request(soc:soc, remote:name);
- if(!r)
- {
-        close(soc);
-        exit(0);
- }
-
- prot = smb_neg_prot(soc:soc);
- if(!prot)
- {
-        close(soc);
-        exit(0);
- }
-
- r = smb_session_setup(soc:soc, login:login, password:pass,
-                       domain:domain, prot:prot);
- if(!r)
- {
-        close(soc);
-        exit(0);
- }
-
-
- uid = session_extract_uid(reply:r);
- r = smb_tconx(soc:soc, name:name, uid:uid, share:"IPC$");
-
- tid = tconx_extract_tid(reply:r);
- if(!tid)
- {
-        close(soc);
-        exit(0);
- }
-
- r = smbntcreatex(soc:soc, uid:uid, tid:tid, name:"\winreg");
- if(!r)
- {
-        close(soc);
-        exit(0);
- }
-
- pipe = smbntcreatex_extract_pipe(reply:r);
- if(!pipe)
- {
-        close(soc);
-        exit(0);
- }
-
- r = pipe_accessible_registry(soc:soc, uid:uid, tid:tid, pipe:pipe);
- if(!r)
- {
-        close(soc);
-        exit(0);
- }
-
- handle = registry_open_hklm(soc:soc, uid:uid, tid:tid, pipe:pipe);
- if(!handle)
- {
-        close(soc);
-        exit(0);
- }
-
- key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
- key_h = registry_get_key(soc:soc, uid:uid, tid:tid, pipe:pipe,
-                          key:key, reply:handle);
- if(!key_h)
- {
-        close(soc);
-        exit(0);
- }
-
- enumKeys = registry_enum_key(soc:soc, uid:uid, tid:tid, pipe:pipe, reply:key_h);
- close(soc);
-
- foreach entry (enumKeys)
- {
-        appName = registry_get_sz(item:"DisplayName", key:key + entry); 
-        if("DB2 Enterprise Server Edition" >< appName)
-        {
-                ibmdbVer = registry_get_sz(item:"DisplayVersion", 
-                                           key:key + entry);
-                if(ibmdbVer){
-                        set_kb_item(name:"Win/IBM-db2/Ver", value:ibmdbVer);
-                }
-                exit(0);
-        }
- }
+      }
+    }exit(0);
+  }
+}

Modified: trunk/openvas-plugins/scripts/secpod_wordpress_detect_900182.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_wordpress_detect_900182.nasl	2009-05-10 17:03:43 UTC (rev 3311)
+++ trunk/openvas-plugins/scripts/secpod_wordpress_detect_900182.nasl	2009-05-11 06:41:11 UTC (rev 3312)
@@ -26,11 +26,11 @@
 if(description)
 {
   script_id(900182);
-  script_version("Revision: 1.0 ");
+  script_version("Revision: 1.1 ");
   script_name(english:"WordPress Version Detection");
   desc["english"] = "
   Overview : This script finds the installed WordPress Version and saves the
-  version in KB.
+  result in KB.
 
   Risk factor : Informational";
 
@@ -46,29 +46,49 @@
 
 
 include("http_func.inc");
-include("http_keepalive.inc");
 
-port = get_http_port(default:80);
-if(!get_port_state(port)){
-  exit(0);
+wpPort = get_kb_item("Services/www");
+if(!wpPort){
+  wpPort = 80;
 }
 
-foreach dir (make_list("/wordpress", cgi_dirs()))
+if(get_port_state(wpPort))
 {
-  sndReq = http_get(item:string(dir,"/index.php"), port:port);
-  rcvRes = http_keepalive_send_recv(port:port, data:sndReq);
-  
-  if(rcvRes == NULL){
-    exit(0);
-  }
+  foreach dir (make_list("/blog", "/wordpress", cgi_dirs()))
+  {
+    sndReq = http_get(item:string(dir, "/index.php HTTP/1.0 \r\n\r\n"), port:wpPort);
+    rcvRes = http_send_recv(port:wpPort, data:sndReq);
+    if(!egrep(pattern:"WordPress", string:rcvRes))
+    {
+      sndReq = string("GET " + dir + "/index.php \r\n\r\n");
+      rcvRes = http_send_recv(port:wpPort, data:sndReq);
 
-  if(egrep(pattern:"^HTTP/.* 200 OK", string:rcvRes) &&
-     egrep(pattern:"WORDPRESS", string:rcvRes,icase:TRUE))
-  {
-    wpVer = eregmatch(pattern:"WordPress ([0-9.]+)", string:rcvRes);
-    if(wpVer[1] != NULL){
-      set_kb_item(name:"WordPress/Version", value:wpVer[1]);
     }
-    exit(0);
+
+    if(rcvRes != NULL && rcvRes =~ "</html>")
+    {
+      wpName = egrep(pattern:"WordPress", string:rcvRes);
+      wpmuName = egrep(pattern:"WordPress Mu", string:rcvRes);
+
+      if(wpName && !wpmuName)
+      {
+        wpVer = eregmatch(pattern:"WordPress ([0-9]\.[0-9.]+)", string:rcvRes);
+        if(wpVer[1] != NULL)
+        {
+          set_kb_item(name:"www/" + wpPort + "/WordPress", value:wpVer[1] +
+                           " under " + dir);
+        }
+      }
+
+      if(wpmuName)
+      {
+        wpmuVer = eregmatch(pattern:"WordPress ([0-9]\.[0-9.]+)", string:rcvRes);
+        if(wpmuVer[1] != NULL)
+        {
+          set_kb_item(name:"www/" + wpPort + "/WordPress-Mu", value:wpmuVer[1] +
+                           " under " + dir);
+        }
+      }
+    }
   }
 }

Modified: trunk/openvas-plugins/scripts/secpod_wordpress_php_code_exec_vuln_900183.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_wordpress_php_code_exec_vuln_900183.nasl	2009-05-10 17:03:43 UTC (rev 3311)
+++ trunk/openvas-plugins/scripts/secpod_wordpress_php_code_exec_vuln_900183.nasl	2009-05-11 06:41:11 UTC (rev 3312)
@@ -7,7 +7,7 @@
 # Authors:
 # Sharath S <sharaths at secpod.com>
 #
-# Copyright (c) 2008 SecPod, http://www.secpod.com 
+# Copyright (c) 2008 SecPod, http://www.secpod.com
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2
@@ -15,7 +15,7 @@
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
@@ -78,15 +78,17 @@
 include("http_func.inc");
 include("version_func.inc");
 
-port = get_http_port(default:80);
-if(!port){
+wpPort = get_http_port(default:80);
+if(!wpPort){
   exit(0);
 }
 
-wpVer = get_kb_item("WordPress/Version");
-if(wpVer){
+wpVer = get_kb_item("www/" + wpPort + "/WordPress");
+wpVer = eregmatch(pattern:"^(.+) under (/.*)$", string:wpVer);
+if(wpVer[1] != NULL)
+{
   # Grep for version 2.3.2 and prior
-  if(version_is_less_equal(version:wpVer, test_version:"2.3.2")){
-    security_hole(port);
+  if(version_is_less_equal(version:wpVer[1], test_version:"2.3.2")){
+    security_hole(wpPort);
   }
 }



More information about the Openvas-commits mailing list