[Openvas-commits] r12127 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Wed Nov 16 17:13:17 CET 2011


Author: mime
Date: 2011-11-16 17:13:07 +0100 (Wed, 16 Nov 2011)
New Revision: 12127

Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/gb_a-blog_42988.nasl
   trunk/openvas-plugins/scripts/gb_awcm_44868.nasl
   trunk/openvas-plugins/scripts/gb_bloofoxCMS_44464.nasl
   trunk/openvas-plugins/scripts/gb_cyrus_49534.nasl
   trunk/openvas-plugins/scripts/gb_dnet_43708.nasl
   trunk/openvas-plugins/scripts/gb_mantis_49235.nasl
   trunk/openvas-plugins/scripts/gb_modx_43577.nasl
   trunk/openvas-plugins/scripts/gb_oneCMS_42949.nasl
   trunk/openvas-plugins/scripts/gb_squid_49356.nasl
   trunk/openvas-plugins/scripts/gb_ubuntu_USN_1217_1.nasl
   trunk/openvas-plugins/scripts/gb_w-agora_44370.nasl
   trunk/openvas-plugins/scripts/gb_webid_44765.nasl
   trunk/openvas-plugins/scripts/gb_wikihelp_41344.nasl
Log:
Added CVE. Added CVSS. Fixed Risk.

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2011-11-16 12:24:56 UTC (rev 12126)
+++ trunk/openvas-plugins/ChangeLog	2011-11-16 16:13:07 UTC (rev 12127)
@@ -1,5 +1,24 @@
 2011-11-16  Michael Meyer <michael.meyer at greenbone.net>
 
+	* scripts/gb_a-blog_42988.nasl,
+	scripts/gb_awcm_44868.nasl,
+	scripts/gb_bloofoxCMS_44464.nasl,
+	scripts/gb_cyrus_49534.nasl,
+	scripts/gb_dnet_43708.nasl,
+	scripts/gb_mantis_49235.nasl,
+	scripts/gb_modx_43577.nasl,
+	scripts/gb_oneCMS_42949.nasl,
+	scripts/gb_squid_49356.nasl,
+	scripts/gb_w-agora_44370.nasl,
+	scripts/gb_webid_44765.nasl,
+	scripts/gb_wikihelp_41344.nasl:
+	Added CVE. Added CVSS.
+
+	* scripts/gb_ubuntu_USN_1217_1.nasl:
+	Fixed Risk.
+
+2011-11-16  Michael Meyer <michael.meyer at greenbone.net>
+
 	* scripts/gb_sit_50632.nasl,
 	scripts/gb_dlguard_50650.nasl,
 	scripts/gb_centreon_50568.nasl:

Modified: trunk/openvas-plugins/scripts/gb_a-blog_42988.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_a-blog_42988.nasl	2011-11-16 12:24:56 UTC (rev 12126)
+++ trunk/openvas-plugins/scripts/gb_a-blog_42988.nasl	2011-11-16 16:13:07 UTC (rev 12127)
@@ -30,6 +30,8 @@
  script_version("$Revision$");
  script_tag(name:"last_modification", value:"$Date$");
  script_tag(name:"creation_date", value:"2010-09-08 15:41:05 +0200 (Wed, 08 Sep 2010)");
+ script_tag(name:"cvss_base", value:"7.5");
+  script_cve_id("CVE-2010-4917");
  script_bugtraq_id(42988);
 
  script_name("A-Blog 'sources/search.php' SQL Injection Vulnerability");
@@ -49,7 +51,7 @@
 https://www.securityfocus.com/bid/42988
 http://sourceforge.net/projects/a-blog/";
 
- script_tag(name:"risk_factor", value:"Medium");
+ script_tag(name:"risk_factor", value:"High");
  script_description(desc);
  script_summary("Determine if A-Blog is prone to an SQL-injection vulnerability");
  script_category(ACT_ATTACK);
@@ -79,7 +81,7 @@
 
   if(http_vuln_check(port:port, url:url,pattern:"<1>[a-zA-Z0-9]+:[a-fA-F0-9]+<2>")) {
      
-    security_warning(port:port);
+    security_hole(port:port);
     exit(0);
 
   }

Modified: trunk/openvas-plugins/scripts/gb_awcm_44868.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_awcm_44868.nasl	2011-11-16 12:24:56 UTC (rev 12126)
+++ trunk/openvas-plugins/scripts/gb_awcm_44868.nasl	2011-11-16 16:13:07 UTC (rev 12127)
@@ -30,6 +30,8 @@
  script_version("$Revision$");
  script_tag(name:"last_modification", value:"$Date$");
  script_tag(name:"creation_date", value:"2010-11-16 13:35:09 +0100 (Tue, 16 Nov 2010)");
+ script_tag(name:"cvss_base", value:"7.5");
+  script_cve_id("CVE-2010-4810");
  script_bugtraq_id(44868);
 
  script_name("AWCM CMS Multiple Remote File Include Vulnerabilities");
@@ -50,7 +52,7 @@
 https://www.securityfocus.com/bid/44868
 http://sourceforge.net/projects/awcm/";
 
- script_tag(name:"risk_factor", value:"Medium");
+ script_tag(name:"risk_factor", value:"High");
  script_description(desc);
  script_summary("Determine if AWCM CMS is prone to multiple remote file-include vulnerabilities");
  script_category(ACT_ATTACK);
@@ -81,7 +83,7 @@
 
     if(http_vuln_check(port:port, url:url,pattern:file)) {
      
-      security_warning(port:port);
+      security_hole(port:port);
       exit(0);
 
     }

Modified: trunk/openvas-plugins/scripts/gb_bloofoxCMS_44464.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_bloofoxCMS_44464.nasl	2011-11-16 12:24:56 UTC (rev 12126)
+++ trunk/openvas-plugins/scripts/gb_bloofoxCMS_44464.nasl	2011-11-16 16:13:07 UTC (rev 12127)
@@ -30,6 +30,8 @@
  script_version("$Revision$");
  script_tag(name:"last_modification", value:"$Date$");
  script_tag(name:"creation_date", value:"2010-10-28 13:41:07 +0200 (Thu, 28 Oct 2010)");
+ script_tag(name:"cvss_base", value:"7.5");
+  script_cve_id("CVE-2010-4870");
  script_bugtraq_id(44464);
 
  script_name("bloofoxCMS 'gender' Parameter SQL Injection Vulnerability");
@@ -50,7 +52,7 @@
 http://www.bloofox.com/cms/
 http://www.htbridge.ch/advisory/sql_injection_in_bloofoxcms_registration_plugin.html";
 
- script_tag(name:"risk_factor", value:"Medium");
+ script_tag(name:"risk_factor", value:"High");
  script_description(desc);
  script_summary("Determine if installed bloofoxCMS version is vulnerable");
  script_category(ACT_GATHER_INFO);
@@ -74,7 +76,7 @@
 if(vers = get_version_from_kb(port:port,app:"bloofoxCMS")) {
 
   if(version_is_equal(version: vers, test_version: "0.3.5")) {
-      security_warning(port:port);
+      security_hole(port:port);
       exit(0);
   }
 

Modified: trunk/openvas-plugins/scripts/gb_cyrus_49534.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_cyrus_49534.nasl	2011-11-16 12:24:56 UTC (rev 12126)
+++ trunk/openvas-plugins/scripts/gb_cyrus_49534.nasl	2011-11-16 16:13:07 UTC (rev 12127)
@@ -30,6 +30,8 @@
  script_version("$Revision$");
  script_tag(name:"last_modification", value:"$Date$");
  script_tag(name:"creation_date", value:"2011-09-12 14:00:02 +0200 (Mon, 12 Sep 2011)");
+ script_tag(name:"cvss_base", value:"7.5");
+  script_cve_id("CVE-2011-3208");
  script_bugtraq_id(49534);
 
  script_name("Cyrus IMAP Server 'split_wildmats()' Remote Buffer Overflow Vulnerability");
@@ -55,7 +57,7 @@
 http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=200
 http://cyrusimap.web.cmu.edu/";
 
- script_tag(name:"risk_factor", value:"Medium");
+ script_tag(name:"risk_factor", value:"High");
  script_description(desc);
  script_summary("Determine if installed Cyrus version is vulnerable");
  script_category(ACT_GATHER_INFO);
@@ -82,7 +84,7 @@
 if(version_in_range(version:imapVer, test_version:"2.4", test_version2:"2.4.10") ||
    version_in_range(version:imapVer, test_version:"2.3", test_version2:"2.3.16")) {
 
-    security_warning(port:port);
+    security_hole(port:port);
     exit(0);
 
 }  

Modified: trunk/openvas-plugins/scripts/gb_dnet_43708.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_dnet_43708.nasl	2011-11-16 12:24:56 UTC (rev 12126)
+++ trunk/openvas-plugins/scripts/gb_dnet_43708.nasl	2011-11-16 16:13:07 UTC (rev 12127)
@@ -30,6 +30,8 @@
  script_version("$Revision$");
  script_tag(name:"last_modification", value:"$Date$");
  script_tag(name:"creation_date", value:"2010-10-05 12:35:02 +0200 (Tue, 05 Oct 2010)");
+ script_tag(name:"cvss_base", value:"5.0");
+  script_cve_id("CVE-2010-4858");
  script_bugtraq_id(43708);
 
  script_name("DNET Live-Stats 'team.rc5-72.php' Local File Include Vulnerability");

Modified: trunk/openvas-plugins/scripts/gb_mantis_49235.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_mantis_49235.nasl	2011-11-16 12:24:56 UTC (rev 12126)
+++ trunk/openvas-plugins/scripts/gb_mantis_49235.nasl	2011-11-16 16:13:07 UTC (rev 12127)
@@ -30,6 +30,8 @@
  script_version("$Revision$");
  script_tag(name:"last_modification", value:"$Date$");
  script_tag(name:"creation_date", value:"2011-08-19 14:58:19 +0200 (Fri, 19 Aug 2011)");
+ script_tag(name:"cvss_base", value:"4.3");
+  script_cve_id("CVE-2011-2938");
  script_bugtraq_id(49235);
 
  script_name("MantisBT Cross Site Scripting and SQL Injection Vulnerabilities");

Modified: trunk/openvas-plugins/scripts/gb_modx_43577.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_modx_43577.nasl	2011-11-16 12:24:56 UTC (rev 12126)
+++ trunk/openvas-plugins/scripts/gb_modx_43577.nasl	2011-11-16 16:13:07 UTC (rev 12127)
@@ -30,6 +30,8 @@
  script_version("$Revision$");
  script_tag(name:"last_modification", value:"$Date$");
  script_tag(name:"creation_date", value:"2010-09-30 13:18:50 +0200 (Thu, 30 Sep 2010)");
+ script_tag(name:"cvss_base", value:"2.6");
+  script_cve_id("CVE-2010-4883");
  script_bugtraq_id(43577);
 
  script_name("MODx Local File Include and Cross Site Scripting Vulnerabilities");

Modified: trunk/openvas-plugins/scripts/gb_oneCMS_42949.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_oneCMS_42949.nasl	2011-11-16 12:24:56 UTC (rev 12126)
+++ trunk/openvas-plugins/scripts/gb_oneCMS_42949.nasl	2011-11-16 16:13:07 UTC (rev 12127)
@@ -30,6 +30,8 @@
  script_version("$Revision$");
  script_tag(name:"last_modification", value:"$Date$");
  script_tag(name:"creation_date", value:"2010-09-06 14:44:23 +0200 (Mon, 06 Sep 2010)");
+ script_tag(name:"cvss_base", value:"4.3");
+  script_cve_id("CVE-2010-4877");
  script_bugtraq_id(42949);
 
  script_name("OneCMS 'index.php' Cross Site Scripting Vulnerability");

Modified: trunk/openvas-plugins/scripts/gb_squid_49356.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_squid_49356.nasl	2011-11-16 12:24:56 UTC (rev 12126)
+++ trunk/openvas-plugins/scripts/gb_squid_49356.nasl	2011-11-16 16:13:07 UTC (rev 12127)
@@ -30,6 +30,8 @@
  script_version("$Revision$");
  script_tag(name:"last_modification", value:"$Date$");
  script_tag(name:"creation_date", value:"2011-08-30 14:29:55 +0200 (Tue, 30 Aug 2011)");
+ script_tag(name:"cvss_base", value:"6.8");
+  script_cve_id("CVE-2011-3205");
  script_bugtraq_id(49356);
 
  script_name("Squid Proxy Gopher Remote Buffer Overflow Vulnerability");

Modified: trunk/openvas-plugins/scripts/gb_ubuntu_USN_1217_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ubuntu_USN_1217_1.nasl	2011-11-16 12:24:56 UTC (rev 12126)
+++ trunk/openvas-plugins/scripts/gb_ubuntu_USN_1217_1.nasl	2011-11-16 16:13:07 UTC (rev 12127)
@@ -29,7 +29,7 @@
   script_version("$Revision$");
   script_tag(name:"last_modification", value:"$Date$");
   script_tag(name:"creation_date", value:"2011-09-30 16:02:57 +0200 (Fri, 30 Sep 2011)");
-  script_tag(name:"risk_factor", value:"High");
+  script_tag(name:"risk_factor", value:"Medium");
   script_xref(name: "USN", value: "1217-1");
   script_tag(name:"cvss_base", value:"5.0");
   script_cve_id("CVE-2011-3848");
@@ -110,4 +110,5 @@
   }
 
   exit(0);
-}
\ No newline at end of file
+}
+

Modified: trunk/openvas-plugins/scripts/gb_w-agora_44370.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_w-agora_44370.nasl	2011-11-16 12:24:56 UTC (rev 12126)
+++ trunk/openvas-plugins/scripts/gb_w-agora_44370.nasl	2011-11-16 16:13:07 UTC (rev 12127)
@@ -30,6 +30,8 @@
  script_version("$Revision$");
  script_tag(name:"last_modification", value:"$Date$");
  script_tag(name:"creation_date", value:"2010-10-25 12:51:03 +0200 (Mon, 25 Oct 2010)");
+ script_tag(name:"cvss_base", value:"7.5");
+  script_cve_id("CVE-2010-4867","CVE-2010-4868");
  script_bugtraq_id(44370);
 
  script_name("w-Agora 'search.php' Local File Include and Cross Site Scripting Vulnerabilities");
@@ -54,7 +56,7 @@
 References:
 https://www.securityfocus.com/bid/44370";
 
- script_tag(name:"risk_factor", value:"Medium");
+ script_tag(name:"risk_factor", value:"High");
  script_description(desc);
  script_summary("Determine if w-Agora is prone to a cross-site scripting vulnerability");
  script_category(ACT_ATTACK);
@@ -84,7 +86,7 @@
 
     if(http_vuln_check(port:port, url:url,pattern:"<body onload=alert\('openvas-xss-test'\)>",extra_check:make_list("Could not access configuration file"))) {
      
-      security_warning(port:port);
+      security_hole(port:port);
       exit(0);
 
     }

Modified: trunk/openvas-plugins/scripts/gb_webid_44765.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_webid_44765.nasl	2011-11-16 12:24:56 UTC (rev 12126)
+++ trunk/openvas-plugins/scripts/gb_webid_44765.nasl	2011-11-16 16:13:07 UTC (rev 12127)
@@ -30,6 +30,8 @@
  script_version("$Revision$");
  script_tag(name:"last_modification", value:"$Date$");
  script_tag(name:"creation_date", value:"2010-11-11 13:24:47 +0100 (Thu, 11 Nov 2010)");
+ script_tag(name:"cvss_base", value:"4.3");
+  script_cve_id("CVE-2010-4873");
  script_bugtraq_id(44765);
 
  script_name("WeBid Multiple Input Validation Vulnerabilities");

Modified: trunk/openvas-plugins/scripts/gb_wikihelp_41344.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wikihelp_41344.nasl	2011-11-16 12:24:56 UTC (rev 12126)
+++ trunk/openvas-plugins/scripts/gb_wikihelp_41344.nasl	2011-11-16 16:13:07 UTC (rev 12127)
@@ -30,6 +30,8 @@
  script_version("$Revision$");
  script_tag(name:"last_modification", value:"$Date$");
  script_tag(name:"creation_date", value:"2010-07-06 13:44:35 +0200 (Tue, 06 Jul 2010)");
+ script_tag(name:"cvss_base", value:"7.5");
+  script_cve_id("CVE-2010-4970");
  script_bugtraq_id(41344);
 
  script_name("Wiki Web Help 'getpage.php' SQL Injection Vulnerability");
@@ -54,7 +56,7 @@
 http://wikiwebhelp.org/
 http://sourceforge.net/projects/wwh/";
 
- script_tag(name:"risk_factor", value:"Medium");
+ script_tag(name:"risk_factor", value:"High");
  script_description(desc);
  script_summary("Determine if Wiki Web Help is prone to an SQL-injection vulnerability");
  script_category(ACT_ATTACK);
@@ -84,7 +86,7 @@
 
   if(http_vuln_check(port:port, url:url,pattern:"OpenVAS-SQL-Injection-Test")) {
      
-    security_warning(port:port);
+    security_hole(port:port);
     exit(0);
 
   }



More information about the Openvas-commits mailing list