[Openvas-commits] r12127 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Wed Nov 16 17:13:17 CET 2011
Author: mime
Date: 2011-11-16 17:13:07 +0100 (Wed, 16 Nov 2011)
New Revision: 12127
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/scripts/gb_a-blog_42988.nasl
trunk/openvas-plugins/scripts/gb_awcm_44868.nasl
trunk/openvas-plugins/scripts/gb_bloofoxCMS_44464.nasl
trunk/openvas-plugins/scripts/gb_cyrus_49534.nasl
trunk/openvas-plugins/scripts/gb_dnet_43708.nasl
trunk/openvas-plugins/scripts/gb_mantis_49235.nasl
trunk/openvas-plugins/scripts/gb_modx_43577.nasl
trunk/openvas-plugins/scripts/gb_oneCMS_42949.nasl
trunk/openvas-plugins/scripts/gb_squid_49356.nasl
trunk/openvas-plugins/scripts/gb_ubuntu_USN_1217_1.nasl
trunk/openvas-plugins/scripts/gb_w-agora_44370.nasl
trunk/openvas-plugins/scripts/gb_webid_44765.nasl
trunk/openvas-plugins/scripts/gb_wikihelp_41344.nasl
Log:
Added CVE. Added CVSS. Fixed Risk.
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2011-11-16 12:24:56 UTC (rev 12126)
+++ trunk/openvas-plugins/ChangeLog 2011-11-16 16:13:07 UTC (rev 12127)
@@ -1,5 +1,24 @@
2011-11-16 Michael Meyer <michael.meyer at greenbone.net>
+ * scripts/gb_a-blog_42988.nasl,
+ scripts/gb_awcm_44868.nasl,
+ scripts/gb_bloofoxCMS_44464.nasl,
+ scripts/gb_cyrus_49534.nasl,
+ scripts/gb_dnet_43708.nasl,
+ scripts/gb_mantis_49235.nasl,
+ scripts/gb_modx_43577.nasl,
+ scripts/gb_oneCMS_42949.nasl,
+ scripts/gb_squid_49356.nasl,
+ scripts/gb_w-agora_44370.nasl,
+ scripts/gb_webid_44765.nasl,
+ scripts/gb_wikihelp_41344.nasl:
+ Added CVE. Added CVSS.
+
+ * scripts/gb_ubuntu_USN_1217_1.nasl:
+ Fixed Risk.
+
+2011-11-16 Michael Meyer <michael.meyer at greenbone.net>
+
* scripts/gb_sit_50632.nasl,
scripts/gb_dlguard_50650.nasl,
scripts/gb_centreon_50568.nasl:
Modified: trunk/openvas-plugins/scripts/gb_a-blog_42988.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_a-blog_42988.nasl 2011-11-16 12:24:56 UTC (rev 12126)
+++ trunk/openvas-plugins/scripts/gb_a-blog_42988.nasl 2011-11-16 16:13:07 UTC (rev 12127)
@@ -30,6 +30,8 @@
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2010-09-08 15:41:05 +0200 (Wed, 08 Sep 2010)");
+ script_tag(name:"cvss_base", value:"7.5");
+ script_cve_id("CVE-2010-4917");
script_bugtraq_id(42988);
script_name("A-Blog 'sources/search.php' SQL Injection Vulnerability");
@@ -49,7 +51,7 @@
https://www.securityfocus.com/bid/42988
http://sourceforge.net/projects/a-blog/";
- script_tag(name:"risk_factor", value:"Medium");
+ script_tag(name:"risk_factor", value:"High");
script_description(desc);
script_summary("Determine if A-Blog is prone to an SQL-injection vulnerability");
script_category(ACT_ATTACK);
@@ -79,7 +81,7 @@
if(http_vuln_check(port:port, url:url,pattern:"<1>[a-zA-Z0-9]+:[a-fA-F0-9]+<2>")) {
- security_warning(port:port);
+ security_hole(port:port);
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_awcm_44868.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_awcm_44868.nasl 2011-11-16 12:24:56 UTC (rev 12126)
+++ trunk/openvas-plugins/scripts/gb_awcm_44868.nasl 2011-11-16 16:13:07 UTC (rev 12127)
@@ -30,6 +30,8 @@
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2010-11-16 13:35:09 +0100 (Tue, 16 Nov 2010)");
+ script_tag(name:"cvss_base", value:"7.5");
+ script_cve_id("CVE-2010-4810");
script_bugtraq_id(44868);
script_name("AWCM CMS Multiple Remote File Include Vulnerabilities");
@@ -50,7 +52,7 @@
https://www.securityfocus.com/bid/44868
http://sourceforge.net/projects/awcm/";
- script_tag(name:"risk_factor", value:"Medium");
+ script_tag(name:"risk_factor", value:"High");
script_description(desc);
script_summary("Determine if AWCM CMS is prone to multiple remote file-include vulnerabilities");
script_category(ACT_ATTACK);
@@ -81,7 +83,7 @@
if(http_vuln_check(port:port, url:url,pattern:file)) {
- security_warning(port:port);
+ security_hole(port:port);
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_bloofoxCMS_44464.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_bloofoxCMS_44464.nasl 2011-11-16 12:24:56 UTC (rev 12126)
+++ trunk/openvas-plugins/scripts/gb_bloofoxCMS_44464.nasl 2011-11-16 16:13:07 UTC (rev 12127)
@@ -30,6 +30,8 @@
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2010-10-28 13:41:07 +0200 (Thu, 28 Oct 2010)");
+ script_tag(name:"cvss_base", value:"7.5");
+ script_cve_id("CVE-2010-4870");
script_bugtraq_id(44464);
script_name("bloofoxCMS 'gender' Parameter SQL Injection Vulnerability");
@@ -50,7 +52,7 @@
http://www.bloofox.com/cms/
http://www.htbridge.ch/advisory/sql_injection_in_bloofoxcms_registration_plugin.html";
- script_tag(name:"risk_factor", value:"Medium");
+ script_tag(name:"risk_factor", value:"High");
script_description(desc);
script_summary("Determine if installed bloofoxCMS version is vulnerable");
script_category(ACT_GATHER_INFO);
@@ -74,7 +76,7 @@
if(vers = get_version_from_kb(port:port,app:"bloofoxCMS")) {
if(version_is_equal(version: vers, test_version: "0.3.5")) {
- security_warning(port:port);
+ security_hole(port:port);
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_cyrus_49534.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_cyrus_49534.nasl 2011-11-16 12:24:56 UTC (rev 12126)
+++ trunk/openvas-plugins/scripts/gb_cyrus_49534.nasl 2011-11-16 16:13:07 UTC (rev 12127)
@@ -30,6 +30,8 @@
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-09-12 14:00:02 +0200 (Mon, 12 Sep 2011)");
+ script_tag(name:"cvss_base", value:"7.5");
+ script_cve_id("CVE-2011-3208");
script_bugtraq_id(49534);
script_name("Cyrus IMAP Server 'split_wildmats()' Remote Buffer Overflow Vulnerability");
@@ -55,7 +57,7 @@
http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=200
http://cyrusimap.web.cmu.edu/";
- script_tag(name:"risk_factor", value:"Medium");
+ script_tag(name:"risk_factor", value:"High");
script_description(desc);
script_summary("Determine if installed Cyrus version is vulnerable");
script_category(ACT_GATHER_INFO);
@@ -82,7 +84,7 @@
if(version_in_range(version:imapVer, test_version:"2.4", test_version2:"2.4.10") ||
version_in_range(version:imapVer, test_version:"2.3", test_version2:"2.3.16")) {
- security_warning(port:port);
+ security_hole(port:port);
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_dnet_43708.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_dnet_43708.nasl 2011-11-16 12:24:56 UTC (rev 12126)
+++ trunk/openvas-plugins/scripts/gb_dnet_43708.nasl 2011-11-16 16:13:07 UTC (rev 12127)
@@ -30,6 +30,8 @@
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2010-10-05 12:35:02 +0200 (Tue, 05 Oct 2010)");
+ script_tag(name:"cvss_base", value:"5.0");
+ script_cve_id("CVE-2010-4858");
script_bugtraq_id(43708);
script_name("DNET Live-Stats 'team.rc5-72.php' Local File Include Vulnerability");
Modified: trunk/openvas-plugins/scripts/gb_mantis_49235.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_mantis_49235.nasl 2011-11-16 12:24:56 UTC (rev 12126)
+++ trunk/openvas-plugins/scripts/gb_mantis_49235.nasl 2011-11-16 16:13:07 UTC (rev 12127)
@@ -30,6 +30,8 @@
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-08-19 14:58:19 +0200 (Fri, 19 Aug 2011)");
+ script_tag(name:"cvss_base", value:"4.3");
+ script_cve_id("CVE-2011-2938");
script_bugtraq_id(49235);
script_name("MantisBT Cross Site Scripting and SQL Injection Vulnerabilities");
Modified: trunk/openvas-plugins/scripts/gb_modx_43577.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_modx_43577.nasl 2011-11-16 12:24:56 UTC (rev 12126)
+++ trunk/openvas-plugins/scripts/gb_modx_43577.nasl 2011-11-16 16:13:07 UTC (rev 12127)
@@ -30,6 +30,8 @@
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2010-09-30 13:18:50 +0200 (Thu, 30 Sep 2010)");
+ script_tag(name:"cvss_base", value:"2.6");
+ script_cve_id("CVE-2010-4883");
script_bugtraq_id(43577);
script_name("MODx Local File Include and Cross Site Scripting Vulnerabilities");
Modified: trunk/openvas-plugins/scripts/gb_oneCMS_42949.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_oneCMS_42949.nasl 2011-11-16 12:24:56 UTC (rev 12126)
+++ trunk/openvas-plugins/scripts/gb_oneCMS_42949.nasl 2011-11-16 16:13:07 UTC (rev 12127)
@@ -30,6 +30,8 @@
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2010-09-06 14:44:23 +0200 (Mon, 06 Sep 2010)");
+ script_tag(name:"cvss_base", value:"4.3");
+ script_cve_id("CVE-2010-4877");
script_bugtraq_id(42949);
script_name("OneCMS 'index.php' Cross Site Scripting Vulnerability");
Modified: trunk/openvas-plugins/scripts/gb_squid_49356.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_squid_49356.nasl 2011-11-16 12:24:56 UTC (rev 12126)
+++ trunk/openvas-plugins/scripts/gb_squid_49356.nasl 2011-11-16 16:13:07 UTC (rev 12127)
@@ -30,6 +30,8 @@
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-08-30 14:29:55 +0200 (Tue, 30 Aug 2011)");
+ script_tag(name:"cvss_base", value:"6.8");
+ script_cve_id("CVE-2011-3205");
script_bugtraq_id(49356);
script_name("Squid Proxy Gopher Remote Buffer Overflow Vulnerability");
Modified: trunk/openvas-plugins/scripts/gb_ubuntu_USN_1217_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ubuntu_USN_1217_1.nasl 2011-11-16 12:24:56 UTC (rev 12126)
+++ trunk/openvas-plugins/scripts/gb_ubuntu_USN_1217_1.nasl 2011-11-16 16:13:07 UTC (rev 12127)
@@ -29,7 +29,7 @@
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-09-30 16:02:57 +0200 (Fri, 30 Sep 2011)");
- script_tag(name:"risk_factor", value:"High");
+ script_tag(name:"risk_factor", value:"Medium");
script_xref(name: "USN", value: "1217-1");
script_tag(name:"cvss_base", value:"5.0");
script_cve_id("CVE-2011-3848");
@@ -110,4 +110,5 @@
}
exit(0);
-}
\ No newline at end of file
+}
+
Modified: trunk/openvas-plugins/scripts/gb_w-agora_44370.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_w-agora_44370.nasl 2011-11-16 12:24:56 UTC (rev 12126)
+++ trunk/openvas-plugins/scripts/gb_w-agora_44370.nasl 2011-11-16 16:13:07 UTC (rev 12127)
@@ -30,6 +30,8 @@
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2010-10-25 12:51:03 +0200 (Mon, 25 Oct 2010)");
+ script_tag(name:"cvss_base", value:"7.5");
+ script_cve_id("CVE-2010-4867","CVE-2010-4868");
script_bugtraq_id(44370);
script_name("w-Agora 'search.php' Local File Include and Cross Site Scripting Vulnerabilities");
@@ -54,7 +56,7 @@
References:
https://www.securityfocus.com/bid/44370";
- script_tag(name:"risk_factor", value:"Medium");
+ script_tag(name:"risk_factor", value:"High");
script_description(desc);
script_summary("Determine if w-Agora is prone to a cross-site scripting vulnerability");
script_category(ACT_ATTACK);
@@ -84,7 +86,7 @@
if(http_vuln_check(port:port, url:url,pattern:"<body onload=alert\('openvas-xss-test'\)>",extra_check:make_list("Could not access configuration file"))) {
- security_warning(port:port);
+ security_hole(port:port);
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_webid_44765.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_webid_44765.nasl 2011-11-16 12:24:56 UTC (rev 12126)
+++ trunk/openvas-plugins/scripts/gb_webid_44765.nasl 2011-11-16 16:13:07 UTC (rev 12127)
@@ -30,6 +30,8 @@
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2010-11-11 13:24:47 +0100 (Thu, 11 Nov 2010)");
+ script_tag(name:"cvss_base", value:"4.3");
+ script_cve_id("CVE-2010-4873");
script_bugtraq_id(44765);
script_name("WeBid Multiple Input Validation Vulnerabilities");
Modified: trunk/openvas-plugins/scripts/gb_wikihelp_41344.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wikihelp_41344.nasl 2011-11-16 12:24:56 UTC (rev 12126)
+++ trunk/openvas-plugins/scripts/gb_wikihelp_41344.nasl 2011-11-16 16:13:07 UTC (rev 12127)
@@ -30,6 +30,8 @@
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2010-07-06 13:44:35 +0200 (Tue, 06 Jul 2010)");
+ script_tag(name:"cvss_base", value:"7.5");
+ script_cve_id("CVE-2010-4970");
script_bugtraq_id(41344);
script_name("Wiki Web Help 'getpage.php' SQL Injection Vulnerability");
@@ -54,7 +56,7 @@
http://wikiwebhelp.org/
http://sourceforge.net/projects/wwh/";
- script_tag(name:"risk_factor", value:"Medium");
+ script_tag(name:"risk_factor", value:"High");
script_description(desc);
script_summary("Determine if Wiki Web Help is prone to an SQL-injection vulnerability");
script_category(ACT_ATTACK);
@@ -84,7 +86,7 @@
if(http_vuln_check(port:port, url:url,pattern:"OpenVAS-SQL-Injection-Test")) {
- security_warning(port:port);
+ security_hole(port:port);
exit(0);
}
More information about the Openvas-commits
mailing list