[Openvas-commits] r12703 - in trunk/openvas-plugins: . scripts
scm-commit at wald.intevation.org
scm-commit at wald.intevation.org
Fri Feb 10 15:41:31 CET 2012
Author: antu123
Date: 2012-02-10 15:41:30 +0100 (Fri, 10 Feb 2012)
New Revision: 12703
Added:
trunk/openvas-plugins/scripts/gb_apache_struts_cookbook_n_exmp_mul_xss_vuln.nasl
trunk/openvas-plugins/scripts/gb_apache_struts_showcase_multiple_xss_vuln.nasl
trunk/openvas-plugins/scripts/gb_manageengine_admanager_plus_mult_xss_vuln.nasl
trunk/openvas-plugins/scripts/gb_mozilla_prdts_ipv6_literal_syntax_info_disc_vuln_macosx.nasl
trunk/openvas-plugins/scripts/gb_mozilla_prdts_ipv6_literal_syntax_info_disc_vuln_win.nasl
trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_macosx01_feb12.nasl
trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_macosx_feb12.nasl
trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_win01_feb12.nasl
trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_win_feb12.nasl
trunk/openvas-plugins/scripts/gb_mozilla_prdts_recovery_key_info_disc_vuln_macosx.nasl
trunk/openvas-plugins/scripts/gb_phpmyadmin_url_param_uri_redirect_vuln.nasl
trunk/openvas-plugins/scripts/gb_snipsnap_wiki_query_param_xss_vuln.nasl
Modified:
trunk/openvas-plugins/ChangeLog
Log:
Added new plugins
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2012-02-10 13:30:55 UTC (rev 12702)
+++ trunk/openvas-plugins/ChangeLog 2012-02-10 14:41:30 UTC (rev 12703)
@@ -1,3 +1,19 @@
+2012-02-10 Antu Sanadi <santu at secpod.com>
+
+ * scripts/gb_manageengine_admanager_plus_mult_xss_vuln.nasl,
+ scripts/gb_snipsnap_wiki_query_param_xss_vuln.nasl,
+ scripts/gb_phpmyadmin_url_param_uri_redirect_vuln.nasl,
+ scripts/gb_mozilla_prdts_ipv6_literal_syntax_info_disc_vuln_macosx.nasl,
+ scripts/gb_mozilla_prdts_mult_vuln_macosx_feb12.nasl,
+ scripts/gb_mozilla_prdts_mult_vuln_macosx01_feb12.nasl,
+ scripts/gb_mozilla_prdts_recovery_key_info_disc_vuln_macosx.nasl,
+ scripts/gb_mozilla_prdts_ipv6_literal_syntax_info_disc_vuln_win.nasl,
+ scripts/gb_mozilla_prdts_mult_vuln_win_feb12.nasl,
+ scripts/gb_mozilla_prdts_mult_vuln_win01_feb12.nasl,
+ scripts/gb_apache_struts_showcase_multiple_xss_vuln.nasl,
+ scripts/gb_apache_struts_cookbook_n_exmp_mul_xss_vuln.nasl:
+ Added new plugins.
+
2012-02-10 Michael Meyer <michael.meyer at greenbone.net>
* scripts/remote-MS04-011.nasl:
Added: trunk/openvas-plugins/scripts/gb_apache_struts_cookbook_n_exmp_mul_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_apache_struts_cookbook_n_exmp_mul_xss_vuln.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_apache_struts_cookbook_n_exmp_mul_xss_vuln.nasl 2012-02-10 14:41:30 UTC (rev 12703)
@@ -0,0 +1,174 @@
+##############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802423);
+ script_version("$Revision$");
+ script_bugtraq_id(51900);
+ script_cve_id("CVE-2012-1007");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
+ script_tag(name:"cvss_base", value:"4.3");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-08 17:33:28 +0530 (Wed, 08 Feb 2012)");
+ script_name("Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities");
+ desc = "
+ Overview: This host is running Apache Struts and is prone to multiple
+ Cross-site scripting vulnerabilities.
+
+ Vulnerability Insight:
+ Multiple flaws due to an,
+ - Input passed via the 'message' parameter in 'processSimple.do' and
+ 'processDyna.do' action is not properly verified before it is returned
+ to the user.
+ - Input passed via the 'name' and 'queryParam' parameter in
+ '/struts-examples/upload/upload-submit.do' action is not properly verified
+ before it is returned to the user.
+
+ Impact:
+ Successful exploitation could allow an attacker to execute arbitrary HTML
+ code in a user's browser session in the context of a vulnerable application.
+
+ Impact Level: Application.
+
+ Affected Software:
+ Apache Struts (cookbook, examples) version 1.3.10 and prior.
+
+ Fix: No solution or patch is available as on 08th, February 2012. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://struts.apache.org/download.cgi
+
+ References:
+ http://secpod.org/blog/?p=450
+ http://secpod.org/advisories/SecPod_Apache_Struts_Multiple_Parsistant_XSS_Vulns.txt ";
+
+ script_description(desc);
+ script_summary("Check if Apache Struts is vulnerable to cross-site scripting vulnerabilities");
+ script_category(ACT_ATTACK);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Web application abuses");
+ script_require_ports("Services/www", 8080);
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("http_keepalive.inc");
+
+
+asport = 0;
+asreq = NULL;
+asres = NULL;
+asRes = NULL;
+## Get HTTP Port
+
+asport = get_http_port(default:8080);
+if(asport){
+ asport = 8080;
+}
+
+## Check for the port status
+if(!get_port_state(asport)){
+ exit(0);
+}
+
+## check the possibly configured names
+foreach dir (make_list("/", "/struts", "/struts-cookbook", "/struts-examples"))
+{
+ ## Make list index pages
+ foreach indexpage (make_list("/", "/welcome.do"))
+ {
+ ## Send and Recieve the response
+ asreq = http_get(item:string(dir, indexpage), port:asport);
+
+ if(!isnull(asreq))
+ {
+ asres = http_keepalive_send_recv(port:asport, data:asreq);
+
+ ## Confirm the application Struts Cookbook
+ if(!isnull(asres) && ">Struts Cookbook<" >< asres)
+ {
+ ## Construct the POST Attack for Struts Cookbook
+ postdata = "name=xyz&secret=xyz&color=red&message=%3Cscript%3Ealert" +
+ "%28document.cookie%29%3C%2Fscript%3E&hidden=Sssh%21+It%" +
+ "27s+a+secret.+Nobody+knows+I%27m+here.";
+
+ ## Construct the POST request Struts Cookbook
+ asReq = string("POST ", dir, "/processSimple.do HTTP/1.1\r\n",
+ "Host: ", get_host_name(), "\r\n",
+ "User-Agent: XSS-TEST\r\n",
+ "Content-Type: application/x-www-form-urlencoded\r\n",
+ "Content-Length: ", strlen(postdata), "\r\n",
+ "\r\n", postdata);
+ asRes = http_send_recv(port:asport, data:asReq);
+
+ ## Confirm the exploit
+ if(!isnull(asRes) && "<script>alert(document.cookie)</script>" >< asRes &&
+ ">Simple ActionForm Example<" >< asRes)
+ {
+ security_warning(asport);
+ exit(0);
+ }
+ }
+
+ ## Confirm the application Struts Examples
+ if(!isnull(asres) && ">Struts Examples<" >< asres)
+ {
+ ## Construct the POST data
+ postdata = '-----------------------------7559840272055538773136052934' +
+ '\r\nContent-Disposition: form-data; name="theText"\r\n\r\n' +
+ '\r\n-----------------------------7559840272055538773136052' +
+ '934\r\nContent-Disposition: form-data; name="theFile"; fil' +
+ 'ename=""\r\nContent-Type: application/octet-stream\r\n\r\n' +
+ '\r\n-----------------------------7559840272055538773136052' +
+ '934\r\nContent-Disposition: form-data; name="filePath"\r\n' +
+ '\r\n<script>alert(document.cookie)</script>\r\n-----------' +
+ '------------------7559840272055538773136052934--\r\n';
+
+ ## Construct the POST request
+ asReq = string("POST ", dir, "/upload/upload-submit.do?queryParam=Successful HTTP/1.1\r\n",
+ "Host: ", get_host_name(), "\r\n",
+ "User-Agent: XSS-TEST\r\n",
+ "Content-Type: multipart/form-data; boundary=---" +
+ "------------------------7559840272055538773136052934\r\n",
+ "Content-Type: application/x-www-form-urlencoded\r\n",
+ "Content-Length: ", strlen(postdata), "\r\n",
+ "\r\n", postdata);
+ asRes = http_send_recv(port:asport, data:asReq);
+
+ ## Confirm the exploit
+ if(!isnull(asRes) &&
+ "<script>alert(document.cookie)</script>" >< asRes &&
+ ">File Upload Example<" >< asRes)
+ {
+ security_warning(asport);
+ exit(0);
+ }
+ }
+ }
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_apache_struts_cookbook_n_exmp_mul_xss_vuln.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_apache_struts_showcase_multiple_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_apache_struts_showcase_multiple_xss_vuln.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_apache_struts_showcase_multiple_xss_vuln.nasl 2012-02-10 14:41:30 UTC (rev 12703)
@@ -0,0 +1,154 @@
+##############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802422);
+ script_version("$Revision$");
+ script_bugtraq_id(51902);
+ script_cve_id("CVE-2012-1006");
+ script_tag(name:"cvss_base", value:"4.3");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-08 12:14:38 +0530 (Wed, 08 Feb 2012)");
+ script_name("Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities");
+ desc = "
+ Overview: This host is running Apache Struts Showcase and is prone to
+ multiple persistence cross-site scripting vulnerabilities.
+
+ Vulnerability Insight:
+ Multiple flaws due to an,
+ - Input passed via the 'name' and 'lastName' parameter in
+ '/struts2-showcase/person/editPerson.action' is not properly verified
+ before it is returned to the user.
+ - Input passed via the 'clientName' parameter in
+ '/struts2-rest-showcase/orders' action is not properly verified before
+ it is returned to the user.
+
+ Impact:
+ Successful exploitation could allow an attacker to execute arbitrary HTML
+ code in a user's browser session in the context of a vulnerable application.
+
+ Impact Level: Application.
+
+ Affected Software:
+ Apache Struts2 (Showcase) version 2.x to 2.2.3
+
+ Fix: No solution or patch is available as on 08th, February 2012. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://struts.apache.org/download.cgi
+
+ References:
+ http://secpod.org/blog/?p=450
+ http://secpod.org/advisories/SecPod_Apache_Struts_Multiple_Parsistant_XSS_Vulns.txt ";
+
+ script_description(desc);
+ script_summary("Check if Apache Struts Showcase is vulnerable to XSS vulnerabilities");
+ script_category(ACT_ATTACK);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("Web application abuses");
+ script_require_ports("Services/www", 8080);
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("http_keepalive.inc");
+
+
+## Get HTTP Port
+
+asport = 0;
+asreq = NULL;
+asres = NULL;
+asresp = NULL;
+
+asport = get_http_port(default:8080);
+if(!asport){
+ asport = 8080 ;
+}
+
+## Check the port status
+if(!get_port_state(asport)){
+ exit(0);
+}
+
+## Stored XSS (Not a safe check)
+if(safe_checks()){
+ exit(0);
+}
+
+## check the possible paths
+foreach dir (make_list("/", "/struts", "/struts2-showcase"))
+{
+ ## Send and Recieve the response
+ asreq = http_get(item:string(dir,"/showcase.action"), port:asport);
+ if(!isnull(asreq))
+ {
+ asres = http_keepalive_send_recv(port:asport, data:asreq);
+
+ if(!isnull(asres))
+ {
+ ## Confirm the application
+ if(">Showcase</" >< asres && ">Struts Showcase<" >< asres)
+ {
+ ## Construct the POST data
+ postdata = "person.name=%3Cscript%3Ealert%28document.cookie%29%3C%2" +
+ "Fscript%3E&person.lastName=%3Cscript%3Ealert%28document" +
+ ".cookie%29%3C%2Fscript%3E";
+
+ ## Construct the POST request
+ asReq = string("POST ", dir, "/person/newPerson.action HTTP/1.1\r\n",
+ "Host: ", get_host_name(), "\r\n",
+ "User-Agent: XSS-TEST\r\n",
+ "Content-Type: application/x-www-form-urlencoded\r\n",
+ "Content-Length: ", strlen(postdata), "\r\n",
+ "\r\n", postdata);
+ asRes = http_send_recv(port:asport, data:asReq);
+
+ if(!isnull(asRes))
+ {
+ asreq = http_get(item:string(dir,"/person/listPeople.action"),
+ port:asport);
+ if(!isnull(asreq))
+ {
+ asresp = http_keepalive_send_recv(port:asport, data:asreq);
+
+ ## Confirm the exploit
+ if(!isnull(asresp) &&
+ ("<script>alert(document.cookie)</script>" >< asresp) &&
+ ">Struts Showcase<" >< asresp)
+ {
+ security_warning(asport);
+ exit(0);
+ }
+ }
+ }
+ }
+ }
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_apache_struts_showcase_multiple_xss_vuln.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_manageengine_admanager_plus_mult_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_manageengine_admanager_plus_mult_xss_vuln.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_manageengine_admanager_plus_mult_xss_vuln.nasl 2012-02-10 14:41:30 UTC (rev 12703)
@@ -0,0 +1,109 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Zoho ManageEngine ADManager Plus Multiple Cross Site Scripting Vulnerabilities
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802587);
+ script_version("$Revision$");
+ script_bugtraq_id(51893);
+ script_tag(name:"cvss_base", value:"4.3");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-08 12:14:53 +0530 (Wed, 08 Feb 2012)");
+ script_name("Zoho ManageEngine ADManager Plus Multiple Cross Site Scripting Vulnerabilities");
+ desc = "
+ Overview: This host is running Zoho ManageEngine ADManager Plus and is prone
+ to multiple cross site scripting vulnerabilities.
+
+ Vulnerability Insight:
+ The flaw is caused due to an input passed to the 'domainName' parameter in
+ jsp/AddDC.jsp and 'operation' POST parameter in DomainConfig.do (when
+ 'methodToCall' is set to 'save') is not properly sanitised before being
+ returned to the user.
+
+ Impact:
+ Successful exploitation will let the attacker to execute arbitrary HTML and
+ script code in a user's browser session in context of an affected site.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ ManageEngine ADManager Plus version 5.2 Build 5210
+
+ Fix: No solution or patch is available as on 8th, February 2012. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://www.manageengine.co.in/products/ad-manager/download.html
+
+ References:
+ http://secunia.com/advisories/47887/
+ http://www.zeroscience.mk/codes/admanager_xss.txt
+ http://packetstormsecurity.org/files/109528/ZSL-2012-5070.txt
+ http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5070.php ";
+
+ script_description(desc);
+ script_summary("Check if Zoho ManageEngine ADManager Plus is prone to XSS");
+ script_category(ACT_ATTACK);
+ script_copyright("Copyright (C) 2012 Greenbone Networks GmbH");
+ script_family("Web application abuses");
+ script_require_ports("Services/www", 80);
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("http_keepalive.inc");
+
+## Get HTTP Port
+port = 0;
+port = get_http_port(default:8080);
+if(!port){
+ port = 80;
+}
+
+if(!get_port_state(port)) {
+ exit(0);
+}
+
+sndReq = "";
+rcvRes = "";
+sndReq = http_get(item:"/home.do", port:port);
+if(!isnull(sndReq))
+{
+ rcvRes = http_send_recv(port:port, data:sndReq);
+
+ ## Confirm the application
+ if(!isnull(rcvRes) && "<title>ManageEngine - ADManager Plus</title>" >< rcvRes)
+ {
+ ## Construct attack
+ url = '/jsp/AddDC.jsp?domainName="><script>alert(document.cookie)</script>';
+
+ ## Confirm exploit worked properly or not
+ if(http_vuln_check(port:port, url:url, pattern:"><script>alert\(" +
+ "document.cookie\)</script>")){
+ security_warning(port:port);
+ }
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_manageengine_admanager_plus_mult_xss_vuln.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_mozilla_prdts_ipv6_literal_syntax_info_disc_vuln_macosx.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_mozilla_prdts_ipv6_literal_syntax_info_disc_vuln_macosx.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_mozilla_prdts_ipv6_literal_syntax_info_disc_vuln_macosx.nasl 2012-02-10 14:41:30 UTC (rev 12703)
@@ -0,0 +1,127 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Mozilla Products IPv6 Literal Syntax Cross Domain Information Disclosure Vulnerability (MAC OS X)
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802583);
+ script_version("$Revision$");
+ script_cve_id("CVE-2011-3670");
+ script_bugtraq_id(51786);
+ script_tag(name:"cvss_base", value:"5.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-03 17:51:59 +0530 (Fri, 03 Feb 2012)");
+ script_name("Mozilla Products IPv6 Literal Syntax Cross Domain Information Disclosure Vulnerability (MAC OS X)");
+ desc = "
+ Overview:
+ The host is installed with Mozilla firefox/thunderbird/seamonkey and is prone
+ to information disclosure vulnerability.
+
+ Vulnerability Insight:
+ The flaw is caused due to requests made using IPv6 syntax using XMLHttpRequest
+ objects through a proxy may generate errors depending on proxy configuration
+ for IPv6. The resulting error messages from the proxy may disclose sensitive
+ data.
+
+ Impact:
+ Successful exploitation will let attackers to get sensitive information.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ SeaMonkey version before 2.4
+ Thunderbird version before 3.1.18 and 5.0 through 6.0.
+ Mozilla Firefox version before 3.6.26 and 4.x through 6.0
+
+ Fix: Upgrade to Mozilla Firefox version 3.6.27 or 7.0 or later
+ For updates refer, http://www.mozilla.com/en-US/firefox/all.html
+
+ Upgrade to SeaMonkey version to 2.4 or later
+ http://www.mozilla.org/projects/seamonkey/
+
+ Upgrade to Thunderbird version to 3.1.18 or 7.0 or later
+ http://www.mozilla.org/en-US/thunderbird/
+
+ References:
+ http://secunia.com/advisories/47839/
+ http://securitytracker.com/id/1026613
+ http://www.mozilla.org/security/announce/2012/mfsa2012-02.html ";
+
+ script_description(desc);
+ script_summary("Check for the version of Mozilla Firefox/Thunderbird/SeaMonkey");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2012 Greenbone Networks GmbH");
+ script_family("General");
+ script_dependencies("gb_mozilla_prdts_detect_macosx.nasl");
+ script_require_keys("Mozilla/Firefox/MacOSX/Version",
+ "SeaMonkey/MacOSX/Version", "ThunderBird/MacOSX/Version");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+# Firefox Check
+ffVer = NULL;
+ffVer = get_kb_item("Mozilla/Firefox/MacOSX/Version");
+if(!isnull(ffVer))
+{
+ # Grep for Firefox version
+ if(version_is_less(version:ffVer, test_version:"3.6.26") ||
+ version_in_range(version:ffVer, test_version:"4.0", test_version2:"6.0"))
+ {
+ security_warning(0);
+ exit(0);
+ }
+}
+
+# SeaMonkey Check
+seaVer = NULL;
+seaVer = get_kb_item("SeaMonkey/MacOSX/Version");
+
+if(!isnull(seaVer))
+{
+ # Grep for SeaMonkey version
+ if(version_is_less(version:seaVer, test_version:"2.4"))
+ {
+ security_warning(0);
+ exit(0);
+ }
+}
+
+# Thunderbird Check
+tbVer = NULL;
+tbVer = get_kb_item("ThunderBird/MacOSX/Version");
+
+if(!isnull(tbVer))
+{
+ # Grep for Thunderbird version
+ if(version_is_less(version:tbVer, test_version:"3.1.18") ||
+ version_in_range(version:tbVer, test_version:"5.0", test_version2:"6.0")){
+ security_warning(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_mozilla_prdts_ipv6_literal_syntax_info_disc_vuln_macosx.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_mozilla_prdts_ipv6_literal_syntax_info_disc_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_mozilla_prdts_ipv6_literal_syntax_info_disc_vuln_win.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_mozilla_prdts_ipv6_literal_syntax_info_disc_vuln_win.nasl 2012-02-10 14:41:30 UTC (rev 12703)
@@ -0,0 +1,129 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Mozilla Products IPv6 Literal Syntax Cross Domain Information Disclosure Vulnerability (Windows)
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802579);
+ script_version("$Revision$");
+ script_cve_id("CVE-2011-3670");
+ script_bugtraq_id(51786);
+ script_tag(name:"cvss_base", value:"5.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-03 17:51:59 +0530 (Fri, 03 Feb 2012)");
+ script_name("Mozilla Products IPv6 Literal Syntax Cross Domain Information Disclosure Vulnerability (Windows)");
+ desc = "
+ Overview:
+ The host is installed with Mozilla firefox/thunderbird/seamonkey and is prone
+ to information disclosure vulnerability.
+
+ Vulnerability Insight:
+ The flaw is caused due to requests made using IPv6 syntax using XMLHttpRequest
+ objects through a proxy may generate errors depending on proxy configuration
+ for IPv6. The resulting error messages from the proxy may disclose sensitive
+ data.
+
+ Impact:
+ Successful exploitation will let attackers to get sensitive information.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ SeaMonkey version before 2.4
+ Thunderbird version before 3.1.18 and 5.0 through 6.0
+ Mozilla Firefox version before 3.6.26 and 4.x through 6.0
+
+ Fix: Upgrade to Mozilla Firefox version 3.6.27 or 7.0 or later
+ For updates refer, http://www.mozilla.com/en-US/firefox/all.html
+
+ Upgrade to SeaMonkey version to 2.4 or later
+ http://www.mozilla.org/projects/seamonkey/
+
+ Upgrade to Thunderbird version to 3.1.18 or 7.0 or later
+ http://www.mozilla.org/en-US/thunderbird/
+
+ References:
+ http://secunia.com/advisories/47839/
+ http://securitytracker.com/id/1026613
+ http://www.mozilla.org/security/announce/2012/mfsa2012-02.html ";
+
+ script_description(desc);
+ script_summary("Check for the version of Mozilla Firefox/Thunderbird/SeaMonkey");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2012 Greenbone Networks GmbH");
+ script_family("General");
+ script_dependencies("gb_firefox_detect_win.nasl",
+ "gb_seamonkey_detect_win.nasl",
+ "gb_thunderbird_detect_win.nasl");
+ script_require_keys("Firefox/Win/Ver", "Seamonkey/Win/Ver",
+ "Thunderbird/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+# Firefox Check
+ffVer = NULL;
+ffVer = get_kb_item("Firefox/Win/Ver");
+if(!isnull(ffVer))
+{
+ # Grep for Firefox version
+ if(version_is_less(version:ffVer, test_version:"3.6.26") ||
+ version_in_range(version:ffVer, test_version:"4.0", test_version2:"6.0"))
+ {
+ security_warning(0);
+ exit(0);
+ }
+}
+
+# SeaMonkey Check
+seaVer = NULL;
+seaVer = get_kb_item("Seamonkey/Win/Ver");
+
+if(!isnull(seaVer))
+{
+ # Grep for SeaMonkey version
+ if(version_is_less(version:seaVer, test_version:"2.4"))
+ {
+ security_warning(0);
+ exit(0);
+ }
+}
+
+# Thunderbird Check
+tbVer = NULL;
+tbVer = get_kb_item("Thunderbird/Win/Ver");
+
+if(!isnull(tbVer))
+{
+ # Grep for Thunderbird version
+ if(version_is_less(version:tbVer, test_version:"3.1.18") ||
+ version_in_range(version:tbVer, test_version:"5.0", test_version2:"6.0")){
+ security_warning(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_mozilla_prdts_ipv6_literal_syntax_info_disc_vuln_win.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_macosx01_feb12.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_macosx01_feb12.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_macosx01_feb12.nasl 2012-02-10 14:41:30 UTC (rev 12703)
@@ -0,0 +1,132 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (MAC OS X 01)
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802585);
+ script_version("$Revision$");
+ script_cve_id("CVE-2012-0443", "CVE-2012-0445", "CVE-2012-0446", "CVE-2012-0447");
+ script_bugtraq_id(51756, 51765, 51752, 51757);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-06 14:03:00 +0530 (Mon, 06 Feb 2012)");
+ script_name("Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (MAC OS X 01)");
+ desc = "
+ Overview:
+ The host is installed with Mozilla firefox/thunderbird/seamonkey and is prone
+ to multiple vulnerabilities.
+
+ Vulnerability Insight:
+ The flaws are caused due to
+ - Multiple unspecified vulnerabilities in browser engine
+ - An error in frame scripts bypass XPConnect security checks when calling
+ untrusted objects.
+ - Not properly initializing data for image/vnd.microsoft.icon images, which
+ allows remote attackers to obtain potentially sensitive information by
+ reading a PNG image that was created through conversion from an ICO image.
+
+ Impact:
+ Successful exploitation will let attackers to cause a denial of service or
+ possibly execute arbitrary code.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ SeaMonkey version before 2.7
+ Thunderbird version 5.0 through 9.0
+ Mozilla Firefox version 4.x through 9.0
+
+ Fix: Upgrade to Mozilla Firefox version 10.0 or later
+ For updates refer, http://www.mozilla.com/en-US/firefox/all.html
+
+ Upgrade to SeaMonkey version to 2.7 or later
+ http://www.mozilla.org/projects/seamonkey/
+
+ Upgrade to Thunderbird version to 10.0 or later
+ http://www.mozilla.org/en-US/thunderbird/
+
+ References:
+ http://www.mozilla.org/security/announce/2012/mfsa2012-01.html
+ http://www.mozilla.org/security/announce/2012/mfsa2012-03.html
+ http://www.mozilla.org/security/announce/2012/mfsa2012-05.html
+ http://www.mozilla.org/security/announce/2012/mfsa2012-06.html ";
+
+ script_description(desc);
+ script_summary("Check for the version of Mozilla Firefox/Thunderbird/SeaMonkey");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2012 Greenbone Networks GmbH");
+ script_family("General");
+ script_dependencies("gb_mozilla_prdts_detect_macosx.nasl");
+ script_require_keys("Mozilla/Firefox/MacOSX/Version",
+ "SeaMonkey/MacOSX/Version", "ThunderBird/MacOSX/Version");
+
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+# Firefox Check
+ffVer = NULL;
+ffVer = get_kb_item("Mozilla/Firefox/MacOSX/Version");
+
+if(!isnull(ffVer))
+{
+ # Grep for Firefox version
+ if(version_in_range(version:ffVer, test_version:"4.0", test_version2:"9.0"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
+
+# SeaMonkey Check
+seaVer = NULL;
+seaVer = get_kb_item("SeaMonkey/MacOSX/Version");
+
+if(!isnull(seaVer))
+{
+ # Grep for SeaMonkey version
+ if(version_is_less(version:seaVer, test_version:"2.7"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
+
+# Thunderbird Check
+tbVer = NULL;
+tbVer = get_kb_item("ThunderBird/MacOSX/Version");
+
+if(!isnull(tbVer))
+{
+ # Grep for Thunderbird version
+ if(version_in_range(version:tbVer, test_version:"5.0", test_version2:"9.0")){
+ security_hole(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_macosx01_feb12.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_macosx_feb12.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_macosx_feb12.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_macosx_feb12.nasl 2012-02-10 14:41:30 UTC (rev 12703)
@@ -0,0 +1,132 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (MAC OS X)
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802584);
+ script_version("$Revision$");
+ script_cve_id("CVE-2012-0442", "CVE-2012-0444", "CVE-2012-0449", "CVE-2011-3659");
+ script_bugtraq_id(51756, 51753, 51754, 51755);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-06 13:59:08 +0530 (Mon, 06 Feb 2012)");
+ script_name("Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (MAC OS X)");
+ desc = "
+ Overview:
+ The host is installed with Mozilla firefox/thunderbird/seamonkey and is prone
+ to multiple vulnerabilities.
+
+ Vulnerability Insight:
+ The flaws are caused due to
+ - Multiple unspecified vulnerabilities in the browser engine.
+ - An error while initializing nsChildView data structures.
+ - Premature notification of AttributeChildRemoved, the removed child nodes of
+ nsDOMAttribute can be accessed under certain circumstances.
+ - An error while processing a malformed embedded XSLT stylesheet, leads to crash
+ the application.
+
+ Impact:
+ Successful exploitation will let attackers to cause a denial of service or
+ possibly execute arbitrary code via unknown vectors.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ SeaMonkey version before 2.7
+ Thunderbird version before 3.1.18 and 5.0 through 9.0
+ Mozilla Firefox version before 3.6.26 and 4.x through 9.0
+
+ Fix: Upgrade to Mozilla Firefox version 3.6.26 or 10.0 or later
+ For updates refer, http://www.mozilla.com/en-US/firefox/all.html
+
+ Upgrade to SeaMonkey version to 2.7 or later
+ http://www.mozilla.org/projects/seamonkey/
+
+ Upgrade to Thunderbird version to 3.1.18 or 10.0 or later
+ http://www.mozilla.org/en-US/thunderbird/
+
+ References:
+ http://www.mozilla.org/security/announce/2012/mfsa2012-08.html
+ http://www.mozilla.org/security/announce/2012/mfsa2012-07.html
+ http://www.mozilla.org/security/announce/2012/mfsa2012-04.html ";
+
+ script_description(desc);
+ script_summary("Check for the version of Mozilla Firefox/Thunderbird/SeaMonkey");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2012 Greenbone Networks GmbH");
+ script_family("General");
+ script_dependencies("gb_mozilla_prdts_detect_macosx.nasl");
+ script_require_keys("Mozilla/Firefox/MacOSX/Version",
+ "SeaMonkey/MacOSX/Version", "ThunderBird/MacOSX/Version");
+
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+# Firefox Check
+ffVer = NULL;
+ffVer = get_kb_item("Mozilla/Firefox/MacOSX/Version");
+
+if(!isnull(ffVer))
+{
+ # Grep for Firefox version
+ if(version_is_less(version:ffVer, test_version:"3.6.26") ||
+ version_in_range(version:ffVer, test_version:"4.0", test_version2:"9.0"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
+
+# SeaMonkey Check
+seaVer = NULL;
+seaVer = get_kb_item("SeaMonkey/MacOSX/Version");
+
+if(!isnull(seaVer))
+{
+ # Grep for SeaMonkey version
+ if(version_is_less(version:seaVer, test_version:"2.7"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
+
+# Thunderbird Check
+tbVer = NULL;
+tbVer = get_kb_item("ThunderBird/MacOSX/Version");
+if(!isnull(tbVer))
+{
+ # Grep for Thunderbird version
+ if(version_is_less(version:tbVer, test_version:"3.1.18") ||
+ version_in_range(version:tbVer, test_version:"5.0", test_version2:"9.0")){
+ security_hole(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_macosx_feb12.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_win01_feb12.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_win01_feb12.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_win01_feb12.nasl 2012-02-10 14:41:30 UTC (rev 12703)
@@ -0,0 +1,133 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (Windows 01)
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802581);
+ script_version("$Revision$");
+ script_cve_id("CVE-2012-0443", "CVE-2012-0445", "CVE-2012-0446", "CVE-2012-0447");
+ script_bugtraq_id(51756, 51765, 51752, 51757);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-03 19:44:43 +0530 (Fri, 03 Feb 2012)");
+ script_name("Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (Windows 01)");
+ desc = "
+ Overview:
+ The host is installed with Mozilla firefox/thunderbird/seamonkey and is prone
+ to multiple vulnerabilities.
+
+ Vulnerability Insight:
+ The flaws are caused due to n
+ - Multiple unspecified vulnerabilities in browser engine.
+ - An error in frame scripts bypass XPConnect security checks when calling
+ untrusted objects.
+ - Not properly initializing data for image/vnd.microsoft.icon images, which
+ allows remote attackers to obtain potentially sensitive information by
+ reading a PNG image that was created through conversion from an ICO image.
+
+ Impact:
+ Successful exploitation will let attackers to cause a denial of service or
+ possibly execute arbitrary code.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ SeaMonkey version before 2.7
+ Thunderbird version 5.0 through 9.0
+ Mozilla Firefox version 4.x through 9.0
+
+ Fix: Upgrade to Mozilla Firefox version 10.0 or later
+ For updates refer, http://www.mozilla.com/en-US/firefox/all.html
+
+ Upgrade to SeaMonkey version to 2.7 or later
+ http://www.mozilla.org/projects/seamonkey/
+
+ Upgrade to Thunderbird version to 10.0 or later
+ http://www.mozilla.org/en-US/thunderbird/
+
+ References:
+ http://www.mozilla.org/security/announce/2012/mfsa2012-01.html
+ http://www.mozilla.org/security/announce/2012/mfsa2012-03.html
+ http://www.mozilla.org/security/announce/2012/mfsa2012-05.html
+ http://www.mozilla.org/security/announce/2012/mfsa2012-06.html ";
+
+ script_description(desc);
+ script_summary("Check for the version of Mozilla Firefox/Thunderbird/SeaMonkey");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2012 Greenbone Networks GmbH");
+ script_family("General");
+ script_dependencies("gb_firefox_detect_win.nasl",
+ "gb_seamonkey_detect_win.nasl",
+ "gb_thunderbird_detect_win.nasl");
+ script_require_keys("Firefox/Win/Ver", "Seamonkey/Win/Ver",
+ "Thunderbird/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+# Firefox Check
+ffVer = NULL;
+ffVer = get_kb_item("Firefox/Win/Ver");
+
+if(!isnull(ffVer))
+{
+ # Grep for Firefox version
+ if(version_in_range(version:ffVer, test_version:"4.0", test_version2:"9.0"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
+
+# SeaMonkey Check
+seaVer = NULL;
+seaVer = get_kb_item("Seamonkey/Win/Ver");
+
+if(!isnull(seaVer))
+{
+ # Grep for SeaMonkey version
+ if(version_is_less(version:seaVer, test_version:"2.7"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
+
+# Thunderbird Check
+tbVer = NULL;
+tbVer = get_kb_item("Thunderbird/Win/Ver");
+
+if(!isnull(tbVer))
+{
+ # Grep for Thunderbird version
+ if(version_in_range(version:tbVer, test_version:"5.0", test_version2:"9.0")){
+ security_hole(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_win01_feb12.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_win_feb12.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_win_feb12.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_win_feb12.nasl 2012-02-10 14:41:30 UTC (rev 12703)
@@ -0,0 +1,134 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (Windows)
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802580);
+ script_version("$Revision$");
+ script_cve_id("CVE-2012-0442", "CVE-2012-0444", "CVE-2012-0449", "CVE-2011-3659");
+ script_bugtraq_id(51756, 51753, 51754, 51755);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-03 19:24:43 +0530 (Fri, 03 Feb 2012)");
+ script_name("Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (Windows)");
+ desc = "
+ Overview:
+ The host is installed with Mozilla firefox/thunderbird/seamonkey and is prone
+ to multiple vulnerabilities.
+
+ Vulnerability Insight:
+ The flaws are caused due to,
+ - Multiple unspecified vulnerabilities in the browser engine.
+ - An error while initializing nsChildView data structures.
+ - Premature notification of AttributeChildRemoved, the removed child nodes
+ of nsDOMAttribute can be accessed under certain circumstances.
+ - An error while processing a malformed embedded XSLT stylesheet, leads to
+ crash the application
+
+ Impact:
+ Successful exploitation will let attackers to cause a denial of service or
+ possibly execute arbitrary code via unknown vectors.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ SeaMonkey version before 2.7
+ Thunderbird version before 3.1.18 and 5.0 through 9.0
+ Mozilla Firefox version before 3.6.26 and 4.x through 9.0
+
+ Fix: Upgrade to Mozilla Firefox version 3.6.26 or 10.0 or later
+ For updates refer, http://www.mozilla.com/en-US/firefox/all.html
+
+ Upgrade to SeaMonkey version to 2.7 or later
+ http://www.mozilla.org/projects/seamonkey/
+
+ Upgrade to Thunderbird version to 3.1.18 or 10.0 or later
+ http://www.mozilla.org/en-US/thunderbird/
+
+ References:
+ http://www.mozilla.org/security/announce/2012/mfsa2012-08.html
+ http://www.mozilla.org/security/announce/2012/mfsa2012-07.html
+ http://www.mozilla.org/security/announce/2012/mfsa2012-04.html ";
+
+ script_description(desc);
+ script_summary("Check for the version of Mozilla Firefox/Thunderbird/SeaMonkey");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2012 Greenbone Networks GmbH");
+ script_family("General");
+ script_dependencies("gb_firefox_detect_win.nasl",
+ "gb_seamonkey_detect_win.nasl",
+ "gb_thunderbird_detect_win.nasl");
+ script_require_keys("Firefox/Win/Ver", "Seamonkey/Win/Ver",
+ "Thunderbird/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+# Firefox Check
+ffVer = NULL;
+ffVer = get_kb_item("Firefox/Win/Ver");
+
+if(!isnull(ffVer))
+{
+ # Grep for Firefox version
+ if(version_is_less(version:ffVer, test_version:"3.6.26") ||
+ version_in_range(version:ffVer, test_version:"4.0", test_version2:"9.0"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
+
+# SeaMonkey Check
+seaVer = NULL;
+seaVer = get_kb_item("Seamonkey/Win/Ver");
+
+if(!isnull(seaVer))
+{
+ # Grep for SeaMonkey version
+ if(version_is_less(version:seaVer, test_version:"2.7"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
+
+# Thunderbird Check
+tbVer = NULL;
+tbVer = get_kb_item("Thunderbird/Win/Ver");
+
+if(!isnull(tbVer))
+{
+ # Grep for Thunderbird version
+ if(version_is_less(version:tbVer, test_version:"3.1.18") ||
+ version_in_range(version:tbVer, test_version:"5.0", test_version2:"9.0")){
+ security_hole(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_win_feb12.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_mozilla_prdts_recovery_key_info_disc_vuln_macosx.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_mozilla_prdts_recovery_key_info_disc_vuln_macosx.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_mozilla_prdts_recovery_key_info_disc_vuln_macosx.nasl 2012-02-10 14:41:30 UTC (rev 12703)
@@ -0,0 +1,105 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Mozilla Products 'Firefox Recovery Key.html' Information Disclosure Vulnerability (MAC OS X)
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802582);
+ script_version("$Revision$");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-06 14:03:00 +0530 (Mon, 06 Feb 2012)");
+ script_cve_id("CVE-2012-0450");
+ script_bugtraq_id(51787);
+ script_tag(name:"cvss_base", value:"2.1");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:P/I:N/A:N");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_name("Mozilla Products 'Firefox Recovery Key.html' Information Disclosure Vulnerability (MAC OS X)");
+ desc = "
+ Overview: The host is installed with Mozilla firefox/seamonkey and is prone
+ to information disclosure vulnerability.
+
+ Vulnerability Insight:
+ The flaw is caused due to setting weak permissions for Firefox Recovery
+ Key.html, which might allow local users to read a Firefox Sync key via
+ standard filesystem operations.
+
+ Impact:
+ Successful exploitation will let attackers to read a Firefox Sync key via
+ standard filesystem operations and gain sensitive information.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ SeaMonkey version prior to 2.7
+ Mozilla Firefox version 4.x through 9.0
+
+ Fix: Upgrade to Mozilla Firefox version 10.0 or later,
+ For updates refer, http://www.mozilla.com/en-US/firefox/all.html
+
+ Upgrade to SeaMonkey version to 2.7 or later
+ http://www.mozilla.org/projects/seamonkey/
+
+ References:
+ http://www.mozilla.org/security/announce/2012/mfsa2012-09.html ";
+
+ script_description(desc);
+ script_summary("Check for the version of Mozilla Firefox/SeaMonkey");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+ script_family("General");
+ script_dependencies("gb_mozilla_prdts_detect_macosx.nasl");
+ script_require_keys("Mozilla/Firefox/MacOSX/Version",
+ "SeaMonkey/MacOSX/Version");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+# Firefox Check
+ffVer = NULL;
+ffVer = get_kb_item("Mozilla/Firefox/MacOSX/Version");
+
+if(!isnull(ffVer))
+{
+ # Grep for Firefox version
+ if(version_in_range(version:ffVer, test_version:"4.0", test_version2:"9.0"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
+
+# SeaMonkey Check
+seaVer = NULL;
+seaVer = get_kb_item("SeaMonkey/MacOSX/Version");
+
+if(!isnull(seaVer))
+{
+ # Grep for SeaMonkey version
+ if(version_is_less(version:seaVer, test_version:"2.7")){
+ security_hole(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_mozilla_prdts_recovery_key_info_disc_vuln_macosx.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_phpmyadmin_url_param_uri_redirect_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_phpmyadmin_url_param_uri_redirect_vuln.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_phpmyadmin_url_param_uri_redirect_vuln.nasl 2012-02-10 14:41:30 UTC (rev 12703)
@@ -0,0 +1,123 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# phpMyAdmin 'url' Parameter URI Redirection Vulnerability
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802607);
+ script_version("$Revision$");
+ script_bugtraq_id(47943);
+ script_cve_id("CVE-2011-1941");
+ script_tag(name:"cvss_base", value:"4.3");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-09 17:17:17 +0530 (Thu, 09 Feb 2012)");
+ script_name("phpMyAdmin 'url' Parameter URI Redirection Vulnerability");
+ desc = "
+ Overview: This host is running phpMyAdmin and is prone to URI redirection
+ vulnerability.
+
+ Vulnerability Insight:
+ The flaw is caused due to an improper validation of user-supplied input to
+ the 'url' parameter in url.php, which allows attackers to redirect a user to
+ an arbitrary website.
+
+ Impact:
+ Successful exploitation will allow remote attackers to redirect users to
+ arbitrary web sites and conduct phishing attacks.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ phpMyAdmin version 3.4.0
+
+ Fix: Upgrade to phpMyAdmin version 3.4.1 or later.
+ For updates refer, http://www.phpmyadmin.net/home_page/downloads.php
+
+ References:
+ http://secunia.com/advisories/44641
+ http://www.securityfocus.com/bid/47943
+ http://xforce.iss.net/xforce/xfdb/67569
+ http://www.phpmyadmin.net/home_page/security/PMASA-2011-4.php ";
+
+ script_description(desc);
+ script_summary("Check if phpMyAdmin is vulnerable to URI Redirection");
+ script_category(ACT_ATTACK);
+ script_copyright("This script is Copyright (C) 2012 Greenbone Networks GmbH");
+ script_family("Web application abuses");
+ script_dependencies("secpod_phpmyadmin_detect_900129.nasl");
+ script_require_ports("Services/www", 80);
+ script_require_keys("phpMyAdmin/installed");
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+## Variable Initialization
+req = "";
+res = "";
+port = 0;
+
+## Get HTTP Port
+port = get_http_port(default:80);
+if(! port){
+ port = 80;
+}
+
+## Check Port State
+if(!get_port_state(port)) {
+ exit(0);
+}
+
+## Check Host Supports PHP
+if(!can_host_php(port:port)){
+ exit(0);
+}
+
+## Get phpMyAdmin Location
+if(!dir = get_dir_from_kb(port:port, app:"phpMyAdmin")){
+ exit(0);
+}
+
+## Construct attack request
+url = string("http://", get_host_name(), dir, "/ChangeLog");
+req = http_get(item: string(dir, "/url.php?url=", url), port: port);
+if(!isnull(req))
+{
+ pattern = string("Location: ", url);
+
+ ## Send attack request and receive the response
+ res = http_send_recv(port:port, data:req);
+ if(!isnull(res))
+ {
+ ## Confirm Vulnerability
+ if(res =~ "HTTP/1.. 302" && pattern >< res){
+ security_warning(port);
+ }
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_phpmyadmin_url_param_uri_redirect_vuln.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/gb_snipsnap_wiki_query_param_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_snipsnap_wiki_query_param_xss_vuln.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_snipsnap_wiki_query_param_xss_vuln.nasl 2012-02-10 14:41:30 UTC (rev 12703)
@@ -0,0 +1,120 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# SnipSnap Wiki 'query' Parameter Cross Site Scripting Vulnerability
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802606);
+ script_version("$Revision$");
+ script_tag(name:"cvss_base", value:"4.3");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-02-09 12:12:12 +0530 (Thu, 09 Feb 2012)");
+ script_name("SnipSnap Wiki 'query' Parameter Cross Site Scripting Vulnerability");
+ desc = "
+ Overview: This host is running SnipSnap and is prone to cross site scripting
+ vulnerability.
+
+ Vulnerability Insight:
+ The flaw is caused due to an improper validation of user-supplied input to
+ the 'query' parameter in 'snipsnap-search', which allows attackers to execute
+ arbitrary HTML and script code in a user's browser session in the context of
+ an affected site.
+
+ Impact:
+ Successful exploitation will allow remote attackers to insert arbitrary HTML
+ and script code, which will be executed in a user's browser session in the
+ context of an affected site.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ SnipSnap version 1.0b3 and prior.
+
+ Fix: No solution or patch is available as on 09th February 2012. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://snipsnap.org/space/start
+
+ References:
+ http://packetstormsecurity.org/files/109543/snipsnap-xss.txt
+ http://st2tea.blogspot.in/2012/02/snipsnap-cross-site-scripting.html ";
+
+ script_description(desc);
+ script_summary("Check if SnipSnap is vulnerable to Cross-Site Scripting");
+ script_category(ACT_ATTACK);
+ script_copyright("This script is Copyright (C) 2012 Greenbone Networks GmbH");
+ script_family("Web application abuses");
+ script_require_ports("Services/www", 8080);
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("http_keepalive.inc");
+
+## Variable Initialization
+req = "";
+res = "";
+port = 0;
+
+## Get HTTP Port
+port = get_http_port(default:8080);
+if(!port){
+ port = 8080;
+}
+
+## Check Port State
+if(!get_port_state(port)){
+ exit(0);
+}
+
+## Iterate over possible paths
+foreach dir (make_list("/space", "/snipsnap/space", cgi_dirs()))
+{
+ ## Send and Receive the response
+ req = http_get(item: dir + "/start", port: port);
+ if(!isnull(req))
+ {
+ res = http_keepalive_send_recv(port:port, data:req);
+ if(!isnull(res))
+ {
+ ## Confirm the application before trying exploit
+ if( 'content="SnipSnap' >< res || '>SnipSnap' >< res)
+ {
+ ## Construct Attack Request
+ url = dir + '/snipsnap-search?query="<script>alert(document.cookie)' +
+ '</script>';
+
+ ## Try attack and check the response to confirm vulnerability
+ if(http_vuln_check(port:port, url:url, check_header: TRUE,
+ pattern:"<script>alert\(document.cookie\)</script>"))
+ {
+ security_warning(port);
+ exit(0);
+ }
+ }
+ }
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_snipsnap_wiki_query_param_xss_vuln.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
More information about the Openvas-commits
mailing list