[Openvas-commits] r12703 - in trunk/openvas-plugins: . scripts

scm-commit at wald.intevation.org scm-commit at wald.intevation.org
Fri Feb 10 15:41:31 CET 2012


Author: antu123
Date: 2012-02-10 15:41:30 +0100 (Fri, 10 Feb 2012)
New Revision: 12703

Added:
   trunk/openvas-plugins/scripts/gb_apache_struts_cookbook_n_exmp_mul_xss_vuln.nasl
   trunk/openvas-plugins/scripts/gb_apache_struts_showcase_multiple_xss_vuln.nasl
   trunk/openvas-plugins/scripts/gb_manageengine_admanager_plus_mult_xss_vuln.nasl
   trunk/openvas-plugins/scripts/gb_mozilla_prdts_ipv6_literal_syntax_info_disc_vuln_macosx.nasl
   trunk/openvas-plugins/scripts/gb_mozilla_prdts_ipv6_literal_syntax_info_disc_vuln_win.nasl
   trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_macosx01_feb12.nasl
   trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_macosx_feb12.nasl
   trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_win01_feb12.nasl
   trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_win_feb12.nasl
   trunk/openvas-plugins/scripts/gb_mozilla_prdts_recovery_key_info_disc_vuln_macosx.nasl
   trunk/openvas-plugins/scripts/gb_phpmyadmin_url_param_uri_redirect_vuln.nasl
   trunk/openvas-plugins/scripts/gb_snipsnap_wiki_query_param_xss_vuln.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2012-02-10 13:30:55 UTC (rev 12702)
+++ trunk/openvas-plugins/ChangeLog	2012-02-10 14:41:30 UTC (rev 12703)
@@ -1,3 +1,19 @@
+2012-02-10  Antu Sanadi <santu at secpod.com>
+
+	* scripts/gb_manageengine_admanager_plus_mult_xss_vuln.nasl,
+	scripts/gb_snipsnap_wiki_query_param_xss_vuln.nasl,
+	scripts/gb_phpmyadmin_url_param_uri_redirect_vuln.nasl,
+	scripts/gb_mozilla_prdts_ipv6_literal_syntax_info_disc_vuln_macosx.nasl,
+	scripts/gb_mozilla_prdts_mult_vuln_macosx_feb12.nasl,
+	scripts/gb_mozilla_prdts_mult_vuln_macosx01_feb12.nasl,
+	scripts/gb_mozilla_prdts_recovery_key_info_disc_vuln_macosx.nasl,
+	scripts/gb_mozilla_prdts_ipv6_literal_syntax_info_disc_vuln_win.nasl,
+	scripts/gb_mozilla_prdts_mult_vuln_win_feb12.nasl,
+	scripts/gb_mozilla_prdts_mult_vuln_win01_feb12.nasl,
+	scripts/gb_apache_struts_showcase_multiple_xss_vuln.nasl,
+	scripts/gb_apache_struts_cookbook_n_exmp_mul_xss_vuln.nasl:
+	Added new plugins.
+
 2012-02-10  Michael Meyer <michael.meyer at greenbone.net>
 
 	* scripts/remote-MS04-011.nasl:

Added: trunk/openvas-plugins/scripts/gb_apache_struts_cookbook_n_exmp_mul_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_apache_struts_cookbook_n_exmp_mul_xss_vuln.nasl	                        (rev 0)
+++ trunk/openvas-plugins/scripts/gb_apache_struts_cookbook_n_exmp_mul_xss_vuln.nasl	2012-02-10 14:41:30 UTC (rev 12703)
@@ -0,0 +1,174 @@
+##############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802423);
+  script_version("$Revision$");
+  script_bugtraq_id(51900);
+  script_cve_id("CVE-2012-1007");
+  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
+  script_tag(name:"cvss_base", value:"4.3");
+  script_tag(name:"risk_factor", value:"Medium");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2012-02-08 17:33:28 +0530 (Wed, 08 Feb 2012)");
+  script_name("Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities");
+  desc = "
+  Overview: This host is running Apache Struts and is prone to multiple
+  Cross-site scripting vulnerabilities.
+
+  Vulnerability Insight:
+  Multiple flaws due to an,
+  - Input passed via the 'message' parameter in 'processSimple.do' and
+    'processDyna.do' action is not properly verified before it is returned
+    to the user.
+  - Input passed via the 'name' and 'queryParam' parameter in
+    '/struts-examples/upload/upload-submit.do' action is not properly verified
+    before it is returned to the user.
+
+  Impact:
+  Successful exploitation could allow an attacker to execute arbitrary HTML
+  code in a user's browser session in the context of a vulnerable application.
+
+  Impact Level: Application.
+
+  Affected Software:
+  Apache Struts (cookbook, examples) version 1.3.10 and prior.
+
+  Fix: No solution or patch is available as on 08th, February 2012. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://struts.apache.org/download.cgi
+
+  References:
+  http://secpod.org/blog/?p=450
+  http://secpod.org/advisories/SecPod_Apache_Struts_Multiple_Parsistant_XSS_Vulns.txt ";
+
+  script_description(desc);
+  script_summary("Check if Apache Struts is vulnerable to cross-site scripting vulnerabilities");
+  script_category(ACT_ATTACK);
+  script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+  script_family("Web application abuses");
+  script_require_ports("Services/www", 8080);
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("http_keepalive.inc");
+
+
+asport = 0;
+asreq = NULL;
+asres = NULL;
+asRes = NULL;
+## Get HTTP Port
+
+asport = get_http_port(default:8080);
+if(asport){
+  asport = 8080;
+}
+
+## Check for the port status
+if(!get_port_state(asport)){
+  exit(0);
+}
+
+## check the possibly configured names
+foreach dir (make_list("/", "/struts", "/struts-cookbook", "/struts-examples"))
+{
+  ## Make list index pages
+  foreach indexpage (make_list("/", "/welcome.do"))
+  {
+    ## Send and Recieve the response
+    asreq = http_get(item:string(dir, indexpage), port:asport);
+
+    if(!isnull(asreq))
+    {
+      asres = http_keepalive_send_recv(port:asport, data:asreq);
+
+      ## Confirm the application Struts Cookbook
+      if(!isnull(asres) && ">Struts Cookbook<" >< asres)
+      {
+        ## Construct the POST Attack for Struts Cookbook
+        postdata = "name=xyz&secret=xyz&color=red&message=%3Cscript%3Ealert" +
+                   "%28document.cookie%29%3C%2Fscript%3E&hidden=Sssh%21+It%" +
+                   "27s+a+secret.+Nobody+knows+I%27m+here.";
+
+        ## Construct the POST request Struts Cookbook
+        asReq = string("POST ", dir, "/processSimple.do HTTP/1.1\r\n",
+                     "Host: ", get_host_name(), "\r\n",
+                     "User-Agent:  XSS-TEST\r\n",
+                     "Content-Type: application/x-www-form-urlencoded\r\n",
+                     "Content-Length: ", strlen(postdata), "\r\n",
+                     "\r\n", postdata);
+        asRes = http_send_recv(port:asport, data:asReq);
+
+        ##  Confirm the exploit
+        if(!isnull(asRes) && "<script>alert(document.cookie)</script>" >< asRes &&
+           ">Simple ActionForm Example<" >< asRes)
+        {
+          security_warning(asport);
+          exit(0);
+        }
+      }
+
+      ## Confirm the application Struts Examples
+      if(!isnull(asres) && ">Struts Examples<" >< asres)
+      {
+        ## Construct the POST data
+        postdata = '-----------------------------7559840272055538773136052934'  +
+                  '\r\nContent-Disposition: form-data; name="theText"\r\n\r\n' +
+                  '\r\n-----------------------------7559840272055538773136052' +
+                  '934\r\nContent-Disposition: form-data; name="theFile"; fil' +
+                  'ename=""\r\nContent-Type: application/octet-stream\r\n\r\n' +
+                  '\r\n-----------------------------7559840272055538773136052' +
+                  '934\r\nContent-Disposition: form-data; name="filePath"\r\n' +
+                  '\r\n<script>alert(document.cookie)</script>\r\n-----------' +
+                  '------------------7559840272055538773136052934--\r\n';
+
+        ## Construct the POST request
+        asReq = string("POST ", dir, "/upload/upload-submit.do?queryParam=Successful HTTP/1.1\r\n",
+                       "Host: ", get_host_name(), "\r\n",
+                       "User-Agent:  XSS-TEST\r\n",
+                       "Content-Type: multipart/form-data; boundary=---" +
+                       "------------------------7559840272055538773136052934\r\n",
+                       "Content-Type: application/x-www-form-urlencoded\r\n",
+                       "Content-Length: ", strlen(postdata), "\r\n",
+                       "\r\n", postdata);
+        asRes = http_send_recv(port:asport, data:asReq);
+
+        ## Confirm the exploit
+        if(!isnull(asRes) &&
+           "<script>alert(document.cookie)</script>" >< asRes &&
+           ">File Upload Example<" >< asRes)
+        {
+          security_warning(asport);
+          exit(0);
+        }
+      }
+    }
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_apache_struts_cookbook_n_exmp_mul_xss_vuln.nasl
___________________________________________________________________
Added: svn:keywords
   + Revision Date Id

Added: trunk/openvas-plugins/scripts/gb_apache_struts_showcase_multiple_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_apache_struts_showcase_multiple_xss_vuln.nasl	                        (rev 0)
+++ trunk/openvas-plugins/scripts/gb_apache_struts_showcase_multiple_xss_vuln.nasl	2012-02-10 14:41:30 UTC (rev 12703)
@@ -0,0 +1,154 @@
+##############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802422);
+  script_version("$Revision$");
+  script_bugtraq_id(51902);
+  script_cve_id("CVE-2012-1006");
+  script_tag(name:"cvss_base", value:"4.3");
+  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
+  script_tag(name:"risk_factor", value:"Medium");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2012-02-08 12:14:38 +0530 (Wed, 08 Feb 2012)");
+  script_name("Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities");
+  desc = "
+  Overview: This host is running Apache Struts Showcase and is prone to
+  multiple persistence cross-site scripting vulnerabilities.
+
+  Vulnerability Insight:
+  Multiple flaws due to an,
+  - Input passed via the 'name' and 'lastName' parameter in
+    '/struts2-showcase/person/editPerson.action' is not properly verified
+    before it is returned to the user.
+  - Input passed via the 'clientName' parameter in
+    '/struts2-rest-showcase/orders' action is not properly verified before
+    it is returned to the user.
+
+  Impact:
+  Successful exploitation could allow an attacker to execute arbitrary HTML
+  code in a user's browser session in the context of a vulnerable application.
+
+  Impact Level: Application.
+
+  Affected Software:
+  Apache Struts2 (Showcase) version 2.x to 2.2.3
+
+  Fix: No solution or patch is available as on 08th, February 2012. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://struts.apache.org/download.cgi
+
+  References:
+  http://secpod.org/blog/?p=450
+  http://secpod.org/advisories/SecPod_Apache_Struts_Multiple_Parsistant_XSS_Vulns.txt ";
+
+  script_description(desc);
+  script_summary("Check if Apache Struts Showcase is vulnerable to XSS vulnerabilities");
+  script_category(ACT_ATTACK);
+  script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+  script_family("Web application abuses");
+  script_require_ports("Services/www", 8080);
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("http_keepalive.inc");
+
+
+## Get HTTP Port
+
+asport = 0;
+asreq = NULL;
+asres = NULL;
+asresp = NULL;
+
+asport = get_http_port(default:8080);
+if(!asport){
+  asport = 8080 ;
+}
+
+## Check the port status
+if(!get_port_state(asport)){
+  exit(0);
+}
+
+## Stored XSS (Not a safe check)
+if(safe_checks()){
+  exit(0);
+}
+
+## check the possible paths
+foreach dir (make_list("/", "/struts", "/struts2-showcase"))
+{
+  ## Send and Recieve the response
+  asreq = http_get(item:string(dir,"/showcase.action"), port:asport);
+  if(!isnull(asreq))
+  {
+    asres = http_keepalive_send_recv(port:asport, data:asreq);
+
+    if(!isnull(asres))
+    {
+      ## Confirm the application
+      if(">Showcase</" >< asres && ">Struts Showcase<" >< asres)
+      {
+        ## Construct the POST data
+        postdata = "person.name=%3Cscript%3Ealert%28document.cookie%29%3C%2" +
+                   "Fscript%3E&person.lastName=%3Cscript%3Ealert%28document" +
+                  ".cookie%29%3C%2Fscript%3E";
+
+        ## Construct the POST request
+        asReq = string("POST ", dir, "/person/newPerson.action HTTP/1.1\r\n",
+                       "Host: ", get_host_name(), "\r\n",
+                       "User-Agent:  XSS-TEST\r\n",
+                       "Content-Type: application/x-www-form-urlencoded\r\n",
+                       "Content-Length: ", strlen(postdata), "\r\n",
+                       "\r\n", postdata);
+        asRes = http_send_recv(port:asport, data:asReq);
+
+        if(!isnull(asRes))
+        {
+          asreq = http_get(item:string(dir,"/person/listPeople.action"),
+                           port:asport);
+          if(!isnull(asreq))
+          {
+            asresp = http_keepalive_send_recv(port:asport, data:asreq);
+
+            ##  Confirm the exploit
+            if(!isnull(asresp) &&
+               ("<script>alert(document.cookie)</script>" >< asresp) &&
+               ">Struts Showcase<" >< asresp)
+            {
+              security_warning(asport);
+              exit(0);
+            }
+          }
+        }
+      }
+    }
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_apache_struts_showcase_multiple_xss_vuln.nasl
___________________________________________________________________
Added: svn:keywords
   + Revision Date Id

Added: trunk/openvas-plugins/scripts/gb_manageengine_admanager_plus_mult_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_manageengine_admanager_plus_mult_xss_vuln.nasl	                        (rev 0)
+++ trunk/openvas-plugins/scripts/gb_manageengine_admanager_plus_mult_xss_vuln.nasl	2012-02-10 14:41:30 UTC (rev 12703)
@@ -0,0 +1,109 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Zoho ManageEngine ADManager Plus Multiple Cross Site Scripting Vulnerabilities
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802587);
+  script_version("$Revision$");
+  script_bugtraq_id(51893);
+  script_tag(name:"cvss_base", value:"4.3");
+  script_tag(name:"risk_factor", value:"Medium");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2012-02-08 12:14:53 +0530 (Wed, 08 Feb 2012)");
+  script_name("Zoho ManageEngine ADManager Plus Multiple Cross Site Scripting Vulnerabilities");
+  desc = "
+  Overview: This host is running Zoho ManageEngine ADManager Plus and is prone
+  to multiple cross site scripting vulnerabilities.
+
+  Vulnerability Insight:
+  The flaw is caused due to an input passed to the 'domainName' parameter in
+  jsp/AddDC.jsp and 'operation' POST parameter in DomainConfig.do (when
+  'methodToCall' is set to 'save') is not properly sanitised before being
+  returned to the user.
+
+  Impact:
+  Successful exploitation will let the attacker to execute arbitrary HTML and
+  script code in a user's browser session in context of an affected site.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  ManageEngine ADManager Plus version 5.2 Build 5210
+
+  Fix: No solution or patch is available as on 8th, February 2012. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.manageengine.co.in/products/ad-manager/download.html
+
+  References:
+  http://secunia.com/advisories/47887/
+  http://www.zeroscience.mk/codes/admanager_xss.txt
+  http://packetstormsecurity.org/files/109528/ZSL-2012-5070.txt
+  http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5070.php ";
+
+  script_description(desc);
+  script_summary("Check if Zoho ManageEngine ADManager Plus is prone to XSS");
+  script_category(ACT_ATTACK);
+  script_copyright("Copyright (C) 2012 Greenbone Networks GmbH");
+  script_family("Web application abuses");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("http_keepalive.inc");
+
+## Get HTTP Port
+port = 0;
+port = get_http_port(default:8080);
+if(!port){
+  port = 80;
+}
+
+if(!get_port_state(port)) {
+  exit(0);
+}
+
+sndReq = "";
+rcvRes = "";
+sndReq = http_get(item:"/home.do", port:port);
+if(!isnull(sndReq))
+{
+  rcvRes = http_send_recv(port:port, data:sndReq);
+
+  ## Confirm the application
+  if(!isnull(rcvRes) && "<title>ManageEngine - ADManager Plus</title>" >< rcvRes)
+  {
+    ## Construct attack
+    url = '/jsp/AddDC.jsp?domainName="><script>alert(document.cookie)</script>';
+
+    ## Confirm exploit worked properly or not
+    if(http_vuln_check(port:port, url:url, pattern:"><script>alert\(" +
+                                    "document.cookie\)</script>")){
+      security_warning(port:port);
+    }
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_manageengine_admanager_plus_mult_xss_vuln.nasl
___________________________________________________________________
Added: svn:keywords
   + Revision Date Id

Added: trunk/openvas-plugins/scripts/gb_mozilla_prdts_ipv6_literal_syntax_info_disc_vuln_macosx.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_mozilla_prdts_ipv6_literal_syntax_info_disc_vuln_macosx.nasl	                        (rev 0)
+++ trunk/openvas-plugins/scripts/gb_mozilla_prdts_ipv6_literal_syntax_info_disc_vuln_macosx.nasl	2012-02-10 14:41:30 UTC (rev 12703)
@@ -0,0 +1,127 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Mozilla Products IPv6 Literal Syntax Cross Domain Information Disclosure Vulnerability (MAC OS X)
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802583);
+  script_version("$Revision$");
+  script_cve_id("CVE-2011-3670");
+  script_bugtraq_id(51786);
+  script_tag(name:"cvss_base", value:"5.0");
+  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
+  script_tag(name:"risk_factor", value:"Medium");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2012-02-03 17:51:59 +0530 (Fri, 03 Feb 2012)");
+  script_name("Mozilla Products IPv6 Literal Syntax Cross Domain Information Disclosure Vulnerability (MAC OS X)");
+  desc = "
+  Overview:
+  The host is installed with Mozilla firefox/thunderbird/seamonkey and is prone
+  to information disclosure vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused due to requests made using IPv6 syntax using XMLHttpRequest
+  objects through a proxy may generate errors depending on proxy configuration
+  for IPv6. The resulting error messages from the proxy may disclose sensitive
+  data.
+
+  Impact:
+  Successful exploitation will let attackers to get sensitive information.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  SeaMonkey version before 2.4
+  Thunderbird version before 3.1.18 and 5.0 through 6.0.
+  Mozilla Firefox version before 3.6.26 and 4.x through 6.0
+
+  Fix: Upgrade to Mozilla Firefox version 3.6.27 or 7.0 or later
+  For updates refer, http://www.mozilla.com/en-US/firefox/all.html
+
+  Upgrade to SeaMonkey version to 2.4 or later
+  http://www.mozilla.org/projects/seamonkey/
+
+  Upgrade to Thunderbird version to 3.1.18 or 7.0 or later
+  http://www.mozilla.org/en-US/thunderbird/
+
+  References:
+  http://secunia.com/advisories/47839/
+  http://securitytracker.com/id/1026613
+  http://www.mozilla.org/security/announce/2012/mfsa2012-02.html ";
+
+  script_description(desc);
+  script_summary("Check for the version of Mozilla Firefox/Thunderbird/SeaMonkey");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2012 Greenbone Networks GmbH");
+  script_family("General");
+  script_dependencies("gb_mozilla_prdts_detect_macosx.nasl");
+  script_require_keys("Mozilla/Firefox/MacOSX/Version",
+                      "SeaMonkey/MacOSX/Version", "ThunderBird/MacOSX/Version");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+# Firefox Check
+ffVer = NULL;
+ffVer = get_kb_item("Mozilla/Firefox/MacOSX/Version");
+if(!isnull(ffVer))
+{
+  # Grep for Firefox version
+  if(version_is_less(version:ffVer, test_version:"3.6.26") ||
+     version_in_range(version:ffVer, test_version:"4.0", test_version2:"6.0"))
+  {
+    security_warning(0);
+    exit(0);
+  }
+}
+
+# SeaMonkey Check
+seaVer = NULL;
+seaVer = get_kb_item("SeaMonkey/MacOSX/Version");
+
+if(!isnull(seaVer))
+{
+  # Grep for SeaMonkey version
+  if(version_is_less(version:seaVer, test_version:"2.4"))
+  {
+    security_warning(0);
+    exit(0);
+  }
+}
+
+# Thunderbird Check
+tbVer = NULL;
+tbVer = get_kb_item("ThunderBird/MacOSX/Version");
+
+if(!isnull(tbVer))
+{
+  # Grep for Thunderbird version
+  if(version_is_less(version:tbVer, test_version:"3.1.18") ||
+     version_in_range(version:tbVer, test_version:"5.0", test_version2:"6.0")){
+    security_warning(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_mozilla_prdts_ipv6_literal_syntax_info_disc_vuln_macosx.nasl
___________________________________________________________________
Added: svn:keywords
   + Revision Date Id

Added: trunk/openvas-plugins/scripts/gb_mozilla_prdts_ipv6_literal_syntax_info_disc_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_mozilla_prdts_ipv6_literal_syntax_info_disc_vuln_win.nasl	                        (rev 0)
+++ trunk/openvas-plugins/scripts/gb_mozilla_prdts_ipv6_literal_syntax_info_disc_vuln_win.nasl	2012-02-10 14:41:30 UTC (rev 12703)
@@ -0,0 +1,129 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Mozilla Products IPv6 Literal Syntax Cross Domain Information Disclosure Vulnerability (Windows)
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802579);
+  script_version("$Revision$");
+  script_cve_id("CVE-2011-3670");
+  script_bugtraq_id(51786);
+  script_tag(name:"cvss_base", value:"5.0");
+  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
+  script_tag(name:"risk_factor", value:"Medium");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2012-02-03 17:51:59 +0530 (Fri, 03 Feb 2012)");
+  script_name("Mozilla Products IPv6 Literal Syntax Cross Domain Information Disclosure Vulnerability (Windows)");
+  desc = "
+  Overview:
+  The host is installed with Mozilla firefox/thunderbird/seamonkey and is prone
+  to information disclosure vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused due to requests made using IPv6 syntax using XMLHttpRequest
+  objects through a proxy may generate errors depending on proxy configuration
+  for IPv6. The resulting error messages from the proxy may disclose sensitive
+  data.
+
+  Impact:
+  Successful exploitation will let attackers to get sensitive information.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  SeaMonkey version before 2.4
+  Thunderbird version before 3.1.18 and 5.0 through 6.0
+  Mozilla Firefox version before 3.6.26 and 4.x through 6.0
+
+  Fix: Upgrade to Mozilla Firefox version 3.6.27 or 7.0 or later
+  For updates refer, http://www.mozilla.com/en-US/firefox/all.html
+
+  Upgrade to SeaMonkey version to 2.4 or later
+  http://www.mozilla.org/projects/seamonkey/
+
+  Upgrade to Thunderbird version to 3.1.18 or 7.0 or later
+  http://www.mozilla.org/en-US/thunderbird/
+
+  References:
+  http://secunia.com/advisories/47839/
+  http://securitytracker.com/id/1026613
+  http://www.mozilla.org/security/announce/2012/mfsa2012-02.html ";
+
+  script_description(desc);
+  script_summary("Check for the version of Mozilla Firefox/Thunderbird/SeaMonkey");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2012 Greenbone Networks GmbH");
+  script_family("General");
+  script_dependencies("gb_firefox_detect_win.nasl",
+                      "gb_seamonkey_detect_win.nasl",
+                      "gb_thunderbird_detect_win.nasl");
+  script_require_keys("Firefox/Win/Ver", "Seamonkey/Win/Ver",
+                      "Thunderbird/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+# Firefox Check
+ffVer = NULL;
+ffVer = get_kb_item("Firefox/Win/Ver");
+if(!isnull(ffVer))
+{
+  # Grep for Firefox version
+  if(version_is_less(version:ffVer, test_version:"3.6.26") ||
+     version_in_range(version:ffVer, test_version:"4.0", test_version2:"6.0"))
+  {
+    security_warning(0);
+    exit(0);
+  }
+}
+
+# SeaMonkey Check
+seaVer = NULL;
+seaVer = get_kb_item("Seamonkey/Win/Ver");
+
+if(!isnull(seaVer))
+{
+  # Grep for SeaMonkey version
+  if(version_is_less(version:seaVer, test_version:"2.4"))
+  {
+    security_warning(0);
+    exit(0);
+  }
+}
+
+# Thunderbird Check
+tbVer = NULL;
+tbVer = get_kb_item("Thunderbird/Win/Ver");
+
+if(!isnull(tbVer))
+{
+  # Grep for Thunderbird version
+  if(version_is_less(version:tbVer, test_version:"3.1.18") ||
+     version_in_range(version:tbVer, test_version:"5.0", test_version2:"6.0")){
+    security_warning(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_mozilla_prdts_ipv6_literal_syntax_info_disc_vuln_win.nasl
___________________________________________________________________
Added: svn:keywords
   + Revision Date Id

Added: trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_macosx01_feb12.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_macosx01_feb12.nasl	                        (rev 0)
+++ trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_macosx01_feb12.nasl	2012-02-10 14:41:30 UTC (rev 12703)
@@ -0,0 +1,132 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (MAC OS X 01)
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802585);
+  script_version("$Revision$");
+  script_cve_id("CVE-2012-0443", "CVE-2012-0445", "CVE-2012-0446", "CVE-2012-0447");
+  script_bugtraq_id(51756, 51765, 51752, 51757);
+  script_tag(name:"cvss_base", value:"10.0");
+  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2012-02-06 14:03:00 +0530 (Mon, 06 Feb 2012)");
+  script_name("Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (MAC OS X 01)");
+  desc = "
+  Overview:
+  The host is installed with Mozilla firefox/thunderbird/seamonkey and is prone
+  to multiple vulnerabilities.
+
+  Vulnerability Insight:
+  The flaws are caused due to
+  - Multiple unspecified vulnerabilities in browser engine
+  - An error in frame scripts bypass XPConnect security checks when calling
+    untrusted objects.
+  - Not properly initializing data for image/vnd.microsoft.icon images, which
+    allows remote attackers to obtain potentially sensitive information by
+    reading a PNG image that was created through conversion from an ICO image.
+
+  Impact:
+  Successful exploitation will let attackers to cause a denial of service or
+  possibly execute arbitrary code.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  SeaMonkey version before 2.7
+  Thunderbird version 5.0 through 9.0
+  Mozilla Firefox version 4.x through 9.0
+
+  Fix: Upgrade to Mozilla Firefox version 10.0 or later
+  For updates refer, http://www.mozilla.com/en-US/firefox/all.html
+
+  Upgrade to SeaMonkey version to 2.7 or later
+  http://www.mozilla.org/projects/seamonkey/
+
+  Upgrade to Thunderbird version to 10.0 or later
+  http://www.mozilla.org/en-US/thunderbird/
+
+  References:
+  http://www.mozilla.org/security/announce/2012/mfsa2012-01.html
+  http://www.mozilla.org/security/announce/2012/mfsa2012-03.html
+  http://www.mozilla.org/security/announce/2012/mfsa2012-05.html
+  http://www.mozilla.org/security/announce/2012/mfsa2012-06.html ";
+
+  script_description(desc);
+  script_summary("Check for the version of Mozilla Firefox/Thunderbird/SeaMonkey");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2012 Greenbone Networks GmbH");
+  script_family("General");
+  script_dependencies("gb_mozilla_prdts_detect_macosx.nasl");
+  script_require_keys("Mozilla/Firefox/MacOSX/Version",
+                      "SeaMonkey/MacOSX/Version", "ThunderBird/MacOSX/Version");
+
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+# Firefox Check
+ffVer = NULL;
+ffVer = get_kb_item("Mozilla/Firefox/MacOSX/Version");
+
+if(!isnull(ffVer))
+{
+  # Grep for Firefox version
+  if(version_in_range(version:ffVer, test_version:"4.0", test_version2:"9.0"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+}
+
+# SeaMonkey Check
+seaVer = NULL;
+seaVer = get_kb_item("SeaMonkey/MacOSX/Version");
+
+if(!isnull(seaVer))
+{
+  # Grep for SeaMonkey version
+  if(version_is_less(version:seaVer, test_version:"2.7"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+}
+
+# Thunderbird Check
+tbVer = NULL;
+tbVer = get_kb_item("ThunderBird/MacOSX/Version");
+
+if(!isnull(tbVer))
+{
+  # Grep for Thunderbird version
+  if(version_in_range(version:tbVer, test_version:"5.0", test_version2:"9.0")){
+    security_hole(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_macosx01_feb12.nasl
___________________________________________________________________
Added: svn:keywords
   + Revision Date Id

Added: trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_macosx_feb12.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_macosx_feb12.nasl	                        (rev 0)
+++ trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_macosx_feb12.nasl	2012-02-10 14:41:30 UTC (rev 12703)
@@ -0,0 +1,132 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (MAC OS X)
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802584);
+  script_version("$Revision$");
+  script_cve_id("CVE-2012-0442", "CVE-2012-0444", "CVE-2012-0449", "CVE-2011-3659");
+  script_bugtraq_id(51756, 51753, 51754, 51755);
+  script_tag(name:"cvss_base", value:"10.0");
+  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2012-02-06 13:59:08 +0530 (Mon, 06 Feb 2012)");
+  script_name("Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (MAC OS X)");
+  desc = "
+  Overview:
+  The host is installed with Mozilla firefox/thunderbird/seamonkey and is prone
+  to multiple vulnerabilities.
+
+  Vulnerability Insight:
+  The flaws are caused due to
+  - Multiple unspecified vulnerabilities in the browser engine.
+  - An error while initializing nsChildView data structures.
+  - Premature notification of AttributeChildRemoved, the removed child nodes of
+    nsDOMAttribute can be accessed under certain circumstances.
+  - An error while processing a malformed embedded XSLT stylesheet, leads to crash
+    the application.
+
+  Impact:
+  Successful exploitation will let attackers to cause a denial of service or
+  possibly execute arbitrary code via unknown vectors.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  SeaMonkey version before 2.7
+  Thunderbird version before 3.1.18 and 5.0 through 9.0
+  Mozilla Firefox version before 3.6.26 and 4.x through 9.0
+
+  Fix: Upgrade to Mozilla Firefox version 3.6.26 or 10.0 or later
+  For updates refer, http://www.mozilla.com/en-US/firefox/all.html
+
+  Upgrade to SeaMonkey version to 2.7 or later
+  http://www.mozilla.org/projects/seamonkey/
+
+  Upgrade to Thunderbird version to 3.1.18 or 10.0 or later
+  http://www.mozilla.org/en-US/thunderbird/
+
+  References:
+  http://www.mozilla.org/security/announce/2012/mfsa2012-08.html
+  http://www.mozilla.org/security/announce/2012/mfsa2012-07.html
+  http://www.mozilla.org/security/announce/2012/mfsa2012-04.html ";
+
+  script_description(desc);
+  script_summary("Check for the version of Mozilla Firefox/Thunderbird/SeaMonkey");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2012 Greenbone Networks GmbH");
+  script_family("General");
+  script_dependencies("gb_mozilla_prdts_detect_macosx.nasl");
+  script_require_keys("Mozilla/Firefox/MacOSX/Version",
+                      "SeaMonkey/MacOSX/Version", "ThunderBird/MacOSX/Version");
+
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+# Firefox Check
+ffVer = NULL;
+ffVer = get_kb_item("Mozilla/Firefox/MacOSX/Version");
+
+if(!isnull(ffVer))
+{
+  # Grep for Firefox version
+  if(version_is_less(version:ffVer, test_version:"3.6.26") ||
+     version_in_range(version:ffVer, test_version:"4.0", test_version2:"9.0"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+}
+
+# SeaMonkey Check
+seaVer = NULL;
+seaVer = get_kb_item("SeaMonkey/MacOSX/Version");
+
+if(!isnull(seaVer))
+{
+  # Grep for SeaMonkey version
+  if(version_is_less(version:seaVer, test_version:"2.7"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+}
+
+# Thunderbird Check
+tbVer = NULL;
+tbVer = get_kb_item("ThunderBird/MacOSX/Version");
+if(!isnull(tbVer))
+{
+  # Grep for Thunderbird version
+  if(version_is_less(version:tbVer, test_version:"3.1.18") ||
+     version_in_range(version:tbVer, test_version:"5.0", test_version2:"9.0")){
+    security_hole(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_macosx_feb12.nasl
___________________________________________________________________
Added: svn:keywords
   + Revision Date Id

Added: trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_win01_feb12.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_win01_feb12.nasl	                        (rev 0)
+++ trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_win01_feb12.nasl	2012-02-10 14:41:30 UTC (rev 12703)
@@ -0,0 +1,133 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (Windows 01)
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802581);
+  script_version("$Revision$");
+  script_cve_id("CVE-2012-0443", "CVE-2012-0445", "CVE-2012-0446", "CVE-2012-0447");
+  script_bugtraq_id(51756, 51765, 51752, 51757);
+  script_tag(name:"cvss_base", value:"10.0");
+  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2012-02-03 19:44:43 +0530 (Fri, 03 Feb 2012)");
+  script_name("Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (Windows 01)");
+  desc = "
+  Overview:
+  The host is installed with Mozilla firefox/thunderbird/seamonkey and is prone
+  to multiple vulnerabilities.
+
+  Vulnerability Insight:
+  The flaws are caused due to n
+  - Multiple unspecified vulnerabilities in browser engine.
+  - An error in frame scripts bypass XPConnect security checks when calling
+    untrusted objects.
+  - Not properly initializing data for image/vnd.microsoft.icon images, which
+    allows remote attackers to obtain potentially sensitive information by
+    reading a PNG image that was created through conversion from an ICO image.
+
+  Impact:
+  Successful exploitation will let attackers to cause a denial of service or
+  possibly execute arbitrary code.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  SeaMonkey version before 2.7
+  Thunderbird version 5.0 through 9.0
+  Mozilla Firefox version 4.x through 9.0
+
+  Fix: Upgrade to Mozilla Firefox version 10.0 or later
+  For updates refer, http://www.mozilla.com/en-US/firefox/all.html
+
+  Upgrade to SeaMonkey version to 2.7 or later
+  http://www.mozilla.org/projects/seamonkey/
+
+  Upgrade to Thunderbird version to 10.0 or later
+  http://www.mozilla.org/en-US/thunderbird/
+
+  References:
+  http://www.mozilla.org/security/announce/2012/mfsa2012-01.html
+  http://www.mozilla.org/security/announce/2012/mfsa2012-03.html
+  http://www.mozilla.org/security/announce/2012/mfsa2012-05.html
+  http://www.mozilla.org/security/announce/2012/mfsa2012-06.html ";
+
+  script_description(desc);
+  script_summary("Check for the version of Mozilla Firefox/Thunderbird/SeaMonkey");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2012 Greenbone Networks GmbH");
+  script_family("General");
+  script_dependencies("gb_firefox_detect_win.nasl",
+                      "gb_seamonkey_detect_win.nasl",
+                      "gb_thunderbird_detect_win.nasl");
+  script_require_keys("Firefox/Win/Ver", "Seamonkey/Win/Ver",
+                      "Thunderbird/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+# Firefox Check
+ffVer = NULL;
+ffVer = get_kb_item("Firefox/Win/Ver");
+
+if(!isnull(ffVer))
+{
+  # Grep for Firefox version
+  if(version_in_range(version:ffVer, test_version:"4.0", test_version2:"9.0"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+}
+
+# SeaMonkey Check
+seaVer = NULL;
+seaVer = get_kb_item("Seamonkey/Win/Ver");
+
+if(!isnull(seaVer))
+{
+  # Grep for SeaMonkey version
+  if(version_is_less(version:seaVer, test_version:"2.7"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+}
+
+# Thunderbird Check
+tbVer = NULL;
+tbVer = get_kb_item("Thunderbird/Win/Ver");
+
+if(!isnull(tbVer))
+{
+  # Grep for Thunderbird version
+  if(version_in_range(version:tbVer, test_version:"5.0", test_version2:"9.0")){
+    security_hole(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_win01_feb12.nasl
___________________________________________________________________
Added: svn:keywords
   + Revision Date Id

Added: trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_win_feb12.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_win_feb12.nasl	                        (rev 0)
+++ trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_win_feb12.nasl	2012-02-10 14:41:30 UTC (rev 12703)
@@ -0,0 +1,134 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (Windows)
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802580);
+  script_version("$Revision$");
+  script_cve_id("CVE-2012-0442", "CVE-2012-0444", "CVE-2012-0449", "CVE-2011-3659");
+  script_bugtraq_id(51756, 51753, 51754, 51755);
+  script_tag(name:"cvss_base", value:"10.0");
+  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2012-02-03 19:24:43 +0530 (Fri, 03 Feb 2012)");
+  script_name("Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (Windows)");
+  desc = "
+  Overview:
+  The host is installed with Mozilla firefox/thunderbird/seamonkey and is prone
+  to multiple vulnerabilities.
+
+  Vulnerability Insight:
+  The flaws are caused due to,
+  - Multiple unspecified vulnerabilities in the browser engine.
+  - An error while initializing nsChildView data structures.
+  - Premature notification of AttributeChildRemoved, the removed child nodes
+    of nsDOMAttribute can be accessed under certain circumstances.
+  - An error while processing a malformed embedded XSLT stylesheet, leads to
+    crash the application
+
+  Impact:
+  Successful exploitation will let attackers to cause a denial of service or
+  possibly execute arbitrary code via unknown vectors.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  SeaMonkey version before 2.7
+  Thunderbird version before 3.1.18 and 5.0 through 9.0
+  Mozilla Firefox version before 3.6.26 and 4.x through 9.0
+
+  Fix: Upgrade to Mozilla Firefox version 3.6.26 or 10.0 or later
+  For updates refer, http://www.mozilla.com/en-US/firefox/all.html
+
+  Upgrade to SeaMonkey version to 2.7 or later
+  http://www.mozilla.org/projects/seamonkey/
+
+  Upgrade to Thunderbird version to 3.1.18 or 10.0 or later
+  http://www.mozilla.org/en-US/thunderbird/
+
+  References:
+  http://www.mozilla.org/security/announce/2012/mfsa2012-08.html
+  http://www.mozilla.org/security/announce/2012/mfsa2012-07.html
+  http://www.mozilla.org/security/announce/2012/mfsa2012-04.html ";
+
+  script_description(desc);
+  script_summary("Check for the version of Mozilla Firefox/Thunderbird/SeaMonkey");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2012 Greenbone Networks GmbH");
+  script_family("General");
+  script_dependencies("gb_firefox_detect_win.nasl",
+                      "gb_seamonkey_detect_win.nasl",
+                      "gb_thunderbird_detect_win.nasl");
+  script_require_keys("Firefox/Win/Ver", "Seamonkey/Win/Ver",
+                      "Thunderbird/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+# Firefox Check
+ffVer = NULL;
+ffVer = get_kb_item("Firefox/Win/Ver");
+
+if(!isnull(ffVer))
+{
+  # Grep for Firefox version
+  if(version_is_less(version:ffVer, test_version:"3.6.26") ||
+     version_in_range(version:ffVer, test_version:"4.0", test_version2:"9.0"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+}
+
+# SeaMonkey Check
+seaVer = NULL;
+seaVer = get_kb_item("Seamonkey/Win/Ver");
+
+if(!isnull(seaVer))
+{
+  # Grep for SeaMonkey version
+  if(version_is_less(version:seaVer, test_version:"2.7"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+}
+
+# Thunderbird Check
+tbVer = NULL;
+tbVer = get_kb_item("Thunderbird/Win/Ver");
+
+if(!isnull(tbVer))
+{
+  # Grep for Thunderbird version
+  if(version_is_less(version:tbVer, test_version:"3.1.18") ||
+     version_in_range(version:tbVer, test_version:"5.0", test_version2:"9.0")){
+    security_hole(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_mozilla_prdts_mult_vuln_win_feb12.nasl
___________________________________________________________________
Added: svn:keywords
   + Revision Date Id

Added: trunk/openvas-plugins/scripts/gb_mozilla_prdts_recovery_key_info_disc_vuln_macosx.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_mozilla_prdts_recovery_key_info_disc_vuln_macosx.nasl	                        (rev 0)
+++ trunk/openvas-plugins/scripts/gb_mozilla_prdts_recovery_key_info_disc_vuln_macosx.nasl	2012-02-10 14:41:30 UTC (rev 12703)
@@ -0,0 +1,105 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Mozilla Products 'Firefox Recovery Key.html' Information Disclosure Vulnerability (MAC OS X)
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802582);
+  script_version("$Revision$");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2012-02-06 14:03:00 +0530 (Mon, 06 Feb 2012)");
+  script_cve_id("CVE-2012-0450");
+  script_bugtraq_id(51787);
+  script_tag(name:"cvss_base", value:"2.1");
+  script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:P/I:N/A:N");
+  script_tag(name:"risk_factor", value:"Medium");
+  script_name("Mozilla Products 'Firefox Recovery Key.html' Information Disclosure Vulnerability (MAC OS X)");
+  desc = "
+  Overview: The host is installed with Mozilla firefox/seamonkey and is prone
+  to information disclosure vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused due to setting weak permissions for Firefox Recovery
+  Key.html, which might allow local users to read a Firefox Sync key via
+  standard filesystem operations.
+
+  Impact:
+  Successful exploitation will let attackers to read a Firefox Sync key via
+  standard filesystem operations and gain sensitive information.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  SeaMonkey version prior to 2.7
+  Mozilla Firefox version 4.x through 9.0
+
+  Fix: Upgrade to Mozilla Firefox version 10.0 or  later,
+  For updates refer, http://www.mozilla.com/en-US/firefox/all.html
+
+  Upgrade to SeaMonkey version to 2.7 or later
+  http://www.mozilla.org/projects/seamonkey/
+
+  References:
+  http://www.mozilla.org/security/announce/2012/mfsa2012-09.html ";
+
+  script_description(desc);
+  script_summary("Check for the version of Mozilla Firefox/SeaMonkey");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
+  script_family("General");
+  script_dependencies("gb_mozilla_prdts_detect_macosx.nasl");
+  script_require_keys("Mozilla/Firefox/MacOSX/Version",
+                      "SeaMonkey/MacOSX/Version");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+# Firefox Check
+ffVer = NULL;
+ffVer = get_kb_item("Mozilla/Firefox/MacOSX/Version");
+
+if(!isnull(ffVer))
+{
+  # Grep for Firefox version
+  if(version_in_range(version:ffVer, test_version:"4.0", test_version2:"9.0"))
+  {
+     security_hole(0);
+     exit(0);
+  }
+}
+
+# SeaMonkey Check
+seaVer = NULL;
+seaVer = get_kb_item("SeaMonkey/MacOSX/Version");
+
+if(!isnull(seaVer))
+{
+  # Grep for SeaMonkey version
+  if(version_is_less(version:seaVer, test_version:"2.7")){
+     security_hole(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_mozilla_prdts_recovery_key_info_disc_vuln_macosx.nasl
___________________________________________________________________
Added: svn:keywords
   + Revision Date Id

Added: trunk/openvas-plugins/scripts/gb_phpmyadmin_url_param_uri_redirect_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_phpmyadmin_url_param_uri_redirect_vuln.nasl	                        (rev 0)
+++ trunk/openvas-plugins/scripts/gb_phpmyadmin_url_param_uri_redirect_vuln.nasl	2012-02-10 14:41:30 UTC (rev 12703)
@@ -0,0 +1,123 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# phpMyAdmin 'url' Parameter URI Redirection Vulnerability
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802607);
+  script_version("$Revision$");
+  script_bugtraq_id(47943);
+  script_cve_id("CVE-2011-1941");
+  script_tag(name:"cvss_base", value:"4.3");
+  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
+  script_tag(name:"risk_factor", value:"Medium");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2012-02-09 17:17:17 +0530 (Thu, 09 Feb 2012)");
+  script_name("phpMyAdmin 'url' Parameter URI Redirection Vulnerability");
+  desc = "
+  Overview: This host is running phpMyAdmin and is prone to URI redirection
+  vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused due to an improper validation of user-supplied input to
+  the 'url' parameter in url.php, which allows attackers to redirect a user to
+  an arbitrary website.
+
+  Impact:
+  Successful exploitation will allow remote attackers to redirect users to
+  arbitrary web sites and conduct phishing attacks.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  phpMyAdmin version 3.4.0
+
+  Fix: Upgrade to phpMyAdmin version 3.4.1 or later.
+  For updates refer, http://www.phpmyadmin.net/home_page/downloads.php
+
+  References:
+  http://secunia.com/advisories/44641
+  http://www.securityfocus.com/bid/47943
+  http://xforce.iss.net/xforce/xfdb/67569
+  http://www.phpmyadmin.net/home_page/security/PMASA-2011-4.php ";
+
+  script_description(desc);
+  script_summary("Check if phpMyAdmin is vulnerable to URI Redirection");
+  script_category(ACT_ATTACK);
+  script_copyright("This script is Copyright (C) 2012 Greenbone Networks GmbH");
+  script_family("Web application abuses");
+  script_dependencies("secpod_phpmyadmin_detect_900129.nasl");
+  script_require_ports("Services/www", 80);
+  script_require_keys("phpMyAdmin/installed");
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+## Variable Initialization
+req = "";
+res = "";
+port = 0;
+
+## Get HTTP Port
+port = get_http_port(default:80);
+if(! port){
+  port = 80;
+}
+
+## Check Port State
+if(!get_port_state(port)) {
+  exit(0);
+}
+
+## Check Host Supports PHP
+if(!can_host_php(port:port)){
+  exit(0);
+}
+
+## Get phpMyAdmin Location
+if(!dir = get_dir_from_kb(port:port, app:"phpMyAdmin")){
+  exit(0);
+}
+
+## Construct attack request
+url = string("http://", get_host_name(), dir, "/ChangeLog");
+req = http_get(item: string(dir, "/url.php?url=", url), port: port);
+if(!isnull(req))
+{
+  pattern = string("Location: ", url);
+
+  ## Send attack request and receive the response
+  res = http_send_recv(port:port, data:req);
+  if(!isnull(res))
+  {
+    ## Confirm Vulnerability
+    if(res =~ "HTTP/1.. 302" && pattern >< res){
+      security_warning(port);
+    }
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_phpmyadmin_url_param_uri_redirect_vuln.nasl
___________________________________________________________________
Added: svn:keywords
   + Revision Date Id

Added: trunk/openvas-plugins/scripts/gb_snipsnap_wiki_query_param_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_snipsnap_wiki_query_param_xss_vuln.nasl	                        (rev 0)
+++ trunk/openvas-plugins/scripts/gb_snipsnap_wiki_query_param_xss_vuln.nasl	2012-02-10 14:41:30 UTC (rev 12703)
@@ -0,0 +1,120 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# SnipSnap Wiki 'query' Parameter Cross Site Scripting Vulnerability
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802606);
+  script_version("$Revision$");
+  script_tag(name:"cvss_base", value:"4.3");
+  script_tag(name:"risk_factor", value:"Medium");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2012-02-09 12:12:12 +0530 (Thu, 09 Feb 2012)");
+  script_name("SnipSnap Wiki 'query' Parameter Cross Site Scripting Vulnerability");
+  desc = "
+  Overview: This host is running SnipSnap and is prone to cross site scripting
+  vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused due to an improper validation of user-supplied input to
+  the 'query' parameter in 'snipsnap-search', which allows attackers to execute
+  arbitrary HTML and script code in a user's browser session in the context of
+  an affected site.
+
+  Impact:
+  Successful exploitation will allow remote attackers to insert arbitrary HTML
+  and script code, which will be executed in a user's browser session in the
+  context of an affected site.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  SnipSnap version 1.0b3 and prior.
+
+  Fix: No solution or patch is available as on 09th February 2012. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://snipsnap.org/space/start
+
+  References:
+  http://packetstormsecurity.org/files/109543/snipsnap-xss.txt
+  http://st2tea.blogspot.in/2012/02/snipsnap-cross-site-scripting.html ";
+
+  script_description(desc);
+  script_summary("Check if SnipSnap is vulnerable to Cross-Site Scripting");
+  script_category(ACT_ATTACK);
+  script_copyright("This script is Copyright (C) 2012 Greenbone Networks GmbH");
+  script_family("Web application abuses");
+  script_require_ports("Services/www", 8080);
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("http_keepalive.inc");
+
+## Variable Initialization
+req = "";
+res = "";
+port = 0;
+
+## Get HTTP Port
+port = get_http_port(default:8080);
+if(!port){
+  port = 8080;
+}
+
+## Check Port State
+if(!get_port_state(port)){
+  exit(0);
+}
+
+## Iterate over possible paths
+foreach dir (make_list("/space", "/snipsnap/space", cgi_dirs()))
+{
+  ## Send and Receive the response
+  req = http_get(item: dir + "/start", port: port);
+  if(!isnull(req))
+  {
+    res = http_keepalive_send_recv(port:port, data:req);
+    if(!isnull(res))
+    {
+      ## Confirm the application before trying exploit
+      if( 'content="SnipSnap' >< res || '>SnipSnap' >< res)
+      {
+        ## Construct Attack Request
+        url = dir + '/snipsnap-search?query="<script>alert(document.cookie)' +
+             '</script>';
+
+        ## Try attack and check the response to confirm vulnerability
+        if(http_vuln_check(port:port, url:url, check_header: TRUE,
+           pattern:"<script>alert\(document.cookie\)</script>"))
+        {
+          security_warning(port);
+          exit(0);
+        }
+      }
+    }
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_snipsnap_wiki_query_param_xss_vuln.nasl
___________________________________________________________________
Added: svn:keywords
   + Revision Date Id



More information about the Openvas-commits mailing list