[Openvas-nvts-commits] r560 - / scripts scripts/2014

scm-commit at wald.intevation.org scm-commit at wald.intevation.org
Fri Jul 11 15:36:56 CEST 2014


Author: veerendragg
Date: 2014-07-11 15:36:56 +0200 (Fri, 11 Jul 2014)
New Revision: 560

Added:
   scripts/2014/gb_adobe_flash_mult_vuln01_jul14_lin.nasl
   scripts/2014/gb_adobe_flash_mult_vuln01_jul14_macosx.nasl
   scripts/2014/gb_adobe_flash_mult_vuln01_jul14_win.nasl
   scripts/2014/gb_axigen_mail_server_xss_vuln.nasl
   scripts/2014/gb_frams_fast_file_exchange_mult_vuln.nasl
   scripts/2014/gb_wireshark_frame_metadissector_dos_vuln_macosx.nasl
   scripts/2014/gb_wireshark_frame_metadissector_dos_vuln_win.nasl
   scripts/2014/gb_wireshark_libpcap_dos_n_code_exec_vuln_macosx.nasl
   scripts/2014/gb_wireshark_libpcap_dos_n_code_exec_vuln_win.nasl
   scripts/2014/gb_wp-ecommerce-shop-styling_rfi_vuln.nasl
Modified:
   ChangeLog
   scripts/2014/gb_wordpress_bib2html_xss_vuln.nasl
   scripts/2014/gb_zerocms_priv_esc_n_sql_inj_vuln.nasl
   scripts/axigen_web_detect.nasl
Log:
Updated according to CR57 and new style. Updated CVE. Added new plugins.

Modified: ChangeLog
===================================================================
--- ChangeLog	2014-07-11 11:04:10 UTC (rev 559)
+++ ChangeLog	2014-07-11 13:36:56 UTC (rev 560)
@@ -1,3 +1,24 @@
+2014-07-11 Veerendra G.G <veerendragg at secpod.com>
+
+	*	scripts/axigen_web_detect.nasl:
+	Updated according to CR57 and new style.
+
+	* scripts/2014/gb_wordpress_bib2html_xss_vuln.nasl,
+	scripts/2014/gb_zerocms_priv_esc_n_sql_inj_vuln.nasl:
+	Updated CVE.
+
+	* scripts/2014/gb_adobe_flash_mult_vuln01_jul14_lin.nasl,
+	scripts/2014/gb_adobe_flash_mult_vuln01_jul14_macosx.nasl,
+	scripts/2014/gb_wireshark_frame_metadissector_dos_vuln_macosx.nasl,
+	scripts/2014/gb_wireshark_frame_metadissector_dos_vuln_win.nasl,
+	scripts/2014/gb_frams_fast_file_exchange_mult_vuln.nasl,
+	scripts/2014/gb_wireshark_libpcap_dos_n_code_exec_vuln_macosx.nasl,
+	scripts/2014/gb_wp-ecommerce-shop-styling_rfi_vuln.nasl,
+	scripts/2014/gb_adobe_flash_mult_vuln01_jul14_win.nasl,
+	scripts/2014/gb_axigen_mail_server_xss_vuln.nasl,
+	scripts/2014/gb_wireshark_libpcap_dos_n_code_exec_vuln_win.nasl,:
+	Added new plugins.
+
 2014-07-11 Antu Sanadi <santu at secpod.com>
 
 	* scripts/2014/gb_fedora_2014_7572_kdelibs_fc19.nasl,

Added: scripts/2014/gb_adobe_flash_mult_vuln01_jul14_lin.nasl
===================================================================
--- scripts/2014/gb_adobe_flash_mult_vuln01_jul14_lin.nasl	                        (rev 0)
+++ scripts/2014/gb_adobe_flash_mult_vuln01_jul14_lin.nasl	2014-07-11 13:36:56 UTC (rev 560)
@@ -0,0 +1,129 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Adobe Flash Player Multiple Vulnerabilities-01 July14 (Linux)
+#
+# Authors:
+# Thanga Prakash S <tprakash at secpod.com>
+#
+# Copyright:
+# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+include("revisions-lib.inc");
+
+CPE = "cpe:/a:adobe:flash_player";
+
+if(description)
+{
+  script_oid("1.3.6.1.4.1.25623.1.0.804716");
+  script_version("$Revision$");
+  script_cve_id("CVE-2014-4671", "CVE-2014-0539", "CVE-2014-0537");
+  script_bugtraq_id(68457, 68454, 68455);
+  script_tag(name:"cvss_base", value:"7.5");
+  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
+  script_tag(name:"risk_factor", value:"High");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2014-07-11 10:58:35 +0530 (Fri, 11 Jul 2014)");
+  script_name("Adobe Flash Player Multiple Vulnerabilities-01 July14 (Linux)");
+
+  tag_summary =
+"This host is installed with Adobe Flash Player and is prone to multiple
+vulnerabilities.";
+
+  tag_vuldetect =
+"Get the installed version with the help of detect NVT and check the version
+is vulnerable or not.";
+
+  tag_insight =
+"Multiple Flaws are due to,
+- An error when handling JSONP callbacks.
+- Multiple Unspecified error.";
+
+  tag_impact =
+"Successful exploitation will allow attackers to bypass certain security
+restrictions.
+
+Impact Level: System/Application";
+
+  tag_affected =
+"Adobe Flash Player version before 11.2.202.394 on Linux.";
+
+  tag_solution =
+"Update to Adobe Flash Player version 11.2.202.394 or later,
+For updates refer to  http://get.adobe.com/flashplayer";
+
+  desc = "
+  Summary:
+  " + tag_summary + "
+
+  Vulnerability Detection:
+  " + tag_vuldetect + "
+
+  Vulnerability Insight:
+  " + tag_insight + "
+
+  Impact:
+  " + tag_impact + "
+
+  Affected Software/OS:
+  " + tag_affected + "
+
+  Solution:
+  " + tag_solution;
+
+  if (revcomp(a: OPENVAS_VERSION, b: "6.0+beta5") >= 0) {
+    script_tag(name : "summary" , value : tag_summary);
+    script_tag(name : "vuldetect" , value : tag_vuldetect);
+    script_tag(name : "insight" , value : tag_insight);
+    script_tag(name : "impact" , value : tag_impact);
+    script_tag(name : "affected" , value : tag_affected);
+    script_tag(name : "solution" , value : tag_solution);
+  }
+
+  script_description(desc);
+  script_xref(name : "URL" , value : "http://www.osvdb.com/108828");
+  script_xref(name : "URL" , value : "http://secunia.com/advisories/59774");
+  script_xref(name : "URL" , value : "http://helpx.adobe.com/security/products/flash-player/apsb14-17.html");
+  script_summary("Check for the vulnerable version of Adobe Flash Player on Linux");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2014 Greenbone Networks GmbH");
+  script_family("General");
+  script_dependencies("gb_adobe_flash_player_detect_lin.nasl");
+  script_mandatory_keys("AdobeFlashPlayer/Linux/Ver");
+  exit(0);
+}
+
+
+include("host_details.inc");
+include("version_func.inc");
+
+## Variable Initialization
+playerVer = "";
+
+## Get version
+if(!playerVer = get_app_version(cpe:CPE)){
+  error_message(data:"Failed to fetch adobe flash player version.");
+  exit(-1);
+}
+
+## Grep for vulnerable version
+if(version_is_less(version:playerVer, test_version:"11.2.202.394"))
+{
+  security_message(0);
+  exit(0);
+}


Property changes on: scripts/2014/gb_adobe_flash_mult_vuln01_jul14_lin.nasl
___________________________________________________________________
Added: svn:keywords
   + Author Revision Date Id

Added: scripts/2014/gb_adobe_flash_mult_vuln01_jul14_macosx.nasl
===================================================================
--- scripts/2014/gb_adobe_flash_mult_vuln01_jul14_macosx.nasl	                        (rev 0)
+++ scripts/2014/gb_adobe_flash_mult_vuln01_jul14_macosx.nasl	2014-07-11 13:36:56 UTC (rev 560)
@@ -0,0 +1,131 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Adobe Flash Player Multiple Vulnerabilities-01 July14 (Mac OS X)
+#
+# Authors:
+# Thanga Prakash S <tprakash at secpod.com>
+#
+# Copyright:
+# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+include("revisions-lib.inc");
+
+CPE = "cpe:/a:adobe:flash_player";
+
+if(description)
+{
+  script_oid("1.3.6.1.4.1.25623.1.0.804715");
+  script_version("$Revision$");
+  script_cve_id("CVE-2014-4671", "CVE-2014-0539", "CVE-2014-0537");
+  script_bugtraq_id(68457, 68454, 68455);
+  script_tag(name:"cvss_base", value:"7.5");
+  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
+  script_tag(name:"risk_factor", value:"High");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2014-07-11 10:56:01 +0530 (Fri, 11 Jul 2014)");
+  script_name("Adobe Flash Player Multiple Vulnerabilities-01 July14 (Mac OS X)");
+
+  tag_summary =
+"This host is installed with Adobe Flash Player and is prone to multiple
+vulnerabilities.";
+
+  tag_vuldetect =
+"Get the installed version with the help of detect NVT and check the version
+is vulnerable or not.";
+
+  tag_insight =
+"Multiple Flaws are due to,
+- An error when handling JSONP callbacks.
+- Multiple Unspecified error.";
+
+  tag_impact =
+"Successful exploitation will allow attackers to bypass certain security
+restrictions.
+
+Impact Level: System/Application";
+
+  tag_affected =
+"Adobe Flash Player before version 13.0.0.231 and 14.x before 14.0.0.145 on
+Mac OS X.";
+
+  tag_solution =
+"Update to Adobe Flash Player version 13.0.0.231 or 14.0.0.145 or later,
+For updates refer to  http://get.adobe.com/flashplayer";
+
+  desc = "
+  Summary:
+  " + tag_summary + "
+
+  Vulnerability Detection:
+  " + tag_vuldetect + "
+
+  Vulnerability Insight:
+  " + tag_insight + "
+
+  Impact:
+  " + tag_impact + "
+
+  Affected Software/OS:
+  " + tag_affected + "
+
+  Solution:
+  " + tag_solution;
+
+  if (revcomp(a: OPENVAS_VERSION, b: "6.0+beta5") >= 0) {
+    script_tag(name : "summary" , value : tag_summary);
+    script_tag(name : "vuldetect" , value : tag_vuldetect);
+    script_tag(name : "insight" , value : tag_insight);
+    script_tag(name : "impact" , value : tag_impact);
+    script_tag(name : "affected" , value : tag_affected);
+    script_tag(name : "solution" , value : tag_solution);
+  }
+
+  script_description(desc);
+  script_xref(name : "URL" , value : "http://www.osvdb.com/108828");
+  script_xref(name : "URL" , value : "http://secunia.com/advisories/59774");
+  script_xref(name : "URL" , value : "http://helpx.adobe.com/security/products/flash-player/apsb14-17.html");
+  script_summary("Check for the vulnerable version of Adobe Flash Player on Mac OS X");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2014 Greenbone Networks GmbH");
+  script_family("General");
+  script_dependencies("secpod_adobe_prdts_detect_macosx.nasl");
+  script_mandatory_keys("Adobe/Flash/Player/MacOSX/Version");
+  exit(0);
+}
+
+
+include("host_details.inc");
+include("version_func.inc");
+
+## Variable Initialization
+playerVer = "";
+
+## Get version
+if(!playerVer = get_app_version(cpe:CPE)){
+  error_message(data:"Failed to fetch adobe flash player version.");
+  exit(-1);
+}
+
+## Grep for vulnerable version
+if(version_is_less(version:playerVer, test_version:"13.0.0.231") ||
+   version_in_range(version:playerVer, test_version:"14.0.0", test_version2:"14.0.0.144"))
+{
+  security_message(0);
+  exit(0);
+}


Property changes on: scripts/2014/gb_adobe_flash_mult_vuln01_jul14_macosx.nasl
___________________________________________________________________
Added: svn:keywords
   + Author Revision Date Id

Added: scripts/2014/gb_adobe_flash_mult_vuln01_jul14_win.nasl
===================================================================
--- scripts/2014/gb_adobe_flash_mult_vuln01_jul14_win.nasl	                        (rev 0)
+++ scripts/2014/gb_adobe_flash_mult_vuln01_jul14_win.nasl	2014-07-11 13:36:56 UTC (rev 560)
@@ -0,0 +1,131 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Adobe Flash Player Multiple Vulnerabilities-01 July14 (Windows)
+#
+# Authors:
+# Thanga Prakash S <tprakash at secpod.com>
+#
+# Copyright:
+# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+include("revisions-lib.inc");
+
+CPE = "cpe:/a:adobe:flash_player";
+
+if(description)
+{
+  script_oid("1.3.6.1.4.1.25623.1.0.804714");
+  script_version("$Revision$");
+  script_cve_id("CVE-2014-4671", "CVE-2014-0539", "CVE-2014-0537");
+  script_bugtraq_id(68457, 68454, 68455);
+  script_tag(name:"cvss_base", value:"7.5");
+  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
+  script_tag(name:"risk_factor", value:"High");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2014-07-11 10:43:50 +0530 (Fri, 11 Jul 2014)");
+  script_name("Adobe Flash Player Multiple Vulnerabilities-01 July14 (Windows)");
+
+  tag_summary =
+"This host is installed with Adobe Flash Player and is prone to multiple
+vulnerabilities.";
+
+  tag_vuldetect =
+"Get the installed version with the help of detect NVT and check the version
+is vulnerable or not.";
+
+  tag_insight =
+"Multiple Flaws are due to,
+- An error when handling JSONP callbacks.
+- Multiple Unspecified error.";
+
+  tag_impact =
+"Successful exploitation will allow attackers to bypass certain security
+restrictions.
+
+Impact Level: System/Application";
+
+  tag_affected =
+"Adobe Flash Player before version 13.0.0.231 and 14.x before 14.0.0.145 on
+Windows.";
+
+  tag_solution =
+"Update to Adobe Flash Player version 13.0.0.231 or 14.0.0.145 or later,
+For updates refer to  http://get.adobe.com/flashplayer";
+
+  desc = "
+  Summary:
+  " + tag_summary + "
+
+  Vulnerability Detection:
+  " + tag_vuldetect + "
+
+  Vulnerability Insight:
+  " + tag_insight + "
+
+  Impact:
+  " + tag_impact + "
+
+  Affected Software/OS:
+  " + tag_affected + "
+
+  Solution:
+  " + tag_solution;
+
+  if (revcomp(a: OPENVAS_VERSION, b: "6.0+beta5") >= 0) {
+    script_tag(name : "summary" , value : tag_summary);
+    script_tag(name : "vuldetect" , value : tag_vuldetect);
+    script_tag(name : "insight" , value : tag_insight);
+    script_tag(name : "impact" , value : tag_impact);
+    script_tag(name : "affected" , value : tag_affected);
+    script_tag(name : "solution" , value : tag_solution);
+  }
+
+  script_description(desc);
+  script_xref(name : "URL" , value : "http://www.osvdb.com/108828");
+  script_xref(name : "URL" , value : "http://secunia.com/advisories/59774");
+  script_xref(name : "URL" , value : "http://helpx.adobe.com/security/products/flash-player/apsb14-17.html");
+  script_summary("Check for the vulnerable version of Adobe Flash Player on Windows");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2014 Greenbone Networks GmbH");
+  script_family("General");
+  script_dependencies("gb_adobe_flash_player_detect_win.nasl");
+  script_mandatory_keys("AdobeFlashPlayer/Win/Ver");
+  exit(0);
+}
+
+
+include("host_details.inc");
+include("version_func.inc");
+
+## Variable Initialization
+playerVer = "";
+
+## Get version
+if(!playerVer = get_app_version(cpe:CPE)){
+  error_message(data:"Failed to fetch adobe flash player version.");
+  exit(-1);
+}
+
+## Grep for vulnerable version
+if(version_is_less(version:playerVer, test_version:"13.0.0.231") ||
+   version_in_range(version:playerVer, test_version:"14.0.0", test_version2:"14.0.0.144"))
+{
+  security_message(0);
+  exit(0);
+}


Property changes on: scripts/2014/gb_adobe_flash_mult_vuln01_jul14_win.nasl
___________________________________________________________________
Added: svn:keywords
   + Author Revision Date Id

Added: scripts/2014/gb_axigen_mail_server_xss_vuln.nasl
===================================================================
--- scripts/2014/gb_axigen_mail_server_xss_vuln.nasl	                        (rev 0)
+++ scripts/2014/gb_axigen_mail_server_xss_vuln.nasl	2014-07-11 13:36:56 UTC (rev 560)
@@ -0,0 +1,128 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# AXIGEN Mail Server Email Message Cross-site Scripting Vulnerability
+#
+# Authors:
+# Shakeel <bshakeel at secpod.com>
+#
+# Copyright:
+# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+include("revisions-lib.inc");
+
+CPE = "cpe:/a:gecad_technologies:axigen_mail_server";
+
+if(description)
+{
+  script_oid("1.3.6.1.4.1.25623.1.0.804669");
+  script_version("$Revision$");
+  script_cve_id("CVE-2012-2592");
+  script_bugtraq_id(54899);
+  script_tag(name:"cvss_base", value:"4.3");
+  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
+  script_tag(name:"risk_factor", value:"Medium");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2014-07-07 14:34:53 +0530 (Mon, 07 Jul 2014)");
+  script_name("AXIGEN Mail Server Email Message Cross-site Scripting Vulnerability");
+
+  tag_summary =
+"This host is installed with Axigen Mail Server and is prone to cross-site
+scripting vulnerability.";
+
+  tag_vuldetect =
+"Get the installed version with the help of detect NVT and check the version
+is vulnerable or not.";
+
+  tag_insight =
+"Flaw is due to application which does not validate input passed via an email
+message before returning it to the user.";
+
+  tag_impact =
+"Successful exploitation will allow attackers to execute arbitrary script code
+in a user's browser within the trust relationship between their browser and the
+server.
+
+Impact Level: Application";
+
+  tag_affected =
+"Axigen Mail Server version 8.0.1";
+
+  tag_solution =
+"Upgrade to Axigen Mail Server version 8.1.0 or later,
+For updates refer http://www.axigen.com";
+
+  desc = "
+  Summary:
+  " + tag_summary + "
+
+  Vulnerability Detection:
+  " + tag_vuldetect + "
+
+  Vulnerability Insight:
+  " + tag_insight + "
+
+  Impact:
+  " + tag_impact + "
+
+  Affected Software/OS:
+  " + tag_affected + "
+
+  Solution:
+  " + tag_solution;
+
+  if (revcomp(a: OPENVAS_VERSION, b: "6.0+beta5") >= 0) {
+    script_tag(name : "summary" , value : tag_summary);
+    script_tag(name : "vuldetect" , value : tag_vuldetect);
+    script_tag(name : "insight" , value : tag_insight);
+    script_tag(name : "impact" , value : tag_impact);
+    script_tag(name : "affected" , value : tag_affected);
+    script_tag(name : "solution" , value : tag_solution);
+  }
+
+  script_description(desc);
+  script_xref(name : "URL" , value : "http://www.osvdb.com/84526");
+  script_xref(name : "URL" , value : "http://secunia.com/advisories/50062");
+  script_xref(name : "URL" , value : "http://xforce.iss.net/xforce/xfdb/77515");
+  script_summary("Check for the vulnerable version of Axigen Mail Server");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2014 Greenbone Networks GmbH");
+  script_family("Web application abuses");
+  script_dependencies("axigen_web_detect.nasl");
+  script_mandatory_keys("axigen/installed");
+  exit(0);
+}
+
+
+include("host_details.inc");
+include("version_func.inc");
+
+## Variable Initialization
+axigenVer = "";
+
+## Get version
+if(!axigenVer = get_app_version(cpe:CPE)){
+  exit(0);
+}
+
+# Check for vulnerable version
+if(version_is_equal(version:axigenVer, test_version:"8.0.1"))
+{
+  security_message(0);
+  exit(0);
+}


Property changes on: scripts/2014/gb_axigen_mail_server_xss_vuln.nasl
___________________________________________________________________
Added: svn:keywords
   + Author Revision Date Id

Added: scripts/2014/gb_frams_fast_file_exchange_mult_vuln.nasl
===================================================================
--- scripts/2014/gb_frams_fast_file_exchange_mult_vuln.nasl	                        (rev 0)
+++ scripts/2014/gb_frams_fast_file_exchange_mult_vuln.nasl	2014-07-11 13:36:56 UTC (rev 560)
@@ -0,0 +1,155 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Frams&qt Fast File EXchange Multiple Vulnerabilities
+#
+# Authors:
+# Shakeel <bshakeel at secpod.com>
+#
+# Copyright:
+# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+include("revisions-lib.inc");
+
+if(description)
+{
+  script_oid("1.3.6.1.4.1.25623.1.0.804664");
+  script_version("$Revision$");
+  script_cve_id("CVE-2014-3876", "CVE-2014-3877", "CVE-2014-3875");
+  script_bugtraq_id(67785, 67788, 67783);
+  script_tag(name:"cvss_base", value:"4.3");
+  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
+  script_tag(name:"risk_factor", value:"Medium");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2014-07-04 10:06:54 +0530 (Fri, 04 Jul 2014)");
+  script_name("Frams&qt Fast File EXchange Multiple Vulnerabilities");
+
+  tag_summary =
+"This host is installed with Frams&qt Fast File EXchange and is prone to
+multiple vulnerabilities.";
+
+  tag_vuldetect =
+"Send a crafted data via HTTP GET request and check whether it is possible to
+read a given string.";
+
+  tag_insight =
+"Multiple flaws are due to,
+- An input passed via the 'akey' parameter to /rup is not properly sanitised before
+  being returned to the user.
+- An input passed via the 'addto' parameter to /fup is not properly sanitised
+  before being returned to the user.
+- An input passed via the 'disclaimer' and 'gm' parameters to /fuc is not properly
+  sanitised before being returned to the user.
+- Application allows users to perform certain actions via HTTP requests without
+  performing proper validity checks to verify the requests.";
+
+ tag_impact =
+"Successful exploitation will allow attacker to conduct HTTP response splitting,
+conduct request forgery attacks and execute arbitrary HTML and script code in a
+user's browser session in the context of an affected site.
+
+Impact Level: Application";
+
+  tag_affected =
+"Frams&qt Fast File EXchange before version 20140526";
+
+  tag_solution =
+"Upgrade to Frams&qt Fast File EXchange version 20140526 or later.
+For updates refer to http://fex.rus.uni-stuttgart.de";
+
+  desc = "
+  Summary:
+  " + tag_summary + "
+
+  Vulnerability Detection:
+  " + tag_vuldetect + "
+
+  Vulnerability Insight:
+  " + tag_insight + "
+
+  Impact:
+  " + tag_impact + "
+
+  Affected Software/OS:
+  " + tag_affected + "
+
+  Solution:
+  " + tag_solution;
+
+  if (revcomp(a: OPENVAS_VERSION, b: "6.0+beta5") >= 0) {
+    script_tag(name : "summary" , value : tag_summary);
+    script_tag(name : "vuldetect" , value : tag_vuldetect);
+    script_tag(name : "insight" , value : tag_insight);
+    script_tag(name : "impact" , value : tag_impact);
+    script_tag(name : "affected" , value : tag_affected);
+    script_tag(name : "solution" , value : tag_solution);
+  }
+
+  script_description(desc);
+  script_xref(name : "URL" , value : "http://www.osvdb.com/107662");
+  script_xref(name : "URL" , value : "http://www.osvdb.com/107660");
+  script_xref(name : "URL" , value : "http://www.osvdb.com/107661");
+  script_xref(name : "URL" , value : "http://secunia.com/advisories/58486");
+  script_xref(name : "URL" , value : "http://seclists.org/oss-sec/2014/q2/405");
+  script_xref(name : "URL" , value : "http://fex.rus.uni-stuttgart.de/fex.html");
+  script_xref(name : "URL" , value : "http://packetstormsecurity.com/files/126906");
+  script_xref(name : "URL" , value : "https://www.lsexperts.de/advisories/lse-2014-05-22.txt");
+  script_summary("Check if Frams&qt Fast File EXchange is vulnerable to XSS");
+  script_category(ACT_ATTACK);
+  script_copyright("Copyright (C) 2014 Greenbone Networks GmbH");
+  script_family("Web application abuses");
+  script_dependencies("find_service.nasl");
+  script_require_ports("Services/www", 8080);
+  exit(0);
+}
+
+include("http_func.inc");
+include("http_keepalive.inc");
+
+## Variable Initialization
+url = "";
+req = "";
+res = "";
+fexPort = "";
+
+## Get HTTP Port
+fexPort = get_http_port(default:8080);
+if(!fexPort){
+  fexPort = 8080;
+}
+
+## Check the port state
+if(!get_port_state(fexPort)){
+  exit(0);
+}
+
+## Get the banner and confirm application
+banner = get_http_banner(port:fexPort);
+if(!banner || "Server: fexsrv" >!< banner){
+  exit(0);
+}
+
+## Construct the Attack Request
+url = "/rup?akey=foo%22%20onmouseover=alert%28%22XSS-test%22%29%20bar=%22";
+
+## Try attack and check the response to confirm vulnerability.
+if(http_vuln_check(port:fexPort, url:url, check_header:TRUE,
+                   pattern:'onmouseover=alert.*XSS-test.*bar',
+                   extra_check: make_list('F*EX operation control<', 'F*EX redirect<'))){
+  security_message(fexPort);
+}


Property changes on: scripts/2014/gb_frams_fast_file_exchange_mult_vuln.nasl
___________________________________________________________________
Added: svn:keywords
   + Author Revision Date Id

Added: scripts/2014/gb_wireshark_frame_metadissector_dos_vuln_macosx.nasl
===================================================================
--- scripts/2014/gb_wireshark_frame_metadissector_dos_vuln_macosx.nasl	                        (rev 0)
+++ scripts/2014/gb_wireshark_frame_metadissector_dos_vuln_macosx.nasl	2014-07-11 13:36:56 UTC (rev 560)
@@ -0,0 +1,130 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Wireshark 'Frame Metadissector' Denial of Service Vulnerability (Mac OS X)
+#
+# Authors:
+# Shakeel <bshakeel at secpod.com>
+#
+# Copyright:
+# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+include("revisions-lib.inc");
+
+CPE = "cpe:/a:wireshark:wireshark";
+
+if(description)
+{
+  script_oid("1.3.6.1.4.1.25623.1.0.804667");
+  script_version("$Revision$");
+  script_cve_id("CVE-2014-4020");
+  script_bugtraq_id(68044);
+  script_tag(name:"cvss_base", value:"4.3");
+  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:N/A:P");
+  script_tag(name:"risk_factor", value:"Medium");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2014-07-07 10:17:26 +0530 (Mon, 07 Jul 2014)");
+  script_name("Wireshark 'Frame Metadissector' Denial of Service Vulnerability (Mac OS X)");
+
+  tag_summary =
+"This host is installed with Wireshark and is prone to denial of service
+vulnerability.";
+
+  tag_vuldetect =
+"Get the installed version with the help of detect NVT and check the version
+is vulnerable or not.";
+
+  tag_insight =
+"Flaw is due to an error in 'dissect_frame' function in
+epan/dissectors/packet-frame.c within the frame metadissector.";
+
+  tag_impact =
+"Successful exploitation will allow attackers to conduct a DoS
+(Denial of Service) attack.
+
+Impact Level: Application";
+
+  tag_affected =
+"Wireshark version 1.10.0 through 1.10.7 on Mac OS X";
+
+  tag_solution =
+"Upgrade to Wireshark version 1.10.8 or later,
+For updates refer to http://www.wireshark.org/download";
+
+  desc = "
+  Summary:
+  " + tag_summary + "
+
+  Vulnerability Detection:
+  " + tag_vuldetect + "
+
+  Vulnerability Insight:
+  " + tag_insight + "
+
+  Impact:
+  " + tag_impact + "
+
+  Affected Software/OS:
+  " + tag_affected + "
+
+  Solution:
+  " + tag_solution;
+
+  if (revcomp(a: OPENVAS_VERSION, b: "6.0+beta5") >= 0) {
+    script_tag(name : "summary" , value : tag_summary);
+    script_tag(name : "vuldetect" , value : tag_vuldetect);
+    script_tag(name : "insight" , value : tag_insight);
+    script_tag(name : "impact" , value : tag_impact);
+    script_tag(name : "affected" , value : tag_affected);
+    script_tag(name : "solution" , value : tag_solution);
+  }
+
+  script_description(desc);
+  script_xref(name : "URL" , value : "http://www.osvdb.com/108064");
+  script_xref(name : "URL" , value : "http://secunia.com/advisories/58832");
+  script_xref(name : "URL" , value : "http://www.wireshark.org/security/wnpa-sec-2014-07.html");
+  script_summary("Check for the vulnerable version of Wireshark on Mac OS X");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2014 Greenbone Networks GmbH");
+  script_family("General");
+  script_dependencies("gb_wireshark_detect_macosx.nasl");
+  script_mandatory_keys("Wireshark/MacOSX/Version");
+  exit(0);
+}
+
+
+include("host_details.inc");
+include("version_func.inc");
+
+## Variable Initialization
+sharkVer = "";
+
+## Get version
+if(!sharkVer = get_app_version(cpe:CPE)){
+  exit(0);
+}
+
+# Check for vulnerable version
+if(sharkVer  =~ "^(1\.10)")
+{
+  if(version_in_range(version:sharkVer, test_version:"1.10.0", test_version2:"1.10.7"))
+  {
+    security_message(0);
+    exit(0);
+  }
+}


Property changes on: scripts/2014/gb_wireshark_frame_metadissector_dos_vuln_macosx.nasl
___________________________________________________________________
Added: svn:keywords
   + Author Revision Date Id

Added: scripts/2014/gb_wireshark_frame_metadissector_dos_vuln_win.nasl
===================================================================
--- scripts/2014/gb_wireshark_frame_metadissector_dos_vuln_win.nasl	                        (rev 0)
+++ scripts/2014/gb_wireshark_frame_metadissector_dos_vuln_win.nasl	2014-07-11 13:36:56 UTC (rev 560)
@@ -0,0 +1,130 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Wireshark 'Frame Metadissector' Denial of Service Vulnerability (Windows)
+#
+# Authors:
+# Shakeel <bshakeel at secpod.com>
+#
+# Copyright:
+# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+include("revisions-lib.inc");
+
+CPE = "cpe:/a:wireshark:wireshark";
+
+if(description)
+{
+  script_oid("1.3.6.1.4.1.25623.1.0.804665");
+  script_version("$Revision$");
+  script_cve_id("CVE-2014-4020");
+  script_bugtraq_id(68044);
+  script_tag(name:"cvss_base", value:"4.3");
+  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:N/A:P");
+  script_tag(name:"risk_factor", value:"Medium");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2014-07-07 10:00:15 +0530 (Mon, 07 Jul 2014)");
+  script_name("Wireshark 'Frame Metadissector' Denial of Service Vulnerability (Windows)");
+
+  tag_summary =
+"This host is installed with Wireshark and is prone to denial of service
+vulnerability.";
+
+  tag_vuldetect =
+"Get the installed version with the help of detect NVT and check the version
+is vulnerable or not.";
+
+  tag_insight =
+"Flaw is due to an error in 'dissect_frame' function in
+epan/dissectors/packet-frame.c within the frame metadissector.";
+
+  tag_impact =
+"Successful exploitation will allow attackers to conduct a DoS
+(Denial of Service) attack.
+
+Impact Level: Application";
+
+  tag_affected =
+"Wireshark version 1.10.0 through 1.10.7 on Windows";
+
+  tag_solution =
+"Upgrade to Wireshark version 1.10.8 or later,
+For updates refer to http://www.wireshark.org/download";
+
+  desc = "
+  Summary:
+  " + tag_summary + "
+
+  Vulnerability Detection:
+  " + tag_vuldetect + "
+
+  Vulnerability Insight:
+  " + tag_insight + "
+
+  Impact:
+  " + tag_impact + "
+
+  Affected Software/OS:
+  " + tag_affected + "
+
+  Solution:
+  " + tag_solution;
+
+  if (revcomp(a: OPENVAS_VERSION, b: "6.0+beta5") >= 0) {
+    script_tag(name : "summary" , value : tag_summary);
+    script_tag(name : "vuldetect" , value : tag_vuldetect);
+    script_tag(name : "insight" , value : tag_insight);
+    script_tag(name : "impact" , value : tag_impact);
+    script_tag(name : "affected" , value : tag_affected);
+    script_tag(name : "solution" , value : tag_solution);
+  }
+
+  script_description(desc);
+  script_xref(name : "URL" , value : "http://www.osvdb.com/108064");
+  script_xref(name : "URL" , value : "http://secunia.com/advisories/58832");
+  script_xref(name : "URL" , value : "http://www.wireshark.org/security/wnpa-sec-2014-07.html");
+  script_summary("Check for the vulnerable version of Wireshark on Windows");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2014 Greenbone Networks GmbH");
+  script_family("General");
+  script_dependencies("gb_wireshark_detect_win.nasl");
+  script_mandatory_keys("Wireshark/Win/Ver");
+  exit(0);
+}
+
+
+include("host_details.inc");
+include("version_func.inc");
+
+## Variable Initialization
+sharkVer = "";
+
+## Get version
+if(!sharkVer = get_app_version(cpe:CPE)){
+  exit(0);
+}
+
+# Check for vulnerable version
+if(sharkVer  =~ "^(1\.10)")
+{
+  if(version_in_range(version:sharkVer, test_version:"1.10.0", test_version2:"1.10.7"))
+  {
+    security_message(0);
+    exit(0);
+  }
+}


Property changes on: scripts/2014/gb_wireshark_frame_metadissector_dos_vuln_win.nasl
___________________________________________________________________
Added: svn:keywords
   + Author Revision Date Id

Added: scripts/2014/gb_wireshark_libpcap_dos_n_code_exec_vuln_macosx.nasl
===================================================================
--- scripts/2014/gb_wireshark_libpcap_dos_n_code_exec_vuln_macosx.nasl	                        (rev 0)
+++ scripts/2014/gb_wireshark_libpcap_dos_n_code_exec_vuln_macosx.nasl	2014-07-11 13:36:56 UTC (rev 560)
@@ -0,0 +1,131 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Wireshark 'Libpcap' Denial of Service and Code Execution Vulnerabilities (Mac OS X)
+#
+# Authors:
+# Shakeel <bshakeel at secpod.com>
+#
+# Copyright:
+# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+include("revisions-lib.inc");
+
+CPE = "cpe:/a:wireshark:wireshark";
+
+if(description)
+{
+  script_oid("1.3.6.1.4.1.25623.1.0.804668");
+  script_version("$Revision$");
+  script_cve_id("CVE-2014-4174");
+  script_bugtraq_id(66755);
+  script_tag(name:"cvss_base", value:"9.3");
+  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2014-07-07 10:18:34 +0530 (Mon, 07 Jul 2014)");
+  script_name("Wireshark 'Libpcap' Denial of Service and Code Execution Vulnerabilities (Mac OS X)");
+
+  tag_summary =
+"This host is installed with Wireshark and is prone to denial of service and
+remote code execution vulnerabilities.";
+
+  tag_vuldetect =
+"Get the installed version with the help of detect NVT and check the version
+is vulnerable or not.";
+
+  tag_insight =
+"Flaw is due to an unspecified error in 'wiretap/libpcap.c' within the libpcap
+file parser.";
+
+  tag_impact =
+"Successful exploitation will allow attackers to cause a DoS (Denial of Service)
+and compromise a vulnerable system.
+
+Impact Level: System/Application";
+
+  tag_affected =
+"Wireshark version 1.10.x before 1.10.4 on Mac OS X";
+
+  tag_solution =
+"Upgrade to Wireshark version 1.10.4 or later,
+For updates refer to http://www.wireshark.org/download";
+
+  desc = "
+  Summary:
+  " + tag_summary + "
+
+  Vulnerability Detection:
+  " + tag_vuldetect + "
+
+  Vulnerability Insight:
+  " + tag_insight + "
+
+  Impact:
+  " + tag_impact + "
+
+  Affected Software/OS:
+  " + tag_affected + "
+
+  Solution:
+  " + tag_solution;
+
+  if (revcomp(a: OPENVAS_VERSION, b: "6.0+beta5") >= 0) {
+    script_tag(name : "summary" , value : tag_summary);
+    script_tag(name : "vuldetect" , value : tag_vuldetect);
+    script_tag(name : "insight" , value : tag_insight);
+    script_tag(name : "impact" , value : tag_impact);
+    script_tag(name : "affected" , value : tag_affected);
+    script_tag(name : "solution" , value : tag_solution);
+  }
+
+  script_description(desc);
+  script_xref(name : "URL" , value : "http://www.osvdb.com/105628");
+  script_xref(name : "URL" , value : "http://secunia.com/advisories/57801");
+  script_xref(name : "URL" , value : "https://www.hkcert.org/my_url/en/alert/14041102");
+  script_xref(name : "URL" , value : "http://www.wireshark.org/security/wnpa-sec-2014-05.html");
+  script_summary("Check for the vulnerable version of Wireshark on Mac OS X");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2014 Greenbone Networks GmbH");
+  script_family("General");
+  script_dependencies("gb_wireshark_detect_macosx.nasl");
+  script_mandatory_keys("Wireshark/MacOSX/Version");
+  exit(0);
+}
+
+
+include("host_details.inc");
+include("version_func.inc");
+
+## Variable Initialization
+sharkVer = "";
+
+## Get version
+if(!sharkVer = get_app_version(cpe:CPE)){
+  exit(0);
+}
+
+# Check for vulnerable version
+if(sharkVer  =~ "^(1\.10)")
+{
+  if(version_in_range(version:sharkVer, test_version:"1.10.0", test_version2:"1.10.3"))
+  {
+    security_message(0);
+    exit(0);
+  }
+}


Property changes on: scripts/2014/gb_wireshark_libpcap_dos_n_code_exec_vuln_macosx.nasl
___________________________________________________________________
Added: svn:keywords
   + Author Revision Date Id

Added: scripts/2014/gb_wireshark_libpcap_dos_n_code_exec_vuln_win.nasl
===================================================================
--- scripts/2014/gb_wireshark_libpcap_dos_n_code_exec_vuln_win.nasl	                        (rev 0)
+++ scripts/2014/gb_wireshark_libpcap_dos_n_code_exec_vuln_win.nasl	2014-07-11 13:36:56 UTC (rev 560)
@@ -0,0 +1,131 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Wireshark 'Libpcap' Denial of Service and Code Execution Vulnerabilities (Windows)
+#
+# Authors:
+# Shakeel <bshakeel at secpod.com>
+#
+# Copyright:
+# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+include("revisions-lib.inc");
+
+CPE = "cpe:/a:wireshark:wireshark";
+
+if(description)
+{
+  script_oid("1.3.6.1.4.1.25623.1.0.804666");
+  script_version("$Revision$");
+  script_cve_id("CVE-2014-4174");
+  script_bugtraq_id(66755);
+  script_tag(name:"cvss_base", value:"9.3");
+  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2014-07-07 10:20:48 +0530 (Mon, 07 Jul 2014)");
+  script_name("Wireshark 'Libpcap' Denial of Service and Code Execution Vulnerabilities (Windows)");
+
+  tag_summary =
+"This host is installed with Wireshark and is prone to denial of service and
+remote code execution vulnerabilities.";
+
+  tag_vuldetect =
+"Get the installed version with the help of detect NVT and check the version
+is vulnerable or not.";
+
+  tag_insight =
+"Flaw is due to an unspecified error in 'wiretap/libpcap.c' within the libpcap
+file parser.";
+
+  tag_impact =
+"Successful exploitation will allow attackers to cause a DoS (Denial of Service)
+and compromise a vulnerable system.
+
+Impact Level: System/Application";
+
+  tag_affected =
+"Wireshark version 1.10.x before 1.10.4 on Windows";
+
+  tag_solution =
+"Upgrade to Wireshark version 1.10.4 or later,
+For updates refer to http://www.wireshark.org/download";
+
+  desc = "
+  Summary:
+  " + tag_summary + "
+
+  Vulnerability Detection:
+  " + tag_vuldetect + "
+
+  Vulnerability Insight:
+  " + tag_insight + "
+
+  Impact:
+  " + tag_impact + "
+
+  Affected Software/OS:
+  " + tag_affected + "
+
+  Solution:
+  " + tag_solution;
+
+  if (revcomp(a: OPENVAS_VERSION, b: "6.0+beta5") >= 0) {
+    script_tag(name : "summary" , value : tag_summary);
+    script_tag(name : "vuldetect" , value : tag_vuldetect);
+    script_tag(name : "insight" , value : tag_insight);
+    script_tag(name : "impact" , value : tag_impact);
+    script_tag(name : "affected" , value : tag_affected);
+    script_tag(name : "solution" , value : tag_solution);
+  }
+
+  script_description(desc);
+  script_xref(name : "URL" , value : "http://www.osvdb.com/105628");
+  script_xref(name : "URL" , value : "http://secunia.com/advisories/57801");
+  script_xref(name : "URL" , value : "https://www.hkcert.org/my_url/en/alert/14041102");
+  script_xref(name : "URL" , value : "http://www.wireshark.org/security/wnpa-sec-2014-05.html");
+  script_summary("Check for the vulnerable version of Wireshark on Windows");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2014 Greenbone Networks GmbH");
+  script_family("General");
+  script_dependencies("gb_wireshark_detect_win.nasl");
+  script_mandatory_keys("Wireshark/Win/Ver");
+  exit(0);
+}
+
+
+include("host_details.inc");
+include("version_func.inc");
+
+## Variable Initialization
+sharkVer = "";
+
+## Get version
+if(!sharkVer = get_app_version(cpe:CPE)){
+  exit(0);
+}
+
+# Check for vulnerable version
+if(sharkVer  =~ "^(1\.10)")
+{
+  if(version_in_range(version:sharkVer, test_version:"1.10.0", test_version2:"1.10.3"))
+  {
+    security_message(0);
+    exit(0);
+  }
+}


Property changes on: scripts/2014/gb_wireshark_libpcap_dos_n_code_exec_vuln_win.nasl
___________________________________________________________________
Added: svn:keywords
   + Author Revision Date Id

Modified: scripts/2014/gb_wordpress_bib2html_xss_vuln.nasl
===================================================================
--- scripts/2014/gb_wordpress_bib2html_xss_vuln.nasl	2014-07-11 11:04:10 UTC (rev 559)
+++ scripts/2014/gb_wordpress_bib2html_xss_vuln.nasl	2014-07-11 13:36:56 UTC (rev 560)
@@ -25,12 +25,15 @@
 ###############################################################################
 
 include("revisions-lib.inc");
+
 CPE = "cpe:/a:wordpress:wordpress";
 
 if(description)
 {
   script_oid("1.3.6.1.4.1.25623.1.0.804592");
   script_version("$Revision$");
+  script_cve_id("CVE-2014-3870");
+  script_bugtraq_id(67589);
   script_tag(name:"cvss_base", value:"4.3");
   script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:N/A:N");
   script_tag(name:"risk_factor", value:"Medium");

Added: scripts/2014/gb_wp-ecommerce-shop-styling_rfi_vuln.nasl
===================================================================
--- scripts/2014/gb_wp-ecommerce-shop-styling_rfi_vuln.nasl	                        (rev 0)
+++ scripts/2014/gb_wp-ecommerce-shop-styling_rfi_vuln.nasl	2014-07-11 13:36:56 UTC (rev 560)
@@ -0,0 +1,147 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# WordPress WP ecommerce Shop Styling 'dompdf' Remote File Inclusion Vulnerability
+#
+# Authors:
+# Thanga Prakash S <tprakash at secpod.com>
+#
+# Copyright:
+# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+include("revisions-lib.inc");
+CPE = "cpe:/a:wordpress:wordpress";
+
+if(description)
+{
+  script_oid("1.3.6.1.4.1.25623.1.0.804709");
+  script_version("$Revision$");
+  script_cve_id("CVE-2013-0724");
+  script_bugtraq_id(57768);
+  script_tag(name:"cvss_base", value:"7.5");
+  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
+  script_tag(name:"risk_factor", value:"High");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2014-07-07 12:27:51 +0530 (Mon, 07 Jul 2014)");
+  script_name("WordPress WP ecommerce Shop Styling 'dompdf' Remote File Inclusion Vulnerability");
+
+  tag_summary =
+"This host is installed with WordPress WP ecommerce Shop Styling Plugin and
+is prone to remote file inclusion vulnerability.";
+
+  tag_vuldetect =
+"Send a crafted data via HTTP GET request and check whether it is able to read
+cookie or not.";
+
+  tag_insight =
+"Input passed via the 'id' HTTP GET parameter to /lp/index.php script is not
+properly sanitised before returning to the user.";
+
+  tag_impact =
+"Successful exploitation may allow an attacker to obtain sensitive information,
+which can lead to launching further attacks.
+
+Impact Level: Application";
+
+  tag_affected =
+"WordPress WP ecommerce Shop Styling Plugin version 1.7.2, Other version may
+also be affected.";
+
+  tag_solution =
+"Upgrade to version 1.8 or higher.
+For updates refer to http://wordpress.org/plugins/wp-ecommerce-shop-styling";
+
+  desc = "
+  Summary:
+  " + tag_summary + "
+
+  Vulnerability Detection:
+  " + tag_vuldetect + "
+
+  Vulnerability Insight:
+  " + tag_insight + "
+
+  Impact:
+  " + tag_impact + "
+
+  Affected Software/OS:
+  " + tag_affected + "
+
+  Solution:
+  " + tag_solution;
+
+  if (revcomp(a: OPENVAS_VERSION, b: "6.0+beta5") >= 0) {
+    script_tag(name : "summary" , value : tag_summary);
+    script_tag(name : "vuldetect" , value : tag_vuldetect);
+    script_tag(name : "insight" , value : tag_insight);
+    script_tag(name : "impact" , value : tag_impact);
+    script_tag(name : "affected" , value : tag_affected);
+    script_tag(name : "solution" , value : tag_solution);
+  }
+
+  script_description(desc);
+  script_xref(name : "URL" , value : "http://www.osvdb.com/89921");
+  script_xref(name : "URL" , value : "http://secunia.com/advisories/51707");
+  script_xref(name : "URL" , value : "http://xforce.iss.net/xforce/xfdb/81931");
+  script_summary("Check if WordPress WP ecommerce Shop Styling is prone to remote file disclosure vulnerability");
+  script_category(ACT_ATTACK);
+  script_copyright("Copyright (C) 2014 Greenbone Networks GmbH");
+  script_family("Web application abuses");
+  script_dependencies("secpod_wordpress_detect_900182.nasl");
+  script_mandatory_keys("wordpress/installed");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("http_keepalive.inc");
+include("host_details.inc");
+
+## Variable Initialization
+http_port = 0;
+dir = "";
+url = "";
+
+## Get HTTP Port
+if(!http_port = get_app_port(cpe:CPE)){
+  exit(0);
+}
+
+## Get WordPress Location
+if(!dir = get_app_location(cpe:CPE, port:http_port)){
+  error_message(data:"Failed to get wordpress installed path");
+  exit(-1);
+}
+
+files = traversal_files();
+
+foreach file (keys(files))
+{
+  ## Construct the attack request
+  url = dir + '/wp-content/plugins/wp-ecommerce-shop-styling'
+            + '/includes/generate-pdf.php?dompdf='
+            + crap(data:"../", length:9*6) + files[file];
+
+  ## Confirm exploit worked properly or not
+  if(http_vuln_check(port:http_port, url:url, check_header:TRUE, pattern:file))
+  {
+    security_message(http_port);
+    exit(0);
+  }
+}


Property changes on: scripts/2014/gb_wp-ecommerce-shop-styling_rfi_vuln.nasl
___________________________________________________________________
Added: svn:keywords
   + Author Revision Date Id

Modified: scripts/2014/gb_zerocms_priv_esc_n_sql_inj_vuln.nasl
===================================================================
--- scripts/2014/gb_zerocms_priv_esc_n_sql_inj_vuln.nasl	2014-07-11 11:04:10 UTC (rev 559)
+++ scripts/2014/gb_zerocms_priv_esc_n_sql_inj_vuln.nasl	2014-07-11 13:36:56 UTC (rev 560)
@@ -30,8 +30,8 @@
 {
   script_oid("1.3.6.1.4.1.25623.1.0.804640");
   script_version("$Revision$");
-  script_cve_id("CVE-2014-4034");
-  script_bugtraq_id(67953);
+  script_cve_id("CVE-2014-4034", "CVE-2014-4195");
+  script_bugtraq_id(67953, 68246);
   script_tag(name:"cvss_base", value:"7.5");
   script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
   script_tag(name:"risk_factor", value:"High");
@@ -40,8 +40,8 @@
   script_name("ZeroCMS Privilege Escalation & SQL Injection Vulnerabilities");
 
   tag_summary =
-"The host is installed with ZeroCMS and is prone to privilege escalation and
-sql injection vulnerabilities.";
+"The host is installed with ZeroCMS and is prone to privilege escalation,
+cross-site scripting and sql injection vulnerabilities.";
 
   tag_vuldetect =
 "Send a crafted data via HTTP GET request and check whether it is able
@@ -53,9 +53,10 @@
 not properly sanitised before being used.";
 
   tag_impact =
-"Successful exploitation will allow attacker to gain unauthorized privileges
-and manipulate SQL queries in the backend database allowing for the manipulation
-or disclosure of arbitrary data.
+"Successful exploitation will allow attacker to gain unauthorized privileges and
+manipulate SQL queries in the backend database allowing for the manipulation
+or disclosure of arbitrary data, execute arbitrary HTML and script code in
+a user's browser session in the context of an affected site.
 
 Impact Level: Application";
 
@@ -63,7 +64,7 @@
 "ZeroCMS version 1.0";
 
   tag_solution =
-"No solution or patch is available as of 16th, June 2014. Information
+"No solution or patch is available as of 11th, July 2014. Information
 regarding this issue will be updated once the solution details are available.
 or updates refer to http://www.aas9.in/zerocms";
 
@@ -97,10 +98,12 @@
 
   script_description(desc);
   script_xref(name : "URL" , value : "http://www.osvdb.com/108025");
+  script_xref(name : "URL" , value : "http://www.osvdb.com/108475");
   script_xref(name : "URL" , value : "http://www.osvdb.com/107946");
   script_xref(name : "URL" , value : "http://www.exploit-db.com/exploits/33743");
   script_xref(name : "URL" , value : "http://www.exploit-db.com/exploits/33702");
   script_xref(name : "URL" , value : "http://packetstormsecurity.com/files/127005");
+  script_xref(name : "URL" , value : "http://packetstormsecurity.com/files/127262");
   script_xref(name : "URL" , value : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5186.php");
   script_summary("Check if ZeroCMS is vulnerable to sql injection");
   script_category(ACT_ATTACK);

Modified: scripts/axigen_web_detect.nasl
===================================================================
--- scripts/axigen_web_detect.nasl	2014-07-11 11:04:10 UTC (rev 559)
+++ scripts/axigen_web_detect.nasl	2014-07-11 13:36:56 UTC (rev 560)
@@ -7,8 +7,11 @@
 # Authors:
 # Michael Meyer
 #
+# Updated By Shakeel <bshakeel at secpod.com> on 07-07-2014
+# According to CR57 and new script style
+#
 # Copyright:
-# Copyright (c) 2009 Greenbone Networks GmbH
+# Copyright (C) 2009 Greenbone Networks GmbH
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2
@@ -25,102 +28,107 @@
 ###############################################################################
 
 include("revisions-lib.inc");
-tag_summary = "Axigen :::AXIGEN_WEBTOOL::: is running at this Port.";
 
-# need desc here to modify it later in script.
-desc = "
+if (description)
+{
+  script_oid("1.3.6.1.4.1.25623.1.0.100176");
+  script_version("$Revision$");
+  script_tag(name:"cvss_base", value:"0.0");
+  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:N");
+  script_tag(name:"risk_factor", value:"None");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2009-05-02 19:46:33 +0200 (Sat, 02 May 2009)");
+  script_tag(name:"detection", value:"remote probe");
+  script_name("Axigen Web Detection");
 
- Summary:
- " + tag_summary;
+  tag_summary =
+"Detection of installed version of Axigen.
 
+This script sends HTTP GET request and try to get the version from the
+response, and sets the result in KB.";
 
-if (description)
-{
- script_id(100176);
- script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:N");
- script_version("$Revision$");
- script_tag(name:"last_modification", value:"$Date$");
- script_tag(name:"creation_date", value:"2009-05-02 19:46:33 +0200 (Sat, 02 May 2009)");
- script_tag(name:"cvss_base", value:"0.0");
- script_tag(name:"risk_factor", value:"None");
+  desc = "
+  Summary:
+  " + tag_summary;
 
- script_name("Axigen Web Detection");  
+  if (revcomp(a: OPENVAS_VERSION, b: "6.0+beta5") >= 0) {
+    script_tag(name : "summary" , value : tag_summary);
+  }
 
- script_description(desc);
- script_summary("Checks for the presence of Axigen Webmail and Webadmin");
- script_category(ACT_GATHER_INFO);
- script_family("Service detection");
- script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH");
- script_dependencies("find_service.nasl", "http_version.nasl");
- script_require_ports("Services/www", 80);
- script_exclude_keys("Settings/disable_cgi_scanning");
- if (revcomp(a: OPENVAS_VERSION, b: "6.0+beta5") >= 0) {
-   script_tag(name : "summary" , value : tag_summary);
- }
- script_xref(name : "URL" , value : "http://www.axigen.com/");
- exit(0);
+  script_description(desc);
+  script_summary("Checks for the presence of Axigen Webmail and Webadmin");
+  script_category(ACT_GATHER_INFO);
+  script_family("Product detection");
+  script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH");
+  script_dependencies("find_service.nasl", "http_version.nasl");
+  script_require_ports("Services/www", 80);
+  script_exclude_keys("Settings/disable_cgi_scanning");
+  exit(0);
 }
 
+
 include("http_func.inc");
 include("http_keepalive.inc");
 include("global_settings.inc");
 include("cpe.inc");
 include("host_details.inc");
 
-## Constant values
-SCRIPT_OID  = "1.3.6.1.4.1.25623.1.0.100176";
-SCRIPT_DESC = "Axigen Web Detection";
+## Variable Initialization
+axPort = "";
+req = "";
+buf= "";
+app_found = "";
+version = "";
 
-port = get_http_port(default:80);
+## Get http port
+axPort = get_http_port(default:80);
+if(!axPort){
+  axPort = 80;
+}
 
-if(!get_port_state(port))exit(0);
+## Check the port status
+if(!get_port_state(axPort)){
+  exit(0);
+}
 
- url = string("/index.hsp?login="); 
- req = http_get(item:url, port:port);
- buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE);  
+##Construct URL
+url = string("/index.hsp?login=");
 
- if( buf == NULL )continue;
- if( egrep(pattern: 'Server: Axigen-.*', string: buf, icase: TRUE) )
- { 
-   
-    app_found = eregmatch(string: buf, pattern: 'Server: Axigen-(Webmail|Webadmin)',icase:TRUE);
+##Send the Request
+req = http_get(item:url, port:axPort);
+buf = http_keepalive_send_recv(port:axPort, data:req, bodyonly:FALSE);
 
-    axigen_app = app_found[1]; 
+if( buf == NULL ) exit(0);
 
-     desc = ereg_replace(
-        string:desc,
-        pattern:":::AXIGEN_WEBTOOL:::",
-        replace:axigen_app
-    );
+if(egrep(pattern: 'Server: Axigen-.*', string: buf, icase: TRUE) )
+{
+  app_found = eregmatch(string: buf, pattern: 'Server: Axigen-(Webmail|Webadmin)',icase:TRUE);
+  axigen_app = app_found[1];
 
-    vers = string("unknown");
+  vers = string("unknown");
+  ### try to get version.
+  version = eregmatch(string: buf, pattern: '<title>AXIGEN Web[mail|admin]+[^0-9]+([0-9.]+)</title>',icase:TRUE);
 
-    ### try to get version.
-    version = eregmatch(string: buf, pattern: '<title>AXIGEN Web[mail|admin]+[^0-9]+([0-9.]+)</title>',icase:TRUE);
-    
-    if ( !isnull(version[1]) ) {
-       vers=version[1];
-    } 
+  if (version[1]){
+    vers=version[1];
+  }
+  else
+  {
+    version = eregmatch(string: buf, pattern:">[V|v]ersion ([0-9.]+)<");
+    if(version)vers=version[1];
+  }
 
-    tmp_version = string(vers," under /");
-    set_kb_item(name: string("www/", port, "/axigen"), value: tmp_version);
-   
-    ## build cpe and store it as host_detail
-    cpe = build_cpe(value:tmp_version, exp:"^([0-9.]+)", base:"cpe:/a:gecad_technologies:axigen_mail_server:");
-    if(!isnull(cpe))
-       register_host_detail(name:"App", value:cpe, nvt:SCRIPT_OID, desc:SCRIPT_DESC);
+  tmp_version = string(vers," under /");
+  set_kb_item(name: string("www/", axPort, "/axigen"), value: tmp_version);
+  set_kb_item(name:"axigen/installed", value:TRUE);
 
-    info = string("\n\nAxigen Version '");
-    info += string(vers);
-    info += string("' was detected on the remote host\n");
+  ## build cpe and store it as host_detail
+  cpe = build_cpe(value:vers, exp:"^([0-9.]+)", base:"cpe:/a:gecad_technologies:axigen_mail_server:");
+  if(isnull(cpe))
+    cpe = "cpe:/a:gecad_technologies:axigen_mail_server";
 
-    desc = desc + info;    
-       
-       if(report_verbosity > 0) {
-         security_note(port:port,data:desc);
-       }
-       exit(0);
-  
- }
+  register_product(cpe:cpe, location:"/", port:axPort);
 
-exit(0);
+  log_message(data: build_detection_report(app:"Axigen", version:vers, install:"/",
+                                           cpe:cpe, concluded:vers));
+}


Property changes on: scripts/axigen_web_detect.nasl
___________________________________________________________________
Modified: svn:keywords
   - Id Revision Date
   + Author Revision Date Id



More information about the Openvas-nvts-commits mailing list