MCAFEE FOUNDSTONE FSL UPDATE

Transcription

1 MCAFEE FOUNDSTONE FSL UPDATE 2014-JUN-03 To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and updated checks included with this release. NEW CHECKS Microsoft Internet Explorer WeakMap Integer Divide-by-Zero Denial of Service Description A vulnerability in some versions of Microsoft Internet Explorer could lead to a denial of service. Observation A vulnerability in some versions of Microsoft Internet Explorer could lead to a denial of service. The flaw is due to an unspecified defect. Successful exploitation by a remote attacker could result in a denial of service condition Intel Indeo Video ir41_32.ax Crafted File Denial of Service CVE: CVE Description A vulnerability in some versions of Intel Indeo Video could lead to a denial of service. Observation A vulnerability in some versions of Intel Indeo Video could lead to a denial of service. The flaw lies in ir41_32.ax. Successful exploitation by a remote attacker could result in a denial of service condition Apache Tomcat Multiple Vulnerabilities Prior To CVE: CVE , CVE , CVE , CVE Description Multiple vulnerabilities are present in some versions of Apache Tomcat. Observation Apache Tomcat is a Java application server. Multiple vulnerabilities are present in some versions of Apache Tomcat. The flaws lie in multiple components. Successful

2 exploitation could allow an attacker to obtain sensitive information or cause denial of service. ENHANCED CHECKS The following checks have been updated. Enhancements may include optimizations, changes that reflect new information on a vulnerability and anything else that improves upon an existing FSL check PowerFTP Personal FTP Server Path Disclosure Category: General Vulnerability Assessment -> NonIntrusive -> Miscellaneous Check Version: 1.2 CVE: CVE WebSitePro win-c-sample.exe Path Disclosure Check Version: 1.2 CVE: CVE Oracle9iAS XSQLServlet XSQLConfig.xml disclosure Check Version: 1.2 CVE: CVE , CVE DISA IAVA: 2002-T-0006,2002-T Lotus Domino $defaultnav Information Disclosure Check Version: 1.2 CVE: CVE

3 875 - Microsoft IIS Anonymous Write Permissions Enabled Oracle WebDB Admin Backdoor Unauthorized Access Check Version: Microsoft IIS 4.0 /IISADMPWD/achg.htr Proxied Password Attack Check Version: CVE: CVE csmailto.cgi Command Execution Check Version: 1.2 CVE: CVE Compaq Web-Based Management default page CVE: CVE

4 Sun Chili!Soft ASP Administration Console Default Password Check Version: 1.2 CVE: CVE Oracle Web Listener Batch File Command Execution Check Version: 1.2 CVE: CVE Perl logbook.pl Command Execution Check Version: Morpheus FastTrack Service Identity Spoofing Vulnerability Check Version: 1.2 CVE: CVE , CVE Linksys WAP55AG Wireless Access Point User Access Vulnerability Category: Wireless Assessment -> NonIntrusive -> Wireless Check Version:

5 CVE: CVE Campas CGI Script Information Leakage Vulnerability Check Version: 1.3 CVE: CVE AdCycle Build.cgi Web Script Allows Unauthorized Access Check Version: 1.2 CVE: CVE CCBill Arbitrary Code Execution Vulnerability Check Version: Upload Lite Arbitrary File Upload and Execution Vulnerability Check Version: Alt-N MDaemon Local Privilege Escalation

6 Check Version: CVE: CVE w3who.dll ISAPI Buffer Overflow Category: General Vulnerability Assessment -> Intrusive -> Web Server Check Version: 1.1 CVE: CVE , CVE Microsoft HTML Help Workshop Buffer Overflow vulnerability Check Version: 1.95 CVE: CVE BLNews Path Parameter Vulnerability Check Version: CVE: CVE Nph-maillist Address Code Execution Category: General Vulnerability Assessment -> NonIntrusive -> Miscellaneous Check Version: CVE: CVE

7 Kootenay Web Whois Command Execution Check Version: CVE: CVE GAMSoft TelSrv Long Username Denial of Service Category: General Vulnerability Assessment -> Intrusive -> UNIX Check Version: CVE: CVE , CVE , CVE , CVE , CVE MSN ActiveX Setup BBS Buffer Overflow Check Version: CVE: CVE Microsoft Internet Explorer Window Injection Vulnerability Check Version: CVE: CVE

8 NetGear Wireless Driver Long Beacon Stack Overflow Check Version: CVE: CVE Oracle Portal HTTP Response Splitting Check Version: CVE: CVE , CVE , CVE Microsoft Visual Studio.CNT Buffer Overflow Check Version: CVE: CVE , CVE Microsoft Help Workshop.CNT Files Buffer Overflow Check Version: CVE: CVE , CVE Microsoft Visual Studio.HPJ Buffer Overflow

9 Check Version: CVE: CVE , CVE FactoSystem Weblog Multiple SQL Injection Vulnerabilities Check Version: CVE: CVE Microsoft Windows Explorer DOC File Crash Check Version: CVE: CVE Microsoft Word wwlib.dll Heap Buffer Overflow Check Version: CVE: CVE Microsoft Windows HLP File Handling Heap Buffer Overflow Check Version: CVE: CVE

10 Microsoft Internet Information Services Remote DoS Check Version: CVE: CVE Microsoft Windows XP GDI+.ICO Handling DoS Vulnerability Check Version: CVE: CVE Microsoft Office MSODataSourceControl ActiveX Control Vulnerability Check Version: CVE: CVE Microsoft Internet Explorer FTP Access Information Disclosure Check Version: CVE: CVE

11 VMware vstor-ws60.sys Vulnerability Check Version: CVE: CVE , CVE Microsoft Windows Media Player HTML Backdooring Vulnerability Check Version: CVE: CVE Sun JRE isinstalled.dnsresolve Overflow Check Version: CVE: CVE Symantec Veritas Backup Exec For Windows Servers Unspecified Vulnerability Check Version: CVE: CVE RealNetworks RealPlayer Unspecified Buffer Overflow

12 CVE: CVE Microsoft Visual InterDev.sln Vulnerability CVE: CVE , CVE Microsoft Works WkImgSrv.dll ActiveX Vulnerability CVE: CVE Apple QuickTime Crafted MOV File Code Execution CVE: CVE Microsoft Internet Explorer Cross-Zone Scripting Vulnerability CVE: CVE

13 Creative Software AutoUpdate Engine ActiveX Control Stack Overflow CVE: CVE Microsoft Internet Explorer Cookie Session Fixation CVE: CVE Apple Quicktime Stack_Cookie Stack Overflow Vulnerability CVE: CVE HP LoadRunner XUpload.ocx ActiveX Control Arbitrary File Download CVE: CVE Oracle Document Capture BlackIce DEVMODE ActiveX Control Remote Command Execution

14 Oracle Document Capture EasyMail ActiveX Control Buffer Overflow Vulnerability CVE: CVE Oracle Times-Ten In-Memory Database Denial Of Service Vulnerability Category: General Vulnerability Assessment -> Intrusive -> Web Server PHP 4 Userland ZVAL Reference Counter Integer Overflow Vulnerability CVE: CVE Microsoft IIS ASP.NET Cookie Header Information Disclosure Vulnerability Microsoft Internet Explorer Unspecified Heap Overflow Vulnerability (CVE ) CVE: CVE

15 XAMPP Insecure Default Password Disclosure Vulnerability CVE: CVE Unix Finger Service User Account Information Disclosure Vulnerability Category: General Vulnerability Assessment -> NonIntrusive -> UNIX CVE: CVE Unix Finger User Account Information Disclosure Vulnerability Category: General Vulnerability Assessment -> NonIntrusive -> UNIX CVE: CVE Perforce Server Multiple Vulnerabilities Category: General Vulnerability Assessment -> NonIntrusive -> Miscellaneous CVE: CVE , CVE , CVE , CVE , CVE , CVE , CVE Open Flash Chart PHP Library Arbitrary File Creation Vulnerability Category: General Vulnerability Assessment -> Intrusive -> Web Server CVE: CVE

16 Callisto PhotoParade Player PhPInfo ActiveX Control Buffer Overflow Vulnerability CVE: CVE Macrovision InstallFromTheWeb Multiple Buffer Overflow Vulnerabilities CVE: CVE Nginx HTTP Server File Path Parse Vulnerability IBM Access Support ActiveX Control GetXMLValue Method Buffer Overflow Vulnerability CVE: CVE Microsoft Visual FoxPro FPOLE.OCX ActiveX Control Remote Command Execution Vulnerability CVE: CVE

17 Microsoft SQL Server SQLExecutiveCmdExec Weak Password Encryption Vulnerability Category: General Vulnerability Assessment -> NonIntrusive -> Windows CVE: CVE IBM DB2 Shared Libraries Privilege Escalation Vulnerability Category: General Vulnerability Assessment -> NonIntrusive -> Miscellaneous CVE: CVE Oracle Application Server Arbitrary File Access Vulnerability CVE: CVE Oracle Application Server dbsnmp And nmo Programs Privilege Escalation Vulnerability CVE: CVE Allied Telesyn TFTP Server Long Filename Remote Buffer Overflow Vulnerability Category: General Vulnerability Assessment -> Intrusive -> Miscellaneous CVE: CVE

18 Wind River Systems VxWorks WDB Target Agent Debug Service Vulnerability Category: General Vulnerability Assessment -> NonIntrusive -> Miscellaneous CVE: CVE DISA IAVA: 2010-B FutureSoft TFTP Server 2000 Remote Denial Of Service Vulnerability Category: General Vulnerability Assessment -> Intrusive -> Miscellaneous Microsoft Windows 'win32k!grestretchbltinternal()' Local Denial Of Service Vulnerability SMTP Server Too Long Line Denial Of Service Vulnerability Category: General Vulnerability Assessment -> Intrusive -> Miscellaneous TFTPUtil GUI Long Transport Mode Buffer Overflow Vulnerability Category: General Vulnerability Assessment -> Intrusive -> Miscellaneous CVE: CVE

19 ProSysInfo TFTP Server TFTPDWIN Long File Name Buffer Overflow Vulnerability Category: General Vulnerability Assessment -> Intrusive -> Miscellaneous CVE: CVE glftpd Default Credentials Unauthorized Access Vulnerability Category: General Vulnerability Assessment -> Intrusive -> UNIX CVE: CVE Atrium Mercur Messaging IMAP Service Remote Buffer Overflow Vulnerability Category: General Vulnerability Assessment -> Intrusive -> Miscellaneous CVE: CVE GuildFTPd LIST and CWD Commands Heap Overflow Vulnerability Category: General Vulnerability Assessment -> Intrusive -> Miscellaneous CVE: CVE Open&Compact FTP Server Authentication Bypass Vulnerability Category: General Vulnerability Assessment -> NonIntrusive -> Miscellaneous CVE: CVE Open&Compact FTP Server Multiple Buffer Overflow Vulnerabilities

20 Category: General Vulnerability Assessment -> Intrusive -> Miscellaneous Microsoft Internet Explorer 'window.onerror' Information Disclosure GIGABYTE Dldrv2 ActiveX Control Multiple Vulnerabilities CVE: CVE , CVE WordPress Plugin fgallery SQL Injection Vulnerability CVE: CVE Microsoft Windows Ipv6 Router Advertisement Denial Of Service CVE: CVE WordPress Rating-Widget Plugin Multiple Cross-Site Scripting Vulnerabilities

21 Microsoft HTML Help Stack Overflow Remote Code Execution Microsoft Reader Integer Overflow Microsoft Reader Heap Overflow Denial of Service Microsoft Reader NULL Byte Write Denial of Service WordPress SocialGrid Plugin "default_services" Cross-Site Scripting Vulnerability

22 Quest Software Big Brother Arbitrary File Deletion Remote Code Execution Category: General Vulnerability Assessment -> Intrusive -> Web Server WordPress Magazeen Theme Multiple Vulnerabilities HP 3COM/H3C Intelligent Management Center Img Recv Remote Code Execution CVE: CVE HP SiteScope Default Credentials Weaknesses Category: General Vulnerability Assessment -> Intrusive -> Web Server Microsoft Windows wab32res.dll Insecure Library Loading Remote Code Execution CVE: CVE

23 Sunway ForceControl YRWXls.ocx ActiveX Control Buffer Overflow Vulnerability Category: Windows Host Assessment -> SCADA Sunway ForceControl SCADA SNMP NetDBServer Integer Signedness Buffer Overflow Remote Code Execution Category: Windows Host Assessment -> SCADA Sunway ForceControl SNMP NetDBServer Stack Buffer Overflow Remote Code Execution Category: General Vulnerability Assessment -> Intrusive -> SCADA OPC Systems.NET OPCSystemsService Denial Of Service Vulnerability Category: Windows Host Assessment -> SCADA Snort Report target Multiple Remote Command Execution Vulnerabilities Category: General Vulnerability Assessment -> Intrusive -> Web Server A-Blog Sources Search.php SQL Injection Remote Code Execution

24 CVE: CVE Oracle AutoVue AutoVueX ActiveX Control Remote Code Execution Oracle AutoVue AutoVueX ActiveX Control ExportEdaBom Remote Code Execution Oracle AutoVue AutoVueX ActiveX Control Export3DBom Remote Code Execution IRAI AUTOMGEN Use-After-Free Multiple Remote Code Execution Vulnerabilities Category: Windows Host Assessment -> SCADA Microsoft Excel VBScript Validation Use After Free Vulnerability

25 Oracle DataDirect Multiple Native Wire Protocol ODBC Driver Buffer Overflow Remote Code Execution HP Data Protector Media Operations Directory Traversal Remote Code Execution HP Data Protector Media Operations Heap Buffer Overflow Remote Code Execution Apple OS X Sandbox Predefined Profiles Bypass Remote Code Execution II Category: SSH Module -> NonIntrusive -> Mac OS X Patches and Hotfixes CVE: CVE Apple OS X Sandbox Predefined Profiles Bypass Remote Code Execution Category: SSH Module -> NonIntrusive -> Mac OS X Patches and Hotfixes CVE: CVE

26 Microsoft Excel Window2 Record Use After Free Remote Code Execution Adobe Flash Player VulnDisco Step Ahead Remote Code Execution CVE: CVE , CVE Ipswitch WS TFTP Server Directory Traversal Information Disclosure Category: General Vulnerability Assessment -> NonIntrusive -> Miscellaneous Microsoft Windows Media Player Null Pointer Remote Denial Of Service CoCSoft Stream Down Response Buffer Overflow Remote Code Execution CVE: CVE

27 Novell GroupWise Messenger nmma.exe Login Memory Corruption Remote Code Execution Novell GroupWise Messenger nmma.exe Arbitrary Memory Corruption Remote Code Execution Beckhoff TwinCAT TCatScopeView SVW And SCP File Processing Remote Code Execution Category: Windows Host Assessment -> SCADA IBM Tivoli Provisioning Manager Express ActiveX Control Remote Code Execution CVE: CVE IBM Tivoli Provisioning Manager Express for Software Distribution Multiple SQL Injection Remote Code Execution CVE: CVE

28 Apple Safari Plug-in Unloading Remote Code Execution CVE: CVE Microsoft Visual Studio Incremental Linker Integer Overflow Remote Code Execution Tftpd32 DNS Server Denial Of Service Vulnerability Microsoft Wordpad Doc File Null Pointer Denial of Service Apple ios Safari match() Buffer Denial of Service Microsoft IIS 7.5 Classic ASP Authentication Bypass Remote Code Execution

29 Microsoft IIS 6.0 PHP Authentication Bypass Remote Code Execution Microsoft IIS 7.5.NET Authentication Bypass Remote Code Execution PHP com_print_typeinfo Function Buffer Overflow Remote Code Execution CVE: CVE Apple ios Safari match() Buffer Denial of Service Category: Wireless Assessment -> NonIntrusive -> ios Windows Explorer BMP File Handling Vulnerability

30 CVE: CVE Microsoft Index Service Ixsso.dll Denial of Service KASKAD SCADA DAServer.exe Remote Code Execution Category: Windows Host Assessment -> SCADA Oracle Business Transaction Management Server FlashTunnelService Denial of Service HP Intelligent Management Center uam.exe Stack Buffer Overflow Category: General Vulnerability Assessment -> Intrusive -> Miscellaneous CVE: CVE EMC AutoStart Remote Code Execution

31 EMC AlphaStor Remote Code Execution Category: General Vulnerability Assessment -> NonIntrusive -> Miscellaneous Oracle Business Transaction Management SOAP Web Service Directory Traversal Vulnerability QNX FTPD Denial of Service Category: General Vulnerability Assessment -> NonIntrusive -> SCADA CYME Power Engineering ChartFX Client Server ActiveX Control Array Indexing Remote Code Execution Microsoft Office Picture Manager Memory Corruption Remote Code Execution

32 RealNetworks RealPlayer 3GP File Handling Remote Code Execution Microsoft Office Excel WriteAV Remote Code Execution Sunsolve sscd_suncourier.pl Vulnerability Category: General Vulnerability Assessment -> NonIntrusive -> Miscellaneous CVE: CVE WordPress AdWizz Plugin "link" Cross-Site Scripting Vulnerability VideoLAN VLC Media Player SWF File Remote Code Execution Adobe Flash Player FLV File Remote Code Execution

33 Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities CVE: CVE , CVE Microsoft Internet Explorer Remote Stack Overflow Vulnerability Oracle Java SE Reflection API Remote Code Execution I Oracle Java SE Reflection API Remote Code Execution II HMS Netbiter Config Utility Denial of Service Category: Windows Host Assessment -> SCADA

34 Kaspersky Internet Security Kaspersky Anti-Virus NDIS 6 Filter Denial of Service Vulnerability Category: Windows Host Assessment -> Anti-Virus Software PostgreSQL Command-Line Switch Error Messages Data Directory Denial of Service Category: General Vulnerability Assessment -> NonIntrusive -> Miscellaneous CVE: CVE Schneider Electric Vijeo Web Gate Server Denial Of Service Category: Windows Host Assessment -> SCADA MOXA Mass Configuration Tool Denial of Service Category: Windows Host Assessment -> SCADA MOXA AWK Search Utility Denial of Service Category: Windows Host Assessment -> SCADA

35 DotNetNuke DNNArticle Module "categoryid" SQL Injection Vulnerability Category: General Vulnerability Assessment -> Intrusive -> Web Server CVE: CVE (MS13-067) Microsoft SharePoint MAC Disabled Remote Code Execution ( ) CVE: CVE DISA IAVA: 2013-A-0174 Microsoft ID: MS Microsoft KB: EATON VURemote Denial of Service Category: Windows Host Assessment -> SCADA Moore Industries NCS Configuration Denial of Service Category: Windows Host Assessment -> SCADA McAfee Web Reporter Tomcat EJBInvokerServlet Marshalled Object Remote Code Execution

36 CVE: CVE NETGEAR WNDR3700v4 ping6 Diagnostic Page Command Injection Vulnerability Category: Wireless Assessment -> NonIntrusive -> Wireless FirebirdSQL Firebird Null Pointer Denial of Service I Symantec Workspace Streaming EJBInvokerServlet / JMXInvokerServlet Marshalled Object Vulnerability Microsoft Word Embedded Image Fork Bomb Denial of Service CVE: CVE McAfee Gateway Multiple SQL Injection and Remote Command Execution Vulnerabilities CVE: CVE , CVE , CVE

37 HP 2620 Switches /html/json.html Admin Account Manipulation Cross-Site Request Forgery Category: General Vulnerability Assessment -> NonIntrusive -> Network CVE: CVE Eaton Network Shutdown Module Pi3Web WebServer Denial of Service Category: General Vulnerability Assessment -> NonIntrusive -> SCADA Inductive Automation Ignition Gateway OPC-UA Server Denial of Service Category: Windows Host Assessment -> SCADA Linksys Multiple E-Series Routers Security Bypass Vulnerability Category: Wireless Assessment -> NonIntrusive -> Wireless CVE: CVE Delta Electronics WPLSoft DVPSimulator.exe Buffer Overflow Remote Code Execution Category: General Vulnerability Assessment -> Intrusive -> SCADA

38 Adobe Reader Multiple Remote Code Execution Vulnerabilities CVE: CVE , CVE DISA IAVA: 2014-A Microsoft Windows Unspecified Flaw Kernel Local Privilege Escalation CVE: CVE Microsoft Internet Explorer Multiple Sandbox Bypass and Use-After-Free Vulnerabilities CVE: CVE , CVE , CVE , CVE McAfee And Web Security Appliance Multiple Unspecified Vulnerabilities Paessler PRTG Network Monitor Server.exe Denial of Service Category: Windows Host Assessment -> SCADA

39 FrameFlow Server Monitor Unspecified Defect Denial Of Service Category: Windows Host Assessment -> SCADA VideoLAN VLC Media Player libpng_plugin.dll Denial of Service CVE: CVE Nullsoft Winamp Malformed.FLV File Remote Code Execution CVE: CVE RealNetworks RealPlayer GetGUID Function Remote Code Execution CVE: CVE IceWarp Mail Server Preauth Buffer Overflow Remote Code Execution Category: General Vulnerability Assessment -> NonIntrusive -> Miscellaneous

40 Apple QuickTime Crafted MOV File Code Execution Category: SSH Module -> NonIntrusive -> Mac OS X Patches and Hotfixes CVE: CVE Apple Quicktime Stack_Cookie Stack Overflow Vulnerability Category: SSH Module -> NonIntrusive -> Mac OS X Patches and Hotfixes CVE: CVE Apple Mac OS X AppleTalk 'zip-notify' Buffer Overflow Vulnerability Category: SSH Module -> NonIntrusive -> Mac OS X Patches and Hotfixes CVE: CVE Fedora Linux 16 FEDORA Update Is Not Installed Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes CVE: CVE , CVE Risk is updated Fedora Linux 18 FEDORA Update Is Not Installed Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes CVE: CVE Risk is updated.

41 Fedora Linux 17 FEDORA Update Is Not Installed Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes CVE: CVE Risk is updated Fedora Linux 19 FEDORA Update Is Not Installed Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes CVE: CVE Risk is updated Fedora Linux 20 FEDORA Update Is Not Installed Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes CVE: CVE Risk is updated Microsoft IIS ExAir Denial-of-Service CVE: CVE PowerFTP Personal FTP Server Directory Disclosure Category: General Vulnerability Assessment -> NonIntrusive -> Miscellaneous Check Version: 1.3 CVE: CVE

42 763 - PowerFTP Personal FTP Server Tilde Denial-of-Service Category: General Vulnerability Assessment -> NonIntrusive -> Miscellaneous Check Version: D-Link DWL-1000AP Wireless Access Point SNMP Public Community String Category: Wireless Assessment -> NonIntrusive -> Wireless Check Version: 1.2 CVE: CVE Apache Win32 PHP.EXE Remote File Disclosure CVE: CVE Compaq Survey Utility Anonymous Login CVE: CVE Lotus Domino Web Server statrep.nsf Anonymous Access Check Version: 1.2

43 935 - FormMail.pl Detected Check Version: 1.3 CVE: CVE Apple Airport Base Station WEP Key Disclosure Category: Wireless Assessment -> NonIntrusive -> Wireless Check Version: Microsoft ASP.NET Application Trace Enabled Omnicron OmniHTTPd Long Request Buffer Overflow Category: General Vulnerability Assessment -> Intrusive -> Web Server CVE: CVE MyWebServer Buffer Overflow Category: General Vulnerability Assessment -> Intrusive -> Web Server CVE: CVE

44 Multiple Vendor Access Point Information Leakage Category: Wireless Assessment -> NonIntrusive -> Wireless Check Version: RedHat Linux Apache Remote Username Enumeration Check Version: CVE: CVE Novell NetWare Webservers Denial-of-Service Check Version: 1.3 CVE: CVE Sun JavaServer Default Admin Password Check Version: Intel Express 8100 Router Fragmented ICMP Denial-of-Service Category: General Vulnerability Assessment -> NonIntrusive -> Network Check Version: CVE: CVE

45 Efficient Networks 5861 Router NMap Denial-of-Service Category: General Vulnerability Assessment -> NonIntrusive -> Network Check Version: CVE: CVE Lucent Router UDP Information Disclosure Category: General Vulnerability Assessment -> NonIntrusive -> Network Check Version: CVE: CVE Sun Java App Server PE 8.0 Path Disclosure com 3CDaemon FTP Remote Format String Category: General Vulnerability Assessment -> NonIntrusive -> Miscellaneous Check Version: 1.2 CVE: CVE Grokster FastTrack P2P Supernode Packet Handler Buffer Overrun Check Version: 1.2 CVE: CVE

46 IMesh FastTrack P2P Supernode Packet Handler Buffer Overrun Check Version: 1.1 CVE: CVE Morpheus FastTrack P2P Supernode Packet Handler Buffer Overrun Check Version: 1.2 CVE: CVE Kazaa FastTrack P2P Supernode Packet Handler Buffer Overrun Check Version: 1.2 CVE: CVE RealPlayer RealMedia ".rm" Security Bypass Vulnerability Check Version:

47 Abe Zimmerman xml.cgi Remote File Disclosure Vulnerability Check Version: 1.2 CVE: CVE Home FTP Information Disclosure Check Version: CVE: CVE , CVE , CVE , CVE Visual Studio 6.0 Project Name Buffer Overflow Vulnerability Check Version: CVE: CVE AlienForm2 Directory Traversal Vulnerability Category: General Vulnerability Assessment -> NonIntrusive -> UNIX Check Version: CVE: CVE Way-BOARD CGI Information Disclosure

48 Check Version: CVE: CVE BroadVision One-To-One Enterprise Information Disclosure Check Version: CVE: CVE Armada Master Index search.cgi Directory Traversal Check Version: CVE: CVE WindMail Metacharacter Vulnerability Check Version: CVE: CVE Caldera OpenLinux rpm_query Vulnerability Check Version: CVE: CVE

49 PowerScripts PlusMail CGI password file Vulnerability Check Version: CVE: CVE OmniHTTPD visadmin.exe Denial of Service Check Version: CVE: CVE Alibaba web server CGI Vulnerability Check Version: CVE: CVE Microsoft Internet Explorer Popup Address Bar Spoofing Vulnerability Check Version: CVE: CVE Microsoft Internet Explorer HTML Tag Information Disclosure

50 Check Version: CVE: CVE Microsoft Windows Vista Local Privilege Escalation Vulnerability Check Version: Microsoft DXMedia SDK ActiveX Remote Code Execution Check Version: CVE: CVE Microsoft Internet Saved Web Page Cross-Site Scripting Check Version: CVE: CVE Sony MicroVault USB Fingerprint Hidden Folder Vulnerability Category: Windows Host Assessment -> Trojans, Backdoors, Viruses, and Malware Check Version: CVE: CVE

51 Microsoft Visual Studio PDWizard Remote Code Execution Check Version: CVE: CVE Microsoft Internet Explorer OnKeyDown Focus Information Disclosure Check Version: CVE: CVE Xunlei Web Thunder DPClient.Vod.1 ActiveX Vulnerability Check Version: CVE: CVE Mozilla Firefox Data URL Scheme Design Flaw Check Version: Viewpoint Media Player AxMetaStream ActiveX Stack Overflow

52 Check Version: CVE: CVE Microsoft Windows Pseudo-Random Number Generator Design Flaw Check Version: CVE: CVE Mozilla Firefox JSFrame Vulnerability CVE: CVE Yahoo Messenger VBscript Remote Denial of Service Microsoft Windows Vista TCP/IP Buffer Overflow Vulnerability CVE: CVE

53 Mozilla Firefox XUL/XML Parser Corruption Vulnerability CVE: CVE Mozilla Firefox location.hash Denial-of-Service Vulnerability CVE: CVE Safari For Windows XML Tag Denial Of Service Vulnerability CVE: CVE Apache HTTPD suexec Multiple Local Privilege Escalation Vulnerabilities CVE: CVE , CVE , CVE Microsoft Internet Explorer findtext Parsing Denial-of-Service Vulnerability CVE: CVE

54 Microsoft Wordpad Memory Exhaustion Vulnerability Microsoft Internet Explorer URL Spoofing Vulnerability CVE: CVE Oracle Reports Server Multiple Cross Site Scripting Vulnerabilities CVE: CVE IBM Lotus Domino Server nserver.exe Crash Denial Of Service Category: General Vulnerability Assessment -> NonIntrusive -> Miscellaneous CVE: CVE Apache mod_perl File Descriptor Leakage Vulnerability

55 Apache HTTP Server mod_rewrite Security Bypass Vulnerability CVE: CVE Sendmail Long IDENT Logging Circumvention Weakness Vulnerability Category: General Vulnerability Assessment -> NonIntrusive -> UNIX CVE: CVE Microsoft Virtual PC Hypervisor Memory Protection Security Bypass Vulnerability Microsoft IIS CodeBrws.ASP File Extension Check Out By One Vulnerability CVE: CVE Microsoft Internet Explorer Unspecified Heap Overflow Vulnerability (CVE ) CVE: CVE

56 Microsoft IIS Sample Application Cross Site Scripting Vulnerability Sun Java System Directory Server LDAP Search Request Denial Of Service Vulnerability Category: General Vulnerability Assessment -> Intrusive -> Miscellaneous CVE: CVE Microsoft Office Communicator (Beta) SIP Denial Of Service Vulnerability Sun Java System Web Server WebDAV LOCK Request File Disclosure Cisco IOS HTTP Server Cross Site Scripting Vulnerability Category: General Vulnerability Assessment -> NonIntrusive -> Network CVE: CVE

57 Cisco IOS HTTP Server Cross Site Request Forgery Vulnerability Category: General Vulnerability Assessment -> NonIntrusive -> Network CVE: CVE Microsoft Windows "SfnLOGONNOTIFY()" And "SfnINSTRING()" Denial Of Service Vulnerability Internet Explorer XSS Filter Cross-Site Scripting Vulnerability CVE: CVE ROBS-PROJECTS Digital Sales IPN Information Disclosure Vulnerability CVE: CVE Nuked-Klan phpinfo Information Disclosure Vulnerability CVE: CVE

58 Perforce P4Web Client Two Vulnerabilities Microsoft Internet Explorer UTF-7 Charset Inheritance Cross Site Scripting Vulnerability CVE: CVE WeOnlyDo! SFTP ActiveX Control Remote Arbitrary File Access Vulnerability CVE: CVE Microsoft Windows Remote Desktop Protocol mstlsapi.dll Private Key Spoofing Vulnerability CVE: CVE IBM DB2 Universal Database Default Credentials Unauthorized Access Vulnerability Category: General Vulnerability Assessment -> NonIntrusive -> Miscellaneous CVE: CVE

59 Learn2 Corporation STRunner iestm32.dll ActiveX Control Multiple Buffer Overflow Vulnerabilities CVE: CVE Apache HTTP Server mod_alias URL Validation Canonicalization CGI Script Source Code Disclosure Vulnerability CVE: CVE Microsoft IIS Denial Of Service Vulnerability (CVE ) Category: General Vulnerability Assessment -> Intrusive -> Web Server CVE: CVE Oracle Application Server Portal Security Bypass Vulnerability CVE: CVE Oracle Database Alter Session Set Events Code Execution Vulnerability CVE: CVE

60 Microsoft IIS HTR Files Password Policy Security Bypass Vulnerability CVE: CVE DISA IAVA: 2003-T-0014,2003-A-0005(v2),2003-A-0005(v1),2003-A-0005,2002-A Microsoft SQL Server Login Weak Password Encryption Vulnerability Category: General Vulnerability Assessment -> NonIntrusive -> Windows CVE: CVE Microsoft ASP.NET Framework _VIEWSTATE Denial Of Service Vulnerability CVE: CVE Microsoft ASP.NET VIEWSTATE Parameter Cross Site Scripting Vulnerability CVE: CVE Mircosoft IIS ASP.NET NULL Character Cross Site Scripting Vulnerability CVE: CVE

61 Microsoft ASP.NET Framework _VIEWSTATE Insecure Crypto Validation Vulnerability CVE: CVE Microsoft ASP.NET aspnet_wp.exe RPC Encoded Method Denial Of Service Vulnerability CVE: CVE Microsoft ASP.NET Unicode Character Conversion Multiple Cross-Site Scripting Vulnerabilities CVE: CVE Microsoft ASP.NET InnerHtml Property Cross Site Scripting Vulnerability CVE: CVE IBM WebSphere Application Server JSP Root Password Disclosure Vulnerability CVE: CVE

62 IBM WebSphere Application Server HTTP Request Smuggling Vulnerability CVE: CVE Microsoft DirectX DirectPlay Denial Of Service Vulnerabilities Oracle Database Server CREATE ANY DIRECTORY Privilege Escalation Vulnerability CVE: CVE Cisco IOS Virtual LAN 802.1q Frame Injection Vulnerability Category: General Vulnerability Assessment -> NonIntrusive -> Network CVE: CVE Cisco IOS Large TCP Scan Denial Of Service Vulnerability Category: General Vulnerability Assessment -> NonIntrusive -> Network CVE: CVE Cisco IOS Regular Expression Engine Denial Of Service Vulnerability

63 Category: General Vulnerability Assessment -> NonIntrusive -> Network CVE: CVE Cisco IOS Firewall/IPS Functionality HTTP Unicode Encoding Detection Security Bypass Vulnerability Category: General Vulnerability Assessment -> NonIntrusive -> Network CVE: CVE Oracle Application Server query.xsql Sample Page SQL Injection Vulnerability CVE: CVE Oracle Application Server Apache Configuration File Information Disclosure Vulnerability CVE: CVE Oracle Application Server PL/SQL Module Format String Vulnerability CVE: CVE Oracle Application Server TopLink Mapping Workbench Weak Password Encryption Vulnerability

64 CVE: CVE Oracle Application Server DMS Cross Site Scripting Vulnerability CVE: CVE Oracle Application Server Multiple Components Default Credentials Privilege Escalation Vulnerability CVE: CVE Oracle Application Server HTTP Request Smuggling Vulnerability CVE: CVE Unix Account Default Password Information Disclosure Vulnerability Category: General Vulnerability Assessment -> Intrusive -> UNIX CVE: CVE Microsoft Internet Explorer Frame Border Property Denial Of Service Vulnerability

65 RealVNC ClientCutText Message Remote Denial Of Service Vulnerability Category: General Vulnerability Assessment -> Intrusive -> Miscellaneous SolarWinds TFTP Server Option Acknowledgement Request Denial Of Service Vulnerability Category: General Vulnerability Assessment -> Intrusive -> Miscellaneous CVE: CVE Microsoft Windows Ipv4SetEchoRequestCreate Interruption Denial Of Service Vulnerability SquirrelMail Multiple Remote Vulnerabilities Network Associates WebShield SMTP GET_CONFIG Information Disclosure Vulnerability Category: General Vulnerability Assessment -> NonIntrusive -> Miscellaneous CVE: CVE

66 Cisco IOS TACACS+ Body Length Buffer Overflow Vulnerability Category: General Vulnerability Assessment -> NonIntrusive -> Network CVE: CVE University Of Washington pop2d Remote File Read Vulnerability Category: General Vulnerability Assessment -> NonIntrusive -> Miscellaneous glftpd ZIP Plugins Multiple Directory Traversal Vulnerabilities Category: General Vulnerability Assessment -> NonIntrusive -> UNIX CVE: CVE Xerver Administration Interface currentpath Directory Traversal Vulnerability CVE: CVE Xerver Administration Interface portnr Denial Of Service Vulnerability Category: General Vulnerability Assessment -> Intrusive -> Web Server CVE: CVE

67 IBM DB2 Default User db2admin Unauthorized Access Vulnerability Category: General Vulnerability Assessment -> Intrusive -> Miscellaneous CVE: CVE IBM DB2 Default User db2inst1 Unauthorized Access Vulnerability Category: General Vulnerability Assessment -> Intrusive -> Miscellaneous CVE: CVE IBM DB2 Default User db2as Unauthorized Access Vulnerability Category: General Vulnerability Assessment -> Intrusive -> Miscellaneous CVE: CVE IBM DB2 Default User db2fenc1 Unauthorized Access Vulnerability Category: General Vulnerability Assessment -> Intrusive -> Miscellaneous CVE: CVE Microsoft ASP.NET Application Tracing trace.axd Information Disclosure Vulnerability

68 Nuked-Klan Cross Site Scripting Vulnerability CVE: CVE WordPress Vodpod Video Gallery Plugin "gid" Cross Site Scripting Vulnerability CVE: CVE Microsoft Remote Access Phonebook Insecure Executable Loading Vulnerability WordPress Safe Search Plugin 'v1' Parameter Cross Site Scripting Vulnerability CVE: CVE VMware Server Web Access Interface Directory Traversal Vulnerability WordPress RSS Feed Reader For WordPress Plugin "rss url" Cross-Site Scripting Vulnerability

69 Microsoft FrontPage Server Extensions.pwd File Information Disclosure Vulnerability WordPress Featured Content Plugin "param" Cross-Site Scripting Vulnerability WordPress x7host's Videox7 UGC Plugin "listid" Cross-Site Scripting Vulnerability OraMon oramon.ini Information Disclosure Vulnerability CVE: CVE WordPress Conduit Banner Plugin "banner-index-field-id" Cross-Site Scripting Vulnerability

70 Xerver HTTP Response Splitting Vulnerability CVE: CVE HP Power Manager Server Cross Site Request Forgery Vulnerability CVE: CVE WordPress WP Featured Post With Thumbnail Plugin "src" Cross-Site Scripting Vulnerability WordPress TagNinja Plugin 'id' Parameter Cross Site Scripting Vulnerability WordPress YT-Audio Plugin "v" Parameter Cross Site Scripting Vulnerability WordPress PHP Speedy Plugin "page" Parameter Local File Inclusion Vulnerability

71 Novell Netware SSH Remote Buffer Overflow Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Unix ypserv Domainname passwd.bynames Map Information Disclosure Vulnerability Category: General Vulnerability Assessment -> NonIntrusive -> UNIX RSA ClearTrust Login Page Cross Site Scripting Vulnerability Citrix MetaFrame Client Specified Published Applications Enumeration Information Disclosure Vulnerability Category: General Vulnerability Assessment -> NonIntrusive -> Miscellaneous WordPress Placester Plugin "ajax_action" Parameter Cross Site Scripting Vulnerability

72 HP LaserJet JetDirect Card Security Bypass Vulnerability Category: General Vulnerability Assessment -> NonIntrusive -> Printers and Print Servers CVE: CVE WordPress WP Forum Multiple SQL Injection Vulnerabilities Microsoft Word 2003 MSO.dll Null Pointer Dereference Vulnerability CVE: CVE Microsoft Windows Live Safety Scanner One Care Local Download And Execute Vulnerability TCP/IP SYN-FIN Packet Filtering Vulnerability Category: General Vulnerability Assessment -> Intrusive -> Raw Socket WordPress WP-StarsRateBox Plugin Cross Site Scripting And SQL Injection Vulnerabilities

73 RealNetworks Arcade Games StubbyUtil.ProcessMgr ActiveX Remote Code Execution IBM Lotus Domino ReadDesign Request Design Element Disclosure Vulnerability Apache mod_info /server-info Information Disclosure Vulnerability Microsoft Windows SMB Response Denial Of Service Vulnerability Category: Windows Host Assessment -> No Credentials Required CVE: CVE Sybase Advantage Database Server Memory Corruption Vulnerability

74 Oracle Java Runtime Environment Insecure File Loading Microsoft Internet Explorer 'Iedvtool.dll' Malformed HTML Denial Of Service Vulnerability Microsoft Windows DHCPv6 Packets Remote Denial Of Service WordPress WP CSS Plugin f Local File Inclusion Vulnerability Microsoft Windows Server 2008 R1 Local Denial Of Service WordPress Donation Plugin did Parameter SQL Injection Vulnerability

75 Carel Industries PlantVisor Enhanced Directory Traversal Vulnerability Category: General Vulnerability Assessment -> NonIntrusive -> SCADA CVE: CVE Oracle Hyperion Financial Management TList6 ActiveX Control Remote Code Execution NexusPHP thanks php SQL Injection Denial Of Service CVE: CVE Oracle Hyperion Strategic Finance Client TTF16 ActiveX SetDevNames Remote Code Execution Adobe ColdFusion Multiple Vulnerabilities

76 WordPress Bonus Theme s Parameter Cross Site Scripting Vulnerability WordPress Simple Balance Theme s Parameter Cross Site Scripting Vulnerability Microsoft Internet Explorer Cache Objects History Enumeration Weakness Information Disclosure CVE: CVE Microsoft Windows NetBIOS NULL Name Denial Of Service Vulnerability Category: Windows Host Assessment -> No Credentials Required CVE: CVE Rockwell Automation FactoryTalk Diagnostics Receiver Service Denial of Service Vulnerabilities Category: Windows Host Assessment -> SCADA

77 WordPress ucan Post Plugin Multiple Parameters Cross Site Scripting Vulnerability Microsoft Internet Explorer ASLR/DEP Bypass Denial of Service CVE: CVE Microsoft Windows Remote Desktop Protocol mstlsapi.dll Private Key Spoofing Vulnerability Category: General Vulnerability Assessment -> NonIntrusive -> Windows CVE: CVE Samsung AllShare HTTP Header Processing Denial of Service Vulnerability Category: General Vulnerability Assessment -> Intrusive -> Web Server Honeywell PowerNet Twin Client RFSync.exe Denial of Service Trend Micro InterScan Messaging Security Suite Cross-Site Scripting and Request Forgery

78 Vulnerabilities CVE: CVE , CVE Microsoft Office Excel ReadAV Remote Code Execution CVE: CVE Microsoft Windows NTFS.SYS via USB Local Code Execution RealNetworks RealPlayer Watch Folders Remote Code Execution CVE: CVE VideoLAN VLC Media Player SHAddToRecentDocs() Function Denial of Service

79 Oracle Java SE OpenJDK Hash Table Denial of Service II CVE: CVE Apache Tomcat Slowloris HTTP Denial of Service CVE: CVE MODx Login User Enumeration Weakness Microsoft Internet Explorer Proxy Settings TCP Sessions Information Disclosure CVE: CVE Microsoft Internet Explorer Proxy Settings SSL Lock Icon Denial of Service CVE: CVE

80 Apple QuickTime Out of Bound Read Denial of Service Cisco Linksys EA2700 Multiple Vulnerabilities Category: Wireless Assessment -> NonIntrusive -> Wireless D-Link DIR-635 "data" Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities Category: Wireless Assessment -> NonIntrusive -> Wireless Siemens Solid Edge ST5 ActiveX Controls Vulnerabilities Category: Windows Host Assessment -> SCADA WordPress Content Slide Plugin Cross-Site Request Forgery Vulnerability CVE: CVE WordPress Stream Video Player Plugin Cross-Site Request Forgery Vulnerability

81 CVE: CVE Cisco Video Surveillance Operations Manager Help Page Redirection Vulnerability CVE: CVE RealNetworks RealPlayer Crafted HTML File Denial of Service CVE: CVE WordPress Dropdown Menu Widget Plugin Cross Site Request Forgery Vulnerability CVE: CVE WordPress Sharebar Plugin Cross-Site Request Forgery Vulnerability CVE: CVE WordPress Mingle Forum Plugin Cross-Site Request Forgery Vulnerability

82 CVE: CVE TP-LINK TD-W8951ND Router Cross-Site Scripting and Request Forgery Vulnerabilities Category: Wireless Assessment -> NonIntrusive -> Wireless Cisco Prime Network Control System (NCS) Health Monitor Login Page Cross-Site Scripting Vulnerability CVE: CVE WordPress WP Ultimate Marketer Plugin Multiple Vulnerabilities CVE: CVE , CVE Cisco Adaptive Security Appliance Software Phone Proxy Denial of Service Category: SSH Module -> NonIntrusive -> SSH Miscellaneous CVE: CVE Cisco Adaptive Security Appliance Software Auto-Update Denial of Service Category: SSH Module -> NonIntrusive -> SSH Miscellaneous CVE: CVE

83 Wordpress dhtmlxspreadsheet Plugin Cross-Site Scripting Vulnerability CVE: CVE Microsoft Windows Movie Maker wav File Handling Denial of Service Vulnerability CVE: CVE (VMSA ) VMware Workstation Invalid Ports Denial of Service Vulnerability CVE: CVE DISA IAVA: 2014-B-0010,2014-B-0009,2014-B-0008,2014-A-0019 Observation is updated Cisco NX-OS Software Label Distribution Protocol Message Denial of Service Category: SSH Module -> NonIntrusive -> SSH Miscellaneous CVE: CVE Cisco NX-OS Software TACACS+ Command Authorization Local Security Bypass Category: SSH Module -> NonIntrusive -> SSH Miscellaneous

84 CVE: CVE Multiple Routers RomPager Embedded Web Server ROM-0 Information Disclosure Vulnerability Cisco Adaptive Security Appliance Phone Proxy CTL Security Bypass Vulnerability Category: SSH Module -> NonIntrusive -> SSH Miscellaneous CVE: CVE Cisco Adaptive Security Appliance Phone Proxy sec_db Race Condition Security Bypass Category: SSH Module -> NonIntrusive -> SSH Miscellaneous CVE: CVE Cisco Adaptive Security Appliance WebVPN Login Page Cross-Site Scripting Category: SSH Module -> NonIntrusive -> SSH Miscellaneous CVE: CVE Kaspersky Internet Security Regular Expression Patterns Processing Denial of Service Vulnerability Category: Windows Host Assessment -> Anti-Virus Software

85 Microsoft Windows Media Player Crafted WAV File Denial of Service CVE: CVE McAfee Asset Manager downloadreport Directory Traversal Category: SSH Module -> NonIntrusive -> SSH Miscellaneous CVE: CVE McAfee Asset Manager ReportsAudit.jsp SQL Injection Category: SSH Module -> NonIntrusive -> SSH Miscellaneous CVE: CVE Microsoft Office XML Parser Nested Entity References Denial of Service CVE: CVE McAfee Cloud Single Sign On Login Audit Form Cross-Site Scripting

86 CVE: CVE BlackBerry Link OpenSSL TLS/DTLS Heartbeat Information Disclosure Vulnerabilities CVE: CVE DISA IAVA: 2014-B-0041,2014-A-0063,2014-A BlackBerry Link OpenSSL TLS/DTLS Heartbeat Information Disclosure Vulnerabilities Category: SSH Module -> NonIntrusive -> SSH Miscellaneous CVE: CVE DISA IAVA: 2014-B-0041,2014-A-0063,2014-A Mozilla Firefox XUL/XML Parser Corruption Vulnerability Category: SSH Module -> NonIntrusive -> SSH Miscellaneous CVE: CVE Apple Mac OS X XNU Kernel Memory Denial-of-Service Vulnerability Category: SSH Module -> NonIntrusive -> Mac OS X Patches and Hotfixes CVE: CVE Apple Mac OS X Local Kernel Memory Information Disclosure Vulnerability

87 Category: SSH Module -> NonIntrusive -> Mac OS X Patches and Hotfixes CVE: CVE Microsoft Windows spoolss Remote Denial of Service Category: Windows Host Assessment -> No Credentials Required Check Version: CVE: CVE Fedora Linux 18 FEDORA Update Is Not Installed Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes CVE: CVE Risk is updated Fedora Linux 17 FEDORA Update Is Not Installed Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes CVE: CVE Risk is updated Fedora Linux 18 FEDORA Update Is Not Installed Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes CVE: CVE Risk is updated Fedora Linux 19 FEDORA Update Is Not Installed

88 Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes CVE: CVE Risk is updated Fedora Linux 18 FEDORA Update Is Not Installed Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes CVE: CVE Risk is updated Fedora Linux 17 FEDORA Update Is Not Installed Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes CVE: CVE Risk is updated Netscape Enterprise Server INDEX Directory Disclosure Check Version: 1.2 CVE: CVE ActiveState ActivePerl Path Disclosure Microsoft IIS 4.0 bdir.htr Directory Disclosure

89 Check Version: Microsoft IIS htimage.exe Path Disclosure CVE: CVE Microsoft IIS / RPC Guest Username Disclosure CVE: CVE Oracle9iAS Web Server globals.jsa disclosure Check Version: 1.2 CVE: CVE DISA IAVA: 2003-T-0004,2002-T-0006,2002-T Netscape Enterprise Server Internal IP Address Disclosure Check Version: Novell GroupWise Web Root Disclosure

90 Check Version: 1.2 CVE: CVE , CVE Microsoft IIS Blank Host Auth Internal IP Disclosure Check Version: CVE: CVE DISA IAVA: 2003-T-0014,2003-A-0005(v2),2003-A-0005(v1),2003-A-0005,2002-A SilverStream Application Server Database Structure Disclosure Check Version: SilverStream Application Server Directory Listing Disclosure Check Version: SilverStream Application Server Configuration Disclosure Check Version: 1.2

91 904 - AnalogX Simple Server Cross-Site Scripting (KB272079) Microsoft IIS 5.0 WebDAV Directory Disclosure CVE: CVE Microsoft KB: KB WebStar ssi_demo.ssi Information Disclosure Check Version: Apache Tomcat 4.1 Path Disclosure Check Version: CVE: CVE Redhat Stronghold Secure Webserver Sample Script Path Disclosure Check Version: 1.2 CVE: CVE

92 968 - New Atlanta ServletExec 4.x ISAPI Physical Path Disclosure Check Version: 1.2 CVE: CVE Com AirConnect Wireless Access Point WEP Key Disclosure Category: Wireless Assessment -> NonIntrusive -> Wireless Check Version: CVE: CVE test-cgi Program Detected Check Version: 1.4 CVE: CVE SuSE Apache CGI Source Code Disclosure CVE: CVE Novell Groupwise Web Access Directory Traversal Check Version: 1.3

93 SunONE Starter Kit v2.0 SearchDisk File Disclosure CVE: CVE IBM Net.Data db2www Error Message Cross-Site Scripting CVE: CVE LedNews Cross Site Scripting Check Version: CVE: CVE One or Zero Helpdesk SQL Injection Check Version: CVE: CVE MSN Messenger Service Message Spoof

94 Check Version: CVE: CVE Muscat Empower CGI Path Disclosure Check Version: CVE: CVE Stalkerlab Mailers File Disclosure Check Version: CVE: CVE ichat ROOMS Webserver File Disclosure Check Version: CVE: CVE Microsoft PowerPoint 2003 Zero-Day Vulnerability Check Version: CVE: CVE

95 Google Desktop Anti-DNS Pinning vulnerability Check Version: Perl anacondaclip.pl Directory Traversal Check Version: CVE: CVE Microsoft Windows Sticky Keys Vulnerability Check Version: Kyocera 3830 Printer Unauthorized Access Vulnerability Category: General Vulnerability Assessment -> Intrusive -> Miscellaneous CVE: CVE Microsoft Windows LDAP Bind Request Information Disclosure Vulnerability Category: General Vulnerability Assessment -> Intrusive -> BruteForce CVE: CVE

96 Microsoft Internet Explorer AddFavorite Method DoS Vulnerability CVE: CVE Apache Default Foreign Language File Information Disclosure Vulnerability Category: General Vulnerability Assessment -> NonIntrusive -> Network Apache HTTP Server OS Fingerprinting Vulnerability Microsoft Internet Explorer CSS 'expression' Remote Denial of Service Vulnerability Cisco Spoofed HSRP Loopback Denial Of Service Vulnerability Category: General Vulnerability Assessment -> NonIntrusive -> Network CVE: CVE

97 Cisco IOS Online Help Information Disclosure Vulnerability Category: General Vulnerability Assessment -> NonIntrusive -> Network CVE: CVE Yahoo! Toolbar Internet Explorer Security Bypass Vulnerability Oracle Application Server Single Sign-On Login Page Spoofing Vulnerability CVE: CVE Microsoft Windows Kerberos "Pass The Ticket" Replay Vulnerability Xerver Administration Interface currentpath Cross Site Scripting Vulnerability CVE: CVE

98 Home FTP Server 'MKD' Command Multiple Directory Traversal Vulnerabilities Category: General Vulnerability Assessment -> NonIntrusive -> Miscellaneous CVE: CVE ICMP Netmask Request Information Disclosure Vulnerability Category: General Vulnerability Assessment -> Intrusive -> Raw Socket CVE: CVE HP Web Jetadmin setinfo.hts Script Directory Traversal Vulnerability CVE: CVE ICMP Timestamp Request Information Disclosure Vulnerability Category: General Vulnerability Assessment -> Intrusive -> Raw Socket CVE: CVE Microsoft Windows CSRSS SrvGetConsoleTitle Type Casting Weakness Information Disclosure

99 Microsoft Windows Local DNS Poisoning Vulnerabilities Microsoft Internet Explorer Cache Objects History Enumeration Weakness CVE: CVE Microsoft Windows Explorer Local Denial Of Service Vulnerability Microsoft Windows Kernel Win32k.sys Local Denial Of Service Microsoft Internet Explorer XSS Filter Bypass Microsoft Windows Phone 7 SSL Certificate 'Common Name' Validation Security Bypass Vulnerability

100 Category: Wireless Assessment -> NonIntrusive -> WinMobile CVE: CVE Fedora Linux 18 FEDORA Update Is Not Installed Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes CVE: CVE Risk is updated Fedora Linux 17 FEDORA Update Is Not Installed Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes CVE: CVE Risk is updated Fedora Linux 17 FEDORA Update Is Not Installed Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes CVE: CVE Risk is updated Fedora Linux 18 FEDORA Update Is Not Installed Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes CVE: CVE Risk is updated Fedora Linux 19 FEDORA Update Is Not Installed Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes

101 CVE: CVE Risk is updated Gentoo Linux GLSA Update Is Not Installed Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes CVE: CVE , CVE Risk is updated Microsoft Internet Explorer 'DC:TITLE' PDF Information Disclosure Vulnerability Risk Level: Informational CVE: CVE SSL Certificate Short Public Key Risk Level: Informational ADDITIONAL NOTES 1 - Recommendations for scripts without vendor-supplied patch or update were normalized. HOW TO UPDATE FS1000 APPLIANCE customers should follow the instructions for Enterprise/Professional customers, below. In addition, we strongly urge all appliance customers to authorize and install any Windows Update critical patches. The appliance will auto-download any critical updates but will wait for your explicit authorization before installing. FOUNDSTONE ENTERPRISE and PROFESSIONAL customers may obtain these new scripts using the FSUpdate Utility by selecting "FoundScan Update" on the help menu. Make sure that you have a valid FSUpdate username and password. The new vulnerability scripts will be automatically included in your scans if you have selected that option by right-clicking the selected vulnerability category and checking the "Run New Checks" checkbox.

102 MANAGED SERVICE CUSTOMERS already have the newest update applied to their environment. The new vulnerability scripts will be automatically included when your scans are next scheduled, provided the Run New Scripts option has been turned on. MCAFEE TECHNICAL SUPPORT ServicePortal: Multi-National Phone Support available here: Non-US customers - Select your country from the list of Worldwide Offices. This may contain confidential and privileged material for the sole use of the intended recipient. Any review or distribution by others is strictly prohibited. If you are not the intended recipient please contact the sender and delete all copies. Copyright 2012 McAfee, Inc. McAfee is a registered trademark of McAfee, Inc. and/or its affiliates