The Passive Vulnerability Scanner (PVS) Plugins
http://www.tenablesecurity.com/tenable_plugins.pdf
All the newest security checks for the Tenable Passive Vulnerability Scanner (PVS)PVS Pluginshttp://www.tenablesecurity.com/images/RssLogo.jpg
http://www.tenablesecurity.com/
VLC Media Player < 1.1.4 Patch Subversion Arbitrary DLL Injection Code Execution
Synopsis :
The remote host contains an application that allows arbitrary code execution.
The remote host contains VLC player, a multi-media application. For your information, the observed version of VLC is %L.
Versions of VLC media player earlier than 1.1.4 are potentially affected by a code execution vulnerability. The application insecurely looks in its current working directory when resolving DLL dependencies, such as for 'wintab32.dll'. If a malicious DLL with the same name as a required DLL is located in the application's current working directory, the malicious DLL will be loaded.
CVSS Base Score : 9.3 CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
The remote host is configured with default or easily-guessed credentials
The remote host is a wireless access point (WAP). This version of Linksys shipped with a default userID and password which can be used to gain elevated access to the device. In this case, the credentials are Gemtek/gemtekswd . Since these credentials are hard coded into the device image, there is not a way to change them via the administrative tools.
CVSS Base Score : 7.5 CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
The remote host contains an application that is vulnerable to multiple attack vectors.
For your information, the observed version of Novell iPrint Client is %L.
Versions of Novell iPrint Client earlier than 5.44 are potentially affected by multiple vulnerabilities :
- A buffer overflow was discovered in how iPrint client handles the 'call-back-url' parameter value for a 'op-client-interface-version' operation where the 'result-type' parameter is set to 'url'.
- An uninitialized pointer vulnerability in ienipp.ocx was discovered and allows an attacker to exploit an issue where the uninitialized pointer is called and the process jumps to an address space controllable by the attacker.
CVSS Base Score : 9.3 CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
The remote host contains an application that is vulnerable to multiple attack vectors.
For your information, the observed version of Novell iPrint Client is %L
Versions of Novell iPrint Client earlier than 5.42 are potentially affected by multiple vulnerabilities :
- Due to a flaw in the nipplib.dll module, it may be possible for a remote attacker to delete arbitrary files from the remote system via the 'CleanUploadFiles' method provided by an ActiveX control. (TPTI-10-05)
- By passing a specially crafted value to the 'debug' parameter in the ActiveX control ienipp.ocx, it may be possible for an attacker to trigger a stack-based buffer overflow, potentially resulting in arbitrary code execution within the context of the user running the browser. (TPTI-10-06)
- Due to improper validation of plugin parameters, it may be possible for an attacker to trigger a buffer overflow condition resulting in arbitrary code execution within the context of the user running the browser. (ZDI-10-139)
Due to improper validation of plugin parameters it may be possible for an attacker to trigger a stack-based buffer overflow, potentially resulting in arbitrary code execution within the context of the user running the browser. (ZDI-10-140)
CVSS Base Score : 9.3 CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Copyright Tenable Network Security Inc. 2010]]>2010-08-30T14:43:00-05:00
http://www.tenablesecurity.com/5647.html
MySQL Community Server 5.1 < 5.1.49 Multiple Denial of Service Vulnerabilities
Synopsis :
The remote database server is vulnerable to multiple denial of service attacks.
For your information, the observed version of MySQL Community Server is %L.
Versions of MySQL Community Server 5.1 earlier than 5.1.49 are potentially affected by multiple vulnerabilities :
- After changing the values of the 'innodb_file_format' or 'innodb_file_per_table' configuration parameters, DDL statements could cause a server crash. (Bug #55039)
Joins involving a table with a unique SET column could cause a server crash. (Bug #54575)
Incorrect handling of NULL arguments could lead to a crash for IN() or CASE operations when ULL arguments were either passed explicitly as arguments (for IN()) or implicitly generated by the WITH ROLLUP modifier which could lead to a crash. (Bug #54477)
- A malformed argument to the BINLOG statement could result in Valgrind warnings or a server crash. (Bug #54393)
- Use of TEMPORARY InnoDB tables with nullabale columns could cause a server crash. (Bug #54044)
- The server could crash if there were alternate reads from two indexes on a table using the HANDLER interface. (Bug #54007)
- Using EXPLAIN with specially crafted queries could lead to a crash. (Bug #52711)
- 'LOAD DATA INFILE' did not check for SQL errors and sent an OK packet even when errors were already reported. (Bug #52512)
CVSS Base Score : 4.0 CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P
Upgrade to MySQL Community Server 5.1.49 or later.
Risk factor :
MEDIUM
Copyright Tenable Network Security Inc. 2010]]>2010-08-30T14:43:00-05:00
http://www.tenablesecurity.com/5646.html
database TDS failed login detection
The following UserID just failed a SQL login
Solution :
Risk factor :
INFO
Copyright Tenable Network Security Inc. 2010]]>2010-08-30T14:43:00-05:00
http://www.tenablesecurity.com/5645.html
Google Chrome < 5.0.375.127 Multiple Vulnerabilities
Synopsis :
The remote host contains a web browser that is vulnerable to multiple attack vectors.
For your information, the observed version of Google Chrome installed on the remote host is %L.
Versions of Google Chrome earlier than 5.0.375.127 are potentially affected by multiple vulnerabilities :
A memory corruption issue with file dialog. (Bug 45400)
A memory corruption issue with SVGs. (Bug 49596)
An issue relating to a bad cast with text editing. (Bug 49268)
- A possible address bar spoofing vulnerability caused by a history bug. (Bug 49964)
- A memory corruption issue in MIME type handling. (Bugs 50515, 51835)
A crash on shutdown due to a notifications bug. (Bug 50553)
Omnibox autosuggest is enabled when a user might be typing a password. (Bug 51146)
A memory corruption issue in Ruby support. (Bug 51654)
A memory corruption issue in Geolocation support. (51670)
CVSS Base Score : 9.3 CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
The remote web server is hosting a web application that is vulnerable to a security bypass attack.
The remote web server hosts a Drupal install that uses the CCK "Node Reference" module. Versions of the CCK Module earlier than 6.x-2.8 are potentially affected by a security bypass vulnerability. The application provides a backend URL that is used for asynchronous requests by the 'autocomplete' widget which fails to correctly check that the user had field level access to the source field.
CVSS Base Score : 5.0 CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
The remote database server is vulnerable to a cross-site request forgery attack.
The remote host is running CouchDB, a document-oriented database. For your information, the observed version of CouchDB is %L.
Versions of CouchDB earlier than 0.11.2 are potentially affected by a cross-site request forgery vulnerability. The application fails to properly sanitize user-supplied input before it is used in the Futon administrative interface.
remote attacker could exploit this to execute arbitrary script code in the security context of CouchDB's admin interface.
CVSS Base Score : 3.5 CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N