Nessus.org Plugins
http://www.nessus.org/scripts.php
All the newest security checks for the Nessus scannerNessus Pluginshttp://www.nessus.org/images/RssLogo.jpg
http://www.nessus.org/
Serv-U < 7.2.0.1 Denial of Service Vulnerability
Synopsis :
The remote FTP server is affected by a denial of service
vulnerability.
Description :
The remote host is running Serv-U File Server, an FTP server for
Windows.
The installed version of Serv-U is earlier than 7.2.0.1 and thus
reportedly contains an SFTP bug in which directory creation and
logging SFTP commands could lead to an application crash.
Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)]]>
http://www.nessus.org/plugins/index.php?view=single&id=33937
?HP-UX Security patch : PHNE_38458
The remote host is missing HP-UX Security Patch number PHNE_38458 .
(ftpd(1M) and ftp(1) patch)
Risk factor : High]]>
http://www.nessus.org/plugins/index.php?view=single&id=33936
?FreeBSD : drupal -- multiple vulnerabilities (1149)
The remote host is missing an update to the system
The following package is affected: drupal5
Solution : Update the package on the remote host
See also :
]]>
http://www.nessus.org/plugins/index.php?view=single&id=33935
?[DSA1629] DSA-1629-1 postfix
Sebastian Krahmer discovered that Postfix, a mail transfer agent,
incorrectly checks the ownership of a mailbox. In some configurations,
this allows for appending data to arbitrary files as root.
Note that only specific configurations are vulnerable
the default
Debian installation is not affected. Only a configuration meeting
the following requirements is vulnerable:
For a detailed treating of the issue, please refer to the upstream
author's announcement.
For the stable distribution (etch), this problem has been fixed in
version 2.3.8-2etch1.
Solution : http://www.debian.org/security/2008/dsa-1629
Risk factor : High]]>
http://www.nessus.org/plugins/index.php?view=single&id=33934
?[DSA1628] DSA-1628-1 pdns
Brian Dowling discovered that the PowerDNS authoritative name server
does not respond to DNS queries which contain certain characters,
increasing the risk of successful DNS spoofing (CVE-2008-3337). This
update changes PowerDNS to respond with SERVFAIL responses instead.
For the stable distribution (etch), this problem has been fixed in version
2.9.20-8+etch1.
Solution : http://www.debian.org/security/2008/dsa-1628
Risk factor : High]]>
http://www.nessus.org/plugins/index.php?view=single&id=33933
?Oracle WebLogic Server mod_wl POST Request Buffer Overflow Vulnerability
Synopsis :
The remote web server uses a module that is affected by a buffer
overflow vulnerability.
Description :
The Apache web server running on the remote host includes a version of
the WebLogic plug-in for Apache (mod_wl) that is affected by a buffer
overflow. This is a Apache module included with Oracle (formerly BEA)
WebLogic Server and used to proxy requests from an Apache HTTP server
to WebLogic. A remote attacker can leverage this issue to execute
arbitrary code on the remote host.
Note that Nessus has not tried to exploit this issue but rather has
only checked the affected module's build timestamp. As a result, it
will not detect if the remote implements one of the workarounds
published by Oracle in its advisory. Still, it should be noted that
the vendor strongly recommends updating the plug-in.
Contact the vendor for a patch or upgrade to a unaffected version.
Risk factor :
Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)]]>
http://www.nessus.org/plugins/index.php?view=single&id=33928
?Web Server Redirects to Arbitrary Domains
Synopsis :
The remote web server allows redirects to arbitrary domains.
Description :
The remote web server is configured to redirect users using a HTTP
302, 303 or 307 response. However, the server can redirect to a
domain that includes components included in the original request.
A remote attacker could exploit this by crafting a URL which appears
to resolve to the remote server, but redirects to a malicious
location.
Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)]]>
http://www.nessus.org/plugins/index.php?view=single&id=33927
?dwsync.xml Information Disclosure
Synopsis :
The remote web server discloses the location of files and directories.
Description :
Adobe's Dreamweaver is known to produce 'dwsync.xml' files. These
contain synchronization information that may include the list of files
and directories synchronised. This can lead to information
disclosure.
Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)]]>
http://www.nessus.org/plugins/index.php?view=single&id=33926
?dotCMS id Parameter Directory Traversal Vulnerabilities
Synopsis :
The remote web server contains a Java application that is affected by
multiple directory traversal vulnerabilities.
Description :
The remote host is using dotCMS, an open-source J2EE / Java web
content management system.
The version of dotCMS installed on the remote host fails to sanitize
input to the 'id' parameter of the 'news/index.dot' and
'getting_started/macros/macros_detail.dot' scripts before using it to
access files. An unauthenticated attacker may be able to leverage
this issue to retrieve the contents of arbitrary files on the remote
host, subject to the privileges of the web server user id.
The remote SuSE system is missing the security patch python-5491.
Description :
This update of python fixes several security
vulnerabilities. (CVE-2008-1679,CVE-2008-1887,
CVE-2008-3143, CVE-2008-3142, CVE-2008-3144, CVE-2008-2315,
CVE-2008-2316)
The remote SuSE system is missing the security patch python-5490.
Description :
This update of python fixes several security
vulnerabilities. (CVE-2008-1679,CVE-2008-1887,
CVE-2008-3143, CVE-2008-3142, CVE-2008-3144, CVE-2008-2315,
CVE-2008-2316) Note: for SLE10 a non-security bug in mmap
was fixed too.
Solution :
Install the security patch python-5490.
Risk factor :
High]]>
http://www.nessus.org/plugins/index.php?view=single&id=33923
?Solaris 9 (i386) : 124302-11
The remote host is missing Sun Security Patch number 124302-11
(Portal Server 7.1 Update 2 Solaris_x86:Maintenance Update Release).
Date this patch was last updated by Sun : Fri Aug 08 09:28:31 MDT 2008
You should install this patch for your system to be up-to-date.
Solution : http://sunsolve.sun.com/search/document.do?assetkey=1-21-124302-11-1
Risk factor : High]]>
http://www.nessus.org/plugins/index.php?view=single&id=33922
?Solaris 9 (i386) : 114262-04
The remote host is missing Sun Security Patch number 114262-04
(SunOS 5.9_x86: /usr/sbin/snoop Patch).
Date this patch was last updated by Sun : Mon Aug 04 10:41:26 MDT 2008
You should install this patch for your system to be up-to-date.
Solution : http://sunsolve.sun.com/search/document.do?assetkey=1-21-114262-04-1
Risk factor : High]]>
http://www.nessus.org/plugins/index.php?view=single&id=33921
?Solaris 9 (sparc) : 124301-11
The remote host is missing Sun Security Patch number 124301-11
(Portal Server 7.1 Update 2 Solaris (sparc): Maintenance Update Release).
Date this patch was last updated by Sun : Fri Aug 08 09:18:18 MDT 2008
You should install this patch for your system to be up-to-date.
Solution : http://sunsolve.sun.com/search/document.do?assetkey=1-21-124301-11-1
Risk factor : High]]>
http://www.nessus.org/plugins/index.php?view=single&id=33920
?Solaris 9 (sparc) : 112915-05
The remote host is missing Sun Security Patch number 112915-05
(SunOS 5.9: snoop Patch).
Date this patch was last updated by Sun : Mon Aug 04 10:39:06 MDT 2008
You should install this patch for your system to be up-to-date.
Solution : http://sunsolve.sun.com/search/document.do?assetkey=1-21-112915-05-1
Risk factor : High]]>
http://www.nessus.org/plugins/index.php?view=single&id=33919
?Solaris 8 (i386) : 108965-11
The remote host is missing Sun Security Patch number 108965-11
(SunOS 5.8_x86: in.tftpd and snoop patch).
Date this patch was last updated by Sun : Mon Aug 04 10:46:56 MDT 2008
You should install this patch for your system to be up-to-date.
Solution : http://sunsolve.sun.com/search/document.do?assetkey=1-21-108965-11-1
Risk factor : High]]>
http://www.nessus.org/plugins/index.php?view=single&id=33918
?Solaris 8 (sparc) : 124301-11
The remote host is missing Sun Security Patch number 124301-11
(Portal Server 7.1 Update 2 Solaris (sparc): Maintenance Update Release).
Date this patch was last updated by Sun : Fri Aug 08 09:18:18 MDT 2008
You should install this patch for your system to be up-to-date.
Solution : http://sunsolve.sun.com/search/document.do?assetkey=1-21-124301-11-1
Risk factor : High]]>
http://www.nessus.org/plugins/index.php?view=single&id=33917
?Solaris 8 (sparc) : 108964-11
The remote host is missing Sun Security Patch number 108964-11
(SunOS 5.8: in.tftpd and snoop patch).
Date this patch was last updated by Sun : Mon Aug 04 10:44:52 MDT 2008
You should install this patch for your system to be up-to-date.
Solution : http://sunsolve.sun.com/search/document.do?assetkey=1-21-108964-11-1
Risk factor : High]]>
http://www.nessus.org/plugins/index.php?view=single&id=33916
?Solaris 10 (i386) : 138084-01
The remote host is missing Sun Security Patch number 138084-01
(SunOS 5.10_x86: snoop patch).
Date this patch was last updated by Sun : Mon Aug 04 08:29:54 MDT 2008
You should install this patch for your system to be up-to-date.