New Security Vulnerabilities 4th of August 2008
The following new vulnerabilities were added to the Telspace's database this
month:
268 NEW THREATS ADDED SINCE AUGUST 04
TOTAL THREATS IN THE DATABASE 23241
NEW THREATS RISK FACTOR SUMMARY
(*****) Urgent Risk 22
(**** ) Critical Risk 165
(*** ) High Risk 27
(** ) Medium Risk 17
(* ) Low Risk 37
NEW THREATS FAMILY SUMMARY
Centos Local Checks 1
Firewalls, Routers, SNMP 1
Denial of Service 1
Unix 1
FTP Services 1
Slackware Local Checks 2
Cross-Site Scripting 2
Database Services 3
Debian Local Checks 4
Ubuntu Local Checks 4
Remote Shell Access 5
FreeBSD Local Checks 6
Service Detection 6
HP-UX Local Checks 6
MacOS X Local Checks 6
Miscellaneous 8
Fedora Local Checks 10
Microsoft Bulletins 12
Gentoo Local Checks 13
Red Hat Local Checks 15
Web Services 15
Windows 22
Solaris Local Checks 31
SCADA Systems 38
SuSE Local Checks 55
(*****) Urgent Risk - Remote Shell Access
Skype Networking Routine Heap Overflow Vulnerability
(*****) Urgent Risk - SCADA Systems
CitectSCADA ODBC Server Buffer Overflow Vulnerability
(*****) Urgent Risk - Windows
Trend Micro ServerProtect Multiple Remote Insecure Method Exposure Vulnerabilities
(*****) Urgent Risk - SCADA Systems
LiveData Servers Multiple Vulnerabilities
(*****) Urgent Risk - SCADA Systems
Modbus/TCP Discrete Input Access
(*****) Urgent Risk - SCADA Systems
Sisco OSI Stack Malformed Packet Vulnerability
(*****) Urgent Risk - MacOS X Local Checks
Mac OS X Security Update 2008-004
(*****) Urgent Risk - SCADA Systems
SISCO OSI Stack Malformed Packet Remote Denial of Service Vulnerability
(*****) Urgent Risk - SCADA Systems
Modicon PLC Default FTP Password
(*****) Urgent Risk - SCADA Systems
Modbus/TCP Coil Access
(*****) Urgent Risk - Database Services
Oracle Default Account
(*****) Urgent Risk - MacOS X Local Checks
Mac OS X < 10.5.3
(*****) Urgent Risk - Windows
Default password for db2admin account on Windows
(*****) Urgent Risk - Remote Shell Access
Oracle WebLogic Server mod_wl POST Request Buffer Overflow Vulnerability
(*****) Urgent Risk - SCADA Systems
Takebishi Electric DeviceXPlorer OPC Server Multiple Vulnerabilities
(*****) Urgent Risk - MacOS X Local Checks
Mac OS X < 10.5.4
(*****) Urgent Risk - Remote Shell Access
Remote host has weak Debian OpenSSH Keys in ~/.ssh/authorized_keys
(*****) Urgent Risk - MacOS X Local Checks
Mac OS X Security Update 2008-002
(*****) Urgent Risk - Remote Shell Access
Veritas Storage Foundation NULL NTLMSSP Authentication Bypass Vulnerability
(SYM08-015)
(*****) Urgent Risk - SCADA Systems
Modicon PLC HTTP Server Default Username/Password
(*****) Urgent Risk - MacOS X Local Checks
Mac OS X Security Update 2008-003
(*****) Urgent Risk - MacOS X Local Checks
Mac OS X Security Update 2008-005
(**** ) Critical Risk - Web Services
Symphony sym_auth Cookie SQL Injection Vulnerability
(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0939: kernel
(**** ) Critical Risk - Fedora Local Checks
Fedora Core 9 2008-6393: httpd
(**** ) Critical Risk - HP-UX Local Checks
HP-UX Security patch : PHCO_36562
(**** ) Critical Risk - Remote Shell Access
MDaemon FETCH Command Buffer Overflow Vulnerability
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: Linux Kernel update (kernel-4641)
(**** ) Critical Risk - SCADA Systems
DNP3 Binary Inputs Access
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: Security update for Mozilla Firefox
(MozillaFirefox-4570)
(**** ) Critical Risk - Red Hat Local Checks
RHSA-2008-0612: kernel
(**** ) Critical Risk - SCADA Systems
ICCP/COTP TSAP Addressing
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: seamonkey: Security update to version 1.1.2.
(seamonkey-3631)
(**** ) Critical Risk - Red Hat Local Checks
RHSA-2008-0154: kernel
(**** ) Critical Risk - SCADA Systems
Modicon PLC Modbus Slave Mode
(**** ) Critical Risk - Solaris Local Checks
Solaris 9 (i386) : 138570-01
(**** ) Critical Risk - Solaris Local Checks
Solaris 9 (sparc) : 112915-05
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: MozillaFirefox: Security update to version 2.0.0.8
(MozillaFirefox-4572)
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: MozillaThunderbird: Security update to version
1.5.0.6 (MozillaThunderbird-1924)
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: pdns-recursor: improved spoofing resistance
(pdns-5510)
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: Security update for Sun Java 1.4.2
(java-1_4_2-sun-4533)
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: MozillaFirefox: Security update to version 1.5.0.6
(MozillaFirefox-1981)
(**** ) Critical Risk - SCADA Systems
DNP3 Unsolicited Messaging
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: Security update for MozillaFirefox
(MozillaFirefox-5405)
(**** ) Critical Risk - Solaris Local Checks
Solaris 8 (sparc) : 138536-01
(**** ) Critical Risk - Red Hat Local Checks
RHSA-2008-0364: mysql
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: MozillaFirefox: Security update to version 2.0.0.8
(MozillaFirefox-4574)
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: This update fixes a vulnerability which occurs while processing a special PDF file. (koffice-wordprocessing-2577)
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: Security update for Python (python-5490)
(**** ) Critical Risk - Solaris Local Checks
Solaris 9 (sparc) : 137400-01
(**** ) Critical Risk - Solaris Local Checks
Solaris 9 (i386) : 119725-05
(**** ) Critical Risk - Red Hat Local Checks
RHSA-2008-0211: kernel
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: postfix: local privilege escalation (CVE-2008-2936 and CVE-2008-2937) (postfix-5501)
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: Security update for Linux kernel (kernel-4185)
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: seamonkey: Security update to version 1.0.4
(seamonkey-1952)
(**** ) Critical Risk - Solaris Local Checks
Solaris 10 (sparc) : 124301-11
(**** ) Critical Risk - Solaris Local Checks
Solaris 9 (sparc) : 138536-01
(**** ) Critical Risk - Red Hat Local Checks
RHSA-2008-0164: krb
(**** ) Critical Risk - SCADA Systems
Modicon Modbus/TCP Programming Function Code Access
(**** ) Critical Risk - Solaris Local Checks
Solaris 10 (i386) : 138069-01
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: Linux Kernel security update. (kernel-4487)
(**** ) Critical Risk - Red Hat Local Checks
RHSA-2008-0061: setroubleshoot
(**** ) Critical Risk - Debian Local Checks
[DSA1629] DSA-1629-1 postfix
(**** ) Critical Risk - Microsoft Bulletins
Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617)
(**** ) Critical Risk - SCADA Systems
Automated Solutions Modbus TCP Slave ActiveX Heap Corruption Vulnerability
(**** ) Critical Risk - SCADA Systems
ICCP/COTP Protocol
(**** ) Critical Risk - Solaris Local Checks
Solaris 10 (sparc) : 138060-03
(**** ) Critical Risk - Solaris Local Checks
Solaris 8 (sparc) : 124301-11
(**** ) Critical Risk - SCADA Systems
Iconics DlgWrapper ActiveX Control Buffer Overflow Vulnerability
(**** ) Critical Risk - Solaris Local Checks
Solaris 8 (sparc) : 119725-05
(**** ) Critical Risk - SCADA Systems
Modicon PLC CPU Type
(**** ) Critical Risk - Red Hat Local Checks
RHSA-2008-0389: nss_ldap
(**** ) Critical Risk - Red Hat Local Checks
RHSA-2008-0815: yum
(**** ) Critical Risk - Web Services
MailScan WebAdministrator Authentication Bypass Vulnerability
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: Security update for IBM Java 1.4.2
(java-1_4_2-ibm-5182)
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: seamonkey: Security update to version 1.1.5.
(seamonkey-4594)
(**** ) Critical Risk - Fedora Local Checks
Fedora Core 8 2008-6706: thunderbird
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: MozillaThunderbird: Security update to version
1.5.0.12 (MozillaThunderbird-3546)
(**** ) Critical Risk - Solaris Local Checks
Solaris 9 (sparc) : 119725-05
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: Linux Kernel update (kernel-5339)
(**** ) Critical Risk - HP-UX Local Checks
HP-UX Security patch : PHCO_38273
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: Security update for Linux kernel (kernel-bigsmp-2399)
(**** ) Critical Risk - Miscellaneous
Unsupported Unix Installation
(**** ) Critical Risk - Solaris Local Checks
Solaris 10 (i386) : 122240-03
(**** ) Critical Risk - Fedora Local Checks
Fedora Core 8 2008-7029: libxslt
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: asterisk security update (asterisk-5524)
(**** ) Critical Risk - Solaris Local Checks
Solaris 8 (sparc) : 108964-11
(**** ) Critical Risk - Debian Local Checks
[DSA1628] DSA-1628-1 pdns
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: Security update for IBM Java 1.5.0
(java-1_5_0-ibm-5183)
(**** ) Critical Risk - HP-UX Local Checks
HP-UX Security patch : PHCO_36563
(**** ) Critical Risk - Solaris Local Checks
Solaris 9 (i386) : 114262-04
(**** ) Critical Risk - Microsoft Bulletins
Cumulative Security Update of ActiveX Kill Bits (953839)
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: Prevents popup windows from being displayed on top of screen locked with xscreensaver (xscreensaver-5156)
(**** ) Critical Risk - SCADA Systems
Modicon PLC IO Scan Status
(**** ) Critical Risk - HP-UX Local Checks
HP-UX Security patch : PHCO_38048
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: Security update for Linux kernel (i386) (kernel-2097)
(**** ) Critical Risk - Fedora Local Checks
Fedora Core 8 2008-7104: poppler
(**** ) Critical Risk - FTP Services
HP-UX ftpd Remote Privileged Access Vulnerability
(**** ) Critical Risk - Solaris Local Checks
Solaris 8 (i386) : 108965-11
(**** ) Critical Risk - Windows
Winamp < 5.541 NowPlaying Unspecified Vulnerability
(**** ) Critical Risk - Microsoft Bulletins
Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution (952954)
(**** ) Critical Risk - HP-UX Local Checks
HP-UX Security patch : PHNE_38458
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: seamonkey: Security update to version 1.1.2.
(seamonkey-3632)
(**** ) Critical Risk - Microsoft Bulletins
Security Update for Outlook Express and Windows Mail (951066)
(**** ) Critical Risk - Red Hat Local Checks
RHSA-2008-0839: postfix
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: moodle security update (moodle-5488)
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: MozillaFirefox 1.5.0.4 security update.
(MozillaFirefox-1585)
(**** ) Critical Risk - Red Hat Local Checks
RHSA-2008-0789: dnsmasq
(**** ) Critical Risk - Gentoo Local Checks
[GLSA-200808-12] Postfix: Local privilege escalation vulnerability
(**** ) Critical Risk - Solaris Local Checks
Solaris 9 (i386) : 138536-01
(**** ) Critical Risk - Solaris Local Checks
Solaris 10 (sparc) : 138083-01
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: Kernel Update for SUSE Linux 10.1 (kernel-2397)
(**** ) Critical Risk - Windows
Skype Web Content Zone Remote Code Execution Vulnerability
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: python: multiple security vulnerabilities got fixed
(python-5491)
(**** ) Critical Risk - SCADA Systems
DNP3 Link Layer Addressing
(**** ) Critical Risk - Solaris Local Checks
Solaris 10 (sparc) : 138068-01
(**** ) Critical Risk - HP-UX Local Checks
HP-UX Security patch : PHNE_37865
(**** ) Critical Risk - Solaris Local Checks
Solaris 9 (sparc) : 124301-11
(**** ) Critical Risk - Microsoft Bulletins
Vulnerabilities in Event System Could Allow Remote Code Execution (950974)
(**** ) Critical Risk - Centos Local Checks
CentOS : RHSA-2008-0839
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: Security update for Linux kernel (kernel-2606)
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: mysql: Fixes a security problem
(libmysqlclient-devel-5341)
(**** ) Critical Risk - Miscellaneous
PowerDNS malformed query handling
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: Security update for rdesktop (rdesktop-5272)
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: gnome-screensaver: information leak
(gnome-screensaver-5506)
(**** ) Critical Risk - Ubuntu Local Checks
USN633-1 : libxslt vulnerabilities
(**** ) Critical Risk - SCADA Systems
Modicon PLC Embedded HTTP Server
(**** ) Critical Risk - Microsoft Bulletins
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution
(955048)
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: java-1_6_0-sun: Security update to 1.6.0 patchlevel 3
(java-1_6_0-sun-4525)
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: MozillaFirefox: Security update to version 2.0.0.15
(MozillaFirefox-5411)
(**** ) Critical Risk - Red Hat Local Checks
RHSA-2008-0237: kernel
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: java-1_4_2-sun: Security update to 1.4.2 patchlevel
16 (java-1_4_2-sun-4536)
(**** ) Critical Risk - Fedora Local Checks
Fedora Core 9 2008-7062: libxslt
(**** ) Critical Risk - Ubuntu Local Checks
USN632-1 : Python vulnerabilities
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: seamonkey: Security update to version 1.0.9.
(seamonkey-4596)
(**** ) Critical Risk - Ubuntu Local Checks
USN634-1 : OpenLDAP vulnerability
(**** ) Critical Risk - Solaris Local Checks
Solaris 9 (i386) : 137401-01
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: Security update for Firefox (MozillaFirefox-1960)
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: Linux Kernel security update. (kernel-4929)
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: Security update for Linux kernel (kernel-4741)
(**** ) Critical Risk - Debian Local Checks
[DSA1576] DSA-1576-1 openssh
(**** ) Critical Risk - Solaris Local Checks
Solaris 10 (i386) : 119725-05
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: java-1_5_0-sun: Security update to 1.5.0 patchlevel
13 (java-1_5_0-sun-4527)
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: Security update for Linux kernel (kernel-4935)
(**** ) Critical Risk - Web Services
e107 extract Variable Overwriting Vulnerability
(**** ) Critical Risk - Fedora Local Checks
Fedora Core 9 2008-6737: thunderbird
(**** ) Critical Risk - Solaris Local Checks
Solaris 10 (sparc) : 122239-03
(**** ) Critical Risk - Fedora Local Checks
Fedora Core 8 2008-6314: httpd
(**** ) Critical Risk - Solaris Local Checks
Solaris 10 (sparc) : 119725-05
(**** ) Critical Risk - Web Services
PHP < 4.4.9 Multiple Vulnerabilities
(**** ) Critical Risk - Windows
Sun xVM VirtualBox < 1.6.4 Privilege Escalation Vulnerability
(**** ) Critical Risk - Solaris Local Checks
Solaris 10 (i386) : 138061-03
(**** ) Critical Risk - Windows
Skype File URI Security Bypass Code Execution Vulnerability
(**** ) Critical Risk - Solaris Local Checks
Solaris 10 (i386) : 138084-01
(**** ) Critical Risk - Solaris Local Checks
Solaris 8 (sparc) : 112169-07
(**** ) Critical Risk - Solaris Local Checks
Solaris 10 (sparc) : 138536-01
(**** ) Critical Risk - SCADA Systems
Modicon PLC Telnet Server
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: MozillaThunderbird: Security update to version
1.5.0.12 (MozillaThunderbird-3545)
(**** ) Critical Risk - Microsoft Bulletins
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution
(949785)
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: Linux Kernel update (kernel-4970)
(**** ) Critical Risk - Red Hat Local Checks
RHSA-2008-0233: kernel
(**** ) Critical Risk - Fedora Local Checks
Fedora Core 9 2008-7205: condor
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: Security update for MySQL (mysql-5338)
(**** ) Critical Risk - Ubuntu Local Checks
USN626-2 : Devhelp, Epiphany, Midbrowser and Yelp update
(**** ) Critical Risk - Solaris Local Checks
Solaris 10 (i386) : 124302-11
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: This update fixes a vulnerability which occurs while processing a special PDF file. (koffice-wordprocessing-2648)
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: Security update for Postfix (postfix-5500)
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: Linux Kernel update (kernel-4943)
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: Kernel Update for SUSE Linux 10.1 (kernel-4941)
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: rdesktop: fixed CVE-2008-1801, CVE-2008-1802 and
CVE-2008-1803 (rdesktop-5271)
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: Security update for Linux kernel (kernel-4471)
(**** ) Critical Risk - Windows
WebEx Meeting Manager WebexUCFObject ActiveX Control Buffer Overflow Vulnerability
(**** ) Critical Risk - Debian Local Checks
[DSA1627] DSA-1627-1 opensc
(**** ) Critical Risk - Windows
Computer Associates HIPS Kmxfw.sys Multiple Vulnerabilities
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: Security update for java-1_5_0-ibm
(java-1_5_0-ibm-4687)
(**** ) Critical Risk - Web Services
Joomla Password Reset Token Vulnerability
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: moodle security update (moodle-5487)
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: dnsmasq: random UDP ports and random TRXID
(dnsmasq-5512)
(**** ) Critical Risk - Microsoft Bulletins
Cumulative Security Update for Internet Explorer (953838)
(**** ) Critical Risk - Microsoft Bulletins
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
(954066)
(**** ) Critical Risk - SCADA Systems
Modicon PLC Web Password Status
(**** ) Critical Risk - Red Hat Local Checks
RHSA-2008-0818: hpijs
(**** ) Critical Risk - Fedora Local Checks
Fedora Core 8 2008-7083: pdns
(**** ) Critical Risk - Solaris Local Checks
Solaris 9 (i386) : 124302-11
(**** ) Critical Risk - Red Hat Local Checks
RHSA-2008-0300: bind
(**** ) Critical Risk - Solaris Local Checks
Solaris 10 (i386) : 138536-01
(**** ) Critical Risk - Fedora Local Checks
Fedora Core 9 2008-7048: pdns
(*** ) High Risk - Microsoft Bulletins
Vulnerability in Windows Messenger Could Allow Information Disclosure
(955702)
(*** ) High Risk - Web Services
Pligg template Local File Include Vulnerability
(*** ) High Risk - Gentoo Local Checks
[GLSA-200808-01] xine-lib: User-assisted execution of arbitrary code
(*** ) High Risk - Web Services
Novell iManager < 2.7 SP1 Security Bypass Vulnerability
(*** ) High Risk - Web Services
Apache Tomcat UTF-8 Directory Traversal Vulnerability
(*** ) High Risk - Windows
hMailServer < 4.4.2 build 279 Remote Denial of Service Vulnerability
(*** ) High Risk - Denial of Service
MailEnable IMAP Service Denial of Service Vulnerability (ME-10042)
(*** ) High Risk - Cross-Site Scripting
Web Server Redirects to Arbitrary Domains
(*** ) High Risk - Gentoo Local Checks
[GLSA-200808-05] ISC DHCP: Denial of Service
(*** ) High Risk - Web Services
JBoss EAP Status Servlet Information Disclosure Vulnerability
(*** ) High Risk - Gentoo Local Checks
[GLSA-200808-02] Net-SNMP: Multiple vulnerabilities
(*** ) High Risk - Web Services
XAMPP Example Pages
(*** ) High Risk - Web Services
.svn/entries
(*** ) High Risk - Web Services
dotCMS id Parameter Directory Traversal Vulnerabilities
(*** ) High Risk - Gentoo Local Checks
[GLSA-200808-03] Mozilla products: Multiple vulnerabilities
(*** ) High Risk - Microsoft Bulletins
Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (924090)
(*** ) High Risk - Gentoo Local Checks
[GLSA-200808-10] Adobe Reader: User-assisted execution of arbitrary code
(*** ) High Risk - Web Services
dwsync.xml Information Disclosure
(*** ) High Risk - Microsoft Bulletins
Vulnerability in IPsec Policy Processing Could Allow Information Disclosure
(953733)
(*** ) High Risk - Windows
Skype Technologies skype4com URI Handler Remote Heap Corruption Vulnerability
(*** ) High Risk - Gentoo Local Checks
[GLSA-200805-18] Mozilla products: Multiple vulnerabilities
(*** ) High Risk - Web Services
Plogger checked[] Parameter SQL Injection Vulnerability
(*** ) High Risk - Gentoo Local Checks
[GLSA-200808-04] Wireshark: Denial of Service
(*** ) High Risk - Web Services
RTH uname Parameter SQL Injection Vulnerability
(*** ) High Risk - Gentoo Local Checks
[GLSA-200808-11] UUDeview: Insecure temporary file creation
(*** ) High Risk - Gentoo Local Checks
[GLSA-200808-06] libxslt: Execution of arbitrary code
(*** ) High Risk - Cross-Site Scripting
MS Site Server < 3.0 Cross-Site Scripting Vulnerability
(** ) Medium Risk - Gentoo Local Checks
[GLSA-200808-07] ClamAV: Multiple Denials of Service
(** ) Medium Risk - Miscellaneous
Oracle settings
(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : openvpn-devel -- arbitrary code execution (1144)
(** ) Medium Risk - Service Detection
Oracle detection
(** ) Medium Risk - Miscellaneous
Terminal Services Encryption Level is not FIPS-140 compliant
(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : ruby -- DoS vulnerability in WEBrick (1148)
(** ) Medium Risk - Miscellaneous
Network daemons not managed by the package system
(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : ruby -- DNS spoofing vulnerability (1146)
(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : drupal -- multiple vulnerabilities (1149)
(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : ruby -- multiple vulnerabilities in safe level (1147)
(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : Bugzilla -- Directory Traversal in importxml.pl (1145)
(** ) Medium Risk - Database Services
Oracle Default SID
(** ) Medium Risk - Gentoo Local Checks
[GLSA-200808-09] OpenLDAP: Denial of Service vulnerability
(** ) Medium Risk - Slackware Local Checks
SSA-2008-217-01 python
(** ) Medium Risk - Gentoo Local Checks
[GLSA-200808-08] stunnel: Security bypass
(** ) Medium Risk - Slackware Local Checks
SSA-2008-217-02 pan
(** ) Medium Risk - Windows
Skype URI Handling File Download Vulnerability
(* ) Low Risk - SCADA Systems
Areva/Alstom Energy Management System
(* ) Low Risk - SCADA Systems
Siemens SIMATIC PDM
(* ) Low Risk - Firewalls, Routers, SNMP
Reverse NAT/Intercepting Proxy Detection
(* ) Low Risk - SCADA Systems
Sisco OSI/ICCP Stack
(* ) Low Risk - Windows
Insecure Logical Drive FileSystem
(* ) Low Risk - Windows
DEP is disabled
(* ) Low Risk - SCADA Systems
Telvent OASyS System
(* ) Low Risk - Windows
SMB share files enumerated (via WMI)
(* ) Low Risk - Windows
WMI Available
(* ) Low Risk - SCADA Systems
OPC HDA Server
(* ) Low Risk - Windows
Windows File Contents Compliance Checks
(* ) Low Risk - SCADA Systems
OPC Detection
(* ) Low Risk - Miscellaneous
S Identification : RDP
(* ) Low Risk - Service Detection
CA InoWeb Detection
(* ) Low Risk - Database Services
SQL Anywhere server detection
(* ) Low Risk - Windows
Computer Manufacturer Information
(* ) Low Risk - Service Detection
LANDesk Remote Control Service Detection
(* ) Low Risk - SCADA Systems
Matrikon OPC Server for ControlLogix
(* ) Low Risk - Miscellaneous
Software Enumeration (via SSH)
(* ) Low Risk - Windows
Windows Wireless SSID
(* ) Low Risk - Service Detection
Trend Micro OfficeScan Client Version
(* ) Low Risk - Service Detection
eScan Agent Version
(* ) Low Risk - SCADA Systems
Matrikon OPC Explorer
(* ) Low Risk - SCADA Systems
National Instruments Lookout
(* ) Low Risk - Windows
Remote copy of Windows not activated
(* ) Low Risk - SCADA Systems
Matrikon OPC Server for Modbus
(* ) Low Risk - Windows
Network Interfaces Enumeration
(* ) Low Risk - SCADA Systems
Siemens S7-SCL
(* ) Low Risk - Miscellaneous
Solaris Package Enumeration (via SSH)
(* ) Low Risk - Service Detection
Service detection
(* ) Low Risk - Windows
USB Drives Enumeration
(* ) Low Risk - Unix
Unix Compliance Checks
(* ) Low Risk - SCADA Systems
OPC DA Server
(* ) Low Risk - SCADA Systems
Tamarack IEC 61850 Server
(* ) Low Risk - SCADA Systems
LiveData ICCP Server
(* ) Low Risk - Windows
Windows Compliance Checks
(* ) Low Risk - SCADA Systems
Siemens-Telegyr ICCP Gateway
|
