family nessus plugin tenable network...

SecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012

TENABLE NETWORK SECURITY

Nessus PluginFamilyMarch 14, 2012 at 7:22pm CDTDave Breslin [dlbreslin]Confidential: The following report contains confidential information. Do not distribute, email, fax,or transfer via any electronic mechanism unless it has been approved by the recipient company'ssecurity policy. All copies and backups of this document should be saved on protected storage at alltimes. Do not share any of the information contained within this report with anyone unless they areauthorized to view the information. Violating any of the previous instructions is grounds for termination.

http://www.tenablesecurity.com

Nessus Plugin Family SecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012

Table of Contents

Tenable Network Security i

Table of ContentsPlugin Family Summary ...............................................................................................................1

AIX Local Security Checks .......................................................................................................3

Backdoors .....................................................................................................................................................4

CentOS Local Security Checks ...........................................................................................5

CGI abuses ..................................................................................................................................................6

CGI abuses : XSS ................................................................................................................................8

CISCO ............................................................................................................................................................. 10

Databases .................................................................................................................................................. 12

Debian Local Security Checks ......................................................................................... 14

Default Unix Accounts ............................................................................................................... 16

Denial of Service ...............................................................................................................................18

DNS ....................................................................................................................................................................20

Fedora Local Security Checks ......................................................................................... 22

Firewalls .......................................................................................................................................................23

FreeBSD Local Security Checks .................................................................................... 25

FTP .....................................................................................................................................................................27

Gain a shell remotely .................................................................................................................. 29


Table of Contents

Tenable Network Security ii

General ..........................................................................................................................................................31

Gentoo Local Security Checks ........................................................................................ 33

HP-UX Local Security Checks ...........................................................................................35

Junos Local Security Checks ............................................................................................38

MacOS X Local Security Checks ...................................................................................40

Mandriva Local Security Checks ................................................................................... 42

Misc. ................................................................................................................................................................. 43

Netware .........................................................................................................................................................45

Peer-To-Peer File Sharing ......................................................................................................46

Policy Compliance .......................................................................................................................... 48

Port scanners ........................................................................................................................................49

Red Hat Local Security Checks ...................................................................................... 50

RPC ....................................................................................................................................................................51

SCADA ...........................................................................................................................................................53

Service detection ..............................................................................................................................55

Settings .........................................................................................................................................................56

Slackware Local Security Checks ................................................................................ 57

SMTP problems .................................................................................................................................. 58

SNMP ...............................................................................................................................................................60


Table of Contents

Tenable Network Security iii

Solaris Local Security Checks ......................................................................................... 62

SuSE Local Security Checks ..............................................................................................63

Ubuntu Local Security Checks ........................................................................................ 65

VMware ESX Local Security Checks .........................................................................67

Web Servers ........................................................................................................................................... 69

Windows ......................................................................................................................................................71

Windows : Microsoft Bulletins ..........................................................................................73

Windows : User management ............................................................................................75


Plugin Family Summary

Tenable Network Security 1


Plugin Family Severity Counts

Family Total Info Low Med. High Crit.

Misc. 956 327 94 0 0 535

VMware ESX Local SecurityChecks

954 0 0 162 487 305

Fedora Local Security Checks 948 0 449 0 0 499

Gentoo Local Security Checks 927 0 432 0 0 495

Mandriva Local Security Checks 926 0 434 0 0 492

AIX Local Security Checks 920 0 0 0 920 0

Red Hat Local Security Checks 920 0 475 0 0 445

Gain a shell remotely 919 0 13 300 91 515

General 897 492 76 221 103 5

Firewalls 895 195 40 189 347 124

Solaris Local Security Checks 893 0 0 0 893 0

SMTP problems 885 50 105 299 0 431

CGI abuses 880 396 0 0 0 484

Web Servers 874 415 0 0 0 459

FTP 868 167 37 236 0 428

SuSE Local Security Checks 868 0 436 0 0 432

Denial of Service 861 0 39 349 464 9

CGI abuses : XSS 858 0 154 680 24 0

Windows : Microsoft Bulletins 851 46 78 349 0 378

DNS 846 146 58 299 226 117

Default Unix Accounts 846 0 0 0 366 480

Peer-To-Peer File Sharing 840 351 66 132 291 0

Service detection 828 383 223 113 42 67

Ubuntu Local Security Checks 825 0 423 0 0 402

Slackware Local Security Checks 824 0 145 291 0 388

CentOS Local Security Checks 813 0 352 0 0 461

Backdoors 807 32 0 80 199 496

Windows 807 408 0 0 0 399

CISCO 805 0 60 324 58 363

Databases 799 160 173 64 0 402

Debian Local Security Checks 784 0 431 0 0 353

FreeBSD Local Security Checks 779 0 381 0 0 398

HP-UX Local Security Checks 768 0 0 430 0 338

SNMP 740 362 73 69 159 77

MacOS X Local Security Checks 724 196 30 131 0 367

Windows : User management 694 634 0 29 31 0




Family Total Info Low Med. High Crit.

RPC 597 186 13 269 77 52

Junos Local Security Checks 520 21 70 269 115 45

SCADA 431 105 0 96 149 81

Netware 361 0 43 191 127 0

Settings 310 237 73 0 0 0

Policy Compliance 101 35 0 33 33 0

Port scanners 45 10 35 0 0 0


AIX Local Security Checks


AIX Local Security Checks

Top 25 Most Common Plugin Results

Plugin Total Severity Plugin Name

55384 52 High AIX 530011 : U843402

55372 50 High AIX 530011 : U840873

55368 42 High AIX 530011 : U840869

55359 41 High AIX 530011 : U840860

55379 39 High AIX 530011 : U843397

55360 39 High AIX 530011 : U840861

55356 39 High AIX 530011 : U840857

55363 38 High AIX 530011 : U840864

55355 38 High AIX 530011 : U840856

55376 37 High AIX 530011 : U840877

55375 37 High AIX 530011 : U840876

55370 37 High AIX 530011 : U840871

55366 37 High AIX 530011 : U840867

55361 37 High AIX 530011 : U840862

55371 34 High AIX 530011 : U840872

55382 33 High AIX 530011 : U843400

55365 33 High AIX 530011 : U840866

55357 33 High AIX 530011 : U840858

55367 29 High AIX 530011 : U840868

55358 28 High AIX 530011 : U840859

55377 25 High AIX 530011 : U840878

55373 25 High AIX 530011 : U840874

55378 23 High AIX 530011 : U840879

55369 20 High AIX 530011 : U840870

55374 18 High AIX 530011 : U840875


Backdoors


Backdoors



45005 39 Critical Arugizer Backdoor Detection

45085 38 CriticalZeus/Zbot Banking Trojan/DataTheft (credentialed check)

46882 31 CriticalUnreal IRC Daemon BackdoorDetection

45006 28 CriticalEnergizer DUO USB BatteryCharger Software Backdoor(credentialed check)

33951 28 CriticalGeneric Backdoor Detection(banner check)

18391 28 MediumSMTP Server Non-standardPort Detection

12128 28 Critical Agobot.FO Backdoor Detection

10389 28 HighCart32 Backdoor PasswordArbitrary Command Execution

36036 27 CriticalConficker Worm Detection(uncredentialed check)

18367 27 Critical Kibuv Worm Detection

11118 25 Highalya.cgi CGI BackdoorDetection

51988 23 CriticalRogue Shell BackdoorDetection

12012 23 Medium CYDOOR Software Detection

10152 23 High NetBus 2.x Software Detection

12252 22 Critical Korgo Worm Detection

11854 22 High FsSniffer Backdoor Detection

11187 21 Critical4553 Parasite MothershipBackdoor Detection

15586 20 CriticalMoonLit Virus BackdoorDetection

11707 20 CriticalBugbear.B Web BackdoorDetection

11157 20 Medium Trojan Horse Detection

12004 18 High VCATCH Spyware Detection

15405 17 CriticalUnmanarc Remote ControlServer (URCS) Detection

11123 16 InfoRadmin (RemoteAdministrator) Port 4899Detection

12063 15 High Bagle.B Worm Detection

49270 14 Critical Stuxnet Worm Detection


CentOS Local Security Checks


CentOS Local Security Checks



43690 29 Critical CentOS : RHSA-2008-0504

21966 29 Low CentOS : RHSA-2005-805


25501 28 Low CentOS : RHSA-2007-0473

25255 28 Low CentOS : RHSA-2007-0353







25497 25 Low CentOS : RHSA-2007-0431

25499 22 Low CentOS : RHSA-2007-0465





25496 19 Low CentOS : RHSA-2007-0430

21968 19 Low CentOS : RHSA-2005-825





43817 16 Low CentOS : RHSA-2010-0018



CGI abuses


CGI abuses



55512 29 InfoAdobe ColdFusion RemoteDevelopment Services

55509 29 InfoRSA Self-Service ConsoleDetection

50510 29 CriticalFreeNAS exec_raw.phpArbitrary Command Execution

45138 29 CriticalRemote Help DefaultCredentials

55978 28 Info Sitecore CMS Detection

53621 28 Info SiteScope Detection

44109 28 Critical HP Power Manager < 4.2.10

57977 27 InfoOracle WebCenter ContentDetection

54969 27 Info Apache Archiva Detection

51645 27 Critical

HP OpenView NetworkNode Manager RemoteExecution of Arbitrary Code(HPSBMA02621 SSRT100352)

40354 27 CriticalOpenWrt Router with a BlankPassword (telnet check)

55627 26 InfoSymantec Web GatewayDetection

40552 24 CriticalSpiceworks HTTP ResponseAccept Header HandlingOverflow DoS

57918 23 CriticalEMC Celerra Control StationDefault Credentials

57825 23 Critical

PHP 5.3.9'php_register_variable_ex()'Code Execution (bannercheck)

58039 22 Critical

PHP 5.3.9'php_register_variable_ex()'Code Execution (intrusivecheck)

55800 22 InfoMicrosoft Remote DesktopWeb Access Detection

57850 21 Critical

Apache StrutsParameterInterceptor ClassOGNL Expression ParsingRemote Command Execution

41946 21 CriticalAdobe RoboHelp ServerSecurity Bypass (APSA09-05)


CGI abuses



39790 21 CriticalAdobe ColdFusion FCKeditor'CurrentFolder' File Upload

57699 19 InfoHP Managed PrintingAdministration Detection

57576 19 Criticalop5 Portal Arbitrary CommandExecution

47581 19 CriticalNovell 'modulemanager'Servlet Arbitrary File Upload(intrusive check)

56648 18 InfoSonicWALL ViewPoint ServerDetection

55444 18 InfoManageEngine ServiceDeskPlus Detection


CGI abuses : XSS


CGI abuses : XSS



54603 54 MediumAdobe RoboHelp FlashHelpUnspecified XSS (APSB11-09)(uncredentialed check)

58087 47 MediumphpMyAdmin 3.4.x <3.4.10.1 Cross-Site Scripting(PMASA-2012-1)

57979 46 MediumOracle WebCenter ContentHelp Component Cross-SiteScripting

55993 40 MediumphpMyAdmin 3.3.x / 3.4.x <3.3.10.4 / 3.4.4 Cross-siteScripting (PMASA-2011-13

53576 39 MediumAtlassian Confluence 2.x >=2.7 / 3.x < 3.4.9 Multiple Cross-Site Scripting Vulnerabilities

55775 37 MediumjCart 1.1 my-item-name POSTParameter XSS

57337 35 MediumphpMyAdmin 3.4.x <3.4.8 Cross-Site Scripting(PMASA-2011-18)

55904 35 MediumCGI Generic Script Injection(quick test)

54604 33 MediumMDaemon WorldClient <12.0.3 Summary Page EmailSubject XSS

55975 29 Medium Apache Hadoop Jetty XSS

52483 29 MediumCGI Generic Cross-SiteScripting (persistent, 3rd Pass)

57371 28 Medium

ManageEngine ServiceDeskPlus 8.0.0 < Build 8015Multiple Cross-Site ScriptingVulnerabilities

55903 28 MediumCGI Generic Cross-SiteScripting (extended patterns)

57617 27 MediumCacti < 0.8.7g Multiple Cross-Site Scripting and HTMLInjection Vulnerabilities

51998 26 MediumMediaWiki CSS CommentsXSS

18083 26 LowCoppermine Photo Galleryinit.inc.php X-Forwarded-ForXSS

14228 24 HighSquirrelMail < 1.4.3 MultipleVulnerabilities


CGI abuses : XSS



51529 22 MediumCGI Generic Cross-SiteScripting (persistent, 2nd pass)

34336 22 LowMailMarshal Spam QuarantineManagement (SQM) MultipleComponent XSS

51438 19 MediumPligg register.phpreg_username Parameter XSS

51090 18 MediumMODx login.php 'username'Parameter XSS

19514 18 Low phpGraphy EXIF Data XSS

56379 14 MediumphpMyAdmin 3.4.x <3.4.5 Cross-site Scripting(PMASA-2011-14)

57372 13 Medium

phpMyAdmin 3.4.x <3.4.9 Cross-Site Scripting(PMASA-2011-19 andPMASA-2011-20)

54579 13 Low Mailman < 2.1.14 Multiple XSS


CISCO


CISCO



56321 29 HighCisco IOS Software IPSand Zone-Based FirewallVulnerabilities - Cisco Systems

49016 29 CriticalSNMP Version 3Authentication Vulnerabilities -Cisco Systems

48965 27 CriticalNTP Vulnerability - CiscoSystems

10999 27 CriticalLinksys Router DefaultPassword

48977 26 MediumCisco Telnet Denial of ServiceVulnerability - Cisco Systems

48976 26 MediumCisco IOS Malformed OSPFPacket Causes Reload - CiscoSystems

10545 26 CriticalCisco Catalyst Web InterfaceRemote Command Execution

56319 25 High

Cisco IOS Software SessionInitiation Protocol Denial ofService Vulnerabilities - CiscoSystems

48961 25 MediumCisco IOS ARP TableOverwrite Vulnerability - CiscoSystems

48973 24 MediumCisco 6000/6500/7600 CraftedLayer 2 Frame Vulnerability -Cisco Systems

10045 24 CriticalCisco 675 Router DefaultUnpassworded Account

48996 23 Critical Crafted IP Option Vulnerability

48995 23 CriticalCombined IOS Table forJanuary 24, 2007 SecurityAdvisories

11689 23 LowCisco IDS Device ManagerDetection

48982 22 MediumCrafted Packet Causes Reloadon Cisco Routers

49004 21 MediumVulnerability In Crypto Library -Cisco Systems

56320 20 CriticalCisco IOS Software SmartInstall Remote Code ExecutionVulnerability - Cisco Systems


CISCO



48974 19 MediumVulnerabilities in SNMPMessage Processing - CiscoSystems

49646 18 CriticalLinksys Router DebugCredentials (Gemtek /gemtekswd)

49017 18 MediumMultiple Cisco ProductsVulnerable to DNS CachePoisoning Attacks

11383 18 Critical

Cisco SSH2 Server/Client Malformed PacketRemote DoS (CSCdz60229,CSCdy87221, CSCdu75477)

10754 17 CriticalCisco Multiple DevicesUnpassworded Account

48968 16 CriticalSSH Malformed PacketVulnerabilities - Cisco Systems

48964 16 MediumData Leak with Cisco ExpressForwarding Enabled - CiscoSystems

48960 16 Medium

ICMP UnreachableVulnerability in Cisco 12000Series Internet Router - CiscoSystems


Databases


Databases



56063 29 MediumOracle Database, January2009 Critical Patch Update

12047 29 CriticalOracle Database 9i MultipleFunctions Local Overflow

30153 28 CriticalDB2 < 8.1 FixPak 16 MultipleVulnerabilities

55690 26 CriticalDB2 Unsupported VersionDetection

33852 26 CriticalDefault Password (db2admin)for 'db2admin' Account onWindows

51840 25 CriticalDB2 9.1 < Fix Pack 10 MultipleVulnerabilities

11081 25 CriticalOracle Application ServerWeb Cache HTTP RequestOverflow

55786 23 Critical Oracle Database Unsupported

53811 23 InfoIBM solidDB Detection (localcheck)

32137 23 LowMySQL 4.1 < 4.1.24 MyISAMCreate Table Privilege CheckBypass

46328 22 LowMySQL Community Server 5.1< 5.1.46 Multiple Vulnerabilities

15417 22 LowPostgreSQLmake_oidjoins_check ArbitraryFile Overwrite

47158 21 LowMySQL Community Server <5.1.48 Denial of Service

31680 20 Info solidDB Detection

56056 19 CriticalOracle Database, April 2007Critical Patch Update

32138 19 LowMySQL Enterprise Server 5.0< 5.0.60 MyISAM CREATETABLE Privilege Check Bypass

25492 19 CriticalFirebird DataBase Serverfbserver.exe p_cnct_countValue Remote Overflow

22416 19 Info DB2 Connection Port Detection

10658 19 InfoOracle Database tnslsnrService Remote VersionDisclosure

56062 18 MediumOracle Database, October2008 Critical Patch Update


Databases



22017 17 InfoDB2 Discovery ServiceDetection

12246 17 CriticalFirebird DB Remote DatabaseName Overflow

10719 17 Info MySQL Server Detection

15486 16 CriticalDB2 < 8 Fix Pack 7a MultipleVulnerabilities

17830 15 LowMySQL 5.0.18 InformationLeak


Debian Local Security Checks





57879 29 CriticalDebian DSA-2406-1 : icedove -several vulnerabilities


44853 29 LowDebian DSA-1989-1 : fuse -denial of service

56340 28 CriticalDebian DSA-2313-1 :iceweasel - severalvulnerabilities

56179 25 LowDebian DSA-2309-1 : openssl- compromised certificateauthority


53505 24 LowDebian DSA-2222-1 : tinyproxy- incorrect ACL processing

47705 24 LowDebian DSA-2069-1 : znc -denial of service

57513 23 CriticalDebian DSA-2373-1 : inetutils -buffer overflow

50865 23 LowDebian DSA-2129-1 : krb5- checksum verificationweakness

34478 23 LowDebian DSA-1658-1 : dbus -programming error

57502 22 LowDebian DSA-2362-1 : acpid -several vulnerabilities

57516 20 LowDebian DSA-2376-2 : ipmitool -insecure PID file

51665 20 LowDebian DSA-2150-1 : request-tracker3.6 - unsalted passwordhashing

31589 19 LowDebian DSA-1518-1 : backup-manager - programming error

56307 18 CriticalDebian DSA-2311-1 :openjdk-6 - severalvulnerabilities


44810 18 LowDebian DSA-1945-1 : gforge -symlink attack

58012 17 CriticalDebian DSA-2412-1 : libvorbis- buffer overflow





44702 17 LowDebian DSA-1837-1 : dbus -programming error

26975 17 LowDebian DSA-1382-1 : quagga -null pointer dereference

52620 16 CriticalDebian DSA-2188-1 : webkit -several vulnerabilities

51558 16 LowDebian DSA-2147-1 : pimd -insecure temporary files

31588 16 LowDebian DSA-1517-1 :ldapscripts - programming error

25638 16 LowDebian DSA-1326-1 : fireflier-server - insecure temporaryfiles


Default Unix Accounts





42147 29 CriticalDefault Password (sq!us3r) for'dbadmin' Account

34084 29 HighDefault Password (trans) for'trans' Account

17291 29 CriticalDefault Password (debug) for'super' Account

34082 28 HighDefault Password (bank) for'bank' Account

50322 27 CriticalDefault Password (artica) for'root' Account

11257 27 HighDefault Password (manager)for 'system' Account

11250 27 HighUnpassworded 'backdoor'Account

57916 26 CriticalDefault Password (nasadmin)for 'root' Account

48274 25 CriticalDefault Password (0p3nm35h)for 'root' Account

35621 25 Critical

Default Password (password)for 'admin' Account onBroadcom BCM96338 ADSLRouter

34081 25 CriticalDefault Password (admin) for'admin' Account

11259 25 HighUnpassworded 'StoogR'Account

11265 24 HighDefault Password (satori) for'rewt' Account

50601 23 CriticalDefault Password (m) for 'root'Account

46240 23 CriticalDefault Password (alien) for'root' Account

42211 23 CriticalDefault Password (infoblox) for'admin' Account

24275 23 HighDefault Password (informix) for'informix' Account

17294 23 CriticalDefault Password (forgot) for'user' Account

42367 22 CriticalDefault Password (alpine) for'root' Account

40355 22 CriticalDefault Password (admin) for'root' Account





17292 21 CriticalDefault Password (forgot) for'super' Account

18527 20 High Unpassworded 'mpi' Account

34323 18 CriticalDefault Password (rootme) for'root' Account

11254 18 High Unpassworded 'friday' Account

24745 16 CriticalDefault Password (password)for 'root' Account


Denial of Service


Denial of Service



29980 29 HighSolaris 10 ICMP PacketHandling DoS

21333 29 HighLinux SCTP FunctionalityMultiple Remote DoS

18058 29 HighKerio MailServer WebmailMalformed E-Mail HandlingResource Exhaustion DoS

17296 29 HighNetwork Service MalformedData Remote DoS

10461 29 HighRealServer Malformedviewsource Directory RequestDoS

42412 27 MediumNovell eDirectory < 8.8.5ftf1/8.7.3.10 ftf2 NULL BaseDN DoS

20983 27 HighBlackBerry Enterprise ServerCrafted SRP Packet RemoteDoS

11903 27 HighTCP/IP Ping of Death RemoteDoS (jolt)

31863 26 High

Novell eDirectory HostEnvironment Service(dhost.exe) HTTP ConnectionHeader DoS

11813 25 HighLinux 2.4 NFSv3 knfsdMalformed GETATTR RequestRemote DoS

21120 24 MediumJabber Studio jabberd SASLNegotiation Remote DoS

19548 24 MediumBNBT EasyTracker MalformedGET Request Remote DoS

23625 23 MediumOpenLDAP SASL authcidName BIND Request DoS

31862 22 LowVeritas Storage FoundationMultiple Service Remote DoS(SYM08-004)

20903 22 MediumIBM Tivoli Directory ServerLDAP Packet Handling DoS

19606 22 MediumZebedee Malformed ProtocolOption Header Port 0 RemoteDoS

21023 21 MediumDropbear SSH Authorization-pending Connection SaturationDoS


Denial of Service



17655 21 Highipsec-tools KAME racoonDaemon ISAKMP HeaderParsing Remote DoS

22159 20 Medium

ISC DHCP Serversupersede_lease() FunctionDHCPDISCOVER PacketRemote DoS

11475 20 High3com RAS 1500 / WyseWinterm Malformed PacketRemote DoS

56922 19 MediumAsterisk SIP Channel DriverUninitialized Variable RequestParsing DoS (AST-2011-012)

33810 19 MediumMailEnable IMAP ConnectionSaturation Remote DoS(ME-10042)

31855 18 HighOpenfire < 3.5.0ConnectionManagerImpl.javaQueue Handling Remote DoS

11926 18 HighNIPrint LPD-LPR Print ServerString Handling RemoteOverflow

10635 18 HighMarconi ASX-1000 SwitchesMultiple Interface MalformedPacket DoS


DNS


DNS



57574 54 MediumUnbound < 1.4.14 / 1.4.13p2DoS Vulnerabilities

53842 52 MediumISC BIND Response PolicyZones RRSIG Query AssertionFailure DoS

55049 35 MediumUnbound < 1.4.10 daemon/worker.c DNS Request ErrorHandling Remote DoS

11318 29 CriticalISC BIND < 9.2.2 DNSResolver Functions RemoteOverflow

10028 29 InfoDNS Server BIND versionDirective Remote VersionDisclosure

34044 28 HighPowerDNS Recursor DNSPredictable Transaction ID(TRXID) Cache Poisoning

17631 26 Highdnsmasq < 2.21.0 MultipleRemote Vulnerabilities

50976 25 Medium

ISC BIND 9 9.4-ESV < 9.4-ESV-R4, 9.6.2 < 9.6.2-P3,9.6-ESV < 9.6-ESV-R3,9.7.x < 9.7.2-P3 MultipleVulnerabilities

49777 25 MediumISC BIND 9 9.7.2 < 9.7.2-P2Multiple Vulnerabilities

34043 25 InfoPowerDNS version-stringDirective Remote VersionDisclosure

11951 25 Low DNS Server Fingerprinting

54923 23 HighISC BIND 9 Large RRSIGRRsets Negative CachingRemote DoS

40875 23 Criticaldnsmasq < 2.50 MultipleRemote TFTP Vulnerabilities

11932 23 HighISC BIND < 8.3.7 / 8.4.3Negative Record CachePoisoning

25121 22 HighISC BIND < 9.4.1 / 9.5.0a4query.c query_addsoaFunction Recursive Query DoS

10886 22 HighISC BIND < 8.3.4 MultipleRemote Vulnerabilities


DNS



44116 21 MediumISC BIND 9 DNSSEC NSEC/NSEC3 Bogus NXDOMAINResponses

33447 21 HighMultiple Vendor DNS QueryID Field Prediction CachePoisoning

34111 20 Mediumdnsmasq < 2.45 MultipleRemote DoS

10728 19 InfoISC BIND 9.x AUTHORS MapRemote Version Disclosure

11510 18 CriticalISC BIND < 4.9.5 DNSResolver Functions RemoteOverflow

42983 17 LowISC BIND 9 DNSSEC CachePoisoning

38735 17 MediumISC BIND 9 EVP_VerifyFinal() /DSA_do_verify() SSL/TLSSignature Validation Weakness

11002 17 Info DNS Server Detection

38849 16 LowNSD version Directive RemoteVersion Disclosure


Fedora Local Security Checks


Fedora Local Security Checks



57989 29 Critical Fedora 16 2012-1652

55909 29 Low Fedora 14 2011-10413

56851 28 Critical Fedora 14 2011-14650

55777 28 Critical Fedora 15 2011-9774

56924 26 Low Fedora 14 2011-15831

56354 26 Low Fedora 16 2011-12399

55155 26 Critical Fedora 13 2011-8020

57367 25 Low Fedora 16 2011-16856

56721 25 Critical Fedora 14 2011-15241

56225 25 Low Fedora 15 2011-12403

55867 25 Low Fedora 15 2011-10341

55783 25 Critical Fedora 14 2011-9898

56852 24 Critical Fedora 15 2011-14673

55156 24 Critical Fedora 15 2011-8028

56673 23 Critical Fedora 14 2011-14747

56398 23 Low Fedora 15 2011-13809

55945 23 Low Fedora 16 2011-10399

57439 22 Low Fedora 15 2011-17341

55752 22 Critical Fedora 14 2011-9555

55751 22 Critical Fedora 14 2011-9523

58159 21 Critical Fedora 17 2012-2238

57754 21 Critical Fedora 15 2011-16284

56800 21 Critical Fedora 16 2011-15555

57967 20 Critical Fedora 16 2012-1690

56926 20 Low Fedora 15 2011-15846


Firewalls


Firewalls



57287 37 MediumSquid 3.1.x < 3.1.16 / 3.2.x <3.2.0.13 DNS Replies CNameRecord Parsing Remote DoS

31094 29 High3Proxy HTTP Proxy CraftedTransparent Request RemoteOverflow

20388 29 HighJuniper NetScreen SecurityManager (NSM) guiSrv/devSrvCrafted String Remote DoS

16363 29 InfoBlueCoat ProxySG ConsoleManagement Detection

14640 29 HighCerbere HTTP Proxy ServerHost: Header Remote DoS

12084 29 HighCheck Point FireWall-1 4.xMultiple Vulnerabilities (OF,FS)

10675 29 InfoCheck Point FireWall-1 TelnetClient Authentication Detection

17599 28 CriticalDeleGate < 8.11 MultipleUnspecified Overflows

17155 27 HighSOCKS4 Server RecursiveConnection Remote DoS

20393 26 HighWinProxy < 6.1a MultipleVulnerabilities (credentialedcheck)

57641 25 Critical Unsupported IPSO Firewall

40420 24 Medium Squid 3.0.STABLE16 / 3.10.11

11834 24 InfoSource Routed PacketWeakness

11518 24 InfoCheck Point FireWall-1 OpenWeb Administration

10074 24 HighCheck Point FireWall-1 UDPPort 0 DoS

56215 23 MediumSquid 3.x < 3.0.STABLE26 /3.1.15 / 3.2.0.11 Gopher BufferOverflow

16190 22 HighSquid < 2.5.STABLE8 MultipleVulnerabilities

11575 22 High

Kerio Personal FirewallAdministrator AuthenticationHandshake Packet RemoteOverflow

16205 21 CriticalDefault Password (zebra) forZebra


Firewalls



20391 20 HighWinProxy < 6.1a HTTP ProxyMultiple Vulnerabilities

12036 20 High

Finjan SurfinGate ProxyFHTTP Command AdminFunctions AuthenticationBypass

10676 20 InfoCheck Point FireWall-1 HTTPClient Authentication Detection

44384 19 MediumSquid < 3.0.STABLE23 /3.1.0.16

45591 18 MediumSquid < 3.0.STABLE24 /2.7.STABLE8 / 2.6.STABLE24

33104 16 Critical

SecurityGateway < 1.0.2Administration Interfaceusername Field RemoteOverflow


FreeBSD Local Security Checks





56803 27 CriticalFreeBSD : linux-flashplugin-- multiple vulnerabilities(0e8e1212-0ce5-11e1-849b-003067b2972c)

53347 27 Low

FreeBSD : tinyproxy-- ACL lists ineffectivewhen range is configured(b9281fb9-61b2-11e0-b1ce-0019d1a7ece2)

38965 27 Low

FreeBSD : slim --local disclosure of Xauthority magic cookie(80f13884-4d4c-11de-8811-0030843d3802)

34390 27 Low

FreeBSD : mysql --command line client inputvalidation vulnerability(4775c807-8f30-11dd-821f-001cc0377035)

37716 26 Low

FreeBSD : postgresql-contrib-- insecure temporary filecreation (6a164d84-2f7f-11d9-a9e7-0001020eed82)

57785 25 CriticalFreeBSD : mozilla --multiple vulnerabilities(0a9e2b72-4cb7-11e1-9146-14dae9ebcf89)

57355 25 CriticalFreeBSD : mozilla --multiple vulnerabilities(e3ff776b-2ba6-11e1-93c6-0011856a6e37)

56495 25 Critical

FreeBSD : amaya --multiple buffer overflowvulnerabilities (a89b76a7-f6bd-11dd-94d9-0030843d3802)

51069 25 Critical

FreeBSD : chromium --multiple vulnerabilities(6887828f-0229-11e0-b84d-00262d5ed8ee)

50469 25 Low

FreeBSD : Mailman -- cross-site scripting in web interface(4ab29e12-e787-11df-adfa-00e0815b8da8)

36362 25 LowFreeBSD : CUPS -- localinformation disclosure(30cea6be-1d0c-11d9-814e-0001020eed82)

51950 24 Critical

FreeBSD : webkit-gtk2-- Multiple vurnabilities.(35ecdcbe-3501-11e0-afcd-0015f2db7bde)





58138 23 CriticalFreeBSD : linux-flashplugin-- multiple vulnerabilities(f63bf080-619d-11e1-91af-003067b2972c)

34484 23 Low

FreeBSD : drupal --multiple vulnerabilities(706c9eef-a077-11dd-b413-001372fd0af2)

56762 22 CriticalFreeBSD : mozilla --multiple vulnerabilities(6c8ad3e8-0a30-11e1-9580-4061862b8c22)

45448 22 Critical

FreeBSD : firefox --Re-use of freed objectdue to scope confusion(ec8f449f-40ed-11df-9edc-000f20797ede)

38802 21 Low

FreeBSD : mod_perl-- cross-site scripting(4a638895-41b7-11de-b1cc-00219b0fc4d8)

37686 20 Low

FreeBSD : getmail -- symlinkvulnerability during maildirdelivery (8c33b299-163b-11d9-ac1b-000d614f7fad)

35339 19 Low

FreeBSD : mysql -- privilegeescalation and overwrite ofthe system table information(8c451386-dff3-11dd-a765-0030843d3802)

57403 17 Critical

FreeBSD : krb5-appl -- telnetdcode execution vulnerability(4ddc78dc-300a-11e1-a2aa-0016ce01e285)

50075 16 Critical

FreeBSD : Webkit-gtk2 -- MultipleVulnabilities (e5090d2a-dbbe-11df-82f8-0015f2db7bde)

56323 15 CriticalFreeBSD : mozilla -- multiplevulnerabilities (1fade8a3-e9e8-11e0-9580-4061862b8c22)

50470 15 Low

FreeBSD : OTRS -- MultipleXSS and denial of servicevulnerabilities (96e776c7-e75c-11df-8f26-00151735203a)

56804 14 Low

FreeBSD : phpmyadmin-- Local file inclusion(1f6ee708-0d22-11e1-b5bd-14dae938ec40)

51568 14 Low

FreeBSD : MoinMoin -- cross-site scripting vulnerabilities(4c017345-1d89-11e0-bbee-0014a5e3cda6)


FTP


FTP



54955 29 Info Wing FTP Server Detection

50544 28 CriticalProFTPD < 1.3.3c MultipleVulnerabilities

32375 27 InfoFTP Server Bad CommandSequence Accepted (possiblebackdoor/proxy)

15857 27 CriticalWS_FTP Server MultipleCommand Remote OverflowDoS

11779 27 InfoFTP Server CopyrightedMaterial Present

52704 26 Mediumvsftpdvsf_filename_passes_filterFunction Denial of Service

32373 26 InfoFTP Server Any CommandAccepted (possible backdoor/proxy)

14372 26 Critical

WU-FTPD S/KEYAuthentication ftpd.cskey_challenge FunctionRemote Overflow

40770 25 InfoIpswitch WS_FTP ServerVersion Detection (credentialedcheck)

55523 24 Critical vsftpd Smiley Face Backdoor

11094 24 CriticalWS_FTP Multiple CommandLong Argument Overflow

45140 23 Medium Serv-U < 9.4.0.0

40820 23 InfoCerberus FTP ServerDetection

50989 22 CriticalProFTPD CompromisedSource Packages TrojanedDistribution

47040 21 MediumSolaris FTP Daemon LongCommand Cross-Site RequestForgery

11160 20 CriticalWindows FTP Server NULLAdministrator Password

12080 19 CriticalServ-U MDTM CommandOverflow

43369 17 Medium Serv-U < 9.2.0.1

14598 17 CriticalWS_FTP Server MultipleVulnerabilities (OF, DoS, CmdExec)


FTP



11371 17 CriticalBSD ftpd Single Byte BufferOverflow

10928 17 CriticalEFTP .lnk File HandlingRemote Overflow

54956 16 MediumWing FTP Server LDAPAuthentication Bypass

50811 16 MediumFTP Server Traversal ArbitraryFile Access (RETR)

42149 16 LowFTP Service AUTH TLSCommand Support

40825 16 Critical

MS09-053: Microsoft IIS FTPdNLST Command RemoteBuffer Overflow (975191)(uncredentialed check)


Gain a shell remotely





25662 29 CriticalIBM Tivoli Storage ManagerMultiple Remote Overflows

10966 29 MediumUniversity of Washington imapServer (uw-imapd) BODYRequest Remote Overflow

44072 27 HighOpenSSH < 3.2.3 YPNetgroups AuthenticationBypass

25214 27 CriticalDarwin Streaming Server <5.5.5 Multiple Remote OverflowVulnerabilities

42824 25 CriticalIBM Tivoli Storage ManagerClient Multiple Vulnerabilities(swg21405562)

33285 25 CriticalEMC AlphaStor LibraryManager Remote CodeExecution

25935 25 CriticalSIDVault < 2.0f LDAP ServerMalformed Search RequestBuffer Overflow

14223 25 Mediumrsync sanitize_path() FunctionArbitrary File Disclosure

35009 24 MediumClamAV < 0.94.2cli_check_jpeg_exploit()Malformed JPEG File DoS

33284 24 CriticalEMC AlphaStor DeviceManager robotd Remote CodeExecution

30106 24 MediumAXIGEN Mail Server AXIMilterCNHO Command RemoteFormat String

52157 23 HighAsterisk main/udptl.c BufferOverflows (AST-2011-002)

50023 23 CriticalNovell PlateSpin OrchestrateRemote Code Execution

43635 23 CriticalHP Data ProtectorMSG_PROTOCOL RemoteStack Buffer Overflow

18200 23 MediumNetWin DMail Server MultipleRemote Vulnerabilities

40987 22 CriticalRandom password for 'root'account

25950 22 CriticalRealNetworks Helix DNAServer RTSP Service Crafted




Plugin Total Severity Plugin NameRequire Header RemoteOverflow

35555 21 CriticalRealNetworks Helix Server< 11.1.8/12.0.1 MultipleVulnerabilities

32320 21 CriticalRemote host has weak DebianOpenSSH Keys in ~/.ssh/authorized_keys

25118 21 Critical

MERCUR Messaging IMAPServer NTLM AuthenticationNTLMSSP Argument RemoteOverflow

35467 20 CriticalEMC RepliStor MultipleRemote Heap Based BufferOverflows

35308 20 CriticalTCL Shell (tclsh) ArbitraryCommand Execution

35087 20 HighClamAV < 0.94 MultipleVulnerabilities

15783 20 MediumDigital Mappings SystemsPOP3 Server (pop3svr.exe)Multiple Field Remote Overflow

10463 20 Mediumvpopmail vchkpw USER/PASSCommand Format String


General


General



51192 28 MediumSSL Certificate Cannot BeTrusted

11057 28 HighTCP/IP Initial SequenceNumber (ISN) ReuseWeakness

57620 27 High Small SSH RSA Key

56472 27 InfoSSL Certificate Chain ContainsUnnecessary Certificates

42873 27 MediumSSL Medium Strength CipherSuites Supported

39329 27 LowNews Server (NNTP)Anonymous Read Access

15901 27 Medium SSL Certificate Expiry

46180 26 Info Additional DNS Hostnames

39519 26 InfoBackported Security PatchDetection (FTP)

34097 26 InfoBIOS Version Information (viaSMB)

45410 25 InfoSSL Certificate commonNameMismatch

42980 25 InfoSSL Certificate Expiry - FutureValidity

29217 24 InfoSolaris Installed PackageEnumeration (credentialedcheck)

45432 23 InfoProcessor Information (viaDMI)

57336 22 MediumCyrus IMAPd NNTPAUTHINFO USER CommandParsing Authentication Bypass

34098 22 Low BIOS version (SSH)

51892 21 Medium

OpenSSLSSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUGSession Resume CiphersuiteDowngrade Issue

50350 21 Info OS Identification Failed

47800 21 InfoVirtualPC Virtual Machinedetection (dmidecode)

45399 21 InfoICMP Node Information QueryInformation Disclosure

33276 20 InfoEnumerate MAC Addresses viaSSH


General



53360 19 InfoSSL Server Accepts WeakDiffie-Hellman Keys

42084 19 InfoACAP Service STARTTLSCommand Support

42053 18 HighSSL Certificate Null CharacterSpoofing Weakness

39520 18 InfoBackported Security PatchDetection (SSH)


Gentoo Local Security Checks





31613 29 LowGLSA-200803-26 : AdobeAcrobat Reader: Insecuretemporary file creation

56903 28 CriticalGLSA-201111-07 : TinTin++:Multiple vulnerabilities

46807 28 CriticalGLSA-201006-18 :Oracle JRE/JDK: Multiplevulnerabilities

44895 28 CriticalGLSA-201001-06 : aria2:Multiple vulnerabilities

56426 27 CriticalGLSA-201110-02 : Wireshark:Multiple vulnerabilities

29907 27 LowGLSA-200801-03 : ClawsMail: Insecure temporary filecreation

46793 26 CriticalGLSA-201006-13 : Smarty:Multiple vulnerabilities

44892 26 CriticalGLSA-201001-03 : PHP:Multiple vulnerabilities

21317 26 LowGLSA-200605-02 : X.Org:Buffer overflow in XRenderextension

57656 25 CriticalGLSA-201201-14 : MITKerberos 5 Applications:Multiple vulnerabilities

56425 25 CriticalGLSA-201110-01 : OpenSSL:Multiple vulnerabilities

56660 24 CriticalGLSA-201110-26 : libxml2:Multiple vulnerabilities

42214 24 CriticalGLSA-200910-02 : Pidgin:Multiple vulnerabilities

21278 24 LowGLSA-200604-13 : fbida:Insecure temporary filecreation

49126 23 CriticalGLSA-201009-05 : AdobeReader: Multiple vulnerabilities

42913 22 CriticalGLSA-200911-03 : UW IMAPtoolkit: Multiple vulnerabilities

56459 21 CriticalGLSA-201110-06 : PHP:Multiple vulnerabilities

26094 21 LowGLSA-200709-04 : po4a:Insecure temporary filecreation





34248 20 LowGLSA-200809-09 : Postfix:Denial of Service

33556 20 LowGLSA-200807-10 : Bacula:Information disclosure

31594 20 LowGLSA-200803-23 : WebsiteMETA Language: Insecuretemporary file usage

21664 20 LowGLSA-200606-02 : shadow:Privilege escalation

57655 19 CriticalGLSA-201201-13 : MITKerberos 5: Multiplevulnerabilities

32150 19 LowGLSA-200805-02 :phpMyAdmin: Informationdisclosure

22939 19 LowGLSA-200611-01 : Screen:UTF-8 character handlingvulnerability


HP-UX Local Security Checks





46348 29 CriticalHP-UX PHSS_40708 :s700_800 11.X OV NNM7.53IA-64 Intermediate Patch 26

44603 27 Critical

HP-UX PHSS_40368 : HPNetwork Node Manager(NNM), Remote Executionof Arbitrary Commands(HPSBMA02484 SSRT090076rev.1)

40607 27 Medium

HP-UX PHKL_40197 : HP-UX ttrace(2), Local Denial ofService (DoS) (HPSBUX02450SSRT090141 rev1)

40365 26 Medium

HP-UX PHNE_39872 : HP-UX Running XNTP, RemoteExecution of Arbitrary Code(HPSBUX02437 SSRT090038rev.2)

45617 25 Medium

HP-UX PHKL_40888 : HP-UX,Local Denial of Service (DoS)(HPSBUX02518 SSRT100051rev.1)

44351 25 Medium

HP-UX PHSS_39510 : HPOpenView Storage DataProtector, Local UnauthorizedAccess (HPSBMA02502SSRT090171 rev.1)

51467 24 Medium

HP-UX PHKL_39899 : HP-UXRunning Threaded Processes,Remote Denial of Service(DoS) (HPSBUX02611SSRT090201 rev.1)

43134 24 CriticalHP-UX PHSS_36588 :s700_800 11.X OV DP6.00PA-RISC patch - CS packet

53267 23 Medium

HP-UX PHKL_41944 : HP-UX,Local Denial of Service (DoS)(HPSBUX02646 SSRT100396rev.1)

43137 23 CriticalHP-UX PHSS_36623 :s700_800 11.X OV DP6.00IA-64 patch - CORE packet

40364 23 Medium

HP-UX PHNE_39871 : HP-UX Running XNTP, RemoteExecution of Arbitrary Code(HPSBUX02437 SSRT090038rev.2)





38730 23 Medium

HP-UX PHCO_38492 :HPUX Running useradd(1M),Local Unauthorized Access(HPSBUX02366 SSRT080120rev.2)

41978 22 Critical

HP-UX PHSS_39774 : HP-UXRunning Kerberos, RemoteDenial of Service (DoS),Execution of Arbitrary Code(HPSBUX02421 SSRT090047rev.2)

44354 21 Medium


43142 21 Critical

HP-UX PHSS_40374 :s700_800 11.X OV NNM7.53PA-RISC Intermediate Patch25

43131 21 Critical

HP-UX PHCO_40520 : HP-UX Running VRTSweb,Remote Execution of ArbitraryCode, Increase of Privilege(HPSBUX02480 SSRT090253rev.1)

44349 20 Medium


43141 20 CriticalHP-UX PHSS_37383 :s700_800 11.23 OV DP5.50IA-64 patch - CORE packet

44405 19 Medium

HP-UX PHSS_40230 : HPEnterprise Cluster MasterToolkit (ECMT) running onHP-UX, Local UnauthorizedAccess (HPSBUX02464SSRT090210 rev.1)

49112 18 Medium

HP-UX PHCO_41201 :HP-UX running SoftwareDistributor (sd), Local PrivilegeIncrease, Unauthorized Access(HPSBUX02552 SSRT100062rev.1)

43135 18 CriticalHP-UX PHSS_36589 :s700_800 11.X OV DP6.00IA-64 patch - CS packet

53271 17 Medium

HP-UX PHNE_41908 : HP-UX Running XNTP, RemoteDenial of Service (DoS)(HPSBUX02639 SSRT100293rev.1)

38731 16 MediumHP-UX PHCO_38547 :HPUX Running useradd(1M),Local Unauthorized Access




Plugin Total Severity Plugin Name(HPSBUX02366 SSRT080120rev.2)

43130 15 Critical

HP-UX PHCO_40519 : HP-UX Running VRTSweb,Remote Execution of ArbitraryCode, Increase of Privilege(HPSBUX02480 SSRT090253rev.1)

49111 14 Medium

HP-UX PHCO_41200 :HP-UX running SoftwareDistributor (sd), Local PrivilegeIncrease, Unauthorized Access(HPSBUX02552 SSRT100062rev.1)


Junos Local Security Checks





57637 53 Medium

Juniper Junos BGP UPDATEMalformed ATTR_SETAttribute Remote DoS(PSN-2012-01-472)

57638 45 HighJuniper Junos J-WebComponent Unspecified CSRF(PSN-2012-01-474)

55933 45 CriticalUnsupported Junos OperatingSystem

57636 43 HighJuniper Junos MGD-CLIArbitrary Command Execution(PSN-2011-11-418)

55939 41 Medium

Juniper Junos Multiplesfid Daemon MalformedPacket Remote DoS(PSN-2011-04-241)

55934 39 LowJuniper Junos Extended DHCPRelay Agent Traffic Redirection(PSN-2011-07-300)

55940 34 Medium

Juniper Junos debug.phpJ-Web ComponentUnauthenticated DebugAccess (PSN-2011-02-158)

56771 32 MediumJuniper Junos J-WebAdministrator Logs XSS(PSN-2011-10-392)

55941 31 LowJuniper Junos J-WebWeak SSL Ciphers(PSN-2011-01-147)

55936 31 MediumJuniper Junos FragmentedICMP Packet Handling RemoteDoS (PSN-2011-07-298)

57639 23 MediumJuniper Junos BGPMultiple Remote DoS(PSN-2012-01-475)

55935 23 MediumJuniper Junos IPv6 overIPv4 Security Policy Bypass(PSN-2011-07-299)

55932 21 Info Junos Version Detection

55937 19 HighJuniper Junos ICMP Ping'composite next-hop' RemoteDoS (PSN-2011-07-297)

56769 17 MediumJuniper Junos MPC MalformedRoute Prefix Remote DoS(PSN-2011-08-327)





55938 15 MediumJuniper Junos PIM rpd CraftedBoot Message Remote DoS(PSN-2011-07-296)

56770 8 High

Juniper Junos Next-GenMVPN Senario MalformedMessage Handling RemoteDoS (PSN-2011-10-391)


MacOS X Local Security Checks





38743 29 CriticalMac OS X MultipleVulnerabilities (Security Update2009-002)


40502 26 CriticalMac OS X < 10.5.8 MultipleVulnerabilities

55458 25 CriticalMac OS X : Java for Mac OS X10.5 Update 10

40946 25 CriticalMac OS X < 10.6.1 MultipleVulnerabilities

56960 24 Info Adobe AIR for Mac Installed

56214 23 CriticalAdobe Reader UnsupportedVersion Detection (Mac OS X)

55417 23 Info Firefox Installed (Mac OS X)

40591 23 Medium

Mac OS X BIND DynamicUpdate Message HandlingRemote DoS (Security Update2009-004)


58180 21 InfoMac OS X DNS ServerEnumeration

56871 21 MediumiTunes < 10.5.1 UpdateAuthenticity VerificationWeakness (Mac OS X)

54832 20 CriticalMac OS X Mac DefenderMalware Detection

50680 20 Info Mac OS X Server Service List


25997 20 InfoiTunes Version Detection (MacOS X)

55575 18 InfoLibreOffice Detection (Mac OSX)

53412 18 MediumMac OS X Fraudulent DigitalCertificates (Security Update2011-002)

20113 18 LowMac OS X < 10.4.3 MultipleVulnerabilities






47023 17 CriticalMac OS X 10.6 < 10.6.4Multiple Vulnerabilities

54973 16 MediumFlash Player for Mac <10.3.181.22 Cross-SiteScripting (APSB11-13)

53843 16 InfoSkype for Mac Installed(credentialed check)

58091 15 InfoMicrosoft Silverlight Installed(Mac OS X)

55851 13 CriticalVMware Fusion UnsupportedVersion Detection


Mandriva Local Security Checks


Mandriva Local Security Checks



42046 29 Low MDVSA-2009:256-1 : dbus

56373 28 Critical MDVSA-2011:139 : firefox

38117 28 Low MDVSA-2009:066 : php

50008 27 Critical MDVSA-2010:205 : freeciv

53617 26 CriticalMDVSA-2011:080 : mozilla-thunderbird

49795 26 Critical MDVSA-2010:198 : kernel

26105 26 Low MDKSA-2007:185 : avahi

57412 25 Critical MDVSA-2011:195 : krb5-appl

51793 25 Critical MDVSA-2010:260 : libxml2

56809 24 CriticalMDVSA-2011:170 : java-1.6.0-openjdk

56765 24 Critical MDVSA-2011:169 : mozilla

53273 23 Critical MDVSA-2011:061 : ffmpeg

37945 23 LowMDVSA-2008:135 : gnome-screensaver

57413 22 Low MDVSA-2011:196 : ipmitool

56324 22 Low MDVSA-2011:136 : openssl

53001 22 CriticalMDVSA-2011:054 : java-1.6.0-openjdk

49738 22 Low MDVSA-2010:191 : mailman

36594 21 Low MDVSA-2008:172 : amarok

49666 20 Critical MDVSA-2010:188 : kernel

45030 20 Low MDVSA-2010:059 : virtualbox

55406 19 Critical MDVSA-2011:111 : mozilla

45041 19 Low MDVSA-2010:061 : ncpfs

40813 19 Low MDVSA-2009:224-1 : postfix

37681 19 Low MDVSA-2008:076 : wml

56707 17 Critical MDVSA-2011:165 : php


Misc.


Misc.



51890 29 InfoTelnet Service START_TLSSupport

55992 28 CriticalSunSSH < 1.1.1 / 1.3 CBCPlaintext Disclosure

47743 28 CriticalIpswitch Imail Server < 11.02Multiple Vulnerabilities

43030 28 CriticalNovell eDirectory < 8.8.5.2 /8.7.3.10 ftf2 'NDS Verb'Request Buffer Overflow

19948 28 CriticalX11 Server UnauthenticatedAccess

44316 27 CriticalOracle WebLogic Server NodeManager Remote CommandExecution

43390 27 CriticalAdobe Flash Media Server< 3.0.5 / 3.5.3 MultipleVulnerabilities (APSB09-18)

42085 27 InfoIMAP Service STARTTLSCommand Support

57334 26 InfoAnonymous NNTPAuthentication Enabled

55814 26 CriticalAdobe Flash Media ServerUnsupported Version Detection

51092 25 Info OpenVZ Guest Detection

45477 24 Info LDAP Group Enumeration

44657 24 CriticalLinux Daemons with BrokenLinks to Executables

33948 24 CriticalAttachmate Reflection forSecure IT UNIX server < 7.0SP1 Multiple Vulnerabilities

46172 23 CriticalClamAV Virus Database(daily.cvd) Out Of Date

43829 23 LowKerberos InformationDisclosure

22415 23 CriticalNetopia Router Crafted SNMPRequest Remote AdminPassword Disclosure

25216 22 CriticalSamba NDR MS-RPC RequestHeap-Based Remote BufferOverflow

56300 20 InfoKVM / QEMU Guest Detection(credentialed check)

53857 20 CriticalHP Data Protector < A.06.20Multiple Vulnerabilities


Misc.



46255 20 CriticalHP Mercury LoadRunner AgentRemote Command Execution

53533 19 CriticalZend Server Java BridgeArbitrary Java Code Execution

45478 19 Info LDAP User Enumeration

24747 19 CriticalKiwi CatTools < 3.2.9 TFTPServer Traversal Arbitrary FileManipulation

58038 18 InfoLDAP 'Domain Admins' GroupMembership Enumeration


Netware


Netware



44064 43 LowNovell NetWare 6.5 SupportPack 1.1 Admin/Install LocalInformation Disclosure

10988 43 MediumNovell NetWare ncp ServiceNDS Object Enumeration

11827 42 HighNovell NetWare Web ServerCGI2PERL.NLM PERLHandler Remote Overflow

12119 30 HighNovell NetWare 6.0 Tomcatsource.jsp Traversal ArbitraryFile Access

12122 29 MediumNovell Groupwise ServletManager Default Password

10826 29 MediumNovell NetWare ManagementPortal Unrestricted Access

11158 28 HighNovell NetWare Web HandlerMultiple Vulnerabilities

44066 27 HighNovell NetWare 6.5 OpenSSHRemote Stack Buffer Overflow

12050 22 MediumNovell NetBasic ScriptingServer Encoded TraversalArbitrary File Access

12049 22 MediumNovonyx Web Server MultipleSample Application FilesPresent

12048 19 MediumNovell NetWare Web Serversewse.nlm (viewcode.jse)Traversal Arbitrary File Access

11614 15 MediumNovell NetWare FTPServMalformed Input Remote DoS

12104 12 MediumNovell NetWare LDAP ServerAnonymous Bind


Peer-To-Peer File Sharing





18417 29 HighPeerCast URL Error MessageFormat String

11847 27 MediumWinMX Detection(uncredentialed check)

11426 27 Info Kazaa on Windows Detection

35468 26 Info GigaTribe Detection

20748 26 Info BitComet Detection

10408 26 HighGnapster Absolute Path NameRequest Arbitrary File Access

20845 25 Info BitLord Detection

20217 25 Info iTunes Music Sharing Enabled

50676 24 Info BitTorrent / uTorrent Detection

35914 23 MediumiTunes < 8.1 MultipleVulnerabilities (uncredentialedcheck)

53489 22 HighiTunes < 10.2.2 MultipleVulnerabilities (uncredentialedcheck)

11022 22 Info eDonkey Detection

21783 21 MediumiTunes AAC File ParsingInteger Overflow(uncredentialed check)

19386 21 Info Ares Fileshare Detection

33228 20 InfoOwner Free File System ClientDetection

20843 20 Info BitTorrent Detection

15834 20 HighOpen DC Hub RedirectAllValue Remote Overflow

11844 20 HighFastTrack (FT) Crafted PacketHandling Remote Overflow

11431 20 Low XoloX Detection

50677 19 InfoBitTorrent Mainline DHTDetection

41061 19 HighiTunes < 9.0.1 PLS File BufferOverflow (uncredentialedcheck)

11125 19 Low mldonkey Detection (WWW)

10946 19 Info Gnutella Servent Detection

47763 18 HighiTunes < 9.2.1 'itpc:' BufferOverflow (uncredentialedcheck)





26000 18 HighiTunes < 7.4 MalformedMusic File Heap Overflow(uncredentialed check)


Policy Compliance


Policy Compliance



56209 35 InfoPCI DSS compliance : RemoteAccess Software Has BeenDetected

57581 33 HighPCI DSS compliance :Database Reachable from theInternet

56208 33 MediumPCI DSS compliance :Insecure Communication HasBeen Detected


Port scanners


Port scanners



14274 26 Low Nessus SNMP Scanner

10180 10 Info Ping the remote host

0 9 Low Open Port


Red Hat Local Security Checks


Red Hat Local Security Checks



56328 29 Critical RHSA-2011-1343: thunderbird

57957 28 Critical RHSA-2012-0136: libvorbis

54930 28 Low RHSA-2011-0842: systemtap

57409 27 CriticalRHSA-2011-1852: krb5-appl-clients

25984 27 Low RHSA-2007-0539: aide

57991 26 Critical RHSA-2012-0139: java

50853 26 Low RHSA-2010-0926: krb5-devel

35317 26 Low RHSA-2009-0008: dbus

55642 25 Low RHSA-2011-0975: sssd

25877 25 Low RHSA-2007-0765: libgtop2


27830 24 Low RHSA-2007-0542: mcstrans

25986 24 Low RHSA-2007-0795: cyrus-sasl


57408 23 Critical RHSA-2011-1851: krb5-devel


56740 22 Critical RHSA-2011-1434: acroread

54594 22 Low RHSA-2011-0560: sssd

58067 21 Low RHSA-2012-0313: libsmbclient


25989 21 Low RHSA-2007-0878: cyrus-sasl

57761 20 Critical RHSA-2012-0080: thunderbird


53631 19 Low RHSA-2011-0479: libvirt

40837 19 Low RHSA-2009-1287: openssh


RPC


RPC



42256 37 Medium NFS Shares World Readable

11356 36 MediumNFS Exported ShareInformation Disclosure

12237 34 MediumRPC bootparamd NIS DomainName Disclosure

11358 28 HighNFS portmapper localhostMount Request Restricted HostAccess

10208 28 Info3270 Mapper ServiceDetection

11899 27 Medium RPC nibindd Service Detection

10226 27 Info rquotad Service Detection

54586 26 MediumMultiple Vendor RPCportmapper Access RestrictionBypass

20759 26 MediumRPC rpcbind Non-standardPort Assignment Filter Bypass

10227 26 Info RPC rstatd Service Detection

12238 24 MediumNIS passwd.byname MapDisclosure

10158 24 Info NIS Server Detection

11357 23 MediumMultiple Vendor NFS CDCommand Arbitrary File/Directory Access

15984 21 High NFS Share User Mountable

53333 19 Info Detect RPC over TCP

11058 19 MediumRPC rusers RemoteInformation Disclosure

11353 17 MediumNFS Predictable FilehandlesFilesystem Access

10210 16 Info RPC alis Service Detection

31683 15 High

Multiple Vendor NISrpc.ypupdated YP Map UpdateArbitrary Remote CommandExecution

11420 15 CriticalSun RPC XDRxdrmem_getbytes FunctionRemote Overflow

10223 14 InfoRPC portmapper ServiceDetection

53335 13 Info RPC portmapper (TCP)


RPC



11800 13 CriticalLinux NFS utils package (nfs-utils) mountd xlog Function Off-by-one Remote Overflow

53334 11 Info Detect RPC over UDP

11418 10 CriticalSun rpc.cmsd RemoteOverflow


SCADA


SCADA



33169 42 Info CitectSCADA Detection

57601 23 MediumSEL Controller DefaultCredentials

55025 23 MediumEcava IntegraXor < 3.60.4080XSS

47759 23 HighSiemens SIMATICWinCC Default PasswordAuthentication Bypass

56994 21 Critical

Advantech / BroadWinWebAccess webvrpcs.exeService Remote CodeExecution (credentialed check)

52962 21 MediumIGSS Data Server DirectoryTraversal Arbitrary File Access

53877 20 HighSamsung Data ManagementServer < 1.4.3 verifyUserMethod SQL Injection

56993 19 High

Advantech / BroadWinWebAccess Client'bwocxrun.ocx ' MultipleRemote Vulnerabilities

55631 19 High

Sielco Sistemi Winlog Pro< 2.07.01 TCP/IP ServerRuntime.exe Packet HandlingRemote Overflow

53548 19 Info Ecava IntegraXor Detection

56995 18 Critical

Advantech / BroadWinWebAccess webvrpcs.exeService Remote CodeExecution (uncredentialedcheck)

53878 18 Critical

Samsung Data ManagementServer Default Password(rkwjsdusrnth) for 'root'Account

54291 17 Medium7-Technologies IGSS <9.0.0.11129 Multiple DoSVulnerabilities

57600 15 HighModicon Quantum TFTPArbitrary File Upload

53572 15 InfoAutomated Solutions Modbus/TCP OPC Server Detection

54645 14 Critical7-Technologies IGSS <9.0.0.11143 ODBC RemoteMemory Corruption


SCADA



52051 14 HighMoxa Device Manager ToolMDM2_Gateway ResponseRemote Overflow

55630 13 InfoSielco Sistemi WinlogDetection

52993 13 HighMovicon < 11.2 Build 1084Multiple Vulnerabilities

50303 11 InfoMoxa Device ManagerGateway Detection

53573 10 High

Modbus/TCP Master OPCServer MODBUS ProtocolResponse Packet RemoteOverflow

53549 10 CriticalEcava IntegraXor < 3.60.4050Unspecified SQL Injection

55026 8 HighEcava IntegraXor PathSubversion Arbitrary DLLInjection Code Execution

52995 8 MediumMovicon TcpUploadServerData Leakage (remote check)

57602 7 High

Sensitive information can beobtained from the GE D20Remote Terminal Unit viaTFTP


Service detection


Service detection



58147 29 Info BJNP Detection

42843 29 LowUnisys Business InformationServer Detection

31705 28 MediumSSL Anonymous Cipher SuitesSupported

11720 28 MediumSecure HyperText TransferProtocol (S-HTTP) Detection

56819 26 InfoGreenbone Security Assistantdetection

35820 26 Low Thecus NAS Device Detection

52482 25 InfoEA Need For SpeedUnderground Detection

51834 25 InfoMicrosoft Office DocumentConversions Load BalancerDetection

40876 25 LowCitrix Licensing ServiceDetection

54629 24 Info WINS Server Detection

53513 24 InfoLink-Local Multicast NameResolution (LLMNR) Detection

31854 24 CriticalMalware Payload Codedetection

42931 23 LowSqueezebox Server CLIDetection

30207 23 Low LPD Detection

42933 22 LowSqueezebox Server CLIDetection

42058 22 Low Dopewars Server Detection

10205 22 High rlogin Service Detection

52654 21 InfoHP StorageWorks FileMigration Agent Detection

20345 21 MediumAirport Administrative TrafficDetection (192/UDP)

56823 19 Info OpenVAS Scanner Detection

51093 19 Info DiskPulse Server Detection

35322 19 Critical HTTP Backdoor Detection

34364 18 Low Zebedee Server Detection

50704 17 InfoSybase PowerDesignerRepository Proxy Detection

43831 17 LowAltiris Deployment SolutionServer DB Manager Detection


Settings


Settings



46215 36 InfoInconsistent Hostname and IPAddress

11149 34 Info HTTP login page

12241 33 LowAppSocket & socketAPIPrinters - Do Not Scan

22482 32 Info Do not scan Novell NetWare

24786 31 InfoNessus Windows ScanNot Performed with AdminPrivileges

11840 24 LowExclude top-level domainwildcard hosts

11933 23 Info Do not scan printers

12634 21 InfoAuthenticated Check: OSName and Installed PackageEnumeration

35703 18 InfoSMB Registry : Start theRegistry Service during thescan

40472 16 InfoPCI DSS compliance : optionssettings

21745 16 LowAuthentication Failure - LocalChecks Not Run

19506 16 Info Nessus Scan Information

44920 10 InfoDo not scan printers(AppSocket)


Slackware Local Security Checks


Slackware Local SecurityChecks



18779 29 Critical SSA-2004-161-01 : cvs

40513 28 Critical SSA-2009-219-03 : apr-util

21342 28 LowSSA-2006-123-01 : xorg serveroverflow

33287 27 Critical SSA-2008-179-01 : ruby

24658 26 Low SSA-2006-307-02 : screen

57892 25 Medium SSA-2012-041-01 : httpd

54899 25 Medium SSA-2011-086-03 : shadow

22467 25 Critical SSA-2006-272-01 : openssl

55735 24 Medium SSA-2011-210-01 : libpng

54879 24 Medium SSA-2010-176-01 : bind

54863 24 CriticalSSA-2005-251-03 : slackware-current security updates

56142 22 Medium SSA-2011-252-01 : httpd

39796 22 Critical SSA-2009-195-01 : dhcp

54891 21 Medium SSA-2010-305-02 : pidgin

54885 21 MediumSSA-2010-240-03 :kdegraphics

25222 20 Critical SSA-2007-134-01 : samba

24661 20 Low SSA-2006-335-03 : libpng

54882 19 Medium SSA-2010-176-05 : cups

55737 18 Medium SSA-2011-210-03 : samba

54906 17 Medium SSA-2011-147-01 : bind

44946 17 Critical SSA-2010-060-02 : openssl

40624 17 Critical SSA-2009-231-02 : pidgin

24660 17 Critical SSA-2006-335-02 : proftpd

19862 17 Critical SSA-2005-251-02 : mod_ssl

20920 16 Critical SSA-2006-045-09 : xpdf


SMTP problems


SMTP problems



56634 27 CriticalGroupWise Internet Agent <8.0.2 HP3 iCalendar TZNAMEProperty Heap Overflow

51861 27 MediumExim < 4.74 Local PrivilegeEscalation

34347 27 LowPostfix epoll File DescriptorLeak Local DoS

17364 27 MediumMailEnable Standard SMTPmailto: Request Format String

11316 27 CriticalSendmail headers.c crackaddrFunction Address FieldHandling Remote Overflow

11088 27 LowSendmail RestrictQueueRunOption Debug ModeInformation Disclosure

46783 26 MediumExim < 4.72 MultipleVulnerabilities

17724 26 MediumSendmail < 8.13.8 HeaderProcessing Overflow DoS

12102 26 CriticalCourier < 0.45 Multiple RemoteOverflows

28289 25 MediumAbility Mail Server < 2.61Multiple Remote DoS

15464 25 CriticalMicrosoft Windows/ExchangeSMTP DNS Lookup Overflow(885881)

11674 25 CriticalBaSoMail SMTP MultipleCommand Remote OverflowDoS

10278 25 CriticalSendmail 8.6.9 IDENT RemoteOverflow

11838 24 CriticalSendmail < 8.12.10 prescan()Function Remote Overflow

54581 23 InfoAnonymous SMTPAuthentication Enabled

10588 23 CriticalSendmail mime7to8() FunctionRemote Overflow

54582 22 LowSMTP Service Cleartext LoginPermitted

15404 22 CriticalKerio MailServer < 6.0.3Unspecified Vulnerability

10247 22 CriticalSendmail DEBUG/WIZ RemoteCommand Execution


SMTP problems



22411 20 MediumMailEnable SMTP ConnectorService SPF Record CraftedLookup DoS

11772 20 CriticalSMTP Generic OverflowDetection

12232 19 MediumExim < 3.36 / 4.33 MultipleRemote Overflows

54584 18 Medium

Postfix Cyrus SASLAuthentication Context DataReuse Memory Corruption(exploit)

18433 18 MediumGoodTech SMTP ServerMalformed RCPT TOCommand DoS

18620 17 Low

Courier Mail Server < 0.50.1DNS SPF Record LookupFailure Memory CorruptionDoS


SNMP


SNMP



10550 53 InfoSNMP Query Running ProcessList Disclosure

10547 49 LowMicrosoft Windows LANManager SNMP LanManServices Disclosure

10551 48 InfoSNMP Request NetworkInterfaces Enumeration

10266 43 MediumSNMP Zero Length UDPPacket Remote DoS

10548 42 InfoMicrosoft Windows LANManager SNMP LanManShares Disclosure

10264 41 HighSNMP Agent DefaultCommunity Names

11317 36 HighHP JetDirect Device SNMPRequest Cleartext AdminCredential Disclosure

10688 36 CriticalCisco CatOS VACM read-write Community String DeviceConfiguration Manipulation

45022 34 Info SNMP Query Airport Version

43100 32 InfoSNMP Query WLAN SSID(Cisco)

41028 32 HighSNMP Agent DefaultCommunity Name (public)

35296 31 InfoSNMP Protocol VersionDetection

19763 30 InfoSNMP Query InstalledSoftware Disclosure

27841 29 HighSNMP GETBULK Large max-repetitions Remote DoS

11335 28 CriticalSolaris mibiisa MIB ParsingRemote Overflow

34396 27 InfoASG-Sentry SNMP AgentDetection

10969 24 LowSNMP Request Cisco RouterInformation Disclosure

34022 23 InfoSNMP Query RoutingInformation Disclosure

25422 23 InfoSNMPc Management ServerDetection

51160 21 HighBMC SNMP Agent DefaultCommunity Name (public)


SNMP



10800 15 InfoSNMP Query SystemInformation Disclosure

10858 14 MediumMultiple Vendor MalformedSNMP Trap Handling DoS

11490 13 CriticalD-Link DSL Broadband ModemSNMP Cleartext ISP CredentialDisclosure

10857 12 MediumMultiple Vendor MalformedSNMP Message-Handling DoS

10546 4 InfoMicrosoft Windows LANManager SNMP LanMan UsersDisclosure


Solaris Local Security Checks


Solaris Local Security Checks



38773 54 High Solaris 10 (x86) : 140106-02

45597 44 High Solaris 10 (x86) : 144255-01

53276 43 High Solaris 10 (sparc) : 146802-03



49081 38 High Solaris 10 (x86) : 143593-08


50522 37 High Solaris 10 (x86) : 145797-02

42187 37 High Solaris 10 (x86) : 141503-02


48918 36 High Solaris 10 (x86) : 138881-02




56442 33 High Solaris 8 (x86) : 121431-54



55017 30 High Solaris 10 (x86) : 147183-01

50538 30 High Solaris 10 (x86) : 144489-17

53277 28 High Solaris 10 (x86) : 145045-03

55064 27 High Solaris 10 (x86) : 140388-02


50042 24 High Solaris 10 (x86) : 143562-09




SuSE Local Security Checks





58113 29 CriticalSuSE Security Update:java-1_4_2-ibm (2012-01-05)

57586 29 CriticalSuSE Security Update:acroread (2012-01-12)

51740 28 LowSuSE Security Update:Security update for fuse(fuse-6838)

57886 27 CriticalSuSE Security Update: mozilla-xulrunner192 (2012-02-06)

57204 27 CriticalSuSE Security Update:Security update for IBM Java(java-1_4_2-ibm-7504)


58195 24 CriticalSuSE Security Update:libvorbis (2012-02-21)

57683 24 CriticalSuSE Security Update:Security update for IBM Java1.4.2 (java-1_4_2-ibm-7908)

57239 24 LowSuSE Security Update:Security update for pam(pam-7814)

50945 24 LowSuSE Security Update: libvirt(2010-07-23)

57177 23 LowSuSE Security Update:Security update for dbus(dbus-1-7482)

53704 23 LowSuSE 11.2 Security Update:dbus-1 (2011-04-26)

51600 23 LowSuSE Security Update: gdm(2010-09-30)

58129 22 CriticalSuSE Security Update:Security update for flash-player(flash-player-7982)



57126 20 LowSuSE Security Update: pam(2011-10-25)





55139 20 LowSuSE Security Update:Security update for OpenSSL(openssl-7552)

51592 20 LowSuSE Security Update:NetworkManager (2010-09-16)


57130 19 LowSuSE Security Update: pure-ftpd (2011-09-01)


57192 18 CriticalSuSE Security Update:Security update for flash-player(flash-player-7571)

57152 18 CriticalSuSE Security Update:Security update for MozillaFirefox (MozillaFirefox-7784)

53590 18 LowSuSE Security Update:Security update for dbus(dbus-1-7483)


Ubuntu Local Security Checks





57844 28 CriticalUSN-1355-1 : firefoxvulnerabilities

56638 28 CriticalUSN-1239-1 : linux-ec2vulnerabilities

57685 27 CriticalUSN-1263-2 : openjdk-6,openjdk-6b18 regression

57448 27 LowUSN-1319-1 : linux-ti-omap4vulnerabilities

56747 27 CriticalUSN-1253-1 : linuxvulnerabilities

56768 26 CriticalUSN-1256-1 : linux-lts-backport-natty vulnerabilities

56479 26 CriticalUSN-1228-1 : linux-ti-omap4vulnerabilities

45343 26 LowUSN-918-1 : sambavulnerability

57058 25 LowUSN-1294-1 : linux-lts-backport-oneiric vulnerabilities

56640 25 CriticalUSN-1241-1 : linux-fsl-imx51vulnerabilities

38647 25 LowUSN-768-1 : Apportvulnerability

52479 23 LowUSN-1077-1 : fusevulnerabilities

55088 21 LowUSN-1127-1 : usb-creatorvulnerability

45398 21 LowUSN-922-1 : libnss-dbvulnerability

39336 21 LowUSN-783-1 : ecryptfs-utilsvulnerability

57665 20 LowUSN-1341-1 : linuxvulnerabilities

57458 20 CriticalUSN-1306-2 : mozvoikko,ubufox update

56388 19 CriticalUSN-1225-1 : linuxvulnerabilities

51572 19 LowUSN-1044-1 : dbusvulnerability

36904 19 LowUSN-642-1 : Postfixvulnerabilities

58069 18 CriticalUSN-1370-1 : libvorbisvulnerability





58037 17 CriticalUSN-1369-1 : thunderbirdvulnerabilities

56860 17 CriticalUSN-1263-1 : icedtea-web,openjdk-6, openjdk-6b18vulnerabilities

56562 17 CriticalUSN-1192-3 : libvoikkoregression

57532 16 LowUSN-1328-1 : linux-mvl-dovevulnerabilities


VMware ESX Local Security Checks


VMware ESX Local SecurityChecks



55747 52 High

VMSA-2011-0010 : VMwareESX third party updates forService Console packagesglibc and dhcp

57749 44 High

VMSA-2012-0001 : VMwareESXi and ESX updates to thirdparty library and ESX ServiceConsole

51077 41 HighVMSA-2010-0019 : VMwareESX third party updates forService Console

51422 38 High

VMSA-2011-0001 : VMwareESX third party updates forService Console packagesglibc, sudo, and openldap

56508 37 High

VMSA-2011-0012 : VMwareESXi and ESX updates to thirdparty libraries and ESX ServiceConsole

50985 37 High

VMSA-2010-0018 : VMwarehosted products and ESXpatches resolve multiplesecurity issues

40379 29 Critical

VMSA-2008-0010 : UpdatedTomcat and Java JREpackages for VMware ESX 3.5and VirtualCenter

40373 29 MediumVMSA-2008-0002 : Lowseverity security update forVirtualCenter and ESX

45386 28 Critical

VMSA-2010-0002 : VMwarevCenter update releaseaddresses multiple securityissues in Java JRE

42178 28 Medium

VMSA-2009-0002 :VirtualCenter Update 4 andESX patch update Tomcat toversion 5.5.27

44993 27 HighVMSA-2010-0004 : ESXService Console and vMA thirdparty updates

56997 26 CriticalVMware ESX / ESXiUnsupported Version Detection


VMware ESX Local Security Checks



40390 26 High

VMSA-2009-0005 : VMwareHosted products, VI Client andpatches for ESX and ESXiresolve multiple security issues

52012 25 Medium

VMSA-2009-0017 : VMwarevCenter, ESX patch andvCenter Lab Manager releasesaddress cross-site scriptingissues

51971 25 Critical

VMSA-2011-0003 : Thirdparty component updatesfor VMware vCenter Server,vCenter Update Manager,ESXi and ESX

49703 25 CriticalVMSA-2010-0015 : VMwareESX third party updates forService Console

40389 25 HighVMSA-2009-0004 : ESXService Console updates foropenssl, bind, and vim

40392 24 High

VMSA-2009-0007 : VMwareHosted products and ESX andESXi patches resolve securityissues

45402 22 MediumVMSA-2010-0006 : ESXService Console updates forsamba and acpid

56665 21 Critical

VMSA-2011-0013 : VMwarethird party component updatesfor VMware vCenter Server,vCenter Update Manager,ESXi and ESX

40388 21 HighVMSA-2009-0003 : ESX 2.5.5patch 12 updates serviceconsole package ed

52582 20 High

VMSA-2011-0004 : VMwareESX/ESXi SLPD denial ofservice vulnerability and ESXthird party updates for ServiceConsole packages bind, pam,and rpm.

52011 20 HighVMSA-2009-0009 : ESXService Console updates forudev, sudo, and curl

40386 20 High

VMSA-2008-0019 : VMwareHosted products and patchesfor ESX and ESXi resolvea critical security issue andupdate bzip2

43826 18 CriticalVMSA-2010-0001 : ESXService Console and vMAupdates for nss and nspr


Web Servers


Web Servers



57793 29 InfoOracle Fusion MiddlewareWebLogic Detection(credentialed check)

56979 29 Info Oracle WebLogic Detection

45423 29 CriticalIBM WebSphere ApplicationServer 6.1 < 6.1.0.13 MultipleVulnerabilities

57603 28 CriticalApache 2.2 < 2.2.13 APRapr_palloc Heap Overflow

35619 28 CriticalNaviCOPA < 3.01 6th February2009 Multiple Vulnerabilities

45039 27 CriticalOpenSSL < 0.9.8m MultipleVulnerabilities

46802 26 CriticalSBLIM-SFCB Multiple BufferOverflows

39328 26 InfoVulture Reverse ProxyDetection

57034 25 InfoIBM WebSphere ApplicationServer Detection

55930 24 InfoOracle GlassFish HTTP ServerVersion

51185 24 InfoDell Remote Access Controller(DRAC) Detection

51901 22 CriticalXEROX WorkCentreCommand Injection(XRX11-001)

48363 21 InfoIBM Tivoli ManagementFramework Endpoint WebDetection

44589 21 CriticalApache < 1.3.42 mod_proxyInteger Overflow

57619 20 CriticalOracle Application ServerMultiple Vulnerabilities

53532 20 CriticalHP System ManagementHomepage < 6.3 MultipleVulnerabilities

46015 20 CriticalHP System ManagementHomepage < 6.0.0.96 /6.0.0-95 Multiple Vulnerabilities

34781 20 CriticalOracle WebLogic Servermod_wl Invalid ParameterRemote Overflow (1150354)

52973 19 InfoRestricted Web PagesDetection


Web Servers



50348 19 Critical IBM RSA Default Credentials

49704 19 Info External URLs

45415 18 CriticalIBM WebSphere ApplicationServer 6.0 < 6.0.2.17 MultipleVulnerabilities

52658 17 Info Lotus Sametime Detection

39446 17 InfoApache Tomcat Default ErrorPage Version Detection

38790 17 CriticalXEROX WorkCentre WebServer Unspecified CommandInjection (XRX09-002)


Windows


Windows



55532 29 InfoMicrosoft System CenterConfiguration Manager ClientInstalled

15912 29 CriticalMS04-006: WINS ServerRemote Overflow (830352)(uncredentialed check)

55883 27 Critical

MS11-058: Vulnerabilitiesin DNS Server Could AllowRemote Code Execution(2562485) (remote check)

55514 27 InfoAdobe ColdFusion Installedon Microsoft Windows(credentialed check)

57862 26 Critical

HP Data ProtectorMedia Operations Server'DBServer.exe' Remote CodeExecution

57708 26 InfoWebSphere MQ Server andClient Detection

55284 26 InfoAttachmate Reflection forSecure IT Windows ServerInstalled

56712 25 Info Google SketchUp Detection

56282 24 Critical

Citrix XenApp/XenDesktopMultiple Code ExecutionVulnerabilities (credentialedcheck)

57959 23 CriticalOracle Java SE MultipleVulnerabilities (Feb 2012 CPU)

56166 23 CriticalHP Client Automationradexecd.exe RemoteCommand Execution

58134 22 CriticalMicrosoft SilverlightUnsupported Version Detection(Windows)

55958 22 CriticalSun Java JRE UnsupportedVersion Detection

58181 21 InfoWindows DNS ServerEnumeration

56959 20 CriticalAdobe AIR <= 3.0 MultipleVulnerabilities (APSB11-28)

57348 19 InfoRSA SecurID Software TokenInstalled

55886 19 CriticalMozilla Thunderbird 3.1 <3.1.12 Multiple Vulnerabilities


Windows



53623 19 InfoHP Virtual Server EnvironmentDetection

57364 18 Info PuTTY Detection

55995 17 CriticalEMC AutoStart ftAgent MultipleRemote Code ExecutionVulnerabilities

56412 16 InfoSymantec Enterprise VaultDetection

55550 16 InfoHP Data Protector Installed(Windows) (credentialedcheck)

56413 15 CriticalSymantec Enterprise Vault /Oracle Outside In MultipleVulnerabilities (SYM11-011)

55650 15 Info SAP GUI Detection

55115 15 InfoSymantec Backup Exec ServerInstalled


Windows : Microsoft Bulletins





55129 29 Medium

MS11-049: Vulnerability in theMicrosoft XML Editor CouldAllow Information Disclosure(2543893)

53377 29 Critical

MS11-020: Vulnerability inSMB Server Could AllowRemote Code Execution(2508429)

57475 28 Medium

MS12-007: Vulnerabilityin AntiXSS Library CouldAllow Information Disclosure(2607664)

51904 28 Critical

MS11-004: Vulnerability inInternet Information Services(IIS) FTP Service Could AllowRemote Code Execution(2489256)

57471 27 Medium

MS12-003: Vulnerabilityin Windows Client/ServerRun-time Subsystem CouldAllow Elevation of Privilege(2646524)

57033 27 InfoMicrosoft Patch BulletinFeasibility Check

56177 27 Medium

MS11-074: Vulnerabilities inMicrosoft SharePoint CouldAllow Elevation of Privilege(2451858)

55572 26 Medium

MS11-056: Vulnerabilitiesin Windows Client/ServerRun-time Subsystem CouldAllow Elevation of Privilege(2507938)

55117 26 Medium

MS11-037: Vulnerabilityin MHTML Could AllowInformation Disclosure(2544893)

39344 26 Critical

MS09-022: Vulnerabilities inWindows Print Spooler CouldAllow Remote Code Execution(961501)

55569 25 Medium

MS11-053: Vulnerability inBluetooth Stack Could AllowRemote Code Execution(2566220)

12205 23 CriticalMS04-011: Microsoft Hotfix(credentialed check) (835732)





55791 21 Medium

MS11-061: Vulnerability inRemote Desktop Web AccessCould Allow Elevation ofPrivilege (2546250)

11787 21 CriticalMS03-024: SMB RequestHandler Buffer Overflow(817606)

11433 21 LowMS03-009: Microsoft ISAServer DNS - Denial OfService (331065)

56456 20 Medium

MS11-082: Vulnerabilitiesin Host Integration ServerCould Allow Denial of Service(2607670)

42106 20 CriticalMS09-050: Vulnerabilities inSMBv2 Could Allow RemoteCode Execution (975517)

38153 19 InfoMicrosoft Windows Summaryof Missing Patches

11808 19 CriticalMS03-026: Microsoft RPCInterface Buffer Overrun(823980)

51910 18 Medium

MS11-010: Vulnerabilityin Windows Client/ServerRun-time Subsystem CouldAllow Elevation of Privilege(2476687)

31038 18 LowMS08-004: Vulnerability inWindows TCP/IP Could AllowDenial of Service (946456)

16299 18 Low

MS03-034: NetBIOSName Service ReplyInformation Leakage (824105)(credentialed check)

55120 16 Critical

MS11-040: Vulnerability inThreat Management GatewayFirewall Client Could AllowRemote Code Execution(2520426)

42438 16 CriticalMS09-064: Vulnerability inthe License Logging Service(974783)

26921 16 CriticalWindows Service Pack Out ofDate


Windows : User management





10905 49 InfoMicrosoft Windows 'PrintOperators' Group User List

10904 48 InfoMicrosoft Windows 'BackupOperators' Group User List

10916 42 InfoMicrosoft Windows - LocalUsers Information : Passwordsnever expire

10906 41 InfoMicrosoft Windows 'Replicator'Group User List

10399 39 InfoSMB Use Domain SID toEnumerate Users

10902 38 InfoMicrosoft Windows'Administrators' Group UserList

17651 36 InfoMicrosoft Windows SMB :Obtains the Password Policy

10915 35 InfoMicrosoft Windows - LocalUsers Information : User hasnever logged on

10899 35 InfoMicrosoft Windows - UsersInformation : User has neverlogged in

10914 31 InfoMicrosoft Windows - LocalUsers Information : Neverchanged passwords

10907 31 HighMicrosoft Windows GuestAccount Belongs to a Group

56211 29 MediumSMB Use Host SID toEnumerate Local UsersWithout Credentials

10900 29 InfoMicrosoft Windows - UsersInformation : Passwords neverexpires

10895 29 InfoMicrosoft Windows - UsersInformation : automaticallydisabled accounts

10913 28 InfoMicrosoft Windows - LocalUsers Information : Disabledaccounts

10896 27 InfoMicrosoft Windows - UsersInformation : Can't changepassword

10860 23 InfoSMB Use Host SID toEnumerate Local Users





10898 21 InfoMicrosoft WIndows - UsersInformation : Never changedpassword

10911 19 Info

Microsoft Windows -Local Users Information :Automatically disabledaccounts

10903 18 InfoMicrosoft Windows 'ServerOperators' Group User List

10901 13 InfoMicrosoft Windows 'AccountOperators' Group User List

10897 13 InfoMicrosoft Windows - UsersInformation : disabled accounts

10908 12 InfoMicrosoft Windows 'DomainAdministrators' Group User List

10912 8 InfoMicrosoft Windows - LocalUsers Information : Can'tchange password

family nessus plugin tenable network...

Documents