OpenVAS Plugins
Current NVT count: 30717
New NVTs this Month: 173 (Last update: 2013-05-23 12:34:35)
New NVTs last Month: 290
Plugin Set: 201305220842
Search Results - 28 NVT(s) found
Leave information on scanned Windows hosts
This script is Copyright (C) 2013 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96171
Filename: gb_host_scanned_wmi.nasl
Dependencies: smb_reg_service_pack.nasl - smb_login.nasl - scan_info.nasl
Family: General
Risk factor : NoneSummary: Leave information on scanned Windows hosts"
This routine stores information about the scan on the scanned host,
provided it is a Windows system remote registry and wmi access.
The information cover hostname, scan start time and scan end time.
No details about the actual scan results are stored on the scanned host.
By default, this routine is disabled even it is selected to run. To activate
it, it needs to be explictely enabled with its corresponding preference switch.
The preference 'Message' may contain 3 placeholder where respective content
will be inserted into the message when the message is finally created on the
target system: '::HOSTNAME::', '::SCAN_START::' and '::SCAN_STOP::'.
At the end of the scan, the message will be written into the registry
key 'SOFTWAREVulScanInfo'.
Microsoft SMB Signing Disabled
Copyright (c) 2012 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802726
Filename: gb_ms_smb_signing_disabled.nasl
Dependencies: smb_login.nasl
Family: Windows
Risk factor : NoneSummary: Check if SMB signing is disabled"
Checking for SMB signing is disabled.
The script logs in via smb, checks the SMB Negotiate Protocol response to
confirm SMB signing is disabled.
Microsoft Windows SMB Accessible Shares ->
Copyright (c) 2012 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902425
Filename: secpod_ms_smb_accessible_shares.nasl
Dependencies: smb_login.nasl
Family: Windows
Risk factor : NoneSummary: Check for SMB Accessible Shares"
Overview: The script detects the Windows SMB Accessible Shares and sets the
result into KB.
Microsoft SMB Signing Enabled and Not Required At Server
Copyright (C) 2012 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902798
Filename: secpod_ms_smb_signing_enabled_not_req_at_server.nasl
Dependencies: smb_login.nasl
Family: Windows
Risk factor : NoneSummary: Check if SMB Signing is enabled and not required at the server"
Overview: This script finds the SMB Signing is enabled and not required at
the server.
References:
http://mccltd.net/blog/?p=1252
Microsoft SMB Transaction Parsing Remote Code Execution Vulnerability
Copyright (C) 2012 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902660
Filename: secpod_ms11-020_remote.nasl
Dependencies: secpod_ms_smb_accessible_shares.nasl - smb_login.nasl
Family: Windows : Microsoft Bulletins
CVE: CVE-2011-0661BID: 47198
CVSS: 10.0
Risk factor : Critical
Summary: Determine if SMB server is prone to remote code execution vulnerability"
Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-020.
Vulnerability Insight:
The flaw is due to improper validation of field in SMB request,
which allows remote attackers to execute arbitrary code on the system by
sending a malformed SMB request.
Impact:
Successful exploitation could allow remote attackers to execute arbitrary
code on the system.
Impact Level: System
Affected Software/OS:
Microsoft Windows 7 SP1 and prior
Microsoft Windows 2008 SP2 and prior
Microsoft Windows Vista SP2 and prior
Microsoft Windows 2008 R2 SP1 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2003 Service Pack 2 and prior
Fix: Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/MS11-020
References:
http://osvdb.org/71781
http://secunia.com/advisories/44072/
http://www.securitytracker.com/id?1025329
http://www.us-cert.gov/cas/techalerts/TA11-102A.html
http://technet.microsoft.com/en-us/security/bulletin/ms11-020
MS Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability (2646524)
Copyright (C) 2012 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902499
Filename: secpod_ms12-003.nasl
Dependencies: secpod_reg_enum.nasl - smb_login.nasl
Family: Windows : Microsoft Bulletins
CVE: CVE-2012-0005BID: 51270
CVSS: 6.9
Risk factor : High
Summary: Check for the vulnerable 'winsrv.dll' file version"
Overview: This host is missing an important security update according to
Microsoft Bulletin MS12-003.
Vulnerability Insight:
The flaw is due to an error in the Client/Server Run-time Subsystem
(CSRSS) when processing specially crafted sequences of unicode characters.
NOTE : This vulnerability can only be exploited on systems configured with
a Chinese, Japanese or Korean system locale.
Impact:
Successful exploitation could allow attacker to execute arbitrary code with
system-level privileges. Successfully exploiting this issue will result in
the complete compromise of affected computers.
Impact Level: System
Affected Software/OS:
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2003 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 2 and prior.
Microsoft Windows Server 2008 Service Pack 2 and prior.
Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms12-003
References:
http://secunia.com/advisories/47479/
http://support.microsoft.com/kb/2646524
http://technet.microsoft.com/en-us/security/bulletin/ms12-003
Microsoft Bluetooth Stack Remote Code Execution Vulnerability (2566220)
Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902395
Filename: secpod_ms11-053.nasl
Dependencies: smb_reg_service_pack.nasl - smb_login.nasl
Family: Windows : Microsoft Bulletins
CVE: CVE-2011-1265BID: 48617
CVSS: 10.0
Risk factor : Critical
Summary: Check for vulnerable file 'fsquirt.exe' version"
Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-053.
Vulnerability Insight:
The flaw is due to the way an object in memory is accessed when it has
not been correctly initialized or has been deleted.
Impact:
Successful exploitation could allow remote attackers to execute arbitrary
code with SYSTEM-level privileges.
Impact Level: System
Affected Software/OS:
Microsoft Windows Vista Service Pack 2 and prior
Microsoft Windows 7 x32/x64 Edition Service Pack 1 and prior
Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms11-053
******
NOTE: Ignore this warning if 'Windows Vista Feature Pack for Wireless'
is not installed on Windows Vista Service Pack 1
******
References:
http://support.microsoft.com/kb/2532531
http://technet.microsoft.com/en-us/security/bulletin/ms11-053
Microsoft GDI+ Remote Code Execution Vulnerability (2489979)
Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902365
Filename: secpod_ms11-029.nasl
Dependencies: smb_reg_service_pack.nasl - smb_login.nasl
Family: Windows : Microsoft Bulletins
CVE: CVE-2011-0041BID: 47250
CVSS: 9.3
Risk factor : Critical
Summary: Check for 'gdiplus.dll' file verison"
Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-029.
Vulnerability Insight:
The flaw is caused by an integer overflow error in the GDI+ library when
processing malformed data.
Impact:
Successful exploitation could allow remote attackers to execute arbitrary code
via a specially crafted web page.
Impact Level: System
Affected Software/OS:
Microsoft Windows XP x32 Edition Service Pack 3 and prior
Microsoft Windows XP x64 Edition Service Pack 2 and prior
Microsoft Windows 2003 x32/x64 Edition Service Pack 2 and prior
Microsoft Windows Vista x32/x64 Edition Service Pack 2 and prior
Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2 and prior
Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/Bulletin/MS11-029.mspx
References:
http://secunia.com/advisories/38510/
http://www.vupen.com/english/advisories/2011/0946
http://technet.microsoft.com/en-us/security/bulletin/ms11-029
Get Windows Eventlog Entries over WMI
Copyright (c) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96204
Filename: gb_wmi_eventlog.nasl
Dependencies: toolcheck.nasl - smb_login.nasl
Family: General
Risk factor : NoneSummary: Get Windows Eventlog Entries over WMI"
Get Windows Eventlog Entries over WMI
Panda Antivirus Update Detect ->
Copyright (C) 2010 LSS
OID: 1.3.6.1.4.1.25623.1.0.102048
Filename: panda_av_update_detect.nasl
Dependencies: netbios_name_get.nasl - smb_login.nasl - smb_registry_access.nasl - smb_reg_service_pack.nasl - gb_panda_prdts_detect.nasl
Family: Service detection
Risk factor : NoneSummary: Gets update information for Panda Antivirus"
Extracts date of the last update for Panda Antivirus software, from the
Titanium.ini file and stores it to KB.
Get OS Version, OS Type, OS Servicepack and OS Name over WMI (win) ->
Copyright (c) 2009 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96999
Filename: GSHB_WMI_OSInfo.nasl
Dependencies: smb_login.nasl - secpod_reg_enum.nasl
Family: IT-Grundschutz
Risk factor : NoneSummary: Get OS Version, OS Type, OS Servicepack and OS Name over WMI (win)"
Overview: Get OS Version, OS Type, OS Servicepack and OS Name over WMI (win)
This script is Copyright (C) 2003 Xue Yong Zhi
OID: 1.3.6.1.4.1.25623.1.0.11430
Filename: winmx_installed.nasl
Dependencies: netbios_name_get.nasl - smb_login.nasl - smb_registry_access.nasl
Family: Peer-To-Peer File Sharing
CVSS: 5.0Risk factor : Medium
Summary: Determines if WinMX is installed
The remote host is using WinMX - a p2p software, which may not
be suitable for a business environment.
Solution : Uninstall this software
This script is Copyright (C) 2003 Xue Yong Zhi
OID: 1.3.6.1.4.1.25623.1.0.11431
Filename: xolox_installed.nasl
Dependencies: netbios_name_get.nasl - smb_login.nasl - smb_registry_access.nasl
Family: Peer-To-Peer File Sharing
Risk factor : NoneSummary: Determines if XoloX is installed
The remote host is using XoloX - a p2p software,
which may not be suitable for a business environment.
Solution : Uninstall this software
This script is Copyright (C) 2003 Xue Yong Zhi
OID: 1.3.6.1.4.1.25623.1.0.11432
Filename: yahoo_installed.nasl
Dependencies: netbios_name_get.nasl - smb_login.nasl - smb_registry_access.nasl
Family: Windows
CVE: CVE-2002-0320 CVE-2002-0321 CVE-2002-0031 CVE-2002-0032 CVE-2002-0322BID: 2299 4162 4163 4164 4173 4837 4838 5579 6121
CVSS: 7.5
Risk factor : High
Summary: Determines if Yahoo!Messenger is installed
Yahoo!Messenger - an instant messaging software, which may not be suitable
for a business environment - is installed on the remote host. If its use
is not compatible with your corporate policy, you should de-install it.
Solution : Uninstall this software
ZoneAlarm Personal Firewall port 67 flaw
This script is Copyright (C) 2004 David Maciejak
OID: 1.3.6.1.4.1.25623.1.0.14660
Filename: zone_alarm_fw_p67.nasl
Dependencies: netbios_name_get.nasl - zone_alarm_local_dos.nasl - smb_login.nasl - smb_registry_access.nasl
Family: Firewalls
CVE: CVE-2000-0339BID: 1137
CVSS: 7.5
Risk factor : High
Summary: Check ZoneAlarm version
ZoneAlarm firewall runs on this host.
This version contains a flaw that may allow a remote attacker to bypass
the ruleset.
The issue is due to ZoneAlarm not monitoring and alerting UDP traffic with a
source port of 67.
This allows an attacker to bypass the firewall to reach protected hosts without
setting off warnings on the firewall.
Solution : Upgrade at least to version 2.1.25
Internet Explorer version check
This script is Copyright (C) 2006 Montgomery County Maryland
OID: 1.3.6.1.4.1.25623.1.0.80041
Filename: smb_explorer_version.nasl
Dependencies: smb_login.nasl - smb_registry_access.nasl - gb_ms_ie_detect.nasl
Family: Windows
CVSS: 7.6Risk factor : High
Summary: Checks that Internet Explorer is a supported version.
Synopsis :
The remote host is running a version of Internet Explorer which is not
supported by Microsoft any more.
Description :
The remote host has a non-supported version of Internet Explorer installed.
Non-supported versions of Internet Explorer may contain critical security
vulnerabilities as no new security patches will be released for those.
See also :
http://support.microsoft.com/gp/lifesupsps/#Internet_Explorer
Solution :
Update Internet Explorer.
This script is Copyright (C) 2001 Intranode <plugin@intranode.com>
OID: 1.3.6.1.4.1.25623.1.0.10642
Filename: smb_mssql7.nasl
Dependencies: netbios_name_get.nasl - smb_login.nasl - smb_registry_access.nasl
Family: Windows
CVE: CVE-2002-0642BID: 5205
CVSS: 7.2
Risk factor : High
Summary: Determines if a key exists and is set
The remote SQL server seems to be vulnerable to the
SQL abuse vulnerability described in technet article
Q256052. This problem allows an attacker who has to ability
to execute SQL queries on this host to gain elevated privileges.
Solution : http://support.microsoft.com/default.aspx?scid=kb;en-us;256052
Reference : http://online.securityfocus.com/archive/1/285915
Reference : http://online.securityfocus.com/advisories/4308
Microsoft ISA Server DNS - Denial Of Service (MS03-009)
This script is Copyright (C) 2003 A.D.Consulting
OID: 1.3.6.1.4.1.25623.1.0.11433
Filename: smb_nt_ms03-009.nasl
Dependencies: netbios_name_get.nasl - smb_login.nasl - smb_registry_access.nasl - smb_reg_service_pack.nasl
Family: Windows : Microsoft Bulletins
CVE: CVE-2003-0011BID: 7145
CVSS: 5.0
Risk factor : Medium
Summary: Checks for ISA Server DNS HotFix SP1-256
A flaw exists in the ISA Server DNS intrusion detection application filter.
An attacker could exploit the vulnerability by sending a specially formed
request to an ISA Server computer that is publishing a DNS server, which
could then result in a denial of service to the published DNS server.
Solution : see http://www.microsoft.com/technet/security/bulletin/ms03-009.mspx
Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.10400
Filename: smb_registry_access.nasl
Dependencies: netbios_name_get.nasl - smb_login.nasl - smb_nativelanman.nasl
Family: Windows
Risk factor : NoneSummary: Determines whether the remote registry is accessible"
The remote registry can be accessed remotely using the login/password
credentials.
Enumerates List of Windows Hotfixes ->
Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900012
Filename: secpod_reg_enum.nasl
Dependencies: netbios_name_get.nasl - smb_login.nasl - smb_registry_access.nasl - smb_reg_service_pack.nasl - smb_nativelanman.nasl
Family: Windows
Risk factor : NoneSummary: Check for Hotfixes and set KB List"
Overview : This script will enumerates the list of all installed hotfixes
on the remote host and sets Knowledge Base.
This script is Copyright (C) 2004 Jorge Pinto And Nelson Gomes
OID: 1.3.6.1.4.1.25623.1.0.12231
Filename: ris_detect.nasl
Dependencies: netbios_name_get.nasl - smb_login.nasl - smb_registry_access.nasl
Family: Windows
Risk factor : NoneSummary: Checks if the remote host was installed via RIS.
This plugin checks if the equipment was installed via RIS.
Microsofts SQL Version Query ->
This script is Copyright (C) 2003 John Lampe
OID: 1.3.6.1.4.1.25623.1.0.11217
Filename: mssql_version.nasl
Dependencies: netbios_name_get.nasl - smb_login.nasl - smb_registry_access.nasl - mssqlserver_detect.nasl
Family: Windows
BID: 1292 2030 2042 2043 2863 3733 4135 4847 5014 5205CVSS: 7.5
Risk factor : High
Summary: Microsoft's SQL Version Query
The plugin attempts a smb connection to read version from
the registry key
SOFTWAREMicrosoftMSSQLServerMSSQLServerCurrentVersion
to determine the Version of SQL and Service Pack the host
is running.
Some versions may allow remote access, denial of service
attacks, and the ability of a hacker to run code of their
choice.
Solution : Apply current service packs and hotfixes
Sun Java Runtime Environment DoS
This script is Copyright (C) 2004 Netteksecure Inc.
OID: 1.3.6.1.4.1.25623.1.0.12244
Filename: java_jre_jdk_dos.nasl
Dependencies: netbios_name_get.nasl - smb_login.nasl - smb_registry_access.nasl
Family: Windows
CVE: CVE-2004-0651BID: 10301
CVSS: 5.0
Risk factor : Medium
Summary: Checks for Java SDK and JRE versions prior to 1.4.2_04
The remote Windows machine is running a Java SDK or JRE version
1.4.2_03 and prior which is vulnerable to a DoS attack.
Solution: Upgrade to SDK and JRE 1.4.2_04
http://java.sun.com/j2se/
JS.Scob.Trojan or Download.Ject Trojan
This script is Copyright (C) 2004 Jeff Adams
OID: 1.3.6.1.4.1.25623.1.0.12286
Filename: js.scob.trojan.nasl
Dependencies: netbios_name_get.nasl - smb_login.nasl - smb_registry_access.nasl - smb_registry_access.nasl
Family: Windows
CVSS: 10.0Risk factor : Critical
Summary: JS.Scob.Trojan/JS/Exploit-DialogArg.b Trojan
JS.Scob.Trojan or Download.Ject Trojan
JS.Scob.Trojan or Download.Ject is a simple Trojan that executes a
JavaScript file from a remote server.
The Trojan's dropper sets it as the document footer for all pages
served by IIS Web sites on the infected computer. The presence of
Kk32.dll or Surf.dat may indicate a client side infection. More
information is available here:
http://www.microsoft.com/security/incident/download_ject.mspx
Solution : Use Latest Anti Virus to clean machine. Virus Definitions
and removal tools are being released as of 06/25/04
This script is Copyright (C) 2003 Xue Yong Zhi
OID: 1.3.6.1.4.1.25623.1.0.11426
Filename: kazaa_installed.nasl
Dependencies: netbios_name_get.nasl - smb_login.nasl - smb_registry_access.nasl
Family: Peer-To-Peer File Sharing
CVE: CVE-2002-0314 CVE-2002-0315BID: 3135 4121 4122 5317 6435 6747
CVSS: 7.5
Risk factor : High
Summary: Determines if Kazaa is installed
The remote host is using Kazaa - a p2p software, which may not
be suitable for a business environment.
Solution : Uninstall this software
This script is Copyright (C) 2003 Xue Yong Zhi
OID: 1.3.6.1.4.1.25623.1.0.11427
Filename: limewire_installed.nasl
Dependencies: netbios_name_get.nasl - smb_login.nasl - smb_registry_access.nasl
Family: Peer-To-Peer File Sharing
Risk factor : NoneSummary: Determines if LimeWire is installed
The remote host is using LimeWire - a p2p software,
which may not be suitable for a business environment.
Solution : Uninstall this software
This script is Copyright (C) 2003 Xue Yong Zhi
OID: 1.3.6.1.4.1.25623.1.0.11425
Filename: icq_installed.nasl
Dependencies: netbios_name_get.nasl - smb_login.nasl - smb_registry_access.nasl
Family: Peer-To-Peer File Sharing
CVE: CVE-1999-1418 CVE-1999-1440 CVE-2000-0046 CVE-2000-0564 CVE-2000-0552 CVE-2001-0367 CVE-2002-0028 CVE-2001-1305BID: 1307 132 246 2664 3226 3813 929
CVSS: 7.5
Risk factor : High
Summary: Determines if ICQ is installed
The remote host is using ICQ - a p2p software,
which may not be suitable for a business environment.
Solution : Uninstall this software
This script is Copyright (C) 2003 Jeff Adams
OID: 1.3.6.1.4.1.25623.1.0.11883
Filename: gator.nasl
Dependencies: netbios_name_get.nasl - smb_login.nasl - smb_registry_access.nasl - smb_registry_access.nasl
Family: Windows
CVSS: 5.0Risk factor : Medium
Summary: Determines if Gator Spyware is installed
The remote host has Gator/GAIN Spyware Installed. Gator tracks the sites that
users visit and forwards that data back to the company's servers. Gator sells
the use of this information to advertisers. It also lets companies launch a
pop-up ad when users visit various Web sites. This software is not suitable
for a business environment.
Solution : Uninstall the software