On Wed, Jul 30, 2003 at 11:40:47AM +0100, Paul Johnston wrote: > Hi, > > As far as I can tell, Nessus does not have plugins for the following > recent vulnerabilities (apologies for limited references): > > 1) phpMyAdmin XSS Which one ? phpMyAdmin_multiple_flaws.nasl should detect it ? > 2) Outlook Web Access XSS > 3) Samba vulnerabilities CAN-2003-0196 / CAN-2003-0201 Yes it does - see samba_trans2open_overflow.nasl > 4) possible open relay with qmail-smtpd-auth. > 5) CGI.pm XSS Hard to test for, as it's a backend library, and it should be catched by torture_cgi.nasl > 6) Solaris IPv6 DoS It's IPv6, Nessus only "speaks" IPv4 at this time. Since targets are designated as IPv4 IPs, where would Nessus send its IPv6 packets ? > 7) IIS 6.0 web admin XSS > 8) Linux kernel dos in XDR routine Yes, it needs to be done. I'll work on it today. > 9) Microsoft ISA server XSS > > I have some time this week to spend implementing these. > > Basically the XSS ones /should/ be relatively straightforward. Yes, and most of them should be caught by torture_cgi.nasl. If you want to work on them, that would be fine with me, and I'll work on the Linux NFSv3 DoS.
This archive was generated by hypermail 2b30 : Wed Jul 30 2003 - 06:14:54 PDT