Hi, Here are most of the updates I mentioned last week. 11856 - fix false +ve against Netscape-Enterprise 3.6 and 2.0 11411 - fix false +ve when all the old extenstions match on one file 10492 - fix false +ve - "[a-z]\:.*anything" matches on http://...anything 10815 - add preference "Generic XSS masks others" smtp_func.inc - fix bug in smtp_open These are modified to observe the generic_xss kb flag: 10844 asp_net_css.nasl 10853 oracle9i_modplsql_css.nasl 10957 Jserv_css.nasl 11010 websphere_xss.nasl 11041 apache_Tomcat_Servlet_XSS.nasl 11042 apache_Tomcat_DOS_Device_XSS.nasl 11142 iis_xss_idc.nasl 11362 sfm_xss.nasl 11365 auctiondeluxe_xss.nasl 11394 domino_xss.nasl 11395 frontpage_xss.nasl 11399 cleartrust_xss.nasl 11415 squirremail_cross_site_scripting.nasl 11417 MyAbraCadaWeb_XSS.nasl 11437 osCommerce_xss.nasl 11441 mambo_xss.nasl 11445 basit_xss.nasl 11446 dcp_portal_xss.nasl 11447 nuked_klan_xss.nasl 11448 siteframe_xss.nasl 11449 ezpublish_xss.nasl 11470 web_chat_xss.nasl 11479 pafiledb_xss.nasl 11492 sambar_xss.nasl 11508 xoops_xss.nasl 11527 xmb_xss.nasl 11537 ocean12_guestbook_xss.nasl 11597 snitz_forums_2000_xss.nasl 11608 neoteris_ive_xss.nasl 11610 testcgi_xss.nasl 11622 mod_ssl_wildcard_dns_xss.nasl 11624 shoutcast_log_xss.nasl 11644 ezpublish_dir_xss.nasl 11672 bandmin_xss.nasl 11681 zeus_web_admin_xss.nasl 11694 psynch_multiple_vulns.nasl 11741 lednews_xss.nasl 11743 postnuke_multiple_xss.nasl 11760 podboard_forum_details_xss.nasl 11764 jeus_url_xss.nasl 11766 pmachine_xss_and_path_disclosure.nasl 11810 gallery_xss.nasl 11815 imp_mime_viewer_html_xss.nasl I've attached the new .nasl files and diffs in -cb format. Regards, Paul -- Paul Johnston Internet Security Specialist Westpoint Limited Albion Wharf, 19 Albion Street, Manchester, M1 5LN England Tel: +44 (0)161 237 1028 Fax: +44 (0)161 237 1031 email: paul@private web: www.westpoint.ltd.uk
This archive was generated by hypermail 2b30 : Fri Oct 31 2003 - 03:50:11 PST