Passive Vulnerability Scanner (PVS) Signatures

Passive Vulnerability Scanner (PVS) Signatures


Table of Contents Introduction.........................................................................................................................................................1 PVS PLUGIN FAMILIES..................................................................................................................................2 Family Backdoors..............................................................................................................................................4 Family CGI.........................................................................................................................................................8 Family Database...............................................................................................................................................45 Family DNS Servers.........................................................................................................................................61 Family Finger...................................................................................................................................................65 Family FTP Servers.........................................................................................................................................66 Family FTP Clients..........................................................................................................................................71 Family Generic.................................................................................................................................................73 Family Operating System Detection.............................................................................................................106 Family IMAP Servers....................................................................................................................................113 Family Internet Messengers..........................................................................................................................116 Family IRC Clients........................................................................................................................................122 Family IRC Servers.......................................................................................................................................124 Family Peer-To-Peer File Sharing................................................................................................................125 Family POP Server........................................................................................................................................128 Family RPC....................................................................................................................................................130 Family Samba.................................................................................................................................................133 Family SMTP Clients....................................................................................................................................136 Family SMTP Servers....................................................................................................................................146 Family SNMP Traps......................................................................................................................................154 Family SSH.....................................................................................................................................................155

i


Table of Contents Family Web Clients........................................................................................................................................158 Family Web Servers.......................................................................................................................................216 Family Abuse..................................................................................................................................................290 Family Policy..................................................................................................................................................291 Family Data Leakage.....................................................................................................................................299 Family SCADA...............................................................................................................................................308 Family Mobile Devices...................................................................................................................................318 Family Internet Services................................................................................................................................327

ii

Introduction PVS is a passive vulnerability scanner. Do you know what happens between the last time a vulnerability scan is completed and the next time a scan is completed? New hosts, new ports, new services, and new vulnerabilities can arrive on your networks faster than you may be allowed to scan for them. The PVS vulnerability monitor can find out what is happening on your network without actively scanning it. As PVS monitors your network, it also watches for potential application compromises, trust relationships, and open or browsed network protocols. A single PVS sensor can be placed in front of a network of 25,000 systems and continuously monitor the traffic for a variety of security related information including: • Keeping track of all client and server application vulnerabilities • Detecting when an application is compromised or subverted • Detecting when new hosts are added to the network • Detecting when an internal system begins to port scan other systems • Highlighting all interactive and encrypted network sessions • Tracking exactly which systems communicate with other internal systems • Detecting which ports are served and which ports are browsed for each individual system • Passively determining the type of operating system of each active host

This PDF is automatically generated as new plugins are made available for download from the Tenable Network Security Corporate Web Server. This PDF is organized into several sections. Initially, you have this introduction followed by an overview of plugin count for each plugin family. Finally, the PDF details specific information for each of the different plugin modules. This information includes a brief description, plugin ID, CVE cross-reference, Bugtraq ID cross-reference, Nessus cross-reference, and several other descriptive entries. For more information regarding PVS, please visit: http://www.tenablesecurity.com/products/tenable-passive-vulnerability-scanner

Copyright 2017 Tenable Network Security

Introduction

1

PVS PLUGIN FAMILIES COUNT FAMILY NAME 100

Backdoors

1113

CGI

445

Database

59

DNS Servers

7

Finger

137

FTP Servers

19

FTP Clients

1008

Generic

41

IMAP Servers

98

Internet Messengers

7

IRC Servers

28

IRC Clients

119

Operating System Detection

50

Peer-To-Peer File Sharing

48

POP Server

67

RPC

70

Samba

173

SMTP Clients

135

SMTP Servers SNMP Traps

86

SSH

1117

Web Clients

1170

Web Servers Abuse

224

Policy

165

Data Leakage

287

SCADA

160

Mobile Devices

137

Internet Services

PVS PLUGIN FAMILIES

2


PVS PLUGIN FAMILIES

3

Family Backdoors PVS ID PLUGIN NAME

FAMILY

NESSUS ID

1141

Trojan/Backdoor - W32/Bagle Virus Detection

Backdoors

N/A

1143

Trojan/Backdoor - MyDOOM/NoVarg Detection

Backdoors

12029

1183

Policy - iroffer Software Detection

Backdoors

N/A

1184


Backdoors

N/A

1185


Backdoors

N/A

1207

Trojan/Backdoor - Agobot.FO Detection

Backdoors

12128

1215

Trojan/Backdoor Detection - Sasser Worm

Backdoors

12219

1229

Trojan/Backdoor - JS.Scob.Trojan/Download.Ject Detection Backdoors

N/A

1230

Policy - GATOR Software Detection

Backdoors

11998

1231

Policy - ALEXA Software Detection

Backdoors

N/A

1232

Policy - BARGAINBUDDY Software Detection

Backdoors

12010

1233

Policy - HOTBAR Software Detection

Backdoors

N/A

1234

Policy - EZULA Software Detection

Backdoors

N/A

1235

Policy - HOTBAR Software Detection

Backdoors

N/A

1236

Policy - Cydoor Topicks Sofware Detection

Backdoors

N/A

1240

Trojan/Backdoor - MyDoom.M Detection

Backdoors

N/A

1241

Trojan/Backdoor - BackDoor.Zincite.A Detection

Backdoors

14184

1883

Trojan/Backdoor - 4553 Detection

Backdoors

11187

1884

RemotelyAnywhere SSH Detection

Backdoors

10921

1885

RemotelyAnywhere WWW Detection

Backdoors

10920

1909

ClarkConnect Linux clarkconnectd Information Disclosure

Backdoors

11277

1910

Trojan/Backdoor - DeepThroat Detection

Backdoors

10053

1911

Trojan/Backdoor - NetSphere Detection

Backdoors

10005

1912

Trojan/Backdoor - GateCrasher Detection

Backdoors

10093

1914

Trojan/Backdoor - GirlFriend Detection

Backdoors

10094

1915

Trojan/Backdoor - EvilFTP Detection

Backdoors

N/A

1916

Trojan/Backdoor - Phase Zero Detection

Backdoors

N/A

1917

Trojan/Backdoor - SubSeven Detection

Backdoors

10409

1918

Trojan/Backdoor - SyGate Detection

Backdoors

10274

Family Backdoors

4

Passive Vulnerability Scanner (PVS) Signatures 1919

SETI@HOME Client Detection

Backdoors

N/A

1920

WinGate Telnet Proxy Server Detection

Backdoors

N/A

2542

Tor Tunnel Detection

Backdoors

N/A

2815

Hydrogen Server Detection

Backdoors

18039

3164

Zotob Worm Infection (Microsoft)

Backdoors

19429

3804

SQLYog MySQL HTTP Tunnel Detection

Backdoors

N/A

4334

Malicious Website - JavaScript Files Linked on Web Site

Backdoors

29871

4400

Generic Botnet Client Detection

Backdoors

N/A

4401

Generic Botnet Server Detection (HTTP Client)

Backdoors

N/A

4441

Generic Botnet Server Detection (PING)

Backdoors

N/A

4470

Malicious Website - Embedded Iframe Detection

Backdoors

N/A

4471

Malware Payload Code Detection

Backdoors

31854

4476

Trojan Horse Client Detection

Backdoors

N/A

4477


Backdoors

N/A

4478


Backdoors

N/A

4479


Backdoors

N/A

4480


Backdoors

N/A

4481


Backdoors

N/A

4487

Malicious Website - Embedded Javascript Detection

Backdoors

N/A

4500

Possible Keylogger Software Installation Detection

Backdoors

N/A

4520

Possible Keylogger software installation detection

Backdoors

N/A

4657

Dns2TCP Service Detection

Backdoors

N/A

4977

Trojan/Backdoor Detection - Conficker Detection

Backdoors

36036

4978

Trojan/Backdoor Detection - Conficker Detection

Backdoors

36036

5357

Trojan/Backdoor - Arugizer Detection

Backdoors

45006

5526

Trojan/Backdoor - Storm/Pecoan.AG Worm Detection

Backdoors

N/A

5549

Trojan/Backdoor - Warbot Detection

Backdoors

N/A

5701

Microsoft Executable in Transit Detection

Backdoors

N/A

5706

Microsoft Executable in Transit Detection (Client)

Backdoors

N/A

5721

Stuxnet Traffic Detection

Backdoors

N/A

5738

Stuxnet Infected Host Detection

Backdoors

N/A

5834

SSL Revoked Certificate Detection

Backdoors

N/A

Family Backdoors

5



Backdoors

N/A

5836


Backdoors

N/A

5837


Backdoors

N/A

5838


Backdoors

N/A

5839


Backdoors

N/A

5840


Backdoors

N/A

5841


Backdoors

N/A

5880

LizaMoon Malware Detection

Backdoors

29871

5974

MetaSploit Exploited Machine Detection

Backdoors

N/A

5975

MetaSploit Exploited Machine Detection

Backdoors

N/A

5976

MetaSploit Server Detection

Backdoors

N/A

6218

Trojan/Backdoor Detection - BACKDOOR Infector.1.x

Backdoors

N/A

6219

Trojan/Backdoor Detection - BACKDOOR SatansBackdoor.2.0.Beta

Backdoors

N/A

6220

Trojan/Backdoor Detection - GateCrasher

Backdoors

N/A

6221

Trojan/Backdoor Detection - BACKDOOR Matrix 2.0 Client

Backdoors

N/A

6222

Trojan/Backdoor Detection - win-trin00

Backdoors

N/A

6223

Trojan/Backdoor Detection - QAZ Worm

Backdoors

N/A

6224

Trojan/Backdoor Detection - Doly 2.0

Backdoors

N/A

6225

Trojan/Backdoor Detection - netbus

Backdoors

N/A

6226

Trojan/Backdoor Detection - Subseven

Backdoors

N/A

6227

Trojan/Backdoor Detection - RXBOT / RBOT Exploit Report

Backdoors

N/A

6228

Trojan/Backdoor Detection - RXBOT / RBOT Vulnerability Backdoors Scan

N/A

6229

Trojan/Backdoor Detection - Windows Command Shell as Service

Backdoors

N/A

6230

Windows Command Shell as Service

Backdoors

N/A

6231

SMTP Proxy Traffic Detected

Backdoors

N/A

6232

Trojan/Backdoor Detection - WinEggDrop Infected Host Detection

Backdoors

N/A

6246

FTP Client Initiated from an SMTP Server

Backdoors

N/A

6492

Flame Worm Detection

Backdoors

N/A

6579

Pushdo Botnet Detection

Backdoors

N/A

Family Backdoors

6


Samsung / Dell Printer SNMP Backdoor

Backdoors

63136

6800

Apache CDorked backdoor detection

Backdoors

N/A

6925

PHP c99shell Backdoor Script Detection

Backdoors

46349

6926

PHP Code Obfuscation

Backdoors

N/A

7055

DNSChanger Detection

Backdoors

N/A

7058

DNS Client Flame Infection

Backdoors

N/A

9487

PHP Web Shell Detection (China Chopper)

Backdoors

N/A

9488

JSP Web Shell Detection (China Chopper)

Backdoors

N/A

9489

ASP Web Shell Detection (China Chopper)

Backdoors

N/A

9750

Mirai Botnet - Binary Fetch Detection

Backdoors

N/A

Family Backdoors

7

Family CGI PVS ID

PLUGIN NAME

FAMILY

NESSUS ID

1217

SquirrelMail < 1.4.3 Multiple Vulnerabilities

CGI

N/A

1528

miniPortail admin.php Cookie Manipulation Admin Access

CGI

11623

1532

Horde and IMP Test Script Disclosure

CGI

11617

1534

mod_survey < 3.0.14e / 3.0.15pre6 ENV tags SQL Injection

CGI

11609

1537

IkonBoard FUNC.pm lang Cookie Arbitrary Command Execution

CGI

11605

1539

HappyMall normal_html.cgi Remote Command Execution

CGI

11603

1540

CGI Script Path Disclosure

CGI

N/A

1542

12Planet Chat Server Path Disclosure

CGI

11592

1548

TrueGalerie admin.php loggedin Parameter Admin Authentication Bypass CGI

11582

1549

album.pl < 6.2 Remote Command Execution

CGI

11581

1551

StockMan Shopping Cart < 7.9 shop.plx Command Execution

CGI

11569

1555

Bugzilla XSS / Insecure Temporary File Names

CGI

11462

1557

OpenBB Multiple SQL Injection

CGI

11550

1558

Nokia IPSO Voyager WebGUI readfile.tcl file Parameter Arbitrary File Access

CGI

11549

1559

bttlxeForum login.asp < 2.0 Multiple SQL Injection

CGI

11548

1562

eZ Publish site.ini Configuration Disclosure

CGI

11538

1563

Ocean12 Guestbook XSS

CGI

11537

1564

Super Guestbook superguestconfig Admin Password Disclosure

CGI

11536

1565

Instaboard index.cfm SQL Injection

CGI

11532

1569

VPOPMail vpopmail.php Remote Command Execution

CGI

11397

1578

Sambar environ.pl Default CGI Disclosure

CGI

N/A

1579

Sambar testcgi.exe Default CGI Disclosure

CGI

N/A

1582

Bugzilla < 2.14.5 / 2.16.2 / 2.17.3 Multiple Vulnerabilities

CGI

11463

1584

Bonsai < 1.4 Multiple Vulnerabilities

CGI

11440

1588

popper_mod < 1.2.3 Administration Authentication Bypass

CGI

11334

1589

WebWho+ whois.cgi Remote Command Execution

CGI

11333

1687

ddicgi.exe Multiple Vulnerabilities

CGI

11728

2114

Mantis < 0.18.3 / 0.19.0a2 Multiple Vulnerabilities

CGI

14324

2118

Sympa < 4.1.2 wwsympa.fcgi List Master Authentication Bypass

CGI

N/A

Family CGI

8


Sympa < 4.1.3 List Creation Description Field XSS

CGI

N/A

2128

PHP-Fusion Database Backup Information Disclosure

CGI

N/A

2132

eGroupWare < 1.0.0.004 Multiple XSS

CGI

N/A

2146

WebAPP < 0.9.9.2 index.cgi Directory Traversal Arbitrary File Access

CGI

14365

2166

Webmatic < 1.9.0 Multiple Vulnerabilities

CGI

N/A

2187

Nagl Dictionary Module for XOOPS XSS

CGI

N/A

2191

phpScheduleIt < 1.0.0 New User Registration HTML Injection

CGI

N/A

2266

PSNews v1.1 index.php Multiple Parameter XSS

CGI

N/A

2267

OpenCA < 0.9.1-9 Web Interface Form Input Field XSS

CGI

N/A

2269

PHPGroupWare < 0.9.16.003 Wiki Module XSS

CGI

N/A

2271

SAFE TEAM Regulus Staff Accounts Password Hash Disclosure

CGI

N/A

2272

SAFE TEAM Regulus Customers Accounts Password Hash Disclosure

CGI

N/A

2273

SAFE TEAM Regulus Customer Statistics Connection Log Information Disclosure

CGI

N/A

2278

PerlDesk < 2 pdesk.cgi lang Parameter Traversal Server-Side Script Execution

CGI

N/A

2280

Turbo Seek < 1.7.2 tseekdir.cgi location Parameter Information Disclosure CGI

N/A

2289

SnipSnap < 1.0b1 POST Request HTTP Response Splitting

CGI

N/A

2294

vBulletin authorize.php x_invoice_num Parameter SQL Injection

CGI

N/A

2302

Snitz Forum < 3.4.05 HTTP Response Splitting

CGI

N/A

2305

YaBB Multiple Vulnerabilities

CGI

N/A

2308

Tutos Multiple Vulnerabilities

CGI

N/A

2312

YaBB < Gold SP 1.3.2 Multiple Input Validation Vulnerabilities

CGI

N/A

2317

Full Revolution aspWebCalendar calendar.asp SQL Injection

CGI

N/A

2318

Full Revolution album.asp aspWebAlbum SQL Injection

CGI

N/A

2336

Serendipity < 0.7-beta3 Multiple Vulnerabilities

CGI

N/A

2352

PHP-Fusion Database Multiple Vulnerabilities

CGI

N/A

2356

WordPress < 1.2.1 'wp-login.php' HTTP Response Splitting

CGI

N/A

2372

Bugzilla Authentication Bypass and Information Disclosure

CGI

15562

2388

Moodle < 1.4.3 Glossary Module SQLi

CGI

15639

2394

Mantis < 0.19.1 Multiple Information Disclosure Vulnerabilities

CGI

N/A

2398

eGroupWare < 1.0.0.006 JiNN Application Unspecified Vulnerability

CGI

N/A

2401

SquirrelMail < 1.4.4 decodeHeader HTML Injection

CGI

N/A

Family CGI

9


miniBB < 1.7f index.php user Parameter SQL Injection

CGI

15763

2409

PowerPortal index.php index_page Parameter SQL Injection

CGI

15760

2410

phpScheduleIt < 1.0.1 Reservation.class.php Arbitrary Reservation Modification

CGI

15772

2411

phpBB Login Form SQL Injection

CGI

15780

2414

WebGUI < 6.2.9 Unspecified Vulnerability

CGI

15787

2415

PHP-Kit < 1.6.04 Multiple Input Validation Vulnerabilities

CGI

15784

2416

phpMyAdmin Unsupported Version Detection

CGI

N/A

2417

phpMyAdmin < 2.6.0-p13 XSS

CGI

15770

2418

phpMyAdmin < 2.2.1 'sql.php' Arbitrary File Access

CGI

11116

2419

phpMyAdmin < 2.5.6-rc1 Arbitrary File Access

CGI

12041

2420

phpMyAdmin < 2.5.2 Multiple Vulnerabilities

CGI

11761

2421

phpMyAdmin < 2.6.0-p12 Multiple RCE

CGI

11761

2422

Invision PowerBoard < 2.0.3 SQL Injection

CGI

18011

2423

Nucleus CMS Multiple Vulnerabilities

CGI

15788

2431

Brooky CubeCart < 2.0.2 index.php cat_id Parameter SQL Injection

CGI

15442

2433

KorWeblog < 1.6.2 Remote Directory Listing

CGI

N/A

2439

YaBB Shadow BBCode Tag XSS

CGI

15859

2440

Post-Nuke pnTresMailer Directory Traversal Arbitrary File Access

CGI

15858

2445

PAFileDB Multiple Information Disclosure Vulnerabilities

CGI

15911

2446

ViewCVS < 1.0-dev Multiple Unspecified Vulnerabilities

CGI

N/A

2447

PHP Live! < 2.8.2 Remote Configuration File Include

CGI

15928

2451

IlohaMail < 0.8.14-RC1 Unspecified Vulnerability

CGI

15935

2452

phpMyAdmin < 2.6.1-pl1 RCE

CGI

N/A

2453

phpDig < 1.8.5 Unspecified Vulnerability

CGI

15949

2454

Citadel/UX Remote Format String

CGI

N/A

2456

Serendipity < 0.7.1 compat.php searchTerm Parameter XSS

CGI

15914

2457

PHPGroupWare Multiple XSS and SQL Injection Vulnerabilities

CGI

N/A

2462

Ikonboard < 3.1.3 ikonboard.cgi Multiple Parameter SQL Injection

CGI

N/A

2464

JSBoard Remote Arbitrary Script Upload

CGI

N/A

2465

WordPress < 1.2.2 Multiple Vulnerabilities

CGI

15443

2466

Singapore Gallery Multiple Vulnerabilities

CGI

15987

2470

CVSTrac < 1.1.5 Unspecified XSS

CGI

N/A

Family CGI

10


2BGal SQL Injection

CGI

16046

2477

Help Center Live Multiple Vulnerabilities

CGI

18296

2478

ViewCVS < 1.0.0 HTTP Response Splitting

CGI

16062

2479

Owl < 0.74.0 Multiple Vulnerabilities

CGI

16063

2480

PHProxy index.php error Parameter XSS

CGI

N/A

2483

FlatNuke < 2.5.2 Form Submission Arbitrary Script Injection

CGI

N/A

2484

All Enthusiast PhotoPost PHP Pro < 4.8.6 Multiple XSS

CGI

N/A

2485

MyBulletinBoard Multiple SQL Injection Vulnerabilities

CGI

19525

2486

All Enthusiast ReviewPost PHP Pro < 2.5.2 Multiple Input Validation Vulnerabilities

CGI

N/A

2487

b2evolution index.php SQL Injection

CGI

N/A

2522

VideoDB < 2.0.2 Multiple Vulnerabilities

CGI

N/A

2523

GNU Mailman Multiple Unspecified Remote Vulnerabilities

CGI

N/A

2524

BiTBOARD IMG BBCode Tag JavaScript XSS

CGI

N/A

2533

Gallery Multiple Vulnerabilities

CGI

16185

2534

AWStats < 6.3 awstats.pl configdir Parameter Remote Command Execution

CGI

16189

2535

VBulletin Init.PHP Unspecified Remote Vulnerability

CGI

16203

2544

CMSimple < 2.4 Beta 5 Multiple Remote Input Validation Vulnerabilities

CGI

19693

2545

Siteman < 1.1.11 Page User Database Privilege Escalation

CGI

16216

2546

ExBB Nested BBcode XSS

CGI

16223

2550

SquirrelMail < 1.4.4-RC1 webmail.php XSS

CGI

N/A

2551

MercuryBoard < 1.1.2 Multiple Vulnerabilities

CGI

N/A

2554

Comersus Default Install Script Admin Access

CGI

N/A

2579

SmarterMail Attachment Upload XSS

CGI

16281

2580

XOOPS Detection

CGI

N/A

2582

SquirrelMail < 1.4.4 URI Parsing Arbitrary Code Execution

CGI

N/A

2592

ht://Dig config Parameter XSS

CGI

N/A

2596

BXCP < 0.2.9.8 index.php show Parameter PHP Content Disclosure

CGI

N/A

2597

PerlDesk < 2 kb.cgi view Parameter SQL Injection

CGI

16323

2598

PHP-Fusion viewthread.php Arbitrary Thread Access

CGI

N/A

2607

GNU Mailman < 2.1.6 Directory Traversal Arbitrary File Access

CGI

16339

2613

AWStats < 6.5 Perl Content-Parsing Code Execution

CGI

19415

Family CGI

11


Sympa < 4.1.3 src/queue.c Remote Buffer Overflow

CGI

16387

2616

OpenWebmail openwebmail.pl logindomain Parameter XSS

CGI

N/A

2617

Brooky CubeCart Multiple Vulnerabilities

CGI

N/A

2618

ELOG < 2.5.7 Unspecified Remote Buffer Overflows

CGI

16469

2619

Siteman users.php Remote Buffer Overflow

CGI

16216

2621

Kayako eSupport Multiple XSS

CGI

17598

2626

PaNews Multiple Injection Vulnerabilities

CGI

17574

2627

MercuryBoard < 1.1.3 Multiple Vulnerabilities

CGI

N/A

2628

WebCalendar users.php user_valid_crypt Parameter < 1.0.0 SQL Injection CGI

18571

2629

paFAQ Multiple Vulnerabilities

CGI

18535

2636

ZeroBoard Multiple Vulnerabilities

CGI

N/A

2641

phpBB < 2.0.12 Path Disclosure / Unauthorized unlink() Function Access

CGI

N/A

2642

vBulletin < 3.0.7 misc.php PHP Code Injection

CGI

N/A

2643

PBLang Bulletin Board Multiple HTML Injection and XSS

CGI

17209

2651

punBB < 1.2.2 Multiple SQL Injection and Authentication Bypass Vulnerabilities

CGI

N/A

2653

Brooky CubeCart < 2.0.6 settings.inc.php XSS

CGI

N/A

2658

phpBB < 2.0.13 Cookie Authentication Bypass

CGI

N/A

2661

FCKeditor with PHPNuke connector.php File Upload

CGI

N/A

2662

PostNuke < 0.760 RC3 Multiple Vulnerabilities

CGI

17240

2663

phpCOIN 1.2.1b Multiple Vulnerabilities

CGI

17246

2665

PHPNews < 1.2.5 auth.php path Parameter Remote File Inclusion

CGI

17247

2668

Typo3 < 1.4.2 cmw_linklist SQL Injection

CGI

17272

2673

Stadtaus Form Mail < 2.4 formmail.inc.php Remote File Inclusion

CGI

17285

2674

phpBB < 2.0.14 Cookie Authentication Bypass and SQL Injection Vulnerabilities

CGI

17301

2676

CopperExport Plugin < 0.2.1 xp_publish.php SQL Injection

CGI

17306

2678

Sun AnswerBook2 < 1.4.5 XSS

CGI

N/A

2679

Aztek Forum myadmin.php Admin Authentication Bypass

CGI

N/A

2682

PHP-Fusion < 5.01 BBcode IMG Tag XSS

CGI

N/A

2683

XOOPS Arbitrary Avatar File Upload

CGI

N/A

2685

YaBB < 2.1 YaBB.pl username Parameter XSS

CGI

17305

2686

paFileDB < 3.2 XSS and SQL Injection Vulnerabilities

CGI

19505

Family CGI

12


NewsScript Content Management Admin Authentication Bypass

CGI

17309

2692

Zorum < 3.6.0 Multiple Vulnerabilities

CGI

17312

2693

Active WebCam < 5.6 Multiple Vulnerabilities

CGI

17315

2694

PhotoPost Multiple Vulnerabilities

CGI

17314

2699

UBB.threads < 6.5.1.1 editpost.php SQL Injection

CGI

18098

2702

PHP-Nuke paBox Module Hidden Parameter XSS

CGI

17336

2706

SimpGB < 1.35.2 guestbook.php quote Parameter SQL Injection

CGI

17328

2707

Cricket Network Monitor Detection

CGI

N/A

2711

phpPGAds/phpAdNew < 2.0.5 adframe.php refresh Parameter XSS

CGI

N/A

2715

punBB < 1.2.5 Multiple SQL Injection and Authentication Bypass Vulnerabilities

CGI

17363

2719

NTOP Network Tool Detection

CGI

N/A

2720

NTOP Multiple Vulnerabilities

CGI

N/A

2723

RunCMS highlight.php Information Disclosure

CGI

N/A

2725

CoolForum SQL and XSS Vulnerabilities

CGI

17597

2726

PHP-Fusion < 5.0.2 setuser.php HTML Injection Vulnerability

CGI

N/A

2731

Novell GroupWise WebAccess Detection

CGI

N/A

2732

Novell NetWare Management Portal Information Disclosure

CGI

N/A

2734

Policy - TeamSpeak Online Gaming VoIP Server Detection

CGI

N/A

2735

UserMin Remote Access Detection

CGI

N/A

2736

WebSTAR Mail Detection

CGI

N/A

2742

Endymion MailMan Detection

CGI

N/A

2743

Network Query Tool Detection

CGI

N/A

2745

Vortex Portal Content Management System Multiple Remote File Inclusion

CGI

N/A

2747

XMB Forum < 1.9.8 SQL Injection and XSS Vulnerabilities

CGI

17608

2748

phpSysInfo < 2.5 Multiple Script XSS

CGI

17610

2774

phpMyDirectory < 10.1.6 review.php Multiple Parameter XSS

CGI

17634

2776

Ublog < 1.0.5 login.asp msg Parameter XSS

CGI

N/A

2778

PhotoPost < 5.02 RC3 Multiple Content-parsing Vulnerabilities

CGI

17649

2779

Horde < 3.0.4 Parent Page Title XSS

CGI

17650

2780

MailReader < 2.3.36 network.cgi MIME Message XSS

CGI

17657

2783

MaxWebPortal < 1.36 XSS and SQL Injection Vulnerabilities

CGI

N/A

Family CGI

13


phpMyAdmin < 2.6.2-RC1 RCE

CGI

17689

2796

Comersus Cart Username Field HTML Injection

CGI

17983

2797

Comersus Cart Detection

CGI

N/A

2798

RunCMS fileupload.php Arbitrary File Upload

CGI

17987

2799

Active Auction House Multiple Vulnerabilities

CGI

17989

2801

Brooky CubeCart < 2.0.7 Multiple Script SQL Injection

CGI

17999

2807

punBB < 1.2.5 profile.php SQL Injection

CGI

18005

2808

PostNuke < 0.760 RC4 Multiple XSS and SQL Injection Vulnerabilities

CGI

18360

2809

Citrix MetaFrame Server Detection

CGI

N/A

2812

ModernBill < 4.3.3 Multiple Vulnerabilities

CGI

18008

2819

EGroupWare < 1.0.0.007 Attachment Information Disclosure

CGI

15719

2820

PHPBB2 < 2.0.14 Multiple Vulnerabilities

CGI

18573

2821

PHP Photo Album < 2.0.14 Multiple Vulnerabilities

CGI

N/A

2826

Serendipity < 0.72 exit.php Multiple Parameter SQL Injection

CGI

18155

2827

SPHPBlog search.php q Parameter XSS

CGI

18048

2828

IlohaMail < 0.8.14-RC3 read_message.php Multiple Field HTML Injection

CGI

18050

2837

mvnForum < 1.0 RC4_03 Search Parameter XSS

CGI

18359

2839

Coppermine Gallery < 1.3.3 init.inc.php HTML Injection

CGI

N/A

2843

Info2WWW < 1.2.2.9-23 Argument XSS

CGI

18086

2846

Coppermine Gallery SQL Injection

CGI

18101

2848

Woltlab Burning Board XSS / SQL Injection Vulnerabilities

CGI

18251

2849

phpBB < 2.0.15 admin_forums.php XSS

CGI

18124

2850

Horde Vacation < 2.2.2 Parent Frame Page Title XSS

CGI

N/A

2851

Horde MNemo < 1.1.4 Parent Frame Page Title XSS

CGI

N/A

2852

Horde Nag < 1.1.3 Parent Frame Page Title XSS

CGI

18136

2853

Horde Chora < 1.2.3 Parent Frame Page Title XSS

CGI

18131

2854

Horde Accounts < 2.1.2 Parent Frame Page Title XSS

CGI

N/A

2855

Horde Forwards < 2.2.2 Parent Frame Page Title XSS

CGI

N/A

2856

Horde Imp < 3.2.8 Parent Frame Page Title XSS

CGI

N/A

2857

Horde Turba < 1.2.5 Parent Frame Page Title XSS

CGI

18138

2859

Yappa-NG < 2.3.2 Multiple vulnerabilities

CGI

N/A

2864

PHP-Calendar < 0.10.3 includes/search.php SQL Injection

CGI

N/A

Family CGI

14


Claroline Multiple Remote Vulnerabilities

CGI

18165

2871

JGS-Portal < 3.0.2 jgs_portal.php id Parameter SQL Injection

CGI

N/A

2874

MaxWebPortal < 1.3.5 Multiple SQL Injection

CGI

N/A

2875

Open Webmail < 2.51 20050430 Shell Escape Arbitrary Command Execution

CGI

18190

2879

Invision Board Multiple XSS and SQL Injection

CGI

18201

2885

WebStar Mail < 5.4.1 Tomcat Plugin Remote Overflow

CGI

N/A

2886

PHP Advanced Transfer Manager < 1.22 Arbitrary File Upload

CGI

18207

2897

BoastMachine < 3.1 users.inc.php Arbitrary File Upload

CGI

18247

2898

MaxWebPortal < 1.360 Multiple Vulnerabilities

CGI

18248

2900

Bugzilla < 2.19.3 Information Disclosure

CGI

18245

2903

PhotoPost PHP Pro < 5.02 RC4 member.php uid Parameter SQL Injection CGI

N/A

2917

JGS-Portal < 3.03 Multiple Scripts SQL Injection

CGI

18289

2918

WordPress < 1.5.1.2 Multiple Vulnerabilities

CGI

18301

2920

Serendipity < 0.80 RC7 Multiple Vulnerabilities

CGI

18298

2933

PHP Advanced Transfer Manager < 1.22 File Upload Arbitrary Command CGI Execution

18207

2937

MaxWebPortal password.asp memKey Parameter SQL Injection

CGI

18370

2942

Invision Board < 2.0.5 Privilege Escalation / SQL Injection

CGI

18401

2944

Exhibit Engine < 1.5 RC 5 list.php Multiple Parameter SQL Injection

CGI

18416

3016

SquirrelMail < 1.4.5 Multiple Vulnerabilities

CGI

18504

3017

Ultimate PHP Board < 1.9.7 Multiple XSS

CGI

N/A

3024

MercuryBoard User-Agent HTTP Header SQL Injection

CGI

18541

3025

Raxnet Cacti Detection

CGI

N/A

3026

i-Gallery Traversal File Access / XSS

CGI

18539

3028

Simple Machines Forum < 1.0.5 SQL Injection

CGI

18553

3032

UBB.threads < 6.5.2 Beta 2 XSS / SQL Injection

CGI

N/A

3037

PHP-Fusion < 6.00.106 submit.php Multiple Parameter HTML Injection

CGI

N/A

3038

phpBB < 2.0.16 viewtopic.php Arbitrary Code Execution

CGI

18589

3041

Xoops < 2.0.12 Multiple XSS / SQL Injection

CGI

18614

3046

osTicket < 1.3.1 Multiple Vulnerabilities

CGI

18612

3047

PHPNews < 1.2.6 news.php prevnext Parameter SQL Injection

CGI

18621

3049

phpPgAdmin < 3.5.4 index.php formLanguage Parameter Traversal

CGI

N/A

Family CGI

15

Passive Vulnerability Scanner (PVS) Signatures Arbitrary File Access 3050

Geeklog < 1.3.12 comment.php order Parameter SQL Injection

CGI

N/A

3051

phpBB < 2.0.17 Nested BBCode URL Tags XSS

CGI

18626

3053

Drupal Public Comment PHP Code Injection

CGI

N/A

3054

Comersus Cart