gmane.comp.security.nmap.devel

Re: [RFC][patch] XML structured script output

Daniel Miller — 2012-05-25T03:51:41

List,

Here's an update to the NSE-XML structured output patch that includes
better comments, a little cleanup, and some memory management changes
that preserve the original source in a few places that I had changed
initially. The patch is larger because it includes the changes I
submitted separately[1] regarding PortList::nextPort. If that patch
gets accepted first, I'll rebase and submit the smaller diff of just
the NSE-XML feature.

Dan

[1] http://seclists.org/nmap-dev/2012/q2/429

On Mon, May 21, 2012 at 8:57 PM, Daniel Miller <bonsaiviking< at >gmail.com> wrote:
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Re: Question: Nmap on Github

David Fifield — 2012-05-25T02:08:25

I think Marek Majkowski has that account.

Just use git-svn, it's what I do.

git svn clone https://svn.nmap.org/nmap nmap-git
cd nmap-git
# hack
git commit -a
# hack
git commit -a
git svn rebase # pull remote changes that happened while you were hacking
git svn dcommit # push local commits to the SVN server

David
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Question: Nmap on Github

Daniel Miller — 2012-05-25T01:41:39

Hey list,

Does anyone know who is running the Nmap repo on Github? It's at
https://github.com/nmap/nmap and there is no name associated with it.
I would like to fork it for keeping track of my modifications and
submissions, but I'm not sure if I should trust it, since the owner
could conceivably modify the code any way they like.

Dan
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Re: fat-finger.nse

David Fifield — 2012-05-24T23:03:27

Hi Ed,

I realize it's been a long time since you submitted this script. Do you
recall what finger server you tested this against? I don't see
documentation that supports a list of user names separated by spaces.
RFC 742 says, "Both ITS and SAIL sites allow several names to be
included on the line, separated by commas..." and I don't see anything
about multiple names in RFC 1288 at all.

I can see this becoming a finger-enum-users script that uses the unpwdb
library to test names one by one or in batches.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Re: NSE: Credential disclosure in modems Huawei HG510, HG520x, HG530and possibly others

Paulino Calderon — 2012-05-24T21:32:51

  I like:
-http-huawei-hg5xx-vuln
-http-huawei-hg5xx-info
-http-huawei-hg5xx-config

[patch] Modify prototype for PortList::nextPort and get_port

Daniel Miller — 2012-05-24T21:03:36

List,

I'm proposing a change with this patch that won't make any difference to 
users, but changes the way a couple functions are called to make them 
more straightforward for developers. Patch attached.

I ran into this while working on my XML-structured-output patch, which 
needed some TLC with regard to memory management. Previously, calling 
PortList::nextPort required passing a Port object by reference, which 
would be modified with simple assignment to return the next port. The 
downside I ran into was that this prevents modifying Port objects with 
any heap-allocated structures without implementing a copy constructor, 
and that would be a lot of overhead for most calls, which discard a 
large number of Ports until the one desired is found. Fortunately, this 
return value was not used in any of the existing calls, since the 
function also returns a pointer to the Port object. It seemed 
straightforward to just trim out the parameter, saving the hassle and a 
small amount of stack memory from not needing to declare a Port object 
(several of which were labelled with comments declaring it a "dummy" 
object).

Unfortunately, it wasn't that easy: In the case of a port in the 
"default state" (e.g. filtered because of no-response for TCP), there 
wasn't a real Port object to point to. The solution I came up with is to 
modify the PortList::default_port_state Port object for each call and 
return a pointer to it. This has a few caveats, which I put in a comment 
in the function. Here's that section of the patch:

In order to make sure no one modifies the default_port_state for a given 
PortList, I changed the prototype for nextPort to return a const Port *. 
This didn't cause any problems with any existing code in my tests and in 
my examination of the source. Finally, the get_ports function in 
nse_utility.cc had to be modified in the same ways (const return, drop 
the Port * parameter).

I realize it's a hard sell to change something that wasn't broken, but I 
thought that with the small memory improvement it was a useful enough 
change to separate it from the XML-structured-output patch.

Dan
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Re: wrong domain name from reverse DNS lookup

David Fifield — 2012-05-24T20:48:19

These are the names that your DNS server returns. If you run
ping x.x.7.29
you will probably see the same reverse names.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Re: http-methods & http-trace NSE Script Enhancement Ideas

David Fifield — 2012-05-24T20:45:30

Ideally the redirect handling would work the same as the built-in
handling of the http.get and http.head methods. See this earlier
discussion:

http://seclists.org/nmap-dev/2012/q1/338

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Re: NSE: Credential disclosure in modems Huawei HG510, HG520x, HG530and possibly others

David Fifield — 2012-05-24T20:39:18

Thanks, looks good. Are there any suggestions about the script name?
Maybe http-huawei-hg5xx-vuln?

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Re: NSE: Credential disclosure in modems Huawei HG510, HG520x, HG530and possibly others

Paulino Calderon — 2012-05-24T20:28:12

Yes. That's a great idea. My copy got damaged over a copy/paste from a 
Virtualbox machine. Here is the updated version that also sets the 
service's product information.
Cheers.

New VA Modules: MSF: 1, Nessus: 15

New VA Module Alert Service — 2012-05-24T17:00:23

This report describes any new scripts/modules/exploits added to Nmap,
OpenVAS, Metasploit, and Nessus since yesterday.

== Metasploit modules (1) ==

r15327 http://metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/multi/http/apprain_upload_exec.rb
appRain CMF Arbitrary PHP File Upload Vulnerability

== Nessus plugins (15) ==

59254 ubuntu_USN-1450-1.nasl
http://nessus.org/plugins/index.php?view=single&id=59254
USN-1450-1 : net-snmp vulnerability

59253 redhat-RHSA-2012-0688.nasl
http://nessus.org/plugins/index.php?view=single&id=59253
RHSA-2012-0688: flash-plugin

59252 mandriva_MDVA-2012-044.nasl
http://nessus.org/plugins/index.php?view=single&id=59252
MDVA-2012:044 : timezone

59251 debian_DSA-2479.nasl
http://nessus.org/plugins/index.php?view=single&id=59251
Debian DSA-2479-1 : libxml2 - off-by-one

59250 debian_DSA-2478.nasl
http://nessus.org/plugins/index.php?view=single&id=59250
Debian DSA-2478-1 : sudo - parsing error

59248 ofbiz_webslinger_xss.nasl
http://nessus.org/plugins/index.php?view=single&id=59248
Apache OFBiz Webslinger Component XSS

59247 ofbiz_nested_script_rce.nasl
http://nessus.org/plugins/index.php?view=single&id=59247
Apache OFBiz FlexibleStringExpander Remote Code Execution

59246 ofbiz_default_creds.nasl
http://nessus.org/plugins/index.php?view=single&id=59246
Apache OFBiz Default Credentials

59245 ofbiz_detect.nasl
http://nessus.org/plugins/index.php?view=single&id=59245
Apache OFBiz Detection

59244 phpmyadmin_pmasa_2011_2.nasl
http://nessus.org/plugins/index.php?view=single&id=59244
phpMyAdmin 2.11.x / 3.3.x < 2.11.11.3 / 3.3.9.2 SQL Query Bookmarks
Arbitrary SQL Query Execution (PMASA-2011-02)

59243 coreftp_stack_overflow.nasl
http://nessus.org/plugins/index.php?view=single&id=59243
Core FTP Filename Processing Boundary Error FTP List Command Response
Parsing Remote Overflow

59242 packetvideo_twonky_dir_traversal.nasl
http://nessus.org/plugins/index.php?view=single&id=59242
PacketVideo TwonkyServer Directory Traversal

59241 packetvideo_twonky_detect.nasl
http://nessus.org/plugins/index.php?view=single&id=59241
PacketVideo TwonkyServer Detection

59240 wireshark_1_6_8.nasl
http://nessus.org/plugins/index.php?view=single&id=59240
Wireshark 1.6.x < 1.6.8 Multiple Denial of Service Vulnerabilities

59239 wireshark_1_4_13.nasl
http://nessus.org/plugins/index.php?view=single&id=59239
Wireshark 1.4.x < 1.4.13 Multiple Denial of Service Vulnerabilities
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Re: nmap contributions

Ron — 2012-05-24T00:47:37

Hey,

The best way to get started is definitely writing scripts! 

I haven't been keeping up with this list, so I'm not sure why your previous script slipped through the cracks, but it may be for a number of reasons:
- Nobody considered it useful enough
- It was poorly written
- People were too busy and simply forgot

I always lean towards the latter by default. If you think it's well written and useful, then it may have just been forgotten. If you aren't sure, go over it again, and make sure the code is clean, well documented, and easy to understand. Then, submit it again! 

Ron

On Tue, 15 May 2012 15:11:22 +0200 adam.stevko< at >gmail.com wrote:
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Re: Is there any Nmap script for Reverse DNS Lookup ? Thanks

Ron — 2012-05-24T00:41:44

Nmap does reverse DNS lookups on all hosts by default. If you want *just* the lookups (without actually scanning the hosts), you can use:

nmap -sL <target>

Ron

On Sun, 20 May 2012 12:14:31 -0700 Nasruminallah zeeshan <nz.sbinbocs< at >gmail.com> wrote:
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Using Teredo to overcome lack of raw socket privileges

Kasper Dupont — 2012-05-23T19:58:02

I did a grep through the nmap-6.00 and no such feature seems
to exist so far. And I tried to search the mailing-list
archives, and I found no indication that it has been
considered before, so I'd like to ask what people think of
this idea.

Usually in order to make use of all the features in nmap,
you need to have raw socket privileges. Without it, you are
limited in what you can do. But with IPv6 there is another
option, which I think is worth considering.

The Teredo protocol was originally designed to tunnel IPv6
through IPv4 NAT gateways. It does that by tunnelling all
IPv6 packets through UDP. However since using a UDP port
does not require raw socket privileges, nmap could take
advantage of it as well.

Running a Teredo client and nmap on the same host requires
privileges for both, but the privileges in that case is only
required for the communication between the Teredo client and
nmap running on the same machine. If a Teredo client was
built into nmap, the need for privileges would be reduced to
just being able to make use of a single UDPv4 port.

Obviously the feature does have certain limitations. You are
no longer on the same network segment as the target host, so
any features that require you to be on the same segment will
no longer work. However I guess most of those features would
have required administrator privileges to begin with.
Additionally you have a reduced MTU, and may also be
affected by the reliability of Teredo (or rather lack
thereof).

But in cases where you are already on a different network
segment from the target and don't have raw socket
privileges, I think such a feature would often be useful.

So my questions are. Did anybody already give it a try? And
would such a feature be welcome in the nmap mainline?

(It seems my previous attempt at posting this message got
lost due to me accidentally sending it from a different
address than the one I subscribed to the list with.)

RE: http-methods & http-trace NSE Script Enhancement Ideas

King Thorin — 2012-05-23T19:31:28

Date: Wed, 23 May 2012 20:03:30 +0200
Subject: Re: http-methods & http-trace NSE Script Enhancement Ideas
From: patrik< at >cqure.net
To: kingthorin< at >hotmail.com
CC: toni.ruottu< at >iki.fi; paulino< at >calderonpale.com; nmap-dev< at >insecure.org

On Wed, May 23, 2012 at 7:33 PM, King Thorin <kingthorin< at >hotmail.com> wrote:

I just had a quick look at http-cors. It does not appear to follow redirects or check status codes at all, only setting and getting header values. I'm not sure if those header values would or wouldn't be present in a redirect.

I still need someone (or a bunch of people) to confirm if I'm correct in my experiences with allow and public being lacking on redirect responses. Also I still need to know how to provide updates for the scripts in question.

I'd propose a script parameter such as:

redirect_count

So code for htt-trace.nse could look like ( I threw this together quickly, it's not necessarily perfect or useable in this form):

--- Validates the HTTP response and returns header list

--< at >param response The HTTP response

--< at >param response_headers The HTTP response headers

local validate = function(response, response_headers, followed_redirects)

  local output_lines = {}

  if not(response:match("HTTP/1.[01] 200") or response:match("TRACE / HTTP/1.[01]")) then

    return

  else

    output_lines[ #output_lines+1 ] = "TRACE is enabled"

    if followed-redirects > 0

      output_lines[ #output_lines+1 ] = "Followed " .. followed_redirects .. " redirects." -- We followed some redirects, tell the user

  end

  if nmap.verbosity() >= 2 then

    output_lines[ #output_lines+1 ]= "Headers:"

    for _, value in pairs(response_headers) do

      output_lines [ #output_lines+1 ] = value

    end

  end

  if #output_lines > 0 then

    return stdnse.strjoin("\n", output_lines)

  end

end

---

--MAIN

---

action = function(host, port)

  local path = stdnse.get_script_args("http-trace.path") or "/"

  local num_redirects = stdnse.get_script_args("http-trace.redirect_count") or 2 -- Set default low [2] and let user make it bigger if needed

  local followed_redirects = 0

  local req = http.generic_request(host, port, "TRACE", path) -- Request zero

  while (req.status == 301 or req.status == 302) and req.header["location"] and followed_redirects < num_redirects do -- Follow 2 or redirect_count redirects

    req = http.generic_request(host, port, "TRACE", req.header["location"])

    followed_redirects = followed_redirects + 1

  end -- Hopefully when we finish looping we received a HTTP 200 OK after following some redirects (at least we tried)

  return validate(req.body, req.rawheader, followed_redirects)

end

PS > The thread has now had two top and one bottom reply, what's the actual preference on this list?

Date: Wed, 23 May 2012 18:41:06 +0300

Subject: Re: http-methods & http-trace NSE Script Enhancement Ideas

From: toni.ruottu< at >iki.fi

To: paulino< at >calderonpale.com

CC: kingthorin< at >hotmail.com; nmap-dev< at >insecure.org

Does this affect http-cors too?

On Wednesday, 23 May 2012, Paulino Calderon  wrote:

On 23/05/2012 07:17 a.m., King Thorin wrote:

I was just looking through some online docs and some nmap results. I've

never seen a server that includes public or allow header(s) on a

redirect response [maybe my experience is limited?]. It seems to me that the http-methods NSE should follow

redirects (HTTP 301, 302, 303) in order to perform the necessary OPTIONS

  request on a page/resource that's providing a HTTP 200.

Perhaps similar to the http-trace script:

http://nmap.org/svn/scripts/http-trace.nse

Though

  even that only follows one 301 or 302 redirect.

Further, maybe both scripts should follow a configurable

  # of redirects (default 2, 3, 4 and configurable further) looking for a

  HTTP 200&  handle 301, 302, and 303 redirect codes.

Reference:

http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html

I've emailed the devs of both scripts without any luck.

I'd be glad to provide the necessary changes, if someone can simply fill me in as to how they should be submitted.

_______________________________________________

Sent through the nmap-dev mailing list

http://cgi.insecure.org/mailman/listinfo/nmap-dev

Archived at http://seclists.org/nmap-dev/

I think adding a configuration value for redirects will work better in some cases. I would say most of the libraries follow 2-3 redirects but no more than that. In your experience, what would be a good default?

--

Paulino Calderón Pale

Website: http://calderonpale.com

Twitter: http://twitter.com/calderpwn

_______________________________________________

Sent through the nmap-dev mailing list

http://cgi.insecure.org/mailman/listinfo/nmap-dev

Archived at http://seclists.org/nmap-dev/

_______________________________________________

Sent through the nmap-dev mailing list

http://cgi.insecure.org/mailman/listinfo/nmap-dev

Archived at http://seclists.org/nmap-dev/

The http library does support http redirects for get and head requests.While redirection may seem trivial to implement at first there are a actually a few things to consider.
Therefore, why not make trace a function in the http library wrapping the generic_request method and adding redirect support in the same way as has already been done for get, head, post and put requests?

Cheers,Patrik

Re: nmap 6.0/Zenmap hang on OS X 10.7.4

David Newman — 2012-05-23T19:11:57

FYI the previous hangs were when scanning subnets, not individual hosts.
Today I was able to reproduce the hang after a scan of one host. Again,
the hang occurred on step 2 above, when clicking on the Topology tab.
The OS X Console app had the same file-format error message.

dn


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Re: http-methods & http-trace NSE Script Enhancement Ideas

Patrik Karlsson — 2012-05-23T18:03:30


The http library does support http redirects for get and head requests.
While redirection may seem trivial to implement at first there are a
actually a few things to consider.
Therefore, why not make trace a function in the http library wrapping the
generic_request method and adding redirect support in the same way as has
already been done for get, head, post and put requests?

Cheers,
Patrik

Re: nse_main.lua:312: attempt to index field '?' (a nil value)

Patrik Karlsson — 2012-05-23T17:55:47


I believe I have fixed the bug causing this problem and committed it as
r28666.
The update script is accessible from the following link:
https://svn.nmap.org/nmap/scripts/http-unsafe-output-escaping.nse

Let me know if it solves your problem.

Thanks,
Patrik

RE: http-methods & http-trace NSE Script Enhancement Ideas

King Thorin — 2012-05-23T17:33:44

I just had a quick look at http-cors. It does not appear to follow redirects or check status codes at all, only setting and getting header values. I'm not sure if those header values would or wouldn't be present in a redirect.

I still need someone (or a bunch of people) to confirm if I'm correct in my experiences with allow and public being lacking on redirect responses. Also I still need to know how to provide updates for the scripts in question.

I'd propose a script parameter such as:
redirect_count

So code for htt-trace.nse could look like ( I threw this together quickly, it's not necessarily perfect or useable in this form):

--- Validates the HTTP response and returns header list
--< at >param response The HTTP response
--< at >param response_headers The HTTP response headers 
local validate = function(response, response_headers, followed_redirects)
  local output_lines = {}

  if not(response:match("HTTP/1.[01] 200") or response:match("TRACE / HTTP/1.[01]")) then
    return
  else
    output_lines[ #output_lines+1 ] = "TRACE is enabled"
    if followed-redirects > 0
      output_lines[ #output_lines+1 ] = "Followed " .. followed_redirects .. " redirects." -- We followed some redirects, tell the user
  end
  if nmap.verbosity() >= 2 then 
    output_lines[ #output_lines+1 ]= "Headers:"
    for _, value in pairs(response_headers) do
      output_lines [ #output_lines+1 ] = value
    end
  end
  if #output_lines > 0 then
    return stdnse.strjoin("\n", output_lines)
  end 
end

---
--MAIN
---
action = function(host, port)
  local path = stdnse.get_script_args("http-trace.path") or "/"
  local num_redirects = stdnse.get_script_args("http-trace.redirect_count") or 2 -- Set default low [2] and let user make it bigger if needed
  local followed_redirects = 0  

  local req = http.generic_request(host, port, "TRACE", path) -- Request zero
  while (req.status == 301 or req.status == 302) and req.header["location"] and followed_redirects < num_redirects do -- Follow 2 or redirect_count redirects
    req = http.generic_request(host, port, "TRACE", req.header["location"])
    followed_redirects = followed_redirects + 1
  end -- Hopefully when we finish looping we received a HTTP 200 OK after following some redirects (at least we tried)

  return validate(req.body, req.rawheader, followed_redirects)
end

PS > The thread has now had two top and one bottom reply, what's the actual preference on this list?


Date: Wed, 23 May 2012 18:41:06 +0300
Subject: Re: http-methods & http-trace NSE Script Enhancement Ideas
From: toni.ruottu< at >iki.fi
To: paulino< at >calderonpale.com
CC: kingthorin< at >hotmail.com; nmap-dev< at >insecure.org

Does this affect http-cors too?

On Wednesday, 23 May 2012, Paulino Calderon  wrote:
On 23/05/2012 07:17 a.m., King Thorin wrote:



I was just looking through some online docs and some nmap results. I've

never seen a server that includes public or allow header(s) on a

redirect response [maybe my experience is limited?]. It seems to me that the http-methods NSE should follow

redirects (HTTP 301, 302, 303) in order to perform the necessary OPTIONS

  request on a page/resource that's providing a HTTP 200.





Perhaps similar to the http-trace script:

http://nmap.org/svn/scripts/http-trace.nse

Though

  even that only follows one 301 or 302 redirect.



Further, maybe both scripts should follow a configurable

  # of redirects (default 2, 3, 4 and configurable further) looking for a

  HTTP 200&  handle 301, 302, and 303 redirect codes.





Reference:

http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html



I've emailed the devs of both scripts without any luck.







I'd be glad to provide the necessary changes, if someone can simply fill me in as to how they should be submitted.



                                        

_______________________________________________

Sent through the nmap-dev mailing list

http://cgi.insecure.org/mailman/listinfo/nmap-dev

Archived at http://seclists.org/nmap-dev/


I think adding a configuration value for redirects will work better in some cases. I would say most of the libraries follow 2-3 redirects but no more than that. In your experience, what would be a good default?

New VA Modules: NSE: 2, MSF: 1, Nessus: 12

New VA Module Alert Service — 2012-05-23T17:00:23

This report describes any new scripts/modules/exploits added to Nmap,
OpenVAS, Metasploit, and Nessus since yesterday.

== Nmap Scripting Engine scripts (2) ==

r28652 icap-info http://nmap.org/nsedoc/scripts/icap-info.html
https://svn.nmap.org/nmap/scripts/icap-info.nse
Tries a list of known ICAP service names and prints information about
the ones it detects. The Internet Content Adaptation Protocol (ICAP) is
used to extend transparent proxy server and is generally used for
content filtering and antivirus scanning.

r28655 distcc-cve2004-2687 http://nmap.org/nsedoc/scripts/distcc-cve2004-2687.html
https://svn.nmap.org/nmap/scripts/distcc-cve2004-2687.nse
Detects and exploits a remote code execution vulnerability in the
distributed compiler daemon distcc. The vulnerability was disclosed in
2002, but is still present in modern implementation due to poor
configuration of the service.

== Metasploit modules (1) ==

r15325 http://metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/fileformat/openoffice_ole.rb
OpenOffice OLE Importer DocumentSummaryInformation Stream Handling
Overflow

== Nessus plugins (12) ==

59238 ubuntu_USN-1449-1.nasl
http://nessus.org/plugins/index.php?view=single&id=59238
USN-1449-1 : feedparser vulnerability

59237 suse_openssl-8112.nasl
http://nessus.org/plugins/index.php?view=single&id=59237
SuSE 10 Security Update : openssl (ZYPP Patch Number 8112)

59236 solaris10_x86_148408.nasl
http://nessus.org/plugins/index.php?view=single&id=59236
Solaris 10 (x86) : 148408-01

59235 solaris10_x86_148007.nasl
http://nessus.org/plugins/index.php?view=single&id=59235
Solaris 10 (x86) : 148007-01

59234 solaris10_x86_141105.nasl
http://nessus.org/plugins/index.php?view=single&id=59234
Solaris 10 (x86) : 141105-04

59233 centos_RHSA-2012-0683.nasl
http://nessus.org/plugins/index.php?view=single&id=59233
CentOS : RHSA-2012-0683

59232 liferay_6_1_0_addUser.nasl
http://nessus.org/plugins/index.php?view=single&id=59232
Liferay Portal 6.1.0 'addUser()' Security Bypass

59231 liferay_6_1_0.nasl
http://nessus.org/plugins/index.php?view=single&id=59231
Liferay Portal 6.0.5 / 6.0.6 Arbitrary File Download

59230 liferay_6_0_6.nasl
http://nessus.org/plugins/index.php?view=single&id=59230
Liferay Portal < 6.0.6 Multiple Vulnerabilities

59229 liferay_default_creds.nasl
http://nessus.org/plugins/index.php?view=single&id=59229
Liferay Portal Default Credentials

59228 liferay_detect.nasl
http://nessus.org/plugins/index.php?view=single&id=59228
Liferay Portal Detection

59227 cisco_asa_proxy_info_leak.nasl
http://nessus.org/plugins/index.php?view=single&id=59227
Cisco ASA Cut Through Proxy Authentication Vulnerability
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Re: http-methods & http-trace NSE Script Enhancement Ideas

Toni Ruottu — 2012-05-23T15:41:06

Does this affect http-cors too?

On Wednesday, 23 May 2012, Paulino Calderon wrote:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/