ARTICLE

Saint Vulnerability Scanner 6.7.5 released

Thursday 13 March 2008

SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and saved.

New vulnerability checks in version 6.7.5:

- Microsoft Excel arbitrary code execution (MS08-014)
- Microsoft Outlook mailto arbitrary code execution vulnerability (MS08-015)
- Microsoft Office memory corruption vulnerabilities (MS08-016)
- Microsoft Office Web Component Arbitrary Code Execution vulnerabilities (MS08-017)
- multiple JDK/JRE arbitrary code execution vulnerabilities
- multiple Lyris ListManager remote vulnerabilities
- SQL injection vulnerability in PHP-Nuke Web_Links module cid parameter
- SQL injection in XOOPS classifieds module cid parameter for the Adsview action
- multiple Dokeos SQL injection and cross-site scripting vulnerabilities
- Trend Micro OfficeScan Policy Server buffer overflow
- Symantec Backup Exec for Windows Server pvcalendar.ocx ActiveX control arbitrary code execution
- SurgeMail multiple vulnerabilities
- SurgeFTP Content-Length parameter NULL pointer vulnerability
- lighttpd file descriptor array denial of service
- Facebook ActiveX Control buffer overflow vulnerability
- VSF 5.0 for windows dos vulnerability
- VLC Media Player MP4 Demuxer remote code execution
- activePDF Server buffer overflow
- TikiWiki cross-site scripting
- MyServer HTTP Methods "204 Not Content" Error remote denial of service
- S9Y Serendipity "Real Name" Field HTML Injection
- Citrix MetaFrame Web Manager Cross-site scripting
- VMWare products shared folders directory traversal vulnerability
- GNOME Evolution vulnerability
- Lighttpd vulnerabilities
- IBM WebSphere MQ Security Bypass
- Horde vulnerabilities
- MediaWiki cross-site scripting
- Wireshark vulnerabilities fixed in 0.99.8

New exploits in this version:
- Veritas Storage Foundation Administrator service exploit
- Trend Micro OfficeScan CGI exploit
- MySQL yaSSL Hello message exploit
- Novell iPrint Control ActiveX exploit
- Microsoft Office Web Components exploit


POSTSCRIPTUM

Download


RELATED ARTICLES

Saint, Vulnerability Management, Vulnerability Scanner,

15 August 2008 : Saint 6.8 released
31 July 2008 : Saint Vulnerability Scanner updated to 6.7.14
17 July 2008 : Saint Scanner 6.7.13 released
17 June 2008 : SAINT® 6.7.11 Released
6 June 2008 : SAINT® 6.7.10 Released