ARTICLE

Saint vulnerability scanner v6.7.4 released

Saturday 1 March 2008

SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and saved.

New vulnerability checks in version 6.7.4:

- JRE and JDK XML external entity and untrusted application/applet privilege elevation vulnerabilities
- Belkin Wireless G Plus MIMO router remote authentication bypass
- Netwerk Smart Publisher base-64 PHP injection in filedata parameter
- WordPress plugin fGallery fin_rss.php SQL injection vulnerability
- WordPress plugin WP-Cal editevent.php SQL injection vulnerability
- Novell Client EnumPrinters buffer overflow
- Xlight FTP Server LDAP authentication bypass vulnerability
- Titan FTP Server DELE command remote buffer overflow
- Apple iPhoto Photocast subscription remote format string vulnerability
- Kerio MailServer multiple vulnerabilities
- Veritas Storage Foundation Adminstrator vulnerability
- ClamAV vulnerabilities
- PCRE vulnerabilities
- WordPress vulnerabilities
- Mailman vulnerabilities
- Cacti vulnerabilities
- CUPS vulnerabilities
- SQL injection vulnerability in Customer Testimonials add-in for osCommerce
- Gallery vulnerabilities
- Sybase SQL Anywhere MobiLink buffer overflow vulnerability
- Opera multiple vulnerabilities
- WS_FTP opendir command buffer overflow vulnerability
- WS_FTP logging server denial of service vulnerability
- Novell iPrint Client ActiveX vulnerability
- address book security bypass vulnerability in Horde Turba Contact Manager and related applications
- multiple Claroline vulnerabilities including SQL injection and cross-site scripting
- Altiris Notification Server Agent local privilege elevation vulnerability
- WS_FTP Server Manager authentication bypass vulnerability
- SAPlpd vulnerabilities

New exploits in this version:

- BrightStor ARCserve LGServer rxRPC.dll directory traversal exploit
- Microsoft Works File Converter field length exploit
- Microsoft Works File Converter Index Table exploit
- Novell Client nwspool.dll EnumPrinters exploit


POSTSCRIPTUM

Download


RELATED ARTICLES

Recon and Scanning, Saint, Vulnerability Scanner,

15 August 2008 : Saint 6.8 released
31 July 2008 : Saint Vulnerability Scanner updated to 6.7.14
17 July 2008 : Saint Scanner 6.7.13 released
17 June 2008 : SAINT® 6.7.11 Released
6 June 2008 : SAINT® 6.7.10 Released