Saint Vulnerability Scanner V6.6.1 released

by

In: Saint , Vulnerability Scanner

28 September 2007

SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and saved.

New vulnerability checks in version 6.6.1:

  • CA ARCserve Backup for Laptops & Desktops multiple vulnerabilities
  • AOL Instant Messenger Notification Window Remote Script Code
  • Tivoli Storage Manager remote code execution.
  • Visual Basic 6.0 VBP project file handling buffer overflow
  • Visual FoxPro ActiveX Control buffer overflow
  • Earth Resource Mapper ActiveX control vulnerability
  • Visual Studio PDWizard.ocx ActiveX Control Code Execution
  • Sophos AV CAB, LZH and RAR file scan evasion vulnerability
  • Sophos Anti-Virus cross-site scripting vulnerability
  • WinSCP URL Protocl Handler Arbitrary File Access
  • ServerProtect TMregChange Stack Overflow vulnerability
  • OpenOffice TIFF File Parsing Integer Overflow vulnerability
  • HP Photo and Image Gallery and All-in-One HPQUTIL.DLL ActiveX Control vulnerability
  • Callisto Photo Parade Player ActiveX Control Buffer Overflow
  • Broderbund 3DGreetings Player ActiveX Control multiple buffer overflow vulnerabilities
  • GlobalLink ActiveX component buffer overflows
  • Microsoft Visual Studio VB to VSI Support Library Arbitrary File Overwrite
  • Java Web Start ActiveX denial of service
  • Samba NSS_Info Plugin Local Privilege Elevation
  • Microsoft Windows MFC Library FileFind Class Heap Overflow
  • Adobe Connect Enterprise Server Information Disclosure
  • Mozilla Firefox vulnerability
  • Wordpress SQL injection and cross-site scripting vulnerabilities
  • Invision Power Board vulnerabilities
  • Mercury IMAP Server SEARCH command buffer overflow
  • ImageMagick multiple vulnerabilities
  • PHP vulnerabilities

New exploits in this version:

  • Symantec Norton products NavComUI ActiveX exploit
  • Trend Micro ServerProtect service buffer overflow exploit
  • VMware vielib.dll ActiveX exploit
  • Trend Micro ServerProtect TMregChange exploit

Post scriptum

Compliance Mandates

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Related Articles

Saint
Vulnerability Scanner