Saint Vulnerability Scanner v7.3 on the wild

SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and save.

New features in this version:

  • Cross-site scripting exploit
  • Detects cross-site scripting vulnerability
  • E-mail forgery tool sends link which exploits vulnerability to steal cookies
  • Session hijacking tool after successful exploit
  • New SAINTwriter pre-configured reports
  • Phishing report
  • Web crawling report
  • New SAINTwriter vulnerability list columns (in custom reports)
  • Microsoft Bulletin number
  • Reference IDs
  • Tutorial reductions (for some tutorials)
  • Only information relevant to reported CVEs is displayed
  • Less extraneous information
JPEG - 31.3 kb

New vulnerability checks in version 7.3:

  • multiple vulnerabilities in Microsoft Office Excel (MS10-017). (CVE2010-0257, CVE2010-0258, CVE2010-0260 through CVE2010-0264)
  • Movie Maker and Producer buffer overflow vulnerability (MS10-016). (CVE2010-0265)
  • Samba ’mount.cifs’ Utility Local Privilege Escalation Vulnerability. (CVE2010-0787)
  • Apache Tomcat Multiple Directory Traversal Vulnerabilities. (CVE2009-2901CVE2009-2902)
  • IBM Cognos Express Backdoor Account Remote Code Execution Vulnerability. (CVE2010-0557)
  • Snitz Forums 2000 ’X-Forwarded-For’ SQL Injection Vulnerability. (BID37637)
  • Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability. (CVE2010-0010)
  • IMail Multiple Vulnerabilities (reversible encryption + weak ACL). (BID38109)
  • Cisco Collaboration Server Cross Site Scripting Vulnerability. (CVE2010-0642)
  • Wireshark Dissector LWRES Multiple Buffer Overflow Vulnerabilities. (CVE2010-0304)
  • RSA SecurID Cross Site Scripting Vulnerability. (BID38207)
  • Domino Web Access ActiveX Control URL Handling Buffer Overflow Vulnerability.(BID38457)
  • Pidgin Multiple Denial of Service Vulnerabilities fixed in 2.6.6. (CVE2010-0277CVE2010-0420CVE2010-0423)
  • IBM DB2 ’kuddb2’ Remote Denial of Service Vulnerability. (CVE2010-0472)
  • lighttpd Slow Request Handling Remote Denial Of Service Vulnerability.(CVE2010-0295)
  • Asterisk T.38 ’FaxMaxDatagram’ Remote Denial of Service Vulnerability. (CVE2010-0441)
  • PostgreSQL ’bitsubstr’ Buffer Overflow Vulnerability. (CVE2010-0442)

New exploits in this version:

  • Oracle Database DBMS_JVM_EXP_PERMS exploit
  • Microsoft Office PowerPoint Viewer TextBytesAtom Record Buffer Overflow exploit. (CVE-2010-0033)
  • Lotus Domino Web Access ActiveX exploit
    * cross-site scripting cookie theft exploit

Post scriptum

Compliance Mandates

  • Penetration testing & Ethical Hacking :

    PCI DSS 11.3, SOX A13.3, GLBA 16 CFR Part 314.4 (c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001/27002 12.6, 15.2.2

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2

Related Articles

Penetration testing & Ethical Hacking
Vulnerability Scanner