risu 1.8.3 → 1.8.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/Gemfile.lock +159 -0
- data/LICENSE +1 -1
- data/README.markdown +2 -5
- data/Rakefile +1 -1
- data/bin/risu +1 -1
- data/docs/NEWS.markdown +3 -0
- data/lib/risu.rb +2 -2
- data/lib/risu/base.rb +1 -1
- data/lib/risu/base/graph_template_helper.rb +1 -1
- data/lib/risu/base/host_template_helper.rb +2 -1
- data/lib/risu/base/malware_template_helper.rb +1 -1
- data/lib/risu/base/post_process_base.rb +7 -4
- data/lib/risu/base/post_process_manager.rb +1 -1
- data/lib/risu/base/scan_helper.rb +1 -1
- data/lib/risu/base/schema.rb +10 -3
- data/lib/risu/base/shares_template_helper.rb +1 -1
- data/lib/risu/base/template_base.rb +1 -1
- data/lib/risu/base/template_helper.rb +1 -1
- data/lib/risu/base/template_manager.rb +1 -1
- data/lib/risu/base/templater.rb +1 -1
- data/lib/risu/cli.rb +1 -1
- data/lib/risu/cli/application.rb +16 -16
- data/lib/risu/cli/banner.rb +1 -1
- data/lib/risu/exceptions.rb +1 -1
- data/lib/risu/exceptions/invaliddocument.rb +1 -1
- data/lib/risu/graphs.rb +1 -1
- data/lib/risu/graphs/top_vuln_graph.rb +1 -1
- data/lib/risu/graphs/windows_os_graph.rb +1 -1
- data/lib/risu/models.rb +2 -1
- data/lib/risu/models/attachment.rb +1 -1
- data/lib/risu/models/familyselection.rb +1 -1
- data/lib/risu/models/host.rb +34 -2
- data/lib/risu/models/hostproperty.rb +1 -1
- data/lib/risu/models/individualpluginselection.rb +1 -1
- data/lib/risu/models/item.rb +248 -20
- data/lib/risu/models/nessuspluginmetadata.rb +28 -0
- data/lib/risu/models/patch.rb +1 -1
- data/lib/risu/models/plugin.rb +1 -1
- data/lib/risu/models/pluginspreference.rb +1 -1
- data/lib/risu/models/policy.rb +1 -1
- data/lib/risu/models/reference.rb +1 -1
- data/lib/risu/models/report.rb +1 -1
- data/lib/risu/models/serverpreference.rb +1 -1
- data/lib/risu/models/servicedescription.rb +1 -1
- data/lib/risu/models/version.rb +1 -1
- data/lib/risu/parsers.rb +1 -1
- data/lib/risu/parsers/nessus/nessus_document.rb +1 -1
- data/lib/risu/parsers/nessus/nessus_sax_listener.rb +3 -2
- data/lib/risu/parsers/nessus/postprocess.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/7zip.rb +6 -4
- data/lib/risu/parsers/nessus/postprocess/adobe_acrobat.rb +48 -54
- data/lib/risu/parsers/nessus/postprocess/adobe_air.rb +58 -63
- data/lib/risu/parsers/nessus/postprocess/adobe_coldfusion.rb +47 -0
- data/lib/risu/parsers/nessus/postprocess/{shockwave.rb → adobe_creative_desktop.rb} +9 -34
- data/lib/risu/parsers/nessus/postprocess/adobe_flash_player.rb +175 -0
- data/lib/risu/parsers/nessus/postprocess/adobe_reader.rb +73 -55
- data/lib/risu/parsers/nessus/postprocess/adobe_shockwave_player.rb +74 -0
- data/lib/risu/parsers/nessus/postprocess/apache.rb +38 -33
- data/lib/risu/parsers/nessus/postprocess/apache_tomcat.rb +8 -10
- data/lib/risu/parsers/nessus/postprocess/apple_icloud.rb +47 -0
- data/lib/risu/parsers/nessus/postprocess/apple_itunes.rb +23 -17
- data/lib/risu/parsers/nessus/postprocess/apple_quicktime.rb +38 -32
- data/lib/risu/parsers/nessus/postprocess/artifex_ghostscript.rb +49 -0
- data/lib/risu/parsers/nessus/postprocess/blackberry_enterprise_server.rb +10 -14
- data/lib/risu/parsers/nessus/postprocess/ca_brightstor_arcserve.rb +10 -10
- data/lib/risu/parsers/nessus/postprocess/cisco_anyconnect.rb +18 -20
- data/lib/risu/parsers/nessus/postprocess/cisco_ios.rb +25 -15
- data/lib/risu/parsers/nessus/postprocess/cisco_telepresence.rb +45 -0
- data/lib/risu/parsers/nessus/postprocess/core_ftp.rb +6 -6
- data/lib/risu/parsers/nessus/postprocess/db2.rb +7 -9
- data/lib/risu/parsers/nessus/postprocess/dell_idrac.rb +49 -0
- data/lib/risu/parsers/nessus/postprocess/downgrade_plugins.rb +4 -2
- data/lib/risu/parsers/nessus/postprocess/dropbear_ssh.rb +7 -6
- data/lib/risu/parsers/nessus/postprocess/filezilla.rb +4 -6
- data/lib/risu/parsers/nessus/postprocess/firefox.rb +113 -71
- data/lib/risu/parsers/nessus/postprocess/flexnet.rb +3 -3
- data/lib/risu/parsers/nessus/postprocess/foxit_phantom_pdf.rb +10 -3
- data/lib/risu/parsers/nessus/postprocess/foxit_reader.rb +13 -12
- data/lib/risu/parsers/nessus/postprocess/google_chrome.rb +34 -6
- data/lib/risu/parsers/nessus/postprocess/hp_system_mgt_homepage.rb +3 -3
- data/lib/risu/parsers/nessus/postprocess/iLo.rb +50 -0
- data/lib/risu/parsers/nessus/postprocess/intel_mgt_engine.rb +47 -0
- data/lib/risu/parsers/nessus/postprocess/irfanview.rb +2 -2
- data/lib/risu/parsers/nessus/postprocess/java.rb +70 -64
- data/lib/risu/parsers/nessus/postprocess/libreoffice.rb +2 -2
- data/lib/risu/parsers/nessus/postprocess/microsoft_office.rb +73 -0
- data/lib/risu/parsers/nessus/postprocess/microsoft_visual_studio.rb +47 -0
- data/lib/risu/parsers/nessus/postprocess/microsoft_windows.rb +1312 -0
- data/lib/risu/parsers/nessus/postprocess/mongo_db.rb +46 -0
- data/lib/risu/parsers/nessus/postprocess/mozzila_thunderbird.rb +49 -0
- data/lib/risu/parsers/nessus/postprocess/normalize_plugin_names.rb +5 -2
- data/lib/risu/parsers/nessus/postprocess/openoffice.rb +14 -11
- data/lib/risu/parsers/nessus/postprocess/openssh.rb +3 -3
- data/lib/risu/parsers/nessus/postprocess/openssl.rb +58 -39
- data/lib/risu/parsers/nessus/postprocess/oracle_database.rb +3 -3
- data/lib/risu/parsers/nessus/postprocess/php.rb +94 -69
- data/lib/risu/parsers/nessus/postprocess/post_process.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/putty.rb +47 -0
- data/lib/risu/parsers/nessus/postprocess/real_player.rb +3 -3
- data/lib/risu/parsers/nessus/postprocess/risk_score.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/root_cause.rb +16 -3
- data/lib/risu/parsers/nessus/postprocess/samba.rb +46 -0
- data/lib/risu/parsers/nessus/postprocess/servu.rb +4 -4
- data/lib/risu/parsers/nessus/postprocess/sigplus_pro.rb +3 -3
- data/lib/risu/parsers/nessus/postprocess/skype.rb +4 -3
- data/lib/risu/parsers/nessus/postprocess/solarwinds_dameware.rb +48 -0
- data/lib/risu/parsers/nessus/postprocess/symantec_endpoint.rb +4 -3
- data/lib/risu/parsers/nessus/postprocess/symantec_pcanywhere.rb +3 -3
- data/lib/risu/parsers/nessus/postprocess/tenable_nessus.rb +47 -0
- data/lib/risu/parsers/nessus/postprocess/timbuktu.rb +2 -2
- data/lib/risu/parsers/nessus/postprocess/vlc.rb +4 -3
- data/lib/risu/parsers/nessus/postprocess/vmware_esxi.rb +64 -54
- data/lib/risu/parsers/nessus/postprocess/vmware_player.rb +3 -3
- data/lib/risu/parsers/nessus/postprocess/vmware_vcenter.rb +11 -5
- data/lib/risu/parsers/nessus/postprocess/vmware_vsphere_client.rb +7 -6
- data/lib/risu/parsers/nessus/postprocess/winscp.rb +7 -8
- data/lib/risu/parsers/nessus/postprocess/wireshark.rb +73 -51
- data/lib/risu/parsers/nexpose/nexpose_document.rb +1 -1
- data/lib/risu/parsers/nexpose/simple_nexpose.rb +1 -1
- data/lib/risu/renderers.rb +1 -1
- data/lib/risu/renderers/csvrenderer.rb +1 -1
- data/lib/risu/renderers/nilrenderer.rb +1 -1
- data/lib/risu/renderers/pdfrenderer.rb +1 -1
- data/lib/risu/template_helpers.rb +1 -1
- data/lib/risu/templates/assets.rb +1 -1
- data/lib/risu/templates/authentication_summary.rb +1 -1
- data/lib/risu/templates/cover_sheet.rb +1 -1
- data/lib/risu/templates/exec_summary.rb +1 -1
- data/lib/risu/templates/executive_summary_detailed.rb +1 -1
- data/lib/risu/templates/exploitablity_summary.rb +1 -1
- data/lib/risu/templates/failed_audits.rb +1 -1
- data/lib/risu/templates/finding_statistics.rb +1 -1
- data/lib/risu/templates/findings_host.rb +1 -1
- data/lib/risu/templates/findings_summary.rb +1 -1
- data/lib/risu/templates/findings_summary_with_pluginid.rb +1 -1
- data/lib/risu/templates/graphs.rb +1 -1
- data/lib/risu/templates/host_findings_csv.rb +1 -1
- data/lib/risu/templates/host_summary.rb +1 -1
- data/lib/risu/templates/malicious_process_detection.rb +1 -1
- data/lib/risu/templates/missing_root_causes.rb +1 -1
- data/lib/risu/templates/ms_patch_summary.rb +1 -1
- data/lib/risu/templates/ms_update_summary.rb +1 -1
- data/lib/risu/templates/ms_wsus_findings.rb +1 -1
- data/lib/risu/templates/notable.rb +1 -1
- data/lib/risu/templates/notable_detailed.rb +1 -1
- data/lib/risu/templates/pci_compliance.rb +1 -1
- data/lib/risu/templates/rollup_summary.rb +82 -0
- data/lib/risu/templates/stig_findings_summary.rb +1 -1
- data/lib/risu/templates/talking_points.rb +1 -1
- data/lib/risu/templates/technical_findings.rb +1 -1
- data/lib/risu/templates/template.rb +1 -1
- data/lib/risu/templates/top_25.rb +1 -1
- data/lib/risu/version.rb +2 -2
- data/risu.gemspec +5 -5
- metadata +59 -56
- metadata.gz.sig +0 -0
- data/lib/risu/parsers/nessus/postprocess/flash_player.rb +0 -145
- data/lib/risu/parsers/nessus/postprocess/windows.rb +0 -976
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c) 2010-
|
1
|
+
# Copyright (c) 2010-2020 Jacob Hammack.
|
2
2
|
#
|
3
3
|
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
4
4
|
# of this software and associated documentation files (the "Software"), to deal
|
@@ -31,41 +31,46 @@ module Risu
|
|
31
31
|
{
|
32
32
|
:description => "Apache Patch Rollup",
|
33
33
|
:plugin_id => -99986,
|
34
|
-
:plugin_name => "
|
34
|
+
:plugin_name => "Missing the latest Apache patches",
|
35
35
|
:item_name => "Update to the latest Apache",
|
36
36
|
:plugin_ids => [
|
37
|
-
11030,
|
38
|
-
11137,
|
39
|
-
11793,
|
40
|
-
11915,
|
41
|
-
31654,
|
42
|
-
55976,
|
43
|
-
57792,
|
44
|
-
12280,
|
45
|
-
17696,
|
46
|
-
31408,
|
47
|
-
73405,
|
48
|
-
56216,
|
49
|
-
57791,
|
50
|
-
62101,
|
51
|
-
64912,
|
52
|
-
68915,
|
53
|
-
77531,
|
54
|
-
45004,
|
55
|
-
57603,
|
56
|
-
42052,
|
57
|
-
48205,
|
58
|
-
50070,
|
59
|
-
53896,
|
60
|
-
69014,
|
61
|
-
76622,
|
62
|
-
81126,
|
63
|
-
73081,
|
64
|
-
84959,
|
65
|
-
40467,
|
66
|
-
96451,
|
37
|
+
11030, #Apache Chunked Encoding Remote Overflow
|
38
|
+
11137, #Apache < 1.3.27 Multiple Vulnerabilities (DoS, XSS)
|
39
|
+
11793, #Apache < 1.3.28 Multiple Vulnerabilities (DoS, ID)
|
40
|
+
11915, #Apache < 1.3.29 Multiple Modules Local Overflow
|
41
|
+
31654, #Apache < 1.3.37 mod_rewrite LDAP Protocol URL Handling Overflow
|
42
|
+
55976, #Apache HTTP Server Byte Range DoS
|
43
|
+
57792, #Apache HTTP Server httpOnly Cookie Information Disclosure
|
44
|
+
12280, #Apache < 1.3.31 / 2.0.49 Socket Connection Blocking Race Condition DoS
|
45
|
+
17696, #Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
|
46
|
+
31408, #Apache 1.3.x < 1.3.41 Multiple Vulnerabilities (DoS, XSS)
|
47
|
+
73405, #Apache 2.2.x < 2.2.27 Multiple Vulnerabilities
|
48
|
+
56216, #Apache 2.2.x < 2.2.21 mod_proxy_ajp DoS
|
49
|
+
57791, #Apache 2.2.x < 2.2.22 Multiple Vulnerabilities
|
50
|
+
62101, #Apache 2.2.x < 2.2.23 Multiple Vulnerabilities
|
51
|
+
64912, #Apache 2.2.x < 2.2.24 Multiple XSS Vulnerabilities
|
52
|
+
68915, #Apache 2.2.x < 2.2.25 Multiple Vulnerabilities
|
53
|
+
77531, #Apache 2.2.x < 2.2.28 Multiple Vulnerabilities
|
54
|
+
45004, #Apache 2.2.x < 2.2.15 Multiple Vulnerabilities
|
55
|
+
57603, #Apache 2.2.x < 2.2.13 APR apr_palloc Heap Overflow
|
56
|
+
42052, #Apache 2.2.x < 2.2.14 Multiple Vulnerabilities
|
57
|
+
48205, #Apache 2.2.x < 2.2.16 Multiple Vulnerabilities
|
58
|
+
50070, #Apache 2.2.x < 2.2.17 Multiple Vulnerabilities
|
59
|
+
53896, #Apache 2.2.x < 2.2.18 APR apr_fnmatch DoS
|
60
|
+
69014, #Apache 2.4.x < 2.4.5 Multiple Vulnerabilities
|
61
|
+
76622, #Apache 2.4.x < 2.4.10 Multiple Vulnerabilities
|
62
|
+
81126, #Apache 2.4.x < 2.4.12 Multiple Vulnerabilities
|
63
|
+
73081, #Apache 2.4.x < 2.4.8 Multiple Vulnerabilities
|
64
|
+
84959, #Apache 2.4.x < 2.4.16 Multiple Vulnerabilities
|
65
|
+
40467, #Apache 2.2.x < 2.2.12 Multiple Vulnerabilities
|
66
|
+
96451, #Apache 2.4.x < 2.4.25 Multiple Vulnerabilities (httpoxy)
|
67
|
+
100995, #Apache 2.2.x < 2.2.33-dev / 2.4.x < 2.4.26 Multiple Vulnerabilities -
|
68
|
+
101788, #Apache 2.4.x < 2.4.27 Multiple Vulnerabilities
|
69
|
+
103838, #Apache 2.4.x < 2.4.28 HTTP Vulnerability (OptionsBleed)
|
70
|
+
101787, #Apache 2.2.x < 2.2.34 Multiple Vulnerabilities
|
71
|
+
68914, #Apache 2.0.x < 2.0.65 Multiple Vulnerabilities
|
72
|
+
123642, #Apache 2.4.x < 2.4.39 Multiple Vulnerabilities
|
67
73
|
|
68
|
-
|
69
74
|
]
|
70
75
|
}
|
71
76
|
end
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c) 2010-
|
1
|
+
# Copyright (c) 2010-2020 Jacob Hammack.
|
2
2
|
#
|
3
3
|
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
4
4
|
# of this software and associated documentation files (the "Software"), to deal
|
@@ -31,17 +31,15 @@ module Risu
|
|
31
31
|
{
|
32
32
|
:description => "Apache Tomcat Patch Rollup",
|
33
33
|
:plugin_id => -99966,
|
34
|
-
:plugin_name => "
|
34
|
+
:plugin_name => "Missing the latest Apache Tomcat Patches",
|
35
35
|
:item_name => "Update to the latest Apache Tomcat",
|
36
36
|
:plugin_ids => [
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
81650,
|
41
|
-
83526,
|
42
|
-
|
43
|
-
|
44
|
-
|
37
|
+
81649, #Apache Tomcat 6.0.x < 6.0.43 Multiple Vulnerabilities (POODLE)
|
38
|
+
12085, #Apache Tomcat Servlet / JSP Container Default Files
|
39
|
+
35806, #Tomcat Sample App cal2.jsp 'time' Parameter XSS
|
40
|
+
81650, #Apache Tomcat 7.0.x < 7.0.57 Multiple Vulnerabilities (POODLE)
|
41
|
+
83526, #Apache Tomcat 7.0.x < 7.0.60 Multiple Vulnerabilities (FREAK)
|
42
|
+
70414, #Apache Tomcat / JBoss EJBInvokerServlet / JMXInvokerServlet Multiple Vulnerabilities
|
45
43
|
]
|
46
44
|
}
|
47
45
|
end
|
@@ -0,0 +1,47 @@
|
|
1
|
+
# Copyright (c) 2010-2020 Jacob Hammack.
|
2
|
+
#
|
3
|
+
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
4
|
+
# of this software and associated documentation files (the "Software"), to deal
|
5
|
+
# in the Software without restriction, including without limitation the rights
|
6
|
+
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
7
|
+
# copies of the Software, and to permit persons to whom the Software is
|
8
|
+
# furnished to do so, subject to the following conditions:
|
9
|
+
#
|
10
|
+
# The above copyright notice and this permission notice shall be included in
|
11
|
+
# all copies or substantial portions of the Software.
|
12
|
+
#
|
13
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
14
|
+
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
15
|
+
# FITNESS FOR A PARTICULAR PURPOSE AND NON INFRINGEMENT. IN NO EVENT SHALL THE
|
16
|
+
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
17
|
+
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
18
|
+
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
19
|
+
# THE SOFTWARE.
|
20
|
+
|
21
|
+
|
22
|
+
module Risu
|
23
|
+
module Parsers
|
24
|
+
module Nessus
|
25
|
+
module PostProcess
|
26
|
+
class AppleICloudRollup < Risu::Base::PostProcessBase
|
27
|
+
|
28
|
+
#
|
29
|
+
def initialize
|
30
|
+
@info =
|
31
|
+
{
|
32
|
+
:description => "Apple iCloud Patch Rollup",
|
33
|
+
:plugin_id => -99939,
|
34
|
+
:plugin_name => "Missing the latest Apple iCloud",
|
35
|
+
:item_name => "Update to the latest Apple iCloud",
|
36
|
+
:plugin_ids => [
|
37
|
+
125878, #Apple iCloud < 7.12 Multiple Vulnerabilities
|
38
|
+
]
|
39
|
+
}
|
40
|
+
end
|
41
|
+
end
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
47
|
+
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c) 2010-
|
1
|
+
# Copyright (c) 2010-2020 Jacob Hammack.
|
2
2
|
#
|
3
3
|
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
4
4
|
# of this software and associated documentation files (the "Software"), to deal
|
@@ -31,24 +31,30 @@ module Risu
|
|
31
31
|
{
|
32
32
|
:description => "Apple iTunes Patch Rollup",
|
33
33
|
:plugin_id => -99960,
|
34
|
-
:plugin_name => "
|
34
|
+
:plugin_name => "Missing the latest Apple iTunes Patches",
|
35
35
|
:item_name => "Update to the latest Apple iTunes",
|
36
36
|
:plugin_ids => [
|
37
|
-
84504,
|
38
|
-
86001,
|
39
|
-
86602,
|
40
|
-
91347,
|
41
|
-
87371,
|
42
|
-
92410,
|
43
|
-
94914,
|
44
|
-
94915,
|
45
|
-
95824,
|
46
|
-
96830,
|
47
|
-
100025,
|
48
|
-
100300,
|
49
|
-
|
50
|
-
|
51
|
-
|
37
|
+
84504, #Apple iTunes < 12.2 Multiple Vulnerabilities (credentialed check)
|
38
|
+
86001, #Apple iTunes < 12.3 Multiple Vulnerabilities (credentialed check)
|
39
|
+
86602, #Apple iTunes < 12.3.1 Multiple Vulnerabilities (credentialed check)
|
40
|
+
91347, #Apple iTunes < 12.4 DLL Injection Arbitrary Code Execution (credentialed check)
|
41
|
+
87371, #Apple iTunes < 12.3.2 Multiple Vulnerabilities (credentialed check)
|
42
|
+
92410, #Apple iTunes < 12.4.2 Multiple Vulnerabilities (credentialed check)
|
43
|
+
94914, #Apple iTunes < 12.5.1 Multiple Vulnerabilities (credentialed check)
|
44
|
+
94915, #Apple iTunes < 12.5.2 Multiple Vulnerabilities (credentialed check)
|
45
|
+
95824, #Apple iTunes < 12.5.4 Multiple Vulnerabilities (credentialed check)
|
46
|
+
96830, #Apple iTunes < 12.5.5 Multiple Vulnerabilities (credentialed check)
|
47
|
+
100025, #Apple iTunes < 12.6 Multiple Vulnerabilities (credentialed check)
|
48
|
+
100300, #Apple iTunes < 12.6.1 WebKit Memory Corruption RCE (credentialed check)
|
49
|
+
78597, #Apple iTunes < 12.0.1 Multiple Vulnerabilities (credentialed check) -
|
50
|
+
101954, #Apple iTunes < 12.6.2 Multiple Vulnerabilities (credentialed check) -
|
51
|
+
111105, #Apple iTunes < 12.8 Multiple Vulnerabilities (credentialed check)
|
52
|
+
117880, #Apple iTunes < 12.9 Multiple Vulnerabilities (credentialed check)
|
53
|
+
108795, #Apple iTunes < 12.7.4 WebKit Multiple Vulnerabilities (credentialed check)
|
54
|
+
110384, #Apple iTunes < 12.7.5 Multiple Vulnerabilities (credentialed check)
|
55
|
+
118718, #Apple iTunes < 12.9.1 Multiple Vulnerabilities (credentialed check)
|
56
|
+
119767, #Apple iTunes < 12.9.2 Multiple Vulnerabilities (credentialed check)
|
57
|
+
121473, #Apple iTunes < 12.9.3 Multiple Vulnerabilities (credentialed check)
|
52
58
|
|
53
59
|
]
|
54
60
|
}
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c) 2010-
|
1
|
+
# Copyright (c) 2010-2020 Jacob Hammack.
|
2
2
|
#
|
3
3
|
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
4
4
|
# of this software and associated documentation files (the "Software"), to deal
|
@@ -31,39 +31,45 @@ module Risu
|
|
31
31
|
{
|
32
32
|
:description => "Apple QuickTime Patch Rollup",
|
33
33
|
:plugin_id => -99973,
|
34
|
-
:plugin_name => "
|
34
|
+
:plugin_name => "Missing the latest Apple QuickTime Patches",
|
35
35
|
:item_name => "Update to the latest Apple QuickTime",
|
36
36
|
:plugin_ids => [
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
37
|
+
48323, #QuickTime < 7.6.7 QuickTimeStreaming.qtx SMIL File Debug Logging Overflow (Windows)
|
38
|
+
49260, #QuickTime < 7.6.8 Multiple Vulnerabilities (Windows)
|
39
|
+
51062, #QuickTime < 7.6.9 Multiple Vulnerabilities (Windows)
|
40
|
+
66636, #QuickTime < 7.7.4 Multiple Vulnerabilities (Windows)
|
41
|
+
72706, #QuickTime < 7.7.5 Multiple Vulnerabilities (Windows)
|
42
|
+
78678, #QuickTime < 7.7.6 Multiple Vulnerabilities (Windows)
|
43
|
+
62890, #QuickTime < 7.7.3 Multiple Vulnerabilities (Windows)
|
44
|
+
87848, #Apple QuickTime < 7.7.9 Multiple RCE (Windows)
|
45
|
+
85662, #Apple QuickTime < 7.7.8 Multiple Arbitrary Code Vulnerabilities (Windows)
|
46
|
+
84505, #Apple QuickTime < 7.7.7 Multiple Vulnerabilities (Windows)
|
47
|
+
59113, #QuickTime < 7.7.2 Multiple Vulnerabilities (Windows)
|
48
|
+
56667, #QuickTime < 7.7.1 Multiple Vulnerabilities (Windows)
|
49
|
+
55764, #QuickTime < 7.7 Multiple Vulnerabilities (Windows)
|
50
|
+
21556, #QuickTime < 7.1 Multiple Vulnerabilities (Windows)
|
51
|
+
22336, #QuickTime < 7.1.3 Multiple Vulnerabilities (Windows)
|
52
|
+
24761, #QuickTime < 7.1.5 Multiple Vulnerabilities (Windows)
|
53
|
+
25123, #QuickTime < 7.1.6 quicktime.util.QTHandleRef toQTPointer Method Arbitrary Code Execution (Windows)
|
54
|
+
25347, #QuickTime < 7.1.6 Security Update (Windows)
|
55
|
+
25703, #QuickTime < 7.2 Multiple Vulnerabilities (Windows)
|
56
|
+
26916, #QuickTime < 7.2 Security Update (Windows)
|
57
|
+
29698, #QuickTime < 7.3.1 Multiple Vulnerabilities (Windows)
|
58
|
+
29982, #QuickTime < 7.4 Multiple Vulnerabilities (Windows)
|
59
|
+
31735, #QuickTime < 7.4.5 Multiple Vulnerabilities (Windows)
|
60
|
+
33130, #QuickTime < 7.5 Multiple Vulnerabilities (Windows)
|
61
|
+
34119, #QuickTime < 7.5.5 Multiple Vulnerabilities (Windows)
|
62
|
+
35437, #QuickTime < 7.6 Multiple Vulnerabilities (Windows)
|
63
|
+
38988, #QuickTime < 7.6.2 Multiple Vulnerabilities (Windows)
|
64
|
+
40929, #QuickTime < 7.6.4 Multiple Vulnerabilities (Windows)
|
65
|
+
45388, #QuickTime < 7.6.6 Multiple Vulnerabilities (Windows)
|
66
|
+
27626, #QuickTime < 7.3 Multiple Vulnerabilities (Windows)
|
67
|
+
30204, #QuickTime < 7.4.1 RTSP Response Long Reason-Phrase Arbitrary Remote Code Execution (Windows)
|
68
|
+
11506, #QuickTime < 6.1 URL Handling Overflow (Windows)
|
69
|
+
17637, #QuickTime < 6.5.2 PictureViewer Malformed JPEG Overflow (Windows)
|
70
|
+
20136, #QuickTime < 7.0.3 Multiple Vulnerabilities (Windows)
|
71
|
+
20395, #QuickTime < 7.0.4 Multiple Vulnerabilities (Windows)
|
72
|
+
|
67
73
|
]
|
68
74
|
}
|
69
75
|
end
|
@@ -0,0 +1,49 @@
|
|
1
|
+
# Copyright (c) 2010-2020 Jacob Hammack.
|
2
|
+
#
|
3
|
+
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
4
|
+
# of this software and associated documentation files (the "Software"), to deal
|
5
|
+
# in the Software without restriction, including without limitation the rights
|
6
|
+
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
7
|
+
# copies of the Software, and to permit persons to whom the Software is
|
8
|
+
# furnished to do so, subject to the following conditions:
|
9
|
+
#
|
10
|
+
# The above copyright notice and this permission notice shall be included in
|
11
|
+
# all copies or substantial portions of the Software.
|
12
|
+
#
|
13
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
14
|
+
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
15
|
+
# FITNESS FOR A PARTICULAR PURPOSE AND NON INFRINGEMENT. IN NO EVENT SHALL THE
|
16
|
+
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
17
|
+
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
18
|
+
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
19
|
+
# THE SOFTWARE.
|
20
|
+
|
21
|
+
|
22
|
+
module Risu
|
23
|
+
module Parsers
|
24
|
+
module Nessus
|
25
|
+
module PostProcess
|
26
|
+
class ArtifexGhostscriptRollup < Risu::Base::PostProcessBase
|
27
|
+
|
28
|
+
#
|
29
|
+
def initialize
|
30
|
+
@info =
|
31
|
+
{
|
32
|
+
:description => "Artifex Ghostscript Patch Rollup",
|
33
|
+
:plugin_id => -99937,
|
34
|
+
:plugin_name => "Missing the latest Artifex Ghostscript",
|
35
|
+
:item_name => "Update to the latest Artifex Ghostscript",
|
36
|
+
:plugin_ids => [
|
37
|
+
117459, #Artifex Ghostscript Multiple Vulnerabilities
|
38
|
+
117596, #Artifex Ghostscript < 9.25 PostScript Code Execution Vulnerability
|
39
|
+
119240, #Artifex Ghostscript < 9.26 PostScript Multiple Vulnerabilities
|
40
|
+
]
|
41
|
+
}
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c) 2010-
|
1
|
+
# Copyright (c) 2010-2020 Jacob Hammack.
|
2
2
|
#
|
3
3
|
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
4
4
|
# of this software and associated documentation files (the "Software"), to deal
|
@@ -31,21 +31,17 @@ module Risu
|
|
31
31
|
{
|
32
32
|
:description => "Black Berry Enterprise Server Patch Rollup",
|
33
33
|
:plugin_id => -99968,
|
34
|
-
:plugin_name => "
|
34
|
+
:plugin_name => "Missing the latest Black Berry Enterprise Server Patches",
|
35
35
|
:item_name => "Update to the latest Black Berry Enterprise Server",
|
36
36
|
:plugin_ids => [
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
55670,
|
42
|
-
53829,
|
43
|
-
72583,
|
44
|
-
77327,
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
37
|
+
50071, #BlackBerry Enterprise Server / Attachment Service PDF Distiller Buffer Overflow (KB24547)
|
38
|
+
51191, #BlackBerry Enterprise Server / Attachment Service PDF Distiller Buffer Overflow (KB24761)
|
39
|
+
51527, #BlackBerry Enterprise Server / Attachment Service PDF Distiller Buffer Overflow (KB25382)
|
40
|
+
55819, #BlackBerry Enterprise Server PNG and TIFF Image Processing Vulnerabilities (KB27244)
|
41
|
+
55670, #BlackBerry Enterprise Server Administration API Unspecified Remote Vulnerability (KB27258)
|
42
|
+
53829, #BlackBerry Enterprise Server Web Desktop Manager XSS (KB26296)
|
43
|
+
72583, #BlackBerry Enterprise Server / Enterprise Service / Enterprise Server Express Information Disclosure (KB35647)
|
44
|
+
77327, #BlackBerry Enterprise Server / Enterprise Service / Enterprise Server Express Information Disclosure (KB36175)
|
49
45
|
]
|
50
46
|
}
|
51
47
|
end
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c) 2010-
|
1
|
+
# Copyright (c) 2010-2020 Jacob Hammack.
|
2
2
|
#
|
3
3
|
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
4
4
|
# of this software and associated documentation files (the "Software"), to deal
|
@@ -31,17 +31,17 @@ module Risu
|
|
31
31
|
{
|
32
32
|
:description => "CA BrightStor ARCserve Backup Patch Rollup",
|
33
33
|
:plugin_id => -99982,
|
34
|
-
:plugin_name => "
|
34
|
+
:plugin_name => "Missing the latest CA BrightStor ARCserve Backup Patches",
|
35
35
|
:item_name => "Update to the latest CA BrightStor ARCserve Backup",
|
36
36
|
:plugin_ids => [
|
37
|
-
24015,
|
38
|
-
24816,
|
39
|
-
25086,
|
40
|
-
26970,
|
41
|
-
32398,
|
42
|
-
34393,
|
43
|
-
22510,
|
44
|
-
23841,
|
37
|
+
24015, #CA BrightStor ARCserve Backup Multiple Vulnerabilities (QO84983)
|
38
|
+
24816, #CA BrightStor ARCserve Backup Tape Engine and Portmapper Multiple Vulnerabilities (QO86255)
|
39
|
+
25086, #CA BrightStor ARCserve Backup Multiple Vulnerabilities (QO87569)
|
40
|
+
26970, #CA BrightStor ARCserve Backup Multiple Remote Vulnerabilities (QO91094)
|
41
|
+
32398, #CA BrightStor ARCserve Backup Multiple Vulnerabilities (QO92996)
|
42
|
+
34393, #CA BrightStor ARCserve Backup RPC Interface (asdbapi.dll) Traversal Arbitrary Command Execution
|
43
|
+
22510, #CA BrightStor ARCserve Backup for Windows Multiple Remote Buffer Overflows (QO81201)
|
44
|
+
23841, #CA BrightStor ARCserve Backup Discovery Service Overflow
|
45
45
|
]
|
46
46
|
}
|
47
47
|
end
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c) 2010-
|
1
|
+
# Copyright (c) 2010-2020 Jacob Hammack.
|
2
2
|
#
|
3
3
|
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
4
4
|
# of this software and associated documentation files (the "Software"), to deal
|
@@ -31,27 +31,25 @@ module Risu
|
|
31
31
|
{
|
32
32
|
:description => "Cisco AnyConnect Client Patch Rollup",
|
33
33
|
:plugin_id => -99961,
|
34
|
-
:plugin_name => "
|
34
|
+
:plugin_name => "Missing the latest Cisco AnyConnect Client Patches",
|
35
35
|
:item_name => "Update to the latest Cisco AnyConnect Client",
|
36
36
|
:plugin_ids => [
|
37
|
-
76491,
|
38
|
-
81978,
|
39
|
-
86302,
|
40
|
-
78676,
|
41
|
-
81671,
|
42
|
-
82270,
|
43
|
-
85266,
|
44
|
-
85267,
|
45
|
-
85541,
|
46
|
-
87894,
|
47
|
-
88100,
|
48
|
-
54954,
|
49
|
-
59820,
|
50
|
-
93382,
|
51
|
-
71464,
|
52
|
-
|
53
|
-
|
54
|
-
|
37
|
+
76491, #Cisco AnyConnect Secure Mobility Client 2.x / 3.x < 3.1(5170) Multiple OpenSSL Vulnerabilities
|
38
|
+
81978, #Cisco AnyConnect Secure Mobility Client < 3.1.10010.0 / 4.0.x < 4.0.4014.0 / 4.1.x < 4.1.4011.0 Code Execution Vulnerability
|
39
|
+
86302, #Cisco AnyConnect Secure Mobility Client 3.x < 3.1.11004.0 / 4.x < 4.1.6020.0 Privilege Escalation
|
40
|
+
78676, #Cisco AnyConnect Secure Mobility Client < 3.1(5187) (POODLE)
|
41
|
+
81671, #Cisco AnyConnect Secure Mobility Client < 3.1(6068) XSS
|
42
|
+
82270, #Cisco AnyConnect Secure Mobility Client < 3.1(7021) / <= 4.0(48) Multiple Vulnerabilities (FREAK)
|
43
|
+
85266, #Cisco AnyConnect Secure Mobility Client < 3.1.8009.0 / 4.0.x < 4.0.2052.0 / 4.1.x < 4.1.28.0 Multiple Vulnerabilities
|
44
|
+
85267, #Cisco AnyConnect Secure Mobility Client < 3.1.10010.0 / 4.0.x < 4.0.4013.0 / 4.1.x < 4.1.4011.0 IPC File Write Vulnerability
|
45
|
+
85541, #Cisco AnyConnect Secure Mobility Client 3.x < 3.1.10010.0 / 4.x < 4.1.4011.0 Arbitrary File Write
|
46
|
+
87894, #Cisco AnyConnect Secure Mobility Client 2.x < 3.1.13015.0 / 4.x < 4.2.1035.0 Arbitrary File Manipulation
|
47
|
+
88100, #Cisco AnyConnect Secure Mobility Client < 3.1.13015.0 / 4.2.x < 4.2.1035.0 Multiple OpenSSL Vulnerabilities
|
48
|
+
54954, #Cisco AnyConnect Secure Mobility Client < 2.3.254 Multiple Vulnerabilities
|
49
|
+
59820, #Cisco AnyConnect Secure Mobility Client VPN Downloader RCE (cisco-sa-20120620-ac)
|
50
|
+
93382, #Cisco AnyConnect Secure Mobility Client 4.2.x < 4.2.5015.0 / 4.3.x < 4.3.2039.0 Privilege Escalation Vulnerability
|
51
|
+
71464, #Cisco AnyConnect Secure Mobility Client 2.x / 3.x < 3.0(629) ATL Buffer Overflow
|
52
|
+
95951, #Cisco AnyConnect Secure Mobility Client 3.1.x < 4.3.4019.0 / 4.4.x < 4.4.225.0 Privilege Escalation
|
55
53
|
]
|
56
54
|
}
|
57
55
|
end
|