risu 1.8.3 → 1.8.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/Gemfile.lock +159 -0
- data/LICENSE +1 -1
- data/README.markdown +2 -5
- data/Rakefile +1 -1
- data/bin/risu +1 -1
- data/docs/NEWS.markdown +3 -0
- data/lib/risu.rb +2 -2
- data/lib/risu/base.rb +1 -1
- data/lib/risu/base/graph_template_helper.rb +1 -1
- data/lib/risu/base/host_template_helper.rb +2 -1
- data/lib/risu/base/malware_template_helper.rb +1 -1
- data/lib/risu/base/post_process_base.rb +7 -4
- data/lib/risu/base/post_process_manager.rb +1 -1
- data/lib/risu/base/scan_helper.rb +1 -1
- data/lib/risu/base/schema.rb +10 -3
- data/lib/risu/base/shares_template_helper.rb +1 -1
- data/lib/risu/base/template_base.rb +1 -1
- data/lib/risu/base/template_helper.rb +1 -1
- data/lib/risu/base/template_manager.rb +1 -1
- data/lib/risu/base/templater.rb +1 -1
- data/lib/risu/cli.rb +1 -1
- data/lib/risu/cli/application.rb +16 -16
- data/lib/risu/cli/banner.rb +1 -1
- data/lib/risu/exceptions.rb +1 -1
- data/lib/risu/exceptions/invaliddocument.rb +1 -1
- data/lib/risu/graphs.rb +1 -1
- data/lib/risu/graphs/top_vuln_graph.rb +1 -1
- data/lib/risu/graphs/windows_os_graph.rb +1 -1
- data/lib/risu/models.rb +2 -1
- data/lib/risu/models/attachment.rb +1 -1
- data/lib/risu/models/familyselection.rb +1 -1
- data/lib/risu/models/host.rb +34 -2
- data/lib/risu/models/hostproperty.rb +1 -1
- data/lib/risu/models/individualpluginselection.rb +1 -1
- data/lib/risu/models/item.rb +248 -20
- data/lib/risu/models/nessuspluginmetadata.rb +28 -0
- data/lib/risu/models/patch.rb +1 -1
- data/lib/risu/models/plugin.rb +1 -1
- data/lib/risu/models/pluginspreference.rb +1 -1
- data/lib/risu/models/policy.rb +1 -1
- data/lib/risu/models/reference.rb +1 -1
- data/lib/risu/models/report.rb +1 -1
- data/lib/risu/models/serverpreference.rb +1 -1
- data/lib/risu/models/servicedescription.rb +1 -1
- data/lib/risu/models/version.rb +1 -1
- data/lib/risu/parsers.rb +1 -1
- data/lib/risu/parsers/nessus/nessus_document.rb +1 -1
- data/lib/risu/parsers/nessus/nessus_sax_listener.rb +3 -2
- data/lib/risu/parsers/nessus/postprocess.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/7zip.rb +6 -4
- data/lib/risu/parsers/nessus/postprocess/adobe_acrobat.rb +48 -54
- data/lib/risu/parsers/nessus/postprocess/adobe_air.rb +58 -63
- data/lib/risu/parsers/nessus/postprocess/adobe_coldfusion.rb +47 -0
- data/lib/risu/parsers/nessus/postprocess/{shockwave.rb → adobe_creative_desktop.rb} +9 -34
- data/lib/risu/parsers/nessus/postprocess/adobe_flash_player.rb +175 -0
- data/lib/risu/parsers/nessus/postprocess/adobe_reader.rb +73 -55
- data/lib/risu/parsers/nessus/postprocess/adobe_shockwave_player.rb +74 -0
- data/lib/risu/parsers/nessus/postprocess/apache.rb +38 -33
- data/lib/risu/parsers/nessus/postprocess/apache_tomcat.rb +8 -10
- data/lib/risu/parsers/nessus/postprocess/apple_icloud.rb +47 -0
- data/lib/risu/parsers/nessus/postprocess/apple_itunes.rb +23 -17
- data/lib/risu/parsers/nessus/postprocess/apple_quicktime.rb +38 -32
- data/lib/risu/parsers/nessus/postprocess/artifex_ghostscript.rb +49 -0
- data/lib/risu/parsers/nessus/postprocess/blackberry_enterprise_server.rb +10 -14
- data/lib/risu/parsers/nessus/postprocess/ca_brightstor_arcserve.rb +10 -10
- data/lib/risu/parsers/nessus/postprocess/cisco_anyconnect.rb +18 -20
- data/lib/risu/parsers/nessus/postprocess/cisco_ios.rb +25 -15
- data/lib/risu/parsers/nessus/postprocess/cisco_telepresence.rb +45 -0
- data/lib/risu/parsers/nessus/postprocess/core_ftp.rb +6 -6
- data/lib/risu/parsers/nessus/postprocess/db2.rb +7 -9
- data/lib/risu/parsers/nessus/postprocess/dell_idrac.rb +49 -0
- data/lib/risu/parsers/nessus/postprocess/downgrade_plugins.rb +4 -2
- data/lib/risu/parsers/nessus/postprocess/dropbear_ssh.rb +7 -6
- data/lib/risu/parsers/nessus/postprocess/filezilla.rb +4 -6
- data/lib/risu/parsers/nessus/postprocess/firefox.rb +113 -71
- data/lib/risu/parsers/nessus/postprocess/flexnet.rb +3 -3
- data/lib/risu/parsers/nessus/postprocess/foxit_phantom_pdf.rb +10 -3
- data/lib/risu/parsers/nessus/postprocess/foxit_reader.rb +13 -12
- data/lib/risu/parsers/nessus/postprocess/google_chrome.rb +34 -6
- data/lib/risu/parsers/nessus/postprocess/hp_system_mgt_homepage.rb +3 -3
- data/lib/risu/parsers/nessus/postprocess/iLo.rb +50 -0
- data/lib/risu/parsers/nessus/postprocess/intel_mgt_engine.rb +47 -0
- data/lib/risu/parsers/nessus/postprocess/irfanview.rb +2 -2
- data/lib/risu/parsers/nessus/postprocess/java.rb +70 -64
- data/lib/risu/parsers/nessus/postprocess/libreoffice.rb +2 -2
- data/lib/risu/parsers/nessus/postprocess/microsoft_office.rb +73 -0
- data/lib/risu/parsers/nessus/postprocess/microsoft_visual_studio.rb +47 -0
- data/lib/risu/parsers/nessus/postprocess/microsoft_windows.rb +1312 -0
- data/lib/risu/parsers/nessus/postprocess/mongo_db.rb +46 -0
- data/lib/risu/parsers/nessus/postprocess/mozzila_thunderbird.rb +49 -0
- data/lib/risu/parsers/nessus/postprocess/normalize_plugin_names.rb +5 -2
- data/lib/risu/parsers/nessus/postprocess/openoffice.rb +14 -11
- data/lib/risu/parsers/nessus/postprocess/openssh.rb +3 -3
- data/lib/risu/parsers/nessus/postprocess/openssl.rb +58 -39
- data/lib/risu/parsers/nessus/postprocess/oracle_database.rb +3 -3
- data/lib/risu/parsers/nessus/postprocess/php.rb +94 -69
- data/lib/risu/parsers/nessus/postprocess/post_process.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/putty.rb +47 -0
- data/lib/risu/parsers/nessus/postprocess/real_player.rb +3 -3
- data/lib/risu/parsers/nessus/postprocess/risk_score.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/root_cause.rb +16 -3
- data/lib/risu/parsers/nessus/postprocess/samba.rb +46 -0
- data/lib/risu/parsers/nessus/postprocess/servu.rb +4 -4
- data/lib/risu/parsers/nessus/postprocess/sigplus_pro.rb +3 -3
- data/lib/risu/parsers/nessus/postprocess/skype.rb +4 -3
- data/lib/risu/parsers/nessus/postprocess/solarwinds_dameware.rb +48 -0
- data/lib/risu/parsers/nessus/postprocess/symantec_endpoint.rb +4 -3
- data/lib/risu/parsers/nessus/postprocess/symantec_pcanywhere.rb +3 -3
- data/lib/risu/parsers/nessus/postprocess/tenable_nessus.rb +47 -0
- data/lib/risu/parsers/nessus/postprocess/timbuktu.rb +2 -2
- data/lib/risu/parsers/nessus/postprocess/vlc.rb +4 -3
- data/lib/risu/parsers/nessus/postprocess/vmware_esxi.rb +64 -54
- data/lib/risu/parsers/nessus/postprocess/vmware_player.rb +3 -3
- data/lib/risu/parsers/nessus/postprocess/vmware_vcenter.rb +11 -5
- data/lib/risu/parsers/nessus/postprocess/vmware_vsphere_client.rb +7 -6
- data/lib/risu/parsers/nessus/postprocess/winscp.rb +7 -8
- data/lib/risu/parsers/nessus/postprocess/wireshark.rb +73 -51
- data/lib/risu/parsers/nexpose/nexpose_document.rb +1 -1
- data/lib/risu/parsers/nexpose/simple_nexpose.rb +1 -1
- data/lib/risu/renderers.rb +1 -1
- data/lib/risu/renderers/csvrenderer.rb +1 -1
- data/lib/risu/renderers/nilrenderer.rb +1 -1
- data/lib/risu/renderers/pdfrenderer.rb +1 -1
- data/lib/risu/template_helpers.rb +1 -1
- data/lib/risu/templates/assets.rb +1 -1
- data/lib/risu/templates/authentication_summary.rb +1 -1
- data/lib/risu/templates/cover_sheet.rb +1 -1
- data/lib/risu/templates/exec_summary.rb +1 -1
- data/lib/risu/templates/executive_summary_detailed.rb +1 -1
- data/lib/risu/templates/exploitablity_summary.rb +1 -1
- data/lib/risu/templates/failed_audits.rb +1 -1
- data/lib/risu/templates/finding_statistics.rb +1 -1
- data/lib/risu/templates/findings_host.rb +1 -1
- data/lib/risu/templates/findings_summary.rb +1 -1
- data/lib/risu/templates/findings_summary_with_pluginid.rb +1 -1
- data/lib/risu/templates/graphs.rb +1 -1
- data/lib/risu/templates/host_findings_csv.rb +1 -1
- data/lib/risu/templates/host_summary.rb +1 -1
- data/lib/risu/templates/malicious_process_detection.rb +1 -1
- data/lib/risu/templates/missing_root_causes.rb +1 -1
- data/lib/risu/templates/ms_patch_summary.rb +1 -1
- data/lib/risu/templates/ms_update_summary.rb +1 -1
- data/lib/risu/templates/ms_wsus_findings.rb +1 -1
- data/lib/risu/templates/notable.rb +1 -1
- data/lib/risu/templates/notable_detailed.rb +1 -1
- data/lib/risu/templates/pci_compliance.rb +1 -1
- data/lib/risu/templates/rollup_summary.rb +82 -0
- data/lib/risu/templates/stig_findings_summary.rb +1 -1
- data/lib/risu/templates/talking_points.rb +1 -1
- data/lib/risu/templates/technical_findings.rb +1 -1
- data/lib/risu/templates/template.rb +1 -1
- data/lib/risu/templates/top_25.rb +1 -1
- data/lib/risu/version.rb +2 -2
- data/risu.gemspec +5 -5
- metadata +59 -56
- metadata.gz.sig +0 -0
- data/lib/risu/parsers/nessus/postprocess/flash_player.rb +0 -145
- data/lib/risu/parsers/nessus/postprocess/windows.rb +0 -976
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
# Copyright (c) 2010-2020 Jacob Hammack.
|
|
2
|
+
#
|
|
3
|
+
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
4
|
+
# of this software and associated documentation files (the "Software"), to deal
|
|
5
|
+
# in the Software without restriction, including without limitation the rights
|
|
6
|
+
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
7
|
+
# copies of the Software, and to permit persons to whom the Software is
|
|
8
|
+
# furnished to do so, subject to the following conditions:
|
|
9
|
+
#
|
|
10
|
+
# The above copyright notice and this permission notice shall be included in
|
|
11
|
+
# all copies or substantial portions of the Software.
|
|
12
|
+
#
|
|
13
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
14
|
+
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
15
|
+
# FITNESS FOR A PARTICULAR PURPOSE AND NON INFRINGEMENT. IN NO EVENT SHALL THE
|
|
16
|
+
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
17
|
+
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
18
|
+
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
19
|
+
# THE SOFTWARE.
|
|
20
|
+
|
|
21
|
+
|
|
22
|
+
module Risu
|
|
23
|
+
module Parsers
|
|
24
|
+
module Nessus
|
|
25
|
+
module PostProcess
|
|
26
|
+
class MongoDBRollup < Risu::Base::PostProcessBase
|
|
27
|
+
|
|
28
|
+
#
|
|
29
|
+
def initialize
|
|
30
|
+
@info =
|
|
31
|
+
{
|
|
32
|
+
:description => "MongoDB Patch Rollup",
|
|
33
|
+
:plugin_id => -99943,
|
|
34
|
+
:plugin_name => "Missing the latest MongoDB",
|
|
35
|
+
:item_name => "Update to the latest MongoDB",
|
|
36
|
+
:plugin_ids => [
|
|
37
|
+
122243, #MongoDB 2.6.x < 2.6.9, 3.0.x < 3.0.14, 3.2.x < 3.2.8 mongod
|
|
38
|
+
|
|
39
|
+
]
|
|
40
|
+
}
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
end
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
# Copyright (c) 2010-2020 Jacob Hammack.
|
|
2
|
+
#
|
|
3
|
+
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
4
|
+
# of this software and associated documentation files (the "Software"), to deal
|
|
5
|
+
# in the Software without restriction, including without limitation the rights
|
|
6
|
+
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
7
|
+
# copies of the Software, and to permit persons to whom the Software is
|
|
8
|
+
# furnished to do so, subject to the following conditions:
|
|
9
|
+
#
|
|
10
|
+
# The above copyright notice and this permission notice shall be included in
|
|
11
|
+
# all copies or substantial portions of the Software.
|
|
12
|
+
#
|
|
13
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
14
|
+
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
15
|
+
# FITNESS FOR A PARTICULAR PURPOSE AND NON INFRINGEMENT. IN NO EVENT SHALL THE
|
|
16
|
+
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
17
|
+
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
18
|
+
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
19
|
+
# THE SOFTWARE.
|
|
20
|
+
|
|
21
|
+
|
|
22
|
+
module Risu
|
|
23
|
+
module Parsers
|
|
24
|
+
module Nessus
|
|
25
|
+
module PostProcess
|
|
26
|
+
class MozzilaThunderbirdPatchRollup < Risu::Base::PostProcessBase
|
|
27
|
+
|
|
28
|
+
#
|
|
29
|
+
def initialize
|
|
30
|
+
@info =
|
|
31
|
+
{
|
|
32
|
+
:description => "Mozzila Thunderbird Patch Rollup",
|
|
33
|
+
:plugin_id => -99949,
|
|
34
|
+
:plugin_name => "Missing the latest Mozzila Thunderbird Patches",
|
|
35
|
+
:item_name => "Update to the latest Mozzila Thunderbird",
|
|
36
|
+
:plugin_ids => [
|
|
37
|
+
105507, #Mozilla Thunderbird < 52.5.2 Multiple Vulnerabilities
|
|
38
|
+
108519, #Mozilla Thunderbird < 52.6 Multiple Vulnerabilities
|
|
39
|
+
109946, #Mozilla Thunderbird < 52.8 Multiple Vulnerabilities (EFAIL)
|
|
40
|
+
105044, #Mozilla Thunderbird < 52.5 Multiple Vulnerabilities
|
|
41
|
+
111044, #Mozilla Thunderbird < 52.9 Multiple Vulnerabilities
|
|
42
|
+
]
|
|
43
|
+
}
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
end
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# Copyright (c) 2010-
|
|
1
|
+
# Copyright (c) 2010-2020 Jacob Hammack.
|
|
2
2
|
#
|
|
3
3
|
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
4
4
|
# of this software and associated documentation files (the "Software"), to deal
|
|
@@ -43,7 +43,10 @@ module Risu
|
|
|
43
43
|
"(FREAK)",
|
|
44
44
|
"(Bar Mitzvah)",
|
|
45
45
|
"(Logjam)",
|
|
46
|
-
"(uncredentialed check)"
|
|
46
|
+
"(uncredentialed check)",
|
|
47
|
+
"(EXPLODINGCAN)",
|
|
48
|
+
"(Foreshadow)",
|
|
49
|
+
"(MSXML)"
|
|
47
50
|
]
|
|
48
51
|
end
|
|
49
52
|
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# Copyright (c) 2010-
|
|
1
|
+
# Copyright (c) 2010-2020 Jacob Hammack.
|
|
2
2
|
#
|
|
3
3
|
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
4
4
|
# of this software and associated documentation files (the "Software"), to deal
|
|
@@ -31,18 +31,21 @@ module Risu
|
|
|
31
31
|
{
|
|
32
32
|
:description => "OpenOffice Patch Rollup",
|
|
33
33
|
:plugin_id => -99963,
|
|
34
|
-
:plugin_name => "
|
|
34
|
+
:plugin_name => "Missing the latest OpenOffice Patches",
|
|
35
35
|
:item_name => "Update to the latest OpenOffice",
|
|
36
36
|
:plugin_ids => [
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
37
|
+
77408, #Apache OpenOffice < 4.1.1 Multiple Vulnerabilities
|
|
38
|
+
86904, #Apache OpenOffice < 4.1.2 Multiple Vulnerabilities
|
|
39
|
+
94199, #Apache OpenOffice < 4.1.3 Multiple Vulnerabilities
|
|
40
|
+
61731, #Apache OpenOffice < 3.4.1 Multiple Heap-Based Buffer Overflows
|
|
41
|
+
69185, #Apache OpenOffice < 4.0 Multiple Memory Corruption Vulnerabilities
|
|
42
|
+
51773, #Oracle OpenOffice.org < 3.3 Multiple Vulnerabilities
|
|
43
|
+
58727, #OpenOffice XML External Entity RDF Document Handling Information Disclosure 59191, #Apache OpenOffice < 3.4.0 Multiple Memory Corruption Vulnerabilities
|
|
44
|
+
59191, #Apache OpenOffice < 3.4.0 Multiple Memory Corruption Vulnerabilities
|
|
45
|
+
104351, #Apache OpenOffice < 4.1.4 Multiple Vulnerabilities
|
|
46
|
+
40826, #OpenOffice < 3.1.1 Multiple Buffer Overflows
|
|
47
|
+
44597, #Sun OpenOffice.org < 3.2 Multiple Vulnerabilities
|
|
48
|
+
46814, #Oracle OpenOffice.org < 3.2.1 Multiple Vulnerabilities
|
|
46
49
|
]
|
|
47
50
|
}
|
|
48
51
|
end
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# Copyright (c) 2010-
|
|
1
|
+
# Copyright (c) 2010-2020 Jacob Hammack.
|
|
2
2
|
#
|
|
3
3
|
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
4
4
|
# of this software and associated documentation files (the "Software"), to deal
|
|
@@ -31,7 +31,7 @@ module Risu
|
|
|
31
31
|
{
|
|
32
32
|
:description => "OpenSSH Patch Rollup",
|
|
33
33
|
:plugin_id => -99995,
|
|
34
|
-
:plugin_name => "
|
|
34
|
+
:plugin_name => "Missing the latest OpenSSH Patches",
|
|
35
35
|
:item_name => "Update to the latest OpenSSH",
|
|
36
36
|
:plugin_ids => [
|
|
37
37
|
11837,
|
|
@@ -59,7 +59,7 @@ module Risu
|
|
|
59
59
|
11712,
|
|
60
60
|
44072,
|
|
61
61
|
10802,
|
|
62
|
-
|
|
62
|
+
|
|
63
63
|
|
|
64
64
|
|
|
65
65
|
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# Copyright (c) 2010-
|
|
1
|
+
# Copyright (c) 2010-2020 Jacob Hammack.
|
|
2
2
|
#
|
|
3
3
|
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
4
4
|
# of this software and associated documentation files (the "Software"), to deal
|
|
@@ -31,46 +31,65 @@ module Risu
|
|
|
31
31
|
{
|
|
32
32
|
:description => "OpenSSL Patch Rollup",
|
|
33
33
|
:plugin_id => -99984,
|
|
34
|
-
:plugin_name => "
|
|
34
|
+
:plugin_name => "Missing the latest OpenSSL Patches",
|
|
35
35
|
:item_name => "Update to the latest OpenSSL",
|
|
36
36
|
:plugin_ids => [
|
|
37
|
-
11267,
|
|
38
|
-
12110,
|
|
39
|
-
74363,
|
|
40
|
-
77086,
|
|
41
|
-
74326,
|
|
42
|
-
73412,
|
|
43
|
-
77200,
|
|
44
|
-
17757,
|
|
45
|
-
73404,
|
|
46
|
-
74364,
|
|
47
|
-
77088,
|
|
48
|
-
17755,
|
|
49
|
-
17756,
|
|
50
|
-
17758,
|
|
51
|
-
17759,
|
|
52
|
-
17761,
|
|
53
|
-
17762,
|
|
54
|
-
17763,
|
|
55
|
-
17765,
|
|
56
|
-
57459,
|
|
57
|
-
58799,
|
|
58
|
-
17760,
|
|
59
|
-
56996,
|
|
60
|
-
58564,
|
|
61
|
-
59076,
|
|
62
|
-
64532,
|
|
63
|
-
71857,
|
|
64
|
-
78554,
|
|
65
|
-
80568,
|
|
66
|
-
82032,
|
|
67
|
-
84153,
|
|
68
|
-
51892,
|
|
69
|
-
17766,
|
|
70
|
-
17767,
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
37
|
+
11267, #OpenSSL < 0.9.6j / 0.9.7b Multiple Vulnerabilities
|
|
38
|
+
12110, #OpenSSL < 0.9.6m / 0.9.7d Multiple Remote DoS
|
|
39
|
+
74363, #OpenSSL 0.9.8 < 0.9.8za Multiple Vulnerabilities
|
|
40
|
+
77086, #OpenSSL 0.9.8 < 0.9.8zb Multiple Vulnerabilities
|
|
41
|
+
74326, #OpenSSL 'ChangeCipherSpec' MiTM Potential Vulnerability
|
|
42
|
+
73412, #OpenSSL Heartbeat Information Disclosure (Heartbleed)
|
|
43
|
+
77200, #OpenSSL 'ChangeCipherSpec' MiTM Vulnerability
|
|
44
|
+
17757, #OpenSSL < 0.9.7l / 0.9.8d Multiple Vulnerabilities
|
|
45
|
+
73404, #OpenSSL 1.0.1 < 1.0.1g Multiple Vulnerabilities (Heartbleed)
|
|
46
|
+
74364, #OpenSSL 1.0.1 < 1.0.1h Multiple Vulnerabilities
|
|
47
|
+
77088, #OpenSSL 1.0.1 < 1.0.1i Multiple Vulnerabilities
|
|
48
|
+
17755, #OpenSSL < 0.9.7h / 0.9.8a Protocol Version Rollback
|
|
49
|
+
17756, #OpenSSL < 0.9.7k / 0.9.8c PKCS Padding RSA Signature Forgery Vulnerability
|
|
50
|
+
17758, #OpenSSL < 0.9.7m / 0.9.8e Buffer Overflow (deprecated)
|
|
51
|
+
17759, #OpenSSL < 0.9.8 Weak Default Configuration
|
|
52
|
+
17761, #OpenSSL < 0.9.8i Denial of Service
|
|
53
|
+
17762, #OpenSSL < 0.9.8j Signature Spoofing
|
|
54
|
+
17763, #OpenSSL < 0.9.8k Multiple Vulnerabilities
|
|
55
|
+
17765, #OpenSSL < 0.9.8l Multiple Vulnerabilities
|
|
56
|
+
57459, #OpenSSL < 0.9.8s Multiple Vulnerabilities
|
|
57
|
+
58799, #OpenSSL < 0.9.8w ASN.1 asn1_d2i_read_bio Memory Corruption
|
|
58
|
+
17760, #OpenSSL < 0.9.8f Multiple Vulnerabilities
|
|
59
|
+
56996, #OpenSSL < 0.9.8h Multiple Vulnerabilities
|
|
60
|
+
58564, #OpenSSL < 0.9.8u Multiple Vulnerabilities
|
|
61
|
+
59076, #OpenSSL 0.9.8 < 0.9.8x DTLS CBC Denial of Service
|
|
62
|
+
64532, #OpenSSL < 0.9.8y Multiple Vulnerabilities
|
|
63
|
+
71857, #OpenSSL 1.0.1 < 1.0.1f Multiple Vulnerabilities
|
|
64
|
+
78554, #OpenSSL 1.0.1 < 1.0.1j Multiple Vulnerabilities (POODLE)
|
|
65
|
+
80568, #OpenSSL 1.0.1 < 1.0.1k Multiple Vulnerabilities (FREAK)
|
|
66
|
+
82032, #OpenSSL 1.0.1 < 1.0.1m Multiple Vulnerabilities
|
|
67
|
+
84153, #OpenSSL 1.0.1 < 1.0.1n Multiple Vulnerabilities (Logjam)
|
|
68
|
+
51892, #OpenSSL SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG Session Resume Ciphersuite Downgrade Issue
|
|
69
|
+
17766, #OpenSSL < 0.9.8p / 1.0.0b Buffer Overflow
|
|
70
|
+
17767, #OpenSSL < 0.9.8p / 1.0.0e Double Free Vulnerability
|
|
71
|
+
90888, #OpenSSL 1.0.1 < 1.0.1o ASN.1 Encoder Negative Zero Value Handling RCE -
|
|
72
|
+
93814, #OpenSSL 1.0.1 < 1.0.1u Multiple Vulnerabilities
|
|
73
|
+
89081, #OpenSSL 1.0.1 < 1.0.1s Multiple Vulnerabilities (DROWN)
|
|
74
|
+
84636, #OpenSSL 1.0.1 < 1.0.1p Multiple Vulnerabilities -
|
|
75
|
+
87221, #OpenSSL 1.0.1 < 1.0.1q Multiple DoS -
|
|
76
|
+
88529, #OpenSSL 1.0.1 < 1.0.1r Multiple Vulnerabilities -
|
|
77
|
+
90890, #OpenSSL 1.0.1 < 1.0.1t Multiple Vulnerabilities -
|
|
78
|
+
93112, #OpenSSL < 1.1.0 Default Weak 64-bit Block Cipher
|
|
79
|
+
89082, #OpenSSL 1.0.2 < 1.0.2g Multiple Vulnerabilities (DROWN)
|
|
80
|
+
96873, #OpenSSL 1.0.2 < 1.0.2k Multiple Vulnerabilities
|
|
81
|
+
93815, #OpenSSL 1.0.2 < 1.0.2i Multiple Vulnerabilities
|
|
82
|
+
78552, #OpenSSL 0.9.8 < 0.9.8zc Multiple Vulnerabilities
|
|
83
|
+
80566, #OpenSSL 0.9.8 < 0.9.8zd Multiple Vulnerabilities
|
|
84
|
+
82030, #OpenSSL 0.9.8 < 0.9.8zf Multiple Vulnerabilities
|
|
85
|
+
84151, #OpenSSL 0.9.8 < 0.9.8zg Multiple Vulnerabilities
|
|
86
|
+
87219, #OpenSSL 0.9.8 < 0.9.8zh X509_ATTRIBUTE Memory Leak DoS
|
|
87
|
+
87222, #OpenSSL 1.0.2 < 1.0.2e Multiple Vulnerabilities
|
|
88
|
+
88530, #OpenSSL 1.0.2 < 1.0.2f Multiple Vulnerabilities
|
|
89
|
+
90891, #OpenSSL 1.0.2 < 1.0.2h Multiple Vulnerabilities
|
|
90
|
+
109945, #OpenSSL 1.0.x < 1.0.2o Multiple Vulnerabilities
|
|
91
|
+
112119, #OpenSSL 1.0.x < 1.0.2p Multiple Vulnerabilities
|
|
92
|
+
104408, #OpenSSL 1.0.x < 1.0.2m RSA/DSA Unspecified Carry Issue
|
|
74
93
|
]
|
|
75
94
|
}
|
|
76
95
|
end
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# Copyright (c) 2010-
|
|
1
|
+
# Copyright (c) 2010-2020 Jacob Hammack.
|
|
2
2
|
#
|
|
3
3
|
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
4
4
|
# of this software and associated documentation files (the "Software"), to deal
|
|
@@ -31,7 +31,7 @@ module Risu
|
|
|
31
31
|
{
|
|
32
32
|
:description => "Oracle Database Patch Rollup",
|
|
33
33
|
:plugin_id => -99993,
|
|
34
|
-
:plugin_name => "
|
|
34
|
+
:plugin_name => "Missing the latest Oracle Database Patches",
|
|
35
35
|
:item_name => "Update to the latest Oracle Database",
|
|
36
36
|
:plugin_ids => [
|
|
37
37
|
45625,
|
|
@@ -72,7 +72,7 @@ module Risu
|
|
|
72
72
|
80906,
|
|
73
73
|
78540,
|
|
74
74
|
72982,
|
|
75
|
-
|
|
75
|
+
|
|
76
76
|
|
|
77
77
|
|
|
78
78
|
]
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# Copyright (c) 2010-
|
|
1
|
+
# Copyright (c) 2010-2020 Jacob Hammack.
|
|
2
2
|
#
|
|
3
3
|
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
4
4
|
# of this software and associated documentation files (the "Software"), to deal
|
|
@@ -31,76 +31,101 @@ module Risu
|
|
|
31
31
|
{
|
|
32
32
|
:description => "PHP Patch Rollup",
|
|
33
33
|
:plugin_id => -99988,
|
|
34
|
-
:plugin_name => "
|
|
34
|
+
:plugin_name => "Missing the latest PHP Patches",
|
|
35
35
|
:item_name => "Update to the latest PHP",
|
|
36
36
|
:plugin_ids => [
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
37
|
+
76281, #PHP 5.4.x < 5.4.30 Multiple Vulnerabilities
|
|
38
|
+
66843, #PHP 5.4.x < 5.4.16 Multiple Vulnerabilities
|
|
39
|
+
67260, #PHP 5.4.x < 5.4.17 Buffer Overflow
|
|
40
|
+
69401, #PHP 5.4.x < 5.4.18 Multiple Vulnerabilities
|
|
41
|
+
72881, #PHP 5.4.x < 5.4.26 Multiple Vulnerabilities
|
|
42
|
+
46803, #PHP expose_php Information Disclosure
|
|
43
|
+
66585, #PHP 5.4.x < 5.4.13 Information Disclosure
|
|
44
|
+
71427, #PHP 5.4.x < 5.4.23 OpenSSL openssl_x509_parse() Memory Corruption
|
|
45
|
+
71927, #PHP 5.4.x < 5.4.24 Multiple Vulnerabilities
|
|
46
|
+
73338, #PHP 5.4.x < 5.4.27 awk Magic Parsing BEGIN DoS
|
|
47
|
+
73862, #PHP 5.4.x < 5.4.28 FPM Unix Socket Insecure Permission Escalation
|
|
48
|
+
74291, #PHP 5.4.x < 5.4.29 'src/cdf.c' Multiple Vulnerabilities
|
|
49
|
+
76791, #PHP 5.4.x < 5.4.31 CLI Server 'header' DoS
|
|
50
|
+
11850, #PHP < 4.3.3 Multiple Vulnerabilities
|
|
51
|
+
15973, #PHP < 4.3.10 / 5.0.3 Multiple Vulnerabilities
|
|
52
|
+
17710, #PHP < 4.4.4 Multiple Vulnerabilities
|
|
53
|
+
17796, #PHP 4.x < 4.3.0 ZendEngine Integer Overflow
|
|
54
|
+
18033, #PHP < 4.3.11 / 5.0.3 Multiple Unspecified Vulnerabilities
|
|
55
|
+
20111, #PHP < 4.4.1 / 5.0.6 Multiple Vulnerabilities
|
|
56
|
+
22268, #PHP < 4.4.3 / 5.1.4 Multiple Vulnerabilities
|
|
57
|
+
24906, #PHP < 4.4.5 Multiple Vulnerabilities
|
|
58
|
+
29833, #PHP < 4.4.8 Multiple Vulnerabilities
|
|
59
|
+
33849, #PHP < 4.4.9 Multiple Vulnerabilities
|
|
60
|
+
35067, #PHP < 5.2.8 Multiple Vulnerabilities
|
|
61
|
+
41014, #PHP < 5.2.11 Multiple Vulnerabilities
|
|
62
|
+
57537, #PHP < 5.3.9 Multiple Vulnerabilities
|
|
63
|
+
58966, #PHP < 5.3.11 Multiple Vulnerabilities
|
|
64
|
+
66842, #PHP 5.3.x < 5.3.26 Multiple Vulnerabilities
|
|
65
|
+
58988, #PHP < 5.3.12 / 5.4.2 CGI Query String Code Execution
|
|
66
|
+
67259, #PHP 5.3.x < 5.3.27 Multiple Vulnerabilities
|
|
67
|
+
77285, #PHP 5.3.x < 5.3.29 Multiple Vulnerabilities
|
|
68
|
+
35750, #PHP < 5.2.9 Multiple Vulnerabilities
|
|
69
|
+
39480, #PHP < 5.2.10 Multiple Vulnerabilities
|
|
70
|
+
43351, #PHP < 5.2.12 Multiple Vulnerabilities
|
|
71
|
+
44921, #PHP < 5.3.2 / 5.2.13 Multiple Vulnerabilities
|
|
72
|
+
64992, #PHP 5.3.x < 5.3.22 Multiple Vulnerabilities
|
|
73
|
+
66584, #PHP 5.3.x < 5.3.23 Information Disclosure
|
|
74
|
+
71426, #PHP 5.3.x < 5.3.28 Multiple OpenSSL Vulnerabilities
|
|
75
|
+
77402, #PHP 5.4.x < 5.4.32 Multiple Vulnerabilities
|
|
76
|
+
78545, #PHP 5.4.x < 5.4.34 Multiple Vulnerabilities
|
|
77
|
+
79246, #PHP 5.4.x < 5.4.35 'donote' DoS
|
|
78
|
+
80330, #PHP 5.4.x < 5.4.36 'process_nested_data' RCE
|
|
79
|
+
81080, #PHP 5.4.x < 5.4.37 Multiple Vulnerabilities
|
|
80
|
+
81510, #PHP 5.4.x < 5.4.38 Multiple Vulnerabilities (GHOST)
|
|
81
|
+
82025, #PHP 5.4.x < 5.4.39 Multiple Vulnerabilities
|
|
82
|
+
83033, #PHP 5.4.x < 5.4.40 Multiple Vulnerabilities
|
|
83
|
+
83517, #PHP 5.4.x < 5.4.41 Multiple Vulnerabilities
|
|
84
|
+
84362, #PHP 5.4.x < 5.4.42 Multiple Vulnerabilities
|
|
85
|
+
84671, #PHP 5.4.x < 5.4.43 Multiple Vulnerabilities (BACKRONYM)
|
|
86
|
+
32123, #PHP < 5.2.6 Multiple Vulnerabilities
|
|
87
|
+
35043, #PHP 5 < 5.2.7 Multiple Vulnerabilities
|
|
88
|
+
48244, #PHP 5.2 < 5.2.14 Multiple Vulnerabilities
|
|
89
|
+
28181, #PHP < 5.2.5 Multiple Vulnerabilities
|
|
90
|
+
51139, #PHP 5.2 < 5.2.15 Multiple Vulnerabilities
|
|
91
|
+
51439, #PHP 5.2 < 5.2.17 / 5.3 < 5.3.5 String To Double Conversion DoS
|
|
92
|
+
73289, #PHP PHP_RSHUTDOWN_FUNCTION Security Bypass
|
|
93
|
+
60085, #PHP 5.3.x < 5.3.15 Multiple Vulnerabilities
|
|
94
|
+
48245, #PHP 5.3 < 5.3.3 Multiple Vulnerabilities
|
|
95
|
+
51140, #PHP 5.3 < 5.3.4 Multiple Vulnerabilities
|
|
96
|
+
52717, #PHP 5.3 < 5.3.6 Multiple Vulnerabilities
|
|
97
|
+
55925, #PHP 5.3 < 5.3.7 Multiple Vulnerabilities
|
|
98
|
+
59056, #PHP 5.3.x < 5.3.13 CGI Query String Code Execution
|
|
99
|
+
59529, #PHP 5.3.x < 5.3.14 Multiple Vulnerabilities
|
|
100
|
+
88679 ,#PHP prior to 5.5.x < 5.5.31 / 5.6.x < 5.6.17 Multiple Vulnerabilities -
|
|
101
|
+
88694, #PHP 5.6.x < 5.6.18 Multiple Vulnerabilities -
|
|
102
|
+
90008, #PHP 5.6.x < 5.6.19 Multiple Vulnerabilities -
|
|
103
|
+
90361, #PHP 5.6.x < 5.6.20 Multiple Vulnerabilities -
|
|
104
|
+
91442, #PHP 5.6.x < 5.6.22 Multiple Vulnerabilities -
|
|
105
|
+
91898, #PHP 5.6.x < 5.6.23 Multiple Vulnerabilities -
|
|
106
|
+
92555, #PHP 5.6.x < 5.6.24 Multiple Vulnerabilities (httpoxy) -
|
|
107
|
+
93656, #PHP 5.6.x < 5.6.26 Multiple Vulnerabilities -
|
|
108
|
+
94106, #PHP 5.6.x < 5.6.27 Multiple Vulnerabilities -
|
|
109
|
+
94955, #PHP 5.6.x < 5.6.28 Multiple Vulnerabilities -
|
|
110
|
+
95874, #PHP 5.6.x < 5.6.29 Multiple Vulnerabilities -
|
|
111
|
+
101525, #PHP 5.6.x < 5.6.31 Multiple Vulnerabilities -
|
|
112
|
+
90921, #PHP 5.6.x < 5.6.21 Multiple Vulnerabilities -
|
|
113
|
+
93077, #PHP 5.6.x < 5.6.25 Multiple Vulnerabilities -
|
|
114
|
+
96799, #PHP 5.6.x < 5.6.30 Multiple DoS
|
|
115
|
+
104631, #PHP 5.6.x < 5.6.32 Multiple Vulnerabilities
|
|
116
|
+
107216, #PHP 5.6.x < 5.6.34 Stack Buffer Overflow
|
|
117
|
+
119764, #PHP 5.6.x < 5.6.39 Arbitrary Command Injection Vulnerability
|
|
118
|
+
105771, #PHP 5.6.x < 5.6.33 Multiple Vulnerabilities
|
|
119
|
+
109576, #PHP 5.6.x < 5.6.36 Multiple Vulnerabilities
|
|
120
|
+
111230, #PHP 5.6.x < 5.6.37 exif_thumbnail_extract() DoS
|
|
121
|
+
117497, #PHP 5.6.x < 5.6.38 Transfer-Encoding Parameter XSS Vulnerability
|
|
122
|
+
84673, #PHP 5.6.x < 5.6.11 Multiple Vulnerabilities (BACKRONYM)
|
|
123
|
+
84364, #PHP 5.6.x < 5.6.10 Multiple Vulnerabilities
|
|
124
|
+
85300, #PHP 5.6.x < 5.6.12 Multiple Vulnerabilities
|
|
125
|
+
85887, #PHP 5.6.x < 5.6.13 Multiple Vulnerabilities
|
|
126
|
+
121602, #PHP 5.6.x < 5.6.40 Multiple vulnerabilities.
|
|
127
|
+
86301, #PHP 5.6.x < 5.6.14 Multiple Vulnerabilities
|
|
128
|
+
122591, #PHP 5.6.x < 5.6.35 Security Bypass Vulnerability
|
|
104
129
|
]
|
|
105
130
|
}
|
|
106
131
|
end
|