Vulnerabilities – Danger Levels

           
  Critical Problems:
    RED Root Shell
RED User Shell
RED Unprivileged Shell
RED User File Write
RED Root Access via Buffer Overflow
RED Evidence of Penetration
RED Denial of Service
 		 
      ----------------------------------------
  Areas of Concern:
    YELLOW Information Gathering
YELLOW Privilege Elevation
YELLOW Use as an Intermediary
YELLOW Susceptibility to Malicious Content
 		 
      ----------------------------------------
  Potential Problems:
    BROWN Possible Vulnerabilities
BROWN Limit Internet Access?
BROWN Poor Security Policy
 		 
      ----------------------------------------
     

Hosts may appear in multiple categories.

 		 
---------------------------------------------------------
Show excluded records

Confirmed Vulnerability
Inferred Vulnerability
Included Vulnerability
Excluded Vulnerability

Root Access via Buffer Overflow
  Host Vulnerability CVE Include/Exclude Include All/Exclude All
RED host1.domain.com vulnerability in Windows Media Services (nsiislog.dll) CVE-2003-0227 CVE-2003-0349 | Exclude | Exclude All
RED host1.domain.com MS FrontPage Server Extension Vulnerability: /_vti_bin/shtml.dll CVE-2003-0824 | Exclude | Exclude All
RED host1.domain.com MS FrontPage Server Extension Vulnerability: remote debug CVE-2003-0822 EXPLOIT | Exclude | Exclude All
RED host1.domain.com Windows 2000 ASN1 buffer overflow CVE-2003-0818 | Exclude | Exclude All
RED host1.domain.com Windows 2000 RPC buffer overflow CVE-2003-0352 EXPLOIT | Exclude | Exclude All
RED host1.domain.com top-20
Windows SMB Transaction response buffer overflow		 CVE-2005-0045 | Exclude | Exclude All
RED host2.domain.com Win2003 RPC buffer overflow CVE-2003-0352 EXPLOIT | Exclude | Exclude All
RED host2.domain.com top-20
Windows SMB Transaction response buffer overflow		 CVE-2005-0045 | Exclude | Exclude All
RED host3.domain.com possible buffer overflow in dtspcd CVE-2001-0803 | Exclude | Exclude All
RED host3.domain.com Calendar Manager service may be vulnerable CVE-1999-0320 CVE-1999-0696 | Exclude | Exclude All
RED host3.domain.com possible vulnerability in Sun lpd CVE-2001-0353 | Exclude | Exclude All
RED host3.domain.com sadmind may be vulnerable to buffer overflow CVE-1999-0977 | Exclude | Exclude All
RED host3.domain.com SNMP to DMI mapper may be vulnerable CVE-2001-0236 EXPLOIT | Exclude | Exclude All
RED host3.domain.com possible format string vulnerability in tooltalk CVE-2001-0717 | Exclude | Exclude All
RED host3.domain.com tooltalk version may be vulnerable to buffer overflow CVE-1999-0003 CVE-1999-0693 CVE-2002-0679 | Exclude | Exclude All
          Go to top of page
Denial of Service
  Host Vulnerability CVE Include/Exclude Include All/Exclude All
RED host1.domain.com MailEnable HTTPMail vulnerability CVE-2005-1348 EXPLOIT CVE-2005-2222 CVE-2006-1338 | Exclude | Exclude All
RED host1.domain.com vulnerabilities in IIS 5 CVE-2000-0770 CVE-2001-0151 CVE-2001-0241 EXPLOIT CVE-2001-0500 CVE-2001-0507 CVE-2002-0869 CVE-2002-1180 CVE-2002-1181 CVE-2002-1182 CVE-2003-0223 CVE-2003-0224 CVE-2003-0225 CVE-2003-0226 | Exclude | Exclude All
RED host1.domain.com Windows TCP/IP vulnerabilities CVE-2004-0230 CVE-2004-0790 CVE-2004-1060 CVE-2005-0048 CVE-2005-0688 | Exclude | Exclude All
RED host2.domain.com top-20
Windows print spooler vulnerability		 CVE-2005-1984 | Exclude | Exclude All
RED host2.domain.com Windows TCP/IP vulnerabilities CVE-2004-0230 CVE-2004-0790 CVE-2004-1060 CVE-2005-0048 CVE-2005-0688 | Exclude | Exclude All
          Go to top of page
Evidence of Penetration
  Host Vulnerability CVE Include/Exclude Include All/Exclude All
RED host1.domain.com Download.Ject detected on web server | Exclude | Exclude All
RED host1.domain.com Worm detected (Code Red II) | Exclude | Exclude All
          Go to top of page
"nobody" Shell Problems
  Host Vulnerability CVE Include/Exclude Include All/Exclude All
RED (Confirmed) host1.domain.com MS Site Server default account CVE-2002-1769 CVE-2002-2073 CVE-2002-2081 | Exclude | Exclude All
          Go to top of page
Root Shell Problems
  Host Vulnerability CVE Include/Exclude Include All/Exclude All
RED host1.domain.com top-20
Windows Plug and Play vulnerability		 CVE-2005-1983 EXPLOIT | Exclude | Exclude All
RED host1.domain.com RPC runtime library vulnerability CVE-2003-0807 CVE-2003-0813 CVE-2004-0116 CVE-2004-0124 | Exclude | Exclude All
RED host1.domain.com top-20
Windows COM+ command execution vulnerability		 CVE-2005-1978 CVE-2005-1979 CVE-2005-1980 CVE-2005-2119 | Exclude | Exclude All
RED host1.domain.com top-20
Windows SMB input validation vulnerability		 CVE-2005-1206 | Exclude | Exclude All
RED host1.domain.com possible vulnerability in MailEnable Enterprise POP3 1.04 CVE-2006-1337 | Exclude | Exclude All
RED (Confirmed) host1.domain.com top-20
pointer corruption vulnerability in WINS replication service		 CVE-2004-0567 CVE-2004-1080 EXPLOIT | Exclude | Exclude All
RED host2.domain.com RPC runtime library vulnerability CVE-2003-0807 CVE-2003-0813 CVE-2004-0116 CVE-2004-0124 | Exclude | Exclude All
RED host2.domain.com top-20
Windows SMB input validation vulnerability		 CVE-2005-1206 | Exclude | Exclude All
RED host3.domain.com cachefsd may be vulnerable CVE-2002-0033 EXPLOIT CVE-2002-0084 | Exclude | Exclude All
RED host3.domain.com Vulnerable Sendmail version: 8.6 CVE-1999-0129 CVE-1999-0131 CVE-1999-0203 CVE-1999-0204 CVE-1999-1109 CVE-1999-1309 CVE-2000-0319 CVE-2002-1337 CVE-2003-0161 CVE-2003-0681 CVE-2003-0694 CVE-2006-0058 | Exclude | Exclude All
RED host3.domain.com rpc.walld service may be vulnerable CVE-2002-0573 | Exclude | Exclude All
          Go to top of page
User Shell problems
  Host Vulnerability CVE Include/Exclude Include All/Exclude All
RED (Confirmed) host1.domain.com Folder traversal in IIS (Double Decoding) CVE-2001-0333 EXPLOIT | Exclude | Exclude All
RED (Confirmed) host1.domain.com Folder traversal in IIS (Unicode Translation) CVE-2000-0884 EXPLOIT | Exclude | Exclude All
RED (Confirmed) host1.domain.com Guessed password to windows account (foobar:foobar) | Exclude | Exclude All
RED host1.domain.com Windows WMF gdi32.dll vulnerability CVE-2005-4560 EXPLOIT | Exclude | Exclude All
RED (Confirmed) host2.domain.com Guessed password to windows account (foobar:foobar) | Exclude | Exclude All
RED host2.domain.com Windows WMF gdi32.dll vulnerability CVE-2005-4560 EXPLOIT | Exclude | Exclude All
          Go to top of page
User Writing File Problems
  Host Vulnerability CVE Include/Exclude Include All/Exclude All
RED host3.domain.com possible input validation error in tooltalk CVE-2002-0677 CVE-2002-0678 | Exclude | Exclude All
          Go to top of page
Use as an Intermediary
  Host Vulnerability CVE Include/Exclude Include All/Exclude All
YELLOW host1.domain.com Windows DNS server allows cache poisoning CVE-2001-1452 | Exclude | Exclude All
YELLOW (Confirmed) host1.domain.com Web server allows cross-site tracing | Exclude | Exclude All
YELLOW (Confirmed) host5.domain.com Web server allows cross-site tracing | Exclude | Exclude All
YELLOW host5.domain.com vulnerable Horde IMP version: 3.2.1 CVE-2004-0584 CVE-2004-1443 CVE-2005-1319 CVE-2005-4080 | Exclude | Exclude All
YELLOW host5.domain.com vulnerable Horde Forwards version: 2.2 CVE-2005-1318 | Exclude | Exclude All
YELLOW host5.domain.com vulnerable Horde Nag version: 1.1 CVE-2005-1322 | Exclude | Exclude All
YELLOW host5.domain.com vulnerable Horde Turba version: 1.2 CVE-2005-1315 | Exclude | Exclude All
YELLOW host5.domain.com vulnerable Horde Vacation version: 2.2 CVE-2005-1321 | Exclude | Exclude All
YELLOW host5.domain.com vulnerable Horde version: 2.2.3 CVE-2003-0728 CVE-2005-0378 CVE-2005-0961 CVE-2005-3570 | Exclude | Exclude All
          Go to top of page
Information Gathering
  Host Vulnerability CVE Include/Exclude Include All/Exclude All
YELLOW (Confirmed) host1.domain.com null session access using alternate pipes CVE-2005-2150 | Exclude | Exclude All
YELLOW host2.domain.com Windows telnet client session variable disclosure CVE-2005-1205 | Exclude | Exclude All
YELLOW (Confirmed) host3.domain.com Excessive finger information CVE-1999-0612 | Exclude | Exclude All
YELLOW (Confirmed) host3.domain.com Solaris fingerd user list disclosure CVE-2001-1503 | Exclude | Exclude All
YELLOW host3.domain.com Information from rusersd could help hacker CVE-1999-0626 | Exclude | Exclude All
          Go to top of page
Susceptibility to Malicious Content
  Host Vulnerability CVE Include/Exclude Include All/Exclude All
YELLOW host1.domain.com top-20
Internet Explorer COM object memory corruption		 CVE-2005-2127 | Exclude | Exclude All
YELLOW host1.domain.com Internet Explorer Create Text Range code injection CVE-2006-1185 CVE-2006-1186 CVE-2006-1188 CVE-2006-1189 CVE-2006-1190 CVE-2006-1191 CVE-2006-1192 CVE-2006-1245 CVE-2006-1359 EXPLOIT CVE-2006-1388 | Exclude | Exclude All
YELLOW host1.domain.com top-20
Internet Explorer JPEG buffer overflow		 CVE-2005-1988 CVE-2005-1989 CVE-2005-1990 EXPLOIT | Exclude | Exclude All
YELLOW host1.domain.com Internet Explorer JS stack overflow CVE-2006-0753 CVE-2006-0830 | Exclude | Exclude All
YELLOW host1.domain.com Internet Explorer JavaScript vulnerability CVE-2005-1790 EXPLOIT CVE-2005-2829 CVE-2005-2830 CVE-2005-2831 | Exclude | Exclude All
YELLOW host1.domain.com top-20
Internet Explorer PNG buffer overflow		 CVE-2002-0648 CVE-2005-1211 | Exclude | Exclude All
YELLOW host1.domain.com top-20
Internet Explorer URL parsing buffer overflow		 CVE-2005-0553 EXPLOIT CVE-2005-0554 CVE-2005-0555 EXPLOIT | Exclude | Exclude All
YELLOW host1.domain.com Internet Explorer WMF handling vulnerability CVE-2006-0020 | Exclude | Exclude All
YELLOW host1.domain.com AxWebRemoveCtrl ActiveX control enabled CVE-2005-3693 | Exclude | Exclude All
YELLOW host1.domain.com CodeSupport ActiveX control enabled CVE-2005-3650 | Exclude | Exclude All
YELLOW host1.domain.com vulnerable WinZip version: 8.0 CVE-2001-0449 CVE-2004-1465 | Exclude | Exclude All
YELLOW host1.domain.com top-20
DirectShow buffer overflow		 CVE-2005-2128 | Exclude | Exclude All
YELLOW host1.domain.com top-20
HTML Application Host vulnerability in Windows shell		 CVE-2005-0063 | Exclude | Exclude All
YELLOW host1.domain.com