Vulnerability scanner SAINT 7.1.3 released

SAINT offers an integration of vulnerability assessment and penetration testing tools.

New features in version 7.1.3:

  • Added support for ntlmv2 authentication.
  • SAINTwriter: Added option to have no header in reports.
  • Added $support_noframes option to allow user to skip the noframes tag for performance reasons.

New vulnerability checks in version 7.1.3:

  • Mac OS X security update 2009-005.
  • FreeRADIUS rad_decode denial of service.
  • Altiris eXpress ActiveX control file download vulnerability.
  • Excel crafted attached file code execution in Lotus Notes.
  • Symantec Altiris Deployment Solution Multiple Vulnerabilities.
  • ntop HTTP Basic Authentication NULL Pointer Dereference Denial Of Service Vulnerability.
  • Linux Kernel “udp_sendmsg()” MSG_MORE Flag Local Privilege Escalation.
  • Linux Kernel ‘cmp_ies()’ Remote Null Pointer Dereference Vulnerability.
  • Linux Kernel “net/llc/af_llc.c” Local Information Disclosure.
  • Brightmail Control Server XSS and Multiple Unpsecified Vulnerabilities.
  • Snitz Forums 2000 v3.4.7 SQL Injection vulnerability.
  • CommuniGatePro 5.2.14 Webmail Cross Site Scripting vulnerability.
  • CA Data Transport Services Buffer Overflow.
  • Google Chrome ‘Math.Random()’ Random Number Generation Vulnerability.
  • SquirrelMail Form Submissions Cross Site Request Forgery Vulnerability.
  • OpenOffice Prior to 3.1.1 Multiple Unspecified Security Vulnerabilities.
  • Cisco IOS-BGP vulnerabilities.
  • MailEnable ‘MEHTTPS.EXE’ Stack-Based Buffer Overflow Vulnerability.
  • CA Multiple Product DTScore vulnerability.
  • Drupal Cross Site Scripting (XSS) vulnerability.
  • Opera Multiple Vulnerabilities fixed in 10.00.
  • IBM WebSphere Application Server Vulnerabilities fixed in
  • PHP-Fusion ‘downloads.php’ SQL Injection Vulnerability.
  • Novell eDirectory HTTP Request Denial of Service.
  • Cisco Unified Communications Manager Multiple Denial of Service Vulnerabilities.
  • PHP-Fusion Multiple Information Disclosure Vulnerability.
  • wp-login – Security Bypass Vulnerability in WordPress 2.8.3.
  • wp-admin Security Bypass Vulnerability in wordpress 2.8.2.
  • Multiple Vulnerabilities in wordpress 2.8.1.
  • Multiple Vulnerabilities in wordpress 2.8.0.
  • Username information disclosure in wordpress 2.7.1.
  • Horde Password module XSS vulnerability.
  • Apple QuickTime Multiple Vulnerabilities fixed in 7.6.4.
  • Linux Kernel ‘drivers/char/tty_ldisc.c’ NULL Pointer Dereference Denial of Service Vulnerability.
  • Linux Kernel Multiple Protocols Local Information Disclosure Vulnerabilities.
  • Kaspersky Antivirus & Internet Security DOS.
  • FileCOPA FTP server NOOP denial of service.
  • FtpXQ FTP server ABOR command denial of service.
  • Dnsmasq TFTP server heap overflow.
  • Zope ZODB Protocol code Execution and Authentication bypass.

New exploits in this version:

  • VideoLAN VLC Media Player SMB Module Win32AddConnection Buffer Overflow exploit.
  • Microsoft Excel BIFF format Qsir record exploit.
  • Safari WebKit floating point number exploit.
  • ACDSee TIFF file handling buffer overflow exploit.
  • Symantec Altiris Deployment Solution ActiveX control file download exploit
  • Mozilla Firefox PKCS11 Module Installation Code Execution exploit.

Don't miss