PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-09 06:01:28 +00:00
Code Issues Projects Releases Wiki Activity

Script doc updates: wrong CVE, dead link

Browse Source
This commit is contained in:
dmiller
2015-05-29 03:53:23 +00:00
parent ccb240d5b7
commit 2f799b4be7
2 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
scripts/http-vuln-cve2006-3392.nse
View File

@@ -4,7 +4,7 @@ local stdnse = require "stdnse"
local vulns = require "vulns" local vulns = require "vulns"
description = [[ description = [[
Exploits a file disclosure vulnerability in Webmin (CVE-2010-0738) Exploits a file disclosure vulnerability in Webmin (CVE-2006-3392)
Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML. Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML.
This allows arbitrary files to be read, without requiring authentication, using "..%01" sequences This allows arbitrary files to be read, without requiring authentication, using "..%01" sequences

6
scripts/http-wordpress-users.nse
View File

@@ -6,10 +6,12 @@ local stdnse = require "stdnse"
local string = require "string" local string = require "string"
description = [[ description = [[
Enumerates usernames in Wordpress blog/CMS installations by exploiting an information disclosure vulnerability existing in versions 2.6, 3.1, 3.1.1, 3.1.3 and 3.2-beta2 and possibly others. Enumerates usernames in Wordpress blog/CMS installations by exploiting an
information disclosure vulnerability existing in versions 2.6, 3.1, 3.1.1,
3.1.3 and 3.2-beta2 and possibly others.
Original advisory: Original advisory:
* http://www.talsoft.com.ar/index.php/research/security-advisories/wordpress-user-id-and-user-name-disclosure * http://www.talsoft.com.ar/site/research/security-advisories/wordpress-user-id-and-user-name-disclosure/
]] ]]
--- ---