At SAINT, we respond quickly to vulnerability discoveries. Our engineers continuously update and refine our products to meet the latest security protocols. In addition, when a security alert is issued, we inform our customers via
SAINT® 7.0 Released 06/26/2009 –
New features in this version:
- New graphical user interface
- User-friendly icon bar
- Drop-down menus for easier navigation
- Cleaner, simpler layout for improved usability
- Run-time reporting
- Display of up-to-the-minute scan results while scan progresses
- Automatic key generation
- Run-time checks for license key validity
- Option to automatically generate and download new key if needed
- SAINTexploit: Web application penetration testing
- SQL injection exploit
- Automatic detection of web forms for potential SQL injection
- User-friendly database viewer tool upon successful SQL injection
- SAINTexploit: Database penetration testing
- MySQL password guess exploit
- Oracle password guess exploit
- SQL shell prompt upon successful guess
- SAINTexploit: More e-mail templates for client exploits
- Templates for eBay, Facebook, password requests, and more
- Custom e-mail templates
- SAINTwriter: Reporting of hosts per vulnerability
- Custom reporting option to list affected hosts under each vulnerability
- New custom scan level templates
- By CVSS range
- By PCI compliance
New vulnerability checks in version 7.0:
- CUPS PDF File Multiple Heap Buffer Overflow Vulnerabilities. (CVE 2009-0791)
- Apple iTunes Multiple Protocol Handlers Buffer Overflow Vulnerability. (CVE 2009-0950)
- CA ARCserve Backup Message Engine Denial of Service. (CVE 2009-1761)
- Drupal UTF-7 'book-export-html.tpl.php' HTML Injection Vulnerability. (CVE 2009-1844)
- ImageMagick Integer Overflow Vulnerability. (CVE 2009-1882)
- Nullsoft Winamp 'gen_ff.dll' Buffer Overflow Vulnerability. (CVE 2009-1831)
- Red Hat Certificate System Agent Group Security Bypass Vulnerability. (CVE 2009-0588)
- Avira Antivir Scan Evasion Vulnerability. (BID35144)
- Wireshark PCNFSD Dissector Denial of Service Vulnerability.(CVE 2009-1829)
- Jetty Directory Traversal Vulnerbility.(CVE 2009-1523)
- Jetty Cross-site Scripting Vulnerability.(CVE 2009-1524)
- Lighttpd Trailing Slash Information Disclosure Vulnerability.(BID35097)
- DotNetNuke 'ErrorPage.aspx' Cross-Site Scripting Vulnerability.(BID35074)
- HP System Management Homepage Cross-site Scripting Vulnerability. (CVE 2009-1418)
- Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability. (CVE 2009-1195)
- Sun Java System Delegated Administrator response splitting Vulnerability. (CVE 2009-1357)
- FormMail response splitting Vulnerability. (CVE 2009-1777)
- OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet Denial of Service Vulnerability. (CVE 2009-1379)
- VMware Products Descheduled Time Accounting Driver Denial Of Service.(CVE 2009-1805)
- Adobe Acrobat Stack Exhaustion Denial of Service Vulnerability. (BID35148)
- IBM DB2 Denial of Service And Security Bypass Vulnerabilities. (CVE 2009-1905)
- OpenSSL 'ChangeCipherSpec' DTLS Packet Denial of Service Vulnerability. (CVE 2009-1386)
- PHP-Nuke Downloads Module 'query' Parameter Cross Site Scripting Vulnerability. (BID35180)
