Mailing List Archive by Gossamer Threads http://www.gossamer-threads.com/lists/nessus/plugins/ en-us (c) Gossamer Threads Inc. All rights reserved. 13 Feb 2012 03:55:50 -0800 120 75 23 http://www.gossamer-threads.com/lists/nessus/plugins/ http://www.gossamer-threads.com/images/lists/rss_logo.jpg Hello! Here's the fixes against nmap.nasl found on this link: http://www.nessus.org/documentation/nmap.nasl Here's the link to the diff (it's in att 14 Mar 2009 04:59:38 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/33747 Plugin frontpage_chunked_overflow.nasl (version 1.18) reports a false positive if the IIS web server is configured not to return 404. The following 10 Mar 2009 20:12:28 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/33744 Plugin ssh1_proto_enabled.nasl (version 1.18) rates CVE-2001-0361 as Low with CVSS 2.6, which seems rather odd, especially considering that it shoul 10 Mar 2009 20:12:27 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/33743 Hello all, I am currently investigating the possibilities of Nessus with regards to testing web applications on generic vulnerabilities. My goal is t 09 Mar 2009 07:47:59 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/33741 Final Speaker Lineup for CanSecWest 2009 (March 18-20): =============================================== The Smart-Phones Nightmare - Sergio 'shadown' 15 Feb 2009 18:52:51 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/33716 Don't know if this is the proper way to ask this but I'm in the process of trying to convince MGMT to utilize nessus Windows compliance .audit file 12 Feb 2009 06:45:39 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/33710 I have just run Nessus with the paranoid option against three systems. I believe all three are instances of Firewall-1 (ports 264/tcp and 500/udp open 11 Feb 2009 09:48:52 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/33706 is there a setting for plugins to disable them by default? the nikto.nasl has a nice checkbox.. any other way? I have one with reverse logic (errors i 11 Feb 2009 08:22:10 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/33705 Hi guys, PFA. This contains the consolidated list of scans performed for a single subnet last day. The items marked in RED have patch mismatch as 02 Feb 2009 21:35:36 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/33681 Hello, I have a string that looks like this mystring="value1=1 value2=a value3=cd value4=jj"; I would like to be able to put this in individual arr 31 Jan 2009 06:29:32 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/33676 Hi all, I have started writing a new nessus plugin in nasl. 1. When I run the plugin with nasl (at a command line), I get "A non-authenticated scrip 30 Jan 2009 03:01:32 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/33670 The attached plugin detects presence of SNMP community strings in SNMP MIBs. In this sense it eclipses the functionality of snmp_vacm.nasl while pro 25 Jan 2009 11:06:27 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/33652 Hello everyone, For 10 years now, the Nessus user base has been supported with the use of mailing lists as a medium to communicate with the communi 12 Jan 2009 09:08:00 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/33637 I've written a few plugins that check if they can successfully login via SSH - checks return value of ssh_open_connection(), empty username/password 05 Jan 2009 15:41:49 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/33608 Dear All, Is there an up-to-date reference manual for nasl ? I tried to improve the plugin 21725 (Symantec Anti-Virus check) so it will check that t 05 Jan 2009 15:25:40 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/33607 Plugins ssl_anon_ciphers.nasl and ssl_weak_supported_ciphers.nasl obtain the list of supported SSL ciphers via get_kb_list(). Both of these plugins 31 Dec 2008 08:35:27 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/33586 Hi, First post, but I've been using Nessus, nasl's and .audit files for a couple of years now. I've recently been writing a few plugins that requir 28 Dec 2008 12:36:59 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/33572 This generic ftp traversal test uses anonymous:nessus@<hostname>. I found an ftp server this morning with a traversal vulnerability, but it doesn't 24 Dec 2008 10:18:57 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/33569 Hello Frank, Comments inline: Frank_Kenisky@psc.uscourts.gov wrote: > > I've used Nessus "free" tool for almost 8 years now. I just recently > p 16 Dec 2008 07:16:36 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/33544 I've used Nessus "free" tool for almost 8 years now. I just recently purchased the commercial version so I can utilize the .audit files. After runn 15 Dec 2008 08:15:14 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/33541 There is a minor bug in script os_fingerprint_http.nasl. The following patch against version 1.26 resolves the issue: --- os_fingerprint_http.nasl.or 04 Dec 2008 08:45:27 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/33497 There is a typo bug in script hastymail_attachment_exec.nasl. The following patch against version 1.5 resolves the issue: --- hastymail_attachment_ex 04 Dec 2008 08:29:27 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/33496 Recently script cross_site_scripting.nasl got modified to request URLs via http_send_recv3(). The script attempts to retrieve mostly non-existent UR 04 Dec 2008 08:17:27 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/33495 According to the CVE-2004-2630[1] and the advisory from the phpMyAdmin team[2] only phpMyAdmin versions 2.5.0 to 2.6.0-pl1 have the command executio 04 Dec 2008 06:51:17 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/33494 Call For Papers     The CanSecWest 2009 CFP is now open.     Deadline is December 8th, 2008. CanSecWest CALL FOR PAPERS     VANCOUVER, Canada -- T 24 Nov 2008 21:21:34 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/33442 anyone have (or perhaps I just can't find it) a plugin that detects that a printer is locally attached and is shared? -- Doug Nordwall Unix, Network 10 Nov 2008 08:26:45 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/33403 The latest version of GNU Mailman is currently 2.1.11, which is causing this plugin (12253 Mailman < 2.1.5 Password Retrieval) to false positive. I'v 04 Nov 2008 09:11:49 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/33352 We just noticed that the CVSS score given for 34265 ProFTPD Cross-Site Request Forgery differs between the NVD and the Nessus plugin: >From the NVD: 04 Nov 2008 03:28:08 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/33349 I wanted to do a quick sanity check here before heading over to bugzilla. I have a host that's being flagged by plugin 12301, which is looking for an 30 Oct 2008 14:43:25 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/33338 Plugin 33561 does a straight version check of the Retrospect Client and reports < 7.5.116. Unfortunately, the most recent version for Mac OS X is 6. 03 Oct 2008 09:56:05 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/33218 Hi everyone, i have written some customer nasl's. i would share them with nessus community, can anyone tell me, how/where do i submit them please. 24 Sep 2008 15:36:00 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/33148 In several cases I have seen a "vanilla" Apache HTTPD instance getting mis-classified by get_backport_banner() from backport.inc. This leads to the in 22 Sep 2008 20:23:27 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/33139 Hi there I've noticed that our Cisco ASA and VPN3000 concentrators are being classified as HP printers (rule 11936) by Nessus-3.2.1-es4. They are b 17 Sep 2008 16:15:30 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/33115 I've been using nessus (free) for a few years now. Recently, we purchased the commercial version which has a lot of the .audit files included. I'm 16 Sep 2008 13:50:55 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/33106 Is there plans to support enumeration of registry fro 64 bit machines using plugin 20811? I think it needs to inspect HKLM\SOFTWARE\Wow6432Node \M 16 Sep 2008 10:17:59 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/33104 In my organization we are audited several times a year and I would like to have a *non standard* view into my Nessus vulnerabilities. As opposed to ra 11 Sep 2008 19:19:57 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/33094 Good day, Please advise on how to convert the value of the KB Item "SMB/LocalUsers/1/Info/LogonTime=0x01-0xc1-0x3b-0xa4-0x4c-0x0d-0x17-0x6a" to a dat 05 Sep 2008 03:27:22 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/33070 Named function arguments exhibit a questionable behavior in that when not specified in the call they behave as if they were undeclared variables, i.e. 31 Aug 2008 12:15:27 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/33011 Spanish url: http://ba-con.com.ar/speakers.html?language=es Speaker list and Dojos for BA-Con, September 30, October 1st. (all presentations in both 26 Aug 2008 13:02:20 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/32987 I was trying to use the "nmap.nasl" plugin under Windows XP (using version 3.2.1.1 of Nessus), but apparently it doesn't work under Windows, since it 14 Aug 2008 08:41:25 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/32930 Attached is a plugin that detects a cross-site scripting flaw in Microsoft Site Server 3.0 (CVE-2002-2073). This is quite an old vulnerability, howe 05 Aug 2008 09:37:09 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/32887 Attached is a plugin that detects a specific case of arbitrary redirection. It should fire on web servers whom return the path requested in the 'Loc 05 Aug 2008 09:29:30 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/32886 Attached is a plugin to detect dwsync.xml files. These are sometimes generated by Dreamweaver and may disclose the presence of files or directories 05 Aug 2008 09:14:12 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/32888 Here's a plugin to locate websites managed by svn that leak their entries file analogous to the one for CVS/Entries files. It does a little processing 05 Aug 2008 04:07:34 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/32882 Generally how do you guys debug a plugin? The 'nasl' command seems not always helpful if a plugin depends on others such as find_service. P.S. What i 02 Aug 2008 09:26:52 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/32871 I just installed Nessus 2.2.6 on an up-to-date Gentoo Linux box and for some reason couldn't get my plugin to work correctly. I finally stripped my p 03 Jul 2008 14:41:00 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/32703 BA-Con 2008 CALL FOR PAPERS BUENOS AIRES, Argentina -- The first annual BA-Con applied technical security conference - where the eminent figu 27 Jun 2008 09:16:37 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/32692 I need to set nasl_no_signature_check to yes. I have done so in linux with out a problem, but can't figure it out in windows. Where can I set this 18 Jun 2008 11:18:21 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/32644 dotproject_file_includes.nasl We have seen probes to a web server trying to exploit the remote file include vulnerability in db_adodb.php. The URLs t 18 Jun 2008 01:02:53 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/32635 Just a few more plugins for F5 BIG-IP Notes: - Covers the following vulnerabilities: - F5 BIG-IP Web Management Console CSRF (BID 27720) - F5 BIG 12 Jun 2008 07:52:27 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/32605 Sometime between revisions 1.242 and 1.251 of find_service2.nasl the detection logic for MySQL has changed so that it no longer works properly. The re 05 Jun 2008 07:10:27 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/32557 Hi All, Is anyone working on a test for the weak debian/ubuntu ssh keys yet? It would be a simple modification to ssh_proto_version.nasl to store the 14 May 2008 04:00:22 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/32334 The Apache mod_rewrite scripts (31654 and 31655) for the vulnerability described in CVE-2006-3747[1] report for Apache versions less than 1.3.28 and 2 09 May 2008 00:26:45 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/32316 The selected papers for EUSecWest 2008 are: * PhlashDance, discovering permanent denial of service attacks against embedded systems - Rich Smith, 08 May 2008 21:30:51 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/32315 How do I go about submitting plugins for use with Nessus? _______________________________________________ Plugins-writers mailing list Plugins-writers 07 May 2008 01:09:42 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/32301 Hi all, We just got an apparent false positive on 31863. Nessus seems to indiscriminently fire, even though the vulnerability seems to only affect W 05 May 2008 13:44:04 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/32293 Hi i run the following to verify if my ntp daemon is having the overflow bug reported at http://www.nessus.org/plugins/index.php?view=single&id=10647 23 Apr 2008 02:04:07 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/32218 (We've moved the conference this year to the a club in Leicester Square in the heart of London and SoHo. We'll be putting speakers up across the squar 10 Apr 2008 14:29:17 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/32164 Calendar Notes: =========== PacSec 2008 will be on November 12/13 in Tokyo at Aoyama Diamond Hall. EUSecWest 2008 will be on May 21/22 at a fun new 20 Mar 2008 21:25:51 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/31963 I noticed today that Nessus released the MS vulnerability checks around 3:00pm CST. It's is currently 9:20pm CST and I still can not pull down the new 11 Mar 2008 19:25:12 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/31900 apache_2_2_8.nasl The plugin apache_2_2_8.nasl checks the banner for version numbers 2.2.0-7. However, a check of the quoted CVEs shows that these p 07 Mar 2008 05:09:12 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/31865 There is an error in the list of files that coldfusion_double_encoded_null_info_disclosure.nasl tries to get (when being paranoid). The third item i 03 Mar 2008 11:47:48 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/31849 Hi all, macosx_10_4_11.nasl seems to trigger on a host which has been upgraded from Tiger to Leopard (10.5.2). We aren't using any authentication du 28 Feb 2008 12:37:53 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/31840 freebsd_squirrelmail_143a_3.nasl Can someone take another look at this plugin? It appears to be mangled or incomplete. I discovered it while trying 25 Feb 2008 10:18:26 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/31816 Hi dear plugin writers... I wrote a plugin which performs an ARP spoofing by sending an ARP reply by the inject_packet() function. But I sadly discov 22 Feb 2008 08:19:40 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/31813 CanSecWest 2008 Presentations Snort 3.0 - Marty Roesch, Sourcefire Cross-Site Scripting Vulnerabilities in Flash Authoring Tools - Rich   Cannings, 22 Feb 2008 03:11:20 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/31812 Dear friends, I searched the mailing list for quite a week without finding an answer for my question: My plugin needs the IP address (and eventually 19 Feb 2008 02:05:31 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/31782 Is there currently a problem for direct feed customers obtaining this month (February) MS checks? 12 Feb 2008 16:43:52 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/31747 Based on an email exchange last week, I'm attempting to write my first plugin, so patience appreciated. :-) Issue: http://www.securityfocus.com/bid/ 12 Feb 2008 08:52:59 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/31746 Three things: (1) sendmail_expn.nasl attempts to include the results of "EXPN root" and "VRFY root" in the warning message. However, this is done w 11 Feb 2008 10:30:04 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/31736 We have an Oracle Enterprise Manager that triggers plugin 10759. Looking at the nasl and the header info, it makes sense. The nasl looks for 10.x.x. 06 Feb 2008 13:04:09 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/31710 Just a few plugins for F5 BIG-IP Notes: - Covers CVE-2008-0265, CVE-2008-0539. - Released under GPL. - Plugin ID numbers should be adjusted. - Layout 02 Feb 2008 08:46:27 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/31697 This plug-in responds with a false positive on server responds with anything other than a 'not found' response. The machine is definitely not running 28 Jan 2008 17:50:02 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/31657 To whom it may concern, Plugin ID 24278 - ColdFusion Error Processing Request Cross-Site Scripting Vulnerability Whilst attempting to help a client 23 Jan 2008 13:18:15 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/31643 This might be a stupid question, but... The get_host_ip() function retrieves the IP address of the host that is being attacked/scanned is there a si 23 Jan 2008 08:06:24 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/31640 How do these functions determine whether a target host is dead/alive? I can't find source for them anywhere, but looking at denial_ping.inc and ping_ 22 Jan 2008 08:57:58 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/31624 I just wrote NASL wrappers for the Medusa brute forcer. http://www.foofus.net/jmk/medusa/medusa.html If you want to test them and report bugs, here t 20 Jan 2008 10:40:07 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/31599 Hi all, 21643 - ssl_supported_ciphers.nasl - Supported SSL Ciphers Suites 26928 - ssl_weak_supported_ciphers.nasl - Weak Supported SSL Ciphers Suites 17 Jan 2008 13:28:34 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/31595 Recently during a pentest, I discovered a cisco router that was vunlerable to the HTTP configuration administrative access vulnerability (plugin id 10 16 Jan 2008 14:31:48 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/31588 The plugin cleartrust_xss.nasl doesn't report the actual URL with which it was able to trigger the XSS. The output merely includes an incomplete form 15 Jan 2008 11:03:29 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/31582 This has more to do with overall plugin development and not any particular plugin. I apologize if this is not the correct list. We have an in house 11 Jan 2008 07:21:02 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/31572 Hi I would like to know if a plugin which check Sophos antivirus on a MAC OS exist. Regards Eric 10 Jan 2008 02:45:14 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/31562 Hi, all, Plugin 20089 offers a (now) bad URL for the solution: http://asia.f5.com/solutions/archives/techbriefs/cookie.html It l 07 Jan 2008 09:42:47 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/31533 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all, I read the FAQ and I searched on the internet about this topic, but I didn't find any solu 26 Dec 2007 05:33:30 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/31488 Could somebody elaborate on which NASL includes are legally useable in GPL plugins? Some includes, such as http_func.inc, have only the Tenable copyr 11 Dec 2007 16:34:27 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/31370 Hi all, I noticed that www_clear_text_passwords is marked as dangerous. When I took a look at the code for the plugin, it seems that it doesn't even 11 Dec 2007 14:25:19 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/31368 Just a few plugins for Citrix NetScaler Notes: - Covers CVE-2007-6037, CVE-2007-6192, CVE-2007-6193. - Released under GPL. - Plugin ID numbers should 03 Dec 2007 19:51:27 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/31319 Basic OSSIM server detection on default port. Regards, --Ferdy-- 24 Nov 2007 06:35:17 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/31281 Could somebody point me to a comprehensive documentation for NASL (for Nessus 2.x)? The one I have been using so far, nasl2_reference.pdf, 2005/04/2 21 Nov 2007 16:53:27 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/31276 A small update to packeteer_web_detect.nasl to make it compatible with Packeteer 8.x. Cheers, nnposter --- packeteer_web_detect.nasl 2007-10-26 21 Nov 2007 14:56:27 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/31277 I have a Linux 2.6.22 system which has all ports filtered but which does respond to ping. I don't expect it matters, but it's Ubuntu Version 7.10 an 15 Nov 2007 09:21:38 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/31253 Hello List, I have attached a NASL that checks for a directory traversal issue discovered in ipMonitor version 8.0 and 8.5 in July 2007 by SensePo 13 Nov 2007 17:16:32 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/31245 I'd like to congratulate Adam Laurie for winning the second Powerbook from the Pwn_to_Own contest as the prize for the best speaker rated by the audie 08 Nov 2007 20:30:34 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/31231 I'm looking to check that default user names/passwords are not being used on an web interface. Can anyone recommend any nasl code I look at or any g 06 Nov 2007 06:17:08 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/31221 I'm trying to write a set of rules to check contents of HTML files for keywords. However these HTML files are accessed over HTTPS. How would I go ab 05 Nov 2007 07:56:25 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/31218 Hi, all, Looks like 21324 is generating a false positive. The plugin alerts on version 3.10.0, which is later than 3.8.0. The version string for th 30 Oct 2007 13:40:37 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/31180 I have several Mac OS X boxes running versions between 10.4.4 and 10.4.7. All of these boxes trigger macosx_10_4_10.nasl but not macosx_10_4_9.nasl. 29 Oct 2007 14:32:47 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/31167 I am new to writing Nessus plug-ins and have a question about how dependencies work. If I create a policy that only uses the "Windows / Gator/GAIN Sp 05 Oct 2007 08:45:12 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/31035 Hi, all, Plugin 11213 checks for HTTP TRACE on the remote webserver. If it is found, and the server is Apache, it suggests using mod_rewrite to bloc 01 Oct 2007 09:34:30 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/30996 Hi, all, Plugin 11810 seems to be very generous in assuming that the remote host is using Gallery. As far as I can tell, it's just checking for gene 28 Sep 2007 09:51:03 -0800 http://www.gossamer-threads.com/lists/nessus/plugins/30993