4 min
I don't always write my own web application fingerprints, but when I do, I use XML
One of the awesome things about Nexpose is its extensibility. Nexpose now allows
you to write your own custom web application fingerprints, using a combination
of XPath and regular expressions. Coupled with the ability to add your own
custom checks
[/2013/06/13/custom-vulnerability-checks-using-nexposes-vulnerability-schemas],
this allows you to write your own web application vulnerability coverage.
This fingerprinting functionality can be used on any web application that
provides its version i
1 min
PostgreSQL? We got you covered.
PostgreSQL?
PostgreSQL is a popular open source relational database which is used in many
web sites and products, including the most awesome product in the whole wide
world [http://www.rapid7.com/products/nexpose/]. Rapid7's Nexpose coverage team
is proud to present full coverage for PostgreSQL in Nexpose 5.5.13. This update
adds coverage for 19 PostgreSQL vulnerabilities from between 2009 and 2013.
Also, PostgreSQL's logo is an elephant: How awesome is that?
Awesome! What do I have to do to
1 min
Latest Coverage: VLC Media Player
What's VLC?
VLC is a popular cross-platform media player with a large library of codecs. It
can be run as a browser plug-in. For more information, see
http://www.videolan.org/vlc/.
Why cover VLC?
Since VLC can be run as a browser plug-in, it presents a significant attack
surface. Through libraries such as PluginDetect, a malicious website can
determine if a user is running a vulnerable version of VLC
[http://www.pinlady.net/PluginDetect/VLC/]. Furthermore, there are several
[http://www.metasp