AVideo: Unauthenticated Access to Payment Order Data via BlockonomicsYPT check.php

Summary The BlockonomicsYPT plugin's check.php endpoint returns payment order data for any Bitcoin address without requiring authentication. The endpoint was designed as an AJAX polling helper for the authenticated invoice.php page, but it performs no access control checks of its own. Since Bitco...

PT-2026-30333

Name of the Vulnerable Software and Affected Versions AVideo versions 26.0 and prior Description The BlockonomicsYPT plugin's check.php endpoint returns payment order data for any Bitcoin address without authentication. The endpoint was intended as an AJAX polling helper for the authenticated...

CVE-2026-3525 File Access Fix (deprecated) - Moderately critical - Access bypass - SA-CONTRIB-2026-020

Incorrect Authorization vulnerability in Drupal File Access Fix deprecated allows Forceful Browsing.This issue affects File Access Fix deprecated: from 0.0.0 before 1.2.0...

PT-2024-1777 · Vmware · Vmware Enhanced Authentication Plug-In

Name of the Vulnerable Software and Affected Versions: VMware Enhanced Authentication Plug-in EAP affected versions not specified Description: The issue is related to arbitrary authentication relay and session hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in EAP. Th...

Google Chrome < 109.0.5414.87 Multiple Vulnerabilities (deprecated)

This plugin has been deprecated. Please use one of the following plugins instead; - For MacOS: macosxgooglechrome1090541487.nasl plugin ID 169761 - For Windows: googlechrome1090541474.nasl plugin ID 169758 %NASLMINLEVEL 80900 C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2023/03/02...

Adobe Illustrator 26.x < 26.1.0 A Vulnerability (APSB22-15) (deprecated)

The version of Adobe Illustrator installed on the remote Windows host is prior to 26.1.0. It is, therefore, affected by a vulnerability as referenced in the apsb22-15 advisory. - Adobe Illustrator version 26.0.3 and earlier is affected by a buffer overflow vulnerability due to insecure handling o...

Rockwell (CVE-2020-12038) (deprecated)

Plugin deprecated because rslinx is not detectable in this way This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2023/03/10. Deprecated because rslinx...

Mitsubishi (CVE-2020-5599) (deprecated)

Plugin deprecated because GOT HMIs are not supported This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 70300 C Tenable, Inc. @DEPRECATED@ Disabled on 2023/06/29 as we don't support GOT HMIs...

Rockwell (CVE-2020-27263) (deprecated)

Plugin deprecated because kepserver is not detectable in this way This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2023/03/10. Deprecated because...

Amazon Linux AMI : qemu-img (ALAS-2020-1466) (deprecated)

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1466 advisory. - libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ipreass in ipinput.c. CVE-2019-15890 Note that Nessus...

Solaris 10 (x86) : 149176-13 (deprecated)

SunOS 5.10x86: qlc patch. Date this patch was last updated by Sun : Jan/16/18 This plugin has been deprecated and either replaced with individual 149176 patch-revision plugins, or deemed non-security related. C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2018/03/12. Deprecated and...

AIX 7.1 TL 3 : bind (IV85296) (deprecated)

https://vulners.com/cve/CVE-2016-1285 ISC BIND is vulnerable to a denial of service, caused by the improper handling of control channel input. By sending a specially crafted packet, a remote attacker could exploit this vulnerability to trigger an assertion failure in sexpr.c or alist.c and cause...

Solaris 10 (sparc) : 149496-02 (deprecated)

SunOS 5.10: pppd patch. Date this patch was last updated by Sun : Jun/09/16 This plugin has been deprecated and either replaced with individual 149496 patch-revision plugins, or deemed non-security related. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2018/03/12...

Solaris 10 (x86) : 150437-03 (deprecated)

SunOS 5.10x86: wanboot server patch. Date this patch was last updated by Sun : Aug/13/17 This plugin has been deprecated and either replaced with individual 150437 patch-revision plugins, or deemed non-security related. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. @DEPRECATED@ Disabled on...

Solaris 10 (sparc) : 152254-01 (deprecated)

SunOS 5.10: sudo Source Patch. Date this patch was last updated by Sun : Apr/20/16 This plugin has been deprecated and either replaced with individual 152254 patch-revision plugins, or deemed non-security related. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. @DEPRECATED@ Disabled on...

Solaris 10 (x86) : 152253-02 (deprecated)

SunOS 5.10x86: sudo Patch. Date this patch was last updated by Sun : Feb/09/17 This plugin has been deprecated and either replaced with individual 152253 patch-revision plugins, or deemed non-security related. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2018/03/1...

openSUSE Security Update : 4816 (4816-1) (deprecated)

Shotwell was updated to fix the following issues : - boo958382: Shotwell did not perform TLS certificate verification when publishing photos to external services Also contains all upstream bug fixes and improvements in the current upstream version. This plugin has been renamed to...

AIX 6.1 TL 9 : ntp (IV79942) (deprecated)

Network Time Protocol NTP is vulnerable to a denial of service, caused by an error in the sntp program. By sending specially crafted NTP packets, a remote attacker from within the local network could exploit this vulnerability to cause the application to enter into an infinite loop. Network Time...

Solaris 10 (x86) : 150833-12 (deprecated)

SunOS 5.10x86: ufs patch. Date this patch was last updated by Sun : Jun/09/16 This plugin has been deprecated and either replaced with individual 150833 patch-revision plugins, or deemed non-security related. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2018/03/12...

WordPress Citizen Space 1.1 Cross Site Scripting

Details ================ Software: Citizen Space Version: 1.1 Homepage: http://wordpress.org/plugins/citizen-space/ Advisory report: https://security.dxw.com/advisories/reflected-xss-in-citizen-space-allows-attackers-to-view-sensitive-information-of-the-attackers-choosing/ CVE: Awaiting assignmen...