287 matches found
PHP ip2long Function String Validation Weakness
According to its banner, the 'ip2long' function in the version of PHP installed on the remote host may incorrectly validate an arbitrary string and return a valid network IP address. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...
Demo of Charlie Miller's iOS Code-Signing Bug
Security researcher Charlie Miller of Accuvant discovered a vulnerability in the Apple iOS software that enables him to use an app he placed in the iTunes App Store to download unsigned code from a remote Web server and run it on any iOS device. In this video, he demonstrates the app and the way...
MODx < 2.0.3-pl class_key Parameter Local File Inclusion
The version of MODx installed on the remote host fails to sanitize user-supplied input to the 'classkey' parameter of the 'manager/controllers/default/resource/tvs.php' script before using it to include PHP code. Using a specially crafted request, a remote, unauthenticated attacker may be able to...
ManageEngine ADSelfService Plus Detection
ManageEngine ADSelfService Plus, a web-based self-service password management application written in Java, is running on the remote host. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid56509; scriptversion"1.10"; scriptsetattributeattribute:"pluginmodificationdate",...
OpenAdmin Tool for Informix informixserver Parameter XSS
The instance of OpenAdmin Tool for Informix hosted on the remote web server fails to sanitize user input to the 'informixserver' parameter of its 'index.php' script before using it to generate dynamic HTML output. An attacker may be able to leverage this issue to inject arbitrary HTML or script...
HP SiteScope Detection
The remote host is running HP SiteScope, an agentless network monitoring application. HP SiteScope was formerly known as Mercury SiteScope. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid53621; scriptversion"1.14"; scriptsetattributeattribute:"pluginmodificationdate"...
MediaWiki API XSS
A cross-site scripting vulnerability exists in this installation of MediaWiki that allows an attacker to execute arbitrary script code in the browser of an unsuspecting user. Such script code could steal authentication credentials and be used to launch other attacks. %NASLMINLEVEL 70300 C Tenable...
IBM Sametime Detection
IBM Sametime, a web conferencing, instant messaging, and scheduling application, is running on the remote web server. Note that IBM Sametime was formerly known as Lotus Sametime. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid52658; scriptversion"1.5";...
CGI Generic XSS (persistent, 3rd Pass)
The remote web server hosts one or more CGI scripts that fail to adequately sanitize request strings containing malicious JavaScript. By leveraging this issue, an attacker may be able to cause arbitrary HTML and script code to be executed in a user's browser within the security context of the...
PRTG Network Monitor Detection
PRTG Network Monitor, a web-based tool for displaying network and bandwidth usage data, is hosted on the remote web server. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid51874; scriptversion"1.9"; scriptsetattributeattribute:"pluginmodificationdate",...
Adobe Flash Media Server Version Detection
Adobe Flash Media Server, a data and media server that serves applications to Flash Player, appears to be running on the remote host and is reporting its version number in HTTP headers. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid50705; scriptversion"1.8";...
Novell GroupWise WebAccess Accessible
The remote web server is a Novell GroupWise WebAccess console. By allowing unauthenticated access to this web server, anyone may be able read status, configuration or log files pertaining to GroupWise WebAccess. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid50693;...
eLouai's Force Download Script file Parameter File Disclosure
The version of eLouai's Force Download Script hosted on the remote web server does not sanitize user-supplied input to the 'file' parameter before using it to return the contents of a file. An unauthenticated, remote attacker can exploit this issue to disclose the contents of sensitive files on t...
Super Simple Blog Script entry Parameter SQL Injection
The remote Super Simple Blog Script install hosted on the remote web server is affected by a SQL injection vulnerability because its 'comments.php' script does not properly sanitize input to the 'entry' parameter before using it a database query. Regardless of PHP's 'magicquotesgpc' setting, an...
External URLs
Nessus gathered HREF links to external sites by crawling the remote web server. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid49704; scriptversion"$Revision: 1.3 $"; scriptcvsdate"$Date: 2011/08/19 19:59:18 $"; scriptnameenglish:"External URLs";...
OpenX Open Flash Chart ofc_upload_image.php File Upload Arbitrary Code Execution
The third-party Open Flash Chart component included with the version of OpenX hosted on the remote web server allows an unauthenticated attacker to upload arbitrary files to the affected system, by default in a web-accessible directory. While Nessus has not verified this, it is likely that an...
Oracle Business Process Management Detection
The remote web server is running Oracle formerly BEA Business Process Management BPM Suite, a set of tools for creating, executing, and optimizing business processes. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid48338; scriptversion"1.8"; scriptcvsdate"Date:...
Symphony Detection
Symphony, an XSLT-powered, open source content management system, is hosted on the remote web server. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid46818; scriptversion"1.9"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/06/01";...
NolaPro Detection
The remote web server hosts NolaPro, a web-based business management application written in PHP. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid46703; scriptversion"1.7"; scriptcvsdate"Date: 2019/11/22"; scriptnameenglish:"NolaPro Detection";...
r57shell Backdoor Detection
At least one instance of r57shell is hosted on the remote web server. This is a PHP script that acts as a backdoor and provides a convenient set of tools for attacking the affected host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...