Lucene search
+L

287 matches found

Tenable Nessus
Tenable Nessus
added 2003/04/14 12:0 a.m.35 views

Ocean12 Guestbook XSS

The remote server is running Ocean12 GuestBook, a set of scripts to manage an interactive guestbook. An attacker may use this module to inject malicious HTML code in your site, which may be used to steal users' cookies or to simply annoy them. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

5.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2003/03/30 12:0 a.m.57 views

Justice Guestbook 1.3 Multiple Vulnerabilities

The remote host is running Justice Guestbook. This set of CGI has two vulnerabilities : - It is vulnerable to cross-site scripting attacks in jgb.php3. - If the user requests the file cfooter.php3, he will obtain the physical path of the remote CGI. An attacker may use these flaws to steal the...

5CVSS5AI score0.0237EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2003/03/27 12:0 a.m.22 views

My Guest Book (myGuestBk) Multiple Vulnerabilities

The remote web server is hosting myGuestBook. This installation comes with an administrative file in 'myguestBk/admin/index.asp' which lets any user delete old entries. In addition to this, this CGI is vulnerable to a cross-site-scripting attack. %NASLMINLEVEL 70300 C Tenable Network Security, In...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2003/03/23 12:0 a.m.35 views

Basit CMS Multiple Script XSS

Basit cms 1.0 has a cross-site scripting bug. An attacker may use it to perform a cross-site scripting attack on this host. In addition to this, it is vulnerable to a SQL insertion attack that could allow an attacker to get the control of your database. %NASLMINLEVEL 70300 written by K-Otik.com...

5.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2003/03/22 12:0 a.m.23 views

Mambo Site Server 4.0.10 XSS

An attacker may use the installed version of Mambo Site Server to perform a cross-site scripting attack on this host. %NASLMINLEVEL 70300 This script was completely rewritten by Tenable Network Security, using a new API Message-ID: From: Ertan Kurt To: Subject: Some XSS vulns...

4.3CVSS4.9AI score0.03574EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2003/03/17 12:0 a.m.1478 views

Backup Files Disclosure

By appending various suffixes ie: .old, .bak, , etc... to the names of various files on the remote host, it seems possible to retrieve their contents, which may result in disclosure of sensitive information. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. This plugin uses the data collected ...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2003/03/15 12:0 a.m.118 views

RSA ClearTrust ct_logon.asp Multiple Parameter XSS

The remote ClearTrust server is vulnerable to a cross-site scripting attack that can be exploited using specially crafted calls to its 'ctlogon.asp' or 'ctlogon.jsp' scripts. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Date: Fri, 14 Mar 2003 18:42:02 -0800 To: [email protected]...

5.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2003/02/03 12:0 a.m.19 views

Tomcat /status Information Disclosure

Requesting the URI '/status' gives information about the currently running instance of the remote web server most likely Apache Tomcat. It also allows anybody to reset the current statistics. A remote attacker can use this information to mount further attacks. This script was written by Vincent...

5.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2002/04/10 12:0 a.m.93 views

Microsoft IIS ASP ISAPI Filter Multiple Overflows

There's a buffer overflow in the remote web server through the ASP ISAPI filter. It is possible to overflow the remote web server and execute commands as user 'SYSTEM'. C Tenable Network Security, Inc. Thanks to: Marc Maiffret - his post on vuln-dev saved a lot of my time See the Nessus Scripts...

7.5CVSS5.9AI score0.71195EPSS
Exploits4References5
Tenable Nessus
Tenable Nessus
added 2002/02/06 12:0 a.m.53 views

SilverStream Database Structure Disclosure

An unauthenticated, remote attacker can discover the internal structure of the remote SilverStream database by sending a special request. %NASLMINLEVEL 70300 This script was written by Tor Houghton, but I looked at "htdig" by Renaud Deraison Changes by rd: - phrasing in the report - pattern read...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2002/02/05 12:0 a.m.30 views

Microsoft ASP.NET Malformed File Request Path Disclosure

ASP.NET is vulnerable to a path disclosure attack. This allows an attacker to determine where the remote web root is physically stored in the remote file system, hence gaining more information about the remote system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

5.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2001/09/14 12:0 a.m.81 views

Webmin Detection

The remote web server is running Webmin, a web-based interface for system administration for Unix. This script was written by Georges Dagousset See the Nessus Scripts License for details Changes by Tenable: - Revised plugin title, changed family 4/13/2009 - Added CPE, updated version check, updat...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2001/06/19 12:0 a.m.120 views

Microsoft IIS ISAPI Filter Multiple Vulnerabilities (MS01-044)

There's a buffer overflow in the remote web server through the ISAPI filter. It is possible to overflow the remote web server and execute commands as user SYSTEM. Additionally, other vulnerabilities exist in the remote web server since it has not been patched. %NASLMINLEVEL 70300 C Tenable Networ...

10CVSS5.8AI score0.96731EPSS
Exploits8References8
Tenable Nessus
Tenable Nessus
added 2001/06/15 12:0 a.m.173 views

Web Server HTTP POST Method Handling Remote Overflow DoS

Nessus tests the stability of a remote web service by sending a significantly large HTTP POST and then confirms if the web service is still responsive. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid10687; scriptversion "1.25"; scriptcvsdate"Date: 2018/12/21 16:12:09"...

5.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2001/04/16 12:0 a.m.20 views

processit CGI Environment Variable Remote Information Disclosure

The 'processit' CGI is installed. processit normally returns all environment variables. This gives an attacker valuable information about the configuration of your web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if descriptio...

5.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2001/04/03 12:0 a.m.83 views

uStorekeeper ustorekeeper.pl file Parameter Traversal Arbitrary File Access

The 'ustorekeeper.pl' CGI script installed on the remote host allows an attacker to read arbitrary files subject to the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription...

5CVSS5.8AI score0.0648EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2001/03/25 12:0 a.m.27 views

SEDUM HTTP Server Long HTTP Request Overflow DoS

It was possible to make the remote web server crash by sending it too much data. An attacker may use this flaw to prevent this host from fulfilling its role. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10637; scriptversion"1.25"; scriptcvsdate"Date: 2018/07/27...

10CVSS5.5AI score0.03391EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2000/07/23 12:0 a.m.107 views

Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation

The file /site/eg/source.asp is present on the remote Apache web server. This file comes with the Apache::ASP package and allows anyone to write to files in the same directory. An attacker may use this flaw to upload his own scripts and execute arbitrary commands on this host. C Tenable Network...

7.5CVSS6AI score0.01791EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2000/04/15 12:0 a.m.138 views

Microsoft IIS Dangerous Sample Files Detection

Some of the IIS sample files are present. They all contain various security flaws which could allow an attacker to execute arbitrary commands, read arbitrary files or gain valuable information about the remote system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. This script was written by...

5.9AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2000/01/31 12:0 a.m.47 views

Cobalt siteUserMod.cgi Arbitrary Password Modification

The Cobalt 'siteUserMod' CGI appears to be installed on the remote web server. Older versions of this CGI may allow a user with Site Administrator access to change the password of users on the system, such as Site Administrator or regular users, or the admin root user. Note that Nessus has only...

7.2CVSS5.5AI score0.00435EPSS
Exploits0References3
Rows per page
Query Builder