Remote Utilities Installed (Windows)

Binary data remoteutilitieswininstalled.nbin...

Remote Utilities Installed (macOS)

Binary data remoteutilitiesmacosinstalled.nbin...

GoodAccess Installed (Linux)

Binary data goodaccessnixinstalled.nbin...

GoodAccess Installed (macOS)

Binary data goodaccessmacosinstalled.nbin...

Apple iOS < 18.4 Multiple Vulnerabilities (122371)

Binary data appleios184check.nbin...

Azure Linux 3.0 Security Update: application-gateway-kubernetes-ingress / azcopy / cert-manager / cf-cli / coredns (CVE-2024-51744)

The version of application-gateway-kubernetes-ingress / azcopy / cert-manager / cf-cli / coredns installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-51744 advisory. - golang-jwt is a Go implementation...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python3 (SUSE-SU-2025:1056-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:1056-1 advisory. - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses bsc1233307. Tenable has...

pfSense Login Scanner

This module performs login attempts against a Netgate pfSense router webpage to bruteforce possible credentials. Module Options msf use auxiliary/scanner/http/pfsenselogin msf auxiliarypfsenselogin show actions ...actions... msf auxiliarypfsenselogin set ACTION msf auxiliarypfsenselogin show...

WordPress Event Tickets with Ticket Scanner plugin < 2.5.4 - Arbitrary Tickets Deletion via CSRF vulnerability

Arbitrary Tickets Deletion via CSRF vulnerability discovered by Krugov Artyom in WordPress Plugin Event Tickets with Ticket Scanner versions 2.5.4...

CVE-2025-1762

The Event Tickets with Ticket Scanner WordPress plugin before 2.5.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2025-1762 Event Tickets with Ticket Scanner < 2.5.4 - Arbitrary Tickets Deletion via CSRF

The Event Tickets with Ticket Scanner WordPress plugin before 2.5.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

Ingress NGINX Admission Controller Web Detection

Binary data ingressnginxadmissioncontrollerwebdetect.nbin...

WordPress plugin Event Tickets with Ticket Scanner 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

SAP NetWeaver AS Java Path Traversal (CVE-2017-12637)

Binary data sapnetweaverasCVE-2017-12637.nbin...

Spring Security 5.7 < 5.7.16 / 5.8 < 5.8.18 / 6.0 < 6.0.16 / 6.1 < 6.1.14 / 6.2 < 6.2.10 / 6.3 < 6.3.8 / 6.4 < 6.4.4 Authentication Bypass (CVE-2025-22228)

The remote host contains a Spring Security version that is 5.7 prior to 5.7.16, 5.8 prior to 5.8.18, 6.0 prior to 6.0.16, 6.1 prior to 6.1.14, 6.2 prior to 6.2.10, or 6.3 prior to 6.3.8, 6.4 prior to 6.4.4. It may, therefore, be affected by an authentication bypass vulnerability...

GitLab 17.4 < 17.8.6 / 17.9 < 17.9.3 / 17.10 < 17.10.1 (CVE-2025-2242)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An improper access control vulnerability in GitLab CE/EE affecting all versions from 17.4 prior to 17.8.6, 17.9 prior to 17.9.3, and 17.10 prior to 17.10.1 allows a user who was an instance admin befo...

SonicWall HTTP Login Scanner

This module adds HTTP Login scanning for SonicWall NSv. It allows scanning both admin and user accounts. Module Options msf use auxiliary/scanner/sonicwall/sonicwalllogin msf auxiliarysonicwalllogin show actions ...actions... msf auxiliarysonicwalllogin set ACTION msf auxiliarysonicwalllogin show...

Podman Installed (Linux)

Binary data podmandetect.nbin...

GO-2025-3566 ingress-nginx controller - configuration injection via unsanitized auth-url annotation in k8s.io/ingress-nginx

ingress-nginx controller - configuration injection via unsanitized auth-url annotation in k8s.io/ingress-nginx. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...

Fedora 41 : OpenIPMI (2025-ae55d50be2)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-ae55d50be2 advisory. Update to 2.0.36 Fixes CVE-2024-42934 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has...