F5 Networks BIG-IP : libxml2 vulnerability (K000141357)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.6 / 17.1.2.2 / 17.5.0. It is, therefore, affected by a vulnerability as referenced in the K000141357 advisory. An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader...

KB5044321: Windows Server 2008 R2 Security Update (October 2024)

The remote Windows host is missing security update 5044321. It is, therefore, affected by multiple vulnerabilities - Windows Routing and Remote Access Service RRAS Remote Code Execution Vulnerability CVE-2024-38212, CVE-2024-38261, CVE-2024-38265, CVE-2024-43453, CVE-2024-43549, CVE-2024-43564,...

Security Updates for Microsoft SharePoint Server Subscription Edition (October 2024)

The Microsoft SharePoint Server Subscription Edition installation on the remote host is missing security updates. It is, therefore, affected by a privilage elevation vulnerability. %NASLMINLEVEL 70300 C Tenable, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

KB5044286: Windows 10 LTS 1507 Security Update (October 2024)

The remote Windows host is missing security update 5044286. It is, therefore, affected by multiple vulnerabilities - Remote Desktop Client Remote Code Execution Vulnerability CVE-2024-43599 - Remote Registry Service Elevation of Privilege Vulnerability CVE-2024-43532 - Microsoft WDAC OLE DB...

Google Chrome < 129.0.6668.100 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 129.0.6668.100. It is, therefore, affected by multiple vulnerabilities as referenced in the 202410stable-channel-update-for-desktop8 advisory. - Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remo...

Adobe Dimension < 4.0.4 Multiple Arbitrary code execution (APSB24-74)

The version of Adobe Dimension installed on the remote Windows host is prior to 4.0.4. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB24-74 advisory. - Dimension versions 4.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in...

KB5044288: Windows 11 version 22H2 / Windows Server version 23H2 Security Update (October 2024)

The remote Windows host is missing security update 5044288. It is, therefore, affected by multiple vulnerabilities - libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also...

Adobe InCopy < 18.5.4 / 19.0 < 19.5.0 Arbitrary code execution (APSB24-79)

The version of Adobe InCopy installed on the remote host is prior to 18.5.4, 19.5.0. It is, therefore, affected by a vulnerability as referenced in the APSB24-79 advisory. - InCopy versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability...

Security Updates for Microsoft Office Products (October 2024)

The Microsoft Office Products are missing security updates. They are, therefore, affected by a spoofing vulnerability. An attacker can exploit this to gain access to sensitive data via a third party interaction. Note that Nessus has not tested for these issues but has instead relied only on the...

CVE-2024-45293

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The security scanner responsible for preventing XXE attacks in the XLSX reader can be bypassed by slightly modifying the XML structure, utilizing white-spaces. On servers that allow users to upload their own Excel XLS...

CVE-2024-45293 XML External Entity Reference (XXE) in PHPSpreadsheet's XLSX reader

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The security scanner responsible for preventing XXE attacks in the XLSX reader can be bypassed by slightly modifying the XML structure, utilizing white-spaces. On servers that allow users to upload their own Excel XLS...

CVE-2024-45293 XML External Entity Reference (XXE) in PHPSpreadsheet's XLSX reader

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The security scanner responsible for preventing XXE attacks in the XLSX reader can be bypassed by slightly modifying the XML structure, utilizing white-spaces. On servers that allow users to upload their own Excel XLS...

CVE-2024-45293

CVE-2024-45293 involves an XXE in PHPSpreadsheet’s XLSX reader where the security scanner that prevents XXE can be bypassed by whitespace in the XML encoding attribute, allowing a crafted XLSX to disclose server data. The root cause is a flawed XML encoding check in XmlScanner.php that defaults t...

XXE in PHPSpreadsheet's XLSX reader

Summary The security scanner responsible for preventing XXE attacks in the XLSX reader can be bypassed by slightly modifying the XML structure, utilizing white-spaces. On servers that allow users to upload their own Excel XLSX sheets, Server files and sensitive information can be disclosed by...

GHSA-6HWR-6V2F-3M88 XXE in PHPSpreadsheet's XLSX reader

Summary The security scanner responsible for preventing XXE attacks in the XLSX reader can be bypassed by slightly modifying the XML structure, utilizing white-spaces. On servers that allow users to upload their own Excel XLSX sheets, Server files and sensitive information can be disclosed by...

Exploit for CVE-2024-47176

Quick Start Example usage: python3 cupsscanner.py --targets...

PostgreSQL pgAdmin4 Installed (Windows)

Binary data postgresqlpgadmin4wininstalled.nbin...

Progress Telerik UI for WinForms Installed

Binary data progresstelerikuiforwinformsinstalled.nbin...

FreeBSD : Unbound -- Denial of service attack (2368755b-83f6-11ef-8d2e-a04a5edf46d9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2368755b-83f6-11ef-8d2e-a04a5edf46d9 advisory. NLnet labs report: A vulnerability has been discovered in Unbound when handling replies with very large...

VegaBird Vooki 安全漏洞

VegaBird Vooki is a free web application vulnerability scanning tool from VegaBird Open Source that helps users to scan any web application and find vulnerabilities.Vooki consists of three main parts: a web application scanner, a Rest API scanner, and a reporting feature. VegaBird Vooki version...