CVE-2023-49111

For Kiuwan installations with SSO single sign-on enabled, an unauthenticated reflected cross-site scripting attack can be performed on the login page "login.html". This is possible due to the request parameter "message" values being directly included in a JavaScript block in the response. This is...

File Upload Vulnerability in Qixingchen Tianyue Network Security Audit System

Providence Peak Network Security Audit System is a compliance management system for fine-grained auditing of users' operations on core IT assets and servers in the network under business environment. A file upload vulnerability exists in Tianyue Network Security Audit System, which can be exploit...

NIST Cybersecurity Framework: A Quick Guide for SaaS Security Compliance

When I want to know the most recently published best practices in cyber security, I visit The National Institute of Standards and Technology NIST. From the latest password requirements NIST 800-63 to IoT security for manufacturers NISTIR 8259, NIST is always the starting point. NIST plays a key...

NCH Axon PBX Cross-Site Scripting Vulnerability (CNVD-2021-55883)

NCH Axon PBX is a set of virtual telephone switch software used in a business environment. A cross-site scripting vulnerability exists in NCH Axon PBX, which stems from the fact that the product's customer name does not properly filter special characters in the input data and can be exploited to...

Successful SOC 2 Approaches to Address Fraud Risk

Coalfire has found that many SOC 2 clients struggle with addressing COSO Principle 8 fraud risk considerations because they innately think only about financial fraud risks. Many clients do not understand that fraud risks depend on the nature of the business and the environment in which the busine...

D-Link 6600-AP XSS / DoS / Information Disclosure Vulnerabilities

Exploit for hardware platform in category web applications Security Advisory - 22/07/2019 Multiple vulnerabilities found in the D-Link 6600-AP device running the latest firmware version 4.2.0.14. D-Link 6600-AP is not produced anymore but the support is still provided by D-Link as per described o...

Skype Security On the Business Hot Seat

Michael Gough, an information security specialist and president of the Austin, Texas, chapter of ISSA, owner of the web site skypetips.com gave CSO his thoughts on Skype’s benefits and security challenges in the business environment. Read the full article. CSO...

WinMX is installed

The remote host is using WinMX - a p2p software, which may not be suitable for a business environment. OpenVAS Vulnerability Test $Id: winmxinstalled.nasl 6063 2017-05-03 09:03:05Z teissa $ Description: WinMX is installed Authors: Xue Yong Zhi Copyright: Copyright C 2003 Xue Yong Zhi This program...

Kazaa is installed

The remote host is using Kazaa - a p2p software, which may not be suitable for a business environment. SPDX-FileCopyrightText: 2003 Xue Yong Zhi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Mercora IMRadio Detection

Mercora IMRadio is installed on the remote host. Mercora is an Internet radio tuner that also provides music sharing, instant messaging, chat, and forum capabilities. This software may not be suitable for use in a business environment. OpenVAS Vulnerability Test $Id: mercoraimradioinstalled.nasl...

Yahoo!Messenger is installed

Yahoo!Messenger - an instant messaging software, which may not be suitable for a business environment - is installed on the remote host. If its use is not compatible with your corporate policy, you should de-install it. This VT has been deprecated and replaced by the VT SPDX-FileCopyrightText: 20...

ICQ is installed

The remote host is using ICQ - a p2p software, which may not be suitable for a business environment. SPDX-FileCopyrightText: 2003 Xue Yong Zhi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

XoloX is installed

The remote host is using XoloX - a p2p software, which may not be suitable for a business environment. OpenVAS Vulnerability Test $Id: xoloxinstalled.nasl 6046 2017-04-28 09:02:54Z teissa $ Description: XoloX is installed Authors: Xue Yong Zhi Copyright: Copyright C 2003 Xue Yong Zhi This program...

Trillian is installed

The remote host is using Trillian - a p2p software, which may not be suitable for a business environment. OpenVAS Vulnerability Test $Id: trillianinstalled.nasl 8023 2017-12-07 08:36:26Z teissa $ Description: Trillian is installed Authors: Xue Yong Zhi Copyright: Copyright C 2003 Xue Yong Zhi Thi...

AOL Instant Messenger is Installed

The remote host is using AOL Instant Messenger AIM. AIM has been associated with multiple security vulnerabilities in the past. This software is not suitable for a business environment. OpenVAS Vulnerability Test $Id: aolinstalled.nasl 6056 2017-05-02 09:02:50Z teissa $ Description: AOL Instant...

Trillian is installed

The remote host is using Trillian - a p2p software, which may not be suitable for a business environment. SPDX-FileCopyrightText: 2003 Xue Yong Zhi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Mercora IMRadio Detection

Mercora IMRadio is installed on the remote host. Mercora is an Internet radio tuner that also provides music sharing, instant messaging, chat, and forum capabilities. This software may not be suitable for use in a business environment. Josh Zlatin-Amishav GPLv2 include"compat.inc"; if description...

WinMX Detection (uncredentialed check)

The remote server seems to be a WinMX Peer-to-Peer client, which may not be suitable for a business environment. C Tenable Network Security, Inc. there is already a nice WinMX check by Nessus...however, it relies on registry read access...this check works even without registry access...the anomal...

Shareaza Detection

Shareaza is installed on the remote host. Shareaza is an open source peer-to-peer file sharing application for Windows and, as such, may not be suitable for use in a business environment. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; i...

XoloX Detection

The remote host is using XoloX, a P2P program which might not be suitable for a business environment. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid11431; scriptversion"1.16"; scriptnameenglish:"XoloX Detection"; scriptsummaryenglish:"Determines if XoloX is installed...