SolarWinds Web Help Desk < 12.8.3 HF 1 Deserialization RCE

The version of SolarWinds Web Help Desk installed on the remote host is prior to 12.8.3 HF1. It is, therefore, affected by a remote code execution vulnerability, that, if exploited, would allow an attacker to run commands on the host machine. Note that Nessus has not tested for these issues but h...

ManageEngine Applications Manager SEoL (11.0.x)

According to its version, ManageEngine Applications Manager is 11.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities...

ManageEngine Applications Manager SEoL (14.0.x)

According to its version, ManageEngine Applications Manager is 14.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities...

Ansible Tower Unsupported Version

The version of Ansible Tower running on the remote server has reached the end of support, and will no longer receive security updates from the vendor. It could therefore be affected by multiple vulnerabilities. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

Joomla! < 3.8.12 Multiple Vulnerabilities

According to its self-reported version number, the Joomla! installation running on the remote web server is prior to 3.8.12. It is, therefore, affected by malicious file upload and stored cross-site scripting vulnerabilities. Additionally, versions 3.7.0 through 3.8.11 are affected by an access...

PHP 7.2.x < 7.2.8 Use After Free Arbitrary Code Execution in EXIF

According to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.8. It is, therefore, affected by a Use-After-Free Arbitrary Code Execution Vulnerability. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ...

PHP 7.0.x < 7.0.31 Use After Free Arbitrary Code Execution in EXIF

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.31. It is, therefore, affected by a Use-After-Free Arbitrary Code Execution Vulnerability. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc';...

Webmin 1.140 Multiple Vulnerabilities

According to its self-reported version, the Webmin install hosted on the remote host is 1.140. It is, therefore, affected by multiple vulnerabilities. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid108545; scriptversion"1.5";...

Webmin < 1.250 miniserv.pl Remote Code Execution

According to its self-reported version, the Webmin install hosted on the remote host is prior to 1.250. It is, therefore, affected by a remote code execution vulnerability if syslog logging is enabled. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid108549;...

Webmin < 1.860 Cross Site Scripting Vulnerability

According to its self-reported version, the Webmin install hosted on the remote host is prior to 1.860. It is, therefore, affected by a cross site scripting vulnerability. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid108561; scriptversion"1.6";...

Webmin 1.840 / 1.880 Local File Inclusion Vulnerability

According to its self-reported version, the Webmin install hosted on the remote host is 1.840 or 1.880. It is, therefore, affected by a local file inclusion vulnerability. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid108563; scriptversion"1.3"; scriptcvsdate"Date:...

Webmin 1.x < 1.160 Remote Code Execution

According to its self-reported version, the Webmin install hosted on the remote host is 1.x prior to 1.160. It is, therefore, affected by a remote code execution vulnerability. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid108546; scriptversion"1.5";...

pfSense < 2.1.3 Remote Denial of Service Vulnerability (SA-14_05)

According to its self-reported version number, the remote pfSense install is prior to 2.1.3. It is, therefore, affected by a denial of service vulnerability as stated in the referenced vendor advisory. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid106489;...

PHP 7.0.x < 7.0.25 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.25. It is, therefore, affected by multiple vulnerabilities. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid104632;...

EMC VMAX VASA Provider Virtual Appliance < 8.4.0.512 Authentication Bypass Vulnerability

The version of EMC VMAX VASA Provider Virtual Appliance running on the remote host is prior to 8.4.0.512. It is, therefore, affected by an authentication bypass vulnerability. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid104391; scriptversion"1.10";...

Linksys Smart Wi-Fi Router CGI Scripts Information Disclosure

The remote Linksys Smart Wi-Fi Router device is affected by an information disclosure vulnerability in its web administration interface due to a flaw that allows bypassing authentication mechanisms for various CGI scripts. An unauthenticated, remote attacker can exploit this to disclose sensitive...

Request Tracker Unsupported Version Detection

According to its version, the installation of Request Tracker on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. %NASLMINLEVEL 70300 C Tenabl...

VMware vCenter Operations Manager Web UI Default Credentials

The web UI component of VMware vCenter Operations Manager uses a known set of default credentials. An attacker can use these to gain access to the system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid82704;...

Atmail Webmail Unsupported Version Detection

According to its self-reported version number, the version of Atmail Webmail on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. %NASLMINLEVEL...

ManageEngine Password Manager Pro Default Credentials

The remote ManageEngine Password Manager Pro web administration interface uses a known set of default credentials. An attacker can use these to gain access to the remote host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if descriptio...