105 matches found
ResourceSpace 6.4.5976 - XSS / SQL Injection / Insecure Cookie Handling
Exploit for php platform in category web applications Title: ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities Author: Adler Freiheit Discovered: 11 June 2014 Updated: 11 December 2014 Published: 11 December 2014 Vendor: Montala Limited Vendor url:...
ResourceSpace 6.4.5976 - Cross-Site Scripting / SQL Injection / Insecure Cookie Handling
Title: ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities Author: Adler Freiheit Discovered: 11 June 2014 Updated: 11 December 2014 Published: 11 December 2014 Vendor: Montala Limited Vendor url: www.resourcespace.org Software: ResourceSpace Digital Asset...
Novell GroupWise 'FileUploadServlet' Arbitrary File Access Vulnerability
The remote Novell GroupWise administration console is affected by an arbitrary file access vulnerability that allows attackers to access and delete arbitrary files on the affected system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc';...
Apache PHP-CGI Remote Code Execution
The PHP installation on the remote web server contains a flaw that could allow a remote attacker to pass command-line arguments as part of a query string to the PHP-CGI program. This could be abused to execute arbitrary code, reveal PHP source code, cause a system crash, etc. %NASLMINLEVEL 70300 ...
Alcatel OmniSwitch Default Credentials (http)
It is possible to log into the remote Alcatel Switch by providing the default credentials. A remote attacker could exploit this to gain administrative control of this installation. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...
Blue Coat ProxyAV Detection
Blue Coat ProxyAV, an anti-malware appliance, was found. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid69929; scriptversion"1.8"; scriptsetattributeattribute:"pluginmodificationdate", value:"2020/09/14"; scriptnameenglish:"Blue Coat ProxyAV Detection";...
Sybase EAServer XML External Entity (XXE) Arbitrary File Disclosure
The remote Sybase EAServer install is affected by an arbitrary file disclosure vulnerability. It is possible to view any file on the system by utilizing XML external entity injection in specially crafted XML data sent to the REST service on the remote host. Note that hosts that are affected by th...
Cisco Prime Data Center Network Manager Web Detection
The web interface for Cisco Prime Data Center Network Manager DCNM was detected on the remote host. DCNM is used to manage virtualized data centers. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid67246; scriptversion"1.10";...
Apache Struts 2 OGNL Expression Handling Double Evaluation Error Remote Command Execution
The remote web application appears to use Struts 2, a web framework that utilizes OGNL Object-Graph Navigation Language as an expression language. Due to a flaw in the evaluation of an OGNL expression, a remote, unauthenticated attacker can exploit this issue to execute arbitrary commands on the...
Junos Space WebUI Detection
Junos Space is a network management solution used to automate management for Juniper hardware. Junos Space WebUI, the web interface for Junos Space, was detected on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid66720; scriptversion"1.4";...
Puppet Enterprise Console Detection
Puppet Enterprise Console, a web management interface for Puppet Enterprise, was detected on the remote web server. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid66234; scriptversion"1.5"; scriptcvsdate"Date: 2019/11/22"; scriptnameenglish:"Puppet Enterprise Console...
JBoss Web Services Endpoint Enumeration
JBossWS, a framework similar to JAX-WS for making Java EE web services, is listening on the remote host and lists its registered endpoints. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid66189; scriptversion"1.3";...
Citrix Access Gateway User Web Interface Detection
The remote web server hosts the web interface for using Citrix Access Gateway, an SSL VPN appliance. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid65951; scriptversion"1.5"; scriptsetattributeattribute:"pluginmodificationdate", value:"2020/09/22";...
Gallery Detection
The remote host is running Gallery, an open source photo album application written in PHP. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid65766; scriptversion"1.4"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/06/01"; scriptnameenglish:"Gallery...
Cerb Detection
The remote web server hosts Cerb, a web-based business collaboration and automation tool. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid65983; scriptversion"1.3"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/06/01"; scriptnameenglish:"Cerb...
McAfee Vulnerability Manager Detect
McAfee Vulnerability Manager, a web-based vulnerability manager, is installed on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid65737; scriptversion"1.9"; scriptsetattributeattribute:"pluginmodificationdate", value:"2020/09/22"; scriptxrefname:"IAVT"...
NetIQ Privileged User Manager Default Admin Password
Nessus was able to login to the NetIQ Privileged User Manager install running on the remote host using default, known credentials for the 'admin' user. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid62990;...
EMail Security Virtual Appliance Detection
EMail Security Virtual Appliance, an email filtering and security application, is installed on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid61995; scriptversion"1.4"; scriptcvsdate"Date: 2019/11/25"; scriptnameenglish:"EMail Security Virtual...
Scrutinizer Default Credentials Check
The Scrutinizer install on the remote host is using default credentials for the 'admin' user. Using these credentials, it is possible to login and gain access to the back end administrative interface. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...
Lenovo ThinkManagement Console Detection
Lenovo ThinkManagement Console, a web-based API for Lenovo ThinkManagement, was found on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid58653; scriptversion"1.4"; scriptcvsdate"Date: 2019/11/25"; scriptnameenglish:"Lenovo ThinkManagement Console...