Lucene search
K

143 matches found

Tenable Nessus
Tenable Nessus
added 2021/06/22 12:0 a.m.21 views

GraphQL API Detected

GraphQL is an open-source query and manipulation language for APIs and a server-side runtime built to handle these queries on the application dataset. It is a popular alternative to traditional REST or SOAP APIs, providing flexibility and an optimized data fetching method. The scanner detected th...

7.3AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2021/05/12 12:0 a.m.19 views

Microsoft FrontPage Insecure Extension Configuration

An information disclosure vulnerability is present on the remote server due to exposure of Microsoft FrontPage extensions configuration files in the vtipvt directory. No source data...

6.9AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2021/04/16 12:0 a.m.13 views

WordPress 4.9.x < 4.9.17 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - An XML External Entity XXE vulnerability exists in the media library affecting PHP 8. - A data exposure vulnerability exists in the REST API. Note that the scanner has not...

7.1CVSS7AI score0.85719EPSS
Exploits21References4
Tenable Nessus
Tenable Nessus
added 2021/02/25 12:0 a.m.70 views

Oracle WebLogic 10.3.6.0.0 / 12.1.3.0.0 / 12.2.1.3.0 Remote Code Execution

A vulnerability in Oracle WebLogic Server 10.3.6.0.0, 12.1.3.0.0 & 12.2.1.3.0 allows an unauthenticated attacker with HTTP access to the service to obtain arbitrary code execution due to an insecure deserialization. Oracle proposes the associated patches on its site to fix the vulnerability. No...

9.8CVSS9.4AI score0.8883EPSS
Exploits11References2
Tenable Nessus
Tenable Nessus
added 2020/11/30 12:0 a.m.33 views

Drupal 7.x < 7.75 Remote Code Execution

According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.75, 8.8.x prior to 8.8.12, 8.9.x prior to 8.9.10 or 9.0.x prior to 9.0.9. It is, therefore, affected by a remote code execution due to the PEAR ArchiveTar library used by Drupal. No...

7.8CVSS10AI score0.84554EPSS
Exploits5References4
Tenable Nessus
Tenable Nessus
added 2020/08/14 12:0 a.m.34 views

Apache Tomcat 9.0.0.M1 < 9.0.37 Denial of Service

The version of Apache Tomcat installed on the remote host is 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 or 7.0.0 to 7.0.104. It is, therefore, affected by two denial of service vulnerabilities via WebSocket frame and HTTP/2 requests. Note that the scanner has not attempted to...

7.5CVSS8.1AI score0.87553EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2020/07/07 12:0 a.m.26 views

Oracle WebLogic WSAT Remote Code Execution

The remote Oracle WebLogic server is affected by a remote code execution vulnerability in the WSAT endpoint due to unsafe deserialization of XML encoded Java objects. An unauthenticated, remote attacker can exploit this, via a crafted Java object, to execute arbitrary Java code in the context of...

9.9CVSS8.4AI score0.05691EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/04/29 12:0 a.m.27 views

Microsoft SharePoint Server 2016 build < 16.0.4783.1000 Information Disclosure

According to its self-reported version number, the Microsoft SharePoint application running on the remote host is affected by an information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks a...

4.3CVSS6.9AI score0.04037EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/01/24 12:0 a.m.23 views

Apache Solr < 8.4.0 Remote Code Execution

Apache Solr versions 5.0.0 to 8.3.1 allow for a a remote, unauthenticated user to set 'params.resource.loader.enabled' to true via an HTTP POST request to the JMX server. Enabling this parameter would allow an attacker to use the velocity template parameter in a specially crafted Solr request,...

7.5CVSS8.1AI score0.98567EPSS
Exploits12References4
Tenable Nessus
Tenable Nessus
added 2020/01/22 12:0 a.m.28 views

Apache Solr 4.0.0 < 4.10.3 Cross-Site Scripting

Cross-site scripting XSS vulnerability in the Admin UI Plugin / Stats page in Apache Solr versions 4.x 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the fieldvaluecache object. Note that the scanner has not tested for these issues but has instead relied only on the...

4.3CVSS6.1AI score0.04702EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/01/22 12:0 a.m.19 views

Apache Solr 4.0.0 < 4.10.4 XML Resource Consumption Attack

Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack via its update handle; leveraging XML DOCTYPE and ENTITY type elements, a remote, unauthenticated attacker may write data to the server which will expand when the server parses th...

7.5CVSS7.5AI score0.07505EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2020/01/22 12:0 a.m.23 views

Apache Solr 1.3.0 < 1.4.1 XML Resource Consumption Attack

Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack via its update handle; leveraging XML DOCTYPE and ENTITY type elements, a remote, unauthenticated attacker may write data to the server which will expand when the server parses th...

7.5CVSS7.5AI score0.07505EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2019/09/26 12:0 a.m.20 views

Joomla! 3.0.x < 3.9.12 Cross-Site Scripting

According to its self-reported version number, the detected Joomla! application is affected by a cross-site scripting vulnerability in versions 3.0.0 to 3.9.11 due to inadequate escaping in the logo parameter of the default templates. Note that the scanner has not tested for these issues but has...

6.1CVSS6.6AI score0.00671EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/09/16 12:0 a.m.14 views

Sitemap.xml File Detected

The Sitemap Protocol allows you to inform search engines about URLs on a website that are available for crawling. In its simplest form, a Sitemap is an XML file that lists URLs for a site. It has been discovered that many site owners are not building their Sitemaps through spidering, but by...

7AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/08/14 12:0 a.m.15 views

Moment.js < 2.15.2 Regular Expression Denial of Service

According to its self-reported version number, Moment.js is prior to 2.15.2. Therefore, it may be affected by a regular expression denial of service vulnerability when arbitrary user input is passed into format. Note that the scanner has not tested for these issues but has instead relied only on...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/07/22 12:0 a.m.21 views

Drupal 8.7.4 Access Bypass Vulnerability

According to its self-reported version, the instance of Drupal running on the remote web server is 8.7.4. It is, therefore, affected by an access bypass vulnerability when the experimental Workspaces module is enabled. Note that the scanner has not tested for these issues but has instead relied...

9.8CVSS7.4AI score0.01861EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/03/14 12:0 a.m.24 views

WordPress 4.3.x < 4.3.19 Cross-Site Scripting

According to its self-reported version number, the detected WordPress application is affected by a cross-site scripting XSS vulnerability due to insufficient input sanitization in comment. Note that the scanner has not tested for these issues but has instead relied only on the application's...

8.8CVSS6AI score0.4375EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2019/01/31 12:0 a.m.18 views

PHP 5.6.x < 5.6.37 exif_thumbnail_extract() DoS

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.37 or 7.1.x prior to 7.1.20. It is, therefore, affected by a denial of service vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's...

7.5CVSS6.9AI score0.08975EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2019/01/31 12:0 a.m.15 views

Drupal 7.x < 7.62 Multiple Vulnerabilities

According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - A flaw exists in third-party PEAR ArchiveTar library. - A flaw exists in PHP's built-in phar stream wrapper that could lead to a remote code execution when performing file...

9.8CVSS10AI score0.33228EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2019/01/09 12:0 a.m.25 views

PHP 7.0.x < 7.0.30 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.30. It is, therefore, affected by multiple vulnerabilities. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No...

8.8CVSS6.7AI score0.10433EPSS
Exploits0References6
Rows per page
Query Builder