Lucene search
K

143 matches found

Tenable Nessus
Tenable Nessus
added 2023/03/08 12:0 a.m.16 views

Nginx Cloud Storage HTTP Splitting

The scanner has detected that the Nginx configuration has a directive location specified to query a cloud storage instance. However, it is possible to insert an arbitrary payload containing a line break, which allows a malicious attacker to change the cloud storage instance to be queried. It is...

7.2AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/03/06 12:0 a.m.15 views

Atlassian Confluence 6.4.3 < 6.6.1 Resource Attachment Content Spoofing

According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to version 6.6.1. It may, therefore, permit remote attackers to spoof web content in the Mozilla Firefox Browser through attachments that have a content-type of...

4.7CVSS7.3AI score0.00998EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/02/22 12:0 a.m.9 views

Server-Side Inclusion Injection

A Server-Side Include Injection vulnerability exists when an application embeds and evaluates unsafe user-controlled server-side include directives. By injecting a specific payload an attacker can leverage this vulnerability to conduct a remote code execution. No source data...

8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/02/07 12:0 a.m.25 views

Oturia Smart Google Code Inserter Plugin for WordPress < 3.5 Multiple Vulnerabilities

The WordPress Oturia Smart Google Code Inserter Plugin installed on the remote host is affected by multiple vulnerabilities :\n\n - An Authentication Bypass which allows unauthenticated attackers to insert arbitrary JavaScript or HTML code via the sgcgoogleanalytic parameter.\n - An SQL Injection...

9.8CVSS8.9AI score0.91477EPSS
Exploits6References3
Tenable Nessus
Tenable Nessus
added 2023/01/20 12:0 a.m.23 views

Drupal 10.0.x < 10.0.2 Information Disclosure

According to its self-reported version, the instance of Drupal running on the remote web server is 9.4.x prior to 9.4.10, 9.5.x prior to 9.5.2, or 10.0.x prior to 10.0.2. It is, therefore, affected by an information disclosure vulnerability in the Media Library module. Note that the scanner has n...

7AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/01/12 12:0 a.m.28 views

Apache Spark 3.3.0 Stored Cross-Site Scripting

A stored cross-site scripting XSS vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI. Note that the...

5.4CVSS6.2AI score0.01473EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/12/21 12:0 a.m.56 views

phpMyAdmin 5.1.x < 5.1.3 Information Disclosure

The version of phpMyAdmin installed on the remote web server is 4.9.x prior to 4.9.10 or 5.1.x prior to 5.1.3. It is, therefore, affected by an information disclosure that would reveal the path on disk where phpMyAdmin is running from. Note that the scanner has not tested for these issues but has...

7.5CVSS7.1AI score0.01276EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2022/12/21 12:0 a.m.40 views

phpMyAdmin 4.9.x < 4.9.10 Information Disclosure

The version of phpMyAdmin installed on the remote web server is 4.9.x prior to 4.9.10 or 5.1.x prior to 5.1.3. It is, therefore, affected by an information disclosure that would reveal the path on disk where phpMyAdmin is running from. Note that the scanner has not tested for these issues but has...

7.5CVSS7.1AI score0.01276EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2022/11/28 12:0 a.m.50 views

GLPI < 9.3.4 SQL Injection

GLPI in version 9.3.4 has an unauthenticated SQL Injection via the 'cycle' parameter of the 'unlocktasks.php' page. No source data...

9.8CVSS8.7AI score0.23211EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/11/28 12:0 a.m.158 views

GLPI Default Credentials

The scanner successfully authenticated on the GLPI web application by using predictable credentials on its login form. No source data...

7.2AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/09/06 12:0 a.m.37 views

DotNetNuke 5.x < 9.1.1 Remote Code Execution

DotNetNuke CMS versions 5.0.0 to 9.1.0 are affected by an insecure deserialization vulnerability that leads to Remote Code Execution RCE. DotNetNuke uses the DNNPersonalization cookie to store anonymous users personalization options. This cookie is used when the application serves a custom 404...

8.8CVSS9.9AI score0.94789EPSS
Exploits6References2
Tenable Nessus
Tenable Nessus
added 2022/09/06 12:0 a.m.21 views

Okta Jira Authenticator < 3.1.5 Cross-Site Scripting

Okta Jira Authenticator toolkit versions below 3.1.5 suffer from a reflected Cross-Site Scripting XSS vulnerability. By injecting a specific payload in the osusername GET parameter, a remote unauthenticated attacker can execute arbitrary JavaScript code in the browser context of the target...

6.7AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/07/11 12:0 a.m.209 views

phpMyAdmin 5.0.x < 5.0.1 SQL Injection

The version of phpMyAdmin installed on the remote host does not correcty deal with malicious sql injected in place of a valid username when creating queries on the user accounts page leading to a SQL injection vulnerability. Note that the scanner has not tested for these issues but has instead...

8.8CVSS8.2AI score0.38778EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 2022/07/11 12:0 a.m.67 views

phpMyAdmin 4.x < 4.8.5 Arbitary File Read

The version of phpMyAdmin installed on the remote host does not correctly block access to LOAD DATA INFILE function leading to an attacker being able to read any file on the filesystem accessible with the web server permissions. Note that the scanner has not tested for these issues but has instea...

5.9CVSS7.3AI score0.15407EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/05/18 12:0 a.m.59 views

Apache Struts 2.x < 2.5.29 Remote Code Execution (S2-062)

The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag's attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %... syntax. Using forced OGNL evaluation on untrusted user input can lead to a...

9.8CVSS8.3AI score0.95922EPSS
Exploits16References2
Tenable Nessus
Tenable Nessus
added 2022/03/24 12:0 a.m.12 views

Spring Boot Actuator Detected

This is an informational notice that the scanner was able to detect an accessible Spring Actuator. Actuator endpoints let you monitor and interact with your application. Spring Boot includes a number of built-in endpoints and lets you add your own. For example, the 'health' endpoint provides basi...

7.2AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/02/24 12:0 a.m.229 views

Jenkins Stapler < 2.138.4 LTS / 2.154 Remote Code Execution

A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not...

10CVSS7.7AI score0.98481EPSS
Exploits5References3
Tenable Nessus
Tenable Nessus
added 2021/11/25 12:0 a.m.11 views

Basic Authentication Bruteforced

The scanner successfully authenticated on the target web application by using weak credentials in the request basic authentication HTTP header. No source data...

7.4AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/11/22 12:0 a.m.46 views

Microsoft Exchange Server Autodiscover Cross-Site Scripting

Microsoft Exchange Server versions 2019 before cumulative update 11, 2016 before cumulative update 22 and 2013 before cumulative update 23 are affected by a cross-site scripting vulnerability through the autodiscover/autodiscover.json endpoint. By crafting a specific URL, an attacker could target...

6.5CVSS6.5AI score0.93877EPSS
Exploits3References3
Tenable Nessus
Tenable Nessus
added 2021/11/12 12:0 a.m.50 views

Virtual JDBC Remote Code Execution

Due to unsafe deserialization used in Virtual JDBC all versions allows an unauthenticated attacker with HTTP access to the service to obtain arbitrary code execution. No source data...

9.8CVSS7.9AI score0.07079EPSS
Exploits0References4
Rows per page
Query Builder