Lucene search
+L

183 matches found

Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.56 views

YUI 2.4.0 < 3.0.0 Cross-site Scripting

According to its self-reported version number, YUI is at least 2.4.0 and prior to 3.0.0. Therefore, it may be affected by a cross-site scripting vulnerability via YUI .swf files. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported...

4.3CVSS6.6AI score0.02454EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.18 views

Apache Tomcat 7.0.41 < 7.0.79 Cache Poisoning Vulnerability

The version of Apache Tomcat installed on the remote host is 7.0.41 or later but prior to 7.0.79. It is, therefore, affected by a flaw in the CORS filter where the HTTP Vary header is not properly added. This allows a remote attacker to conduct client-side and server-side cache poisoning attacks...

4.3CVSS7.2AI score0.08037EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.89 views

AngularJS < 1.6.9 Cross-Site Scripting

According to its self-reported version number, AngularJS is prior to 1.6.9. Therefore, it may be affected by a Cross-Site Scripting XSS vulnerability through SVG files if enableSvg is set. Note that the scanner has not tested for these issues but has instead relied only on the application's...

6AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.16 views

YUI 3.0.0 < 3.10.1 Cross-site Scripting

According to its self-reported version number, YUI is at least 3.0.0 and prior to 3.10.1 or 3.10.2. Therefore, it may be affected by a cross-site scripting vulnerability via YUI io.swf file. Note that the scanner has not tested for these issues but has instead relied only on the application's...

4.3CVSS6.6AI score0.01492EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.40 views

lighttpd 1.4.31 http_request_split_value Function Header Handling DoS

According to its banner, the version of lighttpd running on the remote host is 1.4.31. It is, therefore, affected by a denial of service vulnerability. An error in the httprequestsplitvalue function in 'src/request.c' can cause the application to enter an endless loop when handling specially...

5CVSS7.2AI score0.12038EPSS
Exploits7References5
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.14 views

Joomla! 1.7.x < 3.8.9 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - Local file inclusion with PHP 5.3 affects Joomla 2.5.0 through 3.8.8 - XSS vulnerability in language switcher module affects Joomla 1.6.0 through 3.8.8 Note that the scanner...

8.8CVSS6.8AI score0.02319EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.24 views

WordPress 4.9.x < 4.9.5 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Localhost is treated as same host by default. - Unsafe redirects are used when redirecting the login page if SSL is forced. - The version string is not correctly escaped f...

6.1CVSS7.4AI score0.05329EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.15 views

WordPress 4.8.x < 4.8.6 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Localhost is treated as same host by default. - Unsafe redirects are used when redirecting the login page if SSL is forced. - The version string is not correctly escaped f...

6.1CVSS7.4AI score0.05329EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.17 views

Joomla! 3.4.x < 3.8.2 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by an authentication bypass and multiple information disclosure vulnerabilities. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

9.8CVSS7.3AI score0.06507EPSS
Exploits3References6
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.22 views

Joomla! 2.5.x < 3.8.2 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by an authentication bypass and multiple information disclosure vulnerabilities. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

9.8CVSS7.3AI score0.06507EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2018/10/15 12:0 a.m.17 views

Lighttpd Default Index Page

The remote web server uses the default Lighttpd index page. This page may contain some sensitive data like the server root and installation paths. This could potentially leak useful information about the server installation to a remote, unauthenticated attacker. No source data...

7.1AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/09/12 12:0 a.m.20 views

Apache Struts 2 OGNL Console Detected

Apache Struts 2 installed on the remote host is running a OGNL console. While this environment can help speed up development of web applications, it can leak information about the underlying web applications as well as the installation of Struts, Java, and other related items on the remote host a...

7AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/09/04 12:0 a.m.21 views

Apache Default Index Page

The remote web server uses the default Apache index page. This page may contain some sensitive data like the server root and installation paths. This could potentially leak useful information about the server installation to a remote, unauthenticated attacker. No source data...

7.1AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/08/30 12:0 a.m.45 views

Apache Tomcat Unsupported Version

The installation of Apache Tomcat detected on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. No source data...

7.6AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/08/21 12:0 a.m.9 views

Apache Unsupported Version

The installation of Apache detected on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. No source data...

7.6AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/08/09 12:0 a.m.16 views

Microsoft IIS Unsupported Version

The installation of Microsoft Internet Information Services IIS detected on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. No source data...

7.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/06/06 12:0 a.m.12 views

Drupal RESTWS Module Page Callback RCE

The version of Drupal running on the remote web server is affected by a remote code execution vulnerability in the bundled RESTful Web services RESTWS module due to a flaw in how default page callbacks for Drupal entities are altered when handling specially crafted requests. An unauthenticated,...

8.6AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/02/13 12:0 a.m.25 views

TLS 1.1 Weak Protocol

The remote server offers deprecated TLS 1.1 protocol. No source data...

7.5AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2018/01/23 12:0 a.m.9 views

Screenshot

Screenshot of the target web page, see attached image. This screenshot should show you the target page we are launching the scan against. If the image is not of the intended target page, please check the provided url in the scan configuration. No source data...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/12/15 12:0 a.m.11 views

Cookie Authentication Failed

This plugin is raised when the scanner has not been able to authenticate against the web application using the cookies provided in the scan policy. Check the output of the plugin to get an explanation of the issue encountered by the scan. No source data...

7.2AI score
Exploits0
Rows per page
Query Builder