Lucene search
K

133 matches found

CVE
CVE
added 2018/04/18 7:0 p.m.55 views

CVE-2018-1000161

CVE-2018-1000161 affects nmap versions 6.49BETA6 through 7.60 (including SVN r37147). The vulnerability is a Directory Traversal in the NSE script http-fetch that can cause file overwrite when the script is executed by a user, exploitable when a victim runs the NSE http-fetch against a malicious ...

5.7CVSS5.6AI score0.01045EPSS
Exploits0References1Affected Software1
Mageia
Mageia
added 2018/04/06 10:54 p.m.15 views

Updated nmap packages fix security vulnerability

Nmap developer nnposter found a security flaw directory traversal vulnerability in the way the non-default http-fetch script sanitized URLs. If a user manualy ran this NSE script against a malicious web server, the server could potentially depending on NSE arguments used cause files to be saved...

7.2AI score
Exploits0References2
Kitploit
Kitploit
added 2018/01/29 9:30 p.m.210 views

Nmap-Vulners - NSE Script Using Some Well-Known Service To Provide Info On Vulnerabilities

NSE script based on Vulners.com API. NSE script using some well-known service to provide info on vulnerabilities. Dependencies: nmap libraries: http json string The only thing you should always keep in mind is that the script depends on having software versions at hand, so it only works with -sV...

7.3AI score
Exploits0References1
Nmap
Nmap
added 2017/09/05 6:19 p.m.420 views

smb-enum-services NSE Script

Retrieves the list of services running on a remote Windows system. Each service attribute contains service name, display name and service status of each service. Note: Modern Windows systems requires a privileged domain account in order to list the services. References: Script Arguments randomsee...

10CVSS9.2AI score0.99448EPSS
Exploits33
Nmap
Nmap
added 2017/07/28 9:1 a.m.1879 views

smb-protocols NSE Script

Attempts to list the supported protocols and dialects of a SMB server. The script attempts to initiate a connection using the dialects: NT LM 0.12 SMBv1 2.0.2 SMBv2 2.1 SMBv2 3.0 SMBv3 3.0.2 SMBv3 3.1.1 SMBv3 Additionally if SMBv1 is found enabled, it will mark it as insecure. This script is the...

10CVSS0.1AI score0.99448EPSS
Exploits33
Packet Storm
Packet Storm
added 2017/04/08 12:0 a.m.43 views

dnaTools dnaLIMS 4-2015s13 Directory Traversal Nmap NSE Script

local http = require "http" local shortport = require "shortport" local stdnse = require "stdnse" local string = require "string" local vulns = require "vulns" local nmap = require "nmap" description = dnaLIMS is prone to the Directory Traversal attack. The viewAppletFsa.cgi seqID parameter is...

5CVSS0.56647EPSS
Exploits10
Packet Storm
Packet Storm
added 2017/04/07 12:0 a.m.73 views

ASUS WRT Cross Site Scripting Nmap NSE Script

local http = require "http" local shortport = require "shortport" local stdnse = require "stdnse" local string = require "string" local vulns = require "vulns" local nmap = require "nmap" description = ASUSWRT is a wireless router operating system that powers many routers produced by ASUS...

4.3CVSS6.6AI score0.01701EPSS
Exploits5
Nmap
Nmap
added 2016/12/08 9:27 p.m.175 views

cics-enum NSE Script

CICS transaction ID enumerator for IBM mainframes. This script is based on mainframebrute by Dominic White . However, this script doesn't rely on any third party libraries or tools and instead uses the NSE TN3270 library which emulates a TN3270 screen in lua. CICS only allows for 4 byte transacti...

10CVSS9.1AI score0.99448EPSS
Exploits33
Nmap
Nmap
added 2016/12/08 8:58 p.m.152 views

vtam-enum NSE Script

Many mainframes use VTAM screens to connect to various applications CICS, IMS, TSO, and many more. This script attempts to brute force those VTAM application IDs. This script is based on mainframebrute by Dominic White . However, this script doesn't rely on any third party libraries or tools and...

10CVSS9.2AI score0.99448EPSS
Exploits33
Nmap
Nmap
added 2016/12/08 8:23 p.m.261 views

tn3270-screen NSE Script

Connects to a tn3270 'server' and returns the screen. Hidden fields will be listed below the screen with row, col coordinates. Script Arguments tn3270-screen.commands a semi-colon separated list of commands you want to issue before printing the screen tn3270-screen.lu specify a logical unit you...

10CVSS0.99448EPSS
Exploits33
Nmap
Nmap
added 2016/09/08 9:19 p.m.90 views

coap-resources NSE Script

Dumps list of available resources from CoAP endpoints. This script establishes a connection to a CoAP endpoint and performs a GET request on a resource. The default resource for our request is code/.well-known/core/core, which should contain a list of resources provided by the endpoint. For...

10CVSS9.3AI score0.99448EPSS
Exploits33
Nmap
Nmap
added 2016/09/08 5:30 p.m.167 views

ipmi-brute NSE Script

Performs brute force password auditing against IPMI RPC server. Script Arguments brute.credfile, brute.delay, brute.emptypass, brute.firstonly, brute.guesses, brute.mode, brute.passonly, brute.retries, brute.start, brute.threads, brute.unique, brute.useraspass See the documentation for the brute...

10CVSS0.1AI score0.99448EPSS
Exploits33
exploitpack
exploitpack
added 2016/08/06 12:0 a.m.31 views

NUUO NVRmini 2 3.0.8 - Remote Code Execution

NUUO NVRmini 2 3.0.8 - Remote Code Execution !/usr/bin/env python NUUO Remote Root Exploit Vendor: NUUO Inc. Product web page: http://www.nuuo.com Affected version: =3.0.8 Summary: NUUO NVRmini 2 is the lightweight, portable NVR solution with NAS functionality. Setup is simple and easy, with...

8.1AI score
Exploits0
Nmap
Nmap
added 2016/04/01 10:29 p.m.161 views

vnc-title NSE Script

Tries to log into a VNC server and get its desktop name. Uses credentials discovered by vnc-brute, or None authentication types. If realvnc-auth-bypass was run and returned VULNERABLE, this script will use that vulnerability to bypass authentication. See also: vnc-brute.nse realvnc-auth-bypass.ns...

10CVSS0.2AI score0.99448EPSS
Exploits33
Kitploit
Kitploit
added 2016/03/17 10:19 p.m.39 views

Ruby-Nmap - A Rubyful interface to the Nmap exploration tool and security / port scanner

A Ruby interface to nmap , the exploration tool and security / port scanner. Features Provides a Ruby interface for running nmap. Provides a Parser for enumerating nmap XML scan files. Examples Run Nmap from Ruby: require 'nmap/program' Nmap::Program.scan do |nmap| nmap.synscan = true...

7.3AI score
Exploits0References2
Nmap
Nmap
added 2015/11/15 5:39 a.m.373 views

targets-xml NSE Script

Loads addresses from an Nmap XML output file for scanning. Address type IPv4 or IPv6 is determined according to whether -6 is specified to nmap. Script Arguments targets-xml.iX Filename of an Nmap XML file to import targets-xml.state Only hosts with this status will have their addresses input...

10CVSS9.4AI score0.99448EPSS
Exploits33
Nmap
Nmap
added 2015/10/03 6:7 a.m.2973 views

smb-vuln-regsvc-dos NSE Script

Checks if a Microsoft Windows 2000 system is vulnerable to a crash in regsvc caused by a null pointer dereference. This check will crash the service if it is vulnerable and requires a guest account or higher to work. The vulnerability was discovered by Ron Bowes while working on smb-enum-sessions...

10CVSS9AI score0.99448EPSS
Exploits33
Nmap
Nmap
added 2015/08/14 12:34 p.m.565 views

http-fetch NSE Script

The script is used to fetch files from servers. The script supports three different use cases: The paths argument isn't provided, the script spiders the host and downloads files in their respective folders relative to the one provided using "destination". The paths argumenta single item or list i...

10CVSS9.2AI score0.99448EPSS
Exploits33
Nmap
Nmap
added 2015/06/01 4:12 a.m.254 views

omron-info NSE Script

This NSE script is used to send a FINS packet to a remote device. The script will send a Controller Data Read Command and once a response is received, it validates that it was a proper response to the command that was sent, and then will parse out the data. Example Usage nmap --script omron-info...

10CVSS0.1AI score0.99448EPSS
Exploits33
securityvulns
securityvulns
added 2014/10/16 12:0 a.m.48 views

Backdoor access to Techboard/Syac devices

ADVISORY INFORMATION Title: Backdoor access to Techboard/Syac devices Discovery date: 02/04/2014 Release date: 07/07/2014 Advisory URL: http://blog.emaze.net/2014/07/backdoor-techboardsyac.html Credits: Roberto Paleari @rpaleari, Luca Giancane [email protected] VULNERABILITY INFORMATION...

1AI score
Exploits0
Rows per page
Query Builder