Synology DiskStation Manager Cross-site Scripting (CVE-2012-1556)

Cross-site scripting XSS vulnerability in Synology Photo Station 5 for DiskStation Manager DSM 3.2-1955 allows remote attackers to inject arbitrary web script or HTML via the name parameter to photo/photoone.php. This plugin only works with Tenable.ot. Please visit...

Oracle DB SQL Injection In MDSYS.SDO_TOPO_DROP_FTBL Trigger

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle DB SQL Injection in MDSYS.SDOTOPODROPFTBL Trigger', 'Description' = %q This module will escalate an Oracle DB user to MDSYS by exploiting ...

Emerson Ovation OCR400 Controller Stack-Based Buffer Overflow (CVE-2019-10967)

In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a stack-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long file name from the LIST command to the FTP service, which may cause the service to overwrite buffers, leading to remote...

Cisco Unified IP Phones 7900 Permissions, Privileges, and Access Controls (CVE-2011-1602)

The su utility on Cisco Unified IP Phones 7900 devices aka TNP phones with software before 9.0.3 allows local users to gain privileges via unspecified vectors, aka Bug ID CSCtf07426. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Synology DiskStation Manager (DSM) < 3.1 Information Disclosure Vulnerability (Feb 2015)

Synology DiskStation Manager DSM is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Siemens (CVE-2018-11452) (deprecated)

Plugin deprecated because en ethernetmodule is not detectable in this way This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. @DEPRECATED@ Disabled on 2023/05/15. Deprecated because en...

Wago PLC Cycle Time Influences Uncontrolled Resource Consumption (CVE-2019-10953)

ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets. This plugin only works with Tenable.ot. Please visit...

Phoenix Contact ILC PLCs Improper Authentication (CVE-2016-8371)

The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Rockwell Automation ControlLogix Link Following (CVE-2009-0473)

Open redirect vulnerability in the web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. This plugin only works with Tenable.ot. Please visi...

Emerson DeltaV Improper Permissions, Privileges, and Access Controls (CVE-2016-9345)

An issue was discovered in Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1, and DeltaV V13.3. Critical vulnerabilities may allow a local attacker to elevate privileges within the DeltaV control system. This plugin only works with Tenable.ot. Please visit...

BFTelnet <= 1.1 DoS Vulnerability - Active Check

BFTelnet is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

RPCBind <= 0.2.4 DoS Vulnerability

RPCBind is prone to a denial of service DoS vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; yo...

Samba Buffer Overflow Vulnerability (CVE-1999-0811)

Samba is prone to a buffer overflow vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Oracle MySQL Server 3.20 - 4.1.0 Weak Password Encryption Vulnerability

Oracle MySQL Server is prone to a weak password encryption vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

PHP < 5.1.2 Multiple Vulnerabilities

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; ifdescription...

PHP 5.1.x < 5.1.5 Multiple Vulnerabilities

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; ifdescription...

VLC < 2.2.9 Type Conversion Vulnerability

The version of VLC media player installed on the remote host is earlier than 2.2.9. It is, therefore, affected by a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and ...

OkHttp Certificate Pinning Vulnerability CVE-2016-2402

h3. Issue Summary Portfolio uses Okhttp 2.2.0 which has an identified vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2016-2402 https://www.securityfocus.com/bid/83296/info https://publicobject.com/2016/02/11/okhttp-certificate-pinning-vulnerability/ h3. Steps to Reproduce...

Lenovo LenovoPaper CVE-2019-6191 Unspecified Local Privilege Escalation Vulnerability

Description Lenovo LenovoPaper software is prone to an unspecified local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges. Technologies Affected Lenovo LenovoPaper Recommendations Permit local access for trusted individuals only. Where possibl...

Cisco TelePresence Advanced Media Gateway CVE-2019-15966 Denial of Service Vulnerability

Description Cisco TelePresence Advanced Media Gateway is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCvr69362. Technologies Affected Cisco TelePresence Advanced Media...