MCP Inspector Detected

This is an informational notice that the scanner was able to detect an MCP Model Context Procol Inspector instance on the target server. No source data...

CODESYS V2 Web Server Detection

Binary data scadacodesysv2webserverdetect.nbin...

EMC RSA Archer < 6.5.0.7, < 6.6.0.6 and < 6.7.0.2 Multiple Vulnerabilities

The version of EMC RSA Archer running on the remote web server is prior to 6.7.0.3 6.7 P3 or 6.6 P6 6.6.0.6. It is, therefore, affected by multiple vulnerabilities: - RSA Archer, versions prior to 6.7 P2 6.7.0.2, contain a Document Object Model DOM based cross-site scripting vulnerability. A remo...

PHP 7.1.x < 7.1.25 Multiple vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.25. It is, therefore, affected by multiple vulnerabilities: - An arbitrary command injection vulnerability exists in the imapopen function due to improper filters for mailbox names prior to passing...

Nikto CSV Injection Vulnerability (CNVD-2018-16264)

Nikto is an open source GPL web server scanner that performs a comprehensive multiple scan of web servers, containing over 3300 potentially dangerous files/CGIs; over 625 server versions; and over 230 server-specific issues. Scan items and plugins can be automatically updated if required. Based o...

[SECURITY] Fedora 27 Update: nikto-2.1.6-1.fc27

Nikto is a web server scanner which performs comprehensive tests against web servers for multiple items, including over 3300 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be...

Nikto v2.1.6 - Web Server Scanner

Nikto is an Open Source GPL web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks...

Moodle 2.8.x < 2.8.10 / 2.9.x < 2.9.4 / 3.0.x < 3.0.2 XSS

Binary data 9192.prm...

Nikto2 - Web Server Scanner

Nikto is an Open Source GPL web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks...

OracleVM 3.3 : openssl (OVMSA-2015-0039)

The remote OracleVM system is missing necessary patches to address critical security updates : - update fix for CVE-2015-0287 to what was released upstream - fix CVE-2015-0209 - potential use after free in d2iECPrivateKey - fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison - fix...

PolarSSL 'asn1_get_sequence_of' Function Uninitialized Pointer RCE

PolarSSL contains a flaw when parsing ASN.1 sequences from X.509 certificates due to freeing an uninitialized pointer by the function 'asn1getsequenceof' within file 'asn1parse.c'. An unauthenticated, remote attacker, using a specially crafted certificate, can exploit this flaw to cause a denial ...

openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2012:0309-1)

java-160-openjdk was updated to the b24 release, fixing multiple security issues : dbg114-java-160-openjdk-5856 java-160-openjdk-5856 newupdateinfo Security fixes - S7082299, CVE-2011-3571: Fix inAtomicReferenceArray - S7088367, CVE-2011-3563: Fix issues in java sound - S7110683, CVE-2012-0502:...

openSUSE Security Update : viewvc (openSUSE-SU-2012:0831-1)

update to 1.1.15 bnc768680 : - security fix: complete authz support for remote SVN views CVE-2012-3356 - security fix: log msg leak in SVN revision view with unreadable copy source CVE-2012-3357 Additionally the following non-security issues have been addressed : - fix several instances of...

openSUSE Security Update : java-1_6_0-openjdk (openSUSE-2012-136)

update to version 1.11.1 to fix several security issues : - S7082299, CVE-2011-3571: Fix in AtomicReferenceArray - S7088367, CVE-2011-3563: Fix issues in java sound - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method - S7110687, CVE-2012-0503: Issues with TimeZone class -...

Debian Security Advisory DSA 2801-1 (libhttp-body-perl - design error)

Jonathan Dolle reported a design error in HTTP::Body, a Perl module for processing data from HTTP POST requests. The HTTP body multipart parser creates temporary files which preserve the suffix of the uploaded file. An attacker able to upload files to a service that uses HTTP::Body::Multipart cou...

Penetration Testing Browser Bundle: PenQ

PenQ is an open source, Linux-based penetration testing browser bundle we built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web server scanning, fuzzing, report generating and more. Penetration Testin...

Open Source Web Server Scanner: NIkto

Nikto is an Open Source GPL web server scanner which performs comprehensive tests against web servers for multiple items, including over 6500 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for...

Mandrake Linux Security Advisory : mod_php3 (MDKSA-2000:048)

"A problem exists with PHP3 and PHP4 scripts regarding RFC 1867-based file uploads. PHP saves uploaded files in a temporary directory on the server, using a temporary name that is referenced as the variable $FOO where 'FOO' is the name of the file input tag in the submitted form. Many PHP scripts...

SuSE 11.1 Security Update : Java 1.6.0 (SAT Patch Number 5845)

java-160-openjdk was updated to the IcedTea 1.11.1 b24 release, fixing multiple security issues : - S7082299, CVE-2011-3571: Fix inAtomicReferenceArray - S7088367, CVE-2011-3563: Fix issues in java sound - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method - S7110687,...

Nmap NSE net: http-userdir-enum

Attempts to enumerate valid usernames on web servers running with the moduserdir module or similar enabled. The Apache moduserdir module allows user-specific directories to be accessed using the http://example.com/user/ syntax. This script makes http requests in order to discover valid user-...