16 matches found
Microsoft Windows: Remote server management (RM Service)
This test checks the setting for policy OpenVAS Vulnerability Test $Id: winrmservservermanagement.nasl 11363 2018-09-12 13:46:05Z emoss $ Check value for Allow remote server management through WinRM Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.ne...
Scientific Toolworks Understand 'wintab32.dll' DLL Loading Arbitrary Code Execution
The version of Scientific Toolworks Understand installed on the remote Windows host is earlier than 2.6 Build 600. As such, it insecurely looks in its current working directory when resolving DLL dependencies, such as for 'wintab32.dll'. Attackers may exploit this issue by placing a specially...
Microsoft Windows SMB Registry : Win 7 / Server 2008 R2 Service Pack Detection
It is possible to determine the Service Pack version of the Windows 7 / Server 2008 R2 system by reading the registry key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CSDVersion'. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid52459; scriptversion"1.9";...
Microsoft Windows SMB Registry : OS Version and Processor Architecture
Nessus was able to determine the processor architecture, build lab strings, and the Windows OS version installed on the remote system by connecting to the remote registry with the supplied credentials. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid48942;...
SMB Registry : Start the Registry Service during the scan (WMI)
Binary data wmistartregistrysvc.nbin...
Microsoft Windows SMB Registry : Vista / Server 2008 Service Pack Detection
It is possible to determine the Service Pack version of the Windows Vista / Server 2008 system by reading the registry key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CSDVersion'. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid38912; scriptversion"1.10";...
SMB Registry : Start the Registry Service during the scan
To perform a full credentialed scan, Nessus needs the ability to connect to the remote registry service RemoteRegistry. If the service is down, this plugin will attempt to start for the duration of the scan. You need to explicitly enable this option for this plugin to work: 'Start the Remote...
SMB Registry : Starting the Registry Service during the scan failed
To perform a full credentialed scan, Nessus needs the ability to connect to the remote registry service RemoteRegistry. Nessus attempted to start the service but failed, therefore OS security patch assessment of the remote host will not be complete. C Tenable Network Security, Inc...
SMB Registry : XP Service Pack version
This script reads the registry key HKLM\SOFTWARE\Microsoft\Windows NT\CSDVersion to determine the Service Pack the host is running. This VT has been deprecated and replaced by the VT SPDX-FileCopyrightText: 2005 Alert4Web.com Some text descriptions might be excerpted from a referenced sources, an...
Microsoft Windows SMB Registry : NT MTS Package Administration Registry Key Permission Weakness
The registry key HKLM\SOFTWARE\Microsoft\Transaction Server\Packages can be modified by users not in the admin group. Write access to this key allows an unprivileged user to gain additional privileges. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid11867;...
Microsoft Windows SMB Registry : Classic Logon Screen
The registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\LogonType is set to 1. It means that users who attempt to log in locally will see get the 'new' WindowsXP logon screen which displays the list of users of the remote host. C Tenable Network Security, Inc...
Microsoft Windows SMB Registry : NT RAS Administration Registry Key Permission Weakness Local Privilege Escalation
This script checks whether the following key can be modified by non-admins : HKLM\Software\Microsoft\Windows\RAS Write access to this key allows an unprivileged user to gain additional privileges. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10567;...
Microsoft Windows SMB Registry : Key Permissions Path Subversion Local Privilege Escalation
Some SYSTEM registry keys can be written by non administrator. These keys contain paths to common programs and DLLs. If a user can change a path, then he may put a trojan program into another location say C:/temp and point to it. C Tenable Network Security, Inc. include"compat.inc"; if descriptio...
Microsoft Windows SMB Registry Not Fully Accessible Detection
Nessus did not access the remote registry completely, because full administrative rights are required. If you want the permissions / values of all the sensitive registry keys to be checked, we recommend that you complete the 'SMB Login' options in the 'Windows credentials' section of the policy...
Microsoft Windows SMB Registry : Key Permission Weakness Admin Privilege Escalation
The following keys contain the name of the program that shall be started when the computer starts. The users who have the right to modify them can easily make the admin run a Trojan program that will give them admin privileges. C Tenable Network Security, Inc. include"compat.inc"; if description...
Microsoft Windows SMB Registry : Schedule Key Permission Weakness Local Privilege Escalation
The registry key SYSTEM\CurrentControlSet\Services\Schedule is writeable by users who are not in the admin group. Since the scheduler runs with SYSTEM privileges, this allow a malicious user to gain these privileges on this system. C Tenable Network Security, Inc. include"compat.inc"; if...