AWStats Totals awstatstotals.php multisort() Function sort Parameter Arbitrary PHP Code Execution

The remote web server is running a version of awstatstotals.php which does not properly sanitize its 'sort' argument. An attacker can run arbitrary commands on the remote host within the context of the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

MySQL Unsupported Version Detection

According to its version, the installation of MySQL on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. C Tenable Network Security, Inc...

Apache 2.4.x < 2.4.41 Multiple Vulnerabilities

The version of Apache httpd installed on the remote host is prior to 2.4.41. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.41 advisory, including the following: - A limited cross-site scripting issue was reported affecting the modproxy error page. An attacker cou...

DatsoGallery Component for Joomla! sub_votepic.php User-Agent HTTP Header SQLi

The version of the DatsoGallery component for Joomla! or Mambo running on the remote host is affected by a SQL injection vulnerability in subvotepic.php due to improper sanitization of user-supplied input to the User-Agent header before using it to construct database queries. Regardless of the PH...

Gallery main.php g2_itemId Parameter Traversal Arbitrary File Access

The version of Gallery hosted on the remote web server fails to sanitize user-supplied input to the 'g2itemId' parameter of the 'main.php' script before using it to read cached files. If PHP's 'displayerrors' setting is enabled, an attacker can exploit this flaw to read arbitrary files on the...

Webalizer < 2.01-09 Multiple XSS

Webalizer, a web server log analysis application, was detected on the remote host. This version of Webalizer has multiple cross-site scripting vulnerabilities that could allow malicious HTML tags to be injected in the reports. %NASLMINLEVEL 70300 This script was written by Georges Dagousset See t...

HTTP Proxy POST Request Relaying

The proxy allows the users to perform POST requests such as POST http://cvs.nessus.org:21 without any Content-length tag. This request may give an attacker the ability to have an interactive session. This problem may allow attackers to go through your firewall, by connecting to sensitive ports li...

TikiWiki Detection

The remote web server hosts TikiWiki aka Tiki, a PHP-based content management software used to build and maintain websites. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid46736; scriptversion"1.10"; scriptsetattributeattribute:"pluginmodificationdate",...

MySQL 5.1.x < 5.1.73 Multiple Vulnerabilities

The version of MySQL installed on the remote host is 5.1.x prior to 5.1.73. It is, therefore, reportedly affected by vulnerabilities in the following components : - Error Handling - InnoDB - Optimizer - Privileges C Tenable Network Security, Inc. include"compat.inc"; if description scriptid71972;...

PHP < 4.4.3 / 5.1.4 Multiple Vulnerabilities

According to its banner, the version of PHP installed on the remote host is older than 4.4.3 / 5.1.4. Such versions may be affected by several issues, including a buffer overflow, heap corruption, and a flaw by which a variable may survive a call to 'unset'. %NASLMINLEVEL 70300 C Tenable Network...

Pligg register.php reg_username Parameter XSS

The remote web server is hosting a version of Pligg that is affected by a cross-site scripting vulnerability in the 'regusername' parameter of the 'register.php' script. Also note it has been reported that several other cross-site scripting vulnerabilities exist in the script 'register.php' via t...

SSL RC4 Cipher Suites Supported (Bar Mitzvah)

The remote host supports the use of RC4 in one or more cipher suites. The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so that a wide variety of small biases are introduced into the stream, decreasing its randomness. If plaintext is repeatedly encrypted e.g., HTTP...

WordPress AdServe 'adclick.php' 'id' Parameter SQL Injection

The remote host is running AdServe, a third-party ad banner plugin for WordPress. The version of AdServe installed on the remote host fails to sanitize input to the 'id' parameter of the 'adclick.php' script before using it in a database query. Regardless of PHP's 'magicquotesgpc' setting, an...

Advanced Guestbook index.php lang Cookie Parameter Path Disclosure

The remote host is running Advanced Guestbook, a free guestbook written in PHP. The installed version of Advanced Guestbook fails to validate input to the 'lang' cookie before using it as a language template. An unauthenticated, remote attacker may be able to exploit these issues to view arbitrar...

OpenSSH < 7.4 Multiple Vulnerabilities

According to its banner, the version of OpenSSH running on the remote host is prior to 7.4. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in ssh-agent due to loading PKCS11 modules from paths that are outside a trusted whitelist. A local attacker can exploit this, by...

PHP 7.4.x < 7.4.33 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 7.4.33. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 7.4.33 advisory. - The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allow...

Default Password (nagiosxi) for 'root' Account

It is possible to SSH into the remote Nagios XI virtual machine appliance by providing default credentials. A remote attacker could exploit this to gain complete control of the remote host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc';...

Zabbix Server 'active checks' Command Injection

The Zabbix server running on the remote host is affected by a remote command injection vulnerability due to the failure to sanitize the input data involving an IP address that would go into the 'ip' field of the 'interface' table in the 'zabbix' database. An unauthenticated, remote attacker can...

Apache Tomcat Default Files

The default error page, default index page, example JSPs and/or example servlets are installed on the remote Apache Tomcat server. These files should be removed as they may help an attacker uncover information about the remote Tomcat install or host itself. C Tenable Network Security, Inc. Based ...

IPMI v2.0 Password Hash Disclosure

The remote host supports IPMI v2.0. The Intelligent Platform Management Interface IPMI protocol is affected by an information disclosure vulnerability due to the support of RMCP+ Authenticated Key-Exchange Protocol RAKP authentication. A remote attacker can obtain password hash information for...

SSL Certificate Signed Using Weak Hashing Algorithm

The remote service uses an SSL certificate chain that has been signed using a cryptographically weak hashing algorithm e.g. MD2, MD4, MD5, or SHA1. These signature algorithms are known to be vulnerable to collision attacks. An attacker can exploit this to generate another certificate with the sam...

MS17-010: Security Update for Microsoft Windows SMB Server (4013389) (ETERNALBLUE) (ETERNALCHAMPION) (ETERNALROMANCE) (ETERNALSYNERGY) (WannaCry) (EternalRocks) (Petya) (uncredentialed check)

The remote Windows host is affected by the following vulnerabilities : - Multiple remote code execution vulnerabilities exist in Microsoft Server Message Block 1.0 SMBv1 due to improper handling of certain requests. An unauthenticated, remote attacker can exploit these vulnerabilities, via a...

MTA Open Mail Relaying Allowed (thorough test)

Nessus has detected that the remote SMTP server is insufficiently protected against mail relaying. This issue allows any spammer to use your mail server to send their mail to the world, thus flooding your network bandwidth and possibly getting your mail server blacklisted. C Tenable Network...

PHP 5.6.x < 5.6.40 Multiple vulnerabilities.

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.40. It is, therefore, affected by multiple vulnerabilities: - An integer underflow condition exists in gdContributionsAlloc function in gdinterpolation.c. An unauthenticated, remote attacker can hav...

AWStats 'awstats.pl' Path Disclosure

AWStats is installed on the remote system. AWStats could be installed as a standalone package or could be bundled or shipped with a third-party software such as WebGUI Runtime Environment. The installed version is affected by a path disclosure vulnerability. By specifying a nonexistent config fil...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9487)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9487 advisory. - dccp: dont duplicate ccid when cloning dccp sock Lin, Zhenpeng Orabug: 33408808 CVE-2017-6074 CVE-2020-16119 CVE-2020-16119 - KVM: X86: MMU: Use...

Site Sift Listings detail.php id Parameter SQL Injection

The remote host is running Site Sift, a PHP script for maintaining a web directory. The version of Site Sift installed on the remote host fails to sanitize user-supplied input to the 'id' parameter before before using it in the 'detail.php' script to construct a database query. Regardless of PHP'...

Network Time Protocol (NTP) Mode 6 Scanner

The remote NTP server responds to mode 6 queries. Devices that respond to these queries have the potential to be used in NTP amplification attacks. An unauthenticated, remote attacker could potentially exploit this, via a specially crafted mode 6 query, to cause a reflected denial of service...

Microsoft Forefront Endpoint Protection / System Center Endpoint Protection / Anti-malware Client Detection and Status

Microsoft Forefront Endpoint Protection, or another antimalware product from Microsoft, is installed on the remote host. However, there is a problem with the installation; either its services are not running or its engine and/or virus definitions are out of date. C Tenable Network Security, Inc...

SSL Version 2 and 3 Protocol Detection

The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL are affected by several cryptographic flaws, including: - An insecure padding scheme with CBC ciphers. - Insecure session renegotiation and resumption schemes. An attacker can exploit these flaws ...

Default Password (centreon) for 'root' Account

The account 'root' on the remote host has the default password 'centreon'. An attacker can leverage this issue to gain administrative access to the affected system. Note that Centreon Enterprise Server is known to use these credentials to provide complete, administrative access to the virtual...

Apache 2.4.x < 2.4.25 Multiple Vulnerabilities (httpoxy)

According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.25. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the modsessioncrypto module due to encryption for data and cookies using the configured ciphers with possibly either...

Oracle Java SE 1.7.0_231 / 1.8.0_221 / 1.11.0_4 / 1.12.0_2 Multiple Vulnerabilities (Jul 2019 CPU) (Unix)

The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is prior to 7 Update 231, 8 Update 221, 11 Update 4, or 12 Update 2. It is, therefore, affected by multiple vulnerabilities: - Unspecified vulnerabilities in the utilities and JCE subcomponents of Oracle...

HTTP login page

This script logs onto a web server through a login page and stores the authentication / session cookie. C Tenable Network Security, Inc. @PREFERENCES@ include"compat.inc"; ifdescription scriptid11149; scriptversion"1.37"; scriptsetattributeattribute:"pluginmodificationdate", value:"2025/09/29";...

Apache 2.4.49 < 2.4.51 Path Traversal Vulnerability

The version of Apache httpd installed on the remote host is 2.4.49 prior to 2.4.51. It is, therefore, affected by a vulnerability as referenced in the 2.4.51 advisory. - It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path...

Bind Shell Backdoor Detection

A shell is listening on the remote port without any authentication being required. An attacker may use it by connecting to the remote port and sending commands directly. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

vsftpd Smiley Face Backdoor

The version of vsftpd running on the remote host has been compiled with a backdoor. Attempting to login with a username containing : a smiley face triggers the backdoor, which results in a shell listening on TCP port 6200. The shell stops listening after a client connects to and disconnects from...

Unix Operating System Unsupported Version Detection

According to its self-reported version number, the Unix operating system running on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. TRUSTED...

Chargen UDP Service Remote DoS

When contacted, chargen responds with some random characters something like all the characters in the alphabet in a row. When contacted via UDP, it will respond with a single UDP packet. When contacted via TCP, it will continue spewing characters until the client closes the connection. The purpos...

Remote Desktop Protocol Server Man-in-the-Middle Weakness

The remote version of the Remote Desktop Protocol Server Terminal Service is vulnerable to a man-in-the-middle MiTM attack. The RDP client makes no effort to validate the identity of the server when setting up encryption. An attacker with the ability to intercept traffic from the RDP server can...

Microsoft ASP.NET MS-DOS Device Name DoS (PCI-DSS check)

The web server running on the remote host appears to be using Microsoft ASP.NET, and may be affected by a denial of service vulnerability. Requesting a URL containing an MS-DOS device name can cause the web server to become temporarily unresponsive. An attacker could repeatedly request these URLs...

Unsupported Windows OS (remote)

The remote version of Microsoft Windows is either missing a service pack or is no longer supported. As a result, it is likely to contain security vulnerabilities. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

PHP 5.5.x < 5.5.28 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.5.x prior to 5.5.28. It is, therefore, affected by multiple vulnerabilities : - Multiple use-after-free errors exist in splarray.c, splobserver.c, and spldllist.c due to improper sanitization of input to the...

NFS Exported Share Information Disclosure

At least one of the NFS shares exported by the remote server could be mounted by the scanning host. An attacker may be able to leverage this to read and possibly write files on remote host. Note: Shares protected by an ACL that includes the IP of the Nessus host will not be tested. C Tenable...

OS Security Patch Assessment Failed

OS Security Patch Assessment is not available for this host because either the credentials supplied in the scan policy did not allow Nessus to log into it or some other problem occurred. TRUSTED...

mDNS Detection (Remote Network)

The remote service understands the Bonjour also known as ZeroConf or mDNS protocol, which allows anyone to uncover information from the remote host such as its operating system type and exact version, its hostname, and the list of services it is running. This plugin attempts to discover mDNS used...

Security Updates for Microsoft .NET Framework (February 2019)

The Microsoft .NET Framework installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a...

TLS Version 1.0 Protocol Detection

The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are designed against these flaws and should be used whenever possible. As of...

SSL Certificate with Wrong Hostname

The 'commonName' CN attribute of the SSL certificate presented for this service is for a different machine. TRUSTED...

Microsoft Windows SMB Shares Unprivileged Access

The remote host has one or more Windows shares that can be accessed through the network with the given credentials. Depending on the share rights, it may allow an attacker to read/write confidential data. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid42411;...