338622 matches found
CGI Generic XSS (quick test)
The remote web server hosts CGI scripts that fail to adequately sanitize request strings with malicious JavaScript. By leveraging this issue, an attacker may be able to cause arbitrary HTML and script code to be executed in a user's browser within the security context of the affected site. These...
KB4103723: Windows 10 Version 1607 and Windows Server 2016 May 2018 Security Update
The remote Windows host is missing security update 4103723. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability...
MS15-124: Cumulative Security Update for Internet Explorer (CVE-2015-6161) (3125869)
The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3125869 and/or a Registry key to prevent the host against CVE-2015-6161. It is, therefore, affected by Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to bypass t...
Security Updates for Microsoft Office Products (January 2018)
The Microsoft Office Products are missing security updates. It is, therefore, affected by the following vulnerabilities : - A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploite...
RARLAB WinRAR < 5.70 Beta 1 Multiple Vulnerabilities
The version of RARLAB WinRAR installed on the remote Windows host is prior to 5.70 Beta 1. It is, therefore, affected by the following vulnerabilities : - An error exists in the file 'unacev2.dll' related to the 'filename' field, that allows a specially crafted ACE archive to overwrite files...
Check Point Gaia Operating System SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (sk103683) (POODLE)
The remote host is running a version of Gaia Operating System that is potentially affected by a man-in-the-middle MitM information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in...
KeyWorks KeyHelp ActiveX Control Multiple Vulnerabilities
The remote host has KeyWorks KeyHelp ActiveX control installed, which is affected by multiple vulnerabilities : - Multiple stack-based buffer overflows exist that could allow an attacker to execute arbitrary code. CVE-2012-2515 - An unspecified command injection vulnerability. CVE-2012-2516 C...
Apache 2.4.x < 2.4.55 Multiple Vulnerabilities
The version of Apache httpd installed on the remote host is prior to 2.4.55. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.55 advisory. - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory locatio...
rlogin Service Detection
The rlogin service is running on the remote host. This service is vulnerable since data is passed between the rlogin client and server in cleartext. A man-in-the-middle attacker can exploit this to sniff logins and passwords. Also, it may allow poorly authenticated logins without passwords. If th...
ESXi 5.5 / 6.0 / 6.5 / Multiple Vulnerabilities (VMSA-2017-0021) (VMSA-2018-0002) (Spectre) (remote check)
The remote VMware ESXi host is version 5.5, 6.0, or 6.5 and is missing a security patch. It is, therefore, affected by multiple vulnerabilities that can allow code execution in a virtual machine via the authenticated VNC session as well as cause information disclosure from one virtual machine to...
MikroTik RouterOS HTTP Server Arbitrary Write RCE (ChimayRed)
The MikroTik RouterOS software running on the remote host is affected by a flaw in its HTTP web server process due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted POST request, to write data to an arbitrary location with...
Security Updates for Microsoft .NET Framework (December 2018)
The Microsoft .NET Framework installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully...
Acme thttpd < 2.26 Multiple Vulnerabilities
According to its banner, the version of Acme thttpd server running on the remote host is prior to 2.26. It is, therefore, affected by multiple vulnerabilities : - Multiple buffer overflow conditions exist in the htpasswd utility. A local attacker can exploit these, by calling htpasswd and supplyi...
OpenSSH < 6.6 Multiple Vulnerabilities
According to its banner, the version of OpenSSH running on the remote host is prior to 6.6. It is, therefore, affected by the following vulnerabilities : - A flaw exists due to a failure to initialize certain data structures when makefile.inc is modified to enable the J-PAKE protocol. An...
HP iLO 3 < 1.93 / HP iLO 4 < 2.75 / HP iLO Superdome 4 < 1.64 / HP iLO 5 < 2.18 / HP Moonshot/Edgeline iLO 5 < 2.30 Ripple20 Multiple vulnerabilities
Multiple security vulnerabilities have been identified in Integrated Lights-Out firmware generation 3 iLO 3 prior to version 1.93, generation 4 iLO 4 prior to version 2.75, and generation 5 iLO 5 prior to version 2.18. Superdome generation 4 versions prior to 1.64 and Moonshot/Edgeline generation...
Exim < 4.94.2 Multiple Vulnerabilities (21Nails)
According to its banner, the version of Exim running on the remote host is prior to 4.94.2. It is, therefore, potentially affected by multiple vulnerabilities that can lead to remote code execution. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...
SSH SHA-1 HMAC Algorithms Enabled
The remote SSH server is configured to enable SHA-1 HMAC algorithms. Although NIST has formally deprecated use of SHA-1 for digital signatures, SHA-1 is still considered secure for HMAC as the security of HMAC does not rely on the underlying hash function being resistant to collisions. Note that...
Apache 2.4.x < 2.4.54 Authentication Bypass
The version of Apache httpd installed on the remote host is prior to 2.4.54. It is, therefore, affected by an authentication bypass vulnerability as referenced in the 2.4.54 advisory. - X-Forwarded-For dropped by hop-by-hop mechanism in modproxy: Apache HTTP Server 2.4.53 and earlier may not send...
UnrealIRCd Backdoor Detection
The remote IRC server is a version of UnrealIRCd with a backdoor that allows an attacker to execute arbitrary code on the affected host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid46882; scriptversion"1.16";...
Advanced Guestbook User-Agent Header HTML Injection
The remote host is running Advanced Guestbook, a free guestbook written in PHP. The installed version of Advanced Guestbook fails to properly sanitize the 'HTTPUSERAGENT' environment variable before using it in dynamically-generated content. An attacker can exploit this flaw to launch cross-site...
SSL/TLS Deprecated Ciphers Unsupported
The remote host has open SSL/TLS ports which advertise deprecated cipher suites. The ciphers contained in these suites are no longer supported by most major ssl libraries such as OpenSSL, NSS, Mbed TLS, and wolfSSL and, as such, should not be used for secure communication. Nessus 8.9 and later no...
Apache Tomcat 9.0.0.M1 < 9.0.62 Spring4Shell CVE-2021-43980
The version of Apache Tomcat installed on the remote host is 9.x prior to 9.0.62. - The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing but extremely hard to trigger concurrency bug in Apache Tomcat...
ESXi 5.5 < Build 3568722 / 6.0 < Build 3568940 glibc DNS Resolver RCE (VMSA-2016-0002) (remote check)
The remote VMware ESXi host is 5.5 prior to build 3568722 or 6.0 prior to build 3568940. It is, therefore, affected by a stack-based buffer overflow condition in the GNU C Library glibc DNS client-side resolver due to improper validation of user-supplied input when looking up names via the...
Service Detection
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. TRUSTED...
FreePBX /recordings/index.php 'ari_auth' Cookie Authentication Bypass
The version of FreePBX hosted on the remote web server is affected by an authentication bypass vulnerability in the FreePBX ARI Framework module / Asterisk Recording Interface ARI. A remote, unauthenticated attacker can exploit this issue to gain full administrator access to the FreePBX server by...
Multiple Dangerous CGI Script Detection
It is possible that the remote web server contains one or more dangerous CGI scripts. Note that this plugin does not actually test for the underlying flaws but instead only searches for scripts with the same name as those with known vulnerabilities. %NASLMINLEVEL 70300 This script was written by...
ThinkPHP < 5.0.24 RCE
The version of ThinkPhP installed on the remote host is prior to 5.0.24. It is, therefore, affected by a remote code execution vulnerability. An unauthenticated, remote attacker can exploit this to execute arbitrary php code through multiple parameters. Note that Nessus has not tested for this...
ZTE F460 / F660 Cable Modems web_shell_cmd.gch Administrative Backdoor
Nessus was able to access the 'webshellcmd.gch' script on the device, which is a backdoor that allows administrative commands to be run on the device without authentication. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid73104; scriptversion"1.5"; scriptcvsdate"Date:...
Ubiquiti UniFi Network Log4Shell Direct Check (CVE-2021-44228)
Binary data ubiquitiunifinetworklog4shell.nbin...
LDAP Crafted Search Request Server Information Disclosure
By sending a search request with a filter set to 'objectClass=', it is possible to extract information about the remote LDAP server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid25701; scriptversion"1.25";...
PHP 5.6.x < 5.6.32 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.32. It is, therefore, affected by multiple vulnerabilities. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid104631;...
RPC Services Enumeration
By sending a DUMP request to the portmapper, it was possible to enumerate the ONC RPC services running on the remote port. Using this information, it is possible to connect and bind to each service by sending an RPC request to the remote port. C Tenable Network Security, Inc. include"compat.inc";...
Adobe InCopy < 16.4.3 / 17.0 < 17.4.0 Multiple Vulnerabilities (APSB22-53)
The version of Adobe InCopy installed on the remote host is prior to 16.4.3, 17.4.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB22-53 advisory. - Adobe InCopy version 17.3 and earlier and 16.4.2 and earlier are affected by a Heap-based Buffer Overflow...
OpenSSL Unsupported (deprecated)
This plugin has been deprecated. For plugins which identify unsupported instances of this product, search the plugin feed for OpenSSL SEoL. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid78555; scriptversion"1.11"; scriptsetattributeattribute:"pluginmodificationdate"...
Microsoft Windows WebP Image Extension RCE (August 2020)
The Windows 'WebP Image Extension' or 'WebP from Device Manufacturer' app installed on the remote host is affected by a remote code execution vulnerability. An unauthenticated, remote attacker can exploit this vulnerability via an specially crafted image to execute code and gain control of the...
Apache 2.2.x < 2.2.32 Multiple Vulnerabilities (httpoxy)
According to its banner, the version of Apache running on the remote host is 2.2.x prior to 2.2.32. It is, therefore, affected by the following vulnerabilities : - The Apache HTTP Server is affected by a man-in-the-middle vulnerability known as 'httpoxy' due to a failure to properly resolve...
NetScaler Unencrypted Web Management Interface
The remote Citrix NetScaler web management interface does not use TLS or SSL to encrypt connections. %NASLMINLEVEL 70300 netscalerwebunencrypted.nasl GPLv2 Changes by Tenable: - Revised plugin title 9/23/09 - Added CPE and updated copyright 10/18/2012 - Corrected encryption testing 1/2/2018 -...
Samba Badlock Vulnerability
The version of Samba, a CIFS/SMB server for Linux and Unix, running on the remote host is affected by a flaw, known as Badlock, that exists in the Security Account Manager SAM and Local Security Authority Domain Policy LSAD protocols due to improper authentication level negotiation over Remote...
Git Repository Served by Web Server
The web server on the remote host allows read access to a Git repository. This potential flaw can be used to download content from the Web server that might otherwise be private. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...
suidperl Privilege Escalation (PROCSUID)
The suidperl application is installed on the remote host. It is, therefore, affected by a privilege escalation vulnerability that allows a local attacker to gain root privileges. PROCSUID is one of multiple Equation Group vulnerabilities and exploits disclosed on 2017/04/08 by a group known as th...
EasyMail SMTP Object ActiveX Control Multiple Buffer Overflows
EasyMail Objects, a set of COM objects for supporting email protocols, is installed on the remote Windows host. It may have been bundled with a third-party application, such as Oracle Document Capture, Earthlink internet access software, Borland Caliber RM Client, and FrontRange Heat. The SMTP...
KB4036996: Security Update for SQL Server (August 2017)
The remote Microsoft SQL Server is missing a security update. It is, therefore, affected by an information disclosure vulnerability in Microsoft SQL Server Analysis Services when it improperly enforces permissions. An attacker could exploit the vulnerability if the attacker's credentials allow...
Apache mod_suexec Multiple Privilege Escalation Vulnerabilities
The remote host appears to be running Apache and is potentially affected by the following vulnerabilities: - Multiple race conditions exist in suexec between the validation and usage of directories and files. Under certain conditions local users are able to escalate privileges and execute arbitra...
OpenSSH < 9.8 RCE
The version of OpenSSH installed on the remote host is prior to 9.8. It is, therefore, affected by a vulnerability as referenced in the release-9.8 advisory. - This release contains fixes for two security problems, one critical and one minor. 1 Race condition in sshd8 A critical vulnerability in...
MS09-035: Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706)
The remote Windows host contains a version of the Microsoft Active Template Library ATL, included as part of Visual Studio or Visual C++, that is affected by multiple vulnerabilities : - On systems with components and controls installed that were built using Visual Studio ATL, an issue in the ATL...
Oracle GlassFish Server 3.1.2.x < 3.1.2.19 (October 2018 CPU)
According to its self-reported version, the Oracle GlassFish Server running on the remote host is 3.1.2.x prior to 3.1.2.19. Is is, therefore, affected by multiple vulnerabilities: - A vulnerability could allow an Attacker with unauthenticated network access to compromise Oracle GlassFish Server....
F5 Networks BIG-IP : OpenSSL vulnerability (K13167034)
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted...
VNC Server Unencrypted Communication Detection
This script checks the remote VNC server protocol version and the available 'security types' to determine if any unencrypted 'security-types' are in use or available. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid65792; scriptversion"$Revision: 1.3 $";...
Apache Tomcat 9.0.30 < 9.0.65
The version of Tomcat installed on the remote host is prior to 9.0.65. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.65security-9 advisory. - In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form...
SSL Certificate Expiry
This plugin checks expiry dates of certificates associated with SSL- enabled services on the target and reports whether any have already expired. TRUSTED...