SSL/TLS Recommended Cipher Suites (PCI DSS)

The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites: TLSv1.3: - 0x13,0x01 TLS13AES128GCMSHA256 - 0x13,0x02 TLS13AES256GCMSHA384 - 0x13,0x03 TLS13CHACHA20POLY1305SHA256 TLSv1.2: - 0xC0,0x2B...

Security Updates for Windows 10 / Windows Server 2016 (September 2018) (Spectre)

The remote Windows host is missing a security update. It is, therefore, missing microcode updates to address Spectre Variant 2 CVE-2017-5715: Branch Target Injection vulnerability. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid119239; scriptversion"1.8";...

TFTP Traversal Arbitrary File Access

The TFTP Trivial File Transfer Protocol server running on the remote host is vulnerable to a directory traversal attack that allows an attacker to read arbitrary files on the remote host by prepending their names with directory traversal sequences. %NASLMINLEVEL 70300 C Tenable Network Security,...

OpenSSH < 9.8 RCE

The version of OpenSSH installed on the remote host is prior to 9.8. It is, therefore, affected by a vulnerability as referenced in the release-9.8 advisory. - This release contains fixes for two security problems, one critical and one minor. 1 Race condition in sshd8 A critical vulnerability in...

McAfee VirusScan Enterprise < 8.8 Patch 13 Privilege Escalation Vulnerability (SB10237)

The version of McAfee VirusScan Enterprise VSE installed on the remote Windows host is prior to 8.8 Patch 13. It is, therefore, affected by a privilege escalation vulnerability. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid110272; scriptversion"1.6";...

WebCalendar send_reminders.php includedir Parameter Remote File Inclusion

The remote version of WebCalendar fails to sanitize user-supplied input to the 'includedir' parameter of the 'sendreminders.php' script. By leveraging this flaw, an attacker may be able to view arbitrary files on the remote host and execute arbitrary PHP code, possibly taken from third-party host...

Do not scan printers

The remote host appears to be a network printer, multi-function device, or other fragile device. Such devices often react very poorly when scanned. To avoid problems, Nessus has marked the remote host as 'Dead' and will not scan it, beyond minimal probing traffic that allows the scanner to identi...

Microsoft Windows SMB2 and SMB3 Dialects Supported (remote check)

Nessus was able to obtain the set of SMB2 and SMB3 dialects running on the remote host by sending an authentication request to port 139 or 445. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid106716; scriptversion"1.6";...

HP System Management Homepage Multiple Vulnerabilities (HPSBMU03593)

According to its banner, the version of HP System Management Homepage SMH hosted on the remote web server is affected by the following vulnerabilities : - A denial of service vulnerability exists in the Apache HTTP Server due to the lack of the modreqtimeout module. An unauthenticated, remote...

Weak Debian OpenSSH Keys in ~/.ssh/authorized_keys

The remote host has one or more /.ssh/authorizedkeys files containing weak SSH public keys generated on a Debian or Ubuntu system. The problem is due to a Debian packager removing nearly all sources of entropy in the remote version of OpenSSL. This problem does not only affect Debian since any us...

Blue Coat ProxySG 6.5.x / 6.2.x / 5.5 OpenSSL Vulnerability (FREAK)

The remote Blue Coat ProxySG device's self-reported SGOS version is 6.5 prior to 6.5.6.2, or version 6.2 prior to 6.2.16.3, or else any version of 5.5. Therefore, it contains a bundled version of OpenSSL affected by a security feature bypass vulnerability, known as FREAK Factoring attack on...

MySQL 8.0.x < 8.0.26 Multiple Vulnerabilities (July 2025 CPU)

The version of MySQL running on the remote host is 8.0.x prior to 8.0.26. It is, therefore, affected by multiple vulnerabilities, including the following, as noted in the July 2021 Critical Patch Update advisory: - curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting i...

IIS Detailed Error Information Disclosure

The remote Microsoft IIS web server is improperly configured to deliver detailed error messages. These detailed error messages may contain confidential diagnostic information, such as the file system paths to hosted content and logon information. C Tenable Network Security, Inc...

Remote listeners enumeration (Linux / AIX)

By logging into the remote host with the supplied credentials, Nessus was able to obtain the name of the process listening on the remote port. Note that the method used by this plugin only works for hosts running Linux or AIX. TRUSTED...

Microsoft RDP RCE (CVE-2019-0708) (BlueKeep) (uncredentialed check)

Binary data msrdpcve-2019-0708.nbin...

Debian DLA-1444-1 : vim-syntastic security update

CVE-2018-11319 The improper handling of search for configuration files might be exploited for arbitrary code execution via a malicious gcc plugin. For Debian 8 'Jessie', this problem has been fixed in version 3.5.0-1+deb8u1. We recommend that you upgrade your vim-syntastic packages. NOTE: Tenable...

nginx < 1.8.1 / 1.9.x < 1.9.10 Multiple Vulnerabilities

According to the self-reported version in its response header, the version of nginx hosted on the remote web server is less than 1.8.1 or 1.9.x prior to 1.9.10. It is, therefore, affected by multiple vulnerabilities as noted in the vendor advisory. %NASLMINLEVEL 70300 C Tenable Network Security,...

FTP Supports Cleartext Authentication

The remote FTP server allows the user's name and password to be transmitted in cleartext, which could be intercepted by a network sniffer or a man-in-the-middle attack. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid34324; scriptversion"1.28";...

TLS Version 1.1 Protocol Detection

The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1 As of March 31, 2020, Endpoints that...

DNS Server Dynamic Update Record Injection

It was possible to add a record into a zone using the DNS dynamic update protocol, as described by RFC 2136. This protocol can be used by DHCP clients to enter their host names into the DNS maps, but it could be subverted by malicious users to redirect network traffic. C Tenable Network Security,...

Default nginx HTTP Server Settings

The remote webserver contains default settings such as enabled server tokens and/or default files such as the default index or error pages. These items could potentially leak useful information about the server installation. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Web Server Unconfigured - Default Install Page Present

The remote web server uses its default welcome page. Therefore, it's probable that this server is not used at all or is serving content that is meant to be hidden. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid11422; scriptversion"1.45"; scriptcvsdate"Date: 2018/08/...

Windows 7 and Windows 2008 R2 April 2017 Security Updates (Petya)

The remote Windows host is missing security update 4015546 or cumulative update 4015549. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the open-source libjpeg image processing library due to improper handling of objects in memory. An...

Oracle WebLogic Server Deserialization RCE (CVE-2018-2628)

The remote Oracle WebLogic server is affected by a remote code execution vulnerability in the Core Components subcomponent due to unsafe deserialization of Java objects by the RMI registry. An unauthenticated, remote attacker can exploit this, via a crafted Java object, to execute arbitrary Java...

Pligg settemplate.php template Parameter Local File Inclusion

The remote host is running Pligg, an open source content management system. The installed version of Pligg fails to sanitize the 'template' cookie before using it in 'config.php' to include PHP code. An unauthenticated, remote attacker can exploit this issue to view arbitrary files or even execut...

Cacti 1.2.22 Command Injection (CVE-2022-46169)

Binary data cacticmdinjectionCVE-2022-46169.nbin...

SSH Weak MAC Algorithms Enabled

The remote SSH server is configured to allow either MD5 or 96-bit MAC algorithms, both of which are considered weak. Note that this plugin only checks for the options of the SSH server, and it does not check for vulnerable software versions. C Tenable Network Security, Inc. include"compat.inc"; i...

PPA functions.inc.php config[ppa_root_path] Parameter Remote File Inclusion

The remote host is running PPA, a free, PHP-based photo gallery. The installed version of PPA allows remote attackers to control the 'configpparootpath' variable used when including PHP code in the 'inc/functions.inc.php' script. By leveraging this flaw, an attacker may be able to view arbitrary...

PHP 8.1.x < 8.1.11 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.1.11. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.1.11 advisory. - In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress quines gzip files,...

Default Password (artica) for 'root' Account

The account 'root' on the remote host has the password 'artica'. An attacker may leverage this issue to gain total control of the affected system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "root"; password = "artica"; include'deprecatednasllevel.inc'; include'compat.inc'; if...

Exim < 4.93 Privilege Escalation vulnerability

According to its banner, the version of Exim running on the remote host is prior to 4.93. It is, therefore, potentially affected by a privilege escalation vulnerability. A flaw exists in the UNIX symbolic link that could allow an attacker to execute to escalate from the mail user to root. C Tenab...

D-Link Router HNAP GetDeviceSettings Remote Command Execution

The remote D-Link device is affected by a remote command execution vulnerability due to a flaw in the GetDeviceSettings functionality of the HNAP Home Network Administration Protocol server. A remote attacker can exploit this, via a crafted SOAPAction header, to bypass authentication and inject...

FTP Service AUTH TLS Plaintext Command Injection

The remote FTP server contains a software flaw in its AUTH TLS implementation that could allow a remote, unauthenticated attacker to inject commands during the plaintext protocol phase that will be executed during the ciphertext protocol phase. Successful exploitation could permit an attacker to...

PHP 7.4.x < 7.4.32 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 7.4.32. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 7.4.32 advisory. - In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress quines gzip files,...

WordPress 'xmlrpc.php' pingback.ping Server-Side Request Forgery

The WordPress install hosted on the remote web server is affected by a server-side request forgery vulnerability because the 'pingback.ping' method used in 'xmlrpc.php' fails to properly validate source URIs Uniform Resource Identifiers. A remote, unauthenticated attacker can exploit this issue t...

MySQL 5.7.x < 5.7.28 Multiple Vulnerabilities (Oct 2019 CPU)

The version of MySQL running on the remote host is 5.7.x prior to 5.7.28. It is, therefore, affected by multiple vulnerabilities, including three of the top vulnerabilities below, as noted in the October 2019 Critical Patch Update advisory: - Vulnerabilities in the MySQL Server product of Oracle...

Microsoft Windows SMB NativeLanManager Remote System Information Disclosure

Nessus was able to obtain the remote operating system name and version Windows and/or Samba by sending an authentication request to port 139 or 445. Note that this plugin requires SMB to be enabled on the host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10785;...

IBM WebSphere Application Server Malformed Host Header JSP Source Disclosure

It is possible to make the remote web server disclose the source code of its JSP pages by requesting the pages with a nonexistent hostname in the HTTP 'Host' header request when WebSphere Application is sharing the document root of the web server. An attacker may use this flaw to get the source...

Web Server / Application favicon.ico Vendor Fingerprinting

The 'favicon.ico' file found on the remote web server belongs to a popular web server. This may be used to fingerprint the web server. This script was written by Javier Fernandez-Sanguino based on sample code written by Renaud Deraison in the nessus-plugins mailing list It is distributed under th...

MS KB2927432: Visual Studio Update 2 for Debug Interface Access SDK

The version of the Microsoft Debug Interface Access Library on the remote host is affected by a memory corruption vulnerability related to parsing PDB files. An attacker could exploit this issue by tricking a user into loading a malicious file. This could allow an attacker to execute arbitrary co...

MariaDB 5.5.0 < 5.5.54 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 5.5.54. It is, therefore, affected by multiple vulnerabilities as referenced in the 5.5.54 advisory. - mysqldsafe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before...

Bash Incomplete Fix Remote Code Execution Vulnerability (Shellshock)

The remote host is running a version of Bash that is vulnerable to command injection via environment variable manipulation. Depending on the configuration of the system, an attacker can remotely execute arbitrary code. TRUSTED...

HP iLO 4 <= 2.52 RCE

According to its version number, the remote HP Integrated Lights-Out 4 iLO 4 server is affected by multiple unspecified flaws that allow a remote attacker to bypass authentication and execute arbitrary code. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid102803;...

CVS (Web-Based) Entries File Information Disclosure

The remote web server allows access to a 'CVS/Entries' file and thereby exposes file names in the associated repository. %NASLMINLEVEL 70300 This script was written by Nate Haggard SecurityMetrics inc. See the Nessus Scripts License for details Changes by Tenable: - pattern matching to determine ...

Windows Kerberos Elevation of Privilege Vulnerability (CVE-2022-37967) (November 2022)

The remote Windows host is missing a security update. It is, therefore, affected by a Windows Kerberos Elevation of Privilege Vulnerability CVE-2022-37967 %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid176328; scriptversion"1.7";...

VMware ESXi Multiple OpenSSL Vulnerabilities (VMSA-2014-0004) (Heartbleed)

The remote VMware ESXi host is affected by multiple vulnerabilities in the OpenSSL third-party library : - A flaw exist in the Elliptic Curve Digital Signature Algorithm ECDSA implementation due to a failure to ensure that certain swap operations have a constant-time behavior. An attacker can...

MikroTik RouterOS with Blank Password (telnet check)

The remote host is running MikroTik RouterOS without a password for its 'admin' account. Anyone can connect to it and gain administrative access to it. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid30213;...

Geeklog auth.inc.php loginname Parameter SQL Injection

The version of Geeklog installed on the remote fails to sanitize input to the 'loginname' and 'passwd' parameters before using it in the script 'admin/auth.inc.php' to construct database queries. Provided PHP's 'magicquotesgpc' setting is enabled, an unauthenticated attacker can exploit this flaw...

Cisco ASA Software CLI Invalid Command Invocation (cisco-sa-20160817-asa-cli) (EPICBANANA)

The Cisco Adaptive Security Appliance ASA is missing a vendor-supplied security patch. It is, therefore, affected by a flaw in the command-line interface CLI parser related to processing invalid commands. An authenticated, local attacker can exploit this, via certain invalid commands, to cause a...

PHP 5.x < 5.2 Multiple Vulnerabilities

According to its banner, the version of PHP 5.x installed on the remote host is older than 5.2. Such versions may be affected by several buffer overflows. To exploit these issues, an attacker would need the ability to upload an arbitrary PHP script on the remote server or to manipulate several...