Lucene search
K
NessusMost viewed

338622 matches found

Tenable Nessus
Tenable Nessus
•added 2011/02/08 12:0 a.m.•926 views

MS11-004: Vulnerability in Internet Information Services (IIS) FTP Service Could Allow Remote Code Execution (2489256)

The IIS FTP service running on the remote host has a heap-based buffer overflow vulnerability. The 'TELNETSTREAMCONTEXT::OnSendData' function fails to properly sanitize user input, resulting in a buffer overflow. An unauthenticated, remote attacker can exploit this to execute arbitrary code. C...

10CVSS5.5AI score0.94534EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
•added 2018/02/15 12:0 a.m.•925 views

EMC vApp Manager Default Credentials

The EMC vApp Manager web application running on the remote host uses a default set of credentials 'smc' / 'smc'. An unauthenticated, remote attacker can exploit this issue to authenticate to the application and perform actions allowed by the default account. Specifically, the attacker can login a...

10CVSS9AI score0.22103EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
•added 2016/02/29 12:0 a.m.•923 views

Cisco ASA / IOS IKE Fragmentation Vulnerability

The remote Cisco Adaptive Security Appliance ASA or device running IOS / IOS XE is affected by one of the following vulnerabilities in the Internet Key Exchange IKE implementation : - An overflow condition exists in both the IKE and IKEv2 implementations due to improper validation of user-supplie...

10CVSS7.8AI score0.77462EPSS
Exploits4References5
Tenable Nessus
Tenable Nessus
•added 2010/12/20 12:0 a.m.•922 views

Microsoft .NET Framework Detection

Microsoft .NET Framework, a software framework for Microsoft Windows operating systems, is installed on the remote host. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid51351; scriptversion"1.40"; scriptsetattributeattribute:"pluginmodificationdate", value:"2025/10/15...

5.5AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
•added 2017/07/11 12:0 a.m.•918 views

Windows 8.1 and Windows Server 2012 R2 July 2017 Security Updates

The remote Windows host is missing security update 4025333 or cumulative update 4025336. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the Windows Performance Monitor Console due to improper parsing of XML input that contains a...

10CVSS7.6AI score0.58078EPSS
Exploits10References30
Tenable Nessus
Tenable Nessus
•added 2022/06/08 12:0 a.m.•917 views

Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-5469-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5469-1 advisory. It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged...

7.8CVSS7.1AI score0.0155EPSS
Exploits12References19
Tenable Nessus
Tenable Nessus
•added 2010/07/30 12:0 a.m.•916 views

Apache 2.2.x < 2.2.16 Multiple Vulnerabilities

According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.16. It is, therefore, potentially affected by multiple vulnerabilities : - A denial of service vulnerability in modcache and moddav. CVE-2010-1452 - An information disclosure vulnerability in...

5CVSS6.4AI score0.2187EPSS
Exploits4References6
Tenable Nessus
Tenable Nessus
•added 2020/02/21 12:0 a.m.•914 views

Apache Tomcat 9.0.0.M1 < 9.0.31 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.31. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.31security-9 advisory. - When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to...

9.8CVSS8.6AI score0.9927EPSS
Exploits45References11
Tenable Nessus
Tenable Nessus
•added 2008/10/06 12:0 a.m.•913 views

Blue Coat Reporter Default Password (admin) for 'admin' Account

Nessus could gain administrative access to the Blue Coat Reporter install on the remote host using 'admin' for both the username and password. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid34346; scriptversion"$Revision: 1.8 $"; scriptcvsdate"$Date: 2013/01/25...

5.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
•added 2010/07/30 12:0 a.m.•912 views

Apache HTTP Server Version

The remote host is running the Apache HTTP Server, an open source web server. It was possible to read the version number from the banner. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid48204; scriptversion"1.20"; scriptsetattributeattribute:"pluginmodificationdate",...

5.6AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
•added 2017/10/18 12:0 a.m.•910 views

Oracle WebLogic Server Multiple Vulnerabilities (October 2017 CPU)

The version of Oracle WebLogic Server installed on the remote host is affected by multiple vulnerabilities %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid103935; scriptversion"1.16";...

9.9CVSS7AI score0.99993EPSS
Exploits45References6
Tenable Nessus
Tenable Nessus
•added 2016/11/17 12:0 a.m.•908 views

Splunk Enterprise < 5.0.17 / 6.0.13 / 6.1.12 / 6.2.12 / 6.3.8 / 6.4.4 or Splunk Light < 6.5.0 Multiple Vulnerabilities

According to its self-reported version number, the version of Splunk Enterprise hosted on the remote web server is 5.0.x prior to 5.0.17, 6.0.x prior to 6.0.13, 6.1.x prior to 6.1.12, 6.2.x prior to 6.2.12, 6.3.x prior to 6.3.8, or 6.4.x prior to 6.4.4; or else it is Splunk Light prior to 6.5.0. ...

10CVSS7.5AI score0.25671EPSS
Exploits7References4
Tenable Nessus
Tenable Nessus
•added 2021/04/22 12:0 a.m.•907 views

MySQL 5.7.x < 5.7.34 Multiple Vulnerabilities (Apr 2021 CPU)

The version of MySQL running on the remote host is 5.7.x prior to 5.7.34. It is, therefore, affected by multiple vulnerabilities, including the following, as noted in the April 2021 Critical Patch Update advisory: - Vulnerability in the MySQL Server product of Oracle MySQL component: Server:...

6.1CVSS6.8AI score0.62906EPSS
Exploits3References16
Tenable Nessus
Tenable Nessus
•added 2019/08/26 12:0 a.m.•906 views

Flexera FlexNet Publisher < 11.16.2 Multiple Vulnerabilities

The version of Flexera FlexNet Publisher running on the remote host is prior to 11.16.2. It is, therefore, affected by multiple vulnerabilities : - A Denial of Service vulnerability related to preemptive item deletion in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 an...

9.8CVSS7.9AI score0.03669EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
•added 2018/09/20 12:0 a.m.•905 views

Apache Hadoop YARN ResourceManager Unauthenticated RCE (Remote) (Xbash)

The Apache Hadoop YARN ResourceManager running on the remote host is allowing unauthenticated users to create and execute applications. An unauthenticated, remote attacker can exploit this, via a specially crafted HTTP request, to potentially execute arbitrary code, subject to the user privileges...

6AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
•added 2000/05/09 12:0 a.m.•904 views

Microsoft Windows SMB Registry Remotely Accessible

It was possible to access the remote Windows Registry using the login / password combination used for the Windows local checks SMB tests. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10400; scriptversion"1.55"; scriptsetattributeattribute:"pluginmodificationdate",...

5.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
•added 2024/04/23 12:0 a.m.•902 views

PHP 8.2.x < 8.2.18 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 8.1.x prior to 8.1.28, 8.2.x prior to 8.2.18, or 8.3.x prior to 8.3.6. It is, therefore, affected by multiple vulnerabilities: - A command injection via array-ish $command parameter of procopen...

9.4CVSS8.3AI score0.49336EPSS
Exploits6References5
Tenable Nessus
Tenable Nessus
•added 2003/03/24 12:0 a.m.•902 views

Microsoft Windows SMB Registry : Winlogon Cached Password Weakness

The registry key 'HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ Winlogon\CachedLogonsCount' is not 0. Using a value greater than 0 for the CachedLogonsCount key indicates that the remote Windows host locally caches the passwords of the users when they login, in order to continue to allow the...

5.6AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
•added 2016/07/28 12:0 a.m.•901 views

Oracle WebLogic Server Java Object Deserialization RCE (July 2016 CPU)

The remote Oracle WebLogic Server is affected by a remote code execution vulnerability in the WLS Core component in the readObject function due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this, via a crafted object payload, to bypass the...

10CVSS7.4AI score0.91402EPSS
Exploits7References4
Tenable Nessus
Tenable Nessus
•added 2009/01/23 12:0 a.m.•901 views

Microsoft Windows Update Reboot Required

According to entries in its registry, a reboot is required by Windows Update to complete installation of at least one update. If the pending changes are security-related, the remote host could remain vulnerable to attack until a reboot occurs. C Tenable Network Security, Inc. include'compat.inc';...

5.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
•added 2018/02/05 12:0 a.m.•899 views

Microsoft Windows IIS Default Index Page

The remote web server uses the default IIS index page. This page may contain extra version information and is an indication of a misconfigured server. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid106609; scriptversion "1.3";...

5.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
•added 2020/08/14 12:0 a.m.•898 views

Security Updates for SQL Server Management Studio (August 2020)

The SQL Server Management Studio installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability : - A denial of service vulnerability exists when Microsoft SQL Server Management Studio SSMS improperly handles files. An attacker could exploi...

5.5CVSS6.8AI score0.01228EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
•added 2014/08/14 12:0 a.m.•898 views

OpenSSL 'ChangeCipherSpec' MiTM Vulnerability

The OpenSSL service on the remote host is vulnerable to a man-in-the-middle MiTM attack, based on its acceptance of a specially crafted handshake. This flaw could allow a MiTM attacker to decrypt or forge SSL messages by telling the service to begin encrypted communications before key material ha...

7.4CVSS7.5AI score0.99977EPSS
Exploits14References10
Tenable Nessus
Tenable Nessus
•added 2020/07/31 12:0 a.m.•893 views

Windows Security Feature Bypass in Secure Boot (BootHole)

Binary data windowsuefiboothole.nbin...

8.2CVSS8.7AI score0.01738EPSS
Exploits1References24
Tenable Nessus
Tenable Nessus
•added 2020/10/22 12:0 a.m.•892 views

Oracle Java SE 1.7.0_281 / 1.8.0_271 / 1.11.0_9 / 1.15.0_1 Multiple Vulnerabilities (Oct 2020 CPU)

The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is prior to 7 Update 281, 8 Update 271, 11 Update 9, or 15 Update 1. It is, therefore, affected by multiple vulnerabilities related to the following components as referenced in the October 2020 CPU...

5.8CVSS6AI score0.03713EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
•added 2012/06/11 12:0 a.m.•890 views

MySQL 5.5 < 5.5.24 Security Bypass Vulnerability

The version of MySQL 5.5 installed on the remote host is earlier than 5.5.24 and is, therefore, affected by the following vulnerabilities : - Several errors exist related to 'GIS Extension', 'Server', 'InnoDB' and 'Server Optimizer' components that can allow denial of service attacks...

6.8CVSS8.5AI score0.96188EPSS
Exploits10References10
Tenable Nessus
Tenable Nessus
•added 2018/01/04 12:0 a.m.•889 views

KB4056898: Windows 8.1 and Windows Server 2012 R2 January 2018 Security Update (Meltdown)(Spectre)

The remote Windows host is missing security update 4056898 or cumulative update 4056895. It is, therefore, affected by multiple vulnerabilities : - An vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local...

7.8CVSS8.2AI score0.93838EPSS
Exploits21References19
Tenable Nessus
Tenable Nessus
•added 2006/05/03 12:0 a.m.•888 views

phpBB Advanced GuestBook addentry.php phpbb_root_path Parameter Remote File Inclusion

The remote host is running Advanced Guestbook, a free guestbook written in PHP. The version of Advanced Guestbook installed on the remote host fails to sanitize input to the 'phpbbrootpath' parameter of the 'admin/addentry.php' script before using it in a PHP 'include' function. Provided PHP's...

7.5CVSS6AI score0.08341EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
•added 2011/12/01 12:0 a.m.•886 views

SSL / TLS Versions Supported

This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications. TRUSTED...

5.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
•added 2011/08/09 12:0 a.m.•884 views

MS11-058: Vulnerabilities in DNS Server Could Allow Remote Code Execution (2562485)

The version of Windows DNS server running on the remote host has the following vulnerabilities : - A memory corruption vulnerability that can be triggered by making a specially crafted NAPTR query, which can result in arbitrary code execution. CVE-2011-1966 - A denial of service vulnerability...

10CVSS6.2AI score0.55203EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
•added 2021/06/04 12:0 a.m.•883 views

Apache 2.4.x < 2.4.47 Multiple Vulnerabilities

The version of Apache httpd installed on the remote host is prior to 2.4.47. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.47 changelog: - Unexpected section matching with 'MergeSlashes OFF' CVE-2021-30641 - modauthdigest: possible stack overflow by one nul byte...

9.8CVSS7.2AI score0.68067EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
•added 2013/11/01 12:0 a.m.•883 views

Apache PHP-CGI Remote Code Execution

The PHP installation on the remote web server contains a flaw that could allow a remote attacker to pass command-line arguments as part of a query string to the PHP-CGI program. This could be abused to execute arbitrary code, reveal PHP source code, cause a system crash, etc. %NASLMINLEVEL 70300 ...

9.8CVSS8.7AI score0.99998EPSS
Exploits42References4
Tenable Nessus
Tenable Nessus
•added 2009/10/07 12:0 a.m.•882 views

Web Server Allows Password Auto-Completion

The remote web server contains at least one HTML form field that has an input of type 'password' where 'autocomplete' is not set to 'off'. While this does not represent a risk to this web server per se, it does mean that users who use the affected forms may have their credentials saved in their...

5.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
•added 2016/09/15 12:0 a.m.•879 views

WordPress < 4.6.1 Multiple Vulnerabilities

According to its self-reported version number, the WordPress application running on the remote web server is prior to 4.6.1. It is, therefore, affected by multiple vulnerabilities : - A cross-site scripting vulnerability XSS exists when handling file names of uploaded images due to improper...

6.5CVSS6.7AI score0.03237EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
•added 2013/07/19 12:0 a.m.•879 views

Apache Struts 2 'action:' Parameter Arbitrary Remote Command Execution

The remote web application appears to use Struts 2, a web framework that utilizes OGNL Object-Graph Navigation Language as an expression language. Due to a flaw in the evaluation of an OGNL expression prefixed by the 'action:' parameter, a remote, unauthenticated attacker can exploit this issue t...

9.8CVSS8.2AI score0.99998EPSS
Exploits18References4
Tenable Nessus
Tenable Nessus
•added 2012/04/11 12:0 a.m.•878 views

MS12-027: Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258)

A memory corruption issue exists in Windows common controls, specifically within the MSCOMCTL.TreeView, MSCOMCTL.ListView2, MSCOMCTL.TreeView2, and MSCOMCTL.ListView controls component of MSCOMCTL.OCX, due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can...

9.3CVSS7.8AI score0.99966EPSS
Exploits12References2
Tenable Nessus
Tenable Nessus
•added 2016/03/24 12:0 a.m.•877 views

HP System Management Homepage < 7.5.4 Multiple Vulnerabilities (Logjam)

According to the web server's banner, the version of HP System Management Homepage SMH hosted on the remote web server is a version prior to 7.5.4. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists when processing an ECParameters structure du...

10CVSS8.3AI score0.9986EPSS
Exploits8References17
Tenable Nessus
Tenable Nessus
•added 2012/11/16 12:0 a.m.•877 views

MS12-073: Vulnerabilities in Microsoft IIS Could Allow Information Disclosure (2733829) (uncredentialed check)

The FTP service in the version of Microsoft IIS 7.0 or 7.5 on the remote Windows host is affected by a command injection vulnerability that could result in unauthorized information disclosure. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid62940; scriptversion"1.11";...

5CVSS5.5AI score0.41968EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
•added 2022/11/08 12:0 a.m.•876 views

KB5019964: Windows 10 Version 1607 and Windows Server 2016 Security Update (November 2022)

The remote Windows host is missing security update 5019964. It is, therefore, affected by multiple vulnerabilities - AMD: CVE-2022-23824 IBPB and Return Address Predictor Interactions CVE-2022-23824 - Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability CVE-2022-37966 - Windows Kerberos...

8.8CVSS7AI score0.24808EPSS
Exploits1References37
Tenable Nessus
Tenable Nessus
•added 2022/06/09 12:0 a.m.•873 views

PHP 8.0.x < 8.0.20 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.0.20. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.0.20 advisory. - In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplyi...

8.8CVSS9.2AI score0.5838EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
•added 2019/01/09 12:0 a.m.•873 views

Security Updates for Windows 10 / Windows Server 2016 (January 2019) (Spectre)

The remote Windows host is missing a security update. It is, therefore, missing microcode updates to address Spectre Variant 2 CVE-2017-5715: Branch Target Injection vulnerability. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid121035; scriptversion"1.8";...

5.6CVSS7.3AI score0.74041EPSS
Exploits8References7
Tenable Nessus
Tenable Nessus
•added 2018/06/27 12:0 a.m.•869 views

Target Credential Status by Authentication Protocol - No Credentials Provided

Nessus was not able to successfully authenticate directly to the remote target on an available authentication protocol. Nessus was able to connect to the remote port and identify that the service running on the port supports an authentication protocol, but Nessus failed to authenticate to the...

5.7AI score
Exploits0
Tenable Nessus
Tenable Nessus
•added 2017/11/02 12:0 a.m.•869 views

Apache Tomcat 6.0.x < 6.0.24 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host is 6.0.x prior to 6.0.24. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it was possible for t...

8.1CVSS8.1AI score0.99988EPSS
Exploits36References4
Tenable Nessus
Tenable Nessus
•added 2006/03/27 12:0 a.m.•868 views

PostNuke PNphpBB2 includes/functions_admin.php phpbb_root_path Parameter Remote File Inclusion

The installation of PostNuke on the remote host includes a version of the PNphpBB2 module that fails to sanitize input to the 'phpbbrootpath' parameter of the 'includes/functionsadmin.php' script before using it in a PHP 'includeonce' function. Provided PHP's 'registerglobals' setting is enabled,...

7.5CVSS6AI score0.09415EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
•added 2017/06/14 12:0 a.m.•867 views

Security Update for Microsoft Office Products (June 2017)

The Microsoft Office application installed on the remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple remote code execution vulnerabilities exist in Microsoft Office due to improper validation of input before loading dynamic link...

9.3CVSS7.7AI score0.39019EPSS
Exploits20References26
Tenable Nessus
Tenable Nessus
•added 2015/10/13 12:0 a.m.•867 views

MS KB2960358: Update for Disabling RC4 in .NET TLS

The remote host is missing an update for disabling the weak RC4 cipher suite in .NET TLS. Note that even though .NET Framework 4.6 itself is not affected, any Framework 4.5, 4.5.1, or 4.5.2 application that runs on a system that has 4.6 installed is affected. C Tenable Network Security, Inc...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
•added 2023/03/21 12:0 a.m.•866 views

Amazon Linux 2023 : openssl, openssl-devel, openssl-libs (ALAS2023-2023-051)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-051 advisory. The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates...

10CVSS8.1AI score0.95764EPSS
Exploits14References20
Tenable Nessus
Tenable Nessus
•added 2018/08/17 12:0 a.m.•865 views

Security Updates for Microsoft Visual Studio Products (Aug 2018)

The Microsoft Visual Studio Products are missing security updates. It is, therefore, affected by a privilege escalation vulnerability when Diagnostics Hub Standard Collector allows file creation in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on to the...

7.8CVSS7.9AI score0.06232EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
•added 2000/05/20 12:0 a.m.•866 views

Microsoft Windows SMB Registry : Autologon Enabled

This script determines whether the autologon feature is enabled. This feature allows an intruder to log into the remote host as DefaultUserName with the password DefaultPassword. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10412; scriptversion"1.36";...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
•added 2023/10/19 12:0 a.m.•863 views

Oracle MySQL Server 5.7.x < 5.7.44 (October 2023 CPU)

The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2023 CPU advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.7.43 and prior an...

9.8CVSS6.8AI score0.78483EPSS
Exploits6References5
Total number of security vulnerabilities5000