ACal embed/day.php path Parameter Remote File Inclusion

The remote host is running ACal, an open source, web-based event calendar written in PHP. The version of ACal installed on the remote host fails to sanitize user-supplied input to the 'path' parameter of the 'embed/day.php' script before using it in PHP 'include' functions. Provided PHP's...

Oracle Java SE 1.7.0_241 / 1.8.0_231 / 1.11.0_5 / 1.13.0_1 Multiple Vulnerabilities (Oct 2019 CPU) (Windows)

The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is prior to 7 Update 241, 8 Update 231, 11 Update 5, or 13 Update 1. It is, therefore, affected by multiple vulnerabilities related to the following components : - 2D - Libraries - Kerberos - Networking -...

Kaspersky Internet Security Heartbeat Information Disclosure (Heartbleed)

The remote host has a version of Kaspersky Internet Security KIS installed that is missing a vendor patch. It is, therefore, affected by an information disclosure vulnerability. An out-of-bounds read error, known as the 'Heartbleed Bug', exists related to handling TLS heartbeat extensions that...

Microsoft Windows SMB Registry : Autologon Enabled

This script determines whether the autologon feature is enabled. This feature allows an intruder to log into the remote host as DefaultUserName with the password DefaultPassword. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10412; scriptversion"1.36";...

Security Updates for Microsoft SQL Server (February 2023)

The Microsoft SQL Server installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2023-21528,...

CGI Generic SQL Injection (blind, time based)

By sending specially crafted parameters to one or more CGI scripts hosted on the remote web server, Nessus was able to get a slower response, which suggests that it may have been able to modify the behavior of the application and directly access the underlying database. An attacker may be able to...

Dell iDRAC6 / iDRAC7 / iDRAC8 Path Traversal Authentication Bypass

The remote Dell Remote Access Controller iDRAC6 / iDRAC7 / iDRAC8 is affected by a path traversal vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to bypass authentication and gain privileged access to the iDRAC controller. Note that the...

Amazon Linux 2 : pcs (ALAS-2023-1905)

The version of pcs installed on the remote host is prior to 0.9.169-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1905 advisory. A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects...

Oracle Java JRE Unsupported Version Detection

According to its self-reported version number, at least one installation of Oracle formerly Sun Java JRE on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security...

Dell iDRAC Buffer Overflow Vulnerability (CVE-2020-5344)

The remote host is running iDRAC7 with a firmware version prior to 2.65.65.65, or iDRAC8 with a firmware version prior to 2.70.70.70, or iDRAC9 with a firmware version prior to 4.00.00.00 and is therefore affected by an buffer overflow vulnerability. An unauthenticated remote attacker may exploit...

CKEditor 4.5.11 < 4.9.2 Enhanced Image Plugin XSS

The version of CKEditor installed on the remote host is affected by a cross-site scripting vulnerability. The included 'Enhanced Image' plugin causes CKEditor to fail to properly sanitize user-supplied input. A remote, unauthenticated attacker can leverage this issue to inject arbitrary HTML and...

dnsmasq < 2.78 Multiple Remote Vulnerabilities

The version of dnsmasq installed on the remote host is prior to 2.78, and thus, is affected by the following vulnerabilities : - Denial of service related to handling DNS queries exceeding 512 bytes. CVE-2017-13704 - Heap overflow related to handling DNS requests. CVE-2017-14491 - Heap overflow...

OpenSSH MaxAuthTries Bypass

The remote SSH server is affected by a security bypass vulnerability due to a flaw in the keyboard-interactive authentication mechanisms. The kbdintnextdevice function in auth2-chall.c improperly restricts the processing of keyboard-interactive devices within a single connection. A remote attacke...

SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE)

The remote host is affected by a man-in-the-middle MitM information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. MitM attackers can decrypt a...

ESXi 6.0 / 6.5 / 6.7 Multiple Vulnerabilities (VMSA-2018-0027) (Remote Check)

The remote VMware ESXi host is version 6.0, 6.5, or 6.7 and is missing a security patch. It is, therefore, vulnerable to multiple vulnerabilities. Leveraging the most severe of these vulnerabilities could allow an attacker to execute arbitrary code on the host from the security context of an...

Microsoft Windows LM / NTLMv1 Authentication Enabled

The remote host is configured to attempt LM and/or NTLMv1 for outbound authentication. These protocols use weak encryption. A remote attacker who is able to read LM or NTLMv1 challenge and response packets could exploit this to get a user's LM or NTLM hash, which would allow an attacker to...

Jetty < 9.4.41 Multiple Vulnerabilities

According to its self-reported version number, the instance of Jetty hosted on the remote web server is prior to 9.4.41, 10.0.x prior to 10.0.3 or 11.0.x prior to 11.0.3. It is, therefore, affected by multiple vulnerabilities: - An issue with failure to invalidate sessions after an exception in t...

LDAP Server NULL Bind Connection Information Disclosure

The LDAP server on the remote host is currently configured such that a user can connect to it without authentication - via a 'NULL BIND' - and query it for information. Although the queries that are allowed are likely to be fairly restricted, this may result in disclosure of information that an...

ISC BIND 9.16.11 < 9.16.27 / 9.16.11-S1 < 9.16.27-S1 / 9.17.0 < 9.18.1 Vulnerability (CVE-2022-0396)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-0396 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

Ubuntu 18.04 LTS / 20.04 LTS : XStream vulnerabilities (USN-4943-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4943-1 advisory. Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code execution. A remote attacker could run arbitrary shell commands by...

OS Identification

Using a combination of remote probes e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc., it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system. %NASLMINLEVEL 70300 C Tenable, Inc. @@NOTE: The output of this plugin...

Oracle WebLogic Server Java Object RMI Connect-Back Deserialization RCE (January 2017 CPU)

The version of Oracle WebLogic Server installed on the remote host is affected by a remote code execution vulnerability in the Core Components subcomponent due to unsafe deserialization of Java objects by the RMI registry. An unauthenticated, remote attacker can exploit this, via a crafted Java...

Lodash < 4.17.21 Multiple Vulnerabilities

According to its self-reported version number, Lodash is prior to 4.17.21. It is, therefore, affected by multiple vulnerabilities: - A command injection via template. CVE-2021-23337 - A regular expression denial of dervice via the toNumber, trim and trimEnd functions. CVE-2020-28500 Note that the...

PCI DSS Compliance : Scan Interference

Interference from either the network or the host did not allow the scan to fulfill the PCI DSS scan validation requirements. This report is insufficient to certify this server. There may be a firewall, IDS or other software blocking Nessus from scanning. C Tenable Network Security, Inc...

McAfee VirusScan Enterprise < 8.8 Patch 16 Access Control Bypass Vulnerability (SB10338)

The version of McAfee VirusScan Enterprise VSE installed on the remote Windows host is prior to 8.8 Patch 16. It is, therefore, affected by an access control bypass vulnerability which allows local administrators the ability to bypass local security protections by carefully manipulating the code...

Amazon Linux 2023 : php8.1, php8.1-bcmath, php8.1-cli (ALAS2023-2023-139)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-139 advisory. In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the passwo...

Firefox < 12.0 Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox is earlier than 12.0 and thus, is potentially affected by the following security issues : - An error exists with handling JavaScript errors that can lead to information disclosure. CVE-2011-1187 - An off-by-one error exists in the 'OpenType Sanitizer' which can le...

KB5018411: Windows 10 Version 1607 and Windows Server 2016 Security Update (October 2022)

The remote Windows host is missing security update 5018411. It is, therefore, affected by multiple vulnerabilities - Server Service Remote Protocol Elevation of Privilege Vulnerability CVE-2022-38045 - Microsoft ODBC Driver Remote Code Execution Vulnerability CVE-2022-38040 - Microsoft WDAC OLE D...

Default Password (db2admin) for 'db2admin' Account on Windows

The 'db2admin' account on the remote Windows host uses a known password. This account may have been created during installation of DB2 for use when managing the application, and it likely belongs to the Local Administrators group. Note that while the DB2 installation no longer uses a default...

Apache Tomcat 8.5.5 < 8.5.32 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.5.32. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.5.32security-8 advisory. - If an async request was completed by the application at the same time as the container triggered the...

SolarWinds DameWare Mini Remote Control < 12.0 Hotfix 2 SSLv3 Padding Oracle On Downgraded Legacy Encryption (POODLE)

The remote host is running a version of SolarWinds DameWare Mini Remote Control prior to 12.0 Hotfix 2. It is, therefore, affected by a man-in-the-middle MitM information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting...

MS15-101: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3089662)

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities in the Microsoft .NET Framework : - An elevation of privilege vulnerability exists due to improper validation of the number of objects in memory before they are copied into an array. A...

Oracle Java SE 1.7.0_331 / 1.8.0_321 / 1.11.0_14 / 1.17.0_2 Multiple Vulnerabilities (Unix January 2022 CPU)

The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is affected by multiple vulnerabilities as referenced in the January 2022 CPU advisory: - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D...

Network Camera Web Server Detection

The remote web server controls a network camera. C Tenable, Inc. References: http://johnny.ihackstuff.com/ghdb.php?function=summary&cat=18 http://www.net-security.org/vuln.php?id=3288 include"compat.inc"; if description scriptid33523; scriptversion"1.40";...

WordPress 5.9 < 5.9.2 / 5.8 < 5.8.4 / 5.7 < 5.7.6 / 5.6 < 5.6.8 / 5.5 < 5.5.9 / 5.4 < 5.4.10 / 5.3 < 5.3.12 / 5.2 < 5.2.15 / 5.1 < 5.1.13 / 5.0 < 5.0.16 / 4.9 < 4.9.20 / 4.8 < 4.8.19 / 4.7 < 4.7.23 / 4.6 < 4.6.23 / 4.5 < 4.5.26 / 4.4 < 4.4.27 / 4.3 < 4.3.28 / 4.2 < 4.2.32 / 4.1 < 4.1.35 / 4.0 < 4.0.35 / 3.9 < 3.9.36 / 3.8 < 3.8.38 / 3.7 < 3.7.38

WordPress versions 5.9 5.9.2 / 5.8 5.8.4 / 5.7 5.7.6 / 5.6 5.6.8 / 5.5 5.5.9 / 5.4 5.4.10 / 5.3 5.3.12 / 5.2 5.2.15 / 5.1 5.1.13 / 5.0 5.0.16 / 4.9 4.9.20 / 4.8 4.8.19 / 4.7 4.7.23 / 4.6 4.6.23 / 4.5 4.5.26 / 4.4 4.4.27 / 4.3 4.3.28 / 4.2 4.2.32 / 4.1 4.1.35 / 4.0 4.0.35 / 3.9 3.9.36 / 3.8 3.8.38...

PHP < 7.1.33 / 7.2.x < 7.2.24 / 7.3.x < 7.3.11 Remote Code Execution Vulnerability.

According to its banner, the version of PHP running on the remote web server is prior to 7.1.33, 7.2.x prior to 7.2.24, or 7.3.x prior to 7.3.11. It is, therefore, affected by a remote code execution vulnerability due to insufficient validation of user input. An unauthenticated, remote attacker c...

Cisco IOS Software Smart Install Remote Code Execution Vulnerability

According to its self-reported version, the IOS is affected by one or more vulnerabilities. Please see the included Cisco BIDs and the Cisco Security Advisory for more information. TRUSTED...

JetBrains TeamCity Agent XML-RPC Port RCE

The JetBrains TeamCity agent running on the remote host is affected by a remote command execution vulnerability due to the agent behaving as a bidirectional agent even when the unidirectional protocol is enabled. An unauthenticated, remote attacker can exploit this to execute commands via the...

Dell EMC iDRAC8 < 2.83.83.83 / Dell EMC iDRAC9 < 5.10.30.00 (DSA-2022-154)

The version of Dell EMC iDRAC8 or Dell EMC iDRAC9 installed on the remote host is prior to 2.83.83.83/5.10.30.00. It is, therefore, affected by a vulnerability as referenced in the DSA-2022-154 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application...

HP Printers Security Bypass (HPSBPI03107)

The remote HP printer is affected by a security bypass vulnerability. The included OpenSSL library has a security bypass flaw in the handshake process. By using a specially crafted handshake, a remote attacker can force the use of weak keying material. This could be leveraged for a...

Bash Remote Code Execution (CVE-2014-6277 / CVE-2014-6278) (Shellshock)

The remote host is running a version of Bash that is vulnerable to command injection via environment variable manipulation. Depending on the configuration of the system, an attacker could remotely execute arbitrary code. TRUSTED...

Host Fully Qualified Domain Name (FQDN) Resolution

Nessus was able to resolve the fully qualified domain name FQDN of the remote host. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid12053; scriptversion"1.17"; scriptsetattributeattribute:"pluginmodificationdate", value:"2025/03/13"; scriptnameenglish:"Host Fully...

Apache 2.4.x < 2.4.59 Multiple Vulnerabilities

The version of Apache httpd installed on the remote host is prior to 2.4.59. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.59 advisory. - Apache HTTP Server: HTTP Response Splitting in multiple modules: HTTP Response splitting in multiple modules in Apache HTTP...

Apache Tomcat 8.5.0 < 8.5.57 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.5.57. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.5.57security-8 advisory. - The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to...

Oracle Java JRE Unsupported Version Detection (Unix)

According to its self-reported version number, at least one installation of Oracle formerly Sun Java JRE on the remote host is no longer supported. The underlying detection plugins enumerates Java installations via binary, path and document inspection to ascertain confidence levels. As Java can b...

Windows 2008 July 2017 Multiple Security Updates

The remote Windows host is missing multiple security updates. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the Windows Performance Monitor Console due to improper parsing of XML input that contains a reference to an external entity. ...

Apache 2.2.x < 2.2.33-dev / 2.4.x < 2.4.26 Multiple Vulnerabilities

According to its banner, the version of Apache running on the remote host is 2.2.x prior to 2.2.33-dev or 2.4.x prior to 2.4.26. It is, therefore, affected by the following vulnerabilities : - An authentication bypass vulnerability exists due to third-party modules using the apgetbasicauthpw...

Exim < 4.97.1 SMTP smuggling

Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but...

PHP 5.6.x < 5.6.36 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.36. It is, therefore, affected by multiple vulnerabilities. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid109576;...

Linksys WVC54GCA Wireless-G '/img/main.cgi' Information Disclosure

The remote host is a Linksys WVC54GCA network camera. The version of the firmware of the remote camera contains a flaw that allows authenticated users to download the .htpasswd file from the remote host, which gives them the ability to crack the passwords of other users, including the password of...