339710 matches found
Windows 2008 July 2017 Multiple Security Updates
The remote Windows host is missing multiple security updates. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the Windows Performance Monitor Console due to improper parsing of XML input that contains a reference to an external entity. ...
Apache 2.2.x < 2.2.33-dev / 2.4.x < 2.4.26 Multiple Vulnerabilities
According to its banner, the version of Apache running on the remote host is 2.2.x prior to 2.2.33-dev or 2.4.x prior to 2.4.26. It is, therefore, affected by the following vulnerabilities : - An authentication bypass vulnerability exists due to third-party modules using the apgetbasicauthpw...
PHP 5.6.x < 5.6.36 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.36. It is, therefore, affected by multiple vulnerabilities. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid109576;...
Linksys WVC54GCA Wireless-G '/img/main.cgi' Information Disclosure
The remote host is a Linksys WVC54GCA network camera. The version of the firmware of the remote camera contains a flaw that allows authenticated users to download the .htpasswd file from the remote host, which gives them the ability to crack the passwords of other users, including the password of...
FTP Writable Directories
By crawling through the remote FTP server, Nessus discovered several directories were marked as being world-writable. This could have several negative impacts : - Temporary file uploads are sometimes immediately available to all anonymous users, allowing the FTP server to be used as a 'drop' poin...
HP Data Protector 7.0x < 7.03 build 108 / 8.1x < 8.15 / 9.0x < 9.06 Multiple Vulnerabilities (HPSBGN03580) (Bar Mitzvah)
The version of HP Data Protector installed on the remote host is 7.0x prior to 7.03 build 108, 8.1x prior to 8.15, or 9.0x prior to 9.06. It is, therefore, affected by the following vulnerabilities : - A security feature bypass vulnerability exists, known as Bar Mitzvah, due to improper combinati...
KB5018419: Windows 10 version 1809 / Windows Server 2019 Security Update (October 2022)
The remote Windows host is missing security update 5018419. It is, therefore, affected by multiple vulnerabilities - Server Service Remote Protocol Elevation of Privilege Vulnerability CVE-2022-38045 - Microsoft ODBC Driver Remote Code Execution Vulnerability CVE-2022-38040 - Microsoft WDAC OLE D...
SSH Algorithms and Languages Supported
This script detects which algorithms and languages are supported by the remote service for encrypting communications. TRUSTED...
SAP Host Control SOAP Web Service Detection
SAP Host Control, a SOAP endpoint, is running on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid62292; scriptversion"1.4"; scriptcvsdate"Date: 2019/11/22"; scriptnameenglish:"SAP Host Control SOAP Web Service Detection"; scriptsummaryenglish:"Looks f...
SUSE SLES15 / openSUSE 15 Security Update : nodejs16 (SUSE-SU-2022:3250-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3250-1 advisory. - CVE-2022-35949: Fixed SSRF when an application takes in user input into the path/pathname option of undici.request...
Foscam C1 IP Camera FTP Hard Coded Password
Nessus was able to log in to the remote FTP server, using the username 'r' with the password 'r', and identify the remote server as a vulnerable Foscam C1 IP Camera. A remote attacker can exploit this to access its FTP service and the mounted Micro-SD card. C Tenable Network Security, Inc...
MySQL Protocol Remote User Enumeration
The version of MySQL or MariaDB running on the remote host has a user enumeration vulnerability. A remote, unauthenticated attacker could exploit this to learn the names of valid database users. This information could be used to mount further attacks. C Tenable Network Security, Inc...
BMC SNMP Agent Default Community Name (public)
The remote SNMP server, listening on port 8161 probably part of BMC Patrol has a community name set to 'public'. An attacker may use this information to gain more knowledge about the remote host or to change the configuration of the remote system if the default community allow such modifications....
Log4Shell Ecosystem Wrapper
"This plugin was used in the scan template 'Log4Shell Vulnerability Ecosystem' prior to 2/2/2022 as a way to include other plugins related to the Log4j vulnerabilities CVE-2021-44228, CVE-2021-44832, CVE-2021-45046, and CVE-2021-4104, including those based on patches from other vendors." + '\n' +...
AXIS Multiple Vulnerabilities (ACV-128401)
The firmware version running on the remote host is vulnerable to multiple vulnerabilities. An unauthenticated remote attacker could gain system-level unauthorized access to the affected device. Note that Nessus has not tested for these issues but has instead relied only on the application's...
ESXi 6.0 U1 < Build 5251621 / 6.0 U2 < Build 5251623 / 6.0 U3 < Build 5224934 Multiple Vulnerabilities (VMSA-2017-0006) (remote check)
The version of the remote VMware ESXi 6.0 host is 6.0 U1 prior to build 5251621, 6.0 U2 prior to build 5251623, or 6.0 U3 prior to build 5224934. It is, therefore, affected by multiple vulnerabilities : - A stack memory initialization flaw exists that allows an attacker on the guest to execute...
Multiple Server Crafted Request WEB-INF Directory Information Disclosure
By making a specially-formatted request to the remote web server, it is possible to retrieve files located under the 'WEB-INF' directory. Note that this vulnerability is known to affect the Win32 versions of multiple J2EE servlet containers / application servers. %NASLMINLEVEL 70300 This script w...
Apache 2.4.18 / 2.4.20 X.509 Certificate Authentication Bypass
According to its banner, the version of Apache running on the remote host is either 2.4.18 or 2.4.20. Additionally, HTTP/2 is enabled over TLS or SSL. It is, therefore, affected by the an authentication bypass vulnerability in the experimental module for the HTTP/2 protocol due to a failure to...
UBB.threads addpost_newpoll.php thispath Parameter Remote File Inclusion
The version of UBB.threads installed on the remote host fails to sanitize input to the 'thispath' parameter before using it in a PHP include function in the 'addpostnewpoll.php' script. Provided PHP's 'registerglobals' setting is enabled, an unauthenticated attacker may be able to exploit this fl...
PHP 8.2.x < 8.2.3 Multiple Vulnerabilities
According to its self-reported version number, the version of PHP installed on the remote host is 8.0.x prior to 8.0.28, 8.1.x prior to 8.1.16, or 8.2.x prior to 8.2.3. It is, therefore, affected by multiple vulnerabilities: - A denial of service DoS attack due to insufficient validation of...
SSL / TLS Certificate Known Hard Coded Private Keys
The remote host is running a service that is using a publicly known SSL / TLS private key. An attacker may use this key to decrypt intercepted traffic between users and the device. A remote attacker can also perform a man-in-the-middle attack in order to gain access to the system or modify data i...
CGI Generic Unseen Parameters Discovery
By sending requests with additional parameters such as 'admin', 'debug', or 'test' to CGI scripts hosted on the remote web server, Nessus was able to generate at least one significantly different response even though the parameters themselves do not actually appear in responses. This behavior...
Lexmark Printer config.html Administrator Authentication Bypass (FREAK)
According to its firmware version, the remote Lexmark printer is affected by a security feature bypass vulnerability, known as FREAK Factoring attack on RSA-EXPORT Keys, due to the support of weak EXPORTRSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may b...
MariaDB 5.5.0 < 5.5.64 Multiple Vulnerabilities
The version of MariaDB installed on the remote host is prior to 5.5.64. It is, therefore, affected by multiple vulnerabilities as referenced in the 5.5.64 advisory. - Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Privileges. Supported versions that ar...
KB5018410: Windows 10 Version 20H2 / 21H1 / 21H2 Security Update (October 2022)
The remote Windows host is missing security update 5018410. It is, therefore, affected by multiple vulnerabilities - Server Service Remote Protocol Elevation of Privilege Vulnerability CVE-2022-38045 - Microsoft ODBC Driver Remote Code Execution Vulnerability CVE-2022-38040 - Microsoft WDAC OLE D...
Apache Tomcat 8.x < 8.5.78 Spring4Shell CVE-2021-43980
The version of Apache Tomcat installed on the remote host is 8.x prior to 8.5.78. - The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing but extremely hard to trigger concurrency bug in Apache Tomcat...
Service Detection (HELP Request)
It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives a 'HELP' request. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid11153; scriptversion"1.318"; scriptsetattributeattribute:"pluginmodificationdate...
VMware vCenter Converter 5.1.x < 5.1.2 / 5.5.x < 5.5.3 Multiple Vulnerabilities (VMSA-2014-0010) (Shellshock)
The version of VMware vCenter Converter installed on the remote Windows host is 5.1.x prior to 5.1.2 or 5.5.x prior to 5.5.3. It is, therefore, affected by the following vulnerabilities : - A command injection vulnerability exists in GNU Bash known as Shellshock, which is due to the processing of...
Lexmark Markvision Enterprise Default Credentials
The remote Lexmark Markvision Enterprise install, a web-based printer and multi-function device management system, is protected with a set of known default credentials that allow admin level access to the application. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
KB4022727: Windows 10 Version 1507 June 2017 Cumulative Update
The remote Windows 10 version 1507 host is missing security update KB4022727. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in Windows Hyper-V instruction emulation due to a failure to properly enforce privilege levels. An attacker on a...
SSL Certificate Chain Analysis
This plugin examines the chain of X.509 certificates used by this service. TRUSTED...
HP System Management Homepage Detection
HP System Management Homepage SMH, formerly Compaq Web Management, is running on the remote web server. SMH is a web-based application for managing HP ProLiant and Integrity servers, or HP 9000 and HP Integrity servers. C Tenable Network Security, Inc. include"compat.inc"; if description...
Security Updates for Windows Malicious Software Removal Tool (January 2023)
The Windows Malicious Software Removal Tool installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. CVE-2023-21725 %NASLMINLEVEL...
Postfix Script Remote Command Execution via Shellshock
The remote host appears to be running Postfix. Postfix itself is not vulnerable to Shellshock; however, any bash script Postfix runs for filtering or other tasks could potentially be affected if the script exports an environmental variable from the content or headers of a message. A negative resu...
Amazon Linux AMI : httpd (ALAS-2017-851)
Apache HTTP Request Parsing Whitespace Defects It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that...
Default Password 'vizxv' for 'root' Account
The account 'root' on the remote host has the default password 'vizxv'. A remote attacker can exploit this issue to gain administrative access to the affected system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "root"; password = "vizxv"; include'deprecatednasllevel.inc';...
ASP.NET Core SEoL
According to its version, the ASP.NET Core installed on the remote host is no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL 80900...
Elasticsearch ESA-2018-15
Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. The Elasticsearch cluster/settings API, when queried, could leak sensitive configuration information such as passwords, tokens, or usernames. This...
Web Server HTTP Dangerous Method Detection
The PUT method allows an attacker to upload arbitrary web pages on the server. If the server is configured to support scripts like ASP, JSP, or PHP it will allow the attacker to execute code with the privileges of the web server. The DELETE method allows an attacker to delete arbitrary content fr...
SMB Server DOUBLEPULSAR Backdoor / Implant Detection (EternalRocks)
Binary data smbdoublepulsarbackdoordetect.nbin...
MS12-060: Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2720573)
There is an unspecified remote code execution vulnerability in Windows common controls, which is included in several Microsoft products. An attacker could exploit this by tricking a user into viewing a maliciously crafted web page, resulting in arbitrary code execution. %NASLMINLEVEL 70300 C...
MS14-022: Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2952166)
The versions of Office SharePoint Server, Office Web Apps, SharePoint Client Components SDK, or SharePoint Designer installed on the remote host are affected by multiple vulnerabilities : - A code execution vulnerability exists in Microsoft SharePoint Server. CVE-2014-0251 - A cross-site scriptin...
Microsoft Windows SMB Service Config Enumeration
Nessus was able to obtain, via the SMB protocol, the launch parameters of each active service on the remote host executable path, logon type, etc.. C Tenable, Inc. include"compat.inc"; if description scriptid44401; scriptversion"1.20"; scriptsetattributeattribute:"pluginmodificationdate",...
Apple Mac OS X Find-By-Content .DS_Store Web Directory Listing
It is possible to read a '.DSStore' file on the remote web server. This file is created by MacOS X Finder; it is used to remember the icons position on the desktop, among other things, and contains the list of files and directories present in the remote directory. Note that deleted files may stil...
MikroTik RouterOS < 6.40.9 / 6.42.7 / 6.43 multiple vulnerabilities.
According to its self-reported version, the remote networking device is running a version of MikroTik prior to 6.40.9, 6.41.x 6.42.7, or 6.43. It, therefore, vulnerable to multiple vulnerabilities. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...
HP Ink Printers Multiple Vulnerabilities (HPSBHF03589)
The firmware version running on the remote host is vulnerable to multiple vulnerabilities. An unauthenticated remote attacker could gain system-level unauthorized access to the affected device. Note that Nessus has not tested for these issues but has instead relied only on the self-reported versi...
Oracle WebLogic Server Multiple Vulnerabilities (July 2018 CPU)
The version of Oracle WebLogic Server installed on the remote host is affected by multiple vulnerabilities: - An unspecified vulnerability in the Spring Framework Sample Apps subcomponent in Oracle WebLogic allows an unauthenticated, remote attacker to takeover a WebLogic server. CVE-2018-1275 - ...
IBM WebSphere snoopservlet Path Disclosure
This script attempts to enumerate the actual physical path of the servlet classes by requesting a version of 'snoopservlet' which is missing required classes. An attacker, gaining information about the actual physical layout of the file system, can use the information in crafting more complex...
Untrusted Microsoft Office Macro Execution Enabled
A Microsoft Office application installed on the remote host has untrusted macro execution settings enabled. Note: This plugin first checks to verify that there are any Microsoft Office products actually installed. If there are, it will enumerate the registry keys that are set when an Office...
HTTP Proxy CONNECT Loop DoS
The proxy allows the users to perform repeated CONNECT requests to itself. This allow anybody to saturate the proxy CPU, memory or file descriptors. Note that if the proxy limits the number of connections from a single IP e.g. acl maxconn with Squid, it is protected against saturation and you may...