Security Update for Microsoft Office Products (May 2017)

The Microsoft Office application, Office Web Apps, or SharePoint Server installed on the remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in Microsoft Office software due to improper handling ...

MySQL 5.7.x < 5.7.12 Multiple Vulnerabilities (DROWN)

The version of MySQL running on the remote host is 5.7.x prior to 5.7.12. It is, therefore, affected by multiple vulnerabilities : - A cipher algorithm downgrade vulnerability exists in the bundled version of OpenSSL due to a flaw that is triggered when handling cipher negotiation. A remote...

Oracle WebLogic T3 Protocol Detection

The remote host is running the WebLogic t3 Protocol. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid109552; scriptversion"1.4"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/06/01"; scriptnameenglish:"Oracle WebLogic T3 Protocol Detection";...

YaPiG Password Protected Directory Bypass

The remote host is running YaPiG, a web-based image gallery written in PHP. The remote version of this software contains a flaw that can let a malicious user view images in password protected directories. Successful exploitation of this issue may allow an attacker to access unauthorized images on...

Microsoft SQL Server Default Credentials

The SQL Server has a common password for one or more accounts. These accounts may be used to gain access to the records in the database or even allow remote command execution. %NASLMINLEVEL 70300 MSSQL Brute Forcer This script checks a SQL Server instance for common username and password...

Check Point SSL Network Extender ActiveX Control Remote Code Execution

The version of the Check Point SSL Network Extender ActiveX control installed on the remote Windows host reportedly contains a remote code execution vulnerability. If an attacker can trick a user on the affected host into viewing a specially crafted HTML document, he can leverage this issue to...

SPiD lang.php lang_path Remote File Inclusion

The remote host is running SPiD, a free, PHP-based photo gallery. The installed version of SPiD allows remote attackers to control the 'langpath' variable used when including PHP code in the 'lang/lang.php' script. By leveraging this flaw, an attacker may be able to view arbitrary files on the...

Microsoft Windows VP9 Video Extensions Library RCE (June 2021)

The Windows 'VP9 Extensions' app installed on the remote host is affected by a remote code execution vulnerability. An attacker who successfully exploited the vulnerability could execute arbitrary code. Exploitation of the vulnerability requires that a program process a specially crafted file...

Untrusted Microsoft Office Macro Execution Enabled

A Microsoft Office application installed on the remote host has untrusted macro execution settings enabled. Note: This plugin first checks to verify that there are any Microsoft Office products actually installed. If there are, it will enumerate the registry keys that are set when an Office...

Sybase ASA Client Connection Broadcast Remote Information Disclosure

The remote Sybase SQL Anywhere / Adaptive Server Anywhere database is configured to listen for client connection broadcasts, which allows an attacker to see the name and port that the Sybase SQL Anywhere / Adaptive Server Anywhere server is running on. C David Lodge 13/08/2007 This script is base...

Squirrelcart cart_content.php cart_isp_root Parameter Remote File Inclusion

The remote host is running Squirrelcart, a shopping cart program written in PHP. The version of Squirrelcart installed on the remote host fails to sanitize user-supplied input to the 'cartisproot' parameter of the 'cartcontent.php' script before using it to include PHP code. Provided PHP's...

YaPiG < 0.95b Multiple Vulnerabilities

The remote host is running YaPiG, a web-based image gallery written in PHP. The installed version of YaPiG is vulnerable to multiple flaws : - Remote and local file inclusion. - Cross-site scripting and HTML injection flaws through 'view.php'. - Directory traversal flaw through 'upload.php'...

Apache Tomcat Snoop Servlet Remote Information Disclosure

The 'snoop' Tomcat servlet is installed. This servlet gives too much information about the remote host, such as the PATHs in use, the host kernel version, etc. A remote attacker can exploit this to gain more knowledge about the host, allowing an attacker to conduct further attacks. %NASLMINLEVEL...

Nginx 1.23.x < 1.23.2 Multiple Vulnerabilities

According to its Server response header, the installed version of nginx is prior to 1.22.1 or 1.23.x prior to 1.23.2. It is, therefore, affected by two security issues which might allow an attacker to cause a worker process crash or worker process memory disclosure by using a specially crafted mp...

Symantec (Blue Coat) ProxySG SGOS Version

The remote host is running SGOS, an operating system for Symantec Blue Coat ProxySG devices. It is possible to read the ProxySG SGOS version number by connecting to the device via SSH. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid68992; scriptversion"1.11";...

Node.js Module node-tar < 6.2.1 DoS

In the nodejs module node-tar prior to version 6.2.1, there is no validation of the number of folders created while unpacking a file. As a result, an attacker can use a malicious file to exhaust the CPU and memory on the host and crash the nodejs client. Note that Nessus has not tested for these...

Security Updates for Internet Explorer (September 2017)

The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists when affected Microsoft scripting engines do not properly handle objects in memory. The vulnerability could...

Oracle Java SE Multiple Vulnerabilities (January 2017 CPU) (SWEET32)

The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is prior to 8 Update 121, 7 Update 131, or 6 Update 141. It is, therefore, affected by multiple vulnerabilities : - A vulnerability exists in the Libraries subcomponent, known as SWEET32, in the 3DES and...

Liferay Portal 6.2.x < 6.2.5 / 7.0.x < 7.0.6 / 7.1.x < 7.1.3 / 7.2.x < 7.2.1 RCE

The version of Liferay Portal installed on the remote host is affected by a remote code execution vulnerability in its JSON web services component. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands. Note that Nessus has not tested for thi...

OpenSSH < 4.4 Multiple Vulnerabilities

According to its banner, the version of OpenSSH installed on the remote host is affected by multiple vulnerabilities : - A race condition exists that may allow an unauthenticated, remote attacker to crash the service or, on portable OpenSSH, possibly execute code on the affected host. Note that...

SSL DROWN Attack Vulnerability (Decrypting RSA with Obsolete and Weakened eNcryption)

The remote host supports SSLv2 and therefore may be affected by a vulnerability that allows a cross-protocol Bleichenbacher padding oracle attack known as DROWN Decrypting RSA with Obsolete and Weakened eNcryption. This vulnerability exists due to a flaw in the Secure Sockets Layer Version 2 SSLv...

Security Updates for Microsoft Office Products (January 2019)

The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current...

Windows 7 and Windows Server 2008 R2 July 2017 Security Updates

The remote Windows host is missing security update 4025337 or cumulative update 4025341. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the Windows Performance Monitor Console due to improper parsing of XML input that contains a...

OpenSSL SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG Session Resume Ciphersuite Downgrade Issue

The version of OpenSSL on the remote host has been shown to allow resuming session with a weaker cipher than was used when the session was initiated. This means that an attacker that sees i.e., by sniffing the start of an SSL connection can manipulate the OpenSSL session cache to cause subsequent...

HP System Management Homepage 7.3.x / 7.4.x < 7.5.0 Multiple Vulnerabilities (FREAK)

According to the web server's banner, the version of HP System Management Homepage SMH hosted on the remote web server is prior to 7.5.0. It is, therefore, affected by multiple vulnerabilities : - A flaw exists within the 'moddeflate' module when handling highly compressed bodies. A remote attack...

Microsoft SQL Server TCP/IP Listener Detection

The remote host is running MSSQL, a database server from Microsoft. It is possible to extract the version number of the remote installation from the server pre-login response. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10144; scriptversion"1.62";...

WordPress 6.5.x < 6.5.5 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A Cross-Site Scripting XSS vulnerability affecting the HTML API. - A Cross-Site Scripting XSS vulnerability affecting the Template Part block. - A path traversal issue...

Oracle WebLogic Server Multiple Vulnerabilities (July 2021 CPU)

The 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2021 CPU advisory. - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware...

OpenSSL 1.0.1 < 1.0.1u Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.1u. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.1u advisory. - Multiple memory leaks in t1lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to...

FTPS Cleartext Fallback Security Bypass

The remote FTPS server running on the remote host is affected by a security bypass vulnerability due to accepting unencrypted commands if SSL negotiations fail. A man-in-the-middle attacker can exploit this to intercept credentials and modify files. C Tenable Network Security, Inc...

Firebird DataBase Server fbserver.exe p_cnct_count Value Remote Overflow

The version of Firebird installed on the remote host is vulnerable to a buffer overflow in its protocol handling routine. By sending a specially crafted 'opconnect' request, a remote, unauthenticated attacker can execute code on the affected host with SYSTEM privileges. %NASLMINLEVEL 70300 C...

Oracle WebLogic Server Multiple Vulnerabilities (Jul 2020 CPU)

The version of WebLogic Server installed on the remote host is affected by multiple vulnerabilities as referenced in the July 2020 CPU advisory. - A vulnerability Centralized Thirdparty Jars jackson-databind exists. An unauthenticated, remote attacker can exploit this issue via the HTTP protocol ...

SUSE SLES12 Security Update : gcc9 (SUSE-SU-2020:0394-1)

This update for gcc9 fixes the following issues : The GNU Compiler Collection is shipped in version 9. A detailed changelog on what changed in GCC 9 is available at https://gcc.gnu.org/gcc-9/changes.html The compilers have been added to the SUSE Linux Enterprise Toolchain Module. To use these...

Oracle Java SE 1.7.0_271 / 1.8.0_261 / 1.11.0_8 / 1.14.0_2 Multiple Vulnerabilities (Jul 2020 CPU)

The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is prior to 7 Update 271, 8 Update 261, 11 Update 8, or 14 Update 2. It is, therefore, affected by multiple vulnerabilities related to the following components as referenced in the July 2020 CPU advisory:...

OTRS SOAP Interface Unauthenticated Object Manipulation

The remote host is running OTRS, a web-based ticketing request system. The version of OTRS installed on the remote host allows a remote attacker to read and modify objects via the OTRS SOAP interface without any credentials. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

KB5015808: Windows 10 Version 1607 and Windows Server 2016 Security Update (July 2022)

The remote Windows host is missing security update 5015808. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2022-22024, CVE-2022-22027,...

Microsoft Windows SMB Server (2017-10) Multiple Vulnerabilities (uncredentialed check)

The remote Windows host is affected by the following vulnerabilities : - A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 SMBv1 server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to...

Symantec Antivirus Software Detection and Status

A Symantec antivirus application is installed on the remote host. Note that this plugin checks that the application is running properly and that its latest virus definitions are loaded. This script has been rewritten by Montgomery County Original script was written by Jeff Adams and Tenable Netwo...

CentOS 7 : shim (RHSA-2024:1959)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1959 advisory. - A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an err...

Security Updates for Microsoft Visual Studio Products (June 2023)

The Microsoft Visual Studio Products are missing security updates. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability in the MSDIA SDK where corrupted PDBs can cause heap overflow, leading to a crash or remote code execution. CVE-2023-24897 - A remote...

Web Server PROPFIND Method Internal IP Disclosure

The remote installation of IIS leaks a private IP address through the WebDAV interface. This may expose internal IP addresses that are usually hidden or masked behind a Network Address Translation NAT Firewall or proxy server. This is typical of IIS installations that are not configured properly...

Matt Wright guestbook.pl Arbitrary Command Execution

The 'guestbook.pl' is installed. This CGI has a well known security flaw that lets anyone execute arbitrary commands with the privileges of the HTTP daemon root or nobody. %NASLMINLEVEL 70300 This script was written by Mathieu Perrin See the Nessus Scripts License for details Changes by Tenable: ...

MS15-058: Vulnerabilities in SQL Server Could Allow Remote Code Execution (3065718) (uncredentialed check)

The remote Microsoft SQL Server installation is affected by multiple vulnerabilities : - A privilege escalation vulnerability exists due to the casting of pointers to an incorrect class. An authenticated, remote attacker can exploit this, via a specially crafted SQL query, to gain elevated...

Apache Tomcat 10.0.0.M1 < 10.0.20 Spring4Shell (CVE-2022-22965) Mitigations

The version of Apache Tomcat installed on the remote host is 10.x prior to 10.0.20. - The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing but extremely hard to trigger concurrency bug in Apache Tomcat...

OpenSSL 1.1.1 < 1.1.1k Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.1.1k. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.1.1k advisory. - The X509VFLAGX509STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set ...

CodeMeter < 7.10a Multiple Vulnerabilities

According to its self-reported version, the CodeMeter WebAdmin server installed on the remote host is prior to 7.10a. It is, therefore, affected by multiple vulnerabilities : - Multiple memory corruption vulnerabilities exist where the packet parser mechanism does not verify length fields. An...

F5 Networks BIG-IP : Java commons-collections library vulnerability (K30518307)

CVE-2015-4852 Java applications that have an endpoint that accepts serialized Java objects, an attacker can combine serializable collections to create arbitrary remote code execution. Based on the FoxGlove, an attack can be done via RMI or HTTP. The vulnerability is actually in InvokerTransformer...

Oracle Java SE 1.7.0_251 / 1.8.0_241 / 1.11.0_6 / 1.13.0_2 Multiple Vulnerabilities (Jan 2020 CPU)

The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is prior to 7 Update 251, 8 Update 241, 11 Update 6, or 13 Update 2. It is, therefore, affected by multiple vulnerabilities: - Oracle Java SE and Java SE Embedded are prone to a severe division by zero,...

Microsoft Exchange Server Unsupported Version Detection (Uncredentialed)

According to its self-reported version number, the installation of Microsoft Exchange Server on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilitie...

LDAP User Enumeration

By using the search base gathered by plugin ID 25701, Nessus was able to enumerate the list of users in the remote LDAP directory. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid45478; scriptversion"1.8"; scriptsetattributeattribute:"pluginmodificationdate",...