Windows NetBIOS / SMB Remote Host Information Disclosure

The remote host is listening on UDP port 137 or TCP port 445, and replies to NetBIOS nbtscan or SMB requests. Note that this plugin gathers information to be used in other plugins, but does not itself generate a report. C Tenable Network Security, Inc. include"compat.inc"; if description...

AutoLinks Pro 'al_initialize.php alpath Parameter Remote File Inclusion

The remote host is running AutoLinks Pro, a commercial link management package. The version of AutoLinks Pro installed on the remote host allows attackers to control the 'alpath' parameter used when including PHP code in the 'alinitialize.php' script. By leveraging this flaw, an unauthenticated...

KB4103715: Windows 8.1 and Windows Server 2012 R2 May 2018 Security Update

The remote Windows host is missing security update 4103715 or cumulative update 4103725. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully...

Apache Tomcat 7.0.0 < 7.0.82

The version of Tomcat installed on the remote host is prior to 7.0.82. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat7.0.82security-7 advisory. - When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81...

SizerOne ActiveX Control AddTab Method Remote Buffer Overflow

The SizerOne ActiveX control is installed on the remote system. It is included with ComponentOne Studio Enterprise as well as other applications such as TSC2 Help Desk and SAP GUI. The installed version of the control is affected by a heap-based buffer overflow vulnerability that can be triggered...

News Desk newsdesk.cgi t Parameter Traversal Arbitrary File Access

The 'newsdesk.cgi' CGI is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include 'compat.inc' ; ifdescription scriptid10586;...

Microsoft Windows XP Unsupported Installation Detection

The remote host is running Microsoft Windows XP. Support for this operating system by Microsoft ended April 8th, 2014. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. Furthermore,...

phpCOIN < 1.2.4 Multiple Script _CCFG[_PKG_PATH_INCL] Parameter Remote File Inclusion

Binary data 3735.prm...

phpCOIN Multiple Script _CCFG Parameter Remote File Inclusion

The remote host is running phpCOIN, a software package for web-hosting resellers to handle clients, orders, helpdesk queries, and the like. The version of phpCOIN installed on the remote host fails to sanitize input to the 'CCFG' array parameter before using it in several scripts to include PHP...

OpenSSH S/KEY Authentication Account Enumeration

When OpenSSH has S/KEY authentication enabled, it is possible to remotely determine if an account configured for S/KEY authentication exists. Note that Nessus has not attempted to exploit the issue but has instead only checked if OpenSSH is running on the remote host. As a result, it will not...

NCR Aloha POS VNC Server 'aloha' Default Password

The VNC server running on the remote NCR Aloha POS device is secured with a default password. Nessus was able to login using VNC authentication with a password of 'aloha'. A remote, unauthenticated attacker could exploit this to take control of the system. C Tenable Network Security, Inc...

Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (January 2019 CPU)

The version of Oracle HTTP Server installed on the remote host is affected by vulnerabilities as noted in the January 2019 CPU advisory: - This vulnerability is in the Oracle HTTP server component of Oracle Fusion Middleware subcomponent: Web Listener. The affected version is 12.1.2.3. This is an...

Oracle WebLogic Server Multiple Vulnerabilities (April 2018 CPU)

The version of Oracle WebLogic Server installed on the remote host is affected by multiple vulnerabilities %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid109201; scriptversion"1.22";...

Xerver Double Slash Authentication Bypass

The version of Xerver installed on the remote host is affected by an authentication bypass vulnerability. It is possible to access protected web directories without authentication by prepending the directory with an extra '/' character, as long as the directory is not recursively protected. A...

Apache HTTP Server 2.4.6, 2.4.7, 2.4.9 Vulnerability

Binary data 700213.prm...

Apache on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure

The version of Apache for Windows running on the remote host can be tricked into disclosing the source of its CGI scripts because of a configuration issue. Specifically, if the CGI directory is located within the document root, then requests that alter the case of the directory name will bypass t...

MySQL 5.7.x < 5.7.35 Multiple Vulnerabilities (Jul 2021 CPU)

The version of MySQL running on the remote host is 5.7.x prior to 5.7.35. It is, therefore, affected by multiple vulnerabilities, including the following, as noted in the July 2021 Critical Patch Update advisory: - curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting i...

KB4056890: Windows 10 Version 1607 and Windows Server 2016 January 2018 Security Update (Meltdown)(Spectre)

The remote Windows host is missing security update 4056890 or 4057142. It is, therefore, affected by multiple vulnerabilities : - An vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local user access to...

Oracle Java SE 1.7.0_241 / 1.8.0_231 / 1.11.0_5 / 1.13.0_1 Multiple Vulnerabilities (Oct 2019 CPU) (Unix)

The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is prior to 7 Update 241, 8 Update 231, 11 Update 5, or 13 Update 1. It is, therefore, affected by multiple vulnerabilities related to the following components : - 2D - Libraries - Kerberos - Networking -...

Default Password 'xc3511' for 'root' Account

The account 'root' on the remote host has the default password 'xc3511'. A remote attacker can exploit this issue to gain administrative access to the affected system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "root"; password = "xc3511"; include'deprecatednasllevel.inc';...

Microsoft DNS Server Remote Code Execution (SIGRed)

According to its self-reported version number, the Microsoft DNS Server running on the remote host is affected by a remote code execution vulnerability. An unauthenticated, remote attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System...

Dropbear SSH Server < 2013.59 Multiple Vulnerabilities

According to its self-reported banner, the version of Dropbear SSH running on this port is earlier than 2013.59. As such, it is potentially affected by multiple vulnerabilities : - A denial of service vulnerability caused by the way the 'bufdecompress' function handles compressed files...

MS KB3118753: Update for ActiveX Kill Bits

The remote Windows host is missing one or more kill bits for ActiveX controls that are known to contain vulnerabilities. If any of these ActiveX controls are ever installed on the remote host, either now or in the future, they would expose the host to various security issues. Note that the affect...

Oracle Java Runtime Environment (JRE) Detection (Unix)

One or more instances of Oracle's formerly Sun's Java Runtime Environment JRE are installed on the remote host. This may include private JREs bundled with the Java Development Kit JDK. Notes: - Addition information provided in plugin Java Detection and Identification Unix - To discover instances ...

Microsoft Teams < 1.6.0.18681 RCE

The version of Microsoft Teams installed on the remote Windows host is version prior to 1.6.0.18681. It is, therefore, affected by a remote code execution vulnerability. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands. Note that Nessus...

Apache Tomcat XSRF Token Disclosure

The remote Apache Tomcat web server is affected by an information disclosure vulnerability in the index page of the Manager and Host Manager applications. An unauthenticated, remote attacker can exploit this vulnerability to obtain a valid cross-site request forgery XSRF token during the redirect...

Backported Security Patch Detection (SSH)

Security patches may have been 'backported' to the remote SSH server without changing its version number. Banner-based checks have been disabled to avoid false positives. Note that this test is informational only and does not denote any security problem. C Tenable Network Security, Inc...

VMware vCenter Server 6.5 / 6.7 / 7.0 Multiple Vulnerabilities (VMSA-2021-0002)

The version of VMware vCenter Server installed on the remote host is 6.5 prior to 6.5 U3n, 6.7 prior to 6.7 U3l or 7.0 prior to 7.0 U1c. It is, therefore, affected by multiple vulnerabilities, as follows: - The vSphere Client HTML5 contains a remote code execution vulnerability in a vCenter Serve...

mDNS Detection (Local Network)

The remote service understands the Bonjour also known as ZeroConf or mDNS protocol, which allows anyone to uncover information from the remote host such as its operating system type and exact version, its hostname, and the list of services it is running. This plugin attempts to discover mDNS used...

RHEL 8 : kernel (RHSA-2024:5101)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:5101 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: powerpc: Fix access beyond end...

Web Server Error Page Information Disclosure

The default error page sent by the remote web server discloses information that can aid an attacker, such as the server version and languages used by the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

Oracle JavaServer Faces Multiple Partial Directory Traversals

The remote web server contains a JavaServer Faces application that is affected by multiple partial directory traversal vulnerabilities : - A defect exists in the handling of a resource identifier that allows for directory traversal within the application. - A defect exists in the handling of a...

Cisco CallManager TFTP File Detection

The remote host has a TFTP server installed that is serving one or more Cisco CallManager files. These files do not themselves include any sensitive information, but do identify the TFTP server as being part of a Cisco CallManager environment. The CCM TFTP server is an essential part of providing...

WordPress 6.4.x < 6.4.5 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A Cross-Site Scripting XSS vulnerability affecting the HTML API. - A Cross-Site Scripting XSS vulnerability affecting the Template Part block. - A path traversal issue...

Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (January 2018 CPU)

The version of Oracle HTTP Server installed on the remote host is affected by multiple vulnerabilities as noted in the January 2018 CPU advisory. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid106299;...

ClusterLabs Pacemaker PCS Daemon Default Password

The remote ClusterLabs Pacemaker PCS daemon uses a known default set of credentials. This allows a remote attacker to run arbitrary commands on cluster members. Note that some package deployment systems, such as Puppet, may be responsible for setting these default credentials. C Tenable Network...

KB4343899: Windows 7 and Windows Server 2008 R2 August 2018 Security Update (Foreshadow)

The remote Windows host is missing security update 4343899 or cumulative update 4343900. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a...

Nagios NRPE Command Argument Processing Enabled

The version of Nagios Remote Plugin Executor NRPE running on the remote host has command argument processing enabled and accepts the newline character. An unauthenticated, remote attacker can exploit this issue to execute arbitrary commands within the context of the vulnerable application by...

Adobe Dreamweaver dwsync.xml Remote Information Disclosure

Adobe's Dreamweaver is known to produce 'dwsync.xml' files. These contain synchronization information that may include the list of files and directories synchronised. This can lead to information disclosure. %NASLMINLEVEL 70300 Changes by Tenable: - Revised plugin title 4/15/009...

Microsoft IIS Unicode Remote Command Execution

The hotfix for the 'Webserver file request parsing' problem has not been applied. This vulnerability can allow an attacker to make the remote IIS server execute arbitrary commands. %NASLMINLEVEL 70300 Approved 22Apr01 jao replaces older version This script was first written Renaud Deraison then...

Symfony Secret Fragments Remote Code Execution

The Symfony framework or Symfony based projects uses a secret that is used for its cryptographic operations such as the creation of cookies or anti-CSRF tokens. A feature not enabled by default allows to execute arbitrary PHP code via a GET parameter. If this secret is exposed, through a...

Cisco Unified Communications Manager SSLv3 Information Disclosure (cisco-sa-20141015-poodle) (POODLE)

According to its self-reported version, the remote Cisco Unified Communications Manager CUCM device is affected by a man-in-the-middle MitM information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted...

MySQL 5.6.x < 5.6.33 Multiple Vulnerabilities

The version of MySQL running on the remote host is 5.6.x prior to 5.6.33. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. CVE-2016-5507 - A flaw...

Pivotal Software Redis 2.0.x < 3.2.12 / 4.0.x < 4.0.3 DoS

The version of Redis installed on the remote host is affected by a denial of service vulnerability and therefore requires a security update. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid109326; scriptversion"1.6...

AD Starter Scan - Dangerous Trust Relationship

Binary data adsitrustunsafe.nbin...

Security Updates for Microsoft Office Products (November 2017)

The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities : - Microsoft has released an update for Microsoft Office that provides enhanced security as a defense-in-depth measure. - A remote code execution vulnerability exists in Microsoft...

Discard Service Detection

The remote host is running a 'discard' service. This service typically sets up a listening socket and will ignore all the data which it receives. This service is unused these days, so it is advised that you disable it. This script was written by Vincent Renardias See the Nessus Scripts License fo...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6626-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6626-1 advisory. Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A...

Microsoft 365 (Office) App Code Execution (December 2021)

The Windows 'Microsoft 365 Office' app installed on the remote host is affected by a code execution vulnerability. An attacker who successfully exploited the vulnerability could execute arbitrary code. Exploitation of the vulnerability requires that a program process a specially crafted file. Not...

Scientific Linux Security Update : kernel on SL4.x i386/x86_64

This update fixes the following security issue : - When an application has a stack overflow, the stack could silently overwrite another memory mapped area instead of a segmentation fault occurring, which could cause an application to execute arbitrary code, possibly leading to privilege escalatio...