PHP 5.5.x < 5.5.29 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.5.x prior to 5.5.29. It is, therefore, affected by the following vulnerabilities : - A directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/phpzip.c could allow a remote attacker to...

MS15-099: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3089664)

The remote Windows host has a version of Microsoft Office, Excel, Excel Viewer, SharePoint Server, Microsoft Office Compatibility Pack, Microsoft Office Web Apps, and/or Microsoft SharePoint Foundation installed that is affected by one or more of the following vulnerabilities : - Multiple remote...

ArubaOS-Switch Ripple20 Multiple Vulnerabilities (ARUBA-PSA-2020-006)

The version of ArubaOS-Switch installed on the remote host is affected by multiple vulnerabilities in the Treck IP stack implementation. The vulnerabilities are collectively known as Ripple20, and can result in remote code execution, denial of service DoS, and information disclosure by remote,...

DUware Products Multiple Remote Vulnerabilities (SQLi, XSS)

The remote host is running a product published by DUware - either DUclassmate, DUclassified or DUforum. There is a flaw in the remote version of this software that could allow an attacker to execute arbitrary SQL statements on the remote host by supplying malformed values to the arguments of...

Oracle MySQL Server 5.7.x < 5.7.42 (Apr 2023 CPU)

The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2023 CPU advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 5.7.41 and...

jQuery UI < 1.13.0 Multiple Vulnerabilities

According to its self-reported version number, jQuery UI is prior to 1.13.0. It is, therefore, affected by multiple vulnerabilities: - A Cross-Site Scripting XSS in the altField option of the Datepicker widget CVE-2021-41182 - A Cross-Site Scripting XSS in Text options of the Datepicker widget...

Fortinet OpenSSL Multiple Vulnerabilities

The firmware of the remote Fortinet host is running a version of OpenSSL that is affected by one or more of the following vulnerabilities : - An error exists in the function 'ssl3readbytes' that could allow data to be injected into other sessions or allow denial of service attacks. Note this issu...

ASP.NET DEBUG Method Enabled

It is possible to send debug statements to the remote ASP scripts. An attacker might use this to alter the runtime of the remote scripts. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid33270; scriptversion"1.18";...

SUSE SLES15 / openSUSE 15 Security Update : nodejs16 (SUSE-SU-2022:3251-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3251-1 advisory. - CVE-2022-35949: Fixed SSRF when an application takes in user input into the path/pathname option of undici.request...

Apache Log4j Unsupported Version Detection (deprecated)

This plugin has been deprecated. For plugins which identify unsupported instances of this product, search the plugin feed for Apache Log4j SEoL. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid156032;...

McAfee VirusScan Enterprise < 8.8 Patch 9 Scriptscan COM Object DoS (SB10194)

The version of McAfee VirusScan Enterprise VSE installed on the remote Windows host is prior to 8.9 Patch 9. It is, therefore, affected by a memory corruption issue in the Scriptscan COM object. An unauthenticated, remote attacker can exploit this, via a specially crafted HTML link, to cause a...

TightVNC Viewer < 1.3.10 Multiple Integer Overflows

The installed version of TightVNC Viewer is earlier than 1.3.10. Such versions reportedly miscalculate a buffer size on the heap. If an attacker can trick a user on the remote host into connecting to a malicious server, he can probably exploit this issue using specially crafted messages to execut...

Microsoft Windows NTLMSSP Authentication Request Remote Network Name Disclosure

The remote host listens on tcp port 445 and replies to SMB requests. By sending an NTLMSSP authentication request it is possible to obtain the name of the remote system and the name of its domain. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid42410; scriptversion...

Cisco IOS XE Version

The remote host is running IOS XE, an operating system for Cisco routers. Nessus was able to read the IOS XE version number via an SSH connection to the router or via SNMP. C Tenable, Inc. include"compat.inc"; if description scriptid67217; scriptversion"1.47";...

Inconsistent Hostname and IP Address

The name of this machine either does not resolve or resolves to a different IP address. This may come from a badly configured reverse DNS or from a host file in use on the Nessus scanning host. As a result, URLs in plugin output may not be directly usable in a web browser and some web tests may b...

AWStats < 6.3 awstats.pl configdir Parameter Remote Command Execution

Binary data 2534.prm...

Dell Client BIOS Weak Authentication (DSA-2025-021)

Dell Client Platform BIOS contains a Weak Authentication vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges. Note that Nessus has not tested for this issue but has instead relied only on the application's...

Microsoft SQL Server STARTTLS Support

The remote Microsoft SQL Server service supports the use of encryption initiated during pre-login to switch from a cleartext to an encrypted communications channel. TRUSTED...

SimpleBoard sbp Parameter Remote File Inclusion

Binary data 3684.prm...

Telerik UI for ASP.NET AJAX Cryptographic Weakness

The version of Telerik UI for ASP.NET AJAX installed on the remote Windows host is affected by a cryptographic weakness in Telerik.Web.UI.dll. An unauthenticated, remote attacker can exploit this, via specially crafted data, to disclose encryption keys. %NASLMINLEVEL 70300 C Tenable Network...

Web Application Information Disclosure

At least one web application hosted on the remote web server discloses the physical path to its directories when a malformed request is sent to it. Leaking this kind of information may help an attacker fine-tune attacks against the application and its backend. %NASLMINLEVEL 70300 C Tenable Networ...

zenTrack index.php configFile Parameter Traversal Arbitrary Files Access

It is possible to make the remote web server show the content of arbitrary files by making requests like : index.php?configFile=../../../../../../../../../../etc/passwd %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: Subject: Re: zenTrack Remote Command Execution Vulnerabilities From:...

Palo Alto Networks PAN-OS < 5.0.15 / 5.1.x < 5.1.10 / 6.0.x < 6.0.6 / 6.1.x < 6.1.1 Bash Shell Remote Code Execution (Shellshock)

The remote host is running a version of Palo Alto Networks PAN-OS prior to 5.0.15 / 5.1.10 / 6.0.6 / 6.1.1. It is, therefore, affected by a command injection vulnerability in GNU Bash known as Shellshock, which is due to the processing of trailing strings after function definitions in the values ...

MySQL 5.7.x < 5.7.30 Multiple Vulnerabilities (Jan 2020 CPU)

The version of MySQL running on the remote host is 5.7.x prior to 5.7.30. It is, therefore, affected by multiple vulnerabilities, as noted in the April 2020 Critical Patch Update advisory: - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Parser. Supported versions th...

Cisco AnyConnect Secure Mobility Client 4.0.x < 4.3.05017 / 4.4.x < 4.4.00243 SBL Module Privilege Escalation

The version of Cisco AnyConnect Secure Mobility Client installed on the remote Windows host is 4.0.x prior to 4.3.05017 or 4.4.x prior to 4.4.00243. It is, therefore, affected by a privilege escalation vulnerability in the Start Before Logon SBL module due to insufficient access controls. A local...

Joomla! < 3.6.5 Multiple Vulnerabilities

According to its self-reported version number, the Joomla! installation running on the remote web server is prior to 3.6.5. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the JFilterInput::isFileSafe function due to improper validation of file types and extensions of...

Atlassian Jira < 8.13.22 / 8.20.x < 8.20.10 / 8.22.x < 8.22.4 / 9.0.0 XSS (JRASERVER-73897)

The version of Atlassian Jira Server running on the remote host is affected by a vulnerability as referenced in the JRASERVER-73897 advisory. - A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. Th...

PHP 7.2.x < 7.2.13 Multiple vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.13. It is, therefore, affected by multiple vulnerabilities: - An arbitrary command injection vulnerability exists in the imapopen function due to improper filters for mailbox names prior to passing...

MS16-136: Security Update for SQL Server (3199641)

The remote Microsoft SQL Server is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple elevation of privilege vulnerabilities exist in the SQL RDBMS Engine due to improper handling of pointer casting. An authenticated, remote attacker can exploit these t...

jQuery 1.7.1 < 1.9.0 Cross-Site Scripting

According to its self-reported version number, jQuery is at least 1.7.1 and prior to 1.9.0. Therefore, it may be affected by a cross-site scripting vulnerability due to jQuerystrInput. Note that the scanner has not tested for these issues but has instead relied only on the application's...

MS13-002: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (2756145)

The version of Microsoft XML Core Services installed on the remote Windows host is affected by multiple code execution vulnerabilities when visiting a specially crafted web page using Internet Explorer. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid63420;...

Oracle WebLogic Server Multiple Vulnerabilities (Jan 2021 CPU)

The version of WebLogic Server installed on the remote host is affected by multiple vulnerabilities as referenced in the January 2021 CPU advisory. - An unspecified vulnerability exists in the Core component. An unauthenticated, remote attacker with network access via IIOP, T3 can exploit this...

RHEL 7 : Red Hat JBoss Enterprise Application Platform 6.4.7 update (Moderate) (RHSA-2016:0597)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0597 advisory. - tomcat: non-persistent DoS attack by feeding data by aborting an upload CVE-2014-0230 - EAP: HTTPS NIO connector uses no timeout when...

FTP Server Detection

It is possible to obtain the banner of the remote FTP server by connecting to a remote port. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10092; scriptversion"1.57"; scriptsetattributeattribute:"pluginmodificationdate", value:"2023/08/17";...

Apache Tomcat 7.0.0 < 7.0.108 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 7.0.108. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat7.0.108security-7 advisory. - The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41,...

MS12-020: Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387)

An arbitrary remote code vulnerability exists in the implementation of the Remote Desktop Protocol RDP on the remote Windows host. The vulnerability is due to the way that RDP accesses an object in memory that has been improperly initialized or has been deleted. If RDP has been enabled on the...

Solaris 10 Forced Login Telnet Authentication Bypass

The remote version of telnet does not sanitize the user-supplied 'USER' environment variable. By supplying a specially malformed USER environment variable, an attacker may force the remote telnet server to believe that the user has already authenticated. For instance, the following command : teln...

Solaris 10 (sparc) : 119757-43 (deprecated)

SunOS 5.10: Samba patch. Date this patch was last updated by Sun : Nov/09/17 This plugin has been deprecated and either replaced with individual 119757 patch-revision plugins, or deemed non-security related. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2018/03/12...

RomPager HTTP Referer Header XSS

The remote RomPager HTTP server is affected by a cross-site scripting vulnerability. The server does not properly sanitize the referer header value when generating a 404 error page. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

Pligg Detection

The remote host is running Pligg, a web-based content management system written in PHP. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid47765; scriptversion"1.8"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/06/01"; scriptnameenglish:"Pligg...

RIP-2 Poisoning Routing Table Modification

This host is running a RIP-2 agent. RIP-2 requests can be authenticated but Nessus cannot check this in the current configuration. If authentication is not implemented, an attacker on the same network may feed the target machine bogus routes and hijack network connections. Note that this may be a...

rsh Service Detection

The rsh service is running on the remote host. This service is vulnerable since data is passed between the rsh client and server in cleartext. A man-in-the-middle attacker can exploit this to sniff logins and passwords. Also, it may allow poorly authenticated logins without passwords. If the host...

KB5003646: Windows 10 version 1809 / Windows Server 2019 Security Update (June 2021)

The remote Windows host is missing security update 5003646. It is, therefore, affected by multiple vulnerabilities %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the Microsoft Security Updates API. The text itself is...

Microsoft ASP.NET ValidateRequest Filters Bypass

According to the HTTP headers received from the remote host, the web server is configured to use the ASP.NET framework. This framework includes the ValidateRequest feature, which is used by ASP.NET web applications to filter user input in an attempt to prevent cross-site scripting attacks. Howeve...

IBM Rational ClearQuest 7.1.x < 7.1.2.16 / 8.0.0.x < 8.0.0.13 / 8.0.1.x < 8.0.1.6 Multiple Vulnerabilities (credentialed check) (POODLE)

The remote host has a version of IBM Rational ClearQuest 7.1.x prior to 7.1.2.16 / 8.0.0.x prior to 8.0.0.13 / 8.0.1.x prior to 8.0.1.6 installed. It is, therefore, potentially affected by multiple vulnerabilities in third party libraries : - An error exists in the libcURL and OpenSSL libraries...

F5 Networks BIG-IP : TMUI RCE (CVE-2020-5902) (Direct Check)

A remote code execution vulnerability exists in Traffic Management User Interface TMUI, also referred to as the Configuration utility. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary system commands, create or delete files, disable services,...

Microsoft Windows SMB Shares Access

The remote has one or more Windows shares that can be accessed through the network with the given credentials. Depending on the share rights, it may allow an attacker to read / write confidential data. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10396;...

KB5004948: Windows 10 1607 and Windows Server 2016 OOB Security Update RCE (July 2021)

A remote command execution vulnerability exists in Windows Print Spooler service improperly performs privileged file operations. An authenticated, remote attacker can exploit this to bypass and run arbitrary code with SYSTEM privileges. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Compromised Windows System (hosts File Check)

The remote Windows host uses the file 'System32\drivers\etc\hosts' to fix the name resolution of some sites to localhost or internal systems. Some viruses or spyware modify this file to prevent antivirus software or other security software from obtaining updates. Nessus has found one or more...

OpenSSL 1.0.2 < 1.0.2i Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.2i. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.2i advisory. - Multiple memory leaks in t1lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to...