337660 matches found
MS12-070: Vulnerability in SQL Server Could Allow Elevation of Privilege (2754849)
The remote host has a version of Microsoft SQL Server installed. This version of SQL Server is running SQL Server Reporting Services SRSS, that is affected by a cross-site scripting XSS vulnerability that could allow elevation of privileges. Successful exploitation could allow an attacker to...
OpenSSH < 7.2p2 X11Forwarding xauth Command Injection
According to its banner, the version of OpenSSH running on the remote host is prior to 7.2p2. It is, therefore, affected by a security bypass vulnerability due to improper sanitization of X11 authentication credentials. An authenticated, remote attacker can exploit this, via crafted credentials, ...
WordPress 6.0 < 6.3.2 Multiple Vulnerabilities
The version of Wordpress Core installed on the remote host are affected by multiple vulnerabilities. - The Popup Builder WordPress plugin through 4.1.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...
MikroTik RouterOS < 6.44.6 LTS or 6.45.x < 6.45.7 Multiple Vulnerabilities
According to its self-reported version, the remote networking device is running a version of MikroTik RouterOS prior to 6.44.6 LTS or 6.45.x prior to 6.45.7. It is, therefore, affected by multiple vulnerabilities : - Relative Path Traversal in NPK Parsing - RouterOS 6.45.6 Stable, RouterOS 6.44.5...
Apache Struts 2 REST Plugin XStream XML Request Deserialization RCE
The remote web application appears to use the Apache Struts 2 web framework. A remote code execution vulnerability exists in the REST plugin, which uses XStreamHandler to insecurely deserialize user-supplied input in XML requests. An unauthenticated, remote attacker can exploit this, via a...
Janitza Hard-Coded FTP Password
The remote Janitza FTP server can be accessed with hard-coded credentials. A remote attacker can leverage the credentials to upload and download arbitrary files. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid86905; scriptversion"1.7"; scriptcvsdate"Date: 2018/11/15...
Dotnetnuke < 9.11.0 Relative Path Traversal
A directory traversal vulnerability exists in DotNetNuke due to insufficient sanitization of user controlled data. An authenticated, remote attacker can exploit this, by sending a URI that contains directory traversal characters, to disclose the contents of files located outside of the server's...
Juniper Junos NTP Server Amplification Remote DoS (JSA10613)
According to its self-reported version number, the remote Juniper Junos device is affected by a vulnerability in the NTP daemon related to the handling of the 'monlist' command. A remote attacker can exploit this by forging a request that results in a distributed denial of service. Note that this...
MS05-027: Vulnerability in SMB Could Allow Remote Code Execution (896422)
The remote version of Windows contains a flaw in the Server Message Block SMB implementation that could allow an attacker to execute arbitrary code on the remote host. An attacker does not need to be authenticated to exploit this flaw. C Tenable Network Security, Inc. include"compat.inc"; if...
KB4056893: Windows 10 LTSB January 2018 Security Update (Meltdown)(Spectre)
The remote Windows host is missing security update 4056893 or 4075199. It is, therefore, affected by multiple vulnerabilities : - An vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local user access to...
OpenSSH 6.2 < 8.8
sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with...
ESXi 5.5 / 6.0 / 6.5 / 6.7 Speculative Execution Side Channel Vulnerability (Foreshadow) (VMSA-2018-0020) (remote check)
The remote VMware ESXi host is version 5.5, 6.0, 6.5, or 6.7 and is missing a security patch. It is, therefore, vulnerable to a speculative execution side channel attack known as L1 Terminal Fault L1TF. An attacker who successfully exploited L1TF may be able to read privileged data across trust...
OpenSSL 1.0.2 < 1.0.2ze Vulnerability
The version of OpenSSL installed on the remote host is prior to 1.0.2ze. It is, therefore, affected by a vulnerability as referenced in the 1.0.2ze advisory. - The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some...
RHEL 7 : kernel (RHSA-2018:3651)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3651 advisory. - kernel: stack-based buffer overflow in chapservercomputemd5 in iscsi target CVE-2018-14633 - kernel: NULL pointer dereference in...
CentOS 7 : kernel (CESA-2018:3083)
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
jQuery 1.12.4 < 3.0.0 Cross-Site Scripting
According to its self-reported version number, jQuery is at least 1.4.0 and prior to 1.12.0 or at least 1.12.4 and prior to 3.0.0-beta1. Therefore, it may be affected by a cross-site scripting vulnerability due to cross-domain ajax request performed without the dataType. Note that the scanner has...
JamMail jammail.pl mail Parameter Arbitrary Command Execution
The remote host is running JamMail, a webmail application written in Perl. The version of JamMail running on the remote host has an arbitrary command execution vulnerability. Input to the 'mail' parameter of jammail.pl is not sanitized. A remote attacker could exploit this to execute arbitrary...
Security Updates for Microsoft Office Products (Oct 2022) (macOS)
The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerabilities. An attacker can exploit these to bypass authentication and execute unauthorized arbitrary commands. CVE-2022-38048, CVE-2022-41031 - A...
Red Hat Update Level
The remote Red Hat server is missing the latest bugfix update package. As a result, it is likely to contain multiple security vulnerabilities. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid14657; scriptversion"1.41";...
Oracle WebLogic Server (Jan 2023 CPU)
The version of Oracle WebLogic Server installed on the remote host is missing a security patch from the January 2023 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities, including: - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware...
OpenSSH 8.2 < 8.5
ssh-agent in OpenSSH 8.2 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host. Note that Nessus has not tested for these issues but has instea...
Oracle WebLogic 10.3.6.0.0 / 12.1.3.0.0 / 12.2.1.4.0 / 14.1.1.0.0 Authentication Bypass
Oracle Weblogic versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.4.0 & 14.1.1.0.0 suffer from a weakness allowing to bypass authentication and to access the management panel due to a bad character management %252e "." & %252f "/". In some cases, exploiting this vulnerability can lead to the execution of...
Serv-U FTP Server <= 15.2.3 Hotfix 1 Memory Escape Vulnerability
According to its banner, the installed version of Serv-U is a version prior to 15.2.3 Hotfix 2. It is, therefore, affected memory escape vulnerability. An unauthenticated remote attacker who successfully exploited this vulnerability could run arbitrary code with privileges, which could then insta...
Apache Tomcat 9.0.0.M1 < 9.0.43 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 9.0.43. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.43security-9 advisory. - The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to...
Web Application Sitemap
The remote web server contains linkable content that can be used to gather information about a target. C Tenable Network Security, Inc. if NASLLEVEL 5201 exit0, "webmirror3.nbin is required."; include"compat.inc"; ifdescription scriptid91815; scriptversion "$Revision: 1.1 $"; scriptcvsdate"$Date:...
MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893)
An application on the remote host has an XML external entity vulnerability. When parsing a specially crafted Web Service Discovery .disco file, external XML entities are allowed for untrusted user input. This could result in information disclosure. A remote attacker could exploit this by tricking...
Hydra: PostgreSQL
This plugin runs Hydra to find PostgreSQL accounts and passwords by brute force. To use this plugin, enter the 'Logins file' and the 'Passwords file' under the 'Hydra NASL wrappers options' advanced settings block. TRUSTED...
ESXi 5.5 < Build 5230635 Multiple Vulnerabilities (VMSA-2017-0006) (remote check)
The version of the remote VMware ESXi 5.5 host is prior to build 5230635. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in memory initialization that allows an attacker on the guest to execute arbitrary code on the host. CVE-2017-4904 - An unspecified flaw...
CyberArk Password Vault Web Access .NET Object Deserialization (Direct Check)
The CyberArk Password Vault Web Access running on the remote host is affected by a remote code execution vulnerability due to unsafe deserialization of an .NET object. An unauthenticated, remote attacker can exploit this, via a crafted a .NET object, to execute arbitrary .NET code in the context ...
FCKeditor 'CurrentFolder' Arbitrary File Upload
FCKeditor is installed on the remote host. It is an open source HTML text editor that is typically bundled with web applications such Dokeos, GForge, Geeklog, and Xoops, although it can also be installed on its own. The installed version of the software fails to sanitize input passed to the...
Web Server SSL Port HTTP Traffic Detection
Nessus has discovered that it is talking in plain HTTP on an SSL port. Nessus has corrected this issue by enabling HTTPS for this port only. However, if other SSL ports are used on the remote host, they might be skipped. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
Microsoft ASP.NET Core Privilege Escalation (March 2018)
The remote Windows host has an installation of ASP.NET Core containing the packages HttpOverrides and/or Server.Kestrel.Core with versions 2.0.0 or 2.0.1 and therefore is affected by a privilege escalation vulnerability. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text an...
Telerik UI for ASP.NET AJAX RadAsyncUpload Multiple Vulnerabilities
The version of Telerik UI for ASP.NET AJAX installed on the remote Windows host is affected by multiple vulnerabilities in Telerik.Web.UI.dll. An unauthenticated, remote attacker can exploit this, via specially crafted data, to execute arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Securit...
Amazon Linux AMI : httpd24 / httpd (ALAS-2016-725) (httpoxy)
It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could...
SSH settings
This plugin initializes the SSH credentials as set by the user. To set the credentials, edit your scan policy and go to the section 'Credentials'. TRUSTED...
Default Password '7ujMko0admin' for 'root' Account
The account 'root' on the remote host has the default password '7ujMko0admin'. A remote attacker can exploit this issue to gain administrative access to the affected system.. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "root"; password = "7ujMko0admin";...
Oracle Java SE 1.7.0_301 / 1.8.0_291 / 1.11.0_11 / 1.16.0_1 Multiple Vulnerabilities (Unix Apr 2021 CPU)
The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is prior to 7 Update 301, 8 Update 291, 11 Update 11, or 16 Update 1. It is, therefore, affected by multiple vulnerabilities as referenced in the April 2021 CPU advisory: - A vulnerability in Java SE, SE...
MS16-120: Security Update for Microsoft Graphics Component (3192884)
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple information disclosure vulnerabilities exist in the Windows GDI component due to improper handling of objects in memory. A local attacker can exploit these vulnerabilities, vi...
MS16-019: Security Update for .NET Framework to Address Denial of Service (3137893)
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities in the .NET Framework : - A denial of service vulnerability exists due to improper handling of certain Extensible Stylesheet Language Transformations XSLT. A remote attacker can exploit...
Bandmin 1.4 index.cgi Multiple Parameter XSS
The remote host is running the Bandmin CGI suite. There is a cross-site scripting issue in this suite that may allow an attacker to steal your users cookies. The flaw lies in the cgi bandwitdh/index.cgi %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Date: 28 May 2003 16:38:40 -0000 From:...
KB5008218: Windows 10 version 1809 / Windows Server 2019 Security Update (December 2021)
The Windows 10 1809 / Windows Server 2019 installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. CVE-2021-41333, CVE-2021-43207,...
KB4343887: Windows 10 Version 1607 and Windows Server 2016 August 2018 Security Update (Foreshadow)
The remote Windows host is missing security update 4343887. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtai...
Microsoft Windows Search Remote Code Execution Vulnerability (CVE-2017-8543)
By sending two malformed Windows Search Protocol packets over SMB, Nessus was able to overflow an allocated buffer. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid102683; scriptversion"1.11"; scriptsetattributeattribute:"pluginmodificationdate", value:"2023/04/25";...
Windows 7 and Windows Server 2008 R2 June 2017 Security Updates
The remote Windows host is missing security update 4022722 or cumulative update 4022719. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in Windows Hyper-V instruction emulation due to a failure to properly enforce privilege levels. An...
DNS Server hostname.bind Map Hostname Disclosure
It is possible to learn the remote host name by querying the remote DNS server for 'hostname.bind' in the CHAOS domain. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid35371; scriptversion"$Revision: 1.11 $"; scriptcvsdate"$Date: 2011/09/14 15:27:29 $";...
Splunk Enterprise 8.1.x < 8.1.7.2 / 8.2.x < 8.2.3.3 Log4j (macOS)
According to its self-reported version number, the version of Splunk running on the remote web server is Splunk Enterprise 8.1.x prior to 8.1.7.2 or 8.2.x prior to 8.2.3.3. It may, therefore, be affected by the following vulnerabilities related to the use of Log4j, as follows: - Apache Log4j2...
Rockwell Automation 2711E-K14C15 Human Machine Interface
Binary data 753306.prm...
KB4056892: Windows 10 Version 1709 and Windows Server Version 1709 January 2018 Security Update (Meltdown)(Spectre)
The remote Windows host is missing security update 4056892 or 4073291. It is, therefore, affected by multiple vulnerabilities : - An vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local user access to...
ProFTPD 1.3.1 SQL injection protection bypass
The remote host is using ProFTPD, a free FTP server for Unix and Linux. According to its banner, the version of ProFTPD installed on the remote host is 1.3.1x and may be affected by SQL injection protection bypass when NLS support is enabled. C Tenable Network Security, Inc. include'compat.inc'; ...
Nginx 1.25.x < 1.26.1 Multiple Vulnerabilities
According to its Server response header, the installed version of nginx is 1.25.x prior to 1.26.1. It is, therefore, affected by four security issues were identified in nginx HTTP/3 implementation, which might allow an attacker that uses a specially crafted QUIC session to cause a worker process...