WebCalendar < 1.0.1 send_reminders.php includedir Parameter Remote File Inclusion

Binary data 3182.prm...

Default Password (db2inst) for 'db2inst1' Account

The account 'db2inst1' has the password 'db2inst1'. An attacker may use this to gain further privileges on this system. %NASLMINLEVEL 70300 This script was written by Chris Foster See the Nessus Scripts License for details Changes by Tenable Add globalsettings/suppliedloginsonly scriptexcludekey...

MS10-065: Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Remote Code Execution (2267960)

The version of IIS installed on the remote host has the following vulnerabilities : - Sending a specially crafted request for an ASP page on a website hosted by IIS can result in a denial of service. CVE-2010-1899 - Sending a specially crafted HTTP request to an IIS server with FastCGI enabled ca...

ManageEngine ServiceDesk Plus < 11.3 Build 11306 / ManageEngine ServiceDesk Plus MSP < 10.5 Build 10530 RCE

A remote code execution vulnerability exists in ManageEngine ServiceDesk Plus prior to 11.3 Build 11306 and ManageEngine ServiceDesk Plus MSP prior to 10.5 Build 10530 due to a flaw in the /RestAPI URLs in a servlet and ImportTechnicians in the Struts configuration. Note that Nessus has not teste...

phpMyAdmin prior to 4.8.6 SQLi vulnerablity (PMASA-2019-3)

According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is prior to 4.8.6. It is, therefore, affected by a SQL injection SQLi vulnerability that exists in designer feature of phpMyAdmin. An unauthenticated, remote attacker can exploit this to inje...

Microsoft SQL Server UDP Query Remote Version Disclosure

Microsoft SQL server has a function wherein remote users can query the database server for the version that is being run. The query takes place over the same UDP port that handles the mapping of multiple SQL server instances on the same machine. It is important to note that, after Version 8.00.19...

MS05-019: Vulnerabilities in TCP/IP Could Allow Remote Code Execution (893066) (uncredentialed check)

The remote host runs a version of Windows that has a flaw in its TCP/IP stack. The flaw may allow an attacker to execute arbitrary code with SYSTEM privileges on the remote host or to perform a denial of service attack against the remote host. Proof of concept code is available to perform a denia...

NFS Share Export List

This plugin retrieves the list of NFS exported shares. C Tenable Network Security, Inc. include 'compat.inc' ; if description scriptid10437; scriptversion"1.36"; scriptcvsdate"Date: 2019/10/04 16:48:26"; scriptnameenglish:"NFS Share Export List"; scriptsummaryenglish:"Gets a list of exported NFS...

IPSEC Internet Key Exchange (IKE) Version 1 Detection

The remote host seems to be enabled to do Internet Key Exchange IKE version 1. This is typically indicative of a VPN server. VPN servers are used to connect remote hosts into internal resources. Make sure that the use of this VPN endpoint is done in accordance with your corporate security policy...

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5917-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5917-1 advisory. It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state i...

F5 Networks BIG-IP : BIG-IP SSL vulnerability (K21905460) (ROBOT)

On BIG-IP versions 11.6.0-11.6.2 fixed in 11.6.2 HF1, 12.0.0-12.1.2 HF1 fixed in 12.1.2 HF2, or 13.0.0-13.0.0 HF2 fixed in 13.0.0 HF3 a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack AKA Bleichenbacher attack against RSA, which when...

Elasticsearch 'source' Parameter RCE

The Elasticsearch application hosted on the remote web server is affected by a remote code execution vulnerability due to a failure to properly sanitize user-supplied input to the 'source' parameter of the '/search' page. A remote, unauthenticated attacker can exploit this flaw to execute arbitra...

Oracle WebLogic Server Multiple Vulnerabilities (Oct 2021 CPU)

The 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2021 CPU advisory. - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware...

SSH Rate Limited Device

The remote host is a device that may rate limit connections, potentially causing intermittent authentication failures in other plugins. Local checks will be enabled in this plugin where possible. TRUSTED...

Apache Tomcat 7.0.0 < 7.0.59

The version of Tomcat installed on the remote host is prior to 7.0.59. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat7.0.59security-7 advisory. - The Expression Language EL implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before...

SimpleBoard / Joomlaboard 'sbp' Parameter Remote File Include

The version of the SimpleBoard or Joomlaboard component for Mambo or Joomla! running on the remote host is affected by a remote file include vulnerability due to improper sanitization of user-supplied input to the 'sbp' parameter before using it in the fileupload.php or imageupload.php scripts to...

Curl Arbitrary File Write 7.x >= 7.84.0 / 8.x <= 8.1.2 (CVE-2023-32001)

The version of Curl installed on the remote host is between 7.84.0 and 8.1.2. It is therefore affected by an arbitrary file write vulnerability. Curl can be told to save cookie, HSTS and/or alt-svc data to files. When doing this, it called stat followed by fopen in a way that made it vulnerable t...

VMware ESX / ESXi Web-Based Datastore Browser Default Credentials

Nessus was able to log in to the remote VMware ESX / ESXi Web-Based Datastore Browser using a default set of administrative credentials. A remote attacker could utilize these credentials to access virtual machine and virtual disk files. C Tenable Network Security, Inc. include"compat.inc"; if...

Juniper Junos OS Multiple Vulnerabilities (JSA11171)

The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA11171 advisory. - The control mode mode 6 functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet. CVE-2016-9310...

ASUS Router 'infosvr' Remote Command Execution

The remote device is an ASUS router that contains firmware which is affected by a flaw in its 'infosvr' service due to not properly checking the MAC address of a request. An unauthenticated, remote attacker, using a crafted request to UDP port 9999, can exploit this to run arbitrary commands or...

Jetty < 9.4.39 Multiple Vulnerabilities

According to its self-reported version number, the instance of Jetty hosted on the remote web server is prior to 9.4.39, 10.0.x prior to 10.0.2 or 11.0.x prior to 11.0.2. It is, therefore, affected by multiple vulnerabilities: - An issue where CPU usage can reach 100% with a large invalid TLS...

Linux Sudo Privilege Escalation (Out-of-bounds Write)

Binary data linuxcve-2021-3156.nbin...

Microsoft Office Unsupported Version Detection

According to its version, the installation of Microsoft Office on the remote Windows host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. C Tenable Network...

McAfee Antivirus Detection and Status

McAfee VirusScan, an antivirus application, is installed on the remote host. However, there is a problem with the installation; either its services are not running or its virus definitions are out of date. C Tenable, Inc. This script has been rewritten by Tenable Original script was written by Je...

Microsoft Windows Vista Unsupported Installation Detection

Microsoft Windows Vista is running on the remote host. Support for this operating system was ended by Microsoft on April 11th, 2017. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities...

RIP Poisoning Routing Table Modification (Adjacent Network)

It was possible to poison the remote host routing tables through the RIP protocol. An attacker may use this to hijack network connections. Several RIP agents reject routes that are not sent by a neighbor, so this flaw may not be exploitable from a non-adjacent network. C Tenable Network Security,...

RHEL 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 7 (RHSA-2018:2185)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2185 advisory. - openssl: Out-of-bounds write caused by unchecked errors in BNbn2dec CVE-2016-2182 - httpd: CRLF injection allowing HTTP response splitting...

Apache Struts 2 s:a / s:url Tag href Element XSS

The web application on the remote host is affected by a cross-site scripting vulnerability due to a vulnerable version of Apache Struts 2 that fails to properly encode the parameters in the 's:a' and 's:url' tags. A remote attacker can exploit this by tricking a user into requesting a page with...

OpenSSL 1.1.1 < 1.1.1za Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.1.1za. It is, therefore, affected by a vulnerability as referenced in the 1.1.1za advisory. - Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or...

F5 Networks BIG-IP : TLS vulnerability (K16674) (Logjam)

The TLS protocol 1.2 and earlier, when a DHEEXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHEEXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHEEXPORT and then...

KB5015877: Windows 8.1 and Windows Server 2012 R2 Security Update (July 2022)

The remote Windows host is missing security update 5015877 or cumulative update 5015874. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands...

Palo Alto Networks PAN-OS for Panorama < 9.0.15 / 9.1.12-h3 / 10.0.8-h8 Multiple RCE (Log4Shell)

The version of Palo Alto Networks PAN-OS for Panorama running on the remote host is 9.0.x prior to 9.0.15, 9.1.x prior to 9.1.12-h3, or 10.0.x prior to 10.0.8-h8. It is, therefore, affected by two remote code execution vulnerabilities related to Log4Shell within the ElasticSearch component. These...

dnsmasq < 2.83 Multiple Vulnerabilities (DNSPOOQ)

The version of dnsmasq installed on the remote host is prior to 2.83. It is, therefore, affected by multiple vulnerabilities: - Multiple remote buffer overflows in the DNSSEC implementation. CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687 - A UDP DNS cache poisoning vulnerability...

PHP 7.2.x / 7.3.x < 7.3.22 Memory Leak Vulnerability

According to its self-reported version number, the version of PHP running on the remote web server is 7.2.x or 7.3.x prior to 7.3.21. It is, therefore affected by a memory leak vulnerability in the LDAP component. An unauthenticated, remote attacker could exploit this issue to cause a...

OpenSSH < 7.6

According to its banner, the version of OpenSSH running on the remote host is prior to 7.6. It is, therefore, affected by a file creation restriction bypass vulnerability related to the 'processopen' function in the file 'sftp-server.c' that allows authenticated users to create zero-length files...

GPON ONT Home Gateway Authenticated Remote Command Execution (CVE-2019-3919)

Binary data gponcve-2019-3919.nbin...

MS16-077: Security Update for WPAD (3165191)

The remote Windows host is missing a security update. It is, therefore, affected by multiple elevation of privilege vulnerabilities : - An elevation of privilege vulnerability exists in the Web Proxy Auto Discovery WPAD protocol due to improper handling of the proxy discovery process. A remote...

HP Integrated Lights-Out (iLO) Default Credentials

The remote HP Integrated Lights-Out iLO install uses a default set of credentials 'Admin' / 'Admin' or 'Oper' / 'Oper' to control access to its management interface. With this information, an attacker can gain access to the application. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Apache Mixed Platform AddType Directive Information Disclosure

The remote host appears to be running Apache. When Apache runs on a Unix host with a document root on a Windows SMB share, remote, unauthenticated attackers could obtain the unprocessed contents of the directory. For example, requesting a PHP file with a trailing backslash could display the file'...

@lex Guestbook livre_include.php chem_absolu Parameter Remote File Inclusion

The remote host seems to be running @lex guestbook, a guestbook web application written in PHP. The reported version may permit remote attackers, without prior authentication, to include and execute malicious PHP scripts. By modifying the 'chemabsolu' parameter of the 'livreinclude.php' script, i...

Solaris 10 (sparc) : 150400-59 (deprecated)

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: Kernel. The supported version that is affected is 10. Easily exploitable vulnerability allows unauthenticated attacker with network access via ICMP to compromise Solaris. Successful attacks of this...

SMB Use Domain SID to Enumerate Users

Using the domain security identifier SID, Nessus was able to enumerate the domain users on the remote Windows system. C Tenable Network Security, Inc. @PREFERENCES@ include"compat.inc"; if description scriptid10399; scriptversion"1.82"; scriptcvsdate"Date: 2020/01/07"; scriptnameenglish:"SMB Use...

Conexant Audio Driver MicTray.exe / MicTray64.exe Keylogger

The Conexant audio driver package installed on the remote Windows host is affected by an information disclosure vulnerability in the debugging features of MicTray.exe or MicTray64.exe due to a LowLevelKeyboardProc Windows hook that is being used to capture keystrokes. This data is then leaked via...

Attachmate Reflection X Heartbeat Information Disclosure (Heartbleed)

The Attachmate Reflection X install on the remote host is affected by an out-of-bounds read error, known as the 'Heartbleed Bug' in the included OpenSSL version. This error is related to handling TLS heartbeat extensions that could allow an attacker to obtain sensitive information such as primary...

Oracle GlassFish Server 3.0.1.x < 3.0.1.17 / 3.1.2.x < 3.1.2.18 (October 2017 CPU)

According to its self-reported version, the Oracle GlassFish Server running on the remote host is 3.0.1.x prior to 3.0.1.17 or 3.1.2.x prior to 3.1.2.18. It is, therefore, affected by multiple vulnerabilities, including multiple denial of service vulnerabilities and unauthorized access to sensiti...

HyperText Transfer Protocol (HTTP) Information

This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc... This test is informational only and does not denote any security problem. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid24260;...

urllib3 Python Library < 1.26.19, < 2.2.2 (CVE-2024-37891)

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with 'ProxyManager', the 'Proxy-Authorization' header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to...

CodeMeter Runtime Predictable Encryption Key

Binary data codemetercve-2020-14517.nbin...

MikroTik RouterOS < 6.40.7 or 6.41.x < 6.41.3 SMB Buffer Overflow

According to its self-reported version, the remote networking device is running a version of MikroTik RouterOS prior to 6.40.7 or 6.41.x prior to 6.41.3. It is, therefore, affected by a remote SMB buffer overflow vulnerability that can be leveraged by an unauthenticated, remote attacker to execut...

WordPress 5.5.x < 5.5.12 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A directory traversal via wplang. CVE-2023-2745 - A Cross-Site Request Forgery CSRF via wpajaxsetattachmentthumbnail. - An authenticated stored Cross-Site Scripting XSS vi...