337660 matches found
OS Security Patch Assessment Available
Nessus was able to determine OS security patch levels by logging into the remote host and running commands to determine the version of the operating system and its components. The remote host was identified as an operating system or device that Nessus supports for patch and update assessment. The...
MS15-002: Vulnerability in Windows Telnet Service Could Allow Remote Code Execution (3020393)
The remote Windows host is affected by a remote code execution vulnerability due to improper processing of packets by the Telnet service. A remote attacker can exploit this issue by sending specially crafted packets to a Windows server. C Tenable Network Security, Inc. include"compat.inc"; if...
Apple TV Detection
The remote host is an Apple TV, a digital media receiver. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid42825; scriptversion"1.10"; scriptsetattributeattribute:"pluginmodificationdate", value:"2025/09/29"; scriptnameenglish:"Apple TV Detection";...
F5 Networks BIG-IP : TLS/DTLS 'Lucky 13' vulnerability (K14190)
A vulnerability exists in the TLS and DTLS protocols that may allow an attacker to recover plaintext from TLS/DTLS connections that use CBC-mode encryption. CVE-2013-0169 Note: Stream ciphers, such as RC4, are not vulnerable to this issue. C Tenable Network Security, Inc. The descriptive text and...
HP LaserJet PJL Interface Directory Traversal (HPSBPI02575)
The remote host's PJL interface fails to sanitize input to the 'name' parameter of the 'fsdirlist' command before using it. An attacker can leverage this issue using a directory traversal sequence to view arbitrary files on the affected host within the context of the PJL service. Information...
PHP 8.1.x < 8.1.12 Multiple Vulnerabilities
The version of PHP installed on the remote host is prior to 8.1.12. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.1.12 advisory. - The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allow...
Telerik UI for ASP.NET AJAX RadAsyncUpload .NET Deserialization Vulnerability
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote...
OpenSSL < 1.0.2i Default Weak 64-bit Block Cipher (SWEET32)
According to its banner, the version of OpenSSL running on the remote host is prior to 1.0.2i. It is, therefore, affected by a vulnerability, known as SWEET32, in the 3DES and Blowfish algorithms due to the use of weak 64-bit block ciphers by default. A man-in-the-middle attacker who has sufficie...
AgoraCart agora.cgi cart_id Parameter XSS
Agora is a CGI-based, e-commerce package. Due to poor input validation, Agora allows an attacker to execute cross-site scripting attacks. %NASLMINLEVEL 70300 This script was written by Matt Moore See the Nessus Scripts License for details include'deprecatednasllevel.inc'; include'compat.inc'; if...
PHP < 7.3.28 Email Header Injection
According to its self-reported version number, the version of PHP running on the remote web server is prior to 7.3.28. It is, therefore affected by an email header injection vulnerability, due to a failure to properly handle CR-LF sequences in header fields. An unauthenticated, remote attacker ca...
Apache Shiro URI Path Security Directory Traversal Information Disclosure
The version of the Apache Shiro open source security framework running on the remote web server is affected by an error in the path-based filter chain mechanism due to a failure to properly normalize URI paths before comparing them with entries in the shiro.ini file. An unauthenticated, remote...
SSH Known Hard Coded Private Keys
The remote host is running a service that is using a publicly known SSH private key. An attacker may use this key to decrypt intercepted traffic between users and the device. A remote attacker can also perform a man-in-the-middle attack in order to gain access to the system or modify data in...
Default Password 'P@ssw0rd' for 'admin' Account
The account 'admin' on the remote host has the default password 'P@ssw0rd'. A remote attacker can exploit this issue to gain administrative access to the affected system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "admin"; password = "P@ssw0rd"; include'deprecatednasllevel.inc...
Oracle Java SE 1.7.0_321 / 1.8.0_311 / 1.11.0_13 / 1.17.0_1 Multiple Vulnerabilities (October 2021 CPU)
The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is prior to 7 Update 321, 8 Update 311, 11 Update 13, or 17 Update 1. It is, therefore, affected by multiple vulnerabilities as referenced in the October 2021 CPU advisory: - Vulnerability in the Java SE...
KB4580325: Security update for Adobe Flash Player (October 2020)
The remote Windows host is missing security update KB4580325. It is, therefore, affected by a NULL pointer dereference flaw. An unauthenticated, remote attacker can exploit this, by inserting malicious strings in an HTTP response that is by default delivered over TLS/SSL. Note that Nessus has not...
Azul Zulu Java Multiple Vulnerabilities (2024-04-16)
The version of Azul Zulu installed on the remote host is prior to 6 6.63.0.14 / 7 7.69.0.14 / 8 8.77.0.14 / 11 11.71.14 / 17 17.49.16 / 21 21.33.14 / 22 22.30.14. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024-04-16 advisory. - The issue was addressed with improv...
Webmin 1.890 - 1.920 Remote Command Execution (CVE-2019-15107, CVE-2019-15231)
The Webmin install hosted on the remote host is affected by a remote command execution vulnerability. A remote, unauthenticated attacker and exploit this to execute arbitrary commands on the remote host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...
TLS ALPN Supported Protocol Enumeration
The remote host supports the TLS ALPN extension. This plugin enumerates the protocols the extension supports. TRUSTED...
Apache mod_status /server-status Information Disclosure
A remote unauthenticated attacker can obtain an overview of the remote Apache web server's activity and performance by requesting the URL '/server-status'. This overview includes information such as current hosts and requests being processed, the number of workers idle and service requests, and C...
Amazon Linux 2 : openssh (ALAS-2022-1748)
The version of openssh installed on the remote host is prior to 7.4p1-22. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2022-1748 advisory. A flaw was found in OpenSSH. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges...
HP, Samsung, and Xerox Printer Driver Privilege Escalation (CVE-2021-3438)
The printer driver installed on the remote host is missing a security update. It is, therefore, affected by a privilege escalation vulnerability. An authenticated, local attacker can exploit this to gain privileged or administrator access to the system. %NASLMINLEVEL 70300 C Tenable Network...
nginx HTTP Server Detection
Nessus was able to detect the nginx HTTP server by looking at the HTTP banner on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid106375; scriptversion"1.7"; scriptsetattributeattribute:"pluginmodificationdate", value:"2023/05/24"; scriptxrefname:"IAVT...
NTP ntpd Mode 7 Error Response Packet Loop Remote DoS
The version of ntpd running on the remote host has a denial of service vulnerability. It responds to mode 7 error packets with its own mode 7 error packets. A remote attacker could exploit this by sending a mode 7 error response with a spoofed IP header, setting the source and destination IP...
PHP 5.4.x < 5.4.38 Multiple Vulnerabilities (GHOST)
According to its banner, the version of PHP 5.4.x installed on the remote host is prior to 5.4.38. It is, therefore, affected by multiple vulnerabilities : - A heap-based buffer overflow flaw in the enchantbrokerrequestdict function in ext/enchant/enchant.c could allow a remote attacker to cause ...
Amazon Linux AMI : log4j-cve-2021-44228-hotpatch (ALAS-2021-1554)
The version of log4j-cve-2021-44228-hotpatch installed on the remote host is prior to 1.1-13. It is, therefore, affected by a vulnerability as referenced in the ALAS-2021-1554 advisory. The Apache Log4j hotpatch package starting with log4j-cve-2021-44228-hotpatch-1.1-13 will now explicitly mimic...
MS17-012: Security Update for Microsoft Windows (4013078)
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists in Device Guard due to improper validation of certain elements in a signed PowerShell script. An unauthenticated, remote attacker can...
Unauthenticated SMB Access Permitted (Arbitrary Credential Acceptance)
The remote host is running one of the Microsoft Windows operating systems or the SAMBA daemon. It was possible to log into it as a guest user, or a guest-like user, using a random account. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid26919; scriptversion"1.21";...
Webcart Default Install Configuration Disclosure
At least one of these file or directories is world readable : /webcart/orders/ /webcart/orders/import.txt /webcart/carts/ /webcart/config/ /webcart/config/clients.txt /webcart-lite/orders/import.txt /webcart-lite/config/clients.txt This misconfiguration may allow an attacker to gather the credit...
KB5004958: Windows Server 2012 R2 OOB Security Update RCE (July 2021)
A remote command execution vulnerability exists in Windows Print Spooler service improperly performs privileged file operations. An authenticated, remote attacker can exploit this to bypass and run arbitrary code with SYSTEM privileges. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
Elasticsearch Groovy Script RCE
The Elasticsearch application hosted on the remote web server is affected by a remote code execution vulnerability due to unspecified flaws in the Groovy script engine. A remote unauthenticated attacker, using a specially crafted request, can escape the sandbox and execute arbitrary Java code. A...
Web Common Credentials
Nessus was able to read protected web pages by using common login and password combinations. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid50504; scriptversion"1.14";...
Intel PXE Server Remote Overflow
The remote host is running PXE Preboot eXecution Environment, a service which can be used to boot diskless clients. There is a flaw in the remote PXE which may allow an attacker to gain a root shell on this host. Nessus disabled this service to perform this security check C Tenable Network...
PHP 7.3.x < 7.3.13 / 7.4.x < 7.4.1 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 7.3.x prior to 7.3.13 or 7.4.x prior to 7.4.1. It is, therefore, affected by multiple vulnerabilities: - An arbitrary file read vulnerability exists in link and DirectoryIterator class due to improper handling of...
Security Updates for Microsoft Visual Studio Products (January 2019)
The Microsoft Visual Studio Products are missing a security update. It is, therefore, affected by the following vulnerability : - An information disclosure vulnerability exists when Visual Studio improperly discloses arbitrary file contents if the victim opens a malicious .vscontent file. An...
OpenVPN Heartbeat Information Disclosure (Heartbleed)
Based on its response to a TLS request with a specially crafted heartbeat message RFC 6520, the remote OpenVPN service appears to be affected by an out-of-bounds read flaw. Because the remote OpenVPN service does not employ the 'HMAC Firewall' feature, this vulnerability can be exploited without...
Oracle Database Multiple Vulnerabilities (July 2017 CPU) (POODLE) (SWEET32)
The remote Oracle Database Server is missing the July 2017 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities : - A man-in-the-middle MitM information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles padding bytes when decrypting...
Allegro RomPager HTTP Cookie Management Remote Code Execution Vulnerability (Misfortune Cookie)
Nessus was able to overwrite the request path by sending a specially crafted cookie to the remote web server. It is, therefore, affected by multiple vulnerabilities : - A flaw in HTTP cookie management in the embedded web server allows a remote attacker to execute arbitrary code with administrati...
MySQL 5.7.x < 5.7.32 Multiple Vulnerabilities (Oct 2020 CPU)
The version of MySQL running on the remote host is 5.7.x prior to 5.7.32. It is, therefore, affected by multiple vulnerabilities, including the following, as noted in the October 2020 Critical Patch Update advisory: - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: FT...
Apache Tomcat 7.0.0 < 7.0.89
The version of Tomcat installed on the remote host is prior to 7.0.89. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat7.0.89security-7 advisory. - The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.R...
CGI Generic Path Traversal (write test)
The remote web server hosts CGI scripts that fail to adequately sanitize request strings and are affected by directory traversal or local file inclusion vulnerabilities. By leveraging this issue, an attacker may be able to modify arbitrary files on the web server or execute commands. Due to the w...
Bitvise SSH Server < 7.41 Multiple Vulnerabilities (remote)
According to its banner, the version of Bitvise SSH Server running on the remote host is prior to 7.41. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. C Tenable...
Microsoft Visual Studio .git\config Command Execution
The version of Visual Studio installed on the remote host is affected by a command execution vulnerability when processing specially crafted git trees in a case-insensitive or case-normalizing file system. A remote attacker, using a specially crafted git tree, can overwrite a user's '.git/config'...
KB5014699: Windows 10 Version 20H2 / 21H1 / 21H2 Security Update (June 2022)
The remote Windows host is missing security update 5014699. It is, therefore, affected by multiple vulnerabilities: - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. CVE-2022-30166, CVE-2022-30165, CVE-2022-30160 CVE-2022-30154, CVE-2022-30151,...
MySQL 5.6.x < 5.6.40 Multiple Vulnerabilities (April 2018 CPU)
The version of MySQL running on the remote host is 5.6.x prior to 5.6.40. It is, therefore, affected by multiple vulnerabilities as noted in the April 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not...
Default Password (TANDBERG) for 'root' Account
The account 'root' on the remote host has the password 'TANDBERG'. An attacker may leverage this issue to gain administrative access to the affected system. Note that Cisco TelePresence Conductor virtual appliances are known to use these credentials to provide complete, administrative access to t...
Oracle GlassFish Server 3.1.2.x < 3.1.2.15 Multiple Vulnerabilities (July 2016 CPU)
According to its self-reported version number, the Oracle GlassFish Server running on the remote host is 3.1.2.x prior to 3.1.2.15. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the bundled version of libcurl in the smbrequeststate...
Woltlab Burning Board Detection
The remote host is running Burning Board or Burning Board Lite, message forum software packages that use PHP and MySQL. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid18250; scriptversion"1.20"; scriptsetattributeattribute:"pluginmodificationdate", value:"2023/05/24"...
Hydra: IMAP
This plugin runs Hydra to find IMAP accounts and passwords by brute force. To use this plugin, enter the 'Logins file' and the 'Passwords file' under the 'Hydra NASL wrappers options' advanced settings block. TRUSTED...
PHP 8.0.x < 8.0.24 Multiple Vulnerabilities
The version of PHP installed on the remote host is prior to 8.0.24. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.0.24 advisory. - In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress quines gzip files,...
MySQL 5.6.x < 5.6.47 Multiple Vulnerabilities (Jan 2020 CPU)
The version of MySQL running on the remote host is 5.6.x prior to 5.6.47. It is, therefore, affected by multiple vulnerabilities, including three of the top vulnerabilities below, as noted in the January 2020 Critical Patch Update advisory: - Unspecified vulnerability in the optimizer component o...