Selligent Message Studio Struts Code Execution (CVE-2017-5638)

Binary data selligentmessagestudiorce.nbin...

Apache Tomcat 9.0.0.M1 < 9.0.38

The version of Tomcat installed on the remote host is prior to 9.0.38. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.38security-9 advisory. - If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57...

Oracle Database Server Multiple Vulnerabilities (July 2018 CPU)

The remote Oracle Database Server is missing the July 2018 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities: - An unspecified vulnerability in the Oracle Spatial jackson-databind component of Oracle Database Server allows an unauthenticated, remote attacker with...

Bash Remote Code Execution (Shellshock)

The remote host is running a version of Bash that is vulnerable to command injection via environment variable manipulation. Depending on the configuration of the system, an attacker could remotely execute arbitrary code. TRUSTED...

OpenSSL 1.1.1 < 1.1.1p Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.1.1p. It is, therefore, affected by a vulnerability as referenced in the 1.1.1p advisory. - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not...

Apache Tomcat 7.0.0 < 7.0.68 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 7.0.68. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat7.0.68security-7 advisory. - The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x...

PHP 5.6.x < 5.6.4 'process_nested_data' RCE

According to its banner, the version of PHP 5.6.x installed on the remote host is prior to 5.6.4. It is, therefore, affected by a use-after-free error in the 'processnesteddata' function within 'ext/standard/varunserializer.re' due to improper handling of duplicate keys within the serialized...

FLEXnet Connect Update Service ActiveX Control Multiple Code Execution Vulnerabilities

Macrovision FLEXnet Connect, formerly known as InstallShield Update Service, is installed on the remote host. It is a software management solution for internally-developed and third-party applications, and may have been installed as part of the FLEXnet Connect SDK, other InstallShield software, o...

WordPress Trackback Charset Decoding SQL Injection

The version of WordPress on the remote host supports trackbacks in alternate character sets and decodes them after escaping SQL parameters. By specifying an alternate character set and encoding input with that character set while submitting a trackback, an unauthenticated, remote attacker can...

IBM HTTP Server 8.5.0.0 <= 8.5.5.2 / 8.0.0.0 <= 8.0.0.9 / 7.0.0.0 <= 7.0.0.33 / 6.1.0.0. <= 6.1.0.47 / 6.0.2.0 <= 6.0.2.43 Multiple Vulnerabilities (509275)

The version of IBM HTTP Server running on the remote host is affected by multiple vulnerabilities, as follows: - Race condition in the modstatus module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service heap-based buffer overflow, or possibly obtain...

FreeBSD : Apache httpd -- several vulnerabilities (862d6ab3-c75e-11e6-9f98-20cf30e32f6d) (httpoxy)

Apache Software Foundation reports : Please reference CVE/URL list for details %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018 Jacques Vidrine and contributors...

MS12-073: Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Information Disclosure (2733829)

The FTP service in the version of IIS 7.0 or 7.5 on the remote Windows host is affected by multiple vulnerabilities that could result in unauthorized information disclosure. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid62905; scriptversion"1.8"; scriptcvsdate"Date:...

ionCube loader-wizard.php Remote Information Disclosure

The ionCube 'loader-wizard.php' script hosted on the remote web server is affected by a remote information disclosure vulnerability because the script fails to properly sanitize user-supplied input to the 'ininame' parameter. An attacker could potentially leverage this to view arbitrary files by...

Apache Struts 2 OGNL Expression Handling Double Evaluation Error Remote Command Execution

The remote web application appears to use Struts 2, a web framework that utilizes OGNL Object-Graph Navigation Language as an expression language. Due to a flaw in the evaluation of an OGNL expression, a remote, unauthenticated attacker can exploit this issue to execute arbitrary commands on the...

Microsoft Windows VP9 Video Extensions Library Multiple Vulnerabilities (March 2022)

The Windows 'VP9 Extensions' app installed on the remote host is affected by multiple code execution vulnerabilities. An attacker who successfully exploited the vulnerabilities could execute arbitrary code. Exploitation of the vulnerabilities require that a program process a specially crafted fil...

SolarWinds Dameware Mini Remote Control Client Public Key Buffer Over-read

The SolarWinds Dameware Mini Remote Control Client Agent running on the remote host is affected by a buffer over-read vulnerability due to improper validation of user-supplied data. An unauthenticated, remote attacker can exploit this, via a series of requests, to cause a denial of service...

Symantec Endpoint Protection Client 12.1.x < 12.1 RU6 MP9 / 14.0.x < 14.0 RU1 Multiple Vulnerabilities (SYM17-011)

The version of Symantec Endpoint Protection SEP Client installed on the remote host is 12.1.x prior to 12.1 RU6 MP9 or 14.0.x prior to 14.0 RU1. It is, therefore, affected by a multiple vulnerabilities as referenced in the advisory. Note that Nessus has not tested for this issue but has instead...

Adobe ColdFusion BlazeDS Java Object Deserialization RCE

The version of Adobe ColdFusion running on the remote host is affected by a Java deserialization flaw in the Apache BlazeDS library when handling untrusted Java objects. An unauthenticated, remote attacker can exploit this to execute arbitrary code. TRUSTED...

Microsoft Exchange Server Unsupported Version Detection

According to its self-reported version number, the installation of Microsoft Exchange Server on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilitie...

RPC rusers Remote Information Disclosure

The rusersd RPC service is running. It provides an attacker interesting information such as how often the system is being used, the names of the users, and more. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid11058; scriptversion"1.19"; scriptcvsdate"Date: 2018/08/13...

VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2012-0005) (BEAST) (remote check)

The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components : - Apache Tomcat - bzip2 library - JRE - WDDM display driver - XPDM display driver...

Brocade Fabric OS Default Credentials

The remote device is a Brocade Fabric OS device that uses a set of known, default credentials. Knowing these, an attacker able to connect to the service can gain control of the device. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

Host Fully Qualified Domain Name (FQDN) Resolution (XML tag)

Nessus was able to resolve the fully qualified domain name FQDN of the remote host. This plugin, which does not show up in the report, writes the IP and FQDN of this host as an XML tag in the .nessus v2 reports. TRUSTED...

CentOS 7 : glibc (CESA-2018:0805)

An update for glibc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Mozilla Foundation Unsupported Application Detection

According to its version, there is at least one unsupported Mozilla application Firefox, Thunderbird, and/or SeaMonkey installed on the remote host. This version of the software is no longer actively maintained. Lack of support implies that no new security patches for the product will be released...

Cisco IOS Zone-Based Firewall Feature Security Bypass (CSCun94946)

According to its self-reported version, the Cisco IOS software running on the remote device is affected by a security bypass vulnerability in the Zone-Based Firewall feature due to insufficient zone checking for traffic belonging to existing sessions. An unauthenticated, remote attacker can explo...

SSH Static Key Accepted

The SSH server on the remote host accepts a publicly known static SSH private key for authentication. A remote attacker can log in to this host using this publicly known private key. TRUSTED...

Oracle Java (Apr 2024 CPU)

The 8u401, 20.3.13, 21.3.9, 11.0.23, 17.0.10, 21.0.3, 22, and perf versions of Java installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java S...

KB5023697: Windows 10 Version 1607 and Windows Server 2016 Security Update (March 2023)

The remote Windows host is missing security update 5023697. It is, therefore, affected by multiple vulnerabilities - An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An...

Non-compliant Strict Transport Security (STS)

The remote web server implements Strict Transport Security. However, it does not respect all the requirements of the STS draft standard. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid42823; scriptversion"$Revision: 1.7 $"; scriptcvsdate"$Date: 2014/09/19 20:19:00 $"...

SSH Password Authentication Accepted

The SSH server on the remote host accepts password authentication. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid149334; scriptversion"1.1"; scriptsetattributeattribute:"pluginmodificationdate", value:"2021/05/07...

OS vulnerabilities detected in banner reporting (PCI-DSS check)

A service banner response from the remote host indicates an OS install at a level that may be vulnerable to one or more vulnerabilities. This plugin only runs when 'Check for PCI-DSS compliance' is enabled in the scan policy. It does not run if local security checks are enabled. It runs off of...

JBoss JMX Console Unrestricted Access

The remote web server appears to be a version of JBoss that allows unauthenticated access to the JMX and/or Web Console servlets used to manage JBoss and its services. A remote attacker can leverage this issue to disclose sensitive information about the affected application or even take control o...

WordPress 5.7.x < 5.7.6 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A stored cross-site scripting XSS vulnerability exists via wpfilterglobalstylespost. - A prototype pollution exists via the Gutenberg wordpress/url package. Note that the...

Oracle WebLogic Server Multiple Vulnerabilities (October 2018 CPU)

The version of Oracle WebLogic Server installed on the remote host is affected by multiple vulnerabilities: - Vulnerabilities in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: WLS Core Components. Easily exploitable vulnerabilities allow unauthenticated attacker wi...

boastMachine mail.php id Parameter SQL Injection

The remote host is running boastMachine, an open source publishing tool written in PHP. The version of boastMachine installed on the remote host fails to sanitize user input to the 'id' parameter of the 'mail.php' script before using it to perform database queries. Provided PHP's 'magicquotesgpc'...

MariaDB 10.11.0 < 10.11.8

The version of MariaDB installed on the remote host is prior to 10.11.8. It is, therefore, affected by a vulnerability as referenced in the 10.11.8 advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Client: mysqldump. Supported versions that are affected are 8.0.36 a...

MS16-007: Security Update for Microsoft Windows to Address Remote Code Execution (3124901)

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple elevation of privilege vulnerabilities exist due to improper validation of user-supplied input before loading DLL files. A local attacker can exploit these, via a crafted...

FLEXnet Connect Update Service Agent ActiveX (isusweb.dll) Overflow

Macrovision FLEXnet Connect, formerly known as InstallShield Update Service, is installed on the remote host. It is a software management solution for internally-developed and third-party applications, and may have been installed as part of the FLEXnet Connect SDK, other InstallShield software, o...

Ethernet Card Manufacturer Detection

Each ethernet MAC address starts with a 24-bit Organizationally Unique Identifier OUI. These OUIs are registered by IEEE. TRUSTED...

Oracle WebLogic Server (Jul 2022 CPU)

The version of Oracle WebLogic Server installed on the remote host is missing a security patch from the July 2022 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities, including: - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware...

MySQL 5.7.x < 5.7.18 Multiple Vulnerabilities (April 2017 CPU) (July 2017 CPU)

The version of MySQL running on the remote host is 5.7.x prior to 5.7.18. It is, therefore, affected by multiple vulnerabilities : - A carry propagation error exists in the OpenSSL component in the Broadwell-specific Montgomery multiplication procedure when handling input lengths divisible by but...

HP System Management Homepage < 7.2.1.0 Multiple Vulnerabilities (BEAST)

According to the web server's banner, the version of HP System Management Homepage SMH hosted on the remote web server is a version prior to 7.2.1.0. It is, therefore, affected by the following vulnerabilities : - An information disclosure vulnerability, known as BEAST, exists in the SSL 3.0 and...

Security Updates for Microsoft SQL Server OLE DB Driver (April 2024)

The Microsoft SQL Server OLE DB Driver installed on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands...

Apache Solr Log4Shell Direct Check (CVE-2021-44228)

Binary data apachesolrlog4shell.nbin...

SSL Certificate Validity - Duration

The CA/Browser Forum has passed a resolution setting the maximum validity period for SSL/TLS subscriber certificates via ballot 193. Certificates issued after March 1, 2018 may not be valid longer than 825 days. Certificates issued after July 1, 2016 through March 1, 2018 may not be valid longer...

Microsoft Windows Server 2003 R2 IIS 6.0 WebDAV PROPFIND Request Handling RCE (EXPLODINGCAN)

The remote host is running Windows Server 2003 R2 and Internet Information Services IIS 6.0 with WebDAV enabled. It is, therefore, affected by a buffer overflow condition in the IIS WebDAV service due to improper handling of the 'If' header in a PROPFIND request. An unauthenticated, remote attack...

Hydra: SMTP AUTH

This plugin runs Hydra to find SMTP AUTH accounts and passwords by brute force. To use this plugin, enter the 'Logins file' and the 'Passwords file' under the 'Hydra NASL wrappers options' advanced settings block. TRUSTED...

Apache Tomcat 8.5.0 < 8.5.55

The version of Tomcat installed on the remote host is prior to 8.5.55. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat8.5.55security-8 advisory. - When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to...

MagniComp SysInfo Privilege Escalation Vulnerability (Linux/UNIX)

The version of MagniComp SysInfo installed on the remote host is prior to 10-H64. It is, therefore, affected by a privilege escalation vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 70300 C...