RHEL 7 : openssh (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openssh: User enumeration via malformed packets in authentication requests CVE-2018-15919 - openssh:...

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : OpenSSH vulnerabilities (USN-6565-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6565-1 advisory. It was discovered that OpenSSH incorrectly handled supplemental groups when running helper programs for AuthorizedKeysCommand...

PHP 7.4.x < 7.4.25

The version of PHP installed on the remote host is prior to 7.4.25. It is, therefore, affected by a vulnerability as referenced in the Version 7.4.25 advisory. - In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM...

Apache Tomcat 8.5.x < 8.5.23 Remote Code Execution via JSP Upload

The version of Apache Tomcat installed on the remote host is 8.5.x prior to 8.5.23. It is, therefore, affected by an unspecified vulnerability when running with HTTP PUTs enabled e.g. via setting the readonly initialization parameter of the Default to false that makes it possible to upload a JSP...

CentOS 9 : openssh-8.7p1-43.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the openssh-8.7p1-43.el9 build changelog. - A race condition vulnerability was discovered in how signals are handled by OpenSSH's server sshd. If a remote attacker does not authenticate...

KB5021233: Windows 10 Version 20H2 / 21H1 / 21H2 / 22H2 Security Update (December 2022)

The remote Windows host is missing security update 5021233. It is, therefore, affected by multiple vulnerabilities - PowerShell Remote Code Execution Vulnerability CVE-2022-41076 - Windows Subsystem for Linux WSL2 Kernel Elevation of Privilege Vulnerability CVE-2022-44689 - A remote code executio...

HP System Management Homepage < 7.2.5 / 7.4.1 Multiple Vulnerabilities (POODLE)

According to the web server's banner, the version of HP System Management Homepage SMH hosted on the remote web server is prior to 7.2.5 or 7.4.1. It is, therefore, affected by the following vulnerabilities : - An information disclosure vulnerability exists exists in OpenSSL due to the pretty...

MS09-042: Vulnerability in Telnet Could Allow Remote Code Execution (960859)

The remote Telnet client does not correctly opt in to NTLM credential- reflection protections, which ensure that a user's credentials are not reflected back and used against the user. If a remote attacker can trick a user on the host into connecting to a malicious server with an affected version ...

JBoss Enterprise Application Platform (EAP) Status Servlet Request Remote Information Disclosure

The version of JBoss Enterprise Application Platform EAP running on the remote host allows unauthenticated access to a status servlet, which is used to monitor sessions and requests sent to the server. This vulnerability CVE-2008-3273 was fixed in versions 4.2.0.CP03 and 4.3.0.CP01, but was later...

RHEL 7 : kernel (RHSA-2018:1062)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1062 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: hw: cpu: speculative execution...

POP3 Service STLS Plaintext Command Injection

The remote POP3 service contains a software flaw in its STLS implementation that could allow a remote, unauthenticated attacker to inject commands during the plaintext protocol phase that will be executed during the ciphertext protocol phase. Successful exploitation could allow an attacker to ste...

IBM Lotus Domino Administration Databases Anonymous Access

The remote Lotus Domino server allows an anonymous user to access sensitive information such as users, databases, configuration of servers including operating system and hard disk partitioning, and logs of access to users which could expose sensitive data if GET html forms are used. %NASLMINLEVEL...

MySQL 5.7.x < 5.7.25 Multiple Vulnerabilities (Jan 2019 CPU)

The version of MySQL running on the remote host is 5.7.x prior to 5.7.25. It is, therefore, affected by multiple vulnerabilities, including three of the top vulnerabilities below, as noted in the January 2019 Critical Patch Update advisory: - An unspecified vulnerability in MySQL in the 'Server:...

MS10-087: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930)

The remote Windows host is running a version of Microsoft Office that is affected by several vulnerabilities : - An integer underflow exists in the way the application parses the PowerPoint file format, which could lead to heap corruption and allow for arbitrary code execution when opening a...

Additional DNS Hostnames

Hostnames different from the current hostname have been collected by miscellaneous plugins. Nessus has generated a list of hostnames that point to the remote host. Note that these are only the alternate hostnames for vhosts discovered on a web server. Different web servers may be hosted on...

Apache Log4j 2.x < 2.16.0 RCE

The version of Apache Log4j on the remote host is 2.x 2.12.2 / 2.16.0. It is, therefore, affected by a remote code execution vulnerability. The fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allow attackers with control over...

Apache 2.2.x < 2.2.13 APR apr_palloc Heap Overflow

According to its self-reported banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.13. As such, it includes a bundled version of the Apache Portable Runtime APR library that contains a flaw in 'aprpalloc' that could cause a heap overflow. Note that the Apache HTTP serve...

Apache Tomcat 9.0.0.M1 < 9.0.68

The version of Tomcat installed on the remote host is prior to 9.0.68. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.68security-9 advisory. - If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configure...

Sonatype Nexus Repository Manager 3.x < 3.21.2 RCE

The Sonatype Nexus Repository Manager server application running on the remote host is version 3.x prior to 3.21.2. It is, therefore, affected by a remote code execution vulnerability, which allows for an attacker with any type of account on NXRM to execute arbitrary code by crafting a malicious...

Apache HTTP Server 2.4.49 Path Traversal (CVE-2021-41773)

Binary data apache2449pathtraversal.nbin...

Red Hat Single User Mode

The remote Red Hat system does not have authorization for single user mode enabled. An attacker with physical access can enter single user mode with root privileges via the LILO or GRUB boot menu. TRUSTED...

phpMyAdmin 4.0.x < 4.0.10.19 / 4.4.x < 4.4.15.10 / 4.6.x < 4.6.6 Multiple Vulnerabilities (PMASA-2017-1 - PMASA-2017-7)

According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.19, 4.4.x prior to 4.4.15.10, or 4.6.x prior to 4.6.6. It is, therefore, affected by the following vulnerabilities : - An open redirect vulnerability exists due to a...

Mac OS X 10.9.5 / 10.10.5 Multiple Vulnerabilities (Security Update 2016-002)

The remote host is running a version of Mac OS X that is 10.9.5 or 10.10.5 and is missing Security Update 2016-002. It is, therefore, affected by multiple vulnerabilities in the following components : - apachemodphp - Kernel - libxml2 - OpenSSH - Python - Tcl Note that successful exploitation of...

MS KB982316: Elevation of Privilege Using Windows Service Isolation Bypass

Windows Service Isolation can be bypassed on the remote host, resulting in the elevation of privileges. A local attacker could exploit this by leveraging the TAPI service to execute code as SYSTEM. A similar problem affects other Windows services that run as the NetworkService user e.g. IIS, SQL...

Umbraco codeEditorSave.asmx SaveDLRScript Operation Traversal File Upload Arbitrary Command Execution

The version of Umbraco installed on the remote host allows unauthenticated remote attackers to upload arbitrary files using the 'SaveDLRScript' SOAP action of the 'codeEditorSave.asmx' script. In addition, these files can be stored in a web-accessible location using encoded traversal strings. The...

MySQL 8.0.x < 8.0.27 Multiple Vulnerabilities (Oct 2021 CPU)

The version of MySQL running on the remote host is 8.0.x prior to 8.0.27. It is, therefore, affected by multiple vulnerabilities, including the following, as noted in the October 2021 Critical Patch Update advisory: - A vulnerability in the OpenSSL component that can result in a takeover of the...

PHPWebAdmin for hMailServer Multiple File Inclusions

The remote host is running PHPWebAdmin, a PHP-based administration front-end for hMailServer. The version of PHPWebAdmin installed on the remote host reportedly fails to sanitize user input to the 'page' parameter of the 'index.php' script and the 'hmailconfigincludepath' parameter of the...

Security Updates for Microsoft Office Products C2R (February 2024)

The Microsoft Office Products are missing a security update. It is, therefore, affected by multiple vulnerabilities, as follows: - A remote code execution vulnerability. CVE-2024-21413 - A remote code execution vulnerability. CVE-2024-20673 Note that Nessus has not tested for these issues but has...

Potential exposure to Microsoft Exchange CVE-2022-41040 / CVE-2022-41082 Exploit

Binary data exchangecve-2022-41040ioc.nbin...

Azul Zulu Java Multiple Vulnerabilities (2021-07-20)

The version of Azul Zulu installed on the remote host is prior to 6 6.41.0.12 / 7 7.47.0.14 / 8 8.55.0.14 / 11 11.49.14 / 13 13.41.12 / 15 15.33.12 / 16 16.32.16. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021-07-20 advisory. - Vulnerability in the Java SE, Oracl...

phpMyAdmin 4.7.7 < 4.9.2 SQLi (PMASA-2019-5)

According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is at least 4.7.7 and prior to 4.9.2. It is, therefore, affected by a SQL injection SQLi vulnerability. A remote attacker can exploit this by using a crafted database or table name in the...

MySQL 5.6.x < 5.6.36 Multiple Vulnerabilities (April 2017 CPU) (July 2017 CPU) (Riddle)

The version of MySQL running on the remote host is 5.6.x prior to 5.6.36. It is, therefore, affected by multiple vulnerabilities : - A carry propagation error exists in the OpenSSL component in the Broadwell-specific Montgomery multiplication procedure when handling input lengths divisible by but...

OpenSSL Heartbeat Information Disclosure (Heartbleed)

Based on its response to a TLS request with a specially crafted heartbeat message RFC 6520, the remote service appears to be affected by an out-of-bounds read flaw. This flaw could allow a remote attacker to read the contents of up to 64KB of server memory, potentially exposing passwords, private...

Web Server Load Balancer Detection

The remote web server seems to be running in conjunction with several others behind a load balancer. Knowing that there are multiple systems behind a service could be useful to an attacker as the underlying hosts may be running different operating systems, patchlevels, etc. C Tenable Network...

Compliance Status

Binary data compliancestatus.nbin...

OpenSSL 3.0.0 < 3.0.7 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.0.7. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.0.7 advisory. - A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs...

Microsoft Defender Elevation of Privilege Vulnerability (CVE-2019-1161)

The version of Microsoft Malware Protection Signature Update Stub MpSigStub.exe installed on the remote Windows host is prior to 1.1.16200.1. It is, therefore, affected by a elevation of privilege vulnerability which could allow an attacker who successfully exploited this vulnerability to elevate...

MS14-066: Vulnerability in Schannel Could Allow Remote Code Execution (2992611)

The remote Windows host is affected by a remote code execution vulnerability due to improper processing of packets by the Secure Channel Schannel security package. An attacker can exploit this issue by sending specially crafted packets to a Windows server. C Tenable Network Security, Inc...

Active Directory Certificate Services Web Enrollment Anonymous Access

The remote web server is running the Microsoft Certificate Services. However, the service is misconfigured in such a way that anonymous users can log into the service to request certificates, thus breaking the chain of trust. C Tenable Network Security, Inc. include"compat.inc"; if description...

CGI Generic Injectable Parameter

Nessus was able to to inject innocuous strings into CGI parameters and read them back in the HTTP response. The affected parameters are candidates for extended injection tests like cross-site scripting attacks. This is not a weakness per se, the main purpose of this test is to speed up other...

Oracle WebLogic Server (Apr 2023 CPU)

The version of Oracle WebLogic Server installed on the remote host is missing a security patch from the April 2023 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities, including: - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware...

Security Updates for Microsoft SQL Server Reporting Services (September 2020)

The Microsoft SQL Server Reporting Services installation on the remote host is missing a security update. It is, therefore, affected by a security feature bypass vulnerability in SQL Server Reporting Services SSRS due to improper validation of uploaded attachments to reports. An authenticated,...

KB4338820: Windows Server 2012 July 2018 Security Update

The remote Windows host is missing security update 4338820 or cumulative update 4338830. It is, therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists in Windows Domain Name System DNS DNSAPI.dll when it fails to properly handle DNS responses. An attacker who...

Apache Tomcat 8.5.0 < 8.5.16 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.5.16. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.5.16security-8 advisory. - The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number...

MySQL 5.6.x < 5.6.36 Multiple Vulnerabilities (April 2017 CPU) (July 2017 CPU) (Riddle)

The version of MySQL running on the remote host is 5.6.x prior to 5.6.36. It is, therefore, affected by multiple vulnerabilities : - A use-after-free error exists in the mysqlprunestmtlist function in client.c that allows an authenticated, remote attacker to cause a denial of service condition...

phpLDAPadmin Anonymous Bind Security Bypass Vulnerability

The remote host is running phpLDAPadmin, a PHP-based LDAP browser. The version of phpLDAPadmin installed on the remote host may allow access to an LDAP server anonymously, even if anonymous binds have been disabled in the application's configuration. %NASLMINLEVEL 70300 C Tenable Network Security...

AWStats rawlog.pm logfile Parameter Arbitrary Command Execution

The remote host is running AWStats, a free real-time logfile analyzer. The AWStats Rawlog Plugin which is installed is prone to an input validation vulnerability. The issue exists in the 'logfile' URI data passwed to the 'awstats.pl' script. An attacker may exploit this to execute commands remote...

CentOS 7 : kernel (RHSA-2022:0620)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0620 advisory. - In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of...

Security Update for Microsoft Office Products (July 2017)

The Microsoft Office application, Microsoft Office Compatibility Pack, or Microsoft Excel Viewer installed on the remote Windows host is missing a security update. It is, therefore, affected by multiple remote code execution vulnerabilities due to improper handling of objects in memory. An...

CentOS 7 : kernel (CESA-2017:0086)

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...