Lucene search
K
NessusMost viewed

338622 matches found

Tenable Nessus
Tenable Nessus
•added 2022/02/25 12:0 a.m.•474 views

CentOS 7 : kernel (RHSA-2022:0620)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0620 advisory. - In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of...

7.9CVSS7.1AI score0.02579EPSS
Exploits6References10
Tenable Nessus
Tenable Nessus
•added 2019/05/23 12:0 a.m.•474 views

iLO 4 < 2.70 / iLO 5 < 1.40a Multiple Vulnerabilities

According to its self-reported version, the HP Integrated Lights-Out server running on the remote host is prior to 2.70 / 1.40a for iLO 4 / iLO 5 respectively. It is, therefore, affected by multiple vulnerabilities: - A cross-site scripting XSS vulnerability exists due to improper validation of...

8.3CVSS7.6AI score0.02094EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
•added 2017/07/11 12:0 a.m.•474 views

Security Update for Microsoft Office Products (July 2017)

The Microsoft Office application, Microsoft Office Compatibility Pack, or Microsoft Excel Viewer installed on the remote Windows host is missing a security update. It is, therefore, affected by multiple remote code execution vulnerabilities due to improper handling of objects in memory. An...

9.3CVSS8.5AI score0.89889EPSS
Exploits14References5
Tenable Nessus
Tenable Nessus
•added 2017/01/20 12:0 a.m.•474 views

CentOS 7 : kernel (CESA-2017:0086)

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

10CVSS6.8AI score0.24299EPSS
Exploits5References4
Tenable Nessus
Tenable Nessus
•added 2013/01/25 12:0 a.m.•474 views

Portable phpMyAdmin Plugin for WordPress 'wp-pma-mod' Authentication Bypass

The Portable phpMyAdmin Plugin for WordPress installed on the remote host is affected by an authentication bypass vulnerability because the /wp-pma-mod/ path fails to properly authorize users. his may allow an attacker to bypass access restrictions and gain access to the administrative console to...

7.5CVSS5.5AI score0.23745EPSS
Exploits6References3
Tenable Nessus
Tenable Nessus
•added 2006/10/15 12:0 a.m.•474 views

Software Enumeration (SSH)

Nessus was able to list the software installed on the remote host by calling the appropriate command e.g., 'rpm -qa' on RPM-based Linux distributions, qpkg, dpkg, etc.. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
•added 2000/11/10 12:0 a.m.•474 views

Linux Multiple statd Packages Remote Format String

The remote statd service could be brought down with a format string attack - it now needs to be restarted manually. This means that an attacker may execute arbitrary code thanks to a bug in this daemon. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10544;...

10CVSS6AI score0.26322EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
•added 2017/05/30 12:0 a.m.•473 views

AIX 7.1 TL 4 : tcpdump (IV94726)

Vulnerabilities in tcpdump affect AIX : https://vulners.com/cve/CVE-2017-12993 https://vulners.com/cve/CVE-2017-12993 tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the Juniper component. By sending a specially crafted request, an...

9.8CVSS7.8AI score0.06196EPSS
Exploits3References89
Tenable Nessus
Tenable Nessus
•added 2022/02/08 12:0 a.m.•471 views

CentOS 7 : log4j (RHSA-2022:0442)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0442 advisory. - JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration...

9.8CVSS8.8AI score0.66537EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
•added 2021/02/08 12:0 a.m.•471 views

SAP BusinessObjects Business Intelligence Platform SSRF Vulnerability (direct check)

Binary data sapbusinessobjectsintelligenceplatformcve-2020-6308.nbin...

5.3CVSS5.7AI score0.61736EPSS
Exploits3References3
Tenable Nessus
Tenable Nessus
•added 2023/05/17 12:0 a.m.•470 views

WordPress 5.7.x < 5.7.9 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A directory traversal via wplang. CVE-2023-2745 - A Cross-Site Request Forgery CSRF via wpajaxsetattachmentthumbnail. - An authenticated stored Cross-Site Scripting XSS vi...

6.1CVSS6.5AI score0.79527EPSS
Exploits7References3
Tenable Nessus
Tenable Nessus
•added 2022/03/23 12:0 a.m.•470 views

Oracle Linux 8 : openssl (ELSA-2022-9233)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9233 advisory. 1:1.1.1k-5.0.1 - fix CVE-2022-0778 - possible infinite loop in BNmodsqrt Orabug: 33974871 Tenable has extracted the preceding description block directly from th...

7.5CVSS7AI score0.70561EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
•added 2021/06/08 12:0 a.m.•470 views

KB5003638: Windows 10 version 1607 / Windows Server 2016 Security Update (June 2021)

The remote Windows host is missing security update 5003638. It is, therefore, affected by multiple vulnerabilities %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the Microsoft Security Updates API. The text itself is...

9.8CVSS8.4AI score0.86132EPSS
Exploits67References21
Tenable Nessus
Tenable Nessus
•added 2017/10/17 12:0 a.m.•470 views

ONVIF Camera Snapshot

Nessus was able to acquire a snapshot from the remote camera using the GetProfiles and GetSnapshotUri ONVIF requests. include"compat.inc"; if description scriptid103867; scriptversion"$Revision: 1.3 $"; scriptcvsdate"$Date: 2017/11/15 18:01:11 $"; scriptnameenglish:"ONVIF Camera Snapshot";...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
•added 2022/07/22 12:0 a.m.•469 views

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Vulnerabilities (cisco-sa-sb-rv-rce-overflow-ygHByAK)

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of...

7.2CVSS7.7AI score0.01081EPSS
Exploits0References42
Tenable Nessus
Tenable Nessus
•added 2014/07/08 12:0 a.m.•469 views

Kerio Connect 8.2.x < 8.2.4 Heartbeat Information Disclosure (Heartbleed)

According to its banner, the remote host is running a version of Kerio Connect formerly Kerio MailServer version 8.2.x prior to 8.2.4. It is, therefore, affected by an out-of-bounds read error, known as the 'Heartbleed Bug' in the included OpenSSL version. This error is related to handling TLS...

7.5CVSS8.1AI score0.99999EPSS
Exploits87References7
Tenable Nessus
Tenable Nessus
•added 2012/09/10 12:0 a.m.•469 views

Microsoft Visual Studio Team Foundation Server / Azure DevOps Server Detection

The remote host is running Microsoft Visual Studio Team Foundation Server or Azure DevOps Server. This software is a suite of tools for collaborative software development. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description...

5.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
•added 2006/12/14 12:0 a.m.•469 views

GLSA-200612-11 : AMD64 x86 emulation base libraries: OpenSSL multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200612-11 AMD64 x86 emulation base libraries: OpenSSL multiple vulnerabilities Tavis Ormandy and Will Drewry, both of the Google Security Team, discovered that the SSLgetsharedciphers function contains a buffer overflow...

10CVSS8AI score0.48575EPSS
Exploits10References5
Tenable Nessus
Tenable Nessus
•added 2003/06/17 12:0 a.m.•469 views

PostNuke < 0.7.2.3 Multiple Script XSS

The remote host is running a version of PostNuke that is vulnerable to various cross-site scripting attacks. An attacker may use these flaws to steal the cookies of the legitimate users of this website. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

5.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
•added 2024/07/11 12:0 a.m.•467 views

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : Apache HTTP Server regression (USN-6885-2)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6885-2 advisory. USN-6885-1 fixed vulnerabilities in Apache HTTP Server. One of the security fixes introduced a regression when proxying requests to a HTTP...

5.6AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
•added 2020/04/22 12:0 a.m.•467 views

Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Malicious Software Removal Tool MSRT improperly handles junctions. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to...

7.8CVSS7.7AI score0.0082EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
•added 2018/08/14 12:0 a.m.•467 views

KB4343896: Windows Server 2012 August 2018 Security Update (Foreshadow)

The remote Windows host is missing security update 4343896 or cumulative update 4343901. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a...

9.3CVSS8.3AI score0.6769EPSS
Exploits3References25
Tenable Nessus
Tenable Nessus
•added 2016/07/20 12:0 a.m.•467 views

Oracle WebLogic Server Multiple Vulnerabilities (July 2016 CPU)

The version of Oracle WebLogic Server installed on the remote host is affected by multiple vulnerabilities : - An unspecified flaw exists in the Web Container subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. CVE-2016-3445 - An unspecified flaw...

10CVSS7.6AI score0.91402EPSS
Exploits7References6
Tenable Nessus
Tenable Nessus
•added 2011/11/30 12:0 a.m.•467 views

Oracle WebLogic UDDI Explorer Unspecified Vulnerability (CVE-2008-2581)

According to its self-reported banner, the version of Oracle WebLogic Server running on the remote host is affected by an unspecified vulnerability in the UDDI Explorer component that could be exploited remotely. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc...

5.1CVSS5.6AI score0.01748EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
•added 2006/06/04 12:0 a.m.•467 views

MySQL Anonymous Login Handshake Remote Information Disclosure

The MySQL database server on the remote host reads from uninitialized memory when processing a specially crafted login packet. An unauthenticated attacker may be able to exploit this flaw to obtain sensitive information from the affected host as returned in an error packet. %NASLMINLEVEL 70300 C...

5CVSS5.4AI score0.33497EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
•added 2020/07/31 12:0 a.m.•466 views

CentOS 7 : grub2 (RHSA-2020:3217)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3217 advisory. - A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw...

8.2CVSS8.1AI score0.01588EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
•added 2014/08/07 12:0 a.m.•466 views

HP LoadRunner 11.52.x < 11.52 Patch 2 / 12.00.x < 12.00 Patch 1 Heartbeat Information Disclosure (Heartbleed)

The version of HP LoadRunner installed on the remote host is 11.52.x prior to 11.52 Patch 2 or 12.00.x prior to 12.00 Patch 1. It is, therefore, affected by an out-of-bounds read error, known as the 'Heartbleed Bug' in the included OpenSSL version. This error is related to handling TLS heartbeat...

7.5CVSS8AI score0.99999EPSS
Exploits87References7
Tenable Nessus
Tenable Nessus
•added 2018/07/17 12:0 a.m.•465 views

Default Password 'admin123' for 'admin' Account

The account 'admin' on the remote host has the default password 'admin123'. A remote attacker can exploit this issue to gain administrative access to the affected system. TRUSTED...

5.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
•added 2005/12/09 12:0 a.m.•465 views

HP Integrated Lights-Out (iLO) Detection

The remote host is an HP Integrated Lights-Out iLO server. These servers are embedded systems integrated into HP ProLiant servers for the purpose of out-of-band management. TRUSTED...

5.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
•added 2005/03/16 12:0 a.m.•465 views

Cisco IOS TFTP File Disclosure

The remote host has a TFTP server installed that is serving one or more Cisco IOS files. These files may contain passwords and other sensitive information. A remote attacker could use this information to mount further attacks. %NASLMINLEVEL 70300 This NASL script was written by Martin O'Neal of...

5.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
•added 2004/11/06 12:0 a.m.•465 views

HTTP URI Handling Format String

The remote web server seems to be vulnerable to a format string attack on the URI. An attacker might use this flaw to make it crash or even execute arbitrary code on this host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid15640; scriptversion"$Revision: 1.19 $";...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
•added 2002/03/19 12:0 a.m.•465 views

Open Port Re-check

One of several ports that were previously open are now closed or unresponsive. There are several possible reasons for this : - The scan may have caused a service to freeze or stop running. - An administrator may have stopped a particular service during the scanning process. This might be an...

5CVSS5.6AI score0.02394EPSS
Exploits0
Tenable Nessus
Tenable Nessus
•added 2024/05/11 12:0 a.m.•464 views

RHEL 6 : kernel (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - kernel: Buffer overflow due to unbounded strcpy in ISDN I4L driver CVE-2017-12762 - kernel: lack of port...

8.7AI score0.2389EPSS
Exploits165References916
Tenable Nessus
Tenable Nessus
•added 2023/03/07 12:0 a.m.•464 views

Apache 2.4.x < 2.4.56 Multiple Vulnerabilities

The version of Apache httpd installed on the remote host is prior to 2.4.56. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.56 advisory. - HTTP request splitting with modrewrite and modproxy: Some modproxy configurations on Apache HTTP Server versions 2.4.0 throug...

9.8CVSS7.1AI score0.8377EPSS
Exploits5References2
Tenable Nessus
Tenable Nessus
•added 2017/03/27 12:0 a.m.•464 views

Network Time Protocol Daemon (ntpd) 4.x < 4.2.8p10 Multiple Vulnerabilities

The version of the remote NTP server is 4.x prior to 4.2.8p10. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists in the receive function within file ntpd/ntpproto.c due to the expected origin timestamp being cleared when a packet with a zero...

8.8CVSS7.5AI score0.06515EPSS
Exploits2References26
Tenable Nessus
Tenable Nessus
•added 2013/02/25 12:0 a.m.•463 views

Bugzilla show_bug.cgi id Parameter XSS

The version of Bugzilla installed on the remote host is affected by a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to the 'id' parameter of the 'showbug.cgi' script. An attacker may be able to leverage this to inject arbitrary HTML and script code...

4.3CVSS5.7AI score0.01433EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
•added 2004/07/06 12:0 a.m.•463 views

Citrix MetaFrame XP login.asp NFuse_Message Parameter XSS

The remote server is running a Citrix Web Interface server that is vulnerable to cross-site scripting. When a user fails to authenticate, the Citrix Web Interface includes the error message text in the URL. The error message can be tampered with to perform a cross-site scripting attack...

4.3CVSS4.6AI score0.03885EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
•added 2024/08/06 12:0 a.m.•462 views

libcurl 7.32.0 < 8.9.1 DoS (CVE-2024-7264)

The version of libcurl installed on the remote host is between 7.32.0 and prior to 8.9.1. It is, therefore, affected by a denial of service DoS vulnerability. libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorre...

6.5CVSS7.2AI score0.16212EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
•added 2019/11/12 12:0 a.m.•462 views

Security Updates for Microsoft Office Products (November 2019)

The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited...

10CVSS7.8AI score0.28178EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
•added 2017/04/20 12:0 a.m.•462 views

Oracle GlassFish Server 3.1.2.x < 3.1.2.17 Java Server Faces Information Disclosure (April 2017 CPU)

According to its self-reported version, the Oracle GlassFish Server running on the remote host is 3.1.2.x prior to 3.1.2.17. It is, therefore, affected by an unspecified flaw in the Java Server Faces subcomponent that allows an unauthenticated, remote attacker to disclose potentially sensitive...

3.1CVSS5.7AI score0.0152EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
•added 2016/01/29 12:0 a.m.•462 views

Joomla! User-Agent Object Injection RCE

The Joomla! application running on the remote web server is affected by a remote code execution vulnerability due to improper sanitization of the User-Agent header field when saving session values. An unauthenticated, remote attacker can exploit this, via a serialized PHP object, to execute...

7.5CVSS9.2AI score0.98283EPSS
Exploits16References2
Tenable Nessus
Tenable Nessus
•added 2024/04/18 12:0 a.m.•461 views

Oracle Database Server (Apr 2024 CPU)

The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory. - Vulnerability in the RDBMS Python component of Oracle Database Server. Supported versions that are affected are 21.3-21.13. Easily exploitab...

9.8CVSS7.1AI score0.93305EPSS
Exploits8References16
Tenable Nessus
Tenable Nessus
•added 2022/06/14 12:0 a.m.•461 views

KB5014678: Windows Server 2022 Security Update (June 2022)

The remote Windows host is missing security update 5014678. It is, therefore, affected by multiple vulnerabilities - Windows Kerberos Elevation of Privilege Vulnerability CVE-2022-30165 - Windows Lightweight Directory Access Protocol LDAP Remote Code Execution Vulnerability CVE-2022-30139,...

9.3CVSS7.2AI score0.99374EPSS
Exploits62References24
Tenable Nessus
Tenable Nessus
•added 2021/06/15 12:0 a.m.•461 views

ArubaOS-Switch DoS (ARUBA-PSA-2021-002)

A security vulnerability has been identified in certain HPE and Aruba L2/L3 switch firmware. A data processing error due to improper handling of an unexpected data type in user supplied information to the switch's management interface has been identified. The data processing error could be...

4.9CVSS5.3AI score0.00296EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
•added 2018/03/08 12:0 a.m.•461 views

PHP 5.6.x < 5.6.34 Stack Buffer Overflow

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.34. It is, therefore, affected by a stack buffer overflow vulnerability. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

9.8CVSS7.9AI score0.87883EPSS
Exploits3References3
Tenable Nessus
Tenable Nessus
•added 2017/06/20 12:0 a.m.•460 views

DNN (DotNetNuke) < 7.4.1 Administration Authentication Bypass Vulnerability

The version of DNN formerly DotNetNuke running on the remote web server is prior to 7.4.1. It is, therefore, affected by an authentication bypass vulnerability due to a failure to delete installation wizard scripts post-installation. An unauthenticated, remote attacker can exploit this, via a...

9.8CVSS8.4AI score0.74552EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
•added 2015/07/09 12:0 a.m.•460 views

MS KB3065823: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer

The remote Windows host is missing KB3065823. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists that allows an attacker to guess the address for the Flash heap. CVE-2015-3097 - Multiple heap-based buffer overflow vulnerabilities exist that...

10CVSS8.5AI score0.99344EPSS
Exploits6References40
Tenable Nessus
Tenable Nessus
•added 2011/08/09 12:0 a.m.•460 views

MS11-061: Vulnerability in Remote Desktop Web Access Could Allow Elevation of Privilege (2546250)

The version of Remote Desktop Web Access running on the remote host has a reflected cross-site scripting vulnerability. Input to the 'ReturnUrl' parameter of login.aspx is not properly sanitized. A remote attacker could exploit this by tricking a user into requesting a maliciously crafted URL,...

4.3CVSS5.5AI score0.15242EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
•added 2008/05/14 12:0 a.m.•460 views

Firebird Default Credentials

The version of Firebird on the remote host uses default credentials to control access. Knowing these, an attacker can gain administrative access to the affected application. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

5.6AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
•added 2007/04/02 12:0 a.m.•460 views

PHP < 4.4.5 Multiple Vulnerabilities

According to its banner, the version of PHP installed on the remote host is older than 4.4.5. Such versions may be affected by several issues, including buffer overflows, format string vulnerabilities, arbitrary code execution, 'safemode' and 'openbasedir' bypasses, and clobbering of super-global...

10CVSS5.8AI score0.40435EPSS
Exploits16References24
Total number of security vulnerabilities5000