ThinkPHP Multiple Parameter RCE

Binary data thinkphprce.nbin...

MS16-087: Security Update for Windows Print Spooler (3170005)

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the Windows Print Spooler service due to improper validation of print drivers while installing a printer from network servers. An...

Apache 2.0.x < 2.0.65 Multiple Vulnerabilities

According to its banner, the version of Apache 2.0.x running on the remote host is prior to 2.0.65. It is, therefore, affected by several vulnerabilities : - A flaw exists in the byte-range filter, making it vulnerable to denial of service. CVE-2011-3192 - A flaw exists in 'modproxy' where it...

iLO 4 < 2.53 Remote Code Execution Vulnerability

A remote command execution vulnerability exists in Integrated Lights-Out 4 iLO 4 due to a buffer overflow in the server's http connection handling code. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands. C Tenable Network Security, Inc...

HTTP/2 Cleartext Detection

The remote host is running an HTTP server that supports HTTP/2 running over cleartext TCP h2c. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid85805; scriptversion"1.8";...

OpenSSH LoginGraceTime / MaxStartups DoS

According to its banner, a version of OpenSSH earlier than version 6.2 is listening on this port. The default configuration of OpenSSH installs before 6.2 could allow a remote attacker to bypass the LoginGraceTime and MaxStartups thresholds by periodically making a large number of new TCP...

BIOS Info (SSH)

Using SMBIOS and UEFI, it was possible to get BIOS info. TRUSTED...

Trend Micro Antivirus Detection and Status

Trend Micro Antivirus, a commercial antivirus software package for Windows, is installed on the remote host. However, there is a problem with the installation; either its services are not running or its engine and/or virus definitions are out of date. C Tenable Network Security, Inc...

libcurl 7.32.0 < 8.9.1 DoS (CVE-2024-7264)

The version of libcurl installed on the remote host is between 7.32.0 and prior to 8.9.1. It is, therefore, affected by a denial of service DoS vulnerability. libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorre...

RHEL 7 : kernel (RHSA-2017:0501)

An update for kernel is now available for Red Hat Enterprise Linux 7.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

MS16-133: Security Update for Microsoft Office (3199168)

The Microsoft Office application installed on the remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple remote code execution vulnerabilities exist due to improper handling of objects in memory. An unauthenticated, remote attacker ca...

Palo Alto Networks PAN-OS Firewall/Panorama WebUI Default Credentials

The Palo Alto Networks PAN-OS Firewall / Panorama WebUI interface on the remote host has the 'admin' user account secured with the default password. An unauthenticated, remote attacker can exploit this to gain administrative access to the web interface. C Tenable Network Security, Inc...

MySQL 5.1 < 5.1.63 Multiple Vulnerabilities

The version of MySQL 5.1 installed on the remote host is earlier than 5.1.63 and is, therefore, affected by multiple vulnerabilities : - Several errors exist related to 'GIS Extension' and 'Server Optimizer' components that can allow denial of service attacks. CVE-2012-0540, CVE-2012-1689,...

MS10-012: Vulnerabilities in SMB Could Allow Remote Code Execution (971468)

The remote host is affected by several vulnerabilities in the SMB server that may allow an attacker to execute arbitrary code or perform a denial of service against the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid44422; scriptversion"1.24";...

Backported Security Patch Detection (WWW)

Security patches may have been 'backported' to the remote HTTP server without changing its version number. Banner-based checks have been disabled to avoid false positives. Note that this test is informational only and does not denote any security problem. C Tenable Network Security, Inc...

RHEL 7 : log4j (RHSA-2017:2423)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:2423 advisory. Log4j is a tool to help the programmer output log statements to a variety of output targets. Security Fixes: It was found that when using...

HP LaserJet Pro /IoMgmt/Adapters/wifi0/WPS/Pin WPS PIN Disclosure

The remote HP LaserJet Pro printer is affected by an information disclosure vulnerability. The file '/IoMgmt/Adapters/wifi0/WPS/Pin' contains the 'Wi-Fi Protected Security' WPS PIN. This information can be used by an attacker in further attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Oracle Application Server Multiple Vulnerabilities

The remote host is running Oracle Application Server. It was not possible to determine its version, so the version of Oracle Application Server installed on the remote host could potentially be affected by multiple vulnerabilities : - CVE-2000-0169: Remote command execution in the web listener...

Jetty 9.4.37 < 9.4.43 Information Disclosure

The version of Jetty installed on the remote host has a flaw which allows bypass of security constraints and access protected resources. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

Flexera FlexNet Publisher < 11.19.6 Privilege Escalation

A privilege escalation vulnerability exists in Flexera FlexNet Publisher due to an uncontrolled search path element. An authenticated, local attacker can exploit this, to gain elevated privileges access to the system. Note that Nessus has not tested for this issue but has instead relied only on t...

Cisco Secure Client for Linux with ISE Posture Module Privilege Escalation (cisco-sa-secure-privesc-sYxQO6ds)

According to its self-reported version, Cisco Secure Client for Linux with ISE Posture Module is affected by a privilege escalation vulnerability. - A vulnerability in the ISE Posture System Scan module of Cisco Secure Client for Linux could allow an authenticated, local attacker to elevate...

Security Updates for Microsoft Exchange Server (February 2024)

The Microsoft Exchange Server installed on the remote host is missing a security update. It is, therefore, affected by a vulnerability as referenced in the Feb, 2024 security bulletin. - Microsoft Exchange Server Elevation of Privilege Vulnerability CVE-2024-21410 While Exchange Server 2016 is...

Dell Client BIOS DoS (DSA-2023-176)

The Dell BIOS on the remote device is missing a security patch and is, therefore, affected by a denial of service vulnerability. Due to a signed to unsigned conversion error, a local attacker with administrator privileges can cause a denial of service condition on an affected device. Note that...

KB5031356: Windows 10 Version 21H2 / Windows 10 Version 22H2 Security Update (October 2023)

The remote Windows host is missing security update 5031356. It is, therefore, affected by multiple vulnerabilities - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through...

HP LaserJet Printers RCE (HPSBPI03849)

According to its model number and firmware revision, the remote HP LaserJet printer is affected by a buffer overflow / remote code execution vulnerability. %NASLMINLEVEL 80900 C Tenable, inc. include'compat.inc'; if description scriptid177398; scriptversion"1.3";...

Joomla 3.0.x < 3.9.27 Multiple Vulnerabilities (5836-joomla-3-9-27)

According to its self-reported version, the instance of Joomla! running on the remote web server is 3.0.x prior to 3.9.27. It is, therefore, affected by multiple vulnerabilities. - HTML was missing in the executable block list of MediaHelper::canUpload, leading to XSS attack vectors. CVE-2021-260...

KB4571702: Windows Server 2012 August 2020 Security Update

The remote Windows host is missing security update 4571702 or cumulative update 4571736. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the...

MySQL 5.7.x < 5.7.22 Multiple Vulnerabilities (RPM Check) (April 2018 CPU)

The version of MySQL running on the remote host is 5.7.x prior to 5.7.22. It is, therefore, affected by multiple vulnerabilities as noted in the April 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerability (USN-5444-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5444-1 advisory. Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of the Linux kernel did not properly perform reference counting in some...

GNU Bash Local Environment Variable Handling Command Injection via Telnet (CVE-2014-7169) (Shellshock)

The remote host is running a version of Bash that is vulnerable to command injection via environment variable manipulation. Depending on the configuration of the system, an attacker could remotely execute arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

OS Identification : SSH

This plugin attempts to identify the operating system type and version by looking at the SSH banner returned by the remote server. C Tenable, Inc. include"compat.inc"; if description scriptid25287; scriptversion"1.119"; scriptsetattributeattribute:"pluginmodificationdate", value:"2025/03/31";...

PHP 5.6.x < 5.6.33 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.33. It is, therefore, affected by multiple vulnerabilities : - A potential infinite loop in gdImageCreateFromGifCtx. CVE-2018-5711 - A reflected XSS in .phar 404 page exists due to improper validati...

PHP 7.0.x < 7.0.27 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.27. It is, therefore, affected by the following vulnerabilities : - A denial of service DoS vulnerability exists in the imagecreatefromgif and imagecreatefromstring functions of the gdgifin.c script...

Dell iDRAC Products IPMI Arbitrary Command Injection Vulnerability

The remote host is running a version of iDRAC that ships with a version of IPMI that does not sufficiently randomize session ID values. An unauthenticated, remote attacker can exploit this to inject arbitrary commands into a privileged session. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

MS11-030: Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553)

A flaw in the way the installed Windows DNS client processes Link- local Multicast Name Resolution LLMNR queries can be exploited to execute arbitrary code in the context of the NetworkService account. Note that Windows XP and 2003 do not support LLMNR and successful exploitation on those platfor...

Default Password 'realtek' for 'root' Account

The account 'root' on the remote host has the default password 'realtek'. A remote attacker can exploit this issue to gain administrative access to the affected system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "root"; password = "realtek"; include'deprecatednasllevel.inc';...

Ubuntu 16.04 ESM : Apache HTTP Server vulnerabilities (USN-5090-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5090-2 advisory. USN-5090-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Tenable has...

Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4285-1)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4285-1 advisory. It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacke...

KB4015221: Windows 10 Version 1507 April 2017 Cumulative Update

The remote Windows 10 Version 1507 host is missing security update KB4015221. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the open-source libjpeg image processing library due to improper handling of objects in memory. An...

Web Server Uses Non Random Session IDs

The remote web server generates a session ID for each connection. A session ID is typically used to keep track of a user's actions while they visit a website. The remote server generates non-random session IDs. An attacker might use this flaw to guess the session IDs of other users and therefore...

PHP 8.1.x < 8.1.22 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.1.22. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.1.22 advisory. - In PHP version 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8, when loading phar file, while reading PHAR...

Apache Tomcat 9.0.71 < 9.0.74 DoS

The version of Tomcat installed on the remote host is prior to 9.0.74. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.74security-9 advisory. The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4164)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4164 advisory. - dm: fix race between dmgetfromkobject and dmdestroy Hou Tao CVE-2017-18203 - drm: udl: Properly check framebuffer mmap offsets Greg Kroah-Hartman...

Apache Struts 2 / XWork Remote Code Execution (safe check)

The remote web application appears to use Struts 2, a web framework that uses XWork. Due to a vulnerability in XWork, it is possible to disable settings designed to prevent remote code execution. A remote attacker can exploit this by submitting an HTTP request containing specially crafted OGNL...

KB4483229: Windows 10 Version 1607 and Windows Server 2016 December 2018 OOB Security Update

The remote Windows host is missing security update 4483229. It is, therefore, affected by a remote code execution vulnerability: - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memo...

nginx < 1.13.3 Integer Overflow Vulnerability

This plugin has been deprecated since it duplicates plugin ID 118151 C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2020/04/27. Deprecated by sambarcgipathdisclosure.nasl. include'compat.inc'; if description scriptid105359; scriptversion"1.14";...

Oracle WebLogic Detection (Combined)

Oracle formerly BEA WebLogic, a Java EE application server, is running on the remote web server. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid56979; scriptversion"1.16"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/10/12"; scriptxrefname:"IAVT"...

SSL Weak Cipher Suites Supported

The remote host supports the use of SSL ciphers that offer weak encryption. Note: This is considerably easier to exploit if the attacker is on the same physical network. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid26928; scriptversion"1.31";...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : OpenSSH vulnerabilities (USN-7270-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7270-1 advisory. It was discovered that the OpenSSH client incorrectly handled the non-default VerifyHostKeyDNS option. If that option wer...

OpenSSL 1.0.2 < 1.0.2zg Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.2zg. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.2zg advisory. - There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were...