336990 matches found
Microsoft IIS 7.0 Vulnerabilities (uncredentialed) (PCI/DSS)
According to the HTTP server banner the remote server is IIS 7.0. The server may be vulnerable to a number of vulnerabilities including a couple of remote code execution vulnerabilities. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid108808; scriptversion"1.8";...
Nonexistent Page (404) Physical Path Disclosure
The remote web server reveals the physical path of the webroot when a nonexistent page is requested. While printing errors to the output is useful for debugging applications, this feature should be disabled on production servers. C Tenable Network Security, Inc. Vulnerable servers: Pi3Web/2.0.0...
Default Password (arcsight) for 'root' Account
The account 'root' on the remote host has the password 'arcsight'. An attacker may leverage this issue to gain total control of the affected system. Note that some network devices are known to use these credentials by default. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "root";...
Apache Struts 2.3.5 - 2.3.31 / 2.5.x < 2.5.10.1 Jakarta Multipart Parser RCE (remote)
The version of Apache Struts running on the remote host is affected by a remote code execution vulnerability in the Jakarta Multipart parser due to improper handling of the Content-Type header. An unauthenticated, remote attacker can exploit this, via a specially crafted Content-Type header value...
Dropbear SSH Server < 2016.72 Multiple Vulnerabilities
According to its self-reported version in its banner, Dropbear SSH running on the remote host is prior to 2016.74. It is, therefore, affected by the following vulnerabilities : - A format string flaw exists due to improper handling of string format specifiers e.g., %s and %x in usernames and host...
Elasticsearch Unrestricted Access Information Disclosure
The Elasticsearch application running on the remote web server is affected by an information disclosure vulnerability due to a failure to restrict resources via authentication. An unauthenticated, remote attacker can exploit this to disclose sensitive information from the database. C Tenable...
MS KB3009008: Vulnerability in SSL 3.0 Could Allow Information Disclosure (POODLE)
The remote host is missing one of the workarounds referenced in the Microsoft Security Advisory 3009008. If the client registry key workaround has not been applied, any client software installed on the remote host including IE is affected by an information disclosure vulnerability when using SSL...
SNMP 'GETBULK' Reflection DDoS
The remote SNMP daemon is responding with a large amount of data to a 'GETBULK' request with a larger than normal value for 'max-repetitions'. A remote attacker can use this SNMP server to conduct a reflected distributed denial of service attack on an arbitrary remote host. TRUSTED...
Network daemons not managed by the package system
Some daemon processes on the remote host are associated with programs that have been installed manually. System administration best practice dictates that an operating system's native package management tools be used to manage software installation, updates, and removal whenever possible. TRUSTED...
Microsoft Security Rollup Enumeration
Nessus was able to enumerate the Microsoft security rollups installed on the remote Windows host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid93962; scriptversion"1.185";...
HTTP TRACE / TRACK Methods Allowed
The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods that are used to debug web server connections. This script was written by Thomas Reinke Improvements re TRACK and RFP reference courtesy of Improvements by rd - httpget to get full HTTP/1.1 support,...
MS KB3074162: Vulnerability in Microsoft Malicious Software Removal Tool Could Allow Elevation of Privilege
The remote Windows host is affected by an elevation of privilege vulnerability due to the Malicious Software Removal Tool MSRT failing to properly handle a race condition involving DLL-planting. An authenticated attacker can exploit this vulnerability by placing a specially crafted DLL file in a...
PHP 7.3.x < 7.3.33
The version of PHP installed on the remote host is prior to 7.3.33. It is, therefore, affected by a vulnerability as referenced in the Version 7.3.33 advisory. - In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexmlloadfile,...
Apache 2.4.x >= 2.4.7 / < 2.4.52 Forward Proxy DoS / SSRF
The version of Apache httpd installed on the remote host is equal to or greater than 2.4.7 and prior to 2.4.52. It is, therefore, affected by a flaw related to acting as a forward proxy. A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer...
Unencrypted Telnet Server
The remote host is running a Telnet server over an unencrypted channel. Using Telnet over an unencrypted channel is not recommended as logins, passwords, and commands are transferred in cleartext. This allows a remote, man-in-the-middle attacker to eavesdrop on a Telnet session to obtain...
MS KB3123040: Improperly Issued Digital Certificates Could Allow Spoofing
The remote host is missing KB3046310, KB2677070 automatic updater, or the latest disallowed certificate update using KB2813430 manual updater. If KB2677070 has been installed, it has not yet obtained the latest auto-updates. Note that this plugin checks that the updaters have actually updated the...
Telnetd - Remote Code Execution (CVE-2020-10188)
A buffer overflow condition exists in telnetd due to incorrect bounds checks in the services handling of short writes and urgent data. An unauthenticated, remote attacker can exploit this, via specially crafted telnet packets, to execute arbitrary code on the remote server. C Tenable Network...
Radmin (Remote Administrator) Port 4899 Detection
Radmin Remote Administrator, a popular remote control software application for Windows, is running on this port. Make sure that a strong password is used, otherwise an attacker may brute-force it and control the machine. C Tenable Network Security, Inc. include"compat.inc"; ifdescription...
PHP 5.5.x < 5.5.38 Multiple Vulnerabilities (httpoxy)
According to its banner, the version of PHP running on the remote web server is 5.5.x prior to 5.5.38. It is, therefore, affected by multiple vulnerabilities : - A Segfault condition occurs when accessing nvarcharmax defined columns. CVE-2015-8879 - A man-in-the-middle vulnerability exists, known...
Microsoft IIS / Site Server viewcode.asp Arbitrary File Access
The file viewcode.asp is a default IIS file that can give a malicious user a lot of unnecessary information about your file system or source files. Specifically, viewcode.asp can allow a remote user to potentially read any file on a web server hard drive. %NASLMINLEVEL 70300 This script was writt...
Multiple Ethernet Driver Frame Padding Information Disclosure (Etherleak)
The remote host uses a network device driver that pads ethernet frames with data which vary from one packet to another, likely taken from kernel memory, system memory allocated to the device driver, or a hardware buffer on its network interface card. Known as 'Etherleak', this information...
Authenticated Check : OS Name and Installed Package Enumeration
This plugin logs into the remote host using SSH, RSH, RLOGIN, Telnet, or local commands and extracts the list of installed packages. If using SSH, the scan should be configured with a valid SSH public key and possibly an SSH passphrase if the SSH public key is protected by a passphrase. TRUSTED...
Apache Tomcat snoop.jsp URI XSS
The remote Apache Tomcat web server includes an example JSP application, 'snoop.jsp', that fails to sanitize user-supplied input before using it to generate dynamic content. An unauthenticated, remote attacker can exploit this issue to inject arbitrary HTML or script code into a user's browser to...
OpenSSL 1.0.2 < 1.0.2k Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 1.0.2k. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.2k advisory. - There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d...
MariaDB 5.5.0 < 5.5.68 Multiple Vulnerabilities
The version of MariaDB installed on the remote host is prior to 5.5.68. It is, therefore, affected by multiple vulnerabilities as referenced in the 5.5.68 advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that are affecte...
ExoPHPDesk faq.php id Parameter SQL Injection
The remote host is running Exo PHPDesk, a helpdesk application written in PHP. The version of Exo PHPDesk on the remote host fails to properly sanitize input to the 'id' parameter of the 'faq.php' script before using it in database queries. Provided PHP's 'magicquotesgpc' setting is disabled, an...
JQuery 1.2 < 3.5.0 Multiple XSS
According to the self-reported version in the script, the version of JQuery hosted on the remote web server is greater than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross site scripting vulnerabilities. Note, the vulnerabilities referenced in this plugin have no...
PHP Unsupported Version Detection
According to its version, the installation of PHP on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. %NASLMINLEVEL 70300 C Tenable Network...
Microsoft Windows SMB Registry Not Fully Accessible Detection
Nessus did not access the remote registry completely, because full administrative rights are required. If you want the permissions / values of all the sensitive registry keys to be checked, we recommend that you complete the 'SMB Login' options in the 'Windows credentials' section of the policy...
Java JMX Agent Insecure Configuration
A Java JMX agent running on the remote host is configured without SSL client and password authentication. An unauthenticated, remote attacker can connect to the JMX agent and monitor and manage the Java application that has enabled the agent. Moreover, this insecure configuration could allow the...
WordPress < 6.6.1
WordPress versions 6.6.1 are affected by one or more vulnerabilities %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid204968; scriptversion"1.4"; scriptsetattributeattribute:"pluginmodificationdate", value:"2026/01/08"; scriptcveid"CVE-2024-31111", "CVE-2024-31210",...
X11 Server Unauthenticated Access
The remote X11 server accepts connections from anywhere. An attacker can connect to it to eavesdrop on the keyboard and mouse events of a user on the remote host. It is even possible for an attacker to grab a screenshot of the remote host or to display arbitrary programs. An attacker can exploit...
Exim < 4.96.2 Multiple Vulnerabilities
According to its banner, the version of Exim running on the remote host is prior to 4.96.2. It is, therefore, potentially affected by multiple vulnerabilities: - Improper Neutralization of Special Elements CVE-2023-42117 - dnsdb Out-Of-Bounds Read CVE-2023-42119 Note that Nessus has not tested fo...
Target Credential Issues by Authentication Protocol - Insufficient Privilege
Nessus was able to execute credentialed checks because it was possible to log in to the remote host using provided credentials, however the credentials were not sufficiently privileged to complete all requested checks. TRUSTED...
Apache 2.4.x < 2.4.52 Multiple Vulnerabilities
The version of Apache httpd installed on the remote host is prior to 2.4.52. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.52 advisory. - A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for...
NFS Shares World Readable
The remote NFS server is exporting one or more shares without restricting access based on hostname, IP, or IP range. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid42256; scriptversion"1.12"; scriptsetattributeattribute:"pluginmodificationdate", value:"2024/02/21";...
PHP 5.6.x < 5.6.31 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.31. It is, therefore, affected by the following vulnerabilities : - An out-of-bounds read error exists in the PCRE library in the compilebracketmatchingpath function within file pcrejitcompile.c. An...
SSL Certificate Chain Contains RSA Keys Less Than 2048 bits (PCI DSS)
At least one of the X.509 certificates sent by the remote host has a key that is shorter than 2048 bits. According to industry standards set by the Certification Authority/Browser CA/B Forum, certificates issued after January 1, 2014 must be at least 2048 bits. Some browser SSL implementations ma...
TCP/IP Sequence Prediction Blind Reset Spoofing DoS
The remote host is affected by a sequence number approximation vulnerability that allows an attacker to send spoofed RST packets to the remote host and close established connections. This may cause problems for some dedicated services BGP, a VPN over TCP, etc. C Tenable Network Security, Inc...
DCE Services Enumeration
By sending a Lookup request to the portmapper TCP 135 or epmapper PIPE it was possible to enumerate the Distributed Computing Environment DCE services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote...
OpenSSL AES-NI Padding Oracle MitM Information Disclosure
The remote host is affected by a man-in-the-middle MitM information disclosure vulnerability due to an error in the implementation of ciphersuites that use AES in CBC mode with HMAC-SHA1 or HMAC-SHA256. The implementation is specially written to use the AES acceleration available in x86/amd64...
Security Updates for Microsoft Visio Products C2R (April 2020)
The Microsoft Visio Products are missing a security update. It is, therefore, affected by a remote code execution vulnerability. The vulnerability exists when Microsoft Office improperly loads arbitrary type libraries. An attacker could then install programs; view, change, or delete data; or crea...
DNS Server Recursive Query Cache Poisoning Weakness
It is possible to query the remote name server for third-party names. If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed. If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names such as...
MySQL 5.7.x < 5.7.23 Multiple Vulnerabilities (RPM Check) (July 2018 CPU)
The version of MySQL running on the remote host is 5.7.x prior to 5.7.23. It is, therefore, affected by multiple vulnerabilities as noted in the July 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not...
MS09-063: Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (973565)
The remote Windows host is running a vulnerable version of WSDAPI. Sending the affected service a packet with a specially crafted header can result in arbitrary code execution. An attacker on the same subnet could exploit this to take complete control of the system. C Tenable Network Security, In...
YaBB YaBB.pl num Parameter Traversal Arbitrary File Access
The 'YaBB.pl' CGI script is installed on the remote host. This script has a well-known security flaw that lets an attacker read arbitrary files with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...
Security Updates for Microsoft Skype for Business and Microsoft Lync (July 2018)
The Microsoft Skype for Business or Microsoft Lync installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via...
Security Updates for Microsoft Visual Studio Products (July 2018)
The Microsoft Visual Studio Products are missing security updates. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project. An attacker who...
Hashicorp Consul Web UI and API access
A remote, unauthenticated attacker may able to access Consul Web UI and API to gather data, register services and gain remote access. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid111351; scriptversion"1.5"; scriptsetattributeattribute:"pluginmodificationdate",...
SSH Diffie-Hellman Modulus <= 1024 Bits (Logjam)
The remote SSH server allows connections with one or more Diffie-Hellman moduli less than or equal to 1024 bits. Through cryptanalysis, a third party can find the shared secret in a short amount of time depending on modulus size and attacker resources. This allows an attacker to recover the...