WordPress 5.8.x < 5.8.7 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A directory traversal via wplang. CVE-2023-2745 - A Cross-Site Request Forgery CSRF via wpajaxsetattachmentthumbnail. - An authenticated stored Cross-Site Scripting XSS vi...

OpenSSL 1.1.1 < 1.1.1u Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.1.1u. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.1.1u advisory. - Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary...

WordPress 5.6.x < 5.6.5 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A data exposure vulnerability within the REST API. - A Lodash library prior to 4.17.21 vulnerbaility. Note that the scanner has not tested for these issues but has instead...

Nginx 1.x < 1.14.1 Multiple Vulnerabilties

According to its Server response header, the installed version of nginx is 1.x prior to 1.14.1 or 1.15.x prior to 1.15.6. It is, therefore, affected by the following issues : - An unspecified error exists related to the module 'ngxhttpv2module' that allows excessive memory usage. CVE-2018-16843 -...

OpenSSL 1.0.2 < 1.0.2n Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.2n. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.2n advisory. - There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC...

Sophos XG Firewall User Portal and Webadmin Authentication Bypass (CVE-2022-1040)

Binary data sophosxgfirewallcve-2022-1040.nbin...

Spring Cloud Function SPEL Expression Injection (direct check)

Binary data springcloudCVE-2022-22963.nbin...

Default Password '7ujMko0vizxv' for 'root' Account

The account 'root' on the remote host has the default password '7ujMko0vizxv'. A remote attacker can exploit this issue to gain administrative access to the affected system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "root"; password = "7ujMko0vizxv";...

Fortinet FortiGate Web Console Management Detection

A Fortinet FortiGate Firewall is running on the remote host, and connections are allowed to its web-based console management port. Letting attackers know that you are using this software will help them to focus their attack or will make them change their strategy. In addition to this, an attacker...

Security Update for .NET Core (March 2021)

The Microsoft .NET Core installation on the remote host is version 2.1.x prior to 2.1.26, 3.1.x prior to 3.1.13, or 5.x prior to 5.0.4. It is, therefore, affected by a remote code execution vulnerability. An unauthenticated, remote attacker can exploit this to bypass authentication and execute...

Apache 2.4.x < 2.4.43 Multiple Vulnerabilities

According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.43. It is, therefore, affected by multiple vulnerabilities: - An uninitialized value vulnerability exists in modproxyftp. CVE-2020-1934 - An open redirect vulnerability exists in modrewrite...

Security Updates for Microsoft .NET Framework (January 2020)

The Microsoft .NET Framework installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully...

MS13-081: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2870008)

The remote Windows host has the following vulnerabilities : - Multiple remote code execution vulnerabilities exist in the way the Windows kernel-mode driver parses OpenType and TrueType fonts. CVE-2013-3128, CVE-2013-3894 - Multiple privilege escalation vulnerabilities exist in the Windows...

SSL Certificate Information

This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate. TRUSTED...

OpenSSL 1.1.1 < 1.1.1o Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.1.1o. It is, therefore, affected by a vulnerability as referenced in the 1.1.1o advisory. - The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operati...

NAS4Free Web UI Default Credentials

The NAS4Free web interface on the remote host has the 'admin' user account secured with the default password. A remote, unauthenticated attacker could exploit this to gain administrative access to the web interface, which could allow arbitrary command execution via exec.php. %NASLMINLEVEL 70300 C...

HTTP Cookie 'secure' Property Transport Mismatch

The remote web server sends out cookies to clients with a 'secure' property that does not match the transport, HTTP or HTTPS, over which they were received. This may occur in two forms : 1. The cookie is sent over HTTP, but has the 'secure' property set, indicating that it should only be sent ove...

Nessus SNMP Scanner

This plugin runs an SNMP scan against the remote machine to find open ports. See the section 'plugins options' to configure it. TRUSTED...

RHEL 7 : kpatch-patch (RHSA-2022:5216)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5216 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel...

F5 Networks BIG-IP : Node.js vulnerability (K07944249)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.4.4 / 15.1.4.1 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K07944249 advisory. - A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could...

Ubuntu 18.04 LTS / 20.04 LTS : MariaDB vulnerabilities (USN-4603-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4603-1 advisory. It was discovered that MariaDB didn't properly validate the content of a packet received from a server. A remote attacker could use this...

CentOS 6 : kernel (CESA-2018:1319) (Meltdown)

An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

RHEL 7 : sqlite (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - sqlite: Heap-buffer overflow in the getNodeSize function CVE-2017-10989 - sqlite: Out of bounds access...

Security Updates for Microsoft Sharepoint Server (February 2019)

The Microsoft Sharepoint Server installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an...

MySQL 5.5.x < 5.5.61 Multiple Vulnerabilities (July 2018 CPU)

The version of MySQL running on the remote host is 5.5.x prior to 5.5.61. It is, therefore, affected by multiple vulnerabilities as noted in the July 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not...

VMware vCenter Server 6.0.x < 6.0u3b / 6.5.x < 6.5c BlazeDS AMF3 RCE (VMSA-2017-0007)

The version of VMware vCenter Server installed on the remote host is 6.0.x prior to 6.0u3b or 6.5.x prior to 6.5c. It is, therefore, affected by a flaw in FlexBlazeDS when processing AMF3 messages due to allowing the instantiation of arbitrary classes when deserializing objects. An unauthenticate...

IBM Notes 8.0.x / 8.5.x / 9.0.x with IBM Java < 1.6 SR15 FP1 Multiple Vulnerabilities

The remote host has a version of IBM Notes formerly Lotus Notes 8.0.x / 8.5.x / 9.0.x that is bundled with an IBM Java version prior to 1.6 SR15 FP1. It is, therefore, affected by the vulnerabilities mentioned in the Oracle Java Critical Patch Update advisories for October 2013 and January 2014. ...

Default Password (rain) for 'root' Account

The account 'root' on the remote host has the password 'rain'. An attacker may leverage this to gain access, likely as an administrator, to the affected system. Note that EMC Cloud Tiering Appliance is known to use these credentials by default. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Oracle Database Multiple Vulnerabilities (January 2018 CPU)

The remote Oracle Database Server is missing the January 2018 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities as noted in the January 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note tha...

MS15-081: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3080790)

The remote Windows host has a version of Microsoft Office, Word, Word Viewer, Excel, PowerPoint, Visio, SharePoint Server, Microsoft Office Compatibility Pack, Microsoft Word Web Apps, or Microsoft Office Web Apps installed that is affected by multiple remote code execution vulnerabilities : -...

PHP 8.1.x < 8.1.30 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.1.30. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.1.30 advisory. - In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using a certain non- standard configurations ...

Dnspython < 2.6.0rc1 DoS

The version of dnspython installed on the remote host is prior to 2.6.0rc1. It is, therefore, affected by a denial of service DoS vulnerability. The dnspython stub resolver is vulnerable to a potential DoS if a bad-in-some-way response from the right address and port forged by an attacker arrives...

Security Updates for Microsoft Office Compatibility SP3 (January 2018)

The Microsoft Office Compatibility Pack products installed on the remote host are missing security updates. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in...

NetSupport Manager Gateway Detection

NetSupport Manager Gateway, a secure method to establish connections between NetSupport control and client PCs, is installed on the remote system. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid50545; scriptversion"1.5"; scriptcvsdate"Date: 2019/11/22";...

Apache < 2.4.49 Multiple Vulnerabilities

The version of Apache httpd installed on the remote host is prior to 2.4.49. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.49 changelog. - apescapequotes may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to...

ESXi 6.5 / 6.7 / 7.0 Multiple Vulnerabilities (VMSA-2020-0026)

According to its self-reported version number, the remote VMware ESXi host is version 6.5, 6.7 or 7.0 and is affected by multiple vulnerabilities. - A use-after-free error exists in the XHCI USB controller. An unauthenticated, local attacker with local administrative privileges on a virtual machi...

PHP 5.6.x < 5.6.29 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.29. It is, therefore, affected by multiple vulnerabilities : - A memory corruption issue exists in the phpwddxpushelement function in ext/wddx/wddx.c that is triggered when decoding empty boolean...

Default Password 'admin1234' for 'admin' Account

The account 'admin' on the remote host has the default password 'admin1234'. A remote attacker can exploit this issue to gain administrative access to the affected system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "admin"; password = "admin1234";...

VMware ESXi 5.1 < Build 3021178 OpenSLP RCE (VMSA-2015-0007)

The remote VMware ESXi host is version 5.1 prior to build 3021178. It is, therefore, affected by a remote code execution vulnerability due to a double-free error in the SLPDProcessMessage function in OpenSLP. An unauthenticated, remote attacker can exploit this, via a crafted package, to execute...

Mozilla Firefox Unsupported Version Detection

Binary data 801254.prm...

Oracle Java SE 6 < Update 121 / 7 < Update 111 / 8 < Update 102 Multiple Vulnerabilities

Binary data 9449.prm...

Apache Tomcat 8.5.50 < 8.5.82

The version of Tomcat installed on the remote host is prior to 8.5.82. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat8.5.82security-8 advisory. - In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form...

PHP 7.1.x < 7.1.30 Multiple Vulnerabilities.

According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.30. It is, therefore, affected by the following vulnerabilities: - An uninitialized vulnerability exists in gdImageCreateFromXbm due to sscanf method not being able to read a hex value. An attacker...

Apple TV < 11.1 Multiple Vulnerabilities

According to its banner, the version of Apple TV on the remote device is prior to 11.1. It is, therefore, affected by multiple vulnerabilities as described in the HT208219 security advisory. Note that only 4th and 5th generation models are affected by these vulnerabilities. C Tenable Network...

SUSE SLED15 / SLES15 Security Update : openssl-1_1 (SUSE-SU-2021:2830-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2830-1 advisory. - In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application...

Oracle Linux 8 : GNOME (ELSA-2021-1586)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-1586 advisory. - Fix CVE-2019-13012 Resolves: 1728632 glibmm24 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...

Oracle Database Server Multiple Vulnerabilities (Jan 2020 CPU)

The remote Oracle Database Server is missing the January 2020 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities: - A denial of service DoS vulnerability exists in the Core RDBMS component of Oracle Database Server. An authenticated, remote attacker can exploit this...

SUSE SLES11 Security Update : ntp (SUSE-SU-2017:0255-1)

This update for ntp fixes the following issues: ntp was updated to 4.2.8p9. Security issues fixed : - CVE-2016-9311, CVE-2016-9310, bsc1011377: Mode 6 unauthenticated trap information disclosure and DDoS vector. - CVE-2016-7427, bsc1011390: Broadcast Mode Replay Prevention DoS. - CVE-2016-7428,...

Default Password 'xmhdipc' for 'root' Account

The account 'root' on the remote host has the default password 'xmhdipc'. A remote attacker can exploit this issue to gain administrative access to the affected system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "root"; password = "xmhdipc"; include'deprecatednasllevel.inc';...

Oracle Java JDK / JRE 6 < Update 30 Multiple Vulnerabilities (Unix)

The version of Oracle formerly Sun Java Runtime Environment JRE 6.x installed on the remote host is earlier than Update 30 and is, therefore, potentially affected by the following vulnerabilities: - A stack overflow error exists related to proxy tunnels. Bug 6670868 - An error exists related to...