WordPress 6.0.x < 6.0.9 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A Cross-Site Scripting XSS vulnerability affecting the HTML API. - A Cross-Site Scripting XSS vulnerability affecting the Template Part block. - A path traversal issue...

Oracle Enterprise Manager Cloud Control (Jan 2022 CPU)

The 13.4.0.0 and 13.5.0.0 versions of Enterprise Manager Base Platform installed on the remote host are affected by a vulnerability as referenced in the January 2022 CPU advisory. - Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Policy...

RancherOS < 1.1.3 Information Disclosure

The remote host is running a version of RancherOS that is prior to v1.1.3, hence is vulnerable to local privilege-escalation vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Systems with microprocessors utilizing speculative execution and indirect branch...

MS15-041: Vulnerability in .NET Framework Could Allow Information Disclosure (3048010)

The remote Windows host has a version of the Microsoft .NET Framework installed that is affected by an information disclosure vulnerability due to improper handling of requests on web servers that have custom error messages disabled. A remote, unauthenticated attacker can exploit this issue, via ...

Oracle WebLogic Server (Apr 2022 CPU)

The version of Oracle WebLogic Server installed on the remote host is missing a security patch from the April 2020 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities: - A temp directory creation vulnerability in the bundled Guava component that allows a low privileg...

SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2020:14290-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14290-1 advisory. - A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write...

openSUSE Security Update : the Linux Kernel (openSUSE-2021-75)

The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2020-29568: An issue was discovered in Xen through 4.14.x. Some OSes such as Linux, FreeBSD, and NetBSD are processing watch events using a single thread. If the even...

Amazon Linux AMI : kernel (ALAS-2018-1058) (Foreshadow)

Fixes for L1Terminal Fault security issues : L1 Terminal Fault-OS/ SMM : Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page...

CentOS 7 : kernel (CESA-2017:2930)

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Microsoft Silverlight SEoL

According to its version, the installation of the Microsoft Silverlight on the remote host is no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security...

.svn/entries Disclosed via Web Server

The web server on the remote host allows read access to '.svn/entries' files. This exposes all file names in your svn module on your website. This flaw can also be used to download the source code of the scripts PHP, JSP, etc... hosted on the remote server. %NASLMINLEVEL 70300 Changes by Tenable ...

Intel Chipset Device Software < 10.1.19444.8378 Escalation of Privilege

The version of Intel Chipset Device Software installed on the remote Windows host is prior to 10.1.19444.8378. It is, therefore, affected by multiple vulnerabilities: - Due to an uncontrolled search path element, an authenticated, local attacker can elevate their privileges. CVE-2023-28388,...

Linanto Control Web Panel (CWP) 7 < 0.9.8.1147 Command Injection (CVE-2022-44877)

The version of Linanto Control Web Panel CWP 7, a web based control panel application, installed on the remote host is prior to 0.9.8.1147. It is, therefore, affected by a command injection vulnerability in the login parameter of the login/index.php page. Note that Nessus has not tested for this...

HP Operations Manager / Operations Agent < 11.13 XSS (HPSBMU03126)

According to its self-reported version, the version of the HP Operations Agent service running on the remote host is affected by a cross-site scripting vulnerability. Operations Agent is often an included component of Operations Manager. C Tenable Network Security, Inc. include"compat.inc"; if...

Juniper Junos Unsupported Version Detection

According to its self-reported version number, the installation of the Juniper Junos operating system running on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain securi...

Danware NetOp Host HELO Request Remote Information Disclosure

This plugin displays the basic name and address information provided by NetOp products for easy network browsing. Administrators should disable displaying this information if they don't want it to be visible. Note that leaked private IP addresses are only an issue if the NetOp product is listenin...

Security Update for Microsoft .NET Core (January 2024)

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024Jan09 advisory. - NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability CVE-2024-0057 - .NET Denial of...

PHP 8.0.x < 8.0.27

The version of PHP installed on the remote host is prior to 8.0.27. It is, therefore, affected by a vulnerability as referenced in the Version 8.0.27 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEV...

CentOS 7 : kernel (RHSA-2022:5232)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5232 advisory. - net/netfilter/nftablesapi.c in the Linux kernel through 5.18.1 allows a local user able to create user/net namespaces to escalate privileges to root...

Apache Tomcat 8.5.38 < 8.5.79

The version of Tomcat installed on the remote host is prior to 8.5.79. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat8.5.79security-8 advisory. - The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 t...

Apache Solr Unauthenticated Access Information Disclosure

A remote unauthenticated attacker can obtain an overview of the remote Apache Solr web server's configuration by requesting the URL '/solr'. This overview includes the configuration of the system and available data sources. It may also include the contents of any cores configured in the node...

MySQL 5.7.x < 5.7.36 Multiple Vulnerabilities (Oct 2021 CPU)

The version of MySQL running on the remote host is 5.7.x prior to 5.7.36. It is, therefore, affected by multiple vulnerabilities, including the following, as noted in the October 2021 Critical Patch Update advisory: - A vulnerability in the OpenSSL component that can result in a takeover of the...

Zyxel D1000 CWMP Get Default Password

Nessus was able to acquire the password from the Zyxel D1000 device by using CWMP commands over the TR-064 protocol. This protocol is typically open on port 7547. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid96448; scriptversion"1.5";...

GNU Bash Environment Variable Handling Code Injection via ProFTPD (Shellshock)

The remote FTP server is affected by a remote code execution vulnerability due to an error in the Bash shell running on the remote host. A remote, unauthenticated attacker can execute arbitrary code on the remote host by sending a specially crafted request via the USER FTP command. The 'modexec'...

MS11-004: Vulnerability in Internet Information Services (IIS) FTP Service Could Allow Remote Code Execution (2489256) (uncredentialed check)

The IIS FTP service running on the remote host has a heap-based buffer overflow vulnerability. The 'TELNETSTREAMCONTEXT::OnSendData' function fails to properly sanitize user input, resulting in a buffer overflow. An unauthenticated, remote attacker can exploit this to execute arbitrary code. C...

SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2020:14548-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14548-1 advisory. - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption vi...

Oracle Linux 7 : thunderbird (ELSA-2021-1350)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-1350 advisory. 78.10.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 78.10.0-1 - Update to 78.10.0 Tenable has extract...

MS16-136: Security Update for SQL Server (3199641) (uncredentialed check)

The remote Microsoft SQL Server is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple elevation of privilege vulnerabilities exist in the SQL RDBMS Engine due to improper handling of pointer casting. An authenticated, remote attacker can exploit these t...

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3542-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3542-1 advisory. Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel...

Symantec Endpoint Protection Client 12.1.x < 12.1.6 MP6 Multiple DoS (SYM16-015)

The version of Symantec Endpoint Protection SEP Client installed on the remote Windows host is 12.1.x prior to 12.1.6 MP6 or else 12.1.6 MP5 without a hotfix. It is, therefore, affected by multiple denial of service vulnerabilities : - A denial of service vulnerability exists in the decomposer...

MetaCart E-Shop productsByCategory.ASP Multiple Vulnerabilities

The remote host is running the MetaCart e-Shop, an online store written in ASP. Due to a lack of user input validation, the remote version of this software is vulnerable to various SQL injection and cross-site scripting attacks. An attacker may exploit these flaws to execute arbitrary SQL command...

PHP 8.2.x < 8.2.7

The version of PHP installed on the remote host is prior to 8.2.7. It is, therefore, affected by a vulnerability as referenced in the Version 8.2.7 advisory. - In PHP versions 8.0. before 8.0.29, 8.1. before 8.1.20, 8.2. before 8.2.7 when using SOAP HTTP Digest Authentication, random value...

EulerOS Virtualization for ARM 64 3.0.2.0 : sqlite (EulerOS-SA-2020-1987)

According to the versions of the sqlite package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A NULL pointer dereference flaw was found in SQLite when rewriting select statements for window functions. This flaw...

SUSE SLES11 Security Update : kernel (SUSE-SU-2019:13937-1)

The SUSE Linux Enterprise 12 SP3 kernel was updated to 3.0.101 to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-9516: In hiddebugeventsread of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead...

ONVIF Device Information

Nessus was able to extract some information about the ONVIF-enabled device by sending a GetDeviceInformation SOAP request to the device server. include"compat.inc"; if description scriptid103865; scriptversion"$Revision: 1.1 $"; scriptcvsdate"$Date: 2017/10/17 15:56:40 $"; scriptnameenglish:"ONVI...

Amazon Linux 2023 : curl, curl-minimal, libcurl (ALAS2023-2023-193)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-193 advisory. The curl advisory describes this issue as follows: curl supports communicating using the TELNET protocol and as a part of this it offers users to pass on user name and telnet options for the...

Google Chrome < 104.0.5112.79 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 104.0.5112.79. It is, therefore, affected by multiple vulnerabilities as referenced in the 202208stable-channel-update-for-desktop advisory. - Heap buffer overflow in PrintPreview in Google Chrome prior to 104.0.5112.79...

RHEL 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP7 (RHSA-2021:1199)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1199 advisory. This release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages that are part of the JBoss Core Services offering. This release...

Oracle Solaris Critical Patch Update : oct2020_SRU11_4_24_75_2

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Oracle Solaris product of Oracle Systems component: Filesystem. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon t...

Security Updates for Microsoft .NET Framework (July 2020)

The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability : - A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the...

SSL Root Certification Authority Distrusted

The remote service uses an SSL certificate chain that contains a root Certification Authority certificate at the top of the chain that is issued from a distrusted Certification Authority. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid124410; scriptversion"1.1";...

F5 Networks BIG-IP : Linux kernel vulnerability (K15526101)

The dccpdisconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service use-after-free via an AFUNSPEC connect system call during the DCCPLISTEN state. CVE-2017-8824 Impact An attacker may exploit this vulnerability to...

phpMyAdmin 4.8.x < 4.8.2 Vulnerability (PMASA-2018-4)

According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.8.x prior to 4.8.2. It is, therefore, affected by the file inclusion and remote code execution vulnerabilities Note that Nessus has not attempted to exploit these issues but has instead...

Windows 7 and Windows Server 2008 R2 September 2017 Security Updates

The remote Windows host is missing security update 4038779 or cumulative update 4038777. It is, therefore, affected by multiple vulnerabilities : - A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain...

Default Password 'padmin' for 'padmin' Account

The account 'padmin' on the remote host has the default password 'padmin'. A remote attacker can exploit this issue to gain administrative access to the affected system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "padmin"; password = "padmin"; include'deprecatednasllevel.inc';...

SUSE SLED11 / SLES11 Security Update : openssl (SUSE-SU-2016:0624-1) (DROWN)

This update for openssl fixes various security issues and bugs : Security issues fixed : - CVE-2016-0800 aka the 'DROWN' attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as...

SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 9746 / 9749 / 9751)

The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues. The following security bugs have been fixed : - The mediadeviceenumentities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data...

CUPS 1.7.x < 1.7.5 'get_file' Function Symlink Handling Info Disclosure

According to its banner, the version of CUPS installed on the remote host is 1.7.x prior to 1.7.5. It is, therefore, potentially affected by an information disclosure vulnerability that was incompletely corrected by the fix for CVE-2014-3537. A flaw exists in the 'getfile' function within the fil...

PHP 5.3.9 'php_register_variable_ex()' Code Execution (banner check)

According to its banner, the version of PHP installed on the remote host is 5.3.9. This version reportedly is affected by a code execution vulnerability. Specifically, the fix for the hash collision denial of service vulnerability CVE-2011-4885 itself has introduced a remote code execution...

phpMyAdmin error.php BBcode Tag XSS (PMASA-2010-9)

The version of phpMyAdmin fails to validate BBcode tags in user input to the 'error' parameter of the 'error.php' script before using it to generate dynamic HTML. An attacker may be able to leverage this issue to inject arbitrary HTML or script code into a user's browser to be executed within the...