Photon OS 2.0: Nxtgn PHSA-2021-2.0-0331

An update of the nxtgn package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-2.0-0331. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid148186...

KB4601318: Windows 10 Version 1607 and Windows Server 2016 February 2021 Security Update

The remote Windows host is missing security update 4601318. It is, therefore, affected by multiple vulnerabilities : - A denial of service DoS vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. CVE-2021-24080, CVE-2021-24086,...

MySQL 5.6.x < 5.6.49 Multiple Vulnerabilities (Jul 2020 CPU)

The version of MySQL running on the remote host is 5.6.x prior to and including 5.6.48. It is, therefore, affected by multiple vulnerabilities, including the following, as noted in the July 2020 Critical Patch Update advisory: - A vulnerability in the MySQL Server product of Oracle MySQL componen...

Security Updates for Microsoft .NET Framework (July 2020)

The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability : - A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the...

MS14-068: Vulnerability in Kerberos Could Allow Elevation of Privilege (3011780) (ESKIMOROLL)

The remote Windows host is affected by a privilege escalation vulnerability due to the Kerberos Key Distribution Center KDC implementation not properly validating signatures. A remote attacker can exploit this vulnerability to elevate an unprivileged domain user account to a domain administrator...

OS Identification : ICMP

This plugin attempts to identify the Operating System type and version by sending more or less incorrect ICMP requests using the techniques outlined in Ofir Arkin's paper 'ICMP Usage In Scanning'. An attacker may use this to identify the kind of the remote operating system and gain further...

Cisco SD-WAN vManage Log4j Remote Code Execution (cisco-sa-apache-log4j-qRuKNEbd)

Cisco SD-WAN vManage is affected by the following critical vulnerability in the Apache Log4j Java logging library as described in the cisco-sa-apache-log4j-qRuKNEbd advisory. - Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log messages, and...

OpenSSL 3.0.0 < 3.0.3 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.0.3. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.0.3 advisory. - The OPENSSLLHflush function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed has...

Mozilla Thunderbird < 78.14

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 78.14. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-42 advisory. - Mozilla developers Tyson Smith and Gabriele Svelto reported memory safety bugs present in Thunderbird...

WordPress 4.1.x < 4.1.31 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exist in the block editor. - A cross-site scripting XSS vulnerability exist in media files. - An open redirect vulnerability exist...

PHP 7.2.x < 7.2.10 Transfer-Encoding Parameter XSS Vulnerability

According to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.10. It is, therefore, affected by a cross-site scripting vulnerability. An attacker could leverage this vulnerability to inject malicious code which executes within the security context of the...

Cisco Unified Communications Manager Java Object Deserialization RCE (CSCux34835)

According to its self-reported version, the Cisco Unified Communications Manager CUCM running on the remote device is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated...

CUPS 1.7.x < 1.7.5 'get_file' Function Symlink Handling Info Disclosure

According to its banner, the version of CUPS installed on the remote host is 1.7.x prior to 1.7.5. It is, therefore, potentially affected by an information disclosure vulnerability that was incompletely corrected by the fix for CVE-2014-3537. A flaw exists in the 'getfile' function within the fil...

McAfee Web Gateway OpenSSL Information Disclosure (SB10071) (Heartbleed)

The remote host is running a version of McAfee Web Gateway MWG that is affected by an information disclosure vulnerability due to a flaw in the OpenSSL library, commonly known as the Heartbleed bug. An attacker could potentially exploit this vulnerability repeatedly to read up to 64KB of memory...

OS Identification : SMTP

Nessus was able to identify the remote operating system based on the banner reported by the mail server running on it. C Tenable, Inc. include"compat.inc"; if description scriptid57915; scriptversion"2.38"; scriptsetattributeattribute:"pluginmodificationdate", value:"2025/03/31";...

MS11-100: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420)

The remote Windows host is running a version of the Microsoft ASP.NET Framework that has multiple vulnerabilities. These include: - A flaw exists in the way ASP.NET generates hash tables for user-supplied values. By sending a small number of specially crafted posts to an ASP.NET server, an attack...

GuildFTPd Long SITE Command Overflow

The remote ftp server seems to be vulnerable to a denial of service attack through the SITE command when handling specially long requests. An attacker can exploit this flaw in order to crash the affected service or possibly execute arbitrary code. C Tenable Network Security, Inc...

RHEL 8 : kernel (RHSA-2024:1607)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1607 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: vmwgfx: NULL pointer dereferen...

.NET Core SDK SEoL

According to its version, the .NET Core SDK installed on the remote host is no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL 8090...

Amazon Corretto Java 8.x < 8.292.10.1 Multiple Vulnerabilities

The version of Amazon Corretto installed on the remote host is prior to 8 8.292.10.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-8-2021-Apr-20 advisory. - core-libs/java.io CVE-2021-2161 - security-libs/java.security CVE-2021-2163 Note that Nessus has not...

Apache Solr < 8.4.0 Remote Code Execution

The version of Apache Solr running on the remote host is at least 5.0.0 and prior to 8.4.0. It is, therefore, affected by a remote code execution vulnerability. A remote code execution vulnerability exists in VelocityResponseWriter due to a flaw in the velocity template parameter. An...

MongoDB 2.6.x < 2.6.9, 3.0.x < 3.0.14, 3.2.x < 3.2.8 mongod

The version of the remote MongoDB server is 2.6.x prior to 2.6.9, is 3.0.x 3.0.14 or is 3.2.x 3.2.8. It is, therefore, affected by multiple vulnerabilities. - A credentials disclosure vulnerability exists in the PEMKeyPassword, clusterPassword and Windows servicePassword. An unauthenticated local...

RHEL 7 : kernel-alt (RHSA-2018:1374)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1374 advisory. The kernel-alt packages provide the Linux kernel version 4.x. Security Fixes: kernel: ptrace incorrect error handling leads to corruption an...

CentOS 7 : kernel (CESA-2017:1842) (Stack Clash)

"An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Oracle Reports Servlet Remote File Access

Nessus was able to exploit a file access vulnerability in the Oracle Reports servlet and retrieve to contents of a file. A remote attacker could use this vulnerability to read or write arbitrary files on the system, ultimately leading to remote code execution. %NASLMINLEVEL 70300 C Tenable Networ...

CGI Generic Tests Load Estimation (full tests)

This script computes the maximum number of requests that would be done by the generic web tests, depending on miscellaneous options. It does not perform any test by itself. It adjusts the mode of each script if it is unable to run in the given time. The results can be used to estimate the duratio...

Samba Symlink Traversal Arbitrary File Access (unsafe check)

The remote Samba server is configured insecurely and allows a remote attacker to gain read or possibly write access to arbitrary files on the affected host. Specifically, if an attacker has a valid Samba account for a share that is writable or there is a writable share that is configured to be a...

RHEL 8 : python36:3.6 (RHSA-2021:4150)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4150 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4579-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4579-1 advisory. Hadar Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free...

Oracle WebLogic Server Multiple Vulnerabilities (Apr 2020 CPU)

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the CPUApr2020 advisory. - A remote code execution vulnerability exists in the Log4j SocketServer class due to unsafe deserialization of...

pfSense 2.3.x <= 2.3.5-p2 / 2.4.x < 2.4.4 Multiple Vulnerabilities (SA-18_06 / SA-18_07 / SA-18_08)

According to its self-reported version number, the remote pfSense install is a version 2.3.x prior or equal to 2.3.5-p2 or 2.4.x prior to 2.4.3-p1. It is, therefore, affected by multiple vulnerabilities: - Systems with microprocessors utilizing speculative execution and address translations may...

ESXi 6.0 / 6.5 / 6.7 Out-of-Bounds Read Vulnerability (VMSA-2018-0026) (Remote Check)

The remote VMware ESXi host is version 6.0, 6.5, or 6.7 and is missing a security patch. It is, therefore, vulnerable to an out-of-bounds read vulnerability in SVGA devices. An attacker with access to a guest system may be able to execute code on the host system by leveraging this vulnerability. ...

pfSense Default SSH Credentials

The remote device is a pfSense device that uses a set of known, default credentials. An attacker who is able to connect to the service can use these credentials to gain control of the device. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid106273; scriptversion...

DNN (DotNetNuke) __dnnVariable Parameter XSS

The version of DNN installed on the remote host is affected by a cross-site scripting vulnerability due to a failure to properly sanitize user-supplied input to the ' dnnVariable' parameter. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to inject arbitrary...

MS12-021: Vulnerability in Visual Studio Could Allow Elevation of Privilege (2651019)

The installed version of Microsoft Visual Studio does not properly validate add-ins in the path before loading them into the application. An attacker can elevate his privileges by placing a specially crafted add-in in the path used by Visual Studio and convincing a user with higher privileges to...

SIP Username Enumeration

The SIP server on the remote host appears to respond differently to registration requests for valid and invalid usernames. Using that fact, Nessus was able to enumerate some of the valid usernames. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

CGI Generic XSS (extended patterns)

The remote web server hosts one or more CGI scripts that fail to adequately sanitize request strings with malicious JavaScript. By leveraging this issue, an attacker may be able to cause arbitrary HTML and script code to be executed in a user's browser within the security context of the affected...

OS Identification : SNMP

Nessus was able to identify the operating system type and version by examining the SNMP data returned by the remote server. C Tenable, Inc. Nessus was able to identify the operating system type and version by examining the SNMP data returned by the remote server. include"compat.inc"; if descripti...

Microsoft .NET Handlers Enumeration

It is possible to obtain the list of handlers the remote ASP.NET web server supports. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid24242; scriptversion "1.10"; scriptcvsdate"Date: 2018/11/15 20:50:25"; name"english" = "Microsoft .NET Handlers Enumeration";...

Remote Desktop Client for Windows RCE (July 2022)

The Windows Remote Desktop client for Windows installed on the remote host is missing security updates. It is, therefore, affected by a remote code execution vulnerability in the Windows Graphics component. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary...

Oracle Enterprise Manager Cloud Control (Apr 2022 CPU)

The 13.4.0.0 and 13.5.0.0 versions of Enterprise Manager Base Platform installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2022 CPU advisory. - Vulnerability in the Oracle Management Service component Apache Log4j of the Enterprise Manager Base Platfor...

Amazon Linux 2 : ghostscript (ALAS-2021-1598)

The version of ghostscript installed on the remote host is prior to 9.25-5. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1598 advisory. Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers...

IBM WebSphere Application Server 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.18 / 9.0.x < 9.0.5.5 SSRF (CVE-2019-17566)

The IBM WebSphere Application Server running on the remote host is version 8.0.0.0 through 8.0.0.15, 8.5.0.x prior to 8.5.5.18, or 9.0.x prior to 9.0.5.5. It is, therefore, affected by a server-side request forgery vulnerability due to improper input validation by the xlink:href attributes. An...

KB4486564: Windows 7 and Windows Server 2008 R2 February 2019 Security Update

The remote Windows host is missing security update 4486564 or cumulative update 4486563. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 SMBv2 server handles certain requests. An attacke...

MariaDB 10.0.x < 10.0.33 / 10.1.x < 10.1.27 Multiple Vulnerabilities

The version of MariaDB running on the remote host is prior to 10.0.x prior to 10.0.33 or 10.1.x prior to 10.1.27. It is, therefore, affected by multiple vulnerabilities. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid105076; scriptversion"1.8";...

PHP < 5.2.4 Multiple Vulnerabilities

According to its banner, the version of PHP installed on the remote host is older than 5.2.4. Such versions may be affected by various issues, including but not limited to several overflows. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'...

Microsoft Windows Server 2012 R2 Unsupported Version Detection

Microsoft Windows Server 2012 R2 is running on the remote host. Microsoft ended support for Windows Server 2012 R2 on October 10, 2023. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilitie...

Apache Tomcat 8.5.55 < 8.5.75 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.5.75. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat8.5.75security-8 advisory. - When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to...

Palo Alto Networks PAN-OS 6.1.x < 6.1.22 / 7.1.x < 7.1.20 / 8.0.x < 8.0.13 / 8.1.x < 8.1.5 Multiple Vulnerabilities (PAN-SA-2018-0012)

The version of Palo Alto Networks PAN-OS running on the remote host is 6.0.x prior to 6.1.22 or 7.1.x prior to 7.1.22 or 8.0.x prior to 8.0.13 or 8.1.x prior to 8.1.5. It is, therefore, affected by multiple vulnerabilities : - Management Plane of Palo Alto PAN-OS is affected by FragmentSmack...

Juniper Junos Multiple OpenSSL Vulnerabilities (JSA10759) (SWEET32)

According to its self-reported version number, the remote Juniper Junos device is affected by the following vulnerabilities related to OpenSSL : - A flaw exists in the ssl3getkeyexchange function in file s3clnt.c when handling a ServerKeyExchange message for an anonymous DH ciphersuite with the...