Atmail Webmail 6.x / 7.x < 7.2.0 Multiple Vulnerabilities

According to its version, the Atmail Webmail install on the remote host is 6.x or 7.x prior to 7.2.0. It is, therefore, potentially affected by the following vulnerabilities : - An input validation error exists related to email handling that could allow persistent cross-site scripting attacks XSS...

KB5031362: Windows 10 Version 1607 and Windows Server 2016 Security Update (October 2023)

The remote Windows host is missing security update 5031362. It is, therefore, affected by multiple vulnerabilities - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through...

Security Updates for Microsoft .NET core and ASP.NET (Bypass) (July 2018)

The Microsoft .NET and ASP.NET installations on the remote host are missing a security update. It is, therefore, affected by the following vulnerability : - A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated. An attacker who...

CGI Generic XSS (Parameters Names)

The remote web server hosts CGI scripts that fail to adequately sanitize parameters name of malicious JavaScript. By leveraging this issue, an attacker may be able to cause arbitrary HTML and script code to be executed in a user's browser within the security context of the affected site...

LiteSpeed Web Server Source Code Information Disclosure

The installed version of the LiteSpeed web server software on the remote host returns the source of scripts hosted on it when a NULL byte and '.txt' is appended to the request URL. A remote attacker may be able to leverage this issue to view a file on the web server's source code and possibly...

Network Service Malformed Data Remote DoS

It appears to be possible to crash the remote service by sending it a few kilobytes of random data. An attacker may use this flaw to make this service crash continuously, preventing this service from working properly. It may also be possible to exploit this flaw to execute arbitrary code on this...

Veritas NetBackup Arbitrary File Delete (VTS24-001)

The Veritas NetBackup application installed on the remote Windows host is prior to 9.1.0.1, 10.0.0.1, 10.1.1, prior to 10.2.0.1, prior to 10.3.0.1 or prior to 10.4. It is, therefore, affected by an arbitrary file delete vulnerability. An issue was discovered in Veritas NetBackup before 10.4. The...

Microsoft Windows Server 2012 R2 Unsupported Version Detection

Microsoft Windows Server 2012 R2 is running on the remote host. Microsoft ended support for Windows Server 2012 R2 on October 10, 2023. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilitie...

Amazon Linux 2 : kernel, --advisory ALAS2-2022-1798 (ALAS-2022-1798)

The version of kernel installed on the remote host is prior to 4.14.281-212.502. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1798 advisory. In the Linux kernel, the following vulnerability has been resolved: dm: fix mempool NULL pointer race when...

VMware vCenter Server 6.5 / 6.7 / 7.0 Multiple Vulnerabilities (VMSA-2021-0010)

The version of VMware vCenter Server installed on the remote host is 6.5 prior to 6.5 U3p, 6.7 prior to 6.7 U3n or 7.0 prior to 7.0 U2b. It is, therefore, affected by multiple vulnerabilities: - The vSphere Client HTML5 contains a remote code execution vulnerability due to lack of input validatio...

Apache Struts 2.1.x >= 2.1.2 / 2.2.x / 2.3.x < 2.3.34 / 2.5.x < 2.5.13 Multiple Vulnerabilities (S2-050 - S2-053)

The version of Apache Struts running on the remote host is 2.1.x subsequent or equal to 2.1.2, 2.2.x, 2.3.x prior to 2.3.34, or 2.5.x prior to 2.5.13. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability in the REST plugin. The Struts REST plugin uses an...

Apache Tomcat Directory Traversal

The remote web server proxies certain requests to an Apache Tomcat server and allows directory traversal attacks due to Tomcat allowing '/', '', and '%5c' characters as directory separators. By sending a specially crafted request, it is possible for an attacker to break out of the given context...

F5 BIG-IP Edge Client Windows Component Installer 7.2.1 < 7.2.1.3 / 7.1.6 < 7.1.9.9 Update 1 Privilege Escalation (K08503505)

The version of the Big-IP Edge Client Windows Component Installer installed on the remote Windows host is 7.2.1 before 7.2.1.3, or between 7.1.6 and 7.1.9.9 Update 1. It is, therefore, affected by a privilege escalation vulnerability. A local attacker can exploit this to gain privileged or...

Fedora 33 : kernel / kernel-headers / kernel-tools (2021-2306e89112)

The remote Fedora 33 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2021-2306e89112 advisory. - An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver...

Fedora 32 : webkit2gtk3 (2021-619711d709)

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-619711d709 advisory. - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadO...

Fedora 25 : jackson-databind (2017-f452765e1e)

Security fix for CVE-2017-7525 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300...

Apache Struts 2 REST Plugin OGNL Expression Handling RCE

The remote web application appears to use Apache Struts 2, a web framework that utilizes OGNL Object-Graph Navigation Language as an expression language. A remote code execution vulnerability exists in the REST plugin due to improper handling of OGNL expressions. An unauthenticated, remote attack...

Acme mini_httpd Protocol String Handling Memory Disclosure

The Acme minihttpd web server running on the remote host is affected by a flaw in the addheaders function within file minihttpd.c that is triggered when handling HTTP requests that have a very long protocol string. An unauthenticated, remote attacker can exploit this, via a crafted request, to...

ICMP Netmask Request Information Disclosure

The remote host answers to an ICMPMASKREQ query and responds with its netmask. An attacker can use this information to understand how your network is set up and how routing is done. This may help him to bypass your filters. C Tenable Network Security, Inc. include"compat.inc"; ifdescription...

Oracle Database Server (January 2025 CPU)

The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2025 CPU advisory. - jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function config. This vulnerability allows attackers to...

Samba 4.0.x < 4.13.17 / 4.14.x < 4.14.12 / 4.15.x < 4.15.5 Multiple Vulnerabilities

The version of Samba running on the remote host is 4.0.x prior to 4.13.17, 4.14.x prior to 4.14.12, or 4.15.x prior to 4.15.5. It is, therefore, affected by multiple vulnerabilities: - Out-of-bounds heap read/write vulnerability in VFS module vfsfruit allows code execution. CVE-2021-44142 -...

Photon OS 1.0: Linux PHSA-2020-1.0-0310

An update of the linux package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-1.0-0310. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid139079...

SonicWall SonicOS Firewall Multiple Management Vulnerabilities (URGENT/11)

According to its self-reported version, the remote SonicWall firewall is running a version of SonicOS that is affected by multiple vulnerabilities: - Stack overflow in the parsing of IPv4 packets IP options. CVE-2019-12256 - TCP Urgent Pointer = 0 leads to integer underflow CVE-2019-12255 - TCP...

PHP 7.0.x < 7.0.0 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.x prior to 7.0.0. It is, therefore, affected by the following vulnerabilities: - A directory traversal vulnerability in the ZipArchive::extractTo function of ext/zip/phpzip.c script. An unauthenticated, remote...

Target Credential Issues by Authentication Protocol - No Issues Found

Valid credentials were provided for an authentication protocol on the remote target and Nessus did not log any subsequent errors or failures for the authentication protocol. When possible, Nessus tracks errors or failures related to otherwise valid credentials in order to highlight issues that ma...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3651)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3651 advisory. - mm, thp: Do not make page table dirty unconditionally in followtranshugepmd Kirill A. Shutemov Orabug: 27200879 CVE-2017-1000405 - fix unbalanced...

KB4038781: Windows 10 September 2017 Cumulative Update

The remote Windows host is missing security update 4038781. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables...

Juniper Junos SRX Series FTP ALG ftps-extension TCP Port Exposure (JSA10706)

According to its self-reported version number, the remote Juniper Junos SRX series device is affected by a flaw in handling the ftps-extension option when the SRX secures the FTPS server. An unauthenticated, remote attacker can exploit this flaw to expose TCP ports for arbitrary data channels. No...

Hydra: SOCKS5

This plugin runs Hydra to find SOCKS5 accounts and passwords by brute force. To use this plugin, enter the 'Logins file' and the 'Passwords file' under the 'Hydra NASL wrappers options' advanced settings block. TRUSTED...

XMB member.php Multiple Parameter SQL Injection

The remote host is running XMB Forum, a web forum written in PHP. According to its banner, this forum is vulnerable to a SQL injection bug which may allow an attacker to steal the passwords hashes of any user of this forum, including the forum administrator. Once he has the password hashes, he ca...

Ubuntu 22.04 LTS / 23.10 / 24.04 LTS : OpenSSH vulnerability (USN-6859-1)

The remote Ubuntu 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6859-1 advisory. It was discovered that OpenSSH incorrectly handled signal management. A remote attacker could use this issue to bypass authentication and...

OpenSSL 1.0.2 < 1.0.2zk Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.0.2zk. It is, therefore, affected by a vulnerability as referenced in the 1.0.2zk advisory. - Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or...

Apache Druid Log4Shell Direct Check (CVE-2021-44228)

Binary data apachedruidlog4shell.nbin...

openSUSE Security Update : the Linux Kernel (openSUSE-2021-843)

The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic operations by the BPF verifier could be abused to perform out-of-bounds reads and writes in kernel memor...

Microsoft Office ActiveX Controls Enabled Without Restrictions Or Prompting

A Microsoft Office application installed on the remote host has ActiveX controls enabled without restrictions and without prompting. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the Microsoft Security Updates API. The text itself is...

AIX bind Advisory : bind_advisory16.asc (IV98826) (IV98827)

The version of bind installed on the remote AIX host is affected by the following vulnerabilities : - A security bypass exists in the way BIND handles TSIG authentication for dynamic updates. A remote, unauthenticated attacker can exploit this, via a specially crafted request packet containing a...

MS16-099: Security Update for Microsoft Office (3177451)

The Microsoft Office application installed on the remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple memory corruption issues exist in Microsoft Office software due to improper handling of objects in memory. An unauthenticated,...

HyperText Transfer Protocol (HTTP) Redirect Information

The remote web server issues an HTTP redirect when requesting the root directory of the web server. This plugin is informational only and does not denote a security problem. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid91634; scriptversion"1.3";...

KB4561608: Windows 10 Version 1809 and Windows Server 2019 June 2020 Security Update

The remote Windows host is missing security update 4561608. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in the way that the wlansvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute...

Default Password 'St0r@ge!' for 'administrator' Account

The account 'administrator' on the remote host has the default password 'St0r@ge!'. A remote attacker can exploit this issue to gain administrative access to the affected system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. var account = "administrator"; var password = "St0r@ge!";...

Windows 7 and Windows Server 2008 R2 May 2017 Security Updates

The remote Windows host is missing security update 4019263 or cumulative update 4019264. It is, therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists in the Windows DNS server when it's configured to answer version queries. An unauthenticated, remote attacke...

Kerberos Information Disclosure

Nessus was able to retrieve the realm name and/or server time of the remote Kerberos server. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid43829; scriptversion"$Revision: 1.6 $"; scriptnameenglish:"Kerberos Information Disclosure"; scriptsummaryenglish:"Tries to get...

DNS Server Detection

The remote service is a Domain Name System DNS server, which provides a mapping between hostnames and IP addresses. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid11002; scriptversion"$Revision: 1.22 $"; scriptcvsdate"$Date: 2017/05/16 19:35:38 $";...

WordPress 5.8.x < 5.8.10 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A Cross-Site Scripting XSS vulnerability affecting the HTML API. - A Cross-Site Scripting XSS vulnerability affecting the Template Part block. - A path traversal issue...

Splunk Enterprise 8.1.x < 8.1.7.2 / 8.2.x < 8.2.3.3 Log4j

According to its self-reported version number, the version of Splunk running on the remote web server is Splunk Enterprise 8.1.x prior to 8.1.7.2 or 8.2.x prior to 8.2.3.3. It may, therefore, be affected by the following vulnerabilities related to the use of Log4j, as follows: - Apache Log4j2...

Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-5092-2)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5092-2 advisory. Valentina Palmiotti discovered that the iouring subsystem in the Linux kernel could be coerced to free adjacent memory. A local attacker could use this t...

CentOS 7 : kernel (RHSA-2021:3327)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3327 advisory. - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down usually due to Secure Boot guest syst...

Apache 2.4.x < 2.4.42 Multiple Vulnerabilities

The version of Apache httpd installed on the remote host is prior to 2.4.42. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.42 advisory. - In Apache HTTP Server 2.4.0 to 2.4.41, modproxyftp may use uninitialized memory when proxying to a malicious FTP server...

Fortinet FortiOS 5.4.6 <= 5.4.12 / 5.6.3 < 5.6.8 / 6.0.x < 6.0.5 SSL VPN Directory Traversal (FG-IR-18-384)

The remote host is running a version of FortiOS 5.4.6 prior or equal to 5.4.12, 5.6.3 prior to 5.6.8 or 6.0.x prior to 6.0.5. It is, therefore, affected by a directory traversal vulnerability in the SSL VPN web portal, due to an improper limitation of a pathname to a restricted Directory. An...

MS15-118: Security Update for .NET Framework to Address Elevation of Privilege (3104507)

The remote Windows host has a version of the Microsoft .NET Framework that is affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the .NET Framework due to improper DTD parsing of crafted XML files. An unauthenticated, remote attacker can exploit this, via a...