337359 matches found
.bash_history Files Disclosed via Web Server
Nessus has detected that the remote web server hosts publicly available files whose contents may be indicative of a typical bash history. Such files may contain sensitive information that should not be disclosed to the public. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
Apache 2.4.x < 2.4.38 Multiple Vulnerabilities
According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.38. It is, therefore, affected by multiple vulnerabilities: - A denial of service DoS vulnerability exists in HTTP/2 steam handling. An unauthenticated, remote attacker can exploit this issue, via...
TimThumb 'timthumb.php' < 2.8.14 WebShot 'src' Parameter Remote Command Execution
The TimThumb 'timthumb.php' script installed on the remote host is prior to version 2.8.14. It is, therefore, affected by a remote command execution vulnerability due to a failure to properly sanitize user-supplied input to the 'src' parameter. A remote, unauthenticated attacker can leverage this...
KB4023307: Security Update for the Windows Uniscribe Remote Code Execution Vulnerability for Microsoft Silverlight 5 (June 2017)
The version of Silverlight 5 installed on the remote Windows host is missing security update KB4023307. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in Windows Uniscribe software due to improper handling of objects in memory. An...
Microsoft Windows SMB Log In Possible
The remote host is running a Microsoft Windows operating system or Samba, a CIFS/SMB server for Unix. It was possible to log into it using one of the following accounts : - Guest account - Supplied credentials - Randomly generated credentials TRUSTED...
SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm e.g., MD2, MD4, MD5, or SHA1. These signature algorithms are known to be vulnerable to collision attacks CVE-2004-2761, for example. An attacker can...
AWStats is Openly Accessible
The remote web server is running a version of AWStats that seems to be accessible to the entire Internet. Exposing AWStats unprotected to the entire Internet can aid an attacker in gaining further knowledge of the web server and its contents therein. An attacker may gain access to administrative...
MS KB3119884: Improperly Issued Digital Certificates Could Allow Spoofing
The remote host is missing KB3119884, KB2677070 automatic updater, or the latest disallowed certificate update using KB2813430 manual updater. If KB2677070 has been installed, it has not yet obtained the latest auto-updates. Note that this plugin checks that the updaters have actually updated the...
SSL Certificate Chain Contains RSA Keys Less Than 2048 bits
At least one of the X.509 certificates sent by the remote host has a key that is shorter than 2048 bits. According to industry standards set by the Certification Authority/Browser CA/B Forum, certificates issued after January 1, 2014 must be at least 2048 bits. Some browser SSL implementations ma...
MySQL 5.5.x < 5.5.62 Multiple Vulnerabilities (October 2018 CPU)
The version of MySQL running on the remote host is 5.5.x prior to 5.5.62. It is, therefore, affected by multiple vulnerabilities as noted in the October 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has no...
Samba 4.5.x < 4.5.16 / 4.6.x < 4.6.14 / 4.7.x < 4.7.6 Multiple Vulnerabilities
The version of Samba running on the remote host is 4.5.x prior to 4.5.16, or 4.6.x prior to 4.6.14, or 4.7.x prior to 4.7.6. It is, therefore, affected by a remote DoS and a remote password manipulation vulnerability. Note: Refer to the advisories for possible workarounds. Note that Nessus has no...
Apache 2.4.x < 2.4.53 Multiple Vulnerabilities
The version of Apache httpd installed on the remote host is prior to 2.4.53. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.53 advisory. - modlua Use of uninitialized value of in r:parsebody: A carefully crafted request body can cause a read to a random memory are...
DNS Server Spoofed Request Amplification DDoS
The remote DNS server answers to any request. It is possible to query the name servers NS of the root zone '.' and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack...
Portable SDK for UPnP Devices (libupnp) < 1.6.18 Multiple Stack-based Buffer Overflows RCE
According to its banner, the version of Portable SDK for UPnP Devices libupnp running on the remote host is prior to 1.6.18. It is, therefore, affected by multiple remote code execution vulnerabilities : - A stack-based buffer overflow condition exists in the uniqueservicename function within fil...
Pulse Connect Secure < 9.1R11.4 (SA44784)
According to its self-reported version, the version of Pulse Connect Secure running on the remote host is greater than 9.0R3 and prior to 9.1R11.4. It is, therefore, affected by multiple vulnerabilities including an authentication bypass vulnerability that can allow an unauthenticated user to...
POP3 Cleartext Logins Permitted
The remote host is running a POP3 daemon that allows cleartext logins over unencrypted connections. An attacker can uncover user names and passwords by sniffing traffic to the POP3 daemon if a less secure authentication mechanism eg, USER command, AUTH PLAIN, AUTH LOGIN is used. Note: This plugin...
Apple Mac OS X Wiki Server Weblog SACL Security Bypass
The remote Mac OS X Server Web Services installation contains a version of the Wiki Server component that is affected by a security bypass vulnerability due to a failure to check the service access control lists SACLs during the creation of a user's weblog. An authenticated, remote attacker can...
SSL Anonymous Cipher Suites Supported
The remote host supports the use of anonymous SSL ciphers. While this enables an administrator to set up a service that encrypts traffic without having to generate and configure SSL certificates, it offers no way to verify the remote host's identity and renders the service vulnerable to a...
MySQL 5.6.x < 5.6.51 Multiple Vulnerabilities (Jan 2021 CPU)
The version of MySQL running on the remote host is 5.6.x prior to 5.6.51. It is, therefore, affected by multiple vulnerabilities, including the following, as noted in the January 2021 Critical Patch Update advisory: - Vulnerability in the MySQL Server product of Oracle MySQL component: Server:...
Web Server HTTP Header Internal IP Disclosure
This may expose internal IP addresses that are usually hidden or masked behind a Network Address Translation NAT Firewall or proxy server. There is a known issue with Microsoft IIS 4.0 doing this in its default configuration. This may also affect other web servers, web applications, web proxies,...
SSH Server CBC Mode Ciphers Enabled
The SSH server is configured to support Cipher Block Chaining CBC encryption. This may allow an attacker to recover the plaintext message from the ciphertext. Note that this plugin only checks for the options of the SSH server and does not check for vulnerable software versions. C Tenable Network...
Oracle WebLogic Java Object RMI Connect-Back Deserialization RCE (January 2017 CPU)
The remote Oracle WebLogic server is affected by a remote code execution vulnerability in the Core Components subcomponent due to unsafe deserialization of Java objects by the RMI registry. An unauthenticated, remote attacker can exploit this, via a crafted Java object, to execute arbitrary Java...
Web Server Transmits Cleartext Credentials
The remote web server contains several HTML form fields containing an input of type 'password' which transmit their information to a remote web server in cleartext. An attacker eavesdropping the traffic between web browser and server may obtain logins and passwords of valid users. C Tenable Netwo...
Oracle Document Capture Multiple Vulnerabilities
The Oracle Document Capture client installed on the remote host is potentially affected by multiple vulnerabilities : - An unspecified vulnerability exists in the Import Export utility. An attacker can exploit this to affect integrity. CVE-2010-3598 - An information disclosure vulnerability exist...
Microsoft Office Unsupported Channel Version Detection
According to its Channel version, the installation of Microsoft Office and Microsoft Office Retail on the remote Windows host is no longer supported. Refer to links in See Also for details on currently supported versions for each Channel. - Current Channel : Updated once a month, on the second...
Script Src Integrity Check
The remote host may be vulnerable to payment entry data exfiltration due to javascript included from potentially untrusted and unverified third parties script src. If the host is controlled by a 3rd party, ensure that the 3rd party is PCI DSS compliant. C Tenable Network Security, Inc...
SNMP Request Cisco Router Information Disclosure
It is possible to determine the model of the remote CISCO system by sending SNMP requests with the OID 1.3.6.1.4.1.9.1. An attacker may use this information to gain more knowledge about the remote host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...
Echo Service Detection
The remote host is running the 'echo' service. This service echoes any data which is sent to it. This service is unused these days, so it is strongly advised that you disable it, as it may be used by attackers to set up denial of services attacks against this host. C Tenable Network Security, Inc...
rexecd Service Detection
The rexecd service is running on the remote host. This service is design to allow users of a network to execute commands remotely. However, rexecd does not provide any good means of authentication, so it may be abused by an attacker to scan a third-party host. C Tenable Network Security, Inc...
Netatalk OpenSession Remote Code Execution
The Apple Filing Protocol AFP server running on the remote host is affected by a remote code execution vulnerability due to a buffer overflow condition when handling an OpenSession request. An unauthenticated, remote attacker can exploit this issue, via a specially crafted message, to execute...
Apache 2.4.6 Remote DoS
According to its banner, the version of Apache 2.4.x running on the remote host is version 2.4.6. It is, therefore, affected by a flaw in the modcache module involving a NULL pointer dereference. An attacker may be able to specially craft a request designed to cause a denial of service. Note that...
Apache 2.4.x < 2.4.58 Multiple Vulnerabilities
The version of Apache httpd installed on the remote host is prior to 2.4.58. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.58 advisory. - Apache HTTP Server: DoS in HTTP/2 with initial windows size 0: An attacker, opening a HTTP/2 connection with an initial windo...
Dell iDRAC Products Multiple Vulnerabilities (Mar 2018)
The remote host is running iDRAC7 or iDRAC8 with a firmware version prior to 2.52.52.52 and is therefore affected by multiple vulnerabilities. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid109208;...
Quote of the Day (QOTD) Service Detection
A server listens for TCP connections on TCP port 17. Once a connection is established a short message is sent out the connection and any data received is thrown away. The service closes the connection after sending the quote. Another quote of the day service is defined as a datagram based...
Transport Layer Security (TLS) Protocol CRIME Vulnerability
The remote service has one of two configurations that are known to be required for the CRIME attack : - SSL / TLS compression is enabled. - TLS advertises the SPDY protocol earlier than version 4. Note that Nessus did not attempt to launch the CRIME attack against the remote service. C Tenable...
Fortinet FortiOS Web Interface Cookie Parser RCE (EGREGIOUSBLUNDER)
The Fortinet FortiOS management console running on the remote host is affected by a remote code execution vulnerability, known as EGREGIOUSBLUNDER, in its web interface due to improper validation when parsing cookies. An unauthenticated, remote attacker can exploit this, via a specially crafted...
Microsoft Windows SMB Service Detection
The remote service understands the CIFS Common Internet File System or Server Message Block SMB protocol, used to provide shared access to files, printers, etc between nodes on a network. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid11011; scriptversion"1.43";...
SUSE SLES15 / openSUSE 15 Security Update : podman (SUSE-SU-2023:0187-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0187-1 advisory. - Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 including from remot...
Joomla! < 3.8.8 Multiple Vulnerabilities
According to its self-reported version number, the Joomla! installation running on the remote web server is prior to 3.8.8. It is, therefore, affected by a multiple vulnerabilities. Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's...
SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
The remote service encrypts traffic using TLS / SSL but allows a client to insecurely renegotiate the connection after the initial handshake. An unauthenticated, remote attacker may be able to leverage this issue to inject an arbitrary amount of plaintext into the beginning of the application...
Microsoft XML Parser (MSXML) and XML Core Services Unsupported
The remote host contains one or more unsupported versions of the Microsoft XML Parser MSXML or XML Core Services. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. Note that support f...
DHCP Server Detection
This script contacts the remote DHCP server if any and attempts to retrieve information about the network layout. Some DHCP servers provide sensitive information such as the NIS domain name, or network layout information such as the list of the network web servers, and so on. It does not...
nginx 1.9.5 < 1.16.1 / 1.17.x < 1.17.3 Multiple Vulnerabilities
According to its Server response header, the installed version of nginx is 1.9.5 prior to 1.16.1 or 1.17.x prior to 1.17.3. It is, therefore, affected by multiple denial of service vulnerabilities : - A denial of service vulnerability exists in the HTTP/2 protocol stack due to improper handling o...
Windows Defender Antimalware/Antivirus Signature Definition Check
Windows Defender has an AntiMalware/AntiVirus signature that gets updated continuously. The signature definition has not been updated in more than 1 day. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid103569; scriptversion"1.13";...
SSH Weak Algorithms Supported
Nessus has detected that the remote SSH server is configured to use the Arcfour stream cipher or no cipher at all. RFC 4253 advises against using Arcfour due to an issue with weak keys. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid90317; scriptversion"1.4";...
Python Unsupported Version Detection
The remote host contains one or more unsupported versions of Python. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. C Tenable Network Security, Inc. include"compat.inc"; if...
MS11-025: Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212)
The remote Windows host contains a version of the Microsoft Foundation Class MFC library affected by an insecure library loading vulnerability. The path used for loading external libraries is not securely restricted. An attacker can exploit this by tricking a user into opening an MFC application ...
Microsoft Windows Server 2003 Unsupported Installation Detection
The remote host is running Microsoft Windows Server 2003. Support for this operating system by Microsoft ended July 14th, 2015. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities...
RPC portmapper Service Detection
The RPC portmapper is running on this port. The portmapper allows someone to get the port number of each RPC service running on the remote host by sending either multiple lookup requests or a DUMP request. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10223;...
SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795)
The remote SSH server is vulnerable to a man-in-the-middle prefix truncation weakness known as Terrapin. This can allow a remote, man-in-the-middle attacker to bypass integrity checks and downgrade the connection's security. Note that this plugin only checks for remote SSH servers that support...