Apache Struts 2.x < 2.5.26 RCE (S2-061)

The version of Apache Struts installed on the remote host is 2.x prior to 2.5.26. It is, therefore, affected by a a remote code execution vulnerability in its OGNL evaluation functionality due to insufficient validation of user input. An unauthenticated, remote attacker can exploit this to execut...

KB4538461: Windows 10 Version 1809 and Windows Server 2019 March 2020 Security Update

The remote Windows host is missing security update 4538461. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists when the Windows Device Setup Manager improperly handles file operations. An attacker who successfully exploited this vulnerability...

Apache Tomcat 8.5.0 < 8.5.49 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.5.49. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat8.5.49security-8 advisory. - When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote...

SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0095-1)

The SUSE Linux Enterprise 12 SP3 Azure kernel was updated to 4.4.162 to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-18281: The mremap syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate removes entries from the...

ManageEngine Desktop Central 8 / 9 < Build 91100 Multiple RCE

The ManageEngine Desktop Central application running on the remote host is version 8, or else version 9 prior to build 91100. It is, therefore, affected by multiple remote code execution vulnerabilities : - A flaw exists in the statusUpdate script due to a failure to properly sanitize user-suppli...

Xerox WorkCentre 4260 / 4265 Multiple Vulnerabilities (XRX15AV) (FREAK) (Logjam)

According to its model number and software version, the remote Xerox WorkCentre 4260 / 4265 device is affected by multiple vulnerabilities : - A security feature bypass vulnerability, known as FREAK Factoring attack on RSA-EXPORT Keys, exists due to the support of weak EXPORTRSA cipher suites wit...

openSUSE Security Update : tor (openSUSE-SU-2014:0719-1) (Heartbleed)

tor 0.2.4.22 bnc878486 Tor was updated to the recommended version of the 0.2.4.x series. - major features in 0.2.4.x : - improved client resilience - support better link encryption with forward secrecy - new NTor circuit handshake - change relay queue for circuit create requests from size-based...

MS14-010: Cumulative Security Update for Internet Explorer (2909921)

The remote host is missing Internet Explorer IE Security Update 2909921. The installed version of IE is affected by multiple privilege escalation and memory corruption vulnerabilities that could allow an attacker to execute arbitrary code on the remote host. Additionally, the installed version of...

Mandriva Linux Security Advisory : vim (MDVSA-2008:236-1)

Several vulnerabilities were found in the vim editor : A number of input sanitization flaws were found in various vim system functions. If a user were to open a specially crafted file, it would be possible to execute arbitrary code as the user running vim CVE-2008-2712. Ulf Hrnhammar of Secunia...

SGDynamo sgdynamo.exe HTNAME Parameter Path Disclosure

The CGI 'sgdynamo.exe' can be tricked into giving the physical path to the remote web root. This information may be useful to an attacker who can use it to launch more effective attacks against the remote server. %NASLMINLEVEL 70300 This script written by Scott Shebby 12/2003 See the Nessus Scrip...

ZyXEL Router Default Telnet Password Present

The remote host is a ZyXEL router with a default password. An attacker could telnet to it and reconfigure it to lock the owner out and prevent him from using his Internet connection, or create a dial-in user to connect directly to the LAN attached to it. This script was written by Giovanni Fiasch...

Security Updates for Microsoft SQL Server ODBC Driver (October 2023)

The Microsoft SQL Server ODBC Driver installed on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities. - An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2023-36417, CVE-2023-36420,...

KB5004442: Windows DCOM Server Security Feature Bypass Registry Check (CVE-2021-26414)

The remote Windows DCOM Server may be in a vulnerable state to exploitation by having the HKLM\Software\Microsoft\Ole\AppCompat\RequireIntegrityActivationAuthenticationLevel registry value set to 0. Hardening changes in DCOM were required for CVE-2021-26414 and were implemented in 2 phases on Jun...

KB5016683: Windows 8.1 and Windows Server 2012 R2 Security Update (August 2022)

The remote Windows host is missing security update 5016683. It is, therefore, affected by multiple vulnerabilities - Windows Point-to-Point Protocol PPP Denial of Service Vulnerability CVE-2022-35747, CVE-2022-35769 - Windows Point-to-Point Protocol PPP Remote Code Execution Vulnerability...

SUSE SLES15 Security Update : kernel (SUSE-SU-2022:2103-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2103-1 advisory. - The acpinsevaluate function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache a...

EulerOS Virtualization 2.9.0 : httpd (EulerOS-SA-2021-2779)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is...

Python Information Disclosure (CVE-2021-3426)

The version of Python installed on the remote Windows host is potentially affected by an information disclosure vulnerability due to an issue in Python 3's pydoc. An authenticated local or adjacent attacker can exploit this, by convincing another local or adjacent user to start a pydoc server cou...

vBulletin CVE-2019-16759 Bypass Remote Code Execution (CVE-2020-17496) (direct check)

The version of vBulletin running on the remote host is affected by an input-validation flaw in the ajax/render/widgetphp API that allows for remote code execution. This plugin tests for a bypass to the fix for CVE-2019-16759. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

RHEL 7 : qemu-kvm-ma (RHSA-2020:1209)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1209 advisory. Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-ma packages provide the...

macOS 10.15.x < 10.15.1 / 10.14.x < 10.14.6 Security Update 2019-001 / 10.13.x < 10.13.6 Security Update 2019-006

The remote host is running a version of macOS or Mac OS X that is 10.15.x prior to 10.15.1, 10.14.x prior to 10.14.6 security update 2019-001, 10.13.x prior to 10.13.6 security update 2019-006. It is, therefore, affected by multiple vulnerabilities : - An out-of-bounds read error exists in the...

Apache Tomcat 8.5.0 < 8.5.41 DoS

The version of Tomcat installed on the remote host is prior to 8.5.41. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat8.5.41security-8 advisory. - The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write. By n...

MariaDB 10.1.0 < 10.1.18 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.1.18. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.1.18 advisory. - Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before...

FreeBSD : LZO -- potential buffer overrun when processing malicious input data (d1f5e12a-fd5a-11e3-a108-080027ef73ec)

Markus Franz Xaver Johannes Oberhumer reports, in the package's NEWS file : Fixed a potential integer overflow condition in the 'safe' decompressor variants which could result in a possible buffer overrun when processing maliciously crafted compressed input data. As this issue only affects 32-bit...

Liferay Portal 6.1.0 User Enumeration

The version of Liferay Portal hosted on the remote web server contains a flaw in the 'SearchPermissionCheckerImpl' class's 'doGetPermissionQuery' method that allows a remote, unauthenticated attacker to enumerate all user accounts. It may be possible to determine the email address of each of the...

ADOdb server.php sql Parameter SQL Injection

The remote host is running ADOdb, a database abstraction library for PHP. The installed version of ADOdb includes a test script named 'server.php' that fails to sanitize user input to the 'sql' parameter before using it in database queries. An attacker can exploit this issue to launch SQL injecti...

Netref cat_for_gen.php Arbitrary PHP Command Injection

The remote host is running the Netref directory script, written in PHP. There is a vulnerability in the installed version of Netref that enables a remote attacker to pass arbitrary PHP script code through the 'ad', 'addirect', and 'mforracine' parameters of the 'catforgen.php' script. This code...

CentOS 9 : openssh-8.7p1-34.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the openssh-8.7p1-34.el9 build changelog. - The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an age...

PHP Debug Bar Enabled

The web application on the remote server has a PHP debug bar which is accessible without protection. A remote attacker can exploit this to gain more knowledge about the host, allowing an attacker to conduct further attacks. No source data...

Microsoft Teams < 1.6.0.11166 Information Disclosure

The version of Microsoft Teams installed on the remote Windows host is version prior to 1.6.0.11166. It is, therefore, affected by an information disclosure vulnerability. An unauthenticated, remote attacker can exploit this to disclose potentially sensitive information. Note that Nessus has not...

OpenSSL 1.1.1 < 1.1.1q Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.1.1q. It is, therefore, affected by a vulnerability as referenced in the 1.1.1q advisory. - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under so...

CentOS 7 : samba (RHSA-2021:5192)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:5192 advisory. - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the...

CentOS 8 : libxml2 (CESA-2021:2569)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:2569 advisory. - libxml2: Use-after-free in xmlEncodeEntitiesInternal in entities.c CVE-2021-3516 - libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal i...

Photon OS 2.0 : unzip (PhotonOS-PHSA-2018-2.0-0052) (deprecated)

An update of 'unzip' packages of Photon OS has been released. C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2/7/2019 The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2018-2.0-0052. The text itself is copyright C VMware, Inc...

Virtuozzo 7 : readykernel-patch (VZA-2018-046)

According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerability : - By mmaping a FUSE-backed file onto a process's memory containing command line arguments or environment strings, an...

Amazon Linux AMI : php70 (ALAS-2017-788)

The SplObjectStorage unserialize implementation in ext/spl/splobserver.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service uninitialized memory access via crafted serialized data. CVE-2016-7480...

RHEL 6 / 7 : samba and samba4 (RHSA-2016:0612) (Badlock)

An update for samba4 and samba is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7, respectively. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...

PHP 8.1.x < 8.1.14

The version of PHP installed on the remote host is prior to 8.1.14. It is, therefore, affected by a vulnerability as referenced in the Version 8.1.14 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEV...

CentOS 7 : python (RHSA-2020:3911)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3911 advisory. - The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the servertitle field. This occurs in...

Amazon Linux AMI : tomcat8 (ALAS-2020-1353)

The version of tomcat8 installed on the remote host is prior to 8.5.51-1.83. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1353 advisory. In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach ...

RHEL 8 : php:7.3 (RHSA-2019:3736)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:3736 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: underflow in envpathinfo in fpmmain.c...

VMSA-2019-0008 : MDS Vulnerabilities (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)

a. Hypervisor Specific and Hypervisor-Assisted Guest Mitigations for MDS vulnerabilities vCenter Server, ESXi, Workstation, and Fusion updates support Hypervisor-Specific and Hypervisor-Assisted Guest Mitigations for MDS speculative execution vulnerabilities. These updates expose new CPU control...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2019-4533)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4533 advisory. - ext4: validate that metadata blocks do not overlap superblock Theodore Ts'o Orabug: 28220576 CVE-2018-1094 Tenable has extracted the preceding...

EulerOS 2.0 SP2 : kernel (EulerOS-SA-2017-1342)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The towerprobe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users who are physically proximate for...

MS15-128: Security Update for Microsoft Graphics Component to Address Remote Code Execution (3104503)

The remote Windows host is affected by multiple remote code execution vulnerabilities due to improper handling of embedded fonts by the Windows font library. A remote attacker can exploit these by convincing a user to open a file or visit a website containing a specially crafted embedded font,...

Qmail Remote Command Execution via Shellshock

The remote host appears to be running Qmail. A remote attacker can exploit Qmail to execute commands via a specially crafted MAIL FROM header if the remote host has a vulnerable version of Bash. This is due to the fact that Qmail does not properly sanitize input before setting environmental...

Cisco TelePresence Supervisor MSE 8050 Multiple Vulnerabilities in OpenSSL

The remote Cisco TelePresence device is running a software version known to be affected by multiple OpenSSL related vulnerabilities : - An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks. CVE-2014-0224 - ...

Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS / 10.10 : linux, linux-ec2, linux-source-2.6.15 vulnerabilities (USN-1000-1)

Dan Rosenberg discovered that the RDS network protocol did not correctly check certain parameters. A local attacker could exploit this gain root privileges. CVE-2010-3904 Al Viro discovered a race condition in the TTY driver. A local attacker could exploit this to crash the system, leading to a...

Sybase ASA Default Database Password

The remote Sybase SQL Anywhere / Adaptive Server Anywhere server uses default credentials 'DBA' / 'SQL'. An attacker may use this flaw to execute commands against the remote host, as well as read your database content. C David Lodge 13/08/2007 This script is based on sybaseblankpassword.nasl whic...

Hydra: telnet

This plugin runs Hydra to find telnet passwords by brute force. To use this plugin, enter the 'Logins file' and the 'Passwords file' under the 'Hydra NASL wrappers options' advanced settings block. TRUSTED...

Apache 2.4.x < 2.4.58 Out-of-Bounds Read (CVE-2023-31122)

The version of Apache httpd installed on the remote host is prior to 2.4.58. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.58 advisory. - modmacro buffer over-read: Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server. This issue affects Apache HTTP...