Maian Scripts Cookie Manipulation Authentication Bypass

The remote host is running at least one PHP application from Maian Script World that allows a remote attacker to bypass authentication and access the admin control panel by simply setting a special cookie. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

GNU Bash Incomplete Fix Remote Code Injection (Shellshock)

The remote web server is affected by a command injection vulnerability in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in the values of environment variables. This allows a remote attacker to execute arbitrary code via...

MS09-050: Microsoft Windows SMB2 _Smb2ValidateProviderCallback() Vulnerability (975497) (EDUCATEDSCHOLAR) (uncredentialed check)

The remote host is running a version of Microsoft Windows Vista or Windows Server 2008 that contains a vulnerability in its SMBv2 implementation. An attacker can exploit this flaw to disable the remote host or to execute arbitrary code on it. EDUCATEDSCHOLAR is one of multiple Equation Group...

Windows Speculative Execution Configuration Check

Binary data microsoftwindowsspecexecution.nbin...

Oracle WebLogic WSAT Remote Code Execution

The remote Oracle WebLogic server is affected by a remote code execution vulnerability in the WSAT endpoint due to unsafe deserialization of XML encoded Java objects. An unauthenticated, remote attacker can exploit this, via a crafted Java object, to execute arbitrary Java code in the context of...

HTTP Server Type and Version

This plugin attempts to determine the type and the version of the remote web server. Copyright 2000 by Hendrik Scholz @@NOTE: The output of this plugin should not be changed Changes by Tenable: - Revised plugin title 10/08/10 - Removed use of deprecated functions 01/16/2018 - Fixed various regula...

Trojan Horse Detection

An unknown service was found running on this port. Trojan Horses and other malware may sometimes open these ports to allow remote access to the machine. Ensure that this port is intended to be open and controlled by legitimate software installed by the administrator. %NASLMINLEVEL 70300 C Tenable...

Microsoft Office Detection

Microsoft Office is installed on the remote host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid27524; scriptversion"1.175"; scriptsetattributeattribute:"pluginmodificationdate", value:"2026/04/24";...

Comersus Cart /comersus/database/comersus.mdb Direct Request Datbase Disclosure

The remote host appears to be running Comersus Cart, an ASP shopping cart application. The version of Comersus Cart installed on the remote host fails to restrict access to its customer database, which contains order information, passwords, credit card numbers, etc. Further, the data in all...

web.config File Information Disclosure

An information disclosure vulnerability exists in the remote web server due to the disclosure of the web.config file. An unauthenticated, remote attacker can exploit this, via a simple GET request, to disclose potentially sensitive configuration information. C Tenable Network Security, Inc...

MS11-030: Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553) (remote check)

A flaw in the way the installed Windows DNS client processes Link- local Multicast Name Resolution LLMNR queries can be exploited to execute arbitrary code in the context of the NetworkService account. Note that Windows XP and 2003 do not support LLMNR and successful exploitation on those platfor...

XMB Forum < 1.9.10 Multiple Vulnerabilities

The remote host is running XMB Forum, a web forum written in PHP. According to its banner, the version of XMB installed on the remote host suffers from cross-site scripting, SQL injection, and input validation vulnerabilities. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

CGI Generic HTML Injections (quick test)

The remote web server hosts CGI scripts that fail to adequately sanitize request strings with malicious JavaScript. By leveraging this issue, an attacker may be able to cause arbitrary HTML to be executed in a user's browser within the security context of the affected site. The remote web server...

Network Time Protocol Daemon (ntpd) monlist Command Enabled DoS

The version of ntpd running on the remote host has the 'monlist' command enabled. This command returns a list of recent hosts that have connected to the service. However, it is affected by a denial of service vulnerability in ntprequest.c that allows an unauthenticated, remote attacker to saturat...

MS KB3123479: Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program

The remote Windows host is missing Microsoft KB3123479, an update that restricts the use of certificates with SHA1 hashes, this restriction being limited to certificates issued under roots in the Microsoft root certificate program. This update increases the difficulty of carrying out some spoofin...

Apache 2.4.60 < 2.4.62 Multiple Vulnerabilities

The version of Apache httpd installed on the remote host is prior to 2.4.62. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.62 advisory. - A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based...

Microsoft .NET Security Rollup Enumeration

Nessus was able to enumerate the Microsoft .NET security rollups installed on the remote Windows host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid99364; scriptversion"1.57"; scriptsetattributeattribute:"pluginmodificationdate", value:"2026/05/15";...

OpenSSH < 9.6 Multiple Vulnerabilities

The version of OpenSSH installed on the remote host is prior to 9.6. It is, therefore, affected by multiple vulnerabilities as referenced in the release-9.6 advisory. - ssh1, sshd8: implement protocol extensions to thwart the so-called Terrapin attack discovered by Fabian Bumer, Marcus Brinkmann...

Default Password 'dreambox' for 'root' Account

The account 'root' on the remote host has the default password 'anko'. A remote attacker can exploit this issue to gain administrative access to the affected system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "root"; password = "dreambox"; include'deprecatednasllevel.inc';...

Linux Daemons with Broken Links to Executables

By examining the '/proc' filesystem on the remote Linux host, Nessus has identified at least one currently-running daemon for which the link to the corresponding executable is broken. This can occur when the executable associated with a daemon is replaced on disk but the daemon itself has not bee...

HMAP Web Server Fingerprinting

Nessus was able to identify the remote web server type by sending several valid and invalid HTTP requests. In some cases, its version can also be approximated, as well as some options. C Tenable Network Security, Inc. Redistribution and use in source, with or without modification, are permitted...

SMTP Service STARTTLS Plaintext Command Injection

The remote SMTP service contains a software flaw in its STARTTLS implementation that could allow a remote, unauthenticated attacker to inject commands during the plaintext protocol phase that will be executed during the ciphertext protocol phase. Successful exploitation could allow an attacker to...

HP System Management Homepage < 7.6.1 Multiple Vulnerabilities (HPSBMU03753)

According to its banner, the version of HP System Management Homepage SMH hosted on the remote web server is prior to 7.6.1. It is, therefore, affected by multiple vulnerabilities including multiple local and remote code execution vulnerabilities. Note that Nessus has not tested for these issues...

Network Time Protocol Daemon (ntpd) read_mru_list() Remote DoS

The remote NTP server is affected by a denial of service vulnerability due to improper validation of mrulist queries. An unauthenticated, remote attacker can exploit this, via a specially crafted NTP mrulist query packet, to terminate the ntpd process. Note that the NTP server is reportedly...

WinVerifyTrust Signature Validation CVE-2013-3900 Mitigation (EnableCertPaddingCheck)

The remote system may be in a vulnerable state to CVE-2013-3900 due to a missing or misconfigured registry keys: - HKEYLOCALMACHINE\Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck -...

Microsoft Windows Server 2003 IIS 6.0 WebDAV PROPFIND Request Handling RCE (EXPLODINGCAN)

The remote host is running Windows Server 2003 and Internet Information Services IIS 6.0 with WebDAV enabled. It is, therefore, affected by a buffer overflow condition in the IIS WebDAV service due to improper handling of the 'If' header in a PROPFIND request. An unauthenticated, remote attacker...

Plesk Panel Apache Arbitrary PHP Code Injection

The remote host contains an Apache web server installation that is included with Parallels Plesk Panel and that is affected by a remote PHP code injection vulnerability. Due to an Apache configuration issue, a remote, unauthenticated attacker can exploit this issue by crafting a request allowing...

PostgreSQL Default Unpassworded Account

It is possible to connect to the remote PostgreSQL database server using an unpassworded account. This may allow an attacker to launch further attacks against the database. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

KB4025339: Windows 10 Version 1607 and Windows Server 2016 July 2017 Cumulative Update

The remote Windows host is missing security update KB4025339. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the Windows Performance Monitor Console due to improper parsing of XML input that contains a reference to an external entity. ...

Oracle Database Unsupported Version Detection

According to its version, the installation of Oracle Database running on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. %NASLMINLEVEL 70300 ...

HTTP Methods Allowed (per directory)

By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory. The following HTTP methods are considered insecure: PUT, DELETE, CONNECT, TRACE, HEAD Many frameworks and languages treat 'HEAD' as a 'GET' request, albeit one without any body in the...

OS Identification and Installed Software Enumeration over SSH v2 (Using New SSH Library)

Nessus was able to login to the remote host using SSH or local commands and extract the list of installed packages. TRUSTED...

Security Updates for Windows 10 / Windows Server 2016 (August 2018) (Spectre) (Meltdown) (Foreshadow)

The remote Windows host is missing a security update. It is, therefore, missing microcode updates to address Rogue System Register Read RSRE, Speculative Store Bypass SSB, L1 Terminal Fault L1TF, and Branch Target Injection vulnerabilities. C Tenable Network Security, Inc. include'compat.inc'; if...

Cisco IOS IKEv1 Packet Handling Remote Information Disclosure (cisco-sa-20160916-ikev1) (BENIGNCERTAIN) (uncredentialed check)

The IKE service running on the remote Cisco IOS device is affected by an information disclosure vulnerability, known as BENIGNCERTAIN, in the Internet Key Exchange version 1 IKEv1 subsystem due to improper handling of IKEv1 security negotiation requests. An unauthenticated, remote attacker can...

RHEL 9 : pcre2 (RHSA-2022:5251)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5251 advisory. The pcre2 package contains a new generation of the Perl Compatible Regular Expression libraries for implementing regular expression pattern...

TCP/IP Multicast Address Handling Remote DoS (spank.c)

Nessus has detected that the remote host responds to TCP packets that are coming from a multicast IP address. An attacker can exploit this to conduct a 'spank' denial of service attack, resulting in the host being shut down or network traffic reaching saturation. Also, this vulnerability can be...

Oracle WebLogic Unsupported Version Detection

According to its version, the installation of Oracle WebLogic running on the remote host is no longer supported per: - Error Correction Support Dates for Oracle WebLogic Server Doc ID 950131.1 Lack of support implies that no new security patches for the product will be released by the vendor. As ...

HTTP Proxy Arbitrary Site/Port Relaying

The remote proxy, allows everyone to perform requests against arbitrary ports, such as : 'GET http://cvs.nessus.org:110'. This problem may allow attackers to go through your firewall, by connecting to sensitive ports like 25 sendmail using the proxy. In addition to that, it might be used to perfo...

Nginx < 1.22.1 Multiple Vulnerabilities

According to its Server response header, the installed version of nginx is prior to 1.22.1 or 1.23.x prior to 1.23.2. It is, therefore, affected by two security issues which might allow an attacker to cause a worker process crash or worker process memory disclosure by using a specially crafted mp...

Security Updates for Outlook (October 2018)

The Microsoft Outlook application installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities including a remote code execution vulnerability requiring user interaction. See Microsoft Security Advisory ADV180026 for more information. C Tenable...

OpenNMS Java Object Deserialization RCE

The remote OpenNMS server is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated, remote attacker can exploit this, by sending a crafted RMI request, to execute arbitrar...

Web Server Generic XSS

The remote host is running a web server that fails to adequately sanitize request strings of malicious JavaScript. A remote attacker can exploit this issue, via a specially crafted request, to execute arbitrary HTML and script code in a user's browser within the security context of the affected...

VxWorks WDB Debug Service Detection

A VxWorks WDB Debug Agent is running on this host. Using this service, it is possible to read or write any memory zone or execute arbitrary code on the host. An attacker can use this flaw to take complete control of the affected device. C Tenable Network Security, Inc. include"compat.inc"; if...

Microsoft Exchange Client Access Server Information Disclosure

The Microsoft Exchange Client Access Server CAS is affected by an information disclosure vulnerability. A remote, unauthenticated attacker can exploit this vulnerability to learn the server's internal IP address. An attacker can send a crafted GET request to the Web Server with an empty host head...

Pligg login.php return Parameter Arbitrary Site Redirect

The remote host is running Pligg, an open source content management system. The installed version of Pligg contains an open redirect, in the 'return' parameter of its 'login.php' script. This could be abused to launch a phishing attack to trick users into visiting malicious sites. Note that this...

Weak DH Key Exchange Supported (PCI DSS)

At least one of the services on the remote host supports a Diffie-Hellman key exchange using a public modulus smaller than 2048 bits. Diffie-Hellman key exchanges with keys smaller than 2048 bits do not meet the PCI definition of strong cryptography as specified by NIST Special Publication 800-57...

CGI Generic SQL Injection (blind)

By sending specially crafted parameters to one or more CGI scripts hosted on the remote web server, Nessus was able to get a very different response, which suggests that it may have been able to modify the behavior of the application and directly access the underlying database. An attacker may be...

HTTP RPC Endpoint Mapper (http-rpc-epmap) Detection

This detects the http-rpc-epmap service by connecting to the port 593 and processing the buffer received. This endpoint mapper provides CIS COM+ Internet Services parameters like port 135 epmap for RPC. This script was written by Georges Dagousset See the Nessus Scripts License for details Change...

Amazon Linux AMI : java-1.8.0-openjdk, java-1.7.0-openjdk, java-1.6.0-openjdk (ALAS-2021-1553)

The version of java-1.6.0-openjdk installed on the remote host is prior to 1.6.0.41-1.13.13.1.78. The version of java-1.7.0-openjdk installed on the remote host is prior to 1.7.0.261-2.6.22.1.84. The version of java-1.8.0-openjdk installed on the remote host is prior to 1.8.0.312.b07-0.66. It is,...

MongoDB Service Without Authentication Detection

MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without any authentication. A remote attacker can therefore connect to the database system in order to create, read, update, and delete documents, collections, and databases. T...