Joomla 3.0.x < 3.9.12 Joomla 3.9.12 Release (5776-joomla-3-9-12)

According to its self-reported version, the instance of Joomla! running on the remote web server is 3.0.x prior to 3.9.12. It is, therefore, affected by a vulnerability. - Inadequate escaping allowed XSS attacks using the logo parameter of the default templates. CVE-2019-16725 Note that Nessus ha...

Security Updates for Microsoft Office Products (July 2019)

The Microsoft Office Products are missing security updates. They are, therefore, affected by multiple vulnerabilities: - An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could...

Linux Kernel Detection of MDS vulnerabilities (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)

According to the remote Linux kernel, this system is vulnerable to the following information disclosure vulnerabilities: - MSBDS leaks Store Buffer Entries which can be speculatively forwarded to a dependent load store-to-load forwarding as an optimization. The forward can also happen to a faulti...

PHP 7.1.x < 7.1.26 Multiple vulnerabilities.

According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.26. It is, therefore, affected by multiple vulnerabilities: - An integer underflow condition exists in gdContributionsAlloc function in gdinterpolation.c. An unauthenticated, remote attacker can hav...

SUSE SLED15 / SLES15 Security Update : systemd (SUSE-SU-2019:0137-1)

This update for systemd provides the following fixes : Security issues fixed : CVE-2018-16864, CVE-2018-16865: Fixed two memory corruptions through attacker-controlled allocas bsc1120323 CVE-2018-16866: Fixed an information leak in journald bsc1120323 CVE-2018-6954: Fix mishandling of symlinks...

F5 Networks BIG-IP : Side-channel processor vulnerabilities (K91229003)

The following three side-channel attacks were publicly disclosed on January 3, 2018 : CVE-2017-5715 Spectre-BTB previously known as Spectre Variant 2 Branch target injection Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosu...

RHEL 7 : kernel (RHSA-2018:2384)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2384 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: Modern operating systems implement...

Webmin 1.840 / 1.880 Local File Inclusion Vulnerability

According to its self-reported version, the Webmin install hosted on the remote host is 1.840 or 1.880. It is, therefore, affected by a local file inclusion vulnerability. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid108563; scriptversion"1.3"; scriptcvsdate"Date:...

macOS 10.13.x < 10.13.1 Multiple Vulnerabilities

The remote host is running a version of Mac OS X that is 10.13.x prior to 10.13.1. It is, therefore, affected by multiple vulnerabilities in the following components : - APFS - curl - Dictionary Widget - Kernel - StreamingZip - tcpdump - Wi-Fi Note that successful exploitation of the most serious...

Juniper Junos Multiple OpenSSL Vulnerabilities (JSA10775)

According to its self-reported version number, the remote Juniper Junos device is affected by multiple vulnerabilities : - A carry propagation error exists in the OpenSSL component in the Broadwell-specific Montgomery multiplication procedure when handling input lengths divisible by but longer th...

KB4019474: Windows 10 Version 1507 May 2017 Cumulative Update

The remote Windows 10 version 1507 host is missing security update KB4019474. It is, therefore, affected by multiple vulnerabilities : - A security bypass vulnerability exists in Internet Explorer due to an unspecified flaw. An unauthenticated, remote attacker can exploit this, by convincing a us...

EulerOS 2.0 SP1 : curl (EulerOS-SA-2017-1036)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple integer overflows in the 1 curlescape, 2 curleasyescape, 3 curlunescape, and 4 curleasyunescape functions in libcurl before 7.50.3 allow...

MS16-032: Security Update for Secondary Logon to Address Elevation of Privilege (3143141)

The remote Windows host is affected by an elevation of privilege vulnerability in the Windows Secondary Logon Service due to improper management of request handles in memory. An authenticated, remote attacker can exploit this, via a specially crafted application, to elevate privileges, allowing t...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3503)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-3503 advisory. - ipc/sem.c: fully initialize semarray before making it visible Manfred Spraul Orabug: 22250043 CVE-2015-7613 - Initialize msg/shm IPC objects befo...

RHEL 5 : java-1.7.0-openjdk (RHSA-2015:1230) (Bar Mitzvah) (Logjam)

Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, a...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3013)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-3013 advisory. - kvm: fix excessive pages un-pinning in kvmiommumap error path. Quentin Casasnovas Orabug: 20687313 CVE-2014-3601 CVE-2014-8369 CVE-2014-3601 -...

HP System Management Homepage < 7.1.1 Multiple Vulnerabilities

According to the web server's banner, the version of HP System Management Homepage SMH hosted on the remote host is earlier than 7.1.1 and is, therefore, reportedly affected by the following vulnerabilities : - The bundled version of the libxml2 library contains multiple vulnerabilities...

Hydra: HTTP proxy

This plugin runs Hydra to find HTTP proxy accounts and passwords by brute force. To use this plugin, enter the 'Logins file' and the 'Passwords file' under the 'Hydra NASL wrappers options' advanced settings block. TRUSTED...

Cisco Malformed SNMP Message Handling DoS (CSCdw67458)

There is a vulnerability in the way the remote device handles SNMP messages. An attacker may use this flaw to crash the remote device continuously. This vulnerability is documented as Cisco bug ID CSCdw67458. C Tenable Network Security, Inc. Script audit and contributions from Carmichael Security...

Web Server Long URL Handling Remote Overflow DoS

The remote web server crashes when it receives a too long URL. It might be possible to make it execute arbitrary code through this flaw. C Tenable Network Security, Inc. Some vulnerable servers: SmallHTTP All versions vulnerable: 2.x Stables, 3.x Latest beta 8 OmniHTTPd v2.09 of Omnicron...

MariaDB 10.6.0 < 10.6.16

The version of MariaDB installed on the remote host is prior to 10.6.16. It is, therefore, affected by a vulnerability as referenced in the 10.6.16 advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.43 and prior,...

WordPress 5.6.x < 5.6.11 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A directory traversal via wplang. CVE-2023-2745 - A Cross-Site Request Forgery CSRF via wpajaxsetattachmentthumbnail. - An authenticated stored Cross-Site Scripting XSS vi...

Samba < 4.15.13 / 4.16.x < 4.16.8 / 4.17.x < 4.17.4 Multiple Vulnerabilities

The version of Samba running on the remote host is prior to 4.15.13, 4.16.x prior to 4.16.8, or 4.17.x prior to 4.17.4. It is, therefore, affected by multiple vulnerabilities: - Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability. CVE-2022-37966, CVE-2022-45141 - Windows Kerberos...

Underscore.js 1.3.2 < 1.12.1 Arbitrary Code Injection

According to its self-reported version number, Underscore.js is 1.3.2 prior to 1.12.1 or 1.13.x prior to 1.13.0-2. Therefore, it may be affected by an arbitrary code injection via the template function when the variable option is taken from .templateSettings. Note that the scanner has not tested...

Webmin < 1.970 Multiple Vulnerabilities

According to its self-reported version, the version of Webmin running on the remote host may be affected by multiple vulnerabilities, including the following: - Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary...

DTLS Service Detection

Nessus was able to detect that the remote service supports DTLS Datagram Transport Layer Security by sending a ClientHello and receiving a HelloVerifyRequest reply. TRUSTED...

Scientific Linux Security Update : kernel on SL7.x x86_64 (20200317)

Security Fixes : - kernel: Count overflow in FUSE request leading to use-after-free issues. CVE-2019-11487 - kernel: rtlp2pnoaie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow CVE-2019-17666 - Kernel: KVM: export...

EulerOS 2.0 SP5 : php (EulerOS-SA-2019-2221)

According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ext/standard/varunserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to caus...

Security Updates for Microsoft Sharepoint Server (March 2019)

The Microsoft Sharepoint Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerabilities: - A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request ...

CentOS 6 : java-1.8.0-openjdk (CESA-2018:2943)

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

SUSE SLED12 / SLES12 Security Update : icu (SUSE-SU-2018:1401-1)

icu was updated to fix two security issues. These security issues were fixed : - CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode ICU used an integer data type that is...

Check Point Gaia Operating Bash Code Injection (sk102673)(SHELLSHOCK)

The remote host is running a version of Gaia OS which is affected by issues related to the SHELLSHOCK set of vulnerabilities in bash. An error in the bash functionality that evaluates specially formatted environment variables passed to it from another environment, which may result in remote code...

Windows Server 2012 July 2017 Security Updates

The remote Windows host is missing security update 4025343 or cumulative update 4025331. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the Windows Performance Monitor Console due to improper parsing of XML input that contains a...

SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2017:1393-1) (SambaCry)

This update for samba fixes the following issue : - An unprivileged user with access to the samba server could cause smbd to load a specially crafted shared library, which then had the ability to execute arbitrary code on the server as 'root'. CVE-2017-7494, bso12780, bsc1038231 Note that Tenable...

Fedora 25 : kernel (2017-93dec9eba5)

The 4.10.8 stable update contains a number of important fixes across the tree Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...

SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2016:3080-1)

This update for MozillaFirefox, mozilla-nss fixes security issues and bugs. The following vulnerabilities were fixed in Firefox ESR 45.5.1 bsc1009026 bsc1012964 : - CVE-2016-9079: Use-after-free in SVG Animation MFSA 2016-92 bsc1012964 - CVE-2016-5297: Incorrect argument length checking in...

MS KB2719662: Vulnerabilities in Gadgets Could Allow Remote Code Execution

The remote version of Microsoft Windows is missing a workaround that mitigates multiple, unspecified remote code execution vulnerabilities caused by running insecure Gadgets. Windows Vista and 7 are affected by this issue. An attacker could exploit this by tricking a user into installing a...

Autodesk IDrop ActiveX Control Heap Corruption

The IDrop ActiveX control, a utility from Autodesk that provides the ability to drag and drop web content into a drawing session, is installed on the remote Windows host. Manipulation of the control's 'Src', 'Background', and 'PackageXml' properties reportedly can be abused to trigger a...

Citrix Published Applications Remote Enumeration

It is possible for a remote attacker to enumerate published applications that are allowed on the affected Citrix server. This script was written by John Lampe ... [email protected] Script is based on Citrix Published Application Scanner version 2.0 By Ian Vitek, [email protected] See th...

Nginx 1.27.0 Buffer Over-read

According to its Server response header, the installed version of nginx is 1.5.13 to 1.26.2 or 1.27.0. It is, therefore, affected by a security issue was identified in the ngxhttpmp4module, which might allow an attacker to cause a worker process crash by using a specially crafted mp4 file...

WordPress 6.3.x < 6.3.5 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A Cross-Site Scripting XSS vulnerability affecting the HTML API. - A Cross-Site Scripting XSS vulnerability affecting the Template Part block. - A path traversal issue...

Microsoft Exchange Server October 2022 Zero-day Vulnerabilities (ProxyNotShell)

The Microsoft Exchange Server installed on the remote host is potentially affected by multiple zero-day vulnerabilities, dubbed ProxyNotShell: - An unspecified authenticated server-side request forgery SSRF vulnerability. CVE-2022-41040 - An unspecified authenticated remote code execution RCE...

EulerOS 2.0 SP10 : expat (EulerOS-SA-2022-1659)

According to the versions of the expat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Expat aka libexpat before 2.4.4 has a signed integer overflow in XMLGetBuffer, for configurations with a nonzero XMLCONTEXTBYTES. CVE-2022-23852 -...

MariaDB 10.7.0 < 10.7.2 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.7.2. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.7.2 advisory. - MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local...

RHEL 8 : firefox (RHSA-2021:3157)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3157 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

EulerOS Virtualization 2.9.1 : grub2 (EulerOS-SA-2021-1714)

According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged...

Virtuozzo 7 : microcode_ctl (VZLSA-2020-5083)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:5083 advisory. - hw: Information disclosure issue in Intel SGX via RAPL interface CVE-2020-8695 - hw: Vector Register Leakage-Active CVE-2020-8696 - hw: Fa...

Oracle Enterprise Manager Cloud Control (Jul 2020 CPU)

The 13.3.0.0, 13.4.0.0, and 12.1.0.5 versions of Enterprise Manager Base Platform installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2020 CPU advisory. - Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager...

KB4565539: Windows 7 and Windows Server 2008 R2 July 2020 Security Update

The remote Windows host is missing security update 4565539 or cumulative update 4565524. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this...

VMware ESXi 5.5 / 6.0 / 6.5 / 6.7 Information Disclosure (VMSA-2018-0012) (Spectre) (remote check)

The remote VMware ESXi host is version 5.5, 6.0, 6.5, or 6.7 and is missing a security patch. It is, therefore, vulnerable to an information disclosure vulnerability. The vulnerability exists in the speculative execution control mechanism. An unauthenticated, local attacker can exploit this, via...