337359 matches found
HSTS Missing From HTTPS Server
The remote HTTPS server is not enforcing HTTP Strict Transport Security HSTS. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and...
PHP 7.4.x < 7.4.26
The version of PHP installed on the remote host is prior to 7.4.26. It is, therefore, affected by a vulnerability as referenced in the Version 7.4.26 advisory. - In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexmlloadfile,...
Apache 2.2.x < 2.2.34 Multiple Vulnerabilities
According to its banner, the version of Apache running on the remote host is 2.2.x prior to 2.2.34. It is, therefore, affected by the following vulnerabilities : - An authentication bypass vulnerability exists in httpd due to third-party modules using the apgetbasicauthpw function outside of the...
MS15-011: Vulnerability in Group Policy Could Allow Remote Code Execution (3000483)
The remote Windows host is affected by a remote code execution vulnerability due to how the Group Policy service manages policy data when a domain-joined system connects to a domain controller. An attacker, using a controlled network, can exploit this to gain complete control of the host. Note th...
Microsoft IIS 6.0 PHP NTFS Stream Authentication Bypass
The version of Microsoft IIS installed on the remote host is affected by an authentication bypass vulnerability. It is possible to access PHP files in protected web directories without authentication by appending '::$INDEXALLOCATION' to the directory name. %NASLMINLEVEL 70300 C Tenable Network...
Microsoft Internet Explorer Unsupported Version Detection
According to its self-reported version number, the installation of Microsoft Internet Explorer on the remote Windows host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security...
PHP mb_send_mail() Function Parameter Security Bypass
According to its banner, the version of PHP installed on the remote host is affected by a flaw that allows an attacker to gain unauthorized privileges. When used with sendmail and when accepting remote input for the additionalparameters argument to the mbsendmail function, it is possible for...
OPIE w/ OpenSSH Account Enumeration
When using OPIE for PAM and OpenSSH, it is possible for remote attackers to determine the existence of certain user accounts. Note that Nessus has not tried to exploit the issue, but rather only checked if OpenSSH is running on the remote host. As a result, it does not detect if the remote host...
Apache Tomcat Manager Common Administrative Credentials
Nessus was able to gain access to the Manager web application for the remote Tomcat server using a known set of credentials. A remote attacker can exploit this issue to install a malicious application on the affected server and run arbitrary code with Tomcat's privileges usually SYSTEM on Windows...
JBoss Enterprise Application Platform '/jmx-console' Authentication Bypass
The version of JBoss Enterprise Application Platform EAP running on the remote host allows unauthenticated access to documents under the /jmx-console directory. This is due to a misconfiguration in web.xml which only requires authentication for GET and POST requests. Specifying a different verb...
MS KB3097966: Inadvertently Disclosed Digital Certificates Could Allow Spoofing
The remote host is missing KB3097966, KB2677070 automatic updater, or the latest disallowed certificate update using KB2813430 manual updater. If KB2677070 has been installed, it has not yet obtained the latest auto-updates. Note that this plugin checks that the updaters have actually updated the...
Microsoft Windows SMB LsaQueryInformationPolicy Function SID Enumeration Without Credentials
By emulating the call to LsaQueryInformationPolicy, it was possible to obtain the host SID Security Identifier, without credentials. The host SID can then be used to get the list of local users. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid56210; scriptversion"1.5"...
Multiple BSD ipfw / ip6fw ECE Bit Filtering Evasion
The remote host seems vulnerable to a bug wherein a remote attacker can circumvent the firewall by setting the ECE bit within the TCP flags field. At least one firewall ipfw is known to exhibit this sort of behavior. Known vulnerable systems include all FreeBSD 3.x ,4.x, 3.5-STABLE, and 4.2-STABL...
TCP/IP Predictable ISN (Initial Sequence Number) Generation Weakness
The remote host has predictable TCP sequence numbers. An attacker may use this flaw to establish spoofed TCP connections to this host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10443; scriptversion"1.31"; scriptcvsdate"Date: 2019/03/06 18:38:55"; scriptcveid...
SSH Protocol Authentication Bypass (Remote Exploit Check)
The remote ssh server is vulnerable to an authentication bypass. An attacker can bypass authentication by presenting SSH2MSGUSERAUTHSUCCESS message in place of the SSH2MSGUSERAUTHREQUEST method that normally would initiate authentication. Note: This vulnerability was disclosed in a libssh advisor...
Apache 2.4.x < 2.4.48 Vulnerability
The version of Apache httpd installed on the remote host is prior to 2.4.48. It is, therefore, affected by a vulnerability as referenced in the 2.4.48 changelog. - modhttp2: Fix a potential NULL pointer dereference CVE-2021-31618 Note that Nessus has not tested for this issue but has instead reli...
AXIS gSOAP Message Handling RCE (ACV-116267) (Devil's Ivy)
The remote AXIS device is running a firmware version that is missing a security patch. It is, therefore, affected by a remote code execution vulnerability, known as Devil's Ivy, due to an overflow condition that exists in a third party SOAP library gSOAP. An unauthenticated, remote attacker can...
Google Chrome < 72.0.3626.81 Multiple Vulnerabilities
The version of Google Chrome installed on the remote Windows host is prior to 72.0.3626.81. It is, therefore, affected by multiple vulnerabilities as referenced in the 201901stable-channel-update-for-desktop advisory. - Missing URI encoding of untrusted input in DevTools in Google Chrome prior to...
Nginx 1.25.x < 1.25.4 Multiple Vulnerabilities
According to its Server response header, the installed version of nginx is 1.25.x prior to 1.25.4. It is, therefore, affected by the following issues : - A NULL pointer dereference in HTTP/3. CVE-2024-24989 - A Use-after-free in HTTP/3. CVE-2024-24990 Note that the scanner has not tested for thes...
Apache 2.4.x < 2.4.10 Multiple Vulnerabilities
According to its banner, the version of Apache 2.4.x running on the remote host is prior to 2.4.10. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the 'modproxy' module that may allow an attacker to send a specially crafted request to a server configured as a...
Security Updates for Microsoft Visual Studio Products (April 2018)
The Microsoft Visual Studio Products are missing a security update. It is, therefore, affected by the following vulnerability : - An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database PDB...
Security Updates for Internet Explorer (June 2017)
The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such ...
Oracle Java SE 1.7.0_291 / 1.8.0_281 / 1.11.0_10 / 1.15.0_2 Information Disclosure (Jan 2021 CPU)
The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is prior to 7 Update 291, 8 Update 281, 11 Update 10, or 15 Update 2. It is, therefore, affected by an information disclosure vulnerability as referenced in the January 2021 CPU advisory. Specifically, an...
Oracle Java SE 1.7.0_261 / 1.8.0_251 / 1.11.0_7 / 1.14.0_1 Multiple Vulnerabilities (Apr 2020 CPU) (Unix)
The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is prior to 7 Update 261, 8 Update 251, 11 Update 7, or 14 Update 1. It is, therefore, affected by multiple vulnerabilities related to the following components : - Oracle Java SE and Java SE Embedded are...
Backup Files Disclosure
By appending various suffixes ie: .old, .bak, , etc... to the names of various files on the remote host, it seems possible to retrieve their contents, which may result in disclosure of sensitive information. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. This plugin uses the data collected ...
Microsoft .NET Core SEoL
According to its version, the Microsoft .NET Core installed on the remote host is no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVE...
Dropbear SSH Server < 2016.72 xauth Command Injection
According to its self-reported version in the banner, the version of Dropbear SSH running on the remote host is prior to 2016.72. It is, therefore, affected by a command injection vulnerability when X11 Forwarding is enabled, due to improper sanitization of X11 authentication credentials. An...
MySQL 5.7.x < 5.7.29 Multiple Vulnerabilities (Jan 2020 CPU)
The version of MySQL running on the remote host is 5.7.x prior to 5.7.29. It is, therefore, affected by multiple vulnerabilities, including three of the top vulnerabilities below, as noted in the January 2020 Critical Patch Update advisory: - Vulnerability in the MySQL Server product of Oracle...
GoAhead System.ini Leak
The remote server uses a version of GoAhead that allows a remote unauthenticated attacker to download the system.ini file. This file contains credentials to the web interface, ftp interface, and others. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid102174;...
MTA Open Mail Relaying Allowed
Nessus has detected that the remote SMTP server allows mail relaying. This issue allows any spammer to use your mail server to send their mail to the world, thus flooding your network bandwidth and possibly getting your mail server blacklisted. C Tenable Network Security, Inc. include'compat.inc'...
VNC Server Unauthenticated Access
The VNC server installed on the remote host allows an attacker to connect to the remote host as no authentication is required to access this service. The VNC server sometimes sends the connected user to the XDM login screen. Unfortunately, Nessus cannot identify this situation. In such a case, it...
ADV180002: Microsoft SQL Server January 2018 Security Update (Meltdown) (Spectre)
The remote Microsoft SQL Server is missing a security update. It is, therefore, affected by a vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local user access to disclose information via a side-channel...
Default Password 'Zte521' for 'root' Account
The account 'root' on the remote host has the default password 'Zte521'. A remote attacker can exploit this issue to gain administrative access to the affected system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "root"; password = "Zte521"; include'deprecatednasllevel.inc';...
MS15-124: Cumulative Security Update for Internet Explorer (3116180)
The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3116180. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these issues by...
phpMyAdmin grab_globals.lib.php subform Parameter Traversal Local File Inclusion
The version of phpMyAdmin installed on the remote host allows attackers to read and possibly execute code from arbitrary files on the local host because of its failure to sanitize the parameter 'subform' before using it in the 'libraries/grabglobals.lib.php' script. %NASLMINLEVEL 70300 C Tenable...
Citrix ADC and Citrix NetScaler Gateway Arbitrary Code Execution (CTX267027)
The remote Citrix ADC or Citrix NetScaler Gateway device is affected by an arbitrary code execution vulnerability. An unauthenticated, remote attacker may be able to leverage this vulnerability to perform arbitrary code execution on an affected host. Please refer to advisory CTX267027 for more...
Apache 2.4.x < 2.4.28 HTTP Vulnerability (OptionsBleed)
According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.28. It is, therefore, affected by an HTTP vulnerability related to the directive in an .htaccess file. Note that Nessus has not tested for these issues but has instead relied only on the application's...
IBM Domino ZMerge Database Security Bypass
The version of IBM Domino formerly IBM Lotus Domino running on the remote host is affected by a security bypass vulnerability due to insufficient access control list ACL settings on the administration databases for ZMerge. An unauthenticated, remote attacker can exploit this issue to disclose...
DokuWiki Detection
The remote host is running DokuWiki, an open source wiki application written in PHP. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid24711; scriptversion"1.16"; scriptsetattributeattribute:"pluginmodificationdate", value:"2023/05/24"; scriptnameenglish:"DokuWiki...
JBoss Java Object Deserialization RCE
The remote JBoss server is affected by multiple remote code execution vulnerabilities : - A flaw exists due to the JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets not properly restricting access to profiles. A remote attacker can exploit this issue to bypass authentication and invoke...
XMPP Cleartext Authentication
The remote Extensible Messaging and Presence Protocol XMPP service supports one or more authentication mechanisms that allow credentials to be sent in the clear. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid87736; scriptversion"$Revision: 1.1 $"; scriptcvsdate"$Date...
Apache Tomcat 9.0.0.M1 < 9.0.18
The version of Tomcat installed on the remote host is prior to 9.0.18. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.18security-9 advisory. - When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.1...
Web Server Generic 3xx Redirect
The remote web server is configured to redirect users using a HTTP 302, 303 or 307 response. However, the server can redirect to a domain that includes components included in the original request. A remote attacker could exploit this by crafting a URL which appears to resolve to the remote server...
FTP Privileged Port Bounce Scan
It is possible to force the remote FTP server to connect to third parties using the PORT command. The problem allows intruders to use your network resources to scan other hosts, making them think the attack comes from your network. TRUSTED...
Microsoft SQL Server Detection (credentialed check)
Nessus has detected one or more installs of Microsoft SQL server by examining the registry and file systems on the remote host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid11217; scriptversion"1.157";...
Firewall UDP Packet Source Port 53 Ruleset Bypass
It is possible to bypass the rules of the remote firewall by sending UDP packets with a source port equal to 53. An attacker may use this flaw to inject UDP packets to the remote hosts, in spite of the presence of a firewall. C Tenable Network Security, Inc. Problem: This check is prone to false...
SSH Server Type and Version Information
It is possible to obtain information about the remote SSH server by sending an empty authentication request. TRUSTED...
Web Server No 404 Error Code Check
The remote web server is configured such that it does not return '404 Not Found' error codes when a nonexistent file is requested, perhaps returning instead a site map, search page or authentication page. Nessus has enabled some counter measures for this. However, they might be insufficient. If a...
OS Security Patch Assessment Not Available
OS Security Patch Assessment is not available on the remote host. This does not necessarily indicate a problem with the scan. Credentials may not have been provided, OS security patch assessment may not be supported for the target, the target may not have been identified, or another issue may hav...
Webmin < 1.930 Remote Code Execution Vulnerability
A remote code execution vulnerability exists in reset password component due to an insecure default configuration. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands with root privileges. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...