PHP 5.6.x < 5.6.38 Transfer-Encoding Parameter XSS Vulnerability

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.38. It is, therefore, affected by a cross-site scripting vulnerability. An attacker could leverage this vulnerability to inject malicious code which executes within the security context of the...

AWStats Detection

The remote host is running AWStats, an open source log analysis tool written in Perl used to generate advanced graphic reports. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid35974; scriptversion"1.16"; scriptsetattributeattribute:"pluginmodificationdate",...

Apache mod_fcgid Module < 2.3.9 fcgid_header_bucket_read() Function Heap-Based Buffer Overflow

According to its self-reported banner, the Apache web server listening on this port includes a version of the modfcgid module earlier than 2.3.9. That reportedly has a heap-based buffer overflow vulnerability because of an error in the pointer arithmetic used in the 'fcgidheaderbucketread'...

Security Updates for Microsoft Defender (April 2020)

The version of Microsoft Malware Protection Signature Update Stub MpSigStub.exe installed on the remote Windows host is prior to 1.1.16638.0. It is, therefore, affected by a elevation of privilege vulnerability which could allow an attacker who successfully exploited this vulnerability to elevate...

Apache 2.4.x < 2.4.52 mod_lua Buffer Overflow

The version of Apache httpd installed on the remote host is prior to 2.4.52. It is, therefore, affected by a flaw related to modlua when handling multipart content. A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The...

OS Identification : HTML

Nessus was able to identify the remote operating system by examining the HTML returned from certain HTTP requests. C Tenable, Inc. include"compat.inc"; if description scriptid35779; scriptversion"1.149"; scriptsetattributeattribute:"pluginmodificationdate", value:"2026/03/26"; scriptnameenglish:"...

MS13-098: Vulnerability in Windows Could Allow Remote Code Execution (2893294)

The remote host contains a version of Microsoft Windows that is affected by a remote code execution vulnerability. The vulnerability exists in the method in which the WinVerifyTrust function deals with Windows Authenticode signature verification for portable executable files. An attacker could...

Microsoft Windows 'CWDIllegalInDllSearch' Registry Setting

Windows Hosts can be hardened against DLL hijacking attacks by setting the The 'CWDIllegalInDllSearch' registry entry in to one of the following settings: - 0xFFFFFFFF Removes the current working directory from the default DLL search order - 1 Blocks a DLL Load from the current working directory ...

MySQL 5.5.x < 5.5.60 Multiple Vulnerabilities (RPM Check) (April 2018 CPU)

The version of MySQL running on the remote host is 5.5.x prior to 5.5.60. It is, therefore, affected by multiple vulnerabilities as noted in the April 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not...

Microsoft Windows SMB Registry : Nessus Cannot Access the Windows Registry

It was not possible to connect to PIPE\winreg on the remote host. If you intend to use Nessus to perform registry-based checks, the registry checks will not work because the 'Remote Registry Access' service winreg has been disabled on the remote host or can not be connected to with the supplied...

Squid 3.5.x < 3.5.23 / 4.x < 4.0.17 Information Disclosure Vulnerability (SQUID-2016:10)

According to its banner, the version of Squid running on the remote host is 3.x prior to 3.5.23, or 4.x prior to 4.0.17. It is, therefore, affected by an information disclosure vulnerability in the collapsed forwarding feature due to the incorrect comparison of request headers. An unauthenticated...

Apache 2.4.x < 2.4.34 Multiple Vulnerabilities

According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.34. It is, therefore, affected by the following vulnerabilities: - By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a...

MySQL 5.7.x < 5.7.33 Multiple Vulnerabilities (Jan 2021 CPU)

The version of MySQL running on the remote host is 5.7.x prior to 5.7.33. It is, therefore, affected by multiple vulnerabilities, including the following, as noted in the January 2021 Critical Patch Update advisory: - Vulnerability in the MySQL Client product of Oracle MySQL component: C API...

Kerio Connect < 8.1.0 SSL/TLS Information Disclosure (BEAST)

According to its banner, the remote host is running a version of Kerio Connect formerly known Kerio MailServer prior to 8.1.0. It is, therefore, affected by an information disclosure vulnerability, known as BEAST, in the SSL 3.0 and TLS 1.0 protocols due to a flaw in the way the initialization...

TCP Port 0 Open: Possible Backdoor

TCP port 0 is open on the remote host. This is highly suspicious as this TCP port is reserved and should not be used. This might be a backdoor REx. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid18164; scriptversion "1.13"; scriptcvsdate"Date: 2019/03/06 18:38:55";...

Microsoft Exchange Server RCE (ProxyShell)

Binary data exchangeproxyshell.nbin...

Microsoft ASP.NET MS-DOS Device Name DoS

The web server running on the remote host appears to be using Microsoft ASP.NET, and may be affected by a denial of service vulnerability. Requesting a URL containing an MS-DOS device name can cause the web server to become temporarily unresponsive. An attacker could repeatedly request these URLs...

HTTP Proxy Open Relay Detection

The remote web proxy accepts unauthenticated HTTP requests from the Nessus scanner. By routing requests through the affected proxy, a user may be able to gain some degree of anonymity while browsing websites, which will see requests as originating from the remote host itself rather than the user'...

OpenSSL 'ChangeCipherSpec' MiTM Potential Vulnerability

The OpenSSL service on the remote host is potentially vulnerable to a man-in-the-middle MiTM attack, based on its response to two consecutive 'ChangeCipherSpec' messages during the incorrect phase of an SSL/TLS handshake. This flaw could allow a MiTM attacker to decrypt or forge SSL messages by...

CGI Generic Cross-Site Request Forgery Detection (potential)

Nessus has found HTML forms on the remote web server. Some CGI scripts do not appear to be protected by random tokens, a common anti-cross-site request forgery XSRF protection. The web application might be vulnerable to XSRF attacks. Note that : - Nessus did not exploit the flaw. - Nessus cannot...

SSL Self-Signed Certificate

The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host. Note that this plugin does not check for...

Amazon Linux 2 : openssl, openssl11 (ALAS-2022-1766)

The version of openssl installed on the remote host is prior to 1.0.2k-24. The version of openssl11 installed on the remote host is prior to 1.1.1g-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2022-1766 advisory. The BNmodsqrt function, which computes a modular...

phpBB < 2.0.11 Multiple Vulnerabilities (ESMARKCONANT)

The remote host is running a version of phpBB older than 2.0.11. It is reported that this version of phpBB is susceptible to a script injection vulnerability which may allow an attacker to execute arbitrary code on the remote host. In addition, phpBB has been reported to multiple SQL injections,...

PHP 5.5.x < 5.5.9 GD Extension Multiple Vulnerabilities

According to its banner, the version of PHP 5.5.x installed on the remote host is a version prior to 5.5.9. It is, therefore, potentially affected by the following vulnerabilities related to the GD extension : - A heap-based buffer overflow error exists related to the functions 'gdImageCrop' and...

MTA Open Mail Relaying Allowed (internal)

Nessus has detected that this internal SMTP server allows mail relaying. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid118017; scriptversion"1.4"; scriptsetattributeattribute:"pluginmodificationdate", value:"2020/06/01"; scriptcveid "CVE-1999-0512", "CVE-2002-1278",...

KB4014793: Microsoft Wordpad Remote Code Execution vulnerability (April 2017)

The remote Windows host is missing security update KB4014793. It is, therefore, affected by a remote code execution vulnerability in Windows WordPad due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially...

AWStats Multiple Remote Vulnerabilities (Cmd Exec, Traversal, ID)

The remote host is running AWStats, a free logfile analysis tool for analyzing ftp, mail, web, ... traffic. The remote version of this software is prone to a command execution flaw as well as an information disclosure vulnerability. An attacker may exploit this feature to obtain more information...

Microsoft IIS 6.0 Unsupported Version Detection

According to its self-reported version number, the installation of Microsoft Internet Information Services IIS 6.0 on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain...

Sawmill Detection

Sawmill, a log analysis tool from Flowerfire Inc., is installed on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid50430; scriptversion"1.6"; scriptsetattributeattribute:"pluginmodificationdate", value:"2023/05/24"; scriptnameenglish:"Sawmill...

VNC Server 'password' Password

The VNC server running on the remote host is secured with a weak password. Nessus was able to login using VNC authentication and a password of 'password'. A remote, unauthenticated attacker could exploit this to take control of the system. C Tenable Network Security, Inc. include"compat.inc";...

Service Detection (GET request)

It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. C Tenable, Inc. include"compat.inc"; if description scriptid17975; scriptversion"1.395"; scriptsetattributeattribute:"pluginmodificationdate",...

Apache 2.4.x < 2.4.60 Multiple Vulnerabilities

The version of Apache httpd installed on the remote host is prior to 2.4.60. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.60 advisory. - Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash o...

Apache Log4j < 2.15.0 Remote Code Execution (Nix)

The version of Apache Log4j on the remote host is 2.x 2.3.1 / 2.4 2.12.2 / 2.13 2.15.0. It is, therefore, affected by a remote code execution vulnerability in the JDNI parser due to improper log validation. An unauthenticated, remote attacker can exploit this to bypass authentication and execute...

MS09-001: Vulnerabilities in SMB Could Allow Remote Code Execution (958687)

The remote host is affected by a memory corruption vulnerability in SMB that may allow an attacker to execute arbitrary code or perform a denial of service against the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid35361; scriptversion"1.34";...

phpMyAdmin 4.5.x < 4.5.4 Multiple Vulnerabilities (PMASA-2016-8, PMASA-2016-9)

According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.5.x prior to 4.5.4. It is, therefore, affected by the following vulnerabilities : - An information disclosure vulnerability exists in multiple scripts that allows a remote attacker, via ...

Microsoft Windows SMB Service Enumeration via \srvsvc

This plugin connects to \srvsvc instead of \svcctl to enumerate the list of services running on the remote host on top of a NULL session. An attacker may use this feature to gain better knowledge of the remote host. C Tenable Network Security, Inc. Thanks to: Jean-Baptiste Marchand of Herve Schau...

jQuery-File-Upload Arbitrary File Upload Vulnerability (Remote Check)

The version of jQuery-File-Upload running on the remote host is affected by an arbitrary file upload vulnerability. An unauthenticated attacker could leverage this vulnerability to gain access to the host in the context of the web application user. %NASLMINLEVEL 70300 C Tenable Network Security,...

Microsoft Security Advisory 4025685: Guidance for older platforms (XP / 2003) (EXPLODINGCAN)

The remote Windows host is missing a security update. It is, therefore, affected by one or more of the following vulnerabilities : - A remote code execution vulnerability exists in how the Remote Desktop Protocol RDP handles requests if the RDP server has Smart Card authentication enabled. An...

Dell Integrated Remote Access Controller (iDRAC) Web Interface Detection

The web interface for Dell Integrated Remote Access Controller iDRAC, formerly known as Dell Remote Access Controller DRAC, was detected on the remote host. C Tenable, Inc. Thanks to Jason Haar for his help! include'compat.inc'; if description scriptid51185; scriptversion"1.32";...

QLogic QConvergeConsole (QCC) GUI Web Interface Default Credentials

The remote device appears to be running QLogic QConvergeConsole which contains a web interface with default credentials enabled. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid118331; scriptversion"1.1"; scriptcvsdate"Date: 2018/10/24 10:33:48";...

Microsoft Malware Protection Engine < 1.1.14700.5 RCE

The version of Microsoft Malware Protection Engine MMPE installed on the remote Windows host is prior to 1.1.14700.5. It is, therefore, affected by a remote code execution vulnerability which could allow an attacker who successfully exploited this vulnerability to execute arbitrary code in the...

SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability (BEAST)

A vulnerability exists in SSL 3.0 and TLS 1.0 that could allow information disclosure if an attacker intercepts encrypted traffic served from an affected system. TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected. This plugin tries to establish an SSL/TLS remote...

PHP 7.0.x < 7.0.30 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.30. It is, therefore, affected by multiple vulnerabilities. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid109577;...

CGI Generic Cookie Injection Scripting

The remote web server hosts at least one CGI script that fails to adequately sanitize request strings with malicious JavaScript. By leveraging this issue, an attacker may be able to inject arbitrary cookies. Depending on the structure of the web application, it may be possible to launch a 'sessio...

IBM WebSphere Java Object Deserialization RCE

The remote IBM WebSphere Application Server is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated, remote attacker can exploit this, by sending a crafted SOAP request, ...

KB5019966: Windows 10 version 1809 / Windows Server 2019 Security Update (November 2022)

The remote Windows host is missing security update 5019966. It is, therefore, affected by multiple vulnerabilities - AMD: CVE-2022-23824 IBPB and Return Address Predictor Interactions CVE-2022-23824 - Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability CVE-2022-37966 - Windows Kerberos...

Treck TCP/IP stack multiple vulnerabilities. (Ripple20)

This plugin detects the usage of the Treck TCP/IP stack by the host thereby indicating that it could be potentially vulnerable to the Ripple20 vulnerabilities. Patches are being slowly rolled out by vendors and we will release plugins for patches as they are released by the vendors. In the interi...

CGI Generic XSS (quick test)

The remote web server hosts CGI scripts that fail to adequately sanitize request strings with malicious JavaScript. By leveraging this issue, an attacker may be able to cause arbitrary HTML and script code to be executed in a user's browser within the security context of the affected site. These...

CredSSP Remote Code Execution Vulnerability March 2018 Security Update

The remote Windows host allows fallback to insecure versions of Credential Security Support Provider protocol CredSSP. It is therefore, affected by a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could relay user credentials and use them to execute...

KB4103723: Windows 10 Version 1607 and Windows Server 2016 May 2018 Security Update

The remote Windows host is missing security update 4103723. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability...