177629 matches found
vsftpd < 3.0.3 Security Bypass Vulnerability
vsftpd is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:vsftpdproject:vsftpd";...
AWStats < 7.7 Directory Traversal Vulnerability - Active Check
AWStats is vulnerable to a path traversal flaw in the handling of the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
OTRS Default Credentials (HTTP)
The OTRS instance is using known and default credentials for the HTTP based web interface. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE ...
WikkaWiki <= 1.3.4 XSS Vulnerability - Active Check
WikkaWiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
nginx <= 1.18.0 HTTP Request Smuggling Vulnerability
Deprecated since the CVE has been rejected: SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Lutron Devices Default Credentials (Telnet)
Lutron devices have default admin credentials that cannot be changed. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Hikvision IP Camera Detection (HTTP)
HTTP based detection of Hikvision IP camera devices. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Operating System (OS) Detection (SSH Banner)
SSH banner-based Operating System OS detection. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PIX Firewall Manager Directory Traversal
It is possible to read arbitrary files on the remote host through the remote web server. SPDX-FileCopyrightText: 2001 Digital Defense Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...
DCE/RPC and MSRPC Services Enumeration Reporting
Distributed Computing Environment / Remote Procedure Calls DCE/RPC or MSRPC based service enumeration reporting. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Microsoft Windows SMB Server Multiple Vulnerabilities (4013389)
This host is missing a critical security update according to Microsoft Bulletin MS17-010WannaCrypt SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Eclipse Jetty XSS Vulnerability (CVE-2019-10241) - Windows
Eclipse Jetty is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty...
PHPUnit 'CVE-2017-9841' RCE Vulnerability (HTTP) - Active Check
PHPUnit is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only nb: - For very large web pages w...
Microsoft Visual Studio 2015 Update 3 Information Disclosure Vulnerability (KB4087371)
This host is missing an important security update according to Microsoft KB4091346 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...
Report outdated / end-of-life Scan Engine / Environment (local)
This script checks and reports an outdated or end-of-life scan engine for the following environments: - Greenbone Community Edition - Greenbone Free formerly Greenbone Enterprise TRIAL, Greenbone Security Manager TRIAL / Greenbone Community Edition VM used for this scan. NOTE: While this is not, ...
Directory Scanner (HTTP)
HTTP based detection of various common dirs on the remote web server. SPDX-FileCopyrightText: 2005 Digital Defense Inc. SPDX-FileCopyrightText: Improved code and additional directories since 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C...
Adminer 4.3.1 - 4.6.2 File Disclosure Vulnerability - Linux
Adminer is prone to a file disclosure vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adminer:adminer";...
Bitvise SSH Server < 7.41 Security Bypass Vulnerability
Bitvise SSH Server is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:bitvise:winsshd";...
'favicon.ico' Based Fingerprinting (HTTP)
HTTP based fingerprinting of web applications based on an exposed SPDX-FileCopyrightText: 2005 Javier Fernandez-Sanguino Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescriptio...
ISC BIND Security Bypass Vulnerability - Active Check
A flaw was found in the way BIND handled TSIG authentication for dynamic updates. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This progr...
DCE/RPC and MSRPC Services Enumeration
Distributed Computing Environment / Remote Procedure Calls DCE/RPC or MSRPC based service enumeration. SPDX-FileCopyrightText: 2005 Dave Aitel ported to NASL by rd and Pavel Kankovsky Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...
Elasticsearch 6.4.0, 6.4.1, 6.4.2 Information Disclosure Vulnerability - Linux
Elasticsearch is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
Cuppa CMS Remote/Local File Inclusion Vulnerability
Cuppa CMS is prone to a file inclusion vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SSL/TLS: Report Vulnerable Cipher Suites for HTTPS
This routine reports all SSL/TLS cipher suites accepted by a service where attack vectors exists only on HTTPS services. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
HangZhou XiongMai Technologies Net Surveillance Default Credentials (HTTP)
The remote installation of HangZhou XiongMai Technologies Net Surveillance is using known default credentials for the HTTP login. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Vacron NVR RCE Vulnerability (Oct 2017) - Active Check
Vacron NVR is prone to a remote code execution RCE vulnerability. This vulnerability was known to be exploited by the IoT Botnet SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Cleartext Transmission of Sensitive Information via HTTP
The host / application transmits sensitive information username, passwords in cleartext via HTTP. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...
Hikvision IP Camera Default Credentials (HTTP)
The remote Hikvision IP camera device is using known default credentials. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fr...
Microsoft Windows: Prohibit connection to non-domain networks (in domain authenticated network)
This test checks the setting for policy OpenVAS Vulnerability Test $Id: winfblocknondomain.nasl 11337 2018-09-11 14:23:53Z emoss $ Check value for Prohibit connection to non-domain networks when connected to domain authenticated network Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone...
Operating System (OS) End of Life (EOL) Detection
The Operating System OS on the remote host has reached the end of life EOL and should not be used anymore. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
WordPress RCE Vulnerability (CVE-2019-8942) - Linux
WordPress allows remote code execution RCE because an wpattachedfile Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif...
TYPO3 Default Admin Credentials (HTTP)
TYPO3 is using default admin credentials. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; ifdescription...
Apache HTTP Server < 2.4.39 Privilege Escalation Vulnerability - Linux
In Apache HTTP Server, with MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute arbitrary code with the privileges of the parent process usually root by manipulating the...
Webmin <= 1.941 RCE Vulnerability
Webmin is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Microsoft Windows Unquoted Path Vulnerability (SMB Login)
The script tries to detect Windows SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only include"pluginfeedinfo.inc"; ifdescription...
Database Open Access Information Disclosure Vulnerability
Various Database server might be prone to an information disclosure vulnerability if accessible to remote systems. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
AWStats awstats.pl XSS Vulnerability (Dec 2008)
AWStats is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:awstats:awstats";...
HP Ink Printers RCE Vulnerabilities (Faxploit)
Two security vulnerabilities have been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack or static buffer overflow, which could allow remote code execution RCE. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might...
Webalizer Cross Site Scripting Vulnerability
Webalizer have a cross-site scripting vulnerability, that could allow malicious HTML tags to be injected in the reports generated by the Webalizer. OpenVAS Vulnerability Test $Id: webalizer.nasl 8023 2017-12-07 08:36:26Z teissa $ Description: Webalizer Cross Site Scripting Vulnerability Authors:...
ZyXEL Modems Backup Account and Default Root Credentials (Telnet)
ZyXEL PK5001Z and C1100Z modems have default root credentials set and a backdoor account with hardcoded credentials. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
UseBB Version Detection
This script detects the installed UseBB version. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
HTTP Debugging Methods (TRACE/TRACK) Enabled
The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods which are used to debug web server connections. SPDX-FileCopyrightText: 2003 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...
Possible Trojan Horse Detection (Open Port Based)
Look for potential trojan horses based on open TCP ports. SPDX-FileCopyrightText: 2002 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FTP Unencrypted Cleartext Login
The remote host is running a FTP service that allows cleartext logins over unencrypted connections. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
ZTE F460/F660 Backdoor Unauthorized Access Vulnerability (Mar 2014) - Active Check
ZTE F460/F660 cable modem devices are prone to an unauthorized access vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Microsoft .NET Framework Multiple Vulnerabilities (KB4483455)
This host is missing an important security update according to Microsoft KB4483455 Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...
Distributed Ruby (dRuby/DRb) Multiple RCE Vulnerabilities
Systems using Distributed Ruby dRuby/DRb, which is available in Ruby versions 1.6 and later, may permit unauthorized systems to execute distributed commands. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
Windows IExpress Untrusted Search Path Vulnerability
This host has IExpress bundled with Microsoft Windows and is prone to an untrusted search path vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier...
NanoCMS '/data/pagesdata.txt' Password Hash Information Disclosure Vulnerability
NanoCMS is prone to an information-disclosure vulnerability because it fails to validate access to sensitive files. An attacker can exploit this vulnerability to obtain sensitive information that may lead to further attacks. NanoCMS 0.4final is vulnerable; other versions may also be affected...
Kiwi Syslog Server Information Disclosure Weakness and Vulnerability
Kiwi Syslog Server is prone to an information-disclosure weakness and vulnerability. 1 The weakness is due to the Web Access login page displaying different messages when invalid usernames or passwords are submitted. This can be exploited to enumerate user accounts. 2 A security issue is due to t...