Apache Struts Security Update (S2-057) - Active Check

Apache Struts is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

IBM WebSphere Application Server Detection (GIOP)

GIOP General Inter-ORB Protocol based detection of an IBM WebSphere Application Server. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if...

Tinyproxy Detection (HTTP)

HTTP based detection of Tinyproxy. SPDX-FileCopyrightText: 2016 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.111080"...

Samba <= 3.4.5 'mount.cifs' Utility Local Privilege Escalation Vulnerability

Samba is prone to a local privilege escalation vulnerability in the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:samba:samba";...

Microsoft Office 2013 Service Pack 1 Remote Code Execution Vulnerabilities (KB4011580)

This host is missing an important security update according to Microsoft KB4011580 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Microsoft .NET Framework Multiple Vulnerabilities (2916607)

This host is missing an important security update according to Microsoft Bulletin MS14-009. OpenVAS Vulnerability Test $Id: secpodms14-009.nasl 7582 2017-10-26 11:56:51Z cfischer $ Microsoft .NET Framework Multiple Vulnerabilities 2916607 Authors: Thanga Prakash S Copyright: Copyright C 2014...

Microsoft Internet Explorer Multiple Vulnerabilities (KB4036586)

This host is missing a critical security update according to Microsoft security updates KB4036586. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Pure-FTPd FTP Server Detection (FTP)

FTP based detection of a Pure-FTPd FTP Server. SPDX-FileCopyrightText: 2016 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

Exim < 4.92.2 RCE Vulnerability

Exim is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:exim:exim"; if...

Nmap NSE: RealVNC Authentication Bypass

This script attempts to check if a VNC server is vulnerable to the RealVNC authentication bypass CVE-2006-2369. This is a wrapper on the Nmap Security Scanner's http://nmap.org realvnc-auth-bypass.nse. OpenVAS Vulnerability Test $Id: gbnmaprealvncauthbypass.nasl 7006 2017-08-25 11:51:20Z teissa $...

Format string on URI

The remote web server seems to be vulnerable to a format string attack on the URI. An attacker might use this flaw to make it crash or even execute arbitrary code on this host. SPDX-FileCopyrightText: 2004 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are...

SLES9: Security update for PHP

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: php4-gd php4-recode apache2-modphp4 php4-mysql php4-exif php4-pear php4-pgsql php4-devel modphp4-core modphp4-servlet php4-servlet php4-fastcgi php4-session...

Adminer < 4.7.8 SSRF Vulnerability - Linux

Adminer is prone to a server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

jQuery Detection (HTTP)

HTTP based detection of jQuery. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.141622";...

Format string on HTTP method name

The remote web server seems to be vulnerable to a format string attack on the method name. SPDX-FileCopyrightText: 2003 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

HTTP User-Agent Overflow DoS Vulnerability

It was possible to kill the web server by sending an invalid GET request with a too long User-Agent field. SPDX-FileCopyrightText: 2002 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Unbound DNS Resolver 1.6.4 - 1.9.4 RCE Vulnerability

Unbound DNS Resolver is prone to a remote code execution RCE vulnerability under certain conditions. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Microsoft Windows Multiple Vulnerabilities (KB4338818)

This host is missing a critical security update according to Microsoft KB4338818 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress NOSpamPTI Plugin SQLi Vulnerability - Active Check

The WordPress plugin Copyright C 2013 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

phpMyAdmin 'phpinfo.php' Information Disclosure Vulnerability (PMASA-2010-10) - Active Check

phpMyAdmin is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CS121 UPS Default Admin Credentials (HTTP)

The remote CS121 UPS web interface is using known default credentials. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apache Tomcat End of Life (EOL) Detection - Windows

The Apache Tomcat version on the remote host has reached the end of life EOL and should not be used anymore. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Canon Printers Authentication Bypass Vulnerability (Jul 2018)

Canon Printers LBP6650, LBP3370, LBP3460 and LBP7550C are prone to an authentication bypass vulnerability. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

NETGEAR Routers RCE Vulnerability (CVE-2016-6277) - Active Check

Multiple Netgear routers are prone to a remote command execution RCE vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPEPREFIX =...

Microsoft Windows 10: Impersonate a client after authentication

This policy setting determines which programs are allowed to impersonate a user or another specified account and act on behalf of the user. If this user right is required for this type of impersonation, an unauthorized user cannot cause a client to connect for example, by remote procedure call RP...

Brother Devices - Authentication Bypass / Password Change Exploit

Most of Brother devices web authorization can be bypassed through a trivial bug in the login process. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

FTP Brute Force Logins With Default Credentials Reporting

It was possible to login into the remote FTP server using weak/known credentials. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for Chromium (openSUSE-SU-2016:1865-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Liferay Portal/DXP Detection (HTTP)

HTTP based detection of Liferay Portal/DXP. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows Multiple Vulnerabilities (KB4025337)

This host is missing a critical security update according to Microsoft KB4025337 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

phpMyAdmin 4.5.0 <= 4.8.4 SQL Injection Vulnerability (PMASA-2019-2) - Linux

phpMyAdmin is prone to an SQL injection vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apache Tomcat RCE Vulnerability (Nov 2016)

Apache Tomcat is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Microsoft .NET Framework Multiple Vulnerabilities (KB4095874)

This host is missing a critical security update according to Microsoft Security Updates KB4095874. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Known/Static SSH Private Key Used (TCP)

The remote host has a known static SSH private key installed. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RainLoop Webmail Detection (HTTP)

HTTP based detection of RainLoop Webmail. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (Jul 2019)

This host is missing an important security update according to Microsoft Office Click-to-Run updates. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Microsoft Internet Explorer Multiple Vulnerabilities (KB4056568)

This host is missing a critical security update according to Microsoft security updates KB4056568 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

HP JetDirect EWS Password Discovery (SNMP)

The remote HP JetDirect printer might expose a password for the embedded web server access. SPDX-FileCopyrightText: 2005 Digital Defense Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

MikroTik RouterOS < 6.41.3 RCE Vulnerability

MikroTik RouterOS is prone to a remote code execution RCE vulnerability in the SMB service. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...

Microsoft Internet Information Services Security Feature Bypass Vulnerability (2982998)

This host is missing an important security update according to Microsoft Bulletin MS14-076. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...

Linknat VOS3000/2009 SQL Injection Vulnerability

Linknat VOS3000/2009 is prone to an SQL Injection vulnerability SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:linknat:vos";...

Sitefinity Authentication Bypass Vulnerability (Jan 2018)

Sitefinity allows remote attackers to bypass authentication. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:progress:sitefinity"...

Atlassian Bamboo Struts2 RCE Vulnerability

Atlassian Bamboo is prone to a remote code execution RCE vulnerability in Struts2. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Microsoft Remote Desktop Protocol RCE Vulnerabilities (2671387) - Active Check

This host is missing a critical security update according to Microsoft Bulletin MS12-020. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

jQuery End of Life (EOL) Detection - Windows

The jQuery version on the remote host has reached the end of life EOL and should not be used anymore. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

ISC BIND Multiple DoS Vulnerabilities (CVE-2020-8616, CVE-2020-8617) - Windows

ISC BIND is prone to multiple denial of service vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Annuaire PHP XSS Vulnerability (Jan 2012) - Active Check

Annuaire PHP is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apache UserDir Sensitive Information Disclosure

An information leak occurs on Apache based web servers whenever the UserDir module is enabled. The vulnerability allows an external attacker to enumerate existing accounts by requesting access to their home directory and monitoring the response. OpenVAS Vulnerability Test $Id: apacheusername.nasl...

Technicolor DPC3928SL Authentication Bypass Vulnerability (SNMP)

Technicolor DPC3928SL devices are prone to an SNMP authentication bypass vulnerability. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

Ubuntu: Security Advisory (USN-3732-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...