Multiple Devices Information Disclosure / Path Traversal Vulnerabilities - Active Check

Multiple devices are prone to information disclosure and / or path traversal vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only i...

Fedora: Security Advisory for webkit2gtk3 (FEDORA-2021-619711d709)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Apache Tomcat 'Hostname Verification' Security Bypass Vulnerability - Windows

Apache Tomcat is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat";...

Microsoft Windows Multiple Vulnerabilities (KB4284826)

This host is missing a critical security update according to Microsoft KB4284826 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows Multiple Vulnerabilities (KB4022717)

This host is missing a critical security update according to Microsoft KB4022717 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SQLite < 3.50.2 Memory Corruption Vulnerability

SQLite is prone to a memory corruption vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:sqlite:sqlite"; ifdescripti...

Microsoft Windows Multiple Vulnerabilities (KB4528760)

This host is missing a critical security update according to Microsoft KB4528760 SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows Multiple Vulnerabilities (KB4499164)

This host is missing a critical security update according to Microsoft KB4499164. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This progr...

Eclipse Jetty Information Disclosure Vulnerability (CVE-2019-10247) - Windows

Eclypse Jetty is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty"...

Netis Router Detection (HTTP)

HTTP based detection of Netis Router devices. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Cisco Unified Communications Manager IM and Presence Service Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability

Cisco Unified Communications Manager IM and Presence Service is prone to a vulnerability in Apache Struts2. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

CentOS Update for openssl CESA-2014:0376 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

phpMyAdmin 'unserialize()' RCE Vulnerability

phpMyAdmin is prone to a vulnerability that lets attackers execute arbitrary code in the context of the webserver process. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

HTTP 1.1 Header Overflow DoS Vulnerability

It was possible to kill the web server by sending an invalid request with a too long HTTP 1.1 header Accept-Encoding, Accept-Language, Accept-Range, Connection, Expect, If-Match, If-None-Match, If-Range, If-Unmodified-Since, Max-Forwards, TE, Host SPDX-FileCopyrightText: 2002 Michel Arboi Some te...

Important Announcement

ATTENTION: Your vulnerability tests are out of maintenance and not updated since July 1st 2020. Your setup of Greenbone Source Edition will not report about any new threats in your scanned environment since this date! REASON: Your Greenbone setup is connected to a discontinued download protocol o...

CentOS Update for thunderbird CESA-2019:1624 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress miniOrange SAML SP Single Sign On Plugin <= 4.8.72 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.112436";...

Magento SQLi Vulnerability (CVE-2019-7139)

An unauthenticated user can execute arbitrary code through an SQL injection SQLi vulnerability, which causes sensitive data leakage. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

phpMyAdmin 4.5.0 <= 4.8.4 SQL Injection Vulnerability (PMASA-2019-2) - Windows

phpMyAdmin is prone to an SQL injection vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS Update for microcode_ctl CESA-2018:0093 centos7

Check the version of microcodectl SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882828";...

Red Hat JBoss Products RMI Java Deserialization Vulnerability (Nov 2015) - Active Check

Red Hat JBoss products are prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Tiki Wiki CMS Groupware < 3.5, 4.x < 4.2 Multiple Unspecified Vulnerabilities

Tiki Wiki CMS Groupware is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

BrowseGate HTTP headers overflows

It was possible to kill the BrowseGate proxy by sending it an invalid request with too long HTTP headers Authorization and Referer A cracker may exploit this vulnerability to make your web server crash continually or even execute arbirtray code on your system. OpenVAS Vulnerability Test $Id:...

Debian: Security Advisory (DSA-4433-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-1715-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MyWebSQL <= 3.8 Multiple Vulnerabilities

MyWebSQL is prone to multiple vulnerabilities. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation;...

QNAP QTS < 4.2.6 build 20171208, 4.3.3.x < 4.3.3.0396 build 20171205, 4.3.4.x < 4.3.4.0411 build 20171208 Multiple Vulnerabilities

QNAP QTS is vulnerable to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qts"; ifdescription...

Mark host as dead if going offline (failed ICMP ping) during scan - Phase 4

This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Blackstratus LOGStorm Default Credentials (MySQL Protocol)

The remote MySQL service has the password SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.140093...

WIBU-SYSTEMS CodeMeter WebAdmin Detection (HTTP)

HTTP based detection of WIBU-SYSTEMS CodeMeter WebAdmin. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Eclipse Jetty Vulnerability (CVE-2019-17638) - Linux

Eclipse Jetty is prone to a vulnerability where sensitive information about clients could be obtained. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Greenbone OS - Kernel Denial of Service Vulnerabilities (Jun 2019)

The Kernel in Greenbone OS is prone to multiple denial of service vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

OpenSSH < 7.8 User Enumeration Vulnerability - Windows

OpenSSH is prone to a user enumeration vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openbsd:openssh";...

Microsoft Windows 10: Accounts: Limit local account use of blank passwords to console logon only

The Accounts: Limit local account use of blank passwords to console logon only policy setting determines whether remote interactive logons by network services such as Remote Desktop Services, Telnet, and File Transfer Protocol FTP are allowed for local accounts that have blank passwords. If this...

Concrete5 < 8.3.0 Authentication Bypass Vulnerability

An issue was discovered in tools/conversations/viewajax.php in Concrete5. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/viewajax with incremental SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions...

ManageEngine ServiceDesk Plus Multiple Vulnerabilities (Nov 2017) - Active Check

ManageEngine ServiceDesk Plus is prone to multiple arbitrary file download vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...

SSL/TLS: Microsoft Remote Desktop Protocol STARTTLS Detection

Checks if the remote Microsoft Remote Desktop Protocol RDP service supports the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Nmap NSE: Banner Grabber

This script attempts to connect to the target port and returns the banner of the remote service. This is a wrapper on the Nmap Security Scanner's http://nmap.org banner.nse OpenVAS Vulnerability Test $Id: gbnmapbannergrabber.nasl 8233 2017-12-22 09:37:31Z cfischer $ Wrapper for Nmap Banner Grabbe...

FreeBSD Ports: gallery

The remote host is missing an update to the system as announced in the referenced advisory. VID 5752a0df-60c5-4876-a872-f12f9a02fa05 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

LiteServe URL Decoding DoS

The remote web server dies when an URL consisting of a long invalid string of % is sent. A cracker may use this flaw to make your server crash continually. OpenVAS Vulnerability Test $Id: LiteServeDoS.nasl 8023 2017-12-07 08:36:26Z teissa $ Description: LiteServe URL Decoding DoS Authors: Michel...

CentOS: Security Advisory for thunderbird (CESA-2023:0456)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

phpPgAdmin <= 7.13.0 CSRF Vulnerability

phpPgAdmin is prone to a cross-site request forgery CSRF vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Microsoft SQL Server 2016 SP2 GDR Remote Code Execution Vulnerability (KB4505220)

This host is missing a critical security update according to Microsoft KB4505220 SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Windows Defender Firewall: Private Profile: Allow unicast response

The policy determines whether unicast responses to multicast or broadcast messages for a private connection will be blocked. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms o...

Debian: Security Advisory (DSA-4470-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS Update for kernel CESA-2019:0717 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows: MSS: How often keep-alive packets are sent in milliseconds

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winmlkeepalivetime.nasl 11337 2018-09-11 14:23:53Z emoss $ Check value for MSS: KeepAliveTime How often keep-alive packets are sent in milliseconds Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

Microsoft Internet Explorer Multiple Vulnerabilities (KB4040685)

This host is missing a critical security update according to Microsoft security updates KB4040685. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Vtiger CRM <= 5.2.1 XSS Vulnerability - Active Check

Vtiger CRM is prone to a cross-site scripting XSS vulnerability because it fails to sufficiently sanitize user-supplied data. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

MacOS X Finder reveals contents of Apache Web files

MacOS X creates a hidden file, '.FBCIndex' in each directory that has been viewed with the Finder. This file contains the content of the files present in the directory, giving an attacker information on the HTML tags, JavaScript, passwords, or any other sensitive word used inside those files...