GetSimple CMS <= 3.3.16 RCE Vulnerability

GetSimple CMS is prone to a remote code execution RCE vulnerability. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

D-Link DSL Devices 'login.cgi' RCE Vulnerability - Active Check

D-Link DSL routers are prone to a remote command execution RCE vulnerability. This vulnerability was known to be used by an unknown Botnet in 2018. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

Apache Tomcat RCE Vulnerability (Apr 2019) - Windows

Apache Tomcat is prone to a remote code execution RCE vulnerability due to a bug in the way the JRE passes command line arguments to Windows. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

Check if Mailserver answer to VRFY and EXPN requests

The Mailserver on this host answers to VRFY and/or EXPN requests. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SCP/SFTP/FTP Sensitive Data Exposure via Config File (HTTP)

The script attempts to identify SCP/SFTP/FTP configuration files containing sensitive data at the remote web server. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

VMAX Web Viewer Default Credentials (HTTP)

VMAX Web Viewer is using known default credentials. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MySQL / MariaDB Default Credentials (MySQL Protocol)

It was possible to login into the remote MySQL using default credentials. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Samsung iPolis Default Credentials (HTTP)

The remote installation of Samsung iPolis is using known default credentials. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published b...

PRTG Network Monitor < 18.2.39 Command Injection Vulnerability

PRTG Network Monitor is prone to a command injection vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Nmap (NASL wrapper)

This plugin runs nmap to find open ports. SPDX-FileCopyrightText: 2005 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.14259";...

nginx 1.9.5 < 1.14.1, 1.15.x < 1.15.6 Multiple Vulnerabilities

Two security issues were identified in the nginx HTTP/2 implementation, which might cause excessive memory consumption and CPU usage. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

MikroTik RouterOS 6.40.5 - 6.44, 6.48.1 - 6.49.10 DoS Vulnerability

MikroTik RouterOS is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

MikroTik RouterOS Detection (SSH)

SSH based detection of MikroTik RouterOS. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.108548"...

Oracle WebLogic Server Java Deserialization / RCE Vulnerability (CVE-2015-4852) - Version Check

Oracle WebLogic Server is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Microsoft Windows Remote Desktop Services RCE Vulnerability (CVE-2019-0708, BlueKeep) - Active Check

Microsoft Windows Remote Desktop Services is prone to a remote code execution RCE vulnerability dubbed SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Microsoft Visual Studio 2010 Service Pack 1 Information Disclosure Vulnerability (KB4091346)

This host is missing an important security update according to Microsoft KB4091346 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Joomla Kunena Forum Extension < 3.0.6 Multiple Vulnerabilities

The Kunena Forum Extension for Joomla is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Relative IP Identification number change

The remote host uses non-random IP IDs, that is, it is possible to predict the next value of the ipid field of the ip packets sent by this host. SPDX-FileCopyrightText: 1999 SecuriTeam Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

Apache Tomcat JK Connector (mod_jk) < 1.2.46 Authentication Bypass Vulnerability - Linux

Apache Tomcat JK Connector modjk is prone to an authentication bypass vulnerability. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

Microsoft Windows IIS Privilege Escalation Vulnerability (4013074)

This host is missing an important security update according to Microsoft Bulletin MS17-016 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Apache Tomcat servlet/JSP container default files

The Apache Tomcat servlet/JSP container has default files installed. SPDX-FileCopyrightText: 2004 David Kyger Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat...

Express NODE_ENV 'development' Information Disclosure Vulnerability (HTTP) - Active Check

Express is prone to an information disclosure vulnerability if the NODEENV environment variable is set to SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Roundcube Webmail 1.2.0 - 1.3.5 MX Injection Vulnerability

Roundcube Webmail is prone to an injection vulnerability. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

Sensitive File Disclosure (HTTP)

The script attempts to identify files containing sensitive data at the remote web server. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

OTRS < 3.0.3 Password Disclosure Vulnerability

Open Ticket Request System OTRS is prone to a password disclosure vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

TCP Sequence Number Approximation Reset Denial of Service Vulnerability

The host is running TCP services and is prone to denial of service vulnerability. OpenVAS Vulnerability Test $Id: secpodtcpsequenceapproxdosvuln.nasl 5912 2017-04-10 09:01:51Z teissa $ TCP Sequence Number Approximation Reset Denial of Service Vulnerability Authors: Sooraj KS Copyright: Copyright ...

Telnet Unencrypted Cleartext Login

The remote host is running a Telnet service that allows cleartext logins over unencrypted connections. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Microsoft SQL (MSSQL) Server End of Life (EOL) Detection

The Microsoft SQL MSSQL Server version on the remote host has reached the end of life EOL and should not be used anymore. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

jQuery < 3.0.0 XSS Vulnerability

jQuery is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:jquery:jquery"; if...

ProFTPD Backdoor Unauthorized Access Vulnerability (Dec 2010) - Active Check

ProFTPD is prone to an unauthorized access vulnerability due to a backdoor in certain versions of the application. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CPE Inventory

This routine uses information collected by other routines about CPE identities of operating systems, services and applications detected during the scan. Note: Some CPEs for specific products might show up twice or more in the output. Background: After a product got renamed or a specific vendor wa...

JAWS/1.0 RCE Vulnerability

The JAWS/1.0 web server is prone to a remote command execution RCE vulnerability. This VT has been deprecated as the flaw is already covered by the VT SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respecti...

Private IP address leaked in HTTP headers

This web server leaks a private IP address through its HTTP headers. SPDX-FileCopyrightText: 2001 Alert4Web.com, 2003 Westpoint Ltd Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

ExaGrid Default Credentials (HTTP)

The remote ExaGrid device has default credentials set. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ProFTPD 'mod_copy' Unauthenticated Copying Of Files Via SITE CPFR/CPTO Vulnerability (Apr 2015) - Active Check

ProFTPD is prone to an unauthenticated copying of files vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Microsoft WinVerifyTrust Signature Validation Vulnerability (2893294)

This host is missing a critical security update according to Microsoft Bulletin MS13-098. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

jQuery 1.2 < 3.5.0 XSS Vulnerability

jQuery is prone to a cross-site scripting XSS vulnerability in jQuery.htmlPrefilter and related methods. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Known/Static SSH Host Key Used (TCP)

The remote host uses a default SSH host key that is shared among multiple installations. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

TWiki < 4.2.4 Multiple XSS / Command Execution Vulnerabilities

TWiki is prone to multiple cross-site scripting XSS and command execution vulnerabilities. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE ...

SSL/TLS: Known Untrusted / Dangerous Certificate Authority (CA) Detection

The service is using an SSL/TLS certificate from a known untrusted and/or dangerous certificate authority CA. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier...

VMware ESXi OpenSLP Remote Code Execution (VMSA-2015-0007)

VMware vCenter and ESXi updates address critical security issues. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Missing 'Secure' Cookie Attribute (HTTP)

The remote HTTP web server / application is missing to set the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apache HTTP Server < 2.4.38 mod_session_cookie Vulnerability - Windows

In Apache HTTP Server modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions...

SSL/TLS: Certificate - Subject Common Name Does Not Match Server FQDN

The SSL/TLS certificate contains a common name CN that does not match the hostname. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

phpMyAdmin < 4.8.6 SQL Injection Vulnerability (PMASA-2019-3) - Windows

phpMyAdmin is prone to an SQL injection vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyadmin:phpmyadmin"; if...

Web Remote Viewer Default Credentials (HTTP)

Web Remote Viewer has the default username SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Microsoft Windows HID Functionality (Over USB) Code Execution Vulnerability (Jan 2011)

A USB device driver software is prone to a code execution vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

HTTP Brute Force Logins With Default Credentials

A number of known default credentials are tried for the login via HTTP Basic Auth. As this VT might run into a timeout the actual reporting of this vulnerability takes place in the VT SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, an...

Perl Privilege Escalation Vulnerability - Windows

Perl is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:perl:perl"; ifdescription...

Microsoft Office Suite Remote Code Execution Vulnerability (KB3178710)

This host is missing a critical update for Microsoft Office Suite according to Microsoft KB33178710. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...