177629 matches found
Crestron Device Detection (CIP)
Crestron Internet Protocol CIP based detection of Crestron devices. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
Embedthis GoAhead < 3.6.5 RCE Vulnerability - Active Check
Embedthis GoAhead is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
HP Printers RCE Vulnerability (CVE-2017-2750)
Multiple HP Printers are vulnerable to remote code execution RCE attacks. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fr...
VxWorks Debugging Service Security-Bypass Vulnerability
VxWorks is prone to a remote security-bypass vulnerability. Successful exploits will allow remote attackers to perform debugging tasks on the vulnerable device. The issue affects multiple products from multiple vendors that ship with the VxWorks operating system. OpenVAS Vulnerability Test $Id:...
Header overflow against HTTP proxy
It was possible to kill the HTTP proxy by sending an invalid request with a too long header A cracker may exploit this vulnerability to make your proxy server crash continually or even execute arbitrary code on your system. OpenVAS Vulnerability Test $Id: avirtproxyoverflow.nasl 6702 2017-07-12...
Adobe ColdFusion Directory Traversal Vulnerability
Adobe ColdFusion is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. Adobe ColdFusion 9.0.1 and prior are vulnerable. OpenVAS...
Microsoft Windows Remote Desktop Service Remote Code Execution Vulnerability (KB4500331)
This host is missing a critical security update according to Microsoft KB4500331. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This progr...
MikroTik RouterOS Directory Traversal Vulnerability (CVE-2019-3943)
MikroTik RouterOS is prone to an authenticated directory traversal vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Zyxel NSA310 RCE Vulnerability
A remote unauthenticated code execution vulnerability in Zyxel NSA310 allows remote attackers to execute arbitrary code as a root SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Microsoft Windows Multiple Vulnerabilities (KB4103725)
This host is missing a critical security update according to Microsoft KB4103725 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
D-Link DIR-850L Backdoor Account / Hardcoded Credentials (Telnet)
The D-Link DIR-850L router has a backdoor account with hardcoded credentials. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mongoose Web Server Remote Buffer Overflow Vulnerability
Mongoose Web Server is prone to a remote buffer overflow vulnerability. Copyright C 2011 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
Oracle 9i Application Server SOAP Default Configuration Vulnerability - Active Check
In a default installation of Oracle 9i Application Server AS v.1.0.2.2, it is possible to deploy or undeploy SOAP services without the need of any kind of credentials. SPDX-FileCopyrightText: 2003 Javier Fernandez-Sanguino Some text descriptions might be excerpted from a referenced sources, and a...
Nagios Core < 4.4.6 Multiple Vulnerabilities
Nagios Core is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nagios:nagios"; ifdescription...
vsftpd Compromised Source Packages Backdoor Vulnerability - Active Check
vsftpd is prone to a backdoor vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:vsftpdproject:vsftpd"; ifdescription...
Microsoft Windows SMB Server Multiple Vulnerabilities-Remote (4013389)
This host is missing a critical security update according to Microsoft Bulletin MS17-010. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Microsoft .NET Framework DoS And Security Feature Bypass Vulnerability (KB4054998)
This host is missing a critical security update according to Microsoft Security Updates KB4054998. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Web Services Management (WS-Man) / Windows Remote Management (WinRM) Detection (HTTP)
HTTP based detection of Web Services Management WS-Man / Windows Remote Management WinRM. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
phpMyAdmin Security Bypass Vulnerability-PMASA-2017-8
phpMyAdmin is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyadmin:phpmyadmin"; i...
Oracle MySQL Server <= 5.6.43 / 5.7 <= 5.7.25 / 8.0 <= 8.0.15 Security Update (cpuapr2019) - Linux
Oracle MySQL Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:mysql"; if...
SSL/TLS: NPN / ALPN Extension and Protocol Support Detection
This routine identifies services supporting the following extensions to TLS: - Application-Layer Protocol Negotiation ALPN - Next Protocol Negotiation NPN. Based on the availability of this extensions the supported Network Protocols by this service are gathered and reported. SPDX-FileCopyrightTex...
Microsoft Windows SMB/NETBIOS NULL Session Authentication Bypass Vulnerability
Microsoft Windows is prone to an authentication bypass vulnerability via SMB/NETBIOS. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Monstra CMS <= 3.0.4 Multiple Vulnerabilities
Monstra CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
Mikrotik RouterOS 'Winbox Service' Information Disclosure Vulnerability (Apr 2018) - Version Check
Mikrotik RouterOS is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Panasonic IP Camera Default Credentials (HTTP)
The remote installation of Panasonic SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.114045";...
Multiple D-Link Products Command Injection Vulnerability (Nov 2014) - Active Check
Multiple D-Link products are prone to a command injection vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
AWStats Detection
This host is running AWStats, a free powerful and featureful tool that generates advanced web, streaming, ftp or mail server statistics, graphically. OpenVAS Vulnerability Test $Id: awstatsdetect.nasl 5720 2017-03-24 14:15:57Z cfi $ AWStats Detection Authors: Michael Meyer Copyright: Copyright c...
AVTECH Devices Multiple Vulnerabilities
AVTECH devices IP camera/NVR/DVR are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Microsoft .NET Framework RCE Vulnerability (KB4457035)
This host is missing a critical security update according to Microsoft KB4457035 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle WebLogic Server Java Deserialization / RCE Vulnerability (CVE-2015-4852) - Active Check
Oracle WebLogic Server is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
ABB Automation Builder Installation Manager Detection (Windows SMB Login)
SMB login-based detection of ABB Automation Builder Installation Manager. This VT has been deprecated and replaced by the VT SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Elastic Elasticsearch Detection (HTTP)
HTTP based detection of Elastic Elasticsearch. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
TFM MMPlayer '.m3u' Buffer Overflow Vulnerability (Jul 2009)
TFM MMPlayer is prone to a stack-based buffer overflow vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CERN httpd CGI name heap overflow
It was possible to kill the remote web server by requesting GET /cgi-bin/A.AAAA...A HTTP/1.0 This is known to trigger a heap overflow in some servers like CERN HTTPD. SPDX-FileCopyrightText: 2005 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C...
SSH Server type and version
This detects the SSH Server SPDX-FileCopyrightText: 2006 SecuriTeam SPDX-FileCopyrightText: New detection methods / pattern / code since 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
OpenSSH 'auth2-gss.c' User Enumeration Vulnerability - Linux
OpenSSH is prone to a user enumeration vulnerability. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Microsoft Windows 10: Access Credential Manager as a trusted caller
The Access Credential Manager as a trusted caller policy setting is used by Credential Manager during backup and restore. No accounts should have this privilege because it is assigned only to the Winlogon service. Saved credentials of users may be compromised if this privilege is given to other...
Microsoft Windows: Turn On Virtualization Based Security (Require UEFI Memory Attributes Table)
This test checks the setting for policy OpenVAS Vulnerability Test $Id: winvbsrequireuefi.nasl 11381 2018-09-13 14:55:03Z emoss $ Check value for Turn On Virtualization Based Security: Require UEFI Memory Attributes Table Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...
Microsoft Windows 10: Prevent device metadata retrieval from the Internet
This policy setting prevents Windows from retrieving device metadata from the Internet. If enabled, Windows does not retrieve device metadata for installed devices from the Internet. This policy setting overrides the setting in the Device Installation Settings dialog box. OpenVAS Vulnerability Te...
Citrix Endpoint Management / XenMobile Detection (HTTP)
HTTP based detection of Citrix Endpoint Management formerly XenMobile. When HTTP credentials are given, this script logs into the Endpoint Management / XenMobile server to obtain the installed patch release information. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be...
Lighttpd < 1.4.36 'http_auth.c' RCE Vulnerability - Linux
Lighttpd is prone to a remote code execution RCE vulnerability. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free softwar...
Nmap NSE 6.01: smb-check-vulns
Checks for vulnerabilities: MS08-067, a Windows RPC vulnerability Conficker, an infection by the Conficker worm Unnamed regsvc DoS, a denial-of-service vulnerability I accidentally found in Windows 2000 SMBv2 exploit CVE-2009-3103, Microsoft Security Advisory 975497 MS06-025, a Windows Ras RPC...
Microsoft Windows SMB Server NTLM Multiple Vulnerabilities (971468)
This host is missing a critical security update according to Microsoft Bulletin MS10-012. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Graylog Default Credentials Vulnerability (REST API)
The remote Graylog installation has default credentials set. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:graylog:graylog";...
Strawberry Perl Modules Multiple Vulnerabilities (Windows)
The host is installed with Strawberry Perl and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbperlmodulesmultvulnwin.nasl 5950 2017-04-13 09:02:06Z teissa $ Strawberry Perl Modules Multiple Vulnerabilities Windows Authors: Madhuri D Copyright: Copyright c 2012 Greenbone...
Microsoft Windows Multiple Vulnerabilities (KB4022715)
This host is missing a critical security update according to Microsoft KB4022715 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Microsoft SMB Multiple Vulnerabilities (KB4018466)
This host is missing a critical/important security update according to Microsoft KB4018466 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Microsoft Office Suite Remote Code Execution Vulnerability (KB3178703)
This host is missing a critical update for Microsoft Office Suite according to Microsoft KB3178703. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Microsoft .NET Framework RCE Vulnerability (KB4457034)
This host is missing a critical security update according to Microsoft KB4457034. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Postfix Admin Security Bypass Vulnerability
Postfix Admin is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...