HP Printers RCE Vulnerability (HPSBPI03596)

Multiple HP printers are prone to a remote code execution RCE vulnerability in the solution application signature checking. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

HP LaserJet Pro Multiple Vulnerabilities (HPSBPI03619)

Certain HP LaserJet Pro printers are prone to multiple vulnerabilities. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Backup File Scanner (HTTP)

The script attempts to identify backup files left on the web server. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Liferay Portal 6.x CE RCE Vulnerability

Liferay Portal is prone to a remote code execution RCE vulnerability because of deserialization of a JSON payload. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Microsoft Windows: Prevent users from sharing files within their profile

This policy setting specifies whether users can share files within their profile. By default users are allowed to share files within their profile to other users on their network after an administrator opts in the computer. An administrator can opt in the computer by using the sharing wizard to...

phpLiteAdmin Authentication Bypass Vulnerability

phpLiteAdmin is prone to an authentication bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Joomla! Core 'PHP' Local File Inclusion Vulnerability (20180601)

Joomla is prone to a local file inclusion vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:joomla:joomla";...

Mitel Audio and Web Conferencing (AWC) RCE Vulnerability (Jan 2011)

Mitel Audio and Web Conferencing AWC is prone to a remote command injection vulnerability because it fails to adequately sanitize user-supplied input data. Copyright C 2011 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Microsoft Office Suite Remote Code Execution Vulnerability (KB3141538)

This host is missing a critical update for Microsoft Office Suite according to Microsoft KB3141538. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

SLES9: Security update for PHP

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: php4-gd php4-recode apache2-modphp4 php4-mysql php4-exif php4-pear php4-pgsql php4-devel modphp4-core modphp4-servlet php4-servlet php4-fastcgi php4-session...

Microsoft Outlook 2016 Multiple Vulnerabilities (KB4011682)

This host is missing a critical security update according to Microsoft KB4011682 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Java RMI Server Insecure Default Configuration RCE Vulnerability - Active Check

Multiple Java products that implement the RMI Server contain a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code remote code execution/RCE on a targeted system with elevated privileges. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions mig...

PRTG Network Monitor < 18.1.39.1648 Stack Overflow Vulnerability

PRTG Network Monitor is prone to a stack overflow vulnerability which results in a denial of service DoS condition. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

vBulletin < 5.3.0 'parse_url' SSRF Vulnerability

vBulletin is prone to a server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Hostname Determination Reporting

The script reports information on how the hostname of the target was determined. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This progra...

WWW Too Long URL DoS Vulnerability

Remote web server is vulnerable to the too long URL vulnerability. It might be possible to gain remote access using buffer overflow. SPDX-FileCopyrightText: 2009 LSS Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Squid Multiple 0-Day Vulnerabilities (Oct 2023)

Squid is prone to multiple zero-day 0-day vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:squid-cache:squid";...

Embedthis GoAhead 2.5.0 HTTP Header Injection Vulnerability - Active Check

Embedthis GoAhead is prone to an HTTP header injection vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002

The remote host is missing Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002. SPDX-FileCopyrightText: 2010 LSS Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

PHP < 5.3.13, 5.4.x < 5.4.3 Multiple Vulnerabilities - Active Check

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.103482"...

Microsoft Windows Multiple Vulnerabilities (KB5049993)

This host is missing an important security update according to Microsoft KB5049993 SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

rsh Unencrypted Cleartext Login

This remote host is running a rsh service. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribu...

SMTP settings

Various settings for SMTP parameters used during SMTP/Mail Server scanning. SPDX-FileCopyrightText: 2008 Michel Arboi and Renaud Deraison Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Joomla! < 3.8.13 RCE Vulnerability

comjoomlaupdate allows the execution of arbitrary code. The default ACL config enabled the ability of Administrator-level users to access comjoomlaupdate and trigger code execution. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and...

Microsoft Windows 'Win32k.sys' Multiple Vulnerabilities (KB4019204)

This host is missing an important security update according to Microsoft security update KB4019204. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

SSH Login Failed For Authenticated Checks

It was NOT possible to login using the provided SSH credentials. Hence authenticated checks are NOT enabled. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Microsoft Remote Desktop Protocol (RDP) Detection

A service supporting the Microsoft Remote Desktop Protocol RDP is running at this host. Copyright C 2009 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

Juniper Networks Junos OS OpenSSH Information Leak and Buffer Overflow Vulnerability

Junos OS is prone to an information leak and buffer overflow vulnerability in the OpenSSH client. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

Nginx Chunked Transfer Encoding Stack Based Buffer Overflow Vulnerability

Nginx is prone to a stack based buffer overflow vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nginx:nginx";...

Synology DiskStation Manager (DSM) Multiple Vulnerabilities (Synology-SA-17:29) - Active Check

Synology DiskStation Manager DSM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

ILIAS Default Credentials (HTTP)

ILIAS is using default administrative credentials. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenVAS Framework / GVM Components End of Life (EOL) Detection

The version of the OpenVAS framework / Greenbone Vulnerability Management GVM component on the remote host has reached the End of Life EOL and should not be used anymore. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyrig...

BlackIce DoS (ping flood)

It was possible to crash the remote machine by flooding it with 10 KB ping packets. SPDX-FileCopyrightText: 2002 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only TBD : eEyes...

Cloudflare '/cdn-cgi/trace' Debug / Trace Output Accessible (HTTP)

The remote host is exposing the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.108760";...

Unprotected Web App / Device Installers (HTTP)

The script attempts to identify installation/setup pages of various web apps/devices that are publicly accessible and not protected by e.g. account restrictions or having their setup finished. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced...

Microsoft Visual Studio 2012 Update 5 Information Disclosure Vulnerability (KB4089501)

This host is missing an important security update according to Microsoft KB4089501. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

WordPress TablePress Plugin XXE Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.140537";...

AVM FRITZ!Box Default Password (FTP)

This script detects if the device has a default password set. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:avm:fritz%21os";...

OpenVAS / Greenbone Vulnerability Manager (GVM) Default Credentials (OMP/GMP Protocol)

The remote OpenVAS / Greenbone Vulnerability Manager GVM is installed / configured in a way that it has accounts with default passwords enabled. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective rig...

coturn <= 4.5.0.8 Authentication Bypass Vulnerability - Active Check

coturn is prone to an authentication bypass vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:coturn:coturn"; if...

HTTP Security Headers Detection

All known security headers are being checked on the remote web server. On completion a report will hand back whether a specific security header has been implemented including its value and if it is deprecated or is missing on the target. SPDX-FileCopyrightText: 2017 Greenbone AG Some text...

Gogs < 0.11.79 Multiple Vulnerabilities

Gogs is prone to multiple vulnerabilities. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribu...

Microsoft Windows 10: Disable new DMA devices when this computer is locked

This test checks the setting for policy OpenVAS Vulnerability Test $Id: windmadeviceslocked.nasl 11337 2018-09-11 14:23:53Z emoss $ Check value for Disable new DMA devices when this computer is locked Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

OpenSSH < 7.3 DoS and User Enumeration Vulnerabilities - Windows

OpenSSH is prone to denial of service DoS and user enumeration vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

OpenSSH 'sshd' GSSAPI Credential Disclosure Vulnerability

The host is running OpenSSH sshd with GSSAPI enabled and is prone to credential disclosure vulnerability. OpenVAS Vulnerability Test $Id: secpodsshdgssapicredentialdisclosurevuln.nasl 7029 2017-08-31 11:51:40Z teissa $ OpenSSH 'sshd' GSSAPI Credential Disclosure Vulnerability Authors: Antu Sanadi...

POP3 Unencrypted Cleartext Login

The remote host is running a POP3 daemon that allows cleartext logins over unencrypted connections. NOTE: Depending on the POP3 server configuration valid credentials needs to be given to the settings of SPDX-FileCopyrightText: 2004 George A. Theall Some text descriptions might be excerpted from ...

FTP Banner Detection

This script detects and reports a FTP Server Banner. SPDX-FileCopyrightText: 2005 SecuriTeam SPDX-FileCopyrightText: New detection methods / pattern / code since 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

Microsoft Office Suite Remote Code Execution Vulnerability (KB4014793)

This host is missing a critical update for Microsoft Office Suite according to Microsoft security update KB4014793. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Discourse 'CVE-2019-5418' LFI Vulnerability - Active Check

Discourse is prone to a LFI Local File Inclusion vulnerability if the hosting system is running an outdated version of Ruby on Rails. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

RealVNC VNC Viewer Remote Code Execution Vulnerability (Windows)

This host has RealVNC VNC Viewer installed and is prone to security vulnerability. The flaw is due to error in 'CMsgReader::readRect' function in common/rfb/CMsgReader.cxx processing encoding types, and is exploited by sending specially crafted messages to the application. OpenVAS Vulnerability...