HP Printer Detection (HTTP)

HTTP based detection of HP Printers. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.103675";...

ProFTPD <= 1.3.6 Arbitrary File Copy Vulnerability

ProFTPD is prone to an arbitrary file copy vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:proftpd:proftpd"; if...

Oracle GlassFish Server <= 4.1.1 Directory Traversal Vulnerability - Active Check

GlassFish server is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CentOS: Security Advisory for bpftool (CESA-2020:0374)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SSL/TLS: RSA Temporary Key Handling 'RSA_EXPORT' Downgrade Issue (FREAK)

This host is accepting SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.805142";...

SNMP GETBULK Reflected DRDoS

The remote SNMP daemon allows distributed reflection and amplification DRDoS attacks. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

jQuery < 3.4.0 Object Extensions Vulnerability

jQuery is prone to multiple vulnerabilities regarding property injection in Object.prototype. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only C...

GNU Mailman <= 2.1.26 XSS Vulnerability

Mailman is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gnu:mailman";...

TESO in.telnetd buffer overflow

The Telnet server does not return an expected number of replies when it receives a long sequence of 'Are You There' commands. This probably means it overflows one of its internal buffers and crashes. It is likely an attacker could abuse this bug to gain control over the remote host's superuser. F...

Missing Linux Kernel mitigations for 'iTLB multihit' hardware vulnerabilities

The remote host is missing one or more known mitigations on Linux Kernel side for the referenced SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...

Multiple IP-Cameras (P2P) WIFICAM Cameras Multiple Vulnerabilities

Multiple IP-Camera devices are prone to multiple vulnerabilities. This vulnerability was known to be exploited by the IoT Botnet SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Schneider Electric SoMachine Configuration Manager Detection (Windows SMB Login)

Detects the installed version of Schneider Electric SoMachine Configuration Manager for Windows. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...

PHP < 5.2.0 Multiple Vulnerabilities

PHP is prone to multiple vulnerabilities. Copyright C 2012 NopSec Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or...

Zimbra < 8.7.0 Multiple Vulnerabilities

Zimbra is prone to multiple security vulnerabilities because it fails to sanitize user-supplied input. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Microsoft .NET Framework Remote Code Execution Vulnerability (KB4565627)

This host is missing a critical security update according to Microsoft KB4565627 Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This progra...

Twonky Server 7.0.11 - 8.5 Multiple Vulnerabilities - Active Check

Twonky Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:lynxtechnology:twonkyserver";...

HP Integrated Lights-Out (iLO) 4 Multiple Remote Vulnerabilities

HP Integrated Lights-Out iLO 4 is prone to multiple remote vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

KilerRat Trojan Detection

The remote host seems to be infected by the KilerRat remote access trojan. Copyright C 2017 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by t...

Exim 4.87 - 4.91 RCE Vulnerability

Exim is prone to an unauthenticated remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

File Inclusion Vulnerability in Pivot

Pivot is a set of PHP scripts designed to maintain dynamic web pages. There is a flaw in the file moduledb.php which may let an attacker execute arbitrary commands on the remote host by forcing the remote Pivot installation to include a PHP file hosted on an arbitrary third-party website...

Fedora Core 10 FEDORA-2009-12444 (awstats)

The remote host is missing an update to awstats announced via advisory FEDORA-2009-12444. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by t...

Polycom HDX Default Credentials (Telnet)

The Polycom device has default telnet credentials or passwordless login. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft WinVerifyTrust Signature Validation Vulnerability (2893294)

This host is missing an critical security update according to Microsoft Bulletin MS13-098. OpenVAS Vulnerability Test $Id: secpodms13-098.nasl 6104 2017-05-11 09:03:48Z teissa $ Microsoft WinVerifyTrust Signature Validation Vulnerability 2893294 Authors: Shashi Kiran N Copyright: Copyright C 2013...

Microsoft Windows Shell Remote Code Execution Vulnerability (2286198)

This host is missing a critical security update according to Microsoft Bulletin MS10-046. OpenVAS Vulnerability Test $Id: secpodms10-046.nasl 5934 2017-04-11 12:28:28Z antu123 $ Microsoft Windows Shell Remote Code Execution Vulnerability 2286198 Authors: Antu Sanadi Updated By: Madhuri D on...

Mort Bay / Eclipse Jetty Detection (HTTP)

HTTP based detection of Mort Bay / Eclipse Jetty. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Check default community names of the SNMP Agent

The script sends a connection request to the server and attempts to login with default communities. Successful logins are storen in the KB. SPDX-FileCopyrightText: 2005 SecuriTeam SPDX-FileCopyrightText: New code and default communities since 2009 Greenbone AG Some text descriptions might be...

Microsoft .NET Framework Information Disclosure Vulnerability (KB4480056)

This host is missing an important security update according to Microsoft KB4480056 SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Microsoft Office 2016 Multiple Remote Code Execution Vulnerabilities (KB4011574)

This host is missing an important security update according to Microsoft KB4011574 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

ArcGis Server < 10.4.1 RCE Vulnerability

ArcGIS Server is prone to a remote code execution RCE vulnerability. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Riello NetMan Default Credentials (HTTP)

The remote Riello NetMan network card is using known default credentials for the HTTP login. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

'Microsoft.Data.OData' DoS Vulnerability (Sep 2018) - Windows

'OData Library SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.814211";...

Authenticated Scan / LSC Info Consolidation (Windows SMB Login)

Consolidation and reporting of various technical information about authenticated scans / local security checks LSC via SMB for Windows targets. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective righ...

ABB Pluto Manager Detection (Windows SMB Login)

Detects the installed version of ABB Pluto Manager for Windows. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows: Configure Watson events

This policy setting allows you to configure whether or not Watson events are sent. If you enable or do not configure this setting, Watson events will be sent. If you disable this setting, Watson events will not be sent. C Microsoft Corporation 2015. SPDX-FileCopyrightText: 2018 Greenbone AG Some...

Zabbix Default Guest Account (HTTP)

Zabbix has a default guest account with no password set. It was possible to access the dashboard without special authentication. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

pfSense End of Life (EOL) Detection

The pfSense version on the remote host has reached the End of Life EOL and should not be used anymore. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Sophos XG Firewall < 16.01.0 Multiple Vulnerabilities

Sophos XG Firewall is prone to multiple vulnerabilities. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

Kentico CMS <= 12.0.14 RCE Vulnerability

Kentico CMS is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Microsoft Windows 10: Universal Windows apps with Windows Runtime API access

This policy setting controls whether Windows Store apps with Windows Runtime API access directly from web content can be launched. If you enable this policy setting, Windows Store apps with Windows Runtime API access directly from web content cannot be launched, Windows Store apps without Windows...

Generic Format String Vulnerability - Active Check

The remote service might be vulnerable to a format string vulnerability. SPDX-FileCopyrightText: 2002 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

HTTP Server Banner Enumeration

This script tries to detect / enumerate different HTTP server banner e.g. from a frontend, backend or proxy server by sending various different HTTP requests valid and invalid ones. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and...

Microsoft Windows Multiple Vulnerabilities (KB4457129)

This host is missing a critical security update according to Microsoft KB4457129 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for php FEDORA-2014-13031

Check the version of php SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868436";...

Ruby on Rails XML Processor YAML Deserialization RCE Vulnerability (Jan 2013)

Ruby on Rails is prone to a remote command execution RCE vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Microsoft Internet Explorer Multiple Vulnerabilities (KB4052978)

This host is missing a critical security update according to Microsoft security updates KB4052978. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Deprecated SSH-1 Protocol Detection

The host is running SSH and is providing / accepting one or more deprecated versions of the SSH protocol which have known cryptographic flaws. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

Microsoft Windows Multiple Vulnerabilities (KB4494440)

This host is missing a critical security update according to Microsoft KB4494440 Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This progra...

webERP Information Disclosure, SQL Injection, and Cross Site Scripting Vulnerabilities

webERP is prone to information-disclosure, SQL-injection, and cross- site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may exploit the information-disclosure issue to gain access to sensitive information that may lead to further attacks. An...

Microsoft .NET Framework Multiple Vulnerabilities (KB4338423)

This host is missing an important security update according to Microsoft KB4338423 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Unprotected Windows CE Console (Telnet)

The remote Windows CE Telnet Console is not protected by a password. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...