GuildFTPd CWD and LIST Command Heap Overflow Vulnerability

This host is running GuildFTPd FTP Server which is prone to Heap Overflow Vulnerability. OpenVAS Vulnerability Test $Id: gbguildftpdheapbofvuln.nasl 4218 2016-10-05 14:20:48Z teissa $ GuildFTPd CWD and LIST Command Heap Overflow Vulnerability Authors: Veerendra GG Copyright: Copyright c 2008...

Java JMX Insecure Configuration Vulnerability - Active Check

The Java JMX interface is configured in an insecure way by allowing unauthenticated attackers to load classes from any remote URL. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

OpenSSH 'auth2-gss.c' User Enumeration Vulnerability - Windows

OpenSSH is prone to a user enumeration vulnerability. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Redis Server compromised by 'RedisWannaMine' Attack - Active Check

The remote Redis server is unprotected and has been compromised via the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Microsoft Windows Multiple Vulnerabilities (KB4103727)

This host is missing a critical security update according to Microsoft KB4103727 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Multiple Devices '/scgi-bin/platform.cgi' Unauthenticated File Disclosure Vulnerability (Jan 2016) - Active Check

The remote device is prone to an arbitrary file disclosure vulnerability because it fails to adequately validate user-supplied input. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Microsoft Windows Multiple Vulnerabilities (KB4499149)

This host is missing a critical security update according to Microsoft KB4499149. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This progr...

Microsoft Windows: MSS: Enable Safe DLL search mode

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winmlsafedllsearchmode.nasl 11337 2018-09-11 14:23:53Z emoss $ Check value for MSS: SafeDllSearchMode Enable Safe DLL search mode recommended Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

WikkaWiki Multiple Security Vulnerabilities

WikkaWiki is prone to multiple security vulnerabilities, including: - An SQL injection vulnerability. - An arbitrary file upload vulnerability. - An arbitrary file deletion vulnerability. - An arbitrary file download vulnerability. - A PHP code injection vulnerability. SPDX-FileCopyrightText: 201...

Apache HTTP Server 2.4.37 mod_ssl DoS Vulnerability - Windows

A bug exists in the way modssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause modssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or...

Microsoft .NET Framework Multiple Vulnerabilities (KB4483458)

This host is missing an important security update according to Microsoft KB4483458 Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

MikroTik RouterOS 6.41.4 Authentication Bypass Vulnerability

An issue was discovered in MikroTik RouterOS. Missing OpenVPN server certificate verification allows a remote unauthenticated attacker capable of intercepting client traffic to act as a malicious OpenVPN server. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted...

Interlogix TruVision Default Credentials (HTTP)

The remote installation of TruVision is using known default credentials. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Global variable settings

This plugin configures miscellaneous global variables for NASL scripts. It does not perform any security check but may disable or change the behaviour of others. SPDX-FileCopyrightText: 2005 Michel Arboi SPDX-FileCopyrightText: New code / functionality since 2009 Greenbone AG Some text descriptio...

Laravel Framework / Laravel Telescope Detection (HTTP)

HTTP based detection of Laravel Framework and Laravel Telescope. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

WordPress UserPro Plugin < 4.9.17.1 Authentication Bypass Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.113055";...

Microsoft .NET Framework Multiple Vulnerabilities (KB4338420)

This host is missing an important security update according to Microsoft KB4338420. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

CentOS Update for libproxy CESA-2012:1461 centos6

Check for the Version of libproxy OpenVAS Vulnerability Test CentOS Update for libproxy CESA-2012:1461 centos6 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

Microsoft Windows Multiple Vulnerabilities (KB4561608)

This host is missing a critical security update according to Microsoft KB4561608 SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows Multiple Vulnerabilities (KB4041671)

This host is missing an important security update according to Microsoft KB4041671. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

TELESTAR-DIGITAL GmbH Multiple Internet Radio Undocumented Telnet Service / Default Credentials (Telnet)

The internet radio products of TELESTAR-DIGITAL GmbH have an undocumented Telnet service with default credentials enabled. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of...

Moodle <= 3.6.3 File Upload Vulnerability

Moodle is prone to a file upload vulnerability. This VT has been deprecated since this CVE has been withdrawn since further investigation showed that it was not a security issue. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...

MariaDB / Oracle MySQL Detection (MySQL Protocol)

MySQL protocol-based detection of MariaDB / Oracle MySQL. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Palo Alto PAN-OS OpenSSL Vulnerability

The OpenSSL library has been found to contain a vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Nextcloud Server 28.x < 28.0.11, 29.x < 29.0.8, 30.x < 30.0.1 Multiple Vulnerabilities

Nextcloud Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nextcloud:nextcloudserver"...

Sendmail Mail Relay Vulnerability

Sendmail is prone to a mail relay vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:sendmail:sendmail"; ifdescriptio...

Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability

Apache HTTP Server is prone to an information disclosure vulnerability. Copyright C 2011 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Ipswitch IMail Server STARTTLS Plaintext Command Injection Vulnerability

The host is running Ipswitch IMail Server and is prone to plaintext command injection vulnerability. OpenVAS Vulnerability Test $Id: secpodipswitchimailserverstarttlscmdinjvuln.nasl 7029 2017-08-31 11:51:40Z teissa $ Ipswitch IMail Server STARTTLS Plaintext Command Injection Vulnerability Authors...

PHP 8.3.x < 8.3.19, 8.4.x < 8.4.5 Multiple Vulnerabilities - Windows

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

Palo Alto PAN-OS Kernel Vulnerability

A vulnerability exists in the kernel of PAN-OS that may result in Information Disclosure. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

SMB Login Failed For Authenticated Checks

It was NOT possible to login using the provided SMB credentials. Hence authenticated checks are NOT enabled. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Check for IIS .cnf file leakage

The IIS web server may allow remote users to read sensitive information from .cnf files. This is not the default configuration. Example, http://target/vtipvt%5csvcacl.cnf, access.cnf, svcacl.cnf, writeto.cnf, service.cnf, botinfs.cnf, bots.cnf, linkinfo.cnf and services.cnf OpenVAS Vulnerability...

Nginx 1.25.0 - 1.25.3 HTTP/3 Vulnerability

Nginx is prone to a use-after-free vulnerability in HTTP/3. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nginx:nginx";...

MS Windows HID Functionality(Over USB) Code Execution Vulnerability

This host is installed with USB device driver software and is prone to code execution vulnerability. OpenVAS Vulnerability Test $Id: gbmswindowshidoverusbcodeexecvuln.nasl 8724 2018-02-08 15:02:56Z cfischer $ MS Windows HID FunctionalityOver USB Code Execution Vulnerability Authors: Antu Sanadi...

Elasticsearch End of Life (EOL) Detection

The Elasticsearch version on the remote host has reached the End of Life EOL and should not be used anymore. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Actiontec C1000A Modem Backup Account (Telnet)

The Actiontec C1000A modem has a backdoor account with hardcoded credentials. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Acme thttpd and mini_httpd Terminal Escape Sequence in Logs Command Injection Vulnerability

Acme SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.100447";...

Double Pulsar Infection Detect

This host is vulnerable to the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.810698";...

Microsoft Windows SMB Server Multiple Vulnerabilities (971468)

This host is missing a critical security update according to Microsoft Bulletin MS10-012. OpenVAS Vulnerability Test $Id: secpodms10-012.nasl 5934 2017-04-11 12:28:28Z antu123 $ Microsoft Windows SMB Server Multiple Vulnerabilities 971468 Authors: Veerendra GG Updated By: Madhuri D on 2010-11-22 ...

OpenSSL CCS Man in the Middle Security Bypass Vulnerability (STARTTLS Check)

OpenSSL is prone to a security bypass vulnerability. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Cisco Unified Communications Manager Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability (cisco-sa-20170310-struts2)

Cisco Unified Communications Manager is prone to a vulnerability in Apache Struts2. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

Joomla! 2.5.0 - 3.9.13 SQLi Vulnerability

Joomla! is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:joomla:joomla";...

Microsoft Visual Studio 'Diagnostic Hub Standard Collector' Elevation Of Privilege Vulnerability (Aug 2018)

This host is missing an important security update according to Microsoft Security Update. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Roundcube Webmail < 1.1.10, 1.2.x < 1.2.7, 1.3.x < 1.3.3 File Disclosure Vulnerability

Roundcube Webmail is prone to a file disclosure vulnerability. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software...

CAREL pCOWeb 'root' User Default Passwords (Telnet)

The remote CAREL pCOWeb based device is using a known default password for the administrative SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

pfSense Default Admin Credentials (HTTP)

In pfSense it is possible to gain administrative access via default credentials. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Yokogawa SMARTDAC+ STANDARD Universal Viewer Detection (Windows SMB Login)

Detects the installed version of Yokogawa SMARTDAC+ STANDARD Universal Viewer for Windows. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Community Link Pro webeditor login.cgi remote command execution

The remote host is running Community Link Pro, a web-based application written in Perl. The remote version of this software contains a flaw in the script 'login.cgi' which may allow an attacker to execute arbitrary commands on the remote host. OpenVAS Vulnerability Test $Id:...

Multiple AVM FRITZ!Box WPA2 Key Reinstallation Vulnerabilities - KRACK

WPA2 as used in several models of the AVM FRITZ!Box are prone to multiple security weaknesses aka Key Reinstallation Attacks KRACK. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Microsoft .NET Framework Multiple Vulnerabilities (KB4507420)

This host is missing a critical security update according to Microsoft KB4507420 Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This progra...