CAGE Web Design | Rolf Van Gelder Security Vulnerabilities

Eclipse Jetty Web Server Detection

The Eclipse Jetty web server was detected on the remote...

OwnCloud OwnCloud Web Interface Detection

The web interface for OwnCloud OwnCloud, an open-source file sync, share and content collaboration software, was detected on the remote...

Fortinet FortiSIEM Web Interface Detection

The web interface for Fortinet FortiSIEM, a Security Information and Event Management system was detected on the remote...

Extreme Networks ExtremeXOS Web Detection

The web interface for Extreme Networks ExtremeXOS was detected on the remote. Note that HTTP form credentials are required to retrieve version...

VMware Cloud Foundation Web Detection

VMware Cloud Foundation, a Hybrid Cloud Platform web application that manages virtual machines was detected on the remote host. Note: To obtain accurate version information from the web server, provide credentials to support HTTP basic...

JetBrains TeamCity Web Interface Detection

Detects the web interface for JetBrains TeamCity on the remote...

Adobe Experience Manager Web Detection

The remote host is running Adobe Experience Manager, a digital asset and content management software. Note: To retrieve patch level information this plugin requires the HTTP credentials of the web console. For accurate results, you may need to enable the Adobe Experience Manager ports (by default,....

Vacron NVR Web Interface Detection

Nessus was able to detect the web interface for a Vacron network video recorder on the remote...

QlikView Server Web UI Detection

The web user interface (UI) for QlikView Server, a business intelligence platform, is running on the remote...

Acunetix Web Vulnerability Scanner Detection

The remote Windows host has one or more installs of Acunetix Web Vulnerability Scanner (WVS), a dynamic vulnerability scanner for web...

web-canape.ru Cross Site Scripting vulnerability OBB-3887022

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Apache Superset Web Interface Detection

The web interface for Apache Superset, an open-source modern data exploration and visualization platform, was detected on the remote...

Apache Airflow Web API Detection

The web application or API for Apache Airflow was detected on the remote host. Note: Prior to Apache Airflow 2.0.0, the API is considered experimental and may not return the version information through the...

Azure CycleCloud Web UI Detection

Azure CycleCloud web user interface detected on remote host. Azure CycleCloud is a tool developed by Microsoft for orchestrating and managing High Performance Computing (HPC) environments on...

Buffalo Router Web Interface Detection

Nessus was able to detect the web administration interface for a Buffalo router on the remote...

Arista CloudVision Portal Web Detection

The remote host is running Arista CloudVision Portal, a web-based GUI for the CloudVision platform. Note: To retrieve patch level information this plugin requires the HTTP credentials of the web...

Isilon OneFS Web Interface Detection

The remote host is running Isilon OneFS, a NAS managment...

NUUO NVR Web Interface Detection

Nessus was able to detect the web interface for a NUUO based network video recorder. NUUO licenses their interface so this device could be made by NUUO, NETGEAR, or someone...

HooToo TripMate Web Interface Detection

Nessus was able to detect the web administration interface for a HooToo TripMate device on the remote...

Pivotal Web Server Version Detection

The version of Pivotal Web Server (formerly VMware vFabric Web Server) could be extracted from the web server's...

Net Optics Director Web Detection

The web management interface for Net Optics Director, a network packet broker and monitoring switch, was detected on the remote...

NextChat / ChatGPT Next Web Detection

The remote host is running an NextChat...

Palo Alto Expedition Web Detection

The web interface for Palo Alto Expedition was detected on the remote host. Expedition is software designed to enable migration of firewall policies and configurations. It is possible to extract version information if login credentials are...

StreamSets Data Collector Web Detection

StreamSets Data Collector, a tool for building pipelines, was detected based on the web interface. Note that for this detection, ports 18630 and 18636 will need to be added to the Nessus port...

IBM BigFix Web Reports Detection

The remote host is running IBM BigFix Web Reports, a high-level web application that connects to one or more IBM BigFix databases to aggregate, analyze, and manage network...

Visualware MyConnection Server Web Detection

The remote host is running the web based user interface for Visualware MyConnection Server (MCS), a network quality management application. It was possible to read the version from a standard...

web-argitalpena.adm.ehu.es Cross Site Scripting vulnerability OBB-3888546

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-34790 WordPress Download ImageMagick Sharpen Resized Images plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hans van Eijsden,niwreg ImageMagick Sharpen Resized Images allows Stored XSS.This issue affects ImageMagick Sharpen Resized Images: from n/a through...

CVE-2022-41103

Microsoft Word Information Disclosure...

CVE-2022-41060

Microsoft Word Information Disclosure...

Sidekiq vulnerable to a Reflected XSS in Queues Web Page

Description: During the source Code Review of the metrics.erb view of the Sidekiq Web UI, A reflected XSS vulnerability is discovered. The value of substr parameter is reflected in the response without any encoding, allowing an attacker to inject Javascript code into the response of the...

PrestaShop Step by Step products Pack - SQL Injection

In the module “Step by Step products Pack” (ndk_steppingpack) up to 1.5.6 from NDK Design for PrestaShop, a guest can perform SQL injection in affected...

Sidekiq vulnerable to a Reflected XSS in Queues Web Page

Description: During the source Code Review of the metrics.erb view of the Sidekiq Web UI, A reflected XSS vulnerability is discovered. The value of substr parameter is reflected in the response without any encoding, allowing an attacker to inject Javascript code into the response of the...

CVE-2024-34566

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Johan van der Wijk Content Blocks (Custom Post Widget) allows Stored XSS.This issue affects Content Blocks (Custom Post Widget): from n/a through...

CVE-2024-34566 WordPress Content Blocks (Custom Post Widget) plugin <= 3.3.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Johan van der Wijk Content Blocks (Custom Post Widget) allows Stored XSS.This issue affects Content Blocks (Custom Post Widget): from n/a through...

Unprotected Web App / Device Installers (HTTP)

The script attempts to identify installation/setup pages of various web apps/devices that are publicly accessible and not protected by e.g. account restrictions or having their setup...

Moodle Insecure direct object reference (IDOR) in a calendar web service

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action...

CVE-2023-26268

Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: * validate_doc_update list filter filter views (using view functions as filters) rewrite update This doesn't affect...

CVE-2024-34790

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hans van Eijsden,niwreg ImageMagick Sharpen Resized Images allows Stored XSS.This issue affects ImageMagick Sharpen Resized Images: from n/a through...

CVE-2022-41061

Microsoft Word Remote Code Execution...

web-insolite.net Improper Access Control vulnerability OBB-3867301

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

RHEL 7 : web-admin-build (RHSA-2020:5599)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:5599 advisory. Red Hat Gluster Storage is software only scale-out storage solution that provides flexible and affordable unstructured data storage. It unifies...

Apache ActiveMQ Web Console Test Pages Information Disclosure

The Apache ActiveMQ Web Console running on the remote host is leaking information via its test pages. The ActiveMQ Web Console allows unrestricted, unauthenticated access by default, and the test pages are used for testing the environment and web framework. One of the included test pages,...

Generic HTTP Directory Traversal (Web Dirs) - Active Check

Generic check for HTTP directory traversal vulnerabilities on each directory of the remote web...

CVE-2023-27563

The n8n package 0.218.0 for Node.js allows Escalation of...

RHEL 6 : python-twisted-web (RHSA-2020:1962)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1962 advisory. Twisted is an event-based framework for internet applications. Twisted Web is a complete web server, aimed at hosting web applications using...

Citrix Access Gateway Administrative Web Interface Default Credentials

It is possible to log into the remote Citrix Access Gateway administrative web interface by providing default credentials. Knowing these, an attacker can gain administrative control of the affected application server and, for example, upload a new system...

Generic HTTP Directory Traversal (Web Root) - Active Check

Generic check for HTTP directory traversal vulnerabilities on the web root level of the remote web...

Web Server PROPFIND Method Internal IP Disclosure

The remote installation of IIS leaks a private IP address through the WebDAV interface. This may expose internal IP addresses that are usually hidden or masked behind a Network Address Translation (NAT) Firewall or proxy server. This is typical of IIS installations that are not configured...

CVE-2023-27564

The n8n package 0.218.0 for Node.js allows Information...