CAGE Web Design | Rolf Van Gelder Security Vulnerabilities

Commvault Web Console Detection

The web console for Commvault was detected on the remote...

AVTech Web Interface Detection

Nessus was able to detect the web interface for an AVTech device on the remote...

NAS4Free Web UI Detection

The remote web server is the user interface for NAS4Free, an open-source network-attached storage software distribution based on FreeBSD. NAS4Free is a direct continuation of the original FreeNAS...

Web Application Firewall Detection

By analyzing error codes and messages returned from some web queries, Nessus is able to determine that the remote web server is protected by a web application firewall. Such protection may disrupt scan results. Countermeasures have been taken to make the scan as reliable as...

CVE-2024-34790 WordPress Download ImageMagick Sharpen Resized Images plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hans van Eijsden,niwreg ImageMagick Sharpen Resized Images allows Stored XSS.This issue affects ImageMagick Sharpen Resized Images: from n/a through...

Rancher Web Interface Detection

Rancher, a Kubernetes management platform, was detected based on the web...

AXIS Web Interface Detection

Nessus was able to detect the web interface for an AXIS device on the remote...

CVE-2023-1841 Honeywell MPA2 Web Application XSS vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Honeywell MPA2 Access Panel (Web server modules) allows XSS Using Invalid Characters.This issue affects MPA2 Access Panel all version prior to R1.00.08.05. Honeywell released firmware update...

CVE-2024-34566

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Johan van der Wijk Content Blocks (Custom Post Widget) allows Stored XSS.This issue affects Content Blocks (Custom Post Widget): from n/a through...

CVE-2024-34566 WordPress Content Blocks (Custom Post Widget) plugin <= 3.3.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Johan van der Wijk Content Blocks (Custom Post Widget) allows Stored XSS.This issue affects Content Blocks (Custom Post Widget): from n/a through...

GitLab Web UI Detection

GitLab web user interface detected on remote host. GitLab is a web-based DevOps lifecycle tool that provides a Git repository manager providing wiki, issue-tracking and continuous integration and deployment pipeline features, using an open-source license, developed by GitLab...

Kubernetes Web API Detection

The web API for Kubernetes was detected on the remote...

NetApp OnTAP Web Detection

The web interface for NetApp OnTAP was detected on the remote...

NETGEAR Web Interface Detection

Nessus was able to detect the web administration interface for a NETGEAR device on the remote...

Oracle Web Determinations Detection

The remote web server hosts Oracle Web Determinations, a web-based interactive assessment system that is a component of Oracle Policy...

Amazon Web Services Settings

This script initializes the credentials used for Amazon Web Services checks done via the...

McAfee Web Gateway Detection

The remote host is a McAfee Web Gateway (MWG) Appliance. MWG acts as a proxy server and provides web filtering and monitoring...

Microsoft Azure Web App Discovery And Assessment Service Installed (Windows)

Microsoft Azure Web App Discovery and Assessment Service is installed on the remote Windows host. Azure Appliance Auto Update is part of Microsoft Azure...

CVE-2024-34790

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hans van Eijsden,niwreg ImageMagick Sharpen Resized Images allows Stored XSS.This issue affects ImageMagick Sharpen Resized Images: from n/a through...

CVE-2024-34790 WordPress Download ImageMagick Sharpen Resized Images plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hans van Eijsden,niwreg ImageMagick Sharpen Resized Images allows Stored XSS.This issue affects ImageMagick Sharpen Resized Images: from n/a through...

CVE-2024-4196 Avaya IP Office Web Control RCE Vulnerability

An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to...

CVE-2023-1841 Honeywell MPA2 Web Application XSS vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Honeywell MPA2 Access Panel (Web server modules) allows XSS Using Invalid Characters.This issue affects MPA2 Access Panel all version prior to R1.00.08.05. Honeywell released firmware update...

OpenWrt Web UI Detection.

OpenWrt web user interface detected on remote...

Buffalo TeraStation Web detection

Buffalo TeraStation, a network attached storage (NAS), was detected based on the web...

pfSense Web Interface Detection

The web interface for pfSense was detected on the remote host. pfSense is an open source firewall based on...

Belkin Web Interface Detection

Nessus was able to detect the web administration interface for a Belkin device on the remote...

Barracuda Web Filter Detection

The remote host appears to be a Barracuda Web Filter device, used to control access to websites and applications by end...

ClearSCADA Web Server Detection

The remote host is running the ClearSCADA web server, part of a software platform for managing and monitoring remote SCADA...

Stolen Singaporean Identities Sold on Dark Web Starting at $8

Singapore citizens, beware! Cybercriminals are targeting your digital identities and KYC data, starting at just $8, putting users at risk of exploitation. Learn how to protect your data, finances, and reputation with strong passwords, multi-factor authentication, and smart online...

Generic HTTP Directory Traversal (Web Application URL Parameter) - Active Check

Generic check for HTTP directory traversal vulnerabilities within URL parameters of the remote web...

Microsoft Internet Explorer Information Disclosure and Web Site Spoofing Vulnerabilities

Microsoft Internet Explorer is prone to information disclosure and web site spoofing...

web-insolite.net Improper Access Control vulnerability OBB-3867301

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-34790

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hans van Eijsden,niwreg ImageMagick Sharpen Resized Images allows Stored XSS.This issue affects ImageMagick Sharpen Resized Images: from n/a through...

AVEVA InduSoft Web Studio / InTouch Edge HMI Command 66 RCE

The AVEVA InduSoft Web Studio (IWS) or InTouch Edge HMI (formerly InTouch Machine Edition) running on the remote host is affected by a remote code execution vulnerability due to multiple flaws in the TCPIP server listening on the default ports 1234 and 51234. Specifically, the server does not...

Apache ActiveMQ Web Console Test Pages Information Disclosure

The Apache ActiveMQ Web Console running on the remote host is leaking information via its test pages. The ActiveMQ Web Console allows unrestricted, unauthenticated access by default, and the test pages are used for testing the environment and web framework. One of the included test pages,...

RHEL 7 : web-admin-build (RHSA-2020:5599)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:5599 advisory. Red Hat Gluster Storage is software only scale-out storage solution that provides flexible and affordable unstructured data storage. It unifies...

(RHSA-2024:2731) Moderate: Red Hat OpenStack Platform 17.1 (python-django) security update

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. Security Fix(es): denial-of-service in intcomma template filter (CVE-2024-24680) ...

RHEL 6 : python-twisted-web (RHSA-2020:1962)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1962 advisory. Twisted is an event-based framework for internet applications. Twisted Web is a complete web server, aimed at hosting web applications using...

Citrix Access Gateway Administrative Web Interface Default Credentials

It is possible to log into the remote Citrix Access Gateway administrative web interface by providing default credentials. Knowing these, an attacker can gain administrative control of the affected application server and, for example, upload a new system...

CVE-2023-27563

The n8n package 0.218.0 for Node.js allows Escalation of...

RHEL 7 : web-admin-build (RHSA-2022:1628)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:1628 advisory. Red Hat Gluster Storage Web Administration includes a fully automated setup based on Ansible and provides deep metrics and insights into active...

CVE-2024-3552 Web Directory Free < 1.7.0 - Unauthenticated SQL Injection

The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and...

CVE-2024-3552 Web Directory Free < 1.7.0 - Unauthenticated SQL Injection

The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and...

VISAM Automation Base (VBASE) Web-Remote Path Traversal (CVE-2020-7008)

The VISAM Automation Base (VBASE) Web-Remote service running on the remote host is affected by a path traversal vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to read arbitrary files on the remote...

Qianbo Enterprise Web Site Management System Cross Site Scripting Vulnerability

Qianbo Enterprise Web Site Management System is prone to a cross-site scripting (XSS)...

BIT-vault-2024-5798

Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have...

IIS 5.0 Sample App reveals physical path of web root

A sample application shipped with IIS 5.0 discloses the physical path of the web root. An attacker can use this information to make more focused...

Apache ActiveMQ 6.x < 6.1.2 Insecure Web API Vulnerability

The version of Apache ActiveMQ running on the remote host is 6.x prior to 6.1.2. It is, therefore, affected by an insecure the API web that a attacker can use without any required authentication. Note that Nessus has not tested for this issue but has instead relied only on the application's...

VideoLAN VLC for OS X Web Plugin Installed (Mac OS X)

VideoLAN VLC for OS X web plugin, a media player plugin, is installed on the remote Mac OS X...

CVE-2024-36107

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. If-Modified-Since and If-Unmodified-Since headers when used with anonymous requests by sending a random object name requests can be used to determine if an object exists or not on the server on a...