CAGE Web Design | Rolf Van Gelder Security Vulnerabilities

CVE-2020-1503

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special...

Cisco HyperFlex Web API Detection

The web API for Cisco HyperFlex was detected on the remote...

Cisco Energy Management Web Detection

Cisco Energy Management, a power management solution for IT assets, was detected based on the web...

Apache Nifi Web Interface Detection

The web interface for Apache Nifi was detected on the remote host. Apache Nifi is a software project designed to automate the flow of data between software systems. NOTE: Nifi version 14.0 and later requires the server's hostname to be added to nifi.web.https.host in nifi.properties to be scanned.....

Apache Superset Web Interface Detection

The web interface for Apache Superset, an open-source modern data exploration and visualization platform, was detected on the remote...

Apache Airflow Web API Detection

The web application or API for Apache Airflow was detected on the remote host. Note: Prior to Apache Airflow 2.0.0, the API is considered experimental and may not return the version information through the...

NextChat / ChatGPT Next Web Detection

The remote host is running an NextChat...

Visualware MyConnection Server Web Detection

The remote host is running the web based user interface for Visualware MyConnection Server (MCS), a network quality management application. It was possible to read the version from a standard...

Eclipse Jetty Web Server Detection

The Eclipse Jetty web server was detected on the remote...

OwnCloud OwnCloud Web Interface Detection

The web interface for OwnCloud OwnCloud, an open-source file sync, share and content collaboration software, was detected on the remote...

Fortinet FortiSIEM Web Interface Detection

The web interface for Fortinet FortiSIEM, a Security Information and Event Management system was detected on the remote...

Extreme Networks ExtremeXOS Web Detection

The web interface for Extreme Networks ExtremeXOS was detected on the remote. Note that HTTP form credentials are required to retrieve version...

VMware Cloud Foundation Web Detection

VMware Cloud Foundation, a Hybrid Cloud Platform web application that manages virtual machines was detected on the remote host. Note: To obtain accurate version information from the web server, provide credentials to support HTTP basic...

Acunetix Web Vulnerability Scanner Detection

The remote Windows host has one or more installs of Acunetix Web Vulnerability Scanner (WVS), a dynamic vulnerability scanner for web...

Microsoft Exchange Outlook Web App / Outlook Web Access (OWA) Detection (HTTP)

HTTP based detection of the Microsoft Exchange Outlook Web App / Outlook Web Access (OWA) and the Microsoft Exchange Server running this OWA...

iboss Secure Web Gateway - Stored Cross-Site Scripting Vulnerability

...

iboss Secure Web Gateway - Stored Cross-Site Scripting (XSS)

...

Syncovery For Linux Web-GUI Login Utility

This module will attempt to authenticate to Syncovery File Sync & Backup Software For Linux...

Web Server Directory Enumeration

This plugin attempts to determine the presence of various common directories on the remote web server. By sending a request for a directory, the web server response code indicates if it is a valid directory or...

Outlook Web Access URL Injection

Due to a lack of sanitization of the user input, the remote version of Microsoft Outlook Web Access 2003 is vulnerable to URL injection which can be exploited to redirect a user to a different, unauthorized web server after authenticating to...

CVE-2021-46888

An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting (XSS) vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob...

YusASP Web Asset Manager Vulnerability

YusASP Web Asset Manager is a complete file manager for your website. If left uprotected, the YusASP allows you to anage the remote...

Web Application Firewall Detected

A Web Application Firewall (WAF) has been detected during the scan. A WAF is designed to help protecting web applications by monitoring and filtering HTTP(S) traffic through a set of rules in order to prevent the most common attacks. . The identified WAF may have blocked several requests during...

Web Application Scanning Consolidation / Info Reporting

The script consolidates and reports various information for web application (formerly...

Zyxel NAS Device Web UI Detection

The remote web server hosts a Zyxel web application which indicates it is a Zyxel...

Fortinet FortiClient EMS Web Interface Detection

The web interface for Fortinet FortiClient EMS, an endpoint management solution, was detected on the remote...

iniNet SpiderControl SCADA Web Server Detection

The remote host is running the iniNet SpiderControl Web Server, a component of a software platform for managing and monitoring remote SCADA...

Cherokee Web Server Detection (HTTP)

HTTP based detection of the Cherokee Web...

Coaster CMS Stored Cross-site Scripting vulnerability

A Stored Cross-site Scripting vulnerability has been discovered in the v5.5.0 version of the Coaster CMS...

NETGEAR Wireless-N Router Web Detection

A NETGEAR Wireless-N Router was detected on the remote host. It is possible to determine the device firmware version and model...

Microsoft Azure Service Fabric Web Detection

The web application or API for Azure Service Fabric, a container and microservices platform was detected on the remote...

Zebra ZTC Printer Web Interface Detection

The remote host is a Zebra...

VMware vRealize Business Web UI Detection

The remote web server is running the web UI for VMware vRealize Business, an IT financial management...

Cisco Network Registrar Web UI Detection

The remote web server is the user interface for Cisco Network Registrar (CNR), which provides DNS, DHCP, and IP management...

McAfee Web Gateway User Interface Detection

The remote web server is the user interface (also known as Konfigurator) for McAfee Web...

Oracle iPlanet Web Proxy Server Detection

Oracle iPlanet Web Proxy Server, formerly Sun Java System Web Proxy Server, is installed on the remote Windows...

Cisco SPA ATA Web Interface Detection

The remote host is a Cisco SPA analog telephone adapter (ATA) VoIP...

Progress Kemp Flowmon Web Interface Detection

The web interface for Progress Kemp Flowmon was detected on the remote...

IBM Data Risk Manager Web Detection

The web interface for the IBM Data Risk Manager virtual appliance was detected on the remote...

Cisco Security Manager Web Server Detection

Cisco Security Manager, a security management platform that helps enable policy enforcement, is running on the remote web...

IBM Rational ClearQuest Web Client Detection

IBM Rational ClearQuest Web Client, a web interface for change management software, was detected on the remote...

Fortinet FortiAuthenticator Appliance Web Interface Detection

The remote host is running the web interface for the Fortinet FortiAuthenticator appliance, an identity management...

Quantum vmPRO Web Administration Interface Detection

Nessus detected the wed administration interface for a Quantum vmPRO virtual appliance. Quantum vmPRO is a backup / data protection solution virtual...

Advanced PWA - Critical - Access bypass - SA-CONTRIB-2024-017

Progressive web applications are web applications that load like regular web pages or websites but can offer the user functionality such as working offline, push notifications, and device hardware access traditionally available only to native applications. This module doesn't sufficiently protect.....

OpenSIS 7.3 - SQL Injection

OpenSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of...

Coaster CMS Stored Cross-site Scripting vulnerability

A Stored Cross-site Scripting vulnerability has been discovered in the v5.5.0 version of the Coaster CMS...

CVE-2015-10072

A vulnerability classified as problematic was found in NREL api-umbrella-web 0.7.1. This vulnerability affects unknown code of the component Flash Message Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.8.0 is able to address...

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to a denial of service due to Eclipse Jetty (CVE-2024-22201)

Summary IBM Sterling Connect:Direct Web Services uses Eclipse Jetty. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-22201 DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by a flaw when an HTTP/2...

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to sensitive information exposure due to PostgreSQL (CVE-2023-5868)

Summary IBM Connect:Direct Web Services uses PostgreSQL. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2023-5868 DESCRIPTION: **PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw...

CVE-2024-25597

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Etoile Web Design Ultimate Reviews allows Stored XSS.This issue affects Ultimate Reviews: from n/a through...