4 matches found
CVE-2017-6543
The CVE-2017-6543 entry refers to Tenable Nessus prior to 6.10.2 (and Tenable Appliance prior to 4.5.0) on Windows, with an arbitrary file upload flaw that a remote, authenticated attacker could exploit to write files anywhere and potentially gain elevated privileges after reboot. The connected N...
CVE-2018-1142
Tenable Appliance (v4.6.1 and earlier) is affected by a stored cross-site scripting (XSS) vulnerability in the web interface. An authenticated attacker could exploit this by sending a specially crafted request that manipulates URL parameters related to offline plugins to execute arbitrary JavaScr...
CVE-2017-8051
CVE-2017-8051 affects Tenable Appliance 3.5–4.4.0 (and possibly earlier) via the simpleupload.py Web UI. The flaw allows arbitrary command execution by manipulating the tns_appliance_session_user parameter, enabling unauthenticated, remote code execution as described in multiple sources (e.g., Re...
CVE-2017-8050
CVE-2017-8050 affects Tenable Appliance 4.4.0 (and possibly earlier) where a flaw in the Web UI enables unauthorized manipulation of the administrator password. The vulnerability is exploited via the Web UI without authentication, with potential impact on integrity (admin password changed by an a...