Coaster CMS Stored Cross-site Scripting vulnerability
A Stored Cross-site Scripting vulnerability has been discovered in the v5.5.0 version of the Coaster CMS...
6.1CVSS
6.3AI Score
0.001EPSS
RSA Authentication Agent for Web for Apache Installed
RSA Authentication Agent for Web for Apache is installed on the remote...
2.9AI Score
D-Link D-View 8 Web Server Detection
The D-Link D-View 8 Web Server is running on the remote...
7.1AI Score
Trend Micro InterScan Web Security Virtual Appliance Detection
The remote host is a Trend Micro InterScan Web Security Virtual Appliance (IWSVA), a web gateway for application control, exploit detection, malware scanning, and URL...
2.4AI Score
F5 Networks ARX Data Manager Web Interface Detection
The web interface login page for F5 Networks ARX Data Manager was detected on the remote host. ARX Data Manager is a product for file storage management and...
1.8AI Score
RuggedCom RuggedOS (ROS) Web-Based Admin Interface Detection
The remote device is running the RuggedCom RuggedOS (ROS) web-based administration...
2.6AI Score
A vulnerability was found in Control iD Gerencia Web 1.30 and classified as problematic. Affected by this issue is some unknown functionality of the component Cookie Handler. The manipulation leads to cleartext storage of sensitive information. The attack may be launched remotely. The complexity...
5.3CVSS
5.2AI Score
0.001EPSS
Race condition in Dr.Web Security Space Pro 6.0.0.03100 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during...
6.9AI Score
0.0004EPSS
web-argitalpena.adm.ehu.es Cross Site Scripting vulnerability OBB-3888546
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
This plugin makes a mirror of the remote website(s) and extracts the list of CGIs that are used by the remote host. It is suggested that you change the number of pages to mirror in the 'Options' section of the...
0.6AI Score
A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to xml external entity reference. Upgrading to version 5.2.1 is able to address this issue. The name of the patch.....
9.8CVSS
9.5AI Score
0.002EPSS
WatchGuard FireboxV and XTM Fireware OS Web Detection
The web UI for a WatchGuard FireboxV or XTM running Fireware OS was detected on the remote host. Note the plugin attempts to retrieve the Fireware OS version information from the API when HTTP Basic authentication credentials are...
1.6AI Score
Cisco IoT Field Network Director Web UI Detection.
Cisco IoT Field Network Director web user interface detected on remote...
1.1AI Score
Trend Micro ScanMail for Exchange Web Console Detection
The remote web server is running the web console for Trend Micro ScanMail for Exchange, an email security and filtering application built on top of Microsoft...
0.7AI Score
Symantec Data Center Security Web Console Interface Detection
The remote host is running a web console interface for Symantec Data Center Security, an information security management...
1.1AI Score
Riverbed SteelApp (Stingray) Traffic Manager Web UI Detection
The remote host is a Riverbed SteelApp (formerly known as Stingray) Traffic Manager appliance running a web based user interface. It is possible to read the web UI version from a standard...
2.9AI Score
RSA Authentication Agent for Web for IIS Installed
RSA Authentication Agent for Web for IIS, an authentication agent for IIS web servers, is installed on the remote Windows...
3.5AI Score
SonicWall Global Management System (GMS) Web Interface Detection
The web interface for a SonicWall Global Management System (GMS) was detected on the remote host. Note: HTTP basic authentication credentials are required to obtain build information from the virtual appliance status...
0.6AI Score
Trend Micro Apex Central Management Web Console Detection
The web console interface for a Trend Micro Apex Central Management server was detected on the remote...
1.3AI Score
VMware Carbon Black App Control Web Console Detection
The web console for VMware Carbon Black App Control, formerly known as Cb Protection and Bit9 Parity, was detected on the remote...
1.8AI Score
SolarWinds Orion Web Performance Monitor (WPM) Remote Detection
SolarWinds Orion Web Performance Monitor (WPM) was detected on the remote...
0.7AI Score
Amazon Web Services EC2 Instance Metadata Enumeration (Windows)
The remote host appears to be an Amazon Machine Image. Nessus will attempt to use the metadata API to collect information about the...
3.3AI Score
HP Intelligent Management Center Web Administration Interface Detection
The web administration interface for HP Intelligent Management Center (IMC) was detected on the remote host. HP IMC is a comprehensive wired and wireless network management tool supporting the FCAPS...
1.1AI Score
RuggedCom RuggedOS < 3.12.1 Web UI Multiple Security Vulnerabilities
According to its self-reported version, the RuggedCom RuggedOS (ROS) Web UI is affected by multiple vulnerabilities, some of which could allow a remote attacker to gain administrative access to the...
4.8AI Score
Trend Micro Apex One Management Web Console Detection
The web console interface for a Trend Micro Apex One Management server was detected on the remote...
1.1AI Score
VMware Aria Operations for Logs Web UI Detection
The remote web server is running the web UI for VMware Aria Operations for Logs (formerly known as VMware vRealize Log Insight), a log management application, was detected on the remote host. Note: HTTP basic authentication credentials are required to obtain version information from the API,...
6.8AI Score
Trend Micro Threat Intelligence Manager Web Console Detection
The remote web server is running the web console for Trend Micro Threat Intelligence Manager, a security event management application used to collect, analyze, and manage Trend Micro product event...
1.2AI Score
Symantec Data Center Security Web Administration Interface Detection
The remote host is running a web interface for Symantec Data Center Security, an information security management...
1AI Score
Cisco WAAS Mobile Server Web Administration Interface Detection
The remote web server hosts a web administration interface for Cisco WAAS Mobile, an application acceleration / bandwidth optimization solution for mobile...
1.6AI Score
RuggedCom RuggedOS Web-Based Admin Interface Default Credentials
The remote RuggedCom RuggedOS (ROS) device is running a web-based interface that allows login using default...
3.1AI Score
Cisco Small Business Wireless Access Point Web Detection
The web management interface for a Cisco Small Business Wireless Access Point was detected on the remote host. If credentials were supplied the version information should be available in the...
2.1AI Score
Loxone Smart Home Miniserver Web Server Version Detection
The remote device is a Loxone Smart Home Miniserver, a home automation solution. Nessus was able to extract the version from the web sever's...
2.5AI Score
Siemens SIMATIC S7-1200 PLC Web Server Detection
The remote device is running an integrated web server that is part of the software platform for managing and monitoring the SIMATIC S7-1200 Programmable Logic Controller...
2.4AI Score
Summary IBM Connect:Direct Web Services uses PostgreSQL. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2023-5868 DESCRIPTION: **PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw...
4.3CVSS
6.2AI Score
0.002EPSS
SolarWinds Web Performance Monitor (WPM) Detection (HTTP)
HTTP based detection of SolarWinds Web Performance Monitor ...
7.4AI Score
NOTE: this issue has been disputed by the vendor. Buffer overflow in the PKI Web Service in Check Point Firewall-1 PKI Web Service allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) Authorization or (2) Referer HTTP header to TCP port...
8.3AI Score
0.12EPSS
Generic HTTP Directory Traversal (Web Dirs) - Active Check
Generic check for HTTP directory traversal vulnerabilities on each directory of the remote web...
9.8CVSS
8AI Score
0.975EPSS
5.5CVSS
5.5AI Score
0.0004EPSS
Generic HTTP Directory Traversal (Web Root) - Active Check
Generic check for HTTP directory traversal vulnerabilities on the web root level of the remote web...
9.8CVSS
8AI Score
0.975EPSS
web-exposition.com Cross Site Scripting vulnerability OBB-3910667
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
7.8CVSS
7.7AI Score
0.024EPSS
7.8CVSS
7.5AI Score
0.031EPSS
web-corpora.net Cross Site Scripting vulnerability OBB-3882566
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Malicious code in brand-adidas-design-tokens (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (7e16fae72fd3726263d7bfa2f1c164b7d4100f89931856c163e37c534feb1a57) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Apache ActiveMQ Web Console Default Credentials
ActiveMQ Web Console, an administrative interface for Apache ActiveMQ, is protected using default credentials. Note that no authentication mechanism was provided prior to version 5.4.0. However, in version 5.4.0, HTTP Basic Authentication was an option, and starting with version 5.8.0, this was...
7.6AI Score
Zabbix Web Interface Default Administrator Credentials
The remote Zabbix Web Interface uses a default set of credentials ('Admin' / 'zabbix') to control access to its management interface. With this information, an attacker can gain administrative access to the...
7.5AI Score
Syncovery For Linux Web-GUI Session Token Brute-Forcer
This module attempts to brute-force a valid session token for the Syncovery File Sync & Backup Software Web-GUI by generating all possible tokens, for every second between 'DateTime.now' and the given X day(s). By default today and yesterday (DAYS = 1) will be checked. If a valid session token is.....
7.2AI Score
SABnzbd is an open source automated Usenet download tool. A design flaw was discovered in SABnzbd that could allow remote code execution. Manipulating the Parameters setting in the Notification Script functionality allows code execution with the privileges of the SABnzbd process. Exploiting the...
9.8CVSS
8.8AI Score
0.022EPSS
7.8CVSS
7.7AI Score
0.005EPSS
CVE-2024-38518 bbb-web API additional parameters considered
BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker with a valid join link to a meeting can trick BigBlueButton into generating a signed join link with additional parameters. One of those parameters may be "role=moderator", allowing an.....
4.6CVSS
0.0004EPSS