CAGE Web Design | Rolf Van Gelder Security Vulnerabilities

Coaster CMS Stored Cross-site Scripting vulnerability

A Stored Cross-site Scripting vulnerability has been discovered in the v5.5.0 version of the Coaster CMS...

RSA Authentication Agent for Web for Apache Installed

RSA Authentication Agent for Web for Apache is installed on the remote...

D-Link D-View 8 Web Server Detection

The D-Link D-View 8 Web Server is running on the remote...

Trend Micro InterScan Web Security Virtual Appliance Detection

The remote host is a Trend Micro InterScan Web Security Virtual Appliance (IWSVA), a web gateway for application control, exploit detection, malware scanning, and URL...

F5 Networks ARX Data Manager Web Interface Detection

The web interface login page for F5 Networks ARX Data Manager was detected on the remote host. ARX Data Manager is a product for file storage management and...

RuggedCom RuggedOS (ROS) Web-Based Admin Interface Detection

The remote device is running the RuggedCom RuggedOS (ROS) web-based administration...

CVE-2023-4392

A vulnerability was found in Control iD Gerencia Web 1.30 and classified as problematic. Affected by this issue is some unknown functionality of the component Cookie Handler. The manipulation leads to cleartext storage of sensitive information. The attack may be launched remotely. The complexity...

CVE-2010-5159

Race condition in Dr.Web Security Space Pro 6.0.0.03100 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during...

web-argitalpena.adm.ehu.es Cross Site Scripting vulnerability OBB-3888546

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Web mirroring

This plugin makes a mirror of the remote website(s) and extracts the list of CGIs that are used by the remote host. It is suggested that you change the number of pages to mirror in the 'Options' section of the...

CVE-2022-4607

A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to xml external entity reference. Upgrading to version 5.2.1 is able to address this issue. The name of the patch.....

WatchGuard FireboxV and XTM Fireware OS Web Detection

The web UI for a WatchGuard FireboxV or XTM running Fireware OS was detected on the remote host. Note the plugin attempts to retrieve the Fireware OS version information from the API when HTTP Basic authentication credentials are...

Cisco IoT Field Network Director Web UI Detection.

Cisco IoT Field Network Director web user interface detected on remote...

Trend Micro ScanMail for Exchange Web Console Detection

The remote web server is running the web console for Trend Micro ScanMail for Exchange, an email security and filtering application built on top of Microsoft...

Symantec Data Center Security Web Console Interface Detection

The remote host is running a web console interface for Symantec Data Center Security, an information security management...

Riverbed SteelApp (Stingray) Traffic Manager Web UI Detection

The remote host is a Riverbed SteelApp (formerly known as Stingray) Traffic Manager appliance running a web based user interface. It is possible to read the web UI version from a standard...

RSA Authentication Agent for Web for IIS Installed

RSA Authentication Agent for Web for IIS, an authentication agent for IIS web servers, is installed on the remote Windows...

SonicWall Global Management System (GMS) Web Interface Detection

The web interface for a SonicWall Global Management System (GMS) was detected on the remote host. Note: HTTP basic authentication credentials are required to obtain build information from the virtual appliance status...

Trend Micro Apex Central Management Web Console Detection

The web console interface for a Trend Micro Apex Central Management server was detected on the remote...

VMware Carbon Black App Control Web Console Detection

The web console for VMware Carbon Black App Control, formerly known as Cb Protection and Bit9 Parity, was detected on the remote...

SolarWinds Orion Web Performance Monitor (WPM) Remote Detection

SolarWinds Orion Web Performance Monitor (WPM) was detected on the remote...

Amazon Web Services EC2 Instance Metadata Enumeration (Windows)

The remote host appears to be an Amazon Machine Image. Nessus will attempt to use the metadata API to collect information about the...

HP Intelligent Management Center Web Administration Interface Detection

The web administration interface for HP Intelligent Management Center (IMC) was detected on the remote host. HP IMC is a comprehensive wired and wireless network management tool supporting the FCAPS...

RuggedCom RuggedOS < 3.12.1 Web UI Multiple Security Vulnerabilities

According to its self-reported version, the RuggedCom RuggedOS (ROS) Web UI is affected by multiple vulnerabilities, some of which could allow a remote attacker to gain administrative access to the...

Trend Micro Apex One Management Web Console Detection

The web console interface for a Trend Micro Apex One Management server was detected on the remote...

VMware Aria Operations for Logs Web UI Detection

The remote web server is running the web UI for VMware Aria Operations for Logs (formerly known as VMware vRealize Log Insight), a log management application, was detected on the remote host. Note: HTTP basic authentication credentials are required to obtain version information from the API,...

Trend Micro Threat Intelligence Manager Web Console Detection

The remote web server is running the web console for Trend Micro Threat Intelligence Manager, a security event management application used to collect, analyze, and manage Trend Micro product event...

Symantec Data Center Security Web Administration Interface Detection

The remote host is running a web interface for Symantec Data Center Security, an information security management...

Cisco WAAS Mobile Server Web Administration Interface Detection

The remote web server hosts a web administration interface for Cisco WAAS Mobile, an application acceleration / bandwidth optimization solution for mobile...

RuggedCom RuggedOS Web-Based Admin Interface Default Credentials

The remote RuggedCom RuggedOS (ROS) device is running a web-based interface that allows login using default...

Cisco Small Business Wireless Access Point Web Detection

The web management interface for a Cisco Small Business Wireless Access Point was detected on the remote host. If credentials were supplied the version information should be available in the...

Loxone Smart Home Miniserver Web Server Version Detection

The remote device is a Loxone Smart Home Miniserver, a home automation solution. Nessus was able to extract the version from the web sever's...

Siemens SIMATIC S7-1200 PLC Web Server Detection

The remote device is running an integrated web server that is part of the software platform for managing and monitoring the SIMATIC S7-1200 Programmable Logic Controller...

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to sensitive information exposure due to PostgreSQL (CVE-2023-5868)

Summary IBM Connect:Direct Web Services uses PostgreSQL. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2023-5868 DESCRIPTION: **PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw...

SolarWinds Web Performance Monitor (WPM) Detection (HTTP)

HTTP based detection of SolarWinds Web Performance Monitor ...

CVE-2009-1227

NOTE: this issue has been disputed by the vendor. Buffer overflow in the PKI Web Service in Check Point Firewall-1 PKI Web Service allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) Authorization or (2) Referer HTTP header to TCP port...

Generic HTTP Directory Traversal (Web Dirs) - Active Check

Generic check for HTTP directory traversal vulnerabilities on each directory of the remote web...

CVE-2021-40472

Microsoft Excel Information Disclosure...

Generic HTTP Directory Traversal (Web Root) - Active Check

Generic check for HTTP directory traversal vulnerabilities on the web root level of the remote web...

web-exposition.com Cross Site Scripting vulnerability OBB-3910667

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2021-40486

Microsoft Word Remote Code Execution...

CVE-2021-40442

Microsoft Excel Remote Code Execution...

web-corpora.net Cross Site Scripting vulnerability OBB-3882566

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Malicious code in brand-adidas-design-tokens (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (7e16fae72fd3726263d7bfa2f1c164b7d4100f89931856c163e37c534feb1a57) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Apache ActiveMQ Web Console Default Credentials

ActiveMQ Web Console, an administrative interface for Apache ActiveMQ, is protected using default credentials. Note that no authentication mechanism was provided prior to version 5.4.0. However, in version 5.4.0, HTTP Basic Authentication was an option, and starting with version 5.8.0, this was...

Zabbix Web Interface Default Administrator Credentials

The remote Zabbix Web Interface uses a default set of credentials ('Admin' / 'zabbix') to control access to its management interface. With this information, an attacker can gain administrative access to the...

Syncovery For Linux Web-GUI Session Token Brute-Forcer

This module attempts to brute-force a valid session token for the Syncovery File Sync & Backup Software Web-GUI by generating all possible tokens, for every second between 'DateTime.now' and the given X day(s). By default today and yesterday (DAYS = 1) will be checked. If a valid session token is.....

CVE-2023-34237

SABnzbd is an open source automated Usenet download tool. A design flaw was discovered in SABnzbd that could allow remote code execution. Manipulating the Parameters setting in the Notification Script functionality allows code execution with the privileges of the SABnzbd process. Exploiting the...

CVE-2023-23399

Microsoft Excel Remote Code Execution...

CVE-2024-38518 bbb-web API additional parameters considered

BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker with a valid join link to a meeting can trick BigBlueButton into generating a signed join link with additional parameters. One of those parameters may be "role=moderator", allowing an.....