CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-2848
https://notcve.org/view.php?id=CVE-2014-2848
11 Apr 2014 — A race condition in the wmi_malware_scan.nbin plugin before 201402262215 for Nessus 5.2.1 allows local users to gain privileges by replacing the dissolvable agent executable in the Windows temp directory with a Trojan horse program. Una condición de carrera en el plugin wmi_malware_scan.nbin anterior a 201402262215 para Nessus 5.2.1 permite a usuarios locales ganar privilegios mediante la sustitución del ejecutable del agente volátil en el directorio temporal de Windows con un programa de caballo de troya. • http://secunia.com/advisories/57403 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 0CVE-2007-3546
https://notcve.org/view.php?id=CVE-2007-3546
03 Jul 2007 — Cross-site scripting (XSS) vulnerability in the Windows GUI in Nessus Vulnerability Scanner before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la interfaz gráfica para Windows de Nessus Vulnerability Scanner anterior a 3.0.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores no especificados. • http://osvdb.org/37011 •
CVSS: 7.5EPSS: 4%CPEs: 9EXPL: 0CVE-2006-2093
https://notcve.org/view.php?id=CVE-2006-2093
29 Apr 2006 — Nessus before 2.2.8, and 3.x before 3.0.3, allows user-assisted attackers to cause a denial of service (memory consumption) via a NASL script that calls split with an invalid sep parameter. NOTE: a design goal of the NASL language is to facilitate sharing of security tests by guaranteeing that a script "can not do anything nasty." This issue is appropriate for CVE only if Nessus users have an expectation that a split statement will not use excessive memory. • http://securityreason.com/securityalert/817 • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2004-2722
https://notcve.org/view.php?id=CVE-2004-2722
31 Dec 2004 — Nessus 2.0.10a stores account passwords in plaintext in .nessusrc files, which allows local users to obtain passwords. NOTE: the original researcher reports that the vendor has disputed this issue • http://archives.neohapsis.com/archives/fulldisclosure/2004-03/1363.html • CWE-255: Credentials Management Errors •
CVSS: 7.0EPSS: 0%CPEs: 13EXPL: 0CVE-2004-1445
https://notcve.org/view.php?id=CVE-2004-1445
31 Dec 2004 — A race condition in nessus-adduser in Nessus 2.0.11 and possibly earlier versions, if the TMPDIR environment variable is not set, allows local users to gain privileges. • http://secunia.com/advisories/12127 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2003-0374
https://notcve.org/view.php?id=CVE-2003-0374
06 Jun 2003 — Multiple unknown vulnerabilities in Nessus before 2.0.6, in libnessus and possibly libnasl, a different set of vulnerabilities than those identified by CVE-2003-0372 and CVE-2003-0373, aka "similar issues in other nasl functions as well as in libnessus." Múltiples vulnerabilidades desconocidas en Nessus anterior a la 2.0.6, en libnessus y posiblemente libnsl (un conjunto diferente de las señaladas en CAN-2003-0372 y CAN-2003-0373). • http://marc.info/?l=bugtraq&m=105364059803427&w=2 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2003-0372 – Nessus 2.0.x - LibNASL Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2003-0372
06 Jun 2003 — Signed integer vulnerability in libnasl in Nessus before 2.0.6 allows local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code by causing a negative argument to be provided to the insstr function as used in a NASL script. Vulnerabilidad de entero con signo en libnsl en Nessus anterior a la 2.0.6 permite que usuarios locales con privilegios de carga de plugin provoquen una denegación de servicio (core dump) y posiblemente ejecuten código arbitrari... • https://www.exploit-db.com/exploits/22634 • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2003-0373
https://notcve.org/view.php?id=CVE-2003-0373
06 Jun 2003 — Multiple buffer overflows in libnasl in Nessus before 2.0.6 allow local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code via (1) a long proto argument to the scanner_add_port function, (2) a long user argument to the ftp_log_in function, (3) a long pass argument to the ftp_log_in function. Múltiples desbordamientos de búfer en Nessus anterior a la 2.0.6 permiten que usuarios locales con privilegios de carga de plugin provoquen una denegación de... • http://marc.info/?l=bugtraq&m=105364059803427&w=2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •