13 results (0.009 seconds)

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

nessusd_www_server.nbin in the Nessus Web Server plugin 1.2.4 for Nessus allows remote attackers to obtain sensitive information via a request to the /feed method, which reveals the version in a response. nessusd_www_server.nbin en el plugin Nessus Web Server v1.2.4 para Nessus permite a atacantes remotos obtener información sensible a través de una petición al método /feed, que revela la versión en una respuesta. • http://www.securityfocus.com/archive/1/512645/100/0/threaded https://discussions.nessus.org/message/7245#7245 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

Cross-site scripting (XSS) vulnerability in nessusd_www_server.nbin in the Nessus Web Server plugin 1.2.4 for Nessus allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en nessusd_www_server.nbin del complemento Nessus Web Server v1.2.4 de Nessus. Permite a atacantes remotos inyectar codigo de script web o código HTML a través de vectores de ataque sin especificar. • http://secunia.com/advisories/40722 http://www.securityfocus.com/archive/1/512645/100/0/threaded http://www.securitytracker.com/id?1024248 https://discussions.nessus.org/message/7245#7245 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2

The SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to delete arbitrary files via unspecified vectors involving the deleteNessusRC method, probably a directory traversal vulnerability. El control ActiveX SCANCTRL.ScanCtrlCtrl.1 en scan.dll de Nessus Vulnerability Scanner 3.0.6 permite a atacantes remotos borrar archivos de su elección a través de vectores no especificados involucrando el método delteNessusRC, probablemente una vulnerabilidad de salto de directorio. • https://www.exploit-db.com/exploits/4237 http://secunia.com/advisories/26243 http://www.nessus.org/news http://www.securityfocus.com/bid/25088 https://exchange.xforce.ibmcloud.com/vulnerabilities/35641 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.3EPSS: 8%CPEs: 1EXPL: 1

Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument to the saveNessusRC method, which writes text specified by the addsetConfig method, possibly related to the SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll. NOTE: this can be leveraged for code execution by writing to a Startup folder. Vulnerabilidad de salto de directorio en un cierto control ActiveX en Nessus Vulnerability Scanner 3.0.6 permite a atacanes remotos crear o sobrescribir archivos de su elección a través de la secuencia ..(punto punto) en el argumento en el método saveNessusRC, el cual escribe el texto especificado a través del método addsetConfig, posiblemente relacionado con el control ActiveX SCANCTRL.ScanCtrlCtrl.1 en scan.dll. • https://www.exploit-db.com/exploits/4237 http://secunia.com/advisories/26243 http://www.nessus.org/news http://www.securityfocus.com/bid/25088 http://www.vupen.com/english/advisories/2007/2702 https://exchange.xforce.ibmcloud.com/vulnerabilities/35641 •

CVSS: 7.8EPSS: 6%CPEs: 1EXPL: 2

Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to delete arbitrary files via a .. (dot dot) in the argument to the deleteReport method, probably related to the SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll. Una vulnerabilidad de salto de directorio en un determinado control ActiveX en Nessus Vulnerability Scanner versión 3.0.6, permite a atacantes remotos eliminar archivos arbitrarios por medio de un .. (punto punto) en el argumento para el método deleteReport, probablemente relacionado con el Control ActiveX SCANCTRL.ScanCtrlCtrl.1 en la biblioteca scan.dll. • https://www.exploit-db.com/exploits/4237 https://www.exploit-db.com/exploits/4230 http://secunia.com/advisories/26243 http://securitytracker.com/id?1018469 http://www.nessus.org/news http://www.securityfocus.com/bid/25088 http://www.vupen.com/english/advisories/2007/2680 https://exchange.xforce.ibmcloud.com/vulnerabilities/35641 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •