tenable web ui vulnerabilities and exploits

(subscribe to this query)

4.3

CVSSv2

Cross-site scripting (XSS) vulnerability in the Web UI prior to 2.3.4 Build #85 for Tenable Nessus 5.x allows remote web servers to inject arbitrary web script or HTML via the server header.

Tenable Web Ui

1 EDB exploit

5

CVSSv2

The /server/properties resource in Tenable Web UI prior to 2.3.5 for Nessus 5.2.3 up to and including 5.2.7 allows remote malicious users to obtain sensitive information via the token parameter.

Tenable Nessus 5.2.6 Tenable Nessus 5.2.7 Tenable Web Ui Tenable Nessus 5.2.3 Tenable Nessus 5.2.4 Tenable Nessus 5.2.5

10

CVSSv2

Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote attacker can inject arbitrary commands.

Tenable Appliance 3.10.0 Tenable Appliance 4.0.0 Tenable Appliance 4.4.0 Tenable Appliance 3.5.0 Tenable Appliance 4.1.0 Tenable Appliance 4.2.0 Tenable Appliance 4.3.0 Tenable Appliance 4.3.1 Tenable Appliance 3.5.1 Tenable Appliance 3.10.1 Tenable Appliance 3.4.0

1 EDB exploit

6

CVSSv2

Tenable Nessus prior to 6.10.2 (as used alone or in Tenable Appliance prior to 4.5.0) was found to contain a flaw that allowed a remote, authenticated malicious user to upload a crafted file that could be written to anywhere on the system. This could be used to subsequently gain ...

Tenable Nessus Tenable Appliance 4.4.0

5

CVSSv2

Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the Web UI that allows for the unauthorized manipulation of the admin password.

Tenable Appliance

NA

An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties able to reach the Nessus instanc...

Tenable Nessus

4.3

CVSSv2

Cross-site scripting (XSS) vulnerability in nessusd_www_server.nbin in the Nessus Web Server plugin 1.2.4 for Nessus allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.

Nessus Web Server Plugin 1.2.4

5

CVSSv2

nessusd_www_server.nbin in the Nessus Web Server plugin 1.2.4 for Nessus allows remote malicious users to obtain sensitive information via a request to the /feed method, which reveals the version in a response.

Nessus Web Server Plugin 1.2.4

4.3

CVSSv2

In Bootstrap prior to 3.4.1 and 4.3.x prior to 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

Getbootstrap Bootstrap F5 Big-ip Local Traffic Manager F5 Big-ip Application Security Manager F5 Big-ip Access Policy Manager F5 Big-ip Advanced Firewall Manager F5 Big-ip Analytics F5 Big-ip Application Acceleration Manager F5 Big-ip Domain Name System F5 Big-ip Fraud Protection Service F5 Big-ip Global Traffic Manager F5 Big-ip Link Controller F5 Big-ip Policy Enforcement Manager F5 Big-ip Webaccelerator F5 Big-ip Edge Gateway Redhat Virtualization Manager 4.3 Tenable Tenable.sc

6 Github repositories

Get Started

1 2 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook