Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nessus nessus vulnerabilities and exploits
(subscribe to this query)
6.7
CVSSv3
CVE-2021-20099
Nessus Agent 8.2.4 and previous versions for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20100.
Tenable Nessus
6.7
CVSSv3
CVE-2021-20100
Nessus Agent 8.2.4 and previous versions for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20099.
Tenable Nessus
NA
CVE-2010-2914
Cross-site scripting (XSS) vulnerability in nessusd_www_server.nbin in the Nessus Web Server plugin 1.2.4 for Nessus allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Nessus Web Server Plugin 1.2.4
NA
CVE-2010-2989
nessusd_www_server.nbin in the Nessus Web Server plugin 1.2.4 for Nessus allows remote malicious users to obtain sensitive information via a request to the /feed method, which reveals the version in a response.
Nessus Web Server Plugin 1.2.4
NA
CVE-2004-2723
NessusWX 1.4.4 stores account passwords in plaintext in .session files, which allows local users to obtain passwords.
Nessus Nessuswx 1.4.4
8.8
CVSSv3
CVE-2023-5622
Under certain conditions, Nessus Network Monitor could allow a low privileged user to escalate privileges to NT AUTHORITY\SYSTEM on Windows hosts by replacing a specially crafted file.
Tenable Nessus Network Monitor
7.8
CVSSv3
CVE-2023-5623
NNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary code with SYSTEM privileges where NNM is installed to a non-standard location
Tenable Nessus Network Monitor
7.2
CVSSv3
CVE-2023-5624
Under certain conditions, Nessus Network Monitor was found to not properly enforce input validation. This could allow an admin user to alter parameters that could potentially allow a blindSQL injection.
Tenable Nessus Network Monitor
7.3
CVSSv3
CVE-2023-5847
Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts.
Tenable Nessus
Tenable Nessus Agent
NA
CVE-2007-4062
The SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll in Nessus Vulnerability Scanner 3.0.6 allows remote malicious users to delete arbitrary files via unspecified vectors involving the deleteNessusRC method, probably a directory traversal vulnerability.
Nessus Vulnerability Scanner 3.0.6
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-3611
CVE-2024-4947
CVE-2024-32988
CVE-2020-35165
local file inclusion
CVE-2024-4980
bypass
malicious code
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »