Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nessus nessus vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2016-1000029
Tenable Nessus prior to 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would potentially impact other admins (Tenable IDs 5218 and 5269).
Tenable Nessus
5.4
CVSSv3
CVE-2018-1147
In Nessus prior to 7.1.0, a XSS vulnerability exists due to improper input validation. A remote authenticated attacker could create and upload a .nessus file, which may be viewed by an administrator allowing for the execution of arbitrary script code in a user's browser sess...
Tenable Nessus
6.5
CVSSv3
CVE-2018-1148
In Nessus prior to 7.1.0, Session Fixation exists due to insufficient session management within the application. An authenticated attacker could maintain system access due to session fixation after a user password change.
Tenable Nessus
4.8
CVSSv3
CVE-2016-1000028
Tenable Nessus prior to 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would only potentially impact other admins. (Tenable ID 5198).
Tenable Nessus
NA
CVE-2004-2723
NessusWX 1.4.4 stores account passwords in plaintext in .session files, which allows local users to obtain passwords.
Nessus Nessuswx 1.4.4
NA
CVE-2007-4031
Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows remote malicious users to delete arbitrary files via a .. (dot dot) in the argument to the deleteReport method, probably related to the SCANCTRL.ScanCtrlCtrl.1 ActiveX cont...
Nessus Vulnerability Scanner 3.0.6
2 EDB exploits
NA
CVE-2007-4061
Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows remote malicious users to create or overwrite arbitrary files via a .. (dot dot) in the argument to the saveNessusRC method, which writes text specified by the addsetConfig...
Nessus Vulnerability Scanner 3.0.6
1 EDB exploit
NA
CVE-2007-4062
The SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll in Nessus Vulnerability Scanner 3.0.6 allows remote malicious users to delete arbitrary files via unspecified vectors involving the deleteNessusRC method, probably a directory traversal vulnerability.
Nessus Vulnerability Scanner 3.0.6
1 EDB exploit
8.8
CVSSv3
CVE-2023-5622
Under certain conditions, Nessus Network Monitor could allow a low privileged user to escalate privileges to NT AUTHORITY\SYSTEM on Windows hosts by replacing a specially crafted file.
Tenable Nessus Network Monitor
7.8
CVSSv3
CVE-2023-5623
NNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary code with SYSTEM privileges where NNM is installed to a non-standard location
Tenable Nessus Network Monitor
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »