Vulnerabilities > Nessus
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-08-10 | CVE-2010-2989 | Information Exposure vulnerability in Nessus web Server Plugin 1.2.4 nessusd_www_server.nbin in the Nessus Web Server plugin 1.2.4 for Nessus allows remote attackers to obtain sensitive information via a request to the /feed method, which reveals the version in a response. | 5.0 |
| 2010-07-30 | CVE-2010-2914 | Cross-Site Scripting vulnerability in Nessus web Server Plugin 1.2.4 Cross-site scripting (XSS) vulnerability in nessusd_www_server.nbin in the Nessus Web Server plugin 1.2.4 for Nessus allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2007-07-30 | CVE-2007-4062 | Path Traversal vulnerability in Nessus vulnerability Scanner 3.0.6 The SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to delete arbitrary files via unspecified vectors involving the deleteNessusRC method, probably a directory traversal vulnerability. | 7.8 |
| 2007-07-30 | CVE-2007-4061 | Multiple vulnerability in Nessus vulnerability Scanner 3.0.6 Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to create or overwrite arbitrary files via a .. | 9.3 |
| 2007-07-27 | CVE-2007-4031 | Path Traversal vulnerability in Nessus vulnerability Scanner 3.0.6 Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to delete arbitrary files via a .. | 7.8 |
| 2007-07-03 | CVE-2007-3546 | Script HTML Injection vulnerability in Nessus Windows GUI Cross-site scripting (XSS) vulnerability in the Windows GUI in Nessus Vulnerability Scanner before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network nessus | 4.3 |
| 2006-04-29 | CVE-2006-2093 | Resource Management Errors vulnerability in Nessus Nessus before 2.2.8, and 3.x before 3.0.3, allows user-assisted attackers to cause a denial of service (memory consumption) via a NASL script that calls split with an invalid sep parameter. | 2.6 |
| 2004-12-31 | CVE-2004-2723 | Credentials Management vulnerability in Nessus Nessuswx 1.4.4 NessusWX 1.4.4 stores account passwords in plaintext in .session files, which allows local users to obtain passwords. | 2.1 |
| 2004-12-31 | CVE-2004-1445 | Unspecified vulnerability in Nessus A race condition in nessus-adduser in Nessus 2.0.11 and possibly earlier versions, if the TMPDIR environment variable is not set, allows local users to gain privileges. | 3.7 |
| 2003-06-16 | CVE-2003-0374 | Remote Security vulnerability in Nessus Multiple unknown vulnerabilities in Nessus before 2.0.6, in libnessus and possibly libnasl, a different set of vulnerabilities than those identified by CVE-2003-0372 and CVE-2003-0373, aka "similar issues in other nasl functions as well as in libnessus." | 10.0 |