Vulnerabilities > Nessus > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-08-10 | CVE-2010-2989 | Information Exposure vulnerability in Nessus web Server Plugin 1.2.4 nessusd_www_server.nbin in the Nessus Web Server plugin 1.2.4 for Nessus allows remote attackers to obtain sensitive information via a request to the /feed method, which reveals the version in a response. | 5.0 |
2010-07-30 | CVE-2010-2914 | Cross-Site Scripting vulnerability in Nessus web Server Plugin 1.2.4 Cross-site scripting (XSS) vulnerability in nessusd_www_server.nbin in the Nessus Web Server plugin 1.2.4 for Nessus allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2007-07-03 | CVE-2007-3546 | Script HTML Injection vulnerability in Nessus Windows GUI Cross-site scripting (XSS) vulnerability in the Windows GUI in Nessus Vulnerability Scanner before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network nessus | 4.3 |
2003-06-16 | CVE-2003-0373 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nessus Multiple buffer overflows in libnasl in Nessus before 2.0.6 allow local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code via (1) a long proto argument to the scanner_add_port function, (2) a long user argument to the ftp_log_in function, (3) a long pass argument to the ftp_log_in function. | 4.4 |
2003-06-16 | CVE-2003-0372 | Numeric Errors vulnerability in Nessus Signed integer vulnerability in libnasl in Nessus before 2.0.6 allows local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code by causing a negative argument to be provided to the insstr function as used in a NASL script. | 4.6 |