MidnightBSD

Advisories for nessus

CVE-2003-0372 MEDIUM

Signed integer vulnerability in libnasl in Nessus before 2.0.6 allows local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code by causing a negative argument to be provided to the insstr function as used in a NASL script.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
nessus nessus *
CVE-2003-0373 MEDIUM

Multiple buffer overflows in libnasl in Nessus before 2.0.6 allow local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code via (1) a long proto argument to the scanner_add_port function, (2) a long user argument to the ftp_log_in function, (3) a long pass argument to the ftp_log_in function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
nessus nessus *
CVE-2003-0374 HIGH

Multiple unknown vulnerabilities in Nessus before 2.0.6, in libnessus and possibly libnasl, a different set of vulnerabilities than those identified by CVE-2003-0372 and CVE-2003-0373, aka "similar issues in other nasl functions as well as in libnessus."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nessus nessus *
CVE-2004-1445 LOW

A race condition in nessus-adduser in Nessus 2.0.11 and possibly earlier versions, if the TMPDIR environment variable is not set, allows local users to gain privileges.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
nessus nessus 2.0.3
nessus nessus 2.0.6
nessus nessus 2.0.9
nessus nessus 2.0
nessus nessus 2.0.8
nessus nessus 2.0.4
nessus nessus 2.0.1
nessus nessus 2.0.2
nessus nessus 2.0.5
nessus nessus 2.0.7
nessus nessus 2.0.10
nessus nessus 2.0.11
nessus nessus 2.1.0
CVE-2004-2722 LOW

Nessus 2.0.10a stores account passwords in plaintext in .nessusrc files, which allows local users to obtain passwords. NOTE: the original researcher reports that the vendor has disputed this issue

CVSS 2.0

Severity: LOW

Problem Type: CWE-255,

Products Affected

Vendor Product Version
nessus nessus 2.0.10a
CVE-2004-2723 LOW

NessusWX 1.4.4 stores account passwords in plaintext in .session files, which allows local users to obtain passwords.

CVSS 2.0

Severity: LOW

Problem Type: CWE-255,

Products Affected

Vendor Product Version
nessus nessuswx 1.4.4
CVE-2006-2093 LOW

Nessus before 2.2.8, and 3.x before 3.0.3, allows user-assisted attackers to cause a denial of service (memory consumption) via a NASL script that calls split with an invalid sep parameter. NOTE: a design goal of the NASL language is to facilitate sharing of security tests by guaranteeing that a script "can not do anything nasty." This issue is appropriate for CVE only if Nessus users have an expectation that a split statement will not use excessive memory.

CVSS 2.0

Severity: LOW

Problem Type: CWE-399,

Products Affected

Vendor Product Version
nessus nessus 2.2.0_rc1
nessus nessus 2.2.2
nessus nessus 2.2.3
nessus nessus 2.2.0
nessus nessus *
nessus nessus 2.2.5
nessus nessus 2.2.1
nessus nessus 2.2.6
CVE-2010-2914 MEDIUM

Cross-site scripting (XSS) vulnerability in nessusd_www_server.nbin in the Nessus Web Server plugin 1.2.4 for Nessus allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
nessus web_server_plugin 1.2.4
CVE-2010-2989 MEDIUM

nessusd_www_server.nbin in the Nessus Web Server plugin 1.2.4 for Nessus allows remote attackers to obtain sensitive information via a request to the /feed method, which reveals the version in a response.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
nessus web_server_plugin 1.2.4