CVE Tools

nessus

Security ProductsUScommercial

11

Cumulative CVEs

5

Monthly snapshots

#8

Peak rank

Top products

web server plugin1

Latest CVEs

The 13 most recently published vulnerabilities affecting nessus.

CVE-2010-2989nessusd_www_server.nbin in the Nessus Web Server plugin 1.2.4 for Nessus allows remote attackers to obtain sensitive information via a request to the /feed method, which reveals the version in a re...5.0Aug 9, 2010
CVE-2010-2914Cross-site scripting (XSS) vulnerability in nessusd_www_server.nbin in the Nessus Web Server plugin 1.2.4 for Nessus allows remote attackers to inject arbitrary web script or HTML via unspecified v...4.3Jul 30, 2010
CVE-2004-2723NessusWX 1.4.4 stores account passwords in plaintext in .session files, which allows local users to obtain passwords.2.1Oct 6, 2007
CVE-2004-2722Nessus 2.0.10a stores account passwords in plaintext in .nessusrc files, which allows local users to obtain passwords. NOTE: the original researcher reports that the vendor has disputed this issue2.1Oct 6, 2007
CVE-2007-4062The SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to delete arbitrary files via unspecified vectors involving the deleteNessusRC ...7.8Jul 30, 2007
CVE-2007-4061Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argumen...9.3Jul 30, 2007
CVE-2007-4031Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to delete arbitrary files via a .. (dot dot) in the argument to the dele...7.8Jul 27, 2007
CVE-2007-3546Cross-site scripting (XSS) vulnerability in the Windows GUI in Nessus Vulnerability Scanner before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.4.3Jul 3, 2007
CVE-2006-2093Nessus before 2.2.8, and 3.x before 3.0.3, allows user-assisted attackers to cause a denial of service (memory consumption) via a NASL script that calls split with an invalid sep parameter. NOTE: ...2.6Apr 29, 2006
CVE-2004-1445A race condition in nessus-adduser in Nessus 2.0.11 and possibly earlier versions, if the TMPDIR environment variable is not set, allows local users to gain privileges.3.7Feb 13, 2005
CVE-2003-0374Multiple unknown vulnerabilities in Nessus before 2.0.6, in libnessus and possibly libnasl, a different set of vulnerabilities than those identified by CVE-2003-0372 and CVE-2003-0373, aka "similar...10.0Jun 6, 2003
CVE-2003-0373Multiple buffer overflows in libnasl in Nessus before 2.0.6 allow local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code via (1) a lo...4.4Jun 6, 2003
CVE-2003-0372Signed integer vulnerability in libnasl in Nessus before 2.0.6 allows local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code by causi...4.6Jun 6, 2003