SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
ITS DEPT
Nessus Plugin
Family
March 5, 2012 at 6:15pm CST
[third]
Confidential: The following report contains confidential information. Do not distribute, email, fax,
or transfer via any electronic mechanism unless it has been approved by the recipient company's
security policy. All copies and backups of this document should be saved on protected storage at all
times. Do not share any of the information contained within this report with anyone unless they are
authorized to view the information. Violating any of the previous instructions is grounds for termination.
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Table of Contents
Plugin Family Summary
AIX Local Security Checks
Backdoors
.......................................................................................................
CGI abuses
6
..................................................................................................................................................
7
................................................................................................................................
.............................................................................................................................................................
..................................................................................................................................................
Debian Local Security Checks
11
13
15
...............................................................................................................
17
...............................................................................................................................
19
....................................................................................................................................................................
21
Denial of Service
Fedora Local Security Checks
Firewalls
.........................................................................................
23
.......................................................................................................................................................
24
FreeBSD Local Security Checks
FTP
9
.........................................................................................
Default Unix Accounts
DNS
4
...........................................................................................
CGI abuses : XSS
Databases
3
.....................................................................................................................................................
CentOS Local Security Checks
CISCO
1
...............................................................................................................
....................................................................................
26
.....................................................................................................................................................................
28
Gain a shell remotely
..................................................................................................................
30
Table of Contents
Tenable Network Security
i
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
General
32
..........................................................................................................................................................
Gentoo Local Security Checks
........................................................................................
33
HP-UX Local Security Checks
...........................................................................................
35
Junos Local Security Checks
............................................................................................
37
MacOS X Local Security Checks
...................................................................................
39
Mandriva Local Security Checks
...................................................................................
41
.................................................................................................................................................................
42
Misc.
Netware
N/A
.........................................................................................................................................................
44
......................................................................................................................................................................
45
Peer-To-Peer File Sharing
......................................................................................................
47
..........................................................................................................................
49
........................................................................................................................................
50
Policy Compliance
Port scanners
Red Hat Local Security Checks
RPC
......................................................................................
51
....................................................................................................................................................................
SCADA
...........................................................................................................................................................
Service detection
Settings
52
54
..............................................................................................................................
56
.........................................................................................................................................................
57
Slackware Local Security Checks
SMTP problems
................................................................................
58
..................................................................................................................................
59
Table of Contents
Tenable Network Security
ii
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
SNMP
61
...............................................................................................................................................................
Solaris Local Security Checks
SuSE Local Security Checks
.........................................................................................
63
..............................................................................................
64
Ubuntu Local Security Checks
........................................................................................
VMware ESX Local Security Checks
.........................................................................
68
...........................................................................................................................................
70
......................................................................................................................................................
72
Web Servers
Windows
66
Windows : Microsoft Bulletins
..........................................................................................
74
Windows : User management
............................................................................................
76
Table of Contents
Tenable Network Security
iii
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin Family Summary
Plugin Family Severity Counts
Score
Total
Low
Med.
High
Crit.
Windows
Family
168870
34468
18276
1618
14574
0
General
19085
15318
13774
1447
97
0
Port scanners
14172
14172
14172
0
0
0
Service detection
9890
7619
7166
258
195
0
Windows : User management
5430
5041
4941
73
27
0
N/A
14047
5037
4004
41
992
0
Windows : Microsoft Bulletins
34624
4426
471
771
3184
0
Settings
3143
3143
3143
0
0
0
Web Servers
8732
2839
1926
332
581
0
Misc.
7413
2496
1700
321
475
0
Red Hat Local Security Checks
11848
1810
347
447
1016
0
RPC
3495
1461
990
315
156
0
DNS
5320
1168
345
465
358
0
CISCO
7351
1071
101
350
620
0
FTP
5650
1033
317
261
455
0
CGI abuses : XSS
2815
1021
173
834
14
0
CentOS Local Security Checks
6121
1009
441
0
568
0
Solaris Local Security Checks
9960
996
0
0
996
0
Backdoors
8864
983
56
66
861
0
Denial of Service
6094
969
34
470
465
0
Gain a shell remotely
6764
948
14
370
564
0
VMware ESX Local Security
Checks
7740
921
0
210
711
0
Firewalls
4595
913
381
158
374
0
SuSE Local Security Checks
4381
904
485
42
377
0
Default Unix Accounts
9000
900
0
0
900
0
Peer-To-Peer File Sharing
4037
895
409
176
310
0
SNMP
3319
895
565
78
252
0
FreeBSD Local Security Checks
4512
890
479
11
400
0
SMTP problems
5170
874
196
258
420
0
Ubuntu Local Security Checks
4695
865
413
34
418
0
Databases
4422
865
399
91
375
0
Slackware Local Security Checks
5220
861
183
249
429
0
AIX Local Security Checks
8580
858
0
0
858
0
CGI abuses
4928
857
400
6
451
0
Debian Local Security Checks
4012
835
482
0
353
0
HP-UX Local Security Checks
5342
831
0
424
407
0
Plugin Family Summary
Tenable Network Security
1
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Family
Score
Total
Low
Med.
High
Crit.
MacOS X Local Security Checks
4776
814
219
199
396
0
Gentoo Local Security Checks
4683
777
343
0
434
0
Fedora Local Security Checks
3149
726
386
91
249
0
Mandriva Local Security Checks
3973
706
343
0
363
0
Junos Local Security Checks
2386
468
90
212
166
0
SCADA
2343
434
134
113
187
0
Netware
1780
367
21
243
103
0
Policy Compliance
267
57
8
33
16
0
Generic
22
22
22
0
0
0
Web Servers
2
2
2
0
0
0
Web Clients
2
2
2
0
0
0
DNS Servers
3
1
0
1
0
0
Mobile Devices
1
1
1
0
0
0
Plugin Family Summary
Tenable Network Security
2
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
AIX Local Security Checks
Top 25 Most Common Plugins
Total
Severity
55359
Plugin
53
High
AIX 530011 : U840860
Plugin Name
55382
48
High
AIX 530011 : U843400
55376
44
High
AIX 530011 : U840877
55367
44
High
AIX 530011 : U840868
55356
44
High
AIX 530011 : U840857
55355
44
High
AIX 530011 : U840856
55369
41
High
AIX 530011 : U840870
55377
39
High
AIX 530011 : U840878
55383
36
High
AIX 530011 : U843401
55372
34
High
AIX 530011 : U840873
55371
34
High
AIX 530011 : U840872
55375
33
High
AIX 530011 : U840876
55363
30
High
AIX 530011 : U840864
55374
28
High
AIX 530011 : U840875
55365
28
High
AIX 530011 : U840866
55364
28
High
AIX 530011 : U840865
55366
26
High
AIX 530011 : U840867
55358
26
High
AIX 530011 : U840859
55378
23
High
AIX 530011 : U840879
55361
23
High
AIX 530011 : U840862
55379
22
High
AIX 530011 : U843397
55357
22
High
AIX 530011 : U840858
55380
21
High
AIX 530011 : U843398
55370
21
High
AIX 530011 : U840871
55360
21
High
AIX 530011 : U840861
AIX Local Security Checks
Tenable Network Security
3
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Backdoors
Top 25 Most Common Plugins
Plugin
Total
Severity
Plugin Name
15586
54
High
MoonLit Virus Backdoor
Detection
51988
50
High
Rogue Shell Backdoor
Detection
33951
50
High
Generic Backdoor Detection
(banner check)
15583
48
High
Unpassworded 'bash'
Backdoor Account
12287
47
High
Microsoft IIS Download.Ject
Trojan Detection
18392
44
High
IRC Bot Detection
45006
38
High
Energizer DUO USB Battery
Charger Software Backdoor
(credentialed check)
18367
37
High
Kibuv Worm Detection
14834
37
High
Radmin (Remote
Administrator) Port 10002 Possible GDI Compromise
23910
35
High
Compromised Windows
System (hosts File Check)
14184
33
High
Zincite.A (MyDoom.M)
Backdoor Detection
36036
31
High
Conficker Worm Detection
(uncredentialed check)
15570
31
High
PostNuke Trojaned Distribution
15517
31
High
Hacker Defender Backdoor
Detection
49270
30
High
Stuxnet Worm Detection
12266
29
High
W32.Dabber Worm Detection
12012
29
Medium
CYDOOR Software Detection
11123
27
Low
Radmin (Remote
Administrator) Port 4899
Detection
45085
26
High
Zeus/Zbot Banking Trojan/Data
Theft (credentialed check)
49211
24
High
Here You Have Email Worm
Detection
46882
23
High
Unreal IRC Daemon Backdoor
Detection
12111
22
High
PhatBOT Backdoor Detection
12013
22
High
DOWNLOADWARE Software
Detection
Backdoors
Tenable Network Security
4
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
19429
19
High
Zotob Worm Detection
45005
18
High
Arugizer Backdoor Detection
Backdoors
Tenable Network Security
5
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
CentOS Local Security Checks
Top 25 Most Common Plugins
Total
Severity
58042
Plugin
29
High
CentOS : RHSA-2012-0317
Plugin Name
58041
28
High
CentOS : RHSA-2012-0140
57733
28
High
CentOS : RHSA-2012-0069
57778
27
High
CentOS : RHSA-2012-0080
25254
26
Low
CentOS : RHSA-2007-0345
57810
25
High
CentOS : RHSA-2012-0096
57809
25
High
CentOS : RHSA-2012-0095
43724
25
Low
CentOS : RHSA-2009-0008
25850
25
Low
CentOS : RHSA-2007-0777
25447
25
Low
CentOS : RHSA-2007-0385
57808
24
High
CentOS : RHSA-2012-0093
57734
23
High
CentOS : RHSA-2012-0070
43781
23
Low
CentOS : RHSA-2009-1287
57983
22
High
CentOS : RHSA-2012-0141
57777
22
High
CentOS : RHSA-2012-0079
25501
22
Low
CentOS : RHSA-2007-0473
25403
22
Low
CentOS : RHSA-2007-0386
57780
21
High
CentOS : RHSA-2012-0085
57962
20
High
CentOS : RHSA-2012-0136
57807
20
High
CentOS : RHSA-2012-0092
57779
20
High
CentOS : RHSA-2012-0084
57732
20
High
CentOS : RHSA-2012-0062
58109
19
High
CentOS : RHSA-2012-0332
57878
19
High
CentOS : RHSA-2012-0105
26004
19
Low
CentOS : RHSA-2007-0795
CentOS Local Security Checks
Tenable Network Security
6
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
CGI abuses
Top 25 Most Common Plugins
Plugin
Total
Severity
Plugin Name
57799
29
Low
CodeMeter WebAdmin
Detection
55629
29
High
Symantec Web Gateway
forget.php Blind SQL Injection
(SYM11-008)
55447
29
Low
ManageEngine SupportCenter
Plus Detection
58088
27
High
FreePBX gen_amp_conf.php
Information Disclosure
57346
26
High
phpMyAdmin 3.3.x / 3.4.x
< 3.3.10.2 / 3.4.3.1 Multiple
Vulnerabilities (PMASA-2011-5
- PMASA-2011-8)
56485
26
High
Cisco Unified Operations
Manager < 8.6 Multiple
Vulnerabilities
57576
25
High
op5 Portal Arbitrary Command
Execution
56512
25
High
MyBB 1.6.4 Backdoor PHP
Code Execution
55509
25
Low
RSA Self-Service Console
Detection
55627
24
Low
Symantec Web Gateway
Detection
54969
24
Low
Apache Archiva Detection
57537
23
High
PHP < 5.3.9 Multiple
Vulnerabilities
56958
23
High
VMware vCenter Update
Manager Directory Traversal
(VMSA-2011-0014)
56754
22
High
Dell KACE K2000 Web
Backdoor Account
57577
20
Low
op5 Monitor Detection
55512
20
Low
Adobe ColdFusion Remote
Development Services
56735
19
High
TimThumb Cache Directory src
Parameter Arbitrary PHP File
Upload
55978
19
Low
Sitecore CMS Detection
58039
18
High
PHP 5.3.9
'php_register_variable_ex()'
Code Execution (intrusive
check)
57975
18
Low
Kayako SupportSuite Detection
CGI abuses
Tenable Network Security
7
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
51394
18
Low
DD-WRT Info.live.htm
Information Disclosure
56024
17
High
HP SiteScope Default
Credentials
55969
17
High
PHP 5.3.7 crypt() MD5
Incorrect Return Value
55931
17
High
Oracle GlassFish Server
Administration Console GET
Request Authentication Bypass
55455
17
Low
Trend Micro Data Loss
Prevention Virtual Appliance
Web Console Detection
CGI abuses
Tenable Network Security
8
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
CGI abuses : XSS
Top 25 Most Common Plugins
Plugin
Total
Severity
Plugin Name
56652
55
Medium
phpMyAdmin 3.4.x <
3.4.6 Cross-Site Scripting
(PMASA-2011-16)
56240
54
Medium
Phorum 5.2.x < 5.2.17
'control.php' 'real_name' Crosssite Scripting
55903
47
Medium
CGI Generic Cross-Site
Scripting (extended patterns)
54604
42
Medium
MDaemon WorldClient <
12.0.3 Summary Page Email
Subject XSS
55975
40
Medium
Apache Hadoop Jetty XSS
58087
38
Medium
phpMyAdmin 3.4.x <
3.4.10.1 Cross-Site Scripting
(PMASA-2012-1)
57617
36
Medium
Cacti < 0.8.7g Multiple CrossSite Scripting and HTML
Injection Vulnerabilities
55904
35
Medium
CGI Generic Script Injection
(quick test)
53576
31
Medium
Atlassian Confluence 2.x >=
2.7 / 3.x < 3.4.9 Multiple CrossSite Scripting Vulnerabilities
22254
31
Medium
Web Server Expect Header
XSS
57337
30
Medium
phpMyAdmin 3.4.x <
3.4.8 Cross-Site Scripting
(PMASA-2011-18)
57371
29
Medium
ManageEngine ServiceDesk
Plus 8.0.0 < Build 8015
Multiple Cross-Site Scripting
Vulnerabilities
56379
29
Medium
phpMyAdmin 3.4.x <
3.4.5 Cross-site Scripting
(PMASA-2011-14)
54579
27
Low
Mailman < 2.1.14 Multiple XSS
52483
27
Medium
CGI Generic Cross-Site
Scripting (persistent, 3rd Pass)
51090
27
Medium
MODx login.php 'username'
Parameter XSS
17709
27
Low
PHP < 4.4.2 Multiple CrossSite Scripting Vulnerabilities
57372
26
Medium
phpMyAdmin 3.4.x <
3.4.9 Cross-Site Scripting
CGI abuses : XSS
Tenable Network Security
9
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
(PMASA-2011-19 and
PMASA-2011-20)
51143
25
Medium
Openfire Admin Console
login.jsp XSS
53575
23
Medium
Atlassian Confluence 2.x >=
2.7 / 3.x < 3.4.6 Multiple CrossSite Scripting Vulnerabilities
53209
22
Medium
Symantec LiveUpdate
Administrator < 2.3 CSRF
(SYM11-005)
57979
21
Medium
Oracle WebCenter Content
Help Component Cross-Site
Scripting
50450
21
Medium
Atlassian FishEye Code
Metrics Report Plugin XSS
10815
21
Medium
Web Server Generic XSS
51972
19
Medium
CGI Generic Cross-Site
Scripting (Parameters Names)
CGI abuses : XSS
Tenable Network Security
10
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
CISCO
Top 25 Most Common Plugins
Plugin
Total
Severity
Plugin Name
56045
32
High
Cisco ASA 5500 Series
Multiple DoS Vulnerabilities
(cisco-sa-20100804-asa)
56320
31
High
Cisco IOS Software Smart
Install Remote Code Execution
Vulnerability - Cisco Systems
52586
29
High
Cisco ASA 5500 Series
Multiple Vulnerabilities (ciscosa-20110223-asa)
49056
29
High
Cisco IOS Software TCP
Denial of Service Vulnerability Cisco Systems
49052
28
High
Cisco IOS Software
Multiprotocol Label Switching
Packet Vulnerability
55424
27
High
RADIUS Authentication Bypass
- Cisco Systems
19559
27
Low
CiscoWorks Management
Console Detection
56321
26
High
Cisco IOS Software IPS
and Zone-Based Firewall
Vulnerabilities - Cisco Systems
56313
26
High
Cisco 10000 Series Denial of
Service Vulnerability - Cisco
Systems
49054
26
High
Cisco IOS Software Session
Initiation Protocol Denial of
Service Vulnerabilities
49001
26
Medium
Cisco Catalyst 6000, 6500
and Cisco 7600 Series MPLS
Packet Vulnerability
48954
26
Medium
Cisco IOS BGP Attribute
Corruption Vulnerability - Cisco
Systems
48950
26
Medium
Cisco IOS HTTP Server Query
Vulnerability - Cisco Systems
54833
25
High
49017
25
Medium
Multiple Cisco Products
Vulnerable to DNS Cache
Poisoning Attacks
48961
24
Medium
Cisco IOS ARP Table
Overwrite Vulnerability - Cisco
Systems
IPv6 Crafted Packet
Vulnerability - Cisco Systems
CISCO
Tenable Network Security
11
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
56317
23
Medium
Cisco IOS Software IPv6 over
MPLS Vulnerabilities - Cisco
Systems
49648
23
High
Cisco IOS Software Session
Initiation Protocol Denial of
Service Vulnerabilities - Cisco
Systems
49050
23
High
Cisco IOS Software
H.323 Denial of Service
Vulnerabilities - Cisco Systems
49047
23
High
Cisco IOS Software Crafted
Encryption Packet Denial of
Service Vulnerability - Cisco
Systems
49045
23
High
Cisco IOS Software Network
Time Protocol Packet
Vulnerability - Cisco Systems
48978
23
Medium
Cisco IOS DHCP Blocked
Interface Denial-of-Service Cisco Systems
56631
22
High
Cisco ASA 5500 Series
Multiple Vulnerabilities (ciscosa-20111005-asa)
49055
22
High
Cisco IOS Software Crafted
TCP Packet Denial of Service
Vulnerability - Cisco Systems
49028
22
Medium
Cisco IOS MPLS VPN May
Leak Information - Cisco
Systems
CISCO
Tenable Network Security
12
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Databases
Top 25 Most Common Plugins
Plugin
Total
Severity
Plugin Name
11217
46
Low
Microsoft SQL Server Version
Query (credentialed check)
10674
31
Low
Microsoft SQL Server UDP
Query Remote Version
Disclosure
11616
28
Low
DBTools DBManager
catalog.mdb Cleartext Local
Credential Disclosure
58105
27
Medium
IBM solidDB 6.5 < 6.5.0.8
Multiple Denial of Service
Vulnerabilities
22016
27
Low
DB2 Administration Server
Detection
49120
26
High
DB2 9.5 < Fix Pack 6a Multiple
Vulnerabilities
22416
26
Low
DB2 Connection Port Detection
56056
25
High
Oracle Database, April 2007
Critical Patch Update
55690
25
High
DB2 Unsupported Version
Detection
18205
25
Low
Oracle Database 9i/10g
Fine Grained Auditing (FGA)
SELECT Statement Logging
Weakness
46328
24
Low
MySQL Community Server 5.1
< 5.1.46 Multiple Vulnerabilities
32138
24
Low
MySQL Enterprise Server 5.0
< 5.0.60 MyISAM CREATE
TABLE Privilege Check Bypass
56057
22
High
Oracle Database, July 2007
Critical Patch Update
47718
22
High
Oracle Database, July 2010
Critical Patch Update
56065
21
High
Oracle Database, July 2009
Critical Patch Update
56052
21
High
Oracle Database, April 2006
Critical Patch Update
10719
21
Low
MySQL Server Detection
58106
20
Medium
IBM solidDB 6.5 < 6.5.0.8
Interim Fix 6 Redundant
WHERE Clause Select
Statement Parsing Remote
DoS
Databases
Tenable Network Security
13
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
18181
20
Low
Oracle Application Server
Webcache Requests OHS
mod_access Restriction
Bypass
56058
19
High
Oracle Database, October
2007 Critical Patch Update
56051
18
High
Oracle Database, January
2006 Critical Patch Update
53897
18
High
Oracle Database, April 2011
Critical Patch Update
24905
18
Low
MySQL Single Row Subselect
Remote DoS
57589
17
Medium
53811
17
Low
Oracle Database, January
2012 Critical Patch Update
IBM solidDB Detection (local
check)
Databases
Tenable Network Security
14
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Debian Local Security Checks
Top 25 Most Common Plugins
Plugin
Total
Severity
Plugin Name
57528
29
High
Debian DSA-773-1 : amd64 several vulnerabilities
27819
29
Low
Debian DSA-1402-1 : gforge insecure temporary files
58012
28
High
Debian DSA-2412-1 : libvorbis
- buffer overflow
56443
28
Low
Debian DSA-2321-1 : moin cross-site scripting
51558
28
Low
Debian DSA-2147-1 : pimd insecure temporary files
51665
27
Low
Debian DSA-2150-1 : requesttracker3.6 - unsalted password
hashing
44810
26
Low
Debian DSA-1945-1 : gforge symlink attack
34478
26
Low
Debian DSA-1658-1 : dbus programming error
58077
25
High
Debian DSA-2414-2 : fex insufficient input sanitization
31145
24
Low
Debian DSA-1501-1 : dspam programming error
57526
22
High
Debian DSA-2386-1 : openttd several vulnerabilities
31149
22
Low
Debian DSA-1505-1 : alsadriver - kernel memory leak
57811
21
High
Debian DSA-2400-1 :
iceweasel - several
vulnerabilities
57753
21
High
Debian DSA-2399-2 : php5 several vulnerabilities
58078
20
High
Debian DSA-2415-1 :
libmodplug - several
vulnerabilities
57542
20
High
Debian DSA-2388-1 : t1lib several vulnerabilities
44853
20
Low
Debian DSA-1989-1 : fuse denial of service
57963
18
High
Debian DSA-2409-1 :
devscripts - several
vulnerabilities
47705
18
Low
Debian DSA-2069-1 : znc denial of service
57827
17
High
Debian DSA-2404-1 : xenqemu-dm-4.0 - buffer overflow
Debian Local Security Checks
Tenable Network Security
15
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
47105
17
Low
Debian DSA-2063-1 : pmount insecure temporary file
38991
17
Low
Debian DSA-1810-1 :
libapache-mod-jk - information
disclosure
58110
16
High
Debian DSA-2416-1 : notmuch
- information disclosure
58097
16
High
Debian DSA-2417-1 : libxml2 computational denial of service
56179
16
Low
Debian DSA-2309-1 : openssl
- compromised certificate
authority
Debian Local Security Checks
Tenable Network Security
16
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Default Unix Accounts
Top 25 Most Common Plugins
Plugin
Total
Severity
Plugin Name
35621
50
High
Default Password (password)
for 'admin' Account on
Broadcom BCM96338 ADSL
Router
24275
48
High
Default Password (informix) for
'informix' Account
42367
46
High
Default Password (alpine) for
'root' Account
57916
44
High
Default Password (nasadmin)
for 'root' Account
57917
42
High
Default Password (nasadmin)
for 'nasadmin' Account
35660
36
High
Default Password (password)
for 'admin' Account
34417
36
High
Default Password (gforge) for
'root' Account
34082
36
High
Default Password (bank) for
'bank' Account
24276
35
High
Default Password (oracle) for
'oracle' Account
48274
33
High
Default Password (0p3nm35h)
for 'root' Account
46240
33
High
Default Password (alien) for
'root' Account
18527
33
High
Unpassworded 'mpi' Account
42368
32
High
Default Password (alpine) for
'mobile' Account
35559
32
High
Default Password (profense)
for 'operator' Account
50426
31
High
Default Password (patrol) for
'patrol' Account
42147
29
High
Default Password (sq!us3r) for
'dbadmin' Account
50601
28
High
Default Password (m) for 'root'
Account
34418
28
High
Default Password
(testpass123) for 'root' Account
35777
27
High
Default Password (toor) for
'root' Account
50602
26
High
Default Password (merlin) for
'mg3500' Account
34323
26
High
Default Password (rootme) for
'root' Account
Default Unix Accounts
Tenable Network Security
17
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
34083
24
High
Unpassworded 'r00t' account
34084
23
High
Default Password (trans) for
'trans' Account
31800
23
High
Default Password (dottie) for
'root' Account
24745
22
High
Default Password (password)
for 'root' Account
Default Unix Accounts
Tenable Network Security
18
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Denial of Service
Top 25 Most Common Plugins
Plugin
Total
Severity
Plugin Name
25402
29
Medium
F-Secure Policy Manager
Server fsmsh.dll module DoS
20903
29
Medium
IBM Tivoli Directory Server
LDAP Packet Handling DoS
20302
29
High
Macromedia Flash Media
Server Administration Service
Crafted Packet Remote DoS
23868
28
Medium
Kerio MailServer < 6.3.1 Long
LDAP Query DoS
20989
28
High
FreeBSD nfsd Malformed NFS
Mount Request Remote DoS
11475
28
High
3com RAS 1500 / Wyse
Winterm Malformed Packet
Remote DoS
11813
27
High
Linux 2.4 NFSv3 knfsd
Malformed GETATTR Request
Remote DoS
10388
27
High
Cassandra NNTP Server Login
Name Remote Overflow DoS
29980
26
High
Solaris 10 ICMP Packet
Handling DoS
20888
26
Medium
19777
26
High
35688
25
Medium
Sun Java System Directory
Server 6.x < 6.3.1 LDAP JDBC
Backend DoS
29925
25
High
IBM Lotus Domino < 7.0.2 FP3
Unspecified DoS
20983
25
High
BlackBerry Enterprise Server
Crafted SRP Packet Remote
DoS
18256
25
Medium
10461
25
High
RealServer Malformed
viewsource Directory Request
DoS
Medium
Linux Kernel Netfilter
*_conntrack_proto_sctp.c
sctp_new Function Unknown
Chunk Type Remote DoS
25483
24
Sun ONE Directory Server
LDAP Malformed Packet DoS
Linux SCTP ICMP Packet
Handling Null Dereference
Remote DoS
Kerio MailServer < 6.0.10
Multiple Mail Handling DoS
Denial of Service
Tenable Network Security
19
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
21120
24
Medium
Jabber Studio jabberd SASL
Negotiation Remote DoS
20890
24
Medium
Lotus Domino LDAP Server
Crafted Packet Remote DoS
44073
23
Medium
OpenSSH With OpenPAM DoS
21560
23
High
56922
22
Medium
Asterisk SIP Channel Driver
Uninitialized Variable Request
Parsing DoS (AST-2011-012)
31862
22
Low
Veritas Storage Foundation
Multiple Service Remote DoS
(SYM08-004)
33810
21
Medium
MailEnable IMAP Connection
Saturation Remote DoS
(ME-10042)
21023
21
Medium
Dropbear SSH Authorizationpending Connection Saturation
DoS
Linux SCTP ECNE Chunk
Handling Remote DoS
Denial of Service
Tenable Network Security
20
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
DNS
Top 25 Most Common Plugins
Total
Severity
11002
Plugin
74
Low
DNS Server Detection
Plugin Name
10028
55
Low
DNS Server BIND version
Directive Remote Version
Disclosure
35373
49
Low
DNS Server DNSSEC Aware
Resolver
57574
48
Medium
Unbound < 1.4.14 / 1.4.13p2
DoS Vulnerabilities
35371
47
Low
DNS Server hostname.bind
Map Hostname Disclosure
55049
44
Medium
Unbound < 1.4.10 daemon/
worker.c DNS Request Error
Handling Remote DoS
35450
38
Medium
DNS Server Spoofed Request
Amplification DDoS
49777
34
Medium
ISC BIND 9 9.7.2 < 9.7.2-P2
Multiple Vulnerabilities
12217
33
Medium
DNS Server Cache Snooping
Remote Information Disclosure
10539
33
Medium
DNS Server Recursive Query
Cache Poisoning Weakness
50976
32
Medium
ISC BIND 9 9.4-ESV < 9.4ESV-R4, 9.6.2 < 9.6.2-P3,
9.6-ESV < 9.6-ESV-R3,
9.7.x < 9.7.2-P3 Multiple
Vulnerabilities
47760
31
Medium
ISC BIND 9 'RRSIG' Record
Type Remote DoS
10029
29
High
ISC BIND < 4.9.7-REL /
8.2.2-P5 Multiple Remote
Vulnerabilities
38849
28
Low
NSD version Directive Remote
Version Disclosure
10886
28
High
ISC BIND < 8.3.4 Multiple
Remote Vulnerabilities
10549
27
High
ISC BIND < 8.2.2-P7
Compressed ZXFR Name
Service Query DoS
10605
25
High
ISC BIND < 4.9.8 / 8.2.3
Multiple Remote Overflows
35375
24
Medium
52158
23
High
PowerDNS CH HINFO Query
Handling DoS
ISC BIND 9.7.1-9.7.2P3 IXFR / DDNS Update
DNS
Tenable Network Security
21
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
Combined with High Query
Rate DoS
ISC BIND < 8.3.7 / 8.4.3
Negative Record Cache
Poisoning
11932
23
High
55048
22
Medium
Unbound < 1.4.4 DNSSEC
Outage
40422
21
Medium
ISC BIND Dynamic Update
Message Handling Remote
DoS
33868
20
High
PowerDNS Authoritative
Server Malformed Query
Cache Poisoning Weakness
56862
19
High
ISC BIND 9 Query.c Logging
Resolver Denial of Service
34325
19
Low
Dns2TCP Service Detection
DNS
Tenable Network Security
22
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Fedora Local Security Checks
Top 25 Most Common Plugins
Total
Severity
55780
Plugin
30
Low
Fedora 14 2011-9847
Plugin Name
58098
29
High
Fedora 16 2012-1844
56354
29
Low
Fedora 16 2011-12399
56897
28
Low
Fedora 16 2011-15959
57420
24
Low
Fedora 15 2011-17071
55945
24
Low
Fedora 16 2011-10399
57566
23
Low
Fedora 16 2012-0248
58044
22
High
Fedora 15 2012-1390
56225
22
Low
Fedora 15 2011-12403
57419
20
Low
Fedora 16 2011-17065
58045
19
High
Fedora 16 2012-1409
57565
19
Low
Fedora 15 2012-0247
55842
19
Low
Fedora 14 2011-8612
56924
18
Low
Fedora 14 2011-15831
58125
16
High
Fedora 16 2012-2213
58047
16
Low
Fedora 16 2012-1567
58079
15
High
Fedora 15 2012-1606
58080
13
High
Fedora 15 2012-1721
56926
13
Low
Fedora 15 2011-15846
58046
12
Low
Fedora 15 2012-1553
57610
11
Low
Fedora 16 2012-0682
55944
11
Low
Fedora 16 2011-10028
58120
10
High
Fedora 15 2012-1250
57439
10
Low
Fedora 15 2011-17341
56941
8
Low
Fedora 16 2011-16237
Fedora Local Security Checks
Tenable Network Security
23
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Firewalls
Top 25 Most Common Plugins
Plugin
Total
Severity
Plugin Name
31422
71
Low
Reverse NAT/Intercepting
Proxy Detection
50686
44
Low
IP Forwarding Enabled
57287
42
Medium
14378
29
Low
NetAsq IPS-Firewalls Detection
11762
29
Low
StoneGate Firewall Client
Authentication Detection
11834
28
Low
Source Routed Packet
Weakness
57641
26
High
Unsupported IPSO Firewall
11518
26
Low
Check Point FireWall-1 Open
Web Administration
20388
25
High
Juniper NetScreen Security
Manager (NSM) guiSrv/devSrv
Crafted String Remote DoS
11164
25
High
NEC SOCKS4 Module
Username Handling Remote
Overflow
11126
25
High
AnalogX Proxy SOCKS4a DNS
Hostname Handling Remote
Overflow
10192
25
Low
HTTP Proxy CONNECT
Request Relaying
27576
24
Low
Firewall Detection
48433
23
Medium
Squid 3.1.6 DNS Reply Denial
of Service
44384
23
Medium
Squid < 3.0.STABLE23 /
3.1.0.16
12084
22
High
Check Point FireWall-1 4.x
Multiple Vulnerabilities (OF,
FS)
10022
22
High
Axent Raptor Firewall Zero
Length IP Remote DoS
20391
20
High
WinProxy < 6.1a HTTP Proxy
Multiple Vulnerabilities
12216
20
High
Symantec Firewall Malformed
TCP Packet Options Remote
DoS
High
Finjan SurfinGate Proxy
FHTTP Command Admin
Functions Authentication
Bypass
12036
20
Squid 3.1.x < 3.1.16 / 3.2.x <
3.2.0.13 DNS Replies CName
Record Parsing Remote DoS
Firewalls
Tenable Network Security
24
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
10195
18
Low
48406
17
Medium
Misconfigured SOCKS filtering
12118
17
High
Multiple BSD ipfw / ip6fw ECE
Bit Filtering Evasion
10927
17
High
ISS BlackICE / RealSecure
Large ICMP Ping Packet
Overflow DoS
10675
16
Low
Check Point FireWall-1 Telnet
Client Authentication Detection
HTTP Proxy Open Relay
Detection
Firewalls
Tenable Network Security
25
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
FreeBSD Local Security Checks
Top 25 Most Common Plugins
Plugin
Total
Severity
Plugin Name
57647
28
High
FreeBSD : spamdyke -- Buffer
Overflow Vulnerabilities
(7d2336c2-4607-11e1-9f47-00e0815b8da8)
57646
28
High
FreeBSD : Wireshark -Multiple vulnerabilities
(3ebb2dc8-4609-11e1-9f47-00e0815b8da8)
51102
28
Low
FreeBSD : krb5 -- RFC 3961
key-derivation checksum
handling vulnerability
(1d193bba-03f6-11e0bf50-001a926c7637)
36459
28
Low
FreeBSD : openoffice
-- document disclosure
(c62dc69f-05c8-11d9b45d-000c41e2cdad)
57909
27
High
FreeBSD : WebCalendar
-- Persistent XSS
(2b20fd5f-552e-11e1-9fb7-003067b2972c)
56804
27
Low
FreeBSD : phpmyadmin
-- Local file inclusion
(1f6ee708-0d22-11e1b5bd-14dae938ec40)
Low
FreeBSD : slim -local disclosure of X
authority magic cookie
(80f13884-4d4c-11de-8811-0030843d3802)
38965
27
32072
27
Low
FreeBSD : phpmyadmin
-- Shared Host
Information Disclosure
(fe971a0f-1246-11ddbab7-0016179b2dd5)
58023
26
High
FreeBSD : piwik -- xss
and click-jacking issues
(da317bc9-59a6-11e1bc16-0023ae8e59f0)
43596
26
Low
FreeBSD : drupal -- multiple
cross-site scripting (751823d4f189-11de-9344-00248c9b4be7)
55517
25
Low
FreeBSD : BIND -- Remote
DoS with certain RPZ
configurations (4ccee784a721-11e0-89b4-001ec9578670)
Low
FreeBSD : perl -- Directory
Permissions Race
Condition (4a99d61cf23a-11dd-9f55-0030843d3802)
35582
25
FreeBSD Local Security Checks
Tenable Network Security
26
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
57739
24
High
FreeBSD : sudo -format string vulnerability
(7c920bb7-4b5f-11e1-9f47-00e0815b8da8)
57553
24
High
FreeBSD : ffmpeg -multiple vulnerabilities
(ea2ddc49-3e8e-11e1-8095-5404a67eef98)
57883
23
High
FreeBSD : chromium -multiple vulnerabilities
(fe1976c2-5317-11e1-9e99-00262d5ed8ee)
51568
23
Low
FreeBSD : MoinMoin -- crosssite scripting vulnerabilities
(4c017345-1d89-11e0bbee-0014a5e3cda6)
57830
22
High
FreeBSD : php -arbitrary remote code
execution vulnerability
(3fd040be-4f0b-11e1-9e32-0025900931f8)
57720
21
High
FreeBSD : postfixadmin
-- Multiple Vulnerabilities
(93688f8f-4935-11e1-89b4-001ec9578670)
38031
21
Low
FreeBSD : zebra/quagga
denial of service vulnerability
(cad045c0-81a5-11d8-9645-0020ed76ef5a)
35289
21
Low
FreeBSD : p5-File-Path -rmtree allows creation of setuid
files (13b0c8c8-bee0-11dda708-001fc66e7203)
Low
FreeBSD : drupal -multiple vulnerabilities
(706c9eef-a077-11ddb413-001372fd0af2)
34484
21
57612
20
High
FreeBSD : asterisk -SRTP Video Remote
Crash Vulnerability
(dd698b76-42f7-11e1a1b6-14dae9ebcf89)
57675
19
High
FreeBSD : chromium -multiple vulnerabilities
(33d73d59-4677-11e1-88cd-00262d5ed8ee)
Low
FreeBSD : insecure
temporary file creation in
xine-check, xine-bugreport
(fde53204-7ea6-11d8-9645-0020ed76ef5a)
Low
FreeBSD : phpmyadmin
-- Cross Site Scripting
Vulnerabilities
(e285a1f4-4568-11ddae96-0030843d3802)
37141
33375
19
19
FreeBSD Local Security Checks
Tenable Network Security
27
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
FTP
Top 25 Most Common Plugins
Plugin
Total
Severity
Plugin Name
FTP Supports Clear Text
Authentication
34324
105
Low
41980
35
Medium
42149
31
Low
FTP Service AUTH TLS
Command Support
52703
29
Low
vsftpd Detection
40332
29
High
Wyse Device Manager Default
FTP Account
17593
29
High
FileZilla FTP Server Multiple
DoS
15613
28
Low
Hummingbird Connectivity
FTP Service XCWD Command
Overflow
40772
27
High
Ipswitch WS_FTP Server <
6.1.1 Multiple Vulnerabilities
(uncredentialed check)
18611
27
High
PlanetFileServer mshftp.dll
Data Processing Remote
Overflow
11779
27
Low
FTP Server Copyrighted
Material Present
54955
26
Low
Wing FTP Server Detection
51585
26
Medium
BlackMoon FTP Server Denial
of Service
57272
25
Medium
FTPS Plaintext Fallback
Security Bypass
51366
23
High
50811
22
Medium
FTP Server Traversal Arbitrary
File Access (RETR)
40770
22
Low
Ipswitch WS_FTP Server
Version Detection (credentialed
check)
24021
21
High
Easy File Sharing FTP Server
PASS Command Overflow
18402
21
High
Hummingbird InetD FTP
Component (ftpdw.exe)
Command Overflow
55523
19
High
vsftpd Smiley Face Backdoor
34398
19
High
Serv-U 7.x < 7.3.0.1 Multiple
Remote Vulnerabilities (DoS,
Traversal)
Serv-U < 9.0.0.1
ProFTPD < 1.3.3d 'mod_sql'
Buffer Overflow
FTP
Tenable Network Security
28
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
32373
19
Low
FTP Server Any Command
Accepted (possible backdoor/
proxy)
27055
19
High
ProFTPD < 1.3.0a Multiple
Vulnerabilities
16321
19
High
3Com 3CServer/3CDaemon
FTP Server Multiple
Vulnerabilities (OF, FS, PD,
DoS)
10079
19
Medium
21324
18
High
Anonymous FTP Enabled
Gene6 FTP Server Multiple
Command Remote Overflows
FTP
Tenable Network Security
29
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Gain a shell remotely
Top 25 Most Common Plugins
Plugin
Total
Severity
Plugin Name
54618
44
High
Sybase M-Business Anywhere
(AvantGo) gsoap Module
password Tag Handling
Overflow
50023
44
High
Novell PlateSpin Orchestrate
Remote Code Execution
51418
43
High
HP StorageWorks MSA P2000
Default Credentials
54986
42
High
HP Intelligent Management
Center TFTP Multiple
Vulnerabilities
54999
37
High
HP Intelligent Management
Center Multiple Vulnerabilities
52157
37
High
Asterisk main/udptl.c Buffer
Overflows (AST-2011-002)
20755
28
Medium
Tftpd32 Error Message Format
String
19605
28
Medium
GNU Mailutils imap4d Search
Command Remote Format
String
45545
27
High
TANDBERG Video
Communication Server Static
SSH Host Keys
33285
26
High
EMC AlphaStor Library
Manager Remote Code
Execution
18200
26
Medium
NetWin DMail Server Multiple
Remote Vulnerabilities
34729
25
High
ClamAV < 0.94.1
get_unicode_name() Off-byOne Buffer Overflow
21684
25
Medium
33397
24
High
Novell eDirectory < 8.8.2
FTF2 / 8.7.3 SP10b Multiple
Remote Overflows
32320
23
High
Remote host has weak Debian
OpenSSH Keys in ~/.ssh/
authorized_keys
26067
23
Medium
35700
22
High
IAXClient Open Source Library
iax_net_read Function Packet
Handling Remote Overflow
Mercury IMAP Server
SEARCH Command Remote
Buffer Overflow
FreeBSD telnetd sys_term.c
Environment Variable Handling
Gain a shell remotely
Tenable Network Security
30
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
Privilege Escalation (FreeBSDSA-09:05)
30106
22
Medium
AXIGEN Mail Server AXIMilter
CNHO Command Remote
Format String
51644
21
Medium
Asterisk main/utils.c
ast_uri_encode() CallerID
Information Overflow
(AST-2011-001)
21673
20
Medium
SpamAssassin spamd Crafted
Message Arbitrary Command
Execution
19938
20
Medium
UW-IMAP Mailbox Name
Buffer Overflow
12099
20
Medium
F-Secure SSH Password
Authentication Policy Evasion
31419
19
High
Versant Connection Services
Daemon Arbitrary Command
Execution
14314
19
Medium
51369
17
High
Cfengine
AuthenticationDialogue()
Function Remote Overflow
HP StorageWorks MSA P2000
Hidden 'admin' User Default
Credentials
Gain a shell remotely
Tenable Network Security
31
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
General
Top 25 Most Common Plugins
Total
Severity
10287
Plugin
2152
Low
Traceroute Information
Plugin Name
11936
1659
Low
OS Identification
54615
1645
Low
Device Type
45590
1250
Low
Common Platform
Enumeration (CPE)
10114
1094
Low
ICMP Timestamp Request
Remote Date Disclosure
12053
1092
Low
Host Fully Qualified Domain
Name (FQDN) Resolution
25220
1041
Low
TCP/IP Timestamps Supported
10881
482
Low
SSH Protocol Versions
Supported
51192
349
Medium
56984
325
Low
SSL / TLS Versions Supported
21643
316
Low
SSL Cipher Suites Supported
10863
314
Low
SSL Certificate Information
57582
279
Medium
SSL Self-Signed Certificate
51891
257
Low
SSL Session Resume
Supported
10919
255
Low
Open Port Re-check
39520
243
Low
Backported Security Patch
Detection (SSH)
56468
229
Low
Time of Last System Startup
45411
224
Medium
45410
209
Low
SSL Certificate commonName
Mismatch
55472
196
Low
Device Hostname
42873
122
Medium
SSL Medium Strength Cipher
Suites Supported
57041
113
Low
SSL Perfect Forward Secrecy
Cipher Suites Supported
10882
91
Medium
34097
86
Low
BIOS Version Information (via
SMB)
35291
84
Medium
SSL Certificate Signed using
Weak Hashing Algorithm
SSL Certificate Cannot Be
Trusted
SSL Certificate with Wrong
Hostname
SSH Protocol Version 1
Session Key Retrieval
General
Tenable Network Security
32
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Gentoo Local Security Checks
Top 25 Most Common Plugins
Plugin
Total
Severity
Plugin Name
56686
28
High
GLSA-201111-01 : Chromium,
V8: Multiple vulnerabilities
32150
27
Low
GLSA-200805-02 :
phpMyAdmin: Information
disclosure
21095
27
Low
GLSA-200603-14 : Heimdal:
rshd privilege escalation
58101
26
High
GLSA-201202-05 : Heimdal:
Arbitrary code execution
57721
26
High
GLSA-201201-15 : ktsuss:
Privilege escalation
57745
25
High
GLSA-201201-19 : Adobe
Reader: Multiple vulnerabilities
57631
25
High
GLSA-201201-05 :
mDNSResponder: Multiple
vulnerabilities
56905
25
High
GLSA-201111-09 : Perl Safe
module: Arbitrary Perl code
injection
57651
23
High
GLSA-201201-09 : FreeType:
Multiple vulnerabilities
25188
22
Low
GLSA-200705-11 : MySQL:
Two Denial of Service
vulnerabilities
56626
20
High
GLSA-201110-22 :
PostgreSQL: Multiple
vulnerabilities
21317
20
Low
GLSA-200605-02 : X.Org:
Buffer overflow in XRender
extension
57656
19
High
GLSA-201201-14 : MIT
Kerberos 5 Applications:
Multiple vulnerabilities
56635
19
High
GLSA-201110-23 : Apache
mod_authnz_external: SQL
injection
22939
19
Low
GLSA-200611-01 : Screen:
UTF-8 character handling
vulnerability
21664
19
Low
GLSA-200606-02 : shadow:
Privilege escalation
21096
19
Low
GLSA-200603-15 : Crypt::CBC:
Insecure initialization vector
Gentoo Local Security Checks
Tenable Network Security
33
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
57655
18
High
GLSA-201201-13 : MIT
Kerberos 5: Multiple
vulnerabilities
57433
18
High
GLSA-201201-01 :
phpMyAdmin: Multiple
vulnerabilities
56504
18
High
GLSA-201110-11 : Adobe
Flash Player: Multiple
vulnerabilities
26094
18
Low
GLSA-200709-04 : po4a:
Insecure temporary file
creation
58081
17
High
GLSA-201202-02 : Quagga:
Multiple vulnerabilities
56906
17
High
GLSA-201111-10 : Evince:
Multiple vulnerabilities
56724
17
High
GLSA-201111-02 :
Oracle JRE/JDK: Multiple
vulnerabilities
57649
16
High
GLSA-201201-07 : NX Server
Free Edition, NX Node:
Privilege escalation
Gentoo Local Security Checks
Tenable Network Security
34
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
HP-UX Local Security Checks
Top 25 Most Common Plugins
Plugin
Total
Severity
Plugin Name
51467
29
Medium
HP-UX Security Patch :
PHKL_39899
53268
28
Medium
HP-UX Security Patch :
PHKL_41945
52040
26
High
HP-UX Security Patch :
PHSS_41788
51659
26
Medium
HP-UX Security Patch :
PHSS_41775
44349
26
Medium
HP-UX Security Patch :
PHSS_39105
47147
25
High
HP-UX Security Patch :
PHSS_41166
51468
22
Medium
HP-UX Security Patch :
PHKL_40944
46348
22
High
HP-UX Security Patch :
PHSS_40708
43361
22
High
HP-UX Security Patch :
PHSS_39640
44352
20
Medium
HP-UX Security Patch :
PHSS_39511
43140
20
High
HP-UX Security Patch :
PHSS_37382
38730
20
Medium
HP-UX Security Patch :
PHCO_38492
52039
19
High
HP-UX Security Patch :
PHSS_41174
43139
19
High
HP-UX Security Patch :
PHSS_36800
43134
19
High
HP-UX Security Patch :
PHSS_36588
49113
17
Medium
HP-UX Security Patch :
PHCO_41202
43141
17
High
HP-UX Security Patch :
PHSS_37383
40366
17
Medium
HP-UX Security Patch :
PHNE_39873
53271
16
Medium
HP-UX Security Patch :
PHNE_41908
53269
16
Medium
HP-UX Security Patch :
PHNE_41177
44354
16
Medium
HP-UX Security Patch :
PHSS_39515
HP-UX Local Security Checks
Tenable Network Security
35
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
53267
15
Medium
HP-UX Security Patch :
PHKL_41944
51466
15
Medium
HP-UX Security Patch :
PHKL_39133
46813
15
High
HP-UX Security Patch :
PHNE_40339
38731
15
Medium
HP-UX Security Patch :
PHCO_38547
HP-UX Local Security Checks
Tenable Network Security
36
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Junos Local Security Checks
Top 25 Most Common Plugins
Plugin
Total
Severity
55933
53
High
56771
45
Medium
55941
44
Low
55935
41
Medium
57638
34
High
Plugin Name
Unsupported Junos Operating
System
Juniper Junos J-Web
Administrator Logs XSS
(PSN-2011-10-392)
Juniper Junos J-Web
Weak SSL Ciphers
(PSN-2011-01-147)
Juniper Junos IPv6 over
IPv4 Security Policy Bypass
(PSN-2011-07-299)
Juniper Junos J-Web
Component Unspecified CSRF
(PSN-2012-01-474)
Juniper Junos debug.php
J-Web Component
Unauthenticated Debug
Access (PSN-2011-02-158)
55940
33
Medium
55937
32
High
Juniper Junos ICMP Ping
'composite next-hop' Remote
DoS (PSN-2011-07-297)
55934
29
Low
Juniper Junos Extended DHCP
Relay Agent Traffic Redirection
(PSN-2011-07-300)
57636
27
High
Juniper Junos MGD-CLI
Arbitrary Command Execution
(PSN-2011-11-418)
55939
24
Medium
Juniper Junos Multiple
sfid Daemon Malformed
Packet Remote DoS
(PSN-2011-04-241)
55936
24
Medium
Juniper Junos Fragmented
ICMP Packet Handling Remote
DoS (PSN-2011-07-298)
56769
23
Medium
Juniper Junos MPC Malformed
Route Prefix Remote DoS
(PSN-2011-08-327)
56770
20
High
Juniper Junos Next-Gen
MVPN Senario Malformed
Message Handling Remote
DoS (PSN-2011-10-391)
55932
17
Low
Junos Version Detection
57639
8
Medium
Juniper Junos BGP
Multiple Remote DoS
(PSN-2012-01-475)
Junos Local Security Checks
Tenable Network Security
37
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
57637
7
Medium
Juniper Junos BGP UPDATE
Malformed ATTR_SET
Attribute Remote DoS
(PSN-2012-01-472)
55938
7
Medium
Juniper Junos PIM rpd Crafted
Boot Message Remote DoS
(PSN-2011-07-296)
Junos Local Security Checks
Tenable Network Security
38
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
MacOS X Local Security Checks
Top 25 Most Common Plugins
Plugin
Total
Severity
Plugin Name
58092
29
High
Microsoft Silverlight
Unsupported Version Detection
(Mac OS X)
53844
29
Medium
Skype for Mac 5.x < 5.1.0.922
Unspecified Remote Code
Execution (credentialed check)
57286
27
High
MS11-089 / MS11-094 /
MS11-096 : Vulnerabilities in
Microsoft Office Could Allow
Remote Code Execution
(2590602 / 2639142 /
2640241) (Mac OS X)
56875
27
High
Flash Player for Mac <=
10.3.183.10 / 11.0.1.152
Multiple Vulnerabilities
(APSB11-28)
25997
27
Low
iTunes Version Detection (Mac
OS X)
24812
26
Medium
20911
26
Low
Mac OS X < 10.4.5 Kernel
Undocumented System Call
Local DoS
iPhoto < 6.0.6
58093
25
High
MS11-078: Vulnerability in
Microsoft Silverlight Could
Allow Remote Code Execution
(2514842) (Mac OS X)
57361
25
High
Thunderbird 8.x Multiple
Vulnerabilities (Mac OS X)
53843
25
Low
Skype for Mac Installed
(credentialed check)
50681
25
Medium
56960
23
Low
Adobe AIR for Mac Installed
58070
21
High
Firefox 10.x < 10.0.1 Memory
Corruption (Mac OS X)
Mac OS X Server v10.6.5
(10H575)
58002
21
High
Flash Player for Mac <=
10.3.183.14 / 11.1.102.62
Multiple Vulnerabilities
(APSB12-03)
56961
21
High
Adobe AIR Unsupported
Version Detection (Mac OS X)
56758
21
High
Thunderbird 7.x Multiple
Vulnerabilities (Mac OS X)
MacOS X Local Security Checks
Tenable Network Security
39
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
57044
19
High
Adobe Reader <= 10.1.1 /
9.4.6 U3D Memory Corruption
(APSA11-04) (Mac OS X)
35915
19
Medium
iTunes < 8.1 Malicious Podcast
Information Disclosure (Mac
OS X)
50680
18
Low
Mac OS X Server Service List
58072
17
High
Firefox 3.6.x < 3.6.27
png_decompress_chunk
Integer Overflow (Mac OS X)
58071
17
High
Thunderbird 10.x < 10.0.1
Memory Corruption (Mac OS
X)
56196
17
Low
Bitcoin Installed (Mac OS X)
56141
17
Medium
Mac OS X Fraudulent
DigiNotar Digital Certificates
(Security Update 2011-005)
50828
17
Low
28252
17
Medium
VMware Fusion Version
Detection (Mac OS X)
Mac OS X < 10.5.1 Multiple
Vulnerabilities
MacOS X Local Security Checks
Tenable Network Security
40
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Mandriva Local Security Checks
Top 25 Most Common Plugins
Total
Severity
57340
Plugin
28
High
MDVA-2011:094 : python
Plugin Name
36288
28
Low
MDVSA-2008:213 : dbus
25946
28
Low
MDKSA-2007:169 : gdm
57145
27
High
MDVSA-2011:185 : libcap
57831
26
High
MDVA-2012:006 : firefox
57428
26
High
MDVSA-2012:001 : fcgi
57412
26
High
MDVSA-2011:195 : krb5-appl
57407
25
High
MDVSA-2011:194 : icu
57320
25
High
MDVSA-2011:188 : libxml2
50848
25
Low
MDVSA-2010:245 : krb5
49738
25
Low
MDVSA-2010:191 : mailman
36248
25
Low
MDVSA-2008:077 : perl-Tk
57339
24
High
MDVA-2011:093-1 : psmisc
57927
22
High
MDVA-2012:019 : mozillathunderbird
57530
19
High
MDVSA-2012:004 : t1lib
48422
19
Low
MDVSA-2010:159 : gv
37945
18
Low
MDVSA-2008:135 : gnomescreensaver
36736
18
Low
MDVSA-2008:190 : postfix
57567
17
High
MDVSA-2012:005 : libxml2
37785
14
Low
MDVSA-2009:091-1 : mod_perl
36717
14
Low
MDVSA-2008:066 : gcc
29201
14
Low
MDKSA-2007:234 : vixie-cron
58082
13
High
MDVSA-2012:022 : libpng
57593
13
High
MDVSA-2012:008 : perl
36594
13
Low
MDVSA-2008:172 : amarok
Mandriva Local Security Checks
Tenable Network Security
41
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Misc.
Top 25 Most Common Plugins
Plugin
Total
Severity
Plugin Name
35716
588
Low
Ethernet Card Manufacturer
Detection
42263
465
Low
Unencrypted Telnet Server
57608
142
Medium
30218
113
Low
Terminal Services Encryption
Level is not FIPS-140
Compliant
57690
102
Medium
Terminal Services Encryption
Level is Medium or Low
43829
69
Low
Kerberos Information
Disclosure
56300
32
Low
KVM / QEMU Guest Detection
(credentialed check)
51092
29
Low
OpenVZ Guest Detection
45554
29
High
CUPS < 1.4.3 Multiple
Vulnerabilities
45543
29
High
RealNetworks Helix Server
11.x / 12.x / 13.x Multiple
Vulnerabilities
39436
29
Low
ClamAV Version Detection
46255
28
High
HP Mercury LoadRunner Agent
Remote Command Execution
39502
28
Low
Samba < 3.0.35 / 3.2.13 / 3.3.6
Multiple Vulnerabilities
55814
27
High
Adobe Flash Media Server
Unsupported Version Detection
53841
27
Low
Portable OpenSSH sshkeysign ssh-rand-helper Utility
File Descriptor Leak Local
Information Disclosure
46172
25
High
ClamAV Virus Database
(daily.cvd) Out Of Date
35708
25
Low
UPnP Internet Gateway Device
(IGD) External IP Address
Reachable
SMB Signing Disabled
56855
24
High
Apple Time Capsule and
AirPort Base Station (802.11n)
Firmware < 7.6 (APPLESA-2011-11-10-2)
42085
24
Low
IMAP Service STARTTLS
Command Support
47743
23
High
Ipswitch Imail Server < 11.02
Multiple Vulnerabilities
Misc.
Tenable Network Security
42
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
11197
23
Low
Multiple Ethernet Driver Frame
Padding Information Disclosure
(Etherleak)
48298
22
High
Adobe Flash Media Server
< 3.0.6 / 3.5.4 Multiple
Vulnerabilities (APSB10-19)
56877
21
Low
KVM / QEMU Guest Detection
(uncredentialed check)
44080
21
Low
OpenSSH X11UseLocalhost
X11 Forwarding Port Hijacking
51342
20
High
Apple Time Capsule and
AirPort Base Station
Firmware < 7.5.2 (APPLESA-2010-12-16-1)
Misc.
Tenable Network Security
43
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Netware
Top 25 Most Common Plugins
Plugin
Total
Severity
Plugin Name
12049
45
Medium
Novonyx Web Server Multiple
Sample Application Files
Present
12119
41
High
Novell NetWare 6.0 Tomcat
source.jsp Traversal Arbitrary
File Access
12048
37
Medium
Novell NetWare Web Server
sewse.nlm (viewcode.jse)
Traversal Arbitrary File Access
12122
36
Medium
Novell Groupwise Servlet
Manager Default Password
12104
35
Medium
Novell NetWare LDAP Server
Anonymous Bind
11614
33
Medium
Novell NetWare FTPServ
Malformed Input Remote DoS
44066
26
High
Novell NetWare 6.5 OpenSSH
Remote Stack Buffer Overflow
12050
24
Medium
44064
21
Low
Novell NetWare 6.5 Support
Pack 1.1 Admin/Install Local
Information Disclosure
11158
21
High
Novell NetWare Web Handler
Multiple Vulnerabilities
10988
20
Medium
Novell NetWare ncp Service
NDS Object Enumeration
11827
15
High
Novell NetWare Web Server
CGI2PERL.NLM PERL
Handler Remote Overflow
10826
13
Medium
Novell NetWare Management
Portal Unrestricted Access
Novell NetBasic Scripting
Server Encoded Traversal
Arbitrary File Access
Netware
Tenable Network Security
44
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
N/A
Top 25 Most Common Plugins
Plugin
Total
Severity
Plugin Name
1000178
15
High
1.3.1.2 Forbid IP source-route 'Ip source-route is disabled'
1000177
15
Low
1.3.1.1 Forbid Directed
Broadcast - 'Ip directedbroadcast is disabled'
1000176
15
High
1.2.4.1 Require Primary
NTP Server - 'NTP server is
configured correctly'
1000175
15
High
1.2.3.8 Require Binding
Logging Service to Loopback
Interface - 'Logging sourceinterface is configured
correctly'
1000174
15
Low
1.2.3.7 Require Service
Timestamps in Log Messages
- 'Service timestamps log is
configured correctly'
1000173
15
Low
1.2.3.6 Require Service
Timestamps for Debug
Messages - 'Service
timestamps debug is
configured correctly'
1000170
15
Low
1.2.3.5 Require Logging Trap
Severity Level
1000168
15
High
1.2.3.4 Require Logging to
Syslog Server - 'Syslog server
is configured correctly'
1000167
15
High
1.2.3.3 Require Logging to
Device Console - 'Logging to
console is configured correctly'
1000166
15
High
1.2.3.2 Require Logging Buffer
- 'Logging buffer is > 16000'
1000165
15
Low
1.2.3.1 Require System
Logging - 'System logging is
enabled'
1000164
15
High
1.2.2.14 Forbid PAD Service 'Pad service is disabled'
1000163
15
Low
1.2.2.13 Forbid TFTP Server
- 'TFTP server service is
disabled'
1000162
15
Low
1.2.2.12 Forbid udp-smallservers - 'Udp-small-servers
are disabled'
1000161
15
Low
1.2.2.11 Forbid tcp-smallservers - 'Tcp-small-servers
are disabled'
N/A
Tenable Network Security
45
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
1000160
15
High
1.2.2.10 Require TCP
keepalives-out Service - 'TCP
keepalives-out is enabled'
1000159
15
High
1.2.2.9 Require TCP
keepalives-in Service - 'TCP
keepalives-in is enabled'
1000158
15
High
1.2.2.8 Forbid Remote Startup
Configuration - 'Service config
is disabled'
1000157
15
Low
1.2.2.8 Forbid Remote Startup
Configuration - 'Boot network is
disabled'
1000156
15
High
1.2.2.7 Forbid HTTP (to include
ADSM) Services - 'Http secure
service is disabled'
1000155
15
High
1.2.2.7 Forbid HTTP (to include
ADSM) Services - 'Http service
is disabled'
1000154
15
Low
1.2.2.6 Forbid Identification
Service - 'Identd service is
disabled'
1000153
15
High
1.2.2.5 Forbid DHCP Server
Service - 'DHCP server service
is disabled'
1000152
15
High
1.2.2.4 Forbid IP BOOTP
server - 'BOOTP server is
disabled'
1000151
15
High
1.2.2.3 Forbid Finger Service 'Finger service is disabled'
N/A
Tenable Network Security
46
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Peer-To-Peer File Sharing
Top 25 Most Common Plugins
Total
Severity
Plugin Name
20217
Plugin
42
Low
iTunes Music Sharing Enabled
56873
29
Medium
iTunes < 10.5.1 Update
Authenticity Verification
Weakness (uncredentialed
check)
35914
29
Medium
iTunes < 8.1 Multiple
Vulnerabilities (uncredentialed
check)
52535
28
High
iTunes < 10.2 Multiple
Vulnerabilities (uncredentialed
check)
41061
28
High
iTunes < 9.0.1 PLS File Buffer
Overflow (uncredentialed
check)
14647
28
Medium
Xedus Webserver Multiple XSS
47763
26
High
iTunes < 9.2.1 'itpc:' Buffer
Overflow (uncredentialed
check)
26000
26
High
iTunes < 7.4 Malformed
Music File Heap Overflow
(uncredentialed check)
19386
25
Low
Ares Fileshare Detection
50971
24
Low
Vuze Detection
18012
24
Medium
31651
23
Low
21783
23
Medium
13751
22
Low
Direct Connect Hub Detection
45391
21
High
iTunes < 9.1 Multiple
Vulnerabilities (uncredentialed
check)
42833
21
High
eMule IRC Module / Web
Server DecodeBase16
Function Remote Overflow
11022
21
Low
eDonkey Detection
38986
20
High
iTunes < 8.2 itms: URI
Handling Overflow
(uncredentialed check)
50676
19
Low
BitTorrent / uTorrent Detection
20846
19
Low
BitTornado Detection
DC++ Download Drive
Arbitrary File Appending
Orb Detection
iTunes AAC File Parsing
Integer Overflow
(uncredentialed check)
Peer-To-Peer File Sharing
Tenable Network Security
47
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
11716
19
High
Gnutella Root Directory
Misconfiguration
49288
18
Low
SoMud Detection
14644
18
Low
Xedus Detection
11426
18
Low
Kazaa on Windows Detection
47038
17
High
iTunes < 9.2 Multiple
Vulnerabilities (uncredentialed
check)
Peer-To-Peer File Sharing
Tenable Network Security
48
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Policy Compliance
Top 25 Most Common Plugins
Plugin
Total
Severity
Plugin Name
56208
33
Medium
PCI DSS compliance :
Insecure Communication Has
Been Detected
57581
16
High
PCI DSS compliance :
Database Reachable from the
Internet
56209
8
Low
PCI DSS compliance : Remote
Access Software Has Been
Detected
Policy Compliance
Tenable Network Security
49
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Port scanners
Top 25 Most Common Plugins
Total
Severity
0
Plugin
9840
Low
Open Port
Plugin Name
10180
4100
Low
Ping the remote host
34220
198
Low
Netstat Portscanner (WMI)
14274
34
Low
Nessus SNMP Scanner
Port scanners
Tenable Network Security
50
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Red Hat Local Security Checks
Top 25 Most Common Plugins
Total
Severity
58062
Plugin
27
High
RHSA-2012-0308: busybox
Plugin Name
57761
27
High
RHSA-2012-0080: thunderbird
58057
26
High
RHSA-2012-0303: xorg-x11server-Xdmx
57928
25
High
RHSA-2012-0125: glibc
57820
25
High
RHSA-2012-0092: php53
43846
25
Low
RHSA-2009-1618: mod_jk
33892
25
Low
RHSA-2008-0815: yum-rhnplugin
58058
24
Low
RHSA-2012-0304: vixie-cron
35317
24
Low
RHSA-2009-0008: dbus
57885
23
High
RHSA-2012-0107: kernel
57992
22
High
RHSA-2012-0140: thunderbird
57956
22
High
RHSA-2012-0135: java
55585
22
Low
RHSA-2011-0930:
NetworkManager
57822
21
High
RHSA-2012-0095: ghostscript
27832
21
Low
RHSA-2007-0631: coolkey
58084
20
High
RHSA-2012-0322: java
57012
20
Low
RHSA-2011-1530: kernel
58068
19
High
RHSA-2012-0317: libpng
57408
17
High
RHSA-2011-1851: krb5-devel
57991
16
High
RHSA-2012-0139: java
57021
16
Low
RHSA-2011-1741: php-pear
27830
16
Low
RHSA-2007-0542: mcstrans
57994
15
High
RHSA-2012-0142: firefox
57821
15
High
RHSA-2012-0093: php
28241
15
Low
RHSA-2007-0779: mailman
Red Hat Local Security Checks
Tenable Network Security
51
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
RPC
Top 25 Most Common Plugins
Total
Severity
53335
Plugin
401
Low
RPC portmapper (TCP)
Plugin Name
10223
398
Low
RPC portmapper Service
Detection
11357
51
Medium
Multiple Vendor NFS CD
Command Arbitrary File/
Directory Access
54586
50
Medium
Multiple Vendor RPC
portmapper Access Restriction
Bypass
42256
37
Medium
NFS Shares World Readable
11353
37
Medium
NFS Predictable Filehandles
Filesystem Access
11058
34
Medium
RPC rusers Remote
Information Disclosure
53334
29
Low
Detect RPC over UDP
10226
27
Low
rquotad Service Detection
42255
26
Low
NFS Server Superfluous
12238
26
Medium
NIS passwd.byname Map
Disclosure
11800
26
High
Linux NFS utils package (nfsutils) mountd xlog Function Offby-one Remote Overflow
12237
25
Medium
RPC bootparamd NIS Domain
Name Disclosure
11021
25
High
IRIX rpc.yppasswdd
Unspecified Remote Overflow
10214
25
Low
RPC database Service
Detection
11899
24
Medium
RPC nibindd Service Detection
11356
23
Medium
NFS Exported Share
Information Disclosure
10437
23
Low
NFS Share Export List
10950
21
High
Solaris rpc.rwalld Remote
Format String Arbitrary Code
Execution
10208
21
Low
3270 Mapper Service
Detection
11358
17
High
NFS portmapper localhost
Mount Request Restricted Host
Access
11420
16
High
Sun RPC XDR
xdrmem_getbytes Function
Remote Overflow
RPC
Tenable Network Security
52
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
10227
13
Low
RPC rstatd Service Detection
10544
11
High
Linux Multiple statd Packages
Remote Format String
11418
9
High
Sun rpc.cmsd Remote
Overflow
RPC
Tenable Network Security
53
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
SCADA
Top 25 Most Common Plugins
Total
Severity
33169
Plugin
51
Low
CitectSCADA Detection
Plugin Name
53549
24
High
Ecava IntegraXor < 3.60.4050
Unspecified SQL Injection
55630
22
Low
Sielco Sistemi Winlog
Detection
Advantech / BroadWin
WebAccess Client
'bwocxrun.ocx ' Multiple
Remote Vulnerabilities
56993
21
Medium
49694
21
High
BACnet OPC Client < 1.0.25
Buffer Overflow
57599
20
Medium
MicroLogix 1100 PLC Default
Credentials
54291
20
Medium
7-Technologies IGSS <
9.0.0.11129 Multiple DoS
Vulnerabilities
52051
20
High
Moxa Device Manager Tool
MDM2_Gateway Response
Remote Overflow
57600
19
High
Modicon Quantum TFTP
Arbitrary File Upload
53223
19
Low
RealFlex Technologies
RealWin Detection
47759
19
High
Siemens SIMATIC
WinCC Default Password
Authentication Bypass
57601
18
Medium
55631
16
High
Sielco Sistemi Winlog Pro
< 2.07.01 TCP/IP Server
Runtime.exe Packet Handling
Remote Overflow
53548
16
Low
Ecava IntegraXor Detection
55026
15
High
Ecava IntegraXor Path
Subversion Arbitrary DLL
Injection Code Execution
57602
14
High
Sensitive information can be
obtained from the GE D20
Remote Terminal Unit via
TFTP
High
Advantech / BroadWin
WebAccess webvrpcs.exe
Service Remote Code
Execution (credentialed check)
56994
13
SEL Controller Default
Credentials
SCADA
Tenable Network Security
54
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
53572
13
Low
Automated Solutions Modbus/
TCP OPC Server Detection
52995
13
Medium
Movicon TcpUploadServer
Data Leakage (remote check)
Advantech / BroadWin
WebAccess webvrpcs.exe
Service Remote Code
Execution (uncredentialed
check)
56995
10
High
57598
8
Medium
GE D20 Default Credentials
55025
7
Medium
Ecava IntegraXor < 3.60.4080
XSS
52961
7
Low
52962
6
Medium
50303
6
Low
7-Technologies IGSS
Detection
IGSS Data Server Directory
Traversal Arbitrary File Access
Moxa Device Manager
Gateway Detection
SCADA
Tenable Network Security
55
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Service detection
Top 25 Most Common Plugins
Total
Severity
22964
Plugin
2532
Low
Service Detection
Plugin Name
11111
985
Low
RPC Services Enumeration
10884
741
Low
Network Time Protocol (NTP)
Server Detection
10267
495
Low
SSH Server Type and Version
Information
10281
455
Low
Telnet Server Detection
25221
183
Low
Remote listeners enumeration
22319
135
Low
MSRPC Service Detection
10092
109
Low
FTP Server Detection
20007
83
Medium
19772
82
Low
Skype Detection
21208
74
Low
Skype Stack Version Detection
10342
70
Low
VNC Software Detection
11154
68
Low
Unknown Service Detection:
Banner Retrieval
19288
67
Low
VNC Server Security Type
Detection
25240
61
Low
Samba Server Detection
57461
58
Low
Apple iOS Lockdown Detection
11153
52
Low
Service Detection (HELP
Request)
56981
49
Low
SAP Dynamic Information and
Action Gateway Detection
19557
45
Low
EMC Legato Networker
Detection
10666
44
Low
Apple Filing Protocol Server
Detection
56823
40
Low
OpenVAS Scanner Detection
56009
40
Low
Solstice Enterprise Agent
SNMP (snmpdx) detected
12218
40
Medium
53513
35
Low
Link-Local Multicast Name
Resolution (LLMNR) Detection
10263
33
Low
SMTP Server Detection
SSL Version 2 (v2) Protocol
Detection
mDNS Detection
Service detection
Tenable Network Security
56
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Settings
Top 25 Most Common Plugins
Total
Severity
19506
Plugin
2407
Low
Nessus Scan Information
Plugin Name
11933
191
Low
Do not scan printers
46215
103
Low
Inconsistent Hostname and IP
Address
21745
83
Low
Authentication Failure - Local
Checks Not Run
12634
63
Low
Authenticated Check: OS
Name and Installed Package
Enumeration
11840
56
Low
Exclude top-level domain
wildcard hosts
24786
48
Low
Nessus Windows Scan
Not Performed with Admin
Privileges
40472
47
Low
PCI DSS compliance : options
settings
11149
37
Low
HTTP login page
35703
29
Low
SMB Registry : Start the
Registry Service during the
scan
12241
29
Low
AppSocket & socketAPI
Printers - Do Not Scan
22482
28
Low
Do not scan Novell NetWare
44920
22
Low
Do not scan printers
(AppSocket)
Settings
Tenable Network Security
57
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Slackware Local Security
Checks
Top 25 Most Common Plugins
Total
Severity
55834
Plugin
29
Medium
Plugin Name
54898
28
High
SSA-2011-086-02 : mozillafirefox
54899
27
Medium
SSA-2011-086-03 : shadow
55423
26
High
SSA-2011-174-01 : mozillafirefox
54904
26
High
SSA-2011-122-01 : mozillafirefox
53476
26
Low
SSA-2011-108-01 : acl
55173
25
Medium
SSA-2011-171-01 : fetchmail
56142
24
Medium
SSA-2011-252-01 : httpd
54892
24
High
SSA-2010-317-01 : mozillathunderbird
18791
24
Low
SSA-2004-167-01 : kernel DoS
57893
23
High
SSA-2012-041-02 : php
55707
23
High
SSA-2011-195-02 : mozillafirefox
24661
23
Low
SSA-2006-335-03 : libpng
57895
22
High
SSA-2012-041-04 : proftpd
54905
22
High
SSA-2011-122-02 : mozillathunderbird
54894
22
High
SSA-2010-343-02 : mozillathunderbird
55703
20
High
SSA-2011-178-01 : pidgin
18769
20
Low
SSA-2004-110-01 : utempter
security update
55737
19
Medium
SSA-2011-210-03 : samba
24658
19
Low
SSA-2006-307-02 : screen
55735
18
Medium
SSA-2011-210-01 : libpng
54895
18
Medium
SSA-2010-350-01 : bind
18776
18
Low
SSA-2004-278-01 : getmail
57896
17
High
SSA-2012-041-05 : vsftpd
55704
16
Medium
SSA-2011-224-01 : bind
SSA-2011-189-01 : bind
Slackware Local Security Checks
Tenable Network Security
58
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
SMTP problems
Top 25 Most Common Plugins
Total
Severity
Plugin Name
54580
Plugin
40
Low
SMTP Authentication Methods
43637
29
Medium
Sendmail < 8.14.4 SSL
Certificate NULL Character
Spoofing
42088
29
Low
SMTP Service STARTTLS
Command Support
18433
29
Medium
GoodTech SMTP Server
Malformed RCPT TO
Command DoS
14712
27
Medium
MailEnable SMTP Connector
Service DNS MX Response
DoS
54582
26
Low
SMTP Service Cleartext Login
Permitted
45517
26
Medium
MS10-024: Vulnerabilities
in Microsoft Exchange and
Windows SMTP Service
Could Allow Denial of Service
(981832) (uncredentialed
check)
22483
26
High
MailEnable SMTP Connector
Multiple NTLM Authentication
Vulnerabilities
25991
25
High
Kerio MailServer < 6.4.1
Attachment Filter Unspecified
Vulnerability
12102
25
High
Courier < 0.45 Multiple Remote
Overflows
11421
25
Low
smtpscan SMTP Fingerprinting
53856
23
High
Exim < 4.76
dkim_exim_verify_finish()
DKIM-Signature Header
Format String
15828
23
High
Youngzsoft CMailServer
< 5.2.1 Multiple Remote
Vulnerabilities
11088
22
Low
Sendmail RestrictQueueRun
Option Debug Mode
Information Disclosure
30123
21
High
Citadel SMTP makeuserkey
Function RCPT TO Command
Remote Overflow
17633
21
High
Smail-3 < 3.2.0.121 Multiple
Vulnerabilities
SMTP problems
Tenable Network Security
59
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
11087
21
Low
28289
20
Medium
53534
19
High
IBM Lotus Domino
iCalendar Email Address
ORGANIZER:mailto Header
Remote Overflow
Sendmail < 8.12.1
RestrictQueueRun Option
Multiple Argument Local DoS
Ability Mail Server < 2.61
Multiple Remote DoS
29830
19
High
ClamAV clamav-milter blackhole-mode Sendmail Recipient
Field Arbitrary Command
Execution
51179
18
High
Exim string_format Function
Remote Overflow
45019
18
High
SpamAssassin Milter Plugin
'mlfi_envrcpt()' Remote
Arbitrary Command Injection
17724
18
Medium
Sendmail < 8.13.8 Header
Processing Overflow DoS
17594
18
High
NetWin SurgeMail Multiple
Remote Unspecified
Vulnerabilities
15823
18
High
MDaemon File Creation Local
Privilege Escalation
SMTP problems
Tenable Network Security
60
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
SNMP
Top 25 Most Common Plugins
Plugin
Total
Severity
Plugin Name
41028
69
High
SNMP Agent Default
Community Name (public)
10800
64
Low
SNMP Query System
Information Disclosure
35296
62
Low
SNMP Protocol Version
Detection
10551
55
Low
SNMP Request Network
Interfaces Enumeration
10546
51
Low
Microsoft Windows LAN
Manager SNMP LanMan Users
Disclosure
10266
51
Medium
27841
43
High
SNMP GETBULK Large maxrepetitions Remote DoS
34022
37
Low
SNMP Query Routing
Information Disclosure
43100
36
Low
SNMP Query WLAN SSID
(Cisco)
10550
35
Low
SNMP Query Running Process
List Disclosure
19763
34
Low
SNMP Query Installed
Software Disclosure
40448
32
Low
SNMP Supported Protocols
Detection
10969
32
Low
SNMP Request Cisco Router
Information Disclosure
11490
31
High
D-Link DSL Broadband Modem
SNMP Cleartext ISP Credential
Disclosure
10547
31
Low
Microsoft Windows LAN
Manager SNMP LanMan
Services Disclosure
10264
31
High
SNMP Agent Default
Community Names
34396
30
Low
ASG-Sentry SNMP Agent
Detection
25422
28
Low
SNMPc Management Server
Detection
11335
28
High
Solaris mibiisa MIB Parsing
Remote Overflow
51160
25
High
BMC SNMP Agent Default
Community Name (public)
SNMP Zero Length UDP
Packet Remote DoS
SNMP
Tenable Network Security
61
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
10548
23
Low
Microsoft Windows LAN
Manager SNMP LanMan
Shares Disclosure
10688
20
High
Cisco CatOS VACM readwrite Community String Device
Configuration Manipulation
45022
15
Low
SNMP Query Airport Version
10858
14
Medium
Multiple Vendor Malformed
SNMP Trap Handling DoS
10857
13
Medium
Multiple Vendor Malformed
SNMP Message-Handling DoS
SNMP
Tenable Network Security
62
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Solaris Local Security Checks
Top 25 Most Common Plugins
Total
Severity
Plugin Name
42184
Plugin
54
High
Solaris 10 (sparc) : 141502-02
42187
50
High
Solaris 10 (x86) : 141503-02
53275
47
High
Solaris 10 (sparc) : 145044-03
50041
47
High
Solaris 10 (sparc) : 143561-09
45596
47
High
Solaris 10 (sparc) : 144254-01
49079
46
High
Solaris 10 (sparc) : 143592-09
48937
45
High
Solaris 10 (sparc) : 145124-02
53278
44
High
Solaris 10 (x86) : 146803-03
48917
42
High
Solaris 10 (sparc) : 138880-02
53277
40
High
Solaris 10 (x86) : 145045-03
48939
40
High
Solaris 10 (x86) : 145125-02
49992
39
High
Solaris 10 (x86) : 144054-04
50042
37
High
Solaris 10 (x86) : 143562-09
56442
36
High
Solaris 8 (x86) : 121431-54
55063
35
High
Solaris 10 (sparc) : 140387-02
49135
35
High
Solaris 10 (sparc) : 143559-10
53822
33
High
Solaris 10 (x86) : 145802-06
38773
33
High
Solaris 10 (x86) : 140106-02
50538
30
High
Solaris 10 (x86) : 144489-17
50572
26
High
Solaris 10 (sparc) : 144488-17
51879
25
High
Solaris 10 (sparc) : 146018-03
55017
22
High
Solaris 10 (x86) : 147183-01
54992
22
High
Solaris 10 (sparc) : 147182-01
53276
21
High
Solaris 10 (sparc) : 146802-03
48918
21
High
Solaris 10 (x86) : 138881-02
Solaris Local Security Checks
Tenable Network Security
63
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
SuSE Local Security Checks
Top 25 Most Common Plugins
Plugin
Total
Severity
Plugin Name
53705
29
Low
SuSE 11.2 Security Update:
dbus-1-glib (2011-03-25)
51600
29
Low
SuSE Security Update: gdm
(2010-09-30)
57996
28
High
SuSE Security Update: flashplayer (2012-02-16)
52066
28
Low
SuSE Security Update: dbus-1
(2011-02-11)
57177
27
Low
SuSE Security Update:
Security update for dbus
(dbus-1-7482)
53763
27
Low
SuSE 11.2 Security Update:
libvirt (2011-04-07)
51741
27
Low
SuSE Security Update:
Security update for fuse
(fuse-6840)
58032
26
High
SuSE Security Update:
Security update for
NetworkManager
(NetworkManager-7957)
57842
26
High
SuSE Security Update:
Security update for curl
(curl-7937)
56701
26
Low
SuSE Security Update:
Security update for pam
(pam-7815)
53782
26
Low
SuSE 11.2 Security Update:
NetworkManager (2011-03-25)
57971
25
High
SuSE Security Update:
MozillaFirefox (2012-02-14)
57239
25
Low
SuSE Security Update:
Security update for pam
(pam-7814)
57972
24
High
SuSE Security Update:
NetworkManager-gnome
(2012-01-10)
55138
24
Low
SuSE Security Update:
libopenssl-devel (2011-06-06)
53587
22
Low
SuSE Security Update: dbus-1
(2011-04-18)
57872
21
High
SuSE Security Update:
Security update for sysconfig
(sysconfig-7892)
SuSE Local Security Checks
Tenable Network Security
64
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
51740
21
Low
SuSE Security Update:
Security update for fuse
(fuse-6838)
58117
19
High
SuSE Security Update:
Security update for wireshark
(wireshark-7943)
58114
19
High
SuSE Security Update: mozillaxulrunner192 (2012-02-20)
57854
18
High
SuSE Security Update: kernel
(2012-01-30)
55139
18
Low
SuSE Security Update:
Security update for OpenSSL
(openssl-7552)
57853
17
High
SuSE Security Update: kernel
(2012-01-29)
53725
17
Low
SuSE 11.2 Security Update:
gdm (2010-09-15)
58112
16
High
SuSE Security Update:
MozillaFirefox (2012-02-20)
SuSE Local Security Checks
Tenable Network Security
65
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Ubuntu Local Security Checks
Top 25 Most Common Plugins
Plugin
Total
Severity
Plugin Name
58131
29
High
USN-1374-1 : samba
vulnerability
58069
29
High
USN-1370-1 : libvorbis
vulnerability
57661
28
Low
USN-1337-1 : linux-ltsbackport-natty vulnerabilities
57888
26
High
USN-1358-1 : php5
vulnerabilities
52479
26
Low
USN-1077-1 : fuse
vulnerabilities
57998
24
High
USN-1367-1 : libpng
vulnerabilities
57845
24
High
USN-1355-2 : mozvoikko
update
51572
24
Low
USN-1044-1 : dbus
vulnerability
57665
23
Low
USN-1341-1 : linux
vulnerabilities
57496
23
Low
USN-1324-1 : linux-ec2
vulnerabilities
56581
23
Low
USN-1234-1 : acpid
vulnerability
57932
22
High
USN-1358-2 : php5 regression
57058
22
Low
USN-1294-1 : linux-ltsbackport-oneiric vulnerabilities
44335
22
Low
USN-892-1 : fuse vulnerability
57997
21
High
USN-1284-2 : update-manager
regression
58034
20
High
USN-1367-2 : firefox
vulnerability
57887
20
High
USN-1357-1 : openssl
vulnerabilities
57495
20
Low
USN-1323-1 : linux
vulnerabilities
57934
19
High
USN-1360-1 : firefox
vulnerability
57498
19
Low
USN-1326-1 : nova
vulnerability
45398
19
Low
USN-922-1 : libnss-db
vulnerability
57958
18
High
USN-1365-1 : Puppet
vulnerability
Ubuntu Local Security Checks
Tenable Network Security
66
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
57874
17
High
USN-1353-1 : xulrunner-1.9.2
vulnerabilities
57497
17
Low
USN-1325-1 : linux-ti-omap4
vulnerabilities
56854
17
Low
USN-1262-1 : lightdm
vulnerabilities
Ubuntu Local Security Checks
Tenable Network Security
67
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
VMware ESX Local Security
Checks
Top 25 Most Common Plugins
Plugin
51077
Total
55
Severity
Plugin Name
High
VMSA-2010-0019 : VMware
ESX third party updates for
Service Console
51971
48
High
VMSA-2011-0003 : Third
party component updates
for VMware vCenter Server,
vCenter Update Manager,
ESXi and ESX
51422
44
High
VMSA-2011-0001 : VMware
ESX third party updates for
Service Console packages
glibc, sudo, and openldap
50858
40
High
VMSA-2010-0017 : VMware
ESX third party update for
Service Console kernel
54968
39
High
VMSA-2011-0009 : VMware
hosted product updates, ESX
patches and VI Client update
resolve multiple security issues
56997
37
High
VMware ESX / ESXi
Unsupported Version Detection
50611
36
High
VMSA-2010-0016 : VMware
ESXi and ESX third party
updates for Service Console
and Likewise components
46765
34
High
VMSA-2010-0009 : ESXi ntp
and ESX Service Console third
party updates
56246
31
High
VMSA-2010-0007 : VMware
hosted products, vCenter
Server and ESX patches
resolve multiple security issues
55747
31
High
VMSA-2011-0010 : VMware
ESX third party updates for
Service Console packages
glibc and dhcp
57749
30
High
VMSA-2012-0001 : VMware
ESXi and ESX updates to third
party library and ESX Service
Console
52582
29
High
VMSA-2011-0004 : VMware
ESX/ESXi SLPD denial of
service vulnerability and ESX
VMware ESX Local Security Checks
Tenable Network Security
68
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
third party updates for Service
Console packages bind, pam,
and rpm.
52012
29
Medium
VMSA-2009-0017 : VMware
vCenter, ESX patch and
vCenter Lab Manager releases
address cross-site scripting
issues
40392
29
High
VMSA-2009-0007 : VMware
Hosted products and ESX and
ESXi patches resolve security
issues
40391
29
Medium
VMSA-2009-0006 : VMware
Hosted products and patches
for ESX and ESXi resolve a
critical security vulnerability
53840
28
Medium
VMSA-2011-0008 : VMware
vCenter Server and vSphere
Client security vulnerabilities
40393
28
High
VMSA-2009-0008 : ESX
Service Console update for
krb5
VMSA-2011-0007 : VMware
ESXi and ESX Denial of
Service and third party updates
for Likewise components and
ESX Service Console
53592
27
High
44642
27
Medium
44993
26
High
VMSA-2010-0004 : ESX
Service Console and vMA third
party updates
VMSA-2010-0003 : ESX
Service Console update for
net-snmp
42870
24
High
VMSA-2009-0016 : VMware
vCenter and ESX update
release and vMA patch
release address multiple
security issues in third party
components.
47150
23
High
VMSA-2010-0010 : ESX 3.5
third party update for Service
Console kernel
42289
23
Medium
VMSA-2009-0015 : VMware
hosted products and ESX
patches resolve two security
issues
40375
22
Medium
VMSA-2008-0004 : Low:
Updated e2fsprogs service
console package
45402
20
Medium
VMSA-2010-0006 : ESX
Service Console updates for
samba and acpid
VMware ESX Local Security Checks
Tenable Network Security
69
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Web Servers
Top 25 Most Common Plugins
Total
Severity
Plugin Name
10107
Plugin
525
Low
HTTP Server Type and Version
24260
522
Low
HyperText Transfer Protocol
(HTTP) Information
43111
208
Low
HTTP Methods Allowed (per
directory)
11213
106
Medium
10386
100
Low
Web Server No 404 Error Code
Check
57792
98
Medium
Apache HTTP Server httpOnly
Cookie Information Disclosure
55976
51
High
Apache HTTP Server Byte
Range DoS
11874
36
Low
Microsoft IIS 404 Response
Service Pack Signature
11424
33
Low
WebDAV Detection
50069
32
High
Apache 2.0 < 2.0.64 Multiple
Vulnerabilities
57323
29
Low
OpenSSL Version Detection
55930
29
Low
Oracle GlassFish HTTP Server
Version
47619
29
Low
Splunk Web Detection
57607
28
High
IBM WebSphere Application
Server 6.1 < 6.1.0.41 Multiple
Vulnerabilities
57080
28
High
Apache Tomcat 6.x < 6.0.35
Multiple Vulnerabilities
52615
28
High
IBM WebSphere Application
Server 7.0 < Fix Pack 15
Multiple Vulnerabilities
42057
28
Low
Web Server Allows Password
Auto-Completion
18261
28
Low
Apache Banner Linux
Distribution Disclosure
HTTP TRACE / TRACK
Methods Allowed
54607
26
High
Apache mod_fcgid Module
fcgid_header_bucket_read()
Function Remote Stack Buffer
Overflow
46801
25
High
OpenSSL < 0.9.8o / 1.0.0a
Multiple Vulnerabilities
57804
24
Low
Oracle GlassFish Server
3.1.1 < 3.1.1.2 Administration
Web Servers
Tenable Network Security
70
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
Component Unspecified
Vulnerability
48363
23
Low
IBM Tivoli Management
Framework Endpoint Web
Detection
47106
23
High
XEROX WorkCentre Multiple
Unspecified Vulnerabilities
(XRX10-003)
45423
23
High
IBM WebSphere Application
Server 6.1 < 6.1.0.13 Multiple
Vulnerabilities
34460
23
High
Obsolete Web Server
Detection
Web Servers
Tenable Network Security
71
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Windows
Top 25 Most Common Plugins
Plugin
Total
Severity
Plugin Name
34252
4276
Low
Microsoft Windows Remote
Listeners Enumeration (WMI)
10736
1355
Low
DCE Services Enumeration
11011
724
Low
Microsoft Windows SMB
Service Detection
10150
657
Low
Windows NetBIOS / SMB
Remote Host Information
Disclosure
10785
565
Low
Microsoft Windows SMB
NativeLanManager Remote
System Information Disclosure
10394
555
Low
Microsoft Windows SMB Log In
Possible
10395
452
Low
Microsoft Windows SMB
Shares Enumeration
10859
449
Low
Microsoft Windows SMB
LsaQueryInformationPolicy
Function SID Enumeration
44401
422
Low
Microsoft Windows SMB
Service Config Enumeration
10456
422
Low
Microsoft Windows SMB
Service Enumeration
10396
420
Low
Microsoft Windows SMB
Shares Access
10398
418
Low
Microsoft Windows SMB
LsaQueryInformationPolicy
Function NULL Session
Domain SID Enumeration
10400
256
Low
Microsoft Windows SMB
Registry Remotely Accessible
11457
254
Low
Microsoft Windows SMB
Registry : Winlogon Cached
Password Weakness
48942
253
Low
Microsoft Windows SMB
Registry : OS Version and
Processor Architecture
51351
247
Low
Microsoft .NET Framework
Detection
20811
247
Low
Microsoft Windows Installed
Software Enumeration
(credentialed check)
50859
238
Low
Microsoft Windows SMB :
WSUS Client Configured
Windows
Tenable Network Security
72
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
26920
225
Medium
Microsoft Windows SMB NULL
Session Authentication
10397
225
Low
Microsoft Windows SMB
LanMan Pipe Server Listing
Disclosure
48762
215
High
MS KB2269637: Insecure
Library Loading Could Allow
Remote Code Execution
26917
213
Low
Microsoft Windows SMB
Registry : Nessus Cannot
Access the Windows Registry
24269
213
Low
Windows Management
Instrumentation (WMI)
Available
38689
211
Low
Microsoft Windows SMB Last
Logged On User Disclosure
28211
211
Low
Flash Player Detection
Windows
Tenable Network Security
73
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Windows : Microsoft Bulletins
Top 25 Most Common Plugins
Plugin
Total
Severity
Plugin Name
57033
255
Low
Microsoft Patch Bulletin
Feasibility Check
38153
123
Low
Microsoft Windows Summary
of Missing Patches
57470
57
High
MS12-002: Vulnerability in
Windows Object Packager
Could Allow Remote Code
Execution (2603381)
57279
56
High
MS11-093: Vulnerability in OLE
Could Allow Remote Code
Execution (2624667)
57283
54
High
MS11-097: Vulnerability
in Windows Client/Server
Run-time Subsystem Could
Allow Elevation of Privilege
(2620712)
57278
54
High
MS11-092: Vulnerability in
Windows Media Could Allow
Remote Code Execution
(2648048)
High
MS11-091: Vulnerabilities
in Microsoft Publisher Could
Allow Remote Code Execution
(2607702)
MS12-004: Vulnerabilities in
Windows Media Could Allow
Remote Code Execution
(2636391)
57277
54
57472
48
High
57474
46
Medium
57285
45
High
MS11-099: Cumulative
Security Update for Internet
Explorer (2618444)
MS12-006: Vulnerability
in SSL/TLS Could Allow
Information Disclosure
(2643584)
57284
44
High
MS11-098: Vulnerability
in Windows Kernel Could
Allow Elevation of Privilege
(2633171)
57276
44
High
MS11-090: Cumulative
Security Update of ActiveX Kill
Bits (2618451)
High
MS11-089: Vulnerability in
Microsoft Office Could Allow
Remote Code Execution
(2590602)
57275
42
Windows : Microsoft Bulletins
Tenable Network Security
74
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
MS11-056: Vulnerabilities
in Windows Client/Server
Run-time Subsystem Could
Allow Elevation of Privilege
(2507938)
55572
42
Medium
57473
41
High
MS12-005: Vulnerability in
Microsoft Windows Could
Allow Remote Code Execution
(2584146)
MS11-100: Vulnerabilities
in .NET Framework Could
Allow Elevation of Privilege
(2638420)
57414
41
High
55117
39
Medium
MS11-037: Vulnerability
in MHTML Could Allow
Information Disclosure
(2544893)
53384
39
Medium
MS11-027: Cumulative
Security Update of ActiveX Kill
Bits (2508272)
55129
34
Medium
MS11-049: Vulnerability in the
Microsoft XML Editor Could
Allow Information Disclosure
(2543893)
High
MS11-078: Vulnerability
in .NET Framework and
Microsoft Silverlight Could
Allow Remote Code Execution
(2604930)
56452
57471
33
32
Medium
MS12-003: Vulnerability
in Windows Client/Server
Run-time Subsystem Could
Allow Elevation of Privilege
(2646524)
57273
32
High
MS11-087: Vulnerability in
Windows Kernel-Mode Drivers
Could Allow Remote Code
Execution (2639417)
56449
31
High
MS11-075: Vulnerability in
Microsoft Active Accessibility
Could Allow Remote Code
Execution (2623699)
46848
56174
31
30
Medium
High
MS10-041: Vulnerability in
Microsoft .NET Framework
Could Allow Tampering
(981343)
MS11-071: Vulnerability in
Windows Components Could
Allow Remote Code Execution
(2570947)
Windows : Microsoft Bulletins
Tenable Network Security
75
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Windows : User management
Top 25 Most Common Plugins
Plugin
Total
Severity
Plugin Name
10915
477
Low
Microsoft Windows - Local
Users Information : User has
never logged on
10860
477
Low
SMB Use Host SID to
Enumerate Local Users
17651
459
Low
Microsoft Windows SMB :
Obtains the Password Policy
10913
457
Low
Microsoft Windows - Local
Users Information : Disabled
accounts
10902
454
Low
Microsoft Windows
'Administrators' Group User
List
10399
441
Low
SMB Use Domain SID to
Enumerate Users
10916
440
Low
Microsoft Windows - Local
Users Information : Passwords
never expire
10899
439
Low
Microsoft Windows - Users
Information : User has never
logged in
10900
428
Low
Microsoft Windows - Users
Information : Passwords never
expires
10897
407
Low
Microsoft Windows - Users
Information : disabled accounts
10898
242
Low
Microsoft WIndows - Users
Information : Never changed
password
56211
73
Medium
10905
34
Low
Microsoft Windows 'Print
Operators' Group User List
10903
32
Low
Microsoft Windows 'Server
Operators' Group User List
10914
31
Low
Microsoft Windows - Local
Users Information : Never
changed passwords
SMB Use Host SID to
Enumerate Local Users
Without Credentials
10911
27
Low
Microsoft Windows Local Users Information :
Automatically disabled
accounts
10907
27
High
Microsoft Windows Guest
Account Belongs to a Group
Windows : User management
Tenable Network Security
76
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
10904
26
Low
Microsoft Windows 'Backup
Operators' Group User List
10895
22
Low
Microsoft Windows - Users
Information : automatically
disabled accounts
10901
13
Low
Microsoft Windows 'Account
Operators' Group User List
10912
12
Low
Microsoft Windows - Local
Users Information : Can't
change password
10908
10
Low
Microsoft Windows 'Domain
Administrators' Group User List
10896
7
Low
Microsoft Windows - Users
Information : Can't change
password
10906
6
Low
Microsoft Windows 'Replicator'
Group User List
Windows : User management
Tenable Network Security
77