SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
TENABLE NETWORK SECURITY
Nessus Plugin
Family
March 14, 2012 at 7:22pm CDT
Dave Breslin [dlbreslin]
Confidential: The following report contains confidential information. Do not distribute, email, fax,
or transfer via any electronic mechanism unless it has been approved by the recipient company's
security policy. All copies and backups of this document should be saved on protected storage at all
times. Do not share any of the information contained within this report with anyone unless they are
authorized to view the information. Violating any of the previous instructions is grounds for termination.
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Table of Contents
Plugin Family Summary
AIX Local Security Checks
Backdoors
.......................................................................................................
CGI abuses
5
..................................................................................................................................................
6
................................................................................................................................
.............................................................................................................................................................
..................................................................................................................................................
Debian Local Security Checks
10
12
14
...............................................................................................................
16
...............................................................................................................................
18
....................................................................................................................................................................
20
Denial of Service
Fedora Local Security Checks
Firewalls
.........................................................................................
22
.......................................................................................................................................................
23
FreeBSD Local Security Checks
FTP
8
.........................................................................................
Default Unix Accounts
DNS
4
...........................................................................................
CGI abuses : XSS
Databases
3
.....................................................................................................................................................
CentOS Local Security Checks
CISCO
1
...............................................................................................................
....................................................................................
25
.....................................................................................................................................................................
27
Gain a shell remotely
..................................................................................................................
29
Table of Contents
Tenable Network Security
i
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
General
31
..........................................................................................................................................................
Gentoo Local Security Checks
........................................................................................
33
HP-UX Local Security Checks
...........................................................................................
35
Junos Local Security Checks
............................................................................................
38
MacOS X Local Security Checks
...................................................................................
40
Mandriva Local Security Checks
...................................................................................
42
.................................................................................................................................................................
43
Misc.
Netware
Peer-To-Peer File Sharing
......................................................................................................
46
..........................................................................................................................
48
........................................................................................................................................
49
Policy Compliance
Port scanners
Red Hat Local Security Checks
RPC
45
.........................................................................................................................................................
......................................................................................
50
....................................................................................................................................................................
SCADA
...........................................................................................................................................................
Service detection
Settings
53
..............................................................................................................................
55
.........................................................................................................................................................
56
Slackware Local Security Checks
................................................................................
57
..................................................................................................................................
58
...............................................................................................................................................................
60
SMTP problems
SNMP
51
Table of Contents
Tenable Network Security
ii
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Solaris Local Security Checks
SuSE Local Security Checks
.........................................................................................
62
..............................................................................................
63
Ubuntu Local Security Checks
........................................................................................
VMware ESX Local Security Checks
.........................................................................
67
...........................................................................................................................................
69
......................................................................................................................................................
71
Web Servers
Windows
65
Windows : Microsoft Bulletins
..........................................................................................
73
Windows : User management
............................................................................................
75
Table of Contents
Tenable Network Security
iii
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin Family Summary
Plugin Family Severity Counts
Total
Info
Low
Med.
High
Crit.
Misc.
Family
956
327
94
0
0
535
VMware ESX Local Security
Checks
954
0
0
162
487
305
Fedora Local Security Checks
948
0
449
0
0
499
Gentoo Local Security Checks
927
0
432
0
0
495
Mandriva Local Security Checks
926
0
434
0
0
492
AIX Local Security Checks
920
0
0
0
920
0
Red Hat Local Security Checks
920
0
475
0
0
445
Gain a shell remotely
919
0
13
300
91
515
General
897
492
76
221
103
5
Firewalls
895
195
40
189
347
124
Solaris Local Security Checks
893
0
0
0
893
0
SMTP problems
885
50
105
299
0
431
CGI abuses
880
396
0
0
0
484
Web Servers
874
415
0
0
0
459
FTP
868
167
37
236
0
428
SuSE Local Security Checks
868
0
436
0
0
432
Denial of Service
861
0
39
349
464
9
CGI abuses : XSS
858
0
154
680
24
0
Windows : Microsoft Bulletins
851
46
78
349
0
378
DNS
846
146
58
299
226
117
Default Unix Accounts
846
0
0
0
366
480
Peer-To-Peer File Sharing
840
351
66
132
291
0
Service detection
828
383
223
113
42
67
Ubuntu Local Security Checks
825
0
423
0
0
402
Slackware Local Security Checks
824
0
145
291
0
388
CentOS Local Security Checks
813
0
352
0
0
461
Backdoors
807
32
0
80
199
496
Windows
807
408
0
0
0
399
CISCO
805
0
60
324
58
363
Databases
799
160
173
64
0
402
Debian Local Security Checks
784
0
431
0
0
353
FreeBSD Local Security Checks
779
0
381
0
0
398
HP-UX Local Security Checks
768
0
0
430
0
338
SNMP
740
362
73
69
159
77
MacOS X Local Security Checks
724
196
30
131
0
367
Windows : User management
694
634
0
29
31
0
Plugin Family Summary
Tenable Network Security
1
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Family
Total
Info
Low
Med.
High
Crit.
RPC
597
186
13
Junos Local Security Checks
520
21
70
269
77
52
269
115
SCADA
431
105
45
0
96
149
81
Netware
361
Settings
310
0
43
191
127
0
237
73
0
0
0
Policy Compliance
101
Port scanners
45
35
0
33
33
0
10
35
0
0
0
Plugin Family Summary
Tenable Network Security
2
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
AIX Local Security Checks
Top 25 Most Common Plugin Results
Total
Severity
55384
Plugin
52
High
AIX 530011 : U843402
Plugin Name
55372
50
High
AIX 530011 : U840873
55368
42
High
AIX 530011 : U840869
55359
41
High
AIX 530011 : U840860
55379
39
High
AIX 530011 : U843397
55360
39
High
AIX 530011 : U840861
55356
39
High
AIX 530011 : U840857
55363
38
High
AIX 530011 : U840864
55355
38
High
AIX 530011 : U840856
55376
37
High
AIX 530011 : U840877
55375
37
High
AIX 530011 : U840876
55370
37
High
AIX 530011 : U840871
55366
37
High
AIX 530011 : U840867
55361
37
High
AIX 530011 : U840862
55371
34
High
AIX 530011 : U840872
55382
33
High
AIX 530011 : U843400
55365
33
High
AIX 530011 : U840866
55357
33
High
AIX 530011 : U840858
55367
29
High
AIX 530011 : U840868
55358
28
High
AIX 530011 : U840859
55377
25
High
AIX 530011 : U840878
55373
25
High
AIX 530011 : U840874
55378
23
High
AIX 530011 : U840879
55369
20
High
AIX 530011 : U840870
55374
18
High
AIX 530011 : U840875
AIX Local Security Checks
Tenable Network Security
3
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Backdoors
Top 25 Most Common Plugin Results
Total
Severity
45005
Plugin
39
Critical
Arugizer Backdoor Detection
Plugin Name
45085
38
Critical
Zeus/Zbot Banking Trojan/Data
Theft (credentialed check)
46882
31
Critical
Unreal IRC Daemon Backdoor
Detection
45006
28
Critical
Energizer DUO USB Battery
Charger Software Backdoor
(credentialed check)
33951
28
Critical
Generic Backdoor Detection
(banner check)
18391
28
Medium
SMTP Server Non-standard
Port Detection
12128
28
Critical
Agobot.FO Backdoor Detection
10389
28
High
Cart32 Backdoor Password
Arbitrary Command Execution
36036
27
Critical
Conficker Worm Detection
(uncredentialed check)
18367
27
Critical
Kibuv Worm Detection
11118
25
High
alya.cgi CGI Backdoor
Detection
51988
23
Critical
Rogue Shell Backdoor
Detection
12012
23
Medium
CYDOOR Software Detection
10152
23
High
NetBus 2.x Software Detection
12252
22
Critical
11854
22
High
11187
21
Critical
4553 Parasite Mothership
Backdoor Detection
15586
20
Critical
MoonLit Virus Backdoor
Detection
11707
20
Critical
Bugbear.B Web Backdoor
Detection
11157
20
Medium
Trojan Horse Detection
12004
18
High
15405
17
Critical
11123
16
Info
Radmin (Remote
Administrator) Port 4899
Detection
12063
15
High
Bagle.B Worm Detection
49270
14
Critical
Stuxnet Worm Detection
Korgo Worm Detection
FsSniffer Backdoor Detection
VCATCH Spyware Detection
Unmanarc Remote Control
Server (URCS) Detection
Backdoors
Tenable Network Security
4
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
CentOS Local Security Checks
Top 25 Most Common Plugin Results
Total
Severity
43690
Plugin
29
Critical
CentOS : RHSA-2008-0504
Plugin Name
21966
29
Low
CentOS : RHSA-2005-805
43739
28
Critical
CentOS : RHSA-2009-0408
25501
28
Low
CentOS : RHSA-2007-0473
25255
28
Low
CentOS : RHSA-2007-0353
43832
27
Critical
CentOS : RHSA-2010-0019
43736
27
Critical
CentOS : RHSA-2009-0377
43725
27
Critical
CentOS : RHSA-2009-0011
43866
25
Critical
CentOS : RHSA-2010-0029
43771
25
Critical
CentOS : RHSA-2009-1176
43722
25
Critical
CentOS : RHSA-2009-0002
25497
25
Low
CentOS : RHSA-2007-0431
25499
22
Low
CentOS : RHSA-2007-0465
43752
21
Critical
CentOS : RHSA-2009-1061
43730
21
Critical
CentOS : RHSA-2009-0331
43689
20
Critical
CentOS : RHSA-2008-0492
43740
19
Critical
CentOS : RHSA-2009-0409
25496
19
Low
CentOS : RHSA-2007-0430
21968
19
Low
CentOS : RHSA-2005-825
43694
18
Critical
CentOS : RHSA-2008-0561
44649
17
Critical
CentOS : RHSA-2010-0113
43776
17
Critical
CentOS : RHSA-2009-1204
43688
17
Critical
CentOS : RHSA-2008-0489
43817
16
Low
CentOS : RHSA-2010-0018
43774
16
Critical
CentOS : RHSA-2009-1201
CentOS Local Security Checks
Tenable Network Security
5
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
CGI abuses
Top 25 Most Common Plugin Results
Plugin
Total
Severity
Plugin Name
55512
29
Info
Adobe ColdFusion Remote
Development Services
55509
29
Info
RSA Self-Service Console
Detection
50510
29
Critical
FreeNAS exec_raw.php
Arbitrary Command Execution
45138
29
Critical
Remote Help Default
Credentials
55978
28
Info
Sitecore CMS Detection
53621
28
Info
SiteScope Detection
44109
28
Critical
HP Power Manager < 4.2.10
57977
27
Info
Oracle WebCenter Content
Detection
54969
27
Info
Apache Archiva Detection
51645
27
Critical
HP OpenView Network
Node Manager Remote
Execution of Arbitrary Code
(HPSBMA02621 SSRT100352)
40354
27
Critical
OpenWrt Router with a Blank
Password (telnet check)
55627
26
Info
40552
24
Critical
Spiceworks HTTP Response
Accept Header Handling
Overflow DoS
57918
23
Critical
EMC Celerra Control Station
Default Credentials
Symantec Web Gateway
Detection
57825
23
Critical
PHP 5.3.9
'php_register_variable_ex()'
Code Execution (banner
check)
58039
22
Critical
PHP 5.3.9
'php_register_variable_ex()'
Code Execution (intrusive
check)
55800
22
Info
Microsoft Remote Desktop
Web Access Detection
57850
21
Critical
Apache Struts
ParameterInterceptor Class
OGNL Expression Parsing
Remote Command Execution
41946
21
Critical
Adobe RoboHelp Server
Security Bypass (APSA09-05)
CGI abuses
Tenable Network Security
6
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
39790
21
Critical
57699
19
Info
57576
19
Critical
op5 Portal Arbitrary Command
Execution
47581
19
Critical
Novell 'modulemanager'
Servlet Arbitrary File Upload
(intrusive check)
56648
18
Info
SonicWALL ViewPoint Server
Detection
55444
18
Info
ManageEngine ServiceDesk
Plus Detection
Adobe ColdFusion FCKeditor
'CurrentFolder' File Upload
HP Managed Printing
Administration Detection
CGI abuses
Tenable Network Security
7
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
CGI abuses : XSS
Top 25 Most Common Plugin Results
Plugin
Total
Severity
Plugin Name
54603
54
Medium
Adobe RoboHelp FlashHelp
Unspecified XSS (APSB11-09)
(uncredentialed check)
58087
47
Medium
phpMyAdmin 3.4.x <
3.4.10.1 Cross-Site Scripting
(PMASA-2012-1)
57979
46
Medium
Oracle WebCenter Content
Help Component Cross-Site
Scripting
55993
40
Medium
phpMyAdmin 3.3.x / 3.4.x <
3.3.10.4 / 3.4.4 Cross-site
Scripting (PMASA-2011-13
53576
39
Medium
Atlassian Confluence 2.x >=
2.7 / 3.x < 3.4.9 Multiple CrossSite Scripting Vulnerabilities
55775
37
Medium
jCart 1.1 my-item-name POST
Parameter XSS
57337
35
Medium
phpMyAdmin 3.4.x <
3.4.8 Cross-Site Scripting
(PMASA-2011-18)
55904
35
Medium
CGI Generic Script Injection
(quick test)
54604
33
Medium
MDaemon WorldClient <
12.0.3 Summary Page Email
Subject XSS
55975
29
Medium
Apache Hadoop Jetty XSS
52483
29
Medium
CGI Generic Cross-Site
Scripting (persistent, 3rd Pass)
57371
28
Medium
ManageEngine ServiceDesk
Plus 8.0.0 < Build 8015
Multiple Cross-Site Scripting
Vulnerabilities
55903
28
Medium
CGI Generic Cross-Site
Scripting (extended patterns)
57617
27
Medium
Cacti < 0.8.7g Multiple CrossSite Scripting and HTML
Injection Vulnerabilities
51998
26
Medium
MediaWiki CSS Comments
XSS
18083
26
Low
Coppermine Photo Gallery
init.inc.php X-Forwarded-For
XSS
14228
24
High
SquirrelMail < 1.4.3 Multiple
Vulnerabilities
CGI abuses : XSS
Tenable Network Security
8
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
51529
22
Medium
CGI Generic Cross-Site
Scripting (persistent, 2nd pass)
34336
22
Low
MailMarshal Spam Quarantine
Management (SQM) Multiple
Component XSS
51438
19
Medium
Pligg register.php
reg_username Parameter XSS
51090
18
Medium
MODx login.php 'username'
Parameter XSS
19514
18
Low
phpGraphy EXIF Data XSS
56379
14
Medium
phpMyAdmin 3.4.x <
3.4.5 Cross-site Scripting
(PMASA-2011-14)
57372
13
Medium
phpMyAdmin 3.4.x <
3.4.9 Cross-Site Scripting
(PMASA-2011-19 and
PMASA-2011-20)
54579
13
Low
Mailman < 2.1.14 Multiple XSS
CGI abuses : XSS
Tenable Network Security
9
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
CISCO
Top 25 Most Common Plugin Results
Plugin
Total
Severity
Plugin Name
56321
29
High
Cisco IOS Software IPS
and Zone-Based Firewall
Vulnerabilities - Cisco Systems
49016
29
Critical
SNMP Version 3
Authentication Vulnerabilities Cisco Systems
48965
27
Critical
NTP Vulnerability - Cisco
Systems
10999
27
Critical
Linksys Router Default
Password
48977
26
Medium
Cisco Telnet Denial of Service
Vulnerability - Cisco Systems
48976
26
Medium
Cisco IOS Malformed OSPF
Packet Causes Reload - Cisco
Systems
10545
26
Critical
Cisco Catalyst Web Interface
Remote Command Execution
56319
25
High
Cisco IOS Software Session
Initiation Protocol Denial of
Service Vulnerabilities - Cisco
Systems
48961
25
Medium
Cisco IOS ARP Table
Overwrite Vulnerability - Cisco
Systems
48973
24
Medium
Cisco 6000/6500/7600 Crafted
Layer 2 Frame Vulnerability Cisco Systems
10045
24
Critical
Cisco 675 Router Default
Unpassworded Account
48996
23
Critical
Crafted IP Option Vulnerability
48995
23
Critical
Combined IOS Table for
January 24, 2007 Security
Advisories
11689
23
Low
Cisco IDS Device Manager
Detection
48982
22
Medium
Crafted Packet Causes Reload
on Cisco Routers
49004
21
Medium
Vulnerability In Crypto Library Cisco Systems
56320
20
Critical
Cisco IOS Software Smart
Install Remote Code Execution
Vulnerability - Cisco Systems
CISCO
Tenable Network Security
10
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
48974
19
Medium
Vulnerabilities in SNMP
Message Processing - Cisco
Systems
49646
18
Critical
Linksys Router Debug
Credentials (Gemtek /
gemtekswd)
49017
18
Medium
Multiple Cisco Products
Vulnerable to DNS Cache
Poisoning Attacks
11383
18
Critical
Cisco SSH2 Server/
Client Malformed Packet
Remote DoS (CSCdz60229,
CSCdy87221, CSCdu75477)
10754
17
Critical
Cisco Multiple Devices
Unpassworded Account
48968
16
Critical
SSH Malformed Packet
Vulnerabilities - Cisco Systems
48964
16
Medium
Data Leak with Cisco Express
Forwarding Enabled - Cisco
Systems
48960
16
Medium
ICMP Unreachable
Vulnerability in Cisco 12000
Series Internet Router - Cisco
Systems
CISCO
Tenable Network Security
11
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Databases
Top 25 Most Common Plugin Results
Plugin
Total
Severity
Plugin Name
56063
29
Medium
Oracle Database, January
2009 Critical Patch Update
12047
29
Critical
Oracle Database 9i Multiple
Functions Local Overflow
30153
28
Critical
DB2 < 8.1 FixPak 16 Multiple
Vulnerabilities
55690
26
Critical
DB2 Unsupported Version
Detection
33852
26
Critical
Default Password (db2admin)
for 'db2admin' Account on
Windows
51840
25
Critical
DB2 9.1 < Fix Pack 10 Multiple
Vulnerabilities
11081
25
Critical
Oracle Application Server
Web Cache HTTP Request
Overflow
55786
23
Critical
Oracle Database Unsupported
53811
23
Info
IBM solidDB Detection (local
check)
32137
23
Low
MySQL 4.1 < 4.1.24 MyISAM
Create Table Privilege Check
Bypass
46328
22
Low
MySQL Community Server 5.1
< 5.1.46 Multiple Vulnerabilities
15417
22
Low
PostgreSQL
make_oidjoins_check Arbitrary
File Overwrite
47158
21
Low
MySQL Community Server <
5.1.48 Denial of Service
31680
20
Info
solidDB Detection
56056
19
Critical
32138
19
Low
25492
19
Critical
22416
19
Info
DB2 Connection Port Detection
10658
19
Info
Oracle Database tnslsnr
Service Remote Version
Disclosure
56062
18
Medium
Oracle Database, April 2007
Critical Patch Update
MySQL Enterprise Server 5.0
< 5.0.60 MyISAM CREATE
TABLE Privilege Check Bypass
Firebird DataBase Server
fbserver.exe p_cnct_count
Value Remote Overflow
Oracle Database, October
2008 Critical Patch Update
Databases
Tenable Network Security
12
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
22017
17
Info
12246
17
Critical
10719
17
Info
15486
16
Critical
17830
15
Low
Plugin Name
DB2 Discovery Service
Detection
Firebird DB Remote Database
Name Overflow
MySQL Server Detection
DB2 < 8 Fix Pack 7a Multiple
Vulnerabilities
MySQL 5.0.18 Information
Leak
Databases
Tenable Network Security
13
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Debian Local Security Checks
Top 25 Most Common Plugin Results
Plugin
Total
Severity
Plugin Name
57879
29
Critical
Debian DSA-2406-1 : icedove several vulnerabilities
53862
29
Critical
Debian DSA-2235-1 : icedove several vulnerabilities
44853
29
Low
56340
28
Critical
56179
25
Low
55524
24
Critical
Debian DSA-2273-1 : icedove several vulnerabilities
53505
24
Low
Debian DSA-2222-1 : tinyproxy
- incorrect ACL processing
47705
24
Low
Debian DSA-2069-1 : znc denial of service
57513
23
Critical
50865
23
Low
Debian DSA-2129-1 : krb5
- checksum verification
weakness
34478
23
Low
Debian DSA-1658-1 : dbus programming error
57502
22
Low
Debian DSA-2362-1 : acpid several vulnerabilities
57516
20
Low
Debian DSA-2376-2 : ipmitool insecure PID file
51665
20
Low
Debian DSA-2150-1 : requesttracker3.6 - unsalted password
hashing
31589
19
Low
Debian DSA-1518-1 : backupmanager - programming error
56307
18
Critical
Debian DSA-2311-1 :
openjdk-6 - several
vulnerabilities
55942
18
Critical
Debian DSA-2297-1 : icedove several vulnerabilities
44810
18
Low
Debian DSA-1945-1 : gforge symlink attack
58012
17
Critical
Debian DSA-2412-1 : libvorbis
- buffer overflow
Debian DSA-1989-1 : fuse denial of service
Debian DSA-2313-1 :
iceweasel - several
vulnerabilities
Debian DSA-2309-1 : openssl
- compromised certificate
authority
Debian DSA-2373-1 : inetutils buffer overflow
Debian Local Security Checks
Tenable Network Security
14
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
44702
17
Low
Debian DSA-1837-1 : dbus programming error
26975
17
Low
Debian DSA-1382-1 : quagga null pointer dereference
52620
16
Critical
Debian DSA-2188-1 : webkit several vulnerabilities
51558
16
Low
Debian DSA-2147-1 : pimd insecure temporary files
31588
16
Low
Debian DSA-1517-1 :
ldapscripts - programming error
25638
16
Low
Debian DSA-1326-1 : fireflierserver - insecure temporary
files
Debian Local Security Checks
Tenable Network Security
15
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Default Unix Accounts
Top 25 Most Common Plugin Results
Plugin
Total
Severity
Plugin Name
Default Password (sq!us3r) for
'dbadmin' Account
42147
29
Critical
34084
29
High
Default Password (trans) for
'trans' Account
17291
29
Critical
Default Password (debug) for
'super' Account
34082
28
High
Default Password (bank) for
'bank' Account
50322
27
Critical
Default Password (artica) for
'root' Account
11257
27
High
Default Password (manager)
for 'system' Account
11250
27
High
Unpassworded 'backdoor'
Account
57916
26
Critical
Default Password (nasadmin)
for 'root' Account
48274
25
Critical
Default Password (0p3nm35h)
for 'root' Account
35621
25
Critical
Default Password (password)
for 'admin' Account on
Broadcom BCM96338 ADSL
Router
34081
25
Critical
Default Password (admin) for
'admin' Account
11259
25
High
Unpassworded 'StoogR'
Account
11265
24
High
Default Password (satori) for
'rewt' Account
50601
23
Critical
Default Password (m) for 'root'
Account
46240
23
Critical
Default Password (alien) for
'root' Account
42211
23
Critical
Default Password (infoblox) for
'admin' Account
24275
23
High
Default Password (informix) for
'informix' Account
17294
23
Critical
Default Password (forgot) for
'user' Account
42367
22
Critical
Default Password (alpine) for
'root' Account
40355
22
Critical
Default Password (admin) for
'root' Account
Default Unix Accounts
Tenable Network Security
16
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
17292
21
Critical
Default Password (forgot) for
'super' Account
18527
20
High
Unpassworded 'mpi' Account
34323
18
Critical
Default Password (rootme) for
'root' Account
11254
18
High
Unpassworded 'friday' Account
24745
16
Critical
Default Password (password)
for 'root' Account
Default Unix Accounts
Tenable Network Security
17
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Denial of Service
Top 25 Most Common Plugin Results
Plugin
Total
Severity
Plugin Name
29980
29
High
Solaris 10 ICMP Packet
Handling DoS
21333
29
High
Linux SCTP Functionality
Multiple Remote DoS
18058
29
High
Kerio MailServer Webmail
Malformed E-Mail Handling
Resource Exhaustion DoS
17296
29
High
Network Service Malformed
Data Remote DoS
10461
29
High
RealServer Malformed
viewsource Directory Request
DoS
42412
27
Medium
Novell eDirectory < 8.8.5
ftf1/8.7.3.10 ftf2 NULL Base
DN DoS
20983
27
High
BlackBerry Enterprise Server
Crafted SRP Packet Remote
DoS
11903
27
High
TCP/IP Ping of Death Remote
DoS (jolt)
31863
26
High
Novell eDirectory Host
Environment Service
(dhost.exe) HTTP Connection
Header DoS
11813
25
High
Linux 2.4 NFSv3 knfsd
Malformed GETATTR Request
Remote DoS
21120
24
Medium
Jabber Studio jabberd SASL
Negotiation Remote DoS
19548
24
Medium
BNBT EasyTracker Malformed
GET Request Remote DoS
23625
23
Medium
OpenLDAP SASL authcid
Name BIND Request DoS
31862
22
Low
20903
22
Medium
IBM Tivoli Directory Server
LDAP Packet Handling DoS
19606
22
Medium
Zebedee Malformed Protocol
Option Header Port 0 Remote
DoS
21023
21
Medium
Dropbear SSH Authorizationpending Connection Saturation
DoS
Veritas Storage Foundation
Multiple Service Remote DoS
(SYM08-004)
Denial of Service
Tenable Network Security
18
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
17655
21
High
22159
20
Medium
ISC DHCP Server
supersede_lease() Function
DHCPDISCOVER Packet
Remote DoS
11475
20
High
3com RAS 1500 / Wyse
Winterm Malformed Packet
Remote DoS
56922
19
Medium
Asterisk SIP Channel Driver
Uninitialized Variable Request
Parsing DoS (AST-2011-012)
33810
19
Medium
MailEnable IMAP Connection
Saturation Remote DoS
(ME-10042)
31855
18
High
Openfire < 3.5.0
ConnectionManagerImpl.java
Queue Handling Remote DoS
11926
18
High
NIPrint LPD-LPR Print Server
String Handling Remote
Overflow
10635
18
High
Marconi ASX-1000 Switches
Multiple Interface Malformed
Packet DoS
ipsec-tools KAME racoon
Daemon ISAKMP Header
Parsing Remote DoS
Denial of Service
Tenable Network Security
19
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
DNS
Top 25 Most Common Plugin Results
Plugin
Total
Severity
Plugin Name
57574
54
Medium
Unbound < 1.4.14 / 1.4.13p2
DoS Vulnerabilities
53842
52
Medium
ISC BIND Response Policy
Zones RRSIG Query Assertion
Failure DoS
55049
35
Medium
Unbound < 1.4.10 daemon/
worker.c DNS Request Error
Handling Remote DoS
11318
29
Critical
ISC BIND < 9.2.2 DNS
Resolver Functions Remote
Overflow
10028
29
Info
DNS Server BIND version
Directive Remote Version
Disclosure
34044
28
High
PowerDNS Recursor DNS
Predictable Transaction ID
(TRXID) Cache Poisoning
17631
26
High
dnsmasq < 2.21.0 Multiple
Remote Vulnerabilities
50976
25
Medium
ISC BIND 9 9.4-ESV < 9.4ESV-R4, 9.6.2 < 9.6.2-P3,
9.6-ESV < 9.6-ESV-R3,
9.7.x < 9.7.2-P3 Multiple
Vulnerabilities
49777
25
Medium
ISC BIND 9 9.7.2 < 9.7.2-P2
Multiple Vulnerabilities
34043
25
Info
PowerDNS version-string
Directive Remote Version
Disclosure
11951
25
Low
DNS Server Fingerprinting
54923
23
High
ISC BIND 9 Large RRSIG
RRsets Negative Caching
Remote DoS
40875
23
Critical
11932
23
High
ISC BIND < 8.3.7 / 8.4.3
Negative Record Cache
Poisoning
25121
22
High
ISC BIND < 9.4.1 / 9.5.0a4
query.c query_addsoa
Function Recursive Query DoS
10886
22
High
ISC BIND < 8.3.4 Multiple
Remote Vulnerabilities
dnsmasq < 2.50 Multiple
Remote TFTP Vulnerabilities
DNS
Tenable Network Security
20
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
44116
21
Medium
33447
21
High
34111
20
Medium
10728
19
Info
11510
18
Critical
ISC BIND < 4.9.5 DNS
Resolver Functions Remote
Overflow
42983
17
Low
ISC BIND 9 DNSSEC Cache
Poisoning
38735
17
Medium
11002
17
Info
DNS Server Detection
38849
16
Low
NSD version Directive Remote
Version Disclosure
ISC BIND 9 DNSSEC NSEC/
NSEC3 Bogus NXDOMAIN
Responses
Multiple Vendor DNS Query
ID Field Prediction Cache
Poisoning
dnsmasq < 2.45 Multiple
Remote DoS
ISC BIND 9.x AUTHORS Map
Remote Version Disclosure
ISC BIND 9 EVP_VerifyFinal() /
DSA_do_verify() SSL/TLS
Signature Validation Weakness
DNS
Tenable Network Security
21
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Fedora Local Security Checks
Top 25 Most Common Plugin Results
Total
Severity
57989
Plugin
29
Critical
Fedora 16 2012-1652
Plugin Name
55909
29
Low
Fedora 14 2011-10413
56851
28
Critical
Fedora 14 2011-14650
55777
28
Critical
Fedora 15 2011-9774
56924
26
Low
Fedora 14 2011-15831
56354
26
Low
Fedora 16 2011-12399
55155
26
Critical
Fedora 13 2011-8020
57367
25
Low
Fedora 16 2011-16856
56721
25
Critical
Fedora 14 2011-15241
56225
25
Low
Fedora 15 2011-12403
55867
25
Low
Fedora 15 2011-10341
55783
25
Critical
Fedora 14 2011-9898
56852
24
Critical
Fedora 15 2011-14673
55156
24
Critical
Fedora 15 2011-8028
56673
23
Critical
Fedora 14 2011-14747
56398
23
Low
Fedora 15 2011-13809
55945
23
Low
Fedora 16 2011-10399
57439
22
Low
Fedora 15 2011-17341
55752
22
Critical
Fedora 14 2011-9555
55751
22
Critical
Fedora 14 2011-9523
58159
21
Critical
Fedora 17 2012-2238
57754
21
Critical
Fedora 15 2011-16284
56800
21
Critical
Fedora 16 2011-15555
57967
20
Critical
Fedora 16 2012-1690
56926
20
Low
Fedora 15 2011-15846
Fedora Local Security Checks
Tenable Network Security
22
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Firewalls
Top 25 Most Common Plugin Results
Plugin
Total
Severity
Plugin Name
57287
37
Medium
Squid 3.1.x < 3.1.16 / 3.2.x <
3.2.0.13 DNS Replies CName
Record Parsing Remote DoS
31094
29
High
3Proxy HTTP Proxy Crafted
Transparent Request Remote
Overflow
20388
29
High
Juniper NetScreen Security
Manager (NSM) guiSrv/devSrv
Crafted String Remote DoS
16363
29
Info
BlueCoat ProxySG Console
Management Detection
14640
29
High
Cerbere HTTP Proxy Server
Host: Header Remote DoS
12084
29
High
Check Point FireWall-1 4.x
Multiple Vulnerabilities (OF,
FS)
10675
29
Info
Check Point FireWall-1 Telnet
Client Authentication Detection
17599
28
Critical
17155
27
High
SOCKS4 Server Recursive
Connection Remote DoS
20393
26
High
WinProxy < 6.1a Multiple
Vulnerabilities (credentialed
check)
57641
25
Critical
Unsupported IPSO Firewall
40420
24
Medium
Squid 3.0.STABLE16 / 3.10.11
11834
24
Info
Source Routed Packet
Weakness
11518
24
Info
Check Point FireWall-1 Open
Web Administration
10074
24
High
Check Point FireWall-1 UDP
Port 0 DoS
56215
23
Medium
Squid 3.x < 3.0.STABLE26 /
3.1.15 / 3.2.0.11 Gopher Buffer
Overflow
16190
22
High
Squid < 2.5.STABLE8 Multiple
Vulnerabilities
11575
22
High
Kerio Personal Firewall
Administrator Authentication
Handshake Packet Remote
Overflow
16205
21
Critical
Default Password (zebra) for
Zebra
DeleGate < 8.11 Multiple
Unspecified Overflows
Firewalls
Tenable Network Security
23
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
20391
Total
Severity
Plugin Name
20
High
WinProxy < 6.1a HTTP Proxy
Multiple Vulnerabilities
12036
20
High
Finjan SurfinGate Proxy
FHTTP Command Admin
Functions Authentication
Bypass
10676
20
Info
Check Point FireWall-1 HTTP
Client Authentication Detection
44384
19
Medium
Squid < 3.0.STABLE23 /
3.1.0.16
45591
18
Medium
Squid < 3.0.STABLE24 /
2.7.STABLE8 / 2.6.STABLE24
Critical
SecurityGateway < 1.0.2
Administration Interface
username Field Remote
Overflow
33104
16
Firewalls
Tenable Network Security
24
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
FreeBSD Local Security Checks
Top 25 Most Common Plugin Results
Plugin
56803
Total
27
Severity
Critical
Plugin Name
FreeBSD : linux-flashplugin
-- multiple vulnerabilities
(0e8e1212-0ce5-11e1-849b-003067b2972c)
53347
27
Low
FreeBSD : tinyproxy
-- ACL lists ineffective
when range is configured
(b9281fb9-61b2-11e0b1ce-0019d1a7ece2)
38965
27
Low
FreeBSD : slim -local disclosure of X
authority magic cookie
(80f13884-4d4c-11de-8811-0030843d3802)
34390
27
Low
FreeBSD : mysql -command line client input
validation vulnerability
(4775c807-8f30-11dd-821f-001cc0377035)
37716
26
Low
FreeBSD : postgresql-contrib
-- insecure temporary file
creation (6a164d84-2f7f-11d9a9e7-0001020eed82)
57785
25
Critical
FreeBSD : mozilla -multiple vulnerabilities
(0a9e2b72-4cb7-11e1-9146-14dae9ebcf89)
57355
25
Critical
FreeBSD : mozilla -multiple vulnerabilities
(e3ff776b-2ba6-11e1-93c6-0011856a6e37)
56495
25
Critical
FreeBSD : amaya -multiple buffer overflow
vulnerabilities (a89b76a7f6bd-11dd-94d9-0030843d3802)
Critical
FreeBSD : chromium -multiple vulnerabilities
(6887828f-0229-11e0b84d-00262d5ed8ee)
51069
25
50469
25
Low
FreeBSD : Mailman -- crosssite scripting in web interface
(4ab29e12-e787-11dfadfa-00e0815b8da8)
36362
25
Low
FreeBSD : CUPS -- local
information disclosure
(30cea6be-1d0c-11d9-814e-0001020eed82)
51950
24
Critical
FreeBSD : webkit-gtk2
-- Multiple vurnabilities.
(35ecdcbe-3501-11e0afcd-0015f2db7bde)
FreeBSD Local Security Checks
Tenable Network Security
25
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
58138
23
Critical
34484
23
Low
56762
22
Critical
FreeBSD : mozilla -multiple vulnerabilities
(6c8ad3e8-0a30-11e1-9580-4061862b8c22)
45448
22
Critical
FreeBSD : firefox -Re-use of freed object
due to scope confusion
(ec8f449f-40ed-11df-9edc-000f20797ede)
FreeBSD : linux-flashplugin
-- multiple vulnerabilities
(f63bf080-619d-11e1-91af-003067b2972c)
FreeBSD : drupal -multiple vulnerabilities
(706c9eef-a077-11ddb413-001372fd0af2)
38802
21
Low
FreeBSD : mod_perl
-- cross-site scripting
(4a638895-41b7-11deb1cc-00219b0fc4d8)
37686
20
Low
FreeBSD : getmail -- symlink
vulnerability during maildir
delivery (8c33b299-163b-11d9ac1b-000d614f7fad)
Low
FreeBSD : mysql -- privilege
escalation and overwrite of
the system table information
(8c451386-dff3-11dda765-0030843d3802)
35339
57403
19
17
Critical
FreeBSD : krb5-appl -- telnetd
code execution vulnerability
(4ddc78dc-300a-11e1a2aa-0016ce01e285)
50075
16
Critical
FreeBSD : Webkitgtk2 -- Multiple
Vulnabilities (e5090d2adbbe-11df-82f8-0015f2db7bde)
56323
15
Critical
FreeBSD : mozilla -- multiple
vulnerabilities (1fade8a3e9e8-11e0-9580-4061862b8c22)
50470
15
Low
FreeBSD : OTRS -- Multiple
XSS and denial of service
vulnerabilities (96e776c7e75c-11df-8f26-00151735203a)
Low
FreeBSD : phpmyadmin
-- Local file inclusion
(1f6ee708-0d22-11e1b5bd-14dae938ec40)
Low
FreeBSD : MoinMoin -- crosssite scripting vulnerabilities
(4c017345-1d89-11e0bbee-0014a5e3cda6)
56804
51568
14
14
FreeBSD Local Security Checks
Tenable Network Security
26
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
FTP
Top 25 Most Common Plugin Results
Total
Severity
54955
Plugin
29
Info
Wing FTP Server Detection
Plugin Name
50544
28
Critical
ProFTPD < 1.3.3c Multiple
Vulnerabilities
32375
27
Info
15857
27
Critical
11779
27
Info
52704
26
Medium
32373
26
Info
FTP Server Bad Command
Sequence Accepted (possible
backdoor/proxy)
WS_FTP Server Multiple
Command Remote Overflow
DoS
FTP Server Copyrighted
Material Present
vsftpd
vsf_filename_passes_filter
Function Denial of Service
FTP Server Any Command
Accepted (possible backdoor/
proxy)
WU-FTPD S/KEY
Authentication ftpd.c
skey_challenge Function
Remote Overflow
14372
26
Critical
40770
25
Info
55523
24
Critical
vsftpd Smiley Face Backdoor
11094
24
Critical
WS_FTP Multiple Command
Long Argument Overflow
45140
23
Medium
Serv-U < 9.4.0.0
40820
23
Info
50989
22
Critical
ProFTPD Compromised
Source Packages Trojaned
Distribution
47040
21
Medium
Solaris FTP Daemon Long
Command Cross-Site Request
Forgery
11160
20
Critical
Windows FTP Server NULL
Administrator Password
12080
19
Critical
Serv-U MDTM Command
Overflow
43369
17
Medium
Serv-U < 9.2.0.1
14598
17
Critical
WS_FTP Server Multiple
Vulnerabilities (OF, DoS, Cmd
Exec)
Ipswitch WS_FTP Server
Version Detection (credentialed
check)
Cerberus FTP Server
Detection
FTP
Tenable Network Security
27
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
11371
17
Critical
BSD ftpd Single Byte Buffer
Overflow
10928
17
Critical
EFTP .lnk File Handling
Remote Overflow
54956
16
Medium
Wing FTP Server LDAP
Authentication Bypass
50811
16
Medium
FTP Server Traversal Arbitrary
File Access (RETR)
42149
16
Low
40825
16
Critical
FTP Service AUTH TLS
Command Support
MS09-053: Microsoft IIS FTPd
NLST Command Remote
Buffer Overflow (975191)
(uncredentialed check)
FTP
Tenable Network Security
28
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Gain a shell remotely
Top 25 Most Common Plugin Results
Plugin
Total
Severity
Plugin Name
25662
29
Critical
IBM Tivoli Storage Manager
Multiple Remote Overflows
10966
29
Medium
University of Washington imap
Server (uw-imapd) BODY
Request Remote Overflow
44072
27
High
25214
27
Critical
Darwin Streaming Server <
5.5.5 Multiple Remote Overflow
Vulnerabilities
42824
25
Critical
IBM Tivoli Storage Manager
Client Multiple Vulnerabilities
(swg21405562)
33285
25
Critical
EMC AlphaStor Library
Manager Remote Code
Execution
25935
25
Critical
SIDVault < 2.0f LDAP Server
Malformed Search Request
Buffer Overflow
14223
25
Medium
rsync sanitize_path() Function
Arbitrary File Disclosure
35009
24
Medium
ClamAV < 0.94.2
cli_check_jpeg_exploit()
Malformed JPEG File DoS
33284
24
Critical
EMC AlphaStor Device
Manager robotd Remote Code
Execution
30106
24
Medium
AXIGEN Mail Server AXIMilter
CNHO Command Remote
Format String
52157
23
High
50023
23
Critical
Novell PlateSpin Orchestrate
Remote Code Execution
43635
23
Critical
HP Data Protector
MSG_PROTOCOL Remote
Stack Buffer Overflow
18200
23
Medium
NetWin DMail Server Multiple
Remote Vulnerabilities
40987
22
Critical
Random password for 'root'
account
25950
22
Critical
RealNetworks Helix DNA
Server RTSP Service Crafted
OpenSSH < 3.2.3 YP
Netgroups Authentication
Bypass
Asterisk main/udptl.c Buffer
Overflows (AST-2011-002)
Gain a shell remotely
Tenable Network Security
29
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
Require Header Remote
Overflow
35555
21
Critical
RealNetworks Helix Server
< 11.1.8/12.0.1 Multiple
Vulnerabilities
32320
21
Critical
Remote host has weak Debian
OpenSSH Keys in ~/.ssh/
authorized_keys
25118
21
Critical
MERCUR Messaging IMAP
Server NTLM Authentication
NTLMSSP Argument Remote
Overflow
35467
20
Critical
EMC RepliStor Multiple
Remote Heap Based Buffer
Overflows
35308
20
Critical
TCL Shell (tclsh) Arbitrary
Command Execution
35087
20
High
15783
20
Medium
Digital Mappings Systems
POP3 Server (pop3svr.exe)
Multiple Field Remote Overflow
10463
20
Medium
vpopmail vchkpw USER/PASS
Command Format String
ClamAV < 0.94 Multiple
Vulnerabilities
Gain a shell remotely
Tenable Network Security
30
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
General
Top 25 Most Common Plugin Results
Plugin
Total
Severity
Plugin Name
SSL Certificate Cannot Be
Trusted
51192
28
Medium
11057
28
High
TCP/IP Initial Sequence
Number (ISN) Reuse
Weakness
57620
27
High
Small SSH RSA Key
56472
27
Info
SSL Certificate Chain Contains
Unnecessary Certificates
42873
27
Medium
39329
27
Low
15901
27
Medium
46180
26
Info
Additional DNS Hostnames
39519
26
Info
Backported Security Patch
Detection (FTP)
34097
26
Info
BIOS Version Information (via
SMB)
45410
25
Info
SSL Certificate commonName
Mismatch
42980
25
Info
SSL Certificate Expiry - Future
Validity
29217
24
Info
Solaris Installed Package
Enumeration (credentialed
check)
45432
23
Info
Processor Information (via
DMI)
57336
22
Medium
34098
22
Low
51892
21
Medium
50350
21
Info
OS Identification Failed
47800
21
Info
VirtualPC Virtual Machine
detection (dmidecode)
45399
21
Info
ICMP Node Information Query
Information Disclosure
33276
20
Info
Enumerate MAC Addresses via
SSH
SSL Medium Strength Cipher
Suites Supported
News Server (NNTP)
Anonymous Read Access
SSL Certificate Expiry
Cyrus IMAPd NNTP
AUTHINFO USER Command
Parsing Authentication Bypass
BIOS version (SSH)
OpenSSL
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_
Session Resume Ciphersuite
Downgrade Issue
General
Tenable Network Security
31
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
53360
19
Info
SSL Server Accepts Weak
Diffie-Hellman Keys
42084
19
Info
ACAP Service STARTTLS
Command Support
42053
18
High
SSL Certificate Null Character
Spoofing Weakness
39520
18
Info
Backported Security Patch
Detection (SSH)
General
Tenable Network Security
32
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Gentoo Local Security Checks
Top 25 Most Common Plugin Results
Plugin
Total
Severity
Plugin Name
GLSA-200803-26 : Adobe
Acrobat Reader: Insecure
temporary file creation
31613
29
Low
56903
28
Critical
GLSA-201111-07 : TinTin++:
Multiple vulnerabilities
46807
28
Critical
GLSA-201006-18 :
Oracle JRE/JDK: Multiple
vulnerabilities
44895
28
Critical
GLSA-201001-06 : aria2:
Multiple vulnerabilities
56426
27
Critical
GLSA-201110-02 : Wireshark:
Multiple vulnerabilities
29907
27
Low
GLSA-200801-03 : Claws
Mail: Insecure temporary file
creation
46793
26
Critical
GLSA-201006-13 : Smarty:
Multiple vulnerabilities
44892
26
Critical
GLSA-201001-03 : PHP:
Multiple vulnerabilities
21317
26
Low
57656
25
Critical
GLSA-201201-14 : MIT
Kerberos 5 Applications:
Multiple vulnerabilities
56425
25
Critical
GLSA-201110-01 : OpenSSL:
Multiple vulnerabilities
56660
24
Critical
GLSA-201110-26 : libxml2:
Multiple vulnerabilities
42214
24
Critical
GLSA-200910-02 : Pidgin:
Multiple vulnerabilities
21278
24
Low
49126
23
Critical
GLSA-201009-05 : Adobe
Reader: Multiple vulnerabilities
42913
22
Critical
GLSA-200911-03 : UW IMAP
toolkit: Multiple vulnerabilities
56459
21
Critical
GLSA-201110-06 : PHP:
Multiple vulnerabilities
26094
21
Low
GLSA-200709-04 : po4a:
Insecure temporary file
creation
GLSA-200605-02 : X.Org:
Buffer overflow in XRender
extension
GLSA-200604-13 : fbida:
Insecure temporary file
creation
Gentoo Local Security Checks
Tenable Network Security
33
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
34248
20
Low
GLSA-200809-09 : Postfix:
Denial of Service
33556
20
Low
GLSA-200807-10 : Bacula:
Information disclosure
31594
20
Low
GLSA-200803-23 : Website
META Language: Insecure
temporary file usage
21664
20
Low
GLSA-200606-02 : shadow:
Privilege escalation
57655
19
Critical
32150
19
Low
GLSA-200805-02 :
phpMyAdmin: Information
disclosure
22939
19
Low
GLSA-200611-01 : Screen:
UTF-8 character handling
vulnerability
GLSA-201201-13 : MIT
Kerberos 5: Multiple
vulnerabilities
Gentoo Local Security Checks
Tenable Network Security
34
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
HP-UX Local Security Checks
Top 25 Most Common Plugin Results
Plugin
46348
44603
40607
Total
29
27
27
Severity
Plugin Name
Critical
HP-UX PHSS_40708 :
s700_800 11.X OV NNM7.53
IA-64 Intermediate Patch 26
Critical
HP-UX PHSS_40368 : HP
Network Node Manager
(NNM), Remote Execution
of Arbitrary Commands
(HPSBMA02484 SSRT090076
rev.1)
Medium
HP-UX PHKL_40197 : HPUX ttrace(2), Local Denial of
Service (DoS) (HPSBUX02450
SSRT090141 rev1)
40365
26
Medium
HP-UX PHNE_39872 : HPUX Running XNTP, Remote
Execution of Arbitrary Code
(HPSBUX02437 SSRT090038
rev.2)
45617
25
Medium
HP-UX PHKL_40888 : HP-UX,
Local Denial of Service (DoS)
(HPSBUX02518 SSRT100051
rev.1)
Medium
HP-UX PHSS_39510 : HP
OpenView Storage Data
Protector, Local Unauthorized
Access (HPSBMA02502
SSRT090171 rev.1)
44351
25
51467
24
Medium
HP-UX PHKL_39899 : HP-UX
Running Threaded Processes,
Remote Denial of Service
(DoS) (HPSBUX02611
SSRT090201 rev.1)
43134
24
Critical
HP-UX PHSS_36588 :
s700_800 11.X OV DP6.00
PA-RISC patch - CS packet
53267
23
Medium
HP-UX PHKL_41944 : HP-UX,
Local Denial of Service (DoS)
(HPSBUX02646 SSRT100396
rev.1)
43137
23
Critical
HP-UX PHSS_36623 :
s700_800 11.X OV DP6.00
IA-64 patch - CORE packet
Medium
HP-UX PHNE_39871 : HPUX Running XNTP, Remote
Execution of Arbitrary Code
(HPSBUX02437 SSRT090038
rev.2)
40364
23
HP-UX Local Security Checks
Tenable Network Security
35
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
38730
41978
44354
43142
43131
Total
23
22
21
21
21
Severity
Plugin Name
Medium
HP-UX PHCO_38492 :
HPUX Running useradd(1M),
Local Unauthorized Access
(HPSBUX02366 SSRT080120
rev.2)
Critical
HP-UX PHSS_39774 : HP-UX
Running Kerberos, Remote
Denial of Service (DoS),
Execution of Arbitrary Code
(HPSBUX02421 SSRT090047
rev.2)
Medium
HP-UX PHSS_39515 : HP
OpenView Storage Data
Protector, Local Unauthorized
Access (HPSBMA02502
SSRT090171 rev.1)
Critical
HP-UX PHSS_40374 :
s700_800 11.X OV NNM7.53
PA-RISC Intermediate Patch
25
Critical
HP-UX PHCO_40520 : HPUX Running VRTSweb,
Remote Execution of Arbitrary
Code, Increase of Privilege
(HPSBUX02480 SSRT090253
rev.1)
44349
20
Medium
HP-UX PHSS_39105 : HP
OpenView Storage Data
Protector, Local Unauthorized
Access (HPSBMA02502
SSRT090171 rev.1)
43141
20
Critical
HP-UX PHSS_37383 :
s700_800 11.23 OV DP5.50
IA-64 patch - CORE packet
Medium
HP-UX PHSS_40230 : HP
Enterprise Cluster Master
Toolkit (ECMT) running on
HP-UX, Local Unauthorized
Access (HPSBUX02464
SSRT090210 rev.1)
44405
19
49112
18
Medium
HP-UX PHCO_41201 :
HP-UX running Software
Distributor (sd), Local Privilege
Increase, Unauthorized Access
(HPSBUX02552 SSRT100062
rev.1)
43135
18
Critical
HP-UX PHSS_36589 :
s700_800 11.X OV DP6.00
IA-64 patch - CS packet
53271
17
Medium
HP-UX PHNE_41908 : HPUX Running XNTP, Remote
Denial of Service (DoS)
(HPSBUX02639 SSRT100293
rev.1)
38731
16
Medium
HP-UX PHCO_38547 :
HPUX Running useradd(1M),
Local Unauthorized Access
HP-UX Local Security Checks
Tenable Network Security
36
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
(HPSBUX02366 SSRT080120
rev.2)
43130
49111
15
14
Critical
HP-UX PHCO_40519 : HPUX Running VRTSweb,
Remote Execution of Arbitrary
Code, Increase of Privilege
(HPSBUX02480 SSRT090253
rev.1)
Medium
HP-UX PHCO_41200 :
HP-UX running Software
Distributor (sd), Local Privilege
Increase, Unauthorized Access
(HPSBUX02552 SSRT100062
rev.1)
HP-UX Local Security Checks
Tenable Network Security
37
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Junos Local Security Checks
Top 25 Most Common Plugin Results
Plugin
Total
Severity
Plugin Name
Juniper Junos BGP UPDATE
Malformed ATTR_SET
Attribute Remote DoS
(PSN-2012-01-472)
57637
53
Medium
57638
45
High
Juniper Junos J-Web
Component Unspecified CSRF
(PSN-2012-01-474)
55933
45
Critical
Unsupported Junos Operating
System
57636
43
High
Juniper Junos MGD-CLI
Arbitrary Command Execution
(PSN-2011-11-418)
55939
41
Medium
55934
39
Low
Juniper Junos Multiple
sfid Daemon Malformed
Packet Remote DoS
(PSN-2011-04-241)
Juniper Junos Extended DHCP
Relay Agent Traffic Redirection
(PSN-2011-07-300)
55940
34
Medium
Juniper Junos debug.php
J-Web Component
Unauthenticated Debug
Access (PSN-2011-02-158)
56771
32
Medium
Juniper Junos J-Web
Administrator Logs XSS
(PSN-2011-10-392)
55941
31
Low
55936
31
Medium
Juniper Junos Fragmented
ICMP Packet Handling Remote
DoS (PSN-2011-07-298)
57639
23
Medium
Juniper Junos BGP
Multiple Remote DoS
(PSN-2012-01-475)
55935
23
Medium
Juniper Junos IPv6 over
IPv4 Security Policy Bypass
(PSN-2011-07-299)
55932
21
Info
Junos Version Detection
55937
19
High
Juniper Junos ICMP Ping
'composite next-hop' Remote
DoS (PSN-2011-07-297)
56769
17
Medium
Juniper Junos J-Web
Weak SSL Ciphers
(PSN-2011-01-147)
Juniper Junos MPC Malformed
Route Prefix Remote DoS
(PSN-2011-08-327)
Junos Local Security Checks
Tenable Network Security
38
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
55938
15
Medium
Juniper Junos PIM rpd Crafted
Boot Message Remote DoS
(PSN-2011-07-296)
56770
8
High
Juniper Junos Next-Gen
MVPN Senario Malformed
Message Handling Remote
DoS (PSN-2011-10-391)
Junos Local Security Checks
Tenable Network Security
39
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
MacOS X Local Security Checks
Top 25 Most Common Plugin Results
Plugin
Total
Severity
Plugin Name
38743
29
Critical
Mac OS X Multiple
Vulnerabilities (Security Update
2009-002)
45373
26
Critical
Mac OS X Multiple
Vulnerabilities (Security Update
2010-002)
40502
26
Critical
Mac OS X < 10.5.8 Multiple
Vulnerabilities
55458
25
Critical
Mac OS X : Java for Mac OS X
10.5 Update 10
40946
25
Critical
Mac OS X < 10.6.1 Multiple
Vulnerabilities
56960
24
Info
Adobe AIR for Mac Installed
56214
23
Critical
55417
23
Info
40591
23
Medium
Mac OS X BIND Dynamic
Update Message Handling
Remote DoS (Security Update
2009-004)
55459
22
Critical
Mac OS X : Java for Mac OS X
10.6 Update 5
58180
21
Info
Mac OS X DNS Server
Enumeration
56871
21
Medium
iTunes < 10.5.1 Update
Authenticity Verification
Weakness (Mac OS X)
54832
20
Critical
Mac OS X Mac Defender
Malware Detection
50680
20
Info
44095
20
Critical
Mac OS X Multiple
Vulnerabilities (Security Update
2010-001)
25997
20
Info
iTunes Version Detection (Mac
OS X)
55575
18
Info
LibreOffice Detection (Mac OS
X)
53412
18
Medium
Mac OS X Fraudulent Digital
Certificates (Security Update
2011-002)
20113
18
Low
Mac OS X < 10.4.3 Multiple
Vulnerabilities
56748
17
Critical
Adobe Reader Unsupported
Version Detection (Mac OS X)
Firefox Installed (Mac OS X)
Mac OS X Server Service List
Mac OS X : Java for Mac OS X
10.6 Update 6
MacOS X Local Security Checks
Tenable Network Security
40
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
47023
17
Critical
Mac OS X 10.6 < 10.6.4
Multiple Vulnerabilities
54973
16
Medium
Flash Player for Mac <
10.3.181.22 Cross-Site
Scripting (APSB11-13)
53843
16
Info
Skype for Mac Installed
(credentialed check)
58091
15
Info
Microsoft Silverlight Installed
(Mac OS X)
55851
13
Critical
VMware Fusion Unsupported
Version Detection
MacOS X Local Security Checks
Tenable Network Security
41
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Mandriva Local Security Checks
Top 25 Most Common Plugin Results
Total
Severity
42046
Plugin
29
Low
MDVSA-2009:256-1 : dbus
Plugin Name
56373
28
Critical
MDVSA-2011:139 : firefox
38117
28
Low
50008
27
Critical
MDVSA-2010:205 : freeciv
53617
26
Critical
MDVSA-2011:080 : mozillathunderbird
49795
26
Critical
MDVSA-2010:198 : kernel
26105
26
Low
MDKSA-2007:185 : avahi
57412
25
Critical
MDVSA-2011:195 : krb5-appl
51793
25
Critical
MDVSA-2010:260 : libxml2
56809
24
Critical
MDVSA-2011:170 : java-1.6.0openjdk
56765
24
Critical
MDVSA-2011:169 : mozilla
53273
23
Critical
MDVSA-2011:061 : ffmpeg
37945
23
Low
MDVSA-2008:135 : gnomescreensaver
57413
22
Low
MDVSA-2011:196 : ipmitool
56324
22
Low
MDVSA-2011:136 : openssl
53001
22
Critical
49738
22
Low
MDVSA-2010:191 : mailman
36594
21
Low
MDVSA-2008:172 : amarok
49666
20
Critical
45030
20
Low
55406
19
Critical
45041
19
Low
MDVSA-2010:061 : ncpfs
40813
19
Low
MDVSA-2009:224-1 : postfix
37681
19
Low
MDVSA-2008:076 : wml
56707
17
Critical
MDVSA-2011:165 : php
MDVSA-2009:066 : php
MDVSA-2011:054 : java-1.6.0openjdk
MDVSA-2010:188 : kernel
MDVSA-2010:059 : virtualbox
MDVSA-2011:111 : mozilla
Mandriva Local Security Checks
Tenable Network Security
42
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Misc.
Top 25 Most Common Plugin Results
Plugin
Total
Severity
Plugin Name
51890
29
Info
Telnet Service START_TLS
Support
55992
28
Critical
SunSSH < 1.1.1 / 1.3 CBC
Plaintext Disclosure
47743
28
Critical
Ipswitch Imail Server < 11.02
Multiple Vulnerabilities
43030
28
Critical
Novell eDirectory < 8.8.5.2 /
8.7.3.10 ftf2 'NDS Verb'
Request Buffer Overflow
19948
28
Critical
X11 Server Unauthenticated
Access
44316
27
Critical
Oracle WebLogic Server Node
Manager Remote Command
Execution
43390
27
Critical
Adobe Flash Media Server
< 3.0.5 / 3.5.3 Multiple
Vulnerabilities (APSB09-18)
42085
27
Info
IMAP Service STARTTLS
Command Support
57334
26
Info
Anonymous NNTP
Authentication Enabled
55814
26
Critical
51092
25
Info
OpenVZ Guest Detection
45477
24
Info
LDAP Group Enumeration
44657
24
Critical
Linux Daemons with Broken
Links to Executables
33948
24
Critical
Attachmate Reflection for
Secure IT UNIX server < 7.0
SP1 Multiple Vulnerabilities
46172
23
Critical
ClamAV Virus Database
(daily.cvd) Out Of Date
43829
23
Low
22415
23
Critical
Netopia Router Crafted SNMP
Request Remote Admin
Password Disclosure
25216
22
Critical
Samba NDR MS-RPC Request
Heap-Based Remote Buffer
Overflow
56300
20
Info
KVM / QEMU Guest Detection
(credentialed check)
53857
20
Critical
Adobe Flash Media Server
Unsupported Version Detection
Kerberos Information
Disclosure
HP Data Protector < A.06.20
Multiple Vulnerabilities
Misc.
Tenable Network Security
43
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
46255
20
Critical
HP Mercury LoadRunner Agent
Remote Command Execution
53533
19
Critical
Zend Server Java Bridge
Arbitrary Java Code Execution
45478
19
Info
24747
19
Critical
Kiwi CatTools < 3.2.9 TFTP
Server Traversal Arbitrary File
Manipulation
58038
18
Info
LDAP 'Domain Admins' Group
Membership Enumeration
LDAP User Enumeration
Misc.
Tenable Network Security
44
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Netware
Top 25 Most Common Plugin Results
Plugin
Total
Severity
Plugin Name
44064
43
Low
Novell NetWare 6.5 Support
Pack 1.1 Admin/Install Local
Information Disclosure
10988
43
Medium
Novell NetWare ncp Service
NDS Object Enumeration
11827
42
High
Novell NetWare Web Server
CGI2PERL.NLM PERL
Handler Remote Overflow
12119
30
High
Novell NetWare 6.0 Tomcat
source.jsp Traversal Arbitrary
File Access
12122
29
Medium
Novell Groupwise Servlet
Manager Default Password
10826
29
Medium
Novell NetWare Management
Portal Unrestricted Access
11158
28
High
Novell NetWare Web Handler
Multiple Vulnerabilities
44066
27
High
Novell NetWare 6.5 OpenSSH
Remote Stack Buffer Overflow
12050
22
Medium
Novell NetBasic Scripting
Server Encoded Traversal
Arbitrary File Access
12049
22
Medium
Novonyx Web Server Multiple
Sample Application Files
Present
12048
19
Medium
Novell NetWare Web Server
sewse.nlm (viewcode.jse)
Traversal Arbitrary File Access
11614
15
Medium
Novell NetWare FTPServ
Malformed Input Remote DoS
12104
12
Medium
Novell NetWare LDAP Server
Anonymous Bind
Netware
Tenable Network Security
45
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Peer-To-Peer File Sharing
Top 25 Most Common Plugin Results
Plugin
Total
Severity
Plugin Name
PeerCast URL Error Message
Format String
18417
29
High
11847
27
Medium
11426
27
Info
Kazaa on Windows Detection
35468
26
Info
GigaTribe Detection
20748
26
Info
BitComet Detection
10408
26
High
Gnapster Absolute Path Name
Request Arbitrary File Access
20845
25
Info
BitLord Detection
20217
25
Info
iTunes Music Sharing Enabled
50676
24
Info
BitTorrent / uTorrent Detection
35914
23
Medium
iTunes < 8.1 Multiple
Vulnerabilities (uncredentialed
check)
53489
22
High
iTunes < 10.2.2 Multiple
Vulnerabilities (uncredentialed
check)
11022
22
Info
eDonkey Detection
21783
21
Medium
iTunes AAC File Parsing
Integer Overflow
(uncredentialed check)
19386
21
Info
Ares Fileshare Detection
33228
20
Info
Owner Free File System Client
Detection
20843
20
Info
BitTorrent Detection
15834
20
High
Open DC Hub RedirectAll
Value Remote Overflow
11844
20
High
FastTrack (FT) Crafted Packet
Handling Remote Overflow
11431
20
Low
XoloX Detection
50677
19
Info
BitTorrent Mainline DHT
Detection
41061
19
High
iTunes < 9.0.1 PLS File Buffer
Overflow (uncredentialed
check)
11125
19
Low
mldonkey Detection (WWW)
10946
19
Info
Gnutella Servent Detection
47763
18
High
iTunes < 9.2.1 'itpc:' Buffer
Overflow (uncredentialed
check)
WinMX Detection
(uncredentialed check)
Peer-To-Peer File Sharing
Tenable Network Security
46
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
26000
Total
Severity
18
High
Plugin Name
iTunes < 7.4 Malformed
Music File Heap Overflow
(uncredentialed check)
Peer-To-Peer File Sharing
Tenable Network Security
47
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Policy Compliance
Top 25 Most Common Plugin Results
Plugin
Total
Severity
Plugin Name
56209
35
Info
PCI DSS compliance : Remote
Access Software Has Been
Detected
57581
33
High
PCI DSS compliance :
Database Reachable from the
Internet
56208
33
Medium
PCI DSS compliance :
Insecure Communication Has
Been Detected
Policy Compliance
Tenable Network Security
48
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Port scanners
Top 25 Most Common Plugin Results
Total
Severity
14274
Plugin
26
Low
Nessus SNMP Scanner
Plugin Name
10180
10
Info
Ping the remote host
0
9
Low
Open Port
Port scanners
Tenable Network Security
49
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Red Hat Local Security Checks
Top 25 Most Common Plugin Results
Total
Severity
Plugin Name
56328
Plugin
29
Critical
RHSA-2011-1343: thunderbird
57957
28
Critical
RHSA-2012-0136: libvorbis
54930
28
Low
RHSA-2011-0842: systemtap
57409
27
Critical
RHSA-2011-1852: krb5-applclients
25984
27
Low
RHSA-2007-0539: aide
57991
26
Critical
RHSA-2012-0139: java
50853
26
Low
RHSA-2010-0926: krb5-devel
35317
26
Low
RHSA-2009-0008: dbus
55642
25
Low
RHSA-2011-0975: sssd
25877
25
Low
RHSA-2007-0765: libgtop2
57595
24
Critical
27830
24
Low
RHSA-2007-0542: mcstrans
25986
24
Low
RHSA-2007-0795: cyrus-sasl
57956
23
Critical
RHSA-2012-0135: java
57408
23
Critical
RHSA-2011-1851: krb5-devel
56942
23
Critical
RHSA-2011-1478: java
56740
22
Critical
RHSA-2011-1434: acroread
54594
22
Low
RHSA-2011-0560: sssd
58067
21
Low
RHSA-2012-0313: libsmbclient
56553
21
Critical
25989
21
Low
RHSA-2007-0878: cyrus-sasl
57761
20
Critical
RHSA-2012-0080: thunderbird
55854
19
Critical
RHSA-2011-1159: java
53631
19
Low
RHSA-2011-0479: libvirt
40837
19
Low
RHSA-2009-1287: openssh
RHSA-2012-0034: java
RHSA-2011-1380: java
Red Hat Local Security Checks
Tenable Network Security
50
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
RPC
Top 25 Most Common Plugin Results
Total
Severity
42256
Plugin
37
Medium
NFS Shares World Readable
Plugin Name
11356
36
Medium
NFS Exported Share
Information Disclosure
12237
34
Medium
RPC bootparamd NIS Domain
Name Disclosure
11358
28
High
NFS portmapper localhost
Mount Request Restricted Host
Access
10208
28
Info
3270 Mapper Service
Detection
11899
27
Medium
10226
27
Info
54586
26
Medium
Multiple Vendor RPC
portmapper Access Restriction
Bypass
20759
26
Medium
RPC rpcbind Non-standard
Port Assignment Filter Bypass
10227
26
Info
RPC rstatd Service Detection
12238
24
Medium
10158
24
Info
11357
23
Medium
15984
21
High
NFS Share User Mountable
53333
19
Info
Detect RPC over TCP
11058
19
Medium
RPC rusers Remote
Information Disclosure
11353
17
Medium
NFS Predictable Filehandles
Filesystem Access
10210
16
Info
RPC alis Service Detection
31683
15
High
Multiple Vendor NIS
rpc.ypupdated YP Map Update
Arbitrary Remote Command
Execution
11420
15
Critical
10223
14
Info
RPC portmapper Service
Detection
53335
13
Info
RPC portmapper (TCP)
RPC nibindd Service Detection
rquotad Service Detection
NIS passwd.byname Map
Disclosure
NIS Server Detection
Multiple Vendor NFS CD
Command Arbitrary File/
Directory Access
Sun RPC XDR
xdrmem_getbytes Function
Remote Overflow
RPC
Tenable Network Security
51
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
11800
13
Critical
Linux NFS utils package (nfsutils) mountd xlog Function Offby-one Remote Overflow
53334
11
Info
Detect RPC over UDP
11418
10
Critical
Sun rpc.cmsd Remote
Overflow
RPC
Tenable Network Security
52
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
SCADA
Top 25 Most Common Plugin Results
Total
Severity
33169
Plugin
42
Info
CitectSCADA Detection
Plugin Name
57601
23
Medium
SEL Controller Default
Credentials
55025
23
Medium
Ecava IntegraXor < 3.60.4080
XSS
47759
23
High
56994
21
Critical
Advantech / BroadWin
WebAccess webvrpcs.exe
Service Remote Code
Execution (credentialed check)
52962
21
Medium
IGSS Data Server Directory
Traversal Arbitrary File Access
53877
20
High
Samsung Data Management
Server < 1.4.3 verifyUser
Method SQL Injection
Siemens SIMATIC
WinCC Default Password
Authentication Bypass
56993
19
High
Advantech / BroadWin
WebAccess Client
'bwocxrun.ocx ' Multiple
Remote Vulnerabilities
55631
19
High
Sielco Sistemi Winlog Pro
< 2.07.01 TCP/IP Server
Runtime.exe Packet Handling
Remote Overflow
53548
19
Info
Ecava IntegraXor Detection
56995
18
Critical
Advantech / BroadWin
WebAccess webvrpcs.exe
Service Remote Code
Execution (uncredentialed
check)
53878
18
Critical
Samsung Data Management
Server Default Password
(rkwjsdusrnth) for 'root'
Account
54291
17
Medium
7-Technologies IGSS <
9.0.0.11129 Multiple DoS
Vulnerabilities
57600
15
High
Modicon Quantum TFTP
Arbitrary File Upload
53572
15
Info
Automated Solutions Modbus/
TCP OPC Server Detection
54645
14
Critical
7-Technologies IGSS <
9.0.0.11143 ODBC Remote
Memory Corruption
SCADA
Tenable Network Security
53
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
52051
14
High
Moxa Device Manager Tool
MDM2_Gateway Response
Remote Overflow
55630
13
Info
Sielco Sistemi Winlog
Detection
52993
13
High
Movicon < 11.2 Build 1084
Multiple Vulnerabilities
50303
11
Info
Moxa Device Manager
Gateway Detection
Modbus/TCP Master OPC
Server MODBUS Protocol
Response Packet Remote
Overflow
53573
10
High
53549
10
Critical
55026
8
High
52995
8
Medium
57602
7
High
Plugin Name
Ecava IntegraXor < 3.60.4050
Unspecified SQL Injection
Ecava IntegraXor Path
Subversion Arbitrary DLL
Injection Code Execution
Movicon TcpUploadServer
Data Leakage (remote check)
Sensitive information can be
obtained from the GE D20
Remote Terminal Unit via
TFTP
SCADA
Tenable Network Security
54
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Service detection
Top 25 Most Common Plugin Results
Total
Severity
58147
Plugin
29
Info
BJNP Detection
Plugin Name
42843
29
Low
Unisys Business Information
Server Detection
31705
28
Medium
SSL Anonymous Cipher Suites
Supported
11720
28
Medium
Secure HyperText Transfer
Protocol (S-HTTP) Detection
56819
26
Info
Greenbone Security Assistant
detection
35820
26
Low
Thecus NAS Device Detection
52482
25
Info
EA Need For Speed
Underground Detection
51834
25
Info
Microsoft Office Document
Conversions Load Balancer
Detection
40876
25
Low
Citrix Licensing Service
Detection
54629
24
Info
WINS Server Detection
53513
24
Info
Link-Local Multicast Name
Resolution (LLMNR) Detection
31854
24
Critical
Malware Payload Code
detection
42931
23
Low
Squeezebox Server CLI
Detection
30207
23
Low
LPD Detection
42933
22
Low
Squeezebox Server CLI
Detection
42058
22
Low
Dopewars Server Detection
10205
22
High
rlogin Service Detection
52654
21
Info
HP StorageWorks File
Migration Agent Detection
20345
21
Medium
Airport Administrative Traffic
Detection (192/UDP)
56823
19
Info
OpenVAS Scanner Detection
51093
19
Info
DiskPulse Server Detection
35322
19
Critical
HTTP Backdoor Detection
34364
18
Low
Zebedee Server Detection
50704
17
Info
Sybase PowerDesigner
Repository Proxy Detection
43831
17
Low
Altiris Deployment Solution
Server DB Manager Detection
Service detection
Tenable Network Security
55
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Settings
Top 25 Most Common Plugin Results
Plugin
Total
Severity
Plugin Name
46215
36
Info
Inconsistent Hostname and IP
Address
11149
34
Info
HTTP login page
12241
33
Low
AppSocket & socketAPI
Printers - Do Not Scan
22482
32
Info
Do not scan Novell NetWare
24786
31
Info
Nessus Windows Scan
Not Performed with Admin
Privileges
11840
24
Low
Exclude top-level domain
wildcard hosts
11933
23
Info
Do not scan printers
12634
21
Info
Authenticated Check: OS
Name and Installed Package
Enumeration
35703
18
Info
SMB Registry : Start the
Registry Service during the
scan
40472
16
Info
PCI DSS compliance : options
settings
21745
16
Low
Authentication Failure - Local
Checks Not Run
19506
16
Info
Nessus Scan Information
44920
10
Info
Do not scan printers
(AppSocket)
Settings
Tenable Network Security
56
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Slackware Local Security
Checks
Top 25 Most Common Plugin Results
Total
Severity
18779
Plugin
29
Critical
SSA-2004-161-01 : cvs
Plugin Name
40513
28
Critical
SSA-2009-219-03 : apr-util
21342
28
Low
33287
27
Critical
24658
26
Low
57892
25
Medium
SSA-2012-041-01 : httpd
54899
25
Medium
SSA-2011-086-03 : shadow
22467
25
Critical
SSA-2006-272-01 : openssl
55735
24
Medium
SSA-2011-210-01 : libpng
54879
24
Medium
SSA-2010-176-01 : bind
54863
24
Critical
SSA-2005-251-03 : slackwarecurrent security updates
56142
22
Medium
SSA-2011-252-01 : httpd
39796
22
Critical
SSA-2009-195-01 : dhcp
54891
21
Medium
SSA-2010-305-02 : pidgin
54885
21
Medium
SSA-2010-240-03 :
kdegraphics
25222
20
Critical
SSA-2007-134-01 : samba
24661
20
Low
SSA-2006-335-03 : libpng
54882
19
Medium
SSA-2010-176-05 : cups
55737
18
Medium
SSA-2011-210-03 : samba
54906
17
Medium
SSA-2011-147-01 : bind
44946
17
Critical
SSA-2010-060-02 : openssl
40624
17
Critical
SSA-2009-231-02 : pidgin
24660
17
Critical
SSA-2006-335-02 : proftpd
19862
17
Critical
SSA-2005-251-02 : mod_ssl
20920
16
Critical
SSA-2006-045-09 : xpdf
SSA-2006-123-01 : xorg server
overflow
SSA-2008-179-01 : ruby
SSA-2006-307-02 : screen
Slackware Local Security Checks
Tenable Network Security
57
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
SMTP problems
Top 25 Most Common Plugin Results
Plugin
Total
Severity
Plugin Name
56634
27
Critical
GroupWise Internet Agent <
8.0.2 HP3 iCalendar TZNAME
Property Heap Overflow
51861
27
Medium
Exim < 4.74 Local Privilege
Escalation
34347
27
Low
Postfix epoll File Descriptor
Leak Local DoS
17364
27
Medium
MailEnable Standard SMTP
mailto: Request Format String
11316
27
Critical
Sendmail headers.c crackaddr
Function Address Field
Handling Remote Overflow
11088
27
Low
46783
26
Medium
Exim < 4.72 Multiple
Vulnerabilities
17724
26
Medium
Sendmail < 8.13.8 Header
Processing Overflow DoS
12102
26
Critical
Courier < 0.45 Multiple Remote
Overflows
28289
25
Medium
Ability Mail Server < 2.61
Multiple Remote DoS
15464
25
Critical
Microsoft Windows/Exchange
SMTP DNS Lookup Overflow
(885881)
11674
25
Critical
BaSoMail SMTP Multiple
Command Remote Overflow
DoS
10278
25
Critical
Sendmail 8.6.9 IDENT Remote
Overflow
11838
24
Critical
Sendmail < 8.12.10 prescan()
Function Remote Overflow
54581
23
Info
10588
23
Critical
Sendmail mime7to8() Function
Remote Overflow
54582
22
Low
SMTP Service Cleartext Login
Permitted
15404
22
Critical
Kerio MailServer < 6.0.3
Unspecified Vulnerability
10247
22
Critical
Sendmail DEBUG/WIZ Remote
Command Execution
Sendmail RestrictQueueRun
Option Debug Mode
Information Disclosure
Anonymous SMTP
Authentication Enabled
SMTP problems
Tenable Network Security
58
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
22411
20
Medium
MailEnable SMTP Connector
Service SPF Record Crafted
Lookup DoS
11772
20
Critical
SMTP Generic Overflow
Detection
12232
19
Medium
Exim < 3.36 / 4.33 Multiple
Remote Overflows
54584
18
Medium
Postfix Cyrus SASL
Authentication Context Data
Reuse Memory Corruption
(exploit)
18433
18
Medium
GoodTech SMTP Server
Malformed RCPT TO
Command DoS
18620
17
Low
Courier Mail Server < 0.50.1
DNS SPF Record Lookup
Failure Memory Corruption
DoS
SMTP problems
Tenable Network Security
59
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
SNMP
Top 25 Most Common Plugin Results
Plugin
Total
Severity
Plugin Name
10550
53
Info
SNMP Query Running Process
List Disclosure
10547
49
Low
Microsoft Windows LAN
Manager SNMP LanMan
Services Disclosure
10551
48
Info
SNMP Request Network
Interfaces Enumeration
10266
43
Medium
SNMP Zero Length UDP
Packet Remote DoS
10548
42
Info
Microsoft Windows LAN
Manager SNMP LanMan
Shares Disclosure
10264
41
High
SNMP Agent Default
Community Names
11317
36
High
HP JetDirect Device SNMP
Request Cleartext Admin
Credential Disclosure
10688
36
Critical
45022
34
Info
SNMP Query Airport Version
43100
32
Info
SNMP Query WLAN SSID
(Cisco)
41028
32
High
SNMP Agent Default
Community Name (public)
35296
31
Info
SNMP Protocol Version
Detection
19763
30
Info
SNMP Query Installed
Software Disclosure
27841
29
High
SNMP GETBULK Large maxrepetitions Remote DoS
11335
28
Critical
34396
27
Info
ASG-Sentry SNMP Agent
Detection
10969
24
Low
SNMP Request Cisco Router
Information Disclosure
34022
23
Info
SNMP Query Routing
Information Disclosure
25422
23
Info
SNMPc Management Server
Detection
51160
21
High
BMC SNMP Agent Default
Community Name (public)
Cisco CatOS VACM readwrite Community String Device
Configuration Manipulation
Solaris mibiisa MIB Parsing
Remote Overflow
SNMP
Tenable Network Security
60
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
10800
15
Info
10858
14
Medium
Multiple Vendor Malformed
SNMP Trap Handling DoS
11490
13
Critical
D-Link DSL Broadband Modem
SNMP Cleartext ISP Credential
Disclosure
10857
12
Medium
Multiple Vendor Malformed
SNMP Message-Handling DoS
10546
4
Info
Microsoft Windows LAN
Manager SNMP LanMan Users
Disclosure
SNMP Query System
Information Disclosure
SNMP
Tenable Network Security
61
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Solaris Local Security Checks
Top 25 Most Common Plugin Results
Total
Severity
38773
Plugin
54
High
Solaris 10 (x86) : 140106-02
Plugin Name
45597
44
High
Solaris 10 (x86) : 144255-01
53276
43
High
Solaris 10 (sparc) : 146802-03
49135
43
High
Solaris 10 (sparc) : 143559-10
55063
39
High
Solaris 10 (sparc) : 140387-02
49081
38
High
Solaris 10 (x86) : 143593-08
54992
37
High
Solaris 10 (sparc) : 147182-01
50522
37
High
Solaris 10 (x86) : 145797-02
42187
37
High
Solaris 10 (x86) : 141503-02
49991
36
High
Solaris 10 (sparc) : 144053-04
48918
36
High
Solaris 10 (x86) : 138881-02
48937
35
High
Solaris 10 (sparc) : 145124-02
48917
35
High
Solaris 10 (sparc) : 138880-02
50041
34
High
Solaris 10 (sparc) : 143561-09
56442
33
High
Solaris 8 (x86) : 121431-54
53275
32
High
Solaris 10 (sparc) : 145044-03
45596
32
High
Solaris 10 (sparc) : 144254-01
55017
30
High
Solaris 10 (x86) : 147183-01
50538
30
High
Solaris 10 (x86) : 144489-17
53277
28
High
Solaris 10 (x86) : 145045-03
55064
27
High
Solaris 10 (x86) : 140388-02
50572
24
High
Solaris 10 (sparc) : 144488-17
50042
24
High
Solaris 10 (x86) : 143562-09
49079
22
High
Solaris 10 (sparc) : 143592-09
51879
17
High
Solaris 10 (sparc) : 146018-03
Solaris Local Security Checks
Tenable Network Security
62
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
SuSE Local Security Checks
Top 25 Most Common Plugin Results
Plugin
Total
Severity
Plugin Name
58113
29
Critical
SuSE Security Update:
java-1_4_2-ibm (2012-01-05)
57586
29
Critical
SuSE Security Update:
acroread (2012-01-12)
51740
28
Low
SuSE Security Update:
Security update for fuse
(fuse-6838)
57886
27
Critical
SuSE Security Update: mozillaxulrunner192 (2012-02-06)
57204
27
Critical
SuSE Security Update:
Security update for IBM Java
(java-1_4_2-ibm-7504)
57207
26
Critical
SuSE Security Update:
Security update for IBM Java
(java-1_5_0-ibm-7650)
58195
24
Critical
SuSE Security Update:
libvorbis (2012-02-21)
57683
24
Critical
SuSE Security Update:
Security update for IBM Java
1.4.2 (java-1_4_2-ibm-7908)
57239
24
Low
SuSE Security Update:
Security update for pam
(pam-7814)
50945
24
Low
SuSE Security Update: libvirt
(2010-07-23)
57177
23
Low
SuSE Security Update:
Security update for dbus
(dbus-1-7482)
53704
23
Low
SuSE 11.2 Security Update:
dbus-1 (2011-04-26)
51600
23
Low
SuSE Security Update: gdm
(2010-09-30)
58129
22
Critical
51743
22
Low
57208
20
Critical
SuSE Security Update:
Security update for IBM Java
(java-1_5_0-ibm-7862)
57126
20
Low
SuSE Security Update: pam
(2011-10-25)
SuSE Security Update:
Security update for flash-player
(flash-player-7982)
SuSE Security Update:
Security update for fuse
(fuse-6888)
SuSE Local Security Checks
Tenable Network Security
63
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
55139
20
Low
SuSE Security Update:
Security update for OpenSSL
(openssl-7552)
51592
20
Low
SuSE Security Update:
NetworkManager (2010-09-16)
57206
19
Critical
SuSE Security Update:
Security update for IBM Java
(java-1_5_0-ibm-7442)
57130
19
Low
SuSE Security Update: pureftpd (2011-09-01)
51741
19
Low
SuSE Security Update:
Security update for fuse
(fuse-6840)
57192
18
Critical
SuSE Security Update:
Security update for flash-player
(flash-player-7571)
57152
18
Critical
SuSE Security Update:
Security update for Mozilla
Firefox (MozillaFirefox-7784)
53590
18
Low
SuSE Security Update:
Security update for dbus
(dbus-1-7483)
SuSE Local Security Checks
Tenable Network Security
64
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Ubuntu Local Security Checks
Top 25 Most Common Plugin Results
Plugin
Total
Severity
Plugin Name
57844
28
Critical
USN-1355-1 : firefox
vulnerabilities
56638
28
Critical
USN-1239-1 : linux-ec2
vulnerabilities
57685
27
Critical
USN-1263-2 : openjdk-6,
openjdk-6b18 regression
57448
27
Low
56747
27
Critical
USN-1253-1 : linux
vulnerabilities
56768
26
Critical
USN-1256-1 : linux-ltsbackport-natty vulnerabilities
56479
26
Critical
USN-1228-1 : linux-ti-omap4
vulnerabilities
45343
26
Low
USN-918-1 : samba
vulnerability
57058
25
Low
USN-1294-1 : linux-ltsbackport-oneiric vulnerabilities
56640
25
Critical
38647
25
Low
USN-768-1 : Apport
vulnerability
52479
23
Low
USN-1077-1 : fuse
vulnerabilities
55088
21
Low
USN-1127-1 : usb-creator
vulnerability
45398
21
Low
USN-922-1 : libnss-db
vulnerability
39336
21
Low
USN-783-1 : ecryptfs-utils
vulnerability
57665
20
Low
USN-1341-1 : linux
vulnerabilities
57458
20
Critical
USN-1306-2 : mozvoikko,
ubufox update
56388
19
Critical
USN-1225-1 : linux
vulnerabilities
51572
19
Low
USN-1044-1 : dbus
vulnerability
36904
19
Low
USN-642-1 : Postfix
vulnerabilities
58069
18
Critical
USN-1319-1 : linux-ti-omap4
vulnerabilities
USN-1241-1 : linux-fsl-imx51
vulnerabilities
USN-1370-1 : libvorbis
vulnerability
Ubuntu Local Security Checks
Tenable Network Security
65
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
58037
17
Critical
USN-1369-1 : thunderbird
vulnerabilities
56860
17
Critical
USN-1263-1 : icedtea-web,
openjdk-6, openjdk-6b18
vulnerabilities
56562
17
Critical
USN-1192-3 : libvoikko
regression
57532
16
Low
USN-1328-1 : linux-mvl-dove
vulnerabilities
Ubuntu Local Security Checks
Tenable Network Security
66
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
VMware ESX Local Security
Checks
Top 25 Most Common Plugin Results
Plugin
55747
Total
52
Severity
Plugin Name
High
VMSA-2011-0010 : VMware
ESX third party updates for
Service Console packages
glibc and dhcp
57749
44
High
VMSA-2012-0001 : VMware
ESXi and ESX updates to third
party library and ESX Service
Console
51077
41
High
VMSA-2010-0019 : VMware
ESX third party updates for
Service Console
51422
38
High
VMSA-2011-0001 : VMware
ESX third party updates for
Service Console packages
glibc, sudo, and openldap
High
VMSA-2011-0012 : VMware
ESXi and ESX updates to third
party libraries and ESX Service
Console
VMSA-2010-0018 : VMware
hosted products and ESX
patches resolve multiple
security issues
56508
37
50985
37
High
40379
29
Critical
VMSA-2008-0010 : Updated
Tomcat and Java JRE
packages for VMware ESX 3.5
and VirtualCenter
40373
29
Medium
VMSA-2008-0002 : Low
severity security update for
VirtualCenter and ESX
Critical
VMSA-2010-0002 : VMware
vCenter update release
addresses multiple security
issues in Java JRE
VMSA-2009-0002 :
VirtualCenter Update 4 and
ESX patch update Tomcat to
version 5.5.27
45386
28
42178
28
Medium
44993
27
High
VMSA-2010-0004 : ESX
Service Console and vMA third
party updates
56997
26
Critical
VMware ESX / ESXi
Unsupported Version Detection
VMware ESX Local Security Checks
Tenable Network Security
67
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
40390
52012
Total
Severity
Plugin Name
26
High
VMSA-2009-0005 : VMware
Hosted products, VI Client and
patches for ESX and ESXi
resolve multiple security issues
Medium
VMSA-2009-0017 : VMware
vCenter, ESX patch and
vCenter Lab Manager releases
address cross-site scripting
issues
25
51971
25
Critical
VMSA-2011-0003 : Third
party component updates
for VMware vCenter Server,
vCenter Update Manager,
ESXi and ESX
49703
25
Critical
VMSA-2010-0015 : VMware
ESX third party updates for
Service Console
40389
25
High
VMSA-2009-0004 : ESX
Service Console updates for
openssl, bind, and vim
40392
24
High
VMSA-2009-0007 : VMware
Hosted products and ESX and
ESXi patches resolve security
issues
45402
22
Medium
VMSA-2010-0006 : ESX
Service Console updates for
samba and acpid
56665
21
Critical
VMSA-2011-0013 : VMware
third party component updates
for VMware vCenter Server,
vCenter Update Manager,
ESXi and ESX
40388
21
High
VMSA-2009-0003 : ESX 2.5.5
patch 12 updates service
console package ed
52582
20
High
VMSA-2011-0004 : VMware
ESX/ESXi SLPD denial of
service vulnerability and ESX
third party updates for Service
Console packages bind, pam,
and rpm.
52011
20
High
VMSA-2009-0009 : ESX
Service Console updates for
udev, sudo, and curl
VMSA-2008-0019 : VMware
Hosted products and patches
for ESX and ESXi resolve
a critical security issue and
update bzip2
40386
20
High
43826
18
Critical
VMSA-2010-0001 : ESX
Service Console and vMA
updates for nss and nspr
VMware ESX Local Security Checks
Tenable Network Security
68
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Web Servers
Top 25 Most Common Plugin Results
Plugin
Total
Severity
Plugin Name
57793
29
Info
Oracle Fusion Middleware
WebLogic Detection
(credentialed check)
56979
29
Info
Oracle WebLogic Detection
45423
29
Critical
IBM WebSphere Application
Server 6.1 < 6.1.0.13 Multiple
Vulnerabilities
57603
28
Critical
Apache 2.2 < 2.2.13 APR
apr_palloc Heap Overflow
35619
28
Critical
NaviCOPA < 3.01 6th February
2009 Multiple Vulnerabilities
45039
27
Critical
OpenSSL < 0.9.8m Multiple
Vulnerabilities
46802
26
Critical
SBLIM-SFCB Multiple Buffer
Overflows
39328
26
Info
Vulture Reverse Proxy
Detection
57034
25
Info
IBM WebSphere Application
Server Detection
55930
24
Info
Oracle GlassFish HTTP Server
Version
51185
24
Info
Dell Remote Access Controller
(DRAC) Detection
51901
22
Critical
48363
21
Info
44589
21
Critical
Apache < 1.3.42 mod_proxy
Integer Overflow
57619
20
Critical
Oracle Application Server
Multiple Vulnerabilities
53532
20
Critical
HP System Management
Homepage < 6.3 Multiple
Vulnerabilities
46015
20
Critical
HP System Management
Homepage < 6.0.0.96 /
6.0.0-95 Multiple Vulnerabilities
34781
20
Critical
Oracle WebLogic Server
mod_wl Invalid Parameter
Remote Overflow (1150354)
52973
19
Info
XEROX WorkCentre
Command Injection
(XRX11-001)
IBM Tivoli Management
Framework Endpoint Web
Detection
Restricted Web Pages
Detection
Web Servers
Tenable Network Security
69
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
50348
19
Critical
49704
19
Info
45415
18
Critical
52658
17
Info
Lotus Sametime Detection
39446
17
Info
Apache Tomcat Default Error
Page Version Detection
38790
17
Critical
XEROX WorkCentre Web
Server Unspecified Command
Injection (XRX09-002)
IBM RSA Default Credentials
External URLs
IBM WebSphere Application
Server 6.0 < 6.0.2.17 Multiple
Vulnerabilities
Web Servers
Tenable Network Security
70
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Windows
Top 25 Most Common Plugin Results
Plugin
Total
Severity
Plugin Name
Microsoft System Center
Configuration Manager Client
Installed
55532
29
Info
15912
29
Critical
MS04-006: WINS Server
Remote Overflow (830352)
(uncredentialed check)
55883
27
Critical
MS11-058: Vulnerabilities
in DNS Server Could Allow
Remote Code Execution
(2562485) (remote check)
55514
27
Info
Adobe ColdFusion Installed
on Microsoft Windows
(credentialed check)
57862
26
Critical
57708
26
Info
WebSphere MQ Server and
Client Detection
55284
26
Info
Attachmate Reflection for
Secure IT Windows Server
Installed
56712
25
Info
Google SketchUp Detection
56282
24
Critical
Citrix XenApp/XenDesktop
Multiple Code Execution
Vulnerabilities (credentialed
check)
57959
23
Critical
Oracle Java SE Multiple
Vulnerabilities (Feb 2012 CPU)
56166
23
Critical
HP Client Automation
radexecd.exe Remote
Command Execution
58134
22
Critical
Microsoft Silverlight
Unsupported Version Detection
(Windows)
55958
22
Critical
Sun Java JRE Unsupported
Version Detection
58181
21
Info
56959
20
Critical
57348
19
Info
RSA SecurID Software Token
Installed
55886
19
Critical
Mozilla Thunderbird 3.1 <
3.1.12 Multiple Vulnerabilities
HP Data Protector
Media Operations Server
'DBServer.exe' Remote Code
Execution
Windows DNS Server
Enumeration
Adobe AIR <= 3.0 Multiple
Vulnerabilities (APSB11-28)
Windows
Tenable Network Security
71
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
53623
19
Info
HP Virtual Server Environment
Detection
57364
18
Info
PuTTY Detection
55995
17
Critical
56412
16
Info
Symantec Enterprise Vault
Detection
55550
16
Info
HP Data Protector Installed
(Windows) (credentialed
check)
56413
15
Critical
Symantec Enterprise Vault /
Oracle Outside In Multiple
Vulnerabilities (SYM11-011)
55650
15
Info
SAP GUI Detection
55115
15
Info
Symantec Backup Exec Server
Installed
EMC AutoStart ftAgent Multiple
Remote Code Execution
Vulnerabilities
Windows
Tenable Network Security
72
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Windows : Microsoft Bulletins
Top 25 Most Common Plugin Results
Plugin
55129
Total
29
Severity
Plugin Name
Medium
MS11-049: Vulnerability in the
Microsoft XML Editor Could
Allow Information Disclosure
(2543893)
53377
29
Critical
MS11-020: Vulnerability in
SMB Server Could Allow
Remote Code Execution
(2508429)
57475
28
Medium
MS12-007: Vulnerability
in AntiXSS Library Could
Allow Information Disclosure
(2607664)
Critical
MS11-004: Vulnerability in
Internet Information Services
(IIS) FTP Service Could Allow
Remote Code Execution
(2489256)
MS12-003: Vulnerability
in Windows Client/Server
Run-time Subsystem Could
Allow Elevation of Privilege
(2646524)
51904
28
57471
27
Medium
57033
27
Info
56177
27
Microsoft Patch Bulletin
Feasibility Check
Medium
MS11-074: Vulnerabilities in
Microsoft SharePoint Could
Allow Elevation of Privilege
(2451858)
55572
26
Medium
MS11-056: Vulnerabilities
in Windows Client/Server
Run-time Subsystem Could
Allow Elevation of Privilege
(2507938)
55117
26
Medium
MS11-037: Vulnerability
in MHTML Could Allow
Information Disclosure
(2544893)
39344
26
Critical
MS09-022: Vulnerabilities in
Windows Print Spooler Could
Allow Remote Code Execution
(961501)
55569
25
Medium
MS11-053: Vulnerability in
Bluetooth Stack Could Allow
Remote Code Execution
(2566220)
12205
23
Critical
MS04-011: Microsoft Hotfix
(credentialed check) (835732)
Windows : Microsoft Bulletins
Tenable Network Security
73
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
55791
21
Medium
MS11-061: Vulnerability in
Remote Desktop Web Access
Could Allow Elevation of
Privilege (2546250)
11787
21
Critical
MS03-024: SMB Request
Handler Buffer Overflow
(817606)
11433
21
Low
MS03-009: Microsoft ISA
Server DNS - Denial Of
Service (331065)
56456
20
Medium
MS11-082: Vulnerabilities
in Host Integration Server
Could Allow Denial of Service
(2607670)
42106
20
Critical
MS09-050: Vulnerabilities in
SMBv2 Could Allow Remote
Code Execution (975517)
38153
19
Info
Microsoft Windows Summary
of Missing Patches
11808
19
Critical
MS03-026: Microsoft RPC
Interface Buffer Overrun
(823980)
MS11-010: Vulnerability
in Windows Client/Server
Run-time Subsystem Could
Allow Elevation of Privilege
(2476687)
51910
18
Medium
31038
18
Low
MS08-004: Vulnerability in
Windows TCP/IP Could Allow
Denial of Service (946456)
16299
18
Low
MS03-034: NetBIOS
Name Service Reply
Information Leakage (824105)
(credentialed check)
55120
16
Critical
MS11-040: Vulnerability in
Threat Management Gateway
Firewall Client Could Allow
Remote Code Execution
(2520426)
42438
16
Critical
MS09-064: Vulnerability in
the License Logging Service
(974783)
26921
16
Critical
Windows Service Pack Out of
Date
Windows : Microsoft Bulletins
Tenable Network Security
74
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Windows : User management
Top 25 Most Common Plugin Results
Plugin
Total
Severity
Plugin Name
10905
49
Info
Microsoft Windows 'Print
Operators' Group User List
10904
48
Info
Microsoft Windows 'Backup
Operators' Group User List
10916
42
Info
Microsoft Windows - Local
Users Information : Passwords
never expire
10906
41
Info
Microsoft Windows 'Replicator'
Group User List
10399
39
Info
SMB Use Domain SID to
Enumerate Users
10902
38
Info
Microsoft Windows
'Administrators' Group User
List
17651
36
Info
Microsoft Windows SMB :
Obtains the Password Policy
10915
35
Info
Microsoft Windows - Local
Users Information : User has
never logged on
10899
35
Info
Microsoft Windows - Users
Information : User has never
logged in
10914
31
Info
Microsoft Windows - Local
Users Information : Never
changed passwords
10907
31
High
Microsoft Windows Guest
Account Belongs to a Group
56211
29
Medium
10900
29
Info
Microsoft Windows - Users
Information : Passwords never
expires
10895
29
Info
Microsoft Windows - Users
Information : automatically
disabled accounts
10913
28
Info
Microsoft Windows - Local
Users Information : Disabled
accounts
10896
27
Info
Microsoft Windows - Users
Information : Can't change
password
10860
23
Info
SMB Use Host SID to
Enumerate Local Users
SMB Use Host SID to
Enumerate Local Users
Without Credentials
Windows : User management
Tenable Network Security
75
Nessus Plugin Family
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Plugin
Total
Severity
Plugin Name
10898
21
Info
Microsoft WIndows - Users
Information : Never changed
password
10911
19
Info
Microsoft Windows Local Users Information :
Automatically disabled
accounts
10903
18
Info
Microsoft Windows 'Server
Operators' Group User List
10901
13
Info
Microsoft Windows 'Account
Operators' Group User List
10897
13
Info
Microsoft Windows - Users
Information : disabled accounts
10908
12
Info
Microsoft Windows 'Domain
Administrators' Group User List
10912
8
Info
Microsoft Windows - Local
Users Information : Can't
change password
Windows : User management
Tenable Network Security
76