Tenable Network Security Podcast Episode 199 - "Nessus Multi-scanner Released!"
Note: Nessus Cloud is now a part of Tenable.io Vulnerability Management. To learn more about this application and its latest capabilities, visit the Tenable.io Vulnerability Management web page.
Announcements
- We're hiring! - Visit the Tenable website for more information about open positions.
- Want to ask questions about Nessus, PVS, SecurityCenter, and LCE, and get answers from the experts at Tenable? Join theTenable Discussions Forum for custom scripts, announcements, and more!
- You can find links to subscribe to Tenable's Podcast feed, YouTube Channel, Twitter, and Facebook accounts at http://www.tenable.com/podcast!
- Tenable In The News:
- Tenable Unveils Industry's First Integrated Threat and Vulnerability Management Capabilities for Faster Resolution of Critical Security Incidents
- SC Magazine Interviews Tenable's Jack Daniel
- Tenable Adds Cloud Management and Multi-Scanner Support to Nessus
- RSA News: Tenable Enhances Platform
- A New Airborne WiFi Virus Spreads Like the Common Cold
Discussion
- Nessus Multi-scanner Support (Note: As of February 2015, multi-scanner support is available with Nessus Manager and Nessus Cloud. In addition, the Nessus Perimeter Service is now included in the Nessus Cloud product.)
- Embedded Systems Vulnerabilities
- RSA Round-Up
Nessus
General
- Unsupported Cisco Operating System
- Ubiquiti airCam < 1.2.0 ubnt-streamer RTSP Service Remote Code Execution
- MS KB2934802: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- Serv-U FTP Server < 15.0.1.20 DoS
- PostgreSQL 8.4 < 8.4.20 / 9.0 < 9.0.16 / 9.1 < 9.1.12 / 9.2 < 9.2.7 / 9.3 < 9.3.3 Multiple Vulnerabilities
- Core FTP Server Detection
- Core FTP Server < 1.2 Build 508 Multiple Buffer Overflow Vulnerabilities
- Core FTP Server < 1.2 Build 515 Multiple Vulnerabilities
- SFTP Supported
- Anonymous SFTP Enabled
- Nortel Meridian Integrated RAN Default Admin Credentials
- Apple iOS 6.x < 6.1.6 'SSLVerifySignedServerKeyExchange' Certificate Validation Weakness
- Apple iOS 7.x < 7.0.6 'SSLVerifySignedServerKeyExchange' Certificate Validation Weakness
- Cisco Firewall Services Module Software Denial of Service (cisco-sa-20140219-fwsm)
- Zimbra Collaboration Server Aspell Spell Check Service Detection
- Zimbra Collaboration Server aspell.php dictionary Parameter XSS
- CoSoSys Endpoint Protector < 4.4.0.1 Unspecified XSS
- Artweaver 3.x < 3.1.6 AWD File Buffer Overflow
- ASUS Routers flag Parameter XSS
- Enumerate Local Users
- Jenkins < 1.551 / 1.532.2 and Jenkins Enterprise 1.509.x / 1.532.x < 1.509.5.1 / 1.532.2.2 Multiple Vulnerabilities
- MyBB < 1.6.11 Multiple Vulnerabilities
- Mac OS X < 10.9.2 Multiple Vulnerabilities
- Mac OS X Multiple Vulnerabilities (Security Update 2014-001)
- Mac OS X : Safari < 6.1.2 / 7.0.2 Multiple Memory Corruption Vulnerabilities
- Apache Tomcat 6.0.x < 6.0.39 Multiple Vulnerabilities
- Apache Tomcat 7.0.x < 7.0.50 Multiple Vulnerabilities
- Apache Tomcat 8.0.x < 8.0.3 Content-Type DoS
- Apache Tomcat 7.0.x < 7.0.52 Content-Type DoS
- StruxureWare SCADA Expert ClearSCADA Detection
- StruxureWare SCADA Expert ClearSCADA Unspecified Vulnerability
- CoDeSys 2.x Development System Detection (credentialed check)
- Ubuntu 12.10 : linux vulnerabilities (USN-2114-1)
- Ubiquiti airCam Detection
- Microsoft .NET Framework Unsupported
- Multiple Vulnerabilities in Cisco Intrusion Prevention System Software (cisco-sa-20140219-ips)
- QuickTime < 7.7.5 Multiple Vulnerabilities (Windows)
- Mitsubishi Electric Automation MC-WorX 8.x ActiveX Control Remote Code Execution
- MariaDB 5.1 < 5.1.69 NAME_CONST Query DoS
- MariaDB 5.2 < 5.2.15 NAME_CONST Query DoS
- MariaDB 5.3 < 5.3.13 Multiple DoS Vulnerabilities
- MariaDB 5.5 < 5.5.36 Multiple DoS Vulnerabilities
- MariaDB 10 < 10.0.9 Multiple DoS Vulnerabilities
- phpMyAdmin 3.x >= 3.3.1 / 4.x < 4.1.7 import.php XSS
- ImageMagick < 6.8.7-6 WritePSDImage PSD Handling Memory Corruption
- ImageMagick < 6.8.8-5 Multiple PSD Handling Buffer Overflows
- Unified SIP Phone 3905 Unauthorized Access
- Cisco 9900 Series IP Phone Crafted Header Unregister Vulnerability
- Blue Coat ProxySG Local User Modification Race Condition
- Cisco Jabber for Windows Detection
- Cisco Jabber for Windows 9.x < 9.2(2) 'Send Screen Capture' File Write
- McAfee ePolicy Orchestrator < 4.6.7 HF 940148 XML Entity Injection
- McAfee ePolicy Orchestrator Unsupported Version Detection
- Foxit Reader < 6.1.4 imgseg.dll Path Subversion Arbitrary DLL Injection Code Execution
- DameWare Remote Support Detection
- DameWare Remote Support < 9 Hotfix 2 / 10 Hotfix 2 DWExporter.exe Buffer Overflow
- Jenkins < 1.545 Subversion Plugin Information Disclosure
- Subversion 1.3.x - 1.7.14 / 1.8.x < 1.8.8 mod_dav_svn DoS
- Grails resources plug-in WEB-INF / META-INF File Disclosure
- Zabbix < 1.8.20 / 2.0.11 / 2.2.2 Multiple Vulnerabilities
Passive Vulnerability Scanner
Vulnerability Detection
- Opera < 19.0 (for Mac) Address Bar URI Spoof Vulnerabilities
- Palo Alto Device Detection
- Apache Tomcat 6.0.x < 6.0.39 Multiple Vulnerabilities
- Quicktime (for Windows) < 7.7.5 Multiple Vulnerabilities
- Apple Quicktime 7.7.5 Multiple Vulnerabilities
- Mac OS X < 10.9.2 Multiple Vulnerabilities
- Mac OS X : Safari < 6.1.2 / 7.0.2 Multiple Vulnerabilitieses
- Windows Phone Operating System Version Detection
- Apple iOS 7.x < 7.0.6 / 6.x < 6.1.6 Data Security Vulnerability
- PostgreSQL < 9.3.3 / 9.2.7 / 9.1.12 / 9.0.16 / 8.4.20 Multiple Vulnerabilities
- Google Chrome for iOS < 33.0.1750.14 Unspecified Security Vulnerability
- Microsoft Operating System Detection
- MariaDB Client 5.5.x < 5.5.36 Remote Multiple Denial of Service Vulnerabilities
- Google Chrome < 33.0.1750.117 Multiple Vulnerabilities
- MariaDB Client 5.5.x < 5.5.35 Buffer Overflow Vulnerability
- HNAP Protocol Detection
- RuggedCom Rugged Operating System < 3.12.4 (or 4.0 for RSG2488) Remote Denial of Service via SNMP
- IBM Domino < 9.0.1 Unspecified IMAP Remote Denial of Service Vulnerability
- Apache Subversion < 1.6.21 / 1.7.9 Remote Denial of Service Vulnerability
- Titan FTP Server < 10.40 Build 1829 Directory Traversal Vulnerability
- PHP 5.5.x < 5.5.9 Multiple Vulnerabilities
- Pale Moon Browser Version Detection
- Pale Moon < 24.3.2 Unspecified Security Vulnerability
- OS Detection
- Microsoft Version Check
- Apple Version Check
SecurityCenter Apps
Dashboards
Report Templates
Security News Stories
- "Researchers at the University of Liverpool claim to have created a computer virus that can spread via Wi-Fi as effic...
- C programming: you are teaching it wrong
- Windows XP Ends After 12 Years, Apple Snow Leopard After 4
- Car Hacking: You Cannot Have Safety without Security
- Stop Looking for the Silver Bullet: Start Thinking Like a Bad Guy
- NTP ATTACKS: Welcome to The Hockey Stick Era | DDoS & Security Reports
- Swiss Firm Digs Up 300,000+ Usernames/Passwords on Pastebin | Threatpost
- Time to Harden Your Hardware? | Krebs on Security
Related Articles
How A CNAPP Can Take You From Cloud Security Novice To Native In 10 Steps
May 23, 2024Context is critical in cloud security. In a recent RSA presentation, Tenable's Shai Morag offered ten tips for end-to-end cloud infrastructure security.
Logs of Our Fathers
September 22, 2009<p>At USENIX in Anaheim, back in 2005, George Dyson treated us to a fantastic keynote speech about the early history of computing. You can catch a videotaped reprise of it <a href="http://www.ted.com/talks/lang/eng/george_dyson_at_the_birth_of_the_computer.html" target="_blank">here, on the TED site</a>. I highly recommend it - there's lots of interesting and quirky stuff. I managed to talk him into giving me a copy of his powerpoint file, and subsequently tracked him down and am re-posting this material with his permission.</p> <h3>November, 1951 </h3> <p style="TEXT-ALIGN: center"><a href="http://www.ranum.com/security/computer_security/papers/ur-syslogs/first_syslog.jpg" target="_blank"><img border="0" height="375" src="http://www.ranum.com/security/computer_security/papers/ur-syslogs/t/first_syslog.jpg" width="500" /></a> <br /><strong>Machine Log #1</strong></p>
ShmooCon 2009 - Playing Poker for Charity
February 12, 2009Tenable sponsored a booth at this year's ShmooCon and ran a Texas Hold'em table to help raise money for the Hackers for Charity organization. We raised close to $400 from conference attendees ...
Cybersecurity Snapshot: Prompt Injection and Data Disclosure Top OWASP’s List of Cyber Risks for GenAI LLM Apps
November 22, 2024Don’t miss OWASP’s update to its “Top 10 Risks for LLMs” list. Plus, the ranking of the most harmful software weaknesses is out. Meanwhile, critical infrastructure orgs have a new framework for using AI securely. And get the latest on the BianLian ransomware gang and on the challenges of protecting water and transportation systems against cyberattacks.
Active Directory Under Attack: Five Eyes Guidance Targets Crucial Security Gaps
November 21, 2024A landmark global report from cybersecurity agencies emphasizes 17 attack techniques against Microsoft Active Directory and cautions organizations to step up protections. In the first of our two-part series, we offer five steps you can take today to shore up your AD defenses.
Five Cyber Agencies Sound Alarm About Active Directory Attacks: Beyond the Basics
November 21, 2024A landmark global report emphasizes 17 attack techniques against Microsoft Active Directory and cautions organizations to step up protections. In the second of our two-part series, we take you beyond the basics to highlight three key areas to focus on.
- Conferences
- Nessus
- Podcast
- Vulnerability Scanning