Tenable Network Security Podcast Episode 199 - "Nessus Multi-scanner Released!"
Note: Nessus Cloud is now a part of Tenable.io Vulnerability Management. To learn more about this application and its latest capabilities, visit the Tenable.io Vulnerability Management web page.
Announcements
- We're hiring! - Visit the Tenable website for more information about open positions.
- Want to ask questions about Nessus, PVS, SecurityCenter, and LCE, and get answers from the experts at Tenable? Join theTenable Discussions Forum for custom scripts, announcements, and more!
- You can find links to subscribe to Tenable's Podcast feed, YouTube Channel, Twitter, and Facebook accounts at http://www.tenable.com/podcast!
- Tenable In The News:
- Tenable Unveils Industry's First Integrated Threat and Vulnerability Management Capabilities for Faster Resolution of Critical Security Incidents
- SC Magazine Interviews Tenable's Jack Daniel
- Tenable Adds Cloud Management and Multi-Scanner Support to Nessus
- RSA News: Tenable Enhances Platform
- A New Airborne WiFi Virus Spreads Like the Common Cold
Discussion
- Nessus Multi-scanner Support (Note: As of February 2015, multi-scanner support is available with Nessus Manager and Nessus Cloud. In addition, the Nessus Perimeter Service is now included in the Nessus Cloud product.)
- Embedded Systems Vulnerabilities
- RSA Round-Up
Nessus
General
- Unsupported Cisco Operating System
- Ubiquiti airCam < 1.2.0 ubnt-streamer RTSP Service Remote Code Execution
- MS KB2934802: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- Serv-U FTP Server < 15.0.1.20 DoS
- PostgreSQL 8.4 < 8.4.20 / 9.0 < 9.0.16 / 9.1 < 9.1.12 / 9.2 < 9.2.7 / 9.3 < 9.3.3 Multiple Vulnerabilities
- Core FTP Server Detection
- Core FTP Server < 1.2 Build 508 Multiple Buffer Overflow Vulnerabilities
- Core FTP Server < 1.2 Build 515 Multiple Vulnerabilities
- SFTP Supported
- Anonymous SFTP Enabled
- Nortel Meridian Integrated RAN Default Admin Credentials
- Apple iOS 6.x < 6.1.6 'SSLVerifySignedServerKeyExchange' Certificate Validation Weakness
- Apple iOS 7.x < 7.0.6 'SSLVerifySignedServerKeyExchange' Certificate Validation Weakness
- Cisco Firewall Services Module Software Denial of Service (cisco-sa-20140219-fwsm)
- Zimbra Collaboration Server Aspell Spell Check Service Detection
- Zimbra Collaboration Server aspell.php dictionary Parameter XSS
- CoSoSys Endpoint Protector < 4.4.0.1 Unspecified XSS
- Artweaver 3.x < 3.1.6 AWD File Buffer Overflow
- ASUS Routers flag Parameter XSS
- Enumerate Local Users
- Jenkins < 1.551 / 1.532.2 and Jenkins Enterprise 1.509.x / 1.532.x < 1.509.5.1 / 1.532.2.2 Multiple Vulnerabilities
- MyBB < 1.6.11 Multiple Vulnerabilities
- Mac OS X < 10.9.2 Multiple Vulnerabilities
- Mac OS X Multiple Vulnerabilities (Security Update 2014-001)
- Mac OS X : Safari < 6.1.2 / 7.0.2 Multiple Memory Corruption Vulnerabilities
- Apache Tomcat 6.0.x < 6.0.39 Multiple Vulnerabilities
- Apache Tomcat 7.0.x < 7.0.50 Multiple Vulnerabilities
- Apache Tomcat 8.0.x < 8.0.3 Content-Type DoS
- Apache Tomcat 7.0.x < 7.0.52 Content-Type DoS
- StruxureWare SCADA Expert ClearSCADA Detection
- StruxureWare SCADA Expert ClearSCADA Unspecified Vulnerability
- CoDeSys 2.x Development System Detection (credentialed check)
- Ubuntu 12.10 : linux vulnerabilities (USN-2114-1)
- Ubiquiti airCam Detection
- Microsoft .NET Framework Unsupported
- Multiple Vulnerabilities in Cisco Intrusion Prevention System Software (cisco-sa-20140219-ips)
- QuickTime < 7.7.5 Multiple Vulnerabilities (Windows)
- Mitsubishi Electric Automation MC-WorX 8.x ActiveX Control Remote Code Execution
- MariaDB 5.1 < 5.1.69 NAME_CONST Query DoS
- MariaDB 5.2 < 5.2.15 NAME_CONST Query DoS
- MariaDB 5.3 < 5.3.13 Multiple DoS Vulnerabilities
- MariaDB 5.5 < 5.5.36 Multiple DoS Vulnerabilities
- MariaDB 10 < 10.0.9 Multiple DoS Vulnerabilities
- phpMyAdmin 3.x >= 3.3.1 / 4.x < 4.1.7 import.php XSS
- ImageMagick < 6.8.7-6 WritePSDImage PSD Handling Memory Corruption
- ImageMagick < 6.8.8-5 Multiple PSD Handling Buffer Overflows
- Unified SIP Phone 3905 Unauthorized Access
- Cisco 9900 Series IP Phone Crafted Header Unregister Vulnerability
- Blue Coat ProxySG Local User Modification Race Condition
- Cisco Jabber for Windows Detection
- Cisco Jabber for Windows 9.x < 9.2(2) 'Send Screen Capture' File Write
- McAfee ePolicy Orchestrator < 4.6.7 HF 940148 XML Entity Injection
- McAfee ePolicy Orchestrator Unsupported Version Detection
- Foxit Reader < 6.1.4 imgseg.dll Path Subversion Arbitrary DLL Injection Code Execution
- DameWare Remote Support Detection
- DameWare Remote Support < 9 Hotfix 2 / 10 Hotfix 2 DWExporter.exe Buffer Overflow
- Jenkins < 1.545 Subversion Plugin Information Disclosure
- Subversion 1.3.x - 1.7.14 / 1.8.x < 1.8.8 mod_dav_svn DoS
- Grails resources plug-in WEB-INF / META-INF File Disclosure
- Zabbix < 1.8.20 / 2.0.11 / 2.2.2 Multiple Vulnerabilities
Passive Vulnerability Scanner
Vulnerability Detection
- Opera < 19.0 (for Mac) Address Bar URI Spoof Vulnerabilities
- Palo Alto Device Detection
- Apache Tomcat 6.0.x < 6.0.39 Multiple Vulnerabilities
- Quicktime (for Windows) < 7.7.5 Multiple Vulnerabilities
- Apple Quicktime 7.7.5 Multiple Vulnerabilities
- Mac OS X < 10.9.2 Multiple Vulnerabilities
- Mac OS X : Safari < 6.1.2 / 7.0.2 Multiple Vulnerabilitieses
- Windows Phone Operating System Version Detection
- Apple iOS 7.x < 7.0.6 / 6.x < 6.1.6 Data Security Vulnerability
- PostgreSQL < 9.3.3 / 9.2.7 / 9.1.12 / 9.0.16 / 8.4.20 Multiple Vulnerabilities
- Google Chrome for iOS < 33.0.1750.14 Unspecified Security Vulnerability
- Microsoft Operating System Detection
- MariaDB Client 5.5.x < 5.5.36 Remote Multiple Denial of Service Vulnerabilities
- Google Chrome < 33.0.1750.117 Multiple Vulnerabilities
- MariaDB Client 5.5.x < 5.5.35 Buffer Overflow Vulnerability
- HNAP Protocol Detection
- RuggedCom Rugged Operating System < 3.12.4 (or 4.0 for RSG2488) Remote Denial of Service via SNMP
- IBM Domino < 9.0.1 Unspecified IMAP Remote Denial of Service Vulnerability
- Apache Subversion < 1.6.21 / 1.7.9 Remote Denial of Service Vulnerability
- Titan FTP Server < 10.40 Build 1829 Directory Traversal Vulnerability
- PHP 5.5.x < 5.5.9 Multiple Vulnerabilities
- Pale Moon Browser Version Detection
- Pale Moon < 24.3.2 Unspecified Security Vulnerability
- OS Detection
- Microsoft Version Check
- Apple Version Check
SecurityCenter Apps
Dashboards
Report Templates
Security News Stories
- "Researchers at the University of Liverpool claim to have created a computer virus that can spread via Wi-Fi as effic...
- C programming: you are teaching it wrong
- Windows XP Ends After 12 Years, Apple Snow Leopard After 4
- Car Hacking: You Cannot Have Safety without Security
- Stop Looking for the Silver Bullet: Start Thinking Like a Bad Guy
- NTP ATTACKS: Welcome to The Hockey Stick Era | DDoS & Security Reports
- Swiss Firm Digs Up 300,000+ Usernames/Passwords on Pastebin | Threatpost
- Time to Harden Your Hardware? | Krebs on Security
Paul Asadoorian
As founder and CEO of Security Weekly, Paul remains one of the world’s foremost experts on all things cybersecurity. Security Weekly is a one-stop resource for podcasts, webcasts and other content, informing community members about penetration testing, vulnerability analysis, ethical hacking and embedded device testing. Previously, Paul served as a lead IT security specialist for Brown University, and as an instructor with The SANS Institute.Related articles
May 23, 2024
How A CNAPP Can Take You From Cloud Security Novice To Native In 10 Steps
Context is critical in cloud security. In a recent RSA presentation, Tenable's Shai Morag offered ten tips for end-to-end cloud infrastructure security.
September 22, 2009
Logs of Our Fathers
<p>At USENIX in Anaheim, back in 2005, George Dyson treated us to a fantastic keynote speech about the early history of computing. You can catch a videotaped reprise of it <a href="http://www.ted.com/talks/lang/eng/george_dyson_at_the_birth_of_the_computer.html" target="_blank">here, on the TED…
February 12, 2009
ShmooCon 2009 - Playing Poker for Charity
Tenable sponsored a booth at this year's ShmooCon and ran a Texas Hold'em table to help raise money for the Hackers for Charity organization. We raised close to $400 from conference attendees and scheduled "guest" players such as Paul Asadoorian from PaulDot.Com, Simple Nomad from…
- Conferences
- Nessus
- Podcast
- Vulnerability Scanning
Contact our sales team