Since joining in 2014, Jimi has taken on multiple roles within Tenable. He’s been involved in most aspects of the plugin lifecycle at one point or another and has been responsible for the creation and maintenance of several core plugin frameworks. Prior to joining the Zero Day Research team, he was responsible for the design, creation, and launch of an internal automation initiative that serves as a primary datasource for products and workflows within Tenable.
seamCorrectionFileCreate Path Traversal File Upload(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)A path traversal vulnerability exists in the endpoint handler for /api/management/seamCorrectionFileCreate in Management.js. An unauthenticated remote attacker can exploit this to upload arbitrary files to any location on the disk drive where the product is installed.PoC:
An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. The login routine used by iDS-Core.dll contains a "passwordCustom" option that allows an unauthenticated attacker to compute valid credentials that can be used to bypass authentication and act as an administrative user.
Cacti 1.2.24 and prior allows a low-privileged OS user with access to a Windows host where Cacti is installed to create arbitrary PHP files in a web document directory. The user can then execute the PHP files under the security context of SYSTEM.
Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to the snmpmon.ini file, which contains sensitive information. This information includes database login credentials and a default SNMP community string.
Insufficient access controls for XMLRPC operations exist in PaperCut NG. Versions 22.0.12 and earlier are confirmed vulnerable. Later versions may also be affected due to lack of a vendor-supplied patch.
A security issue regarding improper access controls has been discovered in Moxa MXsecurity V1.0.1-23021705. It allows an unauthenticated remote attacker to register/add devices via the nsm-web application. This pollutes the MXsecurity sqlite database and the nsm-web UI.
Proof of Concept
A security-related issue with Citrix ShareFile login pages has been discovered. The issue is a reflected cross-site scripting attack which could allow a malicious actor to steal login credentials, tokens, execute code in the context of a victim's browser, or perform a variety of other malicious actions.
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.
Your Tenable Vulnerability Management trial also includes Tenable Web App Scanning.
Tenable Vulnerability Management
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.
Your Tenable Vulnerability Management trial also includes Tenable Web App Scanning.
Tenable Vulnerability Management
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.
Your Tenable Vulnerability Management trial also includes Tenable Web App Scanning.
Tenable Vulnerability Management
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.
Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management.
Buy Tenable Web App Scanning
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
Tenable Nessus is the most comprehensive vulnerability scanner on the market today.
Fill out the form below to continue with a Nessus Pro trial.
Buy Tenable Nessus Professional
Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.
Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.
Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.
Learn How Tenable Helps Achieve SLCGP Cybersecurity Plan Requirements
Tenable solutions help fulfill all SLCGP requirements. Connect with a Tenable representative to learn more.
Thank you.
You should receive a confirmation email shortly and one of our Sales Development Representatives will be in touch. Route any questions to [email protected].
Request a demo
Tenable Patch Management
Streamline security and IT collaboration and shorten the mean time to remediate with automation.
Contact our sales team