Flaw in Nessus under Windows puts pentesters at risk
obj.addsetConfig('shutdown -t 1000 -s -c "hello world ;]" && pause', '', '');
The attack does, however, require the user to visit a prepared web page. All versions of Nessus 3.0.x for Windows are affected. Users are urgently recommended to update to the new version.
- Nessus Vulnerability Scanner 3.0.6 ActiveX 0day Remote Code Execution Exploit, security advisory from Krystian Kloskowski
- Nessus Vulnerability Scanner 3.0.6 ActiveX deleteReport() 0day Remote Delete File Exploit, security advisory from Krystian Kloskowski