Collaborate Disseminate
Taking a look at the failure
Description:
The File_priv privilege found in the mysql.user table is used to allow or disallow a user from reading and writing files on the server host. Any user with the File_priv right granted has the abilit… Continue reading Nessus Scan failed: 5.2 Ensure ‘file_priv’ Is Not Set to ‘Y’ for Non-Administrative Users
Tenable announced Nessus now includes Terrascan, an open-source cloud security analyzer that helps developers secure Infrastructure as Code (IaC). The integration into Nessus continues to further Tenable’s broader cloud strategy, helping enterprises se… Continue reading Tenable adds Terrascan to Nessus to enable secure cloud application delivery
From a Nessus scan I have the following output regarding HTTP and the use of port 80:
Info N/A 43111 HTTP Methods Allowed (per directory)
Info N/A 24260 HyperText Transfer Protocol (HTTP) Information
I am a university student currently trying to demonstrate exploitation of the SMBGhost Vulnerability on Windows 10 (Version: 1903, Build Number: 18362.356). I need to provide evidence that the vulnerability exists. However when using Nessu… Continue reading Scanning for SMBGhost vulnerability
I seek for your advice in a security issue and how to mitigate this high risk vulnerability.
Synopsis
The management engine on the remote host is affected by a remote code execution vulnerability.
Description
The Intel Management Engine o… Continue reading Nessus – Intel Management Engine Insecure Read / Write Operations RCE (INTEL-SA-00075) on Windows Server 2019 VM
I have 4 SG350 (SG350-28 28-Port Gigabit Managed Switch) switches
I need to be able to do a Credentialed scans to the switches
The problem is when I try to scan it will not connect to port 22, from the log output it does not look like it i… Continue reading Scan sg350-28 with Nessus Credentialed checks
My problem is pretty tricky to explain. I have a server on which Nessus is installed. And I am connecting to it via ssh. The server I need to scan is on a different private network. I have access to it via a VPN client on my local computer… Continue reading Scanning environment from different private network [migrated]
For credentialed scan, Nessus allows a user to either specify the root password or upload the ssh key. Nessus prefers SSH key-based authentication over password authentication.
If the Nessus server itself is broken into, the attacker will … Continue reading Nessus credentialed scan SSH key versus passwords preference [closed]
My company uses multiple tools for vulnerability scanning. We have Nessus Pro for network scanning, White Source Bolt and GitHub Dependabot for dependencies, and SonarQube for source code, and Burp Suite Pro for web applications.
These mak… Continue reading How to manage my vulnerability scan reports efficiently
To use the free trial of Nessus, you need an email address to receive an activation key.
There are two modes to activate a Nessus server:
Online mode registration
If the computer running Nessus server has internet, you can activate the s… Continue reading How does Nessus offline registration work?