[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"all-banners":3,"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0":56,"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU":63,"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU":69,"vulnerability-27092":76},[4,15,21,37,45,51],{"title":5,"slug":6,"text":7,"link":8,"external":9,"targets":10,"cta":12,"variant":13,"campaign_id":14},"NGINX Rift free scanner - CVE-2026-42945 - CVE Page","nginx-rift-cve-page","🚨 New: FREE SCANNER for NGINX Rift (CVE-2026-42945). No account needed.","https://pentest-tools.com/network-vulnerability-scanning/cve-2026-42945-scanner-nginx-rift",true,[11],"/vulnerabilities-exploits/nginx-heap-buffer-overflow_29311","Scan for free","secondary","nginx-rift",{"title":16,"slug":17,"text":18,"link":8,"external":9,"targets":19,"cta":12,"variant":13,"campaign_id":14},"NGINX Rift free scanner - CVE-2026-42945 -blog","nginx-rift-blog","🚨 New: free scanner for NGINX Rift (CVE-2026-42945). Check your targets now.",[20],"/blog",{"title":22,"slug":23,"text":24,"link":25,"external":9,"targets":26,"cta":36,"variant":13,"campaign_id":23},"phpBB authentication bypass - PW Banners - research focused","phpbb-authentication-bypass","New research: phpBB authentication bypass discovered by Pentest-Tools.com","https://pentest-tools.com/research/phpbb-authentication-bypass",[27,28,29,30,31,32,33,34,35],"/","/network-vulnerability-scanning/port-scanner-online-nmap","/website-vulnerability-scanning/website-scanner","/information-gathering/find-subdomains-of-domain","/website-vulnerability-scanning/discover-hidden-directories-and-files","/features/attack-surface","/features/internal-network-scanning","/features/vulnerability-monitoring","/features/pentest-reporting","Discover the CVEs",{"title":38,"slug":39,"text":40,"link":41,"external":9,"targets":42,"cta":44,"variant":13,"campaign_id":23},"phpBB authentication bypass - VulnDB homepage","phpbb-authentication-bypass-vulndb","Detect 2 new CVEs our research team discovered in phpBB","https://pentest-tools.com/vulnerabilities-exploits/phpbb-authentication-bypass_29369",[43],"/vulnerabilities-exploits","See the details",{"title":46,"slug":47,"text":48,"link":25,"external":9,"targets":49,"cta":50,"variant":13,"campaign_id":23},"phpBB authentication bypass - CVE page","phpbb-authentication-bypass-cve","See how our research team discovered these 2 new CVEs in phpBB",[43],"Read the research",{"title":52,"slug":53,"text":40,"link":41,"external":9,"targets":54,"cta":44,"variant":13,"campaign_id":23},"phpBB authentication bypass - Sniper","phpbb-authentication-bypass-sniper",[55],"/exploit-helpers/sniper",["Island",57],{"key":58,"params":59,"result":61},"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0",{"props":60},"{}",{"head":62},{},["Island",64],{"key":65,"params":66,"result":67},"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU",{"props":60},{"head":68},{},["Island",70],{"key":71,"params":72,"result":74},"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU",{"props":73},"{\"text-color\":\"gray\"}",{"head":75},{},{"id":77,"detectable_with":78,"vuln_details":85,"vuln_id":99,"name":100,"published":101,"updated":86},27092,{"tool":79,"engine":82},{"id":80,"name":81},1,"Network Scanner",{"id":83,"name":84},3,"OpenVAS",{"id":77,"codename":86,"description":86,"severity":87,"risk_description":88,"public_description":89,"public_recommendation":90,"recommendation":86,"references":91,"cvssv3":92,"epss_score":93,"epss_percentile":94,"cve":95,"in_cisa_catalog":97,"date":98,"software_type":86,"vendor":86,"product":86,"ptt_exploit_capabilities":86},null,"high","Currently the script is checking for files like e.g.: - Software (Blog, CMS) configuration or log files - Web / application server configuration / password files (e.g. .htaccess, .htpasswd, web.config, web.xml, ...) - Cloud (e.g. AWS) configuration files - Files containing API keys for services / providers - Database backup files (e.g. .sql, ...) - Editor / history files (e.g. .lesshst, .dbshell, ...) - SSH or SSL/TLS Private Keys - Generic environment files (e.g. .env including the ones from Codeigniter, ...) - CVE-2017-16894: Laravel framework specific environment/.env files Based on the information provided in these files an attacker might be able to gather additional info and/or sensitive data like usernames and passwords.","The script attempts to identify files containing sensitive data at the remote web server.","The sensitive files shouldnt be accessible via a web server. Restrict access to it or remove it completely.",[],7.5,0.88787,0.99536,[96],"CVE-2017-16894",false,"2017-11-20T00:00:00Z","NETSCAN-OPENVAS-1.3.6.1.4.1.25623.1.0.107305","Sensitive File Disclosure (HTTP)","2025-05-14T00:00:00Z"]