API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 24th, 2017
813
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 56.84 KB | None | 0 0
raw download clone embed print report
  1. #Anonymous #OpSeaWorld.
  2. -----------------------
  3.  
  4.  
  5. + Target IP: 173.203.153.237
  6. + Target Hostname: seaworld.com
  7. + Target Port: 443
  8. ---------------------------------------------------------------------------
  9. + SSL Info: Subject: /jurisdictionC=US/jurisdictionST=Delaware/businessCategory=Private Organization/serialNumber=4737885/C=US/ST=Florida/L=Orlando/O=SeaWorld Parks and Entertainment Inc/OU=SeaWorld Parks and Entertainment Inc/CN=seaworld.com
  10. Ciphers: AES256-SHA256
  11. Issuer: /C=US/O=thawte, Inc./CN=thawte Extended Validation SHA256 SSL CA
  12. + Start Time: 2017-07-26 23:42:16 (GMT2)
  13. ---------------------------------------------------------------------------
  14. + Server: No banner retrieved
  15. + The anti-clickjacking X-Frame-Options header is not present.
  16. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  17. + The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
  18. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  19. + No CGI Directories found (use '-C all' to force check all possible dirs)
  20. + lines
  21. + Server banner has changed from '' to 'Microsoft-IIS/8.5' which may suggest a WAF, load balancer or proxy is in place
  22. + Uncommon header 'x-box' found, with contents: CD8
  23. + /kboard/: KBoard Forum 0.3.0 and prior have a security problem in forum_edit_post.php, forum_post.php and forum_reply.php
  24. + /lists/admin/: PHPList pre 2.6.4 contains a number of vulnerabilities including remote administrative access, harvesting user info and more. Default login to admin interface is admin/phplist
  25. + /splashAdmin.php: Cobalt Qube 3 admin is running. This may have multiple security problems as described by www.scan-associates.net. These could not be tested remotely.
  26. + /ssdefs/: Siteseed pre 1.4.2 has 'major' security problems.
  27. + /sshome/: Siteseed pre 1.4.2 has 'major' security problems.
  28. + /tiki/: Tiki 1.7.2 and previous allowed restricted Wiki pages to be viewed via a 'URL trick'. Default login/pass could be admin/admin
  29. + /tiki/tiki-install.php: Tiki 1.7.2 and previous allowed restricted Wiki pages to be viewed via a 'URL trick'. Default login/pass could be admin/admin
  30. + /scripts/samples/details.idc: See RFP 9901; www.wiretrip.net
  31. + OSVDB-396: /_vti_bin/shtml.exe: Attackers may be able to crash FrontPage by requesting a DOS device, like shtml.exe/aux.htm -- a DoS was not attempted.
  32. + OSVDB-637: /~root/: Allowed to browse root's home directory.
  33. + /cgi-bin/wrap: comes with IRIX 6.2; allows to view directories
  34. + /forums//admin/config.php: PHP Config file may contain database IDs and passwords.
  35. + /forums//adm/config.php: PHP Config file may contain database IDs and passwords.
  36. + /forums//administrator/config.php: PHP Config file may contain database IDs and passwords.
  37. + /forums/config.php: PHP Config file may contain database IDs and passwords.
  38. + /guestbook/guestbookdat: PHP-Gastebuch 1.60 Beta reveals sensitive information about its configuration.
  39. + /guestbook/pwd: PHP-Gastebuch 1.60 Beta reveals the md5 hash of the admin password.
  40. + /help/: Help directory should not be accessible
  41. + OSVDB-2411: /hola/admin/cms/htmltags.php?datei=./sec/data.php: hola-cms-1.2.9-10 may reveal the administrator ID and password.
  42. + OSVDB-8103: /global.inc: PHP-Survey's include file should not be available via the web. Configure the web server to ignore .inc files or change this to global.inc.php
  43. + OSVDB-59620: /inc/common.load.php: Bookmark4U v1.8.3 include files are not protected and may contain remote source injection by using the 'prefix' variable.
  44. + OSVDB-59619: /inc/config.php: Bookmark4U v1.8.3 include files are not protected and may contain remote source injection by using the 'prefix' variable.
  45. + OSVDB-59618: /inc/dbase.php: Bookmark4U v1.8.3 include files are not protected and may contain remote source injection by using the 'prefix' variable.
  46. + OSVDB-2703: /geeklog/users.php: Geeklog prior to 1.3.8-1sr2 contains a SQL injection vulnerability that lets a remote attacker reset admin password.
  47. + OSVDB-8204: /gb/index.php?login=true: gBook may allow admin login by setting the value 'login' equal to 'true'.
  48. + /guestbook/admin.php: Guestbook admin page available without authentication.
  49. + /getaccess: This may be an indication that the server is running getAccess for SSO
  50. + /cfdocs/expeval/openfile.cfm: Can use to expose the system/server path.
  51. + /tsweb/: Microsoft TSAC found. http://www.dslwebserver.com/main/fr_index.html?/main/sbs-Terminal-Services-Advanced-Client-Configuration.html
  52. + /vgn/performance/TMT: Vignette CMS admin/maintenance script available.
  53. + /vgn/performance/TMT/Report: Vignette CMS admin/maintenance script available.
  54. + /vgn/performance/TMT/Report/XML: Vignette CMS admin/maintenance script available.
  55. + /vgn/performance/TMT/reset: Vignette CMS admin/maintenance script available.
  56. + /vgn/ppstats: Vignette CMS admin/maintenance script available.
  57. + /vgn/previewer: Vignette CMS admin/maintenance script available.
  58. + /vgn/record/previewer: Vignette CMS admin/maintenance script available.
  59. + /vgn/stylepreviewer: Vignette CMS admin/maintenance script available.
  60. + /vgn/vr/Deleting: Vignette CMS admin/maintenance script available.
  61. + /vgn/vr/Editing: Vignette CMS admin/maintenance script available.
  62. + /vgn/vr/Saving: Vignette CMS admin/maintenance script available.
  63. + /vgn/vr/Select: Vignette CMS admin/maintenance script available.
  64. + /scripts/iisadmin/bdir.htr: This default script shows host info, may allow file browsing and buffer a overrun in the Chunked Encoding data transfer mechanism, request /scripts/iisadmin/bdir.htr??c:\<dirs> . http://www.microsoft.com/technet/security/bulletin/MS02-028.asp. http://www.cert.org/advisories/CA-2002-09.html.
  65. + /scripts/iisadmin/ism.dll: Allows you to mount a brute force attack on passwords
  66. + /scripts/tools/ctss.idc: This CGI allows remote users to view and modify SQL DB contents, server paths, docroot and more.
  67. + /bigconf.cgi: BigIP Configuration CGI
  68. + /blah_badfile.shtml: Allaire ColdFusion allows JSP source viewed through a vulnerable SSI call.
  69. + OSVDB-4910: /vgn/style: Vignette server may reveal system information through this file.
  70. + OSVDB-17653: /SiteServer/Admin/commerce/foundation/domain.asp: Displays known domains of which that server is involved.
  71. + OSVDB-17654: /SiteServer/Admin/commerce/foundation/driver.asp: Displays a list of installed ODBC drivers.
  72. + OSVDB-17655: /SiteServer/Admin/commerce/foundation/DSN.asp: Displays all DSNs configured for selected ODBC drivers.
  73. + OSVDB-17652: /SiteServer/admin/findvserver.asp: Gives a list of installed Site Server components.
  74. + /SiteServer/Admin/knowledge/dsmgr/default.asp: Used to view current search catalog configurations
  75. + /basilix/mbox-list.php3: BasiliX webmail application prior to 1.1.1 contains a XSS issue in 'message list' function/page
  76. + /basilix/message-read.php3: BasiliX webmail application prior to 1.1.1 contains a XSS issue in 'read message' function/page
  77. + /clusterframe.jsp: Macromedia JRun 4 build 61650 remote administration interface is vulnerable to several XSS attacks.
  78. + /IlohaMail/blank.html: IlohaMail 0.8.10 contains a XSS vulnerability. Previous versions contain other non-descript vulnerabilities.
  79. + /bb-dnbd/faxsurvey: This may allow arbitrary command execution.
  80. + /cartcart.cgi: If this is Dansie Shopping Cart 3.0.8 or earlier, it contains a backdoor to allow attackers to execute arbitrary commands.
  81. + OSVDB-6591: /scripts/Carello/Carello.dll: Carello 1.3 may allow commands to be executed on the server by replacing hidden form elements. This could not be tested by Nikto.
  82. + /scripts/tools/dsnform.exe: Allows creation of ODBC Data Source
  83. + /scripts/tools/dsnform: Allows creation of ODBC Data Source
  84. + OSVDB-17656: /SiteServer/Admin/knowledge/dsmgr/users/GroupManager.asp: Used to create, modify, and potentially delete LDAP users and groups.
  85. + OSVDB-17657: /SiteServer/Admin/knowledge/dsmgr/users/UserManager.asp: Used to create, modify, and potentially delete LDAP users and groups.
  86. + /prd.i/pgen/: Has MS Merchant Server 1.0
  87. + /readme.eml: Remote server may be infected with the Nimda virus.
  88. + /scripts/httpodbc.dll: Possible IIS backdoor found.
  89. + /scripts/proxy/w3proxy.dll: MSProxy v1.0 installed
  90. + /SiteServer/admin/: Site Server components admin. Default account may be 'LDAP_Anonymous', pass is 'LdapPassword_1'. see http://www.wiretrip.net/rfp/p/doc.asp/i1/d69.htm
  91. + /siteseed/: Siteseed pre 1.4.2 has 'major' security problems.
  92. + /pccsmysqladm/incs/dbconnect.inc: This file should not be accessible, as it contains database connectivity information. Upgrade to version 1.2.5 or higher.
  93. + /iisadmin/: Access to /iisadmin should be restricted to localhost or allowed hosts only.
  94. + /PDG_Cart/oder.log: Shopping cart software log
  95. + /ows/restricted%2eshow: OWS may allow restricted files to be viewed by replacing a character with its encoded equivalent.
  96. + /WEB-INF./web.xml: Multiple implementations of j2ee servlet containers allow files to be retrieved from WEB-INF by appending a '.' to the directory name. Products include Sybase EA Service, Oracle Containers, Orion, JRun, HPAS, Pramati and others. See http://www.westpoint.l
  97. + /view_source.jsp: Resin 2.1.2 view_source.jsp allows any file on the system to be viewed by using \..\ directory traversal. This script may be vulnerable.
  98. + /w-agora/: w-agora pre 4.1.4 may allow a remote user to execute arbitrary PHP scripts via URL includes in include/*.php and user/*.php files. Default account is 'admin' but password set during install.
  99. + OSVDB-42680: /vider.php3: MySimpleNews may allow deleting of news items without authentication.
  100. + OSVDB-6181: /officescan/cgi/cgiChkMasterPwd.exe: Trend Micro Officescan allows you to skip the login page and access some CGI programs directly.
  101. + /pbserver/pbserver.dll: This may contain a buffer overflow. http://www.microsoft.com/technet/security/bulletin/http://www.microsoft.com/technet/security/bulletin/ms00-094.asp.asp
  102. + /administrator/gallery/uploadimage.php: Mambo PHP Portal/Server 4.0.12 BETA and below may allow upload of any file type simply putting '.jpg' before the real file extension.
  103. + /pafiledb/includes/team/file.php: paFileDB 3.1 and below may allow file upload without authentication.
  104. + /phpEventCalendar/file_upload.php: phpEventCalendar 1.1 and prior are vulnerable to file upload bug.
  105. + /servlet/com.unify.servletexec.UploadServlet: This servlet allows attackers to upload files to the server.
  106. + /scripts/cpshost.dll: Posting acceptor possibly allows you to upload files
  107. + /upload.asp: An ASP page that allows attackers to upload files to server
  108. + /uploadn.asp: An ASP page that allows attackers to upload files to server
  109. + /uploadx.asp: An ASP page that allows attackers to upload files to server
  110. + /wa.exe: An ASP page that allows attackers to upload files to server
  111. + /basilix/compose-attach.php3: BasiliX webmail application prior to 1.1.1 contains a non-descript security vulnerability in compose-attach.php3 related to attachment uploads
  112. + /server/: Possibly Macromedia JRun or CRX WebDAV upload
  113. + /vgn/ac/data: Vignette CMS admin/maintenance script available.
  114. + /vgn/ac/delete: Vignette CMS admin/maintenance script available.
  115. + /vgn/ac/edit: Vignette CMS admin/maintenance script available.
  116. + /vgn/ac/esave: Vignette CMS admin/maintenance script available.
  117. + /vgn/ac/fsave: Vignette CMS admin/maintenance script available.
  118. + /vgn/ac/index: Vignette CMS admin/maintenance script available.
  119. + /vgn/asp/MetaDataUpdate: Vignette CMS admin/maintenance script available.
  120. + /vgn/asp/previewer: Vignette CMS admin/maintenance script available.
  121. + /vgn/asp/status: Vignette CMS admin/maintenance script available.
  122. + /vgn/asp/style: Vignette CMS admin/maintenance script available.
  123. + /vgn/errors: Vignette CMS admin/maintenance script available.
  124. + /vgn/jsp/controller: Vignette CMS admin/maintenance script available.
  125. + /vgn/jsp/errorpage: Vignette CMS admin/maintenance script available.
  126. + /vgn/jsp/initialize: Vignette CMS admin/maintenance script available.
  127. + /vgn/jsp/jspstatus: Vignette CMS admin/maintenance script available.
  128. + /vgn/jsp/jspstatus56: Vignette CMS admin/maintenance script available.
  129. + /vgn/jsp/metadataupdate: Vignette CMS admin/maintenance script available.
  130. + /vgn/jsp/previewer: Vignette CMS admin/maintenance script available.
  131. + /vgn/jsp/style: Vignette CMS admin/maintenance script available.
  132. + /vgn/legacy/edit: Vignette CMS admin/maintenance script available.
  133. + /vgn/login: Vignette server may allow user enumeration based on the login attempts to this file.
  134. + OSVDB-35707: /forum/admin/wwforum.mdb: Web Wiz Forums password database found.
  135. + /fpdb/shop.mdb: MetaCart2 is an ASP shopping cart. The database of customers is available via the web.
  136. + OSVDB-52975: /guestbook/admin/o12guest.mdb: Ocean12 ASP Guestbook Manager allows download of SQL database which contains admin password.
  137. + OSVDB-15971: /midicart.mdb: MIDICART database is available for browsing. This should not be allowed via the web server.
  138. + OSVDB-15971: /MIDICART/midicart.mdb: MIDICART database is available for browsing. This should not be allowed via the web server.
  139. + OSVDB-41850: /mpcsoftweb_guestbook/database/mpcsoftweb_guestdata.mdb: MPCSoftWeb Guest Book passwords retrieved.
  140. + /news/news.mdb: Web Wiz Site News release v3.06 admin password database is available and unencrypted.
  141. + OSVDB-53413: /shopping300.mdb: VP-ASP shopping cart application allows .mdb files (which may include customer data) to be downloaded via the web. These should not be available.
  142. + OSVDB-53413: /shopping400.mdb: VP-ASP shopping cart application allows .mdb files (which may include customer data) to be downloaded via the web. These should not be available.
  143. + OSVDB-15971: /shoppingdirectory/midicart.mdb: MIDICART database is available for browsing. This should not be allowed via the web server.
  144. + OSVDB-4398: /database/db2000.mdb: Max Web Portal database is available remotely. It should be moved from the default location to a directory outside the web root.
  145. + /admin/config.php: PHP Config file may contain database IDs and passwords.
  146. + /adm/config.php: PHP Config file may contain database IDs and passwords.
  147. + /administrator/config.php: PHP Config file may contain database IDs and passwords.
  148. + /contents.php?new_language=elvish&mode=select: Requesting a file with an invalid language selection from DC Portal may reveal the system path.
  149. + OSVDB-6467: /pw/storemgr.pw: Encrypted ID/Pass for Mercantec's SoftCart, http://www.mercantec.com/, see http://www.mindsec.com/advisories/post2.txt for more information.
  150. + /servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter: Allaire ColdFusion allows JSP source viewed through a vulnerable SSI call.
  151. + /shopa_sessionlist.asp: VP-ASP shopping cart test application is available from the web. This page may give the location of .mdb files which may also be available.
  152. + OSVDB-53303: /simplebbs/users/users.php: Simple BBS 1.0.6 allows user information and passwords to be viewed remotely.
  153. + /typo3conf/: This may contain sensitive TYPO3 files.
  154. + /cms/typo3conf/: This may contain sensitive TYPO3 files.
  155. + /site/typo3conf/: This may contain sensitive TYPO3 files.
  156. + /typo/typo3conf/: This may contain sensitive TYPO3 files.
  157. + /typo3/typo3conf/: This may contain sensitive TYPO3 files.
  158. + /typo3conf/database.sql: TYPO3 SQL file found.
  159. + /cms/typo3conf/database.sql: TYPO3 SQL file found.
  160. + /site/typo3conf/database.sql: TYPO3 SQL file found.
  161. + /typo/typo3conf/database.sql: TYPO3 SQL file found.
  162. + /typo3/typo3conf/database.sql: TYPO3 SQL file found.
  163. + /typo3conf/localconf.php: TYPO3 config file found.
  164. + /cms/typo3conf/localconf.php: TYPO3 config file found.
  165. + /site/typo3conf/localconf.php: TYPO3 config file found.
  166. + /typo/typo3conf/localconf.php: TYPO3 config file found.
  167. + /typo3/typo3conf/localconf.php: TYPO3 config file found.
  168. + OSVDB-53386: /vchat/msg.txt: VChat allows user information to be retrieved.
  169. + OSVDB-4907: /vgn/license: Vignette server license file found.
  170. + /webcart-lite/config/import.txt: This may allow attackers to read credit card data. Reconfigure to make this file not accessible via the web.
  171. + /webcart-lite/orders/import.txt: This may allow attackers to read credit card data. Reconfigure to make this file not accessible via the web.
  172. + /webcart/carts/: This may allow attackers to read credit card data. Reconfigure to make this dir not accessible via the web.
  173. + /webcart/config/: This may allow attackers to read credit card data. Reconfigure to make this dir not accessible via the web.
  174. + /webcart/config/clients.txt: This may allow attackers to read credit card data. Reconfigure to make this file not accessible via the web.
  175. + /webcart/orders/: This may allow attackers to read credit card data. Reconfigure to make this dir not accessible via the web.
  176. + /webcart/orders/import.txt: This may allow attackers to read credit card data. Reconfigure to make this file not accessible via the web.
  177. + /ws_ftp.ini: Can contain saved passwords for FTP sites
  178. + /WS_FTP.ini: Can contain saved passwords for FTP sites
  179. + /_mem_bin/auoconfig.asp: Displays the default AUO (LDAP) schema, including host and port.
  180. + OSVDB-17659: /SiteServer/Admin/knowledge/persmbr/vs.asp: Expose various LDAP service and backend configuration parameters
  181. + OSVDB-17661: /SiteServer/Admin/knowledge/persmbr/VsLsLpRd.asp: Expose various LDAP service and backend configuration parameters
  182. + OSVDB-17662: /SiteServer/Admin/knowledge/persmbr/VsPrAuoEd.asp: Expose various LDAP service and backend configuration parameters
  183. + OSVDB-17660: /SiteServer/Admin/knowledge/persmbr/VsTmPr.asp: Expose various LDAP service and backend configuration parameters
  184. + /tvcs/getservers.exe?action=selects1: Following steps 2-4 of this page may reveal a zip file that contains passwords and system details.
  185. + /whatever.htr: May reveal physical path. htr files may also be vulnerable to an off-by-one overflow that allows remote command execution (see http://www.microsoft.com/technet/security/bulletin/MS02-018.asp)
  186. + /nsn/fdir.bas:ShowVolume: You can use ShowVolume and ShowDirectory directly on the Novell server (NW5.1) to view the filesystem without having to log in
  187. + /nsn/fdir.bas: You can use fdir to ShowVolume and ShowDirectory.
  188. + /forum/admin/database/wwForum.mdb: Web Wiz Forums pre 7.5 is vulnerable to Cross-Site Scripting attacks. Default login/pass is Administrator/letmein
  189. + /webmail/blank.html: IlohaMail 0.8.10 contains an XSS vulnerability. Previous versions contain other non-descript vulnerabilities.
  190. + /jamdb/: JamDB pre 0.9.2 mp3.php and image.php can allow user to read arbitrary file out of docroot.
  191. + OSVDB-1201: /cgi/cgiproc?: It may be possible to crash Nortel Contivity VxWorks by requesting '/cgi/cgiproc?$' (not attempted!). Upgrade to version 2.60 or later.
  192. + OSVDB-6196: /servlet/SchedulerTransfer: PeopleSoft SchedulerTransfer servlet found, which may allow remote command execution. See http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21999
  193. + /servlet/sunexamples.BBoardServlet: This default servlet lets attackers execute arbitrary commands.
  194. + OSVDB-6196: /servlets/SchedulerTransfer: PeopleSoft SchedulerTransfer servlet found, which may allow remote command execution. See http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21999
  195. + /perl/-e%20print%20Hello: The Perl interpreter on the Novell system may allow any command to be executed. See http://www.securityfocus.com/bid/5520. Installing Perl 5.6 might fix this issue.
  196. + /vgn/legacy/save: Vignette Legacy Tool may be unprotected. To access this resource, set a cookie called 'vgn_creds' with any value.
  197. + /IDSWebApp/IDSjsp/Login.jsp: Tivoli Directory Server Web Administration.
  198. + OSVDB-6466: /quikstore.cfg: Shopping cart config file, http://www.quikstore.com/, http://www.mindsec.com/advisories/post2.txt
  199. + /quikstore.cgi: A shopping cart.
  200. + /securecontrolpanel/: Web Server Control Panel
  201. + /siteminder: This may be an indication that the server is running Siteminder for SSO
  202. + /webmail/: Web based mail package installed.
  203. + /_cti_pvt/: FrontPage directory found.
  204. + /smg_Smxcfg30.exe?vcc=3560121183d3: This may be a Trend Micro Officescan 'backdoor'.
  205. + /nsn/..%5Cutil/attrib.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  206. + /nsn/..%5Cutil/chkvol.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  207. + /nsn/..%5Cutil/copy.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  208. + /nsn/..%5Cutil/del.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  209. + /nsn/..%5Cutil/dir.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  210. + /nsn/..%5Cutil/dsbrowse.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  211. + /nsn/..%5Cutil/glist.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  212. + /nsn/..%5Cutil/lancard.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  213. + /nsn/..%5Cutil/md.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  214. + /nsn/..%5Cutil/rd.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  215. + /nsn/..%5Cutil/ren.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  216. + /nsn/..%5Cutil/send.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  217. + /nsn/..%5Cutil/set.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  218. + /nsn/..%5Cutil/slist.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  219. + /nsn/..%5Cutil/type.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  220. + /nsn/..%5Cutil/userlist.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  221. + /nsn/..%5Cweb/env.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  222. + /nsn/..%5Cweb/fdir.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  223. + /nsn/..%5Cwebdemo/env.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  224. + /nsn/..%5Cwebdemo/fdir.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  225. + /upd/: WASD Server can allow directory listings by requesting /upd/directory/. Upgrade to a later version and secure according to the documents on the WASD web site.
  226. + /CVS/Entries: CVS Entries file may contain directory listing information.
  227. + OSVDB-8450: /3rdparty/phpMyAdmin/db_details_importdocsql.php?submit_show=true&do=import&docpath=../: phpMyAdmin allows directory listings remotely. Upgrade to version 2.5.3 or higher. http://www.securityfocus.com/bid/7963.
  228. + OSVDB-8450: /phpMyAdmin/db_details_importdocsql.php?submit_show=true&do=import&docpath=../: phpMyAdmin allows directory listings remotely. Upgrade to version 2.5.3 or higher. http://www.securityfocus.com/bid/7963.
  229. + OSVDB-8450: /3rdparty/phpmyadmin/db_details_importdocsql.php?submit_show=true&do=import&docpath=../: phpMyAdmin allows directory listings remotely. Upgrade to version 2.5.3 or higher. http://www.securityfocus.com/bid/7963.
  230. + OSVDB-8450: /phpmyadmin/db_details_importdocsql.php?submit_show=true&do=import&docpath=../: phpMyAdmin allows directory listings remotely. Upgrade to version 2.5.3 or higher. http://www.securityfocus.com/bid/7963.
  231. + OSVDB-8450: /pma/db_details_importdocsql.php?submit_show=true&do=import&docpath=../: phpMyAdmin allows directory listings remotely. Upgrade to version 2.5.3 or higher. http://www.securityfocus.com/bid/7963.
  232. + /catalog.nsf: A list of server databases can be retrieved, as well as a list of ACLs.
  233. + /cersvr.nsf: Server certificate data can be accessed remotely.
  234. + /domlog.nsf: The domain server logs can be accessed remotely.
  235. + /events4.nsf: The events log can be accessed remotely.
  236. + /log.nsf: The server log is remotely accessible.
  237. + /names.nsf: User names and groups can be accessed remotely (possibly password hashes as well)
  238. + OSVDB-31150: /LOGIN.PWD: MIPCD password file (passwords are not encrypted). MIPDCD should not have the web interface enabled.
  239. + OSVDB-31150: /USER/CONFIG.AP: MIPCD configuration information. MIPCD should not have the web interface enabled.
  240. + /admin-serv/config/admpw: This file contains the encrypted Netscape admin password. It should not be accessible via the web.
  241. + /cgi-bin/cgi_process: WASD reveals a lot of system information in this script. It should be removed.
  242. + /ht_root/wwwroot/-/local/httpd$map.conf: WASD reveals the http configuration file. Upgrade to a later version and secure according to the documents on the WASD web site.
  243. + /local/httpd$map.conf: WASD reveals the http configuration file. Upgrade to a later version and secure according to the documents on the WASD web site.
  244. + /tree: WASD Server reveals the entire web root structure and files via this URL. Upgrade to a later version and secure according to the documents on the WASD web site.
  245. + /852566C90012664F: This database can be read using the replica ID without authentication.
  246. + /hidden.nsf: This database can be read without authentication. Common database name.
  247. + /mail.box: The mail database can be read without authentication.
  248. + /setup.nsf: The server can be configured remotely, or current setup can be downloaded.
  249. + /statrep.nsf: Any reports generated by the admins can be retrieved.
  250. + /webadmin.nsf: The server admin database can be accessed remotely.
  251. + /examples/servlet/AUX: Apache Tomcat versions below 4.1 may be vulnerable to DoS by repeatedly requesting this file.
  252. + /Config1.htm: This may be a D-Link. Some devices have a DoS condition if an oversized POST request is sent. This DoS was not tested. See http://www.phenoelit.de/stuff/dp-300.txt for info.
  253. + /contents/extensions/asp/1: The IIS system may be vulnerable to a DOS, see http://www.microsoft.com/technet/security/bulletin/MS02-018.asp for details.
  254. + /WebAdmin.dll?View=Logon: Some versions of WebAdmin are vulnerable to a remote DoS (not tested). See http://www.ngssoftware.com.
  255. + /cgi-win/cgitest.exe: This CGI may allow the server to be crashed remotely, see http://www.securityoffice.net/ for details. Remove this default CGI.
  256. + /cgi-shl/win-c-sample.exe: win-c-sample.exe has a buffer overflow
  257. + /.nsf/../winnt/win.ini: This win.ini file can be downloaded.
  258. + /................../config.sys: PWS allows files to be read by prepending multiple '.' characters. At worst, IIS, not PWS, should be used.
  259. + /../../../../winnt/repair/sam._: Sam backup successfully retrieved.
  260. + /..\..\..\..\..\..\temp\temp.class: Cisco ACS 2.6.x and 3.0.1 (build 40) allows authenticated remote users to retrieve any file from the system. Upgrade to the latest version.
  261. + OSVDB-728: /admentor/adminadmin.asp: Version 2.11 of AdMentor is vulnerable to SQL injection during login, in the style of: ' or =
  262. + OSVDB-36894: /My_eGallery/public/displayCategory.php: My_eGallery prior to 3.1.1.g are vulnerable to a remote execution bug via SQL command injection. displayCategory.php calls imageFunctions.php without checking URL/location arguments.
  263. + OSVDB-36894: /postnuke/My_eGallery/public/displayCategory.php: My_eGallery prior to 3.1.1.g are vulnerable to a remote execution bug via SQL command injection. displayCategory.php calls imageFunctions.php without checking URL/location arguments.
  264. + OSVDB-36894: /postnuke/html/My_eGallery/public/displayCategory.php: My_eGallery prior to 3.1.1.g are vulnerable to a remote execution bug via SQL command injection. displayCategory.php calls imageFunctions.php without checking URL/location arguments.
  265. + OSVDB-36894: /modules/My_eGallery/public/displayCategory.php: My_eGallery prior to 3.1.1.g are vulnerable to a remote execution bug via SQL command injection. displayCategory.php calls imageFunctions.php without checking URL/location arguments.
  266. + OSVDB-36894: /phpBB/My_eGallery/public/displayCategory.php: My_eGallery prior to 3.1.1.g are vulnerable to a remote execution bug via SQL command injection. displayCategory.php calls imageFunctions.php without checking URL/location arguments.
  267. + OSVDB-36894: /forum/My_eGallery/public/displayCategory.php: My_eGallery prior to 3.1.1.g are vulnerable to a remote execution bug via SQL command injection. displayCategory.php calls imageFunctions.php without checking URL/location arguments.
  268. + OSVDB-10107: /author.asp: May be FactoSystem CMS, which could include SQL injection problems that could not be tested remotely.
  269. + OSVDB-27071: /phpimageview.php?pic=javascript:alert(8754): PHP Image View 1.0 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
  270. + OSVDB-2767: /openautoclassifieds/friendmail.php?listing=<script>alert(document.domain);</script>: OpenAutoClassifieds 1.0 is vulnerable to a XSS attack
  271. + /modules.php?op=modload&name=FAQ&file=index&myfaq=yes&id_cat=1&categories=%3Cimg%20src=javascript:alert(9456);%3E&parent_id=0: Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
  272. + /modules.php?letter=%22%3E%3Cimg%20src=javascript:alert(document.cookie);%3E&op=modload&name=Members_List&file=index: Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
  273. + OSVDB-4598: /members.asp?SF=%22;}alert(223344);function%20x(){v%20=%22: Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
  274. + OSVDB-4015: /jigsaw/: Jigsaw server may be installed. Versions lower than 2.2.1 are vulnerable to Cross Site Scripting (XSS) in the error page.
  275. + OSVDB-2754: /guestbook/?number=5&lng=%3Cscript%3Ealert(document.domain);%3C/script%3E: MPM Guestbook 1.2 and previous are vulnreable to XSS attacks.
  276. + OSVDB-2946: /forum_members.asp?find=%22;}alert(9823);function%20x(){v%20=%22: Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
  277. + /anthill/login.php: Anthill bug tracking system may be installed. Versions lower than 0.1.6.1 allow XSS/HTML injection and may allow users to bypass login requirements. http://anthill.vmlinuz.ca/ and http://www.cert.org/advisories/CA-2000-02.html
  278. + /cfdocs/expeval/sendmail.cfm: Can be used to send email; go to the page and fill in the form
  279. + OSVDB-22: /cgi-bin/bigconf.cgi: BigIP Configuration CGI
  280. + /ammerum/: Ammerum pre 0.6-1 had several security issues.
  281. + /ariadne/: Ariadne pre 2.1.2 has several vulnerabilities. The default login/pass to the admin page is admin/muze.
  282. + /cbms/cbmsfoot.php: CBMS Billing Management has had many vulnerabilities in versions 0.7.1 and below. None could be confirmed here, but they should be manually checked if possible. http://freshmeat.net/projects/cbms/
  283. + /cbms/changepass.php: CBMS Billing Management has had many vulnerabilities in versions 0.7.1 and below. None could be confirmed here, but they should be manually checked if possible. http://freshmeat.net/projects/cbms/
  284. + /cbms/editclient.php: CBMS Billing Management has had many vulnerabilities in versions 0.7.1 and below. None could be confirmed here, but they should be manually checked if possible. http://freshmeat.net/projects/cbms/
  285. + /cbms/passgen.php: CBMS Billing Management has had many vulnerabilities in versions 0.7.1 and below. None could be confirmed here, but they should be manually checked if possible. http://freshmeat.net/projects/cbms/
  286. + /cbms/realinv.php: CBMS Billing Management has had many vulnerabilities in versions 0.7.1 and below. None could be confirmed here, but they should be manually checked if possible. http://freshmeat.net/projects/cbms/
  287. + /cbms/usersetup.php: CBMS Billing Management has had many vulnerabilities in versions 0.7.1 and below. None could be confirmed here, but they should be manually checked if possible. http://freshmeat.net/projects/cbms/
  288. + /ext.dll?MfcIsapiCommand=LoadPage&page=admin.hts%20&a0=add&a1=root&a2=%5C: This check (A) sets up the next bad blue test (B) for possible exploit. See http://www.badblue.com/down.htm
  289. + OSVDB-59412: /db/users.dat: upb PB allows the user database to be retrieved remotely.
  290. + /Admin_files/order.log: Selena Sol's WebStore 1.0 exposes order information, http://www.extropia.com/, http://www.mindsec.com/advisories/post2.txt.
  291. + /admin/cplogfile.log: DevBB 1.0 final (http://www.mybboard.com) log file is readable remotely. Upgrade to the latest version.
  292. + /admin/system_footer.php: myphpnuke version 1.8.8_final_7 reveals detailed system information.
  293. + /cfdocs/snippets/fileexists.cfm: Can be used to verify the existance of files (on the same drive info as the web tree/file)
  294. + /cgi-bin/MachineInfo: Gives out information on the machine (IRIX), including hostname
  295. + OSVDB-59646: /chat/!nicks.txt: WF-Chat 1.0 Beta allows retrieval of user information.
  296. + OSVDB-59645: /chat/!pwds.txt: WF-Chat 1.0 Beta allows retrieval of user information.
  297. + OSVDB-53304: /chat/data/usr: SimpleChat! 1.3 allows retrieval of user information.
  298. + /config.php: PHP Config file may contain database IDs and passwords.
  299. + /config/: Configuration information may be available remotely.
  300. + /cplogfile.log: XMB Magic Lantern forum 1.6b final (http://www.xmbforum.com) log file is readable remotely. Upgrade to the latest version.
  301. + /examples/jsp/snp/anything.snp: Tomcat servlet gives lots of host information.
  302. + /cfdocs/snippets/evaluate.cfm: Can enter CF code to be evaluated, or create denial of service see www.allaire.com/security/ technical papers and advisories for info
  303. + /cfide/Administrator/startstop.html: Can start/stop the server
  304. + OSVDB-10598: /cd-cgi/sscd_suncourier.pl: Sunsolve CD script may allow users to execute arbitrary commands. The script was confirmed to exist, but the test was not done.
  305. + /cgi-bin/handler: Comes with IRIX 5.3 - 6.4; allows to run arbitrary commands
  306. + OSVDB-235: /cgi-bin/webdist.cgi: Comes with IRIX 5.0 - 6.3; allows to run arbitrary commands
  307. + OSVDB-55: /ews/ews/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands. http://www.securityfocus.com/bid/2665.
  308. + OSVDB-5280: /instantwebmail/message.php: Instant Web Mail (http://understroem.kdc/instantwebmail/) is installed. Versions 0.59 and lower can allow remote users to embed POP3 commands in URLs contained in email.
  309. + OSVDB-29786: /admin.php?en_log_id=0&action=config: EasyNews from http://www.webrc.ca version 4.3 allows remote admin access. This PHP file should be protected.
  310. + OSVDB-29786: /admin.php?en_log_id=0&action=users: EasyNews from http://www.webrc.ca version 4.3 allows remote admin access. This PHP file should be protected.
  311. + /admin.php4?reg_login=1: Mon Album from http://www.3dsrc.com version 0.6.2d allows remote admin access. This should be protected.
  312. + OSVDB-3233: /admin/admin_phpinfo.php4: Mon Album from http://www.3dsrc.com version 0.6.2d allows remote admin access. This should be protected.
  313. + OSVDB-5034: /admin/login.php?action=insert&username=test&password=test: phpAuction may allow user admin accounts to be inserted without proper authentication. Attempt to log in with user 'test' password 'test' to verify.
  314. + OSVDB-5178: /dostuff.php?action=modify_user: Blahz-DNS allows unauthorized users to edit user information. Upgrade to version 0.25 or higher. http://blahzdns.sourceforge.net/
  315. + OSVDB-5088: /accounts/getuserdesc.asp: Hosting Controller 2002 administration page is available. This should be protected.
  316. + OSVDB-35876: /agentadmin.php: Immobilier agentadmin.php contains multiple SQL injection vulnerabilities.
  317. + /sqldump.sql: Database SQL?
  318. + /structure.sql: Database SQL?
  319. + /servlet/SessionManager: IBM WebSphere reconfigure servlet (user=servlet, password=manager). All default code should be removed from servers.
  320. + /ip.txt: This may be User Online from http://www.elpar.net version 2.0, which has a remotely accessible log file.
  321. + /level/42/exec/show%20conf: Retrieved Cisco configuration file.
  322. + /livehelp/: LiveHelp may reveal system information.
  323. + /LiveHelp/: LiveHelp may reveal system information.
  324. + OSVDB-59536: /logicworks.ini: web-erp 0.1.4 and earlier allow .ini files to be read remotely.
  325. + /logs/str_err.log: Bmedia error log, contains invalid login attempts which include the invalid usernames and passwords entered (could just be typos & be very close to the right entries).
  326. + OSVDB-6465: /mall_log_files/order.log: EZMall2000 exposes order information, http://www.ezmall2000.com/, see http://www.mindsec.com/advisories/post2.txt for details.
  327. + OSVDB-3204: /megabook/files/20/setup.db: Megabook guestbook configuration available remotely.
  328. + OSVDB-6161: /officescan/hotdownload/ofscan.ini: OfficeScan from Trend Micro allows anyone to read the ofscan.ini file, which may contain passwords.
  329. + /order/order_log_v12.dat: Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt
  330. + /order/order_log.dat: Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt
  331. + /orders/order_log_v12.dat: Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt
  332. + /Orders/order_log_v12.dat: Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt
  333. + /orders/order_log.dat: Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt
  334. + /Orders/order_log.dat: Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt
  335. + /pmlite.php: A Xoops CMS script was found. Version RC3 and below allows all users to view all messages (untested). See http://www.phpsecure.org/?zone=pComment&d=101 for details.
  336. + /session/admnlogin: SessionServlet Output, has session cookie info.
  337. + OSVDB-613: /SiteScope/htdocs/SiteScope.html: The SiteScope install may allow remote users to get sensitive information about the hosts being monitored.
  338. + /servlet/allaire.jrun.ssi.SSIFilter: Allaire ColdFusion allows JSP source viewed through a vulnerable SSI call, see MPSB01-12 http://www.macromedia.com/devnet/security/security_zone/mpsb01-12.html.
  339. + OSVDB-2881: /pp.php?action=login: Pieterpost 0.10.6 allows anyone to access the 'virtual' account which can be used to relay/send e-mail.
  340. + /isapi/count.pl?: AN HTTPd default script may allow writing over arbitrary files with a new content of '1', which could allow a trivial DoS. Append /../../../../../ctr.dll to replace this file's contents, for example.
  341. + /krysalis/: Krysalis pre 1.0.3 may allow remote users to read arbitrary files outside docroot
  342. + /logjam/showhits.php: Logjam may possibly allow remote command execution via showhits.php page.
  343. + /manual.php: Does not filter input before passing to shell command. Try 'ls -l' as the man page entry.
  344. + OSVDB-14329: /smssend.php: PhpSmssend may allow system calls if a ' is passed to it. http://zekiller.skytech.org/smssend.php
  345. + OSVDB-113: /ncl_items.html: This may allow attackers to reconfigure your Tektronix printer.
  346. + OSVDB-551: /ncl_items.shtml?SUBJECT=1: This may allow attackers to reconfigure your Tektronix printer.
  347. + /photo/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more.
  348. + /photodata/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more.
  349. + OSVDB-5374: /pub/english.cgi?op=rmail: BSCW self-registration may be enabled. This could allow untrusted users semi-trusted access to the software. 3.x version (and probably some 4.x) allow arbitrary commands to be executed remotely.
  350. + /pvote/ch_info.php?newpass=password&confirm=password%20: PVote administration page is available. Versions 1.5b and lower do not require authentication to reset the administration password.
  351. + OSVDB-240: /scripts/wsisa.dll/WService=anything?WSMadmin: Allows Webspeed to be remotely administered. Edit unbroker.properties and set AllowMsngrCmds to 0.
  352. + OSVDB-3092: /SetSecurity.shm: Cisco System's My Access for Wireless. This resource should be password protected.
  353. + OSVDB-3126: /submit?setoption=q&option=allowed_ips&value=255.255.255.255: MLdonkey 2.x allows administrative interface access to be access from any IP. This is typically only found on port 4080.
  354. + OSVDB-2225: /thebox/admin.php?act=write&username=admin&password=admin&aduser=admin&adpass=admin: paBox 1.6 may allow remote users to set the admin password. If successful, the 'admin' password is now 'admin'.
  355. + OSVDB-3092: /shopadmin.asp: VP-ASP shopping cart admin may be available via the web. Default ID/PW are vpasp/vpasp and admin/admin.
  356. + OSVDB-3092: /_vti_txt/_vti_cnf/: FrontPage directory found.
  357. + OSVDB-3092: /_vti_txt/: FrontPage directory found.
  358. + OSVDB-3092: /_vti_pvt/deptodoc.btr: FrontPage file found. This may contain useful information.
  359. + OSVDB-3092: /_vti_pvt/doctodep.btr: FrontPage file found. This may contain useful information.
  360. + OSVDB-3092: /_vti_pvt/services.org: FrontPage file found. This may contain useful information.
  361. + OSVDB-28260: /_vti_bin/shtml.dll/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611: Gives info about server settings. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0413, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0709, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0710, http://www.securityfocus.com/bid/1608, http://www.securityfocus.com/bid/1174.
  362. + OSVDB-28260: /_vti_bin/shtml.exe/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611: Gives info about server settings.
  363. + OSVDB-3092: /_vti_bin/_vti_aut/author.dll?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=false: We seem to have authoring access to the FrontPage web.
  364. + OSVDB-3092: /_vti_bin/_vti_aut/author.exe?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=false: We seem to have authoring access to the FrontPage web.
  365. + OSVDB-3092: /_vti_bin/_vti_aut/dvwssr.dll: This dll allows anyone with authoring privs to change other users file, and may contain a buffer overflow for unauthenticated users. See also : http://www.wiretrip.net/rfp/p/doc.asp?id=45&iface=1. http://www.microsoft.com/technet/security/bulletin/MS00-025.asp.
  366. + OSVDB-3092: /_vti_bin/_vti_aut/fp30reg.dll: Some versions of the FrontPage fp30reg.dll are vulnerable to a buffer overflow. See http://www.microsoft.com/technet/security/bulletin/http://www.microsoft.com/technet/security/bulletin/ms03-051.asp.asp for details.
  367. + OSVDB-473: /_vti_pvt/access.cnf: Contains HTTP server-specific access control information. Remove or ACL if FrontPage is not being used.
  368. + OSVDB-473: /_vti_pvt/service.cnf: Contains meta-information about the web server Remove or ACL if FrontPage is not being used.
  369. + OSVDB-473: /_vti_pvt/services.cnf: Contains the list of subwebs. Remove or ACL if FrontPage is not being used. May reveal server version if Admin has changed it.
  370. + OSVDB-473: /_vti_pvt/svacl.cnf: File used to store whether subwebs have unique permissions settings and any IP address restrictions. Can be used to discover information about subwebs, remove or ACL if FrontPage is not being used.
  371. + OSVDB-473: /_vti_pvt/writeto.cnf: Contains information about form handler result files. Remove or ACL if FrontPage is not being used.
  372. + OSVDB-473: /_vti_pvt/linkinfo.cnf: IIS file shows http links on and off site. Might show host trust relationships and other machines on network.
  373. + OSVDB-48: /doc/: The /doc/ directory is browsable. This may be /usr/doc.
  374. + OSVDB-48: /doc: The /doc directory is browsable. This may be /usr/doc.
  375. + OSVDB-250: /cgis/wwwboard/wwwboard.cgi: Versions 2.0 Alpha and below have multiple problems. See http://www.securityfocus.com/bid/1795 which could allow over-write of messages. Default ID 'WebAdmin' with pass 'WebBoard'.
  376. + OSVDB-250: /cgis/wwwboard/wwwboard.pl: Versions 2.0 Alpha and below have multiple problems. See http://www.securityfocus.com/bid/1795 which could allow over-write of messages. Default ID 'WebAdmin' with pass 'WebBoard'.
  377. + OSVDB-376: /manager/contextAdmin/contextAdmin.html: Tomcat may be configured to let attackers read arbitrary files. Restrict access to /admin.
  378. + OSVDB-376: /jk-manager/contextAdmin/contextAdmin.html: Tomcat may be configured to let attackers read arbitrary files. Restrict access to /admin.
  379. + OSVDB-376: /jk-status/contextAdmin/contextAdmin.html: Tomcat may be configured to let attackers read arbitrary files. Restrict access to /admin.
  380. + OSVDB-376: /admin/contextAdmin/contextAdmin.html: Tomcat may be configured to let attackers read arbitrary files. Restrict access to /admin.
  381. + OSVDB-376: /host-manager/contextAdmin/contextAdmin.html: Tomcat may be configured to let attackers read arbitrary files. Restrict access to /admin.
  382. + OSVDB-568: /blahb.ida: Reveals physical path. To fix: Preferences -> Home directory -> Application & check 'Check if file exists' for the ISAPI mappings. http://www.microsoft.com/technet/security/bulletin/MS01-033.asp.
  383. + OSVDB-568: /blahb.idq: Reveals physical path. To fix: Preferences -> Home directory -> Application & check 'Check if file exists' for the ISAPI mappings. http://www.microsoft.com/technet/security/bulletin/MS01-033.asp.
  384. + OSVDB-2117: /BACLIENT: IBM Tivoli default file found.
  385. + OSVDB-847: /file/../../../../../../../../etc/: The Icecast server allows the file system to be probed for directory structure, but does not allow arbitrary file retrieval.
  386. + OSVDB-578: /level/16/exec/-///pwd: CISCO HTTP service allows remote execution of commands
  387. + OSVDB-578: /level/16/exec/-///show/configuration: CISCO HTTP service allows remote execution of commands
  388. + OSVDB-578: /level/16: CISCO HTTP service allows remote execution of commands
  389. + OSVDB-578: /level/16/exec/: CISCO HTTP service allows remote execution of commands
  390. + OSVDB-578: /level/16/exec//show/access-lists: CISCO HTTP service allows remote execution of commands
  391. + OSVDB-578: /level/16/level/16/exec//show/configuration: CISCO HTTP service allows remote execution of commands
  392. + OSVDB-578: /level/16/level/16/exec//show/interfaces: CISCO HTTP service allows remote execution of commands
  393. + OSVDB-578: /level/16/level/16/exec//show/interfaces/status: CISCO HTTP service allows remote execution of commands
  394. + OSVDB-578: /level/16/level/16/exec//show/version: CISCO HTTP service allows remote execution of commands
  395. + OSVDB-578: /level/16/level/16/exec//show/running-config/interface/FastEthernet: CISCO HTTP service allows remote execution of commands
  396. + OSVDB-578: /level/16/exec//show: CISCO HTTP service allows remote execution of commands
  397. + OSVDB-578: /level/17/exec//show: CISCO HTTP service allows remote execution of commands
  398. + OSVDB-578: /level/18/exec//show: CISCO HTTP service allows remote execution of commands
  399. + OSVDB-578: /level/19/exec//show: CISCO HTTP service allows remote execution of commands
  400. + OSVDB-578: /level/20/exec//show: CISCO HTTP service allows remote execution of commands
  401. + OSVDB-578: /level/21/exec//show: CISCO HTTP service allows remote execution of commands
  402. + OSVDB-578: /level/22/exec//show: CISCO HTTP service allows remote execution of commands
  403. + OSVDB-578: /level/23/exec//show: CISCO HTTP service allows remote execution of commands
  404. + OSVDB-578: /level/24/exec//show: CISCO HTTP service allows remote execution of commands
  405. + OSVDB-578: /level/25/exec//show: CISCO HTTP service allows remote execution of commands
  406. + OSVDB-578: /level/26/exec//show: CISCO HTTP service allows remote execution of commands
  407. + OSVDB-578: /level/27/exec//show: CISCO HTTP service allows remote execution of commands
  408. + OSVDB-578: /level/28/exec//show: CISCO HTTP service allows remote execution of commands
  409. + OSVDB-578: /level/29/exec//show: CISCO HTTP service allows remote execution of commands
  410. + OSVDB-578: /level/30/exec//show: CISCO HTTP service allows remote execution of commands
  411. + OSVDB-578: /level/31/exec//show: CISCO HTTP service allows remote execution of commands
  412. + OSVDB-578: /level/32/exec//show: CISCO HTTP service allows remote execution of commands
  413. + OSVDB-578: /level/33/exec//show: CISCO HTTP service allows remote execution of commands
  414. + OSVDB-578: /level/34/exec//show: CISCO HTTP service allows remote execution of commands
  415. + OSVDB-578: /level/35/exec//show: CISCO HTTP service allows remote execution of commands
  416. + OSVDB-578: /level/36/exec//show: CISCO HTTP service allows remote execution of commands
  417. + OSVDB-578: /level/37/exec//show: CISCO HTTP service allows remote execution of commands
  418. + OSVDB-578: /level/38/exec//show: CISCO HTTP service allows remote execution of commands
  419. + OSVDB-578: /level/39/exec//show: CISCO HTTP service allows remote execution of commands
  420. + OSVDB-578: /level/40/exec//show: CISCO HTTP service allows remote execution of commands
  421. + OSVDB-578: /level/41/exec//show: CISCO HTTP service allows remote execution of commands
  422. + OSVDB-578: /level/42/exec//show: CISCO HTTP service allows remote execution of commands
  423. + OSVDB-578: /level/43/exec//show: CISCO HTTP service allows remote execution of commands
  424. + OSVDB-578: /level/44/exec//show: CISCO HTTP service allows remote execution of commands
  425. + OSVDB-578: /level/45/exec//show: CISCO HTTP service allows remote execution of commands
  426. + OSVDB-578: /level/46/exec//show: CISCO HTTP service allows remote execution of commands
  427. + OSVDB-578: /level/47/exec//show: CISCO HTTP service allows remote execution of commands
  428. + OSVDB-578: /level/48/exec//show: CISCO HTTP service allows remote execution of commands
  429. + OSVDB-578: /level/49/exec//show: CISCO HTTP service allows remote execution of commands
  430. + OSVDB-578: /level/50/exec//show: CISCO HTTP service allows remote execution of commands
  431. + OSVDB-578: /level/51/exec//show: CISCO HTTP service allows remote execution of commands
  432. + OSVDB-578: /level/52/exec//show: CISCO HTTP service allows remote execution of commands
  433. + OSVDB-578: /level/53/exec//show: CISCO HTTP service allows remote execution of commands
  434. + OSVDB-578: /level/54/exec//show: CISCO HTTP service allows remote execution of commands
  435. + OSVDB-578: /level/55/exec//show: CISCO HTTP service allows remote execution of commands
  436. + OSVDB-578: /level/56/exec//show: CISCO HTTP service allows remote execution of commands
  437. + OSVDB-578: /level/57/exec//show: CISCO HTTP service allows remote execution of commands
  438. + OSVDB-578: /level/58/exec//show: CISCO HTTP service allows remote execution of commands
  439. + OSVDB-578: /level/59/exec//show: CISCO HTTP service allows remote execution of commands
  440. + OSVDB-578: /level/60/exec//show: CISCO HTTP service allows remote execution of commands
  441. + OSVDB-578: /level/61/exec//show: CISCO HTTP service allows remote execution of commands
  442. + OSVDB-578: /level/62/exec//show: CISCO HTTP service allows remote execution of commands
  443. + OSVDB-578: /level/63/exec//show: CISCO HTTP service allows remote execution of commands
  444. + OSVDB-578: /level/64/exec//show: CISCO HTTP service allows remote execution of commands
  445. + OSVDB-578: /level/65/exec//show: CISCO HTTP service allows remote execution of commands
  446. + OSVDB-578: /level/66/exec//show: CISCO HTTP service allows remote execution of commands
  447. + OSVDB-578: /level/67/exec//show: CISCO HTTP service allows remote execution of commands
  448. + OSVDB-578: /level/68/exec//show: CISCO HTTP service allows remote execution of commands
  449. + OSVDB-578: /level/69/exec//show: CISCO HTTP service allows remote execution of commands
  450. + OSVDB-578: /level/70/exec//show: CISCO HTTP service allows remote execution of commands
  451. + OSVDB-578: /level/71/exec//show: CISCO HTTP service allows remote execution of commands
  452. + OSVDB-578: /level/72/exec//show: CISCO HTTP service allows remote execution of commands
  453. + OSVDB-578: /level/73/exec//show: CISCO HTTP service allows remote execution of commands
  454. + OSVDB-578: /level/74/exec//show: CISCO HTTP service allows remote execution of commands
  455. + OSVDB-578: /level/75/exec//show: CISCO HTTP service allows remote execution of commands
  456. + OSVDB-578: /level/76/exec//show: CISCO HTTP service allows remote execution of commands
  457. + OSVDB-578: /level/77/exec//show: CISCO HTTP service allows remote execution of commands
  458. + OSVDB-578: /level/78/exec//show: CISCO HTTP service allows remote execution of commands
  459. + OSVDB-578: /level/79/exec//show: CISCO HTTP service allows remote execution of commands
  460. + OSVDB-578: /level/80/exec//show: CISCO HTTP service allows remote execution of commands
  461. + OSVDB-578: /level/81/exec//show: CISCO HTTP service allows remote execution of commands
  462. + OSVDB-578: /level/82/exec//show: CISCO HTTP service allows remote execution of commands
  463. + OSVDB-578: /level/83/exec//show: CISCO HTTP service allows remote execution of commands
  464. + OSVDB-578: /level/84/exec//show: CISCO HTTP service allows remote execution of commands
  465. + OSVDB-578: /level/85/exec//show: CISCO HTTP service allows remote execution of commands
  466. + OSVDB-578: /level/86/exec//show: CISCO HTTP service allows remote execution of commands
  467. + OSVDB-578: /level/87/exec//show: CISCO HTTP service allows remote execution of commands
  468. + OSVDB-578: /level/88/exec//show: CISCO HTTP service allows remote execution of commands
  469. + OSVDB-578: /level/89/exec//show: CISCO HTTP service allows remote execution of commands
  470. + OSVDB-578: /level/90/exec//show: CISCO HTTP service allows remote execution of commands
  471. + OSVDB-578: /level/91/exec//show: CISCO HTTP service allows remote execution of commands
  472. + OSVDB-578: /level/92/exec//show: CISCO HTTP service allows remote execution of commands
  473. + OSVDB-578: /level/93/exec//show: CISCO HTTP service allows remote execution of commands
  474. + OSVDB-578: /level/94/exec//show: CISCO HTTP service allows remote execution of commands
  475. + OSVDB-578: /level/95/exec//show: CISCO HTTP service allows remote execution of commands
  476. + OSVDB-578: /level/96/exec//show: CISCO HTTP service allows remote execution of commands
  477. + OSVDB-578: /level/97/exec//show: CISCO HTTP service allows remote execution of commands
  478. + OSVDB-578: /level/98/exec//show: CISCO HTTP service allows remote execution of commands
  479. + OSVDB-578: /level/99/exec//show: CISCO HTTP service allows remote execution of commands
  480. + OSVDB-18810: /users.lst: LocalWEB2000 users.lst passwords found
  481. + OSVDB-13405: /WS_FTP.LOG: WS_FTP.LOG file was found. It may contain sensitive information.
  482. + OSVDB-3715: /nsn/env.bas: Novell web server shows the server environment and is vulnerable to cross-site scripting
  483. + OSVDB-3722: /lcgi/lcgitest.nlm: Novell web server shows the server environment
  484. + OSVDB-13404: /com/: Novell web server allows directory listing
  485. + OSVDB-13402: /com/novell/: Novell web server allows directory listing
  486. + OSVDB-13403: /com/novell/webaccess: Novell web server allows directory listing
  487. + OSVDB-4804: //admin/admin.shtml: Axis network camera may allow admin bypass by using double-slashes before URLs.
  488. + OSVDB-4808: /axis-cgi/buffer/command.cgi: Axis WebCam 2400 may allow overwriting or creating files on the system. See http://www.websec.org/adv/axis2400.txt.html for details.
  489. + OSVDB-4806: /support/messages: Axis WebCam allows retrieval of messages file (/var/log/messages). See http://www.websec.org/adv/axis2400.txt.html
  490. + ERROR: Error limit (20) reached for host, giving up. Last error:
  491. + Scan terminated: 0 error(s) and 473 item(s) reported on remote host
  492. + End Time: 2017-07-27 01:14:28 (GMT2) (5532 seconds)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!