API tools faq
paste
Advertisement
Guest User

rtfm

a guest
Nov 24th, 2016
374
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 71.23 KB | None | 0 0
raw download clone embed print report
  1. no where near done
  2.  
  3.  
  4. + Server: nginx/1.10.2
  5. + The anti-clickjacking X-Frame-Options header is not present.
  6. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  7. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  8. + OSVDB-39272: favicon.ico file identifies this server as: Wordpress
  9. + Allowed HTTP Methods: GET, HEAD, POST, OPTIONS
  10. + /scgi-bin/cart32.exe: request cart32.exe/cart32clientlist
  11. + /scgi-bin/classified.cgi: Check Phrack 55 for info by RFP
  12. + /scgi-bin/download.cgi: v1 by Matt Wright; check info in Phrack 55 by RFP
  13. + /scgi-bin/flexform.cgi: Check Phrack 55 for info by RFP, allows to append info to writable files.
  14. + /scgi-bin/flexform: Check Phrack 55 for info by RFP, allows to append info to writable files.
  15. + /scgi-bin/lwgate.cgi: Check Phrack 55 for info by RFP, http://www.phrack.com/show.php?p=55&a=7
  16. + /scgi-bin/LWGate.cgi: Check Phrack 55 for info by RFP, http://www.phrack.com/show.php?p=55&a=7
  17. + /scgi-bin/LWGate: Check Phrack 55 for info by RFP
  18. + /scgi-bin/perlshop.cgi: v3.1 by ARPAnet.com; check info in Phrack 55 by RFP
  19. + /scgi-bin/handler.cgi: Variation of Irix Handler? Has been seen from other CGI scanners.
  20. + /scgi-bin/finger: finger other users, may be other commands?
  21. + /scgi-bin/finger.pl: finger other users, may be other commands?
  22. + /cgi-sys/formmail.cgi: The remote CGI reveals its version number, which may aid attackers in finding vulnerabilities in the script.
  23. + /scgi-bin/get32.exe: This can allow attackers to execute arbitrary commands remotely.
  24. + /scgi-bin/gm-authors.cgi: GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See http://www.attrition.org/~jericho/works/security/greymatter.html for more info.
  25. + /scgi-bin/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
  26. + /scgi-bin/photo/protected/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems.
  27. + /scgi-bin/wrap.cgi: possible variation: comes with IRIX 6.2; allows to view directories
  28. + /cgi-sys/formmail.pl: Many versions of FormMail have remote vulnerabilities, including file access, information disclosure and email abuse. FormMail access should be restricted as much as possible or a more secure solution found.
  29. + /scgi-bin/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
  30. + /scgi-bin/html2chtml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more
  31. + /scgi-bin/html2wml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more
  32. + /scgi-bin/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
  33. + /cgi-sys/guestbook.cgi: May allow attackers to execute commands as the web daemon.
  34. + /scgi-bin/guestbook.cgi: May allow attackers to execute commands as the web daemon.
  35. + /scgi-bin/guestbook.pl: May allow attackers to execute commands as the web daemon.
  36. + /scgi-bin/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
  37. + /scgi-bin/gH.cgi: Web backdoor by gH
  38. + /scgi-bin/gm-cplog.cgi: GreyMatter log file defaults to mode 666 and contains login and passwords used to update the GM site. See http://www.attrition.org/~jericho/works/security/greymatter.html for more info.
  39. + /scgi-bin/gm.cgi: GreyMatter blogger may reveal user IDs/passwords through a gmrightclick-######.reg files (# are numbers), possibly in /archive or other archive location. See http://www.attrition.org/~jericho/works/security/greymatter.html for more info.
  40. + /scgi-bin/AT-admin.cgi: Admin interface...
  41. + OSVDB-17111: /scgi-bin/auth_data/auth_user_file.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
  42. + /scgi-bin/mt-static/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
  43. + /scgi-bin/mt/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
  44. + /scgi-bin/banner.cgi: This CGI may allow attackers to read any file on the system.
  45. + /scgi-bin/bannereditor.cgi: This CGI may allow attackers to read any file on the system.
  46. + /scgi-bin/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
  47. + /scgi-bin/bizdb1-search.cgi: This CGI may allow attackers to execute commands remotely. See http://www.hack.co.za/daem0n/cgi/cgi/bizdb.htm
  48. + /scgi-bin/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
  49. + /scgi-bin/blog/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
  50. + OSVDB-2878: /scgi-bin/moin.cgi?test: MoinMoin 1.1 and prior contain at least two XSS vulnerabilities. Version 1.0 and prior also contains a XSLT related vulnerability
  51. + /scgi-bin/astrocam.cgi: Astrocam 1.4.1 contained buffer overflow http://www.securityfocus.com/bid/4684. Prior to 2.1.3 contained unspecified security bugs
  52. + /scgi-bin/badmin.cgi: BannerWheel v1.0 is vulnerable to a local buffer overflow. If this is version 1.0 it should be upgraded.
  53. + OSVDB-2017: /scgi-bin/boozt/admin/index.cgi?section=5&input=1: Boozt CGI may have a buffer overflow. Upgrade to a version newer than 0.9.8alpha.
  54. + /scgi-bin/ezadmin.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
  55. + /scgi-bin/ezboard.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
  56. + /scgi-bin/ezman.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
  57. + OSVDB-11740: /scgi-bin/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version.
  58. + OSVDB-11741: /scgi-bin/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version.
  59. + /scgi-bin/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
  60. + /scgi-bin/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
  61. + /scgi-bin/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
  62. + /scgi-bin/fpsrvadm.exe: Potentially vulnerable CGI program.
  63. + /scgi-bin/.cobalt: May allow remote admin of CGI scripts.
  64. + OSVDB-319: /scgi-bin/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI.
  65. + /scgi-bin/.access: Contains authorization information
  66. + OSVDB-11871: /scgi-bin/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file.
  67. + /scgi-bin/addbanner.cgi: This CGI may allow attackers to read any file on the system.
  68. + /scgi-bin/shtml.dll: This may allow attackers to retrieve document source.
  69. + /scgi-bin/aglimpse.cgi: This CGI may allow attackers to execute remote commands.
  70. + /scgi-bin/aglimpse: This CGI may allow attackers to execute remote commands.
  71. + /scgi-bin/architext_query.cgi: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
  72. + /scgi-bin/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands
  73. + /scgi-bin/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands
  74. + /scgi-bin/hello.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
  75. + /scgi-bin/post32.exe|dir%20c:\\: post32 can execute arbitrary commands
  76. + /scgi-bin/archie: Gateway to the unix command, may be able to submit extra commands
  77. + /scgi-bin/calendar.pl: Gateway to the unix command, may be able to submit extra commands
  78. + /scgi-bin/calendar: Gateway to the unix command, may be able to submit extra commands
  79. + /scgi-bin/date: Gateway to the unix command, may be able to submit extra commands
  80. + /scgi-bin/fortune: Gateway to the unix command, may be able to submit extra commands
  81. + /scgi-bin/redirect: Redirects via URL from form
  82. + /scgi-bin/uptime: Gateway to the unix command, may be able to submit extra commands
  83. + /scgi-bin/wais.pl: Gateway to the unix command, may be able to submit extra commands
  84. + /scgi-bin/mail: Simple Perl mailing script to send form data to a pre-configured email address
  85. + /scgi-bin/nph-error.pl: Gives more information in error messages
  86. + /scgi-bin/post-query: Echoes back result of your POST
  87. + /scgi-bin/query: Echoes back result of your GET
  88. + /scgi-bin/test-cgi.tcl: May echo environment variables or give directory listings
  89. + /scgi-bin/test-env: May echo environment variables or give directory listings
  90. + /scgi-bin/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header.
  91. + OSVDB-6666: /scgi-bin/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times.
  92. + OSVDB-55370: /scgi-bin/Pbcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers.
  93. + OSVDB-55369: /scgi-bin/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers.
  94. + /scgi-bin/snorkerz.bat: Arguments passed to DOS CGI without checking
  95. + /scgi-bin/snorkerz.cmd: Arguments passed to DOS CGI without checking
  96. + /scgi-bin/webfind.exe?keywords=01234567890123456789: May be vulnerable to a buffer overflow (request 2000 bytes of data). Upgrade to WebSitePro 2.5 or greater
  97. + OSVDB-2511: /scgi-bin/sbcgi/sitebuilder.cgi: SITEBUILDER v1.4 may allow retrieval of any file. With a valid username and password, request: /<CGIDIR>/sbcgi/sitebuilder.cgi?username=<user>&password=<password>&selectedpage=../../../../../../../../../../etc/passwd
  98. + /scgi-bin/classifieds/index.cgi: My Classifieds pre 2.12 is vulnerable to SQL injection attacks.
  99. + /scgi-bin/myguestbook.cgi?action=view: myGuestBook 1.0 may be vulnerable to Cross Site Scripting (XSS) in posted contents. Upgrade to the latest version from http://www.levcgi.com/. http://www.cert.org/advisories/CA-2000-02.html.
  100. + OSVDB-21366: /scgi-bin/diagnose.cgi: This COWS (CGI Online Worldweb Shopping) script may give system information to attackers, and may be vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
  101. + OSVDB-19772: /scgi-bin/title.cgi: HNS's title.cgi is vulnerable to Cross Site Scripting (XSS http://www.cert.org/advisories/CA-2000-02.html) in version 2.00 and earlier, and Lite 0.8 and earlier.
  102. + OSVDB-21365: /scgi-bin/compatible.cgi: This COWS (CGI Online Worldweb Shopping) script may give system information to attackers, and may be vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
  103. + /scgi-bin/probecontrol.cgi?command=enable&userNikto=cancer&password=killer: This might be interesting... has been seen in web logs from a scanner.
  104. + /scgi-bin/probecontrol.cgi?command=enable&username=cancer&password=killer: This might be interesting... has been seen in web logs from a scanner.
  105. + /scgi-bin/retrieve_password.pl: May not be vulnerable, but see http://www.dcscripts.com/bugtrac/DCForumID7/3.html for information.
  106. + /scgi-bin/wwwadmin.pl: Administration CGI?
  107. + /scgi-bin/webmap.cgi: nmap front end... could be fun
  108. + /scgi-bin/admin/admin.cgi: May be ImageFolio Pro administration CGI. Default login is Admin/ImageFolio.
  109. + /scgi-bin/admin/setup.cgi: May be ImageFolio Pro setup CGI. Default login is Admin/ImageFolio.
  110. + /scgi-bin/mt-static/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
  111. + /scgi-bin/mt/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
  112. + /scgi-bin/dbman/db.cgi?db=no-db: This CGI allows remote attackers to view system information.
  113. + OSVDB-17111: /scgi-bin/dcshop/auth_data/auth_user_file.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
  114. + OSVDB-17111: /scgi-bin/DCShop/auth_data/auth_user_file.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
  115. + OSVDB-596: /scgi-bin/dcshop/orders/orders.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
  116. + OSVDB-596: /scgi-bin/DCShop/orders/orders.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
  117. + /scgi-bin/dumpenv.pl: This CGI gives a lot of information to attackers.
  118. + /scgi-bin/mkilog.exe: This CGI can give an attacker a lot of information.
  119. + /scgi-bin/mkplog.exe: This CGI can give an attacker a lot of information.
  120. + OSVDB-596: /scgi-bin/orders/orders.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
  121. + /scgi-bin/processit.pl: This CGI returns environment variables, giving attackers valuable information.
  122. + /scgi-bin/rpm_query: This CGI allows anyone to see the installed RPMs
  123. + OSVDB-17111: /scgi-bin/shop/auth_data/auth_user_file.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
  124. + OSVDB-596: /scgi-bin/shop/orders/orders.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
  125. + /scgi-bin/ws_ftp.ini: Can contain saved passwords for ftp sites
  126. + /scgi-bin/WS_FTP.ini: Can contain saved passwords for ftp sites
  127. + /scgi-bin/view-source?view-source: This allows remote users to view source code.
  128. + OSVDB-13978: /scgi-bin/ibill.pm: iBill.pm is installed. This may allow brute forcing of passwords.
  129. + OSVDB-9332: /scgi-bin/scoadminreg.cgi: This script (part of UnixWare WebTop) may have a local root exploit. It is also an system admin script and should be protected via the web.
  130. + OSVDB-4663: /scgi-bin/SGB_DIR/superguestconfig: Super GuestBook 1.0 from lasource.r2.ru stores the admin password in a plain text file.
  131. + /scgi-bin/icat: Multiple versions of icat allow attackers to read arbitrary files. Make sure the latest version is running.
  132. + /scgi-bin/nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0: nCUBE Server Manager 1.0 nph-showlogs.pl directory traversal bug
  133. + OSVDB-6192: /scgi-bin/update.dpgs: Duma Photo Gallery System may allow remote users to write to any file on the system. See http://b0iler.eyeonsecurity.net for details. This could not be remotely tested.
  134. + /scgi-bin/view-source: This may allow remote arbitrary file retrieval.
  135. + /scgi-bin/wrap: This CGI lets users read any file with 755 perms. It should not be in the CGI directory.
  136. + /scgi-bin/cgiwrap: Some versions of cgiwrap allow anyone to execute commands remotely.
  137. + /cgi-sys/Count.cgi: This may allow attackers to execute arbitrary commands on the server
  138. + /scgi-bin/Count.cgi: This may allow attackers to execute arbitrary commands on the server
  139. + /scgi-bin/echo.bat: This CGI may allow attackers to execute remote commands.
  140. + OSVDB-4571: /scgi-bin/ImageFolio/admin/admin.cgi: ImageFolio (default accout Admin/ImageFolio) may allow files to be deleted via URLs like: ?cgi=remove.pl&uid=111.111.111.111&rmstep=2&category=../../../../../../../../../../../etc/
  141. + /scgi-bin/info2www: This CGI allows attackers to execute commands.
  142. + /scgi-bin/infosrch.cgi: This CGI allows attackers to execute commands.
  143. + /scgi-bin/listrec.pl: This CGI allows attackers to execute commands on the host.
  144. + /scgi-bin/mailnews.cgi: Some versions allow attacker to execute commands as http daemon. Upgrade or remove.
  145. + /scgi-bin/mmstdod.cgi: May allow attacker to execute remote commands. Upgrade to version 3.0.26 or higher.
  146. + /scgi-bin/pagelog.cgi: Some versions of this allow you to create system files. Request 'pagelog.cgi?name=../../../../.././tmp/filename' to try.
  147. + /scgi-bin/perl?-v: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove Perl from the CGI dir.
  148. + /scgi-bin/perl.exe?-v: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove perl.exe from the CGI dir.
  149. + /scgi-bin/perl.exe: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove Perl from the CGI dir.
  150. + /scgi-bin/perl: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove Perl from the CGI dir.
  151. + /scgi-bin/plusmail: This CGI may allow attackers to execute commands remotely.
  152. + OSVDB-10944: /scgi-bin/scripts/slxweb.dll/getfile?type=Library&file=[invalid fileNikto]: SalesLogix WebClient may allow attackers to execute arbitrary commands on the host.
  153. + OSVDB-10944: /scgi-bin/scripts/slxweb.dll/getfile?type=Library&file=[invalid filename]: SalesLogix WebClient may allow attackers to execute arbitrary commands on the host.
  154. + /scgi-bin/smartsearch.cgi?keywords=|/bin/cat%20/etc/passwd|: To check for remote execution vulnerability use ?keywords=|/bin/ls| or your favorite command
  155. + /scgi-bin/smartsearch/smartsearch.cgi?keywords=|/bin/cat%20/etc/passwd|: To check for remote execution vulnerability use ?keywords=|/bin/ls| or your favorite command
  156. + OSVDB-54034: /scgi-bin/spin_client.cgi?aaaaaaaa: This CGI may be vulnerable to remote execution by sending 8000 x 'a' characters (check to see if you get a 500 error message)
  157. + OSVDB-10598: /scgi-bin/sscd_suncourier.pl: Sunsolve CD script may allow users to execute arbitrary commands. The script was confirmed to exist, but the test was not done.
  158. + OSVDB-13981: /scgi-bin/viralator.cgi: May be vulnerable to command injection, upgrade to 0.9pre2 or newer. This flaw could not be confirmed.
  159. + OSVDB-4854: /scgi-bin/virgil.cgi: The Virgil CGI Scanner 0.9 allows remote users to gain a system shell. This could not be confirmed (try syntax like virgil.cgi?tar=-lp&zielport=31337 to open a connection on port 31337.
  160. + OSVDB-2088: /scgi-bin/vpasswd.cgi: Some versions of this CGI allow attackers to execute commands on your system. Verify this is the latest version available.
  161. + OSVDB-236: /scgi-bin/webgais: The webgais allows attackers to execute commands.
  162. + OSVDB-237: /scgi-bin/websendmail: This CGI may allow attackers to execute arbitrary commands remotely.
  163. + /scgi-bin/wwwwais: wwwais has a vulnerability that lets attackers run commands as http daemon owner. Request 'CGIDIR/wwwais?version=version=123&' and 4096 bytes of garbage.
  164. + /scgi-bin/common/listrec.pl: This CGI allows attackers to execute commands on the host.
  165. + OSVDB-59031: /scgi-bin/stat.pl: Uninets StatsPlus 1.25 from http://www.uninetsolutions.com/stats.html may be vulnerable to command/script injection by manipulating HTTP_USER_AGENT or HTTP_REFERER.
  166. + OSVDB-28: /scgi-bin/cachemgr.cgi: Manager for squid proxy; problem with RedHat 6 making it public, can allow attacker to perform port scans.
  167. + OSVDB-142: /scgi-bin/ppdscgi.exe: PowerPlay Web Edition may allow unauthenticated users to view pages.
  168. + /scgi-bin/webif.cgi: HNS's webif.cgi is vulnerable to allow remote users to rewrite diary entries if 'direct mode' is enabled in version 2.00 and earlier, and Lite 0.8 and earlier.
  169. + /scgi-bin/.cobalt/siteUserMod/siteUserMod.cgi: Older versions of this CGI allow any user to change the administrator password.
  170. + /scgi-bin/webdriver: This CGI often allows anyone to access the Informix DB on the host.
  171. + /scgi-bin/c32web.exe/ChangeAdminPassword: This CGI may contain a backdoor and may allow attackers to change the Cart32 admin password.
  172. + /scgi-bin/cgi-lib.pl: CGI Library. If retrieved check to see if it is outdated, it may have vulns
  173. + /scgi-bin/log/nether-log.pl?checkit: Default Pass: nethernet-rules
  174. + /scgi-bin/mini_logger.cgi: Default password: guest
  175. + /scgi-bin/mt-static/: Movable Type weblog found. May contain security problems in CGIs, weak passwords, and more. Default login 'Melody' with password 'Nelson'.
  176. + /scgi-bin/mt/: Movable Type weblog found. May contain security problems in CGIs, weak passwords, and more. Default login 'Melody' with password 'Nelson'.
  177. + /scgi-bin/nimages.php: Alpha versions of the Nimages package vulnerable to non-specific 'major' security bugs.
  178. + /scgi-bin/robadmin.cgi: Default password: roblog
  179. + /scgi-bin/netpad.cgi: netpad.cgi may be an indication of a malicious user on the system, as it allows web access to the file system. It may also have remote vulnerabilities itself. This should be removed or protected.
  180. + /scgi-bin/troops.cgi: This CGI may be a leftover from a hacked site; may be used to attempt to hack other sites. It should be investigated further.
  181. + /scgi-bin/unlg1.1: web backdoor by ULG
  182. + /scgi-bin/unlg1.2: web backdoor by ULG
  183. + /scgi-bin/rwwwshell.pl: THC reverse www shell
  184. + /scgi-bin/photo/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more.
  185. + OSVDB-3093: /scgi-bin/ccbill-local.pl?cmd=MENU: This might be interesting... has been seen in web logs from an unknown scanner.
  186. + OSVDB-3093: /scgi-bin/ccbill-local.cgi?cmd=MENU: This might be interesting... has been seen in web logs from an unknown scanner.
  187. + OSVDB-3093: /scgi-bin/mastergate/search.cgi?search=0&search_on=all: This might be interesting... has been seen in web logs from an unknown scanner.
  188. + OSVDB-3093: /scgi-bin/Backup/add-passwd.cgi: This might be interesting... has been seen in web logs from an unknown scanner.
  189. + OSVDB-1642: /scgi-bin/gbook/gbook.cgi?_MAILTO=xx;ls: gbook.cgi allows command execution.
  190. + OSVDB-7161: /scgi-bin/bslist.cgi?email=x;ls: BSList allows command execution.
  191. + OSVDB-7162: /scgi-bin/bsguest.cgi?email=x;ls: BSGuest allows command execution.
  192. + OSVDB-136: /scgi-bin/phf: This allows attackers to read arbitrary files on the system and perhaps execute commands.
  193. + OSVDB-228: /scgi-bin/upload.cgi: The upload.cgi allows attackers to upload arbitrary files to the server.
  194. + OSVDB-127: /scgi-bin/nph-publish.cgi: This CGI may allow attackers to execute arbitrary commands on the server.
  195. + OSVDB-128: /scgi-bin/nph-test-cgi: This CGI lets attackers get a directory listing of the CGI directory.
  196. + OSVDB-2695: /scgi-bin/photo/: My Photo Gallery pre 3.6 contains multiple vulnerabilities including directory traversal, unspecified vulnerabilities and remote management interface access.
  197. + OSVDB-2717: /scgi-bin/include/new-visitor.inc.php: Les Visiteurs 2.0.1 and prior are vulnerable to remote command execution. BID 8902 for exploit example.
  198. + OSVDB-2735: /scgi-bin/musicqueue.cgi: Musicqueue 1.20 is vulnerable to a buffer overflow. Ensure the latest version is installed (exploit not attempted). http://musicqueue.sourceforge.net/
  199. + OSVDB-279: /scgi-bin/windmail: Some versions are vulnerable. Request 'windmail?-n%20c:\boot.ini%20you@youraddress.com' (replace your address) and see if you get the boot.ini file
  200. + OSVDB-279: /scgi-bin/windmail.exe: Some versions are vulnerable. Request 'windmail.exe?-n%20c:\boot.ini%20you@youraddress.com' (replace your address) and see if you get the boot.ini file
  201. ^[[B+ OSVDB-2873: /scgi-bin/gbadmin.cgi?action=change_adminpass: RNN Guestbook 1.2 contains multiple vulnerabilities including remotely changing administrative password, deleting posts, changing the setup, remotely executing commands, and more. By default, the admin password is either 'admin' or 'demo'. See Nov 26, 200
  202. + OSVDB-2873: /scgi-bin/gbadmin.cgi?action=change_automail: RNN Guestbook 1.2 contains multiple vulnerabilities including remotely changing administrative password, deleting posts, changing the setup, remotely executing commands, and more. By default, the admin password is either 'admin' or 'demo'. See Nov 26, 200
  203. + OSVDB-2873: /scgi-bin/gbadmin.cgi?action=colors: RNN Guestbook 1.2 contains multiple vulnerabilities including remotely changing administrative password, deleting posts, changing the setup, remotely executing commands, and more. By default, the admin password is either 'admin' or 'demo'. See Nov 26, 200
  204. + OSVDB-2873: /scgi-bin/gbadmin.cgi?action=setup: RNN Guestbook 1.2 contains multiple vulnerabilities including remotely changing administrative password, deleting posts, changing the setup, remotely executing commands, and more. By default, the admin password is either 'admin' or 'demo'. See Nov 26, 200
  205. + OSVDB-2915: /scgi-bin/gbpass.pl: RNN Guestbook 1.2 password storage file. Administrative password should be stored in plaintext. Access gbadmin.cgi in the same directory to (ab)use. By default, the admin password is either 'admin' or 'demo'. See Nov 26, 2003 BugTraq post by brainrawt@ha
  206. + OSVDB-3092: /scgi-bin/addalink.cgi: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
  207. + OSVDB-3092: /scgi-bin/cgiecho: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
  208. + OSVDB-3092: /scgi-bin/cgiemail: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
  209. + OSVDB-3092: /scgi-bin/countedit: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
  210. + OSVDB-3092: /scgi-bin/domainredirect.cgi: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
  211. + OSVDB-3092: /scgi-bin/entropybanner.cgi: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
  212. + OSVDB-3092: /cgi-sys/entropysearch.cgi?query=asdfasdf&user=root&basehref=%2F%2Fwww.yourdomain.com/: CPanel's Entropy Search allows username enumeration via the user parameter.
  213. + OSVDB-3092: /cgi-sys/FormMail-clone.cgi: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
  214. + OSVDB-3092: /scgi-bin/helpdesk.cgi: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
  215. + OSVDB-3092: /scgi-bin/mchat.cgi: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
  216. + OSVDB-3092: /scgi-bin/randhtml.cgi: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
  217. + OSVDB-3092: /scgi-bin/realhelpdesk.cgi: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
  218. + OSVDB-3092: /scgi-bin/realsignup.cgi: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
  219. + OSVDB-3092: /cgi-sys/scgiwrap: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
  220. + OSVDB-3092: /scgi-bin/scgiwrap: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
  221. + OSVDB-3092: /scgi-bin/signup.cgi: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
  222. + OSVDB-3092: /scgi-bin/GW5/GWWEB.EXE: Groupwise web interface
  223. + OSVDB-3092: /scgi-bin/dbmlparser.exe: This might be interesting...
  224. + OSVDB-3092: /scgi-bin/: This might be interesting... possibly a system shell found.
  225. + OSVDB-3092: /scgi-bin/.fhp: This might be interesting...
  226. + OSVDB-3092: /scgi-bin/add_ftp.cgi: This might be interesting...
  227. + OSVDB-3092: /scgi-bin/admin.cgi: This might be interesting...
  228. + OSVDB-3092: /scgi-bin/admin.php: This might be interesting...
  229. + OSVDB-3092: /scgi-bin/admin.php3: This might be interesting...
  230. + OSVDB-3092: /scgi-bin/admin.pl: Might be interesting
  231. + OSVDB-3092: /scgi-bin/adminhot.cgi: This might be interesting... has been seen in web logs from another CGI scanner.
  232. + OSVDB-3092: /scgi-bin/adminwww.cgi: This might be interesting... has been seen in web logs from another CGI scanner.
  233. + OSVDB-3092: /scgi-bin/AnyBoard.cgi: This might be interesting...
  234. + OSVDB-3092: /scgi-bin/AnyForm: This might be interesting...
  235. + OSVDB-3092: /scgi-bin/AnyForm2: This might be interesting...
  236. + OSVDB-3092: /scgi-bin/ash: This might be interesting... possibly a system shell found.
  237. + OSVDB-3092: /scgi-bin/ax-admin.cgi: This might be interesting...
  238. + OSVDB-3092: /scgi-bin/ax.cgi: This might be interesting...
  239. + OSVDB-3092: /scgi-bin/axs.cgi: This might be interesting...
  240. + OSVDB-3092: /scgi-bin/bash: This might be interesting... possibly a system shell found.
  241. + OSVDB-3092: /scgi-bin/bnbform: This might be interesting...
  242. + OSVDB-3092: /scgi-bin/bnbform.cgi: This might be interesting...
  243. + OSVDB-3092: /scgi-bin/cart.pl: This might be interesting...
  244. + OSVDB-3092: /scgi-bin/cgimail.exe: This might be interesting...
  245. + OSVDB-3092: /scgi-bin/classifieds: This might be interesting...
  246. + OSVDB-3092: /scgi-bin/classifieds.cgi: This might be interesting...
  247. + OSVDB-3092: /scgi-bin/clickcount.pl?view=test: This might be interesting...
  248. + OSVDB-3092: /scgi-bin/code.php: This might be interesting...
  249. + OSVDB-3092: /scgi-bin/code.php3: This might be interesting...
  250. + OSVDB-3092: /scgi-bin/count.cgi: This might be interesting...
  251. + OSVDB-3092: /scgi-bin/csh: This might be interesting... possibly a system shell found.
  252. + OSVDB-3092: /scgi-bin/cstat.pl: This might be interesting...
  253. + OSVDB-3092: /scgi-bin/c_download.cgi: This might be interesting...
  254. + OSVDB-3092: /scgi-bin/dasp/fm_shell.asp: This might be interesting...
  255. + OSVDB-3092: /scgi-bin/day5datacopier.cgi: This might be interesting...
  256. + OSVDB-3092: /scgi-bin/dfire.cgi: This might be interesting...
  257. + OSVDB-3092: /scgi-bin/dig.cgi: This might be interesting...
  258. + OSVDB-3092: /scgi-bin/displayTC.pl: This might be interesting...
  259. + OSVDB-3092: /scgi-bin/edit.pl: This might be interesting...
  260. + OSVDB-3092: /scgi-bin/enter.cgi: This might be interesting...
  261. + OSVDB-3092: /scgi-bin/environ.cgi: This might be interesting...
  262. + OSVDB-3092: /scgi-bin/environ.pl: This might be interesting...
  263. + OSVDB-3092: /scgi-bin/ex-logger.pl: This might be interesting...
  264. + OSVDB-3092: /scgi-bin/excite: This might be interesting...
  265. + OSVDB-3092: /scgi-bin/filemail: This might be interesting...
  266. + OSVDB-3092: /scgi-bin/filemail.pl: This might be interesting...
  267. + OSVDB-3092: /scgi-bin/ftp.pl: This might be interesting... is file transfer allowed?
  268. + OSVDB-3092: /scgi-bin/ftpsh: This might be interesting... possibly a system shell found.
  269. + OSVDB-3092: /scgi-bin/getdoc.cgi: This might be interesting...
  270. + OSVDB-3092: /scgi-bin/glimpse: This might be interesting...
  271. + OSVDB-3092: /scgi-bin/hitview.cgi: This might be interesting...
  272. + OSVDB-3092: /scgi-bin/jailshell: This might be interesting... possibly a system shell found.
  273. + OSVDB-105: /scgi-bin/jj: Allows attackers to execute commands as http daemon
  274. + OSVDB-3092: /scgi-bin/ksh: This might be interesting... possibly a system shell found.
  275. + OSVDB-3092: /scgi-bin/log-reader.cgi: This might be interesting...
  276. + OSVDB-3092: /scgi-bin/log/: This might be interesting...
  277. + OSVDB-3092: /scgi-bin/login.cgi: This might be interesting...
  278. + OSVDB-3092: /scgi-bin/login.pl: This might be interesting...
  279. + OSVDB-3092: /scgi-bin/logit.cgi: This might be interesting...
  280. + OSVDB-3092: /scgi-bin/logs.pl: This might be interesting...
  281. + OSVDB-3092: /scgi-bin/logs/: This might be interesting...
  282. + OSVDB-3092: /scgi-bin/logs/access_log: This might be interesting...
  283. + OSVDB-3092: /scgi-bin/logs/error_log: This might be interesting...
  284. + OSVDB-3092: /scgi-bin/lookwho.cgi: This might be interesting...
  285. + OSVDB-3092: /scgi-bin/maillist.cgi: This might be interesting...
  286. + OSVDB-3092: /scgi-bin/maillist.pl: This might be interesting...
  287. + OSVDB-3092: /scgi-bin/man.sh: This might be interesting...
  288. + OSVDB-3092: /scgi-bin/meta.pl: This might be interesting...
  289. + OSVDB-3092: /scgi-bin/minimal.exe: This might be interesting...
  290. + OSVDB-3092: /scgi-bin/nlog-smb.cgi: This might be interesting...
  291. + OSVDB-3092: /scgi-bin/nlog-smb.pl: This might be interesting...
  292. + OSVDB-3092: /scgi-bin/noshell: This might be interesting... possibly a system shell found.
  293. + OSVDB-3092: /scgi-bin/nph-publish: This might be interesting...
  294. + OSVDB-3092: /scgi-bin/ntitar.pl: This might be interesting...
  295. + OSVDB-3092: /scgi-bin/pass: This could be interesting...
  296. + OSVDB-3092: /scgi-bin/passwd: This could be interesting...
  297. + OSVDB-3092: /scgi-bin/passwd.txt: This could be interesting...
  298. + OSVDB-3092: /scgi-bin/password: This could be interesting...
  299. + OSVDB-3092: /scgi-bin/post_query: This might be interesting...
  300. + OSVDB-3092: /scgi-bin/pu3.pl: This might be interesting...
  301. + OSVDB-3092: /scgi-bin/ratlog.cgi: This might be interesting...
  302. + OSVDB-3092: /scgi-bin/responder.cgi: This might be interesting...
  303. + OSVDB-3092: /scgi-bin/rguest.exe: This might be interesting...
  304. + OSVDB-3092: /scgi-bin/rksh: This might be interesting... possibly a system shell found.
  305. + OSVDB-3092: /scgi-bin/rsh: This might be interesting... possibly a system shell found.
  306. + OSVDB-3092: /scgi-bin/search.cgi: This might be interesting...
  307. + OSVDB-3092: /scgi-bin/search.pl: This might be interesting...
  308. + OSVDB-3092: /scgi-bin/session/adminlogin: This might be interesting...
  309. + OSVDB-3092: /scgi-bin/sh: This might be interesting... possibly a system shell found.
  310. + OSVDB-3092: /scgi-bin/show.pl: This might be interesting...
  311. + OSVDB-3092: /scgi-bin/stat/: This might be interesting...
  312. + OSVDB-3092: /scgi-bin/stats-bin-p/reports/index.html: This might be interesting...
  313. + OSVDB-3092: /scgi-bin/stats.pl: This might be interesting...
  314. + OSVDB-3092: /scgi-bin/stats.prf: This might be interesting...
  315. + OSVDB-3092: /scgi-bin/stats/: This might be interesting...
  316. + OSVDB-3092: /scgi-bin/statsconfig: This might be interesting...
  317. + OSVDB-3092: /scgi-bin/stats_old/: This might be interesting...
  318. + OSVDB-3092: /scgi-bin/statview.pl: This might be interesting...
  319. + OSVDB-3092: /scgi-bin/survey: This might be interesting...
  320. + OSVDB-3092: /scgi-bin/survey.cgi: This might be interesting...
  321. + OSVDB-3092: /scgi-bin/tablebuild.pl: This might be interesting...
  322. + OSVDB-3092: /scgi-bin/tcsh: This might be interesting... possibly a system shell found.
  323. + OSVDB-3092: /scgi-bin/test.cgi: This might be interesting...
  324. + OSVDB-3092: /scgi-bin/test/test.cgi: This might be interesting...
  325. + OSVDB-3092: /scgi-bin/textcounter.pl: This might be interesting...
  326. + OSVDB-3092: /scgi-bin/tidfinder.cgi: This might be interesting...
  327. + OSVDB-3092: /scgi-bin/tigvote.cgi: This might be interesting...
  328. + OSVDB-3092: /scgi-bin/tpgnrock: This might be interesting...
  329. + OSVDB-3092: /scgi-bin/ultraboard.cgi: This might be interesting...
  330. + OSVDB-3092: /scgi-bin/ultraboard.pl: This might be interesting...
  331. + OSVDB-3092: /scgi-bin/viewlogs.pl: This might be interesting...
  332. + OSVDB-3092: /scgi-bin/visitor.exe: This might be interesting...
  333. + OSVDB-3092: /scgi-bin/w3-msql: This might be interesting...
  334. + OSVDB-3092: /scgi-bin/w3-sql: This might be interesting...
  335. + OSVDB-3092: /scgi-bin/webais: This might be interesting...
  336. + OSVDB-3092: /scgi-bin/webbbs.cgi: This might be interesting...
  337. + OSVDB-3092: /scgi-bin/webbbs.exe: This might be interesting...
  338. + OSVDB-3092: /scgi-bin/webutil.pl: This might be interesting... has been seen in web logs from another CGI scanner.
  339. + OSVDB-3092: /scgi-bin/webutils.pl: This might be interesting... has been seen in web logs from another CGI scanner.
  340. + OSVDB-3092: /scgi-bin/webwho.pl: This might be interesting... has been seen in web logs from another CGI scanner.
  341. + OSVDB-3092: /scgi-bin/wguest.exe: This might be interesting...
  342. + OSVDB-3092: /scgi-bin/www-sql: This might be interesting...
  343. + OSVDB-3092: /scgi-bin/wwwboard.cgi.cgi: This might be interesting...
  344. + OSVDB-3092: /scgi-bin/wwwboard.pl: This might be interesting...
  345. + OSVDB-3092: /scgi-bin/wwwstats.pl: This might be interesting...
  346. + OSVDB-3092: /scgi-bin/wwwthreads/3tvars.pm: This might be interesting...
  347. + OSVDB-3092: /scgi-bin/wwwthreads/w3tvars.pm: This might be interesting...
  348. + OSVDB-3092: /scgi-bin/zsh: This might be interesting... possibly a system shell found.
  349.  
  350.  
  351.  
  352. + Target IP: you.dont.need.to.do
  353. + Target Hostname: xxx4.xxxxxxxx.co
  354. + Target Port: 80
  355. + Start Time: 2016-11-24 20:28:34 (GMT-5)
  356. ---------------------------------------------------------------------------
  357. + Server: nginx/1.10.2
  358. + The anti-clickjacking X-Frame-Options header is not present.
  359. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  360. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  361. + OSVDB-39272: favicon.ico file identifies this server as: Wordpress
  362. + Allowed HTTP Methods: GET, HEAD, POST, OPTIONS
  363. + /scgi-bin/cart32.exe: request cart32.exe/cart32clientlist
  364. + /scgi-bin/classified.cgi: Check Phrack 55 for info by RFP
  365. + /scgi-bin/download.cgi: v1 by Matt Wright; check info in Phrack 55 by RFP
  366. + /scgi-bin/flexform.cgi: Check Phrack 55 for info by RFP, allows to append info to writable files.
  367. + /scgi-bin/flexform: Check Phrack 55 for info by RFP, allows to append info to writable files.
  368. + /scgi-bin/lwgate.cgi: Check Phrack 55 for info by RFP, http://www.phrack.com/show.php?p=55&a=7
  369. + /scgi-bin/LWGate.cgi: Check Phrack 55 for info by RFP, http://www.phrack.com/show.php?p=55&a=7
  370. + /scgi-bin/LWGate: Check Phrack 55 for info by RFP
  371. + /scgi-bin/perlshop.cgi: v3.1 by ARPAnet.com; check info in Phrack 55 by RFP
  372. + /scgi-bin/handler.cgi: Variation of Irix Handler? Has been seen from other CGI scanners.
  373. + /scgi-bin/finger: finger other users, may be other commands?
  374. + /scgi-bin/finger.pl: finger other users, may be other commands?
  375. + /cgi-sys/formmail.cgi: The remote CGI reveals its version number, which may aid attackers in finding vulnerabilities in the script.
  376. + /scgi-bin/get32.exe: This can allow attackers to execute arbitrary commands remotely.
  377. + /scgi-bin/gm-authors.cgi: GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See http://www.attrition.org/~jericho/works/security/greymatter.html for more info.
  378. + /scgi-bin/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
  379. + /scgi-bin/photo/protected/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems.
  380. + /scgi-bin/wrap.cgi: possible variation: comes with IRIX 6.2; allows to view directories
  381. + /cgi-sys/formmail.pl: Many versions of FormMail have remote vulnerabilities, including file access, information disclosure and email abuse. FormMail access should be restricted as much as possible or a more secure solution found.
  382. + /scgi-bin/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
  383. + /scgi-bin/html2chtml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more
  384. + /scgi-bin/html2wml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more
  385. + /scgi-bin/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
  386. + /cgi-sys/guestbook.cgi: May allow attackers to execute commands as the web daemon.
  387. + /scgi-bin/guestbook.cgi: May allow attackers to execute commands as the web daemon.
  388. + /scgi-bin/guestbook.pl: May allow attackers to execute commands as the web daemon.
  389. + /scgi-bin/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
  390. + /scgi-bin/gH.cgi: Web backdoor by gH
  391. + /scgi-bin/gm-cplog.cgi: GreyMatter log file defaults to mode 666 and contains login and passwords used to update the GM site. See http://www.attrition.org/~jericho/works/security/greymatter.html for more info.
  392. + /scgi-bin/gm.cgi: GreyMatter blogger may reveal user IDs/passwords through a gmrightclick-######.reg files (# are numbers), possibly in /archive or other archive location. See http://www.attrition.org/~jericho/works/security/greymatter.html for more info.
  393. + /scgi-bin/AT-admin.cgi: Admin interface...
  394. + OSVDB-17111: /scgi-bin/auth_data/auth_user_file.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
  395. + /scgi-bin/mt-static/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
  396. + /scgi-bin/mt/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
  397. + /scgi-bin/banner.cgi: This CGI may allow attackers to read any file on the system.
  398. + /scgi-bin/bannereditor.cgi: This CGI may allow attackers to read any file on the system.
  399. + /scgi-bin/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
  400. + /scgi-bin/bizdb1-search.cgi: This CGI may allow attackers to execute commands remotely. See http://www.hack.co.za/daem0n/cgi/cgi/bizdb.htm
  401. + /scgi-bin/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
  402. + /scgi-bin/blog/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
  403. + OSVDB-2878: /scgi-bin/moin.cgi?test: MoinMoin 1.1 and prior contain at least two XSS vulnerabilities. Version 1.0 and prior also contains a XSLT related vulnerability
  404. + /scgi-bin/astrocam.cgi: Astrocam 1.4.1 contained buffer overflow http://www.securityfocus.com/bid/4684. Prior to 2.1.3 contained unspecified security bugs
  405. + /scgi-bin/badmin.cgi: BannerWheel v1.0 is vulnerable to a local buffer overflow. If this is version 1.0 it should be upgraded.
  406. + OSVDB-2017: /scgi-bin/boozt/admin/index.cgi?section=5&input=1: Boozt CGI may have a buffer overflow. Upgrade to a version newer than 0.9.8alpha.
  407. + /scgi-bin/ezadmin.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
  408. + /scgi-bin/ezboard.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
  409. + /scgi-bin/ezman.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
  410. + OSVDB-11740: /scgi-bin/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version.
  411. + OSVDB-11741: /scgi-bin/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version.
  412. + /scgi-bin/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
  413. + /scgi-bin/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
  414. + /scgi-bin/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
  415. + /scgi-bin/fpsrvadm.exe: Potentially vulnerable CGI program.
  416. + /scgi-bin/.cobalt: May allow remote admin of CGI scripts.
  417. + OSVDB-319: /scgi-bin/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI.
  418. + /scgi-bin/.access: Contains authorization information
  419. + OSVDB-11871: /scgi-bin/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file.
  420. + /scgi-bin/addbanner.cgi: This CGI may allow attackers to read any file on the system.
  421. + /scgi-bin/shtml.dll: This may allow attackers to retrieve document source.
  422. + /scgi-bin/aglimpse.cgi: This CGI may allow attackers to execute remote commands.
  423. + /scgi-bin/aglimpse: This CGI may allow attackers to execute remote commands.
  424. + /scgi-bin/architext_query.cgi: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
  425. + /scgi-bin/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands
  426. + /scgi-bin/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands
  427. + /scgi-bin/hello.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
  428. + /scgi-bin/post32.exe|dir%20c:\\: post32 can execute arbitrary commands
  429. + /scgi-bin/archie: Gateway to the unix command, may be able to submit extra commands
  430. + /scgi-bin/calendar.pl: Gateway to the unix command, may be able to submit extra commands
  431. + /scgi-bin/calendar: Gateway to the unix command, may be able to submit extra commands
  432. + /scgi-bin/date: Gateway to the unix command, may be able to submit extra commands
  433. + /scgi-bin/fortune: Gateway to the unix command, may be able to submit extra commands
  434. + /scgi-bin/redirect: Redirects via URL from form
  435. + /scgi-bin/uptime: Gateway to the unix command, may be able to submit extra commands
  436. + /scgi-bin/wais.pl: Gateway to the unix command, may be able to submit extra commands
  437. + /scgi-bin/mail: Simple Perl mailing script to send form data to a pre-configured email address
  438. + /scgi-bin/nph-error.pl: Gives more information in error messages
  439. + /scgi-bin/post-query: Echoes back result of your POST
  440. + /scgi-bin/query: Echoes back result of your GET
  441. + /scgi-bin/test-cgi.tcl: May echo environment variables or give directory listings
  442. + /scgi-bin/test-env: May echo environment variables or give directory listings
  443. + /scgi-bin/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header.
  444. + OSVDB-6666: /scgi-bin/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times.
  445. + OSVDB-55370: /scgi-bin/Pbcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers.
  446. + OSVDB-55369: /scgi-bin/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers.
  447. + /scgi-bin/snorkerz.bat: Arguments passed to DOS CGI without checking
  448. + /scgi-bin/snorkerz.cmd: Arguments passed to DOS CGI without checking
  449. + /scgi-bin/webfind.exe?keywords=01234567890123456789: May be vulnerable to a buffer overflow (request 2000 bytes of data). Upgrade to WebSitePro 2.5 or greater
  450. + OSVDB-2511: /scgi-bin/sbcgi/sitebuilder.cgi: SITEBUILDER v1.4 may allow retrieval of any file. With a valid username and password, request: /<CGIDIR>/sbcgi/sitebuilder.cgi?username=<user>&password=<password>&selectedpage=../../../../../../../../../../etc/passwd
  451. + /scgi-bin/classifieds/index.cgi: My Classifieds pre 2.12 is vulnerable to SQL injection attacks.
  452. + /scgi-bin/myguestbook.cgi?action=view: myGuestBook 1.0 may be vulnerable to Cross Site Scripting (XSS) in posted contents. Upgrade to the latest version from http://www.levcgi.com/. http://www.cert.org/advisories/CA-2000-02.html.
  453. + OSVDB-21366: /scgi-bin/diagnose.cgi: This COWS (CGI Online Worldweb Shopping) script may give system information to attackers, and may be vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
  454. + OSVDB-19772: /scgi-bin/title.cgi: HNS's title.cgi is vulnerable to Cross Site Scripting (XSS http://www.cert.org/advisories/CA-2000-02.html) in version 2.00 and earlier, and Lite 0.8 and earlier.
  455. + OSVDB-21365: /scgi-bin/compatible.cgi: This COWS (CGI Online Worldweb Shopping) script may give system information to attackers, and may be vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
  456. + /scgi-bin/probecontrol.cgi?command=enable&userNikto=cancer&password=killer: This might be interesting... has been seen in web logs from a scanner.
  457. + /scgi-bin/probecontrol.cgi?command=enable&username=cancer&password=killer: This might be interesting... has been seen in web logs from a scanner.
  458. + /scgi-bin/retrieve_password.pl: May not be vulnerable, but see http://www.dcscripts.com/bugtrac/DCForumID7/3.html for information.
  459. + /scgi-bin/wwwadmin.pl: Administration CGI?
  460. + /scgi-bin/webmap.cgi: nmap front end... could be fun
  461. + /scgi-bin/admin/admin.cgi: May be ImageFolio Pro administration CGI. Default login is Admin/ImageFolio.
  462. + /scgi-bin/admin/setup.cgi: May be ImageFolio Pro setup CGI. Default login is Admin/ImageFolio.
  463. + /scgi-bin/mt-static/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
  464. + /scgi-bin/mt/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
  465. + /scgi-bin/dbman/db.cgi?db=no-db: This CGI allows remote attackers to view system information.
  466. + OSVDB-17111: /scgi-bin/dcshop/auth_data/auth_user_file.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
  467. + OSVDB-17111: /scgi-bin/DCShop/auth_data/auth_user_file.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
  468. + OSVDB-596: /scgi-bin/dcshop/orders/orders.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
  469. + OSVDB-596: /scgi-bin/DCShop/orders/orders.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
  470. + /scgi-bin/dumpenv.pl: This CGI gives a lot of information to attackers.
  471. + /scgi-bin/mkilog.exe: This CGI can give an attacker a lot of information.
  472. + /scgi-bin/mkplog.exe: This CGI can give an attacker a lot of information.
  473. + OSVDB-596: /scgi-bin/orders/orders.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
  474. + /scgi-bin/processit.pl: This CGI returns environment variables, giving attackers valuable information.
  475. + /scgi-bin/rpm_query: This CGI allows anyone to see the installed RPMs
  476. + OSVDB-17111: /scgi-bin/shop/auth_data/auth_user_file.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
  477. + OSVDB-596: /scgi-bin/shop/orders/orders.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
  478. + /scgi-bin/ws_ftp.ini: Can contain saved passwords for ftp sites
  479. + /scgi-bin/WS_FTP.ini: Can contain saved passwords for ftp sites
  480. + /scgi-bin/view-source?view-source: This allows remote users to view source code.
  481. + OSVDB-13978: /scgi-bin/ibill.pm: iBill.pm is installed. This may allow brute forcing of passwords.
  482. + OSVDB-9332: /scgi-bin/scoadminreg.cgi: This script (part of UnixWare WebTop) may have a local root exploit. It is also an system admin script and should be protected via the web.
  483. + OSVDB-4663: /scgi-bin/SGB_DIR/superguestconfig: Super GuestBook 1.0 from lasource.r2.ru stores the admin password in a plain text file.
  484. + /scgi-bin/icat: Multiple versions of icat allow attackers to read arbitrary files. Make sure the latest version is running.
  485. + /scgi-bin/nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0: nCUBE Server Manager 1.0 nph-showlogs.pl directory traversal bug
  486. + OSVDB-6192: /scgi-bin/update.dpgs: Duma Photo Gallery System may allow remote users to write to any file on the system. See http://b0iler.eyeonsecurity.net for details. This could not be remotely tested.
  487. + /scgi-bin/view-source: This may allow remote arbitrary file retrieval.
  488. + /scgi-bin/wrap: This CGI lets users read any file with 755 perms. It should not be in the CGI directory.
  489. + /scgi-bin/cgiwrap: Some versions of cgiwrap allow anyone to execute commands remotely.
  490. + /cgi-sys/Count.cgi: This may allow attackers to execute arbitrary commands on the server
  491. + /scgi-bin/Count.cgi: This may allow attackers to execute arbitrary commands on the server
  492. + /scgi-bin/echo.bat: This CGI may allow attackers to execute remote commands.
  493. + OSVDB-4571: /scgi-bin/ImageFolio/admin/admin.cgi: ImageFolio (default accout Admin/ImageFolio) may allow files to be deleted via URLs like: ?cgi=remove.pl&uid=111.111.111.111&rmstep=2&category=../../../../../../../../../../../etc/
  494. + /scgi-bin/info2www: This CGI allows attackers to execute commands.
  495. + /scgi-bin/infosrch.cgi: This CGI allows attackers to execute commands.
  496. + /scgi-bin/listrec.pl: This CGI allows attackers to execute commands on the host.
  497. + /scgi-bin/mailnews.cgi: Some versions allow attacker to execute commands as http daemon. Upgrade or remove.
  498. + /scgi-bin/mmstdod.cgi: May allow attacker to execute remote commands. Upgrade to version 3.0.26 or higher.
  499. + /scgi-bin/pagelog.cgi: Some versions of this allow you to create system files. Request 'pagelog.cgi?name=../../../../.././tmp/filename' to try.
  500. + /scgi-bin/perl?-v: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove Perl from the CGI dir.
  501. + /scgi-bin/perl.exe?-v: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove perl.exe from the CGI dir.
  502. + /scgi-bin/perl.exe: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove Perl from the CGI dir.
  503. + /scgi-bin/perl: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove Perl from the CGI dir.
  504. + /scgi-bin/plusmail: This CGI may allow attackers to execute commands remotely.
  505. + OSVDB-10944: /scgi-bin/scripts/slxweb.dll/getfile?type=Library&file=[invalid fileNikto]: SalesLogix WebClient may allow attackers to execute arbitrary commands on the host.
  506. + OSVDB-10944: /scgi-bin/scripts/slxweb.dll/getfile?type=Library&file=[invalid filename]: SalesLogix WebClient may allow attackers to execute arbitrary commands on the host.
  507. + /scgi-bin/smartsearch.cgi?keywords=|/bin/cat%20/etc/passwd|: To check for remote execution vulnerability use ?keywords=|/bin/ls| or your favorite command
  508. + /scgi-bin/smartsearch/smartsearch.cgi?keywords=|/bin/cat%20/etc/passwd|: To check for remote execution vulnerability use ?keywords=|/bin/ls| or your favorite command
  509. + OSVDB-54034: /scgi-bin/spin_client.cgi?aaaaaaaa: This CGI may be vulnerable to remote execution by sending 8000 x 'a' characters (check to see if you get a 500 error message)
  510. + OSVDB-10598: /scgi-bin/sscd_suncourier.pl: Sunsolve CD script may allow users to execute arbitrary commands. The script was confirmed to exist, but the test was not done.
  511. + OSVDB-13981: /scgi-bin/viralator.cgi: May be vulnerable to command injection, upgrade to 0.9pre2 or newer. This flaw could not be confirmed.
  512. + OSVDB-4854: /scgi-bin/virgil.cgi: The Virgil CGI Scanner 0.9 allows remote users to gain a system shell. This could not be confirmed (try syntax like virgil.cgi?tar=-lp&zielport=31337 to open a connection on port 31337.
  513. + OSVDB-2088: /scgi-bin/vpasswd.cgi: Some versions of this CGI allow attackers to execute commands on your system. Verify this is the latest version available.
  514. + OSVDB-236: /scgi-bin/webgais: The webgais allows attackers to execute commands.
  515. + OSVDB-237: /scgi-bin/websendmail: This CGI may allow attackers to execute arbitrary commands remotely.
  516. + /scgi-bin/wwwwais: wwwais has a vulnerability that lets attackers run commands as http daemon owner. Request 'CGIDIR/wwwais?version=version=123&' and 4096 bytes of garbage.
  517. + /scgi-bin/common/listrec.pl: This CGI allows attackers to execute commands on the host.
  518. + OSVDB-59031: /scgi-bin/stat.pl: Uninets StatsPlus 1.25 from http://www.uninetsolutions.com/stats.html may be vulnerable to command/script injection by manipulating HTTP_USER_AGENT or HTTP_REFERER.
  519. + OSVDB-28: /scgi-bin/cachemgr.cgi: Manager for squid proxy; problem with RedHat 6 making it public, can allow attacker to perform port scans.
  520. + OSVDB-142: /scgi-bin/ppdscgi.exe: PowerPlay Web Edition may allow unauthenticated users to view pages.
  521. + /scgi-bin/webif.cgi: HNS's webif.cgi is vulnerable to allow remote users to rewrite diary entries if 'direct mode' is enabled in version 2.00 and earlier, and Lite 0.8 and earlier.
  522. + /scgi-bin/.cobalt/siteUserMod/siteUserMod.cgi: Older versions of this CGI allow any user to change the administrator password.
  523. + /scgi-bin/webdriver: This CGI often allows anyone to access the Informix DB on the host.
  524. + /scgi-bin/c32web.exe/ChangeAdminPassword: This CGI may contain a backdoor and may allow attackers to change the Cart32 admin password.
  525. + /scgi-bin/cgi-lib.pl: CGI Library. If retrieved check to see if it is outdated, it may have vulns
  526. + /scgi-bin/log/nether-log.pl?checkit: Default Pass: nethernet-rules
  527. + /scgi-bin/mini_logger.cgi: Default password: guest
  528. + /scgi-bin/mt-static/: Movable Type weblog found. May contain security problems in CGIs, weak passwords, and more. Default login 'Melody' with password 'Nelson'.
  529. + /scgi-bin/mt/: Movable Type weblog found. May contain security problems in CGIs, weak passwords, and more. Default login 'Melody' with password 'Nelson'.
  530. + /scgi-bin/nimages.php: Alpha versions of the Nimages package vulnerable to non-specific 'major' security bugs.
  531. + /scgi-bin/robadmin.cgi: Default password: roblog
  532. + /scgi-bin/netpad.cgi: netpad.cgi may be an indication of a malicious user on the system, as it allows web access to the file system. It may also have remote vulnerabilities itself. This should be removed or protected.
  533. + /scgi-bin/troops.cgi: This CGI may be a leftover from a hacked site; may be used to attempt to hack other sites. It should be investigated further.
  534. + /scgi-bin/unlg1.1: web backdoor by ULG
  535. + /scgi-bin/unlg1.2: web backdoor by ULG
  536. + /scgi-bin/rwwwshell.pl: THC reverse www shell
  537. + /scgi-bin/photo/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more.
  538. + OSVDB-3093: /scgi-bin/ccbill-local.pl?cmd=MENU: This might be interesting... has been seen in web logs from an unknown scanner.
  539. + OSVDB-3093: /scgi-bin/ccbill-local.cgi?cmd=MENU: This might be interesting... has been seen in web logs from an unknown scanner.
  540. + OSVDB-3093: /scgi-bin/mastergate/search.cgi?search=0&search_on=all: This might be interesting... has been seen in web logs from an unknown scanner.
  541. + OSVDB-3093: /scgi-bin/Backup/add-passwd.cgi: This might be interesting... has been seen in web logs from an unknown scanner.
  542. + OSVDB-1642: /scgi-bin/gbook/gbook.cgi?_MAILTO=xx;ls: gbook.cgi allows command execution.
  543. + OSVDB-7161: /scgi-bin/bslist.cgi?email=x;ls: BSList allows command execution.
  544. + OSVDB-7162: /scgi-bin/bsguest.cgi?email=x;ls: BSGuest allows command execution.
  545. + OSVDB-136: /scgi-bin/phf: This allows attackers to read arbitrary files on the system and perhaps execute commands.
  546. + OSVDB-228: /scgi-bin/upload.cgi: The upload.cgi allows attackers to upload arbitrary files to the server.
  547. + OSVDB-127: /scgi-bin/nph-publish.cgi: This CGI may allow attackers to execute arbitrary commands on the server.
  548. + OSVDB-128: /scgi-bin/nph-test-cgi: This CGI lets attackers get a directory listing of the CGI directory.
  549. + OSVDB-2695: /scgi-bin/photo/: My Photo Gallery pre 3.6 contains multiple vulnerabilities including directory traversal, unspecified vulnerabilities and remote management interface access.
  550. + OSVDB-2717: /scgi-bin/include/new-visitor.inc.php: Les Visiteurs 2.0.1 and prior are vulnerable to remote command execution. BID 8902 for exploit example.
  551. + OSVDB-2735: /scgi-bin/musicqueue.cgi: Musicqueue 1.20 is vulnerable to a buffer overflow. Ensure the latest version is installed (exploit not attempted). http://musicqueue.sourceforge.net/
  552. + OSVDB-279: /scgi-bin/windmail: Some versions are vulnerable. Request 'windmail?-n%20c:\boot.ini%20you@youraddress.com' (replace your address) and see if you get the boot.ini file
  553. + OSVDB-279: /scgi-bin/windmail.exe: Some versions are vulnerable. Request 'windmail.exe?-n%20c:\boot.ini%20you@youraddress.com' (replace your address) and see if you get the boot.ini file
  554. ^[[B+ OSVDB-2873: /scgi-bin/gbadmin.cgi?action=change_adminpass: RNN Guestbook 1.2 contains multiple vulnerabilities including remotely changing administrative password, deleting posts, changing the setup, remotely executing commands, and more. By default, the admin password is either 'admin' or 'demo'. See Nov 26, 200
  555. + OSVDB-2873: /scgi-bin/gbadmin.cgi?action=change_automail: RNN Guestbook 1.2 contains multiple vulnerabilities including remotely changing administrative password, deleting posts, changing the setup, remotely executing commands, and more. By default, the admin password is either 'admin' or 'demo'. See Nov 26, 200
  556. + OSVDB-2873: /scgi-bin/gbadmin.cgi?action=colors: RNN Guestbook 1.2 contains multiple vulnerabilities including remotely changing administrative password, deleting posts, changing the setup, remotely executing commands, and more. By default, the admin password is either 'admin' or 'demo'. See Nov 26, 200
  557. + OSVDB-2873: /scgi-bin/gbadmin.cgi?action=setup: RNN Guestbook 1.2 contains multiple vulnerabilities including remotely changing administrative password, deleting posts, changing the setup, remotely executing commands, and more. By default, the admin password is either 'admin' or 'demo'. See Nov 26, 200
  558. + OSVDB-2915: /scgi-bin/gbpass.pl: RNN Guestbook 1.2 password storage file. Administrative password should be stored in plaintext. Access gbadmin.cgi in the same directory to (ab)use. By default, the admin password is either 'admin' or 'demo'. See Nov 26, 2003 BugTraq post by brainrawt@ha
  559. + OSVDB-3092: /scgi-bin/addalink.cgi: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
  560. + OSVDB-3092: /scgi-bin/cgiecho: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
  561. + OSVDB-3092: /scgi-bin/cgiemail: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
  562. + OSVDB-3092: /scgi-bin/countedit: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
  563. + OSVDB-3092: /scgi-bin/domainredirect.cgi: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
  564. + OSVDB-3092: /scgi-bin/entropybanner.cgi: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
  565. + OSVDB-3092: /cgi-sys/entropysearch.cgi?query=asdfasdf&user=root&basehref=%2F%2Fwww.yourdomain.com/: CPanel's Entropy Search allows username enumeration via the user parameter.
  566. + OSVDB-3092: /cgi-sys/FormMail-clone.cgi: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
  567. + OSVDB-3092: /scgi-bin/helpdesk.cgi: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
  568. + OSVDB-3092: /scgi-bin/mchat.cgi: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
  569. + OSVDB-3092: /scgi-bin/randhtml.cgi: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
  570. + OSVDB-3092: /scgi-bin/realhelpdesk.cgi: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
  571. + OSVDB-3092: /scgi-bin/realsignup.cgi: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
  572. + OSVDB-3092: /cgi-sys/scgiwrap: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
  573. + OSVDB-3092: /scgi-bin/scgiwrap: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
  574. + OSVDB-3092: /scgi-bin/signup.cgi: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
  575. + OSVDB-3092: /scgi-bin/GW5/GWWEB.EXE: Groupwise web interface
  576. + OSVDB-3092: /scgi-bin/dbmlparser.exe: This might be interesting...
  577. + OSVDB-3092: /scgi-bin/: This might be interesting... possibly a system shell found.
  578. + OSVDB-3092: /scgi-bin/.fhp: This might be interesting...
  579. + OSVDB-3092: /scgi-bin/add_ftp.cgi: This might be interesting...
  580. + OSVDB-3092: /scgi-bin/admin.cgi: This might be interesting...
  581. + OSVDB-3092: /scgi-bin/admin.php: This might be interesting...
  582. + OSVDB-3092: /scgi-bin/admin.php3: This might be interesting...
  583. + OSVDB-3092: /scgi-bin/admin.pl: Might be interesting
  584. + OSVDB-3092: /scgi-bin/adminhot.cgi: This might be interesting... has been seen in web logs from another CGI scanner.
  585. + OSVDB-3092: /scgi-bin/adminwww.cgi: This might be interesting... has been seen in web logs from another CGI scanner.
  586. + OSVDB-3092: /scgi-bin/AnyBoard.cgi: This might be interesting...
  587. + OSVDB-3092: /scgi-bin/AnyForm: This might be interesting...
  588. + OSVDB-3092: /scgi-bin/AnyForm2: This might be interesting...
  589. + OSVDB-3092: /scgi-bin/ash: This might be interesting... possibly a system shell found.
  590. + OSVDB-3092: /scgi-bin/ax-admin.cgi: This might be interesting...
  591. + OSVDB-3092: /scgi-bin/ax.cgi: This might be interesting...
  592. + OSVDB-3092: /scgi-bin/axs.cgi: This might be interesting...
  593. + OSVDB-3092: /scgi-bin/bash: This might be interesting... possibly a system shell found.
  594. + OSVDB-3092: /scgi-bin/bnbform: This might be interesting...
  595. + OSVDB-3092: /scgi-bin/bnbform.cgi: This might be interesting...
  596. + OSVDB-3092: /scgi-bin/cart.pl: This might be interesting...
  597. + OSVDB-3092: /scgi-bin/cgimail.exe: This might be interesting...
  598. + OSVDB-3092: /scgi-bin/classifieds: This might be interesting...
  599. + OSVDB-3092: /scgi-bin/classifieds.cgi: This might be interesting...
  600. + OSVDB-3092: /scgi-bin/clickcount.pl?view=test: This might be interesting...
  601. + OSVDB-3092: /scgi-bin/code.php: This might be interesting...
  602. + OSVDB-3092: /scgi-bin/code.php3: This might be interesting...
  603. + OSVDB-3092: /scgi-bin/count.cgi: This might be interesting...
  604. + OSVDB-3092: /scgi-bin/csh: This might be interesting... possibly a system shell found.
  605. + OSVDB-3092: /scgi-bin/cstat.pl: This might be interesting...
  606. + OSVDB-3092: /scgi-bin/c_download.cgi: This might be interesting...
  607. + OSVDB-3092: /scgi-bin/dasp/fm_shell.asp: This might be interesting...
  608. + OSVDB-3092: /scgi-bin/day5datacopier.cgi: This might be interesting...
  609. + OSVDB-3092: /scgi-bin/dfire.cgi: This might be interesting...
  610. + OSVDB-3092: /scgi-bin/dig.cgi: This might be interesting...
  611. + OSVDB-3092: /scgi-bin/displayTC.pl: This might be interesting...
  612. + OSVDB-3092: /scgi-bin/edit.pl: This might be interesting...
  613. + OSVDB-3092: /scgi-bin/enter.cgi: This might be interesting...
  614. + OSVDB-3092: /scgi-bin/environ.cgi: This might be interesting...
  615. + OSVDB-3092: /scgi-bin/environ.pl: This might be interesting...
  616. + OSVDB-3092: /scgi-bin/ex-logger.pl: This might be interesting...
  617. + OSVDB-3092: /scgi-bin/excite: This might be interesting...
  618. + OSVDB-3092: /scgi-bin/filemail: This might be interesting...
  619. + OSVDB-3092: /scgi-bin/filemail.pl: This might be interesting...
  620. + OSVDB-3092: /scgi-bin/ftp.pl: This might be interesting... is file transfer allowed?
  621. + OSVDB-3092: /scgi-bin/ftpsh: This might be interesting... possibly a system shell found.
  622. + OSVDB-3092: /scgi-bin/getdoc.cgi: This might be interesting...
  623. + OSVDB-3092: /scgi-bin/glimpse: This might be interesting...
  624. + OSVDB-3092: /scgi-bin/hitview.cgi: This might be interesting...
  625. + OSVDB-3092: /scgi-bin/jailshell: This might be interesting... possibly a system shell found.
  626. + OSVDB-105: /scgi-bin/jj: Allows attackers to execute commands as http daemon
  627. + OSVDB-3092: /scgi-bin/ksh: This might be interesting... possibly a system shell found.
  628. + OSVDB-3092: /scgi-bin/log-reader.cgi: This might be interesting...
  629. + OSVDB-3092: /scgi-bin/log/: This might be interesting...
  630. + OSVDB-3092: /scgi-bin/login.cgi: This might be interesting...
  631. + OSVDB-3092: /scgi-bin/login.pl: This might be interesting...
  632. + OSVDB-3092: /scgi-bin/logit.cgi: This might be interesting...
  633. + OSVDB-3092: /scgi-bin/logs.pl: This might be interesting...
  634. + OSVDB-3092: /scgi-bin/logs/: This might be interesting...
  635. + OSVDB-3092: /scgi-bin/logs/access_log: This might be interesting...
  636. + OSVDB-3092: /scgi-bin/logs/error_log: This might be interesting...
  637. + OSVDB-3092: /scgi-bin/lookwho.cgi: This might be interesting...
  638. + OSVDB-3092: /scgi-bin/maillist.cgi: This might be interesting...
  639. + OSVDB-3092: /scgi-bin/maillist.pl: This might be interesting...
  640. + OSVDB-3092: /scgi-bin/man.sh: This might be interesting...
  641. + OSVDB-3092: /scgi-bin/meta.pl: This might be interesting...
  642. + OSVDB-3092: /scgi-bin/minimal.exe: This might be interesting...
  643. + OSVDB-3092: /scgi-bin/nlog-smb.cgi: This might be interesting...
  644. + OSVDB-3092: /scgi-bin/nlog-smb.pl: This might be interesting...
  645. + OSVDB-3092: /scgi-bin/noshell: This might be interesting... possibly a system shell found.
  646. + OSVDB-3092: /scgi-bin/nph-publish: This might be interesting...
  647. + OSVDB-3092: /scgi-bin/ntitar.pl: This might be interesting...
  648. + OSVDB-3092: /scgi-bin/pass: This could be interesting...
  649. + OSVDB-3092: /scgi-bin/passwd: This could be interesting...
  650. + OSVDB-3092: /scgi-bin/passwd.txt: This could be interesting...
  651. + OSVDB-3092: /scgi-bin/password: This could be interesting...
  652. + OSVDB-3092: /scgi-bin/post_query: This might be interesting...
  653. + OSVDB-3092: /scgi-bin/pu3.pl: This might be interesting...
  654. + OSVDB-3092: /scgi-bin/ratlog.cgi: This might be interesting...
  655. + OSVDB-3092: /scgi-bin/responder.cgi: This might be interesting...
  656. + OSVDB-3092: /scgi-bin/rguest.exe: This might be interesting...
  657. + OSVDB-3092: /scgi-bin/rksh: This might be interesting... possibly a system shell found.
  658. + OSVDB-3092: /scgi-bin/rsh: This might be interesting... possibly a system shell found.
  659. + OSVDB-3092: /scgi-bin/search.cgi: This might be interesting...
  660. + OSVDB-3092: /scgi-bin/search.pl: This might be interesting...
  661. + OSVDB-3092: /scgi-bin/session/adminlogin: This might be interesting...
  662. + OSVDB-3092: /scgi-bin/sh: This might be interesting... possibly a system shell found.
  663. + OSVDB-3092: /scgi-bin/show.pl: This might be interesting...
  664. + OSVDB-3092: /scgi-bin/stat/: This might be interesting...
  665. + OSVDB-3092: /scgi-bin/stats-bin-p/reports/index.html: This might be interesting...
  666. + OSVDB-3092: /scgi-bin/stats.pl: This might be interesting...
  667. + OSVDB-3092: /scgi-bin/stats.prf: This might be interesting...
  668. + OSVDB-3092: /scgi-bin/stats/: This might be interesting...
  669. + OSVDB-3092: /scgi-bin/statsconfig: This might be interesting...
  670. + OSVDB-3092: /scgi-bin/stats_old/: This might be interesting...
  671. + OSVDB-3092: /scgi-bin/statview.pl: This might be interesting...
  672. + OSVDB-3092: /scgi-bin/survey: This might be interesting...
  673. + OSVDB-3092: /scgi-bin/survey.cgi: This might be interesting...
  674. + OSVDB-3092: /scgi-bin/tablebuild.pl: This might be interesting...
  675. + OSVDB-3092: /scgi-bin/tcsh: This might be interesting... possibly a system shell found.
  676. + OSVDB-3092: /scgi-bin/test.cgi: This might be interesting...
  677. + OSVDB-3092: /scgi-bin/test/test.cgi: This might be interesting...
  678. + OSVDB-3092: /scgi-bin/textcounter.pl: This might be interesting...
  679. + OSVDB-3092: /scgi-bin/tidfinder.cgi: This might be interesting...
  680. + OSVDB-3092: /scgi-bin/tigvote.cgi: This might be interesting...
  681. + OSVDB-3092: /scgi-bin/tpgnrock: This might be interesting...
  682. + OSVDB-3092: /scgi-bin/ultraboard.cgi: This might be interesting...
  683. + OSVDB-3092: /scgi-bin/ultraboard.pl: This might be interesting...
  684. + OSVDB-3092: /scgi-bin/viewlogs.pl: This might be interesting...
  685. + OSVDB-3092: /scgi-bin/visitor.exe: This might be interesting...
  686. + OSVDB-3092: /scgi-bin/w3-msql: This might be interesting...
  687. + OSVDB-3092: /scgi-bin/w3-sql: This might be interesting...
  688. + OSVDB-3092: /scgi-bin/webais: This might be interesting...
  689. + OSVDB-3092: /scgi-bin/webbbs.cgi: This might be interesting...
  690. + OSVDB-3092: /scgi-bin/webbbs.exe: This might be interesting...
  691. + OSVDB-3092: /scgi-bin/webutil.pl: This might be interesting... has been seen in web logs from another CGI scanner.
  692. + OSVDB-3092: /scgi-bin/webutils.pl: This might be interesting... has been seen in web logs from another CGI scanner.
  693. + OSVDB-3092: /scgi-bin/webwho.pl: This might be interesting... has been seen in web logs from another CGI scanner.
  694. + OSVDB-3092: /scgi-bin/wguest.exe: This might be interesting...
  695. + OSVDB-3092: /scgi-bin/www-sql: This might be interesting...
  696. + OSVDB-3092: /scgi-bin/wwwboard.cgi.cgi: This might be interesting...
  697. + OSVDB-3092: /scgi-bin/wwwboard.pl: This might be interesting...
  698. + OSVDB-3092: /scgi-bin/wwwstats.pl: This might be interesting...
  699. + OSVDB-3092: /scgi-bin/wwwthreads/3tvars.pm: This might be interesting...
  700. + OSVDB-3092: /scgi-bin/wwwthreads/w3tvars.pm: This might be interesting...
  701. + OSVDB-3092: /scgi-bin/zsh: This might be interesting... possibly a system shell found.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!