Network Vulnerability Assessment Report |
| |
Sorted by host names |
| |||||||||
|
Id | Name |
10747 | 3Com Superstack II switch with default password |
11187 | 4553 Parasite Mothership Detect |
10669 | A1Stats |
10351 | The ACC router shows configuration without authentication |
11109 | Achievo code injection |
11007 | ActiveState Perl directory traversal |
10880 | AdMentor Login Flaw |
10441 | AFS client version |
10836 | Agora CGI Cross Site Scripting |
10009 | AIX ftpd buffer overflow |
10760 | Alcatel ADSL Modem with Firewalling off |
10530 | Passwordless Alcatel ADSL Modem |
11170 | Alcatel OmniSwitch 7700/7800 switches backdoor |
11019 | Alcatel PABX 4400 detection |
10818 | Alchemy Eye HTTP Command Execution |
10011 | get32.exe |
10010 | AliBaba path climbing |
10012 | Alibaba 2.0 buffer overflow |
10013 | alibaba.pl |
10014 | tst.bat |
11027 | AlienForm CGI script |
10015 | AltaVista Intranet Search |
11118 | alya.cgi |
10462 | Amanda client version |
10742 | Amanda Index Server version |
10644 | anacondaclip |
10536 | Anaconda remote file retrieval |
10445 | AnalogX denial of service by long cgi name |
10366 | AnalogX denial of service |
10489 | Analogx Web server traversal |
10016 | AN-HTTPd tests CGIs |
10017 | Annex DoS |
10277 | AnyForm |
10753 | AOLserver Default Password |
11137 | Apache < 1.3.27 |
10752 | Apache Auth Module SQL Insertion Attack |
10938 | Apache Remote Command Execution via .bat files |
11030 | Apache chunked encoding |
10704 | Apache Directory Listing |
10678 | Apache /server-info accessible |
10677 | Apache /server-status accessible |
10440 | Check for Apache Multiple / vulnerability |
10480 | Apache::ASP source.asp |
10918 | Apache-SSL overflow |
11042 | Apache Tomcat DOS Device Name XSS |
11041 | Apache Tomcat /servlet Cross Site Scripting |
11046 | Apache Tomcat TroubleShooter Servlet Installed |
10766 | Apache UserDir Sensitive Information Disclosure |
11092 | Apache 2.0.39 Win32 directory traversal |
11090 | AppSocket DoS |
11105 | ARCserve hidden share |
10018 | Knox Arkeia buffer overflow |
10019 | Ascend Kill |
10666 | AppleShare IP Server status query |
10844 | ASP.NET Cross Site Scripting |
10843 | ASP.NET path disclosure |
10362 | ASP source using ::$DATA trick |
10363 | ASP source using %2e trick |
11071 | ASP source using %20 trick |
10020 | + + + ATH0 modem hangup |
10638 | auktion.cgi |
10021 | Identd enabled |
10875 | Avenger's News System Command Execution |
11096 | Avirt gateway insecure telnet proxy |
11102 | Awol code injection |
10022 | Axent Raptor's DoS |
10502 | Axis Camera Default Password |
10023 | Bypass Axis Storpoint CD authentication |
10024 | BackOrifice |
10872 | BadBlue Directory Traversal Vulnerability |
11062 | BadBlue invalid GET DoS |
11064 | BadBlue invalid null byte vulnerability |
10601 | Basilix includes download |
11072 | Basilix webmail dummy request vulnerability |
10025 | bb-hist.sh |
10460 | bb-hostsvc.sh |
10507 | Sun's Java Web Server remote command execution |
10949 | BEA WebLogic Scripts Server scripts Source Disclosure (2) |
10715 | BEA WebLogic Scripts Server scripts Source Disclosure |
11052 | BenHur Firewall active FTP firewall leak |
10026 | BFTelnet DoS |
10579 | bftpd chown overflow |
10568 | bftpd format string vulnerability |
10027 | bigconf |
11051 | BIND9 DoS |
10728 | Determine if Bind 9 is running |
10605 | BIND vulnerable to overflows |
10886 | BIND vulnerable to DNS storm |
10329 | BIND iquery overflow |
10539 | Useable remote name server |
11152 | BIND vulnerable to cached RR overflow |
10028 | Determine which version of BIND name daemon is running |
10029 | BIND vulnerable |
10549 | BIND vulnerable to ZXFR bug |
10828 | SysV /bin/login buffer overflow (rlogin) |
10827 | SysV /bin/login buffer overflow (telnet) |
10383 | bizdb1-search.cgi located |
10927 | BlackIce DoS (ping flood) |
10030 | Bonk |
10031 | bootparamd service |
11082 | Boozt index.cgi overflow |
10686 | BroadVision Physical Path Disclosure Vulnerability |
10556 | Broker FTP files listing |
11130 | BrowseGate HTTP headers overflows |
11135 | Bugbear worm |
10389 | Cart32 ChangeAdminPassword |
10951 | cachefsd overflow |
10034 | RedHat 6.0 cachemgr.cgi |
10506 | calendar_admin.pl |
10035 | Campas |
11114 | Canna Overflow |
10388 | Cassandra NNTP Server DoS |
10032 | CA Unicenter's File Transfer Service is running |
10033 | CA Unicenter's Transport Service is running |
10724 | Cayman DSL router one char login |
10036 | CDK Detect |
10037 | CERN httpd problem |
10797 | ColdFusion Debug Mode |
10652 | cfingerd format string attack |
10038 | Cfinger's search.**@host feature |
10651 | cfinger's version |
10039 | /cgi-bin directory browsable ? |
10779 | CGIEmail's CGICso (Send CSO via CGI) Command Execution Vulnerability |
10780 | CGIEmail's Cross Site Scripting Vulnerability (cgicso) |
10552 | cgiforum |
10040 | cgitest.exe buffer overrun |
10041 | Cobalt RaQ2 cgiwrap |
10042 | Chameleon SMTPd overflow |
10043 | Chargen |
10044 | Checkpoint FW-1 identification |
10919 | Check open ports |
11011 | Port 445 open when 139 is not |
10561 | cisco 675 http DoS |
10045 | Cisco 675 passwordless router |
11014 | Cisco Aironet Telnet DoS |
11012 | ATA-186 password circumvention / recovery |
10545 | Cisco Catalyst Web Execution |
10046 | Cisco DoS |
10970 | GSR ACL pub |
10971 | GSR ICMP unreachable |
10700 | Cisco IOS HTTP Configuration Arbitrary Administrative Access |
10387 | cisco http DoS |
10754 | Cisco password not set |
10972 | Multiple SSH vulnerabilities |
10682 | CISCO view-source DoS |
11013 | Cisco VoIP phones DoS |
10942 | Check for a Citrix server |
11138 | Citrix published applications |
10047 | CMail's MAIL FROM overflow |
11073 | readmsg.php detection |
11190 | overflow.cgi detection |
10793 | Cobalt Web Administration Server Detection |
10713 | CodeRed version X detection |
10581 | Cold Fusion Administration Page Overflow |
10001 | ColdFusion Vulnerability |
10612 | commerce.cgi |
10048 | Communigate Pro overflow |
10746 | Compaq WBEM Server Detection |
10049 | Count.cgi |
10675 | CheckPoint Firewall-1 Telnet Authentication Detection |
10676 | CheckPoint Firewall-1 Web Authentication Detection |
10815 | Web Server Cross Site Scripting |
10973 | CSCdi34061 |
10974 | CSCdi36962 |
10975 | CSCdp35794 |
10976 | CSCds04747 |
10977 | CSCds07326 |
10978 | CSCds66191 |
10979 | CSCdt46181 |
10980 | CSCdt62732 |
10981 | CSCdt65960 |
10982 | CSCdt93866 |
10983 | CSCdu20643 |
10984 | CSCdu81936 |
10985 | CSCdv48261 |
10986 | CSCdw19195 |
10987 | CSCdw67458 |
11056 | CSCdy03429 |
10050 | CSM Mail server MTA 'HELO' denial |
10924 | csSearch.cgi |
10051 | A CVS pserver is running |
10922 | CVS/Entries |
10465 | CVSWeb 1.80 gives a shell to cvs committers |
10402 | CVSWeb detection |
10368 | Dansie Shopping Cart backdoor |
10052 | Daytime |
10871 | DB2 DOS |
11182 | DB4Web directory traversal |
11180 | DB4Web TCP relay |
10403 | DBMan CGI server information leakage |
10736 | DCE Services Enumeration |
10583 | dcforum |
10718 | DCShop exposes sensitive files |
10961 | AirConnect Default Password |
10962 | Cabletron Web View Administrative Access |
10963 | Compaq Web Based Management Agent Proxy Vulnerability |
11032 | Directory Scanner |
10820 | F5 Device Default Support Password |
10990 | FTP Service Allows Any Username |
10991 | IIS Global.asa Retrieval |
11003 | IIS Possible Compromise |
10993 | IIS ASP.NET Application Trace Enabled |
10994 | IPSwitch IMail SMTP Buffer Overflow |
10995 | Sun JavaServer Default Admin Password |
10996 | JRun Sample Files |
10997 | JRun directory traversal |
10998 | Shiva LanRover Blank Password |
10999 | Linksys Router Default Password |
11000 | MPEi/X Default Accounts |
11001 | MRTG mrtg.cgi File Disclosure |
10826 | Unprotected Netware Management Portal |
10819 | PIX Firewall Manager Directory Traversal |
10798 | Unprotected PC Anywhere Service |
10778 | Unprotected SiteScope Service |
11004 | WhatsUp Gold Default Admin Account |
11098 | WS_FTP SITE CPWD Buffer Overflow |
10053 | DeepThroat |
10054 | Delegate overflow |
10876 | Delta UPS Daemon Detection |
10663 | DHCP server info gathering |
11104 | Directory Manager's edit_image.php |
11017 | directory.php |
10679 | directory pro web traversal |
10438 | Netwin's DMail ETRN overflow |
10595 | DNS AXFR |
10056 | /doc directory browsable ? |
10518 | /doc/packages directory browsable ? |
10953 | Authentication bypassing in Lotus Domino |
10629 | Lotus Domino administration databases |
10058 | Domino HTTP server exposes the set up of the filesystem |
10059 | Domino HTTP Denial |
10057 | Lotus Domino ?open Vulnerability |
10450 | Dragon FTP overflow |
10451 | Dragon telnet overflow |
10833 | dtspcd overflow |
10060 | Dumpenv |
11075 | dwhttpd format string |
10061 | Echo port open |
11022 | eDonkey detection |
10928 | EFTP buffer overflow |
10933 | EFTP tells if a given file exists |
10510 | EFTP carriage return DoS |
11093 | EFTP installation directory disclosure |
10062 | Eicon Diehl LAN ISDN modem DoS |
10609 | empower cgi path |
10063 | Eserv traversal |
10775 | E-Shopping Cart Arbitrary Command Execution (WebDiscount) |
10361 | SalesLogix Eviewer WebApp crash |
10570 | Unify eWave ServletExec 3.0C file upload |
10064 | Excite for WebServers |
10002 | IIS possible DoS using ExAir's advsearch |
10003 | IIS possible DoS using ExAir's query |
10004 | IIS possible DoS using ExAir's search |
10558 | Exchange Malformed MIME header |
10755 | Microsoft Exchange Public Folders Information Leak |
11100 | eXtremail format strings |
10065 | EZShopper 3.0 |
10066 | FakeBO buffer overflow |
11054 | fakeidentd overflow |
10837 | FAQManager Arbitrary File Reading Vulnerability |
10067 | Faxsurvey |
10838 | FastCGI Echo.exe Cross Site Scripting |
11026 | Access Point detection |
10069 | Finger zero at host feature |
11193 | akfingerd |
10070 | Finger backdoor |
10071 | Finger cgi |
10072 | Finger dot at host feature |
10534 | FreeBSD 4.1.1 Finger |
10068 | Finger |
10073 | Finger redirection check |
10788 | Solaris finger disclosure |
10074 | Firewall/1 UDP port 0 DoS |
10075 | FormHandler.cgi |
10076 | formmail.pl |
10782 | Formmail Version Information Disclosure |
10376 | htimage.exe overflow |
10078 | Microsoft Frontpage 'authors' exploits |
10497 | Microsoft Frontpage DoS |
10369 | Microsoft Frontpage dvwssr.dll backdoor |
10077 | Microsoft Frontpage exploits |
10699 | IIS FrontPage DoS II |
10405 | shtml.exe reveals full path |
11160 | Windows Administrator NULL FTP password |
10079 | Anonymous FTP enabled |
10080 | Linux FTP backdoor |
10081 | FTP bounce check |
10082 | FTPd tells if a user exists |
10083 | FTP CWD ~root |
10091 | FTPGate traversal |
10821 | FTPD glob Heap Corruption |
10648 | ftp 'glob' overflow |
10084 | ftp USER, PASS or HELP overflow |
10085 | Ftp PASV denial of service |
10086 | Ftp PASV on connect crashes the FTP server |
10467 | ftp.pl shows the listing of any dir |
10692 | ftpd strtok() stack overflow |
10087 | FTP real path |
10088 | Writeable FTP root |
10092 | FTP Server type and version |
10488 | FTP Serv-U 2.5e DoS |
10089 | FTP ServU CWD overflow |
10565 | Serv-U Directory traversal |
10090 | FTP site exec |
10653 | Solaris FTPd tells if a user exists |
11112 | Generic FTP traversal |
10929 | FTP Windows 98 MS/DOS device names DOS |
11045 | Passwordless Zaurus FTP server |
11115 | gallery code injection |
10093 | GateCrasher |
10420 | Gauntlet overflow |
11037 | WEB-INF folder accessible |
10094 | GirlFriend |
10095 | glimpse |
10408 | Insecure Napster clone |
10946 | Gnutella servent detection |
10690 | GoodTech ftpd DoS |
10097 | GroupWise buffer overflow |
10877 | GroupWise Web Interface 'HELP' hole |
10873 | GroupWise Web Interface 'HTMLVER' hole |
10098 | guestbook.cgi |
10099 | guestbook.pl |
10694 | GuildFTPD Directory Traversal |
10471 | Guild FTPd tells if a given file exists |
10100 | Handler |
10731 | HealthD detection |
10101 | Home Free search.cgi directory traversal |
10102 | HotSync Manager Denial of Service attack |
10103 | HP LaserJet display hack |
10104 | HP LaserJet direct print |
10490 | hpux ftpd PASS vulnerability |
10606 | HSWeb document path |
10602 | hsx directory traversal |
10105 | htdig |
10495 | htgrep |
10106 | Htmlscript |
10784 | ht://Dig's htsearch potential exposure/dos |
10385 | ht://Dig's htsearch reveals web server path |
10527 | Boa file retrieval |
10484 | Read any file thanks to ~nobody/ |
10890 | HTTP NIDS evasion |
10498 | Test HTTP dangerous methods |
10763 | Detect the HTTP RPC endpoint mapper |
11040 | HTTP TRACE |
10582 | HTTP version spoken |
10107 | HTTP Server type and version |
10930 | HTTP Windows 98 MS/DOS device names DOS |
10533 | Web Shopper remote file retrieval |
10532 | eXtropia Web Store remote file retrieval |
10108 | Hyperbomb |
10109 | SCO i2odialogd buffer overrun |
11083 | ibillpm.pl |
10799 | IBM-HTTP-Server View Code |
10112 | icat |
10410 | ICEcap default password |
11044 | ICECast FileSystem disclosure |
10600 | ICECast Format String |
10110 | iChat |
10113 | icmp netmask request |
10114 | icmp timestamp request |
10347 | ICQ Denial of Service attack |
10115 | idq.dll directory traversal |
10889 | NIDS evasion |
10661 | IIS 5 .printer ISAPI filter applied |
10657 | NT IIS 5.0 Malformed HTTP Printer Request Header Buffer Overflow Vulnerability |
10572 | IIS 5.0 Sample App vulnerable to cross-site scripting attack |
10573 | IIS 5.0 Sample App reveals physical path of web root |
10358 | /iisadmin is world readable |
10492 | IIS IDA/IDQ Path Disclosure |
10935 | IIS ASP ISAPI filter Overflow |
10371 | /iisadmpwd/aexp2.htr |
10577 | Check for bdir.htr files |
10116 | IIS buffer overflow |
10956 | Codebrws.asp Source Disclosure Vulnerability |
10117 | IIS 'GET ../../' |
10671 | IIS Remote Command Execution |
10537 | IIS directory traversal |
10406 | IIS Malformed Extension Data in URL |
10575 | Check for IIS .cnf file leakage |
10680 | Test Microsoft IIS Source Fragment Disclosure |
10937 | IIS FrontPage ISAPI Denial of Service |
10585 | IIS FrontPage DoS |
10118 | IIS FTP server crash |
10932 | IIS .HTR ISAPI filter applied |
11028 | IIS .HTR overflow |
10695 | IIS .IDA ISAPI filter applied |
10685 | IIS ISAPI Overflow |
10119 | NT IIS Malformed HTTP Request Header DoS Vulnerability |
10759 | Content-Location HTTP Header |
10120 | IIS perl.exe problem |
10667 | IIS 5.0 PROPFIND Vulnerability |
10631 | IIS propfind DoS |
10372 | /scripts/repost.asp |
10370 | IIS dangerous sample files |
10121 | /scripts directory browsable |
10576 | Check for dangerous IIS default files |
10732 | IIS 5.0 WebDav Memory Leakage |
10936 | IIS XSS via 404 error |
11142 | IIS XSS via error |
10941 | IPSEC IKE check |
10122 | imagemap.exe |
10496 | Imail Host: overflow |
10123 | Imail's imap buffer overflow |
10124 | Imail's imonitor buffer overflow |
10625 | IMAP4rev1 buffer overflow after logon |
10966 | IMAP4buffer overflow in the BODY command |
10125 | Imap buffer overflow |
10435 | Imate HELO overflow |
10801 | IMP Session Hijacking Bug |
10126 | in.fingerd pipe |
10127 | info2www |
10805 | Informix traversal |
10128 | infosrch.cgi |
10436 | INN version check (2) |
10129 | INN version check |
11128 | redhat Interchange |
10353 | Interscan 3.32 SMTP Denial |
10733 | InterScan VirusWall Remote Configuration Vulnerability |
10111 | iParty |
11068 | iPlanet chunked encoding |
10130 | ipop2d buffer overflow |
10589 | iPlanet Directory Server traversal |
11043 | iPlanet Search Engine File Viewing |
10683 | iPlanet Certificate Management Traversal |
10469 | ipop2d reads arbitrary files |
10455 | Buffer Overrun in ITHouse Mail Server v1.04 |
10538 | iWS shtml overflow |
11047 | Jigsaw webserver MS/DOS device DoS |
10131 | jj cgi |
10604 | Allaire JRun Directory Listing |
10814 | Allaire JRun directory browsing vulnerability |
10444 | JRun's viewsource.jsp |
10957 | JServ Cross Site Scripting |
10925 | Oracle Jserv Executes outside of doc_root |
10751 | Kazaa / Morpheus Client Detection |
11166 | KF Web Server /%00 bug |
10375 | Ken! DoS |
10411 | klogind overflow |
10640 | Kerberos PingPong attack |
10132 | Kuang2 the Virus |
10541 | KW whois |
10796 | scan for LaBrea tarpitted hosts |
11063 | LabView web server DoS |
10133 | Land |
10378 | LCDproc buffer overflow |
10379 | LCDproc server detection |
10722 | LDAP allows null bases |
10723 | LDAP allows anonymous binds |
10812 | libgtop_daemon format string |
11122 | Libwhisker options |
10135 | LinuxConf grants network access |
10134 | Linux 2.1.89 - 2.2.3 : 0 length fragment bug |
10646 | Lion worm |
10769 | Checks for listrec.pl |
11155 | LiteServe URL Decoding DoS |
11005 | LocalWeb2000 remote read |
10870 | Login configurations |
10543 | Lotus Domino SMTP overflow |
10419 | Lotus MAIL FROM overflow |
10795 | Lotus Notes ?OpenServer Information Disclosure |
11009 | Lotus Domino Banner Information Disclosure Vulnerability |
11023 | lpd, dvips and remote command execution |
10727 | Buffer overflow in Solaris in.lpd |
10522 | LPRng malformed input |
10566 | mmstdod.cgi |
10641 | mailnews.cgi |
10635 | Marconi ASX DoS |
10562 | Master Index directory traversal vulnerability |
10137 | MDaemon DoS |
10136 | MDaemon crash |
10138 | MDaemon Webconfig crash |
10139 | MDaemon Worldclient crash |
10422 | MDBMS overflow |
10140 | MediaHouse Statistic Server Buffer Overflow |
10748 | Mediahouse Statistics Web Server Detect |
10620 | EXPN overflow |
10382 | Atrium Mercur Mailserver |
10346 | Mercur WebView WebClient |
10141 | MetaInfo servers |
10473 | MiniVend Piped command |
10735 | Generic flood |
11133 | Generic format string |
10359 | ctss.idc check |
11124 | mldonkey telnet |
11125 | mldonkey www |
10947 | mod_python handle abuse |
11039 | mod_ssl off by one |
10888 | mod_ssl overflow |
10357 | RDS / MDAC Vulnerability (msadcs.dll) located |
11161 | RDS / MDAC Vulnerability Content-Type overflow |
10939 | MSDTC denial of service by flooding with nul bytes |
10934 | MS FTPd DoS |
10356 | Microsoft's Index server reveals ASP source code |
10142 | MS Personal WebServer ... |
10143 | MSQL CGI overflow |
11159 | MS RPC Services null pointer reference DoS |
11018 | MS Site Server Information Leak |
10885 | MS SMTP DoS |
10673 | Microsoft's SQL Blank Password |
10862 | Microsoft's SQL Server Brute Force |
11067 | Microsoft's SQL Hello Overflow |
10674 | Microsoft's SQL UDP Info Query |
10144 | Microsoft's SQL TCP/IP listener is running |
10145 | Microsoft's SQL TCP/IP denial of service |
10390 | mstream agent Detect |
10391 | mstream handler Detect |
10418 | Standard & Poors detection |
10516 | multihtml cgi |
10822 | Multiple WarFTPd DoS |
10707 | McAfee myCIO detection |
10706 | McAfee myCIO Directory Traversal |
10343 | MySQLs accepts any password |
10626 | MySQL various flaws |
11192 | multiple MySQL flaws |
10481 | Unpassworded MySQL |
10719 | MySQL Server version |
10424 | NAI Management Agent leaks info |
10425 | NAI Management Agent overflow |
10344 | Detect the presence of Napster |
10761 | Detect CIS ports |
10721 | ncbook/book.cgi |
10665 | tektronix's _ncl_items.shtml |
10146 | Tektronix /ncl_items.html |
10988 | Netware NDS Object Enumeration |
10739 | Novell Web Server NDS Tree Browsing |
10147 | A Nessus Daemon is running |
10148 | Nestea |
10494 | Netauth |
10149 | NetBeans Java IDE |
10150 | Using NetBIOS to retrieve information from a Windows host |
10152 | NetBus 2.x |
10151 | NetBus 1.x |
11020 | NetCommerce SQL injection |
10154 | Netscape Enterprise 'Accept' buffer overflow |
10468 | Netscape Administration Server admin password |
10155 | Netscape Enterprise Server DoS |
10689 | Netscape Enterprise '../' buffer overflow |
10691 | Netscape Enterprise INDEX request problem |
10156 | Netscape FastTrack 'get' |
10580 | netscape imap buffer overflow after logon |
10153 | Netscape Server ?PageServices bug |
10681 | Netscape Messenging Server User List |
10364 | netscape publishingXpert 2 PSUser problem |
10352 | Netscape Server ?wp bug |
10005 | NetSphere |
10157 | netstat |
11106 | NetTools command execution |
11158 | Novell NetWare HTTP POST Perl Code Execution Vulnerability |
10360 | newdsn.exe check |
10586 | news desk |
10767 | Tests for Nimda Worm infected HTML files |
10251 | rpc.nisd overflow |
10158 | NIS server |
11033 | Misc information on News server |
10159 | News Server type and version |
10386 | No 404 check |
10160 | Nortel Contivity DoS |
10989 | Nortel/Bay Networks default password |
10528 | Nortel Networks passwordless router (manager level) |
10529 | Nortel Networks passwordless router (user level) |
10162 | Notes MTA denial |
10167 | NTMail3 spam feature |
10163 | Novell Border Manager |
10789 | Novell Groupwise WebAcc Information Disclosure |
10164 | nph-publish.cgi |
10165 | nph-test-cgi |
10540 | NSM format strings vulnerability |
10168 | Detect talkd server port and protocol version |
10166 | Windows NT ftp 'guest' account |
10884 | NTP read variables |
10647 | ntpd overflow |
11183 | HTTP negative Content-Length buffer overflow |
10654 | Oracle Application Server Overflow |
11074 | OfficeScan configuration file disclosure |
10716 | OmniPro HTTPd 2.08 scripts source full disclosure |
10578 | Oops buffer overflow |
10169 | OpenLink web config buffer overflow |
10608 | OpenSSH 2.3.1 authentication bypass vulnerability |
10802 | OpenSSH < 3.0.1 |
11031 | OpenSSH <= 3.3 |
10771 | OpenSSH 2.5.x -> 2.9.x adv.option |
10954 | OpenSSH AFS/Kerberos ticket/token passing |
10883 | OpenSSH Channel Code Off by 1 |
10823 | OpenSSH UseLogin Environment Variables |
10439 | OpenSSH < 2.1.1 UseLogin feature |
11060 | OpenSSL overflow (generic test) |
10848 | Oracle 9iAS Dynamic Monitoring Services |
11076 | Oracle webcache admin interface |
11081 | Oracle9iAS too long URL |
10849 | Oracle 9iAS DAD Admin interface |
10850 | Oracle 9iAS Globals.jsa access |
10851 | Oracle 9iAS Java Process Manager |
10852 | Oracle 9iAS Jsp Source File Reading |
10853 | Oracle 9iAS mod_plsql cross site scripting |
10840 | Oracle 9iAS mod_plsql Buffer Overflow |
10854 | Oracle 9iAS mod_plsql directory traversal |
10855 | Oracle XSQLServlet XSQLConfig.xml File |
10808 | DoSable Oracle WebCache server |
10737 | Oracle Applications One-Hour Install Detect |
10660 | Oracle tnslsnr security |
10658 | Oracle tnslsnr version query |
10738 | Oracle Web Administration Server Detection |
10594 | Oracle XSQL Stylesheet Vulnerability |
10613 | Oracle XSQL Sample Application Vulnerability |
10636 | Orange DoS |
10170 | OShare |
10773 | MacOS X Finder reveals contents of Apache Web files |
10756 | MacOS X Finder reveals contents of Apache Web directories |
10781 | Outlook Web anonymous access |
10348 | ows-bin |
10171 | Oracle Web Server denial of Service |
10591 | pagelog.cgi |
10611 | pals-cgi |
10517 | pam_smb / pam_ntdom overflow |
10345 | Passwordless Cayman DSL router |
10172 | Passwordless HP LaserJet |
10006 | PC Anywhere |
10794 | PC Anywhere TCP |
10783 | PCCS-Mysql User/Password Exposure |
10511 | /perl directory browsable ? |
10664 | perlcal |
10173 | perl interpreter can be launched as a CGI |
10811 | ActivePerl perlIS.dll Buffer Overflow |
10174 | pfdispaly |
10508 | PFTP login check |
10442 | NAI PGP Cert Server DoS |
11070 | PGPMail.pl detection |
10175 | Detect presence of PGPNet server and its version |
10176 | phf |
10564 | IIS phonebook |
10593 | phorum's common.cgi |
10670 | PHP3 Physical Path Disclosure Vulnerability |
11050 | php 4.2.x malformed POST |
11008 | PHP4 Physical Path Disclosure Vulnerability |
11101 | PHPAdsNew code injection |
10839 | PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability |
10513 | php file upload |
10628 | php IMAP overflow |
10574 | PHPix directory traversal vulnerability |
10535 | php log |
11116 | phpMyAdmin arbitrary files reading |
10750 | phpMyExplorer dir traversal |
10177 | php.cgi |
10772 | PHP-Nuke copying files security vulnerability (admin.php) |
10630 | PHP-Nuke security vulnerability (bb_smilies.php) |
10810 | PHP-Nuke Gallery Add-on File View |
10655 | PHP-Nuke' opendir |
10856 | PHP-Nuke sql_debug Information Disclosure |
10178 | php.cgi buffer overrun |
11117 | phpPgAdmin arbitrary files reading |
10831 | PHP Rocket Add-in File Traversal |
10701 | php safemode |
10867 | php POST file uploads |
11099 | Pi3Web Webserver v2.0 Buffer Overflow |
10618 | Pi3Web tstisap.dll overflow |
10179 | pimp |
10968 | ping.asp |
10180 | Ping the remote host |
10381 | Piranha's RH6.2 default password |
10181 | PlusMail vulnerability |
10182 | Livingston Portmaster crash |
10183 | pnserver crash |
10341 | Pocsag password |
10459 | Poll It v2.0 cgi |
10184 | Various pop3 overflows |
11080 | poprelayd & sendmail authentication problem |
10185 | POP3 Server type and version |
10186 | Portal of Doom |
10879 | Shell Command Execution Vulnerability |
10483 | Unpassworded PostgreSQL |
10187 | Cognos Powerplay WE Vulnerability |
10776 | Power Up Information Disclosure |
10622 | PPTP detection and versioning |
10188 | printenv |
10649 | processit |
10634 | proftpd exhaustion attack |
10189 | proftpd mkdir buffer overflow |
10190 | ProFTPd buffer overflow |
10464 | proftpd 1.2.0preN check |
10191 | ProFTPd pre6 buffer overflow |
10192 | Proxy accepts CONNECT requests |
10193 | Usable remote proxy on any port |
10194 | Proxy accepts POST requests |
10195 | Usable remote proxy |
11024 | p-smash DoS (ICMP 9 flood) |
11085 | Personal Web Sharing overflow |
11134 | QMTP |
10948 | qpopper options buffer overflow |
10423 | qpopper euidl problem |
10197 | qpopper LIST buffer overflow |
10196 | qpopper buffer overflow |
10931 | Quake3 Arena 1.29 f/g DOS |
10712 | quickstore traversal |
10198 | Quote of the day |
11123 | radmin detection |
10199 | RealServer Ramgen crash (ramcrash) |
10730 | Raptor FW version 6.5 detection |
11057 | Raptor Weak ISN |
10921 | RemotelyAnywhere SSH detection |
10920 | RemotelyAnywhere WWW detection |
10521 | Extent RBS ISP |
10554 | RealServer Memory Content Disclosure |
10200 | RealServer G2 buffer overrun |
10461 | Check for RealServer DoS |
10377 | RealServer denial of Service |
10201 | Relative IP Identification number change |
10202 | remwatch |
11048 | Resin DOS device path disclosure |
10656 | Resin traversal |
10203 | rexecd |
10392 | rfparalyze |
10204 | rfpoison |
11006 | RedHat 6.2 inetd |
10874 | Rich Media E-Commerce Stores Sensitive Information Insecurely |
10161 | rlogin -froot |
10205 | rlogin |
10627 | ROADS' search.pl |
10421 | Rockliffe's MailSite overflow |
10206 | Rover pop3 overflow |
10207 | Roxen counter module |
10479 | Roxen Server /%00/ bug |
10208 | 3270 mapper service |
10210 | alis service |
10211 | amd service |
10212 | automountd service |
10213 | cmsd service |
10214 | database service |
10215 | etherstatd service |
10216 | fam service |
11111 | rpcinfo -p |
10832 | Kcms Profile Server |
10217 | keyserv service |
10218 | llockmgr service |
10219 | nfsd service |
10220 | nlockmgr service |
10221 | nsed service |
10222 | nsemntd service |
10223 | RPC portmapper |
10224 | rexd service |
10225 | rje mapper service |
10226 | rquotad service |
10227 | rstatd service |
10228 | rusersd service |
10229 | sadmin service |
10230 | sched service |
10231 | selection service |
10232 | showfhd service |
10233 | snmp service |
10234 | sprayd service |
10235 | statd service |
10236 | statmon service |
10237 | sunlink mapper service |
10238 | tfsd service |
10787 | tooltalk format string |
10239 | tooltalk service |
10240 | walld service |
10209 | X25 service |
10241 | ypbind service |
10242 | yppasswd service |
10243 | ypupdated service |
10244 | ypxfrd service |
10340 | rpm_query CGI |
10245 | rsh |
10096 | rsh with null username |
10380 | rsh on finger output |
10762 | RTSP Server type and version |
11058 | rusersd output |
10950 | rpc.walld format string |
10804 | rwhois format string attack (2) |
10790 | rwhois format string attack |
10786 | Samba Remote Arbitrary File Creation |
11113 | Samba Buffer Overflow |
10246 | Sambar Web Server CGI scripts |
11131 | Sambar web server DOS |
10417 | Sambar /cgi-bin/mailit.pl installed ? |
10711 | Sambar webserver pagecount hole |
10514 | Directory listing through Sambar's search.dll |
10415 | Sambar sendmail /session/sendmail |
10416 | Sambar /sysadmin directory 2 |
11168 | Samba Unicode Buffer Overflow |
10623 | Savant original form CGI access |
11174 | HTTP negative Content-Length DoS |
10633 | Savant DoS |
10453 | sawmill allows the reading of the first line of any file |
10454 | sawmill password |
10720 | sdbsearch.cgi |
10710 | Checkpoint SecuRemote information leakage |
10617 | Checkpoint SecureRemote detection |
10637 | Sedum DoS |
10809 | Sendmail -bt option |
11086 | Sendmail custom configuration file |
11088 | Sendmail debug mode leak |
10247 | Sendmail DEBUG |
10248 | Sendmail 'decode' flaw |
10249 | EXPN and VRFY commands |
10278 | Sendmail 8.6.9 ident |
10729 | Sendmail 8.11 local overflow |
10055 | Sendmail 8.8.3 and 8.8.4 mime conversion overflow |
10588 | Sendmail mime overflow |
11087 | Sendmail queue manipulation & destruction |
10250 | Sendmail redirection check |
10614 | sendtemp.pl |
10958 | ServletExec 4.1 ISAPI DoS |
10959 | ServletExec 4.1 ISAPI File Reading |
10960 | ServletExec 4.1 ISAPI Physical Path Disclosure |
11021 | irix rpc.passwd overflow |
10770 | sglMerchant Information Disclosure Vulnerability |
10350 | Shaft Detect |
10967 | Shambala web server DoS |
10252 | Shells in /cgi-bin |
10500 | Shiva Integrator Default Password |
10764 | Shopping Cart Arbitrary Command Execution (Hassan) |
10774 | ShopPlus Arbitrary Command Execution |
10717 | SHOUTcast Server DoS detector vulnerability |
10007 | ShowCode possible |
10437 | NFS export |
10847 | SilverStream database structure |
10846 | SilverStream directory listing |
11035 | AnalogX SimpleServer:WWW DoS |
10705 | SimpleServer remote execution |
10740 | SiteScope Web Managegment Server Detect |
10741 | SiteScope Web Administration Server Detection |
10253 | Cobalt siteUserMod cgi |
10725 | SIX Webboard's generate.cgi |
10255 | SLMail:27 denial of service |
10256 | SLMail MTA 'HELO' denial |
10254 | SLMail denial of service |
10257 | SmartServer pop3 overflow |
10396 | SMB shares access |
10524 | SMB Windows9x password verification vulnerability |
10414 | WinLogon.exe DoS |
10398 | SMB get domain SID |
10456 | SMB enum services |
10395 | SMB shares enumeration |
10901 | Users in the 'Account Operator' group |
10902 | Users in the Admin group |
10904 | Users in the 'Backup Operator' group |
10908 | Users in the Domain Admin group |
10905 | Users in the 'Print Operator' group |
10906 | Users in the 'Replicator' group |
10349 | sojourn.cgi |
10907 | Guest belongs to a group |
10903 | Users in the 'System Operator' group |
10859 | SMB get host SID |
10397 | SMB LanMan Pipe Server browse listing |
10911 | Local users information : automatically disabled accounts |
10912 | Local users information : Can't change password |
10913 | Local users information : disabled accounts |
10914 | Local users information : Never changed password |
10915 | Local users information : User has never logged on |
10916 | Local users information : Passwords never expires |
10404 | SMB log in as users |
10394 | SMB log in |
10642 | SMB Registry : SQL7 Patches |
10785 | SMB NativeLanMan |
10893 | Obtains the lists of users aliases |
10894 | Obtains the lists of users groups |
10910 | Obtains local user information |
10892 | Obtains user information |
10433 | NT IP fragment reassembly patch not applied (jolt2) |
10434 | NT ResetBrowser frame & HostAnnouncement flood patc |
10482 | NetBIOS Name Server Protocol Spoofing patch |
10486 | Relative Shell Path patch |
10485 | Service Control Manager Named Pipe Impersonation patch |
10499 | Local Security Policy Corruption |
10504 | Still Image Service Privilege Escalation patch |
10509 | Malformed RPC Packet patch |
10519 | Telnet Client NTLM Authentication Vulnerability |
10525 | LPC and LPC Ports Vulnerabilities patch |
10632 | Webserver file request parsing |
10555 | Domain account lockout vulnerability |
10563 | Incomplete TCP/IP packet vulnerability |
10603 | Winsock Mutex vulnerability |
10693 | NTLMSSP Privilege Escalation |
10615 | Malformed PPTP Packet Stream vulnerability |
10619 | Malformed request to domain controller |
10668 | Malformed request to index server |
10734 | IrDA access violation patch |
10806 | RPC Endpoint Mapper can Cause RPC Service to Fail |
10861 | IE 5.01 5.5 6.0 Cumulative patch Q324929 |
10865 | Checks for MS HOTFIX for snmp buffer overruns |
10866 | XML Core Services patch (Q318203) |
10926 | IE VBScript Handling patch (Q318089) |
10945 | Opening Group Policy Files (Q318089) |
10944 | MUP overlong request kernel overflow Patch (Q311967) |
10943 | Cumulative Patch for Internet Information Services (Q327696) |
10964 | Windows Debugger flaw can Lead to Elevated Privileges (Q320206) |
11143 | Exchange 2000 Exhaust CPU Resources (Q320436) |
11029 | Windows RAS overflow (Q318138) |
11091 | Windows Network Manager Privilege Elevation (Q326886) |
11144 | Flaw in Certificate Enrollment Control (Q323172) |
11145 | Certificate Validation Flaw Could Enable Identity Spoofing (Q328145) |
11146 | Microsoft RDP flaws could allow sniffing and DOS(Q324380) |
11177 | Flaw in Microsoft VM JDBC Classes Could Allow Code Execution (Q329077) |
11148 | Unchecked Buffer in Decompression Functions(Q329048) |
11147 | Unchecked Buffer in Windows Help(Q323255) |
11178 | Unchecked Buffer in PPTP Implementation Could Enable DOS Attacks (Q329834) |
11191 | WM_TIMER Message Handler Privilege Elevation (Q328310) |
11110 | SMB null param count DoS |
10412 | SMB Registry : Autologon |
10427 | SMB Registry : permissions of HKLM |
10400 | SMB accessible registry |
10428 | SMB fully accessible registry |
10431 | SMB Registry : missing winreg |
10413 | SMB Registry : is the remote host a PDC/BDC |
10567 | SMB Registry : permissions of the RAS key |
10430 | SMB Registry : permissions of keys that can lead to admin |
10426 | SMB Registry : permissions of Schedule |
10401 | SMB Registry : NT4 Service Pack version |
10531 | SMB Registry : Win2k Service Pack version |
11119 | SMB Registry : XP Service Pack version |
10449 | SMB Registry : value of SFCDisable |
10432 | SMB Registry : permissions of keys that can change common paths |
10429 | SMB Registry : permissions of winlogon |
10553 | SMB Registry : permissions of WinVNC's key |
10917 | SMB Scope |
10860 | SMB use host SID to enumerate local users |
10399 | SMB use domain SID to enumerate users |
10457 | The alerter service is running |
10458 | The messenger service is running |
10895 | Users information : automatically disabled accounts |
10896 | Users information : Can't change password |
10897 | Users information : disabled accounts |
10898 | Users information : Never changed password |
10899 | Users information : User has never logged on |
10900 | Users information : Passwords never expires |
10835 | Unchecked Buffer in XP upnp |
11141 | Crash SMC AP |
11034 | SMTP antivirus filter |
11036 | SMTP antivirus scanner DoS |
10258 | Sendmail's from piped program |
10520 | PIX's smtp content filtering |
10259 | Sendmail mailing to files |
10260 | HELO overflow |
10703 | SMTP Authentication Error |
11053 | IMC SMTP EHLO Buffer Overrun |
10261 | Sendmail mailing to programs |
10262 | Mail relaying |
10263 | SMTP Server type and version |
11038 | SMTP settings |
11079 | Snapstream PVS web directory traversal |
10969 | Obtain Cisco type via SNMP |
10264 | Default community names of the SNMP Agent |
10265 | An SNMP Agent is running |
10266 | UDP null size going to SNMP DoS |
10551 | Obtain network interfaces list via SNMP |
10547 | Enumerate Lanman services via SNMP |
10548 | Enumerate Lanman shares via SNMP |
10546 | Enumerate Lanman users via SNMP |
10857 | SNMP bad length field DoS |
10858 | SNMP bad length field DoS (2) |
10550 | Obtain processes list via SNMP |
10800 | Obtain OS type via SNMP |
10688 | SNMP VACM |
10659 | snmpXdmid overflow |
11126 | SOCKS4A hostname overflow |
11164 | SOCKS4 username overflow |
10393 | spin_client.cgi buffer overrun |
11139 | wpoison (nasl version) |
10765 | SQLQHit Directory Structure Disclosure |
10768 | DoSable squid proxy server |
10923 | Squid overflows |
11066 | SunSolve CD CGI user input validation |
10882 | SSH protocol version 1 enabled |
10708 | SSH 3.0.0 |
10965 | SSH 3 AllowedAuthentication |
10607 | SSH1 CRC-32 compensation attack |
10267 | SSH Server type and version |
10268 | SSH Insertion Attack |
10472 | SSH Kerberos issue |
10269 | SSH Overflow |
10881 | SSH protocol versions supported |
11169 | SSH setsid() vulnerability |
10270 | Stacheldraht Detect |
10544 | format string attack against statd |
10639 | store.cgi |
10817 | Interactive Story Directory Traversal Vulnerability |
10271 | stream.c |
10803 | Redhat Stronghold File System Disclosure |
10409 | SubSeven |
10878 | Sun Cobalt Adaptive Firewall Detection |
10272 | SunKill |
10503 | Reading CGI script sources using /cgi-bin-sdb |
10560 | SuSE's identd overflow |
10273 | Detect SWAT server port |
10590 | SWAT allows user names to be obtained by brute force |
10493 | SWC Overflow |
11171 | SWS unfinished line DoS |
10274 | SyGate Backdoor |
10275 | Systat |
10276 | TCP Chorusing |
10279 | Teardrop |
10584 | technote's main.cgi |
10280 | Telnet |
10281 | Detect Server type and version via Telnet |
10474 | GAMSoft TelSrv 1.4/1.5 Overflow |
10709 | TESO in.telnetd buffer overflow |
10282 | test-cgi |
10283 | TFN Detect |
10284 | TFS SMTP 3.2 MAIL FROM overflow |
10285 | thttpd 2.04 buffer overflow |
10286 | thttpd flaw |
10523 | thttpd ssi file retrieval |
10596 | Tinyproxy heap overflow |
11059 | Trend Micro OfficeScan Denial of service |
10477 | Tomcat's /admin is world readable |
11150 | Tomcat servlet engine MD/DOS device names denial of service |
10807 | Jakarta Tomcat Path Disclosure |
10478 | Tomcat's snoop servlet gives too much information |
11176 | Tomcat 4.x JSP Source Exposure |
10672 | Unknown CGIs arguments torture |
10287 | Traceroute |
10491 | ASP/ASA source using Microsoft Translate f: bug |
10501 | Trinity v3 Detect |
10288 | Trin00 Detect |
10743 | Tripwire for Webpages Detection |
10696 | ttawebtop |
11136 | /bin/login overflow exploitation |
11097 | TypSoft FTP STOR/RETR DoS |
11140 | UDDI detection |
10791 | Ultraseek Web Server Detect |
10542 | UltraSeek 3.1.x Remote DoS |
10289 | Microsoft Media Server 4.1 - DoS |
10290 | Upload cgi |
10291 | uploader.exe |
10829 | scan for UPNP hosts |
10645 | ustorekeeper |
10292 | uw-imap buffer overflow |
10374 | uw-imap buffer overflow after logon |
11179 | vBulletin's Calender Command Execution Vulnerability |
10293 | vftpd buffer overflow |
10294 | view_source |
11107 | viralator |
10295 | OmniHTTPd visadmin exploit |
10744 | VisualRoute Web Server Detection |
10758 | Check for VNC HTTP |
10342 | Check for VNC |
11165 | vpasswd.cgi |
10463 | vpopmail input validation bug |
10354 | vqServer administrative port |
10355 | vqServer web traversal vulnerability |
10650 | VirusWall's catinfo overflow |
11184 | vxworks ftpd buffer overflow Denial of Service |
11185 | vxworks ftpd buffer overflow |
10296 | w3-msql overflow |
10610 | way-board |
10470 | WebActive world readable log file |
10816 | Webalizer Cross Site Scripting Vulnerability |
11095 | webcart.cgi |
10298 | Webcart misconfiguration |
10526 | IIS : Directory listing through WebDAV |
10505 | Directory listing through WebDAV |
10299 | webdist.cgi |
10592 | webdriver |
10475 | Buffer overflow in WebSitePro webfind.exe |
10300 | webgais |
10697 | WebLogic Server DoS |
10698 | WebLogic Server /%00/ bug |
10757 | Check for Webmin |
10662 | Web mirroring |
10367 | TalentSoft Web+ Input Validation Bug Vulnerability |
10373 | TalentSoft Web+ version detection |
11089 | Webseal denial of service |
10301 | websendmail |
11151 | Webserver 4D Cleartext Passwords |
10302 | robot(s).txt exists on the Web Server |
10557 | WebShield |
10008 | WebSite 1.0 buffer overflow |
10303 | WebSite pro reveals the physical file path of web directories |
10476 | WebsitePro buffer overflow |
10304 | WebSpeed remote configuration |
11181 | WebSphere Host header overflow |
11010 | WebSphere Cross Site Scripting |
10616 | webspirs.cgi |
10297 | Web server traversal |
10487 | WFTP 2.41 rc11 multiple DoS |
10466 | WFTP RNTO DoS |
10305 | WFTP login check |
10306 | whois_raw |
10365 | Windmail.exe allows any user to execute arbitrary commands |
10940 | Windows Terminal Service Enabled |
10310 | Wingate denial of service |
10309 | Passwordless Wingate installed |
10311 | Wingate POP3 USER overflow |
10312 | WindowsNT DNS flood denial |
10313 | WindowsNT PPTP flood denial |
10314 | Winnuke |
10316 | WinSATAN |
10315 | WINS UDP flood denial |
10307 | Trin00 for Windows Detect |
11108 | Omron WorldView Wnn Overflow |
10745 | WorldClient for MDaemon Server Detection |
11049 | Worldspan gateway DOS |
10317 | wrap |
11167 | Webserver4everyone too long URL |
11094 | WS FTP overflows |
10318 | wu-ftpd buffer overflow |
10452 | wu-ftpd SITE EXEC vulnerability |
10319 | wu-ftpd SITE NEWER vulnerability |
10321 | wwwboard passwd.txt |
11084 | Infinite HTTP request |
10515 | Too long authorization |
11077 | HTTP Cookie overflow |
11127 | HTTP 1.0 header overflow |
11129 | HTTP 1.1 header overflow |
11078 | HTTP header overflow |
11065 | HTTP method overflow |
10687 | Too long POST command |
10320 | Too long URL |
11069 | HTTP User-Agent overflow |
11061 | HTTP version number overflow |
10597 | wwwwais |
10891 | X Display Manager Control Protocol (XDMCP) |
11015 | Xerver web server DOS |
11188 | X Font Service Buffer Overflow |
10322 | Xitami Web Server buffer overflow |
10559 | XMail APOP Overflow |
10407 | X Server |
11121 | xtel detection |
11120 | xtelw detection |
10323 | XTramail control denial |
10324 | XTramil MTA 'HELO' denial |
10325 | Xtramail pop3 overflow |
10512 | YaBB |
11016 | xtux server detection |
10326 | Yahoo Messenger Denial of Service attack |
10684 | yppasswdd overflow |
10327 | Zeus shows the content of the cgi scripts |
10830 | zml.cgi Directory Traversal |
10702 | Zope DoS |
10569 | Zope Image updating Method |
10447 | Zope DocumentTemplate package problem |
10777 | Zope ZClass permission mapping bug |
10714 | Default password router Zyxel |
10328 | Default accounts |
10330 | Services |
10331 | FTP bounce scan |
10332 | ftp writeable directories |
10909 | Brute force login (Hydra) |
10333 | Linux TFTP get file |
10335 | tcp connect() scan |
10336 | Nmap |
10384 | IRIX Objectserver |
10337 | QueSO |
10338 | smad |
10863 | SSL ciphers |
10339 | TFTP get file |
max_hosts | 16 | |
max_checks | 10 | |
log_whole_attack | yes | |
report_killed_plugins | yes | |
cgi_path | /cgi-bin | |
port_range | 1-1024 | |
optimize_test | yes | |
language | english | |
per_user_base | /usr/local/var/nessus/users | |
checks_read_timeout | 5 | |
delay_between_tests | 1 | |
non_simult_ports | 139, 445 | |
plugins_timeout | 320 | |
safe_checks | yes | |
auto_enable_dependencies | yes | |
use_mac_addr | no | |
save_knowledge_base | no | |
kb_restore | no | |
only_test_hosts_whose_kb_we_dont_have | no | |
only_test_hosts_whose_kb_we_have | no | |
kb_dont_replay_scanners | no | |
kb_dont_replay_info_gathering | no | |
kb_dont_replay_attacks | no | |
kb_dont_replay_denials | no | |
kb_max_age | 864000 | |
plugin_upload | no | |
plugin_upload_suffixes | .nasl | |
admin_user | root | |
ntp_save_sessions | yes | |
ntp_detached_sessions | yes | |
server_info_nessusd_version | 1.2.7 | |
server_info_libnasl_version | 1.2.7 | |
server_info_libnessus_version | 1.2.7 | |
server_info_thread_manager | fork | |
server_info_os | Linux | |
server_info_os_version | 2.4.18-3 | |
reverse_lookup | no | |
ntp_keep_communication_alive | yes | |
ntp_opt_show_end | yes | |
save_session | no | |
detached_scan | no | |
continuous_scan | no |
Host | Holes | Warnings | Open ports | State |
10.1.1.108 | 7 | 44 | 15 | Finished |
Service | Severity | Description |
netbios-ns (137/udp) | Port is open | |
unknown (135/tcp) | Port is open | |
netbios-ssn (139/tcp) | Port is open | |
https (443/tcp) | Port is open | |
microsoft-ds (445/tcp) | Port is open | |
unknown (1029/tcp) | Port is open | |
general/tcp | Port is open | |
unknown (1028/udp) | Port is open | |
general/icmp | Port is open | |
general/udp | Port is open | |
unknown (1026/tcp) | Port is open | |
ms-sql-s (1433/tcp) | Port is open | |
ms-sql-m (1434/udp) | Port is open | |
unknown (1025/tcp) | Port is open | |
http (80/tcp) | Port is open | |
netbios-ssn (139/tcp) | . It was possible to log into the remote host using a NULL session. The concept of a NULL session is to provide a null username and a null password, which grants the user the 'guest' access To prevent null sessions, see MS KB Article Q143474 (NT 4.0) and Q246261 (Windows 2000). Note that this won't completely disable null sessions, but will prevent them from connecting to IPC$ Please see http://msgs.securepoint.com/cgi-bin/get/nessus-0204/50/1.html . All the smb tests will be done as ''/'' in domain WORKGROUP CVE : CVE-2000-0222 | |
http (80/tcp) | The IIS server appears to have the .SHTML ISAPI filter mapped. At least one remote vulnerability has been discovered for the .SHTML filter. This is detailed in Microsoft Advisory MS02-018 and results in a denial of service access to the web server. It is recommended that even if you have patched this vulnerability that you unmap the .SHTML extension, and any other unused ISAPI extensions if they are not required for the operation of your site. An attacker may use this flaw to prevent the remote service from working properly. *** Nessus reports this vulnerability using only *** information that was gatherered. Use caution *** when testing without safe checks enabled Solution: See http://www.microsoft.com/technet/security/bulletin/ms02-018.asp and/or unmap the shtml/shtm isapi filters. To unmap the .shtml extension: 1.Open Internet Services Manager. 2.Right-click the Web server choose Properties from the context menu. 3.Master Properties 4.Select WWW Service -> Edit -> HomeDirectory -> Configuration and remove the reference to .shtml/shtm and sht from the list. Risk factor : Medium CVE : CAN-2002-0072 | |
ms-sql-s (1433/tcp) | The remote MS SQL server is vulnerable to the Hello overflow. An attacker may use this flaw to execute commands against the remote host as LOCAL/SYSTEM, as well as read your database content. Solution : Install Microsoft Patch Q316333 at http://support.microsoft.com/default.aspx?scid=kb en-us Q316333&sd=tech or disable the Microsoft SQL Server service or use a firewall to protect the MS SQL port (1433). CVE : CAN-2002-1123 Risk factor : High CVE : CAN-2002-1123 | |
http (80/tcp) | The IIS server appears to have the .HTR ISAPI filter mapped. At least one remote vulnerability has been discovered for the .HTR filter. This is detailed in Microsoft Advisory MS02-018, and gives remote SYSTEM level access to the web server. It is recommended that even if you have patched this vulnerability that you unmap the .HTR extension, and any other unused ISAPI extensions if they are not required for the operation of your site. Solution: To unmap the .HTR extension: 1.Open Internet Services Manager. 2.Right-click the Web server choose Properties from the context menu. 3.Master Properties 4.Select WWW Service -> Edit -> HomeDirectory -> Configuration and remove the reference to .htr from the list. Risk factor : High | |
http (80/tcp) | There's a buffer overflow in the remote web server through the ISAPI filter. It is possible to overflow the remote web server and execute commands as user SYSTEM. Solution: See http://www.microsoft.com/technet/security/bulletin/ms01-044.asp Risk factor : High CVE : CVE-2001-0500 | |
http (80/tcp) | The remote IIS server allows anyone to execute arbitrary commands by adding a unicode representation for the slash character in the requested path. Solution: See http://www.microsoft.com/technet/security/bulletin/ms00-078.asp Risk factor : High CVE : CVE-2000-0884 | |
http (80/tcp) | When IIS receives a user request to run a script, it renders the request in a decoded canonical form, then performs security checks on the decoded request. A vulnerability results because a second, superfluous decoding pass is performed after the initial security checks are completed. Thus, a specially crafted request could allow an attacker to execute arbitrary commands on the IIS Server. Solution: See MS advisory MS01-026(Superseded by ms01-044) See http://www.microsoft.com/technet/security/bulletin/ms01-044.asp Risk factor : High CVE : CVE-2001-0333 | |
unknown (135/tcp) | A DCE service is listening on this host UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1 Endpoint: ncalrpc[LRPC000001e0.00000001] | |
http (80/tcp) | The remote web server appears to be running with Frontpage extensions. You should double check the configuration since a lot of security problems have been found with FrontPage when the configuration file is not well set up. Risk factor : High if your configuration file is not well set up CVE : CAN-2000-0114 | |
unknown (135/tcp) | A DCE service is listening on this host UUID: 82ad4280-036b-11cf-972c-00aa006887b0, version 2 Endpoint: ncacn_np:\\ltree108[\PIPE\INETINFO] | |
http (80/tcp) | IIS 5 has support for the Internet Printing Protocol(IPP), which is enabled in a default install. The protocol is implemented in IIS5 as an ISAPI extension. At least one security problem (a buffer overflow) has been found with that extension in the past, so we recommend you disable it if you do not use this functionality. Solution: To unmap the .printer extension: 1.Open Internet Services Manager. 2.Right-click the Web server choose Properties from the context menu. 3.Master Properties 4.Select WWW Service -> Edit -> HomeDirectory -> Configuration and remove the reference to .printer from the list. Risk factor : Low | |
general/icmp | The remote host answers to an ICMP timestamp request. This allows an attacker to know the date which is set on your machine. This may help him to defeat all your time based authentication protocols. Solution : filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14). Risk factor : Low CVE : CAN-1999-0524 | |
http (80/tcp) | The IIS server appears to have the .IDA ISAPI filter mapped. At least one remote vulnerability has been discovered for the .IDA (indexing service) filter. This is detailed in Microsoft Advisory MS01-033, and gives remote SYSTEM level access to the web server. It is recommended that even if you have patched this vulnerability that you unmap the .IDA extension, and any other unused ISAPI extensions if they are not required for the operation of your site. Solution: To unmap the .IDA extension: 1.Open Internet Services Manager. 2.Right-click the Web server choose Properties from the context menu. 3.Master Properties 4.Select WWW Service -> Edit -> HomeDirectory -> Configuration and remove the reference to .ida from the list. Risk factor : Medium CVE : CAN-2002-0071 | |
netbios-ssn (139/tcp) | The remote native lan manager is : Windows 2000 LAN Manager The remote Operating System is : Windows 5.0 The remote SMB Domain Name is : WORKGROUP | |
http (80/tcp) | The address in Content-Location is: 10.1.1.108 CVE : CAN-2000-0649 | |
http (80/tcp) | IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions. An attacker may use this flaw to gain more information about the remote host, and hence make more focused attacks. Solution: Select 'Preferences ->Home directory ->Application', and check the checkbox 'Check if file exists' for the ISAPI mappings of your server. Risk factor : Low CVE : CAN-2000-0071 | |
http (80/tcp) | This IIS Server appears to be vulnerable to a Cross Site Scripting due to an error in the handling of overlong requests on an idc file. It is possible to inject Javascript in the URL, that will appear in the resulting page. Risk factor : Medium See also : http://online.securityfocus.com/bid/5900 http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0210&L=ntbugtraq&F=P&S=&P=1391 | |
http (80/tcp) | Asking the main page, a Content-Location header was added to the response. By default, in Internet Information Server (IIS) 4.0, the Content-Location references the IP address of the server rather than the Fully Qualified Domain Name (FQDN) or Hostname. This header may expose internal IP addresses that are usually hidden or masked behind a Network Address Translation (NAT) Firewall or proxy server. Solution: See http://support.microsoft.com/support/kb/articles/Q218/1/80.ASP Risk factor : Low CVE : CAN-2000-0649 | |
http (80/tcp) | The remote web server type is : Microsoft-IIS/5.0 Solution : You can use urlscan to change reported server for IIS. | |
netbios-ssn (139/tcp) | The host SID could be used to enumerate the names of the local users of this host. (we only enumerated users name whose ID is between 1000 and 1020 for performance reasons) This gives extra knowledge to an attacker, which is not a good thing : - Administrator account name : Administrator (id 500) - Guest account name : Guest (id 501) - TsInternetUser (id 1000) - IUSR_VM2KSERVER (id 1001) - IWAM_VM2KSERVER (id 1002) Risk factor : Medium Solution : filter incoming connections this port CVE : CVE-2000-1200 | |
ms-sql-m (1434/udp) | Here is the reply to a MS SQL 'ping' request : uServerName ltree108 InstanceName MSSQLSERVER IsClustered No Version 8.00.194 tcp 1433 np \ltree108ipe\sqluery | |
netbios-ssn (139/tcp) | The host SID can be obtained remotely. Its value is : ltree108 : 5-21-448539723-1708537768-1202660629 An attacker can use it to obtain the list of the local users of this host Solution : filter the ports 137 to 139 and 445 Risk factor : Low CVE : CVE-2000-1200 | |
ms-sql-s (1433/tcp) | It is possible that Microsoft's SQL Server is installed on the remote computer. CVE : CAN-1999-0652 | |
netbios-ssn (139/tcp) | The domain SID can be obtained remotely. Its value is : WORKGROUP : 48-0-0-0-0 An attacker can use it to obtain the list of the local users of this host Solution : filter the ports 137 to 139 and 445 Risk factor : Low CVE : CVE-2000-1200 | |
general/tcp | The remote host uses non-random IP IDs, that is, it is possible to predict the next value of the ip_id field of the ip packets sent by this host. An attacker may use this feature to determine if the remote host sent a packet in reply to another request. This may be used for portscanning and other things. Solution : Contact your vendor for a patch Risk factor : Low | |
http (80/tcp) | The remote web server seems to be vulnerable to the Cross Site Scripting vulnerability (XSS). The vulnerability is caused by the result returned to the user when a non-existing file is requested (e.g. the result contains the JavaScript provided in the request). The vulnerability would allow an attacker to make the server present the user with the attacker's JavaScript/HTML code. Since the content is presented by the server, the user will give it the trust level of the server (for example, the trust level of banks, shopping centers, etc. would usually be high). Risk factor : Medium Solutions: Allaire/Macromedia Jrun: http://www.macromedia.com/software/jrun/download/update/ http://www.securiteam.com/windowsntfocus/Allaire_fixes_Cross-Site_Scripting_security_vulnerability.html Microsoft IIS: http://www.securiteam.com/windowsntfocus/IIS_Cross-Site_scripting_vulnerability__Patch_available_.html Apache: http://httpd.apache.org/info/css-security/ ColdFusion: http://www.macromedia.com/v1/handlers/index.cfm?ID=23047 General: http://www.securiteam.com/exploits/Security_concerns_when_developing_a_dynamically_generated_web_site.html http://www.cert.org/advisories/CA-2000-02.html | |
netbios-ssn (139/tcp) | The following local accounts have never changed their password : Administrator TsInternetUser IUSR_VM2KSERVER IWAM_VM2KSERVER To minimize the risk of break-in, users should change their password regularly | |
netbios-ssn (139/tcp) | The following local accounts have never logged in : Guest TsInternetUser Unused accounts are very helpful to hacker Solution : suppress these accounts Risk factor : Medium | |
netbios-ssn (139/tcp) | The following local accounts have passwords which never expire : Administrator Guest TsInternetUser IUSR_VM2KSERVER IWAM_VM2KSERVER Password should have a limited lifetime Solution : disable password non-expiry Risk factor : Medium | |
unknown (135/tcp) | A DCE service is listening on this host UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1 Endpoint: ncalrpc[LRPC000002d8.00000001] | |
unknown (1026/tcp) | A DCE service is listening on this port UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1 Endpoint: ncacn_ip_tcp:10.1.1.108[1026] | |
https (443/tcp) | An unknown service is running on this port. It is usually reserved for HTTPS | |
netbios-ssn (139/tcp) | Here is the browse list of the remote host : INSTRUCTOR - LTREE1 - LTREE10 - LTREE101 - LTREE102 - LTREE103 - LTREE104 - LTREE105 - LTREE106 - LTREE107 - LTREE108 - LTREE109 - LTREE11 - LTREE110 - LTREE111 - LTREE112 - LTREE12 - LTREE125 - LTREE13 - LTREE15 - LTREE2 - LTREE3 - LTREE4 - LTREE5 - LTREE6 - LTREE7 - LTREE8 - LTREE9 - This is potentially dangerous as this may help the attack of a potential hacker by giving him extra targets to check for Solution : filter incoming traffic to this port Risk factor : Low | |
unknown (135/tcp) | A DCE service is listening on this host UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1 Endpoint: ncalrpc[LRPC000002d8.00000001] | |
general/udp | For your information, here is the traceroute to 10.1.1.108 : 10.1.1.108 | |
http (80/tcp) | A web server is running on this port | |
unknown (1026/tcp) | A DCE service is listening on this port UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1 Endpoint: ncacn_ip_tcp:10.1.1.108[1026] | |
unknown (135/tcp) | A DCE service is listening on this host UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1 Endpoint: ncalrpc[ntsvcs] Annotation: Messenger Service | |
unknown (135/tcp) | A DCE service is listening on this host UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1 Endpoint: ncacn_np:\\ltree108[\PIPE\ntsvcs] Annotation: Messenger Service | |
unknown (135/tcp) | A DCE service is listening on this host UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1 Endpoint: ncacn_np:\\ltree108[\PIPE\scerpc] Annotation: Messenger Service | |
unknown (1028/udp) | A DCE service is listening on this port UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1 Endpoint: ncadg_ip_udp:10.1.1.108[1028] Annotation: Messenger Service | |
netbios-ns (137/udp) | . The following 7 NetBIOS names have been gathered : LTREE108 = This is the computer name registered for workstation services by a WINS client. LTREE108 WORKGROUP = Workgroup / Domain name WORKGROUP = Workgroup / Domain name (part of the Browser elections) LTREE108 = Computer name that is registered for the messenger service on a computer that is a WINS client. INet~Services = Workgroup / Domain name (Domain Controller) IS~ltree108 = This is the computer name registered for workstation services by a WINS client. . The remote host has the following MAC address on its adapter : 0x00 0x50 0x56 0x40 0x42 0x3f If you do not want to allow everyone to find the NetBios name of your computer, you should filter incoming traffic to this port. Risk factor : Medium | |
unknown (135/tcp) | A DCE service is listening on this host UUID: 82ad4280-036b-11cf-972c-00aa006887b0, version 2 Endpoint: ncalrpc[OLE4] | |
unknown (135/tcp) | A DCE service is listening on this host UUID: 82ad4280-036b-11cf-972c-00aa006887b0, version 2 Endpoint: ncalrpc[INETINFO_LPC] | |
unknown (1029/tcp) | A DCE service is listening on this port UUID: 82ad4280-036b-11cf-972c-00aa006887b0, version 2 Endpoint: ncacn_ip_tcp:10.1.1.108[1029] | |
general/tcp | Nmap found that this host is running Windows Millennium Edition (Me), Win 2000, or WinXP | |
unknown (135/tcp) | DCE services running on the remote can be enumerated by connecting on port 135 and doing the appropriate queries. An attacker may use this fact to gain more knowledge about the remote host. Solution : filter incoming traffic to this port. Risk factor : Low | |
http (80/tcp) | The following directories were discovered: /_vti_bin, /images The following directories require authentication: /printers | |
netbios-ssn (139/tcp) | The following local accounts are disabled : Guest To minimize the risk of break-in, permanently disabled accounts should be deleted Risk factor : Low | |
http (80/tcp) | This IIS Server appears to vulnerable to one of the cross site scripting attacks described in MS02-018. The default '404' file returned by IIS uses scripting to output a link to top level domain part of the url requested. By crafting a particular URL it is possible to insert arbitrary script into the page for execution. The presence of this vulnerability also indicates that you are vulnerable to the other issues identified in MS02-018 (various remote buffer overflow and cross site scripting attacks...) References: http://www.microsoft.com/technet/security/bulletin/MS02-018.asp http://jscript.dk/adv/TL001/ Risk factor : Medium CVE : CAN-2002-0074 | |
unknown (1025/tcp) | A DCE service is listening on this port UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1 Endpoint: ncacn_ip_tcp:10.1.1.108[1025] |