- Nikto v2.5.0 --------------------------------------------------------------------------- + Multiple IPs found: 172.64.154.159, 104.18.33.97, 2606:4700:4400::ac40:9a9f, 2606:4700:4400::6812:2161 + Target IP: 172.64.154.159 + Target Hostname: opensea.io + Target Port: 80 + Start Time: 2024-04-20 15:24:25 (GMT-4) --------------------------------------------------------------------------- + Server: cloudflare + /: IP address found in the '__cf_bm' cookie. The IP is "1.0.1.1". + /: IP address found in the 'set-cookie' header. The IP is "1.0.1.1". See: https://portswigger.net/kb/issues/00600300_private-ip-addresses-disclosed + /KTrXvRsB.old: IP address found in the '_cfuvid' cookie. The IP is "0.0.1.1". + /KTrXvRsB.2: IP address found in the 'report-to' header. The IP is "1.0.1.1". See: https://portswigger.net/kb/issues/00600300_private-ip-addresses-disclosed + /KTrXvRsB.2: IP address found in the 'content-security-policy-report-only' header. The IP is "1.0.1.1". See: https://portswigger.net/kb/issues/00600300_private-ip-addresses-disclosed + /cgi.cgi/cart32.exe: request cart32.exe/cart32clientlist. + /cgis/cart32.exe: request cart32.exe/cart32clientlist. + /scripts/cart32.exe: request cart32.exe/cart32clientlist. + /cgi-perl/cart32.exe: request cart32.exe/cart32clientlist. + /webcgi/classified.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /cgi/classified.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /mpcgi/classified.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /scripts/classified.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /fcgi-bin/classified.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /cgi.cgi/download.cgi: Check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article + /webcgi/download.cgi: Check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article + /mpcgi/download.cgi: Check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article + /cgibin/download.cgi: Check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article + /fcgi-bin/download.cgi: Check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article + /cgi-perl/download.cgi: Check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article + /cgi.cgi/flexform.cgi: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article + /webcgi/flexform.cgi: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article + /cgi/flexform.cgi: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article + /mpcgi/flexform.cgi: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article + /cgis/flexform.cgi: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article + /scripts/flexform.cgi: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article + /fcgi-bin/flexform.cgi: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article + /webcgi/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article + /mpcgi/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article + /cgibin/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article + /cgis/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article + /scripts/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article + /cgi.cgi/lwgate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /webcgi/lwgate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /cgi/lwgate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /cgibin/lwgate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /scripts/lwgate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /webcgi/LWGate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /scripts/LWGate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /fcgi-bin/LWGate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /webcgi/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /scripts/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /cgi.cgi/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /mpcgi/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /cgibin/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /cgis/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /scripts/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /cgi-perl/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /cgi-perl/perlshop.cgi: v3.1 by ARPAnet.com; check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article + /tiki/tiki-install.php: Tiki 1.7.2 and previous allowed restricted Wiki pages to be viewed via a 'URL trick'. Default login/pass could be admin/admin. + /scripts/samples/details.idc: NT ODBC Remote Compromise. See: http://attrition.org/security/advisory/individual/rfp/rfp.9901.nt_odbc + /cgi.cgi/handler.cgi: Variation of Irix Handler? Has been seen from other CGI scanners. + /cgi/handler.cgi: Variation of Irix Handler? Has been seen from other CGI scanners. + /cgi-perl/handler.cgi: Variation of Irix Handler? Has been seen from other CGI scanners. + /webcgi/finger: finger other users, may be other commands?. + /cgi/finger: finger other users, may be other commands?. + /mpcgi/finger: finger other users, may be other commands?. + /cgibin/finger: finger other users, may be other commands?. + /cgis/finger: finger other users, may be other commands?. + /scripts/finger: finger other users, may be other commands?. + /fcgi-bin/finger: finger other users, may be other commands?. + /cgi.cgi/finger.pl: finger other users, may be other commands?. + /webcgi/finger.pl: finger other users, may be other commands?. + /mpcgi/finger.pl: finger other users, may be other commands?. + /cgibin/finger.pl: finger other users, may be other commands?. + /fcgi-bin/finger.pl: finger other users, may be other commands?. + /webcgi/get32.exe: This can allow attackers to execute arbitrary commands remotely. + /cgis/get32.exe: This can allow attackers to execute arbitrary commands remotely. + /fcgi-bin/get32.exe: This can allow attackers to execute arbitrary commands remotely. + /cgi-perl/get32.exe: This can allow attackers to execute arbitrary commands remotely. + /cgi.cgi/gm-authors.cgi: GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html + /cgi/gm-authors.cgi: GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html + /mpcgi/gm-authors.cgi: GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html + /cgis/gm-authors.cgi: GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html + /cgi-perl/gm-authors.cgi: GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html + /cgi.cgi/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file. + /webcgi/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file. + /cgi.cgi/photo/protected/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems. + /webcgi/photo/protected/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems. + /mpcgi/photo/protected/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems. + /cgibin/photo/protected/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems. + /cgis/photo/protected/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems. + /scripts/photo/protected/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems. + /fcgi-bin/photo/protected/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems. + /cgi-perl/photo/protected/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems. + /webcgi/wrap.cgi: Allows viewing of directories. + /cgi/wrap.cgi: Allows viewing of directories. + /mpcgi/wrap.cgi: Allows viewing of directories. + /cgis/wrap.cgi: Allows viewing of directories. + /fcgi-bin/wrap.cgi: Allows viewing of directories. + /cgi-bin/wrap: Allows viewing of directories. + /forums//administrator/config.php: PHP Config file may contain database IDs and passwords. + /hola/admin/cms/htmltags.php?datei=./sec/data.php: hola-cms-1.2.9-10 may reveal the administrator ID and password. See: https://vulners.com/exploitdb/EDB-ID:23027 + /inc/common.load.php: Bookmark4U v1.8.3 include files are not protected and may contain remote source injection by using the 'prefix' variable. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1253 + /cgi.cgi/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory. + /cgi/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory. + /mpcgi/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory. + /cgibin/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory. + /cgis/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory. + /cgi/html2chtml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more. + /mpcgi/html2chtml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more. + /scripts/html2chtml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more. + /cgi-perl/html2chtml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more. + /cgi.cgi/html2wml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more. + /webcgi/html2wml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more. + /cgi/html2wml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more. + /mpcgi/html2wml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more. + /scripts/html2wml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more. + /fcgi-bin/html2wml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more. + /cgi-perl/html2wml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more. + /cgi/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands. + /cgis/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands. + /fcgi-bin/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands. + /cgi-perl/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands. + /webcgi/guestbook.cgi: May allow attackers to execute commands as the web daemon. + /cgi/guestbook.cgi: May allow attackers to execute commands as the web daemon. + /cgibin/guestbook.cgi: May allow attackers to execute commands as the web daemon. + /cgi-perl/guestbook.cgi: May allow attackers to execute commands as the web daemon. + /webcgi/guestbook.pl: May allow attackers to execute commands as the web daemon. + /cgi/guestbook.pl: May allow attackers to execute commands as the web daemon. + /mpcgi/guestbook.pl: May allow attackers to execute commands as the web daemon. + /fcgi-bin/guestbook.pl: May allow attackers to execute commands as the web daemon. + /cgi.cgi/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory. + /webcgi/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory. + /cgi/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory. + /cgis/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory. + /scripts/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory. + /cgi-perl/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory. + /geeklog/users.php: Geeklog prior to 1.3.8-1sr2 contains a SQL injection vulnerability that lets a remote attacker reset admin password. See: https://vulners.com/osvdb/OSVDB:2703 + /gb/index.php?login=true: gBook may allow admin login by setting the value 'login' equal to 'true'. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1560 + /guestbook/admin.php: Guestbook admin page available without authentication. + /mpcgi/gH.cgi: Web backdoor by gH. + /scripts/gH.cgi: Web backdoor by gH. + /fcgi-bin/gH.cgi: Web backdoor by gH. + /cgi-perl/gH.cgi: Web backdoor by gH. + /webcgi/gm-cplog.cgi: GreyMatter log file defaults to mode 666 and contains login and passwords used to update the GM site. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html + /cgi/gm-cplog.cgi: GreyMatter log file defaults to mode 666 and contains login and passwords used to update the GM site. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html + /scripts/gm-cplog.cgi: GreyMatter log file defaults to mode 666 and contains login and passwords used to update the GM site. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html + /webcgi/gm.cgi: GreyMatter blogger may reveal user IDs/passwords through a gmrightclick-######.reg files (# are numbers), possibly in /archive or other archive location. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html + /fcgi-bin/gm.cgi: GreyMatter blogger may reveal user IDs/passwords through a gmrightclick-######.reg files (# are numbers), possibly in /archive or other archive location. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html + /webcgi/AT-admin.cgi: Admin interface. + /mpcgi/AT-admin.cgi: Admin interface. + /cgibin/AT-admin.cgi: Admin interface. + /fcgi-bin/AT-admin.cgi: Admin interface. + /mpcgi/auth_data/auth_user_file.txt: The DCShop installation allows credit card numbers to be viewed remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0821 https://packetstormsecurity.com/files/32406/xmas.txt.html + /cgibin/auth_data/auth_user_file.txt: The DCShop installation allows credit card numbers to be viewed remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0821 https://packetstormsecurity.com/files/32406/xmas.txt.html + /scripts/auth_data/auth_user_file.txt: The DCShop installation allows credit card numbers to be viewed remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0821 https://packetstormsecurity.com/files/32406/xmas.txt.html + /fcgi-bin/auth_data/auth_user_file.txt: The DCShop installation allows credit card numbers to be viewed remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0821 https://packetstormsecurity.com/files/32406/xmas.txt.html + /cgi-perl/auth_data/auth_user_file.txt: The DCShop installation allows credit card numbers to be viewed remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0821 https://packetstormsecurity.com/files/32406/xmas.txt.html + /cgi.cgi/mt-static/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules. + /webcgi/mt-static/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules. + /cgis/mt-static/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules. + /scripts/mt-static/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules. + /cgi.cgi/mt/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules. + /cgi/mt/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules. + /mpcgi/mt/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules. + /cgibin/mt/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules. + /fcgi-bin/mt/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules. + /cgi-perl/mt/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules. + /cgi.cgi/banner.cgi: This CGI may allow attackers to read any file on the system. + /webcgi/banner.cgi: This CGI may allow attackers to read any file on the system. + /mpcgi/banner.cgi: This CGI may allow attackers to read any file on the system. + /cgis/banner.cgi: This CGI may allow attackers to read any file on the system. + /scripts/banner.cgi: This CGI may allow attackers to read any file on the system. + /cgibin/bannereditor.cgi: This CGI may allow attackers to read any file on the system. + /cgis/bannereditor.cgi: This CGI may allow attackers to read any file on the system. + /scripts/bannereditor.cgi: This CGI may allow attackers to read any file on the system. + /cgi.cgi/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands. + /mpcgi/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands. + /fcgi-bin/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands. + /cgi-perl/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands. + /cgi.cgi/bizdb1-search.cgi: This CGI may allow attackers to execute commands remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0287 + /mpcgi/bizdb1-search.cgi: This CGI may allow attackers to execute commands remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0287 + /cgibin/bizdb1-search.cgi: This CGI may allow attackers to execute commands remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0287 + /cgi-perl/bizdb1-search.cgi: This CGI may allow attackers to execute commands remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0287 + /mpcgi/blog/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload. + /cgibin/blog/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload. + /cgis/blog/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload. + /scripts/blog/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload. + /cgi-perl/blog/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload. + /vgn/performance/TMT: Vignette CMS admin/maintenance script available. + /vgn/performance/TMT/Report/XML: Vignette CMS admin/maintenance script available. + /vgn/previewer: Vignette CMS admin/maintenance script available. + /vgn/record/previewer: Vignette CMS admin/maintenance script available. + /vgn/vr/Deleting: Vignette CMS admin/maintenance script available. + /vgn/vr/Editing: Vignette CMS admin/maintenance script available. + /vgn/vr/Saving: Vignette CMS admin/maintenance script available. + /vgn/vr/Select: Vignette CMS admin/maintenance script available. + /bigconf.cgi: BigIP Configuration CGI. + /vgn/style: Vignette server may reveal system information through this file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0401 + /SiteServer/Admin/commerce/foundation/domain.asp: Displays known domains of which that server is involved. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1769 + /SiteServer/Admin/commerce/foundation/driver.asp: Displays a list of installed ODBC drivers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1769 + /SiteServer/Admin/commerce/foundation/DSN.asp: Displays all DSNs configured for selected ODBC drivers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1769 + /cgi.cgi/moin.cgi?test: MoinMoin 1.1 and prior contain at least two XSS vulnerabilities. Version 1.0 and prior also contains a XSLT related vulnerability. See: http://moinmo.in/MoinMoinDownload + /cgis/moin.cgi?test: MoinMoin 1.1 and prior contain at least two XSS vulnerabilities. Version 1.0 and prior also contains a XSLT related vulnerability. See: http://moinmo.in/MoinMoinDownload + /bb-dnbd/faxsurvey: This may allow arbitrary command execution. + /scripts/tools/dsnform.exe: Allows creation of ODBC Data Source. + /scripts/tools/dsnform: Allows creation of ODBC Data Source. + /SiteServer/Admin/knowledge/dsmgr/users/GroupManager.asp: Microsoft Site Server script used to create, modify, and potentially delete LDAP users and groups. See: https://securitytracker.com/id/1003420 + /PDG_Cart/order.log: PDG Commerce log found. See: http://zodi.com/cgi-bin/shopper.cgi?display=intro&template=Intro/commerce.html + /ows/restricted%2eshow: OWS may allow restricted files to be viewed by replacing a character with its encoded equivalent. + /officescan/cgi/cgiChkMasterPwd.exe: Trend Micro Officescan allows you to skip the login page and access some CGI programs directly. See: https://web.archive.org/web/20030607054822/http://support.microsoft.com/support/exchange/content/whitepapers/owaguide.doc + /webcgi/astrocam.cgi: Astrocam 1.4.1 contained buffer overflow. Prior to 2.1.3 contained unspecified security bugs. See: http://www.securityfocus.com/bid/4684 + /cgibin/astrocam.cgi: Astrocam 1.4.1 contained buffer overflow. Prior to 2.1.3 contained unspecified security bugs. See: http://www.securityfocus.com/bid/4684 + /cgi-perl/astrocam.cgi: Astrocam 1.4.1 contained buffer overflow. Prior to 2.1.3 contained unspecified security bugs. See: http://www.securityfocus.com/bid/4684 + /webcgi/badmin.cgi: BannerWheel v1.0 is vulnerable to a local buffer overflow. If this is version 1.0 it should be upgraded. + /cgis/badmin.cgi: BannerWheel v1.0 is vulnerable to a local buffer overflow. If this is version 1.0 it should be upgraded. + /cgi-perl/badmin.cgi: BannerWheel v1.0 is vulnerable to a local buffer overflow. If this is version 1.0 it should be upgraded. + /cgis/boozt/admin/index.cgi?section=5&input=1: Boozt CGI may have a buffer overflow. Upgrade to a version newer than 0.9.8alpha. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0098 + /scripts/boozt/admin/index.cgi?section=5&input=1: Boozt CGI may have a buffer overflow. Upgrade to a version newer than 0.9.8alpha. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0098 + /cgi-perl/boozt/admin/index.cgi?section=5&input=1: Boozt CGI may have a buffer overflow. Upgrade to a version newer than 0.9.8alpha. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0098 + /webcgi/ezadmin.cgi: Some versions of this CGI are vulnerable to a buffer overflow. + /mpcgi/ezadmin.cgi: Some versions of this CGI are vulnerable to a buffer overflow. + /cgibin/ezadmin.cgi: Some versions of this CGI are vulnerable to a buffer overflow. + /scripts/ezadmin.cgi: Some versions of this CGI are vulnerable to a buffer overflow. + /cgibin/ezboard.cgi: Some versions of this CGI are vulnerable to a buffer overflow. + /cgi-perl/ezboard.cgi: Some versions of this CGI are vulnerable to a buffer overflow. + /webcgi/ezman.cgi: Some versions of this CGI are vulnerable to a buffer overflow. + /cgi/ezman.cgi: Some versions of this CGI are vulnerable to a buffer overflow. + /cgibin/ezman.cgi: Some versions of this CGI are vulnerable to a buffer overflow. + /scripts/ezman.cgi: Some versions of this CGI are vulnerable to a buffer overflow. + /fcgi-bin/ezman.cgi: Some versions of this CGI are vulnerable to a buffer overflow. + /cgi-perl/ezman.cgi: Some versions of this CGI are vulnerable to a buffer overflow. + /mpcgi/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762 + /cgis/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762 + /cgi.cgi/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x. + /cgi/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x. + /fcgi-bin/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x. + /cgi-perl/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x. + /administrator/gallery/uploadimage.php: Mambo PHP Portal/Server 4.0.12 BETA and below may allow upload of any file type simply putting '.jpg' before the real file extension. + /cgi/uploader.exe: This CGI allows attackers to upload files to the server and then execute them. + /mpcgi/uploader.exe: This CGI allows attackers to upload files to the server and then execute them. + /cgis/uploader.exe: This CGI allows attackers to upload files to the server and then execute them. + /cgi-perl/uploader.exe: This CGI allows attackers to upload files to the server and then execute them. + /upload.asp: An ASP page that allows attackers to upload files to server. + /uploadn.asp: An ASP page that allows attackers to upload files to server. + /uploadx.asp: An ASP page that allows attackers to upload files to server. + /wa.exe: An ASP page that allows attackers to upload files to server. + /cgi/fpsrvadm.exe: Potentially vulnerable CGI program. + /cgis/fpsrvadm.exe: Potentially vulnerable CGI program. + /scripts/fpsrvadm.exe: Potentially vulnerable CGI program. + /fcgi-bin/fpsrvadm.exe: Potentially vulnerable CGI program. + /cgi-perl/fpsrvadm.exe: Potentially vulnerable CGI program. + /vgn/ac/esave: Vignette CMS admin/maintenance script available. + /vgn/ac/index: Vignette CMS admin/maintenance script available. + /vgn/asp/previewer: Vignette CMS admin/maintenance script available. + /vgn/asp/status: Vignette CMS admin/maintenance script available. + /vgn/asp/style: Vignette CMS admin/maintenance script available. + /vgn/errors: Vignette CMS admin/maintenance script available. + /vgn/jsp/controller: Vignette CMS admin/maintenance script available. + /vgn/jsp/jspstatus56: Vignette CMS admin/maintenance script available. + /vgn/jsp/metadataupdate: Vignette CMS admin/maintenance script available. + /vgn/jsp/previewer: Vignette CMS admin/maintenance script available. + /vgn/legacy/edit: Vignette CMS admin/maintenance script available. + /webcgi/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL + /cgi/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL + /mpcgi/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL + /cgibin/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL + /scripts/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL + /administrator/config.php: PHP Config file may contain database IDs and passwords. + /cgi.cgi/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544 + /webcgi/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544 + /cgi/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544 + /cgis/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544 + /scripts/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544 + /contents.php?new_language=elvish&mode=select: Requesting a file with an invalid language selection from DC Portal may reveal the system path. + /shopa_sessionlist.asp: VP-ASP shopping cart test application is available from the web. This page may give the location of .mdb files which may also be available. + /typo3conf/localconf.php: TYPO3 config file found. + /cms/typo3conf/localconf.php: TYPO3 config file found. + /typo/typo3conf/localconf.php: TYPO3 config file found. + /webcart-lite/orders/import.txt: This may allow attackers to read credit card data. Reconfigure to make this file not accessible via the web. See: https://packetstormsecurity.com/files/32406/xmas.txt.html + /ws_ftp.ini: Can contain saved passwords for FTP sites. + /WS_FTP.ini: Can contain saved passwords for FTP sites. + /cgi.cgi/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528 + /webcgi/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528 + /mpcgi/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528 + /scripts/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528 + /fcgi-bin/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528 + /SiteServer/Admin/knowledge/persmbr/VsLsLpRd.asp: Expose various LDAP service and backend configuration parameters. See: https://vulners.com/osvdb/OSVDB:17661 + /SiteServer/Admin/knowledge/persmbr/VsPrAuoEd.asp: Expose various LDAP service and backend configuration parameters. See: https://vulners.com/osvdb/OSVDB:17662 + /tvcs/getservers.exe?action=selects1: Following steps 2-4 of this page may reveal a zip file that contains passwords and system details. + /nsn/fdir.bas:ShowVolume: You can use ShowVolume and ShowDirectory directly on the Novell server (NW5.1) to view the filesystem without having to log in. + /webcgi/addbanner.cgi: This CGI may allow attackers to read any file on the system. + /cgi/addbanner.cgi: This CGI may allow attackers to read any file on the system. + /mpcgi/addbanner.cgi: This CGI may allow attackers to read any file on the system. + /cgis/addbanner.cgi: This CGI may allow attackers to read any file on the system. + /cgi-perl/addbanner.cgi: This CGI may allow attackers to read any file on the system. + /cgi.cgi/aglimpse.cgi: This CGI may allow attackers to execute remote commands. + /mpcgi/aglimpse.cgi: This CGI may allow attackers to execute remote commands. + /cgibin/aglimpse.cgi: This CGI may allow attackers to execute remote commands. + /scripts/aglimpse.cgi: This CGI may allow attackers to execute remote commands. + /fcgi-bin/aglimpse.cgi: This CGI may allow attackers to execute remote commands. + /cgi-perl/aglimpse.cgi: This CGI may allow attackers to execute remote commands. + /cgi.cgi/aglimpse: This CGI may allow attackers to execute remote commands. + /webcgi/aglimpse: This CGI may allow attackers to execute remote commands. + /cgi/aglimpse: This CGI may allow attackers to execute remote commands. + /mpcgi/aglimpse: This CGI may allow attackers to execute remote commands. + /cgis/aglimpse: This CGI may allow attackers to execute remote commands. + /scripts/aglimpse: This CGI may allow attackers to execute remote commands. + /cgi.cgi/architext_query.cgi: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands. + /cgi/architext_query.cgi: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands. + /mpcgi/architext_query.cgi: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands. + /fcgi-bin/architext_query.cgi: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands. + /cgi-perl/architext_query.cgi: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands. + /servlet/SchedulerTransfer: PeopleSoft SchedulerTransfer servlet found, which may allow remote command execution. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0104 + /cgi.cgi/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands. + /webcgi/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands. + /cgi/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands. + /cgibin/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands. + /cgis/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands. + /scripts/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands. + /webcgi/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands. + /mpcgi/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands. + /cgibin/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands. + /cgis/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands. + /scripts/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands. + /webcgi/hello.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands. + /mpcgi/hello.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands. + /cgibin/hello.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands. + /cgis/hello.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands. + /fcgi-bin/hello.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands. + /cgi-perl/hello.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands. + /perl/-e%20print%20Hello: The Perl interpreter on the Novell system may allow any command to be executed. See: http://www.securityfocus.com/bid/5520 + /quikstore.cgi: A shopping cart. + /smg_Smxcfg30.exe?vcc=3560121183d3: This may be a Trend Micro Officescan 'backdoor'. + /nsn/..%5Cutil/copy.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server. + /nsn/..%5Cutil/del.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server. + /nsn/..%5Cutil/dsbrowse.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server. + /nsn/..%5Cutil/md.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server. + /nsn/..%5Cutil/rd.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server. + /nsn/..%5Cutil/set.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server. + /nsn/..%5Cutil/type.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server. + /nsn/..%5Cutil/userlist.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server. + /cgis/archie: Gateway to the unix command, may be able to submit extra commands. + /scripts/archie: Gateway to the unix command, may be able to submit extra commands. + /fcgi-bin/archie: Gateway to the unix command, may be able to submit extra commands. + /cgi-perl/archie: Gateway to the unix command, may be able to submit extra commands. + /cgi/calendar.pl: Gateway to the unix command, may be able to submit extra commands. + /cgibin/calendar.pl: Gateway to the unix command, may be able to submit extra commands. + /cgis/calendar.pl: Gateway to the unix command, may be able to submit extra commands. + /cgi-perl/calendar.pl: Gateway to the unix command, may be able to submit extra commands. + /webcgi/calendar: Gateway to the unix command, may be able to submit extra commands. + /cgis/calendar: Gateway to the unix command, may be able to submit extra commands. + /fcgi-bin/calendar: Gateway to the unix command, may be able to submit extra commands. + /cgi-perl/calendar: Gateway to the unix command, may be able to submit extra commands. + /webcgi/date: Gateway to the unix command, may be able to submit extra commands. + /cgi/date: Gateway to the unix command, may be able to submit extra commands. + /fcgi-bin/date: Gateway to the unix command, may be able to submit extra commands. + /cgi.cgi/fortune: Gateway to the unix command, may be able to submit extra commands. + /cgi/fortune: Gateway to the unix command, may be able to submit extra commands. + /mpcgi/fortune: Gateway to the unix command, may be able to submit extra commands. + /scripts/fortune: Gateway to the unix command, may be able to submit extra commands. + /cgi.cgi/redirect: Redirects via URL from form. + /webcgi/redirect: Redirects via URL from form. + /cgibin/redirect: Redirects via URL from form. + /scripts/redirect: Redirects via URL from form. + /cgi.cgi/uptime: Gateway to the unix command, may be able to submit extra commands. + /webcgi/uptime: Gateway to the unix command, may be able to submit extra commands. + /cgi/uptime: Gateway to the unix command, may be able to submit extra commands. + /mpcgi/uptime: Gateway to the unix command, may be able to submit extra commands. + /cgis/uptime: Gateway to the unix command, may be able to submit extra commands. + /cgi-perl/uptime: Gateway to the unix command, may be able to submit extra commands. + /cgi.cgi/wais.pl: Gateway to the unix command, may be able to submit extra commands. + /fcgi-bin/wais.pl: Gateway to the unix command, may be able to submit extra commands. + /LOGIN.PWD: MIPCD password file with unencrypted passwords. MIPDCD should not have the web interface enabled. + /USER/CONFIG.AP: MIPCD configuration information. MIPCD should not have the web interface enabled. + /cgi.cgi/mail: Simple Perl mailing script to send form data to a pre-configured email address. + /webcgi/mail: Simple Perl mailing script to send form data to a pre-configured email address. + /cgi/mail: Simple Perl mailing script to send form data to a pre-configured email address. + /cgis/mail: Simple Perl mailing script to send form data to a pre-configured email address. + /scripts/mail: Simple Perl mailing script to send form data to a pre-configured email address. + /fcgi-bin/mail: Simple Perl mailing script to send form data to a pre-configured email address. + /cgi.cgi/nph-error.pl: Gives more information in error messages. + /webcgi/nph-error.pl: Gives more information in error messages. + /cgi/nph-error.pl: Gives more information in error messages. + /cgibin/nph-error.pl: Gives more information in error messages. + /cgis/nph-error.pl: Gives more information in error messages. + /scripts/nph-error.pl: Gives more information in error messages. + /fcgi-bin/nph-error.pl: Gives more information in error messages. + /cgi-perl/nph-error.pl: Gives more information in error messages. + /cgi.cgi/query: Echoes back result of your GET. + /cgibin/query: Echoes back result of your GET. + /cgis/query: Echoes back result of your GET. + /fcgi-bin/query: Echoes back result of your GET. + /cgi-perl/query: Echoes back result of your GET. + /webcgi/test-cgi.tcl: May echo environment variables or give directory listings. + /cgi/test-cgi.tcl: May echo environment variables or give directory listings. + /cgibin/test-cgi.tcl: May echo environment variables or give directory listings. + /fcgi-bin/test-cgi.tcl: May echo environment variables or give directory listings. + /cgi.cgi/test-env: May echo environment variables or give directory listings. + /mpcgi/test-env: May echo environment variables or give directory listings. + /cgibin/test-env: May echo environment variables or give directory listings. + /scripts/test-env: May echo environment variables or give directory listings. + /cgi-perl/test-env: May echo environment variables or give directory listings. + /admin-serv/config/admpw: This file contains the encrypted Netscape admin password. It should not be accessible via the web. + /cgi-bin/cgi_process: WASD reveals a lot of system information in this script. It should be removed. + /local/httpd$map.conf: WASD reveals the http configuration file. Upgrade to a later version and secure according to the documents on the WASD web site. + /tree: WASD Server reveals the entire web root structure and files via this URL. Upgrade to a later version and secure according to the documents on the WASD web site. + /cgis/orders/orders.txt: The DCShop installation allows credit card numbers to be viewed remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0821 https://packetstormsecurity.com/files/32406/xmas.txt.html + /scripts/orders/orders.txt: The DCShop installation allows credit card numbers to be viewed remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0821 https://packetstormsecurity.com/files/32406/xmas.txt.html + /cgi-perl/orders/orders.txt: The DCShop installation allows credit card numbers to be viewed remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0821 https://packetstormsecurity.com/files/32406/xmas.txt.html + /cgi.cgi/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header. + /webcgi/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header. + /mpcgi/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header. + /cgibin/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header. + /cgis/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header. + /examples/servlet/AUX: Apache Tomcat versions below 4.1 may be vulnerable to DoS by repeatedly requesting this file. + /webcgi/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169 + /mpcgi/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169 + /cgis/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169 + /scripts/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169 + /fcgi-bin/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169 + /cgi-perl/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169 + /contents/extensions/asp/1: The IIS system may be vulnerable to a DOS. See: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/MS02-018 + /cgi.cgi/Pbcgi.exe?bcgiu4: Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128 + /webcgi/Pbcgi.exe?bcgiu4: Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128 + /scripts/Pbcgi.exe?bcgiu4: Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128 + /mpcgi/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128 + /cgis/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128 + /cgi-win/cgitest.exe: This CGI may allow the server to be crashed remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128 + /cgi/snorkerz.bat: Arguments passed to DOS CGI without checking. + /scripts/snorkerz.bat: Arguments passed to DOS CGI without checking. + /cgi-perl/snorkerz.bat: Arguments passed to DOS CGI without checking. + /cgi-shl/win-c-sample.exe: win-c-sample.exe has a buffer overflow. + /cgi.cgi/sbcgi/sitebuilder.cgi: SITEBUILDER v1.4 may allow retrieval of any file. With a valid username and password, request: //sbcgi/sitebuilder.cgi?username=&password=&selectedpage=../../../../../../../../../../etc/passwd. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0756 + /mpcgi/sbcgi/sitebuilder.cgi: SITEBUILDER v1.4 may allow retrieval of any file. With a valid username and password, request: //sbcgi/sitebuilder.cgi?username=&password=&selectedpage=../../../../../../../../../../etc/passwd. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0756 + /fcgi-bin/sbcgi/sitebuilder.cgi: SITEBUILDER v1.4 may allow retrieval of any file. With a valid username and password, request: //sbcgi/sitebuilder.cgi?username=&password=&selectedpage=../../../../../../../../../../etc/passwd. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0756 + /phpBB/My_eGallery/public/displayCategory.php: My_eGallery prior to 3.1.1.g are vulnerable to a remote execution bug via SQL command injection. displayCategory.php calls imageFunctions.php without checking URL/location arguments. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6795 + /cgi.cgi/classifieds/index.cgi: My Classifieds pre 2.12 is vulnerable to SQL injection attacks. + /scripts/classifieds/index.cgi: My Classifieds pre 2.12 is vulnerable to SQL injection attacks. + /author.asp: May be FactoSystem CMS, which could include SQL injection problems that could not be tested remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1499 + /cgi/myguestbook.cgi?action=view: myGuestBook 1.0 may be vulnerable to Cross Site Scripting (XSS) in posted contents. Upgrade to the latest version. + /mpcgi/myguestbook.cgi?action=view: myGuestBook 1.0 may be vulnerable to Cross Site Scripting (XSS) in posted contents. Upgrade to the latest version. + /fcgi-bin/myguestbook.cgi?action=view: myGuestBook 1.0 may be vulnerable to Cross Site Scripting (XSS) in posted contents. Upgrade to the latest version. + /webcgi/diagnose.cgi: This COWS (CGI Online Worldweb Shopping) script may give system information to attackers, and may be vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1680 + /cgi/diagnose.cgi: This COWS (CGI Online Worldweb Shopping) script may give system information to attackers, and may be vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1680 + /mpcgi/diagnose.cgi: This COWS (CGI Online Worldweb Shopping) script may give system information to attackers, and may be vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1680 + /cgibin/diagnose.cgi: This COWS (CGI Online Worldweb Shopping) script may give system information to attackers, and may be vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1680 + /scripts/diagnose.cgi: This COWS (CGI Online Worldweb Shopping) script may give system information to attackers, and may be vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1680 + /fcgi-bin/diagnose.cgi: This COWS (CGI Online Worldweb Shopping) script may give system information to attackers, and may be vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1680 + /modules.php?letter=%22%3E%3Cimg%20src=javascript:alert(document.cookie);%3E&op=modload&name=Members_List&file=index: Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS). + /anthill/login.php: Anthill bug tracking system may be installed. Versions lower than 0.1.6.1 allow XSS and may allow users to bypass login requirements. + /webcgi/title.cgi: HNS's title.cgi is vulnerable to Cross Site Scripting (XSS http://www.cert.org/advisories/CA-2000-02.html) in version 2.00 and earlier, and Lite 0.8 and earlier. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2115 + /mpcgi/title.cgi: HNS's title.cgi is vulnerable to Cross Site Scripting (XSS http://www.cert.org/advisories/CA-2000-02.html) in version 2.00 and earlier, and Lite 0.8 and earlier. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2115 + /cgis/title.cgi: HNS's title.cgi is vulnerable to Cross Site Scripting (XSS http://www.cert.org/advisories/CA-2000-02.html) in version 2.00 and earlier, and Lite 0.8 and earlier. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2115 + /scripts/title.cgi: HNS's title.cgi is vulnerable to Cross Site Scripting (XSS http://www.cert.org/advisories/CA-2000-02.html) in version 2.00 and earlier, and Lite 0.8 and earlier. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2115 + /cgi-perl/title.cgi: HNS's title.cgi is vulnerable to Cross Site Scripting (XSS http://www.cert.org/advisories/CA-2000-02.html) in version 2.00 and earlier, and Lite 0.8 and earlier. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2115 + /cgi.cgi/compatible.cgi: This COWS (CGI Online Worldweb Shopping) script may give system information to attackers, and may be vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1680 + /webcgi/compatible.cgi: This COWS (CGI Online Worldweb Shopping) script may give system information to attackers, and may be vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1680 + /cgi/compatible.cgi: This COWS (CGI Online Worldweb Shopping) script may give system information to attackers, and may be vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1680 + /mpcgi/compatible.cgi: This COWS (CGI Online Worldweb Shopping) script may give system information to attackers, and may be vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1680 + /scripts/compatible.cgi: This COWS (CGI Online Worldweb Shopping) script may give system information to attackers, and may be vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1680 + /cgi.cgi/probecontrol.cgi?command=enable&username=cancer&password=killer: This might be interesting: has been seen in web logs from a scanner. + /webcgi/probecontrol.cgi?command=enable&username=cancer&password=killer: This might be interesting: has been seen in web logs from a scanner. + /mpcgi/probecontrol.cgi?command=enable&username=cancer&password=killer: This might be interesting: has been seen in web logs from a scanner. + /cgibin/probecontrol.cgi?command=enable&username=cancer&password=killer: This might be interesting: has been seen in web logs from a scanner. + /scripts/probecontrol.cgi?command=enable&username=cancer&password=killer: This might be interesting: has been seen in web logs from a scanner. + /cgibin/probecontrol.cgi?command=enable&userNikto=cancer&password=killer: This might be interesting: has been seen in web logs from a scanner. + /scripts/probecontrol.cgi?command=enable&userNikto=cancer&password=killer: This might be interesting: has been seen in web logs from a scanner. + /fcgi-bin/probecontrol.cgi?command=enable&userNikto=cancer&password=killer: This might be interesting: has been seen in web logs from a scanner. + /cgi.cgi/retrieve_password.pl: retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0226 + /cgi/retrieve_password.pl: retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0226 + /cgi-perl/retrieve_password.pl: retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0226 + /cgi.cgi/wwwadmin.pl: Administration CGI?. + /cgibin/wwwadmin.pl: Administration CGI?. + /scripts/wwwadmin.pl: Administration CGI?. + /cgi-perl/wwwadmin.pl: Administration CGI?. + /cgi.cgi/webmap.cgi: nmap front end... could be fun. + /cgibin/webmap.cgi: nmap front end... could be fun. + /cgis/webmap.cgi: nmap front end... could be fun. + /fcgi-bin/webmap.cgi: nmap front end... could be fun. + /cbms/editclient.php: CBMS Billing Management has had many vulnerabilities in versions 0.7.1 and below. None could be confirmed here, but they should be manually checked if possible. http://freshmeat.net/projects/cbms/. + /cbms/realinv.php: CBMS Billing Management has had many vulnerabilities in versions 0.7.1 and below. None could be confirmed here, but they should be manually checked if possible. http://freshmeat.net/projects/cbms/. + /cbms/usersetup.php: CBMS Billing Management has had many vulnerabilities in versions 0.7.1 and below. None could be confirmed here, but they should be manually checked if possible. http://freshmeat.net/projects/cbms/. + /webcgi/admin/admin.cgi: May be ImageFolio Pro administration CGI. Default login is Admin/ImageFolio. + /cgis/admin/admin.cgi: May be ImageFolio Pro administration CGI. Default login is Admin/ImageFolio. + /scripts/admin/admin.cgi: May be ImageFolio Pro administration CGI. Default login is Admin/ImageFolio. + /fcgi-bin/admin/admin.cgi: May be ImageFolio Pro administration CGI. Default login is Admin/ImageFolio. + /cgi-perl/admin/admin.cgi: May be ImageFolio Pro administration CGI. Default login is Admin/ImageFolio. + /webcgi/admin/setup.cgi: May be ImageFolio Pro setup CGI. Default login is Admin/ImageFolio. + /cgibin/admin/setup.cgi: May be ImageFolio Pro setup CGI. Default login is Admin/ImageFolio. + /scripts/admin/setup.cgi: May be ImageFolio Pro setup CGI. Default login is Admin/ImageFolio. + /fcgi-bin/admin/setup.cgi: May be ImageFolio Pro setup CGI. Default login is Admin/ImageFolio. + /cgi-perl/admin/setup.cgi: May be ImageFolio Pro setup CGI. Default login is Admin/ImageFolio. + /cgi.cgi/mt-static/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload. + /mpcgi/mt-static/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload. + /cgibin/mt-static/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload. + /cgis/mt-static/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload. + /scripts/mt-static/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload. + /cgi-perl/mt-static/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload. + /cgi.cgi/mt/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload. + /webcgi/mt/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload. + /cgis/mt/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload. + /cgi-perl/mt/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload. + /webcgi/dbman/db.cgi?db=no-db: This CGI allows remote attackers to view system information. + /mpcgi/dbman/db.cgi?db=no-db: This CGI allows remote attackers to view system information. + /cgis/dbman/db.cgi?db=no-db: This CGI allows remote attackers to view system information. + /fcgi-bin/dbman/db.cgi?db=no-db: This CGI allows remote attackers to view system information. + /mpcgi/dcshop/auth_data/auth_user_file.txt: The DCShop installation allows credit card numbers to be viewed remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0821 https://packetstormsecurity.com/files/32406/xmas.txt.html + /scripts/dcshop/auth_data/auth_user_file.txt: The DCShop installation allows credit card numbers to be viewed remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0821 https://packetstormsecurity.com/files/32406/xmas.txt.html + /cgi-perl/dcshop/auth_data/auth_user_file.txt: The DCShop installation allows credit card numbers to be viewed remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0821 https://packetstormsecurity.com/files/32406/xmas.txt.html + /dcshop/orders/orders.txt: The DCShop installation allows credit card numbers to be viewed remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0821 https://packetstormsecurity.com/files/32406/xmas.txt.html + /webcgi/dcshop/orders/orders.txt: The DCShop installation allows credit card numbers to be viewed remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0821 https://packetstormsecurity.com/files/32406/xmas.txt.html + /mpcgi/dcshop/orders/orders.txt: The DCShop installation allows credit card numbers to be viewed remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0821 https://packetstormsecurity.com/files/32406/xmas.txt.html + /cgibin/dcshop/orders/orders.txt: The DCShop installation allows credit card numbers to be viewed remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0821 https://packetstormsecurity.com/files/32406/xmas.txt.html + /cgis/dcshop/orders/orders.txt: The DCShop installation allows credit card numbers to be viewed remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0821 https://packetstormsecurity.com/files/32406/xmas.txt.html + /scripts/dcshop/orders/orders.txt: The DCShop installation allows credit card numbers to be viewed remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0821 https://packetstormsecurity.com/files/32406/xmas.txt.html + /fcgi-bin/dcshop/orders/orders.txt: The DCShop installation allows credit card numbers to be viewed remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0821 https://packetstormsecurity.com/files/32406/xmas.txt.html + /cgibin/dumpenv.pl: This CGI gives a lot of information to attackers. + /scripts/dumpenv.pl: This CGI gives a lot of information to attackers. + /webcgi/mkilog.exe: This CGI can give an attacker a lot of information. + /cgi/mkilog.exe: This CGI can give an attacker a lot of information. + /mpcgi/mkilog.exe: This CGI can give an attacker a lot of information. + /cgibin/mkilog.exe: This CGI can give an attacker a lot of information. + /fcgi-bin/mkilog.exe: This CGI can give an attacker a lot of information. + /cgi-perl/mkilog.exe: This CGI can give an attacker a lot of information. + /mpcgi/mkplog.exe: This CGI can give an attacker a lot of information. + /cgis/mkplog.exe: This CGI can give an attacker a lot of information. + /scripts/mkplog.exe: This CGI can give an attacker a lot of information. + /fcgi-bin/mkplog.exe: This CGI can give an attacker a lot of information. + /cgi.cgi/processit.pl: This CGI returns environment variables, giving attackers valuable information. + /cgi/processit.pl: This CGI returns environment variables, giving attackers valuable information. + /scripts/processit.pl: This CGI returns environment variables, giving attackers valuable information. + /fcgi-bin/processit.pl: This CGI returns environment variables, giving attackers valuable information. + /webcgi/rpm_query: This CGI allows anyone to see the installed RPMs. + /mpcgi/rpm_query: This CGI allows anyone to see the installed RPMs. + /scripts/rpm_query: This CGI allows anyone to see the installed RPMs. + /cgi-perl/rpm_query: This CGI allows anyone to see the installed RPMs. + /webcgi/shop/orders/orders.txt: The DCShop installation allows credit card numbers to be viewed remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0821 + /cgi/shop/orders/orders.txt: The DCShop installation allows credit card numbers to be viewed remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0821 + /mpcgi/shop/orders/orders.txt: The DCShop installation allows credit card numbers to be viewed remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0821 + /cgis/shop/orders/orders.txt: The DCShop installation allows credit card numbers to be viewed remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0821 + /cgi.cgi/ws_ftp.ini: Can contain saved passwords for ftp sites. + /cgi/ws_ftp.ini: Can contain saved passwords for ftp sites. + /mpcgi/ws_ftp.ini: Can contain saved passwords for ftp sites. + /cgibin/ws_ftp.ini: Can contain saved passwords for ftp sites. + /cgi-perl/ws_ftp.ini: Can contain saved passwords for ftp sites. + /cgi.cgi/WS_FTP.ini: Can contain saved passwords for ftp sites. + /webcgi/WS_FTP.ini: Can contain saved passwords for ftp sites. + /cgibin/WS_FTP.ini: Can contain saved passwords for ftp sites. + /cgis/WS_FTP.ini: Can contain saved passwords for ftp sites. + /scripts/WS_FTP.ini: Can contain saved passwords for ftp sites. + /admin/cplogfile.log: DevBB 1.0 final log file is readable remotely. Upgrade to the latest version. See: http://www.mybboard.com + /chat/!nicks.txt: WF-Chat 1.0 Beta allows retrieval of user information. See: OSVDB-59646 + /chat/!pwds.txt: WF-Chat 1.0 Beta allows retrieval of user information. See: OSVDB-59645 + /chat/data/usr: SimpleChat! 1.3 allows retrieval of user information. See: OSVDB-53304 + /config.php: PHP Config file may contain database IDs and passwords. + /cgi.cgi/view-source?view-source: This allows remote users to view source code. + /cgis/view-source?view-source: This allows remote users to view source code. + /fcgi-bin/view-source?view-source: This allows remote users to view source code. + /webcgi/scoadminreg.cgi: This script (part of UnixWare WebTop) may have a local root exploit. It is also an system admin script and should be protected via the web. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0311 + /cgi/scoadminreg.cgi: This script (part of UnixWare WebTop) may have a local root exploit. It is also an system admin script and should be protected via the web. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0311 + /cgibin/scoadminreg.cgi: This script (part of UnixWare WebTop) may have a local root exploit. It is also an system admin script and should be protected via the web. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0311 + /cgis/scoadminreg.cgi: This script (part of UnixWare WebTop) may have a local root exploit. It is also an system admin script and should be protected via the web. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0311 + /scripts/scoadminreg.cgi: This script (part of UnixWare WebTop) may have a local root exploit. It is also an system admin script and should be protected via the web. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0311 + /webcgi/SGB_DIR/superguestconfig: Super GuestBook 1.0 from lasource.r2.ru stores the admin password in a plain text file. See: OSVDB-4663 + /scripts/SGB_DIR/superguestconfig: Super GuestBook 1.0 from lasource.r2.ru stores the admin password in a plain text file. See: OSVDB-4663 + /fcgi-bin/SGB_DIR/superguestconfig: Super GuestBook 1.0 from lasource.r2.ru stores the admin password in a plain text file. See: OSVDB-4663 + /webcgi/icat: Multiple versions of icat allow attackers to read arbitrary files. Make sure the latest version is running. + /mpcgi/icat: Multiple versions of icat allow attackers to read arbitrary files. Make sure the latest version is running. + /scripts/icat: Multiple versions of icat allow attackers to read arbitrary files. Make sure the latest version is running. + /cgi-perl/icat: Multiple versions of icat allow attackers to read arbitrary files. Make sure the latest version is running. + /cgi.cgi/nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0: nCUBE Server Manager 1.0 nph-showlogs.pl directory traversal bug. + /webcgi/nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0: nCUBE Server Manager 1.0 nph-showlogs.pl directory traversal bug. + /cgi/nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0: nCUBE Server Manager 1.0 nph-showlogs.pl directory traversal bug. + /cgibin/nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0: nCUBE Server Manager 1.0 nph-showlogs.pl directory traversal bug. + /cgis/nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0: nCUBE Server Manager 1.0 nph-showlogs.pl directory traversal bug. + /scripts/nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0: nCUBE Server Manager 1.0 nph-showlogs.pl directory traversal bug. + /fcgi-bin/nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0: nCUBE Server Manager 1.0 nph-showlogs.pl directory traversal bug. + /cgi-perl/nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0: nCUBE Server Manager 1.0 nph-showlogs.pl directory traversal bug. + /cgi.cgi/view-source: This may allow remote arbitrary file retrieval. + /cgi/view-source: This may allow remote arbitrary file retrieval. + /cgibin/view-source: This may allow remote arbitrary file retrieval. + /scripts/view-source: This may allow remote arbitrary file retrieval. + /webcgi/wrap: This CGI lets users read any file with 755 perms. It should not be in the CGI directory. + /cgi/wrap: This CGI lets users read any file with 755 perms. It should not be in the CGI directory. + /cgibin/wrap: This CGI lets users read any file with 755 perms. It should not be in the CGI directory. + /fcgi-bin/wrap: This CGI lets users read any file with 755 perms. It should not be in the CGI directory. + /cgi.cgi/cgiwrap: Some versions of cgiwrap allow anyone to execute commands remotely. + /webcgi/cgiwrap: Some versions of cgiwrap allow anyone to execute commands remotely. + /cgis/cgiwrap: Some versions of cgiwrap allow anyone to execute commands remotely. + /cgi-perl/cgiwrap: Some versions of cgiwrap allow anyone to execute commands remotely. + /cgi.cgi/Count.cgi: This may allow attackers to execute arbitrary commands on the server. + /cgi/Count.cgi: This may allow attackers to execute arbitrary commands on the server. + /mpcgi/Count.cgi: This may allow attackers to execute arbitrary commands on the server. + /cgibin/Count.cgi: This may allow attackers to execute arbitrary commands on the server. + /cgis/Count.cgi: This may allow attackers to execute arbitrary commands on the server. + /fcgi-bin/Count.cgi: This may allow attackers to execute arbitrary commands on the server. + /cgi-perl/Count.cgi: This may allow attackers to execute arbitrary commands on the server. + /cgi.cgi/echo.bat: This CGI may allow attackers to execute remote commands. + /webcgi/echo.bat: This CGI may allow attackers to execute remote commands. + /cgis/echo.bat: This CGI may allow attackers to execute remote commands. + /cgi-perl/echo.bat: This CGI may allow attackers to execute remote commands. + /webcgi/ImageFolio/admin/admin.cgi: ImageFolio (default account Admin/ImageFolio) may allow files to be deleted via URLs like: ?cgi=remove.pl&uid=111.111.111.111&rmstep=2&category=../../../../../../../../../../../etc/. See: OSVDB-4571 + /cgi/ImageFolio/admin/admin.cgi: ImageFolio (default account Admin/ImageFolio) may allow files to be deleted via URLs like: ?cgi=remove.pl&uid=111.111.111.111&rmstep=2&category=../../../../../../../../../../../etc/. See: OSVDB-4571 + /mpcgi/ImageFolio/admin/admin.cgi: ImageFolio (default account Admin/ImageFolio) may allow files to be deleted via URLs like: ?cgi=remove.pl&uid=111.111.111.111&rmstep=2&category=../../../../../../../../../../../etc/. See: OSVDB-4571 + /cgibin/ImageFolio/admin/admin.cgi: ImageFolio (default account Admin/ImageFolio) may allow files to be deleted via URLs like: ?cgi=remove.pl&uid=111.111.111.111&rmstep=2&category=../../../../../../../../../../../etc/. See: OSVDB-4571 + /scripts/ImageFolio/admin/admin.cgi: ImageFolio (default account Admin/ImageFolio) may allow files to be deleted via URLs like: ?cgi=remove.pl&uid=111.111.111.111&rmstep=2&category=../../../../../../../../../../../etc/. See: OSVDB-4571 + /cgi-perl/ImageFolio/admin/admin.cgi: ImageFolio (default account Admin/ImageFolio) may allow files to be deleted via URLs like: ?cgi=remove.pl&uid=111.111.111.111&rmstep=2&category=../../../../../../../../../../../etc/. See: OSVDB-4571 + /webcgi/info2www: This CGI allows attackers to execute commands. + /cgi/info2www: This CGI allows attackers to execute commands. + /fcgi-bin/info2www: This CGI allows attackers to execute commands. + /webcgi/infosrch.cgi: This CGI allows attackers to execute commands. + /cgi/infosrch.cgi: This CGI allows attackers to execute commands. + /mpcgi/infosrch.cgi: This CGI allows attackers to execute commands. + /cgibin/infosrch.cgi: This CGI allows attackers to execute commands. + /cgis/infosrch.cgi: This CGI allows attackers to execute commands. + /cgi-perl/infosrch.cgi: This CGI allows attackers to execute commands. + /mpcgi/listrec.pl: This CGI allows attackers to execute commands on the host. + /cgibin/listrec.pl: This CGI allows attackers to execute commands on the host. + /cgis/listrec.pl: This CGI allows attackers to execute commands on the host. + /scripts/listrec.pl: This CGI allows attackers to execute commands on the host. + /fcgi-bin/listrec.pl: This CGI allows attackers to execute commands on the host. + /cgi.cgi/mailnews.cgi: Some versions allow attacker to execute commands as http daemon. Upgrade or remove. + /webcgi/mailnews.cgi: Some versions allow attacker to execute commands as http daemon. Upgrade or remove. + /mpcgi/mailnews.cgi: Some versions allow attacker to execute commands as http daemon. Upgrade or remove. + /cgibin/mailnews.cgi: Some versions allow attacker to execute commands as http daemon. Upgrade or remove. + /cgis/mailnews.cgi: Some versions allow attacker to execute commands as http daemon. Upgrade or remove. + /webcgi/mmstdod.cgi: May allow attacker to execute remote commands. Upgrade to version 3.0.26 or higher. + /cgibin/mmstdod.cgi: May allow attacker to execute remote commands. Upgrade to version 3.0.26 or higher. + /scripts/mmstdod.cgi: May allow attacker to execute remote commands. Upgrade to version 3.0.26 or higher. + /fcgi-bin/mmstdod.cgi: May allow attacker to execute remote commands. Upgrade to version 3.0.26 or higher. + /cgi-perl/mmstdod.cgi: May allow attacker to execute remote commands. Upgrade to version 3.0.26 or higher. + /webcgi/pagelog.cgi: Some versions of this allow you to create system files. Request 'pagelog.cgi?name=../../../../.././tmp/filename' to try. + /cgibin/pagelog.cgi: Some versions of this allow you to create system files. Request 'pagelog.cgi?name=../../../../.././tmp/filename' to try. + /cgis/pagelog.cgi: Some versions of this allow you to create system files. Request 'pagelog.cgi?name=../../../../.././tmp/filename' to try. + /scripts/pagelog.cgi: Some versions of this allow you to create system files. Request 'pagelog.cgi?name=../../../../.././tmp/filename' to try. + /cgi-perl/pagelog.cgi: Some versions of this allow you to create system files. Request 'pagelog.cgi?name=../../../../.././tmp/filename' to try. + /cgi.cgi/perl?-v: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove Perl from the CGI dir. + /webcgi/perl?-v: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove Perl from the CGI dir. + /mpcgi/perl?-v: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove Perl from the CGI dir. + /scripts/perl?-v: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove Perl from the CGI dir. + /fcgi-bin/perl?-v: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove Perl from the CGI dir. + /cgi-perl/perl?-v: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove Perl from the CGI dir. + /cgi.cgi/perl.exe?-v: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove perl.exe from the CGI dir. + /cgi/perl.exe?-v: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove perl.exe from the CGI dir. + /mpcgi/perl.exe?-v: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove perl.exe from the CGI dir. + /cgibin/perl.exe?-v: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove perl.exe from the CGI dir. + /cgis/perl.exe?-v: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove perl.exe from the CGI dir. + /scripts/perl.exe?-v: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove perl.exe from the CGI dir. + /fcgi-bin/perl.exe?-v: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove perl.exe from the CGI dir. + /cgi-perl/perl.exe?-v: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove perl.exe from the CGI dir. + /cgi.cgi/perl.exe: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove Perl from the CGI dir. + /webcgi/perl.exe: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove Perl from the CGI dir. + /cgi/perl.exe: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove Perl from the CGI dir. + /mpcgi/perl.exe: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove Perl from the CGI dir. + /cgibin/perl.exe: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove Perl from the CGI dir. + /cgis/perl.exe: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove Perl from the CGI dir. + /cgi.cgi/perl: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove Perl from the CGI dir. + /webcgi/perl: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove Perl from the CGI dir. + /mpcgi/perl: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove Perl from the CGI dir. + /scripts/perl: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove Perl from the CGI dir. + /cgis/plusmail: This CGI may allow attackers to execute commands remotely. + /scripts/plusmail: This CGI may allow attackers to execute commands remotely. + /cgi.cgi/scripts/slxweb.dll/getfile?type=Library&file=invalidfilename: SalesLogix WebClient may allow attackers to execute arbitrary commands on the host. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1607 http://www.securityfocus.com/archive/1/378637 + /webcgi/scripts/slxweb.dll/getfile?type=Library&file=invalidfilename: SalesLogix WebClient may allow attackers to execute arbitrary commands on the host. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1607 http://www.securityfocus.com/archive/1/378637 + /mpcgi/scripts/slxweb.dll/getfile?type=Library&file=invalidfilename: SalesLogix WebClient may allow attackers to execute arbitrary commands on the host. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1607 http://www.securityfocus.com/archive/1/378637 + /cgibin/scripts/slxweb.dll/getfile?type=Library&file=invalidfilename: SalesLogix WebClient may allow attackers to execute arbitrary commands on the host. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1607 http://www.securityfocus.com/archive/1/378637 + /scripts/scripts/slxweb.dll/getfile?type=Library&file=invalidfilename: SalesLogix WebClient may allow attackers to execute arbitrary commands on the host. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1607 http://www.securityfocus.com/archive/1/378637 + /cgi-perl/scripts/slxweb.dll/getfile?type=Library&file=invalidfilename: SalesLogix WebClient may allow attackers to execute arbitrary commands on the host. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1607 http://www.securityfocus.com/archive/1/378637 + /cgi/scripts/slxweb.dll/getfile?type=Library&file=invalidfileNikto: SalesLogix WebClient may allow attackers to execute arbitrary commands on the host. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1607 http://www.securityfocus.com/archive/1/378637 + /cgibin/scripts/slxweb.dll/getfile?type=Library&file=invalidfileNikto: SalesLogix WebClient may allow attackers to execute arbitrary commands on the host. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1607 http://www.securityfocus.com/archive/1/378637 + /cgis/scripts/slxweb.dll/getfile?type=Library&file=invalidfileNikto: SalesLogix WebClient may allow attackers to execute arbitrary commands on the host. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1607 http://www.securityfocus.com/archive/1/378637 + /scripts/scripts/slxweb.dll/getfile?type=Library&file=invalidfileNikto: SalesLogix WebClient may allow attackers to execute arbitrary commands on the host. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1607 http://www.securityfocus.com/archive/1/378637 + /webcgi/smartsearch.cgi?keywords=|/bin/cat%20/etc/passwd|: To check for remote execution vulnerability use ?keywords=|/bin/ls| or your favorite command. + /mpcgi/smartsearch.cgi?keywords=|/bin/cat%20/etc/passwd|: To check for remote execution vulnerability use ?keywords=|/bin/ls| or your favorite command. + /scripts/smartsearch.cgi?keywords=|/bin/cat%20/etc/passwd|: To check for remote execution vulnerability use ?keywords=|/bin/ls| or your favorite command. + /cgis/spin_client.cgi?aaaaaaaa: This CGI may be vulnerable to remote execution by sending 8000 x 'a' characters (check to see if you get a 500 error message). See: https://www.tenable.com/plugins/nessus/10393 + /scripts/spin_client.cgi?aaaaaaaa: This CGI may be vulnerable to remote execution by sending 8000 x 'a' characters (check to see if you get a 500 error message). See: https://www.tenable.com/plugins/nessus/10393 + /cgi.cgi/sscd_suncourier.pl: Sunsolve CD script may allow users to execute arbitrary commands. The script was confirmed to exist, but the test was not done. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0436 + /cgibin/sscd_suncourier.pl: Sunsolve CD script may allow users to execute arbitrary commands. The script was confirmed to exist, but the test was not done. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0436 + /scripts/sscd_suncourier.pl: Sunsolve CD script may allow users to execute arbitrary commands. The script was confirmed to exist, but the test was not done. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0436 + /fcgi-bin/sscd_suncourier.pl: Sunsolve CD script may allow users to execute arbitrary commands. The script was confirmed to exist, but the test was not done. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0436 + /fcgi-bin/viralator.cgi: May be vulnerable to command injection, upgrade to 0.9pre2 or newer. This flaw could not be confirmed. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0849 + /cgi-perl/viralator.cgi: May be vulnerable to command injection, upgrade to 0.9pre2 or newer. This flaw could not be confirmed. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0849 + /mpcgi/virgil.cgi: The Virgil CGI Scanner 0.9 allows remote users to gain a system shell. This could not be confirmed (try syntax such as virgil.cgi?tar=-lp&zielport=31337 to open a connection on port 31337. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1938 + /cgibin/virgil.cgi: The Virgil CGI Scanner 0.9 allows remote users to gain a system shell. This could not be confirmed (try syntax such as virgil.cgi?tar=-lp&zielport=31337 to open a connection on port 31337. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1938 + /cgis/virgil.cgi: The Virgil CGI Scanner 0.9 allows remote users to gain a system shell. This could not be confirmed (try syntax such as virgil.cgi?tar=-lp&zielport=31337 to open a connection on port 31337. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1938 + /scripts/virgil.cgi: The Virgil CGI Scanner 0.9 allows remote users to gain a system shell. This could not be confirmed (try syntax such as virgil.cgi?tar=-lp&zielport=31337 to open a connection on port 31337. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1938 + /cgi-perl/virgil.cgi: The Virgil CGI Scanner 0.9 allows remote users to gain a system shell. This could not be confirmed (try syntax such as virgil.cgi?tar=-lp&zielport=31337 to open a connection on port 31337. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1938 + /webcgi/vpasswd.cgi: Some versions of this CGI allow attackers to execute system commands. See: https://seclists.org/bugtraq/2002/Oct/362 + /cgi/vpasswd.cgi: Some versions of this CGI allow attackers to execute system commands. See: https://seclists.org/bugtraq/2002/Oct/362 + /scripts/vpasswd.cgi: Some versions of this CGI allow attackers to execute system commands. See: https://seclists.org/bugtraq/2002/Oct/362 + /cgi.cgi/webgais: The webgais allows attackers to execute commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0176 + /webcgi/webgais: The webgais allows attackers to execute commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0176 + /mpcgi/webgais: The webgais allows attackers to execute commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0176 + /cgibin/webgais: The webgais allows attackers to execute commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0176 + /scripts/webgais: The webgais allows attackers to execute commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0176 + /fcgi-bin/webgais: The webgais allows attackers to execute commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0176 + /cgi-perl/webgais: The webgais allows attackers to execute commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0176 + /cgi.cgi/websendmail: This CGI may allow attackers to execute arbitrary commands remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0196 + /mpcgi/websendmail: This CGI may allow attackers to execute arbitrary commands remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0196 + /cgibin/websendmail: This CGI may allow attackers to execute arbitrary commands remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0196 + /scripts/websendmail: This CGI may allow attackers to execute arbitrary commands remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0196 + /fcgi-bin/websendmail: This CGI may allow attackers to execute arbitrary commands remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0196 + /cgi-perl/websendmail: This CGI may allow attackers to execute arbitrary commands remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0196 + /webcgi/wwwwais: wwwais has a vulnerability that lets attackers run commands as http daemon owner. Request 'CGIDIR/wwwais?version=version=123&' and 4096 bytes of garbage. + /cgi/wwwwais: wwwais has a vulnerability that lets attackers run commands as http daemon owner. Request 'CGIDIR/wwwais?version=version=123&' and 4096 bytes of garbage. + /mpcgi/wwwwais: wwwais has a vulnerability that lets attackers run commands as http daemon owner. Request 'CGIDIR/wwwais?version=version=123&' and 4096 bytes of garbage. + /cgi-perl/wwwwais: wwwais has a vulnerability that lets attackers run commands as http daemon owner. Request 'CGIDIR/wwwais?version=version=123&' and 4096 bytes of garbage. + /cgi.cgi/common/listrec.pl: This CGI allows attackers to execute commands on the host. + /webcgi/common/listrec.pl: This CGI allows attackers to execute commands on the host. + /cgis/common/listrec.pl: This CGI allows attackers to execute commands on the host. + /fcgi-bin/common/listrec.pl: This CGI allows attackers to execute commands on the host. + /cgi-perl/common/listrec.pl: This CGI allows attackers to execute commands on the host. + /ews/ews/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands. http://www.securityfocus.com/bid/2665. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0279 + /webcgi/stat.pl: Uninets StatsPlus 1.25 may be vulnerable to command/script injection by manipulating HTTP_USER_AGENT or HTTP_REFERER. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2330,http://www.uninetsolutions.com/stats.html + /cgibin/stat.pl: Uninets StatsPlus 1.25 may be vulnerable to command/script injection by manipulating HTTP_USER_AGENT or HTTP_REFERER. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2330,http://www.uninetsolutions.com/stats.html + /cgis/stat.pl: Uninets StatsPlus 1.25 may be vulnerable to command/script injection by manipulating HTTP_USER_AGENT or HTTP_REFERER. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2330,http://www.uninetsolutions.com/stats.html + /scripts/stat.pl: Uninets StatsPlus 1.25 may be vulnerable to command/script injection by manipulating HTTP_USER_AGENT or HTTP_REFERER. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2330,http://www.uninetsolutions.com/stats.html + /fcgi-bin/stat.pl: Uninets StatsPlus 1.25 may be vulnerable to command/script injection by manipulating HTTP_USER_AGENT or HTTP_REFERER. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2330,http://www.uninetsolutions.com/stats.html + /webcgi/cachemgr.cgi: Manager for squid proxy; problem with RedHat 6 making it public, can allow attacker to perform port scans. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0710 + /mpcgi/cachemgr.cgi: Manager for squid proxy; problem with RedHat 6 making it public, can allow attacker to perform port scans. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0710 + /scripts/cachemgr.cgi: Manager for squid proxy; problem with RedHat 6 making it public, can allow attacker to perform port scans. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0710 + /cgi-perl/cachemgr.cgi: Manager for squid proxy; problem with RedHat 6 making it public, can allow attacker to perform port scans. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0710 + /cgi.cgi/ppdscgi.exe: PowerPlay Web Edition may allow unauthenticated users to view pages. See: BID-491 + /webcgi/ppdscgi.exe: PowerPlay Web Edition may allow unauthenticated users to view pages. See: BID-491 + /cgibin/ppdscgi.exe: PowerPlay Web Edition may allow unauthenticated users to view pages. See: BID-491 + /cgis/ppdscgi.exe: PowerPlay Web Edition may allow unauthenticated users to view pages. See: BID-491 + /scripts/ppdscgi.exe: PowerPlay Web Edition may allow unauthenticated users to view pages. See: BID-491 + /fcgi-bin/ppdscgi.exe: PowerPlay Web Edition may allow unauthenticated users to view pages. See: BID-491 + /cgi-perl/ppdscgi.exe: PowerPlay Web Edition may allow unauthenticated users to view pages. See: BID-491 + /cgi.cgi/webif.cgi: HNS's webif.cgi is vulnerable to allow remote users to rewrite diary entries if 'direct mode' is enabled in version 2.00 and earlier, and Lite 0.8 and earlier. + /webcgi/webif.cgi: HNS's webif.cgi is vulnerable to allow remote users to rewrite diary entries if 'direct mode' is enabled in version 2.00 and earlier, and Lite 0.8 and earlier. + /cgi/webif.cgi: HNS's webif.cgi is vulnerable to allow remote users to rewrite diary entries if 'direct mode' is enabled in version 2.00 and earlier, and Lite 0.8 and earlier. + /mpcgi/webif.cgi: HNS's webif.cgi is vulnerable to allow remote users to rewrite diary entries if 'direct mode' is enabled in version 2.00 and earlier, and Lite 0.8 and earlier. + /cgibin/webif.cgi: HNS's webif.cgi is vulnerable to allow remote users to rewrite diary entries if 'direct mode' is enabled in version 2.00 and earlier, and Lite 0.8 and earlier. + /cgis/webif.cgi: HNS's webif.cgi is vulnerable to allow remote users to rewrite diary entries if 'direct mode' is enabled in version 2.00 and earlier, and Lite 0.8 and earlier. + /fcgi-bin/webif.cgi: HNS's webif.cgi is vulnerable to allow remote users to rewrite diary entries if 'direct mode' is enabled in version 2.00 and earlier, and Lite 0.8 and earlier. + /cgi-perl/webif.cgi: HNS's webif.cgi is vulnerable to allow remote users to rewrite diary entries if 'direct mode' is enabled in version 2.00 and earlier, and Lite 0.8 and earlier. + /admin/login.php?action=insert&username=test&password=test: phpAuction may allow user admin accounts to be inserted without proper authentication. Attempt to log in with user 'test' password 'test' to verify. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0995 + /cgi.cgi/.cobalt/siteUserMod/siteUserMod.cgi: Older versions of this CGI allow any user to change the administrator password. + /webcgi/.cobalt/siteUserMod/siteUserMod.cgi: Older versions of this CGI allow any user to change the administrator password. + /cgi/.cobalt/siteUserMod/siteUserMod.cgi: Older versions of this CGI allow any user to change the administrator password. + /scripts/.cobalt/siteUserMod/siteUserMod.cgi: Older versions of this CGI allow any user to change the administrator password. + /fcgi-bin/.cobalt/siteUserMod/siteUserMod.cgi: Older versions of this CGI allow any user to change the administrator password. + /cgi-perl/.cobalt/siteUserMod/siteUserMod.cgi: Older versions of this CGI allow any user to change the administrator password. + /webcgi/webdriver: This CGI often allows anyone to access the Informix DB on the host. + /cgibin/webdriver: This CGI often allows anyone to access the Informix DB on the host. + /scripts/webdriver: This CGI often allows anyone to access the Informix DB on the host. + /fcgi-bin/webdriver: This CGI often allows anyone to access the Informix DB on the host. + /cgi.cgi/c32web.exe/ChangeAdminPassword: This CGI may contain a backdoor and may allow attackers to change the Cart32 admin password. + /webcgi/c32web.exe/ChangeAdminPassword: This CGI may contain a backdoor and may allow attackers to change the Cart32 admin password. + /cgis/c32web.exe/ChangeAdminPassword: This CGI may contain a backdoor and may allow attackers to change the Cart32 admin password. + /scripts/c32web.exe/ChangeAdminPassword: This CGI may contain a backdoor and may allow attackers to change the Cart32 admin password. + /fcgi-bin/c32web.exe/ChangeAdminPassword: This CGI may contain a backdoor and may allow attackers to change the Cart32 admin password. + /cgi.cgi/cgi-lib.pl: CGI Library. If retrieved check to see if it is outdated, it may have vulns. + /mpcgi/cgi-lib.pl: CGI Library. If retrieved check to see if it is outdated, it may have vulns. + /cgis/cgi-lib.pl: CGI Library. If retrieved check to see if it is outdated, it may have vulns. + /cgi-perl/cgi-lib.pl: CGI Library. If retrieved check to see if it is outdated, it may have vulns. + /cgi.cgi/log/nether-log.pl?checkit: Default Pass: nethernet-rules. + /mpcgi/log/nether-log.pl?checkit: Default Pass: nethernet-rules. + /cgis/log/nether-log.pl?checkit: Default Pass: nethernet-rules. + /cgi-perl/log/nether-log.pl?checkit: Default Pass: nethernet-rules. + /cgi.cgi/mini_logger.cgi: Default password: guest. + /mpcgi/mini_logger.cgi: Default password: guest. + /cgibin/mini_logger.cgi: Default password: guest. + /scripts/mini_logger.cgi: Default password: guest. + /fcgi-bin/mini_logger.cgi: Default password: guest. + Scan terminated: 0 error(s) and 759 item(s) reported on remote host + End Time: 2024-04-20 15:25:26 (GMT-4) (61 seconds) --------------------------------------------------------------------------- + 1 host(s) tested