- Nikto v2.6.0
---------------------------------------------------------------------------
+ Your Nikto installation is out of date.
+ Target IP:          66.248.241.5
+ Target Hostname:    ucms.edu.pk
+ Target Port:        80
+ Platform:           Unknown
+ Start Time:         2026-03-13 12:47:07 (GMT-4)
---------------------------------------------------------------------------
+ Server: Apache
+ No CGI Directories found (use '-C all' to force check all possible dirs). CGI tests skipped.
+ [013587] /: Suggested security header missing: x-content-type-options. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
+ [013587] /: Suggested security header missing: content-security-policy. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
+ [013587] /: Suggested security header missing: strict-transport-security. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
+ [013587] /: Suggested security header missing: permissions-policy. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy
+ [013587] /: Suggested security header missing: referrer-policy. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
+ [000777] /user.php?op=confirmnewuser&module=NS-NewUser&uNikto=%22%3E%3Cimg%20src=%22javascript:alert(document.cookie);%22%3E&email=test@test.com: Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS).
+ [003352] /iissamples/exair/howitworks/Code.asp: Scripts within the Exair package on IIS 4 can be used for a DoS against the server. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0449
+ [003353] /iissamples/exair/howitworks/Codebrw1.asp: This is a default IIS script/file which should be removed, it may allow a DoS against the server. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0449 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2099/MS99-013
+ [003358] /globals.jsa: Oracle globals.jsa file. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0562
+ [003361] /..%252f..%252f..%252f..%252f..%252f../windows/repair/sam: BadBlue server is vulnerable to multiple remote exploits. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0325
+ [003362] /..%252f..%252f..%252f..%252f..%252f../winnt/repair/sam: BadBlue server is vulnerable to multiple remote exploits. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0325
+ [003363] /..%252f..%252f..%252f..%252f..%252f../winnt/repair/sam._: BadBlue server is vulnerable to multiple remote exploits. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0325
+ [003364] /..%255c..%255c..%255c..%255c..%255c../windows/repair/sam: BadBlue server is vulnerable to multiple remote exploits. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0325
+ [003365] /..%255c..%255c..%255c..%255c..%255c../winnt/repair/sam: BadBlue server is vulnerable to multiple remote exploits. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0325
+ [003366] /..%255c..%255c..%255c..%255c..%255c../winnt/repair/sam._: BadBlue server is vulnerable to multiple remote exploits. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0325
+ [003367] /..%2F..%2F..%2F..%2F..%2F../windows/repair/sam: BadBlue server is vulnerable to multiple remote exploits. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0325
+ [003368] /..%2F..%2F..%2F..%2F..%2F../winnt/repair/sam: BadBlue server is vulnerable to multiple remote exploits. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0325
+ [003369] /..%2F..%2F..%2F..%2F..%2F../winnt/repair/sam._: BadBlue server is vulnerable to multiple remote exploits. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0325
+ [003380] /iissamples/sdk/asp/docs/CodeBrws.asp?Source=/IISSAMPLES/%c0%ae%c0%ae/default.asp: IIS may be vulnerable to source code viewing via the example CodeBrws.asp file. Remove all default files from the web root. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0739 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2099/MS99-013
+ [003385] /pass_done.php: PY-Membres 4.2 may allow users to execute a query which generates a list of usernames and passwords. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1198
+ [003386] /admin/admin.php?adminpy=1: PY-Membres 4.2 may allow administrator access. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1198
+ Scan terminated: 0 errors and 21 items reported on the remote host
+ End Time:           2026-03-13 12:48:08 (GMT-4) (61 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested