- Nikto 
---------------------------------------------------------------------------
+ Multiple IPs found: 172.67.73.252, 104.26.13.129, 104.26.12.129, 2606:4700:20::681a:c81, 2606:4700:20::ac43:49fc, 2606:4700:20::681a:d81
+ Target IP:          172.67.73.252
+ Target Hostname:    sms24h.org
+ Target Port:        80
+ Start Time:         2024-11-05 13:51:23 (GMT-5)
---------------------------------------------------------------------------
+ Server: cloudflare
+ /: Uncommon header 'server-timing' found, with contents: cfL4;desc="?proto=TCP&rtt=1430&sent=8&recv=8&lost=0&retrans=0&sent_bytes=7251&recv_bytes=567&delivery_rate=5810593&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0".
+ All CGI directories 'found', use '-C none' to test none
+ /cgi.cgi/cart32.exe: request cart32.exe/cart32clientlist.
+ /webcgi/cart32.exe: request cart32.exe/cart32clientlist.
+ /cgi-915/cart32.exe: request cart32.exe/cart32clientlist.
+ /bin/cart32.exe: request cart32.exe/cart32clientlist.
+ /ows-bin/cart32.exe: request cart32.exe/cart32clientlist.
+ /cgi-sys/cart32.exe: request cart32.exe/cart32clientlist.
+ /cgi-local/cart32.exe: request cart32.exe/cart32clientlist.
+ /htbin/cart32.exe: request cart32.exe/cart32clientlist.
+ /cgibin/cart32.exe: request cart32.exe/cart32clientlist.
+ /cgis/cart32.exe: request cart32.exe/cart32clientlist.
+ /fcgi-bin/cart32.exe: request cart32.exe/cart32clientlist.
+ /cgi-perl/cart32.exe: request cart32.exe/cart32clientlist.
+ /webcgi/classified.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-915/classified.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /bin/classified.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /mpcgi/classified.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-bin/classified.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-local/classified.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgibin/classified.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-win/classified.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-exe/classified.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /scgi-bin/classified.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-bin-sdb/classified.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /webcgi/download.cgi: Check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-914/download.cgi: Check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-915/download.cgi: Check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article
+ /bin/download.cgi: Check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi/download.cgi: Check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article
+ /mpcgi/download.cgi: Check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-bin/download.cgi: Check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article
+ /ows-bin/download.cgi: Check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article
+ /htbin/download.cgi: Check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgis/download.cgi: Check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-win/download.cgi: Check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article
+ /fcgi-bin/download.cgi: Check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-exe/download.cgi: Check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-home/download.cgi: Check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article
+ /scgi-bin/download.cgi: Check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi.cgi/flexform.cgi: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /webcgi/flexform.cgi: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /mpcgi/flexform.cgi: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /ows-bin/flexform.cgi: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /cgi-sys/flexform.cgi: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /htbin/flexform.cgi: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /cgibin/flexform.cgi: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /cgi-win/flexform.cgi: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /fcgi-bin/flexform.cgi: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /cgi-exe/flexform.cgi: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /cgi-home/flexform.cgi: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /cgi-perl/flexform.cgi: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /cgi.cgi/lwgate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-915/lwgate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi/lwgate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /ows-bin/lwgate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-local/lwgate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgibin/lwgate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgis/lwgate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-exe/lwgate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-perl/lwgate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /scgi-bin/lwgate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-bin-sdb/lwgate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-mod/lwgate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /webcgi/LWGate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-914/LWGate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-915/LWGate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-bin/LWGate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /ows-bin/LWGate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-sys/LWGate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgibin/LWGate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgis/LWGate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /scripts/LWGate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-win/LWGate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /fcgi-bin/LWGate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-exe/LWGate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-perl/LWGate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-mod/LWGate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /bin/perlshop.cgi: v3.1 by ARPAnet.com; check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article
+ /mpcgi/perlshop.cgi: v3.1 by ARPAnet.com; check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-exe/perlshop.cgi: v3.1 by ARPAnet.com; check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-home/perlshop.cgi: v3.1 by ARPAnet.com; check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-perl/perlshop.cgi: v3.1 by ARPAnet.com; check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-bin-sdb/perlshop.cgi: v3.1 by ARPAnet.com; check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article
+ /tiki/tiki-install.php: Tiki 1.7.2 and previous allowed restricted Wiki pages to be viewed via a 'URL trick'. Default login/pass could be admin/admin.
+ /_vti_bin/shtml.exe: Attackers may be able to crash FrontPage by requesting a DOS device, like shtml.exe/aux.htm -- a DoS was not attempted. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0709
+ /bin/handler.cgi: Variation of Irix Handler? Has been seen from other CGI scanners.
+ /mpcgi/handler.cgi: Variation of Irix Handler? Has been seen from other CGI scanners.
+ /cgi-bin/handler.cgi: Variation of Irix Handler? Has been seen from other CGI scanners.
+ /scripts/handler.cgi: Variation of Irix Handler? Has been seen from other CGI scanners.
+ /cgi-win/handler.cgi: Variation of Irix Handler? Has been seen from other CGI scanners.
+ /fcgi-bin/handler.cgi: Variation of Irix Handler? Has been seen from other CGI scanners.
+ /cgi-perl/handler.cgi: Variation of Irix Handler? Has been seen from other CGI scanners.
+ /cgi-mod/handler.cgi: Variation of Irix Handler? Has been seen from other CGI scanners.
+ /cgi.cgi/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /webcgi/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /cgi-915/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /bin/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /mpcgi/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /cgi-bin/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /ows-bin/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /cgi-sys/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /htbin/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /cgis/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /scripts/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /cgi-win/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /cgi-home/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /cgi-perl/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /scgi-bin/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /cgi-914/gm-authors.cgi: GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /cgi-bin/gm-authors.cgi: GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /cgi-local/gm-authors.cgi: GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /htbin/gm-authors.cgi: GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /cgis/gm-authors.cgi: GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /scripts/gm-authors.cgi: GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /cgi-win/gm-authors.cgi: GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /cgi-exe/gm-authors.cgi: GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /cgi-home/gm-authors.cgi: GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /cgi-perl/gm-authors.cgi: GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /scgi-bin/gm-authors.cgi: GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /webcgi/photo/protected/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems.
+ /cgi-914/photo/protected/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems.
+ /bin/photo/protected/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems.
+ /cgi-bin/photo/protected/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems.
+ /cgi-local/photo/protected/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems.
+ /htbin/photo/protected/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems.
+ /cgibin/photo/protected/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems.
+ /cgis/photo/protected/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems.
+ /cgi-win/photo/protected/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems.
+ /fcgi-bin/photo/protected/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems.
+ /cgi-exe/photo/protected/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems.
+ /cgi-home/photo/protected/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems.
+ /cgi-perl/photo/protected/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems.
+ /cgi.cgi/wrap.cgi: Allows viewing of directories.
+ /cgi-914/wrap.cgi: Allows viewing of directories.
+ /cgi-915/wrap.cgi: Allows viewing of directories.
+ /cgi-sys/wrap.cgi: Allows viewing of directories.
+ /cgi-local/wrap.cgi: Allows viewing of directories.
+ /htbin/wrap.cgi: Allows viewing of directories.
+ /cgibin/wrap.cgi: Allows viewing of directories.
+ /cgi-win/wrap.cgi: Allows viewing of directories.
+ /fcgi-bin/wrap.cgi: Allows viewing of directories.
+ /scgi-bin/wrap.cgi: Allows viewing of directories.
+ /cgi-bin-sdb/wrap.cgi: Allows viewing of directories.
+ /cgi-mod/wrap.cgi: Allows viewing of directories.
+ /forums//admin/config.php: PHP Config file may contain database IDs and passwords.
+ /forums/config.php: PHP Config file may contain database IDs and passwords.
+ /hola/admin/cms/htmltags.php?datei=./sec/data.php: hola-cms-1.2.9-10 may reveal the administrator ID and password. See: https://vulners.com/exploitdb/EDB-ID:23027
+ /global.inc: PHP-Survey's include file should not be available via the web. Configure the web server to ignore .inc files or change this to global.inc.php. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0614
+ /inc/common.load.php: Bookmark4U v1.8.3 include files are not protected and may contain remote source injection by using the 'prefix' variable. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1253
+ /inc/config.php: Bookmark4U v1.8.3 include files are not protected and may contain remote source injection by using the 'prefix' variable. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1253
+ /cgi.cgi/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgi-915/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /mpcgi/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgi-sys/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgibin/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgis/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /scripts/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgi-exe/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgi-home/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgi-bin-sdb/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgi-mod/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgi-914/html2chtml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /cgi/html2chtml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /mpcgi/html2chtml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /cgi-sys/html2chtml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /cgi-local/html2chtml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /htbin/html2chtml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /cgi-exe/html2chtml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /cgi-home/html2chtml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /scgi-bin/html2chtml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /webcgi/html2wml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /cgi-914/html2wml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /cgi-915/html2wml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /cgi/html2wml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /mpcgi/html2wml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /ows-bin/html2wml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /cgi-sys/html2wml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /htbin/html2wml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /fcgi-bin/html2wml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /cgi-exe/html2wml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /cgi-bin-sdb/html2wml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /webcgi/guestbook.cgi: May allow attackers to execute commands as the web daemon.
+ /mpcgi/guestbook.cgi: May allow attackers to execute commands as the web daemon.
+ /cgi-bin/guestbook.cgi: May allow attackers to execute commands as the web daemon.
+ /htbin/guestbook.cgi: May allow attackers to execute commands as the web daemon.
+ /scripts/guestbook.cgi: May allow attackers to execute commands as the web daemon.
+ /cgi-win/guestbook.cgi: May allow attackers to execute commands as the web daemon.
+ /cgi-exe/guestbook.cgi: May allow attackers to execute commands as the web daemon.
+ /scgi-bin/guestbook.cgi: May allow attackers to execute commands as the web daemon.
+ /gb/index.php?login=true: gBook may allow admin login by setting the value 'login' equal to 'true'. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1560
+ /guestbook/admin.php: Guestbook admin page available without authentication.
+ /cgi-915/gH.cgi: Web backdoor by gH.
+ /mpcgi/gH.cgi: Web backdoor by gH.
+ /ows-bin/gH.cgi: Web backdoor by gH.
+ /cgi-local/gH.cgi: Web backdoor by gH.
+ /cgibin/gH.cgi: Web backdoor by gH.
+ /scripts/gH.cgi: Web backdoor by gH.
+ /cgi-win/gH.cgi: Web backdoor by gH.
+ /fcgi-bin/gH.cgi: Web backdoor by gH.
+ /cgi-exe/gH.cgi: Web backdoor by gH.
+ /cgi-home/gH.cgi: Web backdoor by gH.
+ /cgi-mod/gH.cgi: Web backdoor by gH.
+ /cgi.cgi/gm-cplog.cgi: GreyMatter log file defaults to mode 666 and contains login and passwords used to update the GM site. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /webcgi/gm-cplog.cgi: GreyMatter log file defaults to mode 666 and contains login and passwords used to update the GM site. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /bin/gm-cplog.cgi: GreyMatter log file defaults to mode 666 and contains login and passwords used to update the GM site. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /cgi/gm-cplog.cgi: GreyMatter log file defaults to mode 666 and contains login and passwords used to update the GM site. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /cgi-sys/gm-cplog.cgi: GreyMatter log file defaults to mode 666 and contains login and passwords used to update the GM site. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /htbin/gm-cplog.cgi: GreyMatter log file defaults to mode 666 and contains login and passwords used to update the GM site. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /cgi-win/gm-cplog.cgi: GreyMatter log file defaults to mode 666 and contains login and passwords used to update the GM site. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /fcgi-bin/gm-cplog.cgi: GreyMatter log file defaults to mode 666 and contains login and passwords used to update the GM site. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /scgi-bin/gm-cplog.cgi: GreyMatter log file defaults to mode 666 and contains login and passwords used to update the GM site. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /cgi-bin-sdb/gm-cplog.cgi: GreyMatter log file defaults to mode 666 and contains login and passwords used to update the GM site. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /cgi-914/gm.cgi: GreyMatter blogger may reveal user IDs/passwords through a gmrightclick-######.reg files (# are numbers), possibly in /archive or other archive location. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /ows-bin/gm.cgi: GreyMatter blogger may reveal user IDs/passwords through a gmrightclick-######.reg files (# are numbers), possibly in /archive or other archive location. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /cgi-sys/gm.cgi: GreyMatter blogger may reveal user IDs/passwords through a gmrightclick-######.reg files (# are numbers), possibly in /archive or other archive location. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /cgi-local/gm.cgi: GreyMatter blogger may reveal user IDs/passwords through a gmrightclick-######.reg files (# are numbers), possibly in /archive or other archive location. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /cgis/gm.cgi: GreyMatter blogger may reveal user IDs/passwords through a gmrightclick-######.reg files (# are numbers), possibly in /archive or other archive location. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /scripts/gm.cgi: GreyMatter blogger may reveal user IDs/passwords through a gmrightclick-######.reg files (# are numbers), possibly in /archive or other archive location. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /cgi-perl/gm.cgi: GreyMatter blogger may reveal user IDs/passwords through a gmrightclick-######.reg files (# are numbers), possibly in /archive or other archive location. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /scgi-bin/gm.cgi: GreyMatter blogger may reveal user IDs/passwords through a gmrightclick-######.reg files (# are numbers), possibly in /archive or other archive location. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /cgi-mod/gm.cgi: GreyMatter blogger may reveal user IDs/passwords through a gmrightclick-######.reg files (# are numbers), possibly in /archive or other archive location. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /webcgi/AT-admin.cgi: Admin interface.
+ /cgi-914/AT-admin.cgi: Admin interface.
+ /cgi-915/AT-admin.cgi: Admin interface.
+ /bin/AT-admin.cgi: Admin interface.
+ /cgi/AT-admin.cgi: Admin interface.
+ /mpcgi/AT-admin.cgi: Admin interface.
+ /cgis/AT-admin.cgi: Admin interface.
+ /cgi-mod/AT-admin.cgi: Admin interface.
+ /cgi.cgi/mt-static/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /webcgi/mt-static/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /cgi-915/mt-static/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /cgi-bin/mt-static/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /ows-bin/mt-static/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /cgi-sys/mt-static/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /cgi-local/mt-static/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /htbin/mt-static/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /cgibin/mt-static/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /cgis/mt-static/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /fcgi-bin/mt-static/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /cgi-home/mt-static/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /cgi-bin-sdb/mt-static/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /cgi.cgi/mt/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /webcgi/mt/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /cgi-914/mt/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /cgi-915/mt/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /cgi/mt/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /mpcgi/mt/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /cgi-bin/mt/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /ows-bin/mt/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /htbin/mt/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /cgibin/mt/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /cgis/mt/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /cgi-win/mt/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /cgi-home/mt/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /cgi-perl/mt/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /scgi-bin/mt/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /cgi-bin-sdb/mt/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /cgi.cgi/banner.cgi: This CGI may allow attackers to read any file on the system.
+ /cgi-914/banner.cgi: This CGI may allow attackers to read any file on the system.
+ /cgi-915/banner.cgi: This CGI may allow attackers to read any file on the system.
+ /mpcgi/banner.cgi: This CGI may allow attackers to read any file on the system.
+ /cgi-sys/banner.cgi: This CGI may allow attackers to read any file on the system.
+ /cgibin/banner.cgi: This CGI may allow attackers to read any file on the system.
+ /cgis/banner.cgi: This CGI may allow attackers to read any file on the system.
+ /scripts/banner.cgi: This CGI may allow attackers to read any file on the system.
+ /cgi-win/banner.cgi: This CGI may allow attackers to read any file on the system.
+ /cgi-exe/banner.cgi: This CGI may allow attackers to read any file on the system.
+ /cgi-home/banner.cgi: This CGI may allow attackers to read any file on the system.
+ /cgi-perl/banner.cgi: This CGI may allow attackers to read any file on the system.
+ /cgi-bin-sdb/banner.cgi: This CGI may allow attackers to read any file on the system.
+ /cgi.cgi/bannereditor.cgi: This CGI may allow attackers to read any file on the system.
+ /webcgi/bannereditor.cgi: This CGI may allow attackers to read any file on the system.
+ /cgi-914/bannereditor.cgi: This CGI may allow attackers to read any file on the system.
+ /cgi-915/bannereditor.cgi: This CGI may allow attackers to read any file on the system.
+ /cgi/bannereditor.cgi: This CGI may allow attackers to read any file on the system.
+ /cgi-bin/bannereditor.cgi: This CGI may allow attackers to read any file on the system.
+ /cgi-sys/bannereditor.cgi: This CGI may allow attackers to read any file on the system.
+ /cgi-local/bannereditor.cgi: This CGI may allow attackers to read any file on the system.
+ /htbin/bannereditor.cgi: This CGI may allow attackers to read any file on the system.
+ /cgis/bannereditor.cgi: This CGI may allow attackers to read any file on the system.
+ /scripts/bannereditor.cgi: This CGI may allow attackers to read any file on the system.
+ /cgi-win/bannereditor.cgi: This CGI may allow attackers to read any file on the system.
+ /cgi-home/bannereditor.cgi: This CGI may allow attackers to read any file on the system.
+ /cgi-perl/bannereditor.cgi: This CGI may allow attackers to read any file on the system.
+ /cgi.cgi/bizdb1-search.cgi: This CGI may allow attackers to execute commands remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0287
+ /webcgi/bizdb1-search.cgi: This CGI may allow attackers to execute commands remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0287
+ /cgi-915/bizdb1-search.cgi: This CGI may allow attackers to execute commands remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0287
+ /bin/bizdb1-search.cgi: This CGI may allow attackers to execute commands remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0287
+ /cgi-sys/bizdb1-search.cgi: This CGI may allow attackers to execute commands remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0287
+ /htbin/bizdb1-search.cgi: This CGI may allow attackers to execute commands remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0287
+ /cgibin/bizdb1-search.cgi: This CGI may allow attackers to execute commands remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0287
+ /cgis/bizdb1-search.cgi: This CGI may allow attackers to execute commands remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0287
+ /scripts/bizdb1-search.cgi: This CGI may allow attackers to execute commands remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0287
+ /cgi-exe/bizdb1-search.cgi: This CGI may allow attackers to execute commands remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0287
+ /scgi-bin/bizdb1-search.cgi: This CGI may allow attackers to execute commands remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0287
+ /webcgi/blog/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
+ /cgi-914/blog/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
+ /cgi-915/blog/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
+ /bin/blog/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
+ /cgi/blog/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
+ /cgi-bin/blog/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
+ /cgibin/blog/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
+ /cgi-exe/blog/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
+ /cgi-home/blog/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
+ /cgi-perl/blog/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
+ /scgi-bin/blog/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
+ /cgi-bin-sdb/blog/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
+ /cgi-mod/blog/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
+ /scripts/iisadmin/bdir.htr: This default script shows host info, may allow file browsing and buffer a overrun in the Chunked Encoding data transfer mechanism, request /scripts/iisadmin/bdir.htr??c:\<dir>. See: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/MS02-028
+ /blah_badfile.shtml: Allaire ColdFusion allows JSP source viewed through a vulnerable SSI call.
+ /cgi.cgi/moin.cgi?test: MoinMoin 1.1 and prior contain at least two XSS vulnerabilities. Version 1.0 and prior also contains a XSLT related vulnerability. See: http://moinmo.in/MoinMoinDownload
+ /webcgi/moin.cgi?test: MoinMoin 1.1 and prior contain at least two XSS vulnerabilities. Version 1.0 and prior also contains a XSLT related vulnerability. See: http://moinmo.in/MoinMoinDownload
+ /cgi-914/moin.cgi?test: MoinMoin 1.1 and prior contain at least two XSS vulnerabilities. Version 1.0 and prior also contains a XSLT related vulnerability. See: http://moinmo.in/MoinMoinDownload
+ /bin/moin.cgi?test: MoinMoin 1.1 and prior contain at least two XSS vulnerabilities. Version 1.0 and prior also contains a XSLT related vulnerability. See: http://moinmo.in/MoinMoinDownload
+ /cgi/moin.cgi?test: MoinMoin 1.1 and prior contain at least two XSS vulnerabilities. Version 1.0 and prior also contains a XSLT related vulnerability. See: http://moinmo.in/MoinMoinDownload
+ /mpcgi/moin.cgi?test: MoinMoin 1.1 and prior contain at least two XSS vulnerabilities. Version 1.0 and prior also contains a XSLT related vulnerability. See: http://moinmo.in/MoinMoinDownload
+ /cgi-bin/moin.cgi?test: MoinMoin 1.1 and prior contain at least two XSS vulnerabilities. Version 1.0 and prior also contains a XSLT related vulnerability. See: http://moinmo.in/MoinMoinDownload
+ /cgi-sys/moin.cgi?test: MoinMoin 1.1 and prior contain at least two XSS vulnerabilities. Version 1.0 and prior also contains a XSLT related vulnerability. See: http://moinmo.in/MoinMoinDownload
+ /cgi-local/moin.cgi?test: MoinMoin 1.1 and prior contain at least two XSS vulnerabilities. Version 1.0 and prior also contains a XSLT related vulnerability. See: http://moinmo.in/MoinMoinDownload
+ /cgi-win/moin.cgi?test: MoinMoin 1.1 and prior contain at least two XSS vulnerabilities. Version 1.0 and prior also contains a XSLT related vulnerability. See: http://moinmo.in/MoinMoinDownload
+ /fcgi-bin/moin.cgi?test: MoinMoin 1.1 and prior contain at least two XSS vulnerabilities. Version 1.0 and prior also contains a XSLT related vulnerability. See: http://moinmo.in/MoinMoinDownload
+ /cgi-home/moin.cgi?test: MoinMoin 1.1 and prior contain at least two XSS vulnerabilities. Version 1.0 and prior also contains a XSLT related vulnerability. See: http://moinmo.in/MoinMoinDownload
+ /scgi-bin/moin.cgi?test: MoinMoin 1.1 and prior contain at least two XSS vulnerabilities. Version 1.0 and prior also contains a XSLT related vulnerability. See: http://moinmo.in/MoinMoinDownload
+ /cgi-bin-sdb/moin.cgi?test: MoinMoin 1.1 and prior contain at least two XSS vulnerabilities. Version 1.0 and prior also contains a XSLT related vulnerability. See: http://moinmo.in/MoinMoinDownload
+ /cgi-mod/moin.cgi?test: MoinMoin 1.1 and prior contain at least two XSS vulnerabilities. Version 1.0 and prior also contains a XSLT related vulnerability. See: http://moinmo.in/MoinMoinDownload
+ /cartcart.cgi: If this is Dansie Shopping Cart 3.0.8 or earlier, it contains a backdoor to allow attackers to execute arbitrary commands.
+ /readme.eml: Remote server may be infected with the Nimda virus.
+ /scripts/httpodbc.dll: Possible IIS backdoor found.
+ /scripts/proxy/w3proxy.dll: MSProxy v1.0 installed.
+ /PDG_Cart/order.log: PDG Commerce log found. See: http://zodi.com/cgi-bin/shopper.cgi?display=intro&template=Intro/commerce.html
+ /officescan/cgi/cgiChkMasterPwd.exe: Trend Micro Officescan allows you to skip the login page and access some CGI programs directly. See: https://web.archive.org/web/20030607054822/http://support.microsoft.com/support/exchange/content/whitepapers/owaguide.doc
+ /webcgi/astrocam.cgi: Astrocam 1.4.1 contained buffer overflow. Prior to 2.1.3 contained unspecified security bugs. See: http://www.securityfocus.com/bid/4684
+ /cgi-915/astrocam.cgi: Astrocam 1.4.1 contained buffer overflow. Prior to 2.1.3 contained unspecified security bugs. See: http://www.securityfocus.com/bid/4684
+ /bin/astrocam.cgi: Astrocam 1.4.1 contained buffer overflow. Prior to 2.1.3 contained unspecified security bugs. See: http://www.securityfocus.com/bid/4684
+ /cgi/astrocam.cgi: Astrocam 1.4.1 contained buffer overflow. Prior to 2.1.3 contained unspecified security bugs. See: http://www.securityfocus.com/bid/4684
+ /cgi-bin/astrocam.cgi: Astrocam 1.4.1 contained buffer overflow. Prior to 2.1.3 contained unspecified security bugs. See: http://www.securityfocus.com/bid/4684
+ /ows-bin/astrocam.cgi: Astrocam 1.4.1 contained buffer overflow. Prior to 2.1.3 contained unspecified security bugs. See: http://www.securityfocus.com/bid/4684
+ /htbin/astrocam.cgi: Astrocam 1.4.1 contained buffer overflow. Prior to 2.1.3 contained unspecified security bugs. See: http://www.securityfocus.com/bid/4684
+ /cgibin/astrocam.cgi: Astrocam 1.4.1 contained buffer overflow. Prior to 2.1.3 contained unspecified security bugs. See: http://www.securityfocus.com/bid/4684
+ /cgis/astrocam.cgi: Astrocam 1.4.1 contained buffer overflow. Prior to 2.1.3 contained unspecified security bugs. See: http://www.securityfocus.com/bid/4684
+ /scripts/astrocam.cgi: Astrocam 1.4.1 contained buffer overflow. Prior to 2.1.3 contained unspecified security bugs. See: http://www.securityfocus.com/bid/4684
+ /cgi-win/astrocam.cgi: Astrocam 1.4.1 contained buffer overflow. Prior to 2.1.3 contained unspecified security bugs. See: http://www.securityfocus.com/bid/4684
+ /fcgi-bin/astrocam.cgi: Astrocam 1.4.1 contained buffer overflow. Prior to 2.1.3 contained unspecified security bugs. See: http://www.securityfocus.com/bid/4684
+ /cgi-exe/astrocam.cgi: Astrocam 1.4.1 contained buffer overflow. Prior to 2.1.3 contained unspecified security bugs. See: http://www.securityfocus.com/bid/4684
+ /cgi-home/astrocam.cgi: Astrocam 1.4.1 contained buffer overflow. Prior to 2.1.3 contained unspecified security bugs. See: http://www.securityfocus.com/bid/4684
+ /scgi-bin/astrocam.cgi: Astrocam 1.4.1 contained buffer overflow. Prior to 2.1.3 contained unspecified security bugs. See: http://www.securityfocus.com/bid/4684
+ /cgi.cgi/badmin.cgi: BannerWheel v1.0 is vulnerable to a local buffer overflow. If this is version 1.0 it should be upgraded.
+ /webcgi/badmin.cgi: BannerWheel v1.0 is vulnerable to a local buffer overflow. If this is version 1.0 it should be upgraded.
+ /cgi-914/badmin.cgi: BannerWheel v1.0 is vulnerable to a local buffer overflow. If this is version 1.0 it should be upgraded.
+ /cgi-915/badmin.cgi: BannerWheel v1.0 is vulnerable to a local buffer overflow. If this is version 1.0 it should be upgraded.
+ /bin/badmin.cgi: BannerWheel v1.0 is vulnerable to a local buffer overflow. If this is version 1.0 it should be upgraded.
+ /cgi/badmin.cgi: BannerWheel v1.0 is vulnerable to a local buffer overflow. If this is version 1.0 it should be upgraded.
+ /mpcgi/badmin.cgi: BannerWheel v1.0 is vulnerable to a local buffer overflow. If this is version 1.0 it should be upgraded.
+ /cgi-bin/badmin.cgi: BannerWheel v1.0 is vulnerable to a local buffer overflow. If this is version 1.0 it should be upgraded.
+ /cgi-local/badmin.cgi: BannerWheel v1.0 is vulnerable to a local buffer overflow. If this is version 1.0 it should be upgraded.
+ /cgibin/badmin.cgi: BannerWheel v1.0 is vulnerable to a local buffer overflow. If this is version 1.0 it should be upgraded.
+ /cgi-win/badmin.cgi: BannerWheel v1.0 is vulnerable to a local buffer overflow. If this is version 1.0 it should be upgraded.
+ /fcgi-bin/badmin.cgi: BannerWheel v1.0 is vulnerable to a local buffer overflow. If this is version 1.0 it should be upgraded.
+ /cgi-exe/badmin.cgi: BannerWheel v1.0 is vulnerable to a local buffer overflow. If this is version 1.0 it should be upgraded.
+ /cgi-home/badmin.cgi: BannerWheel v1.0 is vulnerable to a local buffer overflow. If this is version 1.0 it should be upgraded.
+ /cgi-perl/badmin.cgi: BannerWheel v1.0 is vulnerable to a local buffer overflow. If this is version 1.0 it should be upgraded.
+ /scgi-bin/badmin.cgi: BannerWheel v1.0 is vulnerable to a local buffer overflow. If this is version 1.0 it should be upgraded.
+ /cgi-bin-sdb/badmin.cgi: BannerWheel v1.0 is vulnerable to a local buffer overflow. If this is version 1.0 it should be upgraded.
+ /cgi-915/boozt/admin/index.cgi?section=5&input=1: Boozt CGI may have a buffer overflow. Upgrade to a version newer than 0.9.8alpha. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0098
+ /bin/boozt/admin/index.cgi?section=5&input=1: Boozt CGI may have a buffer overflow. Upgrade to a version newer than 0.9.8alpha. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0098
+ /cgi-bin/boozt/admin/index.cgi?section=5&input=1: Boozt CGI may have a buffer overflow. Upgrade to a version newer than 0.9.8alpha. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0098
+ /cgi-sys/boozt/admin/index.cgi?section=5&input=1: Boozt CGI may have a buffer overflow. Upgrade to a version newer than 0.9.8alpha. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0098
+ /cgi-local/boozt/admin/index.cgi?section=5&input=1: Boozt CGI may have a buffer overflow. Upgrade to a version newer than 0.9.8alpha. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0098
+ /cgis/boozt/admin/index.cgi?section=5&input=1: Boozt CGI may have a buffer overflow. Upgrade to a version newer than 0.9.8alpha. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0098
+ /scripts/boozt/admin/index.cgi?section=5&input=1: Boozt CGI may have a buffer overflow. Upgrade to a version newer than 0.9.8alpha. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0098
+ /cgi-win/boozt/admin/index.cgi?section=5&input=1: Boozt CGI may have a buffer overflow. Upgrade to a version newer than 0.9.8alpha. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0098
+ /fcgi-bin/boozt/admin/index.cgi?section=5&input=1: Boozt CGI may have a buffer overflow. Upgrade to a version newer than 0.9.8alpha. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0098
+ /scgi-bin/boozt/admin/index.cgi?section=5&input=1: Boozt CGI may have a buffer overflow. Upgrade to a version newer than 0.9.8alpha. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0098
+ /cgi.cgi/ezadmin.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /webcgi/ezadmin.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /cgi-914/ezadmin.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /bin/ezadmin.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /mpcgi/ezadmin.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /cgi-bin/ezadmin.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /ows-bin/ezadmin.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /cgi-local/ezadmin.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /htbin/ezadmin.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /cgis/ezadmin.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /scripts/ezadmin.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /cgi-home/ezadmin.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /scgi-bin/ezadmin.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /bin/ezboard.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /mpcgi/ezboard.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /cgi-local/ezboard.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /htbin/ezboard.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /cgis/ezboard.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /scripts/ezboard.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /cgi-home/ezboard.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /cgi-perl/ezboard.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /scgi-bin/ezboard.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /cgi-bin-sdb/ezboard.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /cgi-mod/ezboard.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /cgi.cgi/ezman.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /webcgi/ezman.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /cgi-914/ezman.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /bin/ezman.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /cgi-bin/ezman.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /ows-bin/ezman.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /cgi-sys/ezman.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /htbin/ezman.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /cgis/ezman.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /scripts/ezman.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /cgi-win/ezman.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /fcgi-bin/ezman.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /scgi-bin/ezman.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /cgi.cgi/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-914/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-915/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /ows-bin/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /htbin/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgibin/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgis/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-win/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-exe/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-home/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /bin/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-local/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgibin/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgis/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-win/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-exe/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-home/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /scgi-bin/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-bin-sdb/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /mpcgi/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /cgi-bin/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /ows-bin/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /cgi-local/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /cgibin/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /scripts/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /fcgi-bin/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /cgi-exe/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /cgi-home/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /scgi-bin/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /cgi-bin-sdb/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /cgi-mod/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /pbserver/pbserver.dll: This may contain a buffer overflow. See: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/MS00-094
+ /administrator/gallery/uploadimage.php: Mambo PHP Portal/Server 4.0.12 BETA and below may allow upload of any file type simply putting '.jpg' before the real file extension.
+ /pafiledb/includes/team/file.php: paFileDB 3.1 and below may allow file upload without authentication.
+ /phpEventCalendar/file_upload.php: phpEventCalendar 1.1 and prior are vulnerable to file upload bug.
+ /cgi.cgi/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /cgi-914/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /cgi/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /cgi-bin/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /cgi-local/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /htbin/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /scripts/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /scgi-bin/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /cgi-bin-sdb/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /scripts/cpshost.dll: Posting acceptor possibly allows you to upload files.
+ /wa.exe: An ASP page that allows attackers to upload files to server.
+ /webcgi/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /cgi-914/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /cgi-915/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /cgi/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /mpcgi/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /cgi-bin/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /ows-bin/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /cgi-local/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /htbin/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /cgibin/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /scripts/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /cgi-exe/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /cgi-home/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /mpcsoftweb_guestbook/database/mpcsoftweb_guestdata.mdb: MPCSoftWeb Guest Book passwords retrieved. See: https://www.exploit-db.com/exploits/22513
+ /shopping400.mdb: VP-ASP shopping cart application allows .mdb files (which may include customer data) to be downloaded via the web. These should not be available. See: https://securitytracker.com/id/1004382
+ /shoppingdirectory/midicart.mdb: MIDICART database is available for browsing. This should not be allowed via the web server. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1432
+ /adm/config.php: PHP Config file may contain database IDs and passwords.
+ /cgi.cgi/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /webcgi/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /cgi-914/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /cgi-915/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /cgi/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /ows-bin/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /cgibin/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /cgis/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /cgi-win/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /fcgi-bin/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /scgi-bin/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /contents.php?new_language=elvish&mode=select: Requesting a file with an invalid language selection from DC Portal may reveal the system path.
+ /cms/typo3conf/localconf.php: TYPO3 config file found.
+ /site/typo3conf/localconf.php: TYPO3 config file found.
+ /typo3/typo3conf/localconf.php: TYPO3 config file found.
+ Scan terminated: 0 error(s) and 490 item(s) reported on remote host
+ End Time:           2024-11-05 13:52:24 (GMT-5) (61 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested