- Nikto v2.5.0 --------------------------------------------------------------------------- + Multiple IPs found: 104.18.14.240, 104.18.15.240, 2606:4700::6812:ff0, 2606:4700::6812:ef0 + Target IP: 104.18.14.240 + Target Hostname: www.carrier411.com + Target Port: 80 + Start Time: 2024-06-12 16:57:05 (GMT-4) --------------------------------------------------------------------------- + Server: cloudflare + /: IP address found in the '__cf_bm' cookie. The IP is "1.0.1.1". + /: IP address found in the 'set-cookie' header. The IP is "1.0.1.1". See: https://portswigger.net/kb/issues/00600300_private-ip-addresses-disclosed + /: An alt-svc header was found which is advertising HTTP/3. The endpoint is: ':443'. Nikto cannot test HTTP/3 over QUIC. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/alt-svc + /webcgi/cart32.exe: request cart32.exe/cart32clientlist. + /cgi-914/cart32.exe: request cart32.exe/cart32clientlist. + /cgi-sys/cart32.exe: request cart32.exe/cart32clientlist. + /cgi-home/cart32.exe: request cart32.exe/cart32clientlist. + /scgi-bin/cart32.exe: request cart32.exe/cart32clientlist. + /cgi.cgi/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article + /cgi-914/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article + /bin/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article + /cgi/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article + /ows-bin/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article + /cgi-sys/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article + /cgi-mod/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article + /webcgi/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /cgi-914/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /bin/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /cgi/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /scripts/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /fcgi-bin/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /scgi-bin/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /cgi-bin-sdb/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /cgi-mod/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /webcgi/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /cgi/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /ows-bin/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /cgi-win/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /cgi-home/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /scgi-bin/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /cgi-bin-sdb/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /cgi-mod/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article + /_vti_bin/shtml.exe: Attackers may be able to crash FrontPage by requesting a DOS device, like shtml.exe/aux.htm -- a DoS was not attempted. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0709 + /webcgi/finger: finger other users, may be other commands?. + /cgi-914/finger: finger other users, may be other commands?. + /bin/finger: finger other users, may be other commands?. + /cgi-sys/finger: finger other users, may be other commands?. + /fcgi-bin/finger: finger other users, may be other commands?. + /cgi-home/finger: finger other users, may be other commands?. + /cgi-914/finger.pl: finger other users, may be other commands?. + /ows-bin/finger.pl: finger other users, may be other commands?. + /scripts/finger.pl: finger other users, may be other commands?. + /fcgi-bin/finger.pl: finger other users, may be other commands?. + /cgi-home/finger.pl: finger other users, may be other commands?. + /cgi-bin-sdb/finger.pl: finger other users, may be other commands?. + /cgi-mod/finger.pl: finger other users, may be other commands?. + /cgi.cgi/get32.exe: This can allow attackers to execute arbitrary commands remotely. + /webcgi/get32.exe: This can allow attackers to execute arbitrary commands remotely. + /cgi-914/get32.exe: This can allow attackers to execute arbitrary commands remotely. + /ows-bin/get32.exe: This can allow attackers to execute arbitrary commands remotely. + /fcgi-bin/get32.exe: This can allow attackers to execute arbitrary commands remotely. + /cgi-bin-sdb/get32.exe: This can allow attackers to execute arbitrary commands remotely. + /cgi-mod/get32.exe: This can allow attackers to execute arbitrary commands remotely. + /cgi.cgi/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file. + /webcgi/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file. + /cgi-914/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file. + /bin/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file. + /cgi-sys/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file. + /fcgi-bin/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file. + /cgi-home/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file. + /cgi-bin-sdb/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file. + /cgi-mod/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file. + /guestbook/guestbookdat: PHP-Gastebuch 1.60 Beta reveals sensitive information about its configuration. + /cgi.cgi/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory. + /cgi-914/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory. + /bin/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory. + /ows-bin/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory. + /scripts/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory. + /cgi-home/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory. + /cgi-mod/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory. + /cgi.cgi/guestbook.pl: May allow attackers to execute commands as the web daemon. + /cgi-914/guestbook.pl: May allow attackers to execute commands as the web daemon. + /bin/guestbook.pl: May allow attackers to execute commands as the web daemon. + /ows-bin/guestbook.pl: May allow attackers to execute commands as the web daemon. + /cgi-sys/guestbook.pl: May allow attackers to execute commands as the web daemon. + /cgi-bin-sdb/guestbook.pl: May allow attackers to execute commands as the web daemon. + /cgi.cgi/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory. + /bin/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory. + /cgi/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory. + /fcgi-bin/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory. + /cgi-home/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory. + /cgi-bin-sdb/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory. + /cgi-mod/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory. + /cgi.cgi/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands. + /webcgi/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands. + /cgi-914/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands. + /bin/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands. + /cgi/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands. + /ows-bin/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands. + /fcgi-bin/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands. + /cgi-home/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands. + /vgn/performance/TMT: Vignette CMS admin/maintenance script available. + /vgn/performance/TMT/Report: Vignette CMS admin/maintenance script available. + /vgn/performance/TMT/Report/XML: Vignette CMS admin/maintenance script available. + /vgn/performance/TMT/reset: Vignette CMS admin/maintenance script available. + /vgn/ppstats: Vignette CMS admin/maintenance script available. + /vgn/record/previewer: Vignette CMS admin/maintenance script available. + /vgn/vr/Deleting: Vignette CMS admin/maintenance script available. + /vgn/vr/Select: Vignette CMS admin/maintenance script available. + /vgn/style: Vignette server may reveal system information through this file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0401 + /clusterframe.jsp: Macromedia JRun 4 build 61650 remote administration interface is vulnerable to several XSS attacks. + /bb-dnbd/faxsurvey: This may allow arbitrary command execution. + /scripts/tools/dsnform.exe: Allows creation of ODBC Data Source. + /PDG_Cart/order.log: PDG Commerce log found. See: http://zodi.com/cgi-bin/shopper.cgi?display=intro&template=Intro/commerce.html + /ows/restricted%2eshow: OWS may allow restricted files to be viewed by replacing a character with its encoded equivalent. + /bin/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762 + /cgi/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762 + /ows-bin/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762 + /cgi-home/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762 + /scgi-bin/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762 + /cgi-mod/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762 + /cgi.cgi/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x. + /webcgi/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x. + /ows-bin/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x. + /fcgi-bin/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x. + /cgi-mod/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x. + /cgi-914/uploader.exe: This CGI allows attackers to upload files to the server and then execute them. + /bin/uploader.exe: This CGI allows attackers to upload files to the server and then execute them. + /cgi/uploader.exe: This CGI allows attackers to upload files to the server and then execute them. + /ows-bin/uploader.exe: This CGI allows attackers to upload files to the server and then execute them. + /cgi-sys/uploader.exe: This CGI allows attackers to upload files to the server and then execute them. + /fcgi-bin/uploader.exe: This CGI allows attackers to upload files to the server and then execute them. + /cgi-home/uploader.exe: This CGI allows attackers to upload files to the server and then execute them. + /cgi-mod/uploader.exe: This CGI allows attackers to upload files to the server and then execute them. + /cgi.cgi/fpsrvadm.exe: Potentially vulnerable CGI program. + /cgi-914/fpsrvadm.exe: Potentially vulnerable CGI program. + /bin/fpsrvadm.exe: Potentially vulnerable CGI program. + /cgi/fpsrvadm.exe: Potentially vulnerable CGI program. + /scripts/fpsrvadm.exe: Potentially vulnerable CGI program. + /cgi-win/fpsrvadm.exe: Potentially vulnerable CGI program. + /vgn/ac/edit: Vignette CMS admin/maintenance script available. + /vgn/ac/esave: Vignette CMS admin/maintenance script available. + /vgn/ac/fsave: Vignette CMS admin/maintenance script available. + /vgn/asp/MetaDataUpdate: Vignette CMS admin/maintenance script available. + /vgn/asp/previewer: Vignette CMS admin/maintenance script available. + /vgn/errors: Vignette CMS admin/maintenance script available. + /vgn/jsp/errorpage: Vignette CMS admin/maintenance script available. + /vgn/jsp/initialize: Vignette CMS admin/maintenance script available. + /vgn/jsp/jspstatus: Vignette CMS admin/maintenance script available. + /vgn/jsp/jspstatus56: Vignette CMS admin/maintenance script available. + /vgn/jsp/metadataupdate: Vignette CMS admin/maintenance script available. + /vgn/login: Vignette server may allow user enumeration based on the login attempts to this file. + /fpdb/shop.mdb: MetaCart2 is an ASP shopping cart. The database of customers is available via the web. See: https://packetstormsecurity.com/files/32406/xmas.txt.html + /MIDICART/midicart.mdb: MIDICART database is available for browsing. This should not be allowed via the web server. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1432 + /news/news.mdb: Web Wiz Site News release v3.06 admin password database is available and unencrypted. + /shopping300.mdb: VP-ASP shopping cart application allows .mdb files (which may include customer data) to be downloaded via the web. These should not be available. See: https://securitytracker.com/id/1004382 + /shopping400.mdb: VP-ASP shopping cart application allows .mdb files (which may include customer data) to be downloaded via the web. These should not be available. See: https://securitytracker.com/id/1004382 + /cgi.cgi/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL + /cgi-914/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL + /cgi/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL + /ows-bin/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL + /scripts/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL + /cgi-bin-sdb/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL + /vgn/license: Vignette server license file found. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0403 + /cgi/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528 + /ows-bin/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528 + /cgi-sys/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528 + /scripts/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528 + /fcgi-bin/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528 + /scgi-bin/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528 + /cgi-bin-sdb/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528 + /cgi-mod/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528 + /tvcs/getservers.exe?action=selects1: Following steps 2-4 of this page may reveal a zip file that contains passwords and system details. + /nsn/fdir.bas:ShowVolume: You can use ShowVolume and ShowDirectory directly on the Novell server (NW5.1) to view the filesystem without having to log in. + /forum/admin/database/wwForum.mdb: Web Wiz Forums pre 7.5 is vulnerable to Cross-Site Scripting attacks. Default login/pass is Administrator/letmein. + /webcgi/aglimpse: This CGI may allow attackers to execute remote commands. + /bin/aglimpse: This CGI may allow attackers to execute remote commands. + /ows-bin/aglimpse: This CGI may allow attackers to execute remote commands. + /scripts/aglimpse: This CGI may allow attackers to execute remote commands. + /cgi-win/aglimpse: This CGI may allow attackers to execute remote commands. + /fcgi-bin/aglimpse: This CGI may allow attackers to execute remote commands. + /servlet/SchedulerTransfer: PeopleSoft SchedulerTransfer servlet found, which may allow remote command execution. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0104 + /servlet/sunexamples.BBoardServlet: This default servlet lets attackers execute arbitrary commands. + /servlets/SchedulerTransfer: PeopleSoft SchedulerTransfer servlet found, which may allow remote command execution. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0104 + /webcgi/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands. + /cgi-914/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands. + /bin/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands. + /cgi/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands. + /cgi-win/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands. + /cgi-home/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands. + /scgi-bin/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands. + /cgi-914/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands. + /bin/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands. + /cgi/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands. + /ows-bin/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands. + /cgi-sys/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands. + /scripts/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands. + /cgi-win/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands. + /fcgi-bin/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands. + /cgi-home/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands. + /cgi-bin-sdb/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands. + /cgi.cgi/post32.exe|dir%20c:\\: post32 can execute arbitrary commands. + /bin/post32.exe|dir%20c:\\: post32 can execute arbitrary commands. + /cgi-sys/post32.exe|dir%20c:\\: post32 can execute arbitrary commands. + /cgi-home/post32.exe|dir%20c:\\: post32 can execute arbitrary commands. + /scgi-bin/post32.exe|dir%20c:\\: post32 can execute arbitrary commands. + /cgi-mod/post32.exe|dir%20c:\\: post32 can execute arbitrary commands. + /IDSWebApp/IDSjsp/Login.jsp: Tivoli Directory Server Web Administration. + /siteminder: This may be an indication that the server is running Siteminder for SSO. + /smg_Smxcfg30.exe?vcc=3560121183d3: This may be a Trend Micro Officescan 'backdoor'. + /nsn/..%5Cutil/chkvol.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server. + /nsn/..%5Cutil/del.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server. + /nsn/..%5Cutil/dir.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server. + /nsn/..%5Cutil/dsbrowse.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server. + /nsn/..%5Cutil/glist.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server. + /nsn/..%5Cutil/lancard.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server. + /nsn/..%5Cutil/rd.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server. + /nsn/..%5Cutil/ren.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server. + /nsn/..%5Cutil/set.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server. + /nsn/..%5Cutil/type.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server. + /nsn/..%5Cweb/fdir.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server. + /nsn/..%5Cwebdemo/fdir.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server. + /cgi.cgi/archie: Gateway to the unix command, may be able to submit extra commands. + /webcgi/archie: Gateway to the unix command, may be able to submit extra commands. + /bin/archie: Gateway to the unix command, may be able to submit extra commands. + /cgi/archie: Gateway to the unix command, may be able to submit extra commands. + /cgi-sys/archie: Gateway to the unix command, may be able to submit extra commands. + /fcgi-bin/archie: Gateway to the unix command, may be able to submit extra commands. + /cgi-mod/archie: Gateway to the unix command, may be able to submit extra commands. + /cgi.cgi/calendar.pl: Gateway to the unix command, may be able to submit extra commands. + /webcgi/calendar.pl: Gateway to the unix command, may be able to submit extra commands. + /cgi-914/calendar.pl: Gateway to the unix command, may be able to submit extra commands. + /bin/calendar.pl: Gateway to the unix command, may be able to submit extra commands. + /cgi/calendar.pl: Gateway to the unix command, may be able to submit extra commands. + /cgi-win/calendar.pl: Gateway to the unix command, may be able to submit extra commands. + /fcgi-bin/calendar.pl: Gateway to the unix command, may be able to submit extra commands. + /cgi-home/calendar.pl: Gateway to the unix command, may be able to submit extra commands. + /scgi-bin/calendar.pl: Gateway to the unix command, may be able to submit extra commands. + /cgi-mod/calendar.pl: Gateway to the unix command, may be able to submit extra commands. + /cgi-914/calendar: Gateway to the unix command, may be able to submit extra commands. + /bin/calendar: Gateway to the unix command, may be able to submit extra commands. + /scripts/calendar: Gateway to the unix command, may be able to submit extra commands. + /fcgi-bin/calendar: Gateway to the unix command, may be able to submit extra commands. + /cgi-home/calendar: Gateway to the unix command, may be able to submit extra commands. + /cgi.cgi/date: Gateway to the unix command, may be able to submit extra commands. + /webcgi/date: Gateway to the unix command, may be able to submit extra commands. + /cgi/date: Gateway to the unix command, may be able to submit extra commands. + /cgi-sys/date: Gateway to the unix command, may be able to submit extra commands. + /scripts/date: Gateway to the unix command, may be able to submit extra commands. + /cgi-win/date: Gateway to the unix command, may be able to submit extra commands. + /cgi-home/date: Gateway to the unix command, may be able to submit extra commands. + /cgi-bin-sdb/date: Gateway to the unix command, may be able to submit extra commands. + /cgi-mod/date: Gateway to the unix command, may be able to submit extra commands. + /cgi.cgi/fortune: Gateway to the unix command, may be able to submit extra commands. + /scripts/fortune: Gateway to the unix command, may be able to submit extra commands. + /cgi-win/fortune: Gateway to the unix command, may be able to submit extra commands. + /cgi-bin-sdb/fortune: Gateway to the unix command, may be able to submit extra commands. + /fcgi-bin/redirect: Redirects via URL from form. + /cgi.cgi/uptime: Gateway to the unix command, may be able to submit extra commands. + /webcgi/uptime: Gateway to the unix command, may be able to submit extra commands. + /cgi-914/uptime: Gateway to the unix command, may be able to submit extra commands. + /cgi/uptime: Gateway to the unix command, may be able to submit extra commands. + /ows-bin/uptime: Gateway to the unix command, may be able to submit extra commands. + /cgi-sys/uptime: Gateway to the unix command, may be able to submit extra commands. + /scripts/uptime: Gateway to the unix command, may be able to submit extra commands. + /cgi-mod/uptime: Gateway to the unix command, may be able to submit extra commands. + /cgi-win/wais.pl: Gateway to the unix command, may be able to submit extra commands. + /cgi-bin-sdb/wais.pl: Gateway to the unix command, may be able to submit extra commands. + /cgi-mod/wais.pl: Gateway to the unix command, may be able to submit extra commands. + /CVS/Entries: CVS Entries file may contain directory listing information. + /cgi.cgi/mail: Simple Perl mailing script to send form data to a pre-configured email address. + /cgi-914/mail: Simple Perl mailing script to send form data to a pre-configured email address. + /cgi-sys/mail: Simple Perl mailing script to send form data to a pre-configured email address. + /scripts/mail: Simple Perl mailing script to send form data to a pre-configured email address. + /cgi-win/mail: Simple Perl mailing script to send form data to a pre-configured email address. + /scgi-bin/mail: Simple Perl mailing script to send form data to a pre-configured email address. + /cgi.cgi/nph-error.pl: Gives more information in error messages. + /bin/nph-error.pl: Gives more information in error messages. + /scripts/nph-error.pl: Gives more information in error messages. + /cgi-win/nph-error.pl: Gives more information in error messages. + /scgi-bin/nph-error.pl: Gives more information in error messages. + /cgi.cgi/query: Echoes back result of your GET. + /cgi-914/query: Echoes back result of your GET. + /bin/query: Echoes back result of your GET. + /cgi/query: Echoes back result of your GET. + /ows-bin/query: Echoes back result of your GET. + /scripts/query: Echoes back result of your GET. + /cgi-win/query: Echoes back result of your GET. + /cgi-home/query: Echoes back result of your GET. + /cgi.cgi/test-env: May echo environment variables or give directory listings. + /cgi-914/test-env: May echo environment variables or give directory listings. + /cgi/test-env: May echo environment variables or give directory listings. + /cgi-win/test-env: May echo environment variables or give directory listings. + /cgi-bin-sdb/test-env: May echo environment variables or give directory listings. + /admin-serv/config/admpw: This file contains the encrypted Netscape admin password. It should not be accessible via the web. + /tree: WASD Server reveals the entire web root structure and files via this URL. Upgrade to a later version and secure according to the documents on the WASD web site. + /webcgi/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header. + /cgi-914/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header. + /cgi-sys/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header. + /scripts/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header. + /fcgi-bin/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header. + /cgi-home/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header. + /examples/servlet/AUX: Apache Tomcat versions below 4.1 may be vulnerable to DoS by repeatedly requesting this file. + /cgi.cgi/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169 + /bin/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169 + /cgi/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169 + /cgi-sys/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169 + /cgi-home/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169 + /cgi-bin-sdb/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169 + /cgi-mod/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169 + /Config1.htm: This may be a D-Link. Some devices have a DoS condition if an oversized POST request is sent. This DoS was not tested. See: https://raw.githubusercontent.com/sullo/advisory-archives/master/phenoelit.de_dp-300.txt + /contents/extensions/asp/1: The IIS system may be vulnerable to a DOS. See: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/MS02-018 + /webcgi/Pbcgi.exe?bcgiu4: Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128 + /bin/Pbcgi.exe?bcgiu4: Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128 + /ows-bin/Pbcgi.exe?bcgiu4: Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128 + /scgi-bin/Pbcgi.exe?bcgiu4: Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128 + /cgi-bin-sdb/Pbcgi.exe?bcgiu4: Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128 + /webcgi/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128 + /cgi-914/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128 + /ows-bin/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128 + /cgi-sys/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128 + /fcgi-bin/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128 + /cgi-home/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128 + /cgi-bin-sdb/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128 + /cgi-mod/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128 + /cgi-win/cgitest.exe: This CGI may allow the server to be crashed remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128 + /cgi.cgi/snorkerz.cmd: Arguments passed to DOS CGI without checking. + /webcgi/snorkerz.cmd: Arguments passed to DOS CGI without checking. + /cgi-914/snorkerz.cmd: Arguments passed to DOS CGI without checking. + /bin/snorkerz.cmd: Arguments passed to DOS CGI without checking. + /ows-bin/snorkerz.cmd: Arguments passed to DOS CGI without checking. + /cgi-sys/snorkerz.cmd: Arguments passed to DOS CGI without checking. + /fcgi-bin/snorkerz.cmd: Arguments passed to DOS CGI without checking. + /cgi-home/snorkerz.cmd: Arguments passed to DOS CGI without checking. + /scgi-bin/snorkerz.cmd: Arguments passed to DOS CGI without checking. + /cgi-bin-sdb/snorkerz.cmd: Arguments passed to DOS CGI without checking. + /cgi-shl/win-c-sample.exe: win-c-sample.exe has a buffer overflow. + /................../config.sys: PWS allows files to be read by prepending multiple '.' characters. At worst, IIS, not PWS, should be used. + /openautoclassifieds/friendmail.php?listing=: OpenAutoClassifieds 1.0 is vulnerable to a XSS attack. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1145 + /bin/retrieve_password.pl: retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0226 + /cgi/retrieve_password.pl: retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0226 + /ows-bin/retrieve_password.pl: retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0226 + /scripts/retrieve_password.pl: retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0226 + /cgi-win/retrieve_password.pl: retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0226 + /cgi.cgi/wwwadmin.pl: Administration CGI?. + /bin/wwwadmin.pl: Administration CGI?. + /cgi-win/wwwadmin.pl: Administration CGI?. + /scgi-bin/wwwadmin.pl: Administration CGI?. + Scan terminated: 0 error(s) and 338 item(s) reported on remote host + End Time: 2024-06-12 16:58:06 (GMT-4) (61 seconds) --------------------------------------------------------------------------- + 1 host(s) tested