Scan report for "www.timevision.it"

Membership level: Free member
Summary

Found

126

Duration

1min 1sec

Date

2024-10-07

IP

172.67.70.106

Report
Nikto scan (max 60 sec) (nikto -host www.timevision.it -maxtime 60)
- Nikto v2.5.0
---------------------------------------------------------------------------
+ Multiple IPs found: 172.67.70.106, 104.26.11.103, 104.26.10.103, 2606:4700:20::681a:a67, 2606:4700:20::ac43:466a, 2606:4700:20::681a:b67
+ Target IP:          172.67.70.106
+ Target Hostname:    www.timevision.it
+ Target Port:        80
+ Start Time:         2024-10-07 05:09:23 (GMT-4)
---------------------------------------------------------------------------
+ Server: cloudflare
+ All CGI directories 'found', use '-C none' to test none
+ /webcgi/finger.pl: finger other users, may be other commands?.
+ /cgi-914/finger.pl: finger other users, may be other commands?.
+ /cgi-915/finger.pl: finger other users, may be other commands?.
+ /bin/finger.pl: finger other users, may be other commands?.
+ /cgi-bin/finger.pl: finger other users, may be other commands?.
+ /ows-bin/finger.pl: finger other users, may be other commands?.
+ /cgi-local/finger.pl: finger other users, may be other commands?.
+ /cgis/finger.pl: finger other users, may be other commands?.
+ /scripts/finger.pl: finger other users, may be other commands?.
+ /fcgi-bin/finger.pl: finger other users, may be other commands?.
+ /cgi-bin-sdb/finger.pl: finger other users, may be other commands?.
+ /cgi-mod/finger.pl: finger other users, may be other commands?.
+ /cgi.cgi/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgi-914/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgi-915/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgi-bin/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /ows-bin/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgis/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /scripts/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgi-win/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /fcgi-bin/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgi-exe/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgi-bin-sdb/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgi-mod/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgi/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgi-bin/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /htbin/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgibin/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgis/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /scripts/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgi-win/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /fcgi-bin/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgi-exe/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgi-perl/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgi-mod/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /blah_badfile.shtml: Allaire ColdFusion allows JSP source viewed through a vulnerable SSI call.
+ /SiteServer/Admin/commerce/foundation/domain.asp: Displays known domains of which that server is involved. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1769
+ /SiteServer/Admin/commerce/foundation/driver.asp: Displays a list of installed ODBC drivers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1769
+ /basilix/mbox-list.php3: BasiliX webmail application prior to 1.1.1 contains a XSS issue in 'message list' function/page.
+ /basilix/message-read.php3: BasiliX webmail application prior to 1.1.1 contains a XSS issue in 'read message' function/page.
+ /clusterframe.jsp: Macromedia JRun 4 build 61650 remote administration interface is vulnerable to several XSS attacks.
+ /SiteServer/Admin/knowledge/dsmgr/users/GroupManager.asp: Microsoft Site Server script used to create, modify, and potentially delete LDAP users and groups. See: https://securitytracker.com/id/1003420
+ /SiteServer/Admin/knowledge/dsmgr/users/UserManager.asp: Microsoft Site Server used to create, modify, and potentially delete LDAP users and groups. See: https://securitytracker.com/id/1003420
+ /pccsmysqladm/incs/dbconnect.inc: This file should not be accessible, as it contains database connectivity information. Upgrade to version 1.2.5 or higher.
+ /view_source.jsp: Resin 2.1.2 view_source.jsp allows any file on the system to be viewed by using \..\ directory traversal. This script may be vulnerable.
+ /vider.php3: MySimpleNews may allow deleting of news items without authentication. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2320
+ /upload.asp: An ASP page that allows attackers to upload files to server.
+ /uploadn.asp: An ASP page that allows attackers to upload files to server.
+ /basilix/compose-attach.php3: BasiliX webmail application prior to 1.1.1 contains a non-descript security vulnerability in compose-attach.php3 related to attachment uploads.
+ /webcgi/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /cgi-915/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /bin/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /mpcgi/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /cgibin/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /cgi-perl/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /cgi-bin-sdb/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /cgi.cgi/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /webcgi/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /cgi-915/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /cgi/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /cgi-bin/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /ows-bin/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /cgi-sys/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /cgibin/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /cgis/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /scripts/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /cgi-win/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /fcgi-bin/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /cgi-exe/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /cgi-perl/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /cgi-bin-sdb/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /shopa_sessionlist.asp: VP-ASP shopping cart test application is available from the web. This page may give the location of .mdb files which may also be available.
+ /cms/typo3conf/database.sql: TYPO3 SQL file found.
+ /site/typo3conf/database.sql: TYPO3 SQL file found.
+ /ws_ftp.ini: Can contain saved passwords for FTP sites.
+ /_mem_bin/auoconfig.asp: Displays the default AUO (LDAP) schema, including host and port.
+ /SiteServer/Admin/knowledge/persmbr/vs.asp: Expose various LDAP service and backend configuration parameters. See: https://vulners.com/osvdb/OSVDB:17659
+ /nsn/fdir.bas:ShowVolume: You can use ShowVolume and ShowDirectory directly on the Novell server (NW5.1) to view the filesystem without having to log in.
+ /quikstore.cfg: Shopping cart config file, http://www.quikstore.com/, http://www.mindsec.com/advisories/post2.txt. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0607
+ /nsn/..%5Cutil/chkvol.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/copy.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/lancard.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/rd.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/set.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/slist.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/type.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/userlist.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cweb/fdir.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cwebdemo/env.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /cgi.cgi/calendar.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-914/calendar.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-915/calendar.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-bin/calendar.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-local/calendar.pl: Gateway to the unix command, may be able to submit extra commands.
+ /htbin/calendar.pl: Gateway to the unix command, may be able to submit extra commands.
+ /scripts/calendar.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-exe/calendar.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-home/calendar.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-perl/calendar.pl: Gateway to the unix command, may be able to submit extra commands.
+ /webcgi/wais.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-914/wais.pl: Gateway to the unix command, may be able to submit extra commands.
+ /mpcgi/wais.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-bin/wais.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-sys/wais.pl: Gateway to the unix command, may be able to submit extra commands.
+ /htbin/wais.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgibin/wais.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgis/wais.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-win/wais.pl: Gateway to the unix command, may be able to submit extra commands.
+ /fcgi-bin/wais.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-exe/wais.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-home/wais.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-mod/wais.pl: Gateway to the unix command, may be able to submit extra commands.
+ /webcgi/nph-error.pl: Gives more information in error messages.
+ /cgi-915/nph-error.pl: Gives more information in error messages.
+ /bin/nph-error.pl: Gives more information in error messages.
+ /mpcgi/nph-error.pl: Gives more information in error messages.
+ /ows-bin/nph-error.pl: Gives more information in error messages.
+ /cgis/nph-error.pl: Gives more information in error messages.
+ /scripts/nph-error.pl: Gives more information in error messages.
+ /fcgi-bin/nph-error.pl: Gives more information in error messages.
+ /cgi-exe/nph-error.pl: Gives more information in error messages.
+ /cgi-home/nph-error.pl: Gives more information in error messages.
+ /cgi-perl/nph-error.pl: Gives more information in error messages.
+ /scgi-bin/nph-error.pl: Gives more information in error messages.
+ /cgi-mod/nph-error.pl: Gives more information in error messages.
+ /ht_root/wwwroot/-/local/httpd$map.conf: WASD reveals the http configuration file. Upgrade to a later version and secure according to the documents on the WASD web site.
+ Scan terminated: 0 error(s) and 126 item(s) reported on remote host
+ End Time:           2024-10-07 05:10:24 (GMT-4) (61 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
Online Nikto scanner - Online Nikto web server scanner | Product Hunt
Detailed report
Target
www.timevision.it
Target IP
172.67.70.106
Scan method
Nikto scan (max 60 sec)
Run command
nikto -host www.timevision.it -maxtime 60
Duration
61s
Quick report
Order full scan ($79/one time)
Scan date
07 Oct 2024 05:10
API - Scan ID
04dad4abebade20b25f7c72c747916eb8191c0e8
Copy scan report
Download report
Remove scan result
$
Check ports
Use Portscanner Tool