Scan report for "conservativedailypost.com"

- Nikto v2.6.0
---------------------------------------------------------------------------
+ Your Nikto installation is out of date.
+ Target IP:          172.67.193.7
+ Target Hostname:    conservativedailypost.com
+ Target Port:        80
+ Platform:           Windows
+ Start Time:         2026-03-04 12:22:41 (GMT-5)
---------------------------------------------------------------------------
+ Server: cloudflare
+ Multiple IPs found: 172.67.193.7, 104.21.84.128, 2606:4700:3036::6815:5480, 2606:4700:3035::ac43:c107
+ [999100] /: Uncommon header(s) 'x-turbo-charged-by' found, with contents: LiteSpeed.
+ [011799] /: An alt-svc header was found which is advertising HTTP/2 over TLS. The endpoint is: ':443'. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/alt-svc
+ [999106] /: Cloudflare detected via cf-ray header. Recommend proxying via Burp or mitmproxy to avoid TLS fingerprint blocks. See: https://github.com/sullo/nikto/wiki/Using-a-Proxy
+ No CGI Directories found (use '-C all' to force check all possible dirs). CGI tests skipped.
+ [999100] /: Uncommon header(s) 'proxy-status' found, with contents: Cloudflare-Proxy;error=http_request_error.
+ [013587] /: Suggested security header missing: x-content-type-options. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
+ [013587] /: Suggested security header missing: permissions-policy. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy
+ [013587] /: Suggested security header missing: strict-transport-security. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
+ [013587] /: Suggested security header missing: content-security-policy. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
+ [013587] /: Suggested security header missing: referrer-policy. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
+ [800264] /: cloudflare - Cloudflare detected via banner. Recommend proxying via Burp or mitmproxy to avoid TLS fingerprint blocks if not already proxying.
+ [999990] OPTIONS: Allowed HTTP Methods: OPTIONS, HEAD, GET, POST .
+ [000161] /pccsmysqladm/incs/dbconnect.inc: This file should not be accessible, as it contains database connectivity information. Upgrade to version 1.2.5 or higher.
+ [000162] /iisadmin/: Access to /iisadmin should be restricted to localhost or allowed hosts only.
+ [000164] /PDG_Cart/order.log: PDG Commerce log found. See: http://zodi.com/cgi-bin/shopper.cgi?display=intro&template=Intro/commerce.html
+ [000180] /ows/restricted%2eshow: OWS may allow restricted files to be viewed by replacing a character with its encoded equivalent.
+ [000183] /w-agora/: w-agora pre 4.1.4 may allow a remote user to execute arbitrary PHP scripts via URL includes in include/*.php and user/*.php files. Default account is 'admin' but password set during install.
+ [000184] /vider.php3: MySimpleNews may allow deleting of news items without authentication. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2320
+ [000186] /officescan/cgi/cgiChkMasterPwd.exe: Trend Micro Officescan allows you to skip the login page and access some CGI programs directly. See: https://web.archive.org/web/20030607054822/http://support.microsoft.com/support/exchange/content/whitepapers/owaguide.doc
+ [000199] /pbserver/pbserver.dll: This may contain a buffer overflow. See: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/MS00-094
+ [000200] /administrator/gallery/uploadimage.php: Mambo PHP Portal/Server 4.0.12 BETA and below may allow upload of any file type simply putting '.jpg' before the real file extension.
+ [000201] /pafiledb/includes/team/file.php: paFileDB 3.1 and below may allow file upload without authentication.
+ [000202] /phpEventCalendar/file_upload.php: phpEventCalendar 1.1 and prior are vulnerable to file upload bug.
+ [000205] /scripts/cpshost.dll: Posting acceptor possibly allows you to upload files.
+ [000207] /upload.asp: An ASP page that allows attackers to upload files to server.
+ [000208] /uploadn.asp: An ASP page that allows attackers to upload files to server.
+ [000209] /uploadx.asp: An ASP page that allows attackers to upload files to server.
+ [000210] /wa.exe: An ASP page that allows attackers to upload files to server.
+ [000211] /basilix/compose-attach.php3: BasiliX webmail application prior to 1.1.1 contains a non-descript security vulnerability in compose-attach.php3 related to attachment uploads.
+ [000212] /server/: Possibly Macromedia JRun or CRX WebDAV upload.
+ [000215] /vgn/ac/data: Vignette CMS admin/maintenance script available.
+ [000216] /vgn/ac/delete: Vignette CMS admin/maintenance script available.
+ [000217] /vgn/ac/edit: Vignette CMS admin/maintenance script available.
+ [000218] /vgn/ac/esave: Vignette CMS admin/maintenance script available.
+ [000219] /vgn/ac/fsave: Vignette CMS admin/maintenance script available.
+ [000220] /vgn/ac/index: Vignette CMS admin/maintenance script available.
+ [000221] /vgn/asp/MetaDataUpdate: Vignette CMS admin/maintenance script available.
+ [000222] /vgn/asp/previewer: Vignette CMS admin/maintenance script available.
+ [000223] /vgn/asp/status: Vignette CMS admin/maintenance script available.
+ [000224] /vgn/asp/style: Vignette CMS admin/maintenance script available.
+ [000225] /vgn/errors: Vignette CMS admin/maintenance script available.
+ [000226] /vgn/jsp/controller: Vignette CMS admin/maintenance script available.
+ [000227] /vgn/jsp/errorpage: Vignette CMS admin/maintenance script available.
+ [000228] /vgn/jsp/initialize: Vignette CMS admin/maintenance script available.
+ [000229] /vgn/jsp/jspstatus: Vignette CMS admin/maintenance script available.
+ [000230] /vgn/jsp/jspstatus56: Vignette CMS admin/maintenance script available.
+ [000231] /vgn/jsp/metadataupdate: Vignette CMS admin/maintenance script available.
+ [000233] /vgn/jsp/style: Vignette CMS admin/maintenance script available.
+ [000234] /vgn/legacy/edit: Vignette CMS admin/maintenance script available.
+ [000235] /vgn/login: Vignette server may allow user enumeration based on the login attempts to this file.
+ [000239] /forum/admin/wwforum.mdb: Web Wiz Forums password database found. See: https://seclists.org/bugtraq/2003/Apr/238
+ [000240] /fpdb/shop.mdb: MetaCart2 is an ASP shopping cart. The database of customers is available via the web. See: https://packetstormsecurity.com/files/32406/xmas.txt.html
+ [000241] /guestbook/admin/o12guest.mdb: Ocean12 ASP Guestbook Manager allows download of SQL database which contains admin password. See: https://www.exploit-db.com/exploits/22484
+ [000242] /midicart.mdb: MIDICART database is available for browsing. This should not be allowed via the web server. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1432
+ [000243] /MIDICART/midicart.mdb: MIDICART database is available for browsing. This should not be allowed via the web server. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1432
+ [000244] /mpcsoftweb_guestbook/database/mpcsoftweb_guestdata.mdb: MPCSoftWeb Guest Book passwords retrieved. See: https://www.exploit-db.com/exploits/22513
+ [000245] /news/news.mdb: Web Wiz Site News release v3.06 admin password database is available and unencrypted.
+ [000248] /shopping300.mdb: VP-ASP shopping cart application allows .mdb files (which may include customer data) to be downloaded via the web. These should not be available. See: https://securitytracker.com/id/1004382
+ [000249] /shopping400.mdb: VP-ASP shopping cart application allows .mdb files (which may include customer data) to be downloaded via the web. These should not be available. See: https://securitytracker.com/id/1004382
+ [000250] /shoppingdirectory/midicart.mdb: MIDICART database is available for browsing. This should not be allowed via the web server. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1432
+ Scan terminated: 0 errors and 59 items reported on the remote host
+ End Time:           2026-03-04 12:23:42 (GMT-5) (61 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested

Trustpilot

Target

conservativedailypost.com

Target IP

172.67.193.7

Scan method

Nikto scan (max 60 sec)

Run command

nikto -host conservativedailypost.com -maxtime 60

Duration

61s

Quick report

Order full scan ($7.99/one time)

Scan date

04 Mar 2026 12:23

Copy scan report

Download report

Remove scan result

$

Check ports

Use Portscanner Tool

API - Scan ID

4bcb65109b197ba3aa5f599ec92e31a2fee826c8