Scan report for "betano.bet.br"

  1. Nikto Online
  2. Scan report for "betano.bet.br"
Membership level: Free member
Summary

Found

429

Duration

1min 1sec

Date

2025-06-13

IP

172.64.148.56

Report
Nikto scan (max 60 sec) (nikto -host betano.bet.br -maxtime 60)
- Nikto 
---------------------------------------------------------------------------
+ Multiple IPs found: 172.64.148.56, 104.18.39.200, 2606:4700:4400::ac40:9438, 2606:4700:4400::6812:27c8
+ Target IP:          172.64.148.56
+ Target Hostname:    betano.bet.br
+ Target Port:        80
+ Start Time:         2025-06-13 12:55:41 (GMT-7)
---------------------------------------------------------------------------
+ Server: cloudflare
+ /: IP address found in the 'set-cookie' header. The IP is "0.0.1.1". See: https://portswigger.net/kb/issues/00600300_private-ip-addresses-disclosed
+ /: IP address found in the '_cfuvid' cookie. The IP is "0.0.1.1".
+ /webcgi/classified.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /bin/classified.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /mpcgi/classified.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /htbin/classified.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgibin/classified.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-win/classified.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /fcgi-bin/classified.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /webcgi/download.cgi: Check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article
+ /mpcgi/download.cgi: Check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-local/download.cgi: Check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgibin/download.cgi: Check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-win/download.cgi: Check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-home/download.cgi: Check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article
+ /webcgi/flexform.cgi: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /cgi-914/flexform.cgi: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /cgi-local/flexform.cgi: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /cgi-win/flexform.cgi: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /cgi-home/flexform.cgi: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /webcgi/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /bin/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /cgi-bin/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /cgibin/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /cgi-win/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /fcgi-bin/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /mpcgi/lwgate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-bin/lwgate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-local/lwgate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-home/lwgate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /webcgi/LWGate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-914/LWGate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /bin/LWGate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /mpcgi/LWGate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-home/LWGate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-bin/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-local/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-win/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-home/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /webcgi/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /mpcgi/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-local/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-win/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /fcgi-bin/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-914/perlshop.cgi: v3.1 by ARPAnet.com; check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article
+ /htbin/perlshop.cgi: v3.1 by ARPAnet.com; check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgibin/perlshop.cgi: v3.1 by ARPAnet.com; check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article
+ /webcgi/handler.cgi: Variation of Irix Handler? Has been seen from other CGI scanners.
+ /cgi-bin/handler.cgi: Variation of Irix Handler? Has been seen from other CGI scanners.
+ /htbin/handler.cgi: Variation of Irix Handler? Has been seen from other CGI scanners.
+ /cgi-win/handler.cgi: Variation of Irix Handler? Has been seen from other CGI scanners.
+ /cgi-home/handler.cgi: Variation of Irix Handler? Has been seen from other CGI scanners.
+ /webcgi/finger: finger other users, may be other commands?.
+ /cgi-bin/finger: finger other users, may be other commands?.
+ /cgi-win/finger: finger other users, may be other commands?.
+ /fcgi-bin/finger: finger other users, may be other commands?.
+ /cgi-home/finger: finger other users, may be other commands?.
+ /bin/finger.pl: finger other users, may be other commands?.
+ /cgi-local/finger.pl: finger other users, may be other commands?.
+ /htbin/finger.pl: finger other users, may be other commands?.
+ /fcgi-bin/finger.pl: finger other users, may be other commands?.
+ /cgi-home/finger.pl: finger other users, may be other commands?.
+ /webcgi/gm-authors.cgi: GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /cgi-914/gm-authors.cgi: GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /bin/gm-authors.cgi: GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /cgi-bin/gm-authors.cgi: GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /htbin/gm-authors.cgi: GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /fcgi-bin/gm-authors.cgi: GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /webcgi/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ /cgi-914/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ /bin/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ /cgibin/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ /cgi-win/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ /webcgi/photo/protected/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems.
+ /bin/photo/protected/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems.
+ /mpcgi/photo/protected/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems.
+ /cgi-bin/photo/protected/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems.
+ /cgibin/photo/protected/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems.
+ /cgi-win/photo/protected/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems.
+ /webcgi/wrap.cgi: Allows viewing of directories.
+ /cgi-bin/wrap.cgi: Allows viewing of directories.
+ /htbin/wrap.cgi: Allows viewing of directories.
+ /cgibin/wrap.cgi: Allows viewing of directories.
+ /cgi-home/wrap.cgi: Allows viewing of directories.
+ /cgi-bin/wrap: Allows viewing of directories.
+ /forums//admin/config.php: PHP Config file may contain database IDs and passwords.
+ /forums//adm/config.php: PHP Config file may contain database IDs and passwords.
+ /forums/config.php: PHP Config file may contain database IDs and passwords.
+ /guestbook/pwd: PHP-Gastebuch 1.60 Beta reveals the md5 hash of the admin password.
+ /inc/config.php: Bookmark4U v1.8.3 include files are not protected and may contain remote source injection by using the 'prefix' variable. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1253
+ /inc/dbase.php: Bookmark4U v1.8.3 include files are not protected and may contain remote source injection by using the 'prefix' variable. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1253
+ /webcgi/html2chtml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /cgi-914/html2chtml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /bin/html2chtml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /htbin/html2chtml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /fcgi-bin/html2chtml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /webcgi/html2wml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /bin/html2wml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /mpcgi/html2wml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /cgi-local/html2wml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /cgibin/html2wml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /cgi-win/html2wml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /cgi-914/guestbook.cgi: May allow attackers to execute commands as the web daemon.
+ /cgi-bin/guestbook.cgi: May allow attackers to execute commands as the web daemon.
+ /cgibin/guestbook.cgi: May allow attackers to execute commands as the web daemon.
+ /cgi-win/guestbook.cgi: May allow attackers to execute commands as the web daemon.
+ /webcgi/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgi-914/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /bin/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /mpcgi/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgi-bin/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /cgibin/guestbook.pl: May allow attackers to execute commands as the web daemon.
+ /webcgi/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /bin/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /mpcgi/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /cgi-bin/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /cgi-local/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /cgi-home/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /geeklog/users.php: Geeklog prior to 1.3.8-1sr2 contains a SQL injection vulnerability that lets a remote attacker reset admin password. See: https://vulners.com/osvdb/OSVDB:2703
+ /cgi-bin/gH.cgi: Web backdoor by gH.
+ /cgibin/gH.cgi: Web backdoor by gH.
+ /fcgi-bin/gH.cgi: Web backdoor by gH.
+ /cgi-home/gH.cgi: Web backdoor by gH.
+ /webcgi/gm-cplog.cgi: GreyMatter log file defaults to mode 666 and contains login and passwords used to update the GM site. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /htbin/gm-cplog.cgi: GreyMatter log file defaults to mode 666 and contains login and passwords used to update the GM site. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /cgibin/gm-cplog.cgi: GreyMatter log file defaults to mode 666 and contains login and passwords used to update the GM site. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /cgi-win/gm-cplog.cgi: GreyMatter log file defaults to mode 666 and contains login and passwords used to update the GM site. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /cgi-home/gm-cplog.cgi: GreyMatter log file defaults to mode 666 and contains login and passwords used to update the GM site. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /cgi-914/gm.cgi: GreyMatter blogger may reveal user IDs/passwords through a gmrightclick-######.reg files (# are numbers), possibly in /archive or other archive location. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /cgi-local/gm.cgi: GreyMatter blogger may reveal user IDs/passwords through a gmrightclick-######.reg files (# are numbers), possibly in /archive or other archive location. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /htbin/gm.cgi: GreyMatter blogger may reveal user IDs/passwords through a gmrightclick-######.reg files (# are numbers), possibly in /archive or other archive location. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /cgi-win/gm.cgi: GreyMatter blogger may reveal user IDs/passwords through a gmrightclick-######.reg files (# are numbers), possibly in /archive or other archive location. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /webcgi/AT-admin.cgi: Admin interface.
+ /cgi-914/AT-admin.cgi: Admin interface.
+ /bin/AT-admin.cgi: Admin interface.
+ /mpcgi/AT-admin.cgi: Admin interface.
+ /htbin/AT-admin.cgi: Admin interface.
+ /fcgi-bin/AT-admin.cgi: Admin interface.
+ /webcgi/mt-static/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /cgi-914/mt-static/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /cgi-bin/mt-static/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /htbin/mt-static/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /cgibin/mt-static/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /cgi-win/mt-static/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /fcgi-bin/mt-static/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /cgi-914/mt/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /mpcgi/mt/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /cgi-local/mt/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /cgibin/mt/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /cgi-win/mt/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /fcgi-bin/mt/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /cgi-home/mt/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /cgi-914/banner.cgi: This CGI may allow attackers to read any file on the system.
+ /mpcgi/banner.cgi: This CGI may allow attackers to read any file on the system.
+ /cgi-bin/banner.cgi: This CGI may allow attackers to read any file on the system.
+ /htbin/banner.cgi: This CGI may allow attackers to read any file on the system.
+ /cgibin/banner.cgi: This CGI may allow attackers to read any file on the system.
+ /cgi-win/banner.cgi: This CGI may allow attackers to read any file on the system.
+ /cgi-home/banner.cgi: This CGI may allow attackers to read any file on the system.
+ /cgi-bin/bannereditor.cgi: This CGI may allow attackers to read any file on the system.
+ /cgi-local/bannereditor.cgi: This CGI may allow attackers to read any file on the system.
+ /htbin/bannereditor.cgi: This CGI may allow attackers to read any file on the system.
+ /fcgi-bin/bannereditor.cgi: This CGI may allow attackers to read any file on the system.
+ /webcgi/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgi-914/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /bin/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgi-win/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /fcgi-bin/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgi-home/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /mpcgi/bizdb1-search.cgi: This CGI may allow attackers to execute commands remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0287
+ /cgi-bin/bizdb1-search.cgi: This CGI may allow attackers to execute commands remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0287
+ /cgi-local/bizdb1-search.cgi: This CGI may allow attackers to execute commands remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0287
+ /htbin/bizdb1-search.cgi: This CGI may allow attackers to execute commands remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0287
+ /cgi-win/bizdb1-search.cgi: This CGI may allow attackers to execute commands remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0287
+ /cgi-home/bizdb1-search.cgi: This CGI may allow attackers to execute commands remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0287
+ /cgi-914/blog/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
+ /bin/blog/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
+ /mpcgi/blog/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
+ /cgi-bin/blog/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
+ /cgi-local/blog/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
+ /cgibin/blog/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
+ /cgi-home/blog/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
+ /vgn/performance/TMT/reset: Vignette CMS admin/maintenance script available.
+ /vgn/ppstats: Vignette CMS admin/maintenance script available.
+ /vgn/stylepreviewer: Vignette CMS admin/maintenance script available.
+ /vgn/vr/Select: Vignette CMS admin/maintenance script available.
+ /scripts/iisadmin/ism.dll: Allows you to mount a brute force attack on passwords.
+ /vgn/style: Vignette server may reveal system information through this file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0401
+ /SiteServer/Admin/commerce/foundation/driver.asp: Displays a list of installed ODBC drivers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1769
+ /SiteServer/admin/findvserver.asp: Gives a list of installed Site Server components. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1769
+ /SiteServer/Admin/knowledge/dsmgr/default.asp: Used to view current search catalog configurations.
+ /webcgi/moin.cgi?test: MoinMoin 1.1 and prior contain at least two XSS vulnerabilities. Version 1.0 and prior also contains a XSLT related vulnerability. See: http://moinmo.in/MoinMoinDownload
+ /cgi-914/moin.cgi?test: MoinMoin 1.1 and prior contain at least two XSS vulnerabilities. Version 1.0 and prior also contains a XSLT related vulnerability. See: http://moinmo.in/MoinMoinDownload
+ /bin/moin.cgi?test: MoinMoin 1.1 and prior contain at least two XSS vulnerabilities. Version 1.0 and prior also contains a XSLT related vulnerability. See: http://moinmo.in/MoinMoinDownload
+ /cgi-local/moin.cgi?test: MoinMoin 1.1 and prior contain at least two XSS vulnerabilities. Version 1.0 and prior also contains a XSLT related vulnerability. See: http://moinmo.in/MoinMoinDownload
+ /htbin/moin.cgi?test: MoinMoin 1.1 and prior contain at least two XSS vulnerabilities. Version 1.0 and prior also contains a XSLT related vulnerability. See: http://moinmo.in/MoinMoinDownload
+ /basilix/mbox-list.php3: BasiliX webmail application prior to 1.1.1 contains a XSS issue in 'message list' function/page.
+ /basilix/message-read.php3: BasiliX webmail application prior to 1.1.1 contains a XSS issue in 'read message' function/page.
+ /bb-dnbd/faxsurvey: This may allow arbitrary command execution.
+ /cartcart.cgi: If this is Dansie Shopping Cart 3.0.8 or earlier, it contains a backdoor to allow attackers to execute arbitrary commands.
+ /SiteServer/Admin/knowledge/dsmgr/users/GroupManager.asp: Microsoft Site Server script used to create, modify, and potentially delete LDAP users and groups. See: https://securitytracker.com/id/1003420
+ /SiteServer/Admin/knowledge/dsmgr/users/UserManager.asp: Microsoft Site Server used to create, modify, and potentially delete LDAP users and groups. See: https://securitytracker.com/id/1003420
+ /scripts/proxy/w3proxy.dll: MSProxy v1.0 installed.
+ /pccsmysqladm/incs/dbconnect.inc: This file should not be accessible, as it contains database connectivity information. Upgrade to version 1.2.5 or higher.
+ /ows/restricted%2eshow: OWS may allow restricted files to be viewed by replacing a character with its encoded equivalent.
+ /webcgi/astrocam.cgi: Astrocam 1.4.1 contained buffer overflow. Prior to 2.1.3 contained unspecified security bugs. See: http://www.securityfocus.com/bid/4684
+ /cgi-914/astrocam.cgi: Astrocam 1.4.1 contained buffer overflow. Prior to 2.1.3 contained unspecified security bugs. See: http://www.securityfocus.com/bid/4684
+ /bin/astrocam.cgi: Astrocam 1.4.1 contained buffer overflow. Prior to 2.1.3 contained unspecified security bugs. See: http://www.securityfocus.com/bid/4684
+ /cgi-bin/astrocam.cgi: Astrocam 1.4.1 contained buffer overflow. Prior to 2.1.3 contained unspecified security bugs. See: http://www.securityfocus.com/bid/4684
+ /cgi-local/astrocam.cgi: Astrocam 1.4.1 contained buffer overflow. Prior to 2.1.3 contained unspecified security bugs. See: http://www.securityfocus.com/bid/4684
+ /cgibin/astrocam.cgi: Astrocam 1.4.1 contained buffer overflow. Prior to 2.1.3 contained unspecified security bugs. See: http://www.securityfocus.com/bid/4684
+ /fcgi-bin/astrocam.cgi: Astrocam 1.4.1 contained buffer overflow. Prior to 2.1.3 contained unspecified security bugs. See: http://www.securityfocus.com/bid/4684
+ /cgi-home/astrocam.cgi: Astrocam 1.4.1 contained buffer overflow. Prior to 2.1.3 contained unspecified security bugs. See: http://www.securityfocus.com/bid/4684
+ /webcgi/badmin.cgi: BannerWheel v1.0 is vulnerable to a local buffer overflow. If this is version 1.0 it should be upgraded.
+ /cgi-914/badmin.cgi: BannerWheel v1.0 is vulnerable to a local buffer overflow. If this is version 1.0 it should be upgraded.
+ /mpcgi/badmin.cgi: BannerWheel v1.0 is vulnerable to a local buffer overflow. If this is version 1.0 it should be upgraded.
+ /cgi-local/badmin.cgi: BannerWheel v1.0 is vulnerable to a local buffer overflow. If this is version 1.0 it should be upgraded.
+ /htbin/badmin.cgi: BannerWheel v1.0 is vulnerable to a local buffer overflow. If this is version 1.0 it should be upgraded.
+ /cgi-win/badmin.cgi: BannerWheel v1.0 is vulnerable to a local buffer overflow. If this is version 1.0 it should be upgraded.
+ /fcgi-bin/badmin.cgi: BannerWheel v1.0 is vulnerable to a local buffer overflow. If this is version 1.0 it should be upgraded.
+ /webcgi/boozt/admin/index.cgi?section=5&input=1: Boozt CGI may have a buffer overflow. Upgrade to a version newer than 0.9.8alpha. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0098
+ /bin/boozt/admin/index.cgi?section=5&input=1: Boozt CGI may have a buffer overflow. Upgrade to a version newer than 0.9.8alpha. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0098
+ /htbin/boozt/admin/index.cgi?section=5&input=1: Boozt CGI may have a buffer overflow. Upgrade to a version newer than 0.9.8alpha. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0098
+ /cgi-914/ezadmin.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /mpcgi/ezadmin.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /cgi-bin/ezadmin.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /cgi-win/ezadmin.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /fcgi-bin/ezadmin.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /cgi-home/ezadmin.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /cgi-914/ezboard.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /bin/ezboard.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /mpcgi/ezboard.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /cgi-local/ezboard.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /htbin/ezboard.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /cgibin/ezboard.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /cgi-win/ezboard.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /webcgi/ezman.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /cgi-914/ezman.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /mpcgi/ezman.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /cgi-bin/ezman.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /htbin/ezman.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /cgi-win/ezman.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /webcgi/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /bin/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /mpcgi/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-bin/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /htbin/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-home/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /webcgi/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
+ /bin/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
+ /mpcgi/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
+ /cgibin/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
+ /bin/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /mpcgi/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /cgi-bin/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /cgi-local/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /htbin/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /cgibin/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /cgi-win/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /cgi-home/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /servlet/com.unify.servletexec.UploadServlet: This servlet allows attackers to upload files to the server.
+ /scripts/cpshost.dll: Posting acceptor possibly allows you to upload files.
+ /uploadn.asp: An ASP page that allows attackers to upload files to server.
+ /uploadx.asp: An ASP page that allows attackers to upload files to server.
+ /basilix/compose-attach.php3: BasiliX webmail application prior to 1.1.1 contains a non-descript security vulnerability in compose-attach.php3 related to attachment uploads.
+ /vgn/ac/delete: Vignette CMS admin/maintenance script available.
+ /vgn/ac/esave: Vignette CMS admin/maintenance script available.
+ /vgn/asp/MetaDataUpdate: Vignette CMS admin/maintenance script available.
+ /vgn/jsp/controller: Vignette CMS admin/maintenance script available.
+ /vgn/jsp/initialize: Vignette CMS admin/maintenance script available.
+ /vgn/jsp/jspstatus56: Vignette CMS admin/maintenance script available.
+ /vgn/jsp/previewer: Vignette CMS admin/maintenance script available.
+ /vgn/legacy/edit: Vignette CMS admin/maintenance script available.
+ /fpdb/shop.mdb: MetaCart2 is an ASP shopping cart. The database of customers is available via the web. See: https://packetstormsecurity.com/files/32406/xmas.txt.html
+ /guestbook/admin/o12guest.mdb: Ocean12 ASP Guestbook Manager allows download of SQL database which contains admin password. See: https://www.exploit-db.com/exploits/22484
+ /midicart.mdb: MIDICART database is available for browsing. This should not be allowed via the web server. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1432
+ /news/news.mdb: Web Wiz Site News release v3.06 admin password database is available and unencrypted.
+ /shopping400.mdb: VP-ASP shopping cart application allows .mdb files (which may include customer data) to be downloaded via the web. These should not be available. See: https://securitytracker.com/id/1004382
+ /database/db2000.mdb: Max Web Portal database is available remotely. It should be moved from the default location to a directory outside the web root. See: https://www.medae.co/en/max/web-app
+ /webcgi/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /bin/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /mpcgi/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /htbin/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /fcgi-bin/mailit.pl: Sambar may allow anonymous email to be sent from any host via this CGI. See: https://vulners.com/nessus/SAMBAR_MAILIT.NASL
+ /adm/config.php: PHP Config file may contain database IDs and passwords.
+ /contents.php?new_language=elvish&mode=select: Requesting a file with an invalid language selection from DC Portal may reveal the system path.
+ /pw/storemgr.pw: Encrypted ID/Pass for Mercantec's SoftCart. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0609
+ /shopa_sessionlist.asp: VP-ASP shopping cart test application is available from the web. This page may give the location of .mdb files which may also be available.
+ /simplebbs/users/users.php: Simple BBS 1.0.6 allows user information and passwords to be viewed remotely. See: https://www.webhostingtalk.nl/bugtraq-mailing-lijst/23898-simplebbs-1-0-6-default-permissions-vuln.html
+ /typo3conf/localconf.php: TYPO3 config file found.
+ /cms/typo3conf/localconf.php: TYPO3 config file found.
+ /site/typo3conf/localconf.php: TYPO3 config file found.
+ /typo/typo3conf/localconf.php: TYPO3 config file found.
+ /vgn/license: Vignette server license file found. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0403
+ /_mem_bin/auoconfig.asp: Displays the default AUO (LDAP) schema, including host and port.
+ /SiteServer/Admin/knowledge/persmbr/vs.asp: Expose various LDAP service and backend configuration parameters. See: https://vulners.com/osvdb/OSVDB:17659
+ /SiteServer/Admin/knowledge/persmbr/VsLsLpRd.asp: Expose various LDAP service and backend configuration parameters. See: https://vulners.com/osvdb/OSVDB:17661
+ /SiteServer/Admin/knowledge/persmbr/VsTmPr.asp: Expose various LDAP service and backend configuration parameters. See: https://vulners.com/osvdb/OSVDB:17660
+ /nsn/fdir.bas:ShowVolume: You can use ShowVolume and ShowDirectory directly on the Novell server (NW5.1) to view the filesystem without having to log in.
+ /webmail/blank.html: IlohaMail 0.8.10 contains an XSS vulnerability. Previous versions contain other non-descript vulnerabilities.
+ /cgi/cgiproc?: It may be possible to crash Nortel Contivity VxWorks by requesting '/cgi/cgiproc?$' (not attempted!). Upgrade to version 2.60 or later. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0063
+ /bin/addbanner.cgi: This CGI may allow attackers to read any file on the system.
+ /cgi-bin/addbanner.cgi: This CGI may allow attackers to read any file on the system.
+ /cgi-local/addbanner.cgi: This CGI may allow attackers to read any file on the system.
+ /htbin/addbanner.cgi: This CGI may allow attackers to read any file on the system.
+ /cgibin/addbanner.cgi: This CGI may allow attackers to read any file on the system.
+ /fcgi-bin/addbanner.cgi: This CGI may allow attackers to read any file on the system.
+ /cgi-home/addbanner.cgi: This CGI may allow attackers to read any file on the system.
+ /webcgi/shtml.dll: This may allow attackers to retrieve document source.
+ /cgi-914/shtml.dll: This may allow attackers to retrieve document source.
+ /bin/shtml.dll: This may allow attackers to retrieve document source.
+ /mpcgi/shtml.dll: This may allow attackers to retrieve document source.
+ /cgi-local/shtml.dll: This may allow attackers to retrieve document source.
+ /htbin/shtml.dll: This may allow attackers to retrieve document source.
+ /cgibin/shtml.dll: This may allow attackers to retrieve document source.
+ /webcgi/aglimpse.cgi: This CGI may allow attackers to execute remote commands.
+ /cgi-914/aglimpse.cgi: This CGI may allow attackers to execute remote commands.
+ /bin/aglimpse.cgi: This CGI may allow attackers to execute remote commands.
+ /mpcgi/aglimpse.cgi: This CGI may allow attackers to execute remote commands.
+ /cgi-bin/aglimpse.cgi: This CGI may allow attackers to execute remote commands.
+ /cgibin/aglimpse.cgi: This CGI may allow attackers to execute remote commands.
+ /cgi-win/aglimpse.cgi: This CGI may allow attackers to execute remote commands.
+ /cgi-home/aglimpse.cgi: This CGI may allow attackers to execute remote commands.
+ /webcgi/aglimpse: This CGI may allow attackers to execute remote commands.
+ /cgi-914/aglimpse: This CGI may allow attackers to execute remote commands.
+ /bin/aglimpse: This CGI may allow attackers to execute remote commands.
+ /mpcgi/aglimpse: This CGI may allow attackers to execute remote commands.
+ /htbin/aglimpse: This CGI may allow attackers to execute remote commands.
+ /cgibin/aglimpse: This CGI may allow attackers to execute remote commands.
+ /cgi-win/aglimpse: This CGI may allow attackers to execute remote commands.
+ /cgi-home/aglimpse: This CGI may allow attackers to execute remote commands.
+ /webcgi/architext_query.cgi: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /mpcgi/architext_query.cgi: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgi-bin/architext_query.cgi: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /htbin/architext_query.cgi: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgi-win/architext_query.cgi: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgi-home/architext_query.cgi: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /webcgi/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /bin/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /cgi-win/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /fcgi-bin/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /cgi-914/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /bin/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /mpcgi/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /cgi-bin/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /htbin/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /cgi-win/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /fcgi-bin/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /cgi-home/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /vgn/legacy/save: Vignette Legacy Tool may be unprotected. To access this resource, set a cookie called 'vgn_creds' with any value.
+ /quikstore.cgi: A shopping cart.
+ /nsn/..%5Cutil/attrib.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/dir.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/dsbrowse.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/set.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cwebdemo/fdir.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /bin/archie: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-local/archie: Gateway to the unix command, may be able to submit extra commands.
+ /cgibin/archie: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-win/archie: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-914/calendar.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgibin/calendar.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-win/calendar.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-914/calendar: Gateway to the unix command, may be able to submit extra commands.
+ /fcgi-bin/calendar: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-home/calendar: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-914/date: Gateway to the unix command, may be able to submit extra commands.
+ /bin/date: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-local/date: Gateway to the unix command, may be able to submit extra commands.
+ /htbin/date: Gateway to the unix command, may be able to submit extra commands.
+ /cgibin/date: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-914/fortune: Gateway to the unix command, may be able to submit extra commands.
+ /mpcgi/fortune: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-bin/fortune: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-local/fortune: Gateway to the unix command, may be able to submit extra commands.
+ /htbin/fortune: Gateway to the unix command, may be able to submit extra commands.
+ /cgibin/fortune: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-win/fortune: Gateway to the unix command, may be able to submit extra commands.
+ /fcgi-bin/fortune: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-home/fortune: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-bin/redirect: Redirects via URL from form.
+ /cgibin/redirect: Redirects via URL from form.
+ /cgi-home/redirect: Redirects via URL from form.
+ /webcgi/uptime: Gateway to the unix command, may be able to submit extra commands.
+ /bin/uptime: Gateway to the unix command, may be able to submit extra commands.
+ /htbin/uptime: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-win/uptime: Gateway to the unix command, may be able to submit extra commands.
+ /webcgi/wais.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-914/wais.pl: Gateway to the unix command, may be able to submit extra commands.
+ /mpcgi/wais.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-bin/wais.pl: Gateway to the unix command, may be able to submit extra commands.
+ /cgibin/wais.pl: Gateway to the unix command, may be able to submit extra commands.
+ /fcgi-bin/wais.pl: Gateway to the unix command, may be able to submit extra commands.
+ /LOGIN.PWD: MIPCD password file with unencrypted passwords. MIPDCD should not have the web interface enabled.
+ /webcgi/mail: Simple Perl mailing script to send form data to a pre-configured email address.
+ /cgi-914/mail: Simple Perl mailing script to send form data to a pre-configured email address.
+ /cgi-bin/mail: Simple Perl mailing script to send form data to a pre-configured email address.
+ /cgibin/mail: Simple Perl mailing script to send form data to a pre-configured email address.
+ /cgi-home/mail: Simple Perl mailing script to send form data to a pre-configured email address.
+ /webcgi/nph-error.pl: Gives more information in error messages.
+ /cgi-bin/nph-error.pl: Gives more information in error messages.
+ /cgi-home/nph-error.pl: Gives more information in error messages.
+ /cgi-914/query: Echoes back result of your GET.
+ /cgi-bin/query: Echoes back result of your GET.
+ /cgi-local/query: Echoes back result of your GET.
+ /htbin/query: Echoes back result of your GET.
+ /fcgi-bin/query: Echoes back result of your GET.
+ /cgi-home/query: Echoes back result of your GET.
+ /webcgi/test-env: May echo environment variables or give directory listings.
+ /cgi-914/test-env: May echo environment variables or give directory listings.
+ /mpcgi/test-env: May echo environment variables or give directory listings.
+ /cgibin/test-env: May echo environment variables or give directory listings.
+ /cgi-win/test-env: May echo environment variables or give directory listings.
+ /fcgi-bin/test-env: May echo environment variables or give directory listings.
+ /cgi-bin/cgi_process: WASD reveals a lot of system information in this script. It should be removed.
+ /tree: WASD Server reveals the entire web root structure and files via this URL. Upgrade to a later version and secure according to the documents on the WASD web site.
+ /examples/servlet/AUX: Apache Tomcat versions below 4.1 may be vulnerable to DoS by repeatedly requesting this file.
+ /WebAdmin.dll?View=Logon: Some versions of WebAdmin are vulnerable to a remote DoS (not tested). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1247
+ /bin/snorkerz.cmd: Arguments passed to DOS CGI without checking.
+ /cgibin/snorkerz.cmd: Arguments passed to DOS CGI without checking.
+ /cgi-win/snorkerz.cmd: Arguments passed to DOS CGI without checking.
+ /cgi-home/snorkerz.cmd: Arguments passed to DOS CGI without checking.
+ /.nsf/../winnt/win.ini: This win.ini file can be downloaded.
+ /cgi-914/sbcgi/sitebuilder.cgi: SITEBUILDER v1.4 may allow retrieval of any file. With a valid username and password, request: /<CGIDIR>/sbcgi/sitebuilder.cgi?username=<user>&password=<password>&selectedpage=../../../../../../../../../../etc/passwd. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0756
+ /bin/sbcgi/sitebuilder.cgi: SITEBUILDER v1.4 may allow retrieval of any file. With a valid username and password, request: /<CGIDIR>/sbcgi/sitebuilder.cgi?username=<user>&password=<password>&selectedpage=../../../../../../../../../../etc/passwd. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0756
+ /cgi-local/sbcgi/sitebuilder.cgi: SITEBUILDER v1.4 may allow retrieval of any file. With a valid username and password, request: /<CGIDIR>/sbcgi/sitebuilder.cgi?username=<user>&password=<password>&selectedpage=../../../../../../../../../../etc/passwd. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0756
+ /htbin/sbcgi/sitebuilder.cgi: SITEBUILDER v1.4 may allow retrieval of any file. With a valid username and password, request: /<CGIDIR>/sbcgi/sitebuilder.cgi?username=<user>&password=<password>&selectedpage=../../../../../../../../../../etc/passwd. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0756
+ /cgi-win/sbcgi/sitebuilder.cgi: SITEBUILDER v1.4 may allow retrieval of any file. With a valid username and password, request: /<CGIDIR>/sbcgi/sitebuilder.cgi?username=<user>&password=<password>&selectedpage=../../../../../../../../../../etc/passwd. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0756
+ /fcgi-bin/sbcgi/sitebuilder.cgi: SITEBUILDER v1.4 may allow retrieval of any file. With a valid username and password, request: /<CGIDIR>/sbcgi/sitebuilder.cgi?username=<user>&password=<password>&selectedpage=../../../../../../../../../../etc/passwd. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0756
+ Scan terminated: 0 error(s) and 429 item(s) reported on remote host
+ End Time:           2025-06-13 12:56:42 (GMT-7) (61 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
Trustpilot
Online Nikto scanner - Online Nikto web server scanner | Product Hunt
Detailed report
Target
betano.bet.br
Target IP
172.64.148.56
Scan method
Nikto scan (max 60 sec)
Run command
nikto -host betano.bet.br -maxtime 60
Duration
Quick report
Scan date
13 Jun 2025 15:56
Copy scan report
Download report
Remove scan result
$
Total scans
Check ports
API - Scan ID