Scan report for "casadangelo.com"

  1. Nikto Online
  2. Scan report for "casadangelo.com"
Membership level: Free member
Summary

Found

252

Duration

1min 1sec

Date

2025-10-25

IP

172.66.0.175

Report
Nikto scan (max 60 sec) (nikto -host casadangelo.com -maxtime 60)
- Nikto 
---------------------------------------------------------------------------
+ Multiple IPs found: 172.66.0.175, 162.159.140.177, 2606:4700:7::af, 2a06:98c1:58::af
+ Target IP:          172.66.0.175
+ Target Hostname:    casadangelo.com
+ Target Port:        80
+ Start Time:         2025-10-25 09:29:54 (GMT-7)
---------------------------------------------------------------------------
+ Server: cloudflare
+ /: IP address found in the 'set-cookie' header. The IP is "1.0.1.1". See: https://portswigger.net/kb/issues/00600300_private-ip-addresses-disclosed
+ /: An alt-svc header was found which is advertising HTTP/3. The endpoint is: ':443'. Nikto cannot test HTTP/3 over QUIC. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/alt-svc
+ /: IP address found in the '__cf_bm' cookie. The IP is "1.0.1.1".
+ /yoMp7bJe.js: IP address found in the '_cfuvid' cookie. The IP is "0.0.1.1".
+ All CGI directories 'found', use '-C none' to test none
+ /: Uncommon header 'proxy-status' found, with contents: Cloudflare-Proxy;error=http_request_error.
+ /cgi.cgi/cart32.exe: request cart32.exe/cart32clientlist.
+ /webcgi/cart32.exe: request cart32.exe/cart32clientlist.
+ /cgi/cart32.exe: request cart32.exe/cart32clientlist.
+ /cgi-sys/cart32.exe: request cart32.exe/cart32clientlist.
+ /cgibin/cart32.exe: request cart32.exe/cart32clientlist.
+ /scripts/cart32.exe: request cart32.exe/cart32clientlist.
+ /fcgi-bin/cart32.exe: request cart32.exe/cart32clientlist.
+ /cgi-exe/cart32.exe: request cart32.exe/cart32clientlist.
+ /scgi-bin/cart32.exe: request cart32.exe/cart32clientlist.
+ /cgi-bin-sdb/cart32.exe: request cart32.exe/cart32clientlist.
+ /cgi-mod/cart32.exe: request cart32.exe/cart32clientlist.
+ /lists/admin/: PHPList pre 2.6.4 contains a number of vulnerabilities including remote administrative access, harvesting user info and more. Default login to admin interface is admin/phplist.
+ /ssdefs/: Siteseed pre 1.4.2 has 'major' security problems.
+ /cgi.cgi/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /webcgi/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /cgi/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /cgi-sys/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /scripts/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /cgi-win/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /cgi-exe/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /cgi-home/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /scgi-bin/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /cgi-mod/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /~root/: Allowed to browse root's home directory. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1013
+ /global.inc: PHP-Survey's include file should not be available via the web. Configure the web server to ignore .inc files or change this to global.inc.php. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0614
+ /bin/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgi/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /mpcgi/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /ows-bin/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgi-local/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgibin/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /scripts/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgi-win/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /scgi-bin/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgi-bin-sdb/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgi-mod/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgi.cgi/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /webcgi/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi-914/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi-bin/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi-local/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /htbin/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgis/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /scripts/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi-win/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi-exe/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi-perl/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi-mod/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /scripts/iisadmin/bdir.htr: This default script shows host info, may allow file browsing and buffer a overrun in the Chunked Encoding data transfer mechanism, request /scripts/iisadmin/bdir.htr??c:\<dir>. See: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/MS02-028
+ /scripts/iisadmin/ism.dll: Allows you to mount a brute force attack on passwords.
+ /clusterframe.jsp: Macromedia JRun 4 build 61650 remote administration interface is vulnerable to several XSS attacks.
+ /scripts/Carello/Carello.dll: Carello 1.3 may allow commands to be executed on the server by replacing hidden form elements. This could not be tested by Nikto. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0614
+ /scripts/tools/dsnform.exe: Allows creation of ODBC Data Source.
+ /scripts/proxy/w3proxy.dll: MSProxy v1.0 installed.
+ /PDG_Cart/order.log: PDG Commerce log found. See: http://zodi.com/cgi-bin/shopper.cgi?display=intro&template=Intro/commerce.html
+ /w-agora/: w-agora pre 4.1.4 may allow a remote user to execute arbitrary PHP scripts via URL includes in include/*.php and user/*.php files. Default account is 'admin' but password set during install.
+ /officescan/cgi/cgiChkMasterPwd.exe: Trend Micro Officescan allows you to skip the login page and access some CGI programs directly. See: https://web.archive.org/web/20030607054822/http://support.microsoft.com/support/exchange/content/whitepapers/owaguide.doc
+ /cgi.cgi/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-915/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /mpcgi/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-sys/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-win/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-home/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /scgi-bin/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-bin-sdb/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-914/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /mpcgi/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-sys/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-local/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-win/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /fcgi-bin/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /scgi-bin/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /webcgi/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /mpcgi/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /ows-bin/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /cgi-sys/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /cgi-local/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /htbin/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /cgi-win/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /fcgi-bin/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /cgi-exe/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /cgi-perl/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /cgi-bin-sdb/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /cgi-mod/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /cgi.cgi/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /cgi-915/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /bin/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /cgi/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /mpcgi/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /cgi-bin/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /cgi-sys/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /cgi-local/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /htbin/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /cgibin/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /cgis/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /cgi-exe/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /cgi-perl/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /scgi-bin/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /cgi.cgi/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /webcgi/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /cgi/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /cgi-bin/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /cgi-sys/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /cgi-local/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /scripts/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /cgi-exe/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /cgi-home/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /scgi-bin/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /cgi-bin-sdb/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /cgi-mod/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /cgi-914/.cobalt: May allow remote admin of CGI scripts.
+ /bin/.cobalt: May allow remote admin of CGI scripts.
+ /cgi-bin/.cobalt: May allow remote admin of CGI scripts.
+ /ows-bin/.cobalt: May allow remote admin of CGI scripts.
+ /cgi-sys/.cobalt: May allow remote admin of CGI scripts.
+ /cgibin/.cobalt: May allow remote admin of CGI scripts.
+ /scripts/.cobalt: May allow remote admin of CGI scripts.
+ /fcgi-bin/.cobalt: May allow remote admin of CGI scripts.
+ /cgi-exe/.cobalt: May allow remote admin of CGI scripts.
+ /cgi-perl/.cobalt: May allow remote admin of CGI scripts.
+ /scgi-bin/.cobalt: May allow remote admin of CGI scripts.
+ /cgi-bin-sdb/.cobalt: May allow remote admin of CGI scripts.
+ /cgi-mod/.cobalt: May allow remote admin of CGI scripts.
+ /fpdb/shop.mdb: MetaCart2 is an ASP shopping cart. The database of customers is available via the web. See: https://packetstormsecurity.com/files/32406/xmas.txt.html
+ /guestbook/admin/o12guest.mdb: Ocean12 ASP Guestbook Manager allows download of SQL database which contains admin password. See: https://www.exploit-db.com/exploits/22484
+ /midicart.mdb: MIDICART database is available for browsing. This should not be allowed via the web server. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1432
+ /MIDICART/midicart.mdb: MIDICART database is available for browsing. This should not be allowed via the web server. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1432
+ /news/news.mdb: Web Wiz Site News release v3.06 admin password database is available and unencrypted.
+ /shoppingdirectory/midicart.mdb: MIDICART database is available for browsing. This should not be allowed via the web server. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1432
+ /cgi.cgi/.access: Contains authorization information.
+ /webcgi/.access: Contains authorization information.
+ /cgi-915/.access: Contains authorization information.
+ /bin/.access: Contains authorization information.
+ /cgi/.access: Contains authorization information.
+ /mpcgi/.access: Contains authorization information.
+ /cgi-bin/.access: Contains authorization information.
+ /cgi-sys/.access: Contains authorization information.
+ /cgi-local/.access: Contains authorization information.
+ /htbin/.access: Contains authorization information.
+ /cgis/.access: Contains authorization information.
+ /cgi-mod/.access: Contains authorization information.
+ /typo3conf/: This may contain sensitive TYPO3 files.
+ /cms/typo3conf/: This may contain sensitive TYPO3 files.
+ /site/typo3conf/: This may contain sensitive TYPO3 files.
+ /typo/typo3conf/: This may contain sensitive TYPO3 files.
+ /webcart/orders/: This may allow attackers to read credit card data. Reconfigure to make this dir not accessible via the web. See: https://packetstormsecurity.com/files/32406/xmas.txt.html
+ /ws_ftp.ini: Can contain saved passwords for FTP sites.
+ /webcgi/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /cgi-914/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /cgi-915/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /cgi-sys/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /cgi-local/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /cgibin/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /cgis/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /scripts/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /fcgi-bin/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /cgi-exe/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /cgi-perl/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /cgi-bin-sdb/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /tvcs/getservers.exe?action=selects1: Following steps 2-4 of this page may reveal a zip file that contains passwords and system details.
+ /forum/admin/database/wwForum.mdb: Web Wiz Forums pre 7.5 is vulnerable to Cross-Site Scripting attacks. Default login/pass is Administrator/letmein.
+ /webmail/blank.html: IlohaMail 0.8.10 contains an XSS vulnerability. Previous versions contain other non-descript vulnerabilities.
+ /jamdb/: JamDB pre 0.9.2 mp3.php and image.php can allow user to read arbitrary file out of docroot.
+ /cgi.cgi/shtml.dll: This may allow attackers to retrieve document source.
+ /cgi-914/shtml.dll: This may allow attackers to retrieve document source.
+ /cgi-915/shtml.dll: This may allow attackers to retrieve document source.
+ /cgi/shtml.dll: This may allow attackers to retrieve document source.
+ /cgi-bin/shtml.dll: This may allow attackers to retrieve document source.
+ /ows-bin/shtml.dll: This may allow attackers to retrieve document source.
+ /cgi-local/shtml.dll: This may allow attackers to retrieve document source.
+ /cgis/shtml.dll: This may allow attackers to retrieve document source.
+ /scripts/shtml.dll: This may allow attackers to retrieve document source.
+ /cgi-home/shtml.dll: This may allow attackers to retrieve document source.
+ /cgi-perl/shtml.dll: This may allow attackers to retrieve document source.
+ /scgi-bin/shtml.dll: This may allow attackers to retrieve document source.
+ /cgi-mod/shtml.dll: This may allow attackers to retrieve document source.
+ /IDSWebApp/IDSjsp/Login.jsp: Tivoli Directory Server Web Administration.
+ /securecontrolpanel/: Web Server Control Panel.
+ /webmail/: Web based mail package installed.
+ /_cti_pvt/: FrontPage directory found.
+ /smg_Smxcfg30.exe?vcc=3560121183d3: This may be a Trend Micro Officescan 'backdoor'.
+ /LOGIN.PWD: MIPCD password file with unencrypted passwords. MIPDCD should not have the web interface enabled.
+ /cgi.cgi/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header.
+ /cgi-914/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header.
+ /cgi-915/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header.
+ /bin/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header.
+ /cgi/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header.
+ /mpcgi/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header.
+ /ows-bin/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header.
+ /cgi-local/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header.
+ /htbin/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header.
+ /cgibin/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header.
+ /cgis/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header.
+ /scripts/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header.
+ /fcgi-bin/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header.
+ /cgi-exe/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header.
+ /cgi-home/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header.
+ /cgi-perl/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header.
+ /scgi-bin/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header.
+ /webcgi/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169
+ /cgi-914/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169
+ /cgi-915/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169
+ /bin/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169
+ /cgi/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169
+ /htbin/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169
+ /cgibin/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169
+ /cgis/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169
+ /scripts/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169
+ /cgi-win/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169
+ /cgi-exe/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169
+ /cgi-home/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169
+ /cgi-mod/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169
+ /WebAdmin.dll?View=Logon: Some versions of WebAdmin are vulnerable to a remote DoS (not tested). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1247
+ /cgi/Pbcgi.exe?bcgiu4: Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /cgis/Pbcgi.exe?bcgiu4: Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /cgi-win/Pbcgi.exe?bcgiu4: Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /cgi-exe/Pbcgi.exe?bcgiu4: Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /cgi-home/Pbcgi.exe?bcgiu4: Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /cgi-perl/Pbcgi.exe?bcgiu4: Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /scgi-bin/Pbcgi.exe?bcgiu4: Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /cgi-mod/Pbcgi.exe?bcgiu4: Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /cgi-914/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /cgi-915/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /bin/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /cgi-bin/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /ows-bin/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /cgi-sys/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /cgibin/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /scripts/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /cgi-win/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /cgi-perl/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /cgi-bin-sdb/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /cgi-mod/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /cgi-win/cgitest.exe: This CGI may allow the server to be crashed remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /cgi.cgi/snorkerz.cmd: Arguments passed to DOS CGI without checking.
+ /bin/snorkerz.cmd: Arguments passed to DOS CGI without checking.
+ /ows-bin/snorkerz.cmd: Arguments passed to DOS CGI without checking.
+ /cgi-local/snorkerz.cmd: Arguments passed to DOS CGI without checking.
+ /cgibin/snorkerz.cmd: Arguments passed to DOS CGI without checking.
+ /cgi-exe/snorkerz.cmd: Arguments passed to DOS CGI without checking.
+ /scgi-bin/snorkerz.cmd: Arguments passed to DOS CGI without checking.
+ /cgi-bin-sdb/snorkerz.cmd: Arguments passed to DOS CGI without checking.
+ /cgi-mod/snorkerz.cmd: Arguments passed to DOS CGI without checking.
+ /.nsf/../winnt/win.ini: This win.ini file can be downloaded.
+ /................../config.sys: PWS allows files to be read by prepending multiple '.' characters. At worst, IIS, not PWS, should be used.
+ Scan terminated: 0 error(s) and 252 item(s) reported on remote host
+ End Time:           2025-10-25 09:30:55 (GMT-7) (61 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
Trustpilot
Online Nikto scanner - Online Nikto web server scanner | Product Hunt
Detailed report
Target
casadangelo.com
Target IP
172.66.0.175
Scan method
Nikto scan (max 60 sec)
Run command
nikto -host casadangelo.com -maxtime 60
Duration
Quick report
Scan date
25 Oct 2025 12:30
Copy scan report
Download report
Remove scan result
$
Check ports
API - Scan ID