Scan report for "www.iitmjanakpuri.com"

  1. Nikto Online
  2. Scan report for "www.iitmjanakpuri.com"
Membership level: Free member
Summary

Found

588

Duration

1min 1sec

Date

2025-01-17

IP

104.21.112.1

Report
Nikto scan (max 60 sec) (nikto -host www.iitmjanakpuri.com -maxtime 60)
- Nikto 
---------------------------------------------------------------------------
+ Multiple IPs found: 104.21.112.1, 104.21.80.1, 104.21.48.1, 104.21.64.1, 104.21.16.1, 104.21.32.1, 104.21.96.1, 2606:4700:3030::6815:7001, 2606:4700:3030::6815:1001, 2606:4700:3030::6815:5001, 2606:4700:3030::6815:2001, 2606:4700:3030::6815:6001, 2606:4700:3030::6815:4001, 2606:4700:3030::6815:3001
+ Target IP:          104.21.112.1
+ Target Hostname:    www.iitmjanakpuri.com
+ Target Port:        80
+ Start Time:         2025-01-16 22:59:29 (GMT-8)
---------------------------------------------------------------------------
+ Server: cloudflare
+ /: Uncommon header 'server-timing' found, with contents: cfL4;desc="?proto=TCP&rtt=941&min_rtt=744&rtt_var=436&sent=14&recv=8&lost=0&retrans=0&sent_bytes=12745&recv_bytes=600&delivery_rate=8360277&cwnd=177&unsent_bytes=0&cid=0000000000000000&ts=0&x=0".
+ /: An alt-svc header was found which is advertising HTTP/3. The endpoint is: ':443'. Nikto cannot test HTTP/3 over QUIC. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/alt-svc
+ /cgi-bin/cart32.exe: request cart32.exe/cart32clientlist.
+ /cgi-local/cart32.exe: request cart32.exe/cart32clientlist.
+ /cgis/cart32.exe: request cart32.exe/cart32clientlist.
+ /fcgi-bin/cart32.exe: request cart32.exe/cart32clientlist.
+ /cgi-exe/cart32.exe: request cart32.exe/cart32clientlist.
+ /cgi-915/classified.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /mpcgi/classified.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-bin/classified.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /ows-bin/classified.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-sys/classified.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-local/classified.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /fcgi-bin/classified.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-home/classified.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /bin/download.cgi: Check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article
+ /mpcgi/download.cgi: Check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article
+ /ows-bin/download.cgi: Check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-sys/download.cgi: Check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-local/download.cgi: Check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgis/download.cgi: Check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-home/download.cgi: Check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-915/flexform.cgi: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /ows-bin/flexform.cgi: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /cgi-sys/flexform.cgi: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /cgis/flexform.cgi: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /cgi-win/flexform.cgi: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /fcgi-bin/flexform.cgi: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /cgi-915/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /bin/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /mpcgi/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /cgi-bin/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /cgi-sys/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /cgi-local/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /cgis/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /cgi-exe/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /bin/lwgate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /ows-bin/lwgate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-sys/lwgate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-local/lwgate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgis/lwgate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-win/lwgate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-exe/lwgate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-915/LWGate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /bin/LWGate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-bin/LWGate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /ows-bin/LWGate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-sys/LWGate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /fcgi-bin/LWGate.cgi: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /mpcgi/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /ows-bin/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-win/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-home/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-915/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /mpcgi/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-bin/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-sys/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgis/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /bin/perlshop.cgi: v3.1 by ARPAnet.com; check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-sys/perlshop.cgi: v3.1 by ARPAnet.com; check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgis/perlshop.cgi: v3.1 by ARPAnet.com; check info in Phrack 55 by RFP. See: http://phrack.org/issues/55/7.html#article
+ /ssdefs/: Siteseed pre 1.4.2 has 'major' security problems.
+ /sshome/: Siteseed pre 1.4.2 has 'major' security problems.
+ /tiki/: Tiki 1.7.2 and previous allowed restricted Wiki pages to be viewed via a 'URL trick'. Default login/pass could be admin/admin.
+ /bin/handler.cgi: Variation of Irix Handler? Has been seen from other CGI scanners.
+ /cgi-bin/handler.cgi: Variation of Irix Handler? Has been seen from other CGI scanners.
+ /ows-bin/handler.cgi: Variation of Irix Handler? Has been seen from other CGI scanners.
+ /cgi-sys/handler.cgi: Variation of Irix Handler? Has been seen from other CGI scanners.
+ /cgi-win/handler.cgi: Variation of Irix Handler? Has been seen from other CGI scanners.
+ /cgi-915/finger: finger other users, may be other commands?.
+ /mpcgi/finger: finger other users, may be other commands?.
+ /ows-bin/finger: finger other users, may be other commands?.
+ /cgi-sys/finger: finger other users, may be other commands?.
+ /cgi-local/finger: finger other users, may be other commands?.
+ /cgi-win/finger: finger other users, may be other commands?.
+ /fcgi-bin/finger: finger other users, may be other commands?.
+ /cgi-home/finger: finger other users, may be other commands?.
+ /bin/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /mpcgi/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /cgi-bin/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /ows-bin/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /cgi-local/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /cgis/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /fcgi-bin/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /bin/gm-authors.cgi: GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /mpcgi/gm-authors.cgi: GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /cgi-bin/gm-authors.cgi: GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /cgi-sys/gm-authors.cgi: GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /cgi-local/gm-authors.cgi: GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /cgi-win/gm-authors.cgi: GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /fcgi-bin/gm-authors.cgi: GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /cgi-exe/gm-authors.cgi: GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /cgi-915/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ /bin/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ /mpcgi/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ /ows-bin/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ /cgis/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ /cgi-home/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ /cgi-915/photo/protected/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems.
+ /bin/photo/protected/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems.
+ /cgi-bin/photo/protected/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems.
+ /ows-bin/photo/protected/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems.
+ /cgis/photo/protected/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems.
+ /cgi-win/photo/protected/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems.
+ /cgi-home/photo/protected/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems.
+ /bin/wrap.cgi: Allows viewing of directories.
+ /mpcgi/wrap.cgi: Allows viewing of directories.
+ /cgi-local/wrap.cgi: Allows viewing of directories.
+ /cgis/wrap.cgi: Allows viewing of directories.
+ /fcgi-bin/wrap.cgi: Allows viewing of directories.
+ /cgi-exe/wrap.cgi: Allows viewing of directories.
+ /cgi-home/wrap.cgi: Allows viewing of directories.
+ /~root/: Allowed to browse root's home directory. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1013
+ /cgi-bin/wrap: Allows viewing of directories.
+ /guestbook/guestbookdat: PHP-Gastebuch 1.60 Beta reveals sensitive information about its configuration.
+ /bin/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /mpcgi/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgi-local/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /bin/html2chtml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /ows-bin/html2chtml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /cgi-sys/html2chtml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /cgi-local/html2chtml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /cgi-win/html2chtml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /cgi-exe/html2chtml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /mpcgi/html2wml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /ows-bin/html2wml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /cgi-sys/html2wml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /cgi-win/html2wml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /cgi-exe/html2wml.cgi: Html2Wml < 0.4.8 access local files via CGI, and more.
+ /cgi-915/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /cgi-bin/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /cgi-local/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /cgis/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /cgi-win/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /fcgi-bin/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /cgi-exe/echo.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /cgi-bin/guestbook.cgi: May allow attackers to execute commands as the web daemon.
+ /ows-bin/guestbook.cgi: May allow attackers to execute commands as the web daemon.
+ /cgi-sys/guestbook.cgi: May allow attackers to execute commands as the web daemon.
+ /cgi-local/guestbook.cgi: May allow attackers to execute commands as the web daemon.
+ /cgis/guestbook.cgi: May allow attackers to execute commands as the web daemon.
+ /fcgi-bin/guestbook.cgi: May allow attackers to execute commands as the web daemon.
+ /cgi-home/guestbook.cgi: May allow attackers to execute commands as the web daemon.
+ /bin/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /mpcgi/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /cgi-bin/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /ows-bin/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /cgi-local/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /cgi-exe/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /cgi-home/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /cgi-915/gH.cgi: Web backdoor by gH.
+ /mpcgi/gH.cgi: Web backdoor by gH.
+ /cgi-bin/gH.cgi: Web backdoor by gH.
+ /ows-bin/gH.cgi: Web backdoor by gH.
+ /cgi-local/gH.cgi: Web backdoor by gH.
+ /cgi-win/gH.cgi: Web backdoor by gH.
+ /fcgi-bin/gH.cgi: Web backdoor by gH.
+ /cgi-home/gH.cgi: Web backdoor by gH.
+ /cgi-915/gm-cplog.cgi: GreyMatter log file defaults to mode 666 and contains login and passwords used to update the GM site. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /bin/gm-cplog.cgi: GreyMatter log file defaults to mode 666 and contains login and passwords used to update the GM site. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /cgi-win/gm-cplog.cgi: GreyMatter log file defaults to mode 666 and contains login and passwords used to update the GM site. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /fcgi-bin/gm-cplog.cgi: GreyMatter log file defaults to mode 666 and contains login and passwords used to update the GM site. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /cgi-exe/gm-cplog.cgi: GreyMatter log file defaults to mode 666 and contains login and passwords used to update the GM site. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /cgi-home/gm-cplog.cgi: GreyMatter log file defaults to mode 666 and contains login and passwords used to update the GM site. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /getaccess: This may be an indication that the server is running getAccess for SSO.
+ /bin/gm.cgi: GreyMatter blogger may reveal user IDs/passwords through a gmrightclick-######.reg files (# are numbers), possibly in /archive or other archive location. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /ows-bin/gm.cgi: GreyMatter blogger may reveal user IDs/passwords through a gmrightclick-######.reg files (# are numbers), possibly in /archive or other archive location. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /cgi-win/gm.cgi: GreyMatter blogger may reveal user IDs/passwords through a gmrightclick-######.reg files (# are numbers), possibly in /archive or other archive location. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /cgi-home/gm.cgi: GreyMatter blogger may reveal user IDs/passwords through a gmrightclick-######.reg files (# are numbers), possibly in /archive or other archive location. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html
+ /cgi-915/AT-admin.cgi: Admin interface.
+ /bin/AT-admin.cgi: Admin interface.
+ /mpcgi/AT-admin.cgi: Admin interface.
+ /cgi-win/AT-admin.cgi: Admin interface.
+ /cgi-915/mt-static/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /mpcgi/mt-static/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /ows-bin/mt-static/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /cgi-local/mt-static/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /cgi-home/mt-static/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /cgi-915/mt/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /ows-bin/mt/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /cgi-local/mt/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /fcgi-bin/mt/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /cgi-exe/mt/mt-check.cgi: Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.
+ /cfdocs/expeval/openfile.cfm: Can use to expose the system/server path.
+ /bin/banner.cgi: This CGI may allow attackers to read any file on the system.
+ /mpcgi/banner.cgi: This CGI may allow attackers to read any file on the system.
+ /ows-bin/banner.cgi: This CGI may allow attackers to read any file on the system.
+ /cgi-local/banner.cgi: This CGI may allow attackers to read any file on the system.
+ /cgis/banner.cgi: This CGI may allow attackers to read any file on the system.
+ /cgi-win/banner.cgi: This CGI may allow attackers to read any file on the system.
+ /cgi-915/bannereditor.cgi: This CGI may allow attackers to read any file on the system.
+ /mpcgi/bannereditor.cgi: This CGI may allow attackers to read any file on the system.
+ /cgi-bin/bannereditor.cgi: This CGI may allow attackers to read any file on the system.
+ /cgi-local/bannereditor.cgi: This CGI may allow attackers to read any file on the system.
+ /cgis/bannereditor.cgi: This CGI may allow attackers to read any file on the system.
+ /cgi-win/bannereditor.cgi: This CGI may allow attackers to read any file on the system.
+ /cgi-exe/bannereditor.cgi: This CGI may allow attackers to read any file on the system.
+ /cgi-home/bannereditor.cgi: This CGI may allow attackers to read any file on the system.
+ /cgi-915/bizdb1-search.cgi: This CGI may allow attackers to execute commands remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0287
+ /cgi-sys/bizdb1-search.cgi: This CGI may allow attackers to execute commands remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0287
+ /cgi-local/bizdb1-search.cgi: This CGI may allow attackers to execute commands remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0287
+ /cgis/bizdb1-search.cgi: This CGI may allow attackers to execute commands remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0287
+ /cgi-win/bizdb1-search.cgi: This CGI may allow attackers to execute commands remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0287
+ /cgi-home/bizdb1-search.cgi: This CGI may allow attackers to execute commands remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0287
+ /cgi-915/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /bin/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /mpcgi/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /ows-bin/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi-sys/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgis/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi-win/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi-home/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /tsweb/: Microsoft TSAC found. See: https://web.archive.org/web/20040910030506/http://www.dslwebserver.com/main/fr_index.html?/main/sbs-Terminal-Services-Advanced-Client-Configuration.html
+ /cgi-915/blog/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
+ /cgis/blog/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
+ /cgi-win/blog/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
+ /vgn/performance/TMT: Vignette CMS admin/maintenance script available.
+ /vgn/performance/TMT/reset: Vignette CMS admin/maintenance script available.
+ /vgn/ppstats: Vignette CMS admin/maintenance script available.
+ /vgn/vr/Editing: Vignette CMS admin/maintenance script available.
+ /vgn/vr/Select: Vignette CMS admin/maintenance script available.
+ /scripts/iisadmin/bdir.htr: This default script shows host info, may allow file browsing and buffer a overrun in the Chunked Encoding data transfer mechanism, request /scripts/iisadmin/bdir.htr??c:\<dir>. See: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/MS02-028
+ /SiteServer/Admin/commerce/foundation/domain.asp: Displays known domains of which that server is involved. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1769
+ /SiteServer/Admin/commerce/foundation/driver.asp: Displays a list of installed ODBC drivers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1769
+ /SiteServer/Admin/commerce/foundation/DSN.asp: Displays all DSNs configured for selected ODBC drivers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1769
+ /SiteServer/Admin/knowledge/dsmgr/default.asp: Used to view current search catalog configurations.
+ /cgi-bin/moin.cgi?test: MoinMoin 1.1 and prior contain at least two XSS vulnerabilities. Version 1.0 and prior also contains a XSLT related vulnerability. See: http://moinmo.in/MoinMoinDownload
+ /ows-bin/moin.cgi?test: MoinMoin 1.1 and prior contain at least two XSS vulnerabilities. Version 1.0 and prior also contains a XSLT related vulnerability. See: http://moinmo.in/MoinMoinDownload
+ /cgi-sys/moin.cgi?test: MoinMoin 1.1 and prior contain at least two XSS vulnerabilities. Version 1.0 and prior also contains a XSLT related vulnerability. See: http://moinmo.in/MoinMoinDownload
+ /cgi-local/moin.cgi?test: MoinMoin 1.1 and prior contain at least two XSS vulnerabilities. Version 1.0 and prior also contains a XSLT related vulnerability. See: http://moinmo.in/MoinMoinDownload
+ /cgis/moin.cgi?test: MoinMoin 1.1 and prior contain at least two XSS vulnerabilities. Version 1.0 and prior also contains a XSLT related vulnerability. See: http://moinmo.in/MoinMoinDownload
+ /cgi-win/moin.cgi?test: MoinMoin 1.1 and prior contain at least two XSS vulnerabilities. Version 1.0 and prior also contains a XSLT related vulnerability. See: http://moinmo.in/MoinMoinDownload
+ /bb-dnbd/faxsurvey: This may allow arbitrary command execution.
+ /cartcart.cgi: If this is Dansie Shopping Cart 3.0.8 or earlier, it contains a backdoor to allow attackers to execute arbitrary commands.
+ /scripts/tools/dsnform.exe: Allows creation of ODBC Data Source.
+ /siteseed/: Siteseed pre 1.4.2 have 'major' security problems.
+ /iisadmin/: Access to /iisadmin should be restricted to localhost or allowed hosts only.
+ /view_source.jsp: Resin 2.1.2 view_source.jsp allows any file on the system to be viewed by using \..\ directory traversal. This script may be vulnerable.
+ /cgi-915/astrocam.cgi: Astrocam 1.4.1 contained buffer overflow. Prior to 2.1.3 contained unspecified security bugs. See: http://www.securityfocus.com/bid/4684
+ /cgi-sys/astrocam.cgi: Astrocam 1.4.1 contained buffer overflow. Prior to 2.1.3 contained unspecified security bugs. See: http://www.securityfocus.com/bid/4684
+ /cgi-local/astrocam.cgi: Astrocam 1.4.1 contained buffer overflow. Prior to 2.1.3 contained unspecified security bugs. See: http://www.securityfocus.com/bid/4684
+ /cgis/astrocam.cgi: Astrocam 1.4.1 contained buffer overflow. Prior to 2.1.3 contained unspecified security bugs. See: http://www.securityfocus.com/bid/4684
+ /fcgi-bin/astrocam.cgi: Astrocam 1.4.1 contained buffer overflow. Prior to 2.1.3 contained unspecified security bugs. See: http://www.securityfocus.com/bid/4684
+ /cgi-exe/astrocam.cgi: Astrocam 1.4.1 contained buffer overflow. Prior to 2.1.3 contained unspecified security bugs. See: http://www.securityfocus.com/bid/4684
+ /cgi-home/astrocam.cgi: Astrocam 1.4.1 contained buffer overflow. Prior to 2.1.3 contained unspecified security bugs. See: http://www.securityfocus.com/bid/4684
+ /mpcgi/badmin.cgi: BannerWheel v1.0 is vulnerable to a local buffer overflow. If this is version 1.0 it should be upgraded.
+ /cgi-sys/badmin.cgi: BannerWheel v1.0 is vulnerable to a local buffer overflow. If this is version 1.0 it should be upgraded.
+ /cgi-local/badmin.cgi: BannerWheel v1.0 is vulnerable to a local buffer overflow. If this is version 1.0 it should be upgraded.
+ /cgi-win/badmin.cgi: BannerWheel v1.0 is vulnerable to a local buffer overflow. If this is version 1.0 it should be upgraded.
+ /cgi-home/badmin.cgi: BannerWheel v1.0 is vulnerable to a local buffer overflow. If this is version 1.0 it should be upgraded.
+ /bin/boozt/admin/index.cgi?section=5&input=1: Boozt CGI may have a buffer overflow. Upgrade to a version newer than 0.9.8alpha. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0098
+ /mpcgi/boozt/admin/index.cgi?section=5&input=1: Boozt CGI may have a buffer overflow. Upgrade to a version newer than 0.9.8alpha. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0098
+ /ows-bin/boozt/admin/index.cgi?section=5&input=1: Boozt CGI may have a buffer overflow. Upgrade to a version newer than 0.9.8alpha. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0098
+ /cgi-local/boozt/admin/index.cgi?section=5&input=1: Boozt CGI may have a buffer overflow. Upgrade to a version newer than 0.9.8alpha. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0098
+ /cgis/boozt/admin/index.cgi?section=5&input=1: Boozt CGI may have a buffer overflow. Upgrade to a version newer than 0.9.8alpha. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0098
+ /fcgi-bin/boozt/admin/index.cgi?section=5&input=1: Boozt CGI may have a buffer overflow. Upgrade to a version newer than 0.9.8alpha. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0098
+ /cgi-exe/boozt/admin/index.cgi?section=5&input=1: Boozt CGI may have a buffer overflow. Upgrade to a version newer than 0.9.8alpha. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0098
+ /cgi-bin/ezadmin.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /cgi-win/ezadmin.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /cgi-915/ezboard.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /bin/ezboard.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /mpcgi/ezboard.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /cgi-bin/ezboard.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /ows-bin/ezboard.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /cgi-local/ezboard.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /cgi-win/ezboard.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /fcgi-bin/ezboard.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /bin/ezman.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /mpcgi/ezman.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /cgi-bin/ezman.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /ows-bin/ezman.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /cgi-sys/ezman.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /cgi-local/ezman.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /cgis/ezman.cgi: Some versions of this CGI are vulnerable to a buffer overflow.
+ /cgi-915/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /ows-bin/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-sys/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-win/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-exe/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /bin/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
+ /mpcgi/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
+ /cgi-bin/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
+ /ows-bin/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
+ /cgi-sys/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
+ /cgis/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
+ /fcgi-bin/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
+ /cgi-exe/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
+ /cgi-home/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
+ /ows-bin/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /cgi-local/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /cgis/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /cgi-win/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /fcgi-bin/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /upload.asp: An ASP page that allows attackers to upload files to server.
+ /bin/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /cgi-exe/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /vgn/ac/data: Vignette CMS admin/maintenance script available.
+ /vgn/ac/fsave: Vignette CMS admin/maintenance script available.
+ /vgn/asp/MetaDataUpdate: Vignette CMS admin/maintenance script available.
+ /vgn/asp/status: Vignette CMS admin/maintenance script available.
+ /vgn/jsp/controller: Vignette CMS admin/maintenance script available.
+ /vgn/jsp/errorpage: Vignette CMS admin/maintenance script available.
+ /vgn/jsp/initialize: Vignette CMS admin/maintenance script available.
+ /vgn/jsp/jspstatus56: Vignette CMS admin/maintenance script available.
+ /vgn/jsp/metadataupdate: Vignette CMS admin/maintenance script available.
+ /vgn/legacy/edit: Vignette CMS admin/maintenance script available.
+ /vgn/login: Vignette server may allow user enumeration based on the login attempts to this file.
+ /fpdb/shop.mdb: MetaCart2 is an ASP shopping cart. The database of customers is available via the web. See: https://packetstormsecurity.com/files/32406/xmas.txt.html
+ /midicart.mdb: MIDICART database is available for browsing. This should not be allowed via the web server. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1432
+ /MIDICART/midicart.mdb: MIDICART database is available for browsing. This should not be allowed via the web server. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1432
+ /mpcsoftweb_guestbook/database/mpcsoftweb_guestdata.mdb: MPCSoftWeb Guest Book passwords retrieved. See: https://www.exploit-db.com/exploits/22513
+ /news/news.mdb: Web Wiz Site News release v3.06 admin password database is available and unencrypted.
+ /shoppingdirectory/midicart.mdb: MIDICART database is available for browsing. This should not be allowed via the web server. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1432
+ /bin/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /mpcgi/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /ows-bin/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /cgi-sys/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /cgi-local/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /cgi-win/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /cgi-exe/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /cgi-home/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /pw/storemgr.pw: Encrypted ID/Pass for Mercantec's SoftCart. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0609
+ /typo3conf/: This may contain sensitive TYPO3 files.
+ /site/typo3conf/: This may contain sensitive TYPO3 files.
+ /typo/typo3conf/: This may contain sensitive TYPO3 files.
+ /typo3/typo3conf/: This may contain sensitive TYPO3 files.
+ /typo3conf/database.sql: TYPO3 SQL file found.
+ /cms/typo3conf/database.sql: TYPO3 SQL file found.
+ /site/typo3conf/database.sql: TYPO3 SQL file found.
+ /typo/typo3conf/database.sql: TYPO3 SQL file found.
+ /typo3/typo3conf/database.sql: TYPO3 SQL file found.
+ /vgn/license: Vignette server license file found. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0403
+ /webcart/config/: This may allow attackers to read credit card data. Reconfigure to make this dir not accessible via the web. See: https://packetstormsecurity.com/files/32406/xmas.txt.html
+ /webcart/orders/: This may allow attackers to read credit card data. Reconfigure to make this dir not accessible via the web. See: https://packetstormsecurity.com/files/32406/xmas.txt.html
+ /ws_ftp.ini: Can contain saved passwords for FTP sites.
+ /WS_FTP.ini: Can contain saved passwords for FTP sites.
+ /bin/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /mpcgi/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /ows-bin/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /cgi-local/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /cgis/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /cgi-exe/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /SiteServer/Admin/knowledge/persmbr/vs.asp: Expose various LDAP service and backend configuration parameters. See: https://vulners.com/osvdb/OSVDB:17659
+ /SiteServer/Admin/knowledge/persmbr/VsLsLpRd.asp: Expose various LDAP service and backend configuration parameters. See: https://vulners.com/osvdb/OSVDB:17661
+ /SiteServer/Admin/knowledge/persmbr/VsPrAuoEd.asp: Expose various LDAP service and backend configuration parameters. See: https://vulners.com/osvdb/OSVDB:17662
+ /SiteServer/Admin/knowledge/persmbr/VsTmPr.asp: Expose various LDAP service and backend configuration parameters. See: https://vulners.com/osvdb/OSVDB:17660
+ /forum/admin/database/wwForum.mdb: Web Wiz Forums pre 7.5 is vulnerable to Cross-Site Scripting attacks. Default login/pass is Administrator/letmein.
+ /cgi/cgiproc?: It may be possible to crash Nortel Contivity VxWorks by requesting '/cgi/cgiproc?$' (not attempted!). Upgrade to version 2.60 or later. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0063
+ /mpcgi/addbanner.cgi: This CGI may allow attackers to read any file on the system.
+ /cgi-bin/addbanner.cgi: This CGI may allow attackers to read any file on the system.
+ /ows-bin/addbanner.cgi: This CGI may allow attackers to read any file on the system.
+ /cgi-sys/addbanner.cgi: This CGI may allow attackers to read any file on the system.
+ /cgi-local/addbanner.cgi: This CGI may allow attackers to read any file on the system.
+ /cgi-exe/addbanner.cgi: This CGI may allow attackers to read any file on the system.
+ /cgi-915/aglimpse.cgi: This CGI may allow attackers to execute remote commands.
+ /mpcgi/aglimpse.cgi: This CGI may allow attackers to execute remote commands.
+ /cgi-local/aglimpse.cgi: This CGI may allow attackers to execute remote commands.
+ /cgis/aglimpse.cgi: This CGI may allow attackers to execute remote commands.
+ /cgi-home/aglimpse.cgi: This CGI may allow attackers to execute remote commands.
+ /cgi-915/aglimpse: This CGI may allow attackers to execute remote commands.
+ /cgi-local/aglimpse: This CGI may allow attackers to execute remote commands.
+ /cgis/aglimpse: This CGI may allow attackers to execute remote commands.
+ /fcgi-bin/aglimpse: This CGI may allow attackers to execute remote commands.
+ /cgi-home/aglimpse: This CGI may allow attackers to execute remote commands.
+ /ows-bin/architext_query.cgi: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgis/architext_query.cgi: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /fcgi-bin/architext_query.cgi: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /cgi-home/architext_query.cgi: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.
+ /servlet/SchedulerTransfer: PeopleSoft SchedulerTransfer servlet found, which may allow remote command execution. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0104
+ /servlet/sunexamples.BBoardServlet: This default servlet lets attackers execute arbitrary commands.
+ /servlets/SchedulerTransfer: PeopleSoft SchedulerTransfer servlet found, which may allow remote command execution. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0104
+ /mpcgi/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /cgi-bin/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /ows-bin/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /cgi-sys/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /fcgi-bin/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /cgi-exe/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /cgi-915/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /bin/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /mpcgi/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /cgis/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /cgi-win/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /cgi-exe/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /cgi-home/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /cgi-sys/hello.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /cgi-local/hello.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /cgi-exe/hello.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /cgi-home/hello.bat?&dir+c:\\: This batch file may allow attackers to execute remote commands.
+ /bin/post32.exe|dir%20c:\\: post32 can execute arbitrary commands.
+ /cgi-sys/post32.exe|dir%20c:\\: post32 can execute arbitrary commands.
+ /cgis/post32.exe|dir%20c:\\: post32 can execute arbitrary commands.
+ /cgi-exe/post32.exe|dir%20c:\\: post32 can execute arbitrary commands.
+ /cgi-home/post32.exe|dir%20c:\\: post32 can execute arbitrary commands.
+ /perl/-e%20print%20Hello: The Perl interpreter on the Novell system may allow any command to be executed. See: http://www.securityfocus.com/bid/5520
+ /vgn/legacy/save: Vignette Legacy Tool may be unprotected. To access this resource, set a cookie called 'vgn_creds' with any value.
+ /IDSWebApp/IDSjsp/Login.jsp: Tivoli Directory Server Web Administration.
+ /securecontrolpanel/: Web Server Control Panel.
+ /siteminder: This may be an indication that the server is running Siteminder for SSO.
+ /webmail/: Web based mail package installed.
+ /_cti_pvt/: FrontPage directory found.
+ /smg_Smxcfg30.exe?vcc=3560121183d3: This may be a Trend Micro Officescan 'backdoor'.
+ /cgi-915/archie: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-bin/archie: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-sys/archie: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-win/archie: Gateway to the unix command, may be able to submit extra commands.
+ /fcgi-bin/archie: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-exe/archie: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-915/calendar: Gateway to the unix command, may be able to submit extra commands.
+ /bin/calendar: Gateway to the unix command, may be able to submit extra commands.
+ /ows-bin/calendar: Gateway to the unix command, may be able to submit extra commands.
+ /fcgi-bin/calendar: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-exe/calendar: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-915/date: Gateway to the unix command, may be able to submit extra commands.
+ /bin/date: Gateway to the unix command, may be able to submit extra commands.
+ /mpcgi/date: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-bin/date: Gateway to the unix command, may be able to submit extra commands.
+ /cgis/date: Gateway to the unix command, may be able to submit extra commands.
+ /fcgi-bin/date: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-exe/date: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-home/date: Gateway to the unix command, may be able to submit extra commands.
+ /bin/fortune: Gateway to the unix command, may be able to submit extra commands.
+ /ows-bin/fortune: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-sys/fortune: Gateway to the unix command, may be able to submit extra commands.
+ /cgis/fortune: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-win/fortune: Gateway to the unix command, may be able to submit extra commands.
+ /fcgi-bin/fortune: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-home/fortune: Gateway to the unix command, may be able to submit extra commands.
+ /mpcgi/redirect: Redirects via URL from form.
+ /cgi-sys/redirect: Redirects via URL from form.
+ /cgi-local/redirect: Redirects via URL from form.
+ /cgis/redirect: Redirects via URL from form.
+ /cgi-win/redirect: Redirects via URL from form.
+ /fcgi-bin/redirect: Redirects via URL from form.
+ /cgi-915/uptime: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-sys/uptime: Gateway to the unix command, may be able to submit extra commands.
+ /cgis/uptime: Gateway to the unix command, may be able to submit extra commands.
+ /fcgi-bin/uptime: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-exe/uptime: Gateway to the unix command, may be able to submit extra commands.
+ /upd/: WASD Server can allow directory listings by requesting /upd/directory/. Upgrade to a later version and secure according to the documents on the WASD web site.
+ /CVS/Entries: CVS Entries file may contain directory listing information.
+ /cgi-915/mail: Simple Perl mailing script to send form data to a pre-configured email address.
+ /mpcgi/mail: Simple Perl mailing script to send form data to a pre-configured email address.
+ /cgi-sys/mail: Simple Perl mailing script to send form data to a pre-configured email address.
+ /cgis/mail: Simple Perl mailing script to send form data to a pre-configured email address.
+ /cgi-win/mail: Simple Perl mailing script to send form data to a pre-configured email address.
+ /fcgi-bin/mail: Simple Perl mailing script to send form data to a pre-configured email address.
+ /cgi-home/mail: Simple Perl mailing script to send form data to a pre-configured email address.
+ /bin/query: Echoes back result of your GET.
+ /mpcgi/query: Echoes back result of your GET.
+ /cgi-win/query: Echoes back result of your GET.
+ /cgi-exe/query: Echoes back result of your GET.
+ /bin/test-env: May echo environment variables or give directory listings.
+ /ows-bin/test-env: May echo environment variables or give directory listings.
+ /cgi-local/test-env: May echo environment variables or give directory listings.
+ /cgis/test-env: May echo environment variables or give directory listings.
+ /cgi-exe/test-env: May echo environment variables or give directory listings.
+ /cgi-home/test-env: May echo environment variables or give directory listings.
+ /admin-serv/config/admpw: This file contains the encrypted Netscape admin password. It should not be accessible via the web.
+ /cgi-bin/cgi_process: WASD reveals a lot of system information in this script. It should be removed.
+ /ht_root/wwwroot/-/local/httpd$map.conf: WASD reveals the http configuration file. Upgrade to a later version and secure according to the documents on the WASD web site.
+ /tree: WASD Server reveals the entire web root structure and files via this URL. Upgrade to a later version and secure according to the documents on the WASD web site.
+ /cgi-915/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header.
+ /cgis/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header.
+ /cgi-win/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header.
+ /fcgi-bin/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header.
+ /cgi-exe/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header.
+ /cgi-home/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header.
+ /examples/servlet/AUX: Apache Tomcat versions below 4.1 may be vulnerable to DoS by repeatedly requesting this file.
+ /bin/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169
+ /mpcgi/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169
+ /cgi-sys/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169
+ /cgi-local/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169
+ /cgis/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169
+ /cgi-win/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169
+ /fcgi-bin/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169
+ /cgi-exe/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169
+ /cgi-915/Pbcgi.exe?bcgiu4: Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /bin/Pbcgi.exe?bcgiu4: Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /mpcgi/Pbcgi.exe?bcgiu4: Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /cgi-sys/Pbcgi.exe?bcgiu4: Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /cgis/Pbcgi.exe?bcgiu4: Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /cgi-exe/Pbcgi.exe?bcgiu4: Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /bin/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /mpcgi/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /ows-bin/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /cgi-local/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /cgis/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /cgi-home/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /mpcgi/snorkerz.bat: Arguments passed to DOS CGI without checking.
+ /ows-bin/snorkerz.bat: Arguments passed to DOS CGI without checking.
+ /cgi-sys/snorkerz.bat: Arguments passed to DOS CGI without checking.
+ /cgis/snorkerz.bat: Arguments passed to DOS CGI without checking.
+ /cgi-win/snorkerz.bat: Arguments passed to DOS CGI without checking.
+ /fcgi-bin/snorkerz.bat: Arguments passed to DOS CGI without checking.
+ /cgi-exe/snorkerz.bat: Arguments passed to DOS CGI without checking.
+ /cgi-home/snorkerz.bat: Arguments passed to DOS CGI without checking.
+ /mpcgi/snorkerz.cmd: Arguments passed to DOS CGI without checking.
+ /ows-bin/snorkerz.cmd: Arguments passed to DOS CGI without checking.
+ /cgi-sys/snorkerz.cmd: Arguments passed to DOS CGI without checking.
+ /cgi-local/snorkerz.cmd: Arguments passed to DOS CGI without checking.
+ /cgis/snorkerz.cmd: Arguments passed to DOS CGI without checking.
+ /fcgi-bin/snorkerz.cmd: Arguments passed to DOS CGI without checking.
+ /cgi-915/sbcgi/sitebuilder.cgi: SITEBUILDER v1.4 may allow retrieval of any file. With a valid username and password, request: /<CGIDIR>/sbcgi/sitebuilder.cgi?username=<user>&password=<password>&selectedpage=../../../../../../../../../../etc/passwd. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0756
+ /bin/sbcgi/sitebuilder.cgi: SITEBUILDER v1.4 may allow retrieval of any file. With a valid username and password, request: /<CGIDIR>/sbcgi/sitebuilder.cgi?username=<user>&password=<password>&selectedpage=../../../../../../../../../../etc/passwd. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0756
+ /mpcgi/sbcgi/sitebuilder.cgi: SITEBUILDER v1.4 may allow retrieval of any file. With a valid username and password, request: /<CGIDIR>/sbcgi/sitebuilder.cgi?username=<user>&password=<password>&selectedpage=../../../../../../../../../../etc/passwd. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0756
+ /cgi-local/sbcgi/sitebuilder.cgi: SITEBUILDER v1.4 may allow retrieval of any file. With a valid username and password, request: /<CGIDIR>/sbcgi/sitebuilder.cgi?username=<user>&password=<password>&selectedpage=../../../../../../../../../../etc/passwd. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0756
+ /cgi-win/sbcgi/sitebuilder.cgi: SITEBUILDER v1.4 may allow retrieval of any file. With a valid username and password, request: /<CGIDIR>/sbcgi/sitebuilder.cgi?username=<user>&password=<password>&selectedpage=../../../../../../../../../../etc/passwd. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0756
+ /fcgi-bin/sbcgi/sitebuilder.cgi: SITEBUILDER v1.4 may allow retrieval of any file. With a valid username and password, request: /<CGIDIR>/sbcgi/sitebuilder.cgi?username=<user>&password=<password>&selectedpage=../../../../../../../../../../etc/passwd. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0756
+ /cgi-home/sbcgi/sitebuilder.cgi: SITEBUILDER v1.4 may allow retrieval of any file. With a valid username and password, request: /<CGIDIR>/sbcgi/sitebuilder.cgi?username=<user>&password=<password>&selectedpage=../../../../../../../../../../etc/passwd. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0756
+ /..\..\..\..\..\..\temp\temp.class: Cisco ACS 2.6.x and 3.0.1 (build 40) allows authenticated remote users to retrieve any file from the system. Upgrade to the latest version.
+ /admentor/adminadmin.asp: Version 2.11 of AdMentor is vulnerable to SQL injection during login, in the style of: ' or =. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0308
+ /bin/classifieds/index.cgi: My Classifieds pre 2.12 is vulnerable to SQL injection attacks.
+ /cgi-bin/classifieds/index.cgi: My Classifieds pre 2.12 is vulnerable to SQL injection attacks.
+ /ows-bin/classifieds/index.cgi: My Classifieds pre 2.12 is vulnerable to SQL injection attacks.
+ /cgi-sys/classifieds/index.cgi: My Classifieds pre 2.12 is vulnerable to SQL injection attacks.
+ /cgi-local/classifieds/index.cgi: My Classifieds pre 2.12 is vulnerable to SQL injection attacks.
+ /cgi-win/classifieds/index.cgi: My Classifieds pre 2.12 is vulnerable to SQL injection attacks.
+ /bin/myguestbook.cgi?action=view: myGuestBook 1.0 may be vulnerable to Cross Site Scripting (XSS) in posted contents. Upgrade to the latest version.
+ /ows-bin/myguestbook.cgi?action=view: myGuestBook 1.0 may be vulnerable to Cross Site Scripting (XSS) in posted contents. Upgrade to the latest version.
+ /cgi-local/myguestbook.cgi?action=view: myGuestBook 1.0 may be vulnerable to Cross Site Scripting (XSS) in posted contents. Upgrade to the latest version.
+ /cgis/myguestbook.cgi?action=view: myGuestBook 1.0 may be vulnerable to Cross Site Scripting (XSS) in posted contents. Upgrade to the latest version.
+ /cgi-win/myguestbook.cgi?action=view: myGuestBook 1.0 may be vulnerable to Cross Site Scripting (XSS) in posted contents. Upgrade to the latest version.
+ /fcgi-bin/myguestbook.cgi?action=view: myGuestBook 1.0 may be vulnerable to Cross Site Scripting (XSS) in posted contents. Upgrade to the latest version.
+ /cgi-exe/myguestbook.cgi?action=view: myGuestBook 1.0 may be vulnerable to Cross Site Scripting (XSS) in posted contents. Upgrade to the latest version.
+ /bin/diagnose.cgi: This COWS (CGI Online Worldweb Shopping) script may give system information to attackers, and may be vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1680
+ /mpcgi/diagnose.cgi: This COWS (CGI Online Worldweb Shopping) script may give system information to attackers, and may be vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1680
+ /cgi-local/diagnose.cgi: This COWS (CGI Online Worldweb Shopping) script may give system information to attackers, and may be vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1680
+ /cgis/diagnose.cgi: This COWS (CGI Online Worldweb Shopping) script may give system information to attackers, and may be vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1680
+ /cgi-win/diagnose.cgi: This COWS (CGI Online Worldweb Shopping) script may give system information to attackers, and may be vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1680
+ /cgi-exe/diagnose.cgi: This COWS (CGI Online Worldweb Shopping) script may give system information to attackers, and may be vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1680
+ /forum_members.asp?find=%22;}alert(9823);function%20x()\{v%20=%22: Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). See: OSVDB-2946
+ /ows-bin/title.cgi: HNS's title.cgi is vulnerable to Cross Site Scripting (XSS http://www.cert.org/advisories/CA-2000-02.html) in version 2.00 and earlier, and Lite 0.8 and earlier. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2115
+ /cgi-sys/title.cgi: HNS's title.cgi is vulnerable to Cross Site Scripting (XSS http://www.cert.org/advisories/CA-2000-02.html) in version 2.00 and earlier, and Lite 0.8 and earlier. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2115
+ /cgi-local/title.cgi: HNS's title.cgi is vulnerable to Cross Site Scripting (XSS http://www.cert.org/advisories/CA-2000-02.html) in version 2.00 and earlier, and Lite 0.8 and earlier. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2115
+ /cgis/title.cgi: HNS's title.cgi is vulnerable to Cross Site Scripting (XSS http://www.cert.org/advisories/CA-2000-02.html) in version 2.00 and earlier, and Lite 0.8 and earlier. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2115
+ /cgi-win/title.cgi: HNS's title.cgi is vulnerable to Cross Site Scripting (XSS http://www.cert.org/advisories/CA-2000-02.html) in version 2.00 and earlier, and Lite 0.8 and earlier. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2115
+ /fcgi-bin/title.cgi: HNS's title.cgi is vulnerable to Cross Site Scripting (XSS http://www.cert.org/advisories/CA-2000-02.html) in version 2.00 and earlier, and Lite 0.8 and earlier. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2115
+ /cgi-exe/title.cgi: HNS's title.cgi is vulnerable to Cross Site Scripting (XSS http://www.cert.org/advisories/CA-2000-02.html) in version 2.00 and earlier, and Lite 0.8 and earlier. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2115
+ /cgi-915/compatible.cgi: This COWS (CGI Online Worldweb Shopping) script may give system information to attackers, and may be vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1680
+ /bin/compatible.cgi: This COWS (CGI Online Worldweb Shopping) script may give system information to attackers, and may be vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1680
+ /mpcgi/compatible.cgi: This COWS (CGI Online Worldweb Shopping) script may give system information to attackers, and may be vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1680
+ /ows-bin/compatible.cgi: This COWS (CGI Online Worldweb Shopping) script may give system information to attackers, and may be vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1680
+ /cgi-local/compatible.cgi: This COWS (CGI Online Worldweb Shopping) script may give system information to attackers, and may be vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1680
+ /cgis/compatible.cgi: This COWS (CGI Online Worldweb Shopping) script may give system information to attackers, and may be vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1680
+ /cgi-win/compatible.cgi: This COWS (CGI Online Worldweb Shopping) script may give system information to attackers, and may be vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1680
+ /cgi-home/compatible.cgi: This COWS (CGI Online Worldweb Shopping) script may give system information to attackers, and may be vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1680
+ /bin/probecontrol.cgi?command=enable&username=cancer&password=killer: This might be interesting: has been seen in web logs from a scanner.
+ /mpcgi/probecontrol.cgi?command=enable&username=cancer&password=killer: This might be interesting: has been seen in web logs from a scanner.
+ /cgi-sys/probecontrol.cgi?command=enable&username=cancer&password=killer: This might be interesting: has been seen in web logs from a scanner.
+ /cgi-local/probecontrol.cgi?command=enable&username=cancer&password=killer: This might be interesting: has been seen in web logs from a scanner.
+ /cgi-win/probecontrol.cgi?command=enable&username=cancer&password=killer: This might be interesting: has been seen in web logs from a scanner.
+ /bin/probecontrol.cgi?command=enable&userNikto=cancer&password=killer: This might be interesting: has been seen in web logs from a scanner.
+ /mpcgi/probecontrol.cgi?command=enable&userNikto=cancer&password=killer: This might be interesting: has been seen in web logs from a scanner.
+ /cgi-bin/probecontrol.cgi?command=enable&userNikto=cancer&password=killer: This might be interesting: has been seen in web logs from a scanner.
+ /cgi-win/probecontrol.cgi?command=enable&userNikto=cancer&password=killer: This might be interesting: has been seen in web logs from a scanner.
+ /fcgi-bin/probecontrol.cgi?command=enable&userNikto=cancer&password=killer: This might be interesting: has been seen in web logs from a scanner.
+ /cgi-home/probecontrol.cgi?command=enable&userNikto=cancer&password=killer: This might be interesting: has been seen in web logs from a scanner.
+ /cgi-bin/bigconf.cgi: BigIP Configuration CGI. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1550
+ /cgi-915/webmap.cgi: nmap front end... could be fun.
+ /cgi-sys/webmap.cgi: nmap front end... could be fun.
+ /cgi-local/webmap.cgi: nmap front end... could be fun.
+ /cgi-home/webmap.cgi: nmap front end... could be fun.
+ /ariadne/: Ariadne pre 2.1.2 has several vulnerabilities. The default login/pass to the admin page is admin/muze.
+ /cgi-bin/admin/admin.cgi: May be ImageFolio Pro administration CGI. Default login is Admin/ImageFolio.
+ /ows-bin/admin/admin.cgi: May be ImageFolio Pro administration CGI. Default login is Admin/ImageFolio.
+ /cgi-sys/admin/admin.cgi: May be ImageFolio Pro administration CGI. Default login is Admin/ImageFolio.
+ /cgis/admin/admin.cgi: May be ImageFolio Pro administration CGI. Default login is Admin/ImageFolio.
+ /cgi-exe/admin/admin.cgi: May be ImageFolio Pro administration CGI. Default login is Admin/ImageFolio.
+ /cgi-home/admin/admin.cgi: May be ImageFolio Pro administration CGI. Default login is Admin/ImageFolio.
+ /mpcgi/admin/setup.cgi: May be ImageFolio Pro setup CGI. Default login is Admin/ImageFolio.
+ /cgi-bin/admin/setup.cgi: May be ImageFolio Pro setup CGI. Default login is Admin/ImageFolio.
+ /ows-bin/admin/setup.cgi: May be ImageFolio Pro setup CGI. Default login is Admin/ImageFolio.
+ /cgi-sys/admin/setup.cgi: May be ImageFolio Pro setup CGI. Default login is Admin/ImageFolio.
+ /cgi-local/admin/setup.cgi: May be ImageFolio Pro setup CGI. Default login is Admin/ImageFolio.
+ /cgi-915/mt-static/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
+ /bin/mt-static/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
+ /ows-bin/mt-static/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
+ /cgi-sys/mt-static/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
+ /cgi-win/mt-static/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
+ /cgi-home/mt-static/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
+ /bin/mt/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
+ /mpcgi/mt/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
+ /cgi-bin/mt/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
+ /ows-bin/mt/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
+ /cgis/mt/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
+ /fcgi-bin/mt/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
+ /cgi-exe/mt/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
+ /cgi-home/mt/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
+ Scan terminated: 0 error(s) and 588 item(s) reported on remote host
+ End Time:           2025-01-16 23:00:30 (GMT-8) (61 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
Trustpilot
Online Nikto scanner - Online Nikto web server scanner | Product Hunt
Detailed report
Target
www.iitmjanakpuri.com
Target IP
104.21.112.1
Scan method
Nikto scan (max 60 sec)
Run command
nikto -host www.iitmjanakpuri.com -maxtime 60
Duration
Quick report
Scan date
17 Jan 2025 02:00
Copy scan report
Download report
Remove scan result
$
Total scans
Check ports
API - Scan ID