Scan report for "www.softpedia.com"

  1. Nikto Online
  2. Scan report for "www.softpedia.com"
Membership level: Free member
Summary

Found

297

Duration

1min 1sec

Date

2025-07-05

IP

104.22.13.228

Report
Nikto scan (max 60 sec) (nikto -host www.softpedia.com -maxtime 60)
- Nikto 
---------------------------------------------------------------------------
+ Multiple IPs found: 104.22.13.228, 172.67.5.104, 104.22.12.228, 2606:4700:10::6816:de4, 2606:4700:10::ac43:568, 2606:4700:10::6816:ce4
+ Target IP:          104.22.13.228
+ Target Hostname:    www.softpedia.com
+ Target Port:        80
+ Start Time:         2025-07-05 10:13:18 (GMT-7)
---------------------------------------------------------------------------
+ Server: cloudflare
+ /: An alt-svc header was found which is advertising HTTP/3. The endpoint is: ':443'. Nikto cannot test HTTP/3 over QUIC. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/alt-svc
+ /: Uncommon header 'proxy-status' found, with contents: Cloudflare-Proxy;error=http_request_error.
+ /cgi-914/cart32.exe: request cart32.exe/cart32clientlist.
+ /mpcgi/cart32.exe: request cart32.exe/cart32clientlist.
+ /cgi-bin/cart32.exe: request cart32.exe/cart32clientlist.
+ /ows-bin/cart32.exe: request cart32.exe/cart32clientlist.
+ /cgibin/cart32.exe: request cart32.exe/cart32clientlist.
+ /cgis/cart32.exe: request cart32.exe/cart32clientlist.
+ /fcgi-bin/cart32.exe: request cart32.exe/cart32clientlist.
+ /cgi-mod/cart32.exe: request cart32.exe/cart32clientlist.
+ /cgi-914/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /mpcgi/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /ows-bin/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /scripts/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /fcgi-bin/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /cgi-exe/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /cgi-home/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /cgi-perl/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /cgi-914/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /ows-bin/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgis/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /scripts/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-exe/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-mod/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /mpcgi/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgibin/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgis/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /scripts/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-home/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-mod/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /kboard/: KBoard Forum 0.3.0 and prior have a security problem in forum_edit_post.php, forum_post.php and forum_reply.php.
+ /lists/admin/: PHPList pre 2.6.4 contains a number of vulnerabilities including remote administrative access, harvesting user info and more. Default login to admin interface is admin/phplist.
+ /tiki/tiki-install.php: Tiki 1.7.2 and previous allowed restricted Wiki pages to be viewed via a 'URL trick'. Default login/pass could be admin/admin.
+ /_vti_bin/shtml.exe: Attackers may be able to crash FrontPage by requesting a DOS device, like shtml.exe/aux.htm -- a DoS was not attempted. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0709
+ /cgi-914/finger: finger other users, may be other commands?.
+ /mpcgi/finger: finger other users, may be other commands?.
+ /cgis/finger: finger other users, may be other commands?.
+ /scripts/finger: finger other users, may be other commands?.
+ /fcgi-bin/finger: finger other users, may be other commands?.
+ /cgi-exe/finger: finger other users, may be other commands?.
+ /cgi-914/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /mpcgi/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /cgi-bin/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /ows-bin/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /cgibin/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /cgis/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /scripts/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /fcgi-bin/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /cgi-exe/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /cgi-home/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /cgi-perl/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /cgi-mod/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /ows-bin/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ /cgibin/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ /cgis/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ /scripts/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ /fcgi-bin/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ /cgi-perl/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ /forums//admin/config.php: PHP Config file may contain database IDs and passwords.
+ /forums//adm/config.php: PHP Config file may contain database IDs and passwords.
+ /forums/config.php: PHP Config file may contain database IDs and passwords.
+ /guestbook/guestbookdat: PHP-Gastebuch 1.60 Beta reveals sensitive information about its configuration.
+ /guestbook/pwd: PHP-Gastebuch 1.60 Beta reveals the md5 hash of the admin password.
+ /hola/admin/cms/htmltags.php?datei=./sec/data.php: hola-cms-1.2.9-10 may reveal the administrator ID and password. See: https://vulners.com/exploitdb/EDB-ID:23027
+ /inc/common.load.php: Bookmark4U v1.8.3 include files are not protected and may contain remote source injection by using the 'prefix' variable. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1253
+ /inc/config.php: Bookmark4U v1.8.3 include files are not protected and may contain remote source injection by using the 'prefix' variable. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1253
+ /cgi-914/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgi-bin/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgibin/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /fcgi-bin/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgi-exe/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgi-mod/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /mpcgi/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /cgi-bin/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /cgis/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /scripts/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /cgi-home/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /cgi-perl/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /guestbook/admin.php: Guestbook admin page available without authentication.
+ /ows-bin/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /scripts/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /fcgi-bin/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi-exe/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi-home/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /cgi-perl/blog/: A blog was found. May contain security problems in CGIs, weak passwords, and more.
+ /vgn/performance/TMT: Vignette CMS admin/maintenance script available.
+ /vgn/performance/TMT/Report: Vignette CMS admin/maintenance script available.
+ /vgn/performance/TMT/Report/XML: Vignette CMS admin/maintenance script available.
+ /vgn/stylepreviewer: Vignette CMS admin/maintenance script available.
+ /vgn/vr/Editing: Vignette CMS admin/maintenance script available.
+ /scripts/iisadmin/ism.dll: Allows you to mount a brute force attack on passwords.
+ /basilix/message-read.php3: BasiliX webmail application prior to 1.1.1 contains a XSS issue in 'read message' function/page.
+ /scripts/tools/dsnform: Allows creation of ODBC Data Source.
+ /scripts/httpodbc.dll: Possible IIS backdoor found.
+ /scripts/proxy/w3proxy.dll: MSProxy v1.0 installed.
+ /siteseed/: Siteseed pre 1.4.2 have 'major' security problems.
+ /iisadmin/: Access to /iisadmin should be restricted to localhost or allowed hosts only.
+ /officescan/cgi/cgiChkMasterPwd.exe: Trend Micro Officescan allows you to skip the login page and access some CGI programs directly. See: https://web.archive.org/web/20030607054822/http://support.microsoft.com/support/exchange/content/whitepapers/owaguide.doc
+ /mpcgi/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /ows-bin/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgibin/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgis/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /scripts/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /fcgi-bin/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-perl/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-914/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /mpcgi/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /ows-bin/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-914/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
+ /cgi-bin/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
+ /ows-bin/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
+ /cgi-exe/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
+ /cgibin/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /fcgi-bin/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /cgi-exe/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /cgi-home/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /pbserver/pbserver.dll: This may contain a buffer overflow. See: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/MS00-094
+ /administrator/gallery/uploadimage.php: Mambo PHP Portal/Server 4.0.12 BETA and below may allow upload of any file type simply putting '.jpg' before the real file extension.
+ /pafiledb/includes/team/file.php: paFileDB 3.1 and below may allow file upload without authentication.
+ /servlet/com.unify.servletexec.UploadServlet: This servlet allows attackers to upload files to the server.
+ /cgi-914/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /mpcgi/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /cgi-bin/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /fcgi-bin/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /cgi-mod/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /basilix/compose-attach.php3: BasiliX webmail application prior to 1.1.1 contains a non-descript security vulnerability in compose-attach.php3 related to attachment uploads.
+ /server/: Possibly Macromedia JRun or CRX WebDAV upload.
+ /mpcgi/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /ows-bin/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /cgibin/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /cgis/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /cgi-perl/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /cgi-mod/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /vgn/ac/esave: Vignette CMS admin/maintenance script available.
+ /vgn/ac/fsave: Vignette CMS admin/maintenance script available.
+ /vgn/asp/status: Vignette CMS admin/maintenance script available.
+ /vgn/asp/style: Vignette CMS admin/maintenance script available.
+ /vgn/errors: Vignette CMS admin/maintenance script available.
+ /vgn/jsp/jspstatus56: Vignette CMS admin/maintenance script available.
+ /vgn/jsp/metadataupdate: Vignette CMS admin/maintenance script available.
+ /vgn/jsp/style: Vignette CMS admin/maintenance script available.
+ /vgn/login: Vignette server may allow user enumeration based on the login attempts to this file.
+ /contents.php?new_language=elvish&mode=select: Requesting a file with an invalid language selection from DC Portal may reveal the system path.
+ /cms/typo3conf/: This may contain sensitive TYPO3 files.
+ /site/typo3conf/: This may contain sensitive TYPO3 files.
+ /typo/typo3conf/: This may contain sensitive TYPO3 files.
+ /cms/typo3conf/database.sql: TYPO3 SQL file found.
+ /site/typo3conf/database.sql: TYPO3 SQL file found.
+ /typo/typo3conf/database.sql: TYPO3 SQL file found.
+ /typo3/typo3conf/database.sql: TYPO3 SQL file found.
+ /typo3conf/localconf.php: TYPO3 config file found.
+ /cms/typo3conf/localconf.php: TYPO3 config file found.
+ /site/typo3conf/localconf.php: TYPO3 config file found.
+ /typo/typo3conf/localconf.php: TYPO3 config file found.
+ /vgn/license: Vignette server license file found. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0403
+ /webcart/config/: This may allow attackers to read credit card data. Reconfigure to make this dir not accessible via the web. See: https://packetstormsecurity.com/files/32406/xmas.txt.html
+ /cgi-914/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /ows-bin/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /cgibin/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /cgis/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /fcgi-bin/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /cgi-home/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /cgi-mod/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /webmail/blank.html: IlohaMail 0.8.10 contains an XSS vulnerability. Previous versions contain other non-descript vulnerabilities.
+ /cgi-914/shtml.dll: This may allow attackers to retrieve document source.
+ /mpcgi/shtml.dll: This may allow attackers to retrieve document source.
+ /cgibin/shtml.dll: This may allow attackers to retrieve document source.
+ /cgis/shtml.dll: This may allow attackers to retrieve document source.
+ /scripts/shtml.dll: This may allow attackers to retrieve document source.
+ /fcgi-bin/shtml.dll: This may allow attackers to retrieve document source.
+ /cgi-home/shtml.dll: This may allow attackers to retrieve document source.
+ /cgi-perl/shtml.dll: This may allow attackers to retrieve document source.
+ /cgi-mod/shtml.dll: This may allow attackers to retrieve document source.
+ /cgi-914/aglimpse: This CGI may allow attackers to execute remote commands.
+ /mpcgi/aglimpse: This CGI may allow attackers to execute remote commands.
+ /cgi-bin/aglimpse: This CGI may allow attackers to execute remote commands.
+ /cgibin/aglimpse: This CGI may allow attackers to execute remote commands.
+ /scripts/aglimpse: This CGI may allow attackers to execute remote commands.
+ /fcgi-bin/aglimpse: This CGI may allow attackers to execute remote commands.
+ /cgi-exe/aglimpse: This CGI may allow attackers to execute remote commands.
+ /cgi-perl/aglimpse: This CGI may allow attackers to execute remote commands.
+ /servlets/SchedulerTransfer: PeopleSoft SchedulerTransfer servlet found, which may allow remote command execution. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0104
+ /cgi-914/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /mpcgi/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /cgi-bin/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /ows-bin/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /cgis/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /scripts/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /cgi-exe/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /cgi-mod/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /mpcgi/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /cgi-bin/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /cgibin/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /fcgi-bin/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /cgi-exe/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /cgi-home/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /cgi-perl/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /quikstore.cfg: Shopping cart config file, http://www.quikstore.com/, http://www.mindsec.com/advisories/post2.txt. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0607
+ /securecontrolpanel/: Web Server Control Panel.
+ /webmail/: Web based mail package installed.
+ /nsn/..%5Cutil/copy.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/dir.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/dsbrowse.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/md.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/rd.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/ren.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/set.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/slist.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/userlist.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cweb/fdir.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cwebdemo/env.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /cgi-914/archie: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-bin/archie: Gateway to the unix command, may be able to submit extra commands.
+ /cgis/archie: Gateway to the unix command, may be able to submit extra commands.
+ /scripts/archie: Gateway to the unix command, may be able to submit extra commands.
+ /fcgi-bin/archie: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-mod/archie: Gateway to the unix command, may be able to submit extra commands.
+ /cgibin/calendar: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-exe/calendar: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-home/calendar: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-perl/calendar: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-mod/calendar: Gateway to the unix command, may be able to submit extra commands.
+ /ows-bin/date: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-home/date: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-mod/date: Gateway to the unix command, may be able to submit extra commands.
+ /cgibin/fortune: Gateway to the unix command, may be able to submit extra commands.
+ /scripts/fortune: Gateway to the unix command, may be able to submit extra commands.
+ /fcgi-bin/fortune: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-home/fortune: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-perl/fortune: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-914/redirect: Redirects via URL from form.
+ /cgibin/redirect: Redirects via URL from form.
+ /cgis/redirect: Redirects via URL from form.
+ /fcgi-bin/redirect: Redirects via URL from form.
+ /cgi-exe/redirect: Redirects via URL from form.
+ /cgi-home/redirect: Redirects via URL from form.
+ /mpcgi/uptime: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-bin/uptime: Gateway to the unix command, may be able to submit extra commands.
+ /cgibin/uptime: Gateway to the unix command, may be able to submit extra commands.
+ /fcgi-bin/uptime: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-exe/uptime: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-home/uptime: Gateway to the unix command, may be able to submit extra commands.
+ /CVS/Entries: CVS Entries file may contain directory listing information.
+ /mpcgi/mail: Simple Perl mailing script to send form data to a pre-configured email address.
+ /cgi-bin/mail: Simple Perl mailing script to send form data to a pre-configured email address.
+ /ows-bin/mail: Simple Perl mailing script to send form data to a pre-configured email address.
+ /fcgi-bin/mail: Simple Perl mailing script to send form data to a pre-configured email address.
+ /cgi-exe/mail: Simple Perl mailing script to send form data to a pre-configured email address.
+ /cgi-perl/mail: Simple Perl mailing script to send form data to a pre-configured email address.
+ /cgi-914/query: Echoes back result of your GET.
+ /mpcgi/query: Echoes back result of your GET.
+ /cgibin/query: Echoes back result of your GET.
+ /scripts/query: Echoes back result of your GET.
+ /fcgi-bin/query: Echoes back result of your GET.
+ /cgi-home/query: Echoes back result of your GET.
+ /cgi-914/test-cgi.tcl: May echo environment variables or give directory listings.
+ /cgi-bin/test-cgi.tcl: May echo environment variables or give directory listings.
+ /ows-bin/test-cgi.tcl: May echo environment variables or give directory listings.
+ /cgibin/test-cgi.tcl: May echo environment variables or give directory listings.
+ /cgis/test-cgi.tcl: May echo environment variables or give directory listings.
+ /scripts/test-cgi.tcl: May echo environment variables or give directory listings.
+ /cgi-home/test-cgi.tcl: May echo environment variables or give directory listings.
+ /cgi-perl/test-cgi.tcl: May echo environment variables or give directory listings.
+ /cgi-914/test-env: May echo environment variables or give directory listings.
+ /mpcgi/test-env: May echo environment variables or give directory listings.
+ /cgi-bin/test-env: May echo environment variables or give directory listings.
+ /cgis/test-env: May echo environment variables or give directory listings.
+ /cgi-exe/test-env: May echo environment variables or give directory listings.
+ /cgi-mod/test-env: May echo environment variables or give directory listings.
+ /cgi-914/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header.
+ /mpcgi/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header.
+ /cgis/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header.
+ /cgi-exe/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header.
+ /cgi-perl/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header.
+ /examples/servlet/AUX: Apache Tomcat versions below 4.1 may be vulnerable to DoS by repeatedly requesting this file.
+ /cgi-914/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169
+ /mpcgi/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169
+ /ows-bin/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169
+ /cgibin/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169
+ /cgis/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169
+ /cgi-home/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169
+ /cgi-mod/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169
+ /Config1.htm: This may be a D-Link. Some devices have a DoS condition if an oversized POST request is sent. This DoS was not tested. See: https://raw.githubusercontent.com/sullo/advisory-archives/master/phenoelit.de_dp-300.txt
+ /cgi-914/Pbcgi.exe?bcgiu4: Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /mpcgi/Pbcgi.exe?bcgiu4: Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /ows-bin/Pbcgi.exe?bcgiu4: Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /cgi-exe/Pbcgi.exe?bcgiu4: Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /cgi-home/Pbcgi.exe?bcgiu4: Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /mpcgi/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /cgibin/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /cgis/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /fcgi-bin/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /cgi-exe/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /cgi-home/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /cgi-mod/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /cgi-shl/win-c-sample.exe: win-c-sample.exe has a buffer overflow.
+ /................../config.sys: PWS allows files to be read by prepending multiple '.' characters. At worst, IIS, not PWS, should be used.
+ Scan terminated: 0 error(s) and 297 item(s) reported on remote host
+ End Time:           2025-07-05 10:14:19 (GMT-7) (61 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
Trustpilot
Online Nikto scanner - Online Nikto web server scanner | Product Hunt
Detailed report
Target
www.softpedia.com
Target IP
104.22.13.228
Scan method
Nikto scan (max 60 sec)
Run command
nikto -host www.softpedia.com -maxtime 60
Duration
Quick report
Scan date
05 Jul 2025 13:14
Copy scan report
Download report
Remove scan result
$
Check ports
API - Scan ID