Scan report for "www.justdial.com"

- Nikto 
---------------------------------------------------------------------------
+ Multiple IPs found: 23.222.171.207, 2600:1406:6c00:28a::174d, 2600:1406:6c00:282::174d
+ Target IP:          23.222.171.207
+ Target Hostname:    www.justdial.com
+ Target Port:        80
+ Start Time:         2025-06-29 05:07:25 (GMT-7)
---------------------------------------------------------------------------
+ Server: AkamaiGHost
+ /: Uncommon header 'city' found, with contents: HERNDON.
+ /: Uncommon header 'cntry' found, with contents: US.
+ /: Uncommon header 'x-jd-grn' found, with contents: 0.90bbce17.1751198846.bc5e41c0.
+ /: Uncommon header 'server-timing' found, with multiple values: (cdn-cache; desc=HIT,edge; dur=1,ak_p; desc="1751198846204_399424400_3160293824_12_9172_0_0_-";dur=1,).
+ /: Uncommon header 'continent' found, with contents: NA.
+ /: Cookie Continent created without the httponly flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
+ /: Cookie Ak_City created without the httponly flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
+ /: Cookie Cntry created without the httponly flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
+ /kvGvByZF.php#: The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type. See: https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/missing-content-type-header/
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ /dump.cer: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html
+ /archive.sql: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html
+ /scripts/samples/details.idc: NT ODBC Remote Compromise. See: http://attrition.org/security/advisory/individual/rfp/rfp.9901.nt_odbc
+ /cgi-bin/wrap: Allows viewing of directories.
+ /guestbook/guestbookdat: PHP-Gastebuch 1.60 Beta reveals sensitive information about its configuration.
+ /guestbook/pwd: PHP-Gastebuch 1.60 Beta reveals the md5 hash of the admin password.
+ /global.inc: PHP-Survey's include file should not be available via the web. Configure the web server to ignore .inc files or change this to global.inc.php. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0614
+ /getaccess: This may be an indication that the server is running getAccess for SSO.
+ /vgn/performance/TMT: Vignette CMS admin/maintenance script available.
+ /vgn/performance/TMT/Report: Vignette CMS admin/maintenance script available.
+ /vgn/performance/TMT/Report/XML: Vignette CMS admin/maintenance script available.
+ /vgn/performance/TMT/reset: Vignette CMS admin/maintenance script available.
+ /vgn/ppstats: Vignette CMS admin/maintenance script available.
+ /vgn/previewer: Vignette CMS admin/maintenance script available.
+ /vgn/record/previewer: Vignette CMS admin/maintenance script available.
+ /vgn/stylepreviewer: Vignette CMS admin/maintenance script available.
+ /vgn/vr/Deleting: Vignette CMS admin/maintenance script available.
+ /vgn/vr/Editing: Vignette CMS admin/maintenance script available.
+ /vgn/vr/Saving: Vignette CMS admin/maintenance script available.
+ /vgn/vr/Select: Vignette CMS admin/maintenance script available.
+ /scripts/iisadmin/bdir.htr: This default script shows host info, may allow file browsing and buffer a overrun in the Chunked Encoding data transfer mechanism, request /scripts/iisadmin/bdir.htr??c:\<dir>. See: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/MS02-028
+ /scripts/tools/ctss.idc: This CGI allows remote users to view and modify SQL DB contents, server paths, docroot and more.
+ /bigconf.cgi: BigIP Configuration CGI.
+ /blah_badfile.shtml: Allaire ColdFusion allows JSP source viewed through a vulnerable SSI call.
+ /vgn/style: Vignette server may reveal system information through this file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0401
+ /basilix/mbox-list.php3: BasiliX webmail application prior to 1.1.1 contains a XSS issue in 'message list' function/page.
+ /basilix/message-read.php3: BasiliX webmail application prior to 1.1.1 contains a XSS issue in 'read message' function/page.
+ /bb-dnbd/faxsurvey: This may allow arbitrary command execution.
+ /cartcart.cgi: If this is Dansie Shopping Cart 3.0.8 or earlier, it contains a backdoor to allow attackers to execute arbitrary commands.
+ /scripts/tools/dsnform: Allows creation of ODBC Data Source.
+ /pccsmysqladm/incs/dbconnect.inc: This file should not be accessible, as it contains database connectivity information. Upgrade to version 1.2.5 or higher.
+ /ows/restricted%2eshow: OWS may allow restricted files to be viewed by replacing a character with its encoded equivalent.
+ /vider.php3: MySimpleNews may allow deleting of news items without authentication. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2320
+ /basilix/compose-attach.php3: BasiliX webmail application prior to 1.1.1 contains a non-descript security vulnerability in compose-attach.php3 related to attachment uploads.
+ /vgn/ac/data: Vignette CMS admin/maintenance script available.
+ /vgn/ac/delete: Vignette CMS admin/maintenance script available.
+ /vgn/ac/edit: Vignette CMS admin/maintenance script available.
+ /vgn/ac/esave: Vignette CMS admin/maintenance script available.
+ /vgn/ac/fsave: Vignette CMS admin/maintenance script available.
+ /vgn/ac/index: Vignette CMS admin/maintenance script available.
+ /vgn/asp/MetaDataUpdate: Vignette CMS admin/maintenance script available.
+ /vgn/asp/previewer: Vignette CMS admin/maintenance script available.
+ /vgn/asp/status: Vignette CMS admin/maintenance script available.
+ /vgn/asp/style: Vignette CMS admin/maintenance script available.
+ /vgn/errors: Vignette CMS admin/maintenance script available.
+ /vgn/jsp/controller: Vignette CMS admin/maintenance script available.
+ /vgn/jsp/errorpage: Vignette CMS admin/maintenance script available.
+ /vgn/jsp/initialize: Vignette CMS admin/maintenance script available.
+ /vgn/jsp/jspstatus: Vignette CMS admin/maintenance script available.
+ /vgn/jsp/jspstatus56: Vignette CMS admin/maintenance script available.
+ /vgn/jsp/metadataupdate: Vignette CMS admin/maintenance script available.
+ /vgn/jsp/previewer: Vignette CMS admin/maintenance script available.
+ /vgn/jsp/style: Vignette CMS admin/maintenance script available.
+ /vgn/legacy/edit: Vignette CMS admin/maintenance script available.
+ /vgn/login: Vignette server may allow user enumeration based on the login attempts to this file.
+ /servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter: Allaire ColdFusion allows JSP source viewed through a vulnerable SSI call.
+ /vgn/license: Vignette server license file found. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0403
+ /cgi/cgiproc?: It may be possible to crash Nortel Contivity VxWorks by requesting '/cgi/cgiproc?$' (not attempted!). Upgrade to version 2.60 or later. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0063
+ /servlet/SchedulerTransfer: PeopleSoft SchedulerTransfer servlet found, which may allow remote command execution. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0104
+ /servlet/sunexamples.BBoardServlet: This default servlet lets attackers execute arbitrary commands.
+ /servlets/SchedulerTransfer: PeopleSoft SchedulerTransfer servlet found, which may allow remote command execution. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0104
+ /perl/-e%20print%20Hello: The Perl interpreter on the Novell system may allow any command to be executed. See: http://www.securityfocus.com/bid/5520
+ /vgn/legacy/save: Vignette Legacy Tool may be unprotected. To access this resource, set a cookie called 'vgn_creds' with any value.
+ /quikstore.cgi: A shopping cart.
+ /siteminder: This may be an indication that the server is running Siteminder for SSO.
+ /CVS/Entries: CVS Entries file may contain directory listing information.
+ /admin-serv/config/admpw: This file contains the encrypted Netscape admin password. It should not be accessible via the web.
+ /cgi-bin/cgi_process: WASD reveals a lot of system information in this script. It should be removed.
+ /tree: WASD Server reveals the entire web root structure and files via this URL. Upgrade to a later version and secure according to the documents on the WASD web site.
+ /examples/servlet/AUX: Apache Tomcat versions below 4.1 may be vulnerable to DoS by repeatedly requesting this file.
+ /contents/extensions/asp/1: The IIS system may be vulnerable to a DOS. See: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/MS02-018
+ /us/cgi-bin/sewse.exe?d:/internet/sites/us/sewse/jabber/comment2.jse+c:\boot.ini: Uncommon header 'akamresp_unified_url' found, with contents: /cgi/bin/sewse.exe?d:/internet/sites/us/sewse/jabber/comment2.jse+c:\boot.ini.
+ /..\..\..\..\..\..\temp\temp.class: Cisco ACS 2.6.x and 3.0.1 (build 40) allows authenticated remote users to retrieve any file from the system. Upgrade to the latest version.
+ /openautoclassifieds/friendmail.php?listing=<script>alert(document.domain);</script>: OpenAutoClassifieds 1.0 is vulnerable to a XSS attack. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1145
+ /guestbook/?number=5&lng=%3Cscript%3Ealert(document.domain);%3C/script%3E: MPM Guestbook 1.2 and previous are vulnreable to XSS attacks. See: OSVDB-2754
+ /cgi-bin/bigconf.cgi: BigIP Configuration CGI. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1550
+ /cgi-bin/MachineInfo: Gives out information on the machine.
+ /chat/data/usr: SimpleChat! 1.3 allows retrieval of user information. See: OSVDB-53304
+ /cd-cgi/sscd_suncourier.pl: Sunsolve CD script may allow users to execute arbitrary commands. The script was confirmed to exist, but the test was not done. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0436
+ /cgi-bin/handler: This program allows remote users to run arbitrary commands.
+ /cgi-bin/webdist.cgi: This program allows remote users to run arbitrary commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0039
+ /ews/ews/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands. http://www.securityfocus.com/bid/2665. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0279
+ /servlet/SessionManager: IBM WebSphere reconfigure servlet (user=servlet, password=manager). All default code should be removed from servers.
+ /level/42/exec/show%20conf: Retrieved Cisco configuration file.
+ /megabook/files/20/setup.db: Megabook guestbook configuration available remotely. See: OSVDB-3204
+ /session/admnlogin: SessionServlet Output, has session cookie info.
+ /servlet/allaire.jrun.ssi.SSIFilter: Allaire ColdFusion allows JSP source viewed through a vulnerable SSI call. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0926
+ /isapi/count.pl?: AN HTTPd default script may allow writing over arbitrary files with a new content of '1', which could allow a trivial DoS. Append /../../../../../ctr.dll to replace this file's contents, for example.
+ /ncl_items.shtml?SUBJECT=1: This may allow attackers to reconfigure your Tektronix printer. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0484
+ /photo/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more.
+ /photodata/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more.
+ /pub/english.cgi?op=rmail: BSCW self-registration may be enabled. This could allow untrusted users semi-trusted access to the software. 3.x version (and probably some 4.x) allow arbitrary commands to be executed remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0095
+ /scripts/wsisa.dll/WService=anything?WSMadmin: Allows Webspeed to be remotely administered. Edit unbroker.properties and set AllowMsngrCmds to 0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0127
+ /submit?setoption=q&option=allowed_ips&value=255.255.255.255: MLdonkey 2.x allows administrative interface access to be access from any IP. This is typically only found on port 4080. See: OSVDB-3126
+ /_vti_pvt/deptodoc.btr: FrontPage file found. This may contain useful information.
+ /_vti_pvt/doctodep.btr: FrontPage file found. This may contain useful information.
+ /_vti_bin/shtml.dll/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611: Gives info about server settings. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0413,http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0709,http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0710
+ /_vti_bin/shtml.exe/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611: Gives info about server settings. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0413,http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0709,http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0710
+ /doc: The /doc directory is browsable. This may be /usr/doc. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0678
+ /cgis/wwwboard/wwwboard.cgi: Versions 2.0 Alpha and below have multiple problems. This could allow over-write of messages. Default ID 'WebAdmin' with pass 'WebBoard'. See: http://www.securityfocus.com/bid/1795 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0930
+ /cgis/wwwboard/wwwboard.pl: Versions 2.0 Alpha and below have multiple problems. This could allow over-write of messages. Default ID 'WebAdmin' with pass 'WebBoard'. See: http://www.securityfocus.com/bid/1795 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0930
+ /blahb.idq: Reveals physical path. To fix: Preferences -> Home directory -> Application & check 'Check if file exists' for the ISAPI mappings. https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/MS01-033. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0500
+ /BACLIENT: IBM Tivoli default file found. See: OSVDB-2117
+ /level/16/exec/-///pwd: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/16/exec/-///show/configuration: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/16: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/16/exec//show/access-lists: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/16/level/16/exec//show/configuration: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/16/level/16/exec//show/interfaces: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/16/level/16/exec//show/interfaces/status: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/16/level/16/exec//show/version: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/16/level/16/exec//show/running-config/interface/FastEthernet: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/16/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/17/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/18/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/19/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/20/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/21/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/22/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/23/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/24/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/25/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/26/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/27/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/28/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/29/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/30/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/31/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/32/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/33/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/34/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/35/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/36/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/37/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/38/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/39/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/40/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/41/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/42/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/43/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/44/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/45/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/46/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/47/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/48/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/49/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/50/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/51/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/52/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/53/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/54/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/55/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/56/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/57/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/58/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/59/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/60/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/61/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/62/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/63/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/64/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/65/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/66/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/67/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/68/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/69/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/70/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/71/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/72/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/73/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/74/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/75/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/76/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/77/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/78/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/79/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/80/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/81/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/82/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/83/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/84/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/85/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/86/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/87/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/88/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/89/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/90/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/91/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/92/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/93/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/94/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/95/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/96/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/97/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/98/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/99/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /com/novell/webaccess: Novell web server allows directory listing. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2106
+ //admin/admin.shtml: Axis network camera may allow admin bypass by using double-slashes before URLs. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0240
+ /axis-cgi/buffer/command.cgi: Axis WebCam 2400 may allow overwriting or creating files on the system. See: https://www.securityfocus.com/archive/1/313485
+ /support/messages: Axis WebCam allows retrieval of messages file (/var/log/messages). See: https://www.securityfocus.com/archive/1/313485
+ /server-status: This reveals Apache information. Comment out appropriate line in the Apache conf file or restrict access to allowed sources. See: OSVDB-561
+ /musicqueue.cgi: Musicqueue 1.20 is vulnerable to a buffer overflow. Ensure the latest version is installed (exploit not attempted). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1140,http://musicqueue.sourceforge.net/
+ /iisadmpwd/aexp2.htr: Gives domain and system name, may allow an attacker to brute force for access. Also will allow an NT4 user to change his password regardless of the 'user cannot change password' security policy. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0407. http://www.securityfocus.com/bid/4236. http://www.securityfocus.com/bid/2110. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0407
+ /iisadmpwd/aexp2b.htr: Gives domain and system name, may allow an attacker to brute force for access. Also will allow an NT4 user to change his password regardless of the 'user cannot change password' security policy. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0407. http://www.securityfocus.com/bid/4236. http://www.securityfocus.com/bid/2110. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0407
+ /iisadmpwd/aexp3.htr: Gives domain and system name, may allow an attacker to brute force for access. Also will allow an NT4 user to change his password regardless of the 'user cannot change password' security policy. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0407. http://www.securityfocus.com/bid/4236. http://www.securityfocus.com/bid/2110. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0407
+ /iisadmpwd/aexp4.htr: Gives domain and system name, may allow an attacker to brute force for access. Also will allow an NT4 user to change his password regardless of the 'user cannot change password' security policy. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0407. http://www.securityfocus.com/bid/4236. http://www.securityfocus.com/bid/2110. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0407
+ /iisadmpwd/aexp4b.htr: Gives domain and system name, may allow an attacker to brute force for access. Also will allow an NT4 user to change his password regardless of the 'user cannot change password' security policy. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0407. http://www.securityfocus.com/bid/4236. http://www.securityfocus.com/bid/2110. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0407
+ /c32web.exe/ChangeAdminPassword: This CGI may contain a backdoor and may allow attackers to change the Cart32 admin password. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0429
+ /showmail.pl: @Mail WebMail 3.52 allows attacker to read arbitrary user's mailbox. Requires knowing valid user name and appending ?Folder=../../victim@somehost.com/mbox/Inbox to the showmail.pl file. See: OSVDB-2944
+ /reademail.pl: @Mail WebMail 3.52 contains an SQL injection that allows attacker to read any email message for any address registered in the system. Example to append to reademail.pl: ?id=666&folder=qwer'%20or%20EmailDatabase_v.Account='victim@atmail.com&print=1. See: OSVDB-2948
+ /access-log: This might be interesting.
+ /access_log: This might be interesting.
+ /admin.php3: This might be interesting.
+ /admin.shtml: This might be interesting.
+ /awebvisit.stat: This might be interesting.
+ /certificate: This might be interesting.
+ /certificates: This might be interesting.
+ /console: This might be interesting.
+ /error_log: This might be interesting.
+ /hitmatic/analyse.cgi: This might be interesting.
+ /htpasswd: This might be interesting.
+ /js: This might be interesting.
+ /logfile: This might be interesting.
+ /logs/access_log: This might be interesting.
+ /logs/error_log: This might be interesting.
+ /manage/cgi/cgiproc: This might be interesting.
+ /mbox: This might be interesting.
+ /ministats/admin.cgi: This might be interesting.
+ /new: This might be interesting.
+ /news: This might be interesting.
+ /oracle: This might be interesting.
+ /passwd: This might be interesting.
+ /passwdfile: This might be interesting.
+ /password: This might be interesting.
+ /piranha/secure/passwd.php3: This might be interesting.
+ /poll: This might be interesting.
+ /polls: This might be interesting.
+ /pwd.db: This might be interesting.
+ /readme: This might be interesting.
+ /reviews/newpro.cgi: This might be interesting.
+ /scratch: This might be interesting.
+ /scripts/weblog: This might be interesting.
+ /search.vts: This might be interesting.
+ /search97.vts: This might be interesting.
+ /spwd: This might be interesting.
+ /srchadm: This might be interesting.
+ /super_stats/access_logs: Web logs are exposed..
+ /super_stats/error_logs: Web logs are exposed.
+ /swf: This might be interesting: Flash files?.
+ /users/scripts/submit.cgi: This might be interesting.
+ /w3perl/admin: This might be interesting.
+ /wwwboard/wwwboard.cgi: This might be interesting.
+ /wwwboard/wwwboard.pl: This might be interesting.
+ /wwwthreads/3tvars.pm: This might be interesting.
+ /wwwthreads/w3tvars.pm: This might be interesting.
+ /adsamples/config/site.csc: Contains SQL username/password. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1520
+ /sam: This might be interesting.
+ /sam.bin: This might be interesting.
+ /scripts/samples/ctguestb.idc: This might be interesting.
+ /perl/files.pl: This might be interesting.
+ /perl5/files.pl: This might be interesting.
+ /owa_util%2esignature: This might be interesting.
+ /finance.xls: Finance spreadsheet?.
+ /finances.xls: Finance spreadsheet?.
+ /add_acl: This might be interesting: has been seen in web logs from an unknown scanner.
+ /admin/cfg/configscreen.inc.php+: This might be interesting: has been seen in web logs from an unknown scanner.
+ /admin/cfg/configsite.inc.php+: This might be interesting: has been seen in web logs from an unknown scanner.
+ /admin/cfg/configsql.inc.php+: This might be interesting: has been seen in web logs from an unknown scanner.
+ /admin/cfg/configtache.inc.php+: This might be interesting: has been seen in web logs from an unknown scanner.
+ /admin/exec.php3: This might be interesting: has been seen in web logs from an unknown scanner.
+ /admin/modules/cache.php+: This might be interesting: has been seen in web logs from an unknown scanner.
+ /admin/settings.inc.php+: This might be interesting: has been seen in web logs from an unknown scanner.
+ /bandwidth/index.cgi: This might be interesting: has been seen in web logs from an unknown scanner.
+ /basilix.php3: This might be interesting: has been seen in web logs from an unknown scanner.
+ /bin/common/user_update_passwd.pl: This might be interesting: has been seen in web logs from an unknown scanner.
+ /board/philboard_admin.asp+: This might be interesting: has been seen in web logs from an unknown scanner.
+ /bugtest+/+: This might be interesting: has been seen in web logs from an unknown scanner.
+ /ccbill/whereami.cgi: This might be interesting: has been seen in web logs from an unknown scanner.
+ /cp/rac/nsManager.cgi: This might be interesting: has been seen in web logs from an unknown scanner.
+ /csPassword.cgi?command=remove%20: This might be interesting: has been seen in web logs from an unknown scanner.
+ /Data/settings.xml+: This might be interesting: has been seen in web logs from an unknown scanner.
+ /database/metacart.mdb+: This might be interesting: has been seen in web logs from an unknown scanner.
+ /dbabble: This might be interesting: has been seen in web logs from an unknown scanner.
+ /docs/NED: This might be interesting: has been seen in web logs from an unknown scanner.
+ /do_map: This might be interesting: has been seen in web logs from an unknown scanner.
+ /do_subscribe: This might be interesting: has been seen in web logs from an unknown scanner.
+ /emumail.cgi?type=.%00: This might be interesting: has been seen in web logs from an unknown scanner.
+ /etc/shadow+: This might be interesting: has been seen in web logs from an unknown scanner.
+ /ez2000/ezadmin.cgi: This might be interesting: has been seen in web logs from an unknown scanner.
+ /ez2000/ezboard.cgi: This might be interesting: has been seen in web logs from an unknown scanner.
+ /ez2000/ezman.cgi: This might be interesting: has been seen in web logs from an unknown scanner.
+ /filemanager/index.php3: This might be interesting: has been seen in web logs from an unknown scanner.
+ /foro/YaBB.pl: This might be interesting: has been seen in web logs from an unknown scanner.
+ /functions.inc.php+: This might be interesting: has been seen in web logs from an unknown scanner.
+ /globals.php3: This might be interesting: has been seen in web logs from an unknown scanner.
+ /globals.pl: This might be interesting: has been seen in web logs from an unknown scanner.
+ /Gozila.cgi: Linksys BEF Series routers are vulnerable to multiple DoS attacks in Gozila.cgi. See: https://seclists.org/fulldisclosure/2004/Jun/49
+ /includes/footer.php3: This might be interesting: has been seen in web logs from an unknown scanner.
+ /includes/header.php3: This might be interesting: has been seen in web logs from an unknown scanner.
+ /invitefriends.php3: This might be interesting: has been seen in web logs from an unknown scanner.
+ /jsptest.jsp+: This might be interesting: has been seen in web logs from an unknown scanner.
+ /ldap.search.php3?ldap_serv=nonsense%20: This might be interesting: has been seen in web logs from an unknown scanner.
+ /login.php3?reason=chpass2%20: This might be interesting: has been seen in web logs from an unknown scanner.
+ /manage/login.asp+: This might be interesting: has been seen in web logs from an unknown scanner.
+ /members/ID.pm: This might be interesting: has been seen in web logs from an unknown scanner.
+ /modules/Downloads/voteinclude.php+: This might be interesting: has been seen in web logs from an unknown scanner.
+ /modules/WebChat/in.php+: This might be interesting: has been seen in web logs from an unknown scanner.
+ /modules/Your_Account/navbar.php+: This might be interesting: has been seen in web logs from an unknown scanner.
+ /netget?sid=Safety&amp;msg=2002&amp;file=Safety: This might be interesting: has been seen in web logs from an unknown scanner.
+ /OpenTopic: This might be interesting: has been seen in web logs from an unknown scanner.
+ /options.inc.php+: This might be interesting: has been seen in web logs from an unknown scanner.
+ /parse_xml.cgi: This might be interesting: has been seen in web logs from an unknown scanner.
+ /pks/lookup: This might be interesting: has been seen in web logs from an unknown scanner.
+ /poppassd.php3+: This might be interesting: has been seen in web logs from an unknown scanner.
+ /pt_config.inc: This might be interesting: has been seen in web logs from an unknown scanner.
+ /quikmail/nph-emumail.cgi?type=../%00: This might be interesting: has been seen in web logs from an unknown scanner.
+ /scripts/tradecli.dll?template=nonexistfile?template=..\..\..\..\..\winnt\system32\cmd.exe?/c+dir: This might be interesting: has been seen in web logs from an unknown scanner.
+ /servers/link.cgi: This might be interesting: has been seen in web logs from an unknown scanner.
+ /shop/php_files/site.config.php+: This might be interesting: has been seen in web logs from an unknown scanner.
+ /site_searcher.cgi: This might be interesting: has been seen in web logs from an unknown scanner.
+ /spelling.php3+: This might be interesting: has been seen in web logs from an unknown scanner.
+ /status.php3: This might be interesting: has been seen in web logs from an unknown scanner.
+ /technote/print.cgi: This might be interesting: has been seen in web logs from an unknown scanner.
+ /texis/websearch/phine: This might be interesting: has been seen in web logs from an unknown scanner.
+ /uifc/MultFileUploadHandler.php+: This might be interesting: has been seen in web logs from an unknown scanner.
+ /useraction.php3: This might be interesting: has been seen in web logs from an unknown scanner.
+ /utils/sprc.asp+: This might be interesting: has been seen in web logs from an unknown scanner.
+ /web_app/WEB-INF/webapp.properties: This might be interesting: has been seen in web logs from an unknown scanner.
+ /.ssh/authorized_keys: A user's home directory may be set to the web root, an ssh file was retrieved. This should not be accessible via the web.
+ /.ssh/known_hosts: A user's home directory may be set to the web root, an ssh file was retrieved. This should not be accessible via the web.
+ /_vti_bin/shtml.exe/_vti_rpc: FrontPage may be installed. See: https://en.wikipedia.org/wiki/Microsoft_FrontPage
+ /servlet/Counter: JRun default servlet found. All default code should be removed from servers. See: CWE-552
+ /servlet/DateServlet: JRun default servlet found. All default code should be removed from servers. See: CWE-552
+ /servlet/FingerServlet: JRun default servlet found. All default code should be removed from servers. See: CWE-552
+ /servlet/HelloWorldServlet: JRun default servlet found. All default code should be removed from servers. See: CWE-552
+ /servlet/SessionServlet: JRun or Netware WebSphere default servlet found. All default code should be removed from servers. See: CWE-552
+ /servlet/SimpleServlet: JRun default servlet found (possibly Websphere). All default code should be removed from servers. See: CWE-552
+ /servlet/SnoopServlet: JRun, Netware Java Servlet Gateway, or WebSphere default servlet found. All default code should be removed from servers. See: CWE-552
+ /bin/admin.pl: Default FrontPage CGI found. See: https://en.wikipedia.org/wiki/Microsoft_FrontPage
+ /cgi-bin/admin.pl: Default FrontPage CGI found. See: https://en.wikipedia.org/wiki/Microsoft_FrontPage
+ /scripts/admin.pl: Default FrontPage CGI found. See: https://en.wikipedia.org/wiki/Microsoft_FrontPage
+ /_vti_bin/admin.pl: Default FrontPage CGI found. See: https://en.wikipedia.org/wiki/Microsoft_FrontPage
+ /_vti_pvt/administrators.pwd: Default FrontPage file found, may be a password file. See: https://en.wikipedia.org/wiki/Microsoft_FrontPage
+ /_vti_pvt/authors.pwd: Default FrontPage file found, may be a password file. See: https://en.wikipedia.org/wiki/Microsoft_FrontPage
+ /_vti_pvt/service.pwd: Default FrontPage file found, may be a password file. See: https://en.wikipedia.org/wiki/Microsoft_FrontPage
+ /_vti_pvt/users.pwd: Default FrontPage file found, may be a password file. See: https://en.wikipedia.org/wiki/Microsoft_FrontPage
+ /servlet/AdminServlet: Netware Web Search Server (adminservlet) found. All default code should be removed from web servers. See: CWE-552
+ /servlet/gwmonitor: Netware Gateway monitor found. All default code should be removed from web servers. See: CWE-552
+ /servlet/PrintServlet: Novell Netware default servlet found. All default code should be removed from the system. See: CWE-552
+ /servlet/SearchServlet: Novell Netware default servlet found. All default code should be removed from the system. See: CWE-552
+ /servlet/ServletManager: Netware Java Servlet Gateway found. Default user ID is servlet, default password is manager. All default code should be removed from Internet servers. See: CWE-552
+ /servlet/sq1cdsn: Novell Netware default servlet found. All default code should be removed from the system. See: CWE-552
+ /servlet/sqlcdsn: Netware SQL connector found. All default code should be removed from web servers. See: CWE-552
+ /servlet/webacc: Netware Enterprise and/or GroupWise web access found. All default code should be removed from Internet servers. See: CWE-552
+ /servlet/webpub: Netware Web Publisher found. All default code should be removed from web servers. See: CWE-552
+ /WebSphereSamples: Netware Webshere sample applications found. All default code should be removed from web servers. See: CWE-552
+ /index.html.cz.iso8859-2: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. See: CWE-552
+ /index.html.dk: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. See: CWE-552
+ /index.html.ee: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. See: CWE-552
+ /index.html.el: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. See: CWE-552
+ /index.html.et: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. See: CWE-552
+ /index.html.he.iso8859-8: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. See: CWE-552
+ /index.html.hr.iso8859-2: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. See: CWE-552
+ /index.html.ltz.utf8: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. See: CWE-552
+ /index.html.lu.utf8: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. See: CWE-552
+ /index.html.po.iso8859-2: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. See: CWE-552
+ /index.html.pt: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. See: CWE-552
+ /index.html.ru.cp-1251: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. See: CWE-552
+ /index.html.ru.koi8-r: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. See: CWE-552
+ /index.html.ru.utf8: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. See: CWE-552
+ /index.html.tw: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. See: CWE-552
+ /index.html.tw.Big5: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. See: CWE-552
+ /index.html.var: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. See: CWE-552
+ /soapConfig.xml: Oracle 9iAS configuration file found. See: http://www.securityfocus.com/bid/4290 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0568 https://securiteam.com/securitynews/5IP0B203PI/
+ /XSQLConfig.xml: Oracle 9iAS configuration file found. See: http://www.securityfocus.com/bid/4290 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0568 https://securiteam.com/securitynews/5IP0B203PI/
+ /surf/scwebusers: SurfControl SuperScout Web Reports Server user and password file is available. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0705
+ /isqlplus: Oracle iSQL*Plus is installed. This may be vulnerable to a buffer overflow in the user ID field. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1264
+ /banmat.pwd: Bannermatic versions 1-3 reveal sensitive information from unprotected files. These files should be protected. See: OSVDB-4237
+ /texis.exe/?-dump: Texis installation may reveal sensitive information. See: OSVDB-4314
+ /texis.exe/?-version: Texis installation may reveal sensitive information. See: OSVDB-4314
+ /config.inc: DotBr 0.1 configuration file includes usernames and passwords. See: OSVDB-5092
+ /catinfo: May be vulnerable to a buffer overflow. Request '/catinfo?' and add on 2048 of garbage to test. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0432
+ /soap/servlet/soaprouter: Oracle 9iAS SOAP components allow anonymous users to deploy applications by default. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1371
+ /server-info: This gives a lot of Apache information. Comment out appropriate line in httpd.conf or restrict access to allowed hosts. See: https://www.invicti.com/web-vulnerability-scanner/vulnerabilities/apache-server-info-detected/
+ /cgi-bin/%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%57%69%6E%64%6F%77%73%2Fping.exe%20127.0.0.1: AnalogX SimpleServer:WWW HTTP vulnerability allows specially formatted strings to perform command execution. Upgrade to version 1.15 or higher. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1586
+ /stronghold-info: Redhat Stronghold from versions 2.3 up to 3.0 discloses sensitive information. This gives information on configuration. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0868
+ /stronghold-status: Redhat Stronghold from versions 2.3 up to 3.0 discloses sensitive information. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0868
+ /..%252f..%252f..%252f..%252f..%252f../windows/repair/sam: BadBlue server is vulnerable to multiple remote exploits. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0325 https://securiteam.com/exploits/5HP0M2A60G/
+ /..%252f..%252f..%252f..%252f..%252f../winnt/repair/sam: BadBlue server is vulnerable to multiple remote exploits. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0325 https://securiteam.com/exploits/5HP0M2A60G/
+ /..%255c..%255c..%255c..%255c..%255c../windows/repair/sam: BadBlue server is vulnerable to multiple remote exploits. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0325 https://securiteam.com/exploits/5HP0M2A60G/
+ /..%255c..%255c..%255c..%255c..%255c../winnt/repair/sam: BadBlue server is vulnerable to multiple remote exploits. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0325 https://securiteam.com/exploits/5HP0M2A60G/
+ /..%2F..%2F..%2F..%2F..%2F../windows/repair/sam: BadBlue server is vulnerable to multiple remote exploits. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0325 https://securiteam.com/exploits/5HP0M2A60G/
+ /..%2F..%2F..%2F..%2F..%2F../winnt/repair/sam: BadBlue server is vulnerable to multiple remote exploits. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0325 https://securiteam.com/exploits/5HP0M2A60G/
+ /webcache/webcache.xml: Oracle WebCache Demo. See: CWE-552
+ /bmp/global-web-application.xml: SQLJ Demo Application. See: CWE-552
+ /servlets/weboam/oam/oamLogin: Oracle Application Manager. See: CWE-552
+ /reports/rwservlet: Oracle Reports. See: CWE-552
+ /reports/rwservlet/showenv: Oracle Reports. See: CWE-552
+ /reports/rwservlet/showmap: Oracle Reports. See: CWE-552
+ /reports/rwservlet/showjobs: Oracle Reports. See: CWE-552
+ /reports/rwservlet/getjobid7?server=myrep: Oracle Reports. See: CWE-552
+ /reports/rwservlet/getjobid4?server=myrep: Oracle Reports. See: CWE-552
+ /reports/rwservlet/showmap?server=myserver: Oracle Reports. See: CWE-552
+ /pls/portal/owa_util.cellsprint?p_theQuery=select: Direct access to Oracle packages could have an unknown impact.
+ /pls/portal/owa_util.showsource?cname=owa_util: Access to Oracle pages could have an unknown impact.
+ /pls/portal/owa_util.cellsprint?p_theQuery=select+*+from+sys.dba_users: Access to Oracle pages could have an unknown impact.
+ /pls/portal/owa_util.signature: Access to Oracle pages could have an unknown impact.
+ /pls/portal/PORTAL_DEMO.ORG_CHART.SHOW: Access to Oracle pages could have an unknown impact.
+ /pls/portal/PORTAL.wwv_form.genpopuplist: Access to Oracle pages cold have an unknown impact.
+ /pls/portal/SELECT: Access to Oracle pages could have an unknown impact.
+ /pls/portal/null: Access to Oracle pages could have an unknown impact.
+ /cehttp/trace: Sterling Commerce Connect Direct trace log file may contain user ID information.
+ /webservices/IlaWebServices: Host has the Oracle iLearning environment installed.
+ /www/2: This might be interesting.
+ Scan terminated: 0 error(s) and 423 item(s) reported on remote host
+ End Time:           2025-06-29 05:08:26 (GMT-7) (61 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested

Trustpilot

Target

www.justdial.com

Target IP

23.222.171.207

Scan method

Nikto scan (max 60 sec)

Run command

nikto -host www.justdial.com -maxtime 60

Duration

61s

Quick report

Order full scan ($7.99/one time)

Scan date

29 Jun 2025 08:08

Copy scan report

Download report

Remove scan result

$

Check ports

Use Portscanner Tool

API - Scan ID

efb0aafe612fb39da42114028317dd83a15665bc