Scan report for "sba.lt"

Membership level: Free member
Nikto scan (max 60 sec) (nikto -host sba.lt -maxtime 60)
- Nikto v2.5.0
---------------------------------------------------------------------------
+ Multiple IPs found: 172.67.74.237, 104.26.13.109, 104.26.12.109, 2606:4700:20::681a:c6d, 2606:4700:20::681a:d6d, 2606:4700:20::ac43:4aed
+ Target IP:          172.67.74.237
+ Target Hostname:    sba.lt
+ Target Port:        80
+ Start Time:         2024-05-22 02:24:31 (GMT-4)
---------------------------------------------------------------------------
+ Server: cloudflare
+ /: An alt-svc header was found which is advertising HTTP/3. The endpoint is: ':443'. Nikto cannot test HTTP/3 over QUIC. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/alt-svc
+ /webcgi/cart32.exe: request cart32.exe/cart32clientlist.
+ /mpcgi/cart32.exe: request cart32.exe/cart32clientlist.
+ /cgi-bin/cart32.exe: request cart32.exe/cart32clientlist.
+ /cgibin/cart32.exe: request cart32.exe/cart32clientlist.
+ /scgi-bin/cart32.exe: request cart32.exe/cart32clientlist.
+ /cgi.cgi/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /cgi-914/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /scgi-bin/flexform: Check Phrack 55 for info by RFP; allows to append info to writable files. See: http://phrack.org/issues/55/7.html#article
+ /cgi.cgi/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /webcgi/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-914/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /ows-bin/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgibin/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /scgi-bin/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi-mod/lwgate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /cgi.cgi/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /mpcgi/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /ows-bin/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /scgi-bin/LWGate: Check Phrack 55 for info by RFP. See: http://phrack.org/issues/55/7.html#article
+ /_vti_bin/shtml.exe: Attackers may be able to crash FrontPage by requesting a DOS device, like shtml.exe/aux.htm -- a DoS was not attempted. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0709
+ /mpcgi/finger: finger other users, may be other commands?.
+ /cgi-bin/finger: finger other users, may be other commands?.
+ /cgi.cgi/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /cgi-914/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /mpcgi/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /ows-bin/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /cgi-mod/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ /webcgi/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ /cgi-914/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ /ows-bin/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ /cgibin/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ /scgi-bin/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ /cgi-mod/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ /cgi-bin/wrap: Allows viewing of directories.
+ /forums//admin/config.php: PHP Config file may contain database IDs and passwords.
+ /forums//adm/config.php: PHP Config file may contain database IDs and passwords.
+ /forums//administrator/config.php: PHP Config file may contain database IDs and passwords.
+ /forums/config.php: PHP Config file may contain database IDs and passwords.
+ /hola/admin/cms/htmltags.php?datei=./sec/data.php: hola-cms-1.2.9-10 may reveal the administrator ID and password. See: https://vulners.com/exploitdb/EDB-ID:23027
+ /inc/common.load.php: Bookmark4U v1.8.3 include files are not protected and may contain remote source injection by using the 'prefix' variable. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1253
+ /cgi.cgi/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /mpcgi/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgi-bin/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgibin/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /scgi-bin/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgi-mod/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ /cgi.cgi/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /webcgi/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /cgi-914/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /mpcgi/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /ows-bin/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /cgi-mod/ss: Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.
+ /gb/index.php?login=true: gBook may allow admin login by setting the value 'login' equal to 'true'. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1560
+ /guestbook/admin.php: Guestbook admin page available without authentication.
+ /getaccess: This may be an indication that the server is running getAccess for SSO.
+ /vgn/performance/TMT/Report/XML: Vignette CMS admin/maintenance script available.
+ /vgn/performance/TMT/reset: Vignette CMS admin/maintenance script available.
+ /vgn/ppstats: Vignette CMS admin/maintenance script available.
+ /vgn/previewer: Vignette CMS admin/maintenance script available.
+ /vgn/record/previewer: Vignette CMS admin/maintenance script available.
+ /vgn/stylepreviewer: Vignette CMS admin/maintenance script available.
+ /vgn/vr/Deleting: Vignette CMS admin/maintenance script available.
+ /clusterframe.jsp: Macromedia JRun 4 build 61650 remote administration interface is vulnerable to several XSS attacks.
+ /scripts/tools/dsnform.exe: Allows creation of ODBC Data Source.
+ /scripts/tools/dsnform: Allows creation of ODBC Data Source.
+ /PDG_Cart/order.log: PDG Commerce log found. See: http://zodi.com/cgi-bin/shopper.cgi?display=intro&template=Intro/commerce.html
+ /view_source.jsp: Resin 2.1.2 view_source.jsp allows any file on the system to be viewed by using \..\ directory traversal. This script may be vulnerable.
+ /officescan/cgi/cgiChkMasterPwd.exe: Trend Micro Officescan allows you to skip the login page and access some CGI programs directly. See: https://web.archive.org/web/20030607054822/http://support.microsoft.com/support/exchange/content/whitepapers/owaguide.doc
+ /cgi.cgi/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /mpcgi/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-bin/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /ows-bin/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgibin/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-mod/foxweb.exe: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi.cgi/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
+ /webcgi/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
+ /cgi-914/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
+ /mpcgi/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
+ /cgi-bin/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
+ /scgi-bin/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.
+ /administrator/gallery/uploadimage.php: Mambo PHP Portal/Server 4.0.12 BETA and below may allow upload of any file type simply putting '.jpg' before the real file extension.
+ /pafiledb/includes/team/file.php: paFileDB 3.1 and below may allow file upload without authentication.
+ /phpEventCalendar/file_upload.php: phpEventCalendar 1.1 and prior are vulnerable to file upload bug.
+ /cgi.cgi/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /cgi-bin/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /ows-bin/uploader.exe: This CGI allows attackers to upload files to the server and then execute them.
+ /mpcgi/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /cgi-mod/fpsrvadm.exe: Potentially vulnerable CGI program.
+ /vgn/ac/fsave: Vignette CMS admin/maintenance script available.
+ /vgn/ac/index: Vignette CMS admin/maintenance script available.
+ /vgn/asp/status: Vignette CMS admin/maintenance script available.
+ /vgn/asp/style: Vignette CMS admin/maintenance script available.
+ /vgn/errors: Vignette CMS admin/maintenance script available.
+ /vgn/jsp/errorpage: Vignette CMS admin/maintenance script available.
+ /vgn/jsp/jspstatus: Vignette CMS admin/maintenance script available.
+ /vgn/legacy/edit: Vignette CMS admin/maintenance script available.
+ /webcgi/.cobalt: May allow remote admin of CGI scripts.
+ /cgi-bin/.cobalt: May allow remote admin of CGI scripts.
+ /ows-bin/.cobalt: May allow remote admin of CGI scripts.
+ /cgibin/.cobalt: May allow remote admin of CGI scripts.
+ /scgi-bin/.cobalt: May allow remote admin of CGI scripts.
+ /cgi-mod/.cobalt: May allow remote admin of CGI scripts.
+ /fpdb/shop.mdb: MetaCart2 is an ASP shopping cart. The database of customers is available via the web. See: https://packetstormsecurity.com/files/32406/xmas.txt.html
+ /guestbook/admin/o12guest.mdb: Ocean12 ASP Guestbook Manager allows download of SQL database which contains admin password. See: https://www.exploit-db.com/exploits/22484
+ /midicart.mdb: MIDICART database is available for browsing. This should not be allowed via the web server. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1432
+ /news/news.mdb: Web Wiz Site News release v3.06 admin password database is available and unencrypted.
+ /shoppingdirectory/midicart.mdb: MIDICART database is available for browsing. This should not be allowed via the web server. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1432
+ /admin/config.php: PHP Config file may contain database IDs and passwords.
+ /administrator/config.php: PHP Config file may contain database IDs and passwords.
+ /webcgi/.access: Contains authorization information.
+ /mpcgi/.access: Contains authorization information.
+ /cgi-bin/.access: Contains authorization information.
+ /scgi-bin/.access: Contains authorization information.
+ /cgi.cgi/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /cgi-914/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /mpcgi/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /cgi-bin/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /cgibin/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /cgi-mod/%2e%2e/abyss.conf: The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0544
+ /contents.php?new_language=elvish&mode=select: Requesting a file with an invalid language selection from DC Portal may reveal the system path.
+ /pw/storemgr.pw: Encrypted ID/Pass for Mercantec's SoftCart. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0609
+ /servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter: Allaire ColdFusion allows JSP source viewed through a vulnerable SSI call.
+ /typo3conf/database.sql: TYPO3 SQL file found.
+ /cms/typo3conf/database.sql: TYPO3 SQL file found.
+ /typo/typo3conf/database.sql: TYPO3 SQL file found.
+ /typo3conf/localconf.php: TYPO3 config file found.
+ /typo/typo3conf/localconf.php: TYPO3 config file found.
+ /typo3/typo3conf/localconf.php: TYPO3 config file found.
+ /vgn/license: Vignette server license file found. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0403
+ /WS_FTP.ini: Can contain saved passwords for FTP sites.
+ /cgi.cgi/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /webcgi/MsmMask.exe: MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1528
+ /nsn/fdir.bas:ShowVolume: You can use ShowVolume and ShowDirectory directly on the Novell server (NW5.1) to view the filesystem without having to log in.
+ /cgi/cgiproc?: It may be possible to crash Nortel Contivity VxWorks by requesting '/cgi/cgiproc?$' (not attempted!). Upgrade to version 2.60 or later. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0063
+ /mpcgi/aglimpse: This CGI may allow attackers to execute remote commands.
+ /cgi-bin/aglimpse: This CGI may allow attackers to execute remote commands.
+ /servlet/sunexamples.BBoardServlet: This default servlet lets attackers execute arbitrary commands.
+ /webcgi/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /mpcgi/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /cgibin/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /scgi-bin/cmd.exe?/c+dir: cmd.exe can execute arbitrary commands.
+ /webcgi/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /cgi-914/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /ows-bin/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /cgibin/cmd1.exe?/c+dir: cmd1.exe can execute arbitrary commands.
+ /vgn/legacy/save: Vignette Legacy Tool may be unprotected. To access this resource, set a cookie called 'vgn_creds' with any value.
+ /siteminder: This may be an indication that the server is running Siteminder for SSO.
+ /nsn/..%5Cutil/chkvol.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/dsbrowse.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/md.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/ren.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/send.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/set.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/slist.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cwebdemo/fdir.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /cgi.cgi/archie: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-914/archie: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-bin/archie: Gateway to the unix command, may be able to submit extra commands.
+ /ows-bin/archie: Gateway to the unix command, may be able to submit extra commands.
+ /cgibin/archie: Gateway to the unix command, may be able to submit extra commands.
+ /scgi-bin/archie: Gateway to the unix command, may be able to submit extra commands.
+ /cgi.cgi/calendar: Gateway to the unix command, may be able to submit extra commands.
+ /mpcgi/calendar: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-bin/calendar: Gateway to the unix command, may be able to submit extra commands.
+ /cgibin/calendar: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-mod/calendar: Gateway to the unix command, may be able to submit extra commands.
+ /cgi.cgi/date: Gateway to the unix command, may be able to submit extra commands.
+ /ows-bin/date: Gateway to the unix command, may be able to submit extra commands.
+ /cgibin/date: Gateway to the unix command, may be able to submit extra commands.
+ /mpcgi/fortune: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-bin/fortune: Gateway to the unix command, may be able to submit extra commands.
+ /cgibin/fortune: Gateway to the unix command, may be able to submit extra commands.
+ /cgi.cgi/redirect: Redirects via URL from form.
+ /webcgi/redirect: Redirects via URL from form.
+ /cgi-914/redirect: Redirects via URL from form.
+ /mpcgi/redirect: Redirects via URL from form.
+ /cgibin/redirect: Redirects via URL from form.
+ /cgi-mod/redirect: Redirects via URL from form.
+ /cgi-914/uptime: Gateway to the unix command, may be able to submit extra commands.
+ /mpcgi/uptime: Gateway to the unix command, may be able to submit extra commands.
+ /scgi-bin/uptime: Gateway to the unix command, may be able to submit extra commands.
+ /cgi-mod/uptime: Gateway to the unix command, may be able to submit extra commands.
+ /USER/CONFIG.AP: MIPCD configuration information. MIPCD should not have the web interface enabled.
+ /webcgi/mail: Simple Perl mailing script to send form data to a pre-configured email address.
+ /ows-bin/mail: Simple Perl mailing script to send form data to a pre-configured email address.
+ /cgi-mod/mail: Simple Perl mailing script to send form data to a pre-configured email address.
+ /cgi-914/query: Echoes back result of your GET.
+ /mpcgi/query: Echoes back result of your GET.
+ /ows-bin/query: Echoes back result of your GET.
+ /cgibin/query: Echoes back result of your GET.
+ /cgi-mod/query: Echoes back result of your GET.
+ /cgi-914/test-cgi.tcl: May echo environment variables or give directory listings.
+ /cgi-bin/test-cgi.tcl: May echo environment variables or give directory listings.
+ /cgibin/test-cgi.tcl: May echo environment variables or give directory listings.
+ /scgi-bin/test-cgi.tcl: May echo environment variables or give directory listings.
+ /cgi-mod/test-cgi.tcl: May echo environment variables or give directory listings.
+ /cgi.cgi/test-env: May echo environment variables or give directory listings.
+ /mpcgi/test-env: May echo environment variables or give directory listings.
+ /cgi-mod/test-env: May echo environment variables or give directory listings.
+ /admin-serv/config/admpw: This file contains the encrypted Netscape admin password. It should not be accessible via the web.
+ /cgi-bin/cgi_process: WASD reveals a lot of system information in this script. It should be removed.
+ /ht_root/wwwroot/-/local/httpd$map.conf: WASD reveals the http configuration file. Upgrade to a later version and secure according to the documents on the WASD web site.
+ /local/httpd$map.conf: WASD reveals the http configuration file. Upgrade to a later version and secure according to the documents on the WASD web site.
+ /cgi.cgi/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header.
+ /cgi-914/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header.
+ /mpcgi/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header.
+ /cgi-bin/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header.
+ /scgi-bin/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header.
+ /cgi-mod/cgitest.exe: This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header.
+ /examples/servlet/AUX: Apache Tomcat versions below 4.1 may be vulnerable to DoS by repeatedly requesting this file.
+ /cgi-914/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169
+ /cgi-bin/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169
+ /cgibin/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169
+ /scgi-bin/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0169
+ /webcgi/Pbcgi.exe?bcgiu4: Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /cgi-914/Pbcgi.exe?bcgiu4: Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /cgi-bin/Pbcgi.exe?bcgiu4: Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /cgi-mod/Pbcgi.exe?bcgiu4: Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /cgibin/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /scgi-bin/testcgi.exe: Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128
+ /cgi-shl/win-c-sample.exe: win-c-sample.exe has a buffer overflow.
+ /.nsf/../winnt/win.ini: This win.ini file can be downloaded.
+ /My_eGallery/public/displayCategory.php: My_eGallery prior to 3.1.1.g are vulnerable to a remote execution bug via SQL command injection. displayCategory.php calls imageFunctions.php without checking URL/location arguments. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6795
+ /forum/My_eGallery/public/displayCategory.php: My_eGallery prior to 3.1.1.g are vulnerable to a remote execution bug via SQL command injection. displayCategory.php calls imageFunctions.php without checking URL/location arguments. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6795
+ /openautoclassifieds/friendmail.php?listing=<script>alert(document.domain);</script>: OpenAutoClassifieds 1.0 is vulnerable to a XSS attack. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1145
+ /modules.php?op=modload&name=FAQ&file=index&myfaq=yes&id_cat=1&categories=%3Cimg%20src=javascript:alert(9456);%3E&parent_id=0: Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS).
+ /guestbook/?number=5&lng=%3Cscript%3Ealert(document.domain);%3C/script%3E: MPM Guestbook 1.2 and previous are vulnreable to XSS attacks. See: OSVDB-2754
+ /anthill/login.php: Anthill bug tracking system may be installed. Versions lower than 0.1.6.1 allow XSS and may allow users to bypass login requirements.
+ /cbms/changepass.php: CBMS Billing Management has had many vulnerabilities in versions 0.7.1 and below. None could be confirmed here, but they should be manually checked if possible. http://freshmeat.net/projects/cbms/.
+ /cbms/editclient.php: CBMS Billing Management has had many vulnerabilities in versions 0.7.1 and below. None could be confirmed here, but they should be manually checked if possible. http://freshmeat.net/projects/cbms/.
+ /webcgi/mkilog.exe: This CGI can give an attacker a lot of information.
+ /mpcgi/mkilog.exe: This CGI can give an attacker a lot of information.
+ /cgi-bin/mkilog.exe: This CGI can give an attacker a lot of information.
+ /cgibin/mkilog.exe: This CGI can give an attacker a lot of information.
+ /cgi-914/mkplog.exe: This CGI can give an attacker a lot of information.
+ /mpcgi/mkplog.exe: This CGI can give an attacker a lot of information.
+ /ows-bin/mkplog.exe: This CGI can give an attacker a lot of information.
+ /cgi-mod/mkplog.exe: This CGI can give an attacker a lot of information.
+ /cgi-914/rpm_query: This CGI allows anyone to see the installed RPMs.
+ /mpcgi/rpm_query: This CGI allows anyone to see the installed RPMs.
+ /cgi-bin/rpm_query: This CGI allows anyone to see the installed RPMs.
+ /scgi-bin/rpm_query: This CGI allows anyone to see the installed RPMs.
+ /cgi-mod/rpm_query: This CGI allows anyone to see the installed RPMs.
+ /webcgi/ws_ftp.ini: Can contain saved passwords for ftp sites.
+ /cgi-914/ws_ftp.ini: Can contain saved passwords for ftp sites.
+ /cgi-bin/ws_ftp.ini: Can contain saved passwords for ftp sites.
+ /ows-bin/ws_ftp.ini: Can contain saved passwords for ftp sites.
+ /cgi-914/WS_FTP.ini: Can contain saved passwords for ftp sites.
+ /mpcgi/WS_FTP.ini: Can contain saved passwords for ftp sites.
+ /scgi-bin/WS_FTP.ini: Can contain saved passwords for ftp sites.
+ /cgi-mod/WS_FTP.ini: Can contain saved passwords for ftp sites.
+ /Admin_files/order.log: Selena Sol's WebStore 1.0 exposes order information. See: https://packetstormsecurity.com/files/32406/xmas.txt.html
+ /admin/cplogfile.log: DevBB 1.0 final log file is readable remotely. Upgrade to the latest version. See: http://www.mybboard.com
+ /admin/system_footer.php: myphpnuke version 1.8.8_final_7 reveals detailed system information.
+ /chat/data/usr: SimpleChat! 1.3 allows retrieval of user information. See: OSVDB-53304
+ /cgi.cgi/view-source?view-source: This allows remote users to view source code.
+ /cgi-bin/view-source?view-source: This allows remote users to view source code.
+ /ows-bin/view-source?view-source: This allows remote users to view source code.
+ /ows-bin/ibill.pm: iBill.pm is installed. This may allow brute forcing of passwords. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0839
+ /cgibin/ibill.pm: iBill.pm is installed. This may allow brute forcing of passwords. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0839
+ /cgi-mod/ibill.pm: iBill.pm is installed. This may allow brute forcing of passwords. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0839
+ /webcgi/SGB_DIR/superguestconfig: Super GuestBook 1.0 from lasource.r2.ru stores the admin password in a plain text file. See: OSVDB-4663
+ /cgi-914/SGB_DIR/superguestconfig: Super GuestBook 1.0 from lasource.r2.ru stores the admin password in a plain text file. See: OSVDB-4663
+ /mpcgi/SGB_DIR/superguestconfig: Super GuestBook 1.0 from lasource.r2.ru stores the admin password in a plain text file. See: OSVDB-4663
+ /cgi-bin/SGB_DIR/superguestconfig: Super GuestBook 1.0 from lasource.r2.ru stores the admin password in a plain text file. See: OSVDB-4663
+ /scgi-bin/SGB_DIR/superguestconfig: Super GuestBook 1.0 from lasource.r2.ru stores the admin password in a plain text file. See: OSVDB-4663
+ /cgi-914/icat: Multiple versions of icat allow attackers to read arbitrary files. Make sure the latest version is running.
+ /cgi-bin/icat: Multiple versions of icat allow attackers to read arbitrary files. Make sure the latest version is running.
+ /ows-bin/icat: Multiple versions of icat allow attackers to read arbitrary files. Make sure the latest version is running.
+ /cgibin/icat: Multiple versions of icat allow attackers to read arbitrary files. Make sure the latest version is running.
+ /cgi-mod/icat: Multiple versions of icat allow attackers to read arbitrary files. Make sure the latest version is running.
+ /mpcgi/nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0: nCUBE Server Manager 1.0 nph-showlogs.pl directory traversal bug.
+ /cgi-bin/nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0: nCUBE Server Manager 1.0 nph-showlogs.pl directory traversal bug.
+ /ows-bin/nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0: nCUBE Server Manager 1.0 nph-showlogs.pl directory traversal bug.
+ /cgi-mod/nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0: nCUBE Server Manager 1.0 nph-showlogs.pl directory traversal bug.
+ /webcgi/update.dpgs: Duma Photo Gallery System may allow remote users to write to any file on the system. This could not be remotely tested. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1411
+ /ows-bin/update.dpgs: Duma Photo Gallery System may allow remote users to write to any file on the system. This could not be remotely tested. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1411
+ /scgi-bin/update.dpgs: Duma Photo Gallery System may allow remote users to write to any file on the system. This could not be remotely tested. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1411
+ /cgi-mod/update.dpgs: Duma Photo Gallery System may allow remote users to write to any file on the system. This could not be remotely tested. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1411
+ /cgi.cgi/view-source: This may allow remote arbitrary file retrieval.
+ /ows-bin/view-source: This may allow remote arbitrary file retrieval.
+ /cgibin/view-source: This may allow remote arbitrary file retrieval.
+ /scgi-bin/view-source: This may allow remote arbitrary file retrieval.
+ /webcgi/wrap: This CGI lets users read any file with 755 perms. It should not be in the CGI directory.
+ /mpcgi/wrap: This CGI lets users read any file with 755 perms. It should not be in the CGI directory.
+ /cgi-bin/wrap: This CGI lets users read any file with 755 perms. It should not be in the CGI directory.
+ /cgibin/wrap: This CGI lets users read any file with 755 perms. It should not be in the CGI directory.
+ /scgi-bin/wrap: This CGI lets users read any file with 755 perms. It should not be in the CGI directory.
+ /cgi-mod/wrap: This CGI lets users read any file with 755 perms. It should not be in the CGI directory.
+ /cgi.cgi/cgiwrap: Some versions of cgiwrap allow anyone to execute commands remotely.
+ /cgi-914/cgiwrap: Some versions of cgiwrap allow anyone to execute commands remotely.
+ /mpcgi/cgiwrap: Some versions of cgiwrap allow anyone to execute commands remotely.
+ /cgi-bin/cgiwrap: Some versions of cgiwrap allow anyone to execute commands remotely.
+ /ows-bin/cgiwrap: Some versions of cgiwrap allow anyone to execute commands remotely.
+ /scgi-bin/cgiwrap: Some versions of cgiwrap allow anyone to execute commands remotely.
+ /cgi-mod/cgiwrap: Some versions of cgiwrap allow anyone to execute commands remotely.
+ /cgi.cgi/info2www: This CGI allows attackers to execute commands.
+ /cgi-914/info2www: This CGI allows attackers to execute commands.
+ /cgi-bin/info2www: This CGI allows attackers to execute commands.
+ /cgi.cgi/perl?-v: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove Perl from the CGI dir.
+ /webcgi/perl?-v: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove Perl from the CGI dir.
+ /cgi.cgi/perl.exe?-v: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove perl.exe from the CGI dir.
+ /webcgi/perl.exe?-v: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove perl.exe from the CGI dir.
+ /mpcgi/perl.exe?-v: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove perl.exe from the CGI dir.
+ /cgi-bin/perl.exe?-v: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove perl.exe from the CGI dir.
+ /cgibin/perl.exe?-v: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove perl.exe from the CGI dir.
+ /cgi.cgi/perl.exe: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove Perl from the CGI dir.
+ /webcgi/perl.exe: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove Perl from the CGI dir.
+ /cgi-bin/perl.exe: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove Perl from the CGI dir.
+ /cgibin/perl.exe: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove Perl from the CGI dir.
+ /cgi-mod/perl.exe: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove Perl from the CGI dir.
+ /cgi-bin/perl: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove Perl from the CGI dir.
+ /ows-bin/perl: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove Perl from the CGI dir.
+ /cgi-mod/perl: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove Perl from the CGI dir.
+ /webcgi/plusmail: This CGI may allow attackers to execute commands remotely.
+ /mpcgi/plusmail: This CGI may allow attackers to execute commands remotely.
+ /ows-bin/plusmail: This CGI may allow attackers to execute commands remotely.
+ /scgi-bin/plusmail: This CGI may allow attackers to execute commands remotely.
+ /cgi-mod/plusmail: This CGI may allow attackers to execute commands remotely.
+ /webcgi/scripts/slxweb.dll/getfile?type=Library&file=invalidfileNikto: SalesLogix WebClient may allow attackers to execute arbitrary commands on the host. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1607 http://www.securityfocus.com/archive/1/378637
+ /mpcgi/scripts/slxweb.dll/getfile?type=Library&file=invalidfileNikto: SalesLogix WebClient may allow attackers to execute arbitrary commands on the host. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1607 http://www.securityfocus.com/archive/1/378637
+ /cgi-bin/scripts/slxweb.dll/getfile?type=Library&file=invalidfileNikto: SalesLogix WebClient may allow attackers to execute arbitrary commands on the host. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1607 http://www.securityfocus.com/archive/1/378637
+ /cgibin/scripts/slxweb.dll/getfile?type=Library&file=invalidfileNikto: SalesLogix WebClient may allow attackers to execute arbitrary commands on the host. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1607 http://www.securityfocus.com/archive/1/378637
+ /scgi-bin/scripts/slxweb.dll/getfile?type=Library&file=invalidfileNikto: SalesLogix WebClient may allow attackers to execute arbitrary commands on the host. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1607 http://www.securityfocus.com/archive/1/378637
+ /webcgi/scripts/slxweb.dll/getfile?type=Library&file=invalidfilename: SalesLogix WebClient may allow attackers to execute arbitrary commands on the host. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1607 http://www.securityfocus.com/archive/1/378637
+ /cgi-914/scripts/slxweb.dll/getfile?type=Library&file=invalidfilename: SalesLogix WebClient may allow attackers to execute arbitrary commands on the host. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1607 http://www.securityfocus.com/archive/1/378637
+ /mpcgi/scripts/slxweb.dll/getfile?type=Library&file=invalidfilename: SalesLogix WebClient may allow attackers to execute arbitrary commands on the host. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1607 http://www.securityfocus.com/archive/1/378637
+ /cgi-bin/scripts/slxweb.dll/getfile?type=Library&file=invalidfilename: SalesLogix WebClient may allow attackers to execute arbitrary commands on the host. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1607 http://www.securityfocus.com/archive/1/378637
+ /ows-bin/scripts/slxweb.dll/getfile?type=Library&file=invalidfilename: SalesLogix WebClient may allow attackers to execute arbitrary commands on the host. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1607 http://www.securityfocus.com/archive/1/378637
+ /cgibin/scripts/slxweb.dll/getfile?type=Library&file=invalidfilename: SalesLogix WebClient may allow attackers to execute arbitrary commands on the host. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1607 http://www.securityfocus.com/archive/1/378637
+ /scgi-bin/scripts/slxweb.dll/getfile?type=Library&file=invalidfilename: SalesLogix WebClient may allow attackers to execute arbitrary commands on the host. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1607 http://www.securityfocus.com/archive/1/378637
+ /cgi-mod/scripts/slxweb.dll/getfile?type=Library&file=invalidfilename: SalesLogix WebClient may allow attackers to execute arbitrary commands on the host. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1607 http://www.securityfocus.com/archive/1/378637
+ /cgi-914/smartsearch.cgi?keywords=|/bin/cat%20/etc/passwd|: To check for remote execution vulnerability use ?keywords=|/bin/ls| or your favorite command.
+ /ows-bin/smartsearch.cgi?keywords=|/bin/cat%20/etc/passwd|: To check for remote execution vulnerability use ?keywords=|/bin/ls| or your favorite command.
+ /cgibin/smartsearch.cgi?keywords=|/bin/cat%20/etc/passwd|: To check for remote execution vulnerability use ?keywords=|/bin/ls| or your favorite command.
+ /scgi-bin/smartsearch.cgi?keywords=|/bin/cat%20/etc/passwd|: To check for remote execution vulnerability use ?keywords=|/bin/ls| or your favorite command.
+ /cgi-mod/smartsearch.cgi?keywords=|/bin/cat%20/etc/passwd|: To check for remote execution vulnerability use ?keywords=|/bin/ls| or your favorite command.
+ /webcgi/webgais: The webgais allows attackers to execute commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0176
+ /mpcgi/webgais: The webgais allows attackers to execute commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0176
+ /cgi-bin/webgais: The webgais allows attackers to execute commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0176
+ /cgibin/webgais: The webgais allows attackers to execute commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0176
+ /cgi.cgi/websendmail: This CGI may allow attackers to execute arbitrary commands remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0196
+ /webcgi/websendmail: This CGI may allow attackers to execute arbitrary commands remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0196
+ /cgi-914/websendmail: This CGI may allow attackers to execute arbitrary commands remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0196
+ /mpcgi/websendmail: This CGI may allow attackers to execute arbitrary commands remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0196
+ /cgi-bin/websendmail: This CGI may allow attackers to execute arbitrary commands remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0196
+ /cgi-mod/websendmail: This CGI may allow attackers to execute arbitrary commands remotely. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0196
+ /cgi.cgi/wwwwais: wwwais has a vulnerability that lets attackers run commands as http daemon owner. Request 'CGIDIR/wwwais?version=version=123&' and 4096 bytes of garbage.
+ /webcgi/wwwwais: wwwais has a vulnerability that lets attackers run commands as http daemon owner. Request 'CGIDIR/wwwais?version=version=123&' and 4096 bytes of garbage.
+ /cgi-914/wwwwais: wwwais has a vulnerability that lets attackers run commands as http daemon owner. Request 'CGIDIR/wwwais?version=version=123&' and 4096 bytes of garbage.
+ /ows-bin/wwwwais: wwwais has a vulnerability that lets attackers run commands as http daemon owner. Request 'CGIDIR/wwwais?version=version=123&' and 4096 bytes of garbage.
+ /scgi-bin/wwwwais: wwwais has a vulnerability that lets attackers run commands as http daemon owner. Request 'CGIDIR/wwwais?version=version=123&' and 4096 bytes of garbage.
+ /cgi-bin/handler: This program allows remote users to run arbitrary commands.
+ /instantwebmail/message.php: Instant Web Mail is installed. Versions 0.59 and lower can allow remote users to embed POP3 commands in URLs contained in email. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0490
+ /cgi-914/ppdscgi.exe: PowerPlay Web Edition may allow unauthenticated users to view pages. See: BID-491
+ /mpcgi/ppdscgi.exe: PowerPlay Web Edition may allow unauthenticated users to view pages. See: BID-491
+ /cgi-bin/ppdscgi.exe: PowerPlay Web Edition may allow unauthenticated users to view pages. See: BID-491
+ /scgi-bin/ppdscgi.exe: PowerPlay Web Edition may allow unauthenticated users to view pages. See: BID-491
+ /cgi-mod/ppdscgi.exe: PowerPlay Web Edition may allow unauthenticated users to view pages. See: BID-491
+ /admin/admin_phpinfo.php4: Mon Album version 0.6.2d allows remote admin access. This should be protected.
+ /cgi.cgi/webdriver: This CGI often allows anyone to access the Informix DB on the host.
+ /webcgi/webdriver: This CGI often allows anyone to access the Informix DB on the host.
+ /scgi-bin/webdriver: This CGI often allows anyone to access the Informix DB on the host.
+ /dostuff.php?action=modify_user: Blahz-DNS allows unauthorized users to edit user information. Upgrade to version 0.25 or higher. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0599,https://sourceforge.net/projects/blahzdns/
+ /cgi.cgi/c32web.exe/ChangeAdminPassword: This CGI may contain a backdoor and may allow attackers to change the Cart32 admin password.
+ /cgi-914/c32web.exe/ChangeAdminPassword: This CGI may contain a backdoor and may allow attackers to change the Cart32 admin password.
+ /mpcgi/c32web.exe/ChangeAdminPassword: This CGI may contain a backdoor and may allow attackers to change the Cart32 admin password.
+ /scgi-bin/c32web.exe/ChangeAdminPassword: This CGI may contain a backdoor and may allow attackers to change the Cart32 admin password.
+ /cgi-mod/c32web.exe/ChangeAdminPassword: This CGI may contain a backdoor and may allow attackers to change the Cart32 admin password.
+ /cgi.cgi/nimages.php: Alpha versions of the Nimages package vulnerable to non-specific 'major' security bugs.
+ /webcgi/nimages.php: Alpha versions of the Nimages package vulnerable to non-specific 'major' security bugs.
+ /mpcgi/nimages.php: Alpha versions of the Nimages package vulnerable to non-specific 'major' security bugs.
+ /cgi-mod/nimages.php: Alpha versions of the Nimages package vulnerable to non-specific 'major' security bugs.
+ /cgi-914/unlg1.2: web backdoor by ULG.
+ /mpcgi/unlg1.2: web backdoor by ULG.
+ /scgi-bin/unlg1.2: web backdoor by ULG.
+ /agentadmin.php: Immobilier agentadmin.php contains multiple SQL injection vulnerabilities. See: OSVDB-35876
+ /structure.sql: Database SQL?.
+ /servlet/SessionManager: IBM WebSphere reconfigure servlet (user=servlet, password=manager). All default code should be removed from servers.
+ /level/42/exec/show%20conf: Retrieved Cisco configuration file.
+ /logs/str_err.log: Bmedia error log, contains invalid login attempts which include the invalid usernames and passwords entered (could just be typos & be very close to the right entries).
+ /pmlite.php: A Xoops CMS script was found. Version RC3 and below allows all users to view all messages (untested). See: https://seclists.org/bugtraq/2002/Dec/129
+ /servlet/allaire.jrun.ssi.SSIFilter: Allaire ColdFusion allows JSP source viewed through a vulnerable SSI call. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0926
+ /pp.php?action=login: Pieterpost 0.10.6 allows anyone to access the 'virtual' account which can be used to relay/send e-mail. See: OSVDB-2881
+ /manual.php: Does not filter input before passing to shell command. Try 'ls -l' as the man page entry.
+ /smssend.php: PhpSmssend may allow system calls if a ' is passed to it. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0220
+ /ncl_items.shtml?SUBJECT=1: This may allow attackers to reconfigure your Tektronix printer. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0484
+ /pvote/ch_info.php?newpass=password&confirm=password%20: PVote administration page is available. Versions 1.5b and lower do not require authentication to reset the administration password.
+ /scripts/wsisa.dll/WService=anything?WSMadmin: Allows Webspeed to be remotely administered. Edit unbroker.properties and set AllowMsngrCmds to 0. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0127
+ /submit?setoption=q&option=allowed_ips&value=255.255.255.255: MLdonkey 2.x allows administrative interface access to be access from any IP. This is typically only found on port 4080. See: OSVDB-3126
+ /_vti_pvt/doctodep.btr: FrontPage file found. This may contain useful information.
+ /_vti_pvt/services.org: FrontPage file found. This may contain useful information.
+ /_vti_bin/shtml.dll/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611: Gives info about server settings. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0413,http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0709,http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0710
+ /_vti_bin/shtml.exe/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611: Gives info about server settings. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0413,http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0709,http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0710
+ /_vti_bin/_vti_aut/author.exe?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=false: We seem to have authoring access to the FrontPage web.
+ /_vti_pvt/access.cnf: Contains HTTP server-specific access control information. Remove or ACL if FrontPage is not being used. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1717
+ /_vti_pvt/services.cnf: Contains the list of subwebs. Remove or ACL if FrontPage is not being used. May reveal server version if Admin has changed it. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1717
+ /_vti_pvt/svacl.cnf: File used to store whether subwebs have unique permissions settings and any IP address restrictions. Can be used to discover information about subwebs, remove or ACL if FrontPage is not being used. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1717
+ /_vti_pvt/writeto.cnf: Contains information about form handler result files. Remove or ACL if FrontPage is not being used. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1717
+ /doc: The /doc directory is browsable. This may be /usr/doc. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0678
+ /level/16: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/16/level/16/exec//show/configuration: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/16/level/16/exec//show/interfaces: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/16/level/16/exec//show/running-config/interface/FastEthernet: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/16/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/17/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/19/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/21/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/23/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/24/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/26/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/28/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/29/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/33/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/37/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/40/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/42/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/45/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/46/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/47/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/48/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/50/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/53/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/55/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/58/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/59/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/60/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/62/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/63/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/64/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/66/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/67/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/69/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/70/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/72/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/74/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/75/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/76/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/77/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/78/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/80/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/81/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/82/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/84/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/90/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/91/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/93/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/94/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/95/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /level/97/exec//show: CISCO HTTP service allows remote execution of commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537
+ /WS_FTP.LOG: WS_FTP.LOG file was found. It may contain sensitive information. See: OSVDB-13405
+ /nsn/env.bas: Novell web server shows the server environment and is vulnerable to cross-site scripting. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2104
+ /lcgi/lcgitest.nlm: Novell web server shows the server environment. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2104
+ /com/novell/webaccess: Novell web server allows directory listing. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2106
+ /cgi.cgi/phf: This allows attackers to read arbitrary files on the system and perhaps execute commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0067
+ /webcgi/phf: This allows attackers to read arbitrary files on the system and perhaps execute commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0067
+ /mpcgi/phf: This allows attackers to read arbitrary files on the system and perhaps execute commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0067
+ /cgi-bin/phf: This allows attackers to read arbitrary files on the system and perhaps execute commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0067
+ /ows-bin/phf: This allows attackers to read arbitrary files on the system and perhaps execute commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0067
+ /cgibin/phf: This allows attackers to read arbitrary files on the system and perhaps execute commands. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0067
+ /server-status: This reveals Apache information. Comment out appropriate line in the Apache conf file or restrict access to allowed sources. See: OSVDB-561
+ /cgi-914/nph-test-cgi: This CGI lets attackers get a directory listing of the CGI directory. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0045
+ /mpcgi/nph-test-cgi: This CGI lets attackers get a directory listing of the CGI directory. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0045
+ /scgi-bin/nph-test-cgi: This CGI lets attackers get a directory listing of the CGI directory. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0045
+ /cgi.cgi/include/new-visitor.inc.php: Les Visiteurs 2.0.1 and prior are vulnerable to remote command execution. BID 8902 for exploit example. See: OSVDB-2717
+ /mpcgi/include/new-visitor.inc.php: Les Visiteurs 2.0.1 and prior are vulnerable to remote command execution. BID 8902 for exploit example. See: OSVDB-2717
+ /scgi-bin/include/new-visitor.inc.php: Les Visiteurs 2.0.1 and prior are vulnerable to remote command execution. BID 8902 for exploit example. See: OSVDB-2717
+ /scripts/tools/newdsn.exe: This can be used to make DSNs, useful in use with an ODBC exploit and the RDS exploit (with msadcs.dll). Also may allow files to be created on the server. See: http://www.securityfocus.com/bid/1818 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0191 http://attrition.org/security/advisory/individual/rfp/rfp.9901.nt_odbc
+ /cgi.cgi/windmail: Some versions are vulnerable. Request 'windmail?-n%20c:\boot.ini%20you@youraddress.com' (replace your address) and see if you get the boot.ini file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0242
+ /mpcgi/windmail: Some versions are vulnerable. Request 'windmail?-n%20c:\boot.ini%20you@youraddress.com' (replace your address) and see if you get the boot.ini file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0242
+ /cgi-bin/windmail: Some versions are vulnerable. Request 'windmail?-n%20c:\boot.ini%20you@youraddress.com' (replace your address) and see if you get the boot.ini file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0242
+ /scgi-bin/windmail: Some versions are vulnerable. Request 'windmail?-n%20c:\boot.ini%20you@youraddress.com' (replace your address) and see if you get the boot.ini file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0242
+ /cgi-mod/windmail: Some versions are vulnerable. Request 'windmail?-n%20c:\boot.ini%20you@youraddress.com' (replace your address) and see if you get the boot.ini file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0242
+ /cgi.cgi/windmail.exe: Some versions are vulnerable. Request 'windmail.exe?-n%20c:\boot.ini%20you@youraddress.com' (replace your address) and see if you get the boot.ini file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0242
+ /ows-bin/windmail.exe: Some versions are vulnerable. Request 'windmail.exe?-n%20c:\boot.ini%20you@youraddress.com' (replace your address) and see if you get the boot.ini file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0242
+ /cgibin/windmail.exe: Some versions are vulnerable. Request 'windmail.exe?-n%20c:\boot.ini%20you@youraddress.com' (replace your address) and see if you get the boot.ini file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0242
+ /scgi-bin/windmail.exe: Some versions are vulnerable. Request 'windmail.exe?-n%20c:\boot.ini%20you@youraddress.com' (replace your address) and see if you get the boot.ini file. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0242
+ /admin/wg_user-info.ml: WebGate Web Eye exposes user names and passwords. See: OSVDB-2922
+ /c32web.exe/ChangeAdminPassword: This CGI may contain a backdoor and may allow attackers to change the Cart32 admin password. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0429
+ /buddies.blt: Buddy List?.
+ /cgi.cgi/cgiecho: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web.
+ /webcgi/cgiecho: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web.
+ /ows-bin/cgiecho: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web.
+ /scgi-bin/cgiecho: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web.
+ /cgi-mod/cgiecho: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web.
+ /webcgi/cgiemail: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web.
+ /cgi-914/cgiemail: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web.
+ /mpcgi/cgiemail: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web.
+ /cgibin/cgiemail: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web.
+ /cgi-mod/cgiemail: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web.
+ /mpcgi/countedit: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web.
+ /mpcgi/scgiwrap: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web.
+ /cgi-bin/scgiwrap: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web.
+ /cgibin/scgiwrap: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web.
+ /sqlnet.log: Oracle log file found.
+ /cgi-bin/GW5/GWWEB.EXE: Groupwise web interface.
+ /cgibin/GW5/GWWEB.EXE: Groupwise web interface.
+ /scgi-bin/GW5/GWWEB.EXE: Groupwise web interface.
+ /cgi-mod/GW5/GWWEB.EXE: Groupwise web interface.
+ /access-log: This might be interesting.
+ /access_log: This might be interesting.
+ /admin.php: This might be interesting.
+ /awebvisit.stat: This might be interesting.
+ /ccbill/secure/ccbill.log: CC Bill log file. Seen in carding forums. See: https://packetstormsecurity.com/files/32406/xmas.txt.html
+ /certificate: This might be interesting.
+ /cgi.cgi/dbmlparser.exe: This might be interesting.
+ /webcgi/dbmlparser.exe: This might be interesting.
+ /cgi-914/dbmlparser.exe: This might be interesting.
+ /mpcgi/dbmlparser.exe: This might be interesting.
+ /cgi-bin/dbmlparser.exe: This might be interesting.
+ /ows-bin/dbmlparser.exe: This might be interesting.
+ /cgibin/dbmlparser.exe: This might be interesting.
+ /cgi-mod/dbmlparser.exe: This might be interesting.
+ /console: This might be interesting.
+ /hyperstat/stat_what.log: This might be interesting. See: https://packetstormsecurity.com/files/32406/xmas.txt.html
+ /logfile: This might be interesting.
+ /manage/cgi/cgiproc: This might be interesting.
+ /master.password: This might be interesting.
+ /new: This might be interesting.
+ /news: This might be interesting.
+ /officescan/cgi/jdkRqNotify.exe: This might be interesting.
+ /orders/orders.log: Seen in carding forums. See: https://packetstormsecurity.com/files/32406/xmas.txt.html
+ /passwdfile: This might be interesting.
+ /polls: This might be interesting.
+ /readme: This might be interesting.
+ /scratch: This might be interesting.
+ /super_stats/error_logs: Web logs are exposed.
+ /wwwthreads/3tvars.pm: This might be interesting.
+ /cgi.cgi/.fhp: This might be interesting.
+ /webcgi/.fhp: This might be interesting.
+ /cgi-bin/.fhp: This might be interesting.
+ /ows-bin/.fhp: This might be interesting.
+ /cgibin/.fhp: This might be interesting.
+ /cgi-mod/.fhp: This might be interesting.
+ /mpcgi/admin.php: This might be interesting.
+ /scgi-bin/admin.php: This might be interesting.
+ /cgi-mod/admin.php: This might be interesting.
+ /webcgi/AnyForm: This might be interesting.
+ /ows-bin/AnyForm: This might be interesting.
+ /scgi-bin/AnyForm: This might be interesting.
+ /cgi.cgi/AnyForm2: This might be interesting.
+ /mpcgi/AnyForm2: This might be interesting.
+ /ows-bin/AnyForm2: This might be interesting.
+ /scgi-bin/AnyForm2: This might be interesting.
+ /cgi-mod/AnyForm2: This might be interesting.
+ /cgi.cgi/ash: This might be interesting: possibly a system shell found.
+ /cgibin/ash: This might be interesting: possibly a system shell found.
+ /scgi-bin/ash: This might be interesting: possibly a system shell found.
+ /cgi-mod/ash: This might be interesting: possibly a system shell found.
+ /cgi.cgi/bash: This might be interesting: possibly a system shell found.
+ /cgi-914/bash: This might be interesting: possibly a system shell found.
+ /ows-bin/bash: This might be interesting: possibly a system shell found.
+ /cgibin/bash: This might be interesting: possibly a system shell found.
+ /cgi.cgi/bnbform: This might be interesting.
+ /webcgi/bnbform: This might be interesting.
+ /cgi-914/bnbform: This might be interesting.
+ /mpcgi/bnbform: This might be interesting.
+ /cgi-bin/bnbform: This might be interesting.
+ /ows-bin/bnbform: This might be interesting.
+ /cgi.cgi/cgimail.exe: This might be interesting.
+ /cgi-914/cgimail.exe: This might be interesting.
+ /mpcgi/cgimail.exe: This might be interesting.
+ /cgibin/cgimail.exe: This might be interesting.
+ /cgi.cgi/classifieds: This might be interesting.
+ /cgi-914/classifieds: This might be interesting.
+ /mpcgi/classifieds: This might be interesting.
+ /ows-bin/classifieds: This might be interesting.
+ /cgibin/classifieds: This might be interesting.
+ /cgi-914/code.php: This might be interesting.
+ /mpcgi/code.php: This might be interesting.
+ /cgi-bin/code.php: This might be interesting.
+ /ows-bin/code.php: This might be interesting.
+ /cgi-bin/csh: This might be interesting: possibly a system shell found.
+ /ows-bin/csh: This might be interesting: possibly a system shell found.
+ /cgibin/csh: This might be interesting: possibly a system shell found.
+ /scgi-bin/csh: This might be interesting: possibly a system shell found.
+ /webcgi/excite: This might be interesting.
+ /cgi-bin/excite: This might be interesting.
+ /cgibin/excite: This might be interesting.
+ /scgi-bin/excite: This might be interesting.
+ /cgi.cgi/filemail: This might be interesting.
+ /webcgi/filemail: This might be interesting.
+ /cgi-914/filemail: This might be interesting.
+ /mpcgi/filemail: This might be interesting.
+ /cgi-bin/filemail: This might be interesting.
+ /ows-bin/filemail: This might be interesting.
+ /cgi.cgi/ftpsh: This might be interesting: possibly a system shell found.
+ /cgi-914/ftpsh: This might be interesting: possibly a system shell found.
+ /mpcgi/ftpsh: This might be interesting: possibly a system shell found.
+ /cgi-bin/ftpsh: This might be interesting: possibly a system shell found.
+ /cgibin/ftpsh: This might be interesting: possibly a system shell found.
+ /cgi-mod/ftpsh: This might be interesting: possibly a system shell found.
+ /webcgi/glimpse: This might be interesting.
+ /mpcgi/glimpse: This might be interesting.
+ /cgi-bin/glimpse: This might be interesting.
+ /cgi.cgi/jailshell: This might be interesting: possibly a system shell found.
+ /webcgi/jailshell: This might be interesting: possibly a system shell found.
+ /cgi-914/jailshell: This might be interesting: possibly a system shell found.
+ /mpcgi/jailshell: This might be interesting: possibly a system shell found.
+ /cgi-bin/jailshell: This might be interesting: possibly a system shell found.
+ /ows-bin/jailshell: This might be interesting: possibly a system shell found.
+ /scgi-bin/jailshell: This might be interesting: possibly a system shell found.
+ /cgi-914/jj: Allows attackers to execute commands as http daemon. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0260
+ /mpcgi/jj: Allows attackers to execute commands as http daemon. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0260
+ /ows-bin/jj: Allows attackers to execute commands as http daemon. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0260
+ /cgibin/jj: Allows attackers to execute commands as http daemon. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0260
+ /cgi-mod/jj: Allows attackers to execute commands as http daemon. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0260
+ /cgi.cgi/ksh: This might be interesting: possibly a system shell found.
+ /webcgi/ksh: This might be interesting: possibly a system shell found.
+ /mpcgi/ksh: This might be interesting: possibly a system shell found.
+ /cgibin/ksh: This might be interesting: possibly a system shell found.
+ /webcgi/logs/access_log: This might be interesting.
+ /mpcgi/logs/access_log: This might be interesting.
+ /scgi-bin/logs/access_log: This might be interesting.
+ /cgi-mod/logs/access_log: This might be interesting.
+ /webcgi/logs/error_log: This might be interesting.
+ /cgi-914/logs/error_log: This might be interesting.
+ /mpcgi/logs/error_log: This might be interesting.
+ /ows-bin/logs/error_log: This might be interesting.
+ /cgibin/logs/error_log: This might be interesting.
+ /cgi.cgi/minimal.exe: This might be interesting.
+ /webcgi/minimal.exe: This might be interesting.
+ /cgi-914/minimal.exe: This might be interesting.
+ /mpcgi/minimal.exe: This might be interesting.
+ /cgi-bin/minimal.exe: This might be interesting.
+ /webcgi/noshell: This might be interesting: possibly a system shell found.
+ /mpcgi/noshell: This might be interesting: possibly a system shell found.
+ /cgi-bin/noshell: This might be interesting: possibly a system shell found.
+ /ows-bin/noshell: This might be interesting: possibly a system shell found.
+ /cgibin/noshell: This might be interesting: possibly a system shell found.
+ /cgi.cgi/nph-publish: This might be interesting.
+ /ows-bin/nph-publish: This might be interesting.
+ /cgibin/nph-publish: This might be interesting.
+ /webcgi/pass: This might be interesting.
+ /cgi-914/pass: This might be interesting.
+ /mpcgi/pass: This might be interesting.
+ /ows-bin/pass: This might be interesting.
+ /scgi-bin/pass: This might be interesting.
+ /cgi-mod/pass: This might be interesting.
+ /webcgi/passwd: This might be interesting.
+ /cgibin/passwd: This might be interesting.
+ /cgi-mod/passwd: This might be interesting.
+ /cgi-914/post_query: This might be interesting.
+ /mpcgi/post_query: This might be interesting.
+ /cgi-bin/post_query: This might be interesting.
+ /scgi-bin/post_query: This might be interesting.
+ /cgi-mod/post_query: This might be interesting.
+ /cgi.cgi/rguest.exe: This might be interesting.
+ /cgi-914/rguest.exe: This might be interesting.
+ /ows-bin/rguest.exe: This might be interesting.
+ /webcgi/rksh: This might be interesting: possibly a system shell found.
+ /cgi-914/rksh: This might be interesting: possibly a system shell found.
+ /ows-bin/rksh: This might be interesting: possibly a system shell found.
+ /scgi-bin/rksh: This might be interesting: possibly a system shell found.
+ Scan terminated: 0 error(s) and 655 item(s) reported on remote host
+ End Time:           2024-05-22 02:25:32 (GMT-4) (61 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
Color Scheme
Target
sba.lt
Scan method
Nikto scan (max 60 sec)
Run command
nikto -host sba.lt -maxtime 60
Scan time
61s
Quick report
Order full scan ($79/one time)
Scan date
22 May 2024 02:25
Copy scan report
Download report
Remove scan result
$
Some firewalls blocks Nikto. For get true positive results add nikto.online IP addresses (172.96.166.66-172.96.166.70 or CIDR 172.96.166.64/29) to the whitelist
[scan_method]
Visibility:
Scan method: