Recent
:: anonymous
3 hrs ago
:: anonymous
9 hrs ago
:: anonymous
18 hrs ago
:: igd-jojo
1 day ago
:: jteam
1 day ago
:: anonymous
1 day ago
:: jteam
1 day ago
:: jteam
1 day ago
:: jteam
1 day ago
:: jteam
1 day ago
:: anonymous
1 day ago
:: This post is secret anonymous
1 day ago
:: anonymous
3 days ago
:: jteam
3 days ago
:: This post is secret anonymous
3 days ago
rss 2.0 feed
Make New Post
Posts: 22308

Syntax:       Wrapping:  

   #888 Posted by myky 2007-02-25 16:02:52 
Formated by GeSHi
  1. ---------------------------------------------------------------------------
  2. - Nikto 1.35/1.36     -     www.cirt.net
  3. + Target IP:       82.119.226.108
  4. + Target Hostname: www.spojenaskola.sk
  5. + Target Port:     80
  6. + Start Time:      Sun Feb 25 15:26:30 2007
  7. ---------------------------------------------------------------------------
  8. - Scan is dependent on "Server" string which can be faked, use -g to override
  9. + Server: Apache
  10. + Server does not respond with '404' for error messages (uses '200').
  11. +     This may increase false-positives.
  12. + All CGI directories 'found', use '-C none' to test none
  13. - Retrieved X-Powered-By header: PHP/4.4.4
  14. + /robots.txt - contains 6 'disallow' entries which should be manually viewed (added to mutation file lists) (GET).
  15. + PHP/4.4.4 appears to be outdated (current is at least 5.1.4)
  16. + /.DS_Store - Apache on Mac OSX will serve the .DS_Store file, which contains sensitive information. Configure Apache to ignore this file or upgrade to a newer version. (GET)
  17. + /.FBCIndex - This file son OSX contains the source of the files in the directory. http://www.securiteam.com/securitynews/5LP0O005FS.html (GET)
  18. + /docs/ - May give list of installed software (GET)
  19. + /examples/servlet/AUX - Apache Tomcat versions below 4.1 may be vulnerable to DoS by repeatedly requesting this file. (GET)
  20. + /icons/ - Directory indexing is enabled, it should only be enabled for specific directories (if required). If indexing is not used, the /icons directory should be removed. (GET)
  21. + /index.html.ca - Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. (GET)
  22. + /index.html.cz.iso8859-2 - Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. (GET)
  23. + /index.html.de - Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. (GET)
  24. + /index.html.dk - Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. (GET)
  25. + /index.html.ee - Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. (GET)
  26. + /index.html.el - Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. (GET)
  27. + /index.html.en - Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. (GET)
  28. + /index.html.es - Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. (GET)
  29. + /index.html.et - Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. (GET)
  30. + /index.html.fr - Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. (GET)
  31. + /index.html.he.iso8859-8 - Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. (GET)
  32. + /index.html.hr.iso8859-2 - Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. (GET)
  33. + /index.html.it - Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. (GET)
  34. + /index.html.ja.iso2022-jp - Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. (GET)
  35. + /index.html.kr.iso2022-kr - Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. (GET)
  36. + /index.html.ltz.utf8 - Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. (GET)
  37.  
  38. + Over 20 "OK" messages, this may be a by-product of the
  39.             +     server answering all requests with a "200 OK" message. You should
  40.             +     manually verify your results.
  41. + /index.html.lu.utf8 - Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. (GET)
  42. + /index.html.nl - Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. (GET)
  43. + /index.html.nn - Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. (GET)
  44. + /index.html.no - Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. (GET)
  45. + /index.html.po.iso8859-2 - Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. (GET)
  46. + /index.html.pt-br - Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. (GET)
  47. + /index.html.pt - Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. (GET)
  48. + /index.html.ru.cp-1251 - Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. (GET)
  49. + /index.html.ru.cp866 - Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. (GET)
  50. + /index.html.ru.iso-ru - Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. (GET)
  51. + /index.html.ru.koi8-r - Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. (GET)
  52. + /index.html.ru.utf8 - Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. (GET)
  53. + /index.html.se - Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. (GET)
  54. + /index.html.tw.Big5 - Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. (GET)
  55. + /index.html.tw - Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. (GET)
  56. + /index.html.var - Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information. (GET)
  57. + /jservdocs/ - Default Apache JServ docs should be removed. (GET)
  58. + /manual/images/ - Apache 2.0 directory indexing is enabled, it should only be enabled for specific directories (if required). Apache's manual should be removed and directory indexing disabled. (GET)
  59. + /server-info - This gives a lot of Apache information. Comment out appropriate line in httpd.conf or restrict access to allowed hosts. (GET)
  60. + /site/eg/source.asp - This asp (installed with Apache::ASP) allows attackers to upload files to the server. Upgrade to 1.95 or higher. CAN-2000-0628. (GET)
  61. + /soap/servlet/soaprouter - Oracle 9iAS SOAP components allow anonymous users to deploy applications by default. (GET)
  62. + /soapConfig.xml - Oracle 9iAS configuration file found - see bugrtraq #4290. (GET)
  63. + /stronghold-info - Redhat Stronghold from versions 2.3 up to 3.0 disclose sensitive information. This gives information on configuration. CAN-2001-0868. (GET)
  64. + /stronghold-status - Redhat Stronghold from versions 2.3 up to 3.0 disclose sensitive information. CAN-2001-0868. (GET)
  65. + /tomcat-docs/index.html - Default Apache Tomcat documentation found. (GET)
  66. + /XSQLConfig.xml - Oracle 9iAS configuration file found - see bugrtraq #4290. (GET)
  67. + /admin/config.php - PHP Config file may contain database IDs and passwords. (GET)
  68. + /adm/config.php - PHP Config file may contain database IDs and passwords. (GET)
  69. + /My_eGallery/public/displayCategory.php - My_eGallery prior to 3.1.1.g are vulnerable to a remote execution bug via SQL command injection. displayCategory.php calls imageFunctions.php without checking URL/location arguments. (GET)
  70. + /postnuke/My_eGallery/public/displayCategory.php - My_eGallery prior to 3.1.1.g are vulnerable to a remote execution bug via SQL command injection. displayCategory.php calls imageFunctions.php without checking URL/location arguments. (GET)
  71. + /postnuke/html/My_eGallery/public/displayCategory.php - My_eGallery prior to 3.1.1.g are vulnerable to a remote execution bug via SQL command injection. displayCategory.php calls imageFunctions.php without checking URL/location arguments. (GET)
  72. + /modules/My_eGallery/public/displayCategory.php - My_eGallery prior to 3.1.1.g are vulnerable to a remote execution bug via SQL command injection. displayCategory.php calls imageFunctions.php without checking URL/location arguments. (GET)
  73. + /phpBB/My_eGallery/public/displayCategory.php - My_eGallery prior to 3.1.1.g are vulnerable to a remote execution bug via SQL command injection. displayCategory.php calls imageFunctions.php without checking URL/location arguments. (GET)
  74. + /forum/My_eGallery/public/displayCategory.php - My_eGallery prior to 3.1.1.g are vulnerable to a remote execution bug via SQL command injection. displayCategory.php calls imageFunctions.php without checking URL/location arguments. (GET)
  75. + /_layouts/alllibs.htm -  Microsoft SharePoint Portal and Team Serices vulnerable to NT or NTLM authentication bypass on Win2000 SP4 using IE 6.x. Bugtraq 03-11-19 post by arkanian@hacker.am (GET)
  76. + /_layouts/settings.htm - Microsoft SharePoint Portal and Team Serices vulnerable to NT or NTLM authentication bypass on Win2000 SP4 using IE 6.x. Bugtraq 03-11-19 post by arkanian@hacker.am (GET)
  77. + /_layouts/userinfo.htm -  Microsoft SharePoint Portal and Team Serices vulnerable to NT or NTLM authentication bypass on Win2000 SP4 using IE 6.x. Bugtraq 03-11-19 post by arkanian@hacker.am (GET)
  78. + /..\..\..\..\..\..\temp\temp.class - Cisco ACS 2.6.x and 3.0.1 (build 40) allows authenticated remote users to retrieve any file from the system. Upgrade to the latest version. (GET)
  79. + /..%252f..%252f..%252f..%252f..%252f../windows/repair/sam - BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information. (GET)
  80. + /..%252f..%252f..%252f..%252f..%252f../winnt/repair/sam._ - BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information. (GET)
  81. + /..%252f..%252f..%252f..%252f..%252f../winnt/repair/sam - BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information. (GET)
  82. + /..%255c..%255c..%255c..%255c..%255c../windows/repair/sam - BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information. (GET)
  83. + /..%255c..%255c..%255c..%255c..%255c../winnt/repair/sam._ - BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information. (GET)
  84. + /..%255c..%255c..%255c..%255c..%255c../winnt/repair/sam - BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information. (GET)
  85. + /.access - Contains authorization information (GET)
  86. + /.addressbook - PINE addressbook, may store sensitive e-mail address contact information and notes (GET)
  87. + /.bash_history - A user's home directory may be set to the web root, the shell history was retrieved. This should not be accessible via the web. (GET)
  88. + /.bashrc - User home dir was found with a shell rc file. This may reveal file and path information. (GET)
  89. + /.forward - User home dir was found with a mail forward file. May reveal where the user's mail is being forwarded to. (GET)
  90. + /.history - A user's home directory may be set to the web root, the shell history was retrieved. This should not be accessible via the web. (GET)
  91. + /.lynx_cookies - User home dir found with LYNX cookie file. May reveal cookies received from arbitrary web sites. (GET)
  92. + /.mysql_history - Database SQL? (GET)
  93. + /.passwd - Contains authorization information (GET)
  94. + /.pinerc - User home dir found with a PINE rc file. May reveal system information, directories and more. (GET)
  95. + /.plan - User home dir with a .plan, a now mostly outdated file for delivering information via the finger protocol  (GET)
  96. + /.proclog - User home dir with a Procmail log file. May reveal user mail traffic, directories and more. (GET)
  97. + /.procmailrc - User home dir with a Procmail rc file. May reveal sub directories, mail contacts and more. (GET)
  98. + /.profile - User home dir with a shell profile was found. May reveal directory information and system configuration. (GET)
  99. + /.rhosts - A user's home directory may be set to the web root, a .rhosts file was retrieved. This should not be accessible via the web. (GET)
  100. + /.sh_history - A user's home directory may be set to the web root, the shell history was retrieved. This should not be accessible via the web. (GET)
  101. + /.ssh - A user's home directory may be set to the web root, an ssh file was retrieved. This should not be accessible via the web. (GET)
  102. + /.ssh/authorized_keys - A user's home directory may be set to the web root, an ssh file was retrieved. This should not be accessible via the web. (GET)
  103. + /.ssh/known_hosts - A user's home directory may be set to the web root, an ssh file was retrieved. This should not be accessible via the web. (GET)
  104. + / - TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACE)
  105. + /[SecCheck]/..%252f..%252f../ext.ini - BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information. (GET)
  106. + /[SecCheck]/..%255c..%255c../ext.ini - BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information. (GET)
  107. + ///etc/hosts - The server install allows reading of any system file by adding an extra '/' to the URL. (GET)
  108. + //admin/admin.shtml - Axis network camera may allow admin bypass by using double-slashes before URLs. (GET)
  109. + //admin/aindex.htm - FlexWATCH firmware 2.2 is vulnerable to authentication bypass by prepending an extra '/'. http://packetstorm.linuxsecurity.com/0310-exploits/FlexWATCH.txt (GET)
  110. + /~root/ - Allowed to browse root's home directory (GET)
  111. + /a/ - May be Kebi Web Mail administration menu. (GET)
  112. + /acart2_0/acart2_0.mdb - Alan Ward A-Cart 2.0 allows remote user to read customer database file which may contain usernames, passwords, credit cards and more. (GET)
  113. + /acart2_0/admin/category.asp - Alan Ward A-Cart 2.0 is vulnerable to an XSS attack which may cause the administrator to delete database information. (GET)
  114. + /accounts/getuserdesc.asp - Hosting Controller 2002 administration page is available. This should be protected. (GET)
  115. + /Admin_files/order.log - Selena Sol's WebStore 1.0 exposes order information, http://www.extropia.com/, http://www.mindsec.com/advisories/post2.txt. (GET)
  116. + /admin.php?en_log_id=0&action=config - EasyNews from http://www.webrc.ca version 4.3 allows remote admin access. This php file should be protected. (GET)
  117. + /admin.php?en_log_id=0&action=users - EasyNews from http://www.webrc.ca version 4.3 allows remote admin access. This php file should be protected. (GET)
  118. + /admin.php4?reg_login=1 - Mon Album from http://www.3dsrc.com version 0.6.2d allows remote admin access. This should be protected. (GET)
  119. + /admin/admin_phpinfo.php4 - Mon Album from http://www.3dsrc.com version 0.6.2d allows remote admin access. This should be protected. (GET)
  120. + /admin/admin.php?adminpy=1 - PY-Membres 4.2 may allow administrator access. (GET)
  121. + /admin/contextAdmin/contextAdmin.html - Tomcat may be configured to let attackers read arbitrary files. Restrict access to /admin. (GET)
  122. + /admin/cplogfile.log - DevBB 1.0 final (http://www.mybboard.com)  log file is readable remotely. Upgrade to the latest version. (GET)
  123. + /admin/database/wwForum.mdb - Web Wiz Forums pre 7.5 is vulnerable to Cross-Site Scripting attacks. Default login/pass is Administrator/letmein (GET)
  124. + /admin/phpinfo.php - Immobilier or phPay allows phpinfo() to be run. See http://www.frog-man.org/tutos/Immoblier.txt or http://phpay.sourceforge.net/ (GET)
  125. + /admin/system_footer.php - myphpnuke version 1.8.8_final_7 reveals detailed system information. (GET)
  126. + /admin/wg_user-info.ml - WebGate Web Eye exposes user names and passwords. OSVDB-2922 (GET)
  127. + /administrator/gallery/uploadimage.php - Mambo PHP Portal/Server 4.0.12 BETA and below may allow upload of any file type simply putting '.jpg' before the real file extension. (GET)
  128. + /agentadmin.php - Immobilier may allow php files to be included from remote sites. See http://www.frog-man.org/tutos/Immoblier.txt (GET)
  129. + /akopia/ - Akopia is installed. (GET)
  130. + /amber_csh.html - Has been seen in web logs from an unknown scanner. (GET)
  131. + /ammerum/ - Ammerum pre 0.6-1 had several security issues. (GET)
  132. + /anthill/login.php - Anthill bug tracking system may be installed. Versions lower than 0.1.6.1 allow XSS/HTML injection and may allow users to bypass login requirements. http://anthill.vmlinuz.ca/ and CA-2000-02 (GET)
  133. + /ariadne/ - Ariadne pre 2.1.2 has several vulnerabilities. The default login/pass to the admin page is admin/muze. (GET)
  134. + /ASP/cart/database/metacart.mdb - MetaCart2 is an ASP shopping cart. The database of customers is available via the web. (GET)
  135. + /author.asp - May be FactoSystem CMS, which could include SQL injection problems which could not be tested remotely. (GET)
  136. + /autologon.html?10514 - Remotely Anywhere 5.10.415 is vulnerable to CSS attacks that can lead to cookie theft or privilege escalation. This is typically found on port 2000. (GET)
  137. + /axis-cgi/buffer/command.cgi - Axis WebCam 2400 may allow overwriting or creating files on the system. See http://www.websec.org/adv/axis2400.txt.html for details. (GET)
  138. + /b2-include/b2edit.showposts.php - Some versions of B2 (cafelog.com) are vulnerable to remote inclusion by redefining $b2inc to a remote php file. Upgrade to a version higher than b2.06pre2. This vulnerability could not be confirmed. (GET)
  139. + /BACLIENT - IBM Tivoli default file found. OSVDB-2117. (GET)
  140. + /ban.bak - Bannermatic versions 1-3 reveal sensitive information from unprotected files. These files should be protected. (GET)
  141. + /ban.dat - Bannermatic versions 1-3 reveal sensitive information from unprotected files. These files should be protected. (GET)
  142. + /ban.log - Bannermatic versions 1-3 reveal sensitive information from unprotected files. These files should be protected. (GET)
  143. + /banmat.pwd - Bannermatic versions 1-3 reveal sensitive information from unprotected files. These files should be protected. (GET)
  144. + /basilix/ - BasiliX webmail application. Default mysql database name is 'BASILIX' with password 'bsxpass' (GET)
  145. + /basilix/compose-attach.php3 - BasiliX webmail application prior to 1.1.1 contains non descript security vulnerability in compose-attach.php3 related to attachment uploads (GET)
  146. + /basilix/mbox-list.php3 - BasiliX webmail application prior to 1.1.1 contains a CSS issue in 'message list' function/page (GET)
  147. + /basilix/message-read.php3 - BasiliX webmail application prior to 1.1.1 contains a CSS issue in 'read message' function/page (GET)
  148. + /bb-dnbd/faxsurvey - This may allow arbitrary command execution. (GET)
  149. + /bigconf.cgi - BigIP Configuration CGI (GET)
  150. + /blah_badfile.shtml - Allaire Coldfusion allows jsp source viewed through a vulnerable SSI call. (GET)
  151. + /buddies.blt - Buddy List? (GET)
  152. + /buddy.blt - Buddy List? (GET)
  153. + /buddylist.blt - Buddy List? (GET)
  154. + /c32web.exe/ChangeAdminPassword - This CGI may contain a backdoor and may allow attackers to change the Cart32 admin password. (GET)
  155. + /cartcart.cgi - If this is Dansie shopping cart 3.0.8 or earlier, it contains a backdoor to allow attackers to execute arbitrary commands. (GET)
  156. + /catalog/includes/include_once.php - This phpWebSite script may allow inclusion of remote scripts by adding ?inc_prefix=http://YOURHOST/ (GET)
  157. + /catinfo - May be vulnerable to a buffer overflow. Request '/catinfo?' and add on 2048 of garbage to test. (GET)
  158. + /cbms/cbmsfoot.php - CBMS Billing Management has had many vulnerabilities in versions 0.7.1 and below. none could be confirmed here, but they should be manually checked if possible. http://freshmeat.net/projects/cbms/ (GET)
  159. + /cbms/changepass.php - CBMS Billing Management has had many vulnerabilities in versions 0.7.1 and below. none could be confirmed here, but they should be manually checked if possible. http://freshmeat.net/projects/cbms/ (GET)
  160. + /cbms/editclient.php - CBMS Billing Management has had many vulnerabilities in versions 0.7.1 and below. none could be confirmed here, but they should be manually checked if possible. http://freshmeat.net/projects/cbms/ (GET)
  161. + /cbms/passgen.php - CBMS Billing Management has had many vulnerabilities in versions 0.7.1 and below. none could be confirmed here, but they should be manually checked if possible. http://freshmeat.net/projects/cbms/ (GET)
  162. + /cbms/realinv.php - CBMS Billing Management has had many vulnerabilities in versions 0.7.1 and below. none could be confirmed here, but they should be manually checked if possible. http://freshmeat.net/projects/cbms/ (GET)
  163. + /cbms/usersetup.php - CBMS Billing Management has had many vulnerabilities in versions 0.7.1 and below. none could be confirmed here, but they should be manually checked if possible. http://freshmeat.net/projects/cbms/ (GET)
  164. + /cd-cgi/sscd_suncourier.pl - Sunsolve CD script may allow users to execute arbitrary commands. The script was confirmed to exist, but the test was not done. (GET)
  165. + /cfappman/index.cfm - susceptible to ODBC/pipe-style exploit; see RFP9901 http://www.wiretrip.net/rfp/p/doc.asp/i2/d3.htm (GET)
  166. + /cfdocs/cfmlsyntaxcheck.cfm - can be used for a DoS on the server by requesting it check all .exe's (GET)
  167. + /cfdocs/examples/cvbeans/beaninfo.cfm - susceptible to our ODBC exploit; see RFP9901 http://www.wiretrip.net/rfp/p/doc.asp/i2/d3.htm (GET)
  168. + /cfdocs/examples/parks/detail.cfm - susceptible to our ODBC exploit; see RFP9901 http://www.wiretrip.net/rfp/p/doc.asp/i2/d3.htm (GET)
  169. + /cfdocs/expeval/displayopenedfile.cfm - Unknown vul (GET)
  170. + /cfdocs/expeval/openfile.cfm - Sample code shipped with ColdFusion may allow an attacker to verify the existance of files or directories outside the web server path, launch Denial of Service attacks, and more. CVE-1999-0924. Allaire ASB99-02 (http://www.macromedia.com/v1/handlers/index.cfm?ID=8739&Method=Full). (GET)
  171. + /cfdocs/expeval/sendmail.cfm - can be used to send email; go to the page and fill in the form (GET)
  172. + /cfdocs/snippets/evaluate.cfm - can enter CF code to be evaluated, or create denial of service see www.allaire.com/security/ technical papers and advisories for info (GET)
  173. + /cfdocs/snippets/fileexists.cfm - can be used to verify the existance of files (on the same drive info as the web tree/file) (GET)
  174. + /cfdocs/snippets/gettempdirectory.cfm - depending on install, creates files, gives you physical drive info, sometimes defaults to \winnt\ directory as temp directory (GET)
  175. + /cfdocs/snippets/viewexample.cfm - this can be used to view .cfm files, request viewexample.cfm?Tagname=..\..\..\file  (.cfm is assumed) (GET)
  176. + /cfide/Administrator/startstop.html - can start/stop the server (GET)
  177. + /cgi-bin/.cobalt/siteUserMod/siteUserMod.cgi - Older versions of this CGI allow any user to change the administrator password. (GET)
  178. + /cgi-bin/admin/admin.cgi - May be ImageFolio Pro administration CGI. Default login is Admin/ImageFolio. (GET)
  179. + /cgi-bin/admin/setup.cgi - May be ImageFolio Pro setup CGI. Default login is Admin/ImageFolio. (GET)
  180. + /cgi-bin/bigconf.cgi - BigIP Configuration CGI (GET)
  181. + /cgi-bin/common/listrec.pl - This CGI allows attackers to execute commands on the host. (GET)
  182. + /cgi-bin/handler - comes with IRIX 5.3 - 6.4; allows to run arbitrary commands (GET)
  183. + /cgi-bin/MachineInfo - gives out information on the machine (IRIX), including hostname (GET)
  184. + /cgi-bin/pfdisplay.cgi - comes with IRIX 6.2-6.4; allows to run arbitrary commands (GET)
  185. + /cgi-bin/webdist.cgi - comes with IRIX 5.0 - 6.3; allows to run arbitrary commands (GET)
  186. + /cgi-bin/wrap - comes with IRIX 6.2; allows to view directories (GET)
  187. + /cgi-sys/addalink.cgi - Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web (GET)
  188. + /cgi-sys/cgiecho - Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web (GET)
  189. + /cgi-sys/cgiemail - Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web (GET)
  190. + /cgi-sys/countedit - Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web (GET)
  191. + /cgi-sys/domainredirect.cgi - Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web (GET)
  192. + /cgi-sys/entropybanner.cgi - Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web (GET)
  193. + /cgi-sys/entropysearch.cgi - Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web (GET)
  194. + /cgi-sys/FormMail-clone.cgi - Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web (GET)
  195. + /cgi-sys/helpdesk.cgi - Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web (GET)
  196. + /cgi-sys/mchat.cgi - Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web (GET)
  197. + /cgi-sys/randhtml.cgi - Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web (GET)
  198. + /cgi-sys/realhelpdesk.cgi - Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web (GET)
  199. + /cgi-sys/realsignup.cgi - Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web (GET)
  200. + /cgi-sys/scgiwrap - Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web (GET)
  201. + /cgi-sys/signup.cgi - Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web (GET)
  202. + /cgi/cgiproc? - It may be possible to crash Nortel Contivity VxWorks by requesting '/cgi/cgiproc?$' (not attempted!). Upgrade to version 2.60 or later. (GET)
  203. + /cgis/wwwboard/wwwboard.cgi - Versions 2.0 Alpha and below have multiple problems. See BID-649 and BID 1795. Default ID 'WebAdmin' with pass 'WebBoard'. (GET)
  204. + /cgis/wwwboard/wwwboard.pl - Versions 2.0 Alpha and below have multiple problems. See BID-649 and BID 1795. Default ID 'WebAdmin' with pass 'WebBoard'. (GET)
  205. + /chat/!nicks.txt - WF-Chat 1.0 Beta allows retrieval of user information. (GET)
  206. + /chat/!pwds.txt - WF-Chat 1.0 Beta allows retrieval of user information. (GET)
  207. + /chat/data/usr - SimpleChat! 1.3 allows retrieval of user information. (GET)
  208. + /clusterframe.jsp - Macromedia Jrun 4 build 61650 remote administration interface is vulnerable to several CSS attacks. (GET)
  209. + /config.inc - DotBr 0.1 configuration file includes usernames and passwords. (GET)
  210. + /config.php - PHP Config file may contain database IDs and passwords. (GET)
  211. + /config/ - Configuration information may be available remotely. (GET)
  212. + /Config1.htm - This may be a D-Link, some devices have a DoS condition if an oversized POST request is sent. This DoS was not tested. See http://www.phenoelit.de/stuff/dp-300.txt for info. (GET)
  213. + /contents.php?new_language=elvish&mode=select - Requesting a file with an invalid language selection from DC Portal may reveal the system path. (GET)
  214. + /counter/1/n/n/0/3/5/0/a/123.gif - The Roxen Counter may eat up excessive CPU time with image requests. (GET)
  215. + /cpanel/ - Web-based control panel (GET)
  216. + /cplogfile.log - XMB Magic Lantern forum 1.6b final (http://www.xmbforum.com) log file is readable remotely. Upgrade to the latest version. (GET)
  217. + /custdata/ - This may be COWS (CGI Online Worldweb Shopping), and may be interesting... (GET)
  218. + /CVS/Entries - CVS Entries file may contain directory listing information. (GET)
  219. + /data.sql - Database SQL? (GET)
  220. + /data/member_log.txt - Teekai's forum full 1.2 member's log can be retrieved remotely. (GET)
  221. + /data/userlog/log.txt - Teekai's Tracking Online 1.0 log can be retrieved remotely. (GET)
  222. + /database/ - Databases? Really?? (GET)
  223. + /database/metacart.mdb - MetaCart2 is an ASP shopping cart. The database of customers is available via the web. (GET)
  224. + /databases/ - Databases? Really?? (GET)
  225. + /databse.sql - Database SQL? (GET)
  226. + /db.sql - Database SQL? (GET)
  227. + /db/users.dat - upb PB allows the user database to be retrieved remotely. (GET)
  228. + /dc/auth_data/auth_user_file.txt - The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information. (GET)
  229. + /dc/orders/orders.txt - The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information. (GET)
  230. + /dcshop/auth_data/auth_user_file.txt - The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information. (GET)
  231. + /dcshop/orders/orders.txt - The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information. (GET)
  232. + /doc/ - The /doc directory is browsable. This may be /usr/doc. (GET)
  233. + /dostuff.php?action=modify_user - Blahz-DNS allows unauthorized users to edit user information. Upgrade to version 0.25 or higher. http://blahzdns.sourceforge.net/ (GET)
  234. + /ews/ews/architext_query.pl - Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands. BID-2665. (GET)
  235. + /exair/howitworks/Code.asp - Scripts within the Exair package on IIS 4 can be used for a DoS against the server. CVE-1999-0449. BID-193. (GET)
  236. + /examples/jsp/snp/anything.snp - Tomcat servlet gives lots of host information. (GET)
  237. + /ext.dll?MfcIsapiCommand=LoadPage&page=admin.hts%20&a0=add&a1=root&a2=%5C - This check (A) sets up the next bad blue test (B) for possible exploit. see http://www.badblue.com/down.htm (GET)
  238. + /filemanager/filemanager_forms.php - Some versions of PHProjekt allow remote file inclusions. Verify the current version is running. See http://www.securiteam.com/unixfocus/5PP0F1P6KS.html for more info (GET)
  239. + /finance.xls - Finance spreadsheet? (GET)
  240. + /finances.xls - Finance spreadsheet? (GET)
  241. + /foo.php3 - DotBr 0.1 has a phpinfo() script called foo.php3. (GET)
  242. + /forum/admin/database/wwForum.mdb - Web Wiz Forums pre 7.5 is vulnerable to Cross-Site Scripting attacks. Default login/pass is Administrator/letmein (GET)
  243. + /forum/admin/wwforum.mdb - Web Wiz Forums passwords found. (GET)
  244. + /forums/@ADMINconfig.php - PHP Config file may contain database IDs and passwords. (GET)
  245. + /forums/config.php - PHP Config file may contain database IDs and passwords. (GET)
  246. + /forums/index.php?top_message=<script>alert(document.cookie)</script>  - Led-Forums allows any user to change the welcome message, and it is vulnerable to Cross Site Scripting (XSS). CA-2000-02. (GET)
  247. + /fpdb/shop.mdb - MetaCart2 is an ASP shopping cart. The database of customers is available via the web. (GET)
  248. + /gb/index.php?login=true - gBook may allow admin login by setting the value 'login' equal to 'true'. (GET)
  249. + /geeklog/users.php - Geeklog prior to 1.3.8-1sr2 contain a SQL injection vulnerability that lets a remote attacker reset admin password. (GET)
  250. + /getaccess - This may be an indication that the server is running getAccess for SSO (GET)
  251. + /global.inc - PHP-Survey's include file should not be available via the web. Configure the web server to ignore .inc files or change this to global.inc.php (GET)
  252. + /globals.jsa - Oracle globals.jsa file (GET)
  253. + /guestbook/?number=5&lng=%3Cscript%3Ealert(document.domain);%3C/script%3E - MPM Guesbook 1.2 and previous are vulnreable to CSS/XSS attacks. (GET)
  254. + /guestbook/admin.php - Guestbook admin page available without authentication. (GET)
  255. + /guestbook/admin/o12guest.mdb - Ocean12 ASP Guestbook Manager allows download of SQL database which contains admin password. (GET)
  256. + /guestbook/guestbookdat - PHP-Gastebuch 1.60 Beta reveals sensitive information about its configuration. (GET)
  257. + /guestbook/pwd - PHP-Gastebuch 1.60 Beta reveals the md5 hash of the admin password. (GET)
  258. + /help/ - Help directory should not be accessible (GET)
  259. + /hola/admin/cms/htmltags.php?datei=./sec/data.php - hola-cms-1.2.9-10 may reveal the administrator ID and password. (GET)
  260. + /hostingcontroller/ - This might be interesting...probably HostingController, www.hostingcontroller.com (GET)
  261. + /hp/device/this.LCDispatcher - The Hewlett Packard Color LaserJet 4550 may allow unauthenticated users to permanently include links (and other data) in the web interface. (GET)
  262. + /htpasswd - Passwords? (GET)
  263. + /IDSWebApp/IDSjsp/Login.jsp - Tivoli Directory Server Web Administration. (GET)
  264. + /IlohaMail/blank.html - IlohaMail 0.8.10 contains a CSS vulnerability. Previous versions contain other non-descript vulnerabilities. (GET)
  265. + /img-sys/ - Default image directory should not allow directory listing. (GET)
  266. + /inc/common.load.php - Bookmark4U v1.8.3 include files are not protected, and may contain remote source injection by using the 'prefix' variable. (GET)
  267. + /inc/config.php - Bookmark4U v1.8.3 include files are not protected, and may contain remote source injection by using the 'prefix' variable. (GET)
  268. + /inc/dbase.php - Bookmark4U v1.8.3 include files are not protected, and may contain remote source injection by using the 'prefix' variable. (GET)
  269. + /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 - PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184. (GET)
  270. + /index.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 - PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184. (GET)
  271. + /index.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42 - PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184. (GET)
  272. + /index.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42 - PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184. (GET)
  273. + /index.php?module=My_eGallery - My_eGallery prior to 3.1.1.g are vulnerable to a remote execution bug via SQL command injection. (GET)
  274. + /index.php?top_message=<script>alert(document.cookie)</script>  - Led-Forums allows any user to change the welcome message, and it is vulnerable to Cross Site Scripting (XSS). CA-2000-02. (GET)
  275. + /info.php - Contains PHP configuration information (GET)
  276. + /instantwebmail/message.php - Instant Web Mail (http://understroem.kdc/instantwebmail/) is installed. Versions 0.59 and lower can allow remote users to embed POP3 commands in URLs contained in email. (GET)
  277. + /interchange/ - Interchange chat is installed. Look for a high-numbered port like 20xx to find it running. (GET)
  278. + /ip.txt - This may be User Online from http://www.elpar.net version 2.0, which has a remotely accessible log file. (GET)
  279. + /isapi/count.pl? - AN HTTPd default script may allow writing over arbitrary files with a new content of '1', which could allow a trivial DoS. Append /../../../../../ctr.dll to replace this file's contents, for example. (GET)
  280. + /isqlplus - Oracle iSQL*Plus is installed. This may be vulnerable to a buffer overflow in the user id field. http://www.ngssoftware.com/advisories/ora-isqlplus.txt (GET)
  281. + /jamdb/ - JamDB pre 0.9.2 mp3.php and image.php can allow user to read arbitrary file out of docroot. (GET)
  282. + /java-sys/ - Default Java directory should not allow directory listing. (GET)
  283. + /javadoc/ - Documentation...? (GET)
  284. + /jigsaw/ - Jigsaw server may be installed. Versions lower than 2.2.1 are vulnerable to Cross Site Scripting (XSS), update to latest at http://freshmeat.net/users/yveslafon/. CA-2000-02. (GET)
  285. + /Jigsaw/ - Jigsaw server may be installed. Versions lower than 2.2.1 are vulnerable to Cross Site Scripting (XSS), update to latest at http://freshmeat.net/users/yveslafon/. CA-2000-02. (GET)
  286. + /kboard/ - KBoard Forum 0.3.0 and prior have a security problem in forum_edit_post.php, forum_post.php and forum_reply.php (GET)
  287. + /krysalis/ - Krysalis pre 1.0.3 may allow remote users to read arbitrary files outside docroot (GET)
  288. + /level/16 - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  289. + /level/16/exec/-///pwd - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  290. + /level/16/exec/-///show/configuration - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  291. + /level/16/exec/ - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  292. + /level/16/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  293. + /level/16/exec//show/access-lists - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  294. + /level/16/level/16/exec//show/configuration - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  295. + /level/16/level/16/exec//show/interfaces - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  296. + /level/16/level/16/exec//show/interfaces/status - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  297. + /level/16/level/16/exec//show/running-config/interface/FastEthernet - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  298. + /level/16/level/16/exec//show/version - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  299. + /level/17/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  300. + /level/18/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  301. + /level/19/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  302. + /level/20/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  303. + /level/21/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  304. + /level/22/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  305. + /level/23/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  306. + /level/24/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  307. + /level/25/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  308. + /level/26/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  309. + /level/27/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  310. + /level/28/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  311. + /level/29/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  312. + /level/30/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  313. + /level/31/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  314. + /level/32/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  315. + /level/33/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  316. + /level/34/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  317. + /level/35/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  318. + /level/36/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  319. + /level/37/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  320. + /level/38/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  321. + /level/39/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  322. + /level/40/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  323. + /level/41/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  324. + /level/42/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  325. + /level/42/exec/show%20conf - Retrieved Cisco configuration file. (GET)
  326. + /level/43/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  327. + /level/44/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  328. + /level/45/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  329. + /level/46/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  330. + /level/47/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  331. + /level/48/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  332. + /level/49/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  333. + /level/50/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  334. + /level/51/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  335. + /level/52/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  336. + /level/53/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  337. + /level/54/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  338. + /level/55/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  339. + /level/56/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  340. + /level/57/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  341. + /level/58/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  342. + /level/59/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  343. + /level/60/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  344. + /level/61/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  345. + /level/62/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  346. + /level/63/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  347. + /level/64/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  348. + /level/65/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  349. + /level/66/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  350. + /level/67/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  351. + /level/68/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  352. + /level/69/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  353. + /level/70/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  354. + /level/71/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  355. + /level/72/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  356. + /level/73/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  357. + /level/74/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  358. + /level/75/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  359. + /level/76/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  360. + /level/77/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  361. + /level/78/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  362. + /level/79/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  363. + /level/80/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  364. + /level/81/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  365. + /level/82/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  366. + /level/83/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  367. + /level/84/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  368. + /level/85/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  369. + /level/86/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  370. + /level/87/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  371. + /level/88/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  372. + /level/89/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  373. + /level/90/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  374. + /level/91/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  375. + /level/92/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  376. + /level/93/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  377. + /level/94/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  378. + /level/95/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  379. + /level/96/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  380. + /level/97/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  381. + /level/98/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  382. + /level/99/exec//show - CISCO HTTP service allows remote execution of commands. OSVDB-578 (GET)
  383. + /lists/admin/ - PHPList pre 2.6.4 contains a number of vulnerabilities including remote administrative access, harvesting user info and more. Default login to admin interface is admin/phplist (GET)
  384. + /livehelp/ - LiveHelp may reveal system information. (GET)
  385. + /LiveHelp/ - LiveHelp may reveal system information. (GET)
  386. + /log/ - Ahh...log information...fun! (GET)
  387. + /logicworks.ini - web-erp 0.1.4 and earlier allow .ini files to be read remotely. (GET)
  388. + /LOGIN.PWD - The Nortel MIRAN password file is available remotely--it may not be encrypted. (GET)
  389. + /logjam/showhits.php - Logjam may possibly allow remote command execution via showhits.php page. (GET)
  390. + /logs/str_err.log - Bmedia error log, contains invalid login attempts which include the invalid usernames and passwords entered (could just be typos & be very close to the right entries). (GET)
  391. + /mall_log_files/order.log - EZMall2000 exposes order information, http://www.ezmall2000.com/, see http://www.mindsec.com/advisories/post2.txt for details. (GET)
  392. + /mambo/administrator/phpinfo.php - Mambo Site Server 4.0.11 phpinfo.php script reveals system information. (GET)
  393. + /manager/ - May be a web server or site manager. (GET)
  394. + /manual.php - Does not filter input before passing to shell command. Try 'ls -l' as the man page entry. (GET)
  395. + /manual/ - Web server manual? tsk tsk. (GET)
  396. + /master.password - Passwords? (GET)
  397. + /mcartfree/database/metacart.mdb - MetaCart2 is an ASP shopping cart. The database of customers is available via the web. (GET)
  398. + /megabook/files/20/setup.db - Megabook guestbook configuration available remotely. (GET)
  399. + /metacart/database/metacart.mdb - MetaCart2 is an ASP shopping cart. The database of customers is available via the web. (GET)
  400. + /midicart.mdb - MIDICART database is available for browsing. This should not be allowed via the web server. (GET)
  401. + /MIDICART/midicart.mdb - MIDICART database is available for browsing. This should not be allowed via the web server. (GET)
  402. + /mlog.phtml - Remote file read vulnerability CVE-1999-0346 (GET)
  403. + /modsecurity.php - This phpWebSite script may allow inclusion of remote scripts by adding ?inc_prefix=http://YOURHOST/ (GET)
  404. + /mp3/ - Uh oh... (GET)
  405. + /mpcsoftweb_guestbook/database/mpcsoftweb_guestdata.mdb - MPCSoftWeb Guest Book passwords retrieved. (GET)
  406. + /musicqueue.cgi - Musicqueue 1.20 is vulnerable to a buffer overflow. Ensure the latest version is installed (exploit not attempted). http://musicqueue.sourceforge.net/ (GET)
  407. + /ncl_items.html - This may allow attackers to reconfigure your Tektronix printer. (GET)
  408. + /ncl_items.shtml?SUBJECT=1 - This may allow attackers to reconfigure your Tektronix printer. (GET)
  409. + /news/news.mdb - Web Wiz Site News realease v3.06 admin password database is available and unencrypted. (GET)
  410. + /officescan/hotdownload/ofscan.ini - OfficeScan from Trend Micro allows anyone to read the ofscan.ini file, which may contain passwords. (GET)
  411. + /ojspdemos/basic/hellouser/hellouser.jsp - Oracle 9i default jsp page found, may be vulnerable to XSS in any field. (GET)
  412. + /ojspdemos/basic/simple/usebean.jsp - Oracle 9i default jsp page found, may be vulnerable to XSS in any field. (GET)
  413. + /ojspdemos/basic/simple/welcomeuser.jsp - Oracle 9i default jsp page found, may be vulnerable to XSS in any field. (GET)
  414. + /openautoclassifieds/friendmail.php?listing=<script>alert(document.domain);</script> - OpenAutoClassifieds 1.0 is vulnerable to a CSS/XSS attack (GET)
  415. + /order/order_log_v12.dat - Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt (GET)
  416. + /order/order_log.dat - Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt (GET)
  417. + /orders/order_log_v12.dat - Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt (GET)
  418. + /Orders/order_log_v12.dat - Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt (GET)
  419. + /orders/order_log.dat - Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt (GET)
  420. + /Orders/order_log.dat - Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt (GET)
  421. + /ows/restricted%2eshow - OWS may allow restricted files to be viewed by replacing a character with its encoded equivalent. (GET)
  422. + /pafiledb/includes/team/file.php - paFileDB 3.1 and below may allow file upload without authentication. (GET)
  423. + /passwdfile - Passwords? (GET)
  424. + /pccsmysqladm/incs/dbconnect.inc - This file should not be accessible, as it contains database connectivity information. Upgrade to version 1.2.5 or higher. (GET)
  425. + /PDG_Cart/oder.log - Shopping cart software log (GET)
  426. + /people.lst - Passwords? (GET)
  427. + /photo_album/ - Atomic Photo Album pre 1.0.3 had a 'few' security problems. (GET)
  428. + /photo/ - My Photo Gallery pre 3.6 contains multiple vulnerabilities including .. traversal, unspecified vulnerabilities, and remote management interface access. (GET)
  429. + /photo/manage.cgi - My Photo Gallery management interface. May allow full access to photo galleries and more. (GET)
  430. + /photodata/ - My Photo Gallery pre 3.6 contains multiple vulnerabilities including .. traversal, unspecified vulnerabilities, and remote management interface access. (GET)
  431. + /photodata/manage.cgi - My Photo Gallery management interface. May allow full access to photo galleries and more. (GET)
  432. + /php-coolfile/action.php?action=edit&file=config.php - PHP-Coolfile 1.4 allows unauthorized administrative access. (GET)
  433. + /php.ini - This file should not be available through the web interface. (GET)
  434. + /php/index.php - Monkey Http Daemon default php file found. (GET)
  435. + /php/mlog.phtml - Remote file read vulnerability CVE-1999-0346 (GET)
  436. + /phpBB/phpinfo.php - phpBBmod contains an enhanced version of the phpinfo.php script. This should be removed as it contains detailed system information. (GET)
  437. + /phpBB2/includes/db.php - Some versions of db.php from phpBB2 allow remote file inclusions. Verify the current version is running. See http://www.securiteam.com/securitynews/5BP0F2A6KC.html for more info (GET)
  438. + /phpEventCalendar/file_upload.php - phpEventCalendar 1.1 and prior vulnerable to file upload bug. (GET)
  439. + /phpinfo.php?VARIABLE=<script>alert('Vulnerable')</script> - Contains PHP configuration information and is vulnerable to Cross Site Scripting (XSS).  CA-2000-02. (GET)
  440. + /phpinfo.php - Contains PHP configuration information (GET)
  441. + /phpinfo.php3 - Contains PHP configuration information (GET)
  442. + /phpshare/phpshare.php - Several serious security holes pre 0.6b2. Several minor security holes pre 0.6b3 (GET)
  443. + /pmlite.php - A Xoops CMS script was found. Version RC3 and below allows all users to view all messages (untested). See http://www.phpsecure.org/?zone=pComment&d=101 for details. (GET)
  444. + /porn/ - This could be interesting (GET)
  445. + /postnuke/html/index.php?module=My_eGallery - My_eGallery prior to 3.1.1.g are vulnerable to a remote execution bug via SQL command injection. (GET)
  446. + /postnuke/index.php?module=My_eGallery - My_eGallery prior to 3.1.1.g are vulnerable to a remote execution bug via SQL command injection. (GET)
  447. + /powerportal/ - PowerPortal 1.1b is vulnerable to CSS attacks. (GET)
  448. + /pp.php?action=login - Pieterpost 0.10.6 allows anyone to access the 'virtual' account which can be used to relay/send e-mail. (GET)
  449. + /pr0n/ - Uh oh... (GET)
  450. + /project/index.php?m=projects&user_cookie=1 - dotProject 0.2.1.5 may allow admin login bypass by adding the user_cookie=1 to the URL. (GET)
  451. + /pron/ - Uh oh... (GET)
  452. + /pub/english.cgi?op=rmail - BSCW self-registration may be enabled. This could allow untrusted users semi-trusted access to the software. 3.x version (and probably some 4.x) allow arbitrary commands to be executed remotely. See http://www.securitytracker.com/alerts/2002/Jan/1003092.html (GET)
  453. + /pvote/ch_info.php?newpass=password&confirm=password%20 - PVote administration page is available. Versions 1.5b and lower do not require authentication to reset the administration password. (GET)
  454. + /pw/storemgr.pw - Encrypted ID/Pass for Mercantec's SoftCart, http://www.mercantec.com/, see http://www.mindsec.com/advisories/post2.txt for more information. (GET)
  455. + /pwd.db - Passwords? (GET)
  456. + /quikstore.cfg - Shopping cart config file, http://www.quikstore.com/, http://www.mindsec.com/advisories/post2.txt (GET)
  457. + /quikstore.cgi - A shopping cart. (GET)
  458. + /readme.txt - Default file found. (GET)
  459. + /README.TXT - Default file found. (GET)
  460. + /RLS_NOTE.TXT - The Nortel MIRAN reveals detailed information through the release notes file. (GET)
  461. + /scripts/wsisa.dll/WService=anything?WSMadmin - Allows Webspeed to remotely administered. Edit unbroker.properties and set AllowMsngrCmds to 0 (GET)
  462. + /search97cgi/s97_cgi - SCO Unixware search script may be vulnerable to XSS and command injection, BID-1717, CVE-2000-1014 (GET)
  463. + /securecontrolpanel/ - Web Server Control Panel (GET)
  464. + /securelogin/1,2345,A,00.html - Vignette Story Server v4.1, 6, may disclose sensitive information via a buffer overflow. CAN-2002-0385. (GET)
  465. + /server/ - If port 8000, Macromedia Jrun 4 build 61650 remote administration interface is vulnerable to several CSS attacks. (GET)
  466. + /servlet/allaire.jrun.ssi.SSIFilter - Allaire Coldfusion allows jsp source viewed through a vulnerable SSI call, see MPSB01-12 http://www.macromedia.com/devnet/security/security_zone/mpsb01-12.html. (GET)
  467. + /servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter - Allaire Coldfusion allows jsp source viewed through a vulnerable SSI call. (GET)
  468. + /servlet/com.unify.servletexec.UploadServlet - This servlet allows attackers to upload files to the server. (GET)
  469. + /servlet/Counter - JRun default servlet found. All default code should be removed from servers. (GET)
  470. + /servlet/DateServlet - JRun default servlet found. All default code should be removed from servers. (GET)
  471. + /servlet/FingerServlet - JRun default servlet found. All default code should be removed from servers. (GET)
  472. + /servlet/HelloWorldServlet - JRun default servlet found. All default code should be removed from servers. (GET)
  473. + /servlet/SchedulerTransfer - PeopleSoft SchedulerTransfer servlet found, which may allow remote command execution. See http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21999 (GET)
  474. + /servlet/SessionManager - IBM WebSphere reconfigure servlet (user=servlet, password=manager). All default code should be removed from servers. (GET)
  475. + /servlet/SessionServlet - JRun default servlet found. All default code should be removed from servers. (GET)
  476. + /servlet/SimpleServlet - JRun default servlet found. All default code should be removed from servers. (GET)
  477. + /servlet/SnoopServlet - JRun default servlet found. All default code should be removed from servers. (GET)
  478. + /servlet/sunexamples.BBoardServlet - This default servlet lets attackers execute arbitrary commands. (GET)
  479. + /servlets/SchedulerTransfer - PeopleSoft SchedulerTransfer servlet found, which may allow remote command execution. See http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21999 (GET)
  480. + /session/admnlogin - SessionServlet Output, has session cookie info. (GET)
  481. + /SetSecurity.shm - Cisco System's My Access for Wireless... This resource should be password protected. (GET)
  482. + /shop/database/metacart.mdb - MetaCart2 is an ASP shopping cart. The database of customers is available via the web. (GET)
  483. + /shopa_sessionlist.asp - VP-ASP shopping cart test application is available from the web. This page may give the location of .mdb files which may also be available. (GET)
  484. + /shopadmin.asp - VP-ASP shopping cart admin may be available via the web. Default ID/PW are vpasp/vpasp and admin/admin. (GET)
  485. + /shoponline/fpdb/shop.mdb - MetaCart2 is an ASP shopping cart. The database of customers is available via the web. (GET)
  486. + /shopping/database/metacart.mdb - MetaCart2 is an ASP shopping cart. The database of customers is available via the web. (GET)
  487. + /shopping/diag_dbtest.asp - VP-ASP Shopping Cart 5.0 contains multiple SQL injection vulnerabilities. CAN-2003-0560, BID-8159 (GET)
  488. + /shopping300.mdb - VP-ASP shopping cart application allows .mdb files (which may include customer data) to be downloaded via the web. These should not be available. (GET)
  489. + /shopping400.mdb - VP-ASP shopping cart application allows .mdb files (which may include customer data) to be downloaded via the web. These should not be available. (GET)
  490. + /shoppingdirectory/midicart.mdb - MIDICART database is available for browsing. This should not be allowed via the web server. (GET)
  491. + /simplebbs/users/users.php - Simple BBS 1.0.6 allows user information and passwords to be viewed remotely. (GET)
  492. + /siteminder - This may be an indication that the server is running Siteminder for SSO (GET)
  493. + /SiteScope/htdocs/SiteScope.html - The SiteScope install may allow remote users to get sensitive information about the hosts being monitored. (GET)
  494. + /smssend.php - PhpSmssend may allow system calls if a ' is passed to it. http://zekiller.skytech.org/smssend.php (GET)
  495. + /splashAdmin.php - Cobalt Qube 3 admin is running. This may have multiple security problems as described by www.scan-associates.net. These could not be tested remotely. (GET)
  496. + /spwd - Passwords? (GET)
  497. + /sqldump.sql - Database SQL? (GET)
  498. + /sqlnet.log - Oracle log file found. (GET)
  499. + /ssdefs/ - Siteseed pre 1.4.2 has 'major' security problems. (GET)
  500. + /sshome/ - Siteseed pre 1.4.2 has 'major' security problems. (GET)
  501. + /structure.sql - Database SQL? (GET)
  502. + /submit?setoption=q&option=allowed_ips&value=255.255.255.255 - MLdonkey 2.x allows administrative interface access to be access from any IP. This is typically only found on port 4080. (GET)
  503. + /support/messages - Axis WebCam allows retrieval of messages file (/var/log/messages). See http://www.websec.org/adv/axis2400.txt.html (GET)
  504. + /sysuser/docmgr/iecreate.stm?template=../ - Sambar default file may allow directory listings. (GET)
  505. + /sysuser/docmgr/ieedit.stm?url=../ - Sambar default file may allow directory listings. (GET)
  506. + /texis.exe/?-dump - Texis installation may reveal sensitive information. (GET)
  507. + /texis.exe/?-version - Texis installation may reveal sensitive information. (GET)
  508. + /thebox/admin.php?act=write&username=admin&password=admin&aduser=admin&adpass=admin - paBox 1.6 may allow remote users to set the admin password. If successful, the 'admin' password is now 'admin'. (GET)
  509. + /tiki/ - Tiki 1.7.2 and previous allowed restricted Wiki pages to be viewed via a 'URL trick'. Default login/pass could be admin/admin (GET)
  510. + /tiki/tiki-install.php - Tiki 1.7.2 and previous allowed restricted Wiki pages to be viewed via a 'URL trick'. Default login/pass could be admin/admin (GET)
  511. + /tsweb/ - Microsoft TSAC found. http://www.dslwebserver.com/main/fr_index.html?/main/sbs-Terminal-Services-Advanced-Client-Configuration.html (GET)
  512. + /typo3conf/ - This may contain sensitive Typo3 files. (GET)
  513. + /typo3conf/database.sql - Typo3 sql file found. (GET)
  514. + /typo3conf/localconf.php - Typo3 config file found. (GET)
  515. + /uploader.php - This script may allow arbitrary files to be uploaded to the remote server. (GET)
  516. + /USER/CONFIG.AP - The Nortel MIRAN config file is available, which contains the TUI password. (GET)
  517. + /userlog.php - Teekai's Tracking Online 1.0 log can be retrieved remotely. (GET)
  518. + /vchat/msg.txt - VChat allows user information to be retrieved. (GET)
  519. + /vgn/ac/data - Vignette CMS admin/maintenance script available. (GET)
  520. + /vgn/ac/delete - Vignette CMS admin/maintenance script available. (GET)
  521. + /vgn/ac/edit - Vignette CMS admin/maintenance script available. (GET)
  522. + /vgn/ac/esave - Vignette CMS admin/maintenance script available. (GET)
  523. + /vgn/ac/fsave - Vignette CMS admin/maintenance script available. (GET)
  524. + /vgn/ac/index - Vignette CMS admin/maintenance script available. (GET)
  525. + /vgn/asp/MetaDataUpdate - Vignette CMS admin/maintenance script available. (GET)
  526. + /vgn/asp/previewer - Vignette CMS admin/maintenance script available. (GET)
  527. + /vgn/asp/status - Vignette CMS admin/maintenance script available. (GET)
  528. + /vgn/asp/style - Vignette CMS admin/maintenance script available. (GET)
  529. + /vgn/errors - Vignette CMS admin/maintenance script available. (GET)
  530. + /vgn/jsp/controller - Vignette CMS admin/maintenance script available. (GET)
  531. + /vgn/jsp/errorpage - Vignette CMS admin/maintenance script available. (GET)
  532. + /vgn/jsp/initialize - Vignette CMS admin/maintenance script available. (GET)
  533. + /vgn/jsp/jspstatus - Vignette CMS admin/maintenance script available. (GET)
  534. + /vgn/jsp/jspstatus56 - Vignette CMS admin/maintenance script available. (GET)
  535. + /vgn/jsp/metadataupdate - Vignette CMS admin/maintenance script available. (GET)
  536. + /vgn/jsp/previewer - Vignette CMS admin/maintenance script available. (GET)
  537. + /vgn/jsp/style - Vignette CMS admin/maintenance script available. (GET)
  538. + /vgn/legacy/edit - Vignette CMS admin/maintenance script available. (GET)
  539. + /vgn/legacy/save - Vignette Legacy Tool may be unprotected. To access this resource, set a cookie called 'vgn_creds' with any value. (GET)
  540. + /vgn/license - Vignette server license f
Parsed in 3.74303293 seconds
::  Inline view Inline view ::  Email this post Email  ::  Print Print   

:: Download   Download Text File888.txt   Download Gziped text File888.txt.gz   Download HTML File888.html   Download PDF File888.pdf
:: Print into    Print into HTML FileHTML document   Print into PDF FilePDF document

:: Make Diff

:: Erase Post

* Code:

To highlight particular lines, prefix each line with @@


Description:


Secret key (for later deletion)
Syntax:     

comments (0)

[ Add comment ]
Copyright © 2006 Openpastebin