db_tests

Ubuntu packages of security software。 相当不错的源码

#VERSION,2.002
#LASTMOD,11.20.2007 
# http://www.cirt.net

# This file may only be distributed and used with the full Nikto package.
# This file may not be used with any software product without written permission from CIRT, Inc.
# (c) 2007 CIRT, Inc., All Rights Reserved.

# By sending any database updates to CIRT, Inc., it is assumed that you
# grant CIRT, Inc., the unlimited, non-exclusive right to reuse, modify and relicense the changes.

"000001","0","b","/TiVoConnect?Command=QueryServer","GET","Calypso Server","","","","","The Tivo Calypso server is running. This page will display the version and platform it is running on. Other URLs may allow download of media.","",""
"000002","0","b","/TiVoConnect?Command=QueryContainer&Container=/&Recurse=Yes","GET","TiVoContainer","","","","","TiVo client service is running and may allow download of mp3 or jpg files.","",""
"000003","0","1234576890ab","@CGIDIRScart32.exe","GET","200","","","","","request cart32.exe/cart32clientlist","",""
"000004","0","1234576890ab","@CGIDIRSclassified.cgi","GET","200","","","","","Check Phrack 55 for info by RFP","",""
"000005","0","1234576890ab","@CGIDIRSdownload.cgi","GET","200","","","","","v1 by Matt Wright; check info in Phrack 55 by RFP","",""
"000006","0","1234576890ab","@CGIDIRSflexform.cgi","GET","200","","","","","Check Phrack 55 for info by RFP, allows to append info to writable files.","",""
"000007","0","1234576890ab","@CGIDIRSflexform","GET","200","","","","","Check Phrack 55 for info by RFP, allows to append info to writable files.","",""
"000008","0","1234576890ab","@CGIDIRSlwgate.cgi","GET","200","","","","","Check Phrack 55 for info by RFP, http://www.phrack.com/show.php?p=55&a=7","",""
"000009","0","1234576890ab","@CGIDIRSLWGate.cgi","GET","200","","","","","Check Phrack 55 for info by RFP, http://www.phrack.com/show.php?p=55&a=7","",""
"000010","0","1234576890ab","@CGIDIRSlwgate","GET","200","","","","","Check Phrack 55 for info by RFP","",""
"000011","0","1234576890ab","@CGIDIRSLWGate","GET","200","","","","","Check Phrack 55 for info by RFP","",""
"000012","0","1234576890ab","@CGIDIRSperlshop.cgi","GET","200","","","","","v3.1 by ARPAnet.com; check info in Phrack 55 by RFP","",""
"000013","0","1234576890ab","/cfappman/index.cfm","GET","200","not found","","","","susceptible to ODBC/pipe-style exploit; see RFP9901 http://www.wiretrip.net/rfp/p/doc.asp/i2/d3.htm","",""
"000014","0","1234576890ab","/cfdocs/examples/cvbeans/beaninfo.cfm","GET","200","not found","","","","susceptible to our ODBC exploit; see RFP9901 http://www.wiretrip.net/rfp/p/doc.asp/i2/d3.htm","",""
"000015","0","1234576890ab","/cfdocs/examples/parks/detail.cfm","GET","200","not found","","","","susceptible to our ODBC exploit; see RFP9901 http://www.wiretrip.net/rfp/p/doc.asp/i2/d3.htm","",""
"000016","0","1234576890ab","/kboard/","GET","200","","","","","KBoard Forum 0.3.0 and prior have a security problem in forum_edit_post.php, forum_post.php and forum_reply.php","",""
"000017","0","1234576890ab","/lists/admin/","GET","200","","","","","PHPList pre 2.6.4 contains a number of vulnerabilities including remote administrative access, harvesting user info and more. Default login to admin interface is admin/phplist","",""
"000018","0","1234576890ab","/splashAdmin.php","GET","200","","","","","Cobalt Qube 3 admin is running. This may have multiple security problems as described by www.scan-associates.net. These could not be tested remotely."," ",""
"000019","0","1234576890ab","/ssdefs/","GET","200","","","","","Siteseed pre 1.4.2 has 'major' security problems.","",""
"000020","0","1234576890ab","/sshome/","GET","200","","","","","Siteseed pre 1.4.2 has 'major' security problems.","",""
"000021","0","1234576890ab","/tiki/","GET","200","","","","","Tiki 1.7.2 and previous allowed restricted Wiki pages to be viewed via a 'URL trick'. Default login/pass could be admin/admin","",""
"000022","0","1234576890ab","/tiki/tiki-install.php","GET","200","","","","","Tiki 1.7.2 and previous allowed restricted Wiki pages to be viewed via a 'URL trick'. Default login/pass could be admin/admin","",""
"000023","0","1234576890ab","/scripts/samples/details.idc","GET","200","","","","","See RFP 9901; www.wiretrip.net","",""
"000024","396","6","/_vti_bin/shtml.exe","GET","200","","","","","Attackers may be able to crash FrontPage by requesting a DOS device, like shtml.exe/aux.htm -- a DoS was not attempted.","",""
"000025","0","1","@CGIDIRShandler.cgi","GET","200","","","","","Variation of Irix Handler? Has been seen from other CGI scanners.","",""
"000026","0","28","@CGIDIRSfinger","GET","200","","","","","finger other users, may be other commands?","",""
"000027","0","28","@CGIDIRSfinger.pl","GET","200","","","","","finger other users, may be other commands?","",""
"000028","0","3","@CGIDIRSformmail.cgi","GET","Version ","","","","","The remote CGI reveals its version number, which may aid attackers in finding vulnerabilities in the script.","",""
"000029","0","3","@CGIDIRSformmail.pl","GET","Version ","","","","","The remote CGI reveals its version number, which may aid attackers in finding vulnerabilities in the script.","",""
"000030","0","3","@CGIDIRSformmail","GET","Version ","","","","","The remote CGI reveals its version number, which may aid attackers in finding vulnerabilities in the script.","",""
"000031","0","3","@CGIDIRSget32.exe","GET","200","","","","","This can allow attackers to execute arbitrary commands remotely.","",""
"000032","0","3","@CGIDIRSgm-authors.cgi","GET","200","","","","","GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See http://www.attrition.org/~jericho/works/security/greymatter.html for more info.","",""
"000033","0","3","@CGIDIRSguestbook/passwd","GET","200","","","","","GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.","",""
"000034","3233","3","@CGIDIRShorde/test.php?mode=phpinfo","GET","PHP Version","","","","","Horde allows phpinfo() to be run, which gives detailed system information.","",""
"000035","0","3","@CGIDIRSphoto/protected/manage.cgi","GET","200","","","","","My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems.","",""
"000036","0","3","@CGIDIRSwrap.cgi","GET","200","","","","","possible variation: comes with IRIX 6.2; allows to view directories","",""
"000037","0","3","/./","GET","include\(\"","","","","","Appending '/./' to a directory may reveal php source code.","",""
"000038","637","23","/~root/","GET","200","","","","","Allowed to browse root's home directory.","",""
"000039","0","3","/cgi-bin/wrap","GET","200","","","","","comes with IRIX 6.2; allows to view directories","",""
"000040","0","3","/forums/@ADMINconfig.php","GET","200","","","","","PHP Config file may contain database IDs and passwords.","",""
"000041","0","3","/forums/config.php","GET","200","","","","","PHP Config file may contain database IDs and passwords.","",""
"000042","0","3","/ganglia/","GET","Cluster","","","","","Ganglia Cluster reports reveal detailed information.","",""
"000043","0","3","/guestbook/guestbookdat","GET","200","","","","","PHP-Gastebuch 1.60 Beta reveals sensitive information about its configuration.","",""
"000044","0","3","/guestbook/pwd","GET","200","","","","","PHP-Gastebuch 1.60 Beta reveals the md5 hash of the admin password.","",""
"000045","0","3","/help/","GET","200","","","","","Help directory should not be accessible","",""
"000046","0","3","/hola/admin/cms/htmltags.php?datei=./sec/data.php","GET","200","","","","","hola-cms-1.2.9-10 may reveal the administrator ID and password.","",""
"000047","0","3","/horde/imp/test.php","GET","Horde Versions","","","","","Horde script reveals detailed system/Horde information.","",""
"000048","3233","3","/horde/test.php?mode=phpinfo","GET","PHP Version","","","","","Horde allows phpinfo() to be run, which gives detailed system information.","",""
"000049","3233","3","/imp/horde/test.php?mode=phpinfo","GET","PHP Version","","","","","Horde allows phpinfo() to be run, which gives detailed system information.","",""
"000050","0","3","/imp/horde/test.php","GET","Horde Versions","","","","","Horde script reveals detailed system/Horde information.","",""
"000051","0","3","/index.html.bak","GET","Index of","","","","","The remote server (perhaps Web602) shows directory indexes if .bak is appended to the request.","",""
"000052","0","3","/index.html~","GET","Index of","","","","","The remote server (perhaps Web602) shows directory indexes if a ~ is appended to the request.","",""
"000053","621","7","/index.php?chemin=..%2F..%2F..%2F..%2F..%2F..%2F..%2F%2Fetc","GET","resolv.conf","","","","","phpMyExplorer Allows attackers to read directories on the server.","",""
"000054","0","23","/global.inc","GET","200","","","","","PHP-Survey's include file should not be available via the web. Configure the web server to ignore .inc files or change this to global.inc.php","",""
"000055","0","3b","@CGIDIRSformmail.pl","GET","200","","","","","Many versions of FormMail have remote vulnerabilities, including file access, information disclosure and email abuse. FormMail access should be restricted as much as possible or a more secure solution found.","",""
"000056","0","3b","@CGIDIRShorde/test.php","GET","Horde Versions","","","","","Horde script reveals detailed system/Horde information.","",""
"000057","0","4","/inc/common.load.php","GET","200","","","","","Bookmark4U v1.8.3 include files are not protected, and may contain remote source injection by using the 'prefix' variable.","",""
"000058","0","4","/inc/config.php","GET","200","","","","","Bookmark4U v1.8.3 include files are not protected, and may contain remote source injection by using the 'prefix' variable.","",""
"000059","0","4","/inc/dbase.php","GET","200","","","","","Bookmark4U v1.8.3 include files are not protected, and may contain remote source injection by using the 'prefix' variable.","",""
"000060","0","6","@CGIDIRSvisadmin.exe","GET","200","","","","","This CGI allows attacker to crash the web server. Remove it from the CGI directory.","",""
"000061","0","7","@CGIDIRShtml2chtml.cgi","GET","200","","","","","Html2Wml < 0.4.8 access local files via CGI, and more","",""
"000062","0","7","@CGIDIRShtml2wml.cgi","GET","200","","","","","Html2Wml < 0.4.8 access local files via CGI, and more","",""
"000063","358","7","@CGIDIRSpollit/Poll_It_SSI_v2.0.cgi?data_dir=\etc\passwd%00","GET","root:","","","","","Poll_It_SSI_v2.0.cgi allows attackers to retrieve arbitrary files.","",""
"000064","0","8","@CGIDIRSecho.bat?&dir+c:\",","GET","200","","","","","This batch file may allow attackers to execute remote commands.","",""
"000065","0","8","@CGIDIRSexcite;IFS=\"$\";/bin/cat /etc/passwd","GET","root:","200","","","","Excite software is vulnerable to command execution.","",""
"000066","0","8","@CGIDIRSezshopper/loadpage.cgi?user_id=1&file=|cat%20/etc/passwd|","GET","200","","","","","EZShopper loadpage CGI command execution","",""
"000067","0","8","@CGIDIRSguestbook.cgi","GET","200","","","","","May allow attackers to execute commands as the web daemon.","",""
"000068","0","8","@CGIDIRSguestbook.pl","GET","200","","","","","May allow attackers to execute commands as the web daemon.","",""
"000069","0","8","@CGIDIRSss","GET","200","","","","","Mediahouse Statistics Server may allow attacker to execute remote commands. Upgrade to latest version or remove from the CGI directory.","",""