db_tests

Ubuntu packages of security software。 相当不错的源码

"000230","0","1b","/vgn/jsp/jspstatus56","GET","200","","","","","Vignette CMS admin/maintenance script available.","",""
"000231","0","1b","/vgn/jsp/metadataupdate","GET","200","","","","","Vignette CMS admin/maintenance script available.","",""
"000232","0","1b","/vgn/jsp/previewer","GET","200","","","","","Vignette CMS admin/maintenance script available.","",""
"000233","0","1b","/vgn/jsp/style","GET","200","","","","","Vignette CMS admin/maintenance script available.","",""
"000234","0","1b","/vgn/legacy/edit","GET","200","","","","","Vignette CMS admin/maintenance script available.","",""
"000235","0","1b","/vgn/login","GET","200","","","","","Vignette server may allow user enumeration based on the login attempts to this file.","",""
"000236","0","2","/webtop/wdk/samples/index.jsp","GET","WDK Fusion Samples","","","","","Documentum Webtop Example Code","",""
"000237","0","2","@CGIDIRS.cobalt","GET","200","","","","","May allow remote admin of CGI scripts.","",""
"000238","0","2","/WEB-INF/web.xml","GET","web-app","","","","","JRUN default file found.","",""
"000239","35707","23","/forum/admin/wwforum.mdb","GET","200","","","","","Web Wiz Forums password database found.","",""
"000240","0","23","/fpdb/shop.mdb","GET","200","","","","","MetaCart2 is an ASP shopping cart. The database of customers is available via the web."," ",""
"000241","0","23","/guestbook/admin/o12guest.mdb","GET","200","","","","","Ocean12 ASP Guestbook Manager allows download of SQL database which contains admin password.","",""
"000242","0","23","/midicart.mdb","GET","200","","","","","MIDICART database is available for browsing. This should not be allowed via the web server.","",""
"000243","0","23","/MIDICART/midicart.mdb","GET","200","","","","","MIDICART database is available for browsing. This should not be allowed via the web server.","",""
"000244","0","23","/mpcsoftweb_guestbook/database/mpcsoftweb_guestdata.mdb","GET","200","","","","","MPCSoftWeb Guest Book passwords retrieved.","",""
"000245","0","23","/news/news.mdb","GET","200","","","","","Web Wiz Site News realease v3.06 admin password database is available and unencrypted.","",""
"000246","0","23","/newuser?Image=../../database/rbsserv.mdb","GET","SystemErrorsPerHour","","","","","The Extent RBS ISP 2.5 allows attackers to read arbitrary files on the server.","",""
"000247","0","23","/shopdbtest.asp","GET","xDatabase","","","","","VP-ASP shopping cart test application is available from the web. This page gives the location of .mdb files which may also be available (xDatabase).","",""
"000248","0","23","/shopping300.mdb","GET","200","","","","","VP-ASP shopping cart application allows .mdb files (which may include customer data) to be downloaded via the web. These should not be available.","",""
"000249","0","23","/shopping400.mdb","GET","200","","","","","VP-ASP shopping cart application allows .mdb files (which may include customer data) to be downloaded via the web. These should not be available.","",""
"000250","0","23","/shoppingdirectory/midicart.mdb","GET","200","","","","","MIDICART database is available for browsing. This should not be allowed via the web server.","",""
"000251","0","23","/SilverStream/Meta/Tables/?access-mode=text","GET","_DBProduct","","","","","The SilverStream database structure is available for remote viewing.","",""
"000252","0","23","/database/db2000.mdb","GET","200","","","","","Max Web Portal database is available remotely. It should be moved from the default location to a directory outside the web root.","",""
"000253","0","28","@CGIDIRSmailit.pl","GET","200","","","","","Sambar may allow anonymous email to be sent from any host via this CGI.","",""
"000254","0","3","/cgi-bin/search","GET","=sourcedir","","","","","Apache Stronghold 3.0 may reveal the web root in the source of this CGI ('sourcedir' value).","",""
"000255","0","3","/doc/webmin.config.notes","GET","login and password","","","","","Webmin config file found, may contain Webmin ID/Password. Typically runs on port 10000.","",""
"000256","0","3","/error/HTTP_NOT_FOUND.html.var","GET","Available variants","","","","","Apache reveals file system paths when invalid error documents are requested.","",""
"000257","0","3","/oem_webstage/cgi-bin/oemapp_cgi","GET","This script","","","","","Oracle reveals the CGI source by prepending /oem_webstage to CGI urls.","",""
"000258","0","3","@ADMINconfig.php","GET","200","","","","","PHP Config file may contain database IDs and passwords.","",""
"000259","0","3","@CGIDIRS.access","GET","200","","","","","Contains authorization information","",""
"000260","0","3","@CGIDIRS%2e%2e/abyss.conf","GET","200","","","","","The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0 from http://www.aprelium.com/","",""
"000261","0","3","@CGIDIRSdata/fetch.php?page=","GET","mysql_num_rows","","","","","StellarDocs allows remote users to see file system paths. BID-8385.","",""
"000262","0","3","@CGIDIRSempower?DB=whateverwhatever","GET","db name whateverwhatever of directory /","","","","","This CGI allows attackers to learn the full system path to your web directory.","",""
"000263","0","3","@CGIDIRSmrtg.cgi?cfg=blah","GET","Cannot find the given config file","","","","","Multi Router Traffic Grapher (mrtg.org) reveals system paths when an invalid config file is specified. Software should be upgraded to the latest version.","",""
"000264","0","3","@CGIDIRSstore/agora.cgi?page=whatever33.html","GET","FILE:","","","","","Agora.cgi gives detailed error messages including file system paths.","",""
"000265","0","3","/?mod=node&nid=some_thing&op=view","GET","/node.module.php","","","","","Sage 1.0b3 may reveal system paths with invalid module names.","",""
"000266","0","3","/?mod=some_thing&op=browse","GET","in /","","","","","Sage 1.0b3 reveals system paths with invalid module names.","",""
"000267","0","3","/article.php?article=4965&post=1111111111","GET","Unable to jump to row","","","","","PHP FirstPost can reveal MySQL errors and file system paths if invalid posts are sent.","",""
"000268","0","3","/blah123.php","GET","Failed opening ","","","","","PHP is configured to give descriptive error messages which can reveal file system paths.","",""
"000269","0","3","/categorie.php3?cid=june","GET","Unable to jump to row","","","","","Black Tie Project (BTP) can reveal MySQL errors and file system paths if an invalid cid is sent.","",""
"000270","3233","3","/CFIDE/probe.cfm","GET","coldfusion.tagext.lang","","","","","Cold Fusion file probe.cfm reveals system information, such as the path to the web server. In the 'Debugging Settings' page in the Administrator console, suppress the installation path displayed in error messages by selecting 'Enable Robust Exception Info","",""
"000271","0","3","/contents.php?new_language=elvish&mode=select","GET","200","","","","","Requesting a file with an invalid language selection from DC Portal may reveal the system path.","",""
"000272","0","3","/download.php?op=viewdownload","GET","Failed opening","","","","","PHPNuke allows file system paths to be revealed.","",""
"000273","0","3","/download.php?op=viewdownload","GET","Fatal error","","","","","PHPNuke allows file system paths to be revealed.","",""
"000274","0","3","/examples/basic/servlet/HelloServlet","GET","The source of this servlet is in","","","","","Caucho Resin from http://www.caucho.com/ reveals file system paths with a default servlet.","",""
"000275","0","3","/home.php?arsc_language=elvish","GET","Failed opening '","","","","","ARSC Really Simple Chat can reveal file system paths if an invalid language name is specified.","",""
"000276","0","3","/hostadmin/?page='","GET","C:\",","","","","","Host Admin reveals install location and other sensitive information.","",""
"000277","0","3","/hostadmin/?page='","GET","D:\",","","","","","Host Admin reveals install location and other sensitive information.","",""
"000278","0","3","/index.php?file=index.php","GET","Fatal error:","","","","","PHPNuke 5.4 allows file system paths to be shown in error messages.","",""
"000279","0","3","/jgb_eng_php3/cfooter.php3","GET","Fatal error","","","","","Justice Guestbook may reveal file system paths in error messages.","",""
"000280","0","3","/JUNK(5).csp","GET","File not found: /","","","","","Invalid files with .csp extension reveal the file system path to the web root.","",""
"000281","0","3","/modules.php?name=Downloads&d_op=viewdownload","GET","Failed opening","","","","","PHPNuke allows file system paths to be revealed.","",""
"000282","0","3","/modules.php?name=Downloads&d_op=viewdownload","GET","Fatal error","","","","","PHPNuke allows file system paths to be revealed.","",""
"000283","0","3","/modules.php?op=modload&name=0&file=0","GET","Failed opening ","","","","","PHP Nuke is configured to give descriptive error messages which can reveal file system paths.","",""
"000284","0","3","/modules.php?op=modload&name=Sections&file=index&req=viewarticle&artid=","GET","non-object in","","","","","Postnuke v0.7.2.3-Phoenix and below reveal the file system path.","",""
"000285","0","3","/modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink","GET","Failed opening ","","","","","PHP Nuke is configured to give descriptive error messages which can reveal file system paths.","",""
"000286","0","3","/path/nw/article.php?id='","GET","c:/","","","","","News Wizard 2.0 reveals the file system path.","",""
"000287","0","3","/path/nw/article.php?id='","GET","d:/","","","","","News Wizard 2.0 reveals the file system path.","",""
"000288","0","3","/pw/storemgr.pw","GET","200","","","","","Encrypted ID/Pass for Mercantec's SoftCart, http://www.mercantec.com/, see http://www.mindsec.com/advisories/post2.txt for more information.","",""
"000289","0","3","/rtm.log","GET","HttpPost Retry","","","","","Rich Media's JustAddCommerce allows retrieval of a log file, which may contain sensitive information.","",""
"000290","0","3","/scozbook/view.php?PG=whatever","GET","Warning","","","","","ScozBook Beta 1.1 may reveal file system paths in error messages.","",""
"000291","0","3","/servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter","GET","200","Error Occurred","","","","Allaire Coldfusion allows jsp source viewed through a vulnerable SSI call.","<!--#include virtual=\"/index.jsp\"-->",""
"000292","0","3","/shopa_sessionlist.asp","GET","200","","","","","VP-ASP shopping cart test application is available from the web. This page may give the location of .mdb files which may also be available.","",""
"000293","0","3","/simplebbs/users/users.php","GET","200","","","","","Simple BBS 1.0.6 allows user information and passwords to be viewed remotely.","",""
"000294","0","3","/sips/sipssys/users/a/admin/user","GET","Password","","","","","SIPS v0.2.2 allows user account info (including password) to be retrieved remotely.","",""
"000295","3093","2","/tcb/files/auth/r/root","GET","u_pwd","","","","","HP-UX has the tcb auth file system on the web server.","",""
"000296","0","3","/typo3conf/","GET","200","","","","","This may contain sensitive Typo3 files.","",""
"000297","0","3","/typo3conf/database.sql","GET","200","","","","","Typo3 sql file found.","",""
"000298","0","3","/typo3conf/localconf.php","GET","200","","","","","Typo3 config file found.","",""
"000299","0","3","/vchat/msg.txt","GET","200","","","","","VChat allows user information to be retrieved.","",""
"000300","0","3","/vgn/license","GET","200","","","","","Vignette server license file found.","",""
"000301","3092","3","/web.config","GET","200","","","","","ASP config file found.","",""
"000302","3233","3","/webamil/test.php?mode=phpinfo","GET","PHP Version","","","","","Horde allows phpinfo() to be run, which gives detailed system information.","",""
"000303","0","3","/webcart-lite/config/import.txt","GET","200","","","","","This may allow attackers to read credit card data. Reconfigure to make this file not accessible via the web.","",""
"000304","0","3","/webcart-lite/orders/import.txt","GET","200","","","","","This may allow attackers to read credit card data. Reconfigure to make this file not accessible via the web.","",""
"000305","0","3","/webcart/carts/","GET","200","","","","","This may allow attackers to read credit card data. Reconfigure to make this dir not accessible via the web.","",""
"000306","0","3","/webcart/config/","GET","200","","","","","This may allow attackers to read credit card data. Reconfigure to make this dir not accessible via the web.","",""
"000307","0","3","/webcart/config/clients.txt","GET","200","","","","","This may allow attackers to read credit card data. Reconfigure to make this file not accessible via the web.","",""
"000308","0","3","/webcart/orders/","GET","200","","","","","This may allow attackers to read credit card data. Reconfigure to make this dir not accessible via the web.","",""
"000309","0","3","/webcart/orders/import.txt","GET","200","","","","","This may allow attackers to read credit card data. Reconfigure to make this file not accessible via the web.","",""