<?xml version="1.0" encoding="iso-8859-1"?>
<!-- nessus.xsl can be found in the nessus-tools directory -->
<?xml-stylesheet type="text/xsl" href="nessus.xsl"?>
<report version="1.4">
<info>
<nessusd>
<version>2.0.7</version>
<libnasl>2.0.7</libnasl>
<libnessus>2.0.7</libnessus>
<thread>fork</thread>
</nessusd>
<host>
<name>localhost</name>
<osname>Linux</osname>
<osvers>2.4.20fishface.3</osvers>
</host>
<date>
<start>Wed Jul 23 14:20:23 2003</start>
<end>Wed Jul 23 17:01:36 2003</end>
</date>
</info>
<config>
<global> <pref name="trusted_ca" value="/usr/local/com/nessus/CA/cacert.pem" />
<pref name="nessusd_host" value="localhost" />
<pref name="nessusd_user" value="hroom" />
<pref name="paranoia_level" value="yes" />
</global>
<scanners>
<plugin id="10180" value="yes"/>
<plugin id="10277" value="no"/>
<plugin id="10278" value="no"/>
<plugin id="10331" value="no"/>
<plugin id="10335" value="no"/>
<plugin id="10841" value="no"/>
<plugin id="10336" value="no"/>
<plugin id="10796" value="no"/>
<plugin id="11219" value="yes"/>
</scanners>
<server>
<setting name="max_hosts" value="10"/>
<setting name="max_checks" value="10"/>
<setting name="log_whole_attack" value="yes"/>
<setting name="cgi_path" value="/cgi-bin:/scripts"/>
<setting name="port_range" value="1-1024"/>
<setting name="optimize_test" value="yes"/>
<setting name="language" value="english"/>
<setting name="checks_read_timeout" value="5"/>
<setting name="non_simult_ports" value="139, 445"/>
<setting name="plugins_timeout" value="320"/>
<setting name="safe_checks" value="yes"/>
<setting name="auto_enable_dependencies" value="yes"/>
<setting name="use_mac_addr" value="no"/>
<setting name="save_knowledge_base" value="yes"/>
<setting name="kb_restore" value="no"/>
<setting name="only_test_hosts_whose_kb_we_dont_have" value="no"/>
<setting name="only_test_hosts_whose_kb_we_have" value="no"/>
<setting name="kb_dont_replay_scanners" value="yes"/>
<setting name="kb_dont_replay_info_gathering" value="yes"/>
<setting name="kb_dont_replay_attacks" value="yes"/>
<setting name="kb_dont_replay_denials" value="yes"/>
<setting name="kb_max_age" value="864000"/>
<setting name="plugin_upload" value="no"/>
<setting name="plugin_upload_suffixes" value=".nasl, .inc"/>
<setting name="admin_user" value="root"/>
<setting name="save_session" value="yes"/>
<setting name="save_empty_sessions" value="yes"/>
<setting name="host_expansion" value="ip"/>
<setting name="ping_hosts" value="no"/>
<setting name="reverse_lookup" value="no"/>
<setting name="detached_scan" value="no"/>
<setting name="continuous_scan" value="no"/>
<setting name="unscanned_closed" value="no"/>
<setting name="diff_scan" value="yes"/>
<setting name="report_killed_plugins" value="yes"/>
<setting name="per_user_base" value="/usr/local/var/nessus/users"/>
<setting name="delay_between_tests" value="1"/>
<setting name="detached_scan_email_address" value="foo@bar.org"/>
<setting name="slice_network_addresses" value="no"/>
<setting name="delay_between_scan_loops" value=""/>
</server>
<plugins>
<setting name="Brute force login (Hydra)[entry]:Number of simultaneous connections :" value="4"/>
<setting name="Brute force login (Hydra)[checkbox]:Brute force telnet" value="no"/>
<setting name="Brute force login (Hydra)[checkbox]:Brute force FTP" value="no"/>
<setting name="Brute force login (Hydra)[checkbox]:Brute force POP3" value="no"/>
<setting name="Brute force login (Hydra)[checkbox]:Brute force IMAP" value="no"/>
<setting name="Brute force login (Hydra)[checkbox]:Brute force cisco" value="yes"/>
<setting name="Brute force login (Hydra)[checkbox]:Brute force cisco-enable" value="no"/>
<setting name="Brute force login (Hydra)[checkbox]:Brute force VNC" value="no"/>
<setting name="Brute force login (Hydra)[checkbox]:Brute force SOCKS 5" value="no"/>
<setting name="Brute force login (Hydra)[checkbox]:Brute force rexec" value="no"/>
<setting name="Brute force login (Hydra)[checkbox]:Brute force NNTP" value="no"/>
<setting name="Brute force login (Hydra)[checkbox]:Brute force HTTP" value="no"/>
<setting name="Brute force login (Hydra)[checkbox]:Brute force ICQ" value="no"/>
<setting name="Brute force login (Hydra)[checkbox]:Brute force PCNFS" value="no"/>
<setting name="Brute force login (Hydra)[checkbox]:Brute force SMB" value="no"/>
<setting name="Brute force login (Hydra)[checkbox]:Brute force LDAP" value="no"/>
<setting name="Login configurations[entry]:FTP account :" value="anonymous"/>
<setting name="Login configurations[password]:FTP password (sent in clear) :" value="nessus@nessus.org"/>
<setting name="Login configurations[entry]:FTP writeable directory :" value="/incoming"/>
<setting name="Login configurations[checkbox]:Never send SMB credentials in clear text" value="yes"/>
<setting name="Login configurations[checkbox]:Only use NTLMv2" value="no"/>
<setting name="Services[entry]:Number of connections done in parallel :" value="5"/>
<setting name="Services[entry]:Network connection timeout :" value="5"/>
<setting name="Services[entry]:Network read/write timeout :" value="5"/>
<setting name="Services[entry]:Wrapped service read timeout :" value="2"/>
<setting name="Services[radio]:Test SSL based services" value="All"/>
<setting name="Services[checkbox]:Quick SOCKS proxy checking" value="yes"/>
<setting name="ftp writeable directories[radio]:How to check if directories are writeable :" value="Trust the permissions (drwxrwx---)"/>
<setting name="SMB Scope[checkbox]:Request information about the domain" value="yes"/>
<setting name="NIDS evasion[radio]:TCP evasion technique" value="none"/>
<setting name="NIDS evasion[checkbox]:Send fake RST when establishing a TCP connection" value="no"/>
<setting name="Web mirroring[entry]:Number of pages to mirror :" value="20"/>
<setting name="Web mirroring[entry]:Start page :" value="/"/>
<setting name="HTTP login page[entry]:Login page :" value="/"/>
<setting name="HTTP login page[entry]:Login form fields : = user=%USER%&pass" value="%PASS%"/>
<setting name="Misc information on News server[entry]:From address :" value="Nessus <listme@listme.dsbl.org>"/>
<setting name="Misc information on News server[entry]:Test group name regex :" value="f[a-z]\.tests?"/>
<setting name="Misc information on News server[entry]:Max crosspost :" value="7"/>
<setting name="Misc information on News server[checkbox]:Local distribution" value="yes"/>
<setting name="Misc information on News server[checkbox]:No archive" value="no"/>
<setting name="Libwhisker options[radio]:IDS evasion technique:" value="X (none)"/>
<setting name="SMB use host SID to enumerate local users[entry]:Start UID :" value="1000"/>
<setting name="SMB use host SID to enumerate local users[entry]:End UID :" value="2000"/>
<setting name="Test HTTP dangerous methods[checkbox]:Integrist test" value="no"/>
<setting name="SMB use domain SID to enumerate users[entry]:Start UID :" value="1000"/>
<setting name="SMB use domain SID to enumerate users[entry]:End UID :" value="2000"/>
<setting name="RedHat 6.2 inetd[radio]:Testing method" value="quick and dirty"/>
<setting name="SMTP settings[entry]:Third party domain :" value="nessus.org"/>
<setting name="SMTP settings[entry]:From address :" value="nobody@example.com"/>
<setting name="SMTP settings[entry]:To address :" value="postmaster@[AUTO_REPLACED_IP]"/>
<setting name="HTTP NIDS evasion[checkbox]:Use HTTP HEAD instead of GET" value="no"/>
<setting name="HTTP NIDS evasion[radio]:URL encoding" value="none"/>
<setting name="HTTP NIDS evasion[radio]:Absolute URI type" value="none"/>
<setting name="HTTP NIDS evasion[radio]:Absolute URI host" value="none"/>
<setting name="HTTP NIDS evasion[checkbox]:Double slashes" value="no"/>
<setting name="HTTP NIDS evasion[radio]:Reverse traversal" value="none"/>
<setting name="HTTP NIDS evasion[checkbox]:Self-reference directories" value="no"/>
<setting name="HTTP NIDS evasion[checkbox]:Premature request ending" value="no"/>
<setting name="HTTP NIDS evasion[checkbox]:CGI.pm semicolon separator" value="no"/>
<setting name="HTTP NIDS evasion[checkbox]:Parameter hiding" value="no"/>
<setting name="HTTP NIDS evasion[checkbox]:Dos/Windows syntax" value="no"/>
<setting name="HTTP NIDS evasion[checkbox]:Null method" value="no"/>
<setting name="HTTP NIDS evasion[checkbox]:TAB separator" value="no"/>
<setting name="HTTP NIDS evasion[checkbox]:HTTP/0.9 requests" value="no"/>
<setting name="Ping the remote host[entry]:TCP ping destination port(s) :" value="22;80;443"/>
<setting name="Ping the remote host[checkbox]:Do a TCP ping" value="no"/>
<setting name="Ping the remote host[checkbox]:Do an ICMP ping" value="yes"/>
<setting name="Ping the remote host[entry]:Number of retries (ICMP) :" value="10"/>
<setting name="Ping the remote host[checkbox]:Make the dead hosts appear in the report" value="no"/>
<setting name="Nmap[radio]:TCP scanning technique :" value="SYN scan"/>
<setting name="Nmap[checkbox]:UDP port scan" value="yes"/>
<setting name="Nmap[checkbox]:RPC port scan" value="yes"/>
<setting name="Nmap[checkbox]:Ping the remote host" value="yes"/>
<setting name="Nmap[checkbox]:Identify the remote OS" value="yes"/>
<setting name="Nmap[checkbox]:Use hidden option to identify the remote OS" value="yes"/>
<setting name="Nmap[checkbox]:Fragment IP packets (bypasses firewalls)" value="no"/>
<setting name="Nmap[checkbox]:Get Identd info" value="no"/>
<setting name="Nmap[radio]:Port range" value="User specified range"/>
<setting name="Nmap[checkbox]:Do not randomize the order in which ports are scanned" value="yes"/>
<setting name="Nmap[entry]:Source port :" value="any"/>
<setting name="Nmap[radio]:Timing policy :" value="Aggressive"/>
<setting name="HTTP login page[entry]:Login form fields : = user=%USER%&pass" value="%PASS%"/>
<setting name="Whisker[radio]:Method:" value="1 HEAD method (default)"/>
<setting name="Whisker[radio]:Alternate database format:" value="X standard"/>
<setting name="Whisker[checkbox]:Brute force usernames via directories" value="no"/>
<setting name="HTTP login page[entry]:Login form fields : = user=%USER%&pass" value="%PASS%"/>
<setting name="HTTP login page[entry]:Login form fields : = user=%USER%&pass" value="%PASS%"/>
<setting name="HTTP login page[entry]:Login form fields : = user=%USER%&pass" value="%PASS%"/>
<setting name="HTTP login page[entry]:Login form fields : = user=%USER%&pass" value="%PASS%"/>
<setting name="HTTP login page[entry]:Login form fields : = user=%USER%&pass" value="%PASS%"/>
<setting name="HTTP login page[entry]:Login form fields : = user=%USER%&pass" value="%PASS%"/>
<setting name="HTTP login page[entry]:Login form fields : = user=%USER%&pass" value="%PASS%"/>
<setting name="HTTP login page[entry]:Login form fields : = user=%USER%&pass" value="%PASS%"/>
<setting name="HTTP login page[entry]:Login form fields : = user=%USER%&pass" value="%PASS%"/>
<setting name="HTTP login page[entry]:Login form fields : = user=%USER%&pass" value="%PASS%"/>
<setting name="HTTP login page[entry]:Login form fields : = user=%USER%&pass" value="%PASS%"/>
<setting name="HTTP login page[entry]:Login form fields : = user=%USER%&pass" value="%PASS%"/>
<setting name="HTTP login page[entry]:Login form fields : = user=%USER%&pass" value="%PASS%"/>
<setting name="HTTP login page[entry]:Login form fields : = user=%USER%&pass" value="%PASS%"/>
<setting name="Nikto[checkbox]:Force scan all possible CGI directories" value="no"/>
<setting name="Nikto[checkbox]:Force full (generic) scan" value="no"/>
<setting name="HTTP login page[entry]:Login form fields : = user=%USER%&pass" value="%PASS%"/>
<setting name="HTTP login page[entry]:Login form fields : = user=%USER%&pass" value="%PASS%"/>
<setting name="HTTP login page[entry]:Login form fields : = user=%USER%&pass" value="%PASS%"/>
<setting name="HTTP login page[entry]:Login form fields : = user=%USER%&pass" value="%PASS%"/>
<setting name="HTTP login page[entry]:Login form fields : = user=%USER%&pass" value="%PASS%"/>
<setting name="HTTP login page[entry]:Login form fields : = user=%USER%&pass" value="%PASS%"/>
<setting name="HTTP login page[entry]:Login form fields : = user=%USER%&pass" value="%PASS%"/>
<setting name="HTTP login page[entry]:Login form fields : = user=%USER%&pass" value="%PASS%"/>
<setting name="HTTP login page[entry]:Login form fields : = user=%USER%&pass" value="%PASS%"/>
<setting name="HTTP login page[entry]:Login form fields : = user=%USER%&pass" value="%PASS%"/>
<setting name="HTTP login page[entry]:Login form fields : = user=%USER%&pass" value="%PASS%"/>
<setting name="HTTP login page[entry]:Login form fields : = user=%USER%&pass" value="%PASS%"/>
<setting name="HTTP login page[entry]:Login form fields : = user=%USER%&pass" value="%PASS%"/>
<setting name="HTTP login page[entry]:Login form fields : = user=%USER%&pass" value="%PASS%"/>
<setting name="HTTP login page[entry]:Login form fields : = user=%USER%&pass" value="%PASS%"/>
<setting name="Brute force login (Hydra)[file]:Logins file :" value=""/>
<setting name="Brute force login (Hydra)[file]:Passwords file :" value=""/>
<setting name="Brute force login (Hydra)[entry]:Web page to brute force :" value=""/>
<setting name="HTTP NIDS evasion[entry]:Force protocol string :" value=""/>
<setting name="HTTP login page[entry]:Login form :" value=""/>
<setting name="HTTP login page[entry]:Login form fields :" value="user=%USER%&pass=%PASS%"/>
<setting name="Services[file]:SSL certificate :" value=""/>
<setting name="Services[file]:SSL private key :" value=""/>
<setting name="Services[password]:PEM password :" value=""/>
<setting name="Services[file]:CA file :" value=""/>
<setting name="Login configurations[entry]:HTTP account :" value=""/>
<setting name="Login configurations[password]:HTTP password (sent in clear) :" value=""/>
<setting name="Login configurations[entry]:NNTP account :" value=""/>
<setting name="Login configurations[password]:NNTP password (sent in clear) :" value=""/>
<setting name="Login configurations[entry]:POP2 account :" value=""/>
<setting name="Login configurations[password]:POP2 password (sent in clear) :" value=""/>
<setting name="Login configurations[entry]:POP3 account :" value=""/>
<setting name="Login configurations[password]:POP3 password (sent in clear) :" value=""/>
<setting name="Login configurations[entry]:IMAP account :" value=""/>
<setting name="Login configurations[password]:IMAP password (sent in clear) :" value=""/>
<setting name="Login configurations[entry]:SMB account :" value=""/>
<setting name="Login configurations[password]:SMB password :" value=""/>
<setting name="Login configurations[entry]:SMB domain (optional) :" value=""/>
<setting name="Login configurations[entry]:SNMP community (sent in clear) :" value=""/>
<setting name="Nmap[entry]:Data length :" value=""/>
<setting name="Nmap[entry]:Ports scanned in parallel (max)" value=""/>
<setting name="Nmap[entry]:Host Timeout (ms) :" value=""/>
<setting name="Nmap[entry]:Min RTT Timeout (ms) :" value=""/>
<setting name="Nmap[entry]:Max RTT Timeout (ms) :" value=""/>
<setting name="Nmap[entry]:Initial RTT timeout (ms)" value=""/>
<setting name="Nmap[entry]:Minimum wait between probes (ms)" value=""/>
<setting name="Nmap[file]:File containing nmap's results :" value="/home/hroom/hosts.nmap"/>
</plugins>
</config>
<plugins>
<plugin id="10698">
<name>WebLogic Server /%00/ bug</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id></cve_id>
<bugtraq_id>2513</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Make a request like http://www.example.com/%00/</summary>
<copyright>This script is Copyright (C) 2001 StrongHoldNet</copyright>
</plugin>
<plugin id="10777">
<name>Zope AZlass permission mapping bug</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2001-0567</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks Zope version</summary>
<copyright>This script is Copyright (C) 2001 Alert4Web.com</copyright>
</plugin>
<plugin id="10964">
<name>Windows Debugger flaw can Lead to Elevated Privileges (Q320206)</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2002-0367</cve_id>
<bugtraq_id>4287</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for MS Hotfix Q320206, Elevated Privilege</summary>
<copyright>This script is Copyright (C) 2002 Michael Scheidell</copyright>
</plugin>
<plugin id="11399">
<name>ClearTrust XSS</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7108</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for ClearTrust XSS</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10584">
<name>technote's main.cgi</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-0075</cve_id>
<bugtraq_id>2156</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /technote/main.cgi</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10916">
<name>Local users information : Passwords never expires</name>
<version>$Revision: 1.2 $</version>
<family>Windows : User management</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Lists the local users that never logged in</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11531">
<name>PHPay Information Disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7313, 7310, 7309</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for the presence of phpinfo.php</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10278">
<name>Sendmail 8.6.9 ident</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id>CVE-1999-0204</cve_id>
<bugtraq_id>2311</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the version number</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10844">
<name>ASP.NET Cross Site Scripting</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Tests for ASP.NET CSS</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11736">
<name>gnocatan multiple buffer overflows</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Checks if the remote Gnocatan Server can be overflown</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10905">
<name>Users in the 'Print Operator' group</name>
<version>$Revision: 1.2 $</version>
<family>Windows : User management</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Lists the users that are in special groups</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11743">
<name>Post-Nuke Multiple XSS</name>
<version></version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7898, 7901</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Determines if post-nuke is vulnerable to XSS</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11188">
<name>X Font Service Buffer Overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CAN-2002-1317</cve_id>
<bugtraq_id></bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Crashes the remote XFS daemon</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10221">
<name>nsed service</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11677">
<name>ST FTP traversal</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id></cve_id>
<bugtraq_id>7674</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Attempts to break out of the FTP root</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10094">
<name>GirlFriend</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id>CAN-1999-0660</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the presence of GirlFriend</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11789">
<name>Flaw in message handling through utility mgr</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2003-0350</cve_id>
<bugtraq_id>8205</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for hotfix Q822679</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11073">
<name>readmsg.php detection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-1408</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for the presence of Cobal Cube webmail</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="11442">
<name>Samba TNG multiple flaws</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CAN-2003-0085</cve_id>
<bugtraq_id>7206, 7106</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>checks samba version</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10031">
<name>bootparamd service</name>
<version>$Revision: 1.2 $</version>
<family>NIS</family>
<cve_id>CAN-1999-0647</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11718">
<name>Lotus /./ database lock</name>
<version>$Revision: 1.2 $</version>
<family>Denial of Service</family>
<cve_id>CVE-2001-0954</cve_id>
<bugtraq_id>3656</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Locks out Lotus database with /./ request</summary>
<copyright>This script is Copyright (C) 2003 Michel Arboi</copyright>
</plugin>
<plugin id="11447">
<name>Nuked-klan Cross Site Scripting Bugs</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>6916, 6917</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determine if Nuked-klan is vulnerable to xss attack</summary>
<copyright>This script is Copyright (C) 2003 k-otik.com</copyright>
</plugin>
<plugin id="11109">
<name>Achievo code injection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>5552</bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Checks for the presence of Achievo</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10634">
<name>proftpd exhaustion attack</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id></cve_id>
<bugtraq_id>6341</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Checks if the version of the remote proftpd</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="11340">
<name>SSH Secure-RPC Weak Encrypted Authentication</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id>CVE-2001-0259</cve_id>
<bugtraq_id>2222</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for the remote SSH version</summary>
<copyright>This script is Copyright (C) 2003 Xue Yong Zhi</copyright>
</plugin>
<plugin id="10925">
<name>Oracle Jserv Executes outside of doc_root</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id>CAN-2001-0307</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Oracle Jserv Server type and version</summary>
<copyright>This script is Copyright (C) 2002 Michael Scheidell</copyright>
</plugin>
<plugin id="11601">
<name>MailMaxWeb Path Disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for MailMaxWeb</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10948">
<name>qpopper options buffer overflow</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id>CVE-2001-1046</cve_id>
<bugtraq_id>2811</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>qpopper options buffer overflow</summary>
<copyright>This script is Copyright (C) 2002 Thomas Reinke</copyright>
</plugin>
<plugin id="10693">
<name>NTLMSSP Privilege Escalation</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2001-0016</cve_id>
<bugtraq_id>2348</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determines whether the hotfix Q280119 is installed</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="11696">
<name>IRCXPro Clear Text Passwords</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id>7792</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks settings.init</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11478">
<name>paFileDB SQL injection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7183</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Determine if pafiledb is vulnerable to a SQL injection</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11501">
<name>Justice guestbook</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7233, 7234</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for the presence of cfooter.php3</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11231">
<name>Unchecked Buffer in XP Redirector (Q810577)</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2003-0004</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for MS Hotfix Q810577</summary>
<copyright>This script is Copyright (C) 2003 SECNAP Network Security</copyright>
</plugin>
<plugin id="11559">
<name>Network Chemistry Wireless Sensor Detection</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Detects Wireless Sensor</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11763">
<name>Kerio WebMail interface flaws</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id></cve_id>
<bugtraq_id>7966, 7967, 7968</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for Kerio MailServer</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11021">
<name>irix rpc.passwd overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CAN-2002-0357</cve_id>
<bugtraq_id>4939</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>heap overflow through rpc.passwd</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11567">
<name>CommunigatePro Hijacking</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the version of the remote CommunigatePro web Server</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11565">
<name>.forward in FTP root</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>downloads the remote .forward file</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11562">
<name>The ScriptLogic service is running</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id>7477, 7575</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the presence of the ScriptLogic service</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10745">
<name>WorldClient for MDaemon Server Detection</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Check for WorldClient for MDaemon</summary>
<copyright>This script is Copyright (C) 2001 SecuriTeam</copyright>
</plugin>
<plugin id="11095">
<name>webcart.cgi</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>3453</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Detects webcart.cgi</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="10341">
<name>Pocsag password</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id>CVE-2000-0225</cve_id>
<bugtraq_id>1032</bugtraq_id>
<category>attack</category>
<risk>Low</risk>
<summary>log in using password 'password'</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11636">
<name>ttCMS code injection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7542, 7543, 7625</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Attempts to include a file</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11275">
<name>GOsa code injection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Checks for the presence of remotehtmlview.php</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11755">
<name>CesarFTP multiple overflows</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id></cve_id>
<bugtraq_id>7950, 7946</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>CesarFTP overflows</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11491">
<name>Sambar default CGI info disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7207, 7208</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Tests for testcgi.exe and environ.pl</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10186">
<name>Portal of Doom</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id>CAN-1999-0660</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the presence of Portal of Doom</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10583">
<name>dcforum</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2001-0527</cve_id>
<bugtraq_id>2728</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/dcforum</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10855">
<name>Oracle XSQLServlet XSQLConfig.xml File</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-0568</cve_id>
<bugtraq_id>4290</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Tests for presence of XSQLConfig.xml</summary>
<copyright>This script is Copyright (C) 2002 Matt Moore</copyright>
</plugin>
<plugin id="11299">
<name>MySQL double free()</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id>CAN-2003-0073</cve_id>
<bugtraq_id>6718</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for the remote MySQL version</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10302">
<name>robot(s).txt exists on the Web Server</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>Medium</risk>
<summary>robot(s).txt exists on the Web Server</summary>
<copyright>This script is Copyright (C) 1999 SecuriTeam</copyright>
</plugin>
<plugin id="11070">
<name>PGPMail.pl detection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-0937</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the presence of PGPMail.pl</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="10924">
<name>csSearch.cgi</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2002-0495</cve_id>
<bugtraq_id>4368</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/csSearch.cgi</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11661">
<name>Unpassworded iiprotect administrative interface</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines if iisprotect is password-protected</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10551">
<name>Obtain network interfaces list via SNMP</name>
<version>$Revision: 1.2 $</version>
<family>SNMP</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Enumerates processes via SNMP</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10804">
<name>rwhois format string attack (2)</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id>CAN-2001-0913</cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Determines if rwhois is vulnerable to a format string attack</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10802">
<name>OpenSSH < 3.0.1</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id>CVE-2002-0083</cve_id>
<bugtraq_id>3560, 4560, 4241</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for the remote SSH version</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="11775">
<name>Sambar CGIs path disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Some CGIs reveal the web server installation directory</summary>
<copyright>This script is Copyright (C) 2003 Michel Arboi</copyright>
</plugin>
<plugin id="10826">
<name>Unprotected Netware Management Portal</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Unprotected Netware Management Portal</summary>
<copyright>This script is Copyright (C) 2001 Digital Defense Inc.</copyright>
</plugin>
<plugin id="10963">
<name>Compaq Web Based Management Agent Proxy Vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Compaq Web Based Management Agent Proxy Vulnerability</summary>
<copyright>This script is Copyright (C) 2002 Digital Defense Inc.</copyright>
</plugin>
<plugin id="10730">
<name>Raptor FW version 6.5 detection</name>
<version>$Revision: 1.2 $</version>
<family>Firewalls</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks if the remote host is protected by Raptor FW 6.5</summary>
<copyright>This script is Copyright (C) 2000 Holm Diening</copyright>
</plugin>
<plugin id="11415">
<name>SquirrelMail's Cross Site Scripting</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-1276, CAN-2002-1341</cve_id>
<bugtraq_id>7019, 6302</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determine if a remote host is vulnerable to xss attack</summary>
<copyright>This script is Copyright (C) 2003 Xue Yong Zhi</copyright>
</plugin>
<plugin id="11676">
<name>Post-Nuke Rating System Denial Of Service</name>
<version></version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7702</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determine if a remote host is vulnerable to the postnuke rating dos vulnerability</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10429">
<name>SMB Registry : permissions of winlogon</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-1999-0589</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines the access rights of a remote key</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11001">
<name>MRTG mrtg.cgi File Disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-0232</cve_id>
<bugtraq_id>4017</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>checks for mrtg.cgi</summary>
<copyright>This script is Copyright (C) 2002 Digital Defense Inc.</copyright>
</plugin>
<plugin id="10122">
<name>imagemap.exe</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-0951</cve_id>
<bugtraq_id>739</bugtraq_id>
<category>mixed</category>
<risk>Serious</risk>
<summary>Overflows /cgi-bin/imagemap.exe</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10466">
<name>WFTP RNTO DoS</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CAN-2000-0648</cve_id>
<bugtraq_id>1456</bugtraq_id>
<category>mixed</category>
<risk>Serious</risk>
<summary>Crashes the remote ftp server</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11267">
<name>OpenSSL password interception</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id>CAN-2003-0078, CAN-2003-0131</cve_id>
<bugtraq_id>6884, 7148</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for version of OpenSSL</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10158">
<name>NIS server</name>
<version>$Revision: 1.2 $</version>
<family>NIS</family>
<cve_id>CAN-1999-0620</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11514">
<name>Netgear ProSafe Router password disclosure</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id>7270, 7267</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Enumerates user and password via soap</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10277">
<name>AnyForm</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-0066</cve_id>
<bugtraq_id>719</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of AnyForm2</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10820">
<name>F5 Device Default Support Password</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>F5 Device Default Support Password</summary>
<copyright>This script is Copyright (C) 2001 Digital Defense Inc.</copyright>
</plugin>
<plugin id="10195">
<name>Usable remote proxy</name>
<version>$Revision: 1.2 $</version>
<family>Firewalls</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Determines if we can use the remote web proxy</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10674">
<name>Microsoft's SQL UDP Info Query</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Microsoft's SQL UDP Info Query</summary>
<copyright>This script is Copyright (C) 2001 H D Moore</copyright>
</plugin>
<plugin id="11356">
<name>Mountable NFS shares</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id>CVE-1999-0170, CVE-1999-0211, CAN-1999-0554</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for NFS</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10998">
<name>Shiva LanRover Blank Password</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for a blank password for the root account.</summary>
<copyright>This script is Copyright (C) 2002 Digital Defense Incorporated</copyright>
</plugin>
<plugin id="11787">
<name>SMB Request Handler Buffer Overflow</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2003-0345</cve_id>
<bugtraq_id>8152</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for hotfix Q817606</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10591">
<name>pagelog.cgi</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2000-0940</cve_id>
<bugtraq_id>1864</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/pagelog.cgi</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11518">
<name>Checkpoint Firewall open Web adminstration</name>
<version>$Revision: 1.2 $</version>
<family>Firewalls</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determines if the remote Checkpoint Firewall is open to Web adminstration</summary>
<copyright>This script is Copyright (C) 2003 Matthew North</copyright>
</plugin>
<plugin id="11493">
<name>Sambar Default Accounts</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Tests for default accounts</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10647">
<name>ntpd overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CVE-2001-0414</cve_id>
<bugtraq_id>2540</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>crashes the remote ntpd</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10767">
<name>Tests for Nimda Worm infected HTML files</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Tests for Nimda Worm infected HTML files</summary>
<copyright>This script is Copyright (C) 2001 Matt Moore</copyright>
</plugin>
<plugin id="10923">
<name>Squid overflows</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id>CVE-2002-0068</cve_id>
<bugtraq_id>4148</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines squid version</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10529">
<name>Nortel Networks passwordless router (user level)</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Logs into the remote Nortel Networks (Bay Networks) router</summary>
<copyright>This script is Copyright (C) 2000 Victor Kirhenshtein</copyright>
</plugin>
<plugin id="11765">
<name>scan for UPNP/Tcp hosts</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>UPNP/tcp scan</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10188">
<name>printenv</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for the presence of /cgi-bin/printenv</summary>
<copyright>This script is Copyright (C) 2000 Hendrik Scholz</copyright>
</plugin>
<plugin id="11440">
<name>Bonsai Mutiple Flaws</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2003-0152, CAN-2003-0153, CAN-2003-0154, CAN-2003-0155</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determine if bonsai is vulnerable to xss attack</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10309">
<name>Passwordless Wingate installed</name>
<version>$Revision: 1.2 $</version>
<family>Firewalls</family>
<cve_id>CVE-1999-0291</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Determines if wingate is installed</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10733">
<name>InterScan VirusWall Remote Configuration Vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-0432</cve_id>
<bugtraq_id>2579</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Check if the remote Interscan is vulnerable to remote reconfiguration.</summary>
<copyright>INTRANODE - 2001</copyright>
</plugin>
<plugin id="10050">
<name>CSM Mail server MTA 'HELO' denial</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id>CVE-2000-0042</cve_id>
<bugtraq_id>895</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Overflows the remote SMTP server</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11345">
<name>SimpleBBS users disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7045</bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Checks for the presence of users.php</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10600">
<name>ICECast Format String</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CVE-2001-0197</cve_id>
<bugtraq_id>2264</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>icecast format string</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="11436">
<name>guestbook tr3 password storage</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7167</bugtraq_id>
<category>attack</category>
<risk>Low</risk>
<summary>Checks for the presence of passwd.txt</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11214">
<name>Microsoft's SQL Overflows</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2002-1137, CAN-2002-1138, CAN-2002-0649, CVE-2002-0650, CAN-2002-1145, CAN-2002-0644, CAN-2002-0645, CAN-2002-0721</cve_id>
<bugtraq_id>5310, 5311</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Microsoft's SQL UDP Info Query</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11323">
<name>Security issues in the remote version of FlashPlayer</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id>7005</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines the version of the remote flash plugin</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10974">
<name>CSCdi36962</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Uses SNMP to determine if a flaw is present</summary>
<copyright>This script is (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11139">
<name>wpoison (nasl version)</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Some common SQL injection techniques</summary>
<copyright>This script is Copyright (C) 2002 John Lampe...j_lampe@bellsouth.net</copyright>
</plugin>
<plugin id="11344">
<name>Domino traversal</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2001-0009</cve_id>
<bugtraq_id>2173</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>\..\..\file.txt</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11403">
<name>iPlanet Application Server Buffer Overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id>CAN-2002-0387</cve_id>
<bugtraq_id>7082</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines if Sun ONE AS SP1 is applied</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11220">
<name>Netscape /.perf accessible</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Makes a request like http://www.example.com/.perf</summary>
<copyright>This script is Copyright (C) 2003 Sullo</copyright>
</plugin>
<plugin id="11684">
<name>rot13sj.cgi</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Checks for rot13sj.cgi</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10753">
<name>AOLserver Default Password</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>AOLserver Default Password</summary>
<copyright>This script is Copyright (C) 2001 SecuriTeam</copyright>
</plugin>
<plugin id="10731">
<name>HealthD detection</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>HealthD detection</summary>
<copyright>This script is Copyright (C) 2001 SecuriTeam</copyright>
</plugin>
<plugin id="11654">
<name>ShareMailPro Username Identification</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id>7658</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for the pop login error</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10879">
<name>Shell Command Execution Vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Checks for the filtering of dangerous meta characters from network binded scripts</summary>
<copyright>This script is Copyright (C) 2001 SecurITeam</copyright>
</plugin>
<plugin id="10226">
<name>rquotad service</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id>CAN-1999-0625</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11453">
<name>Kebi Academy Directory Traversal</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7125</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>kebi academy is vulnerable to an exploit which lets an attacker view any file that the cgi/httpd user has access to.</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10983">
<name>CSCdu20643</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id>CVE-2002-0339</cve_id>
<bugtraq_id>4191</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Uses SNMP to determine if a flaw is present</summary>
<copyright>This script is (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11468">
<name>php socket_iovec_alloc() integer overflow</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2003-0172</cve_id>
<bugtraq_id>7187, 7197, 7198, 7199, 7210, 7256, 7259</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for version of PHP</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11336">
<name>Cumulative patches for Excel and Word for Windows</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2002-0616, CVE-2002-0617, CVE-2002-0618, CVE-2002-0619</cve_id>
<bugtraq_id>4821</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines the version of WinWord.exe and Excel.exe</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11525">
<name>WWW fingerprinting</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Identifies the web server with OPTION</summary>
<copyright>This script is Copyright (C) 2003 Michel Arboi</copyright>
</plugin>
<plugin id="10058">
<name>Domino HTTP server exposes the set up of the filesystem</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2000-0021</cve_id>
<bugtraq_id>881</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>obtains absolute path to cgi-bin</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10080">
<name>Linux FTP backdoor</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CAN-1999-0452</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the NULL ftpd backdoor</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10779">
<name>CGIEmail's CGICso (Send CSO via CGI) Command Execution Vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>6141</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determine if a remote host is vulnerable to the cgicso vulnerability</summary>
<copyright>This script is Copyright (C) 2001 SecurITeam</copyright>
</plugin>
<plugin id="10829">
<name>scan for UPNP hosts</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2001-0876</cve_id>
<bugtraq_id>3723</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>UPNP scan</summary>
<copyright>This script is Copyright (C) 2001 by John Lampe</copyright>
</plugin>
<plugin id="10902">
<name>Users in the Admin group</name>
<version>$Revision: 1.2 $</version>
<family>Windows : User management</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Lists the users that are in special groups</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10876">
<name>Delta UPS Daemon Detection</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Delta UPS Daemon Detection</summary>
<copyright>This script is Copyright (C) 2002 SecurITeam</copyright>
</plugin>
<plugin id="11459">
<name>SMB Registry : Do not show the last user name</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Determines the value of a remote key</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11057">
<name>Raptor Weak ISN</name>
<version>$Revision: 1.2 $</version>
<family>Firewalls</family>
<cve_id>CAN-2002-1463</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>checks for ISN</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11370">
<name>fpcount.exe overflow</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-1999-1376</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Is fpcount.exe installed ?</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10836">
<name>Agora CGI Cross Site Scripting</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2001-1199</cve_id>
<bugtraq_id>3702</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Tests for Agora CGI Cross Site Scripting</summary>
<copyright>This script is Copyright (C) 2002 Matt Moore</copyright>
</plugin>
<plugin id="11040">
<name>HTTP TRACE</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>None</risk>
<summary>Look for an HTTP proxy on the way</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="11431">
<name>XoloX is installed</name>
<version>$Revision: 1.2 $</version>
<family>Peer-To-Peer File Sharing</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Determines if XoloX is installed</summary>
<copyright>This script is Copyright (C) 2003 Xue Yong Zhi</copyright>
</plugin>
<plugin id="10290">
<name>Upload cgi</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/upload.cgi</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11140">
<name>UDDI detection</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Find UDDI</summary>
<copyright>This script is Copyright (C) 2002 John Lampe...j_lampe@bellsouth.net</copyright>
</plugin>
<plugin id="11641">
<name>BadBlue Remote Administrative Interface Access</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Get the version of the remote badblue server</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10057">
<name>Lotus Domino ?open Vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the domino ?open feature</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11492">
<name>Sambar XSS</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7209</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Tests for XSS attacks</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10345">
<name>Passwordless Cayman DSL router</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id>CAN-1999-0508</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Notifies that the remote cayman router has no password</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11461">
<name>Adcycle Password Disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2000-1161</cve_id>
<bugtraq_id>1969</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/build.cgi</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11542">
<name>Web Wiz Forums database disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7380</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for wwforum.mdb</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10548">
<name>Enumerate Lanman shares via SNMP</name>
<version>$Revision: 1.2 $</version>
<family>SNMP</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Enumerates shares via SNMP</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10464">
<name>proftpd 1.2.0preN check</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CVE-1999-0368</cve_id>
<bugtraq_id>2242</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Checks if the version of the remote proftpd</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11629">
<name>Poster version.two privilege escalation</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determines owl is installed</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11279">
<name>Webmin Session ID Spoofing</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CAN-2003-0101</cve_id>
<bugtraq_id>6915</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Spoofs a session ID</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10348">
<name>ows-bin</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0169</cve_id>
<bugtraq_id>1053</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks if ows-bin is vulnerable</summary>
<copyright>This script is Copyright (C) 2000 Noam Rathaus</copyright>
</plugin>
<plugin id="10920">
<name>RemotelyAnywhere WWW detection</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>None</risk>
<summary>Detect RemotelyAnywhere www server</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="10838">
<name>FastCGI Echo.exe Cross Site Scripting</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>Low</risk>
<summary>Tests for FastCGI Echo.exe Cross Site Scripting</summary>
<copyright>This script is Copyright (C) 2002 Matt Moore</copyright>
</plugin>
<plugin id="11515">
<name>AutomatedShops WebC.cgi installed</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for the presence of webc.cgi</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11449">
<name>ezPublish Cross Site Scripting Bugs</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2003-0310</cve_id>
<bugtraq_id>7137, 7138</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determine if ezPublish is vulnerable to xss attack</summary>
<copyright>This script is Copyright (C) 2003 k-otik.com</copyright>
</plugin>
<plugin id="10340">
<name>rpm_query CGI</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0192</cve_id>
<bugtraq_id>1036</bugtraq_id>
<category>attack</category>
<risk>Low</risk>
<summary>checks for rpm_query</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11700">
<name>ImageFolio Default Password</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Logs in as Admin/ImageFolio</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11645">
<name>wsmp3d command execution</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Executes /bin/id</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11325">
<name>Word can lead to Script execution on mail reply</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2002-1056</cve_id>
<bugtraq_id>4397</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determines the version of WinWord.exe</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10261">
<name>Sendmail mailing to programs</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id>CAN-1999-0163</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks if the remote mail server can be used to gain a shell</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11741">
<name>lednews XSS</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7920</bugtraq_id>
<category>attack</category>
<risk>Medium</risk>
<summary>Checks for the presence of lednews</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11441">
<name>Mambo Site Server 4.0.10 XSS</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7135</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determine if Mambo Site Server is vulnerable to xss attack</summary>
<copyright>This script is Copyright (C) 2003 k-otik.com</copyright>
</plugin>
<plugin id="10827">
<name>SysV /bin/login buffer overflow (telnet)</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CVE-2001-0797</cve_id>
<bugtraq_id>3681, 7481</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Attempts to overflow /bin/login</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="11646">
<name>Turba Path Disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for status.php</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11544">
<name>MonkeyWeb POST with too much data</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CAN-2003-0218</cve_id>
<bugtraq_id></bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Web server overflow with POST data</summary>
<copyright>This script is Copyright (C) 2003 Michel Arboi</copyright>
</plugin>
<plugin id="10909">
<name>Brute force login (Hydra)</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id>CAN-1999-0502, CAN-1999-0505, CAN-1999-0516, CAN-1999-0518</cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Accounts brute force</summary>
<copyright>(c) Van Hauser / Nessus port by rd</copyright>
</plugin>
<plugin id="11623">
<name>miniPortail Cookie Admin Access</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2003-0272</cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Determine if miniPortail can abused</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11242">
<name>Unpassworded demos account</name>
<version>$Revision: 1.2 $</version>
<family>Default Unix Accounts</family>
<cve_id>CAN-1999-0502</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Logs into the remote host</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10822">
<name>Multiple WarFTPd DoS</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id></cve_id>
<bugtraq_id>2698</bugtraq_id>
<category>attack</category>
<risk>Medium</risk>
<summary>Checks if the version of the remote warftpd</summary>
<copyright>This script is Copyright (C) 2000 StrongHoldNET</copyright>
</plugin>
<plugin id="11211">
<name>GameSpy detection</name>
<version>$Revision: 1.2 $</version>
<family>Useless services</family>
<cve_id></cve_id>
<bugtraq_id>6636</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for the presence of a GameSpy server</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11653">
<name>Mantis Multiple Flaws</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-1110, CAN-2002-1111, CAN-2002-1112, CAN-2002-1113, CAN-2002-1114</cve_id>
<bugtraq_id>5563, 5565, 5509, 5504, 5510, 5514, 5515</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the version of Mantis</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10774">
<name>ShopPlus Arbitrary Command Execution</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-0992</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>ShopPlus Arbitrary Command Execution</summary>
<copyright>This script is Copyright (C) 2001 SecuriTeam</copyright>
</plugin>
<plugin id="10426">
<name>SMB Registry : permissions of Schedule</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-1999-0589</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines the access rights of a remote key</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10416">
<name>Sambar /sysadmin directory 2</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>2255</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Sambar webserver installed ?</summary>
<copyright>This script is Copyright (C) 2000 Hendrik Scholz</copyright>
</plugin>
<plugin id="10065">
<name>EZShopper 3.0</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2000-0187</cve_id>
<bugtraq_id>1014</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the presence of EZShopper's CGIs</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10372">
<name>/scripts/repost.asp</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Determines whether /scripts/repost.asp is present</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10934">
<name>MS FTPd DoS</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CVE-2002-0073</cve_id>
<bugtraq_id>4482</bugtraq_id>
<category>mixed</category>
<risk>Medium</risk>
<summary>Checks if the remote ftp can be crashed</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10156">
<name>Netscape FastTrack 'get'</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-0239</cve_id>
<bugtraq_id>481</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>'get / ' gives a directory listing</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10746">
<name>Compaq WBEM Server Detection</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Compaq WBEM Server Detect</summary>
<copyright>This script is Copyright (C) 2001 SecuriTeam</copyright>
</plugin>
<plugin id="10754">
<name>Cisco password not set</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id>CAN-1999-0508</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the absence of a password</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10568">
<name>bftpd format string vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Checks if the remote bftpd daemon is vulnerable to a format string attack</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11272">
<name>ISMail overflow</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Checks if the remote mail server can be used to gain a shell</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10559">
<name>XMail APOP Overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CAN-2000-0841</cve_id>
<bugtraq_id>1652</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Attempts to overflow the APOP command</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11596">
<name>SLMail WebMail overflows</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Determines if the remote SLWebMail server is flawed</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10544">
<name>format string attack against statd</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id>CVE-2000-0666</cve_id>
<bugtraq_id>1480</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11503">
<name>cc_guestbook.pl XSS</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7237</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for the presence of view.php</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11714">
<name>Non-Existant Page Physical Path Disclosure Vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>4261</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Tests for a Generic Physical Path Disclosure Vulnerability</summary>
<copyright>This script is Copyright (C) 2003 Michel Arboi</copyright>
</plugin>
<plugin id="11479">
<name>paFileDB XSS</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>6021</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determine if pafiledb is vulnerable to XSS</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11106">
<name>NetTools command execution</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2001-0899</cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Executed 'id' through index.php</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11466">
<name>NiteServer FTP directory traversal</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id></cve_id>
<bugtraq_id>6648</bugtraq_id>
<category>infos</category>
<risk>WARNING: no 'Risk Factor' found !</risk>
<summary>Attempts to set the current directory to the root of the disk</summary>
<copyright>This script is Copyright (C) 2003 Michel Arboi</copyright>
</plugin>
<plugin id="11771">
<name>WebAdmin detection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of webadmin.dll</summary>
<copyright>This script is Copyright (C) 2003 Michel Arboi</copyright>
</plugin>
<plugin id="10317">
<name>wrap</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-0149</cve_id>
<bugtraq_id>373</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for the presence of /cgi-bin/wrap</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10181">
<name>PlusMail vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2000-0074</cve_id>
<bugtraq_id>2653</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/plusmail</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10911">
<name>Local users information : automatically disabled accounts</name>
<version>$Revision: 1.2 $</version>
<family>Windows : User management</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Lists the users that have special privileges</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10299">
<name>webdist.cgi</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-0039</cve_id>
<bugtraq_id>374</bugtraq_id>
<category>mixed</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/webdist.cgi</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10582">
<name>HTTP version spoken</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>None</risk>
<summary>HTTP version</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11107">
<name>viralator</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-0849</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/viralator.cgi</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11759">
<name>Cajun p13x DoS</name>
<version>$Revision: 1.2 $</version>
<family>Denial of Service</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Crashes a Cajun switch</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10606">
<name>HSWeb document path</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-0200</cve_id>
<bugtraq_id>2336</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Retrieve the real path using /cgi</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10987">
<name>CSCdw67458</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id>CAN-2002-0012, CAN-2002-0013</cve_id>
<bugtraq_id>4088</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Uses SNMP to determine if a flaw is present</summary>
<copyright>This script is (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11589">
<name>PT News Unauthorized Administrative Access</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7394</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determine if PTNews grants administrative access to everyone</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11287">
<name>CSCdt56514</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Uses SNMP to determine if a flaw is present</summary>
<copyright>This script is (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10164">
<name>nph-publish.cgi</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-1177</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/nph-publish.cgi</summary>
<copyright>This script is Copyright (C) 1999 Mathieu Perrin</copyright>
</plugin>
<plugin id="10589">
<name>iPlanet Directory Server traversal</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-1075</cve_id>
<bugtraq_id>1839</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>/\../\../\file.txt</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11022">
<name>eDonkey detection</name>
<version>$Revision: 1.2 $</version>
<family>Peer-To-Peer File Sharing</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Detect eDonkey</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="11722">
<name>cgiWebupdate.exe vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-1150</cve_id>
<bugtraq_id>3216</bugtraq_id>
<category>mixed</category>
<risk>Serious</risk>
<summary>Checks for the cgiWebupdate.exe file</summary>
<copyright>This script is Copyright (C) 2003 John Lampe</copyright>
</plugin>
<plugin id="10044">
<name>Checkpoint FW-1 identification</name>
<version>$Revision: 1.2 $</version>
<family>Firewalls</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Determines if the remote host is a FW/1</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10651">
<name>cfinger's version</name>
<version>$Revision: 1.2 $</version>
<family>Finger abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>cfinger version</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10455">
<name>Buffer Overrun in ITHouse Mail Server v1.04</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id>CVE-2000-0488</cve_id>
<bugtraq_id>1285</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks if the remote smtp server is ITHouse Mail Server</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10549">
<name>BIND vulnerable to ZXFR bug</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id>CVE-2000-0887</cve_id>
<bugtraq_id>1923</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the remote BIND version</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10354">
<name>vqServer administrative port</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Detect vqServer's administrative port</summary>
<copyright>This script is Copyright (C) 2000 SecuriTeam</copyright>
</plugin>
<plugin id="11800">
<name>Linux nfs-utils xlog() off-by-one overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CAN-2003-0252</cve_id>
<bugtraq_id>8179</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Checks for NFS</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10901">
<name>Users in the 'Account Operator' group</name>
<version>$Revision: 1.2 $</version>
<family>Windows : User management</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Lists the users that are in special groups</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10861">
<name>IE 5.01 5.5 6.0 Cumulative patch</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2003-0113, CAN-2003-0114, CAN-2003-0115, CAN-2003-0116, CAN-2003-1326, CAN-2003-1328, CAN-2002-1262, CAN-2002-0193</cve_id>
<bugtraq_id>3578</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines whether the hotfix Q818529 is installed</summary>
<copyright>This script is Copyright (C) 2002 Michael Scheidell</copyright>
</plugin>
<plugin id="10528">
<name>Nortel Networks passwordless router (manager level)</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Logs into the remote Nortel Networks (Bay Networks) router</summary>
<copyright>This script is Copyright (C) 2000 Victor Kirhenshtein</copyright>
</plugin>
<plugin id="11384">
<name>Public CVS pserver</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Logs into the remote CVS server</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11555">
<name>AN HTTPd count.pl file truncation</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7397</bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Creates a file on the remote server</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10362">
<name>ASP source using ::$DATA trick</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-0278</cve_id>
<bugtraq_id>149</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>downloads the source of ASP scripts</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11144">
<name>Flaw in Certificate Enrollment Control (Q323172)</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2002-0699</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for MS Hotfix Q323172, Certificate Enrollment Flaw</summary>
<copyright>This script is Copyright (C) 2002 SECNAP Network Security, LLC</copyright>
</plugin>
<plugin id="11285">
<name>CSCdy26428</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id>CAN-2002-1222</cve_id>
<bugtraq_id>5976</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Uses SNMP to determine if a flaw is present</summary>
<copyright>This script is (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11317">
<name>Discover HP JetDirect EWS Password via SNMP</name>
<version>$Revision: 1.2 $</version>
<family>SNMP</family>
<cve_id>CAN-2002-1048</cve_id>
<bugtraq_id>7001</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Enumerates password of JetDirect Web Server via SNMP</summary>
<copyright>This script is Copyright (C) 2003 Digital Defense, Inc.</copyright>
</plugin>
<plugin id="10521">
<name>Extent RBS ISP</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-1036</cve_id>
<bugtraq_id>1704</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of Extent RBS ISP 2.5</summary>
<copyright>This script is Copyright (C) 2000 Zorgon <zorgon@linuxstart.com></copyright>
</plugin>
<plugin id="10603">
<name>Winsock Mutex vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2001-0006</cve_id>
<bugtraq_id>2303</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Determines whether the hotfix Q279336 is installed</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="11689">
<name>Cisco IDS Device Manager Detection</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>WARNING: no 'Risk Factor' found !</risk>
<summary>Cisco IDS Management Web Server Detect</summary>
<copyright>This script is Copyright (C) Tenable Network Security</copyright>
</plugin>
<plugin id="10024">
<name>BackOrifice</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id>CAN-1999-0660</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines the presence of BackOrifice</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11191">
<name>WM_TIMER Message Handler Privilege Elevation (Q328310)</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2002-1230</cve_id>
<bugtraq_id>5927</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks Registry for WM_TIMER Privilege Elevation Hotfix (Q328310)</summary>
<copyright>This script is Copyright (C) 2002 Michael Scheidell</copyright>
</plugin>
<plugin id="11640">
<name>CesarFTP stores passwords in cleartext</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2003-0329</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>WARNING: no 'Risk Factor' found !</risk>
<summary>Determines the presence of CesarFTP's settings.ini</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10041">
<name>Cobalt RaQ2 cgiwrap</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-1530, CVE-2000-0431</cve_id>
<bugtraq_id>777, 1238</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/cgiwrap</summary>
<copyright>This script is Copyright (C) 1999 Mathieu Perrin</copyright>
</plugin>
<plugin id="11038">
<name>SMTP settings</name>
<version>$Revision: 1.2 $</version>
<family>Settings</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>settings</category>
<risk>None</risk>
<summary>SMTP settings</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi and Renaud Deraison</copyright>
</plugin>
<plugin id="10945">
<name>Opening Group Policy Files (Q318089)</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2002-0051</cve_id>
<bugtraq_id>4438</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determines whether the Group Policy patch (Q318593) is installed</summary>
<copyright>This script is Copyright (C) 2002 Michael Scheidell</copyright>
</plugin>
<plugin id="10936">
<name>IIS XSS via 404 error</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2002-0074</cve_id>
<bugtraq_id>4483</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Tests for IIS XSS via 404 errors</summary>
<copyright>This script is Copyright (C) 2002 Matt Moore</copyright>
</plugin>
<plugin id="10705">
<name>SimpleServer remote execution</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id></cve_id>
<bugtraq_id>3112</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Check the remote execution vulnerability in SimpleServer</summary>
<copyright>Mathieu Meadele <mm@omnix.net></copyright>
</plugin>
<plugin id="10627">
<name>ROADS' search.pl</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2001-0215</cve_id>
<bugtraq_id>2371</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/search.pl</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10890">
<name>HTTP NIDS evasion</name>
<version>$Revision: 1.2 $</version>
<family>Settings</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>settings</category>
<risk>None</risk>
<summary>NIDS evasion options</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi / Renaud Deraison</copyright>
</plugin>
<plugin id="10642">
<name>SMB Registry : SQL7 Patches</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2002-0642</cve_id>
<bugtraq_id>5205</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines if a key exists and is set</summary>
<copyright>This script is Copyright (C) 2001 Intranode <plugin@intranode.com></copyright>
</plugin>
<plugin id="10472">
<name>SSH Kerberos issue</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id>CVE-2000-0575</cve_id>
<bugtraq_id>1426</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the remote SSH version</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11657">
<name>Synchrologic User account information disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Determines if Synchrologic is installed</summary>
<copyright>This script is Copyright (C) 2003 John Lampe</copyright>
</plugin>
<plugin id="10761">
<name>Detect CIS ports</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Detect banner with ncacn_http</summary>
<copyright>This script is Copyright (C) 2001 Alert4Web.com</copyright>
</plugin>
<plugin id="11550">
<name>OpenBB SQL injection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7401, 7404, 7405</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Tests for SQL Injection</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11009">
<name>Lotus Domino Banner Information Disclosure Vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-0245</cve_id>
<bugtraq_id>4049</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Tests for Lotus Physical Path Disclosure Vulnerability</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10597">
<name>wwwwais</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-0223</cve_id>
<bugtraq_id></bugtraq_id>
<category>mixed</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/wwwwais</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10069">
<name>Finger zero at host feature</name>
<version>$Revision: 1.2 $</version>
<family>Finger abuses</family>
<cve_id>CAN-1999-0197</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Finger 0@host feature</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11630">
<name>php-proxima file reading</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Determines owl is installed</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10649">
<name>processit</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for the presence of /cgi-bin/processit</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="11378">
<name>MySQL mysqld Privilege Escalation Vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id>CAN-2003-0150</cve_id>
<bugtraq_id>7052</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the remote MySQL version</summary>
<copyright>This script is Copyright (C) 2003 StrongHoldNet</copyright>
</plugin>
<plugin id="10258">
<name>Sendmail's from piped program</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id>CVE-1999-0203</cve_id>
<bugtraq_id>2308</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks if the remote mail server can be used to gain a shell</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10194">
<name>Proxy accepts POST requests</name>
<version>$Revision: 1.2 $</version>
<family>Firewalls</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines if we can use the remote web proxy against any port</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10942">
<name>Check for a Citrix server</name>
<version>$Revision: 1.2 $</version>
<family>Useless services</family>
<cve_id></cve_id>
<bugtraq_id>7276</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>CITRIX check</summary>
<copyright>This script is Copyright (C) 2002 John Lampe...j_lampe@bellsouth.net</copyright>
</plugin>
<plugin id="10574">
<name>PHPix directory traversal vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0919</cve_id>
<bugtraq_id>1773</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>PHPix directory traversal vulnerability</summary>
<copyright>This script is Copyright (C) 2000 Zorgon <zorgon@linuxstart.com></copyright>
</plugin>
<plugin id="10056">
<name>/doc directory browsable ?</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-0678</cve_id>
<bugtraq_id>318</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Is /doc browsable ?</summary>
<copyright>This script is Copyright (C) 2000 Hendrik Scholz</copyright>
</plugin>
<plugin id="11414">
<name>IMAP Banner</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>WARNING: no 'Risk Factor' found !</risk>
<summary>displays the imap4 banner</summary>
<copyright>This script is Copyright (C) 2003 StrongHoldNet</copyright>
</plugin>
<plugin id="11256">
<name>Default password (guest) for guest</name>
<version>$Revision: 1.2 $</version>
<family>Default Unix Accounts</family>
<cve_id>CAN-1999-0502</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Logs into the remote host</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11241">
<name>Unpassworded EZsetup account</name>
<version>$Revision: 1.2 $</version>
<family>Default Unix Accounts</family>
<cve_id>CAN-1999-0502</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Logs into the remote host</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10002">
<name>IIS possible DoS using ExAir's advsearch</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-0449</cve_id>
<bugtraq_id>193</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determines the presence of an ExAir ASP</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11668">
<name>Webfroot shoutbox file inclusion</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Checks for the presence of shoutbox.php</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10613">
<name>Oracle XSQL Sample Application Vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Tests for Oracle XSQL Sample Application Vulnerability</summary>
<copyright>This script is Copyright (C) 2001 Matt Moore</copyright>
</plugin>
<plugin id="10760">
<name>Alcatel ADSL modem with firewalling off</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id>2568</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks Alcatel ADSL modem protection</summary>
<copyright>This script is Copyright (C) 2001 Alert4Web.com</copyright>
</plugin>
<plugin id="11000">
<name>MPEi/X Default Accounts</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for open accounts</summary>
<copyright>This script is Copyright (C) 2001 H D Moore</copyright>
</plugin>
<plugin id="10008">
<name>WebSite 1.0 buffer overflow</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id>CVE-1999-0178</cve_id>
<bugtraq_id>2078</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>WebSite 1.0 CGI arbitrary code execution</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10872">
<name>BadBlue Directory Traversal Vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>3913</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>BadBlue Directory Traversal Vulnerability</summary>
<copyright>This script is Copyright (C) 2002 SecurITeam</copyright>
</plugin>
<plugin id="11499">
<name>Sendmail buffer overflow due to type conversion</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id>CAN-2003-0161</cve_id>
<bugtraq_id>7230</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the version number</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10469">
<name>ipop2d reads arbitrary files</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id></cve_id>
<bugtraq_id>1484</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>checks if ipop2 allows the reading of any file</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11524">
<name>Coppermine Gallery Remote Command Execution</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7300</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the presence of db_input.php</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11785">
<name>ProductCart SQL Injection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>8103, 8105, 8108, 8112</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Determine if ProductCart is vulnerable to a sql injection attack</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11618">
<name>Remote host replies to SYN+FIN</name>
<version>$Revision: 1.2 $</version>
<family>Firewalls</family>
<cve_id></cve_id>
<bugtraq_id>7487</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Sends a SYN+FIN packet and expects a SYN+ACK</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10211">
<name>amd service</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id>CVE-1999-0704</cve_id>
<bugtraq_id>614</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10379">
<name>LCDproc server detection</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Find the presence of LCDproc</summary>
<copyright>This script is Copyright (C) 2000 SecuriTeam</copyright>
</plugin>
<plugin id="10142">
<name>MS Personal WebServer ...</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-0386</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>......../file.txt</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11010">
<name>WebSphere Cross Site Scripting</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>2401</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determine if the remote host is vulnerable to Cross Site Scripting vulnerability</summary>
<copyright>(c) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10966">
<name>IMAP4buffer overflow in the BODY command</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id>CVE-2002-0379</cve_id>
<bugtraq_id>4713</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>checks for a buffer overflow in imapd</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11672">
<name>Bandmin XSS</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2003-0416</cve_id>
<bugtraq_id>7729</bugtraq_id>
<category>attack</category>
<risk>Medium</risk>
<summary>Checks for Bandmin</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10203">
<name>rexecd</name>
<version>$Revision: 1.2 $</version>
<family>Useless services</family>
<cve_id>CAN-1999-0618</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for the presence of rexecd</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10349">
<name>sojourn.cgi</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0180</cve_id>
<bugtraq_id>1052</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/sojourn.cgi</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11703">
<name>WordPress code/sql injection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7785</bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Checks for the presence of WordPress</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10594">
<name>Oracle XSQL Stylesheet Vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2001-0126</cve_id>
<bugtraq_id>2295</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Tests for Oracle XSQL Stylesheet Vulnerability</summary>
<copyright>This script is Copyright (C) 2000 Matt Moore</copyright>
</plugin>
<plugin id="10645">
<name>ustorekeeper</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-0466</cve_id>
<bugtraq_id>2536</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/ustorekeeper.pl</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="11751">
<name>Dune Web Server Overflow</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7945</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Checks for Dune Overflow</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11750">
<name>Psunami.CGI Command Execution</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>6607</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for Psunami.CGI</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11149">
<name>HTTP login page</name>
<version>$Revision: 1.2 $</version>
<family>Settings</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>None</risk>
<summary>Log through HTTP page</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="11395">
<name>Microsoft Frontpage XSS</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2000-0746</cve_id>
<bugtraq_id>1594, 1595</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for the presence of a Frontpage XSS</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10912">
<name>Local users information : Can't change password</name>
<version>$Revision: 1.2 $</version>
<family>Windows : User management</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Lists the users that have special privileges</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10771">
<name>OpenSSH 2.5.x -> 2.9.x adv.option</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id>CVE-2001-0816</cve_id>
<bugtraq_id>3369</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for the remote SSH version</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="11066">
<name>SunSolve CD CGI user input validation</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-0436</cve_id>
<bugtraq_id>4269</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>SunSolve CD CGI scripts are vulnerable to a few user input validation problems</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="11248">
<name>Unpassworded date account</name>
<version>$Revision: 1.2 $</version>
<family>Default Unix Accounts</family>
<cve_id>CAN-1999-0502</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Logs into the remote host</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11026">
<name>Access Point detection</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Detects Wireless APs</summary>
<copyright>This script is Copyright (C) 2002 John Lampe / Ron Gula / Stan Scalsaz (Tenable Network Security)</copyright>
</plugin>
<plugin id="11463">
<name>Bugzilla Multiple Flaws</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2003-0012, CAN-2003-0013, CAN-2002-1198, CAN-2002-1197, CAN-2002-1196</cve_id>
<bugtraq_id>6501, 6502, 6257, 5844, 5842, 4964</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of bugzilla</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10659">
<name>snmpXdmid overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CVE-2001-0236</cve_id>
<bugtraq_id>2417</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>heap overflow through snmpXdmid</summary>
<copyright>This script is Copyright (C) 2001 Intranode</copyright>
</plugin>
<plugin id="10174">
<name>pfdispaly</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-0270</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/pfdispaly</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11737">
<name>NetGear Router Default Password</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>NetGear Router Default Password</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11002">
<name>DNS Server Detection</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>detects a running name server</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10172">
<name>Passwordless HP LaserJet</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id>CAN-1999-1061</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Notifies that the remote printer has no password</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10234">
<name>sprayd service</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id>CAN-1999-0613</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11338">
<name>Lotus Domino Vulnerabilities</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id>CAN-2003-0123, CAN-2001-1311</cve_id>
<bugtraq_id>7038, 7039</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the version of the remote Domino Server</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10717">
<name>SHOUTcast Server DoS detector vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id>CAN-2001-1304</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>SHOUTcast Server DoS detector vulnerability</summary>
<copyright>This script is Copyright (C) 2001 SecuriTeam</copyright>
</plugin>
<plugin id="11625">
<name>DrWeb Folder Name Overflow</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id>7022</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines the presence of Dr.Web</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11390">
<name>rsync array overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CAN-2002-0048</cve_id>
<bugtraq_id>3958</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines if the remote rsync is buggy</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11333">
<name>webwho plus</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0010</cve_id>
<bugtraq_id>892</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks if webwho.pl is vulnerable</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11705">
<name>LeapFTP Overflow</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines the presence of LeapFTP</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10712">
<name>quickstore traversal</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-1999-0607, CAN-2000-1188</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/quickstore.cgi</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10318">
<name>wu-ftpd buffer overflow</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CVE-1999-0368, CVE-1999-0878, CVE-1999-0879, CVE-1999-0950</cve_id>
<bugtraq_id>2242</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Checks if the remote ftp can be buffer overflown</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11592">
<name>12Planet Chat Server Path Disclosure</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id>7355</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for 12Planet Chat Server path disclosure</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10701">
<name>php safemode</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2001-1246</cve_id>
<bugtraq_id>2954</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for version of PHP</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="11032">
<name>Directory Scanner</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>WARNING: no 'Risk Factor' found !</risk>
<summary>Directory Scanner</summary>
<copyright>This script is Copyright (C) 2002 Digital Defense Inc.</copyright>
</plugin>
<plugin id="11465">
<name>args.bat</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-1999-1180</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for the presence of /cgi-dos/args.bat</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10553">
<name>SMB Registry : permissions of WinVNC's key</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2000-1164</cve_id>
<bugtraq_id>1961</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines the access rights of a remote key</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11297">
<name>CSCdy38035</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Uses SNMP to determine if a flaw is present</summary>
<copyright>This script is (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11591">
<name>12Planet Chat Server ClearText Password</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id>7354</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for the data encapsulation of 12Planet Chat Server</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10356">
<name>Microsoft's Index server reveals ASP source code</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0302</cve_id>
<bugtraq_id>1084</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for a problem in webhits.dll</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10339">
<name>TFTP get file</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id>CAN-1999-0498</cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Attempts to grab a file through tftp</summary>
<copyright>no copyright</copyright>
</plugin>
<plugin id="11039">
<name>mod_ssl off by one</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2002-0653</cve_id>
<bugtraq_id>5084</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for version of mod_ssl</summary>
<copyright>This script is Copyright (C) 2002 Thomas Reinke</copyright>
</plugin>
<plugin id="10724">
<name>Cayman DSL router one char login</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id>3017</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Notifies that the remote cayman router allows one char logins</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10886">
<name>BIND vulnerable to DNS storm</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id>CAN-2002-1221, CAN-2002-1219, CAN-2002-1220</cve_id>
<bugtraq_id>6159, 6160, 6161</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the remote BIND version</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11197">
<name>Etherleak</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id>CAN-2003-0001</cve_id>
<bugtraq_id>6535</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>etherleak check</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11742">
<name>Magic WinMail Format string</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id>CAN-2003-0391</cve_id>
<bugtraq_id>7667</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Magic WinMail banner check</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10520">
<name>PIX's smtp content filtering</name>
<version>$Revision: 1.2 $</version>
<family>Firewalls</family>
<cve_id>CVE-2000-1022</cve_id>
<bugtraq_id>1698</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>attempts to communicate directly with the remote SMTP server</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10839">
<name>PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>3786</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Tests for PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability</summary>
<copyright>This script is Copyright (C) 2002 Matt Moore</copyright>
</plugin>
<plugin id="11633">
<name>lovgate virus is installed</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>WARNING: no 'Risk Factor' found !</risk>
<summary>Checks for the presence of Luvgate</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11369">
<name>irix performance copilot</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id>CVE-2000-0283, CVE-2000-1193</cve_id>
<bugtraq_id>1106, 4642</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the presence of IRIX copilot</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11332">
<name>wu-ftpd glob vulnerability (2)</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CAN-2001-0935</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks the remote FTPd version</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11033">
<name>Misc information on News server</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Misc information on News server</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="11282">
<name>Nuked-Klan function execution</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>6916, 6917, 6697, 6699, 6700</bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Executes phpinfo()</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11320">
<name>The remote BIND has dynamic updates enabled</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Determines if the UPDATE operation is implemented on the remote host</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11322">
<name>MS SQL Installation may leave passwords on system</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2002-0643</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Reads %windir%\setup.iss</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11326">
<name>Cumulative VM update</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2002-0058, CVE-2002-0078</cve_id>
<bugtraq_id>4228, 4392</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines the version of JView.exe</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10519">
<name>Telnet Client NTLM Authentication Vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2000-0834</cve_id>
<bugtraq_id>1683</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determines whether the hotfix Q272743 is installed</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11304">
<name>Unchecked buffer in SQLXML</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2002-0186, CVE-2002-0187</cve_id>
<bugtraq_id>5004, 5005</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for SQLXML</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10280">
<name>Telnet</name>
<version>$Revision: 1.2 $</version>
<family>Useless services</family>
<cve_id>CAN-1999-0619</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for the presence of Telnet</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10470">
<name>WebActive world readable log file</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0642</cve_id>
<bugtraq_id>1497</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Requests /active.log</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10814">
<name>Allaire JRun directory browsing vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>3592</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Allaire JRun directory browsing vulnerability</summary>
<copyright>This script is Copyright (C) 2001 Felix Huber</copyright>
</plugin>
<plugin id="11193">
<name>akfingerd</name>
<version>$Revision: 1.2 $</version>
<family>Finger abuses</family>
<cve_id></cve_id>
<bugtraq_id>6323</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Finger daemon DoS</summary>
<copyright>This script is Copyright (C) 2002 Andrew Hintz</copyright>
</plugin>
<plugin id="10956">
<name>Codebrws.asp Source Disclosure Vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-1999-0739</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Tests for presence of Codebrws.asp</summary>
<copyright>This script is Copyright (C) 2002 Matt Moore / HD Moore</copyright>
</plugin>
<plugin id="11195">
<name>SSH Multiple Vulns</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CAN-2002-1357, CAN-2002-1358, CAN-2002-1359, CAN-2002-1360</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>SSH Multiple Vulnerabilities 16/12/2002</summary>
<copyright>This script is Copyright (C) 2002 Paul Johnston, Westpoint Ltd</copyright>
</plugin>
<plugin id="11457">
<name>SMB Registry : Winlogon caches passwords</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Determines the value of a remote key</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11609">
<name>mod_survey ENV tags SQL injection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7192</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>mod_survey SQL injection</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10581">
<name>Cold Fusion Administration Page Overflow</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0538</cve_id>
<bugtraq_id>1314</bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cfide/administrator/index.cfm</summary>
<copyright>This script is Copyright (C) 2000 Matt Moore</copyright>
</plugin>
<plugin id="10216">
<name>fam service</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id>CVE-1999-0059</cve_id>
<bugtraq_id>353</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10166">
<name>Windows NT ftp 'guest' account</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CAN-1999-0546</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for guest/guest</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10116">
<name>IIS buffer overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CVE-1999-0874</cve_id>
<bugtraq_id>307</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>IIS buffer overflow</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison / Modifications by HD Moore <hdmoore@digitaldefense.net></copyright>
</plugin>
<plugin id="10355">
<name>vqServer web traversal vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id>CVE-2000-0240</cve_id>
<bugtraq_id>1067</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Detect vqServer's web traversal bug</summary>
<copyright>This script is Copyright (C) 2000 SecuriTeam</copyright>
</plugin>
<plugin id="11185">
<name>vxworks ftpd buffer overflow</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id></cve_id>
<bugtraq_id>6297</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks if the vxworks ftpd can be buffer overflowed</summary>
<copyright>This script is Copyright (C) 2002 Michael Scheidell</copyright>
</plugin>
<plugin id="10850">
<name>Oracle 9iAS Globals.jsa access</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-0562</cve_id>
<bugtraq_id>4034</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Tests for Oracle9iAS Globals.jsa access</summary>
<copyright>This script is Copyright (C) 2002 Matt Moore</copyright>
</plugin>
<plugin id="11359">
<name>UploadLite cgi</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7051</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/upload.cgi</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11376">
<name>qpopper Qvsnprintf buffer overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id>CAN-2003-0143</cve_id>
<bugtraq_id>7058</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>qpopper options buffer overflow</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10077">
<name>Microsoft Frontpage exploits</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2000-0114</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the presence of Microsoft Frontpage extensions</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11349">
<name>Sendmail Group Permissions Vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id>CVE-1999-0129</cve_id>
<bugtraq_id>715</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the version number</summary>
<copyright>This script is Copyright (C) 2001 Xue Yong Zhi</copyright>
</plugin>
<plugin id="10669">
<name>A1Stats Traversal</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-0561</cve_id>
<bugtraq_id>2705</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks if A1Stats reads any file</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="11264">
<name>Default password (wh00t!) for root</name>
<version>$Revision: 1.2 $</version>
<family>Default Unix Accounts</family>
<cve_id>CAN-1999-0502</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Logs into the remote host</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10431">
<name>SMB Registry : missing winreg</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determines if the winreg key is present</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10487">
<name>WFTP 2.41 rc11 multiple DoS</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CAN-2000-0647</cve_id>
<bugtraq_id></bugtraq_id>
<category>mixed</category>
<risk>Serious</risk>
<summary>Crashes the remote ftp server</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11608">
<name>Neoteris IVE XSS</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2003-0217</cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>Medium</risk>
<summary>Checks for a XSS is Neoteris IVE</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11505">
<name>Ecartis Username Spoofing</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2003-0162</cve_id>
<bugtraq_id>6971</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for the presence of lsg2.cgi</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11367">
<name>Discard port open</name>
<version>$Revision: 1.2 $</version>
<family>Useless services</family>
<cve_id>CAN-1999-0636</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks if the 'discard' port is open</summary>
<copyright>This script is Copyright (C) 2003 StrongHoldNet</copyright>
</plugin>
<plugin id="10896">
<name>Users information : Can't change password</name>
<version>$Revision: 1.2 $</version>
<family>Windows : User management</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Lists the users that have special privileges</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10232">
<name>showfhd service</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11783">
<name>Multiple IRC daemons format string attack</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id></cve_id>
<bugtraq_id>8038</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>checks the version of the remote ircd</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11726">
<name>CSNews.cgi vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2002-0923</cve_id>
<bugtraq_id>4994</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the csnews.cgi file</summary>
<copyright>This script is Copyright (C) 2003 John Lampe</copyright>
</plugin>
<plugin id="11289">
<name>CSCdu35577</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Uses SNMP to determine if a flaw is present</summary>
<copyright>This script is (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10610">
<name>way-board</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-0214</cve_id>
<bugtraq_id>2370</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/way-board</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="11368">
<name>Cross-Referencing Linux (lxr) file reading</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7062</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/source</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11096">
<name>Avirt gateway insecure telnet proxy</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CAN-2002-0134</cve_id>
<bugtraq_id>3901</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Remote system compromise through insecure telnet proxy</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="10545">
<name>Cisco Catalyst Web Execution</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id>CVE-2000-0945</cve_id>
<bugtraq_id>1846</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Obtains the remote router configuration</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10176">
<name>phf</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-0067</cve_id>
<bugtraq_id>629</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/phf</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11005">
<name>LocalWeb2000 remote read</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id>CVE-2001-0189</cve_id>
<bugtraq_id>2268, 4820, 7947</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for LocalWeb2000</summary>
<copyright>This script is Copyright (C) 2002 Jason Lidow <jason@brandx.net></copyright>
</plugin>
<plugin id="11286">
<name>Flaw in WinXP Help center could enable file deletion</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2002-0974</cve_id>
<bugtraq_id>5478</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for MS Hotfix Q328940</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10027">
<name>bigconf</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-1550</cve_id>
<bugtraq_id>778</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/bigconf.cgi</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11372">
<name>HP-UX ftpd glob() Expansion STAT Buffer Overflow</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CAN-2001-0248</cve_id>
<bugtraq_id>2552</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Checks if the remote HPUX ftp can be buffer overflown</summary>
<copyright>This script is Copyright (C) 2003 Xue Yong Zhi</copyright>
</plugin>
<plugin id="10011">
<name>get32.exe vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-1999-0885</cve_id>
<bugtraq_id>770</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/get32.exe</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11389">
<name>rsync modules</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>None</risk>
<summary>Shows the remotely accessible rsync modules</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10806">
<name>RPC Endpoint Mapper can Cause RPC Service to Fail</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2001-0662</cve_id>
<bugtraq_id>3313</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Determines whether the hotfix Q305399 is installed</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="11458">
<name>SMB Registry : No dial in</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Determines the value of a remote key</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10524">
<name>SMB Windows9x password verification vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2000-0979</cve_id>
<bugtraq_id>1780</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Access a remote share by brute forcing its password</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10273">
<name>Detect SWAT server port</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id>CVE-2000-0935</cve_id>
<bugtraq_id>1872</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Detect SWAT server port</summary>
<copyright>This script is Copyright (C) 2000 SecuriTeam</copyright>
</plugin>
<plugin id="10039">
<name>/cgi-bin directory browsable ?</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Is /cgi-bin browsable ?</summary>
<copyright>This script is Copyright (C) 2000 Hendrik Scholz</copyright>
</plugin>
<plugin id="11527">
<name>XMB Cross Site Scripting</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-0316, CAN-2003-0375</cve_id>
<bugtraq_id>4944, 8013</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determine if XMB forums is vulnerable to xss attack</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10628">
<name>php IMAP overflow</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>6557</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for version of PHP</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="11222">
<name>Writesrv</name>
<version>$Revision: 1.2 $</version>
<family>Useless services</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Detect writesrv</summary>
<copyright>Copyright (C) 2003 Michel Arboi</copyright>
</plugin>
<plugin id="10449">
<name>SMB Registry : value of SFCDisable</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines the value of SFCDisable</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10427">
<name>SMB Registry : permissions of HKLM</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-1999-0589</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines the access rights of a remote key</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10683">
<name>iPlanet Certificate Management Traversal</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id>CVE-2000-1075</cve_id>
<bugtraq_id>1839</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>\..\..\file.txt</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10608">
<name>OpenSSH 2.3.1 authentication bypass vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id></cve_id>
<bugtraq_id>2356</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the remote SSH version</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10638">
<name>auktion.cgi</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-0212</cve_id>
<bugtraq_id>2367</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/auktion.cgi</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10397">
<name>SMB LanMan Pipe Server browse listing</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Gets the list of remote host browse list</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10534">
<name>FreeBSD 4.1.1 Finger</name>
<version>$Revision: 1.2 $</version>
<family>Finger abuses</family>
<cve_id>CVE-2000-0915</cve_id>
<bugtraq_id>1803</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Finger /path/to/file</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11794">
<name>WebCalendar file reading</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>8237</bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Checks for the presence of remotehtmlview.php</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11628">
<name>WebLogic Certificates Spoofing</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks the version of WebLogic</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11060">
<name>OpenSSL overflow (generic test)</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id>CAN-2002-0656, CAN-2002-0655, CAN-2002-0657, CAN-2002-0659, CVE-2001-1141</cve_id>
<bugtraq_id>5363</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Checks for the behavior of OpenSSL</summary>
<copyright>This script is Copyright (C) 2002 Solar Eclipse / Renaud Deraison</copyright>
</plugin>
<plugin id="11795">
<name>AtomicBoard file reading</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>8236</bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Checks for the presence of remotehtmlview.php</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11374">
<name>SunFTP directory traversal</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CAN-2001-0283</cve_id>
<bugtraq_id></bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Checks if the remote SunFTP has directory traversal vulnerability</summary>
<copyright>This script is Copyright (C) 2003 Xue Yong Zhi</copyright>
</plugin>
<plugin id="10070">
<name>Finger backdoor</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id>CAN-1999-0660</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Finger cmd_root@host backdoor</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10214">
<name>database service</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11387">
<name>L2TP detection</name>
<version>$Revision: 1.2 $</version>
<family>Firewalls</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Determine if a remote host is running a L2TP (VPN) service</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10502">
<name>Axis Camera Default Password</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Detects whether an Axis Network Camera has its default pass set</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11406">
<name>Buffer overflow in BSD in.lpd</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CVE-2001-0670, CAN-1999-0061</cve_id>
<bugtraq_id>3252</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines if the remote lpd is bsd-lpd</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10734">
<name>IrDA access violation patch</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2001-0659</cve_id>
<bugtraq_id>3215</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Determines whether the hotfix Q252795 is installed</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10016">
<name>AN-HTTPd tests CGIs</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-0947</cve_id>
<bugtraq_id>762</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the presence of several CGIs</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11733">
<name>Bugbear.B worm</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Critical</risk>
<summary>Detect Bugbear.B worm</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11249">
<name>Unpassworded jack account</name>
<version>$Revision: 1.2 $</version>
<family>Default Unix Accounts</family>
<cve_id>CAN-1999-0502</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Logs into the remote host</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10300">
<name>webgais</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-0176</cve_id>
<bugtraq_id>2058</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/webgais</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10153">
<name>Netscape Server ?PageServices bug</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-0269</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Make a request like http://www.example.com/?PageServices</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10415">
<name>Sambar sendmail /session/sendmail</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Sambar /session/sendmail mailer installed ?</summary>
<copyright>This script is Copyright (C) 2000 Hendrik Scholz</copyright>
</plugin>
<plugin id="10175">
<name>Detect presence of PGPNet server and its version</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Detect presence of PGPNet server and its version</summary>
<copyright>This script is Copyright (C) 1999 SecuriTeam</copyright>
</plugin>
<plugin id="11523">
<name>Samba trans2open buffer overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CAN-2003-0201, CAN-2003-0196</cve_id>
<bugtraq_id>7294</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>overflows the remote samba server</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11605">
<name>IkonBoard arbitrary command execution</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7361</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for Ikonboard.cgi</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10662">
<name>Web mirroring</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>None</risk>
<summary>Performs a quick web mirror</summary>
<copyright>This script is Copyright (C) 2001 - 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11393">
<name>ColdFusion Path Disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2002-0576</cve_id>
<bugtraq_id>4542</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for a ColdFusion vulnerability</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10482">
<name>NetBIOS Name Server Protocol Spoofing patch</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2000-0673</cve_id>
<bugtraq_id>1514</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determines whether the hotfix Q269239 is installed</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10229">
<name>sadmin service</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id>CVE-1999-0977</cve_id>
<bugtraq_id>866</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10409">
<name>SubSeven</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id>CAN-1999-0660</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines the presence of SubSeven</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10787">
<name>tooltalk format string</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id>CAN-2002-0677, CVE-2001-0717, CVE-2002-0679</cve_id>
<bugtraq_id>3382</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="11364">
<name>Sendmail Forward File Privilege Escalation Vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id></cve_id>
<bugtraq_id>7033</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the version number</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11649">
<name>Blackmoon FTP stores passwords in cleartext</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2003-0342</cve_id>
<bugtraq_id>7646</bugtraq_id>
<category>infos</category>
<risk>WARNING: no 'Risk Factor' found !</risk>
<summary>Determines the presence of Blackmoon ftp users database</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11541">
<name>Buffer overrun in NT kernel message handling</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2003-0112</cve_id>
<bugtraq_id>7370</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks hotfix Q811493</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11099">
<name>Pi3Web Webserver v2.0 Buffer Overflow </name>
<version>$Revision: 1.2 $</version>
<family>Denial of Service</family>
<cve_id>CAN-2002-0142</cve_id>
<bugtraq_id>3866</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Tests for a DoS in Pi3Web</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10962">
<name>Cabletron Web View Administrative Access</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Cabletron Web View Administrative Access</summary>
<copyright>This script is Copyright (C) 2002 Digital Defense Incorporated</copyright>
</plugin>
<plugin id="11508">
<name>Xoops XSS</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7356</bugtraq_id>
<category>attack</category>
<risk>Medium</risk>
<summary>Checks for Xoops</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11740">
<name>Infinity CGI Exploit Scanner</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7910, 7911, 7913</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Checks for the presence of nph-exploitscanget.cgi</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11142">
<name>IIS XSS via error</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>5900</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Tests for IIS XSS via IDC errors</summary>
<copyright>This script is Copyright (C) 2002 Geoffroy Raimbault/Lynx Technologies</copyright>
</plugin>
<plugin id="10132">
<name>Kuang2 the Virus</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id>CAN-1999-0660</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for Kuang2 the Virus</summary>
<copyright>This script is Copyright (C) 2000 Scott Adkins</copyright>
</plugin>
<plugin id="11283">
<name>CSCdp58462</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id></cve_id>
<bugtraq_id>6895</bugtraq_id>
<category>infos</category>
<risk>Critical</risk>
<summary>Uses SNMP to determine if a flaw is present</summary>
<copyright>This script is (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10790">
<name>rwhois format string attack</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id>CAN-2001-0838</cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Determines if rwhois is vulnerable to a format string attack</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10165">
<name>nph-test-cgi</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-0045</cve_id>
<bugtraq_id>686</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/nph-test-cgi</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10830">
<name>zml.cgi Directory Traversal</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-1209</cve_id>
<bugtraq_id>3759</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>zml.cgi is vulnerable to an exploit which lets an attacker view any file that the cgi/httpd user has access to.</summary>
<copyright>This script is Copyright (C) 2001 H D Moore & Drew Hintz ( http://guh.nu )</copyright>
</plugin>
<plugin id="11324">
<name>phpping code execution</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Checks for the presence of phpping</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10552">
<name>cgiforum</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-1171</cve_id>
<bugtraq_id>1963</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/cgiforum.pl</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11631">
<name>Drag And Zip Overflow</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Determines the presence of Drag And Zip</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10225">
<name>rje mapper service</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11331">
<name>wu-ftpd PASV format string</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CVE-2001-0187</cve_id>
<bugtraq_id>2296</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the remote ftpd version</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10265">
<name>An SNMP Agent is running</name>
<version>$Revision: 1.2 $</version>
<family>SNMP</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>An SNMP Agent is running</summary>
<copyright>This script is Copyright (C) 1999 SecuriTeam</copyright>
</plugin>
<plugin id="10230">
<name>sched service</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10130">
<name>ipop2d buffer overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id>CVE-1999-0920</cve_id>
<bugtraq_id>283</bugtraq_id>
<category>mixed</category>
<risk>Medium</risk>
<summary>checks for a buffer overflow in pop2d</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11225">
<name>Oracle 9iAS OWA UTIL access</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-0560</cve_id>
<bugtraq_id>4294</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Attempts to access the OWA_UTIL program directly</summary>
<copyright>This script is Copyright (C) 2003 Javier Fernandez-Sanguino</copyright>
</plugin>
<plugin id="10055">
<name>Sendmail 8.8.3 and 8.8.4 mime conversion overflow</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id>CVE-1999-0047</cve_id>
<bugtraq_id>685</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the version number</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10658">
<name>Oracle tnslsnr version query</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id>CVE-2000-0818</cve_id>
<bugtraq_id>1853</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>connects to ports 1541 and/or 1521, issues a TNS VERSION command</summary>
<copyright>James W. Abendschan <jwa@jammed.com> (GPL)</copyright>
</plugin>
<plugin id="10384">
<name>IRIX Objectserver</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CVE-2000-0245</cve_id>
<bugtraq_id>1079</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Checks for the presence of IRIX Object Server</summary>
<copyright>Original code by LSD. Modified by Renaud Deraison</copyright>
</plugin>
<plugin id="10436">
<name>INN version check (2)</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CVE-2000-0472</cve_id>
<bugtraq_id>1316</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks INN version</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11177">
<name>Flaw in Microsoft VM Could Allow Code Execution (810030)</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2002-1257, CAN-2002-1258, CAN-2002-1183, CAN-2002-0862</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for MS Hotfix Q329077, Flaw in Microsoft VM JDBC</summary>
<copyright>This script is Copyright (C) 2002 SECNAP Network Security, LLC</copyright>
</plugin>
<plugin id="10630">
<name>PHP-Nuke security vulnerability (bb_smilies.php)</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-0320</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determine if a remote host is vulnerable to the bb_smilies.php vulnerability</summary>
<copyright>This script is Copyright (C) 2001 SecuriTeam</copyright>
</plugin>
<plugin id="10507">
<name>Sun's Java Web Server remote command execution</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2000-0629</cve_id>
<bugtraq_id>1459</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /servlet/sunexamples.BBoardServlet</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10785">
<name>SMB NativeLanMan</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Extracts the remote native lan manager name</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10527">
<name>Boa file retrieval</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id>CVE-2000-0920</cve_id>
<bugtraq_id>1770</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Boa file retrieval</summary>
<copyright>This script is Copyright (C) 2000 Thomas Reinke</copyright>
</plugin>
<plugin id="11239">
<name>Hidden WWW server name</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>None</risk>
<summary>Tries to discover the web server name</summary>
<copyright>This script is Copyright (C) 2003 Michel Arboi</copyright>
</plugin>
<plugin id="10090">
<name>FTP site exec</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CVE-1999-0080, CVE-1999-0955</cve_id>
<bugtraq_id>2241</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Attempts to write on the remote root dir</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10079">
<name>Anonymous FTP enabled</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CAN-1999-0497</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks if the remote ftp server accepts anonymous logins</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11161">
<name>RDS / MDAC Vulnerability Content-Type overflow</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-1142</cve_id>
<bugtraq_id></bugtraq_id>
<category>mixed</category>
<risk>WARNING: no 'Risk Factor' found !</risk>
<summary>Determines the presence of msadcs.dll</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10721">
<name>ncbook/book.cgi</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-1114</cve_id>
<bugtraq_id>3178</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/ncbook/book.cgi</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="11445">
<name>Basit cms Cross Site Scripting Bugs</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7139</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determine if Basit cms is vulnerable to xss attack</summary>
<copyright>This script is Copyright (C) 2003 k-otik.com</copyright>
</plugin>
<plugin id="10768">
<name>DoSable squid proxy server</name>
<version>$Revision: 1.2 $</version>
<family>Denial of Service</family>
<cve_id>CVE-2001-0843</cve_id>
<bugtraq_id>3354</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determines via ver. if a proxy server is DoSable</summary>
<copyright>This script is Copyright (C) 2001 Adam Baldwin</copyright>
</plugin>
<plugin id="11682">
<name>Philboard database access</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Downloads philboard.mdb</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11439">
<name>Xoops path disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-0216, CAN-2002-0217</cve_id>
<bugtraq_id>3977, 3978, 3981, 5785, 6344, 6393</bugtraq_id>
<category>attack</category>
<risk>Medium</risk>
<summary>Checks for Xoops</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11540">
<name>PPTP overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CAN-2003-0213</cve_id>
<bugtraq_id>7316</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Determine if a remote PPTP server has remote buffer overflow vulnerability</summary>
<copyright>This script is Copyright (C) 2003 Xue Yong Zhi</copyright>
</plugin>
<plugin id="10240">
<name>walld service</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id>CVE-1999-0181</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11379">
<name>CSCdx92043</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id>CAN-2002-1222</cve_id>
<bugtraq_id>6823</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Uses SNMP to determine if a flaw is present</summary>
<copyright>This script is (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10706">
<name>McAfee myCIO Directory Traversal</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id>CVE-2001-1144</cve_id>
<bugtraq_id>3020</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>McAfee myCIO Directory Traversal</summary>
<copyright>This script is Copyright (C) 2001 SecuriTeam</copyright>
</plugin>
<plugin id="10072">
<name>Finger dot at host feature</name>
<version>$Revision: 1.2 $</version>
<family>Finger abuses</family>
<cve_id>CAN-1999-0198</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Finger .@host feature</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10696">
<name>ttawebtop</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2001-0805</cve_id>
<bugtraq_id>2890</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/ttawebtop.cgi</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="11251">
<name>Unpassworded tutor account</name>
<version>$Revision: 1.2 $</version>
<family>Default Unix Accounts</family>
<cve_id>CAN-1999-0502</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Logs into the remote host</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10152">
<name>NetBus 2.x</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id>CAN-1999-0660</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines the presence of NetBus Pro</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11012">
<name>ATA-186 password circumvention / recovery</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id>CAN-2002-0769</cve_id>
<bugtraq_id>4711</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>CISCO check</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10781">
<name>Outlook Web anonymous access</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2001-0660</cve_id>
<bugtraq_id>3301</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Outlook Web anonymous access</summary>
<copyright>This script is Copyright (C) 2001 Javier Fernández-Sanguino Peña</copyright>
</plugin>
<plugin id="10352">
<name>Netscape Server ?wp bug</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0236</cve_id>
<bugtraq_id>1063</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Make a request like http://www.example.com/?wp-cs-dump</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10523">
<name>thttpd ssi file retrieval</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id>CVE-2000-0900</cve_id>
<bugtraq_id>1737</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>thttpd ssi flaw</summary>
<copyright>This script is Copyright (C) 2000 Thomas Reinke</copyright>
</plugin>
<plugin id="10220">
<name>nlockmgr service</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id>CVE-2000-0508</cve_id>
<bugtraq_id>1372</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10702">
<name>Zope DoS</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0483</cve_id>
<bugtraq_id>1354</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for Zope</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10157">
<name>netstat</name>
<version>$Revision: 1.2 $</version>
<family>Useless services</family>
<cve_id>CAN-1999-0650</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for netstat</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10218">
<name>llockmgr service</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11534">
<name>Microsoft ISA Server Winsock Proxy DoS (MS03-012)</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2003-0110</cve_id>
<bugtraq_id>7314</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for ISA Server HotFix SP1-257</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11483">
<name>apcnisd detection</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Detects acpnisd</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10478">
<name>Tomcat's snoop servlet gives too much information</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2000-0760</cve_id>
<bugtraq_id>1532</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for the presence of /examples/jsp/snp/anything.snp</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10051">
<name>A CVS pserver is running</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>A CVS pserver is running</summary>
<copyright>This script is Copyright (C) 1999 SecuriTeam</copyright>
</plugin>
<plugin id="10976">
<name>CSCds04747</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id>CAN-2001-0328</cve_id>
<bugtraq_id>2682</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Uses SNMP to determine if a flaw is present</summary>
<copyright>This script is (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10099">
<name>guestbook.pl</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-1999-1053</cve_id>
<bugtraq_id>776</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/guestbook.pl</summary>
<copyright>This script is Copyright (C) 1999 Mathieu Perrin</copyright>
</plugin>
<plugin id="11257">
<name>Default password (manager) for system</name>
<version>$Revision: 1.2 $</version>
<family>Default Unix Accounts</family>
<cve_id>CAN-1999-0502</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Logs into the remote host</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10396">
<name>SMB shares access</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-1999-0519, CAN-1999-0520</cve_id>
<bugtraq_id>8026</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Gets the list of remote accessible shares</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10846">
<name>SilverStream directory listing</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks if SilverStream directory listings are disabled.</summary>
<copyright>This script is Copyright (C) 2002 Tor Houghton</copyright>
</plugin>
<plugin id="10486">
<name>Relative Shell Path patch</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2000-0663</cve_id>
<bugtraq_id>1507</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determines whether the hotfix Q269239 is installed</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11510">
<name>BIND 4.x resolver overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id></cve_id>
<bugtraq_id>7228</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the remote BIND version</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11360">
<name>Wordit Logbook</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7043</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/logbook.pl</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10877">
<name>GroupWise Web Interface 'HELP' hole</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-1005</cve_id>
<bugtraq_id>879</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>GroupWise Web Interface 'HELP' hole</summary>
<copyright>This script is Copyright (C) 2002 SecurITeam</copyright>
</plugin>
<plugin id="10866">
<name>XML Core Services patch (Q318203)</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2002-0057</cve_id>
<bugtraq_id>3699</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines whether the XML Core Services patch Q318203 is installed</summary>
<copyright>This script is Copyright (C) 2002 Michael Scheidell</copyright>
</plugin>
<plugin id="11319">
<name>GTcatalog code injection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>6998</bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Checks for the presence of index.php</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11266">
<name>Unpassworded jill account</name>
<version>$Revision: 1.2 $</version>
<family>Default Unix Accounts</family>
<cve_id>CAN-1999-0502</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Logs into the remote host</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10511">
<name>/perl directory browsable ?</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0883</cve_id>
<bugtraq_id>1678</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Is /perl browsable ?</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11489">
<name>myguestbk admin access</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7213</bugtraq_id>
<category>attack</category>
<risk>Low</risk>
<summary>Checks for the presence of admin/index.asp</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11284">
<name>typo3 arbitrary file reading</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>6993, 6988, 6986, 6985, 6984, 6983, 6982</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Reads /etc/passwd</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10718">
<name>DCShop exposes sensitive files</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id>CAN-2001-0821</cve_id>
<bugtraq_id>2889</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>DCShop exposes sensitive files</summary>
<copyright>This script is Copyright (C) 2001 SecuriTeam</copyright>
</plugin>
<plugin id="10360">
<name>newdsn.exe check</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-0191</cve_id>
<bugtraq_id>1818</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the presence of /scripts/tools/newdsn.exe</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11224">
<name>Oracle 9iAS SOAP configuration file retrieval</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-0568</cve_id>
<bugtraq_id>4290</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Tries to retrieve Oracle9iAS SOAP configuration file</summary>
<copyright>This script is Copyright (C) 2003 Javier Fernandez-Sanguino</copyright>
</plugin>
<plugin id="11519">
<name>mod_jk chunked encoding DoS</name>
<version>$Revision: 1.2 $</version>
<family>Denial of Service</family>
<cve_id></cve_id>
<bugtraq_id>6320</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for version of mod_jk</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10563">
<name>Incomplete TCP/IP packet vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2000-1039</cve_id>
<bugtraq_id>2022</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Determines whether the hotfix Q274372 is installed</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10525">
<name>LPC and LPC Ports Vulnerabilities patch</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id>1743</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines whether the hotfix Q266433 is installed</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11685">
<name>mod_gzip running</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>mod_gzip detection</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10664">
<name>perlcal</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2001-0463</cve_id>
<bugtraq_id>2663</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/cal_make.pl</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10770">
<name>sglMerchant Information Disclosure Vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-1019</cve_id>
<bugtraq_id>3309</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>sglMerchant Information Disclosure Vulnerability</summary>
<copyright>This script is Copyright (C) 2001 SecuriTeam</copyright>
</plugin>
<plugin id="11383">
<name>CSCdz60229, CSCdy87221, CSCdu75477</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id>CAN-2002-1357, CAN-2002-1358, CAN-2002-1359, CAN-2002-1360</cve_id>
<bugtraq_id>6397</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Uses SNMP to determine if a flaw is present</summary>
<copyright>This script is (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10891">
<name>X Display Manager Control Protocol (XDMCP)</name>
<version>$Revision: 1.2 $</version>
<family>Useless services</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks if XDM has XDMCP protocol enabled</summary>
<copyright>This script is Copyright (C) 2002 Pasi Eronen</copyright>
</plugin>
<plugin id="10644">
<name>anacondaclip CGI vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2001-0593</cve_id>
<bugtraq_id>2512</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of anacondaclip.pl</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10498">
<name>Test HTTP dangerous methods</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>mixed</category>
<risk>Medium</risk>
<summary>Verifies the access rights to the web server (PUT, DELETE)</summary>
<copyright>This script is Copyright (C) 2000 Michel Arboi</copyright>
</plugin>
<plugin id="11504">
<name>MultiTech Proxy Server Default Password</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id></cve_id>
<bugtraq_id>7203</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Attempts to log into the remote web server</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10795">
<name>Lotus Notes ?OpenServer Information Disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Lotus Notes ?OpenServer Information Disclosure</summary>
<copyright>This script is Copyright (C) 2001 SecuriTeam</copyright>
</plugin>
<plugin id="11260">
<name>Default password (wank) for wank</name>
<version>$Revision: 1.2 $</version>
<family>Default Unix Accounts</family>
<cve_id>CAN-1999-0502</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Logs into the remote host</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11470">
<name>WebChat XSS</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7190</bugtraq_id>
<category>attack</category>
<risk>Medium</risk>
<summary>XSS in WebChat</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11146">
<name>Microsoft RDP flaws could allow sniffing and DOS(Q324380)</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2002-0863</cve_id>
<bugtraq_id>5410</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for MS Hotfix Q324380, Flaws in Microsoft RDP</summary>
<copyright>This script is Copyright (C) 2002 SECNAP Network Security, LLC</copyright>
</plugin>
<plugin id="10819">
<name>PIX Firewall Manager Directory Traversal</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-0158</cve_id>
<bugtraq_id>691</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>\..\..\file.txt</summary>
<copyright>This script is Copyright (C) 2001 Digital Defense Inc.</copyright>
</plugin>
<plugin id="11311">
<name>shtml.exe overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id>CAN-2002-0692</cve_id>
<bugtraq_id>5804</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the presence of shtml.exe</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10121">
<name>/scripts directory browsable</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Is /scripts/ listable ?</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11397">
<name>vpopmail.php command execution</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7063</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determines the version of vpopmail.php</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10907">
<name>Guest belongs to a group</name>
<version>$Revision: 1.2 $</version>
<family>Windows : User management</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks the groups of guest</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11228">
<name>Unreal Engine flaws</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id></cve_id>
<bugtraq_id>6770, 6771, 6772, 6773, 6774, 6775</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Crashes the remote Unreal Engine Game Server</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11298">
<name>axis2400 webcams</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>6987, 6980</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>reads the remote /var/log/messages</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10368">
<name>Dansie Shopping Cart backdoor</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id>CVE-2000-0252</cve_id>
<bugtraq_id>1115</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines the presence of Dansie Shopping Cart</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10650">
<name>VirusWall's catinfo overflow</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-0432</cve_id>
<bugtraq_id>2579</bugtraq_id>
<category>mixed</category>
<risk>Serious</risk>
<summary>Overflow in catinfo</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="11071">
<name>ASP source using %20 trick</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-1248</cve_id>
<bugtraq_id>2975</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>downloads the source of ASP scripts</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="11757">
<name>NGC ActiveFTP Denial of Service</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id></cve_id>
<bugtraq_id>7900</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>NGC ActiveFTP check</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10918">
<name>Apache-SSL overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id>CVE-2002-0082</cve_id>
<bugtraq_id>4189</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for version of Apache-SSL</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10504">
<name>Still Image Service Privilege Escalation patch</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2000-0851</cve_id>
<bugtraq_id>1651</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determines whether the hotfix Q272736 is installed</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11118">
<name>alya.cgi</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Detects /cgi-bin/alya.cgi</summary>
<copyright>This script is Copyright (C) 2002 Jason Lidow</copyright>
</plugin>
<plugin id="10438">
<name>Netwin's DMail ETRN overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CVE-2000-0490</cve_id>
<bugtraq_id>1297</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Checks if the remote mail server is vulnerable to a ETRN overflow</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10616">
<name>webspirs.cgi</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-0211</cve_id>
<bugtraq_id>2362</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/webspirs.cgi</summary>
<copyright>This script is Copyright (C) 2001 Laurent Kitzinger</copyright>
</plugin>
<plugin id="11408">
<name>Apache < 2.0.43</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id>CAN-2002-1156, CAN-2003-0083</cve_id>
<bugtraq_id>6065</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for version of Apache</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11723">
<name>PDGSoft Shopping cart vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2000-0401</cve_id>
<bugtraq_id>1256</bugtraq_id>
<category>mixed</category>
<risk>Serious</risk>
<summary>Checks for PDGSoft Shopping cart executables</summary>
<copyright>This script is Copyright (C) 2003 John Lampe</copyright>
</plugin>
<plugin id="10906">
<name>Users in the 'Replicator' group</name>
<version>$Revision: 1.2 $</version>
<family>Windows : User management</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Lists the users that are in special groups</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11799">
<name>PHP Ashnews code injection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>8241</bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Checks for the presence of ashnews.php</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10268">
<name>SSH Insertion Attack</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id>CVE-1999-1085</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the remote SSH version</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10107">
<name>HTTP Server type and version</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>HTTP Server type and version</summary>
<copyright>This script is Copyright (C) 2000 Securiteam / modified by H. Scholz</copyright>
</plugin>
<plugin id="11018">
<name>MS Site Server Information Leak</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>3998</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determine if the remote host is vulnerable to a disclosure vuln.</summary>
<copyright>(c) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11167">
<name>Webserver4everyone too long URL</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Webserver4everyone too long URL with Host field set</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="10239">
<name>tooltalk service</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id>CVE-1999-0003, CVE-1999-0693</cve_id>
<bugtraq_id>122</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10245">
<name>rsh</name>
<version>$Revision: 1.2 $</version>
<family>Useless services</family>
<cve_id>CAN-1999-0651</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for the presence of rsh</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10691">
<name>Netscape Enterprise INDEX request problem</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id>CAN-2001-0250</cve_id>
<bugtraq_id>2285</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>INDEX / HTTP/1.1</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10954">
<name>OpenSSH AFS/Kerberos ticket/token passing</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CVE-2002-0575</cve_id>
<bugtraq_id>4560</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the remote SSH version</summary>
<copyright>This script is Copyright (C) 2002 Thomas Reinke</copyright>
</plugin>
<plugin id="11683">
<name>Cumulative Patch for Internet Information Services (Q11114)</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2003-0224</cve_id>
<bugtraq_id>7731, 7735, 7733</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines if HF Q811114 has been installed</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10776">
<name>Power Up Information Disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-1138</cve_id>
<bugtraq_id>3304</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Power Up Information Disclosure</summary>
<copyright>This script is Copyright (C) 2001 SecuriTeam</copyright>
</plugin>
<plugin id="10784">
<name>ht://Dig's htsearch potential exposure/dos</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2001-0834</cve_id>
<bugtraq_id>3410</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>htsearch?-c/nonexistent</summary>
<copyright>Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10961">
<name>AirConnect Default Password</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>3Com AirConnect AP Default Password</summary>
<copyright>This script is Copyright (C) 2002 Digital Defense Inc.</copyright>
</plugin>
<plugin id="10113">
<name>icmp netmask request</name>
<version>$Revision: 1.2 $</version>
<family>Firewalls</family>
<cve_id>CAN-1999-0524</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Sends an ICMP_MASKREQ</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10996">
<name>JRun Sample Files</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id>CVE-2000-0539</cve_id>
<bugtraq_id>1386</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for the presence of JRun sample files</summary>
<copyright>This script is Copyright (C) 2001 Digital Defense Inc.</copyright>
</plugin>
<plugin id="10988">
<name>Netware NDS Object Enumeration</name>
<version>$Revision: 1.2 $</version>
<family>Netware</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Netware NDS Object Enumeration</summary>
<copyright>This script is Copyright (C) 2002 Digital Defense, Inc</copyright>
</plugin>
<plugin id="10513">
<name>php file upload</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0860</cve_id>
<bugtraq_id>1649</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for version of PHP</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10048">
<name>Communigate Pro overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CVE-1999-0865</cve_id>
<bugtraq_id>860</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Crashes the remote service</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10095">
<name>glimpse</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-0147</cve_id>
<bugtraq_id>2026</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/phf</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10288">
<name>Trin00 Detect</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id>CAN-2000-0138</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Critical</risk>
<summary>Detects the presence of trin00</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10471">
<name>Guild FTPd tells if a given file exists</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CVE-2000-0640</cve_id>
<bugtraq_id>1452</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Guild FTP check</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10893">
<name>Obtains the lists of users aliases</name>
<version>$Revision: 1.2 $</version>
<family>Windows : User management</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>None</risk>
<summary>Implements NetUserGetGroups()</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10385">
<name>ht://Dig's htsearch reveals web server path</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2000-1191</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Retrieve the real path using htsearch</summary>
<copyright>This script is Copyright (C) 2000 SecuriTeam</copyright>
</plugin>
<plugin id="10371">
<name>/iisadmpwd/aexp2.htr</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-0407</cve_id>
<bugtraq_id>2110</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Determines whether /iisadmpwd/aexp2.htr is present</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10193">
<name>Usable remote proxy on any port</name>
<version>$Revision: 1.2 $</version>
<family>Firewalls</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines if we can use the remote web proxy against any port</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10499">
<name>Local Security Policy Corruption</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2000-0771</cve_id>
<bugtraq_id>1613</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determines whether the hotfix Q269609 is installed</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11405">
<name>dmisd service</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id>CVE-2002-0391</cve_id>
<bugtraq_id>5356</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10304">
<name>WebSpeed remote configuration</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0127</cve_id>
<bugtraq_id>969</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks if webspeed can be administered</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10622">
<name>PPTP detection and versioning</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Determine if a remote host is running a PPTP (VPN) service</summary>
<copyright>This script is Copyright (C) 2001 SecuriTeam</copyright>
</plugin>
<plugin id="11427">
<name>LimeWire is installed</name>
<version>$Revision: 1.2 $</version>
<family>Peer-To-Peer File Sharing</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Determines if LimeWire is installed</summary>
<copyright>This script is Copyright (C) 2003 Xue Yong Zhi</copyright>
</plugin>
<plugin id="11128">
<name>redhat Interchange</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id>5453</bugtraq_id>
<category>infos</category>
<risk>None</risk>
<summary>Redhat Interchange e-commerce application detection</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="11072">
<name>Basilix webmail dummy request vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-1045</cve_id>
<bugtraq_id>2995</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for the presence of basilix.php3</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="11433">
<name>Microsoft ISA Server DNS - Denial Of Service (MS03-009)</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2003-0011</cve_id>
<bugtraq_id>7145</bugtraq_id>
<category>infos</category>
<risk>Moderate</risk>
<summary>Checks for ISA Server DNS HotFix SP1-256</summary>
<copyright>This script is Copyright (C) 2003 A.D.Consulting</copyright>
</plugin>
<plugin id="11553">
<name>Bugzilla XSS and insecure temporary filenames</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7412</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for the presence of bugzilla</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10369">
<name>Microsoft Frontpage dvwssr.dll backdoor</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0260</cve_id>
<bugtraq_id>1109</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the presence of /_vti_bin/_vti_aut/dvwssr.dll</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10001">
<name>ColdFusion Vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-1999-0455, CAN-1999-0477</cve_id>
<bugtraq_id>115</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for a ColdFusion vulnerability</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11444">
<name>PHP Mail Function Header Spoofing Vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-0985</cve_id>
<bugtraq_id>5562</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for version of PHP</summary>
<copyright></copyright>
</plugin>
<plugin id="11573">
<name>SmallFTP traversal</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Attempts to break out of the FTP root</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10665">
<name>tektronix's _ncl_items.shtml</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-0484</cve_id>
<bugtraq_id>2659</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for the presence of _ncl_*.shtml</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10783">
<name>PCCS-Mysql User/Password Exposure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0707</cve_id>
<bugtraq_id>1557</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for dbconnect.inc</summary>
<copyright>This script is Copyright (C) 2001 Alert4Web.com</copyright>
</plugin>
<plugin id="11212">
<name>Unchecked buffer in Locate Service</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2003-0003</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for MS Hotfix 810833</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10957">
<name>JServ Cross Site Scripting</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>Medium</risk>
<summary>Tests for JServ Cross Site Scripting</summary>
<copyright>This script is Copyright (C) 2002 Matt Moore</copyright>
</plugin>
<plugin id="11250">
<name>Unpassworded backdoor account</name>
<version>$Revision: 1.2 $</version>
<family>Default Unix Accounts</family>
<cve_id>CAN-1999-0502</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Logs into the remote host</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10660">
<name>Oracle tnslsnr security</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Determines if the Oracle tnslsnr has been assigned a password.</summary>
<copyright>James W. Abendschan <jwa@jammed.com> (GPL)</copyright>
</plugin>
<plugin id="10764">
<name>Shopping Cart Arbitrary Command Execution (Hassan)</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id>CAN-2001-0985</cve_id>
<bugtraq_id>3308</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Shopping Cart Arbitrary Command Excution (Hassan)</summary>
<copyright>This script is Copyright (C) 2001 SecuriTeam</copyright>
</plugin>
<plugin id="10367">
<name>TalentSoft Web+ Input Validation Bug Vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0282</cve_id>
<bugtraq_id>1102</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks if webplus reads any file</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11598">
<name>MailMax IMAP overflows</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id></cve_id>
<bugtraq_id>7326</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Overflows the remote IMAP server</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10874">
<name>Rich Media E-Commerce Stores Sensitive Information Insecurely</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>4172</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Rich Media E-Commerce Stores Sensitive Information Insecurely</summary>
<copyright>This script is Copyright (C) 2002 SecurITeam</copyright>
</plugin>
<plugin id="10327">
<name>Zeus shows the content of the cgi scripts</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0149</cve_id>
<bugtraq_id>977</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for Zeus</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11365">
<name>Auction Deluxe XSS</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-0257</cve_id>
<bugtraq_id>4069</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for auction.pl</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10274">
<name>SyGate Backdoor</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id>CVE-2000-0113</cve_id>
<bugtraq_id>952</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Detects whether SyGate remote controller is running</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11409">
<name>ePolicy orchestrator format string</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CAN-2002-0690</cve_id>
<bugtraq_id>7111</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>ePolicy Orchestrator vulnerable to format string</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10087">
<name>FTP real path</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CVE-1999-0201</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Get the real path of the remote ftp home</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10389">
<name>Cart32 ChangeAdminPassword</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id>CAN-2000-0429</cve_id>
<bugtraq_id>1153</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines the presence of Cart32</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10618">
<name>Pi3Web tstisap.dll overflow</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-0302</cve_id>
<bugtraq_id>2381</bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Checks for the presence of /isapi/tstisapi.dll</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10467">
<name>ftp.pl shows the listing of any dir</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0674</cve_id>
<bugtraq_id>1471</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for the presence of /cgi-bin/ftp/ftp.pl</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11377">
<name>smb2www installed</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>smb2www Command Execution</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11650">
<name>MAILsweeper PowerPoint DoS</name>
<version>$Revision: 1.2 $</version>
<family>Denial of Service</family>
<cve_id></cve_id>
<bugtraq_id>7562</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks the remote banner</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11218">
<name>Tomcat /status information disclosure</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>Low</risk>
<summary>Makes a request like http://www.example.com/server-status</summary>
<copyright>This script is Copyright (C) 2003 StrongHoldNet</copyright>
</plugin>
<plugin id="11590">
<name>MPC SoftWeb Guestbook database disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7390, 7389</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for mpcsoftware_guestdata.mdb</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11196">
<name>Cyrus IMAP pre-login buffer overrun</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for a pre-login buffer overrun in Cyrus IMAPd</summary>
<copyright>This script is Copyright (C) 2002 Paul Johnston, Westpoint Ltd</copyright>
</plugin>
<plugin id="10460">
<name>bb-hostsvc.sh</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0638</cve_id>
<bugtraq_id>1455</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Read arbitrary files using the CGI bb-hostsvc.sh</summary>
<copyright>Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11692">
<name>WebStores 2000 browse_item_details.asp SQL injection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7766</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>WebStores 2000 SQL injection</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11083">
<name>ibillpm.pl</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>3476</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for the presence of /cgi-bin/ibillpm.pl</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="11583">
<name>Microsoft Shlwapi.dll Malformed HTML form tag DoS</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id>7402</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for the version of shlwapi.dll</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10555">
<name>Domain account lockout vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id>1973</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determines whether the hotfix Q274372 is installed</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10382">
<name>Atrium Mercur Mailserver</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id>CVE-2000-0318</cve_id>
<bugtraq_id>1144</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>mercure imap version check</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11678">
<name>Super-M Son hServer Directory Traversal</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7717</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Super-M Son hServer is vulnerable to an exploit which lets an attacker view any file that the web server has access to.</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11328">
<name>Kietu code injection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Checks for the presence of hit.php</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11366">
<name>Trusting domains bad verification</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2002-0018</cve_id>
<bugtraq_id>3997</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determines the presence of the relevant security fixes</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11358">
<name>The remote portmapper forwards NFS requests</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id>CVE-1999-0168</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the portmapper proxying NFS</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11638">
<name>biztalk server flaws</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2003-0117, CAN-2003-0118</cve_id>
<bugtraq_id>7469, 7470</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines if BizTalk is installed</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10433">
<name>NT IP fragment reassembly patch not applied (jolt2)</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2000-0305</cve_id>
<bugtraq_id>1236</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Determines whether the hotfix Q259728 is installed</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11462">
<name>Bugzilla Detection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>None</risk>
<summary>Checks for the presence of bugzilla</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11116">
<name>phpMyAdmin arbitrary files reading</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-0478</cve_id>
<bugtraq_id>2642</bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Checks for the presence of sql.php</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10970">
<name>GSR ACL pub</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id>CVE-2000-0700</cve_id>
<bugtraq_id>1541</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Uses SNMP to determine if a flaw is present</summary>
<copyright>This script is (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10264">
<name>Default community names of the SNMP Agent</name>
<version>$Revision: 1.2 $</version>
<family>SNMP</family>
<cve_id>CAN-1999-0517, CAN-1999-0186, CAN-1999-0254</cve_id>
<bugtraq_id>177, 7081, 7212, 7317</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Default community names of the SNMP Agent</summary>
<copyright>This script is Copyright (C) 1999 SecuriTeam</copyright>
</plugin>
<plugin id="10412">
<name>SMB Registry : Autologon</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines if the autologon feature is installed</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10539">
<name>Useable remote name server</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id>CVE-1999-0024</cve_id>
<bugtraq_id>678</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Determines if the remote name server allows recursive queries</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10428">
<name>SMB fully accessible registry</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>None</risk>
<summary>Determines whether the remote registry is fully accessible</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10757">
<name>Check for Webmin</name>
<version>$Revision: 1.2 $</version>
<family>Useless services</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Check for Webmin</summary>
<copyright>This script is Copyright (C) 2001 Alert4Web.com</copyright>
</plugin>
<plugin id="10064">
<name>Excite for WebServers</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-0279</cve_id>
<bugtraq_id>2248</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/ews</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10252">
<name>Shells in /cgi-bin</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-1999-0509</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of various shells in /cgi-bin</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11698">
<name>SQL injection in XPression Software</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7804</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>SQL Injection</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10191">
<name>ProFTPd pre6 buffer overflow</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CAN-1999-0911</cve_id>
<bugtraq_id>612</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Checks if the remote ftp can be buffer overflown</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10884">
<name>NTP read variables</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>NTP allows query of variables</summary>
<copyright>This script is Copyright (C) 2002 David Lodge</copyright>
</plugin>
<plugin id="10014">
<name>tst.bat CGI vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-1999-0885</cve_id>
<bugtraq_id>770</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/tst.bat</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11176">
<name>Tomcat 4.x JSP Source Exposure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Tomcat 4.x JSP Source Exposure</summary>
<copyright>This script is Copyright (C) 2002 Felix Huber</copyright>
</plugin>
<plugin id="10533">
<name>Web Shopper remote file retrieval</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id>CVE-2000-0922</cve_id>
<bugtraq_id>1776</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Web Shopper remote file retrieval</summary>
<copyright>This script is Copyright (C) 2000 Thomas Reinke</copyright>
</plugin>
<plugin id="10159">
<name>News Server type and version</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>News Server type and version</summary>
<copyright>This script is Copyright (C) 1999 SecuriTeam</copyright>
</plugin>
<plugin id="11098">
<name>WS_FTP SITE CPWD Buffer Overflow</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CAN-2002-0826</cve_id>
<bugtraq_id>5427</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks FTP server banner for vulnerable version of WS_FTP Server</summary>
<copyright>This script is Copyright (C) 2002 Digital Defense, Inc.</copyright>
</plugin>
<plugin id="10823">
<name>OpenSSH UseLogin Environment Variables</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CVE-2001-0872</cve_id>
<bugtraq_id>3614</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the remote SSH version</summary>
<copyright>This script is copyright © 2001 by EMAZE Networks S.p.A.</copyright>
</plugin>
<plugin id="10997">
<name>JRun directory traversal</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>3666</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Attempts directory traversal attack</summary>
<copyright>This script is Copyright (C) 2002 Digital Defense Inc.</copyright>
</plugin>
<plugin id="10454">
<name>sawmill password</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id>CAN-2000-0589</cve_id>
<bugtraq_id>1403</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Obtains sawmill's password</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11498">
<name>Alexandria-dev upload spoofing</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7223, 7224, 7225</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Checks for the presence of patch/index.php and docman/new.php</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10666">
<name>AppleShare IP Server status query</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>connects to port 548/tcp, issues DSIGetStatus</summary>
<copyright>James W. Abendschan <jwa@jammed.com> (GPL)</copyright>
</plugin>
<plugin id="11354">
<name>Buffer overflow in FreeBSD 2.x lpd</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CVE-1999-0299</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines if lpd is running</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10550">
<name>Obtain processes list via SNMP</name>
<version>$Revision: 1.2 $</version>
<family>SNMP</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Enumerates processes via SNMP</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11778">
<name>Web Server hosting copyrighted material</name>
<version>$Revision: 1.2 $</version>
<family>Peer-To-Peer File Sharing</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>WARNING: no 'Risk Factor' found !</risk>
<summary>Looks for *.(mp3,avi,asf,mpg,wav,ogg)</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11669">
<name>p-news Admin Access</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for the presence of p-news.php</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10298">
<name>Webcart misconfiguration</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-1999-0610</cve_id>
<bugtraq_id>2281</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the webcart misconfiguration</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10676">
<name>CheckPoint Firewall-1 Web Authentication Detection</name>
<version>$Revision: 1.2 $</version>
<family>Firewalls</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>The remote CheckPoint Firewall-1 can be authenticated with via a web interface</summary>
<copyright>This script is Copyright (C) 2001 SecuriTeam</copyright>
</plugin>
<plugin id="11588">
<name>YaBB SE command execution</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2000-1176</cve_id>
<bugtraq_id>7399, 6674, 6663, 6591, 1921</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determine if YaBB SE can be used to execute arbitrary commands</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11507">
<name>Apache < 2.0.45</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id>CAN-2003-0132</cve_id>
<bugtraq_id>7254, 7255</bugtraq_id>
<category>mixed</category>
<risk>Medium</risk>
<summary>Checks for version of Apache</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10732">
<name>IIS 5.0 WebDav Memory Leakage</name>
<version>$Revision: 1.2 $</version>
<family>Denial of Service</family>
<cve_id></cve_id>
<bugtraq_id>2736</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Check the presence of a Memory Leakage in the IIS 5 httpext.dll (WebDav).</summary>
<copyright>INTRANODE - 2001</copyright>
</plugin>
<plugin id="10063">
<name>Eserv traversal</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id>CAN-1999-1509</cve_id>
<bugtraq_id>773</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>\..\..\file.txt</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11428">
<name>Trillian is installed</name>
<version>$Revision: 1.2 $</version>
<family>Peer-To-Peer File Sharing</family>
<cve_id></cve_id>
<bugtraq_id>5677, 5733, 5755, 5765, 5769, 5775, 5776, 5777, 5783</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Determines if Trillian is installed</summary>
<copyright>This script is Copyright (C) 2003 Xue Yong Zhi</copyright>
</plugin>
<plugin id="10115">
<name>idq.dll directory traversal</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2000-0126</cve_id>
<bugtraq_id>968</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Attempts to read an arbitrary file</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11202">
<name>Enhydra Multiserver Default Password</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Enhydra Multiserver Default Admin Password</summary>
<copyright>This script is Copyright (C) 2003 Digital Defense Inc.</copyright>
</plugin>
<plugin id="11179">
<name>vBulletin's Calender Command Execution Vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2001-0475</cve_id>
<bugtraq_id>2474</bugtraq_id>
<category>attack</category>
<risk>WARNING: no 'Risk Factor' found !</risk>
<summary>vBulletin's Calender Command Execution Vulnerability</summary>
<copyright>This script is Copyright (C) 2002 SecurITeam</copyright>
</plugin>
<plugin id="10222">
<name>nsemntd service</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11246">
<name>Unpassworded lp account</name>
<version>$Revision: 1.2 $</version>
<family>Default Unix Accounts</family>
<cve_id>CAN-1999-0502</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Logs into the remote host</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10922">
<name>CVS/Entries</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>requests CVS/Entries</summary>
<copyright>This script is Copyright (C) 2002 Nate Haggard (SecurityMetrics inc.)</copyright>
</plugin>
<plugin id="11154">
<name>Unknown services banners</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>unknown</category>
<risk>None</risk>
<summary>Displays the unknown services banners</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="10604">
<name>Allaire JRun Directory Listing</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-1050</cve_id>
<bugtraq_id>1830</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Make a request like http://www.example.com/./WEB-INF</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="11296">
<name>CSCdx54675</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Uses SNMP to determine if a flaw is present</summary>
<copyright>This script is (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10098">
<name>guestbook.cgi</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-0237</cve_id>
<bugtraq_id>776</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/guestbook.cgi</summary>
<copyright>This script is Copyright (C) 1999 Mathieu Perrin</copyright>
</plugin>
<plugin id="10788">
<name>Solaris finger disclosure</name>
<version>$Revision: 1.2 $</version>
<family>Finger abuses</family>
<cve_id></cve_id>
<bugtraq_id>3457</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Enumerates users with finger</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10106">
<name>Htmlscript</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-0264</cve_id>
<bugtraq_id>2001</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/htmlscript</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10752">
<name>Apache Auth Module SQL Insertion Attack</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id>CAN-2001-1379</cve_id>
<bugtraq_id>3253</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for vulnerable Apache Auth modules</summary>
<copyright>This script is Copyright (c) 2001 Matt Moore</copyright>
</plugin>
<plugin id="10994">
<name>IPSwitch IMail SMTP Buffer Overflow</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id>2651</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>IPSwitch IMail SMTP Buffer Overflow</summary>
<copyright>This script is Copyright (C) 2002 Digital Defense, Inc.</copyright>
</plugin>
<plugin id="10678">
<name>Apache /server-info accessible</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Make a request like http://www.example.com/server-info</summary>
<copyright>This script is Copyright (C) 2001 StrongHoldNet</copyright>
</plugin>
<plugin id="10629">
<name>Lotus Domino administration databases</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2000-0021, CAN-2002-0664</cve_id>
<bugtraq_id>881</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks if Lotus Domino administration databases can be anonymously accessed</summary>
<copyright>This script is Copyright (C) 2001 Javier Fernández-Sanguino Peña</copyright>
</plugin>
<plugin id="11616">
<name>DBTools DBManager Information Disclosure</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id>7040</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Determines the presence of DBManager.exe</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10399">
<name>SMB use domain SID to enumerate users</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2000-1200</cve_id>
<bugtraq_id>959</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Enumerates users</summary>
<copyright>This script is Copyright (C) 2000, 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10091">
<name>FTPGate traversal</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>\..\..\file.txt</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11593">
<name>SLMail SMTP overflows</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Overflows the remote SMTP server</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11744">
<name>Post-Nuke SQL injection</name>
<version></version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7697</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Determines if post-nuke is vulnerable to XSS</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10189">
<name>proftpd mkdir buffer overflow</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CAN-1999-0911</cve_id>
<bugtraq_id>612</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Checks if the remote ftp can be buffer overflown</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10253">
<name>Cobalt siteUserMod cgi</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0117</cve_id>
<bugtraq_id>951</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the presence of /.cobalt/siteUserMod/siteUserMod.cgi</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10652">
<name>cfingerd format string attack</name>
<version>$Revision: 1.2 $</version>
<family>Finger abuses</family>
<cve_id>CAN-1999-0243, CVE-1999-0708, CAN-2001-0609</cve_id>
<bugtraq_id>2576</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>cfinger version</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10408">
<name>Insecure Napster clone</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id>CAN-2000-0412</cve_id>
<bugtraq_id>1186</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Detect the presence of a Napster client clone</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11486">
<name>WebLogic management servlet</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7122, 7124, 7130, 7131</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks the version of WebLogic</summary>
<copyright>This script is Copyright (C) 2003 Michel Arboi</copyright>
</plugin>
<plugin id="10126">
<name>in.fingerd pipe</name>
<version>$Revision: 1.2 $</version>
<family>Finger abuses</family>
<cve_id>CVE-1999-0152</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines whether in.fingerd is exploitable</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11082">
<name>Boozt index.cgi overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id></cve_id>
<bugtraq_id>6281</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Buffer overflow in Boozt AdBanner index.cgi</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="11148">
<name>Unchecked Buffer in Decompression Functions(Q329048)</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2002-0370, CAN-2002-1139</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for MS Hotfix Q329048, Unchecked Buffer in Decompression functions</summary>
<copyright>This script is Copyright (C) 2002 SECNAP Network Security, LLC</copyright>
</plugin>
<plugin id="10018">
<name>Knox Arkeia buffer overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CAN-1999-1534</cve_id>
<bugtraq_id>661</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>arkeia buffer overflow</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10903">
<name>Users in the 'System Operator' group</name>
<version>$Revision: 1.2 $</version>
<family>Windows : User management</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Lists the users that are in special groups</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10383">
<name>bizdb1-search.cgi located</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0287</cve_id>
<bugtraq_id>1104</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Determines the presence of cgi-bin/bizdb1-search.cgi</summary>
<copyright>This script is Copyright (C) 2000 Roelof Temmingh <roelof@sensepost.com></copyright>
</plugin>
<plugin id="10237">
<name>sunlink mapper service</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11419">
<name>Office files list</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>WARNING: no 'Risk Factor' found !</risk>
<summary>Displays office files</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10831">
<name>PHP Rocket Add-in File Traversal</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-1204</cve_id>
<bugtraq_id>3751</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Looks for a directory traversal vulnerability in the PHP Rocket Add-in for FrontPage.</summary>
<copyright>This script is Copyright (C) 2001 H D Moore & Drew Hintz ( http://guh.nu )</copyright>
</plugin>
<plugin id="10816">
<name>Webalizer Cross Site Scripting Vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CAN-2001-0835</cve_id>
<bugtraq_id>3473</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the Webalizer version</summary>
<copyright>This script is Copyright (C) 2001 Alert4Web.com</copyright>
</plugin>
<plugin id="11469">
<name>SimpleChat information disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7168</bugtraq_id>
<category>attack</category>
<risk>Low</risk>
<summary>Checks for the presence of data/usr</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11472">
<name>viewpage.php arbitrary file reading</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7191</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>viewpage.php is vulnerable to an exploit which lets an attacker view any file that the cgi/httpd user has access to.</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11535">
<name>SheerDNS directory traversal</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id>7336, 7335</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Determines if the remote DNS server handles malformed names</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11281">
<name>cpanel remote command execution</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>6882</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Executes /bin/id</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11182">
<name>DB4Web directory traversal</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Read any file through DB4Web</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="10150">
<name>Using NetBIOS to retrieve information from a Windows host</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-1999-0621</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Using NetBIOS to retrieve information from a Windows host</summary>
<copyright>This script is Copyright (C) 1999 SecuriTeam</copyright>
</plugin>
<plugin id="11660">
<name>TextPortal Default Passwords</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7673</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Logs into the remote TextPortal interface</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11208">
<name>Netscape Enterprise Default Administrative Password</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Netscape Enterprise Default Administrative Password</summary>
<copyright>This script is Copyright (C) 2003 Digital Defense Inc.</copyright>
</plugin>
<plugin id="11122">
<name>Libwhisker options</name>
<version>$Revision: 1.2 $</version>
<family>Settings</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>settings</category>
<risk>None</risk>
<summary>Configure libwhisker options</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="10395">
<name>SMB shares enumeration</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Gets the list of remote shares</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11221">
<name>Pages Pro CD directory traversal</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Pages Pro CD directory traversal</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="10035">
<name>Campas</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-0146</cve_id>
<bugtraq_id>1975</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/campas</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11309">
<name>Winreg registry key writeable by non-admins</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2002-0049</cve_id>
<bugtraq_id>4053</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines the permissions for the winreg key</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11145">
<name>Certificate Validation Flaw Could Enable Identity Spoofing (Q328145)</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2002-1183, CAN-2002-0862</cve_id>
<bugtraq_id>5410</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for MS Hotfix Q328145, Certificate Validation Flaw</summary>
<copyright>This script is Copyright (C) 2002 SECNAP Network Security, LLC</copyright>
</plugin>
<plugin id="11634">
<name>Proxy Web Server Cross Site Scripting</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id>7596</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determine if the remote proxy is vulnerable to Cross Site Scripting vulnerability</summary>
<copyright>(c) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10479">
<name>Roxen Server /%00/ bug</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0671</cve_id>
<bugtraq_id>1510</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Make a request like http://www.example.com/%00/</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10103">
<name>HP LaserJet display hack</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>Low</risk>
<summary>Changes the printer's display</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10023">
<name>Bypass Axis Storpoint CD authentication</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0191</cve_id>
<bugtraq_id>1025</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Requests /cd/../config/html/cnf_gi.htm</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10297">
<name>Web server traversal</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>\..\..\file.txt</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10679">
<name>directory pro web traversal</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-0780</cve_id>
<bugtraq_id>2793</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/directorypro.cgi</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10878">
<name>Sun Cobalt Adaptive Firewall Detection</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Sun Cobalt Adaptive Firewall Detection</summary>
<copyright>This script is Copyright (C) 2002 SecurITeam</copyright>
</plugin>
<plugin id="11574">
<name>Portable OpenSSH PAM timing attack</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id>CAN-2003-0190</cve_id>
<bugtraq_id>7482</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for the remote SSH version</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11254">
<name>Unpassworded friday account</name>
<version>$Revision: 1.2 $</version>
<family>Default Unix Accounts</family>
<cve_id>CAN-1999-0502</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Logs into the remote host</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11101">
<name>PHPAdsNew code injection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2001-1054</cve_id>
<bugtraq_id>3392</bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Checks for the presence of remotehtmlview.php</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11307">
<name>Unchecked buffer in Windows Shell</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2002-0070</cve_id>
<bugtraq_id>4248</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for MS Hotfix Q216840</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11180">
<name>DB4Web TCP relay</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>Medium</risk>
<summary>DB4Web debug page allow bounce scan</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="10260">
<name>HELO overflow</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id>CAN-1999-0098</cve_id>
<bugtraq_id></bugtraq_id>
<category>mixed</category>
<risk>Low</risk>
<summary>Checks if the remote mail server can be used to send anonymous mail</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10270">
<name>Stacheldraht Detect</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id>CAN-2000-0138</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Critical</risk>
<summary>Detects the presence of Stacheldraht</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10531">
<name>SMB Registry : Win2k Service Pack version</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-1999-0662</cve_id>
<bugtraq_id>7930, 8090, 8128</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determines the remote SP</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11724">
<name>WebLogic source code disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0682</cve_id>
<bugtraq_id>1518</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for WebLogic file disclosures </summary>
<copyright>This script is Copyright (C) 2003 John Lampe</copyright>
</plugin>
<plugin id="11134">
<name>QMTP</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>None</risk>
<summary>Detect QMTP servers</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="10899">
<name>Users information : User has never logged in</name>
<version>$Revision: 1.2 $</version>
<family>Windows : User management</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Lists the users that never logged in</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11656">
<name>Eserv Directory Index</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id></cve_id>
<bugtraq_id>7669</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>GET /?</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10684">
<name>yppasswdd overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CVE-2001-0779</cve_id>
<bugtraq_id>2763</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>heap overflow through yppasswdd</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10564">
<name>IIS phonebook</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-1089</cve_id>
<bugtraq_id>2048</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Determines whether phonebook server is installed</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11699">
<name>URLScan Detection</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>None</risk>
<summary>Detects the presence of URLScan</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10837">
<name>FAQManager Arbitrary File Reading Vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>3810</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Tests for FAQManager Arbitrary File Reading Vulnerability</summary>
<copyright>This script is Copyright (C) 2002 Matt Moore</copyright>
</plugin>
<plugin id="10219">
<name>nfsd service</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id>CVE-1999-0832</cve_id>
<bugtraq_id>782</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11456">
<name>PostgreSQL multiple flaws</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id>CAN-2002-1402, CAN-2002-1401, CAN-2002-1400, CAN-2002-1397, CAN-2002-1399</cve_id>
<bugtraq_id>6610, 6614, 5527, 5497, 6615, 6611, 6612, 6613, 7075</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Attempts to log into the remote PostgreSQL daemon</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11086">
<name>Sendmail custom configuration file</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id>CAN-2001-0713</cve_id>
<bugtraq_id>3377</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the version number for 'custom config file'</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="11125">
<name>mldonkey www</name>
<version>$Revision: 1.2 $</version>
<family>Peer-To-Peer File Sharing</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Detect mldonkey www interface</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="10481">
<name>Unpassworded MySQL</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Attempts to log into the remote MySQL daemon</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10852">
<name>Oracle 9iAS Jsp Source File Reading</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-0562</cve_id>
<bugtraq_id>4034</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Test for Oracle 9iAS JSP Source File Reading</summary>
<copyright>This script is Copyright (C) 2002 Matt Moore</copyright>
</plugin>
<plugin id="11312">
<name>DHCP server overflow / format string bug</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CAN-2003-0026, CAN-2002-0702, CAN-2003-0039</cve_id>
<bugtraq_id>4701, 6627, 6628</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Chats with the remote DHCP server</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11639">
<name>Web-ERP Configuration File Remote Access</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>6996</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determines if Web-ERP is installed</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10243">
<name>ypupdated service</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id>CVE-1999-0208</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11528">
<name>Flaw in Microsoft VM (816093)</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2003-0111</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the version of the remote VM</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11786">
<name>VP-ASP SQL Injection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>4861</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Determine if ProductCart is vulnerable to a sql injection attack</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11622">
<name>mod_ssl wildcard DNS cross site scripting vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-1157</cve_id>
<bugtraq_id>6029</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for version of mod_ssl</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11761">
<name>phpMyAdmin multiple flaws</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7965, 7964, 7963, 7962</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for the presence of phpMyAdmin</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10282">
<name>test-cgi</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-0070</cve_id>
<bugtraq_id>2003</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/test-cgi</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10541">
<name>KW whois</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0941</cve_id>
<bugtraq_id>1883</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/whois.cgi</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11247">
<name>Unpassworded sync account</name>
<version>$Revision: 1.2 $</version>
<family>Default Unix Accounts</family>
<cve_id>CAN-1999-0502</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Logs into the remote host</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11404">
<name>Multiple flaws in the Opera web browser</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id>7056, 6962, 6811, 6814, 6754, 6755, 6756, 6757, 6759, 6218</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines the version of Opera.exe</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10043">
<name>Chargen</name>
<version>$Revision: 1.2 $</version>
<family>Useless services</family>
<cve_id>CVE-1999-0103</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for the presence of chargen</summary>
<copyright>This script is Copyright (C) 1999 Mathieu Perrin</copyright>
</plugin>
<plugin id="10780">
<name>CGIEmail's Cross Site Scripting Vulnerability (cgicso)</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Determine if a remote host is vulnerable to the cgicso vulnerability</summary>
<copyright>This script is Copyright (C) 2001 SecurITeam</copyright>
</plugin>
<plugin id="10981">
<name>CSCdt65960</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id>CVE-2001-0757</cve_id>
<bugtraq_id>2874</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Uses SNMP to determine if a flaw is present</summary>
<copyright>This script is (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10558">
<name>Exchange Malformed MIME header</name>
<version>$Revision: 1.2 $</version>
<family>Denial of Service</family>
<cve_id>CVE-2000-1006</cve_id>
<bugtraq_id>1869</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the remote banner</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11732">
<name>Webnews.exe vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2002-0290</cve_id>
<bugtraq_id>4124</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the Webnews.exe file</summary>
<copyright>This script is Copyright (C) 2003 John Lampe</copyright>
</plugin>
<plugin id="10567">
<name>SMB Registry : permissions of the RAS key</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2001-0045</cve_id>
<bugtraq_id>2064</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Determines the access rights of a remote key</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10358">
<name>/iisadmin is world readable</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-1999-1538</cve_id>
<bugtraq_id>189</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the presence of /iisadmin</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11796">
<name>Forum51/Board51/News51 Users Disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>8126, 8127, 8128</bugtraq_id>
<category>attack</category>
<risk>Medium</risk>
<summary>Checks for the presence of user.idx</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10681">
<name>Netscape Messenging Server User List</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id>CVE-2000-0960</cve_id>
<bugtraq_id>1787</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks the error messages issued by the pop3 server</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="11027">
<name>AlienForm CGI script</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-0934</cve_id>
<bugtraq_id>4983</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks if the AlienForm CGI script is vulnerable</summary>
<copyright>This script is Copyright (C) 2002 Andrew Hintz (http://guh.nu)</copyright>
</plugin>
<plugin id="11569">
<name>StockMan Shopping Cart Command Execution</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7485</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>determines the version of shop.plx</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11100">
<name>eXtremail format strings</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id>CAN-2001-1078</cve_id>
<bugtraq_id>2908</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the version number</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10943">
<name>Cumulative Patch for Internet Information Services (Q327696)</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2002-0147, CVE-2002-0149, CVE-2002-0150, CAN-2002-0224, CAN-2002-0869, CAN-2002-1182, CAN-2002-1180, CAN-2002-1181</cve_id>
<bugtraq_id>4474</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines whether October 30, 2002 IIS Cumulative patches (Q327696) are installed</summary>
<copyright>This script is Copyright (C) 2002 Michael Scheidell</copyright>
</plugin>
<plugin id="11342">
<name>PKCS 1 Version 1.5 Session Key Retrieval</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id>CVE-2001-0361</cve_id>
<bugtraq_id>2344</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for the remote SSH version</summary>
<copyright>This script is Copyright (C) 2003 Xue Yong Zhi</copyright>
</plugin>
<plugin id="10973">
<name>CSCdi34061</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id>CVE-1999-0162</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Uses SNMP to determine if a flaw is present</summary>
<copyright>This script is (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10329">
<name>BIND iquery overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CVE-1999-0009</cve_id>
<bugtraq_id>134</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the remote BIND version</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11295">
<name>CSCdx39981</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Uses SNMP to determine if a flaw is present</summary>
<copyright>This script is (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11273">
<name>Invision PowerBoard code injection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>6976, 7204</bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Checks for the presence of remotehtmlview.php</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10619">
<name>Malformed request to domain controller</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2001-0502</cve_id>
<bugtraq_id>2929</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Determines whether the hotfix Q287397 is installed</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="11422">
<name>Unconfigured web server</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Determines if the remote web server has been configured</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11020">
<name>NetCommerce SQL injection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2001-0319</cve_id>
<bugtraq_id>2350</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determine if the remote host is vulnerable to Cross Site Scripting vulnerability</summary>
<copyright>(c) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10573">
<name>IIS 5.0 Sample App reveals physical path of web root</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>IIS 5.0 Sample App reveals physical path of web root</summary>
<copyright>This script is Copyright (C) 2000 Matt Moore</copyright>
</plugin>
<plugin id="11558">
<name>Macromedia ColdFusion MX Path Disclosure Vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7443</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Macromedia ColdFusion MX Path Disclosure Vulnerability</summary>
<copyright>This script is Copyright (C) 2003 A.D.Consulting France</copyright>
</plugin>
<plugin id="11702">
<name>zentrack code injection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Checks for the presence of index.php</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10756">
<name>MacOS X Finder reveals contents of Apache Web directories</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>3316</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for .DS_Store</summary>
<copyright>This script is Copyright (C) 2001 Matt Moore</copyright>
</plugin>
<plugin id="11607">
<name>Apache < 2.0.46 on OS/2</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id>CAN-2003-0134</cve_id>
<bugtraq_id>7332</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for version of Apache</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10301">
<name>websendmail</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-0196</cve_id>
<bugtraq_id>2077</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/websendmail</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10588">
<name>Sendmail mime overflow</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id>CVE-1999-0206</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the version number</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10751">
<name>Kazaa / Morpheus Client Detection</name>
<version>$Revision: 1.2 $</version>
<family>Peer-To-Peer File Sharing</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Kazaa / Morpheus Client Detect</summary>
<copyright>This script is Copyright (C) 2001 SecuriTeam</copyright>
</plugin>
<plugin id="11351">
<name>Sendmail mail.local DOS</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id>CVE-2000-0319</cve_id>
<bugtraq_id>1146</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the version number</summary>
<copyright>This script is Copyright (C) 2003 Xue Yong Zhi</copyright>
</plugin>
<plugin id="11467">
<name>JWalk server traversal</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7160</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Reads a file outside the web root</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10223">
<name>RPC portmapper</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id>CAN-1999-0632, CVE-1999-0189</cve_id>
<bugtraq_id>205</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Gets the port of the remote rpc portmapper</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11339">
<name>scp File Create/Overwrite</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id>CVE-2000-0992</cve_id>
<bugtraq_id>1742</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for the remote SSH version</summary>
<copyright>This script is Copyright (C) 2003 Xue Yong Zhi</copyright>
</plugin>
<plugin id="10715">
<name>BEA WebLogic Scripts Server scripts Source Disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>2527</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>BEA WebLogic may be tricked into revealing the source code of JSP scripts.</summary>
<copyright>INTRANODE - 2001</copyright>
</plugin>
<plugin id="11774">
<name>Windows Media Player Library Access</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2003-0348</cve_id>
<bugtraq_id>8034</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks the version of Media Player</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10210">
<name>alis service</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10283">
<name>TFN Detect</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id>CAN-2000-0138</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Critical</risk>
<summary>Detects the presence of TFN</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10661">
<name>IIS 5 .printer ISAPI filter applied</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Tests for IIS5 .printer ISAPI filter</summary>
<copyright>This script is Copyright (C) 2001 Matt Moore</copyright>
</plugin>
<plugin id="11292">
<name>CSCdv88230, CSCdw22408</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Uses SNMP to determine if a flaw is present</summary>
<copyright>This script is (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11621">
<name>Snitz Forums Cmd execution</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Determine if Snitz forums is vulnerable to a cmd exec flaw</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10432">
<name>SMB Registry : permissions of keys that can change common paths</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-1999-0589</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Determines the access rights of remote keys</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11157">
<name>Trojan horses</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Look for potential trojan horses</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="10892">
<name>Obtains user information</name>
<version>$Revision: 1.2 $</version>
<family>Windows : User management</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>None</risk>
<summary>Implements NetUserGetInfo()</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10093">
<name>GateCrasher</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id>CAN-1999-0660</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the presence of GateCrasher</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10885">
<name>MS SMTP DoS</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id>CVE-2002-0055</cve_id>
<bugtraq_id>4204</bugtraq_id>
<category>attack</category>
<risk>Medium</risk>
<summary>Checks if the remote SMTP server can be restarted</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11153">
<name>Identifies unknown services with 'HELP'</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Sends 'HELP' to unknown services and look at the answer</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="11547">
<name>CSCea42030</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id>CAN-2003-0216</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Uses SNMP to determine if a flaw is present</summary>
<copyright>This script is (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11017">
<name>directory.php</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-0434</cve_id>
<bugtraq_id>4278</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /directory.php</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="10762">
<name>RTSP Server type and version</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>RTSP Server detection</summary>
<copyright>This script is Copyright (C) 2001 Alert4Web.com</copyright>
</plugin>
<plugin id="10832">
<name>Kcms Profile Server</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id>CVE-2001-0595</cve_id>
<bugtraq_id>2605</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the presence of a Kcms service</summary>
<copyright>This script is Copyright (C) 2002 Michael Scheidell</copyright>
</plugin>
<plugin id="11526">
<name>Vignette StoryServer Information Disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-0385</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks the version of the remote Vignette StoryServer</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11396">
<name>hp jetdirect vulnerabilities</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id>7070</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Uses SNMP to determine if a flaw is present</summary>
<copyright>This script is (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11632">
<name>CSCdx17916, CSCdx61997</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Uses SNMP to determine if a flaw is present</summary>
<copyright>This script is (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11318">
<name>BIND 9 overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the remote BIND version</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11595">
<name>Windows Media Player Skin Download Overflow</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2003-0228</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks the version of Media Player</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10810">
<name>PHP-Nuke Gallery Add-on File View</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2001-0900</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determine if a remote host is vulnerable to the gallery vulnerability</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10979">
<name>CSCdt46181</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id>CVE-2001-1183</cve_id>
<bugtraq_id>3022</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Uses SNMP to determine if a flaw is present</summary>
<copyright>This script is (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11321">
<name>Sendmail 8.8.8 to 8.12.7 Double Pipe Access Validation Vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id>CAN-2002-1165</cve_id>
<bugtraq_id>5845</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks sendmail's version number</summary>
<copyright>This script is Copyright (C) 2003 StrongHoldNet</copyright>
</plugin>
<plugin id="11735">
<name>Mnogosearch overflows</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for search.cgi</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10344">
<name>Detect the presence of Napster</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Detect the presence of Napster</summary>
<copyright>This script is Copyright (C) 2000 Beyond Security</copyright>
</plugin>
<plugin id="10686">
<name>BroadVision Physical Path Disclosure Vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-0031</cve_id>
<bugtraq_id>2088</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Tests for BroadVision Physical Path Disclosure Vulnerability</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="11782">
<name>iXmail SQL injection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>8047</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for iXMail</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10799">
<name>IBM-HTTP-Server View Code</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>3518</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>IBM-HTTP-Server View Code</summary>
<copyright>This script is Copyright (C) 2001 Felix Huber</copyright>
</plugin>
<plugin id="10546">
<name>Enumerate Lanman users via SNMP</name>
<version>$Revision: 1.2 $</version>
<family>SNMP</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Enumerates users via SNMP</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10209">
<name>X25 service</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id>CAN-1999-0648</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10508">
<name>PFTP login check</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for a blank account</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10708">
<name>SSH 3.0.0</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id>CVE-2001-0553</cve_id>
<bugtraq_id>3078</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the remote SSH version</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="11392">
<name>Serv-U path disclosure</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CAN-2000-0176, CVE-1999-0838</cve_id>
<bugtraq_id>1016, 859</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>FTP path disclosure</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10060">
<name>Dumpenv</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-1999-1178</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for the presence of /cgi-bin/dumpenv</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10112">
<name>icat</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-1999-1069</cve_id>
<bugtraq_id>2126</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determines the presence of the 'icat' cgi</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10167">
<name>NTMail3 spam feature</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id>CVE-1999-0819</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks if the remote mail server can be used as a spam relay</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11380">
<name>CSCdz39284, CSCdz41124</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id></cve_id>
<bugtraq_id>6904</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Uses SNMP to determine if a flaw is present</summary>
<copyright>This script is (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10005">
<name>NetSphere Backdoor</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id>CAN-1999-0660</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the presence of NetSphere</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11138">
<name>Citrix published applications</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id>5817</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Find Citrix published applications</summary>
<copyright>This script is Copyright (C) 2002 John Lampe...j_lampe@bellsouth.net</copyright>
</plugin>
<plugin id="11048">
<name>Resin DOS device path disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>5252</bugtraq_id>
<category>mixed</category>
<risk>Low</risk>
<summary>Tests for Resin path disclosure vulnerability</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="11554">
<name>BadBlue Administrative Actions Vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id></cve_id>
<bugtraq_id>7387</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Get the version of the remote badblue server</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10968">
<name>ping.asp</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of ping.asp</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="11764">
<name>TMax Soft Jeus Cross Site Scripting</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7969</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for TMax Jeus</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10671">
<name>IIS Remote Command Execution</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2001-0507, CVE-2001-0333</cve_id>
<bugtraq_id>2708</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines if arbitrary commands can be executed</summary>
<copyright>This script is Copyright (C) 2001 Matt Moore / H D Moore</copyright>
</plugin>
<plugin id="11253">
<name>Unpassworded hax0r account</name>
<version>$Revision: 1.2 $</version>
<family>Default Unix Accounts</family>
<cve_id>CAN-1999-0502</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Logs into the remote host</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10413">
<name>SMB Registry : is the remote host a PDC/BDC</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-1999-0659</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Determines if the remote host is a PDC/BDC</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11721">
<name>CgiMail.exe vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0726</cve_id>
<bugtraq_id>1623</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the cgimail.exe file</summary>
<copyright>This script is Copyright (C) 2003 John Lampe</copyright>
</plugin>
<plugin id="10766">
<name>Apache UserDir Sensitive Information Disclosure</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id>CAN-2001-1013</cve_id>
<bugtraq_id>3335</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Apache UserDir Sensitive Information Disclosure</summary>
<copyright>This script is Copyright (C) 2001 SecuriTeam</copyright>
</plugin>
<plugin id="11300">
<name>Unchecked buffer in Network Share Provider (Q326830)</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2002-0724</cve_id>
<bugtraq_id>5556</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for MS Hotfix Q326830</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11506">
<name>Quicktime player buffer overflow</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2003-0168</cve_id>
<bugtraq_id>7247</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks the version of Quicktime Player</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11769">
<name>Zope Invalid Query Path Disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7999, 8000, 8001</bugtraq_id>
<category>attack</category>
<risk>Low</risk>
<summary>Checks for Zope Examples directory</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11151">
<name>Webserver 4D Cleartext Passwords</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>WARNING: no 'Risk Factor' found !</risk>
<summary>Checks for Webserver 4D</summary>
<copyright>This script is Copyright (C) 2002 Jason Lidow <jason@brandx.net></copyright>
</plugin>
<plugin id="10959">
<name>ServletExec 4.1 ISAPI File Reading</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-0893</cve_id>
<bugtraq_id>4795</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Tests for ServletExec File Reading</summary>
<copyright>This script is Copyright (C) 2002 Matt Moore</copyright>
</plugin>
<plugin id="10351">
<name>The ACC router shows configuration without authentication</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id>CVE-1999-0383</cve_id>
<bugtraq_id>183</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for ACC SHOW command bug</summary>
<copyright>This script is Copyright (C) 2000 Sebastian Andersson</copyright>
</plugin>
<plugin id="10029">
<name>BIND vulnerable</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CVE-1999-0833, CVE-1999-0837, CVE-1999-0848, CVE-1999-0849</cve_id>
<bugtraq_id>788</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the remote BIND version</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11671">
<name>Ultimate PHP Board admin_ip.php code injection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7678</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for UPB</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10723">
<name>LDAP allows anonymous binds</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id>CVE-1999-0385</cve_id>
<bugtraq_id>503</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Check for LDAP null bind</summary>
<copyright>By John Lampe....j_lampe@bellsouth.net</copyright>
</plugin>
<plugin id="10021">
<name>Identd enabled</name>
<version>$Revision: 1.2 $</version>
<family>Useless services</family>
<cve_id>CAN-1999-0629</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks if identd is installed</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10607">
<name>SSH1 CRC-32 compensation attack</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CVE-2001-0144</cve_id>
<bugtraq_id>2347</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the remote SSH version</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="11373">
<name>SunFTP Buffer Overflow</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CVE-2000-0856</cve_id>
<bugtraq_id>1638</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Checks if the remote SunFTP can be buffer overflown</summary>
<copyright>This script is Copyright (C) 2003 Xue Yong Zhi</copyright>
</plugin>
<plugin id="10991">
<name>IIS Global.asa Retrieval</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Tries to retrieve the global.asa file</summary>
<copyright>This script is Copyright (C) 2001 Digital Defense Inc.</copyright>
</plugin>
<plugin id="10865">
<name>Checks for MS HOTFIX for snmp buffer overruns</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2002-0053</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determines whether the hotfix Q314147 is installed</summary>
<copyright>This script is Copyright (C) 2002 Michael Scheidell</copyright>
</plugin>
<plugin id="10725">
<name>SIX Webboard's generate.cgi</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-1115</cve_id>
<bugtraq_id>3175</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/webboard/generate.cgi</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10984">
<name>CSCdu81936</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id>CVE-2001-0895</cve_id>
<bugtraq_id>3547</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Uses SNMP to determine if a flaw is present</summary>
<copyright>This script is (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11697">
<name>IRCXPro Default Admin password</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Logs into the remote administrative interface of ircxpro</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11206">
<name>War FTP Daemon Directory Traversal</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CVE-2001-0295</cve_id>
<bugtraq_id>2444</bugtraq_id>
<category>attack</category>
<risk>WARNING: no 'Risk Factor' found !</risk>
<summary>WarFTPd Directory Traversal</summary>
<copyright>This script is Copyright (C) 2003 Digital Defense, Inc.</copyright>
</plugin>
<plugin id="11310">
<name>myphpPageTool code injection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Checks for the presence of index.html</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11730">
<name>ndcgi.exe vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-0922</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the ndcgi.exe file</summary>
<copyright>This script is Copyright (C) 2003 John Lampe</copyright>
</plugin>
<plugin id="10398">
<name>SMB get domain SID</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2000-1200</cve_id>
<bugtraq_id>959</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Gets the domain SID</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11687">
<name>CrobFTP format string</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>WARNING: no 'Risk Factor' found !</risk>
<summary>Logs as a %x</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11729">
<name>ion-p.exe vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-1559</cve_id>
<bugtraq_id>6091</bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Checks for the ion-p.exe file</summary>
<copyright>This script is Copyright (C) 2003 John Lampe</copyright>
</plugin>
<plugin id="11165">
<name>vpasswd.cgi</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of vpasswd.cgi</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="11587">
<name>XMB SQL Injection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7406</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determine if XMB forums is vulnerable to a sql injection attack</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10798">
<name>Unprotected PC Anywhere Service</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Unprotected PC Anywhere Service</summary>
<copyright>This script is Copyright (C) 2002 Digital Defense Incorporated</copyright>
</plugin>
<plugin id="10565">
<name>Serv-U Directory traversal</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CVE-2001-0054</cve_id>
<bugtraq_id>2052</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Traverses the remote ftp root</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11429">
<name>Windows Messenger is installed</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-1999-1484, CAN-2002-0228, CAN-2002-0472</cve_id>
<bugtraq_id>668, 4028, 4316, 4675, 4827</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Determines if Windows Messenger is installed</summary>
<copyright>This script is Copyright (C) 2003 Xue Yong Zhi</copyright>
</plugin>
<plugin id="10452">
<name>wu-ftpd SITE EXEC vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CVE-2000-0573, CVE-1999-0997</cve_id>
<bugtraq_id>1387, 2240, 726</bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Checks if the remote FTP server sanitizes the SITE EXEC command</summary>
<copyright>This script is Copyright (C) 2000 A. de Bernis</copyright>
</plugin>
<plugin id="10146">
<name>Tektronix /ncl_items.html</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id>CAN-1999-1508</cve_id>
<bugtraq_id>806</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for the presence of /ncl_*.html</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11464">
<name>ad.cgi</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-0025</cve_id>
<bugtraq_id>2103</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/ad.cgi</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10917">
<name>SMB Scope</name>
<version>$Revision: 1.2 $</version>
<family>Settings</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>settings</category>
<risk>None</risk>
<summary>SMB scope options</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10434">
<name>NT ResetBrowser frame & HostAnnouncement flood patc</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2000-0404</cve_id>
<bugtraq_id>1262</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determines whether the hotfix Q262694 is installed</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10105">
<name>htdig</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-0978, CVE-2000-0208</cve_id>
<bugtraq_id>1026</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks if htdig is vulnerable</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11006">
<name>RedHat 6.2 inetd</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id>CVE-2001-0309</cve_id>
<bugtraq_id>2395</bugtraq_id>
<category>mixed</category>
<risk>Medium</risk>
<summary>Stalls the remote inetd</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10999">
<name>Linksys Router Default Password</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Linksys Router Default Password</summary>
<copyright>This script is Copyright (C) 2002 Digital Defense Inc.</copyright>
</plugin>
<plugin id="11717">
<name>Lotus Domino SMTP bounce DoS</name>
<version>$Revision: 1.2 $</version>
<family>Denial of Service</family>
<cve_id>CAN-2000-1203</cve_id>
<bugtraq_id>3212</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Broken message bounced to himself exhausts MTA</summary>
<copyright>This script is Copyright (C) 2003 Michel Arboi</copyright>
</plugin>
<plugin id="10037">
<name>CERN httpd problem</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2000-0079</cve_id>
<bugtraq_id>936</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Attempts to find the location of the remote web root</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10554">
<name>RealServer Memory Content Disclosure</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id>CVE-2000-1181</cve_id>
<bugtraq_id>1957</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>dumps the memory of a real g2 server</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11121">
<name>xtel detection</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>None</risk>
<summary>Detect xteld</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="11517">
<name>Leafnode Resource Exhaustion</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id>6490</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Check Leafnode version number for flaws</summary>
<copyright>This script is Copyright (C) 2003 Michel Arboi</copyright>
</plugin>
<plugin id="11619">
<name>Eserv Memory Leaks</name>
<version>$Revision: 1.2 $</version>
<family>Denial of Service</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determines if the remote host is running Eserv</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11664">
<name>nsiislog.dll DoS</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2003-0227, CAN-2003-0349</cve_id>
<bugtraq_id>8035</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Determines the presence of nsiislog.dll</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11688">
<name>WF-Chat User Account Disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7147</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of !pwds.txt</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11635">
<name>Java Media Framework (JMF) Vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>WARNING: no 'Risk Factor' found !</risk>
<summary>Determines the presence of JMF</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10205">
<name>rlogin</name>
<version>$Revision: 1.2 $</version>
<family>Useless services</family>
<cve_id>CAN-1999-0651</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for the presence of rlogin</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11520">
<name>HP Instant TopTools DoS</name>
<version>$Revision: 1.2 $</version>
<family>Denial of Service</family>
<cve_id>CAN-2003-0169</cve_id>
<bugtraq_id></bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Checks for hpnst.exe</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10883">
<name>OpenSSH Channel Code Off by 1</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CVE-2002-0083</cve_id>
<bugtraq_id>4241</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the remote OpenSSH version</summary>
<copyright>This script is Copyright (c) 2002 Thomas Reinke</copyright>
</plugin>
<plugin id="11670">
<name>GeekLog SQL vulns</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-0962, CVE-2002-0096, CVE-2002-0097</cve_id>
<bugtraq_id>7742, 7744, 6601, 6602, 6603, 6604</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>sends a rotten cookie to the remote host</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10535">
<name>php log</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0967</cve_id>
<bugtraq_id>1786</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for version of PHP</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10503">
<name>Reading CGI script sources using /cgi-bin-sdb</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0868</cve_id>
<bugtraq_id>1658</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin-sdb/</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10862">
<name>Microsoft's SQL Server Brute Force</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Microsoft's SQL Server Brute Force</summary>
<copyright>This script is Copyright (C) 2001 H D Moore</copyright>
</plugin>
<plugin id="11391">
<name>BSD ftpd setproctitle() format string</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CAN-2000-0574</cve_id>
<bugtraq_id>1425</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Checks if the remote ftpd is vulnerable to format string attacks</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10747">
<name>3Com Superstack II switch with default password</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Logs into 3Com Superstack II switches with default passwords</summary>
<copyright>This script is Copyright (C) 2001 Patrik Karlsson</copyright>
</plugin>
<plugin id="10085">
<name>Ftp PASV denial of service</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CVE-1999-0079</cve_id>
<bugtraq_id>271</bugtraq_id>
<category>attack</category>
<risk>Medium</risk>
<summary>Determines if a PASV DoS is feasible</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10694">
<name>GuildFTPd Directory Traversal</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CAN-2001-0767</cve_id>
<bugtraq_id>2789</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Detects the presence of GuildFTPd version 0.97</summary>
<copyright>This script is Copyright (C) 2001 SecuriTeam</copyright>
</plugin>
<plugin id="10251">
<name>rpc.nisd overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CVE-1999-0008</cve_id>
<bugtraq_id>104</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>buffer overflow through rpc.nisd</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11052">
<name>BenHur Firewall active FTP firewall leak</name>
<version>$Revision: 1.2 $</version>
<family>Firewalls</family>
<cve_id></cve_id>
<bugtraq_id>5279</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Connects to a few services with sport = 20</summary>
<copyright>This script is Copyright (C) 2002 by Renaud Deraison</copyright>
</plugin>
<plugin id="11488">
<name>IMP SQL injection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks IMP version</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10135">
<name>LinuxConf grants network access</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id>CAN-2000-0017</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Detect Linuxconf access rights</summary>
<copyright>This script is Copyright (C) 2000 SecuriTeam</copyright>
</plugin>
<plugin id="10114">
<name>icmp timestamp request</name>
<version>$Revision: 1.2 $</version>
<family>Firewalls</family>
<cve_id>CAN-1999-0524</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Performs an ICMP timestamp request</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11388">
<name>l2tpd < 0.68 overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CVE-2002-0872, CVE-2002-0873</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines the version of the remote l2tpd</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10547">
<name>Enumerate Lanman services via SNMP</name>
<version>$Revision: 1.2 $</version>
<family>SNMP</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Enumerates services via SNMP</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10308">
<name>cgibin() in the KB</name>
<version>$Revision: 1.2 $</version>
<family>Settings</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>settings</category>
<risk>WARNING: no 'Risk Factor' found !</risk>
<summary>cgibin() in kb</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10127">
<name>info2www</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-0266</cve_id>
<bugtraq_id>1995</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/info2www</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11023">
<name>lpd, dvips and remote command execution</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CVE-2001-1002</cve_id>
<bugtraq_id>3241</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Executes 'ping' on the remote host</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11418">
<name>Sun rpc.cmsd overflow</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id>CVE-2002-0391</cve_id>
<bugtraq_id>5356</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Checks if Sun rpc.cmsd overflow</summary>
<copyright>This script is Copyright (C) 2003 Xue Yong Zhi</copyright>
</plugin>
<plugin id="11779">
<name>FTP server hosting copyrighted material</name>
<version>$Revision: 1.2 $</version>
<family>Peer-To-Peer File Sharing</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>WARNING: no 'Risk Factor' found !</risk>
<summary>Checks if the remote ftp server hosts mp3/wav/asf/mpg files</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10381">
<name>Piranha's RH6.2 default password</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CAN-2000-0248</cve_id>
<bugtraq_id>1148</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>logs into the remote piranha subsystem</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10086">
<name>Ftp PASV on connect crashes the FTP server</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CVE-1999-0075</cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>Medium</risk>
<summary>Issues a PASV command upon the connection</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11423">
<name>Flaw in Windows Script Engine (Q814078)</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2003-0010</cve_id>
<bugtraq_id>7146</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for MS Hotfix Q814078</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11766">
<name>pmachine cross site scripting</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7980, 7981</bugtraq_id>
<category>attack</category>
<risk>Low</risk>
<summary>Checks for the presence of search/index.php</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11291">
<name>CSCdv66718</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id>CAN-2002-1092</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Uses SNMP to determine if a flaw is present</summary>
<copyright>This script is (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10422">
<name>MDBMS overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CVE-2000-0446</cve_id>
<bugtraq_id>1252</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the remote MDBMS version</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10480">
<name>Apache::ASP source.asp</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0628</cve_id>
<bugtraq_id>1457</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /site/eg/source.asp</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10267">
<name>SSH Server type and version</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>SSH Server type and version</summary>
<copyright>This script is Copyright (C) 1999 SecuriTeam</copyright>
</plugin>
<plugin id="11346">
<name>Sendmail 8.7.*/8.8.* local overflow</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id>CVE-1999-0130</cve_id>
<bugtraq_id>716</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the version number</summary>
<copyright>This script is Copyright (C) 2003 Xue Yong Zhi</copyright>
</plugin>
<plugin id="10444">
<name>JRun's viewsource.jsp</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0539</cve_id>
<bugtraq_id>1386</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines the presence of the jrun flaw</summary>
<copyright>This script was written by Renaud Deraison</copyright>
</plugin>
<plugin id="11564">
<name>Coppermine Gallery SQL injection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7471</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for the presence of db_input.php</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10625">
<name>IMAP4rev1 buffer overflow after logon</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id>CAN-1999-1224</cve_id>
<bugtraq_id></bugtraq_id>
<category>mixed</category>
<risk>Serious</risk>
<summary>checks for a buffer overflow in imapd</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="11566">
<name>.rhosts in FTP root</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>downloads the remote .rhosts file</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11158">
<name>Novell NetWare HTTP POST Perl Code Execution Vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>Netware</family>
<cve_id>CAN-2002-1436, CAN-2002-1437, CAN-2002-1438</cve_id>
<bugtraq_id>5520</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Webserver perl handler executes arbitrary POSTs</summary>
<copyright>This script is Copyright (C) 2002 visigoth</copyright>
</plugin>
<plugin id="11791">
<name>CISCO IOS Interface blocked by IPv4 Packet</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id>CAN-2003-0567</cve_id>
<bugtraq_id>8211</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Uses SNMP to determine if a flaw is present</summary>
<copyright>This script is (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11675">
<name>Philboard philboard_admin.ASP Authentication Bypass</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7739</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Try to bypass Philboard philboard_admin.ASP Authentication</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10522">
<name>LPRng malformed input</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id>CVE-2000-0917</cve_id>
<bugtraq_id>1712</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for a vulnerable version of LPRng</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11658">
<name>SunONE Application Server source disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Attempts to read the source of a jsp page</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10453">
<name>sawmill allows the reading of the first line of any file</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id>CVE-2000-0588</cve_id>
<bugtraq_id>1402</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks if sawmill reads any file</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11147">
<name>Unchecked Buffer in Windows Help(Q323255)</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2002-0693, CAN-2002-0694</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for MS Hotfix Q323255, Unchecked Buffer in Windows Help facility</summary>
<copyright>This script is Copyright (C) 2002 SECNAP Network Security, LLC</copyright>
</plugin>
<plugin id="11430">
<name>WinMX is installed</name>
<version>$Revision: 1.2 $</version>
<family>Peer-To-Peer File Sharing</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Determines if WinMX is installed</summary>
<copyright>This script is Copyright (C) 2003 Xue Yong Zhi</copyright>
</plugin>
<plugin id="10951">
<name>cachefsd overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CAN-2002-0084, CVE-2002-0033</cve_id>
<bugtraq_id>4631</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10592">
<name>webdriver</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>2166</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/webdriver</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10880">
<name>AdMentor Login Flaw</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-0308</cve_id>
<bugtraq_id>4152</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>AdMentor Login Flaw</summary>
<copyright>This script is Copyright (C) 2002 SecurITeam</copyright>
</plugin>
<plugin id="11727">
<name>CWmail.exe vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-0273</cve_id>
<bugtraq_id>4093</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the cwmail.exe file</summary>
<copyright>This script is Copyright (C) 2003 John Lampe</copyright>
</plugin>
<plugin id="10324">
<name>XTramail MTA 'HELO' denial</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id>CAN-1999-1511</cve_id>
<bugtraq_id>791</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Overflows the remote SMTP server</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11792">
<name>Buffer overrun in Windows Shell (821557)</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2003-0351</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for hotfix Q823980</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10402">
<name>CVSWeb detection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks if CVSWeb is present and gets its version</summary>
<copyright>This script is Copyright (C) 2000 SecuriTeam</copyright>
</plugin>
<plugin id="10653">
<name>Solaris FTPd tells if a user exists</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id></cve_id>
<bugtraq_id>2564</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>CWD ~root before logging in</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10772">
<name>PHP-Nuke copying files security vulnerability (admin.php)</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2001-1032</cve_id>
<bugtraq_id>3361</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determine if a remote host is vulnerable to the admin.php vulnerability</summary>
<copyright>This script is Copyright (C) 2001 SecurITeam</copyright>
</plugin>
<plugin id="11581">
<name>album.pl Command Execution</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7444</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>determines the version of album.pl</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10081">
<name>FTP bounce check</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CVE-1999-0017</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks if the remote ftp server can be bounced</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11045">
<name>Passwordless Zaurus FTP server</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id></cve_id>
<bugtraq_id>5200</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Logs into the remote Zaurus FTP server</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11168">
<name>Samba Unicode Buffer Overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>checks samba version</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10853">
<name>Oracle 9iAS mod_plsql cross site scripting</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Tests for Oracle 9iAS mod_plsql cross site scripting</summary>
<copyright>This script is Copyright (C) 2002 Matt Moore</copyright>
</plugin>
<plugin id="11579">
<name>FTgate DoS</name>
<version>$Revision: 1.2 $</version>
<family>Denial of Service</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>mixed</category>
<risk>Serious</risk>
<summary>Checks for FTgate</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11236">
<name>PHP-Nuke is installed on the remote host</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-0292, CAN-2001-0320, CAN-2001-0854, CAN-2001-0911, CAN-2001-1025, CAN-2002-0206, CAN-2002-0483, CAN-2002-1242</cve_id>
<bugtraq_id>6446, 6465, 6503, 6750, 6887, 6890, 7031, 7060, 7078, 7079</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines if PHP-Nuke is installed on the remote host</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11690">
<name>JBoss source disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7764</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Attempts to read the source of a jsp page</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11210">
<name>Apache < 2.0.44 file reading on Win32</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id>CAN-2003-0017</cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Requests /< and gets the output</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11626">
<name>Owl Login bypass</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>Medium</risk>
<summary>Determines owl is installed</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10895">
<name>Users information : automatically disabled accounts</name>
<version>$Revision: 1.2 $</version>
<family>Windows : User management</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Lists the users that have special privileges</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11330">
<name>MS SQL7.0 Service Pack may leave passwords on system</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2000-0402</cve_id>
<bugtraq_id>1281</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Reads %temp%\sqlsp.log</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10688">
<name>SNMP VACM</name>
<version>$Revision: 1.2 $</version>
<family>SNMP</family>
<cve_id></cve_id>
<bugtraq_id>2427</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Enumerates communities via SNMP</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="11537">
<name>Ocean12 Guestbook XSS</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7329</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for Ocean12 guestbook</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10670">
<name>PHP3 Physical Path Disclosure Vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Tests for PHP3 Physical Path Disclosure Vulnerability</summary>
<copyright>This script is Copyright (C) 2001 Matt Moore</copyright>
</plugin>
<plugin id="10505">
<name>Directory listing through WebDAV</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0869</cve_id>
<bugtraq_id>1656</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks the presence of WebDAV</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10447">
<name>Zope DocumentTemplate package problem</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0483</cve_id>
<bugtraq_id>1354</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for Zope</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10259">
<name>Sendmail mailing to files</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks if the remote mail server can be used to gain a shell</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11495">
<name>tanned format string vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id></cve_id>
<bugtraq_id>6553</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Sends a format string to the remote host</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10286">
<name>thttpd flaw</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id>CAN-1999-1457</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>thttpd flaw</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11497">
<name>E-Theni code injection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>6970</bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Checks for the presence of aff_list_langue.php</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11549">
<name>readfile.tcl</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>checks for readfile.tcl</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10673">
<name>Microsoft's SQL Blank Password</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2000-1209</cve_id>
<bugtraq_id>1281</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Microsoft's SQL Blank Password</summary>
<copyright>This script is Copyright (C) 2001 H D Moore</copyright>
</plugin>
<plugin id="10655">
<name>PHP-Nuke' opendir</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2001-0321</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Determine if a remote host is vulnerable to the opendir.php vulnerability</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="11303">
<name>mod_frontpage installed</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-0427</cve_id>
<bugtraq_id>4251</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the presence of mod_frontpage</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10033">
<name>CA Unicenter's Transport Service is running</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>CA Unicenter's Transport Service is running</summary>
<copyright>This script is Copyright (C) 1999 SecuriTeam</copyright>
</plugin>
<plugin id="10418">
<name>Standard & Poors detection</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id>CAN-2000-0109</cve_id>
<bugtraq_id>1080</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Detect if the remote host is a Standard & Poors' MultiCSP</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10213">
<name>cmsd service</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id>CVE-1999-0320, CVE-1999-0696, CVE-2002-0391</cve_id>
<bugtraq_id>428, 5356</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10704">
<name>Apache Directory Listing</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2001-0731</cve_id>
<bugtraq_id>3009</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks to see if Apache will provide a directory listing</summary>
<copyright>This script is Copyright (C) 2001 Matt Moore</copyright>
</plugin>
<plugin id="11693">
<name>PFTP clear-text passwords</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks PFTPUSERS3.USR</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10640">
<name>Kerberos PingPong attack</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id>CVE-1999-0103</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for the presence of a bad krb server</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10228">
<name>rusersd service</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id>CVE-1999-0626</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11450">
<name>Debian proftpd 1.2.0 runs as root</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CVE-2001-0456</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks if the version of the remote proftpd</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11343">
<name>OpenSSH Client Unauthorized Remote Forwarding</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id>CVE-2000-1169</cve_id>
<bugtraq_id>1949</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for the remote SSH version</summary>
<copyright>This script is Copyright (C) 2003 Xue Yong Zhi</copyright>
</plugin>
<plugin id="10233">
<name>snmp service</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id>CAN-1999-0615</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10173">
<name>perl interpreter can be launched as a CGI</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-1999-0509</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>checks for the presence of /cgi-bin/perl</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11572">
<name>Multiple ICQ Vulnerabilities</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2003-0235, CAN-2003-0236, CAN-2003-0237, CAN-2003-0238, CAN-2003-0239</cve_id>
<bugtraq_id>7461, 7462, 7463, 7464, 7465, 7466</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines if ICQ is installed</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11152">
<name>BIND vulnerable to cached RR overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CAN-2002-1219</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the remote BIND version</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11166">
<name>KF Web Server /%00 bug</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Make a request like http://www.example.com/%00</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="10605">
<name>BIND vulnerable to overflows</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CVE-2001-0010, CVE-2001-0011, CVE-2001-0012, CVE-2001-0013</cve_id>
<bugtraq_id>2302</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the remote BIND version</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10847">
<name>SilverStream database structure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks if SilverStream database structure is visible.</summary>
<copyright>This script is Copyright (C) 2002 Tor Houghton</copyright>
</plugin>
<plugin id="11643">
<name>OneOrZero SQL injection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7609, 7611</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Determines OneOrZero is installed</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10602">
<name>hsx directory traversal</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-0253</cve_id>
<bugtraq_id>2314</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/hsx.cgi</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="11704">
<name>icmp leak</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>icmpleak check</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11031">
<name>OpenSSH <= 3.3</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CVE-2002-0639, CVE-2002-0640</cve_id>
<bugtraq_id>5093</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the remote SSH version</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11752">
<name>Proxomitron DoS</name>
<version>$Revision: 1.2 $</version>
<family>Denial of Service</family>
<cve_id></cve_id>
<bugtraq_id>7954</bugtraq_id>
<category>attack</category>
<risk>Medium</risk>
<summary>Checks for the presence of proxomitron</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11092">
<name>Apache 2.0.39 Win32 directory traversal</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-0661</cve_id>
<bugtraq_id>5434</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Apache 2.0.39 Win32 directory traversal</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="10700">
<name>Cisco IOS HTTP Configuration Arbitrary Administrative Access</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id>CVE-2001-0537</cve_id>
<bugtraq_id>2936</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Obtains the remote router configuration</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="11192">
<name>multiple MySQL flaws</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id>CAN-2002-1373, CAN-2002-1374, CAN-2002-1375, CAN-2002-1376</cve_id>
<bugtraq_id>6368, 6370, 6373, 6374, 6375</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for the remote MySQL version</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10501">
<name>Trinity v3 Detect</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id>CAN-2000-0138</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Critical</risk>
<summary>Detects the presence of trinity v3</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11648">
<name>BlackMoon FTP user disclosure</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for the ftp login error message</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10405">
<name>shtml.exe reveals full path</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2000-0413</cve_id>
<bugtraq_id>1174</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Retrieve the real path using shtml.exe</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11708">
<name>zentrack files reading</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Checks for the presence of index.php</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10227">
<name>rstatd service</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id>CAN-1999-0624</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11334">
<name>popper_mod</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2002-0513</cve_id>
<bugtraq_id>4412</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks if popper_mod is vulnerable</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10010">
<name>AliBaba path climbing</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id>CAN-1999-0776</cve_id>
<bugtraq_id>270</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>GET ../../file</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11532">
<name>Instaboard SQL injection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7338</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for SQL insertion in Instaboad</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10161">
<name>rlogin -froot</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CVE-1999-0113</cve_id>
<bugtraq_id>458</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for rlogin -froot</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10177">
<name>php.cgi</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-1999-0238</cve_id>
<bugtraq_id>2250</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/php.cgi</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10778">
<name>Unprotected SiteScope Service</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>Medium</risk>
<summary>Unprotected SiteScope Service</summary>
<copyright>This script is Copyright (C) 2001 Digital Defense Inc.</copyright>
</plugin>
<plugin id="10401">
<name>SMB Registry : NT4 Service Pack version</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-1999-0662</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Determines the remote SP</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11205">
<name>War FTP Daemon CWD/MKD Buffer Overflow</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CVE-2000-0131</cve_id>
<bugtraq_id>966</bugtraq_id>
<category>attack</category>
<risk>WARNING: no 'Risk Factor' found !</risk>
<summary>War FTP Daemon CWD/MKD Buffer Overflow</summary>
<copyright>This script is Copyright (C) 2003 Digital Defense, Inc.</copyright>
</plugin>
<plugin id="11041">
<name>Apache Tomcat /servlet Cross Site Scripting</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-0682</cve_id>
<bugtraq_id>5193</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Tests for Apache Tomcat /servlet XSS Bug</summary>
<copyright>This script is Copyright (C) 2002 Matt Moore</copyright>
</plugin>
<plugin id="10493">
<name>SWC Overflow</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/swc</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10281">
<name>Detect Server type and version via Telnet</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Detect Server type and version via Telnet</summary>
<copyright>This script is Copyright (C) 1999 SecuriTeam</copyright>
</plugin>
<plugin id="10509">
<name>Malformed RPC Packet patch</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2000-0544</cve_id>
<bugtraq_id>1304</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determines whether the hotfix Q272303 is installed</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10305">
<name>WFTP login check</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CAN-1999-0200</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for any account</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10614">
<name>sendtemp.pl</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-0272</cve_id>
<bugtraq_id>2504</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/sendtemp.pl</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10859">
<name>SMB get host SID</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2000-1200</cve_id>
<bugtraq_id>959</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Gets the domain SID</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10330">
<name>Services</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>None</risk>
<summary>Find what is listening on which port</summary>
<copyright>Written by Renaud Deraison <deraison@cvs.nessus.org></copyright>
</plugin>
<plugin id="10821">
<name>FTPD glob Heap Corruption</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CAN-2001-0249, CVE-2001-0550</cve_id>
<bugtraq_id>2550, 3581</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Check if the remote FTPD s vulnerable to a glob heap corruption vulnerability</summary>
<copyright>Copyright (C) 2001 E*Maze</copyright>
</plugin>
<plugin id="10809">
<name>Sendmail -bt option</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the version number</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="11416">
<name>openwebmail command execution</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-1385</cve_id>
<bugtraq_id>6425, 6232</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines the version of openwebmail</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10224">
<name>rexd service</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id>CVE-1999-0627</cve_id>
<bugtraq_id>37</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10710">
<name>Checkpoint SecuRemote information leakage</name>
<version>$Revision: 1.2 $</version>
<family>Firewalls</family>
<cve_id>CVE-2001-1303</cve_id>
<bugtraq_id>3058</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checkpoint SecuRemote information leakage</summary>
<copyright>This script is Copyright (C) 2001 SecuriTeam</copyright>
</plugin>
<plugin id="11385">
<name>CVS pserver double free() bug</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id>CAN-2003-0015</cve_id>
<bugtraq_id>6650</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Logs into the remote CVS server and asks the version</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10870">
<name>Login configurations</name>
<version>$Revision: 1.2 $</version>
<family>Settings</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>settings</category>
<risk>None</risk>
<summary>Logins for HTTP, FTP, NNTP, POP2, POP3, IMAP and SMB</summary>
<copyright>This script is Copyright (C) 2002 Georges Dagousset </copyright>
</plugin>
<plugin id="11163">
<name>msmmask.exe</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>Low</risk>
<summary>Checks for the presence of /cgi-bin/msmMask.exe</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="10898">
<name>Users information : Never changed password</name>
<version>$Revision: 1.2 $</version>
<family>Windows : User management</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Lists the users that have special privileges</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11538">
<name>ezPublish config disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7349, 7347</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determine if ezPublish config file can be retrieved</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11652">
<name>Mantis Detection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>None</risk>
<summary>Checks for the presence of mantis</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11788">
<name>Apache < 2.0.47</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id>CAN-2003-0192, CAN-2003-0253, CAN-2003-0254</cve_id>
<bugtraq_id>8134, 8135, 8137, 8138</bugtraq_id>
<category>mixed</category>
<risk>Medium</risk>
<summary>Checks for version of Apache</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10586">
<name>news desk</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-0231</cve_id>
<bugtraq_id>2172</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/newsdesk.cgi</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10490">
<name>hpux ftpd PASS vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CVE-2000-0699</cve_id>
<bugtraq_id>1560</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Checks if the remote ftp sanitizes the PASS command</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10052">
<name>Daytime</name>
<version>$Revision: 1.2 $</version>
<family>Useless services</family>
<cve_id>CVE-1999-0103</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for the presence of daytime</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10476">
<name>WebsitePro buffer overflow</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2000-0623</cve_id>
<bugtraq_id>1492</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for WebSitePro</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10370">
<name>IIS dangerous sample files</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines whether IIS samples files are installed</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11756">
<name>CuteFTP multiple flaws</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id>6786, 6642</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines the presence of CuteFTP.exe</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10128">
<name>infosrch.cgi</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0207</cve_id>
<bugtraq_id>1031</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/infosrch.cgi</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10720">
<name>sdbsearch.cgi</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2001-1130</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Determines the presence of the sdbsearch.cgi</summary>
<copyright>This script was written by Renaud Deraison</copyright>
</plugin>
<plugin id="11512">
<name>Kerberos 5 issues</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id>CAN-2003-0072, CAN-2003-0082, CAN-2003-0059, CAN-2003-0060, CAN-2002-0036</cve_id>
<bugtraq_id>7184, 7185, 6714, 6713, 6712</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Check for kerberos</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11234">
<name>Zope installation path disclose</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>5806</bugtraq_id>
<category>attack</category>
<risk>Low</risk>
<summary>Checks for Zope installation directory</summary>
<copyright>This script is Copyright (C) 2003 Michel Arboi</copyright>
</plugin>
<plugin id="10067">
<name>Faxsurvey</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-0262</cve_id>
<bugtraq_id>2056</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks if faxsurvey is vulnerable</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10208">
<name>3270 mapper service</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11316">
<name>Sendmail remote header buffer overflow</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id>CAN-2002-1337</cve_id>
<bugtraq_id>6991</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the version number</summary>
<copyright>This script is Copyright (C) 2003 SECNAP Network Security</copyright>
</plugin>
<plugin id="11115">
<name>gallery code injection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2001-1234</cve_id>
<bugtraq_id>3397</bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Checks for the presence of includes/needinit.php</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11019">
<name>Alcatel PABX 4400 detection</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Detects if the remote host is an Alcatel 4400</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11568">
<name>StockMan Shopping Cart Path disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>Low</risk>
<summary>determines the remote root path</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10292">
<name>uw-imap buffer overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CVE-1999-0005</cve_id>
<bugtraq_id>130</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>uw-imap buffer overflow</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10818">
<name>Alchemy Eye HTTP Command Execution</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-0871</cve_id>
<bugtraq_id>3599</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines if arbitrary commands can be executed by Alchemy Eye</summary>
<copyright>This script is Copyright (C) 2001 H D Moore & Drew Hintz ( http://guh.nu )</copyright>
</plugin>
<plugin id="10894">
<name>Obtains the lists of users groups</name>
<version>$Revision: 1.2 $</version>
<family>Windows : User management</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>None</risk>
<summary>Implements NetUserGetGroups()</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11662">
<name>iiprotect sql injection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7675</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines if iisprotect is password-protected</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11051">
<name>BIND9 DoS</name>
<version>$Revision: 1.2 $</version>
<family>Denial of Service</family>
<cve_id>CAN-2002-0400</cve_id>
<bugtraq_id>4936</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks the remote BIND version</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10601">
<name>Basilix includes download</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-1044</cve_id>
<bugtraq_id>2198</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for the presence of include files</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="11353">
<name>NFS fsirand</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id>CVE-1999-0167</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for NFS</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10483">
<name>Unpassworded PostgreSQL</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Attempts to log into the remote PostgreSQL daemon</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11255">
<name>Default password (root) for root</name>
<version>$Revision: 1.2 $</version>
<family>Default Unix Accounts</family>
<cve_id>CAN-1999-0502</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Logs into the remote host</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10969">
<name>Obtain Cisco type via SNMP</name>
<version>$Revision: 1.2 $</version>
<family>SNMP</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Enumerates Cisco model via SNMP</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10672">
<name>Unknown CGIs arguments torture</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>From</risk>
<summary>Tortures the arguments of the remote CGIs</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10363">
<name>ASP source using %2e trick</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-1999-0253</cve_id>
<bugtraq_id>1814</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>downloads the source of ASP scripts</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10131">
<name>jj cgi</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-0260</cve_id>
<bugtraq_id>2002</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/jj</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11516">
<name>AutomatedShops WebC.cgi buffer overflows</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7268</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the presence of webc.cgi</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11644">
<name>ezPublish Directory Cross Site Scripting</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7616</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Determine if ezPublish is vulnerable to xss attack</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10791">
<name>Ultraseek Web Server Detect</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Ultraseek Web Server Detect</summary>
<copyright>This script is Copyright (C) 2001 SecuriTeam</copyright>
</plugin>
<plugin id="11496">
<name>RealPlayer PNG deflate heap corruption</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2003-0141</cve_id>
<bugtraq_id>7177</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines the version of RealPlayer</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10739">
<name>Novell Web Server NDS Tree Browsing</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-1999-1020</cve_id>
<bugtraq_id>484</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Novell Web Server NDS Tree Browsing</summary>
<copyright>This script is Copyright (C) 2001 SecuriTeam</copyright>
</plugin>
<plugin id="11460">
<name>SMB Registry : Classic Logon Screen</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Determines the value of a remote key</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11425">
<name>ICQ is installed</name>
<version>$Revision: 1.2 $</version>
<family>Peer-To-Peer File Sharing</family>
<cve_id>CAN-1999-1418, CAN-1999-1440, CAN-2000-0046, CAN-2000-0564, CVE-2000-0552, CAN-2001-0367, CVE-2002-0028, CAN-2001-1305</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Determines if ICQ is installed</summary>
<copyright>This script is Copyright (C) 2003 Xue Yong Zhi</copyright>
</plugin>
<plugin id="11620">
<name>Airport Administrative Port</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id>CAN-2003-0270</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Connects to port 5009 and says 'Hello'</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11170">
<name>Alcatel OmniSwitch 7700/7800 switches backdoor</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id>CAN-2002-1272</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the presence of backdoor in Alcatel 7700/7800 switches </summary>
<copyright>This script is Copyright (c) 2002 deepquest</copyright>
</plugin>
<plugin id="11790">
<name>Buffer overrun in RPC Interface (823980)</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2003-0352</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for hotfix Q823980</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10066">
<name>FakeBO buffer overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Overflows FakeBO's buffers</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10430">
<name>SMB Registry : permissions of keys that can lead to admin</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-1999-0589</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines the access rights of a remote key</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10741">
<name>SiteScope Web Administration Server Detection</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>SiteScope Web Administration Server Detect</summary>
<copyright>This script is Copyright (C) 2001 SecuriTeam</copyright>
</plugin>
<plugin id="10977">
<name>CSCds07326</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id>CVE-2001-0750</cve_id>
<bugtraq_id>2804</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Uses SNMP to determine if a flaw is present</summary>
<copyright>This script is (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10025">
<name>bb-hist.sh</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-1999-1462</cve_id>
<bugtraq_id>142</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Read arbitrary files using the CGI bb-hist.sh</summary>
<copyright>Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11637">
<name>MailMax IMAP overflows (2)</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id></cve_id>
<bugtraq_id>7327</bugtraq_id>
<category>mixed</category>
<risk>Serious</risk>
<summary>Checks the version of the remote IMAP server</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11576">
<name>thttpd directory traversal thru Host:</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id>CAN-2002-1562</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>thttpd flaw</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10526">
<name>IIS : Directory listing through WebDAV</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0951</cve_id>
<bugtraq_id>1756</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks the presence of the Index Server service</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11226">
<name>Oracle 9iAS default error information disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2001-1372</cve_id>
<bugtraq_id>3341</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Tries to retrieve the phisical path of files through Oracle9iAS</summary>
<copyright>This script is Copyright (C) 2003 Javier Fernandez-Sanguino</copyright>
</plugin>
<plugin id="11760">
<name>Pod.Board Forum_Details.PHP Cross Site Scripting</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7933</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for Pod.Board XSS</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11728">
<name>ddicgi.exe vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2000-0826</cve_id>
<bugtraq_id>1657</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the ddicgi.exe file</summary>
<copyright>This script is Copyright (C) 2003 John Lampe</copyright>
</plugin>
<plugin id="11725">
<name>counter.exe vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-1999-1030</cve_id>
<bugtraq_id>267</bugtraq_id>
<category>mixed</category>
<risk>Serious</risk>
<summary>Checks for the counter.exe file</summary>
<copyright>This script is Copyright (C) 2003 John Lampe</copyright>
</plugin>
<plugin id="10782">
<name>Formmail Version Information Disclosure</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id>CAN-2001-0357</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Formmail Version Information Disclosure</summary>
<copyright>This script is Copyright (C) 2001 SecuriTeam</copyright>
</plugin>
<plugin id="11120">
<name>xtelw detection</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>None</risk>
<summary>Detect xteld in HyperTerminal mode</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="11213">
<name>http TRACE XSS attack</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>http TRACE XSS attack</summary>
<copyright>This script is Copyright (C) 2003 E-Soft Inc.</copyright>
</plugin>
<plugin id="11424">
<name>WebDAV enabled</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks the presence of WebDAV</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11030">
<name>Apache chunked encoding</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id>CVE-2002-0392</cve_id>
<bugtraq_id>5033</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Checks for version or behavior of Apache</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11647">
<name>BLnews code injection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7677</bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Checks for the presence of objects.inc.php4</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11777">
<name>SMB share hosting copyrighted material</name>
<version>$Revision: 1.2 $</version>
<family>Peer-To-Peer File Sharing</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>WARNING: no 'Risk Factor' found !</risk>
<summary>Finds .mp3, .avi and .wav files</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10047">
<name>CMail's MAIL FROM overflow</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id>CAN-1999-1521</cve_id>
<bugtraq_id>633</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Overflows a buffer in the remote mail server</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11112">
<name>Generic FTP traversal</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CVE-2001-0680, CAN-2001-1335, CAN-2001-0582</cve_id>
<bugtraq_id>2618, 2786</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Attempts to get the listing of the remote root dir</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10677">
<name>Apache /server-status accessible</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Makes a request like http://www.example.com/server-status</summary>
<copyright>This script is Copyright (C) 2001 StrongHoldNet</copyright>
</plugin>
<plugin id="10805">
<name>Informix traversal</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id>CAN-2001-0924</cve_id>
<bugtraq_id>3575</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>/ifx/?LO=../../../file</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10332">
<name>ftp writeable directories</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CAN-1999-0527</cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>Medium</risk>
<summary>checks if the remote FTP server has any world writeable dirs</summary>
<copyright>this plugin is distributed under the GPL</copyright>
</plugin>
<plugin id="10380">
<name>rsh on finger output</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>attempts to log in using rsh</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11511">
<name>Kerberos IV cryptographic weaknesses</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id>CAN-2003-0138</cve_id>
<bugtraq_id>7113</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Check for kerberos</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10864">
<name>Nikto</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>WARNING: no 'Risk Factor' found !</risk>
<summary>Find CGI with nikto</summary>
<copyright>This script is copyright (C) Michel Arboi - <arboi@algoriel.fr></copyright>
</plugin>
<plugin id="10532">
<name>eXtropia Web Store remote file retrieval</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id>CVE-2000-1005</cve_id>
<bugtraq_id>1774</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>eXtropia Web Store remote file retrieval</summary>
<copyright>This script is Copyright (C) 2000 Thomas Reinke</copyright>
</plugin>
<plugin id="11245">
<name>Unpassworded root account</name>
<version>$Revision: 1.2 $</version>
<family>Default Unix Accounts</family>
<cve_id>CAN-1999-0502</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Logs into the remote host</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11606">
<name>WebLogic Server hostname disclosure</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id>7257</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Make a request like GET . \r\n\r\n</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10217">
<name>keyserv service</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11230">
<name>Stronghold Swish</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>4785</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for the presence of cgi-bin/search</summary>
<copyright>This script is Copyright (C) 2003 Randy Matz</copyright>
</plugin>
<plugin id="10949">
<name>BEA WebLogic Scripts Server scripts Source Disclosure (2)</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>2527</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>BEA WebLogic may be tricked into revealing the source code of JSP scripts.</summary>
<copyright>This script is (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10439">
<name>OpenSSH < 2.1.1 UseLogin feature</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CVE-2000-0525</cve_id>
<bugtraq_id>1334</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the remote OpenSSH version</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10248">
<name>Sendmail 'decode' flaw</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id>CVE-1999-0096</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks if the remote mail server can be used to overwrite files</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10579">
<name>bftpd chown overflow</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CAN-2001-0065, CVE-2000-0943</cve_id>
<bugtraq_id>2120</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Checks if the remote bftpd daemon is vulnerable to a buffer overflow</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10990">
<name>FTP Service Allows Any Username</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>None</risk>
<summary>FTP Service Allows Any Username</summary>
<copyright>This script is Copyright (C) 2002 Digital Defense Inc.</copyright>
</plugin>
<plugin id="10038">
<name>Cfinger's search.**@host feature</name>
<version>$Revision: 1.2 $</version>
<family>Finger abuses</family>
<cve_id>CVE-1999-0259</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>finger .@host feature</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10437">
<name>NFS export</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id>CAN-1999-0554</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for NFS</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10993">
<name>IIS ASP.NET Application Trace Enabled</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Checks for ASP.NET application tracing</summary>
<copyright>This script is Copyright (C) 2002 Digital Defense Inc.</copyright>
</plugin>
<plugin id="11075">
<name>dwhttpd format string</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id></cve_id>
<bugtraq_id>5384</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>DynaWeb server vulnerable to format string</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="11200">
<name>Platinum FTP Server</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks if the remote ftp server is a vulnerable version of Platinum FTP</summary>
<copyright>This script is Copyright (C) 2003 Douglas Minderhout</copyright>
</plugin>
<plugin id="10656">
<name>Resin traversal</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-0304</cve_id>
<bugtraq_id>2384</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>\..\..\file.txt</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10494">
<name>Netauth</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0782</cve_id>
<bugtraq_id>1587</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/netauth.cgi</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10765">
<name>SQLQHit Directory Structure Disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-0986</cve_id>
<bugtraq_id>3339</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>SQLQHit Directory Stracture Disclosure</summary>
<copyright>This script is Copyright (C) 2001 SecuriTeam</copyright>
</plugin>
<plugin id="10639">
<name>store.cgi</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-0305</cve_id>
<bugtraq_id>2385</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/store.cgi</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11480">
<name>3com RAS 1500 configuration disclosure</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id></cve_id>
<bugtraq_id>7176</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Obtains the remote user_settings.cfg</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10875">
<name>Avenger's News System Command Execution</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-0307</cve_id>
<bugtraq_id>4147</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Avenger's News System Command Execution</summary>
<copyright>This script is Copyright (C) 2002 SecurITeam</copyright>
</plugin>
<plugin id="10910">
<name>Obtains local user information</name>
<version>$Revision: 1.2 $</version>
<family>Windows : User management</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>None</risk>
<summary>Implements NetUserGetInfo()</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11119">
<name>SMB Registry : XP Service Pack version</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-1999-0662</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines the remote SP</summary>
<copyright>This script is Copyright (C) 2002 Alert4Web.com</copyright>
</plugin>
<plugin id="10350">
<name>Shaft Detect</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id>CAN-2000-0138</cve_id>
<bugtraq_id>2189</bugtraq_id>
<category>infos</category>
<risk>Critical</risk>
<summary>Detects the presence of Shaft</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10960">
<name>ServletExec 4.1 ISAPI Physical Path Disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2002-0892</cve_id>
<bugtraq_id>4793</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Tests for ServletExec 4.1 ISAPI Path Disclosure</summary>
<copyright>This script is Copyright (C) 2002 Matt Moore</copyright>
</plugin>
<plugin id="10738">
<name>Oracle Web Administration Server Detection</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Oracle Web Administration Server Detect</summary>
<copyright>This script is Copyright (C) 2001 SecuriTeam</copyright>
</plugin>
<plugin id="11594">
<name>CSCdea77143, CSCdz15393, CSCdt84906</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Uses SNMP to determine if a flaw is present</summary>
<copyright>This script is (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11681">
<name>Zeus Admin Interface XSS</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7751</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for XSS in Zeus</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10950">
<name>rpc.walld format string</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CVE-2002-0573</cve_id>
<bugtraq_id>4639</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10915">
<name>Local users information : User has never logged on</name>
<version>$Revision: 1.2 $</version>
<family>Windows : User management</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Lists the local users that never logged in</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10423">
<name>qpopper euidl problem</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id>CVE-2000-0320</cve_id>
<bugtraq_id>1133</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>checks for the version of qpopper</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11663">
<name>iiprotect bypass</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7661</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines if iisprotect can be escaped</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11437">
<name>osCommerce Cross Site Scripting Bugs</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7156, 7151, 7153, 7158, 7155</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determine if osCommerce is vulnerable to xss attack</summary>
<copyright>This script is Copyright (C) 2003 k-otik.com</copyright>
</plugin>
<plugin id="10500">
<name>Shiva Integrator Default Password</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Logs into the remote Shiva router</summary>
<copyright>This script is Copyright (C) 2000 Stefaan Van Dooren</copyright>
</plugin>
<plugin id="10851">
<name>Oracle 9iAS Java Process Manager</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-0563</cve_id>
<bugtraq_id>4293</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Tests for Oracle9iAS Java Process Manager</summary>
<copyright>This script is Copyright (C) 2002 Matt Moore</copyright>
</plugin>
<plugin id="10196">
<name>qpopper buffer overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CVE-1999-0006</cve_id>
<bugtraq_id>133</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>qpopper buffer overflow</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11091">
<name>Windows Network Manager Privilege Elevation (Q326886)</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2002-0720</cve_id>
<bugtraq_id>5480</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for MS Hotfix Q326886, Network Elevated Privilege</summary>
<copyright>This script is Copyright (C) 2002 SECNAP Nework Security, LLC</copyright>
</plugin>
<plugin id="11143">
<name>Exchange 2000 Exhaust CPU Resources (Q320436)</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2002-0368</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for MS Hotfix Q320436, DOS on Exchange 2000</summary>
<copyright>This script is Copyright (C) 2002 Michael Scheidell</copyright>
</plugin>
<plugin id="10242">
<name>yppasswd service</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10394">
<name>SMB log in</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-1999-0504, CAN-1999-0506, CVE-2000-0222</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Attempts to log into the remote host</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11471">
<name>VChat information disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7186, 7188</bugtraq_id>
<category>attack</category>
<risk>Low</risk>
<summary>Checks for the presence of vchat/msg.txt</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10882">
<name>SSH protocol version 1 enabled</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Negotiate SSHd connections</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11382">
<name>CSCdv85279, CSCdw59394</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id>CVE-2002-1024</cve_id>
<bugtraq_id>5114</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Uses SNMP to determine if a flaw is present</summary>
<copyright>This script is (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10120">
<name>IIS perl.exe problem</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-1999-0450</cve_id>
<bugtraq_id>194</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Attempts to find the location of the remote web root</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11412">
<name>IIS : WebDAV Overflow (MS03-007)</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CAN-2003-0109</cve_id>
<bugtraq_id>7116</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>WebDAV buffer overflow</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10713">
<name>CodeRed version X detection</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id>CVE-2001-0500</cve_id>
<bugtraq_id>2880</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>CodeRed version X detection</summary>
<copyright>This script is Copyright (C) 2001 SecuriTeam</copyright>
</plugin>
<plugin id="10856">
<name>PHP-Nuke sql_debug Information Disclosure</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id>3906</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Make a request like http://www.example.com/?sql_debug=1</summary>
<copyright>This script is Copyright (C) 2002 Alert4Web.com</copyright>
</plugin>
<plugin id="11308">
<name>MS SMTP Authorization bypass</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id>CVE-2002-0054</cve_id>
<bugtraq_id>4205</bugtraq_id>
<category>attack</category>
<risk>Medium</risk>
<summary>Checks SMTP authentication</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10989">
<name>Nortel/Bay Networks default password</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Logs into the remote Nortel switch/router</summary>
<copyright>This script is Copyright (C) 2002 Rui Bernardino</copyright>
</plugin>
<plugin id="10736">
<name>DCE Services Enumeration</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Enumerates the remote DCE services</summary>
<copyright>This script is Copyright (C) 2001 Dave Aitel (ported to NASL by rd and Pavel Kankovsaz)</copyright>
</plugin>
<plugin id="11578">
<name>Opera remote heap corruption vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id>7450</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines the version of Opera.exe</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10711">
<name>Sambar webserver pagecount hole</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2001-1010</cve_id>
<bugtraq_id>3091</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Make a request like http://www.example.com/session/pagecount</summary>
<copyright>This script is Copyright (C) 2001 Vincent Renardias</copyright>
</plugin>
<plugin id="10769">
<name>Checks for listrec.pl</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-0997</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the listrec.pl CGI</summary>
<copyright>This script is Copyright (C) 2001 Matt Moore </copyright>
</plugin>
<plugin id="10468">
<name>Netscape Administration Server admin password</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>1579</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Reads admpw</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11194">
<name>Unchecked Buffer in XP Shell Could Enable System Compromise (329390)</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2002-1327</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for MS Hotfix 329390, Flaw in Microsoft XP Shell</summary>
<copyright>This script is Copyright (C) 2002 SECNAP Network Security, LLC</copyright>
</plugin>
<plugin id="11315">
<name>webchat code injection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7000</bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Checks for the presence of includes.php</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10556">
<name>Broker FTP files listing</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CAN-2001-0450</cve_id>
<bugtraq_id>301</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Attempts to get the listing of the remote root dir</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11557">
<name>ideabox code injection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7488</bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Injects a path</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11056">
<name>CSCdy03429</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id>CVE-2002-0813</cve_id>
<bugtraq_id>5328</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Uses SNMP to determine if a flaw is present</summary>
<copyright>This script is (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10124">
<name>Imail's imonitor buffer overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CVE-1999-1046, CVE-2000-0056</cve_id>
<bugtraq_id>502, 504, 506, 914</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Imail's imonitor buffer overflow</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11680">
<name>Webfroot Shoutbox Directory Traversal</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7717</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Webfroot Shoutbox is vulnerable to an exploit which lets an attacker view any file that the web server has access to.</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11265">
<name>Default password (satori) for rewt</name>
<version>$Revision: 1.2 $</version>
<family>Default Unix Accounts</family>
<cve_id>CAN-1999-0502</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Logs into the remote host</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11691">
<name>Desktop Orbiter Server Detection</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the presence Desktop Orbiter</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11043">
<name>iPlanet Search Engine File Viewing</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-1042</cve_id>
<bugtraq_id>5191</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Attempts to read an arbitrary file using a feature in iPlanet</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11659">
<name>ArGoSoft Mail Server multiple flaws</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7608, 7610, 5906, 5395, 5144</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Gets the version of the remote ArGoSoft server</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10013">
<name>alibaba.pl</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-1999-0885</cve_id>
<bugtraq_id>770</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/alibaba.pl</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10881">
<name>SSH protocol versions supported</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>None</risk>
<summary>Negotiate SSHd connections</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10514">
<name>Directory listing through Sambar's search.dll</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2000-0835</cve_id>
<bugtraq_id>1684</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks the presence of search.dll</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11004">
<name>WhatsUp Gold Default Admin Account</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>WhatsUp Gold Default Admin Account</summary>
<copyright>This script is Copyright (C) 2001 Digital Defense Inc.</copyright>
</plugin>
<plugin id="10748">
<name>Mediahouse Statistics Web Server Detect</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id>CVE-2000-0776</cve_id>
<bugtraq_id>1568</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Mediahouse Statistics Web Server Detection</summary>
<copyright>This script is Copyright (C) 2001 SecuriTeam</copyright>
</plugin>
<plugin id="11187">
<name>4553 Parasite Mothership Detect</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Critical</risk>
<summary>Detects the presence of 4553 parasite's mothership</summary>
<copyright>This script is (C) 2002 Violating</copyright>
</plugin>
<plugin id="10034">
<name>RedHat 6.0 cachemgr.cgi</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-0710</cve_id>
<bugtraq_id>2059</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks whether the cachemgr.cgi is installed and accessible.</summary>
<copyright>This script is Copyright (C) 1999 A. de Bernis</copyright>
</plugin>
<plugin id="10192">
<name>Proxy accepts CONNECT requests</name>
<version>$Revision: 1.2 $</version>
<family>Firewalls</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines if we can use the remote web proxy against any port</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10615">
<name>Malformed PPTP Packet Stream vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2001-0017</cve_id>
<bugtraq_id>2368</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Determines whether the hotfix Q283001 is installed</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="11758">
<name>eLDAPo cleartext passwords</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7535</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for eLDAPo</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10306">
<name>whois_raw</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-1999-1063</cve_id>
<bugtraq_id>304</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks if whois_raw.cgi is vulnerable</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10307">
<name>Trin00 for Windows Detect</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id>CAN-2000-0138</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Critical</risk>
<summary>Detects the presence of trin00</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10294">
<name>view_source</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-0174</cve_id>
<bugtraq_id>2251</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/view_source</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10789">
<name>Novell Groupwise WebAcc Information Disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>3436</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Novell Groupwise WebAcc Information Disclosure</summary>
<copyright>This script is Copyright (C) 2001 SecuriTeam</copyright>
</plugin>
<plugin id="11252">
<name>Unpassworded toor account</name>
<version>$Revision: 1.2 $</version>
<family>Default Unix Accounts</family>
<cve_id>CAN-1999-0502</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Logs into the remote host</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11232">
<name>Sendmail DNS Map TXT record overflow</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id>CVE-2002-0906</cve_id>
<bugtraq_id>5122</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the version number</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10073">
<name>Finger redirection check</name>
<version>$Revision: 1.2 $</version>
<family>Finger abuses</family>
<cve_id>CAN-1999-0105</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Finger user@host1@host2</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11401">
<name>texi.exe path disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-0266</cve_id>
<bugtraq_id>4035</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for texis.exe</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10914">
<name>Local users information : Never changed password</name>
<version>$Revision: 1.2 $</version>
<family>Windows : User management</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Lists the local users that have special privileges</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10663">
<name>DHCP server info gathering</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Chats with the remote DHCP server</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="11477">
<name>DCP-Portal Path Disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-0282</cve_id>
<bugtraq_id>4113</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Determine if DCP-Portal displays its physical path</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11046">
<name>Apache Tomcat TroubleShooter Servlet Installed</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>4575</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Tests whether the Apache Tomcat TroubleShooter Servlet is installed</summary>
<copyright>This script is Copyright (C) 2002 Matt Moore</copyright>
</plugin>
<plugin id="10626">
<name>MySQL various flaws</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id>CVE-2000-0045, CAN-2001-1275, CVE-2001-0407</cve_id>
<bugtraq_id>2380, 2522</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the remote MySQL version</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10593">
<name>phorum's common.cgi</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>1985</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of common.cgi</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10015">
<name>AltaVista Intranet Search</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0039</cve_id>
<bugtraq_id>896</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks if query?mss=... reads arbitrary files</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11502">
<name>ScozBook flaws</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7235, 7236</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for the presence of view.php</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10096">
<name>rsh with null username</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id>CVE-1999-0180</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>attempts to log in using rsh</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11452">
<name>Oracle 9iAS web admin</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-0561</cve_id>
<bugtraq_id>4292</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Oracle 9iAS mod_plsql admin page</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10944">
<name>MUP overlong request kernel overflow Patch (Q311967)</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2002-0151</cve_id>
<bugtraq_id>4426</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>checks for Multiple UNC Provider Patch (Q311967)</summary>
<copyright>This script is Copyright (C) 2002 Michael Scheidell</copyright>
</plugin>
<plugin id="10053">
<name>DeepThroat</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id>CAN-1999-0660</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the presence of DeepThroat</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10365">
<name>Windmail.exe allows any user to execute arbitrary commands</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2000-0242</cve_id>
<bugtraq_id>1073</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/windmail.exe</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10007">
<name>ShowCode possible</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-1999-0736</cve_id>
<bugtraq_id>167</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Determines the presence of showcode.asp</summary>
<copyright>This script is Copyright (C) 1999 Immo Goltz <Immo.Goltz@gecits-eu.com></copyright>
</plugin>
<plugin id="11784">
<name>Abyss httpd overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id></cve_id>
<bugtraq_id>8062, 8064</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Tests the version of the remote abyss server</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11446">
<name>DCP-Portal Cross Site Scripting Bugs</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7144, 7141</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determine if DCP-Portal is vulnerable to xss attack</summary>
<copyright>This script is Copyright (C) 2003 k-otik.com</copyright>
</plugin>
<plugin id="10695">
<name>IIS .IDA ISAPI filter applied</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2001-0500</cve_id>
<bugtraq_id>2880</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Tests for IIS .ida ISAPI filter</summary>
<copyright>This script is Copyright (C) 2001 Matt Moore</copyright>
</plugin>
<plugin id="10028">
<name>Determine which version of BIND name daemon is running</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determine which version of BIND name daemon is running</summary>
<copyright>This script is Copyright (C) 1999 SecuriTeam</copyright>
</plugin>
<plugin id="10590">
<name>SWAT allows user names to be obtained by brute force</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id>CVE-2000-0938</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Detect SWAT server port</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10888">
<name>mod_ssl overflow</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2002-0082</cve_id>
<bugtraq_id>4189</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for version of mod_ssl</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11113">
<name>Samba Buffer Overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id></cve_id>
<bugtraq_id>5587</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>checks samba version</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11280">
<name>Usermin Session ID Spoofing</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CAN-2003-0101</cve_id>
<bugtraq_id>6915</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Spoofs a session ID</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11749">
<name>Vignette StoryServer TCL code injection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7683, 7685, 7690, 7691, 7692</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the version of the remote Vignette StoryServer</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10003">
<name>IIS possible DoS using ExAir's query</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-0449</cve_id>
<bugtraq_id>193</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determines the presence of an ExAir asp</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10032">
<name>CA Unicenter's File Transfer Service is running</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>CA Unicenter's File Transfer Service is running</summary>
<copyright>This script is Copyright (C) 1999 SecuriTeam</copyright>
</plugin>
<plugin id="10860">
<name>SMB use host SID to enumerate local users</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2000-1200</cve_id>
<bugtraq_id>959</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Enumerates users</summary>
<copyright>This script is Copyright (C) 2000, 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="11362">
<name>Simple File Manager Filename Script Injection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7035</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for the version of fm.php</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10617">
<name>Checkpoint SecureRemote detection</name>
<version>$Revision: 1.2 $</version>
<family>Firewalls</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Determine if a remote host is running CheckPoint's SecureRemote</summary>
<copyright>This script is Copyright (C) 2001 SecuriTeam</copyright>
</plugin>
<plugin id="10623">
<name>Savant original form CGI access</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0521</cve_id>
<bugtraq_id>1313</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determine if a remote host is Savant web server, and whether it is vulnerable to attack</summary>
<copyright>This script is Copyright (C) 2001 SecuriTeam</copyright>
</plugin>
<plugin id="10921">
<name>RemotelyAnywhere SSH detection</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>None</risk>
<summary>Detect RemotelyAnywhere SSH server</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="10985">
<name>CSCdv48261</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Critical</risk>
<summary>Uses SNMP to determine if a flaw is present</summary>
<copyright>This script is (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10241">
<name>ypbind service</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id>CVE-1999-0312</cve_id>
<bugtraq_id>52</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10940">
<name>Windows Terminal Service Enabled</name>
<version>$Revision: 1.2 $</version>
<family>Useless services</family>
<cve_id></cve_id>
<bugtraq_id>7258</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Connects to the remote terminal server</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11745">
<name>Hosting Controller vulnerable ASP pages</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-0466</cve_id>
<bugtraq_id>3808</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the vulnerable instances of Hosting Controller</summary>
<copyright>This script is Copyright (C) 2003 John Lampe</copyright>
</plugin>
<plugin id="10793">
<name>Cobalt Web Administration Server Detection</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Cobalt Web Administration Server Detection</summary>
<copyright>This script is Copyright (C) 2001 SecuriTeam</copyright>
</plugin>
<plugin id="11201">
<name>Nortel/Bay Networks/Xylogics Annex default password</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Logs into the remote Nortel terminal server</summary>
<copyright>This script is Copyright (C) 2003 Douglas Minderhout</copyright>
</plugin>
<plugin id="11563">
<name>Oracle LINK overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id></cve_id>
<bugtraq_id>7453</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the version of the remote Database</summary>
<copyright>This script is (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10755">
<name>Microsoft Exchange Public Folders Information Leak</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id>CVE-2001-0660</cve_id>
<bugtraq_id>3301</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Microsoft Exchange Public Folders Information Leak</summary>
<copyright>This script is Copyright (C) 2001 SecuriTeam</copyright>
</plugin>
<plugin id="11381">
<name>CSCdw33027</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id>CVE-2002-1024</cve_id>
<bugtraq_id>5114</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Uses SNMP to determine if a flaw is present</summary>
<copyright>This script is (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11731">
<name>VsSetCookie.exe vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-0236</cve_id>
<bugtraq_id>3784</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the VsSetCookie.exe file</summary>
<copyright>This script is Copyright (C) 2003 John Lampe</copyright>
</plugin>
<plugin id="11011">
<name>SMB on port 445</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for openness of port 445</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10518">
<name>/doc/packages directory browsable ?</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-1016</cve_id>
<bugtraq_id>1707</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Is /doc/packages browseable ?</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11417">
<name>MyAbraCadaWeb Cross Site Scripting</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7126, 7127</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determine if a remote host is vulnerable to xss attack</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11209">
<name>Apache < 2.0.44 DOS device name</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id>CAN-2003-0016</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for version of Apache</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11007">
<name>ActiveState Perl directory traversal</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Determines if ActivePerl is vulnerable</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11776">
<name>Carello detection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of carello.dll</summary>
<copyright>This script is Copyright (C) 2003 Michel Arboi</copyright>
</plugin>
<plugin id="10400">
<name>SMB accessible registry</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-1999-0562</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Determines whether the remote registry is accessible</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10376">
<name>htimage.exe overflow</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2000-0256</cve_id>
<bugtraq_id>1117</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Is htimage.exe vulnerable to a buffer overflow ?</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10287">
<name>Traceroute</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>traceroute</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10932">
<name>IIS .HTR ISAPI filter applied</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2002-0071</cve_id>
<bugtraq_id>4474</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Tests for IIS .htr ISAPI filter</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10101">
<name>Home Free search.cgi directory traversal</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2000-0054</cve_id>
<bugtraq_id>921</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Attempts GET /cgi-bin/search.cgi?\\..\\..\\file.txt</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10009">
<name>AIX FTPd buffer overflow</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CVE-1999-0789</cve_id>
<bugtraq_id>679</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Checks if the remote FTPd can be buffer overflown</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11673">
<name>Remote PC Access Server Detection</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for the presence PC Anywhere</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10006">
<name>PC Anywhere</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for the presence PC Anywhere</summary>
<copyright>This script is Copyright (C) 1999 Mathieu Perrin</copyright>
</plugin>
<plugin id="11533">
<name>Web Wiz Site News database disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for news.mdb</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11402">
<name>iPlanet Application Server Detection</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>None</risk>
<summary>Sun ONE Application Server detection</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10075">
<name>FormHandler.cgi</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-1999-1051</cve_id>
<bugtraq_id>799</bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Attempts to read /etc/passwd</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10249">
<name>EXPN and VRFY commands</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id>CAN-1999-0531</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>EXPN and VRFY checks</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10364">
<name>netscape publishingXpert 2 PSUser problem</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-1196</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks if /PSUser/PSCOErrPage.htm reads any file</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10742">
<name>Amanda Index Server version</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Amanda Index Server version</summary>
<copyright>This script is Copyright (C) 2001 SecuriTeam</copyright>
</plugin>
<plugin id="10716">
<name>OmniPro HTTPd 2.08 scripts source full disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>2788</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Check the presence of OmniPro HTTPd 2.08 scripts source disclosure.</summary>
<copyright>INTRANODE - 2001</copyright>
</plugin>
<plugin id="10296">
<name>w3-msql overflow</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0012</cve_id>
<bugtraq_id>898</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Overflow in w3-msql</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11709">
<name>SmartFTP Overflow</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines the presence of SmartFTP</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10342">
<name>Check for VNC</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for VNC</summary>
<copyright>This script is Copyright (C) 2000 Patrick Naubert</copyright>
</plugin>
<plugin id="10758">
<name>Check for VNC HTTP</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Detects the presence of VNC HTTP</summary>
<copyright>This script is Copyright (C) 2001 Alert4Web.com</copyright>
</plugin>
<plugin id="10319">
<name>wu-ftpd SITE NEWER vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CVE-1999-0880</cve_id>
<bugtraq_id></bugtraq_id>
<category>mixed</category>
<risk>Medium</risk>
<summary>Checks if the remote FTP server accepts the SITE NEWER command</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11080">
<name>poprelayd & sendmail authentication problem</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id>CVE-2001-1075</cve_id>
<bugtraq_id>2986</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks if the remote mail server can be used as a spam relay</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="11398">
<name>Samba Fragment Reassembly Overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CAN-2003-0085, CAN-2003-0086</cve_id>
<bugtraq_id>7106, 7107</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>checks samba version</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11215">
<name>Flaw in SMB Signing Could Enable Group Policy to be Modified (329170)</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2002-1256</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for MS Hotfix 329170</summary>
<copyright>This script is Copyright (C) 2003 SECNAP Network Security</copyright>
</plugin>
<plugin id="11276">
<name>CuteNews code injection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Checks for the presence of search.php</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11611">
<name>counter.php file overwrite</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Determine if counter.php is present</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11288">
<name>CSCdu15622</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id>CAN-2002-1093</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Uses SNMP to determine if a flaw is present</summary>
<copyright>This script is (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10357">
<name>RDS / MDAC Vulnerability (msadcs.dll) located</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-1011</cve_id>
<bugtraq_id>529</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines the presence of msadcs.dll</summary>
<copyright>This script is Copyright (C) 2000 Roelof Temmingh <roelof@sensepost.com></copyright>
</plugin>
<plugin id="11679">
<name>VisNetic and Titan FTP Server traversal</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id></cve_id>
<bugtraq_id>7718</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Attempts to break out of the FTP root</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11178">
<name>Unchecked Buffer in PPTP Implementation Could Enable DOS Attacks (Q329834)</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2002-1214</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for MS Hotfix Q329834, Unchecked Buffer in PPTP DOS</summary>
<copyright>This script is Copyright (C) 2002 SECNAP Network Security, LLC</copyright>
</plugin>
<plugin id="11327">
<name>Nortel Baystack switch password test</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Logs into the remote Nortel terminal server</summary>
<copyright>This script is Copyright (C) 2003 Douglas Minderhout</copyright>
</plugin>
<plugin id="10061">
<name>Echo port open</name>
<version>$Revision: 1.2 $</version>
<family>Useless services</family>
<cve_id>CVE-1999-0103</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks if the 'echo' port is open</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11548">
<name>bttlxeForum SQL injection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Uses a SQL query as a password</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10575">
<name>Check for IIS .cnf file leakage</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>4078</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Check for existence of world-readable .cnf files</summary>
<copyright>By John Lampe....j_lampe@bellsouth.net</copyright>
</plugin>
<plugin id="10325">
<name>Xtramail pop3 overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CAN-1999-1511</cve_id>
<bugtraq_id>791</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Attempts to overflow the in.pop3d buffers</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10900">
<name>Users information : Passwords never expires</name>
<version>$Revision: 1.2 $</version>
<family>Windows : User management</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Lists the users that never logged in</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11350">
<name>Sendmail ETRN command DOS</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id>CVE-1999-1109</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks the version number</summary>
<copyright>This script is Copyright (C) 2003 Xue Yong Zhi</copyright>
</plugin>
<plugin id="11476">
<name>DCP-Portal Code Injection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>6525</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Determine if DCP-Portal is vulnerable to an injection attack</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11513">
<name>Solaris lpd remote command execution</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id></cve_id>
<bugtraq_id>3274</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Reads the remote password file, thanks to lpd</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11058">
<name>rusersd output</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id>CVE-1999-0626</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>WARNING: no 'Risk Factor' found !</risk>
<summary>Checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11748">
<name>Various dangerous cgi scripts </name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-1999-1072, CAN-2002-0749, CAN-2001-0135, CAN-2002-0955, CAN-2001-0562, CAN-2002-0346, CVE-2000-0923, CVE-2001-0123</cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Checks for dangerous cgi scripts</summary>
<copyright>This script is Copyright (C) 2003 John Lampe</copyright>
</plugin>
<plugin id="11624">
<name>SHOUTcast Server logfiles XSS</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>SHOUTcast Server DoS detector vulnerability</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10609">
<name>empower cgi path</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-0224</cve_id>
<bugtraq_id>2374</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Attempts to find the location of the remote web root</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10854">
<name>Oracle 9iAS mod_plsql directory traversal</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-1217</cve_id>
<bugtraq_id>3727</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Tests for Oracle9iAS mod_plsql directory traversal</summary>
<copyright>This script is Copyright (C) 2002 Matt Moore</copyright>
</plugin>
<plugin id="10235">
<name>statd service</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id>CVE-1999-0018, CVE-1999-0019, CVE-1999-0493</cve_id>
<bugtraq_id>127, 450</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11278">
<name>Quicktime/Darwin Remote Admin Exploit</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id>CAN-2003-0050, CAN-2003-0051, CAN-2003-0052, CAN-2003-0053, CAN-2003-0054, CAN-2003-0055</cve_id>
<bugtraq_id>6954, 6955, 6956, 6957, 6958, 6960, 6990</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks Quicktime/Darwin server for parse_xml.cgi</summary>
<copyright>This script is Copyright (C) 2003 Michael Scheidell</copyright>
</plugin>
<plugin id="10817">
<name>Interactive Story Directory Traversal Vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2001-0804</cve_id>
<bugtraq_id>3028</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/story.pl</summary>
<copyright>This script is Copyright (C) 2001 Alert4Web.com</copyright>
</plugin>
<plugin id="11410">
<name>Notes detection</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Determine if a remote host is Domino</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11064">
<name>BadBlue invalid null byte vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-1021</cve_id>
<bugtraq_id>5226</bugtraq_id>
<category>attack</category>
<risk>Medium</risk>
<summary>Read BadBlue protected configuration file</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="11111">
<name>rpcinfo -p</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>None</risk>
<summary>Dumps all the registered RPC</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="11485">
<name>Flaw in RPC Endpoint Mapper (MS03-010)</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2002-1561</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for hotfix Q331953</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11274">
<name>WihPhoto file reading</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Checks for the presence of remotehtmlview.php</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10462">
<name>Amanda client version</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Detect Amanda client version</summary>
<copyright>This script is Copyright (C) 2000 Paul J. Ewing Jr.</copyright>
</plugin>
<plugin id="10512">
<name>YaBB</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0853</cve_id>
<bugtraq_id>1668</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/YaBB.pl</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11259">
<name>Unpassworded StoogR account</name>
<version>$Revision: 1.2 $</version>
<family>Default Unix Accounts</family>
<cve_id>CAN-1999-0502</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Logs into the remote host</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11204">
<name>Apache Tomcat Default Accounts</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Apache Tomcat Default Accounts</summary>
<copyright>This script is Copyright (C) 2003 Digital Defense Inc.</copyright>
</plugin>
<plugin id="11277">
<name>clarkconnectd detection</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id>6934</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>clarkconnectd detection</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11301">
<name>Unchecked buffer in MDAC Function</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2002-0695</cve_id>
<bugtraq_id>5372</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks the version of MDAC</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10100">
<name>Handler</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-0148</cve_id>
<bugtraq_id>380</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/handler</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10295">
<name>OmniHTTPd visadmin exploit</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-1999-0970</cve_id>
<bugtraq_id>1808</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for the visadmin.exe cgi</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11227">
<name>Oracle 9iAS SOAP Default Configuration Vulnerability </name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2001-1371</cve_id>
<bugtraq_id>4289</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Tests for Oracle9iAS default SOAP installation</summary>
<copyright>This script is Copyright (C) 2003 Javier Fernandez-Sanguino</copyright>
</plugin>
<plugin id="11352">
<name>Sendmail Parsing Redirection DOS</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id>CVE-1999-0393</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the version number</summary>
<copyright>This script is Copyright (C) 2003 Xue Yong Zhi</copyright>
</plugin>
<plugin id="10092">
<name>FTP Server type and version</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>FTP Server type and version</summary>
<copyright>This script is Copyright (C) 1999 SecuriTeam</copyright>
</plugin>
<plugin id="11361">
<name>Mambo Site Server Cookie Validation</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>6926</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the presence of Mambo's flaw</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11484">
<name>apcupsd overflows</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CVE-2001-0040, CAN-2003-0098, CAN-2003-0099</cve_id>
<bugtraq_id>2070, 6828, 7200</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the version of apcupsd</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11586">
<name>FileMakerPro Detection</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id></cve_id>
<bugtraq_id>7315</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>connects to port 49727 and says 'hello'</summary>
<copyright>This script is (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10763">
<name>Detect the HTTP RPC endpoint mapper</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Detect http-rpc-epmap</summary>
<copyright>This script is Copyright (C) 2001 Alert4Web.com</copyright>
</plugin>
<plugin id="10465">
<name>CVSWeb 1.80 gives a shell to cvs committers</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0670</cve_id>
<bugtraq_id>1469</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks if CVSWeb is present and gets its version</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10975">
<name>CSCdp35794</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id>CVE-2000-0700</cve_id>
<bugtraq_id>1541</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Uses SNMP to determine if a flaw is present</summary>
<copyright>This script is (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11438">
<name>Apache Tomcat Directory Listing and File disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2003-0042</cve_id>
<bugtraq_id>6721</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Apache Tomcat Directory listing and File Disclosure Bugs</summary>
<copyright>This script is Copyright (C) 2003 A.D.Consulting</copyright>
</plugin>
<plugin id="10441">
<name>AFS client version</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>AFS client version</summary>
<copyright>This script is Copyright (C) CERN</copyright>
</plugin>
<plugin id="11482">
<name>Post-Nuke information disclosure</name>
<version></version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Determine if a remote host is vulnerable to the opendir.php vulnerability</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10212">
<name>automountd service</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id>CVE-1999-0210, CVE-1999-0704</cve_id>
<bugtraq_id>235, 614</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11602">
<name>HappyMall Command Execution</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2003-0243</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for HappyMall</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11198">
<name>BitKeeper remote command execution</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the remote banner</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11582">
<name>TrueGalerie admin access</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7427</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>logs into the remote TrueGalerie installation</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10933">
<name>EFTP tells if a given file exists</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CAN-2001-1109</cve_id>
<bugtraq_id>3333</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>EFTP directory traversal</summary>
<copyright>This script is Copyright (C) 2001 Michel Arboi</copyright>
</plugin>
<plugin id="11375">
<name>smb2www remote command execution</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-1342</cve_id>
<bugtraq_id>6313</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>smb2www Command Execution</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11627">
<name>WebLogic clear-text passwords</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks the version of WebLogic</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11665">
<name>Apache < 2.0.46</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id>CAN-2003-0245, CAN-2003-0189</cve_id>
<bugtraq_id>7723, 7725</bugtraq_id>
<category>mixed</category>
<risk>Medium</risk>
<summary>Checks for version of Apache</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10247">
<name>Sendmail DEBUG</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id>CVE-1999-0095</cve_id>
<bugtraq_id>1</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the presence of the DEBUG mode</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10773">
<name>MacOS X Finder reveals contents of Apache Web files</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>3325</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>MacOS X Finder reveals contents of Apache Web files</summary>
<copyright>This script is Copyright (C) 2001 Matt Moore, Modified by Noam Rathaus</copyright>
</plugin>
<plugin id="11707">
<name>Bugbear.B web backdoor</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for Bugbear.B web backdoor</summary>
<copyright>This script is Copyright (C) 2003 StrongHoldNet</copyright>
</plugin>
<plugin id="10068">
<name>Finger</name>
<version>$Revision: 1.2 $</version>
<family>Useless services</family>
<cve_id>CVE-1999-0612</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for finger</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10049">
<name>Count.cgi</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-0021</cve_id>
<bugtraq_id>128</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/Count.cgi</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10250">
<name>Sendmail redirection check</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Redirection check</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11217">
<name>Microsoft's SQL Version Query</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2000-1081, CVE-2000-0202, CVE-2000-0485, CAN-2000-1087, CAN-2000-1088, CAN-2002-0982, CAN-2001-0542, CVE-2001-0344</cve_id>
<bugtraq_id>4135, 4847, 5014, 5205</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Microsoft's SQL Version Query</summary>
<copyright>This script is Copyright (C) 2003 John Lampe</copyright>
</plugin>
<plugin id="11770">
<name>myServer DoS</name>
<version>$Revision: 1.2 $</version>
<family>Denial of Service</family>
<cve_id></cve_id>
<bugtraq_id>6359, 7770, 7917, 8010, 8120</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for the presence of myServer</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11455">
<name>Passwordless frontpage installation</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Determines if the remote web server is password protected</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10269">
<name>SSH Overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id>CVE-1999-0834</cve_id>
<bugtraq_id>843</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the remote SSH version</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11135">
<name>Bugbear worm</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id>CVE-2001-0154</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Critical</risk>
<summary>Detect Bugbear worm</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi & Thomas Reinke</copyright>
</plugin>
<plugin id="11451">
<name>textcounter.pl</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>2265</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/textcounter.pl</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10737">
<name>Oracle Applications One-Hour Install Detect</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Oracle Applications One-Hour Install Detect</summary>
<copyright>This script is Copyright (C) 2001 SecuriTeam</copyright>
</plugin>
<plugin id="11347">
<name>Sendmail Local Starvation and Overflow</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id>CVE-1999-0131</cve_id>
<bugtraq_id>717</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the version number</summary>
<copyright>This script is Copyright (C) 2003 Xue Yong Zhi</copyright>
</plugin>
<plugin id="11797">
<name>IRCd OperServ Raw Join DoS</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id></cve_id>
<bugtraq_id>8131</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>checks the version of the remote ircd</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10632">
<name>Webserver file request parsing</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2000-0886</cve_id>
<bugtraq_id>1912</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Determines whether the hotfix Q277873 is installed</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10198">
<name>Quote of the day</name>
<version>$Revision: 1.2 $</version>
<family>Useless services</family>
<cve_id>CVE-1999-0103</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for the presence of qotd</summary>
<copyright>This script is Copyright (C) 1999 Mathieu Perrin</copyright>
</plugin>
<plugin id="10323">
<name>XTramail control denial</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id>CAN-1999-1511</cve_id>
<bugtraq_id>791</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Overflows the remote server</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10680">
<name>Test Microsoft IIS Source Fragment Disclosure</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id>CVE-2000-0457, CVE-2000-0630</cve_id>
<bugtraq_id>1193, 1488</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Test Microsoft IIS Source Fragment Disclosure</summary>
<copyright>This script is Copyright (C) 2001 Pedro Antonio Nieto Feijoo</copyright>
</plugin>
<plugin id="10797">
<name>ColdFusion Debug Mode</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Get ColdFusion Debug Information</summary>
<copyright>This script is Copyright (C) 2001 Felix Huber</copyright>
</plugin>
<plugin id="10889">
<name>NIDS evasion</name>
<version>$Revision: 1.2 $</version>
<family>Settings</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>settings</category>
<risk>None</risk>
<summary>NIDS evasion options</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi / Renaud Deraison</copyright>
</plugin>
<plugin id="10849">
<name>Oracle 9iAS DAD Admin interface</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Tests for presence of Oracle9iAS DAD Admin interface</summary>
<copyright>This script is Copyright (C) 2002 Matt Moore</copyright>
</plugin>
<plugin id="10965">
<name>SSH 3 AllowedAuthentication</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id></cve_id>
<bugtraq_id>4810</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for the remote SSH version</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10275">
<name>Systat</name>
<version>$Revision: 1.2 $</version>
<family>Useless services</family>
<cve_id>CVE-1999-0103</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for systat</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11481">
<name>mod_auth_any command execution</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id>CAN-2003-0084</cve_id>
<bugtraq_id>7448</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Attempts to log into the remote web server</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10475">
<name>Buffer overflow in WebSitePro webfind.exe</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0622</cve_id>
<bugtraq_id>1487</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>buffer overflow attempt</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11560">
<name>WebServer 4D GET Buffer Overflow</name>
<version>$Revision: 1.2 $</version>
<family>Denial of Service</family>
<cve_id></cve_id>
<bugtraq_id>7479</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Crashes 4D WS</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11244">
<name>Unpassworded OutOfBox account</name>
<version>$Revision: 1.2 $</version>
<family>Default Unix Accounts</family>
<cve_id>CAN-1999-0502</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Logs into the remote host</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10986">
<name>CSCdw19195</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Uses SNMP to determine if a flaw is present</summary>
<copyright>This script is (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11067">
<name>Microsoft's SQL Hello Overflow</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2002-1123</cve_id>
<bugtraq_id>5411</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Microsoft's SQL Hello Overflow</summary>
<copyright>This script is Copyright (C) 2002 Dave Aitel</copyright>
</plugin>
<plugin id="10937">
<name>IIS FrontPage ISAPI Denial of Service</name>
<version>$Revision: 1.2 $</version>
<family>Denial of Service</family>
<cve_id>CAN-1999-1376, CVE-2000-0226, CVE-2002-0072</cve_id>
<bugtraq_id>4479</bugtraq_id>
<category>mixed</category>
<risk>Medium</risk>
<summary>Tests for a DoS in IIS</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11716">
<name>Misconfigured Gnutella</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Detect sensitive files shared by Gnutella</summary>
<copyright>This script is Copyright (C) 2003 Michel Arboi</copyright>
</plugin>
<plugin id="11169">
<name>SSH setsid() vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the remote SSH version</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11642">
<name>Helix RealServer Buffer Overrun</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>RealServer and Helix Server Overflow</summary>
<copyright>This script is Copyright (C) 2003 Montgomery County Maryland Government Security Team</copyright>
</plugin>
<plugin id="10572">
<name>IIS 5.0 Sample App vulnerable to cross-site scripting attack</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>Low</risk>
<summary>IIS 5.0 Sample App vulnerable to cross-site scripting attack</summary>
<copyright>This script is Copyright (C) 2000 Matt Moore</copyright>
</plugin>
<plugin id="11261">
<name>Default password (D13HH[) for root</name>
<version>$Revision: 1.2 $</version>
<family>Default Unix Accounts</family>
<cve_id>CAN-1999-0502</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Logs into the remote host</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11199">
<name>Multiple vulnerabilities in CUPS</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id>CAN-2002-1383, CAN-2002-1366, CAN-2002-1367, CAN-2002-1368, CAN-2002-1384, CAN-2002-1369, CAN-2002-1372</cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Crashes the remote CUPS server</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10648">
<name>ftp 'glob' overflow</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CAN-2001-0247</cve_id>
<bugtraq_id>2548</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Checks if the remote ftp can be buffer overflown</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10926">
<name>IE VBScript Handling patch (Q318089)</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2002-0052</cve_id>
<bugtraq_id>4158</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines whether the IE VBScript Handling patch (Q318089) is installed</summary>
<copyright>This script is Copyright (C) 2002 Michael Scheidell</copyright>
</plugin>
<plugin id="10276">
<name>TCP Chorusing</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id>CAN-1999-1201</cve_id>
<bugtraq_id>225</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Counts the number of ACKs to a SYN</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10407">
<name>X Server</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id>CVE-1999-0526</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>An X Windows System Server is present</summary>
<copyright>This script is Copyright (C) 2000 John Jackson</copyright>
</plugin>
<plugin id="10244">
<name>ypxfrd service</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11258">
<name>Default password (glftpd) for glftpd</name>
<version>$Revision: 1.2 $</version>
<family>Default Unix Accounts</family>
<cve_id>CAN-1999-0502</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Logs into the remote host</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11710">
<name>FlashFXP Overflow</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id>7857, 7859</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines the presence of FlashFXP</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11117">
<name>phpPgAdmin arbitrary files reading</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-0479</cve_id>
<bugtraq_id>2640</bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Checks for the presence of sql.php</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10808">
<name>DoSable Oracle WebCache server</name>
<version>$Revision: 1.2 $</version>
<family>Denial of Service</family>
<cve_id>CAN-2002-0102</cve_id>
<bugtraq_id>3760</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determines via ver. the remote server can be disabled</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10004">
<name>IIS possible DoS using ExAir's search</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-0449</cve_id>
<bugtraq_id>193</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determines the presence of an ExAir asp</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10543">
<name>Lotus Domino SMTP overflow</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id>CVE-2000-1047</cve_id>
<bugtraq_id>1905</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Determines if the remote Domino server is vulnerable to a buffer overflow</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10303">
<name>WebSite pro reveals the physical file path of web directories</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2000-0066</cve_id>
<bugtraq_id>932</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Attempts to find the location of the remote web root</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11233">
<name>N/X Web Content Management code injection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>6500</bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Checks for the presence of menu.inc.php</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11003">
<name>IIS Possible Compromise</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Searches for traces of a system compromise.</summary>
<copyright>This script is Copyright (C) 2002 Digital Defense Inc.</copyright>
</plugin>
<plugin id="11617">
<name>Horde and IMP test disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks if test.php is available in Horde or IMP</summary>
<copyright>Sverre H. Huseby</copyright>
</plugin>
<plugin id="10187">
<name>Cognos Powerplay WE Vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>491</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for the ppdscgi.exe CGI</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10207">
<name>Roxen counter module</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Roxen counter module installed ?</summary>
<copyright>This script is Copyright (C) 2000 Hendrik Scholz</copyright>
</plugin>
<plugin id="10236">
<name>statmon service</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10611">
<name>pals-cgi</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-0216</cve_id>
<bugtraq_id>2372</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/pals-cgi</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="11207">
<name>War FTP Daemon USER/PASS Overflow</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CVE-1999-0256</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>War FTP Daemon USER/PASS Overflow</summary>
<copyright>This script is Copyright (C) 2003 Digital Defense, Inc.</copyright>
</plugin>
<plugin id="11584">
<name>webweaver FTP DoS</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id></cve_id>
<bugtraq_id>7425</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>disables the remote WebWeaver FTP server</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11530">
<name>WinAMP3 buffer overflow</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id>6515</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines the version of WinAMP</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11088">
<name>Sendmail debug mode leak</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id>CAN-2001-0715</cve_id>
<bugtraq_id>3898</bugtraq_id>
<category>infos</category>
<risk>Very</risk>
<summary>Checks the version number for 'debug mode leak'</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="11035">
<name>AnalogX SimpleServer:WWW DoS</name>
<version>$Revision: 1.2 $</version>
<family>Denial of Service</family>
<cve_id>CVE-2002-0968</cve_id>
<bugtraq_id>5006</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Crashes SimpleServer:WWW</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="11355">
<name>Buffer overflow in AIX lpd</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CAN-2001-0671</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines if lpd is running</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11711">
<name>FTP Voyager Overflow</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id>7862</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines the presence of FTP Voyager</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11294">
<name>CSCdw50657</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Uses SNMP to determine if a flaw is present</summary>
<copyright>This script is (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11243">
<name>Unpassworded 4Dgifts account</name>
<version>$Revision: 1.2 $</version>
<family>Default Unix Accounts</family>
<cve_id>CAN-1999-0502</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Logs into the remote host</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10390">
<name>mstream agent Detect</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id>CAN-2000-0138</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Critical</risk>
<summary>Detects the presence of a mstream agent</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11190">
<name>overflow.cgi detection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the presence of a CGI</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10743">
<name>Tripwire for Webpages Detection</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Tripwrite for Webpages Detect</summary>
<copyright>This script is Copyright (C) 2001 SecuriTeam</copyright>
</plugin>
<plugin id="11341">
<name>SSH1 SSH Daemon Logging Failure</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id>CAN-2001-0471</cve_id>
<bugtraq_id>2345</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the remote SSH version</summary>
<copyright>This script is Copyright (C) 2003 Xue Yong Zhi</copyright>
</plugin>
<plugin id="10284">
<name>TFS SMTP 3.2 MAIL FROM overflow</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id>CAN-1999-1516</cve_id>
<bugtraq_id></bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Overflows a buffer in the remote mail server</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10800">
<name>Obtain OS type via SNMP</name>
<version>$Revision: 1.2 $</version>
<family>SNMP</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Enumerates OS via SNMP</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="11137">
<name>Apache < 1.3.27</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id>CAN-2002-0839, CAN-2002-0840, CAN-2002-0843</cve_id>
<bugtraq_id>5847, 5884, 5995, 5996</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for version of Apache</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11094">
<name>WS FTP overflows</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CAN-2001-1021</cve_id>
<bugtraq_id></bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Attempts a buffer overflow on many commands</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="10729">
<name>Sendmail 8.11 local overflow</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id>CVE-2001-0653</cve_id>
<bugtraq_id>3163</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the version number</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10473">
<name>MiniVend Piped command</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0635</cve_id>
<bugtraq_id>1449</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the presence of /cgi-bin/simple/view_page</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11131">
<name>Sambar web server DOS</name>
<version>$Revision: 1.2 $</version>
<family>Denial of Service</family>
<cve_id>CVE-2002-0128</cve_id>
<bugtraq_id>3885</bugtraq_id>
<category>mixed</category>
<risk>Medium</risk>
<summary>Crashes Sambar web server</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="10576">
<name>Check for dangerous IIS default files</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-1999-0737</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Check for existence of viewcode.asp</summary>
<copyright>By John Lampe....j_lampe@bellsouth.net</copyright>
</plugin>
<plugin id="10516">
<name>multihtml cgi</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0912</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/multihtml.pl</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10595">
<name>DNS AXFR</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id>CAN-1999-0532</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determines if the remote name server allows zone transfers</summary>
<copyright>This script is Copyright (C) 2000 j_lampe@bellsouth.net</copyright>
</plugin>
<plugin id="11034">
<name>SMTP antivirus filter</name>
<version>$Revision: 1.2 $</version>
<family>Firewalls</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>Low</risk>
<summary>Test a SMTP antivirus filter</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="11306">
<name>Unchecked buffer in ASP.NET worker process</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2002-0369</cve_id>
<bugtraq_id>4958</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for MS Hotfix Q322289</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11686">
<name>mod_gzip format string attack</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>mod_gzip detection</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10744">
<name>VisualRoute Web Server Detection</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>VisualRoute Web Server Detect</summary>
<copyright>This script is Copyright (C) 2001 SecuriTeam</copyright>
</plugin>
<plugin id="10848">
<name>Oracle 9iAS Dynamic Monitoring Services</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-0563</cve_id>
<bugtraq_id>4293</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Tests for presence of Oracle9iAS Dynamic Monitoring Services</summary>
<copyright>This script is Copyright (C) 2002 Matt Moore</copyright>
</plugin>
<plugin id="11781">
<name>iXmail arbitrary file upload</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>8046, 8048</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for iXMail</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10440">
<name>Check for Apache Multiple / vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id>CVE-2000-0505</cve_id>
<bugtraq_id>1284</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Send multiple /'s to Windows Apache Server</summary>
<copyright>By John Lampe....j_lampe@bellsouth.net</copyright>
</plugin>
<plugin id="11237">
<name>php 4.3.0</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2003-0097</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for version of PHP</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11780">
<name>mailreader.com directory traversal and arbitrary command execution</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>6055, 6058, 5393</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Checks directory traversal & version number of mailreader.com software</summary>
<copyright>(C) Michel Arboi 2003</copyright>
</plugin>
<plugin id="10675">
<name>CheckPoint Firewall-1 Telnet Authentication Detection</name>
<version>$Revision: 1.2 $</version>
<family>Firewalls</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>The remote CheckPoint Firewall-1 can be accessed via a telnet interface</summary>
<copyright>This script is Copyright (C) 2001 SecuriTeam</copyright>
</plugin>
<plugin id="10129">
<name>INN version check</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CVE-1999-0705, CVE-1999-0043, CVE-1999-0247</cve_id>
<bugtraq_id>616</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks INN version</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11105">
<name>ARCserve hidden share</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2001-0960</cve_id>
<bugtraq_id>3343</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Connects to ARCSERVE$</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10185">
<name>POP3 Server type and version</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>POP3 Server type and version</summary>
<copyright>This script is Copyright (C) 1999 SecuriTeam</copyright>
</plugin>
<plugin id="11706">
<name>Spyke Flaws</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for the presence of info.dat</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10238">
<name>tfsd service</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10424">
<name>NAI Management Agent leaks info</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id>CVE-2000-0448</cve_id>
<bugtraq_id>1253</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Determines if the remote NAI WebShield SMTP Management trusts us</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10104">
<name>HP LaserJet direct print</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id>CAN-1999-1062</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks if lpd is useless</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11738">
<name>RADIUS server detection</name>
<version>$Revision: 1.2 $</version>
<family>Firewalls</family>
<cve_id>CAN-2001-1377, CAN-2000-0321, CAN-2001-0534, CAN-2001-1081, CAN-2001-1376, CAN-2001-1377</cve_id>
<bugtraq_id>7892, 5103, 4230, 3530, 3529, 2994, 2989, 2991, 6261, 3532</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Detect a radius server</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10815">
<name>Web Server Cross Site Scripting</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id>5305, 7353, 7344, 8037</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determine if the remote host is vulnerable to Cross Site Scripting vulnerability</summary>
<copyright>(c) 2001 SecuriTeam, modified by Chris Sullo and Andrew Hintz</copyright>
</plugin>
<plugin id="10722">
<name>LDAP allows null bases</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Check for LDAP null base</summary>
<copyright>By John Lampe....j_lampe@bellsouth.net</copyright>
</plugin>
<plugin id="11509">
<name>GTcatalog password disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Checks for the presence of password.inc</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11050">
<name>php 4.2.x malformed POST </name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-0986</cve_id>
<bugtraq_id>5278</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Checks for version of PHP</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10668">
<name>Malformed request to index server</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2001-0244, CVE-2001-0245</cve_id>
<bugtraq_id>2709</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Determines whether the hotfixes Q294472 and Q296185 are installed</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10570">
<name>Unify eWave ServletExec 3.0C file upload</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-1024</cve_id>
<bugtraq_id>1876</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Unify eWave ServletExec 3.0C file upload</summary>
<copyright>This script is Copyright (C) 2000 Matt Moore</copyright>
</plugin>
<plugin id="10740">
<name>SiteScope Web Managegment Server Detect</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>SiteScope Web Management Server Detect</summary>
<copyright>This script is Copyright (C) 2001 SecuriTeam</copyright>
</plugin>
<plugin id="11768">
<name>proftpd mod_sql injection</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id></cve_id>
<bugtraq_id>7974</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Performs a SQL insertion</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11413">
<name>Unchecked Buffer in ntdll.dll (Q815021)</name>
<version></version>
<family>Windows</family>
<cve_id>CAN-2003-0109</cve_id>
<bugtraq_id>7116</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for MS Hotfix Q815021 non-intrusively</summary>
<copyright>This script is Copyright (C) 2003 Trevor Hemsley</copyright>
</plugin>
<plugin id="11448">
<name>Siteframe Cross Site Scripting Bugs</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7140, 7143</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determine if Siteframe is vulnerable to xss attack</summary>
<copyright>This script is Copyright (C) 2003 k-otik.com</copyright>
</plugin>
<plugin id="10908">
<name>Users in the Domain Admin group</name>
<version>$Revision: 1.2 $</version>
<family>Windows : User management</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Lists the users that are in special groups</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10489">
<name>AnalogX web server traversal</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0664</cve_id>
<bugtraq_id>1508</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>%2E%2E/%2E%2E/file.txt</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11037">
<name>WEB-INF folder accessible</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>5119</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Tests for WEB-INF folder access</summary>
<copyright>This script is Copyright (C) 2002 Matt Moore</copyright>
</plugin>
<plugin id="11490">
<name>D-Link DSL Broadband Modem</name>
<version>$Revision: 1.2 $</version>
<family>SNMP</family>
<cve_id></cve_id>
<bugtraq_id>7212</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Enumerates user and password via SNMP</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11329">
<name>The remote host is infected by a virus</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the presence of different virii on the remote host</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10913">
<name>Local users information : disabled accounts</name>
<version>$Revision: 1.2 $</version>
<family>Windows : User management</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Lists the local users that have special privileges</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10443">
<name>Predictable TCP sequence number</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id>CVE-1999-0077</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>TCP SEQ</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10685">
<name>IIS ISAPI Overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CVE-2001-0544, CVE-2001-0545, CVE-2001-0506, CVE-2001-0507, CVE-2001-0508, CVE-2001-0500</cve_id>
<bugtraq_id>2690, 3190, 3194, 3195</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Tests for a remote buffer overflow in IIS</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10343">
<name>MySQLs accepts any password</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id>CVE-2000-0148</cve_id>
<bugtraq_id>975</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the remote MySQL version</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10667">
<name>IIS 5.0 PROPFIND Vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>Denial of Service</family>
<cve_id>CVE-2001-0151</cve_id>
<bugtraq_id>2453</bugtraq_id>
<category>mixed</category>
<risk>Serious</risk>
<summary>Attempts to crash the Microsoft IIS server</summary>
<copyright>This script is Copyright (C) 2001 John Lampe</copyright>
</plugin>
<plugin id="10971">
<name>GSR ICMP unreachable</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id>CVE-2001-0861, CVE-2001-0862, CVE-2001-0863, CVE-2001-0864, CVE-2001-0865, CVE-2001-0866, CVE-2001-0867</cve_id>
<bugtraq_id>3534, 3535, 3536, 3537, 3538, 3539, 3540</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Uses SNMP to determine if a flaw is present</summary>
<copyright>This script is (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10485">
<name>Service Control Manager Named Pipe Impersonation patch</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2000-0737</cve_id>
<bugtraq_id>1535</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determines whether the hotfix Q269523 is installed</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11394">
<name>Lotus Domino XSS</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2001-1161</cve_id>
<bugtraq_id>2962</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for Lotus Domino XSS</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11615">
<name>ttforum multiple flaws</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7543, 7542</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines if ttforum is vulnerable to code injection</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10938">
<name>Apache Remote Command Execution via .bat files</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2002-0061</cve_id>
<bugtraq_id>4335</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Tests for presence of Apache Command Execution via .bat vulnerability</summary>
<copyright>This script is Copyright (C) 2002 Matt Moore</copyright>
</plugin>
<plugin id="10919">
<name>Check open ports</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>unknown</category>
<risk>None</risk>
<summary>Check if ports are still open</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="11262">
<name>Default password (D13hh[) for root</name>
<version>$Revision: 1.2 $</version>
<family>Default Unix Accounts</family>
<cve_id>CAN-1999-0502</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Logs into the remote host</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10786">
<name>Samba Remote Arbitrary File Creation</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CVE-2001-1162</cve_id>
<bugtraq_id>2928</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>checks samba version</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="11411">
<name>Backup CGIs download</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>WARNING: no 'Risk Factor' found !</risk>
<summary>Attempts to download the remote CGIs</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11494">
<name>l2tpd DoS</name>
<version>$Revision: 1.2 $</version>
<family>Denial of Service</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Determines the version of the remote l2tpd or crashes it</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11746">
<name>AspUpload vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-0938</cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Checks for the AspUpload software</summary>
<copyright>This script is Copyright (C) 2003 John Lampe</copyright>
</plugin>
<plugin id="10801">
<name>IMP Session Hijacking Bug</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2001-0857</cve_id>
<bugtraq_id>3525</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks IMP version</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10714">
<name>Default password router Zyxel</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id>CAN-1999-0571</cve_id>
<bugtraq_id>3161</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Logs into the router Zyxel</summary>
<copyright>This script is Copyright (C) 2001 Giovanni Fiaschi</copyright>
</plugin>
<plugin id="10873">
<name>GroupWise Web Interface 'HTMLVER' hole</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-0341</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>GroupWise Web Interface 'HTMLVER' hole</summary>
<copyright>This script is Copyright (C) 2002 SecurITeam</copyright>
</plugin>
<plugin id="11305">
<name>Proxy accepts gopher:// requests</name>
<version>$Revision: 1.2 $</version>
<family>Firewalls</family>
<cve_id>CAN-2002-0371</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Determines if we can use the remote web proxy to do gopher requests</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11229">
<name>phpinfo.php</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for the presence of phpinfo.php</summary>
<copyright>This script is Copyright (C) 2003 Randy Matz</copyright>
</plugin>
<plugin id="11753">
<name>SquirrelMail's Multiple Flaws</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7952</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Determine if squirrelmail reads arbitrary files</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10928">
<name>EFTP buffer overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CAN-2001-1112</cve_id>
<bugtraq_id>3330</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>EFTP buffer overflow</summary>
<copyright>This script is Copyright (C) 2001 Michel Arboi</copyright>
</plugin>
<plugin id="11443">
<name>Microsoft IIS UNC Mapped Virtual Host Vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0246</cve_id>
<bugtraq_id>1081</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks IIS for .ASP/.HTR backslash vulnerability.</summary>
<copyright></copyright>
</plugin>
<plugin id="10231">
<name>selection service</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10807">
<name>Jakarta Tomcat Path Disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2000-0759</cve_id>
<bugtraq_id>1531</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Tests for Tomcat Path Disclosure Vulnerability</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10040">
<name>cgitest.exe buffer overrun</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2002-0128</cve_id>
<bugtraq_id>3885</bugtraq_id>
<category>mixed</category>
<risk>Serious</risk>
<summary>Checks for the /cgi-bin/cgitest.exe buffer overrun</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10562">
<name>Master Index directory traversal vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0924</cve_id>
<bugtraq_id>1772</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Attempts GET /cgi-bin/search/search.cgi?keys=*&prc=any&catigory=../../../../etc</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10147">
<name>A Nessus Daemon is running</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>A Nessus Daemon is running</summary>
<copyright>This script is Copyright (C) 1999 SecuriTeam</copyright>
</plugin>
<plugin id="10215">
<name>etherstatd service</name>
<version>$Revision: 1.2 $</version>
<family>RPC</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>checks the presence of a RPC service</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10978">
<name>CSCds66191</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id>CVE-2001-0041</cve_id>
<bugtraq_id>2072</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Uses SNMP to determine if a flaw is present</summary>
<copyright>This script is (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10897">
<name>Users information : disabled accounts</name>
<version>$Revision: 1.2 $</version>
<family>Windows : User management</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Lists the users that have special privileges</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10246">
<name>Sambar Web Server CGI scripts</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2000-0213</cve_id>
<bugtraq_id>1002</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the presence of /cgi-bin/{hello,echo}.bat</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10972">
<name>Multiple SSH vulnerabilities</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id>CAN-2001-0572</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Uses SNMP to determine if a flaw is present</summary>
<copyright>This script is (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11268">
<name>OS fingerprint</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id>CAN-1999-0454</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>None</risk>
<summary>Performs OS recognition</summary>
<copyright>Nmap is (C) Fyodor - <fyodor@insecure.org> / Plugin-ified by Xueyong Zhi <zhi@mail.eecis.udel.edu></copyright>
</plugin>
<plugin id="10641">
<name>mailnews.cgi</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-0271</cve_id>
<bugtraq_id>2391</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of mailnews.cgi</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10088">
<name>Writeable FTP root</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CAN-1999-0527</cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Attempts to write on the remote root dir</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10391">
<name>mstream handler Detect</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id>CAN-2000-0138</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Critical</risk>
<summary>Detects the presence of a mstream agent</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11793">
<name>Apache < 1.3.28</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id>8226</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for version of Apache</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10333">
<name>Linux TFTP get file</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id>CVE-1999-0183</cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Attempts to grab a via through a bug in some versions of tftp</summary>
<copyright>no copyright</copyright>
</plugin>
<plugin id="10456">
<name>SMB enum services</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Enumerates the list of remote services</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10149">
<name>NetBeans Java IDE</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id>CAN-1999-1527</cve_id>
<bugtraq_id>816</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>determines whether the remote root directory is browseable</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11104">
<name>Directory Manager's edit_image.php</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2001-1020</cve_id>
<bugtraq_id>3288</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Detects edit_image.php</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11585">
<name>Sambar Transmits Passwords in PlainText</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Makes sure that Sambar runs on top of SSL</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10506">
<name>calendar_admin.pl</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0432</cve_id>
<bugtraq_id>1215</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/calendar_admin.pl</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10946">
<name>Gnutella servent detection</name>
<version>$Revision: 1.2 $</version>
<family>Peer-To-Peer File Sharing</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Detect Gnutella servent</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="10953">
<name>Authentication bypassing in Lotus Domino</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>4022</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks if Lotus Domino databases can be accessed by by-passing the required authentication</summary>
<copyright>This script is Copyright (C) 2002 Davy Van De Moere</copyright>
</plugin>
<plugin id="11421">
<name>smtpscan</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>None</risk>
<summary>SMTP server fingerprinting</summary>
<copyright>smtpscan was written by Julien Bordet. Michel Arboi converted it to NASL</copyright>
</plugin>
<plugin id="11240">
<name>Unpassworded guest account</name>
<version>$Revision: 1.2 $</version>
<family>Default Unix Accounts</family>
<cve_id>CAN-1999-0502</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Logs into the remote host</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11432">
<name>Yahoo!Messenger is installed</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-2002-0320, CAN-2002-0321, CAN-2002-0031, CVE-2002-0032, CAN-2002-0322</cve_id>
<bugtraq_id>2299, 4162, 4163, 4164, 4173, 4837, 4838, 5579, 6121</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Determines if Yahoo!Messenger is installed</summary>
<copyright>This script is Copyright (C) 2003 Xue Yong Zhi</copyright>
</plugin>
<plugin id="10202">
<name>remwatch</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CAN-1999-0246</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Executes 'id' thanks to remwatch</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11008">
<name>PHP4 Physical Path Disclosure Vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-0249</cve_id>
<bugtraq_id>4056</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Tests for PHP4 Physical Path Disclosure Vulnerability</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11079">
<name>Snapstream PVS web directory traversal</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2001-1108</cve_id>
<bugtraq_id>3100</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Snapstream web directory traversal</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="10201">
<name>Relative IP Identification number change</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Relative IP Identification number change</summary>
<copyright>This script is Copyright (C) 1999 SecuriTeam</copyright>
</plugin>
<plugin id="11123">
<name>radmin detection</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Detect radmin</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="11734">
<name>Argosoft DoS</name>
<version>$Revision: 1.2 $</version>
<family>Denial of Service</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Bad HTTP request</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10036">
<name>CDK Detect</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id>CAN-1999-0660</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Critical</risk>
<summary>Detects the presence of CDK</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11160">
<name>Windows Administrator NULL FTP password</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for a NULL Windows Administrator FTP password</summary>
<copyright>This script is Copyright (C) 2002 Keith Young</copyright>
</plugin>
<plugin id="11546">
<name>Xeneo web server %A DoS</name>
<version>$Revision: 1.2 $</version>
<family>Denial of Service</family>
<cve_id>CAN-2002-1248</cve_id>
<bugtraq_id></bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Crashes Xeneo web server with /%A or /%</summary>
<copyright>This script is Copyright (C) 2003 Michel Arboi</copyright>
</plugin>
<plugin id="11536">
<name>Super Guestbook config disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7319</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for superguestconfig</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10646">
<name>Lion worm</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Critical</risk>
<summary>Determines the presence of Lion</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10707">
<name>McAfee myCIO detection</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>McAfee myCIO detection</summary>
<copyright>This script is Copyright (C) 2001 SecuriTeam</copyright>
</plugin>
<plugin id="11599">
<name>Ocean12 Database Download</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7328</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for Ocean12 guestbook</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11739">
<name>pmachine code injection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7919</bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Checks for the presence of lib.inc.php</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10262">
<name>Mail relaying</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id>CAN-1999-0512</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks if the remote mail server can be used as a spam relay</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10457">
<name>The alerter service is running</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-1999-0630</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for the presence of the alerter service</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11666">
<name>Post-Nuke information disclosure (2)</name>
<version></version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Determine if a remote host is vulnerable to the opendir.php vulnerability</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10728">
<name>Determine if Bind 9 is running</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Determine which version of BIND name daemon is running</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10459">
<name>Poll It v2.0 cgi</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0590</cve_id>
<bugtraq_id>1431</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/pollit/Poll_It_SSI_v2.0.cgi</summary>
<copyright>This script is Copyright (C) 2000 Thomas Reinke</copyright>
</plugin>
<plugin id="11701">
<name>hpux ftpd RETR vulnerability</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Checks if the remote ftp sanitizes the RETR command</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11600">
<name>NetCharts Server Default Password</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>NetCharts Server Default Password</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11357">
<name>NFS cd ..</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id>CVE-1999-0166</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the NFS .. attack</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11487">
<name>Advanced Poll info.php</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7171</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for the presence of info.php</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11293">
<name>CSCdx07754, CSCdx24622, CSCdx24632</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Uses SNMP to determine if a flaw is present</summary>
<copyright>This script is (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11580">
<name>UDP packets with source port of 53 bypass firewall rules</name>
<version>$Revision: 1.2 $</version>
<family>Firewalls</family>
<cve_id></cve_id>
<bugtraq_id>7436</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>By-passes the remote firewall rules</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11290">
<name>CSCdu82823</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Uses SNMP to determine if a flaw is present</summary>
<copyright>This script is (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10867">
<name>php POST file uploads</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2002-0081</cve_id>
<bugtraq_id>4183</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Checks for version of PHP</summary>
<copyright>This script is Copyright (C) 2002 Thomas Reinke</copyright>
</plugin>
<plugin id="10803">
<name>Redhat Stronghold File System Disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-0868</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Redhat Stronghold File System Disclosure</summary>
<copyright>This script is Copyright (C) 2001 Felix Huber</copyright>
</plugin>
<plugin id="11577">
<name>MDaemon IMAP CREATE overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id></cve_id>
<bugtraq_id>7446</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines the version number of the remote IMAP server</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11719">
<name>admin.cgi overflow</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2002-0199</cve_id>
<bugtraq_id>3934</bugtraq_id>
<category>mixed</category>
<risk>Serious</risk>
<summary>Overflows admin.cgi</summary>
<copyright>This script is Copyright (C) 2003 Michel Arboi</copyright>
</plugin>
<plugin id="11610">
<name>testcgi.exe Cross Site Scripting</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7214</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Determine if testcgi.exe is vulnerable to xss</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11335">
<name>mibiisa overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CAN-2002-0797, CAN-2002-0796</cve_id>
<bugtraq_id>4933, 4932</bugtraq_id>
<category>infos</category>
<risk>WARNING: no 'Risk Factor' found !</risk>
<summary>Checks for the presence of mibiisa</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11016">
<name>xtux server detection</name>
<version>$Revision: 1.2 $</version>
<family>Useless services</family>
<cve_id>CVE-2002-0431</cve_id>
<bugtraq_id>4260</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Detect xtux server</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="11348">
<name>Sendmail long debug local overflow</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id>CVE-1999-1309</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the version number</summary>
<copyright>This script is Copyright (C) 2003 Xue Yong Zhi</copyright>
</plugin>
<plugin id="11767">
<name>SQL injection in phpBB</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7979</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>SQL Injection</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10537">
<name>IIS directory traversal</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0884</cve_id>
<bugtraq_id>1806</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines if arbitrary commands can be executed thanks to IIS</summary>
<copyright>This script is Copyright (C) 2001 H D Moore</copyright>
</plugin>
<plugin id="11561">
<name>scriptlogic logging share</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id>7476</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Connects to LOG$</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10285">
<name>thttpd 2.04 buffer overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CVE-2000-0359</cve_id>
<bugtraq_id>1248</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>thttpd buffer overflow</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10569">
<name>Zope Image updating Method</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0062</cve_id>
<bugtraq_id>922</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for Zope</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11223">
<name>Oracle 9iAS access to SOAP documentation</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Tries to retrieve Oracle9iAS SOAP documentation</summary>
<copyright>This script is Copyright (C) 2003 Javier Fernandez-Sanguino</copyright>
</plugin>
<plugin id="10082">
<name>FTPd tells if a user exists</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>CWD ~root</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10904">
<name>Users in the 'Backup Operator' group</name>
<version>$Revision: 1.2 $</version>
<family>Windows : User management</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Lists the users that are in special groups</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10719">
<name>MySQL Server version</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>MySQL Server version</summary>
<copyright>This script is Copyright (C) 2001 SecuriTeam</copyright>
</plugin>
<plugin id="10833">
<name>dtspcd overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CVE-2001-0803</cve_id>
<bugtraq_id>3517</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines if dtspcd is running</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10083">
<name>FTP CWD ~root</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CVE-1999-0082</cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Attempts to get root privileges</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11651">
<name>Batalla Naval Overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Checks if the remote Battala Server can be overflown</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10492">
<name>IIS IDA/IDQ Path Disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2000-0071</cve_id>
<bugtraq_id>1065</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Determines IIS IDA/IDQ Path Reveal vulnerability</summary>
<copyright>This script is Copyright (C) 2000 Filipe Custodio</copyright>
</plugin>
<plugin id="10699">
<name>IIS FrontPage DoS II</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CVE-2001-0341</cve_id>
<bugtraq_id>2906</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Attempts to overflow the fp30reg.dll dll</summary>
<copyright>This script is Copyright (C) 2001 John Lampe</copyright>
</plugin>
<plugin id="10410">
<name>ICEcap default password</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CVE-2000-0350</cve_id>
<bugtraq_id>1216</bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>logs into the remote ICEcap subsystem</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10530">
<name>Passwordless Alcatel ADSL Modem</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Logs into the remote Alcatel ADSL modem</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10536">
<name>Anaconda remote file retrieval</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id>CVE-2000-0975</cve_id>
<bugtraq_id>2338</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Anaconda Foundation Directory remote file retrieval</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11271">
<name>IMail account hijack</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for version of IMail web interface</summary>
<copyright>Copyright (C) 2003 Michel Arboi</copyright>
</plugin>
<plugin id="11762">
<name>StoneGate client authentication detection</name>
<version>$Revision: 1.2 $</version>
<family>Firewalls</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Check for StoneGate firewall client authentication prompt</summary>
<copyright>This script is Copyright (C) 2003 it.sec/Holger Heimann</copyright>
</plugin>
<plugin id="10078">
<name>Microsoft Frontpage 'authors' exploits</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for the presence of Microsoft Frontpage extensions</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11597">
<name>Snitz Forums 2000 Password Reset and XSS </name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7381, 7922, 7925</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Determine if Snitz forums is vulnerable to xss attack</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10291">
<name>uploader.exe</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-0177</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-win/uploader.exe</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10458">
<name>The messenger service is running</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-1999-0630</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for the presence of the messenger service</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10110">
<name>iChat</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id>CVE-1999-0897</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines if iChat is vulnerable to a stupid bug</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11102">
<name>Awol code injection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2001-1048</cve_id>
<bugtraq_id>3387</bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Checks for the presence of includes/awol-condensed.inc.php</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11124">
<name>mldonkey telnet</name>
<version>$Revision: 1.2 $</version>
<family>Peer-To-Peer File Sharing</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Detect mldonkey telnet interface</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="10012">
<name>Alibaba 2.0 buffer overflow</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CAN-2000-0626</cve_id>
<bugtraq_id>1482</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Alibaba buffer overflow</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11426">
<name>Kazaa is installed</name>
<version>$Revision: 1.2 $</version>
<family>Peer-To-Peer File Sharing</family>
<cve_id>CAN-2002-0314, CAN-2002-0315</cve_id>
<bugtraq_id>3135, 4121, 4122, 5317, 6435, 6747</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Determines if Kazaa is installed</summary>
<copyright>This script is Copyright (C) 2003 Xue Yong Zhi</copyright>
</plugin>
<plugin id="11500">
<name>Beanwebb's guestbook</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7232, 7231</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for the presence of admin.php</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10947">
<name>mod_python handle abuse</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2002-0185</cve_id>
<bugtraq_id>4656</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for version of Python</summary>
<copyright>This script is Copyright (C) 2002 Thomas Reinke</copyright>
</plugin>
<plugin id="10076">
<name>formmail.pl</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-0172</cve_id>
<bugtraq_id>2079</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/formmail.pl</summary>
<copyright>This script is Copyright (C) 1999 Mathieu Perrin</copyright>
</plugin>
<plugin id="11667">
<name>b2 cafelog code injection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2002-0734</cve_id>
<bugtraq_id>4673, 7738, 7782, 7783, 7786</bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Checks for the presence of gm-2-b2.php</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11087">
<name>Sendmail queue manipulation & destruction</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id>CAN-2001-0714</cve_id>
<bugtraq_id>3378</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks the version number for 'queue destruction'</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="10495">
<name>htgrep</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2000-0832</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/htgrep</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11053">
<name>IMC SMTP EHLO Buffer Overrun</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id>CVE-2002-0698</cve_id>
<bugtraq_id>5306</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks to see if remote IMC SMTP version is vulnerable to buffer overflow</summary>
<copyright>This script is Copyright (C) 2002 SECNAP Network Security, LLC</copyright>
</plugin>
<plugin id="10403">
<name>DBMan CGI server information leakage</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0381</cve_id>
<bugtraq_id>1178</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks if webplus reads local files</summary>
<copyright>This script is Copyright (C) 2000 SecuriTeam</copyright>
</plugin>
<plugin id="10386">
<name>No 404 check</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>WARNING: no 'Risk Factor' found !</risk>
<summary>Checks if the remote webserver issues 404 errors</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10557">
<name>WebShield</name>
<version>$Revision: 1.2 $</version>
<family>Denial of Service</family>
<cve_id>CVE-2000-0738, CAN-2000-1130</cve_id>
<bugtraq_id>1589, 1993</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the remote banner</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11522">
<name>Linksys Router default password</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Tests for the linksys default account</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11074">
<name>OfficeScan configuration file disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>3438</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for the presence of /officescan/hotdownload/ofscan.ini</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="11604">
<name>BEA WebLogic Scripts Server scripts Source Disclosure (3)</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0683</cve_id>
<bugtraq_id>1517</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>BEA WebLogic may be tricked into revealing the source code of JSP scripts.</summary>
<copyright>This script is (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11302">
<name>Cumulative patch for Windows Media Player</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2002-0372, CVE-2002-0373, CAN-2002-0615</cve_id>
<bugtraq_id>5107, 5109, 5110</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks the version of Media Player</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11042">
<name>Apache Tomcat DOS Device Name XSS</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>5194</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Tests for Apache Tomcat DOS Device name XSS Bug</summary>
<copyright>This script is Copyright (C) 2002 Matt Moore</copyright>
</plugin>
<plugin id="11694">
<name>P-Synch multiple issues</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7740, 7745, 7747</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>P-Synch issues</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11313">
<name>MCMS : Buffer overflow in Profile Service</name>
<version>$Revision: 1.2 $</version>
<family>Gain a shell remotely</family>
<cve_id>CAN-2002-0620, CVE-2002-0621, CVE-2002-0622, CVE-2002-0623, CVE-2002-0050</cve_id>
<bugtraq_id></bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Checks for the presence of MCMS</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10373">
<name>TalentSoft Web+ version detection</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Get the version of Web+ CGI</summary>
<copyright>This script is Copyright (C) 2000 SecuriTeam</copyright>
</plugin>
<plugin id="11093">
<name>EFTP installation directory disclosure </name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CAN-2001-1109</cve_id>
<bugtraq_id>3333</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>EFTP installation directory disclosure</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="11720">
<name>S-HTTP detection</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks if the web server accepts the Secure method</summary>
<copyright>This script is Copyright (C) 2003 Michel Arboi</copyright>
</plugin>
<plugin id="11539">
<name>NB1300 router default FTP account</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id></cve_id>
<bugtraq_id>7359</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for admin/password</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10359">
<name>ctss.idc check</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /scripts/tools/ctss.idc</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10828">
<name>SysV /bin/login buffer overflow (rlogin)</name>
<version>$Revision: 1.2 $</version>
<family>Gain root remotely</family>
<cve_id>CVE-2001-0797</cve_id>
<bugtraq_id>3681</bugtraq_id>
<category>attack</category>
<risk>High</risk>
<summary>Attempts to overflow /bin/login</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10542">
<name>UltraSeek 3.1.x Remote DoS</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-1019</cve_id>
<bugtraq_id>1866</bugtraq_id>
<category>mixed</category>
<risk>Serious</risk>
<summary>Hangs the remote UltraSeek server for some time</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11400">
<name>texi.exe information disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>7105</bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for texis.exe</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10491">
<name>ASP/ASA source using Microsoft Translate f: bug</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0778</cve_id>
<bugtraq_id>1578</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>downloads the source of IIS scripts such as ASA,ASP</summary>
<copyright>This script is Copyright (C) 2000 Alexander Strouk</copyright>
</plugin>
<plugin id="11263">
<name>Default password (lrkr0x) for gamez</name>
<version>$Revision: 1.2 $</version>
<family>Default Unix Accounts</family>
<cve_id>CAN-1999-0502</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Logs into the remote host</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10316">
<name>WinSATAN</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the presence of WinSATAN</summary>
<copyright>This script is Copyright (C) 2000 Julio César Hernández</copyright>
</plugin>
<plugin id="10168">
<name>Detect talkd server port and protocol version</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id>CVE-1999-0048</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Detect talkd server port and protocol version</summary>
<copyright>This script is Copyright (C) 2000 SecuriTeam</copyright>
</plugin>
<plugin id="11570">
<name>MDaemon DELE DoS</name>
<version>$Revision: 1.2 $</version>
<family>Denial of Service</family>
<cve_id>CAN-2002-1539</cve_id>
<bugtraq_id>6053</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines the version number of the remote POP server</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10980">
<name>CSCdt62732</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id>CVE-2001-0429</cve_id>
<bugtraq_id>2604</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Uses SNMP to determine if a flaw is present</summary>
<copyright>This script is (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11386">
<name>Lotus Domino 6.0 vulnerabilities</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id></cve_id>
<bugtraq_id>6870, 6871</bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Checks for the version of the remote Domino Server</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11407">
<name>proftpd 1.2.0rc2 format string vuln</name>
<version>$Revision: 1.2 $</version>
<family>FTP</family>
<cve_id>CVE-2001-0318</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks if the version of the remote proftpd</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="11655">
<name>D-Link router overflow</name>
<version>$Revision: 1.2 $</version>
<family>Denial of Service</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks the firmware version of the remote D-Link router</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11363">
<name>Gupta SQLBase EXECUTE buffer overflow</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id></cve_id>
<bugtraq_id>6808</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Determines the version of the remote Gupta SQLBase server</summary>
<copyright>This script is Copyright (C) 2003 Renaud Deraison</copyright>
</plugin>
<plugin id="10982">
<name>CSCdt93866</name>
<version>$Revision: 1.2 $</version>
<family>CISCO</family>
<cve_id>CVE-2001-0414</cve_id>
<bugtraq_id>2540</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Uses SNMP to determine if a flaw is present</summary>
<copyright>This script is (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="11203">
<name>Motorola Vanguard with No Password</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>WARNING: no 'Risk Factor' found !</risk>
<summary>Attempts to log into Vanguards.</summary>
<copyright>This script is Copyright (C) 2003 Digital Defense</copyright>
</plugin>
<plugin id="11044">
<name>ICECast FileSystem disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id>5189</bugtraq_id>
<category>attack</category>
<risk>Low</risk>
<summary>Determines if the error code is the same when requesting inexisting and existing dirs</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10750">
<name>phpMyExplorer dir traversal</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-1168</cve_id>
<bugtraq_id>3266</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>phpMyExplorer dir traversal</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10863">
<name>SSL ciphers</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>WARNING: no 'Risk Factor' found !</risk>
<summary>checks the server certificate and available SSLv2 ciphers</summary>
<copyright>(C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="10566">
<name>mmstdod.cgi</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2001-0021</cve_id>
<bugtraq_id>2063</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/mmstdod.cgi</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11029">
<name>Windows RAS overflow (Q318138)</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2002-0366</cve_id>
<bugtraq_id>4852</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for MS Hotfix Q318138, Elevated Privilege</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
<plugin id="10995">
<name>Sun JavaServer Default Admin Password</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Sun JavaServer Default Admin Password</summary>
<copyright>This script is Copyright (C) 2002 Digital Defense Inc.</copyright>
</plugin>
<plugin id="10417">
<name>Sambar /cgi-bin/mailit.pl installed ?</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>attack</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/mailit</summary>
<copyright>This script is Copyright (C) 2000 Hendrik Scholz</copyright>
</plugin>
<plugin id="10263">
<name>SMTP Server type and version</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>SMTP Server type and version</summary>
<copyright>This script is Copyright (C) 1999 SecuriTeam</copyright>
</plugin>
<plugin id="10144">
<name>Microsoft SQL TCP/IP listener is running</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CAN-1999-0652</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Microsoft's SQL TCP/IP listener is running</summary>
<copyright>This script is Copyright (C) 2003 Nicolas Gregoire</copyright>
</plugin>
<plugin id="11712">
<name>OpenSSH Reverse DNS Lookup bypass</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id>CAN-2003-0386</cve_id>
<bugtraq_id>7831</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks for the remote SSH version</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10477">
<name>Tomcat's /admin is world readable</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-2000-0672</cve_id>
<bugtraq_id>1548</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /admin</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="10759">
<name>Content-Location HTTP Header</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id>CAN-2000-0649</cve_id>
<bugtraq_id>1499</bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Checks if the NAT expose internal IP address</summary>
<copyright>This script is Copyright (C) 2001 Alert4Web.com</copyright>
</plugin>
<plugin id="10321">
<name>wwwboard passwd.txt</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CVE-1999-0953</cve_id>
<bugtraq_id>649</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the presence of /wwwboard/passwd.txt</summary>
<copyright>This script is Copyright (C) 1999 Jonathan Provencher</copyright>
</plugin>
<plugin id="10835">
<name>Unchecked Buffer in XP upnp</name>
<version>$Revision: 1.2 $</version>
<family>Windows</family>
<cve_id>CVE-2001-0876</cve_id>
<bugtraq_id>3723</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Determines whether the hotfix Q315000 is installed</summary>
<copyright>This script is Copyright (C) 2002 Michael Scheidell</copyright>
</plugin>
<plugin id="10045">
<name>Cisco 675 passwordless router</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id>CVE-1999-0889</cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Logs into the remote CISCO router</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10071">
<name>Finger cgi</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/finger</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="11695">
<name>Pi3Web Webserver v2.0 Denial of Service</name>
<version>$Revision: 1.2 $</version>
<family>Denial of Service</family>
<cve_id>CAN-2003-0276</cve_id>
<bugtraq_id></bugtraq_id>
<category>mixed</category>
<risk>High</risk>
<summary>Tests for a DoS in Pi3Web</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="11156">
<name>IRC daemon identification</name>
<version>$Revision: 1.2 $</version>
<family>General</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>None</risk>
<summary>IRCD version</summary>
<copyright>This script is Copyright (C) 2002 Michel Arboi</copyright>
</plugin>
<plugin id="10775">
<name>E-Shopping Cart Arbitrary Command Execution (WebDiscount)</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-1014</cve_id>
<bugtraq_id>3340</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>E-Shopping Cart Arbitrary Command Execution (WebDiscount)</summary>
<copyright>This script is Copyright (C) 2001 SecuriTeam</copyright>
</plugin>
<plugin id="10141">
<name>MetaInfo servers</name>
<version>$Revision: 1.2 $</version>
<family>Remote file access</family>
<cve_id></cve_id>
<bugtraq_id>110</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Read everything using '../' in the URL</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10703">
<name>SMTP Authentication Error</name>
<version>$Revision: 1.2 $</version>
<family>SMTP problems</family>
<cve_id>CVE-2001-0504</cve_id>
<bugtraq_id>2988</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks if the remote mail server can be used as a spam relay</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10484">
<name>Read any file thanks to ~nobody/</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /~nobody/etc/passwd</summary>
<copyright>This script is Copyright (C) 2000 Renaud Deraison</copyright>
</plugin>
<plugin id="11754">
<name>List of printers is available through CUPS</name>
<version>$Revision: 1.2 $</version>
<family>Misc.</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Obtains the list of printers on the remote host</summary>
<copyright>This script is Copyright (C) 2003 Tenable Network Security</copyright>
</plugin>
<plugin id="10577">
<name>Check for bdir.htr files</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Check for existence of bdir.htr</summary>
<copyright>By John Lampe....j_lampe@bellsouth.net</copyright>
</plugin>
<plugin id="10612">
<name>commerce.cgi</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-0210</cve_id>
<bugtraq_id>2361</bugtraq_id>
<category>infos</category>
<risk>Serious</risk>
<summary>Checks for the presence of /cgi-bin/commerce.cgi</summary>
<copyright>This script is Copyright (C) 2001 Renaud Deraison</copyright>
</plugin>
<plugin id="10794">
<name>PC Anywhere TCP</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Medium</risk>
<summary>Checks for the presence PC Anywhere</summary>
<copyright>This script is Copyright (C) 2001 Alert4Web.com</copyright>
</plugin>
<plugin id="11747">
<name>TrendMicro Emanager software check</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id>CAN-2001-0958</cve_id>
<bugtraq_id>3327</bugtraq_id>
<category>attack</category>
<risk>Medium</risk>
<summary>Check for certain TrendMicro dlls</summary>
<copyright>This script is Copyright (C) 2003 John Lampe</copyright>
</plugin>
<plugin id="10151">
<name>NetBus 1.x</name>
<version>$Revision: 1.2 $</version>
<family>Backdoors</family>
<cve_id>CAN-1999-0660</cve_id>
<bugtraq_id>7538</bugtraq_id>
<category>infos</category>
<risk>High</risk>
<summary>Checks for the presence of NetBus 1.x</summary>
<copyright>This script is Copyright (C) 1999 Renaud Deraison</copyright>
</plugin>
<plugin id="10843">
<name>ASP.NET path disclosure</name>
<version>$Revision: 1.2 $</version>
<family>CGI abuses</family>
<cve_id></cve_id>
<bugtraq_id></bugtraq_id>
<category>infos</category>
<risk>Low</risk>
<summary>Tests for ASP.NET Path Disclosure Vulnerability</summary>
<copyright>This script is Copyright (C) 2002 Renaud Deraison</copyright>
</plugin>
</plugins>
<results>
<result>
<host name="192.168.4.49" ip="192.168.4.49"/>
<date>
<error txt="No scan dates."/>
</date>
<ports>
<port protocol="tcp" portid="80">
<service name="www" method="nessus" conf="3" />
<information>
<severity>Security Hole</severity>
<id>11412</id>
<data>
The remote WebDAV server may be vulnerable to a buffer overflow when
it receives a too long request.
An attacker may use this flaw to execute arbitrary code within the
LocalSystem security context.
*** As safe checks are enabled, Nessus did not actually test for this
*** flaw, so this might be a false positive
Solution : See http://www.microsoft.com/technet/security/bulletin/ms03-007.asp
Risk Factor : High
CVE : CAN-2003-0109
BID : 7116
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10937</id>
<data>
The IIS server appears to have the .SHTML ISAPI filter mapped.
At least one remote vulnerability has been discovered for the
.SHTML filter. This is detailed in Microsoft Advisory MS02-018
and results in a denial of service access to the web server.
It is recommended that even if you have patched this vulnerability that
you unmap the .SHTML extension, and any other unused ISAPI extensions
if they are not required for the operation of your site.
An attacker may use this flaw to prevent the remote service
from working properly.
*** Nessus reports this vulnerability using only
*** information that was gathered. Use caution
*** when testing without safe checks enabled
Solution: See
http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
and/or unmap the shtml/shtm isapi filters.
To unmap the .shtml extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .shtml/shtm and sht from the list.
Risk factor : Medium
CVE : CAN-1999-1376, CVE-2000-0226, CVE-2002-0072
BID : 4479
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>11412</id>
<data>
The remote WebDAV server may be vulnerable to a buffer overflow when
it receives a too long request.
An attacker may use this flaw to execute arbitrary code within the
LocalSystem security context.
*** As safe checks are enabled, Nessus did not actually test for this
*** flaw, so this might be a false positive
Solution : See http://www.microsoft.com/technet/security/bulletin/ms03-007.asp
Risk Factor : High
CVE : CAN-2003-0109
BID : 7116
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10937</id>
<data>
The IIS server appears to have the .SHTML ISAPI filter mapped.
At least one remote vulnerability has been discovered for the
.SHTML filter. This is detailed in Microsoft Advisory MS02-018
and results in a denial of service access to the web server.
It is recommended that even if you have patched this vulnerability that
you unmap the .SHTML extension, and any other unused ISAPI extensions
if they are not required for the operation of your site.
An attacker may use this flaw to prevent the remote service
from working properly.
*** Nessus reports this vulnerability using only
*** information that was gathered. Use caution
*** when testing without safe checks enabled
Solution: See
http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
and/or unmap the shtml/shtm isapi filters.
To unmap the .shtml extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .shtml/shtm and sht from the list.
Risk factor : Medium
CVE : CAN-1999-1376, CVE-2000-0226, CVE-2002-0072
BID : 4479
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10077</id>
<data>
The remote web server appears to be running with the Frontpage extensions.
You should double check the configuration since a lot of security problems
have been found with FrontPage when the configuration file is not well set up.
Risk factor : High if your configuration file is not well set up
CVE : CAN-2000-0114
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10077</id>
<data>
The remote frontpage server may leak information on the anonymous user
By knowing the name of the anonymous user, more sophisticated attacks may be launched
Check the following data for any potential leaks:
method=open service:3.0.2.1105
<p>status=
<ul>
<li>status=917505
<li>osstatus=0
<li>msg=The user 'IUSR_AZHQ_SUPERSCOUT' is not authorized to execute the 'open service' method.
<li>osmsg=
</ul>
</body>
</html>
1
CVE : CAN-2000-0114
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10077</id>
<data>
The remote web server appears to be running with the Frontpage extensions.
You should double check the configuration since a lot of security problems
have been found with FrontPage when the configuration file is not well set up.
Risk factor : High if your configuration file is not well set up
CVE : CAN-2000-0114
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10077</id>
<data>
The remote frontpage server may leak information on the anonymous user
By knowing the name of the anonymous user, more sophisticated attacks may be launched
Check the following data for any potential leaks:
method=open service:3.0.2.1105
<p>status=
<ul>
<li>status=917505
<li>osstatus=0
<li>msg=The user 'IUSR_AZHQ_SUPERSCOUT' is not authorized to execute the 'open service' method.
<li>osmsg=
</ul>
</body>
</html>
1
CVE : CAN-2000-0114
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>11311</id>
<data>
The remote host has FrontPage Server Extensions (FPSE) installed.
There is a denial of service / buffer overflow condition
in the program 'shtml.exe' which comes with it. However,
no public detail has been given regarding this issue yet,
so it's not possible to remotely determine if you are
vulnerable to this flaw or not.
If you are, an attacker may use it to crash your web server
(FPSE 2000) or execute arbitrary code (FPSE 2002). Please
see the Microsoft Security Bulletin MS02-053 to determine
if you are vulnerable or not.
*** Nessus did not actually check for this flaw, so this
*** might be a false positive
Solution : See http://www.microsoft.com/technet/security/bulletin/ms02-053.asp
Risk factor : High
CVE : CAN-2002-0692
BID : 5804
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>11311</id>
<data>
The remote host has FrontPage Server Extensions (FPSE) installed.
There is a denial of service / buffer overflow condition
in the program 'shtml.exe' which comes with it. However,
no public detail has been given regarding this issue yet,
so it's not possible to remotely determine if you are
vulnerable to this flaw or not.
If you are, an attacker may use it to crash your web server
(FPSE 2000) or execute arbitrary code (FPSE 2002). Please
see the Microsoft Security Bulletin MS02-053 to determine
if you are vulnerable or not.
*** Nessus did not actually check for this flaw, so this
*** might be a false positive
Solution : See http://www.microsoft.com/technet/security/bulletin/ms02-053.asp
Risk factor : High
CVE : CAN-2002-0692
BID : 5804
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>11422</id>
<data>
The remote web server seems to have its default welcome page set.
It probably means that this server is not used at all.
Solution : Disable this service, as you do not use it
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>11422</id>
<data>
The remote web server seems to have its default welcome page set.
It probably means that this server is not used at all.
Solution : Disable this service, as you do not use it
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10661</id>
<data>
IIS 5 has support for the Internet Printing Protocol(IPP), which is
enabled in a default install. The protocol is implemented in IIS5 as an
ISAPI extension. At least one security problem (a buffer overflow)
has been found with that extension in the past, so we recommend
you disable it if you do not use this functionality.
Solution:
To unmap the .printer extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .printer from the list.
Reference : http://online.securityfocus.com/archive/1/181109
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10661</id>
<data>
IIS 5 has support for the Internet Printing Protocol(IPP), which is
enabled in a default install. The protocol is implemented in IIS5 as an
ISAPI extension. At least one security problem (a buffer overflow)
has been found with that extension in the past, so we recommend
you disable it if you do not use this functionality.
Solution:
To unmap the .printer extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .printer from the list.
Reference : http://online.securityfocus.com/archive/1/181109
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>11213</id>
<data>
Your webserver supports the TRACE and/or TRACK methods. It has been
shown that servers supporting this method are subject
to cross-site-scripting attacks, dubbed XST for
'Cross-Site-Tracing', when used in conjunction with
various weaknesses in browsers.
An attacker may use this flaw to trick your
legitimate web users to give him their
credentials.
Solution: Disable these methods.
If you are using Apache, add the following lines for each virtual
host in your configuration file :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
If you are using Microsoft IIS, use the URLScan tool to deny HTTP TRACE
requests or to permit only the methods needed to meet site requirements
and policy.
See http://www.whitehatsec.com/press_releases/WH-PR-20030120.pdf
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0035.html
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>11424</id>
<data>
The remote server is running with WebDAV enabled.
WebDAV is an industry standard extension to the HTTP specification.
It adds a capability for authorized users to remotely add and manage
the content of a web server.
If you do not use this extension, you should disable it.
Solution : If you use IIS, refer to Microsoft KB article Q241520
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10864</id>
<data>
Here is the nikto report:
---------------------------------------------------------------------------
- Nikto 1.30/1.07 - www.cirt.net
+ Target IP: 192.168.4.49
+ Target Hostname: xyhq_superscout.example.net
+ Target Port: 80
+ Start Time: Wed Jul 23 16:42:13 2003
---------------------------------------------------------------------------
- Scan is dependent on "Server" string which can be faked, use -g to override
+ Server: Microsoft-IIS/5.0
+ Allowed HTTP Methods: OPTIONS, TRACE, GET, HEAD, COPY, PROPFIND, SEARCH, LOCK, UNLOCK
+ HTTP method 'PROPFIND' may indicate DAV/WebDAV is installed. This may allow DAV authorized users to consume system memory via large requests or fill disk quotas.
+ HTTP method 'TRACE' may allow client XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details.
+ Microsoft-IIS/5.0 is outdated if server is Win2000 (4.0 is current for NT 4)
+ / - TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACE)
+ / - TRACK option ('TRACE' alias) appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACK)
+ /blahb.ida - Reveals physical path. To fix: Preferences -> Home directory -> Application & check 'Check if file exists' for the ISAPI mappings. MS01-033. (GET)
+ /blahb.idq - Reveals physical path. To fix: Preferences -> Home directory -> Application & check 'Check if file exists' for the ISAPI mappings. MS01-033. (GET)
+ /xxxxxxxxxxabcd.html - The IIS server may be vulnerable to Cross Site Scripting (XSS) in error messages, ensure Q319733 is installed, see MS02-018, CVE-2002-0075, SNS-49, CA-2002-09 (GET)
+ /xxxxx.htw - Server may be vulnerable to a Webhits.dll arbitrary file retrieval. Ensure Q252463i, Q252463a or Q251170 is installed. MS00-006. (GET)
+ /NULL.printer - Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain admin privileges via a long print request that is passed to the extension through IIS 5.0. EEYE-AD20010501, CVE-2001-0241, MS01-023, CA-2001-10, BID 2674 (GET)
+ /scripts/samples/search/qfullhit.htw - Server may be vulnerable to a Webhits.dll arbitrary file retrieval. MS00-006. (GET)
+ /scripts/samples/search/qsumrhit.htw - Server may be vulnerable to a Webhits.dll arbitrary file retrieval. MS00-006. (GET)
+ /whatever.htr - Reveals physical path. htr files may also be vulnerable to an off-by-one overflow that allows remote command execution (see MS02-018) (GET)
+ /_vti_bin/fpcount.exe - Frontpage counter CGI has been found. FP Server version 97 allows remote users to execute arbitrary system commands, though a vulnerability in this version could not be confirmed. (GET)
+ /_vti_bin/shtml.dll/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611 - Gives info about server settings. CAN-2000-0413, CAN-2000-0709, CAN-2000-0710, BID-1608, BID-1174. (POST)
+ /_vti_bin/shtml.exe - Attackers may be able to crash FrontPage by requesting a DOS device, like shtml.exe/aux.htm -- a DoS was not attempted. CAN-2000-0413, CAN-2000-0709, CAN-2000-0710, BID-1608, BID-1174. (GET)
+ /_vti_bin/shtml.exe/_vti_rpc - FrontPage may be installed. (GET)
+ /_vti_bin/shtml.exe/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611 - Gives info about server settings. CAN-2000-0413, CAN-2000-0709, CAN-2000-0710, BID-1608, BID-1174. (POST)
+ /_vti_bin/_vti_aut/author.dll?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=f+ /_vti_bin/_vti_aut/author.exe?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=f+ /_vti_inf.html - FrontPage may be installed. (GET)
+ 1825 items checked - 16 items found on remote host
+ End Time: Wed Jul 23 16:42:32 2003 (19 seconds)
---------------------------------------------------------------------------
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>11213</id>
<data>
Your webserver supports the TRACE and/or TRACK methods. It has been
shown that servers supporting this method are subject
to cross-site-scripting attacks, dubbed XST for
'Cross-Site-Tracing', when used in conjunction with
various weaknesses in browsers.
An attacker may use this flaw to trick your
legitimate web users to give him their
credentials.
Solution: Disable these methods.
If you are using Apache, add the following lines for each virtual
host in your configuration file :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
If you are using Microsoft IIS, use the URLScan tool to deny HTTP TRACE
requests or to permit only the methods needed to meet site requirements
and policy.
See http://www.whitehatsec.com/press_releases/WH-PR-20030120.pdf
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0035.html
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10864</id>
<data>
Here is the nikto report:
---------------------------------------------------------------------------
- Nikto 1.30/1.07 - www.cirt.net
+ Target IP: 192.168.4.49
+ Target Hostname: xyhq_superscout.example.net
+ Target Port: 80
+ Start Time: Wed Jul 23 16:41:51 2003
---------------------------------------------------------------------------
- Scan is dependent on "Server" string which can be faked, use -g to override
+ Server: Microsoft-IIS/5.0
+ Allowed HTTP Methods: OPTIONS, TRACE, GET, HEAD, COPY, PROPFIND, SEARCH, LOCK, UNLOCK
+ HTTP method 'PROPFIND' may indicate DAV/WebDAV is installed. This may allow DAV authorized users to consume system memory via large requests or fill disk quotas.
+ HTTP method 'TRACE' may allow client XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details.
+ Microsoft-IIS/5.0 is outdated if server is Win2000 (4.0 is current for NT 4)
+ / - TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACE)
+ / - TRACK option ('TRACE' alias) appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACK)
+ /blahb.ida - Reveals physical path. To fix: Preferences -> Home directory -> Application & check 'Check if file exists' for the ISAPI mappings. MS01-033. (GET)
+ /blahb.idq - Reveals physical path. To fix: Preferences -> Home directory -> Application & check 'Check if file exists' for the ISAPI mappings. MS01-033. (GET)
+ /xxxxxxxxxxabcd.html - The IIS server may be vulnerable to Cross Site Scripting (XSS) in error messages, ensure Q319733 is installed, see MS02-018, CVE-2002-0075, SNS-49, CA-2002-09 (GET)
+ /xxxxx.htw - Server may be vulnerable to a Webhits.dll arbitrary file retrieval. Ensure Q252463i, Q252463a or Q251170 is installed. MS00-006. (GET)
+ /NULL.printer - Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain admin privileges via a long print request that is passed to the extension through IIS 5.0. EEYE-AD20010501, CVE-2001-0241, MS01-023, CA-2001-10, BID 2674 (GET)
+ /scripts/samples/search/qfullhit.htw - Server may be vulnerable to a Webhits.dll arbitrary file retrieval. MS00-006. (GET)
+ /scripts/samples/search/qsumrhit.htw - Server may be vulnerable to a Webhits.dll arbitrary file retrieval. MS00-006. (GET)
+ /whatever.htr - Reveals physical path. htr files may also be vulnerable to an off-by-one overflow that allows remote command execution (see MS02-018) (GET)
+ /_vti_bin/fpcount.exe - Frontpage counter CGI has been found. FP Server version 97 allows remote users to execute arbitrary system commands, though a vulnerability in this version could not be confirmed. (GET)
+ /_vti_bin/shtml.dll/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611 - Gives info about server settings. CAN-2000-0413, CAN-2000-0709, CAN-2000-0710, BID-1608, BID-1174. (POST)
+ /_vti_bin/shtml.exe - Attackers may be able to crash FrontPage by requesting a DOS device, like shtml.exe/aux.htm -- a DoS was not attempted. CAN-2000-0413, CAN-2000-0709, CAN-2000-0710, BID-1608, BID-1174. (GET)
+ /_vti_bin/shtml.exe/_vti_rpc - FrontPage may be installed. (GET)
+ /_vti_bin/shtml.exe/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611 - Gives info about server settings. CAN-2000-0413, CAN-2000-0709, CAN-2000-0710, BID-1608, BID-1174. (POST)
+ /_vti_bin/_vti_aut/author.dll?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=f+ /_vti_bin/_vti_aut/author.exe?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=f+ /_vti_inf.html - FrontPage may be installed. (GET)
+ 1825 items checked - 16 items found on remote host
+ End Time: Wed Jul 23 16:42:13 2003 (22 seconds)
---------------------------------------------------------------------------
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>11424</id>
<data>
The remote server is running with WebDAV enabled.
WebDAV is an industry standard extension to the HTTP specification.
It adds a capability for authorized users to remotely add and manage
the content of a web server.
If you do not use this extension, you should disable it.
Solution : If you use IIS, refer to Microsoft KB article Q241520
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10695</id>
<data>
The IIS server appears to have the .IDA ISAPI filter mapped.
At least one remote vulnerability has been discovered for the .IDA
(indexing service) filter. This is detailed in Microsoft Advisory
MS01-033, and gives remote SYSTEM level access to the web server.
It is recommended that even if you have patched this vulnerability that
you unmap the .IDA extension, and any other unused ISAPI extensions
if they are not required for the operation of your site.
Solution:
To unmap the .IDA extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .ida from the list.
Risk factor : Medium
CVE : CVE-2001-0500
BID : 2880
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10695</id>
<data>
The IIS server appears to have the .IDA ISAPI filter mapped.
At least one remote vulnerability has been discovered for the .IDA
(indexing service) filter. This is detailed in Microsoft Advisory
MS01-033, and gives remote SYSTEM level access to the web server.
It is recommended that even if you have patched this vulnerability that
you unmap the .IDA extension, and any other unused ISAPI extensions
if they are not required for the operation of your site.
Solution:
To unmap the .IDA extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .ida from the list.
Risk factor : Medium
CVE : CVE-2001-0500
BID : 2880
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10932</id>
<data>
The IIS server appears to have the .HTR ISAPI filter mapped.
At least one remote vulnerability has been discovered for the .HTR
filter. This is detailed in Microsoft Advisory
MS02-018, and gives remote SYSTEM level access to the web server.
It is recommended that even if you have patched this vulnerability that
you unmap the .HTR extension, and any other unused ISAPI extensions
if they are not required for the operation of your site.
Solution :
To unmap the .HTR extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .htr from the list.
Risk factor : High
CVE : CVE-2002-0071
BID : 4474
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10932</id>
<data>
The IIS server appears to have the .HTR ISAPI filter mapped.
At least one remote vulnerability has been discovered for the .HTR
filter. This is detailed in Microsoft Advisory
MS02-018, and gives remote SYSTEM level access to the web server.
It is recommended that even if you have patched this vulnerability that
you unmap the .HTR extension, and any other unused ISAPI extensions
if they are not required for the operation of your site.
Solution :
To unmap the .HTR extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .htr from the list.
Risk factor : High
CVE : CVE-2002-0071
BID : 4474
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10107</id>
<data>
The remote web server type is :
Microsoft-IIS/5.0
Solution : You can use urlscan to change reported server for IIS.
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11032</id>
<data>
The following directories were discovered:
/_vti_bin, /images
The following directories require authentication:
/printers
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10107</id>
<data>
The remote web server type is :
Microsoft-IIS/5.0
Solution : You can use urlscan to change reported server for IIS.
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
A web server is running on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11032</id>
<data>
The following directories were discovered:
/_vti_bin, /images
The following directories require authentication:
/printers
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
A web server is running on this port
</data>
</information>
</port>
<port protocol="udp" portid="7938">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port
</data>
</information>
</port>
<port protocol="tcp" portid="7938">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port
</data>
</information>
</port>
<port protocol="tcp" portid="7937">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #390113 version 1 is running on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #390113 version 1 is running on this port
</data>
</information>
</port>
<port protocol="udp" portid="1073">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: bfa951d1-2f0e-11d3-bfd1-00c04fa3490a, version 1
Endpoint: ncadg_ip_udp:192.168.4.49[1073]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: bfa951d1-2f0e-11d3-bfd1-00c04fa3490a, version 1
Endpoint: ncadg_ip_udp:192.168.4.49[1073]
</data>
</information>
</port>
<port protocol="tcp" portid="1070">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 82ad4280-036b-11cf-972c-00aa006887b0, version 2
Endpoint: ncacn_ip_tcp:192.168.4.49[1070]
UUID: 8cfb5d70-31a4-11cf-a7d8-00805f48a135, version 3
Endpoint: ncacn_ip_tcp:192.168.4.49[1070]
UUID: bfa951d1-2f0e-11d3-bfd1-00c04fa3490a, version 1
Endpoint: ncacn_ip_tcp:192.168.4.49[1070]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 82ad4280-036b-11cf-972c-00aa006887b0, version 2
Endpoint: ncacn_ip_tcp:192.168.4.49[1070]
UUID: 8cfb5d70-31a4-11cf-a7d8-00805f48a135, version 3
Endpoint: ncacn_ip_tcp:192.168.4.49[1070]
UUID: bfa951d1-2f0e-11d3-bfd1-00c04fa3490a, version 1
Endpoint: ncacn_ip_tcp:192.168.4.49[1070]
</data>
</information>
</port>
<port protocol="tcp" portid="1048">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1
Endpoint: ncacn_ip_tcp:192.168.4.49[1048]
UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1
Endpoint: ncacn_ip_tcp:192.168.4.49[1048]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1
Endpoint: ncacn_ip_tcp:192.168.4.49[1048]
UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1
Endpoint: ncacn_ip_tcp:192.168.4.49[1048]
</data>
</information>
</port>
<port protocol="udp" portid="1047">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1
Endpoint: ncadg_ip_udp:192.168.4.49[1047]
Annotation: Messenger Service
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1
Endpoint: ncadg_ip_udp:192.168.4.49[1047]
Annotation: Messenger Service
</data>
</information>
</port>
<port protocol="tcp" portid="1046">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.49[1046]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.49[1046]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.49[1046]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.49[1046]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.49[1046]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.49[1046]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.49[1046]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.49[1046]
</data>
</information>
</port>
<port protocol="tcp" portid="111">
<service name="sunrpc" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10223</id>
<data>
The RPC portmapper is running on this port.
An attacker may use it to enumerate your list
of RPC services. We recommend you filter traffic
going to this port.
Risk factor : Low
CVE : CAN-1999-0632, CVE-1999-0189
BID : 205
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10223</id>
<data>
The RPC portmapper is running on this port.
An attacker may use it to enumerate your list
of RPC services. We recommend you filter traffic
going to this port.
Risk factor : Low
CVE : CAN-1999-0632, CVE-1999-0189
BID : 205
</data>
</information>
</port>
<port protocol="udp" portid="161">
<service name="snmp" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10551</id>
<data>
It was possible to obtain the list of network interfaces of the
remote host via SNMP :
. MS TCP Loopback interface
. Intel 8255x-based Integrated Fast Ethernet
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10551</id>
<data>
It was possible to obtain the list of network interfaces of the
remote host via SNMP :
. MS TCP Loopback interface
. Intel 8255x-based Integrated Fast Ethernet
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10548</id>
<data>
It was possible to obtain the list of Lanman shares of the
remote host via SNMP :
. SurfControlArchive
. C:SurfControlArch
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10548</id>
<data>
It was possible to obtain the list of Lanman shares of the
remote host via SNMP :
. SurfControlArchive
. C:SurfControlArch
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10547</id>
<data>
It was possible to obtain the list of Lanman services of the
remote host via SNMP :
. Server
. Alerter
. Event Log
. Messenger
. Net Logon
. Telephony
. DNS Client
. DHCP Client
. Workstation
. SNMP Service
. Windows Time
. Plug and Play
. Print Spooler
. RunAs Service
. Task Scheduler
. Computer Browser
. Automatic Updates
. COM+ Event System
. IIS Admin Service
. Protected Storage
. Removable Storage
. Terminal Services
. IPSEC Policy Agent
. SMS Client Service
. Network Connections
. Logical Disk Manager
. Distributed File System
. License Logging Service
. NetWorker Power Monitor
. Remote Registry Service
. SMS Remote Control Agent
. Security Accounts Manager
. System Event Notification
. Remote Procedure Call (RPC)
. NetWorker Remote Exec Service
. TCP/IP NetBIOS Helper Service
. SurfControl Web Filter Service
. Distributed Link Tracking Client
. World Wide Web Publishing Service
. Windows Management Instrumentation
. Distributed Transaction Coordinator
. SurfControl Web Filter Report Server
. Simple Mail Transport Protocol (SMTP)
. Background Intelligent Transfer Service
. SurfControl Web Filter Scheduler Service
. Windows Management Instrumentation Driver Extensions
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10547</id>
<data>
It was possible to obtain the list of Lanman services of the
remote host via SNMP :
. Server
. Alerter
. Event Log
. Messenger
. Net Logon
. Telephony
. DNS Client
. DHCP Client
. Workstation
. SNMP Service
. Windows Time
. Plug and Play
. Print Spooler
. RunAs Service
. Task Scheduler
. Computer Browser
. Automatic Updates
. COM+ Event System
. IIS Admin Service
. Protected Storage
. Removable Storage
. Terminal Services
. IPSEC Policy Agent
. SMS Client Service
. Network Connections
. Logical Disk Manager
. Distributed File System
. License Logging Service
. NetWorker Power Monitor
. Remote Registry Service
. SMS Remote Control Agent
. Security Accounts Manager
. System Event Notification
. Remote Procedure Call (RPC)
. NetWorker Remote Exec Service
. TCP/IP NetBIOS Helper Service
. SurfControl Web Filter Service
. Distributed Link Tracking Client
. World Wide Web Publishing Service
. Windows Management Instrumentation
. Distributed Transaction Coordinator
. SurfControl Web Filter Report Server
. Simple Mail Transport Protocol (SMTP)
. Background Intelligent Transfer Service
. SurfControl Web Filter Scheduler Service
. Windows Management Instrumentation Driver Extensions
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10546</id>
<data>
It was possible to obtain the list of SMB users of the
remote host via SNMP :
. Guest
. Administrator
. TsInternetUser
An attacker may use this information to set up brute force
attacks or find an unused account.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10546</id>
<data>
It was possible to obtain the list of SMB users of the
remote host via SNMP :
. Guest
. Administrator
An attacker may use this information to set up brute force
attacks or find an unused account.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10800</id>
<data>
Using SNMP, we could determine that the remote operating system is :
Hardware: x86 Family 15 Model 2 Stepping 7 AT/AT COMPATIBLE - Software: Windows 2000 Version 5.0 (Build 2195 Uniprocessor Free)
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10800</id>
<data>
Using SNMP, we could determine that the remote operating system is :
Hardware: x86 Family 15 Model 2 Stepping 7 AT/AT COMPATIBLE - Software: Windows 2000 Version 5.0 (Build 2195 Uniprocessor Free)
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10264</id>
<data>
SNMP Agent responded as expected with community name: public
CVE : CAN-1999-0517, CAN-1999-0186, CAN-1999-0254
BID : 177, 7081, 7212, 7317
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10264</id>
<data>
SNMP Agent responded as expected with community name: public
CVE : CAN-1999-0517, CAN-1999-0186, CAN-1999-0254
BID : 177, 7081, 7212, 7317
</data>
</information>
</port>
<port protocol="tcp" portid="25">
<service name="smtp" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>11034</id>
<data>
For some reason, we could not send the EICAR test string to this MTA
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11034</id>
<data>
For some reason, we could not send the EICAR test string to this MTA
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11421</id>
<data>
This server could be fingerprinted as being Microsoft ESMTP MAIL Service, Version 5.0.2195
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11421</id>
<data>
This server could be fingerprinted as being Microsoft ESMTP MAIL Service, Version 5.0.2195
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10263</id>
<data>
Remote SMTP server banner :
220 xyhq_superscout.example.net Microsoft ESMTP MAIL Service, Version: 5.0.2195.5329 ready at Wed, 23 Jul 2003 16:28:36 -0400
This is probably: Microsoft Exchange version 5.0.2195.5329 ready at Wed, 23 Jul 2003 16:28:36 -0400
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10263</id>
<data>
Remote SMTP server banner :
220 xyhq_superscout.example.net Microsoft ESMTP MAIL Service, Version: 5.0.2195.5329 ready at Wed, 23 Jul 2003 16:27:26 -0400
This is probably: Microsoft Exchange version 5.0.2195.5329 ready at Wed, 23 Jul 2003 16:27:26 -0400
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
An SMTP server is running on this port
Here is its banner :
220 xyhq_superscout.example.net Microsoft ESMTP MAIL Service, Version: 5.0.2195.5329 ready at Wed, 23 Jul 2003 16:27:28 -0400
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
An SMTP server is running on this port
Here is its banner :
220 xyhq_superscout.example.net Microsoft ESMTP MAIL Service, Version: 5.0.2195.5329 ready at Wed, 23 Jul 2003 16:26:14 -0400
</data>
</information>
</port>
<port protocol="tcp" portid="139">
<service name="netbios-ssn" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10916</id>
<data>
The following local accounts have passwords which never expire :
Administrator
Guest
Password should have a limited lifetime
Solution : disable password non-expiry
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10916</id>
<data>
The following local accounts have passwords which never expire :
Administrator
Guest
Password should have a limited lifetime
Solution : disable password non-expiry
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10911</id>
<data>
The following local accounts were disabled automatically by the system:
Administrator
Guest
This probably means that these accounts were subject to brute force attacks
Risk factor : Low
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10911</id>
<data>
The following local accounts were disabled automatically by the system:
Administrator
Guest
This probably means that these accounts were subject to brute force attacks
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10397</id>
<data>
Here is the browse list of the remote host :
WARNING - LARGE BROWSE LIST.
Only the first 165 names enumerated
1AZ2015 -
This is potentially dangerous as this may help the attack
of a potential hacker by giving him extra targets to check for
Solution : filter incoming traffic to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10397</id>
<data>
Here is the browse list of the remote host :
WARNING - LARGE BROWSE LIST.
Only the first 165 names enumerated
1AZ2015 -
This is potentially dangerous as this may help the attack
of a potential hacker by giving him extra targets to check for
Solution : filter incoming traffic to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10899</id>
<data>
The following accounts have never logged in :
Guest
Unused accounts are very helpful to hacker
Solution : suppress these accounts
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10899</id>
<data>
The following accounts have never logged in :
Guest
Unused accounts are very helpful to hacker
Solution : suppress these accounts
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10895</id>
<data>
The following accounts were disabled automatically by the system:
Administrator
Guest
This probably means that these accounts were subject to brute force attacks
Risk factor : Low
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10895</id>
<data>
The following accounts were disabled automatically by the system:
Administrator
Guest
This probably means that these accounts were subject to brute force attacks
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10898</id>
<data>
The following accounts have never changed their password :
Administrator
Guest
To minimize the risk of break-in, users should
change their password regularly
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10898</id>
<data>
The following accounts have never changed their password :
Administrator
Guest
To minimize the risk of break-in, users should
change their password regularly
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10915</id>
<data>
The following local accounts have never logged in :
Guest
TsInternetUser
Unused accounts are very helpful to hacker
Solution : suppress these accounts
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10915</id>
<data>
The following local accounts have never logged in :
Guest
TsInternetUser
Unused accounts are very helpful to hacker
Solution : suppress these accounts
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10914</id>
<data>
The following local accounts have never changed their password :
Administrator
Guest
TsInternetUser
To minimize the risk of break-in, users should
change their password regularly
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10914</id>
<data>
The following local accounts have never changed their password :
Administrator
Guest
To minimize the risk of break-in, users should
change their password regularly
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10900</id>
<data>
The following accounts have passwords which never expire :
Administrator
Guest
Password should have a limited lifetime
Solution : disable password non-expiry
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10900</id>
<data>
The following accounts have passwords which never expire :
Administrator
Guest
Password should have a limited lifetime
Solution : disable password non-expiry
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10913</id>
<data>
The following local accounts are disabled :
Guest
To minimize the risk of break-in, permanently disabled accounts
should be deleted
Risk factor : Low
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10913</id>
<data>
The following local accounts are disabled :
Guest
To minimize the risk of break-in, permanently disabled accounts
should be deleted
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10860</id>
<data>
The host SID could be used to enumerate the names of the local users
of this host.
(we only enumerated users name whose ID is between 1000 and 2000
for performance reasons)
This gives extra knowledge to an attacker, which
is not a good thing :
- Administrator account name : Administrator (id 500)
- Guest account name : Guest (id 501)
Risk factor : Medium
Solution : filter incoming connections this port
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10860</id>
<data>
The host SID could be used to enumerate the names of the local users
of this host.
(we only enumerated users name whose ID is between 1000 and 2000
for performance reasons)
This gives extra knowledge to an attacker, which
is not a good thing :
- Administrator account name : Administrator (id 500)
- Guest account name : Guest (id 501)
- TsInternetUser (id 1000)
Risk factor : Medium
Solution : filter incoming connections this port
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10859</id>
<data>
The host SID can be obtained remotely. Its value is :
AZHQ_SUPERSCOUT : 5-21-299502267-573735546-839522115
An attacker can use it to obtain the list of the local users of this host
Solution : filter the ports 137 to 139 and 445
Risk factor : Low
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10859</id>
<data>
The host SID can be obtained remotely. Its value is :
AZHQ_SUPERSCOUT : 5-21-299502267-573735546-839522115
An attacker can use it to obtain the list of the local users of this host
Solution : filter the ports 137 to 139 and 445
Risk factor : Low
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10897</id>
<data>
The following accounts are disabled :
Guest
To minimize the risk of break-in, permanently disabled accounts
should be deleted
Risk factor : Low
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10785</id>
<data>
The remote native lan manager is : Windows 2000 LAN Manager
The remote Operating System is : Windows 5.0
The remote SMB Domain Name is : AZI
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10897</id>
<data>
The following accounts are disabled :
Guest
To minimize the risk of break-in, permanently disabled accounts
should be deleted
Risk factor : Low
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10785</id>
<data>
The remote native lan manager is : Windows 2000 LAN Manager
The remote Operating System is : Windows 5.0
The remote SMB Domain Name is : AZI
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10399</id>
<data>
The domain SID could be used to enumerate the names of the users
of this domain.
(we only enumerated users name whose ID is between 1000 and 2000
for performance reasons)
This gives extra knowledge to an attacker, which
is not a good thing :
- Administrator account name : Administrator (id 500)
- Guest account name : Guest (id 501)
Risk factor : Medium
Solution : filter incoming connections this port
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10398</id>
<data>
The domain SID can be obtained remotely. Its value is :
AZI : 5-21-2088395314-1630698216-891584314
An attacker can use it to obtain the list of the local users of this host
Solution : filter the ports 137 to 139 and 445
Risk factor : Low
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10399</id>
<data>
The domain SID could be used to enumerate the names of the users
of this domain.
(we only enumerated users name whose ID is between 1000 and 2000
for performance reasons)
This gives extra knowledge to an attacker, which
is not a good thing :
- Administrator account name : Administrator (id 500)
- Guest account name : Guest (id 501)
Risk factor : Medium
Solution : filter incoming connections this port
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10398</id>
<data>
The domain SID can be obtained remotely. Its value is :
AZI : 5-21-2088395314-1630698216-891584314
An attacker can use it to obtain the list of the local users of this host
Solution : filter the ports 137 to 139 and 445
Risk factor : Low
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10394</id>
<data>
. It was possible to log into the remote host using a NULL session.
The concept of a NULL session is to provide a null username and
a null password, which grants the user the 'guest' access
To prevent null sessions, see MS KB Article Q143474 (NT 4.0) and
Q246261 (Windows 2000).
Note that this won't completely disable null sessions, but will
prevent them from connecting to IPC$
Please see http://msgs.securepoint.com/cgi-bin/get/nessus-0204/50/1.html
. All the smb tests will be done as ''/'' in domain AZI
CVE : CAN-1999-0504, CAN-1999-0506, CVE-2000-0222
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10394</id>
<data>
. It was possible to log into the remote host using a NULL session.
The concept of a NULL session is to provide a null username and
a null password, which grants the user the 'guest' access
To prevent null sessions, see MS KB Article Q143474 (NT 4.0) and
Q246261 (Windows 2000).
Note that this won't completely disable null sessions, but will
prevent them from connecting to IPC$
Please see http://msgs.securepoint.com/cgi-bin/get/nessus-0204/50/1.html
. All the smb tests will be done as ''/'' in domain AZI
CVE : CAN-1999-0504, CAN-1999-0506, CVE-2000-0222
</data>
</information>
</port>
<port protocol="udp" portid="137">
<service name="netbios-ns" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10150</id>
<data>
. The following 7 NetBIOS names have been gathered :
INet~Services
IS~HQ_SUPERSCOU
. The remote host has the following MAC address on its adapter :
0x00 0x07 0xe9 0x89 0x05 0x30
If you do not want to allow everyone to find the NetBios name
of your computer, you should filter incoming traffic to this port.
Risk factor : Medium
CVE : CAN-1999-0621
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10150</id>
<data>
. The following 7 NetBIOS names have been gathered :
INet~Services
. The remote host has the following MAC address on its adapter :
0x00 0x07 0xe9 0x89 0x05 0x30
If you do not want to allow everyone to find the NetBios name
of your computer, you should filter incoming traffic to this port.
Risk factor : Medium
CVE : CAN-1999-0621
</data>
</information>
</port>
<port protocol="tcp" portid="3389">
<service name="ms-term-serv" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10940</id>
<data>
The Terminal Services are enabled on the remote host.
Terminal Services allow a Windows user to remotely obtain
a graphical login (and therefore act as a local user on the
remote host).
If an attacker gains a valid login and password, he may
be able to use this service to gain further access
on the remote host.
Note that RDP (the Remote Desktop Protocol) is vulnerable
to Man-in-the-middle attacks, making it easy for attackers to
steal the credentials of legitimates users by impersonating the
Windows server.
Solution : Disable the Terminal Services if you do not use them, and
do not allow this service to run across the internet
Risk factor : Medium
BID : 7258
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10940</id>
<data>
The Terminal Services are enabled on the remote host.
Terminal Services allow a Windows user to remotely obtain
a graphical login (and therefore act as a local user on the
remote host).
If an attacker gains a valid login and password, he may
be able to use this service to gain further access
on the remote host.
Note that RDP (the Remote Desktop Protocol) is vulnerable
to Man-in-the-middle attacks, making it easy for attackers to
steal the credentials of legitimates users by impersonating the
Windows server.
Solution : Disable the Terminal Services if you do not use them, and
do not allow this service to run across the internet
Risk factor : Medium
BID : 7258
</data>
</information>
</port>
<port protocol="tcp" portid="445">
<service name="microsoft-ds" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>11011</id>
<data>
A CIFS server is running on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11011</id>
<data>
A CIFS server is running on this port
</data>
</information>
</port>
<port protocol="tcp" portid="135">
<service name="loc-srv" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10736</id>
<data>
DCE services running on the remote can be enumerated
by connecting on port 135 and doing the appropriate
queries.
An attacker may use this fact to gain more knowledge
about the remote host.
Solution : filter incoming traffic to this port.
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10736</id>
<data>
DCE services running on the remote can be enumerated
by connecting on port 135 and doing the appropriate
queries.
An attacker may use this fact to gain more knowledge
about the remote host.
Solution : filter incoming traffic to this port.
Risk factor : Low
</data>
</information>
</port>
<port protocol="tcp" portid="443">
<service name="https" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
An unknown service is running on this port.
It is usually reserved for HTTPS
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
An unknown service is running on this port.
It is usually reserved for HTTPS
</data>
</information>
</port>
<port protocol="udp">
<service name="general/udp" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10287</id>
<data>
For your information, here is the traceroute to 192.168.4.49 :
192.168.4.49
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10287</id>
<data>
For your information, here is the traceroute to 192.168.4.49 :
192.168.4.49
</data>
</information>
</port>
<port protocol="tcp">
<service name="general/tcp" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>11618</id>
<data>
The remote host does not discard TCP SYN packets which
have the FIN flag set.
Depending on the kind of firewall you are using, an
attacker may use this flaw to bypass its rules.
See also : http://archives.neohapsis.com/archives/bugtraq/2002-10/0266.html
http://www.kb.cert.org/vuls/id/464113
Solution : Contact your vendor for a patch
Risk factor : Medium
BID : 7487
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>11618</id>
<data>
The remote host does not discard TCP SYN packets which
have the FIN flag set.
Depending on the kind of firewall you are using, an
attacker may use this flaw to bypass its rules.
See also : http://archives.neohapsis.com/archives/bugtraq/2002-10/0266.html
http://www.kb.cert.org/vuls/id/464113
Solution : Contact your vendor for a patch
Risk factor : Medium
BID : 7487
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10276</id>
<data>
Microsoft Windows 95 and 98 clients have the ability
to bind multiple TCP/IP stacks on the same MAC address,
simply by having the protocol added more than once
in the Network Control panel.
The remote host has several TCP/IP stacks with the
same IP bound on the same MAC address. As a result,
it will reply several times to the same packets,
such as by sending multiple ACK to a single SYN,
creating noise on your network. If several hosts
behave the same way, then your network will be brought
down.
Solution : Remove all the IP stacks except one in the remote
host.
Risk factor : Medium
CVE : CAN-1999-1201
BID : 225
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10201</id>
<data>
The remote host uses non-random IP IDs, that is, it is
possible to predict the next value of the ip_id field of
the ip packets sent by this host.
An attacker may use this feature to determine if the remote
host sent a packet in reply to another request. This may be
used for portscanning and other things.
Solution : Contact your vendor for a patch
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10201</id>
<data>
The remote host uses non-random IP IDs, that is, it is
possible to predict the next value of the ip_id field of
the ip packets sent by this host.
An attacker may use this feature to determine if the remote
host sent a packet in reply to another request. This may be
used for portscanning and other things.
Solution : Contact your vendor for a patch
Risk factor : Low
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11268</id>
<data>
Remote OS guess : Windows Millennium Edition (Me), Win 2000, or WinXP
CVE : CAN-1999-0454
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11268</id>
<data>
Remote OS guess : Windows Millennium Edition (Me), Win 2000, or WinXP
CVE : CAN-1999-0454
</data>
</information>
</port>
<port protocol="icmp">
<service name="general/icmp" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10114</id>
<data>
The remote host answers to an ICMP timestamp request. This allows an attacker
to know the date which is set on your machine.
This may help him to defeat all your time based authentication protocols.
Solution : filter out the ICMP timestamp requests (13), and the outgoing ICMP
timestamp replies (14).
Risk factor : Low
CVE : CAN-1999-0524
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10114</id>
<data>
The remote host answers to an ICMP timestamp request. This allows an attacker
to know the date which is set on your machine.
This may help him to defeat all your time based authentication protocols.
Solution : filter out the ICMP timestamp requests (13), and the outgoing ICMP
timestamp replies (14).
Risk factor : Low
CVE : CAN-1999-0524
</data>
</information>
</port>
</ports>
</result>
<result>
<host name="192.168.4.59" ip="192.168.4.59"/>
<date>
<error txt="No scan dates."/>
</date>
<ports>
<port protocol="udp" portid="7938">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port
</data>
</information>
</port>
<port protocol="tcp" portid="7938">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port
</data>
</information>
</port>
<port protocol="tcp" portid="7937">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #390113 version 1 is running on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #390113 version 1 is running on this port
</data>
</information>
</port>
<port protocol="tcp" portid="1072">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1
Endpoint: ncacn_ip_tcp:192.168.4.59[1072]
UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1
Endpoint: ncacn_ip_tcp:169.254.166.139[1072]
UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1
Endpoint: ncacn_ip_tcp:192.168.4.59[1072]
UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1
Endpoint: ncacn_ip_tcp:169.254.166.139[1072]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1
Endpoint: ncacn_ip_tcp:192.168.4.59[1072]
UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1
Endpoint: ncacn_ip_tcp:169.254.166.139[1072]
UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1
Endpoint: ncacn_ip_tcp:192.168.4.59[1072]
UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1
Endpoint: ncacn_ip_tcp:169.254.166.139[1072]
</data>
</information>
</port>
<port protocol="udp" portid="1060">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1
Endpoint: ncadg_ip_udp:169.254.166.139[1060]
Annotation: Messenger Service
UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1
Endpoint: ncadg_ip_udp:192.168.4.59[1060]
Annotation: Messenger Service
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1
Endpoint: ncadg_ip_udp:169.254.166.139[1060]
Annotation: Messenger Service
UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1
Endpoint: ncadg_ip_udp:192.168.4.59[1060]
Annotation: Messenger Service
</data>
</information>
</port>
<port protocol="tcp" portid="1045">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:169.254.166.139[1045]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.59[1045]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:169.254.166.139[1045]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.59[1045]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:169.254.166.139[1045]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.59[1045]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:169.254.166.139[1045]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.59[1045]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:169.254.166.139[1045]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.59[1045]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:169.254.166.139[1045]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.59[1045]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:169.254.166.139[1045]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.59[1045]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:169.254.166.139[1045]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.59[1045]
</data>
</information>
</port>
<port protocol="tcp" portid="111">
<service name="sunrpc" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10223</id>
<data>
The RPC portmapper is running on this port.
An attacker may use it to enumerate your list
of RPC services. We recommend you filter traffic
going to this port.
Risk factor : Low
CVE : CAN-1999-0632, CVE-1999-0189
BID : 205
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10223</id>
<data>
The RPC portmapper is running on this port.
An attacker may use it to enumerate your list
of RPC services. We recommend you filter traffic
going to this port.
Risk factor : Low
CVE : CAN-1999-0632, CVE-1999-0189
BID : 205
</data>
</information>
</port>
<port protocol="udp" portid="161">
<service name="snmp" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10551</id>
<data>
It was possible to obtain the list of network interfaces of the
remote host via SNMP :
. MS TCP Loopback interface
. YOKOGAWA Vnet/VLnet Adapter
. Intel(R) PRO/1000 MT Network Connection
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10548</id>
<data>
It was possible to obtain the list of Lanman shares of the
remote host via SNMP :
. EXA
. CS1000
. CTMRECP
. CTMSCHD
. C:
. C:EXA
. C:EXA
. C:EXA
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10551</id>
<data>
It was possible to obtain the list of network interfaces of the
remote host via SNMP :
. MS TCP Loopback interface
. YOKOGAWA Vnet/VLnet Adapter
. Intel(R) PRO/1000 MT Network Connection
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10548</id>
<data>
It was possible to obtain the list of Lanman shares of the
remote host via SNMP :
. EXA
. CS1000
. CTMRECP
. CTMSCHD
. C:
. C:EXA
. C:EXA
. C:EXA
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10547</id>
<data>
It was possible to obtain the list of Lanman services of the
remote host via SNMP :
. Server
. Alerter
. BK Logd
. BK OPKB
. BK ROOT
. OpcEnum
. PM Logd
. BK Bossd
. BK VLmon
. BK SIMMGR
. BK Timerd
. Event Log
. Messenger
. Net Logon
. Telephony
. DNS Client
. BK SyncTime
. DHCP Client
. Workstation
. SNMP Service
. Windows Time
. Plug and Play
. Print Spooler
. RunAs Service
. Task Scheduler
. Computer Browser
. Automatic Updates
. COM+ Event System
. Protected Storage
. Removable Storage
. Terminal Services
. IPSEC Policy Agent
. SMS Client Service
. Network Connections
. Logical Disk Manager
. Distributed File System
. License Logging Service
. NetWorker Power Monitor
. Remote Registry Service
. SMS Remote Control Agent
. Security Accounts Manager
. System Event Notification
. Remote Procedure Call (RPC)
. NetWorker Remote Exec Service
. TCP/IP NetBIOS Helper Service
. Distributed Link Tracking Client
. Windows Management Instrumentation
. Distributed Transaction Coordinator
. Background Intelligent Transfer Service
. Windows Management Instrumentation Driver Extensions
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10547</id>
<data>
It was possible to obtain the list of Lanman services of the
remote host via SNMP :
. Server
. Alerter
. BK Logd
. BK OPKB
. BK ROOT
. OpcEnum
. PM Logd
. BK Bossd
. BK VLmon
. BK SIMMGR
. BK Timerd
. Event Log
. Messenger
. Net Logon
. Telephony
. DNS Client
. BK SyncTime
. DHCP Client
. Workstation
. SNMP Service
. Windows Time
. Plug and Play
. Print Spooler
. RunAs Service
. Task Scheduler
. Computer Browser
. Automatic Updates
. COM+ Event System
. Protected Storage
. Removable Storage
. Terminal Services
. IPSEC Policy Agent
. SMS Client Service
. Network Connections
. Logical Disk Manager
. Distributed File System
. License Logging Service
. NetWorker Power Monitor
. Remote Registry Service
. SMS Remote Control Agent
. Security Accounts Manager
. System Event Notification
. Remote Procedure Call (RPC)
. NetWorker Remote Exec Service
. TCP/IP NetBIOS Helper Service
. Distributed Link Tracking Client
. Windows Management Instrumentation
. Distributed Transaction Coordinator
. Background Intelligent Transfer Service
. Windows Management Instrumentation Driver Extensions
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10546</id>
<data>
It was possible to obtain the list of SMB users of the
remote host via SNMP :
. Guest
. ASPNET
. CENTUM
. Administrator
. SMSCliSvcAcct&
. TsInternetUser
. SMSCliToknAcct&
. IUSR_AZHQ_FIMS_02
. IWAM_AZHQ_FIMS_02
An attacker may use this information to set up brute force
attacks or find an unused account.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10800</id>
<data>
Using SNMP, we could determine that the remote operating system is :
Hardware: x86 Family 15 Model 2 Stepping 7 AT/AT COMPATIBLE - Software: Windows 2000 Version 5.0 (Build 2195 Multiprocessor Free)
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10546</id>
<data>
It was possible to obtain the list of SMB users of the
remote host via SNMP :
. Guest
. ASPNET
. CENTUM
. Administrator
. SMSCliSvcAcct&
. TsInternetUser
. SMSCliToknAcct&
. IUSR_AZHQ_FIMS_02
. IWAM_AZHQ_FIMS_02
An attacker may use this information to set up brute force
attacks or find an unused account.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10800</id>
<data>
Using SNMP, we could determine that the remote operating system is :
Hardware: x86 Family 15 Model 2 Stepping 7 AT/AT COMPATIBLE - Software: Windows 2000 Version 5.0 (Build 2195 Multiprocessor Free)
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10264</id>
<data>
SNMP Agent responded as expected with community name: public
CVE : CAN-1999-0517, CAN-1999-0186, CAN-1999-0254
BID : 177, 7081, 7212, 7317
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10264</id>
<data>
SNMP Agent responded as expected with community name: public
CVE : CAN-1999-0517, CAN-1999-0186, CAN-1999-0254
BID : 177, 7081, 7212, 7317
</data>
</information>
</port>
<port protocol="tcp" portid="139">
<service name="netbios-ssn" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10916</id>
<data>
The following local accounts have passwords which never expire :
Administrator
Guest
TsInternetUser
SMSCliSvcAcct&
SMSCliToknAcct&
ASPNET
Password should have a limited lifetime
Solution : disable password non-expiry
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10916</id>
<data>
The following local accounts have passwords which never expire :
Administrator
Guest
TsInternetUser
SMSCliSvcAcct&
SMSCliToknAcct&
ASPNET
Password should have a limited lifetime
Solution : disable password non-expiry
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10911</id>
<data>
The following local accounts were disabled automatically by the system:
Administrator
Guest
This probably means that these accounts were subject to brute force attacks
Risk factor : Low
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10911</id>
<data>
The following local accounts were disabled automatically by the system:
Administrator
Guest
This probably means that these accounts were subject to brute force attacks
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10397</id>
<data>
Here is the browse list of the remote host :
WARNING - LARGE BROWSE LIST.
Only the first 165 names enumerated
1AZ2015 -
This is potentially dangerous as this may help the attack
of a potential hacker by giving him extra targets to check for
Solution : filter incoming traffic to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10397</id>
<data>
Here is the browse list of the remote host :
WARNING - LARGE BROWSE LIST.
Only the first 165 names enumerated
1AZ2015 -
This is potentially dangerous as this may help the attack
of a potential hacker by giving him extra targets to check for
Solution : filter incoming traffic to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10899</id>
<data>
The following accounts have never logged in :
Guest
Unused accounts are very helpful to hacker
Solution : suppress these accounts
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10899</id>
<data>
The following accounts have never logged in :
Guest
Unused accounts are very helpful to hacker
Solution : suppress these accounts
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10895</id>
<data>
The following accounts were disabled automatically by the system:
Administrator
Guest
This probably means that these accounts were subject to brute force attacks
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10898</id>
<data>
The following accounts have never changed their password :
Administrator
Guest
To minimize the risk of break-in, users should
change their password regularly
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10895</id>
<data>
The following accounts were disabled automatically by the system:
Administrator
Guest
This probably means that these accounts were subject to brute force attacks
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10898</id>
<data>
The following accounts have never changed their password :
Administrator
Guest
To minimize the risk of break-in, users should
change their password regularly
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10915</id>
<data>
The following local accounts have never logged in :
Guest
TsInternetUser
ASPNET
Unused accounts are very helpful to hacker
Solution : suppress these accounts
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10914</id>
<data>
The following local accounts have never changed their password :
Administrator
Guest
TsInternetUser
SMSCliSvcAcct&
SMSCliToknAcct&
ASPNET
To minimize the risk of break-in, users should
change their password regularly
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10915</id>
<data>
The following local accounts have never logged in :
Guest
TsInternetUser
ASPNET
Unused accounts are very helpful to hacker
Solution : suppress these accounts
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10914</id>
<data>
The following local accounts have never changed their password :
Administrator
Guest
TsInternetUser
SMSCliSvcAcct&
SMSCliToknAcct&
ASPNET
To minimize the risk of break-in, users should
change their password regularly
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10900</id>
<data>
The following accounts have passwords which never expire :
Administrator
Guest
Password should have a limited lifetime
Solution : disable password non-expiry
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10900</id>
<data>
The following accounts have passwords which never expire :
Administrator
Guest
Password should have a limited lifetime
Solution : disable password non-expiry
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10913</id>
<data>
The following local accounts are disabled :
Guest
To minimize the risk of break-in, permanently disabled accounts
should be deleted
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10860</id>
<data>
The host SID could be used to enumerate the names of the local users
of this host.
(we only enumerated users name whose ID is between 1000 and 2000
for performance reasons)
This gives extra knowledge to an attacker, which
is not a good thing :
- Administrator account name : Administrator (id 500)
- Guest account name : Guest (id 501)
- TsInternetUser (id 1000)
- SMSCliSvcAcct& (id 1003)
- SMSCliToknAcct& (id 1004)
- ASPNET (id 1005)
- CENTUM (id 1007)
Risk factor : Medium
Solution : filter incoming connections this port
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10859</id>
<data>
The host SID can be obtained remotely. Its value is :
AZHQ_FIMS_02 : 5-21-57989841-1390067357-725345543
An attacker can use it to obtain the list of the local users of this host
Solution : filter the ports 137 to 139 and 445
Risk factor : Low
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10897</id>
<data>
The following accounts are disabled :
Guest
To minimize the risk of break-in, permanently disabled accounts
should be deleted
Risk factor : Low
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10785</id>
<data>
The remote native lan manager is : Windows 2000 LAN Manager
The remote Operating System is : Windows 5.0
The remote SMB Domain Name is : AZI
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10913</id>
<data>
The following local accounts are disabled :
Guest
To minimize the risk of break-in, permanently disabled accounts
should be deleted
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10860</id>
<data>
The host SID could be used to enumerate the names of the local users
of this host.
(we only enumerated users name whose ID is between 1000 and 2000
for performance reasons)
This gives extra knowledge to an attacker, which
is not a good thing :
- Administrator account name : Administrator (id 500)
- Guest account name : Guest (id 501)
- TsInternetUser (id 1000)
- ASPNET (id 1005)
- CENTUM (id 1007)
Risk factor : Medium
Solution : filter incoming connections this port
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10859</id>
<data>
The host SID can be obtained remotely. Its value is :
AZHQ_FIMS_02 : 5-21-57989841-1390067357-725345543
An attacker can use it to obtain the list of the local users of this host
Solution : filter the ports 137 to 139 and 445
Risk factor : Low
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10897</id>
<data>
The following accounts are disabled :
Guest
To minimize the risk of break-in, permanently disabled accounts
should be deleted
Risk factor : Low
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10785</id>
<data>
The remote native lan manager is : Windows 2000 LAN Manager
The remote Operating System is : Windows 5.0
The remote SMB Domain Name is : AZI
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10399</id>
<data>
The domain SID could be used to enumerate the names of the users
of this domain.
(we only enumerated users name whose ID is between 1000 and 2000
for performance reasons)
This gives extra knowledge to an attacker, which
is not a good thing :
- Administrator account name : Administrator (id 500)
- Guest account name : Guest (id 501)
Risk factor : Medium
Solution : filter incoming connections this port
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10398</id>
<data>
The domain SID can be obtained remotely. Its value is :
AZI : 5-21-2088395314-1630698216-891584314
An attacker can use it to obtain the list of the local users of this host
Solution : filter the ports 137 to 139 and 445
Risk factor : Low
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10399</id>
<data>
The domain SID could be used to enumerate the names of the users
of this domain.
(we only enumerated users name whose ID is between 1000 and 2000
for performance reasons)
This gives extra knowledge to an attacker, which
is not a good thing :
- Administrator account name : Administrator (id 500)
- Guest account name : Guest (id 501)
Risk factor : Medium
Solution : filter incoming connections this port
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10398</id>
<data>
The domain SID can be obtained remotely. Its value is :
AZI : 5-21-2088395314-1630698216-891584314
An attacker can use it to obtain the list of the local users of this host
Solution : filter the ports 137 to 139 and 445
Risk factor : Low
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10394</id>
<data>
. It was possible to log into the remote host using a NULL session.
The concept of a NULL session is to provide a null username and
a null password, which grants the user the 'guest' access
To prevent null sessions, see MS KB Article Q143474 (NT 4.0) and
Q246261 (Windows 2000).
Note that this won't completely disable null sessions, but will
prevent them from connecting to IPC$
Please see http://msgs.securepoint.com/cgi-bin/get/nessus-0204/50/1.html
. All the smb tests will be done as ''/'' in domain AZI
CVE : CAN-1999-0504, CAN-1999-0506, CVE-2000-0222
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10394</id>
<data>
. It was possible to log into the remote host using a NULL session.
The concept of a NULL session is to provide a null username and
a null password, which grants the user the 'guest' access
To prevent null sessions, see MS KB Article Q143474 (NT 4.0) and
Q246261 (Windows 2000).
Note that this won't completely disable null sessions, but will
prevent them from connecting to IPC$
Please see http://msgs.securepoint.com/cgi-bin/get/nessus-0204/50/1.html
. All the smb tests will be done as ''/'' in domain AZI
CVE : CAN-1999-0504, CAN-1999-0506, CVE-2000-0222
</data>
</information>
</port>
<port protocol="udp" portid="137">
<service name="netbios-ns" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10150</id>
<data>
. The following 5 NetBIOS names have been gathered :
AZI
. The remote host has the following MAC address on its adapter :
0x00 0xc0 0x9f 0x1b 0x36 0x68
If you do not want to allow everyone to find the NetBios name
of your computer, you should filter incoming traffic to this port.
Risk factor : Medium
CVE : CAN-1999-0621
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10150</id>
<data>
. The following 5 NetBIOS names have been gathered :
AZI
AZI
. The remote host has the following MAC address on its adapter :
0x00 0xc0 0x9f 0x1b 0x36 0x68
If you do not want to allow everyone to find the NetBios name
of your computer, you should filter incoming traffic to this port.
Risk factor : Medium
CVE : CAN-1999-0621
</data>
</information>
</port>
<port protocol="tcp" portid="3389">
<service name="ms-term-serv" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10940</id>
<data>
The Terminal Services are enabled on the remote host.
Terminal Services allow a Windows user to remotely obtain
a graphical login (and therefore act as a local user on the
remote host).
If an attacker gains a valid login and password, he may
be able to use this service to gain further access
on the remote host.
Note that RDP (the Remote Desktop Protocol) is vulnerable
to Man-in-the-middle attacks, making it easy for attackers to
steal the credentials of legitimates users by impersonating the
Windows server.
Solution : Disable the Terminal Services if you do not use them, and
do not allow this service to run across the internet
Risk factor : Medium
BID : 7258
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10940</id>
<data>
The Terminal Services are enabled on the remote host.
Terminal Services allow a Windows user to remotely obtain
a graphical login (and therefore act as a local user on the
remote host).
If an attacker gains a valid login and password, he may
be able to use this service to gain further access
on the remote host.
Note that RDP (the Remote Desktop Protocol) is vulnerable
to Man-in-the-middle attacks, making it easy for attackers to
steal the credentials of legitimates users by impersonating the
Windows server.
Solution : Disable the Terminal Services if you do not use them, and
do not allow this service to run across the internet
Risk factor : Medium
BID : 7258
</data>
</information>
</port>
<port protocol="tcp" portid="445">
<service name="microsoft-ds" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>11011</id>
<data>
A CIFS server is running on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11011</id>
<data>
A CIFS server is running on this port
</data>
</information>
</port>
<port protocol="tcp" portid="135">
<service name="loc-srv" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10736</id>
<data>
DCE services running on the remote can be enumerated
by connecting on port 135 and doing the appropriate
queries.
An attacker may use this fact to gain more knowledge
about the remote host.
Solution : filter incoming traffic to this port.
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10736</id>
<data>
DCE services running on the remote can be enumerated
by connecting on port 135 and doing the appropriate
queries.
An attacker may use this fact to gain more knowledge
about the remote host.
Solution : filter incoming traffic to this port.
Risk factor : Low
</data>
</information>
</port>
<port protocol="udp">
<service name="general/udp" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10287</id>
<data>
For your information, here is the traceroute to 192.168.4.59 :
192.168.4.59
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10287</id>
<data>
For your information, here is the traceroute to 192.168.4.59 :
192.168.4.59
</data>
</information>
</port>
<port protocol="tcp">
<service name="general/tcp" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>11618</id>
<data>
The remote host does not discard TCP SYN packets which
have the FIN flag set.
Depending on the kind of firewall you are using, an
attacker may use this flaw to bypass its rules.
See also : http://archives.neohapsis.com/archives/bugtraq/2002-10/0266.html
http://www.kb.cert.org/vuls/id/464113
Solution : Contact your vendor for a patch
Risk factor : Medium
BID : 7487
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>11618</id>
<data>
The remote host does not discard TCP SYN packets which
have the FIN flag set.
Depending on the kind of firewall you are using, an
attacker may use this flaw to bypass its rules.
See also : http://archives.neohapsis.com/archives/bugtraq/2002-10/0266.html
http://www.kb.cert.org/vuls/id/464113
Solution : Contact your vendor for a patch
Risk factor : Medium
BID : 7487
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10201</id>
<data>
The remote host uses non-random IP IDs, that is, it is
possible to predict the next value of the ip_id field of
the ip packets sent by this host.
An attacker may use this feature to determine if the remote
host sent a packet in reply to another request. This may be
used for portscanning and other things.
Solution : Contact your vendor for a patch
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10201</id>
<data>
The remote host uses non-random IP IDs, that is, it is
possible to predict the next value of the ip_id field of
the ip packets sent by this host.
An attacker may use this feature to determine if the remote
host sent a packet in reply to another request. This may be
used for portscanning and other things.
Solution : Contact your vendor for a patch
Risk factor : Low
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11268</id>
<data>
Remote OS guess : Windows Millennium Edition (Me), Win 2000, or WinXP
CVE : CAN-1999-0454
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11268</id>
<data>
Remote OS guess : Windows Millennium Edition (Me), Win 2000, or WinXP
CVE : CAN-1999-0454
</data>
</information>
</port>
<port protocol="icmp">
<service name="general/icmp" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10114</id>
<data>
The remote host answers to an ICMP timestamp request. This allows an attacker
to know the date which is set on your machine.
This may help him to defeat all your time based authentication protocols.
Solution : filter out the ICMP timestamp requests (13), and the outgoing ICMP
timestamp replies (14).
Risk factor : Low
CVE : CAN-1999-0524
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10114</id>
<data>
The remote host answers to an ICMP timestamp request. This allows an attacker
to know the date which is set on your machine.
This may help him to defeat all your time based authentication protocols.
Solution : filter out the ICMP timestamp requests (13), and the outgoing ICMP
timestamp replies (14).
Risk factor : Low
CVE : CAN-1999-0524
</data>
</information>
</port>
</ports>
</result>
<result>
<host name="192.168.4.58" ip="192.168.4.58"/>
<date>
<error txt="No scan dates."/>
</date>
<ports>
<port protocol="udp" portid="7938">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port
</data>
</information>
</port>
<port protocol="tcp" portid="7938">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port
</data>
</information>
</port>
<port protocol="tcp" portid="7937">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #390113 version 1 is running on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #390113 version 1 is running on this port
</data>
</information>
</port>
<port protocol="tcp" portid="1048">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1
Endpoint: ncacn_ip_tcp:192.168.4.58[1048]
UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1
Endpoint: ncacn_ip_tcp:192.168.4.58[1048]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1
Endpoint: ncacn_ip_tcp:192.168.4.58[1048]
UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1
Endpoint: ncacn_ip_tcp:192.168.4.58[1048]
</data>
</information>
</port>
<port protocol="udp" portid="1047">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1
Endpoint: ncadg_ip_udp:192.168.4.58[1047]
Annotation: Messenger Service
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1
Endpoint: ncadg_ip_udp:192.168.4.58[1047]
Annotation: Messenger Service
</data>
</information>
</port>
<port protocol="tcp" portid="1046">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.58[1046]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.58[1046]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.58[1046]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.58[1046]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.58[1046]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.58[1046]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.58[1046]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.58[1046]
</data>
</information>
</port>
<port protocol="tcp" portid="111">
<service name="sunrpc" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10223</id>
<data>
The RPC portmapper is running on this port.
An attacker may use it to enumerate your list
of RPC services. We recommend you filter traffic
going to this port.
Risk factor : Low
CVE : CAN-1999-0632, CVE-1999-0189
BID : 205
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10223</id>
<data>
The RPC portmapper is running on this port.
An attacker may use it to enumerate your list
of RPC services. We recommend you filter traffic
going to this port.
Risk factor : Low
CVE : CAN-1999-0632, CVE-1999-0189
BID : 205
</data>
</information>
</port>
<port protocol="tcp" portid="139">
<service name="netbios-ssn" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10916</id>
<data>
The following local accounts have passwords which never expire :
Administrator
Guest
TsInternetUser
SMSCliSvcAcct&
SMSCliToknAcct&
ASPNET
Password should have a limited lifetime
Solution : disable password non-expiry
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10916</id>
<data>
The following local accounts have passwords which never expire :
Administrator
Guest
TsInternetUser
SMSCliSvcAcct&
SMSCliToknAcct&
ASPNET
Password should have a limited lifetime
Solution : disable password non-expiry
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10911</id>
<data>
The following local accounts were disabled automatically by the system:
Administrator
Guest
This probably means that these accounts were subject to brute force attacks
Risk factor : Low
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10911</id>
<data>
The following local accounts were disabled automatically by the system:
Administrator
Guest
This probably means that these accounts were subject to brute force attacks
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10397</id>
<data>
Here is the browse list of the remote host :
WARNING - LARGE BROWSE LIST.
Only the first 165 names enumerated
1AZ2015 -
This is potentially dangerous as this may help the attack
of a potential hacker by giving him extra targets to check for
Solution : filter incoming traffic to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10397</id>
<data>
Here is the browse list of the remote host :
WARNING - LARGE BROWSE LIST.
Only the first 165 names enumerated
1AZ2015 -
This is potentially dangerous as this may help the attack
of a potential hacker by giving him extra targets to check for
Solution : filter incoming traffic to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10899</id>
<data>
The following accounts have never logged in :
Guest
Unused accounts are very helpful to hacker
Solution : suppress these accounts
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10899</id>
<data>
The following accounts have never logged in :
Guest
Unused accounts are very helpful to hacker
Solution : suppress these accounts
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10895</id>
<data>
The following accounts were disabled automatically by the system:
Administrator
Guest
This probably means that these accounts were subject to brute force attacks
Risk factor : Low
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10895</id>
<data>
The following accounts were disabled automatically by the system:
Administrator
Guest
This probably means that these accounts were subject to brute force attacks
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10898</id>
<data>
The following accounts have never changed their password :
Administrator
Guest
To minimize the risk of break-in, users should
change their password regularly
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10898</id>
<data>
The following accounts have never changed their password :
Administrator
Guest
To minimize the risk of break-in, users should
change their password regularly
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10915</id>
<data>
The following local accounts have never logged in :
Guest
TsInternetUser
ASPNET
Unused accounts are very helpful to hacker
Solution : suppress these accounts
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10915</id>
<data>
The following local accounts have never logged in :
Guest
TsInternetUser
ASPNET
Unused accounts are very helpful to hacker
Solution : suppress these accounts
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10914</id>
<data>
The following local accounts have never changed their password :
Administrator
Guest
TsInternetUser
SMSCliSvcAcct&
SMSCliToknAcct&
ASPNET
To minimize the risk of break-in, users should
change their password regularly
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10914</id>
<data>
The following local accounts have never changed their password :
Administrator
Guest
TsInternetUser
SMSCliSvcAcct&
SMSCliToknAcct&
ASPNET
To minimize the risk of break-in, users should
change their password regularly
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10900</id>
<data>
The following accounts have passwords which never expire :
Administrator
Guest
Password should have a limited lifetime
Solution : disable password non-expiry
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10900</id>
<data>
The following accounts have passwords which never expire :
Administrator
Guest
Password should have a limited lifetime
Solution : disable password non-expiry
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10913</id>
<data>
The following local accounts are disabled :
Guest
To minimize the risk of break-in, permanently disabled accounts
should be deleted
Risk factor : Low
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10913</id>
<data>
The following local accounts are disabled :
Guest
To minimize the risk of break-in, permanently disabled accounts
should be deleted
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10860</id>
<data>
The host SID could be used to enumerate the names of the local users
of this host.
(we only enumerated users name whose ID is between 1000 and 2000
for performance reasons)
This gives extra knowledge to an attacker, which
is not a good thing :
- Administrator account name : Administrator (id 500)
- Guest account name : Guest (id 501)
- TsInternetUser (id 1000)
- SMSCliSvcAcct& (id 1001)
- SMSCliToknAcct& (id 1002)
- ASPNET (id 1003)
Risk factor : Medium
Solution : filter incoming connections this port
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10860</id>
<data>
The host SID could be used to enumerate the names of the local users
of this host.
(we only enumerated users name whose ID is between 1000 and 2000
for performance reasons)
This gives extra knowledge to an attacker, which
is not a good thing :
- Administrator account name : Administrator (id 500)
- Guest account name : Guest (id 501)
- TsInternetUser (id 1000)
- SMSCliSvcAcct& (id 1001)
- SMSCliToknAcct& (id 1002)
- ASPNET (id 1003)
Risk factor : Medium
Solution : filter incoming connections this port
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10859</id>
<data>
The host SID can be obtained remotely. Its value is :
AZHQ_FIMS_01 : 5-21-1547161642-113007714-682003330
An attacker can use it to obtain the list of the local users of this host
Solution : filter the ports 137 to 139 and 445
Risk factor : Low
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10859</id>
<data>
The host SID can be obtained remotely. Its value is :
AZHQ_FIMS_01 : 5-21-1547161642-113007714-682003330
An attacker can use it to obtain the list of the local users of this host
Solution : filter the ports 137 to 139 and 445
Risk factor : Low
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10897</id>
<data>
The following accounts are disabled :
Guest
To minimize the risk of break-in, permanently disabled accounts
should be deleted
Risk factor : Low
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10785</id>
<data>
The remote native lan manager is : Windows 2000 LAN Manager
The remote Operating System is : Windows 5.0
The remote SMB Domain Name is : AZI
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10897</id>
<data>
The following accounts are disabled :
Guest
To minimize the risk of break-in, permanently disabled accounts
should be deleted
Risk factor : Low
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10785</id>
<data>
The remote native lan manager is : Windows 2000 LAN Manager
The remote Operating System is : Windows 5.0
The remote SMB Domain Name is : AZI
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10399</id>
<data>
The domain SID could be used to enumerate the names of the users
of this domain.
(we only enumerated users name whose ID is between 1000 and 2000
for performance reasons)
This gives extra knowledge to an attacker, which
is not a good thing :
- Administrator account name : Administrator (id 500)
- Guest account name : Guest (id 501)
- Bowen (id 1951)
Risk factor : Medium
Solution : filter incoming connections this port
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10398</id>
<data>
The domain SID can be obtained remotely. Its value is :
AZI : 5-21-2088395314-1630698216-891584314
An attacker can use it to obtain the list of the local users of this host
Solution : filter the ports 137 to 139 and 445
Risk factor : Low
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10399</id>
<data>
The domain SID could be used to enumerate the names of the users
of this domain.
(we only enumerated users name whose ID is between 1000 and 2000
for performance reasons)
This gives extra knowledge to an attacker, which
is not a good thing :
- Administrator account name : Administrator (id 500)
- Guest account name : Guest (id 501)
- Bowen (id 1951)
Risk factor : Medium
Solution : filter incoming connections this port
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10398</id>
<data>
The domain SID can be obtained remotely. Its value is :
AZI : 5-21-2088395314-1630698216-891584314
An attacker can use it to obtain the list of the local users of this host
Solution : filter the ports 137 to 139 and 445
Risk factor : Low
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10394</id>
<data>
. It was possible to log into the remote host using a NULL session.
The concept of a NULL session is to provide a null username and
a null password, which grants the user the 'guest' access
To prevent null sessions, see MS KB Article Q143474 (NT 4.0) and
Q246261 (Windows 2000).
Note that this won't completely disable null sessions, but will
prevent them from connecting to IPC$
Please see http://msgs.securepoint.com/cgi-bin/get/nessus-0204/50/1.html
. All the smb tests will be done as ''/'' in domain AZI
CVE : CAN-1999-0504, CAN-1999-0506, CVE-2000-0222
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10394</id>
<data>
. It was possible to log into the remote host using a NULL session.
The concept of a NULL session is to provide a null username and
a null password, which grants the user the 'guest' access
To prevent null sessions, see MS KB Article Q143474 (NT 4.0) and
Q246261 (Windows 2000).
Note that this won't completely disable null sessions, but will
prevent them from connecting to IPC$
Please see http://msgs.securepoint.com/cgi-bin/get/nessus-0204/50/1.html
. All the smb tests will be done as ''/'' in domain AZI
CVE : CAN-1999-0504, CAN-1999-0506, CVE-2000-0222
</data>
</information>
</port>
<port protocol="udp" portid="137">
<service name="netbios-ns" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10150</id>
<data>
. The following 5 NetBIOS names have been gathered :
AZI
AZI
. The remote host has the following MAC address on its adapter :
0x00 0x06 0x5b 0xf7 0x1b 0x79
If you do not want to allow everyone to find the NetBios name
of your computer, you should filter incoming traffic to this port.
Risk factor : Medium
CVE : CAN-1999-0621
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10150</id>
<data>
. The following 5 NetBIOS names have been gathered :
AZI
AZI
. The remote host has the following MAC address on its adapter :
0x00 0x06 0x5b 0xf7 0x1b 0x79
If you do not want to allow everyone to find the NetBios name
of your computer, you should filter incoming traffic to this port.
Risk factor : Medium
CVE : CAN-1999-0621
</data>
</information>
</port>
<port protocol="tcp" portid="3389">
<service name="ms-term-serv" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10940</id>
<data>
The Terminal Services are enabled on the remote host.
Terminal Services allow a Windows user to remotely obtain
a graphical login (and therefore act as a local user on the
remote host).
If an attacker gains a valid login and password, he may
be able to use this service to gain further access
on the remote host.
Note that RDP (the Remote Desktop Protocol) is vulnerable
to Man-in-the-middle attacks, making it easy for attackers to
steal the credentials of legitimates users by impersonating the
Windows server.
Solution : Disable the Terminal Services if you do not use them, and
do not allow this service to run across the internet
Risk factor : Medium
BID : 7258
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10940</id>
<data>
The Terminal Services are enabled on the remote host.
Terminal Services allow a Windows user to remotely obtain
a graphical login (and therefore act as a local user on the
remote host).
If an attacker gains a valid login and password, he may
be able to use this service to gain further access
on the remote host.
Note that RDP (the Remote Desktop Protocol) is vulnerable
to Man-in-the-middle attacks, making it easy for attackers to
steal the credentials of legitimates users by impersonating the
Windows server.
Solution : Disable the Terminal Services if you do not use them, and
do not allow this service to run across the internet
Risk factor : Medium
BID : 7258
</data>
</information>
</port>
<port protocol="tcp" portid="445">
<service name="microsoft-ds" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>11011</id>
<data>
A CIFS server is running on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11011</id>
<data>
A CIFS server is running on this port
</data>
</information>
</port>
<port protocol="tcp" portid="135">
<service name="loc-srv" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10736</id>
<data>
DCE services running on the remote can be enumerated
by connecting on port 135 and doing the appropriate
queries.
An attacker may use this fact to gain more knowledge
about the remote host.
Solution : filter incoming traffic to this port.
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10736</id>
<data>
DCE services running on the remote can be enumerated
by connecting on port 135 and doing the appropriate
queries.
An attacker may use this fact to gain more knowledge
about the remote host.
Solution : filter incoming traffic to this port.
Risk factor : Low
</data>
</information>
</port>
<port protocol="udp">
<service name="general/udp" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10287</id>
<data>
For your information, here is the traceroute to 192.168.4.58 :
192.168.4.58
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10287</id>
<data>
For your information, here is the traceroute to 192.168.4.58 :
192.168.4.58
</data>
</information>
</port>
<port protocol="tcp">
<service name="general/tcp" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>11618</id>
<data>
The remote host does not discard TCP SYN packets which
have the FIN flag set.
Depending on the kind of firewall you are using, an
attacker may use this flaw to bypass its rules.
See also : http://archives.neohapsis.com/archives/bugtraq/2002-10/0266.html
http://www.kb.cert.org/vuls/id/464113
Solution : Contact your vendor for a patch
Risk factor : Medium
BID : 7487
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>11618</id>
<data>
The remote host does not discard TCP SYN packets which
have the FIN flag set.
Depending on the kind of firewall you are using, an
attacker may use this flaw to bypass its rules.
See also : http://archives.neohapsis.com/archives/bugtraq/2002-10/0266.html
http://www.kb.cert.org/vuls/id/464113
Solution : Contact your vendor for a patch
Risk factor : Medium
BID : 7487
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10276</id>
<data>
Microsoft Windows 95 and 98 clients have the ability
to bind multiple TCP/IP stacks on the same MAC address,
simply by having the protocol added more than once
in the Network Control panel.
The remote host has several TCP/IP stacks with the
same IP bound on the same MAC address. As a result,
it will reply several times to the same packets,
such as by sending multiple ACK to a single SYN,
creating noise on your network. If several hosts
behave the same way, then your network will be brought
down.
Solution : Remove all the IP stacks except one in the remote
host.
Risk factor : Medium
CVE : CAN-1999-1201
BID : 225
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10201</id>
<data>
The remote host uses non-random IP IDs, that is, it is
possible to predict the next value of the ip_id field of
the ip packets sent by this host.
An attacker may use this feature to determine if the remote
host sent a packet in reply to another request. This may be
used for portscanning and other things.
Solution : Contact your vendor for a patch
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10201</id>
<data>
The remote host uses non-random IP IDs, that is, it is
possible to predict the next value of the ip_id field of
the ip packets sent by this host.
An attacker may use this feature to determine if the remote
host sent a packet in reply to another request. This may be
used for portscanning and other things.
Solution : Contact your vendor for a patch
Risk factor : Low
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11268</id>
<data>
Remote OS guess : Windows Millennium Edition (Me), Win 2000, or WinXP
CVE : CAN-1999-0454
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11268</id>
<data>
Remote OS guess : Windows Millennium Edition (Me), Win 2000, or WinXP
CVE : CAN-1999-0454
</data>
</information>
</port>
<port protocol="icmp">
<service name="general/icmp" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10114</id>
<data>
The remote host answers to an ICMP timestamp request. This allows an attacker
to know the date which is set on your machine.
This may help him to defeat all your time based authentication protocols.
Solution : filter out the ICMP timestamp requests (13), and the outgoing ICMP
timestamp replies (14).
Risk factor : Low
CVE : CAN-1999-0524
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10114</id>
<data>
The remote host answers to an ICMP timestamp request. This allows an attacker
to know the date which is set on your machine.
This may help him to defeat all your time based authentication protocols.
Solution : filter out the ICMP timestamp requests (13), and the outgoing ICMP
timestamp replies (14).
Risk factor : Low
CVE : CAN-1999-0524
</data>
</information>
</port>
</ports>
</result>
<result>
<host name="192.168.4.57" ip="192.168.4.57"/>
<date>
<error txt="No scan dates."/>
</date>
<ports>
<port protocol="tcp" portid="80">
<service name="www" method="nessus" conf="3" />
<information>
<severity>Security Hole</severity>
<id>11412</id>
<data>
The remote WebDAV server may be vulnerable to a buffer overflow when
it receives a too long request.
An attacker may use this flaw to execute arbitrary code within the
LocalSystem security context.
*** As safe checks are enabled, Nessus did not actually test for this
*** flaw, so this might be a false positive
Solution : See http://www.microsoft.com/technet/security/bulletin/ms03-007.asp
Risk Factor : High
CVE : CAN-2003-0109
BID : 7116
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>11412</id>
<data>
The remote WebDAV server may be vulnerable to a buffer overflow when
it receives a too long request.
An attacker may use this flaw to execute arbitrary code within the
LocalSystem security context.
*** As safe checks are enabled, Nessus did not actually test for this
*** flaw, so this might be a false positive
Solution : See http://www.microsoft.com/technet/security/bulletin/ms03-007.asp
Risk Factor : High
CVE : CAN-2003-0109
BID : 7116
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10661</id>
<data>
IIS 5 has support for the Internet Printing Protocol(IPP), which is
enabled in a default install. The protocol is implemented in IIS5 as an
ISAPI extension. At least one security problem (a buffer overflow)
has been found with that extension in the past, so we recommend
you disable it if you do not use this functionality.
Solution:
To unmap the .printer extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .printer from the list.
Reference : http://online.securityfocus.com/archive/1/181109
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10661</id>
<data>
IIS 5 has support for the Internet Printing Protocol(IPP), which is
enabled in a default install. The protocol is implemented in IIS5 as an
ISAPI extension. At least one security problem (a buffer overflow)
has been found with that extension in the past, so we recommend
you disable it if you do not use this functionality.
Solution:
To unmap the .printer extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .printer from the list.
Reference : http://online.securityfocus.com/archive/1/181109
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>11213</id>
<data>
Your webserver supports the TRACE and/or TRACK methods. It has been
shown that servers supporting this method are subject
to cross-site-scripting attacks, dubbed XST for
'Cross-Site-Tracing', when used in conjunction with
various weaknesses in browsers.
An attacker may use this flaw to trick your
legitimate web users to give him their
credentials.
Solution: Disable these methods.
If you are using Apache, add the following lines for each virtual
host in your configuration file :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
If you are using Microsoft IIS, use the URLScan tool to deny HTTP TRACE
requests or to permit only the methods needed to meet site requirements
and policy.
See http://www.whitehatsec.com/press_releases/WH-PR-20030120.pdf
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0035.html
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>11424</id>
<data>
The remote server is running with WebDAV enabled.
WebDAV is an industry standard extension to the HTTP specification.
It adds a capability for authorized users to remotely add and manage
the content of a web server.
If you do not use this extension, you should disable it.
Solution : If you use IIS, refer to Microsoft KB article Q241520
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10864</id>
<data>
Here is the nikto report:
---------------------------------------------------------------------------
- Nikto 1.30/1.07 - www.cirt.net
+ Target IP: 192.168.4.57
+ Target Hostname: xyhq_domctrl2.example.net
+ Target Port: 80
+ Start Time: Wed Jul 23 16:08:59 2003
---------------------------------------------------------------------------
- Scan is dependent on "Server" string which can be faked, use -g to override
+ Server: Microsoft-IIS/5.0
+ Allowed HTTP Methods: OPTIONS, TRACE, GET, HEAD, COPY, PROPFIND, SEARCH, LOCK, UNLOCK
+ HTTP method 'PROPFIND' may indicate DAV/WebDAV is installed. This may allow DAV authorized users to consume system memory via large requests or fill disk quotas.
+ HTTP method 'TRACE' may allow client XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details.
+ Microsoft-IIS/5.0 is outdated if server is Win2000 (4.0 is current for NT 4)
+ / - TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACE)
+ / - TRACK option ('TRACE' alias) appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACK)
+ /xxxxxxxxxxabcd.html - The IIS server may be vulnerable to Cross Site Scripting (XSS) in error messages, ensure Q319733 is installed, see MS02-018, CVE-2002-0075, SNS-49, CA-2002-09 (GET)
+ /NULL.printer - Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain admin privileges via a long print request that is passed to the extension through IIS 5.0. EEYE-AD20010501, CVE-2001-0241, MS01-023, CA-2001-10, BID 2674 (GET)
+ 1825 items checked - 4 items found on remote host
+ End Time: Wed Jul 23 16:09:20 2003 (21 seconds)
---------------------------------------------------------------------------
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>11213</id>
<data>
Your webserver supports the TRACE and/or TRACK methods. It has been
shown that servers supporting this method are subject
to cross-site-scripting attacks, dubbed XST for
'Cross-Site-Tracing', when used in conjunction with
various weaknesses in browsers.
An attacker may use this flaw to trick your
legitimate web users to give him their
credentials.
Solution: Disable these methods.
If you are using Apache, add the following lines for each virtual
host in your configuration file :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
If you are using Microsoft IIS, use the URLScan tool to deny HTTP TRACE
requests or to permit only the methods needed to meet site requirements
and policy.
See http://www.whitehatsec.com/press_releases/WH-PR-20030120.pdf
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0035.html
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>11424</id>
<data>
The remote server is running with WebDAV enabled.
WebDAV is an industry standard extension to the HTTP specification.
It adds a capability for authorized users to remotely add and manage
the content of a web server.
If you do not use this extension, you should disable it.
Solution : If you use IIS, refer to Microsoft KB article Q241520
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10864</id>
<data>
Here is the nikto report:
---------------------------------------------------------------------------
- Nikto 1.30/1.07 - www.cirt.net
+ Target IP: 192.168.4.57
+ Target Hostname: xyhq_domctrl2.example.net
+ Target Port: 80
+ Start Time: Wed Jul 23 16:07:03 2003
---------------------------------------------------------------------------
- Scan is dependent on "Server" string which can be faked, use -g to override
+ Server: Microsoft-IIS/5.0
+ Allowed HTTP Methods: OPTIONS, TRACE, GET, HEAD, COPY, PROPFIND, SEARCH, LOCK, UNLOCK
+ HTTP method 'PROPFIND' may indicate DAV/WebDAV is installed. This may allow DAV authorized users to consume system memory via large requests or fill disk quotas.
+ HTTP method 'TRACE' may allow client XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details.
+ Microsoft-IIS/5.0 is outdated if server is Win2000 (4.0 is current for NT 4)
+ / - TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACE)
+ / - TRACK option ('TRACE' alias) appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACK)
+ /xxxxxxxxxxabcd.html - The IIS server may be vulnerable to Cross Site Scripting (XSS) in error messages, ensure Q319733 is installed, see MS02-018, CVE-2002-0075, SNS-49, CA-2002-09 (GET)
+ /NULL.printer - Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain admin privileges via a long print request that is passed to the extension through IIS 5.0. EEYE-AD20010501, CVE-2001-0241, MS01-023, CA-2001-10, BID 2674 (GET)
+ 1825 items checked - 4 items found on remote host
+ End Time: Wed Jul 23 16:07:23 2003 (20 seconds)
---------------------------------------------------------------------------
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10107</id>
<data>
The remote web server type is :
Microsoft-IIS/5.0
Solution : You can use urlscan to change reported server for IIS.
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11032</id>
<data>
The following directories require authentication:
/printers
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
A web server is running on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10107</id>
<data>
The remote web server type is :
Microsoft-IIS/5.0
Solution : You can use urlscan to change reported server for IIS.
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11032</id>
<data>
The following directories require authentication:
/printers
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
A web server is running on this port
</data>
</information>
</port>
<port protocol="udp" portid="7938">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port
</data>
</information>
</port>
<port protocol="tcp" portid="7938">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port
</data>
</information>
</port>
<port protocol="tcp" portid="7937">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #390113 version 1 is running on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #390113 version 1 is running on this port
</data>
</information>
</port>
<port protocol="tcp" portid="1209">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 50abc2a4-574d-40b3-9d66-ee4fd5fba076, version 5
Endpoint: ncacn_ip_tcp:192.168.4.57[1209]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 50abc2a4-574d-40b3-9d66-ee4fd5fba076, version 5
Endpoint: ncacn_ip_tcp:192.168.4.57[1209]
</data>
</information>
</port>
<port protocol="tcp" portid="1208">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 45f52c28-7f9f-101a-b52b-08002b2efabe, version 1
Endpoint: ncacn_ip_tcp:192.168.4.57[1208]
UUID: 811109bf-a4e1-11d1-ab54-00a0c91e9b45, version 1
Endpoint: ncacn_ip_tcp:192.168.4.57[1208]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 45f52c28-7f9f-101a-b52b-08002b2efabe, version 1
Endpoint: ncacn_ip_tcp:192.168.4.57[1208]
UUID: 811109bf-a4e1-11d1-ab54-00a0c91e9b45, version 1
Endpoint: ncacn_ip_tcp:192.168.4.57[1208]
</data>
</information>
</port>
<port protocol="tcp" portid="1205">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 82ad4280-036b-11cf-972c-00aa006887b0, version 2
Endpoint: ncacn_ip_tcp:192.168.4.57[1205]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 82ad4280-036b-11cf-972c-00aa006887b0, version 2
Endpoint: ncacn_ip_tcp:192.168.4.57[1205]
</data>
</information>
</port>
<port protocol="tcp" portid="1128">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: f5cc59b4-4264-101a-8c59-08002b2f8426, version 1
Endpoint: ncacn_ip_tcp:192.168.4.57[1128]
Annotation: NtFrs Service
UUID: d049b186-814f-11d1-9a3c-00c04fc9b232, version 1
Endpoint: ncacn_ip_tcp:192.168.4.57[1128]
Annotation: NtFrs API
UUID: a00c021c-2be2-11d2-b678-0000f87a8f8e, version 1
Endpoint: ncacn_ip_tcp:192.168.4.57[1128]
Annotation: PERFMON SERVICE
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: f5cc59b4-4264-101a-8c59-08002b2f8426, version 1
Endpoint: ncacn_ip_tcp:192.168.4.57[1128]
Annotation: NtFrs Service
UUID: d049b186-814f-11d1-9a3c-00c04fc9b232, version 1
Endpoint: ncacn_ip_tcp:192.168.4.57[1128]
Annotation: NtFrs API
UUID: a00c021c-2be2-11d2-b678-0000f87a8f8e, version 1
Endpoint: ncacn_ip_tcp:192.168.4.57[1128]
Annotation: PERFMON SERVICE
</data>
</information>
</port>
<port protocol="tcp" portid="1061">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 4da1c422-943d-11d1-acae-00c04fc2aa3f, version 1
Endpoint: ncacn_ip_tcp:192.168.4.57[1061]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 4da1c422-943d-11d1-acae-00c04fc2aa3f, version 1
Endpoint: ncacn_ip_tcp:192.168.4.57[1061]
</data>
</information>
</port>
<port protocol="udp" portid="1053">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1
Endpoint: ncadg_ip_udp:192.168.4.57[1053]
Annotation: Messenger Service
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1
Endpoint: ncadg_ip_udp:192.168.4.57[1053]
Annotation: Messenger Service
</data>
</information>
</port>
<port protocol="tcp" portid="1041">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.57[1041]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.57[1041]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.57[1041]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.57[1041]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.57[1041]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.57[1041]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.57[1041]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.57[1041]
</data>
</information>
</port>
<port protocol="tcp" portid="111">
<service name="sunrpc" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10223</id>
<data>
The RPC portmapper is running on this port.
An attacker may use it to enumerate your list
of RPC services. We recommend you filter traffic
going to this port.
Risk factor : Low
CVE : CAN-1999-0632, CVE-1999-0189
BID : 205
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10223</id>
<data>
The RPC portmapper is running on this port.
An attacker may use it to enumerate your list
of RPC services. We recommend you filter traffic
going to this port.
Risk factor : Low
CVE : CAN-1999-0632, CVE-1999-0189
BID : 205
</data>
</information>
</port>
<port protocol="udp" portid="161">
<service name="snmp" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10551</id>
<data>
It was possible to obtain the list of network interfaces of the
remote host via SNMP :
. MS TCP Loopback interface
. Intel(R) PRO/1000 Server Adapter
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10548</id>
<data>
It was possible to obtain the list of Lanman shares of the
remote host via SNMP :
. D
. SYSVOL
. NETLOGON
. SMSLOGON
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10551</id>
<data>
It was possible to obtain the list of network interfaces of the
remote host via SNMP :
. MS TCP Loopback interface
. Intel(R) PRO/1000 Server Adapter
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10548</id>
<data>
It was possible to obtain the list of Lanman shares of the
remote host via SNMP :
. D
. SYSVOL
. NETLOGON
. SMSLOGON
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10547</id>
<data>
It was possible to obtain the list of Lanman services of the
remote host via SNMP :
. Server
. Alerter
. DefWatch
. mr2kserv
. Event Log
. Messenger
. Net Logon
. Telephony
. DNS Client
. DNS Server
. DHCP Client
. Workstation
. SNMP Service
. Windows Time
. Plug and Play
. Print Spooler
. RunAs Service
. Task Scheduler
. Computer Browser
. Ati HotKey Poller
. Automatic Updates
. COM+ Event System
. IIS Admin Service
. Protected Storage
. Removable Storage
. Terminal Services
. Windows Installer
. IPSEC Policy Agent
. Intersite Messaging
. Network Connections
. Server Administrator
. Disk Management Service
. Distributed File System
. License Logging Service
. NetWorker Power Monitor
. Norton AntiVirus Client
. Remote Registry Service
. File Replication Service
. SMS Remote Control Agent
. Security Accounts Manager
. System Event Notification
. Remote Procedure Call (RPC)
. Dell OpenManage Server Agent
. NetWorker Remote Exec Service
. TCP/IP NetBIOS Helper Service
. NT LM Security Support Provider
. Distributed Link Tracking Client
. Distributed Link Tracking Server
. Kerberos Key Distribution Center
. World Wide Web Publishing Service
. Windows Management Instrumentation
. Distributed Transaction Coordinator
. Remote Procedure Call (RPC) Locator
. Windows Internet Name Service (WINS)
. Dell OpenManage Server Agent Event Monitor
. Windows Management Instrumentation Driver Extensions
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10547</id>
<data>
It was possible to obtain the list of Lanman services of the
remote host via SNMP :
. Server
. Alerter
. DefWatch
. mr2kserv
. Event Log
. Messenger
. Net Logon
. Telephony
. DNS Client
. DNS Server
. DHCP Client
. Workstation
. SNMP Service
. Windows Time
. Plug and Play
. Print Spooler
. RunAs Service
. Task Scheduler
. Computer Browser
. Ati HotKey Poller
. Automatic Updates
. COM+ Event System
. IIS Admin Service
. Protected Storage
. Removable Storage
. Terminal Services
. Windows Installer
. IPSEC Policy Agent
. Intersite Messaging
. Network Connections
. Server Administrator
. Disk Management Service
. Distributed File System
. License Logging Service
. NetWorker Power Monitor
. Norton AntiVirus Client
. Remote Registry Service
. File Replication Service
. SMS Remote Control Agent
. Security Accounts Manager
. System Event Notification
. Remote Procedure Call (RPC)
. Dell OpenManage Server Agent
. NetWorker Remote Exec Service
. TCP/IP NetBIOS Helper Service
. NT LM Security Support Provider
. Distributed Link Tracking Client
. Distributed Link Tracking Server
. Kerberos Key Distribution Center
. World Wide Web Publishing Service
. Windows Management Instrumentation
. Distributed Transaction Coordinator
. Remote Procedure Call (RPC) Locator
. Windows Internet Name Service (WINS)
. Dell OpenManage Server Agent Event Monitor
. Windows Management Instrumentation Driver Extensions
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10546</id>
<data>
It was possible to obtain the list of SMB users of the
remote host via SNMP :
. EA
. Li
. rb
An attacker may use this information to set up brute force
attacks or find an unused account.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10800</id>
<data>
Using SNMP, we could determine that the remote operating system is :
Hardware: x86 Family 6 Model 11 Stepping 1 AT/AT COMPATIBLE - Software: Windows 2000 Version 5.0 (Build 2195 Uniprocessor Free)
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10546</id>
<data>
It was possible to obtain the list of SMB users of the
remote host via SNMP :
. EA
. Li
. rb
An attacker may use this information to set up brute force
attacks or find an unused account.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10800</id>
<data>
Using SNMP, we could determine that the remote operating system is :
Hardware: x86 Family 6 Model 11 Stepping 1 AT/AT COMPATIBLE - Software: Windows 2000 Version 5.0 (Build 2195 Uniprocessor Free)
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10264</id>
<data>
SNMP Agent responded as expected with community name: public
CVE : CAN-1999-0517, CAN-1999-0186, CAN-1999-0254
BID : 177, 7081, 7212, 7317
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10264</id>
<data>
SNMP Agent responded as expected with community name: public
CVE : CAN-1999-0517, CAN-1999-0186, CAN-1999-0254
BID : 177, 7081, 7212, 7317
</data>
</information>
</port>
<port protocol="udp" portid="123">
<service name="ntp" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10647</id>
<data>
An NTP server is running on the remote host. Make sure that
you are running the latest version of your NTP server,
has some versions have been found out to be vulnerable to
buffer overflows.
*** Nessus reports this vulnerability using only
*** information that was gathered. Use caution
*** when testing without safe checks enabled.
If you happen to be vulnerable : upgrade
Solution : Upgrade
Risk factor : High
CVE : CVE-2001-0414
BID : 2540
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10647</id>
<data>
An NTP server is running on the remote host. Make sure that
you are running the latest version of your NTP server,
has some versions have been found out to be vulnerable to
buffer overflows.
*** Nessus reports this vulnerability using only
*** information that was gathered. Use caution
*** when testing without safe checks enabled.
If you happen to be vulnerable : upgrade
Solution : Upgrade
Risk factor : High
CVE : CVE-2001-0414
BID : 2540
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10884</id>
<data>
It is possible to determine a lot of information about the remote host
by querying the NTP variables - these include OS descriptor, and
time settings.
Theoretically one could work out the NTP peer relationships and track back
network settings from this.
Quickfix: Set NTP to restrict default access to ignore all info packets:
restrict default ignore
Risk factor : Low
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10884</id>
<data>
It is possible to determine a lot of information about the remote host
by querying the NTP variables - these include OS descriptor, and
time settings.
Theoretically one could work out the NTP peer relationships and track back
network settings from this.
Quickfix: Set NTP to restrict default access to ignore all info packets:
restrict default ignore
Risk factor : Low
</data>
</information>
</port>
<port protocol="tcp" portid="1059">
<service name="nimreg" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1
Endpoint: ncacn_ip_tcp:192.168.4.57[1059]
UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1
Endpoint: ncacn_ip_tcp:192.168.4.57[1059]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1
Endpoint: ncacn_ip_tcp:192.168.4.57[1059]
UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1
Endpoint: ncacn_ip_tcp:192.168.4.57[1059]
</data>
</information>
</port>
<port protocol="tcp" portid="139">
<service name="netbios-ssn" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10397</id>
<data>
Here is the browse list of the remote host :
WARNING - LARGE BROWSE LIST.
Only the first 165 names enumerated
1AZ2015 -
MS5523 -
This is potentially dangerous as this may help the attack
of a potential hacker by giving him extra targets to check for
Solution : filter incoming traffic to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10397</id>
<data>
Here is the browse list of the remote host :
WARNING - LARGE BROWSE LIST.
Only the first 165 names enumerated
1AZ2015 -
MS5523 -
This is potentially dangerous as this may help the attack
of a potential hacker by giving him extra targets to check for
Solution : filter incoming traffic to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10859</id>
<data>
The host SID can be obtained remotely. Its value is :
AZI : 5-21-2088395314-1630698216-891584314
An attacker can use it to obtain the list of the local users of this host
Solution : filter the ports 137 to 139 and 445
Risk factor : Low
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10785</id>
<data>
The remote native lan manager is : Windows 2000 LAN Manager
The remote Operating System is : Windows 5.0
The remote SMB Domain Name is : AZI
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10859</id>
<data>
The host SID can be obtained remotely. Its value is :
AZI : 5-21-2088395314-1630698216-891584314
An attacker can use it to obtain the list of the local users of this host
Solution : filter the ports 137 to 139 and 445
Risk factor : Low
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10785</id>
<data>
The remote native lan manager is : Windows 2000 LAN Manager
The remote Operating System is : Windows 5.0
The remote SMB Domain Name is : AZI
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10399</id>
<data>
The domain SID could be used to enumerate the names of the users
of this domain.
(we only enumerated users name whose ID is between 1000 and 2000
for performance reasons)
This gives extra knowledge to an attacker, which
is not a good thing :
- Administrator account name : Administrator (id 500)
- Guest account name : Guest (id 501)
- Bowen (id 1951)
Risk factor : Medium
Solution : filter incoming connections this port
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10399</id>
<data>
The domain SID could be used to enumerate the names of the users
of this domain.
(we only enumerated users name whose ID is between 1000 and 2000
for performance reasons)
This gives extra knowledge to an attacker, which
is not a good thing :
- Administrator account name : Administrator (id 500)
- Guest account name : Guest (id 501)
- RP7646$ (id 1996)
Risk factor : Medium
Solution : filter incoming connections this port
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10398</id>
<data>
The domain SID can be obtained remotely. Its value is :
AZI : 5-21-2088395314-1630698216-891584314
An attacker can use it to obtain the list of the local users of this host
Solution : filter the ports 137 to 139 and 445
Risk factor : Low
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10398</id>
<data>
The domain SID can be obtained remotely. Its value is :
AZI : 5-21-2088395314-1630698216-891584314
An attacker can use it to obtain the list of the local users of this host
Solution : filter the ports 137 to 139 and 445
Risk factor : Low
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10394</id>
<data>
. It was possible to log into the remote host using a NULL session.
The concept of a NULL session is to provide a null username and
a null password, which grants the user the 'guest' access
To prevent null sessions, see MS KB Article Q143474 (NT 4.0) and
Q246261 (Windows 2000).
Note that this won't completely disable null sessions, but will
prevent them from connecting to IPC$
Please see http://msgs.securepoint.com/cgi-bin/get/nessus-0204/50/1.html
. All the smb tests will be done as ''/'' in domain AZI
CVE : CAN-1999-0504, CAN-1999-0506, CVE-2000-0222
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10394</id>
<data>
. It was possible to log into the remote host using a NULL session.
The concept of a NULL session is to provide a null username and
a null password, which grants the user the 'guest' access
To prevent null sessions, see MS KB Article Q143474 (NT 4.0) and
Q246261 (Windows 2000).
Note that this won't completely disable null sessions, but will
prevent them from connecting to IPC$
Please see http://msgs.securepoint.com/cgi-bin/get/nessus-0204/50/1.html
. All the smb tests will be done as ''/'' in domain AZI
CVE : CAN-1999-0504, CAN-1999-0506, CVE-2000-0222
</data>
</information>
</port>
<port protocol="udp" portid="137">
<service name="netbios-ns" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10150</id>
<data>
. The following 11 NetBIOS names have been gathered :
AZHQ_DOMCTRL2
AZHQ_DOMCTRL2
AZI
AZI
AZI
AZI
AZI
__MSBROWSE__
AZHQ_DOMCTRL2
INet~Services
IS~AZHQ_DOMCTRL
. The remote host has the following MAC address on its adapter :
0x00 0x06 0x5b 0xec 0xe0 0xa5
If you do not want to allow everyone to find the NetBios name
of your computer, you should filter incoming traffic to this port.
Risk factor : Medium
CVE : CAN-1999-0621
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10150</id>
<data>
. The following 11 NetBIOS names have been gathered :
AZHQ_DOMCTRL2
AZHQ_DOMCTRL2
AZI
AZI
AZI
AZI
AZI
__MSBROWSE__
AZHQ_DOMCTRL2
INet~Services
IS~AZHQ_DOMCTRL
. The remote host has the following MAC address on its adapter :
0x00 0x06 0x5b 0xec 0xe0 0xa5
If you do not want to allow everyone to find the NetBios name
of your computer, you should filter incoming traffic to this port.
Risk factor : Medium
CVE : CAN-1999-0621
</data>
</information>
</port>
<port protocol="tcp" portid="42">
<service name="nameserver" method="nessus" conf="3" />
</port>
<port protocol="tcp" portid="3389">
<service name="ms-term-serv" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10940</id>
<data>
The Terminal Services are enabled on the remote host.
Terminal Services allow a Windows user to remotely obtain
a graphical login (and therefore act as a local user on the
remote host).
If an attacker gains a valid login and password, he may
be able to use this service to gain further access
on the remote host.
Note that RDP (the Remote Desktop Protocol) is vulnerable
to Man-in-the-middle attacks, making it easy for attackers to
steal the credentials of legitimates users by impersonating the
Windows server.
Solution : Disable the Terminal Services if you do not use them, and
do not allow this service to run across the internet
Risk factor : Medium
BID : 7258
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10940</id>
<data>
The Terminal Services are enabled on the remote host.
Terminal Services allow a Windows user to remotely obtain
a graphical login (and therefore act as a local user on the
remote host).
If an attacker gains a valid login and password, he may
be able to use this service to gain further access
on the remote host.
Note that RDP (the Remote Desktop Protocol) is vulnerable
to Man-in-the-middle attacks, making it easy for attackers to
steal the credentials of legitimates users by impersonating the
Windows server.
Solution : Disable the Terminal Services if you do not use them, and
do not allow this service to run across the internet
Risk factor : Medium
BID : 7258
</data>
</information>
</port>
<port protocol="tcp" portid="445">
<service name="microsoft-ds" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>11011</id>
<data>
A CIFS server is running on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11011</id>
<data>
A CIFS server is running on this port
</data>
</information>
</port>
<port protocol="tcp" portid="135">
<service name="loc-srv" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10736</id>
<data>
DCE services running on the remote can be enumerated
by connecting on port 135 and doing the appropriate
queries.
An attacker may use this fact to gain more knowledge
about the remote host.
Solution : filter incoming traffic to this port.
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10736</id>
<data>
DCE services running on the remote can be enumerated
by connecting on port 135 and doing the appropriate
queries.
An attacker may use this fact to gain more knowledge
about the remote host.
Solution : filter incoming traffic to this port.
Risk factor : Low
</data>
</information>
</port>
<port protocol="tcp" portid="636">
<service name="ldaps" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10863</id>
<data>
This TLSv1 server also accepts SSLv2 connections.
This TLSv1 server also accepts SSLv3 connections.
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10863</id>
<data>
The SSLv2 server offers 4 strong ciphers, but also
0 medium strength and 2 weak "export class" ciphers.
The weak/medium ciphers may be chosen by an export-grade
or badly configured client software. They only offer a
limited protection against a brute force attack
Solution: disable those ciphers and upgrade your client
software if necessary
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10863</id>
<data>
Here is the list of available SSLv2 ciphers:
RC4-MD5
EXP-RC4-MD5
RC2-CBC-MD5
EXP-RC2-CBC-MD5
DES-CBC-MD5
DES-CBC3-MD5
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10863</id>
<data>
Here is the SSLv2 server certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
10:c6:ed:96:00:00:00:00:00:08
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=AZ, L=Louisville, O=AZLP, CN=\x00z\x00c\x00h\x00q\x00_\x00d\x00o\x00m\x00c\x00t\x00r\x00l\x001
Validity
Not Before: Sep 5 23:08:02 2002 GMT
Not After : Aug 3 00:51:10 2004 GMT
Subject: CN=\x00z\x00c\x00h\x00q\x00_\x00d\x00o\x00m\x00c\x00t\x00r\x00l\x002\x00.\x00z\x00e\x00o\x00n\x00c\x00h\x00e\x00m\x00i\x00c\x00a\x00l\x00s\x00.\x00n\x00e\x00t
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:c0:93:8b:67:ec:af:af:12:12:d9:2b:3a:34:04:
3b:38:ab:e9:90:d7:0e:c5:9f:5e:dc:f9:ee:40:6d:
89:de:63:ea:06:92:7d:dc:12:89:5c:75:8c:d3:c0:
ca:c1:a0:43:80:cf:98:ed:45:4d:0f:a1:3a:00:78:
4f:f6:a4:91:bc:f5:96:0b:d4:80:51:75:8d:a8:c3:
c4:12:f7:b2:f9:ac:ce:8a:ef:bf:ea:17:26:64:82:
20:8b:43:8d:99:6c:fd:01:8b:48:1e:0f:e6:49:4c:
52:19:53:7c:01:0e:41:cb:0f:02:33:89:23:79:08:
09:54:00:6b:d1:a6:b5:a0:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Client Authentication, TLS Web Server Authentication
1.3.6.1.4.1.311.20.2:
. .D.o.m.a.i.n.C.o.n.t.r.o.l.l.e.r
X509v3 Subject Key Identifier:
4C:A8:E2:01:A4:8F:36:9F:78:BA:5F:24:65:69:A3:00:C1:A1:19:A5
X509v3 Authority Key Identifier:
keyid:03:22:20:A3:0E:96:9C:A3:C9:2F:02:62:2B:63:8A:0E:D6:26:26:1D
DirName:/C=US/ST=AZ/L=Louisville/O=AZLP/CN=\x00z\x00c\x00h\x00q\x00_\x00d\x00o\x00m\x00c\x00t\x00r\x00l\x001
serial:61:C7:CC:6F:2E:7F:9C:93:48:52:DB:4C:91:CA:4A:69
X509v3 CRL Distribution Points:
URI:ldap:///CN=xyhq_domctrl1,CN=xyhq_domctrl1,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=example,DC=net?certificateRevocationList?base?objectclass=cRLDistributionPoint
URI:http://xyhq_domctrl1.example.net/CertEnroll/xyhq_domctrl1.crl
Authority Information Access:
CA Issuers - URI:ldap:///CN=xyhq_domctrl1,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=example,DC=net?cACertificate?base?objectclass=certificationAuthority
CA Issuers - URI:http://xyhq_domctrl1.example.net/CertEnroll/xyhq_domctrl1.example.net_xyhq_domctrl1.crt
X509v3 Subject Alternative Name:
othername:<unsupported>, DNS:xyhq_domctrl2.example.net
Signature Algorithm: sha1WithRSAEncryption
b2:81:5f:85:1b:49:e4:0e:8f:db:ac:d3:a3:9e:98:ae:d7:4d:
e0:37:05:6f:a8:46:bf:aa:68:9d:71:3d:b9:2d:2c:3e:48:8c:
95:e7:71:5c:28:66:e1:fa:06:cc:b6:4c:55:90:ea:53:74:cc:
a3:5e:36:c6:3b:5b:6d:bc:c2:a2
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10863</id>
<data>
This TLSv1 server also accepts SSLv2 connections.
This TLSv1 server also accepts SSLv3 connections.
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10863</id>
<data>
The SSLv2 server offers 4 strong ciphers, but also
0 medium strength and 2 weak "export class" ciphers.
The weak/medium ciphers may be chosen by an export-grade
or badly configured client software. They only offer a
limited protection against a brute force attack
Solution: disable those ciphers and upgrade your client
software if necessary
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10863</id>
<data>
Here is the list of available SSLv2 ciphers:
RC4-MD5
EXP-RC4-MD5
RC2-CBC-MD5
EXP-RC2-CBC-MD5
DES-CBC-MD5
DES-CBC3-MD5
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10863</id>
<data>
Here is the SSLv2 server certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
10:c6:ed:96:00:00:00:00:00:08
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=AZ, L=Louisville, O=AZLP, CN=\x00z\x00c\x00h\x00q\x00_\x00d\x00o\x00m\x00c\x00t\x00r\x00l\x001
Validity
Not Before: Sep 5 23:08:02 2002 GMT
Not After : Aug 3 00:51:10 2004 GMT
Subject: CN=\x00z\x00c\x00h\x00q\x00_\x00d\x00o\x00m\x00c\x00t\x00r\x00l\x002\x00.\x00z\x00e\x00o\x00n\x00c\x00h\x00e\x00m\x00i\x00c\x00a\x00l\x00s\x00.\x00n\x00e\x00t
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:c0:93:8b:67:ec:af:af:12:12:d9:2b:3a:34:04:
3b:38:ab:e9:90:d7:0e:c5:9f:5e:dc:f9:ee:40:6d:
89:de:63:ea:06:92:7d:dc:12:89:5c:75:8c:d3:c0:
ca:c1:a0:43:80:cf:98:ed:45:4d:0f:a1:3a:00:78:
4f:f6:a4:91:bc:f5:96:0b:d4:80:51:75:8d:a8:c3:
c4:12:f7:b2:f9:ac:ce:8a:ef:bf:ea:17:26:64:82:
20:8b:43:8d:99:6c:fd:01:8b:48:1e:0f:e6:49:4c:
52:19:53:7c:01:0e:41:cb:0f:02:33:89:23:79:08:
09:54:00:6b:d1:a6:b5:a0:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Client Authentication, TLS Web Server Authentication
1.3.6.1.4.1.311.20.2:
. .D.o.m.a.i.n.C.o.n.t.r.o.l.l.e.r
X509v3 Subject Key Identifier:
4C:A8:E2:01:A4:8F:36:9F:78:BA:5F:24:65:69:A3:00:C1:A1:19:A5
X509v3 Authority Key Identifier:
keyid:03:22:20:A3:0E:96:9C:A3:C9:2F:02:62:2B:63:8A:0E:D6:26:26:1D
DirName:/C=US/ST=AZ/L=Louisville/O=AZLP/CN=\x00z\x00c\x00h\x00q\x00_\x00d\x00o\x00m\x00c\x00t\x00r\x00l\x001
serial:61:C7:CC:6F:2E:7F:9C:93:48:52:DB:4C:91:CA:4A:69
X509v3 CRL Distribution Points:
URI:ldap:///CN=xyhq_domctrl1,CN=xyhq_domctrl1,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=example,DC=net?certificateRevocationList?base?objectclass=cRLDistributionPoint
URI:http://xyhq_domctrl1.example.net/CertEnroll/xyhq_domctrl1.crl
Authority Information Access:
CA Issuers - URI:ldap:///CN=xyhq_domctrl1,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=example,DC=net?cACertificate?base?objectclass=certificationAuthority
CA Issuers - URI:http://xyhq_domctrl1.example.net/CertEnroll/xyhq_domctrl1.example.net_xyhq_domctrl1.crt
X509v3 Subject Alternative Name:
othername:<unsupported>, DNS:xyhq_domctrl2.example.net
Signature Algorithm: sha1WithRSAEncryption
b2:81:5f:85:1b:49:e4:0e:8f:db:ac:d3:a3:9e:98:ae:d7:4d:
e0:37:05:6f:a8:46:bf:aa:68:9d:71:3d:b9:2d:2c:3e:48:8c:
95:e7:71:5c:28:66:e1:fa:06:cc:b6:4c:55:90:ea:53:74:cc:
a3:5e:36:c6:3b:5b:6d:bc:c2:a2
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
A TLSv1 server answered on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
A TLSv1 server answered on this port
</data>
</information>
</port>
<port protocol="tcp" portid="389">
<service name="ldap" method="nessus" conf="3" />
</port>
<port protocol="tcp" portid="464">
<service name="kpasswd5" method="nessus" conf="3" />
</port>
<port protocol="tcp" portid="88">
<service name="kerberos" method="nessus" conf="3" />
</port>
<port protocol="tcp" portid="1050">
<service name="java-or-OTGfileshare" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 130ceefb-e466-11d1-b78b-00c04fa32883, version 2
Endpoint: ncacn_ip_tcp:192.168.4.57[1050]
Annotation: NTDS ISM IP Transport
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 130ceefb-e466-11d1-b78b-00c04fa32883, version 2
Endpoint: ncacn_ip_tcp:192.168.4.57[1050]
Annotation: NTDS ISM IP Transport
</data>
</information>
</port>
<port protocol="tcp" portid="1031">
<service name="iad2" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4
Endpoint: ncacn_http:192.168.4.57[1031]
Annotation: MS NT Directory DRS Interface
UUID: f5cc5a7c-4264-101a-8c59-08002b2f8426, version 21
Endpoint: ncacn_http:192.168.4.57[1031]
Annotation: MS NT Directory XDS Interface
UUID: f5cc5a18-4264-101a-8c59-08002b2f8426, version 56
Endpoint: ncacn_http:192.168.4.57[1031]
Annotation: MS NT Directory NSP Interface
UUID: 12345678-1234-abcd-ef00-01234567cffb, version 1
Endpoint: ncacn_http:192.168.4.57[1031]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4
Endpoint: ncacn_http:192.168.4.57[1031]
Annotation: MS NT Directory DRS Interface
UUID: f5cc5a7c-4264-101a-8c59-08002b2f8426, version 21
Endpoint: ncacn_http:192.168.4.57[1031]
Annotation: MS NT Directory XDS Interface
UUID: f5cc5a18-4264-101a-8c59-08002b2f8426, version 56
Endpoint: ncacn_http:192.168.4.57[1031]
Annotation: MS NT Directory NSP Interface
UUID: 12345678-1234-abcd-ef00-01234567cffb, version 1
Endpoint: ncacn_http:192.168.4.57[1031]
</data>
</information>
</port>
<port protocol="udp" portid="1030">
<service name="iad1" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4
Endpoint: ncadg_ip_udp:192.168.4.57[1030]
Annotation: MS NT Directory DRS Interface
UUID: f5cc5a7c-4264-101a-8c59-08002b2f8426, version 21
Endpoint: ncadg_ip_udp:192.168.4.57[1030]
Annotation: MS NT Directory XDS Interface
UUID: f5cc5a18-4264-101a-8c59-08002b2f8426, version 56
Endpoint: ncadg_ip_udp:192.168.4.57[1030]
Annotation: MS NT Directory NSP Interface
UUID: 12345678-1234-abcd-ef00-01234567cffb, version 1
Endpoint: ncadg_ip_udp:192.168.4.57[1030]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4
Endpoint: ncadg_ip_udp:192.168.4.57[1030]
Annotation: MS NT Directory DRS Interface
UUID: f5cc5a7c-4264-101a-8c59-08002b2f8426, version 21
Endpoint: ncadg_ip_udp:192.168.4.57[1030]
Annotation: MS NT Directory XDS Interface
UUID: f5cc5a18-4264-101a-8c59-08002b2f8426, version 56
Endpoint: ncadg_ip_udp:192.168.4.57[1030]
Annotation: MS NT Directory NSP Interface
UUID: 12345678-1234-abcd-ef00-01234567cffb, version 1
Endpoint: ncadg_ip_udp:192.168.4.57[1030]
</data>
</information>
</port>
<port protocol="tcp" portid="443">
<service name="https" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
An unknown service is running on this port.
It is usually reserved for HTTPS
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
An unknown service is running on this port.
It is usually reserved for HTTPS
</data>
</information>
</port>
<port protocol="tcp" portid="593">
<service name="http-rpc-epmap" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10763</id>
<data>
This detects the http-rpc-epmap service by connecting
to the port 593 and processing the buffer received.
This endpoint mapper provides CIS (COM+ Internet Services)
parameters like port 135 (epmap) for RPC.
Solution:
Deny incoming traffic from the Internet to TCP port 593
as it may become a security threat in the future, if a
vulnerability is discovered.
For more information about CIS:
http://msdn.microsoft.com/library/en-us/dndcom/html/cis.asp
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10763</id>
<data>
This detects the http-rpc-epmap service by connecting
to the port 593 and processing the buffer received.
This endpoint mapper provides CIS (COM+ Internet Services)
parameters like port 135 (epmap) for RPC.
Solution:
Deny incoming traffic from the Internet to TCP port 593
as it may become a security threat in the future, if a
vulnerability is discovered.
For more information about CIS:
http://msdn.microsoft.com/library/en-us/dndcom/html/cis.asp
Risk factor : Low
</data>
</information>
</port>
<port protocol="udp">
<service name="general/udp" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10287</id>
<data>
For your information, here is the traceroute to 192.168.4.57 :
192.168.4.57
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10287</id>
<data>
For your information, here is the traceroute to 192.168.4.57 :
192.168.4.57
</data>
</information>
</port>
<port protocol="tcp">
<service name="general/tcp" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>11618</id>
<data>
The remote host does not discard TCP SYN packets which
have the FIN flag set.
Depending on the kind of firewall you are using, an
attacker may use this flaw to bypass its rules.
See also : http://archives.neohapsis.com/archives/bugtraq/2002-10/0266.html
http://www.kb.cert.org/vuls/id/464113
Solution : Contact your vendor for a patch
Risk factor : Medium
BID : 7487
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>11618</id>
<data>
The remote host does not discard TCP SYN packets which
have the FIN flag set.
Depending on the kind of firewall you are using, an
attacker may use this flaw to bypass its rules.
See also : http://archives.neohapsis.com/archives/bugtraq/2002-10/0266.html
http://www.kb.cert.org/vuls/id/464113
Solution : Contact your vendor for a patch
Risk factor : Medium
BID : 7487
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10201</id>
<data>
The remote host uses non-random IP IDs, that is, it is
possible to predict the next value of the ip_id field of
the ip packets sent by this host.
An attacker may use this feature to determine if the remote
host sent a packet in reply to another request. This may be
used for portscanning and other things.
Solution : Contact your vendor for a patch
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10201</id>
<data>
The remote host uses non-random IP IDs, that is, it is
possible to predict the next value of the ip_id field of
the ip packets sent by this host.
An attacker may use this feature to determine if the remote
host sent a packet in reply to another request. This may be
used for portscanning and other things.
Solution : Contact your vendor for a patch
Risk factor : Low
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11268</id>
<data>
Remote OS guess : Windows Millennium Edition (Me), Win 2000, or WinXP
CVE : CAN-1999-0454
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11268</id>
<data>
Remote OS guess : Windows Millennium Edition (Me), Win 2000, or WinXP
CVE : CAN-1999-0454
</data>
</information>
</port>
<port protocol="icmp">
<service name="general/icmp" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10114</id>
<data>
The remote host answers to an ICMP timestamp request. This allows an attacker
to know the date which is set on your machine.
This may help him to defeat all your time based authentication protocols.
Solution : filter out the ICMP timestamp requests (13), and the outgoing ICMP
timestamp replies (14).
Risk factor : Low
CVE : CAN-1999-0524
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10114</id>
<data>
The remote host answers to an ICMP timestamp request. This allows an attacker
to know the date which is set on your machine.
This may help him to defeat all your time based authentication protocols.
Solution : filter out the ICMP timestamp requests (13), and the outgoing ICMP
timestamp replies (14).
Risk factor : Low
CVE : CAN-1999-0524
</data>
</information>
</port>
<port protocol="udp" portid="53">
<service name="domain" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>11002</id>
<data>
A DNS server is running on this port. If you
do not use it, disable it.
Risk factor : Low
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11002</id>
<data>
A DNS server is running on this port. If you
do not use it, disable it.
Risk factor : Low
</data>
</information>
</port>
<port protocol="tcp" portid="53">
<service name="domain" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10539</id>
<data>
The remote name server allows recursive queries to be performed
by the host running nessusd.
If this is your internal nameserver, then forget this warning.
If you are probing a remote nameserver, then it allows anyone
to use it to resolve third parties names (such as www.nessus.org).
This allows hackers to do cache poisoning attacks against this
nameserver.
See also : http://www.cert.org/advisories/CA-1997-22.html
Solution : Restrict recursive queries to the hosts that should
use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction
'allow-recursion' in the 'options' section of your named.conf
If you are using another name server, consult its documentation.
Risk factor : Serious
CVE : CVE-1999-0024
BID : 678
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11002</id>
<data>
A DNS server is running on this port. If you
do not use it, disable it.
Risk factor : Low
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11002</id>
<data>
A DNS server is running on this port. If you
do not use it, disable it.
Risk factor : Low
</data>
</information>
</port>
<port protocol="tcp" portid="1027">
<service name="IIS" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4
Endpoint: ncacn_ip_tcp:192.168.4.57[1027]
Annotation: MS NT Directory DRS Interface
UUID: f5cc5a7c-4264-101a-8c59-08002b2f8426, version 21
Endpoint: ncacn_ip_tcp:192.168.4.57[1027]
Annotation: MS NT Directory XDS Interface
UUID: f5cc5a18-4264-101a-8c59-08002b2f8426, version 56
Endpoint: ncacn_ip_tcp:192.168.4.57[1027]
Annotation: MS NT Directory NSP Interface
UUID: 12345678-1234-abcd-ef00-01234567cffb, version 1
Endpoint: ncacn_ip_tcp:192.168.4.57[1027]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4
Endpoint: ncacn_ip_tcp:192.168.4.57[1027]
Annotation: MS NT Directory DRS Interface
UUID: f5cc5a7c-4264-101a-8c59-08002b2f8426, version 21
Endpoint: ncacn_ip_tcp:192.168.4.57[1027]
Annotation: MS NT Directory XDS Interface
UUID: f5cc5a18-4264-101a-8c59-08002b2f8426, version 56
Endpoint: ncacn_ip_tcp:192.168.4.57[1027]
Annotation: MS NT Directory NSP Interface
UUID: 12345678-1234-abcd-ef00-01234567cffb, version 1
Endpoint: ncacn_ip_tcp:192.168.4.57[1027]
</data>
</information>
</port>
</ports>
</result>
<result>
<host name="192.168.4.55" ip="192.168.4.55"/>
<date>
<error txt="No scan dates."/>
</date>
<ports>
<port protocol="tcp" portid="80">
<service name="www" method="nessus" conf="3" />
<information>
<severity>Security Hole</severity>
<id>11412</id>
<data>
The remote WebDAV server may be vulnerable to a buffer overflow when
it receives a too long request.
An attacker may use this flaw to execute arbitrary code within the
LocalSystem security context.
*** As safe checks are enabled, Nessus did not actually test for this
*** flaw, so this might be a false positive
Solution : See http://www.microsoft.com/technet/security/bulletin/ms03-007.asp
Risk Factor : High
CVE : CAN-2003-0109
BID : 7116
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10937</id>
<data>
The IIS server appears to have the .SHTML ISAPI filter mapped.
At least one remote vulnerability has been discovered for the
.SHTML filter. This is detailed in Microsoft Advisory MS02-018
and results in a denial of service access to the web server.
It is recommended that even if you have patched this vulnerability that
you unmap the .SHTML extension, and any other unused ISAPI extensions
if they are not required for the operation of your site.
An attacker may use this flaw to prevent the remote service
from working properly.
*** Nessus reports this vulnerability using only
*** information that was gathered. Use caution
*** when testing without safe checks enabled
Solution: See
http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
and/or unmap the shtml/shtm isapi filters.
To unmap the .shtml extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .shtml/shtm and sht from the list.
Risk factor : Medium
CVE : CAN-1999-1376, CVE-2000-0226, CVE-2002-0072
BID : 4479
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>11412</id>
<data>
The remote WebDAV server may be vulnerable to a buffer overflow when
it receives a too long request.
An attacker may use this flaw to execute arbitrary code within the
LocalSystem security context.
*** As safe checks are enabled, Nessus did not actually test for this
*** flaw, so this might be a false positive
Solution : See http://www.microsoft.com/technet/security/bulletin/ms03-007.asp
Risk Factor : High
CVE : CAN-2003-0109
BID : 7116
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10937</id>
<data>
The IIS server appears to have the .SHTML ISAPI filter mapped.
At least one remote vulnerability has been discovered for the
.SHTML filter. This is detailed in Microsoft Advisory MS02-018
and results in a denial of service access to the web server.
It is recommended that even if you have patched this vulnerability that
you unmap the .SHTML extension, and any other unused ISAPI extensions
if they are not required for the operation of your site.
An attacker may use this flaw to prevent the remote service
from working properly.
*** Nessus reports this vulnerability using only
*** information that was gathered. Use caution
*** when testing without safe checks enabled
Solution: See
http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
and/or unmap the shtml/shtm isapi filters.
To unmap the .shtml extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .shtml/shtm and sht from the list.
Risk factor : Medium
CVE : CAN-1999-1376, CVE-2000-0226, CVE-2002-0072
BID : 4479
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10685</id>
<data>
There's a buffer overflow in the remote web server through
the ISAPI filter.
It is possible to overflow the remote web server and execute
commands as user SYSTEM.
Solution: See http://www.microsoft.com/technet/security/bulletin/ms01-044.asp
Risk factor : High
CVE : CVE-2001-0544, CVE-2001-0545, CVE-2001-0506, CVE-2001-0507, CVE-2001-0508, CVE-2001-0500
BID : 2690, 3190, 3194, 3195
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10685</id>
<data>
There's a buffer overflow in the remote web server through
the ISAPI filter.
It is possible to overflow the remote web server and execute
commands as user SYSTEM.
Solution: See http://www.microsoft.com/technet/security/bulletin/ms01-044.asp
Risk factor : High
CVE : CVE-2001-0544, CVE-2001-0545, CVE-2001-0506, CVE-2001-0507, CVE-2001-0508, CVE-2001-0500
BID : 2690, 3190, 3194, 3195
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10936</id>
<data>
This IIS Server appears to vulnerable to one of the cross site scripting
attacks described in MS02-018. The default '404' file returned by IIS uses scripting to output a link to
top level domain part of the url requested. By crafting a particular URL it is possible to insert arbitrary script into the
page for execution.
The presence of this vulnerability also indicates that you are vulnerable to the other issues identified in MS02-018 (various remote buffer overflow and cross site scripting attacks...)
References:
http://www.microsoft.com/technet/security/bulletin/MS02-018.asp
http://jscript.dk/adv/TL001/
Risk factor : Medium
CVE : CVE-2002-0074
BID : 4483
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10936</id>
<data>
This IIS Server appears to vulnerable to one of the cross site scripting
attacks described in MS02-018. The default '404' file returned by IIS uses scripting to output a link to
top level domain part of the url requested. By crafting a particular URL it is possible to insert arbitrary script into the
page for execution.
The presence of this vulnerability also indicates that you are vulnerable to the other issues identified in MS02-018 (various remote buffer overflow and cross site scripting attacks...)
References:
http://www.microsoft.com/technet/security/bulletin/MS02-018.asp
http://jscript.dk/adv/TL001/
Risk factor : Medium
CVE : CVE-2002-0074
BID : 4483
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10077</id>
<data>
The remote web server appears to be running with the Frontpage extensions.
You should double check the configuration since a lot of security problems
have been found with FrontPage when the configuration file is not well set up.
Risk factor : High if your configuration file is not well set up
CVE : CAN-2000-0114
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10077</id>
<data>
The remote frontpage server may leak information on the anonymous user
By knowing the name of the anonymous user, more sophisticated attacks may be launched
Check the following data for any potential leaks:
method=open service:3.0.2.1105
<p>status=
<ul>
<li>status=917505
<li>osstatus=0
<li>msg=The user 'IUSR_SAPWEB' is not authorized to execute the 'open service' method.
<li>osmsg=
</ul>
</body>
</html>
1
CVE : CAN-2000-0114
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10077</id>
<data>
The remote web server appears to be running with the Frontpage extensions.
You should double check the configuration since a lot of security problems
have been found with FrontPage when the configuration file is not well set up.
Risk factor : High if your configuration file is not well set up
CVE : CAN-2000-0114
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10077</id>
<data>
The remote frontpage server may leak information on the anonymous user
By knowing the name of the anonymous user, more sophisticated attacks may be launched
Check the following data for any potential leaks:
method=open service:3.0.2.1105
<p>status=
<ul>
<li>status=917505
<li>osstatus=0
<li>msg=The user 'IUSR_SAPWEB' is not authorized to execute the 'open service' method.
<li>osmsg=
</ul>
</body>
</html>
1
CVE : CAN-2000-0114
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>11311</id>
<data>
The remote host has FrontPage Server Extensions (FPSE) installed.
There is a denial of service / buffer overflow condition
in the program 'shtml.exe' which comes with it. However,
no public detail has been given regarding this issue yet,
so it's not possible to remotely determine if you are
vulnerable to this flaw or not.
If you are, an attacker may use it to crash your web server
(FPSE 2000) or execute arbitrary code (FPSE 2002). Please
see the Microsoft Security Bulletin MS02-053 to determine
if you are vulnerable or not.
*** Nessus did not actually check for this flaw, so this
*** might be a false positive
Solution : See http://www.microsoft.com/technet/security/bulletin/ms02-053.asp
Risk factor : High
CVE : CAN-2002-0692
BID : 5804
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>11311</id>
<data>
The remote host has FrontPage Server Extensions (FPSE) installed.
There is a denial of service / buffer overflow condition
in the program 'shtml.exe' which comes with it. However,
no public detail has been given regarding this issue yet,
so it's not possible to remotely determine if you are
vulnerable to this flaw or not.
If you are, an attacker may use it to crash your web server
(FPSE 2000) or execute arbitrary code (FPSE 2002). Please
see the Microsoft Security Bulletin MS02-053 to determine
if you are vulnerable or not.
*** Nessus did not actually check for this flaw, so this
*** might be a false positive
Solution : See http://www.microsoft.com/technet/security/bulletin/ms02-053.asp
Risk factor : High
CVE : CAN-2002-0692
BID : 5804
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>11422</id>
<data>
The remote web server seems to have its default welcome page set.
It probably means that this server is not used at all.
Solution : Disable this service, as you do not use it
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10661</id>
<data>
IIS 5 has support for the Internet Printing Protocol(IPP), which is
enabled in a default install. The protocol is implemented in IIS5 as an
ISAPI extension. At least one security problem (a buffer overflow)
has been found with that extension in the past, so we recommend
you disable it if you do not use this functionality.
Solution:
To unmap the .printer extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .printer from the list.
Reference : http://online.securityfocus.com/archive/1/181109
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>11422</id>
<data>
The remote web server seems to have its default welcome page set.
It probably means that this server is not used at all.
Solution : Disable this service, as you do not use it
Risk factor : Low
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10671</id>
<data>
When IIS receives a user request to run a script, it renders
the request in a decoded canonical form, then performs
security checks on the decoded request. A vulnerability
results because a second, superfluous decoding pass is
performed after the initial security checks are completed.
Thus, a specially crafted request could allow an attacker to
execute arbitrary commands on the IIS Server.
Solution: See MS advisory MS01-026(Superseded by ms01-044)
See http://www.microsoft.com/technet/security/bulletin/ms01-044.asp
Risk factor : High
CVE : CVE-2001-0507, CVE-2001-0333
BID : 2708
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10661</id>
<data>
IIS 5 has support for the Internet Printing Protocol(IPP), which is
enabled in a default install. The protocol is implemented in IIS5 as an
ISAPI extension. At least one security problem (a buffer overflow)
has been found with that extension in the past, so we recommend
you disable it if you do not use this functionality.
Solution:
To unmap the .printer extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .printer from the list.
Reference : http://online.securityfocus.com/archive/1/181109
Risk factor : Low
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10864</id>
<data>
Here is the nikto report:
---------------------------------------------------------------------------
- Nikto 1.30/1.07 - www.cirt.net
+ Target IP: 192.168.4.55
+ Target Hostname: sapweb.xysap.example.net
+ Target Port: 80
+ Start Time: Wed Jul 23 16:18:25 2003
---------------------------------------------------------------------------
- Scan is dependent on "Server" string which can be faked, use -g to override
+ Server: Microsoft-IIS/5.0
+ Allowed HTTP Methods: OPTIONS, TRACE, GET, HEAD, COPY, PROPFIND, SEARCH, LOCK, UNLOCK
+ HTTP method 'PROPFIND' may indicate DAV/WebDAV is installed. This may allow DAV authorized users to consume system memory via large requests or fill disk quotas.
+ HTTP method 'TRACE' may allow client XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details.
+ Microsoft-IIS/5.0 is outdated if server is Win2000 (4.0 is current for NT 4)
+ / - TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACE)
+ / - TRACK option ('TRACE' alias) appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACK)
+ /blahb.ida - Reveals physical path. To fix: Preferences -> Home directory -> Application & check 'Check if file exists' for the ISAPI mappings. MS01-033. (GET)
+ /blahb.idq - Reveals physical path. To fix: Preferences -> Home directory -> Application & check 'Check if file exists' for the ISAPI mappings. MS01-033. (GET)
+ /xxxxxxxxxxabcd.html - The IIS server may be vulnerable to Cross Site Scripting (XSS) in error messages, ensure Q319733 is installed, see MS02-018, CVE-2002-0075, SNS-49, CA-2002-09 (GET)
+ /xxxxx.htw - Server may be vulnerable to a Webhits.dll arbitrary file retrieval. Ensure Q252463i, Q252463a or Q251170 is installed. MS00-006. (GET)
+ /NULL.printer - Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain admin privileges via a long print request that is passed to the extension through IIS 5.0. EEYE-AD20010501, CVE-2001-0241, MS01-023, CA-2001-10, BID 2674 (GET)
+ /scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir - IIS is vulnerable to a double-decode bug, which allows commands to be executed on the system. CAN-2001-0333. BID-2708. (GET)
+ /scripts/samples/search/qfullhit.htw - Server may be vulnerable to a Webhits.dll arbitrary file retrieval. MS00-006. (GET)
+ /scripts/samples/search/qsumrhit.htw - Server may be vulnerable to a Webhits.dll arbitrary file retrieval. MS00-006. (GET)
+ /whatever.htr - Reveals physical path. htr files may also be vulnerable to an off-by-one overflow that allows remote command execution (see MS02-018) (GET)
+ /_vti_bin/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir - IIS is vulnerable to a double-decode bug, which allows commands to be executed on the system. CAN-2001-0333. BID-2708. (GET)
+ /_vti_bin/fpcount.exe - Frontpage counter CGI has been found. FP Server version 97 allows remote users to execute arbitrary system commands, though a vulnerability in this version could not be confirmed. (GET)
+ /_vti_bin/shtml.dll/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611 - Gives info about server settings. CAN-2000-0413, CAN-2000-0709, CAN-2000-0710, BID-1608, BID-1174. (POST)
+ /_vti_bin/shtml.exe - Attackers may be able to crash FrontPage by requesting a DOS device, like shtml.exe/aux.htm -- a DoS was not attempted. CAN-2000-0413, CAN-2000-0709, CAN-2000-0710, BID-1608, BID-1174. (GET)
+ /_vti_bin/shtml.exe/_vti_rpc - FrontPage may be installed. (GET)
+ /_vti_bin/shtml.exe/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611 - Gives info about server settings. CAN-2000-0413, CAN-2000-0709, CAN-2000-0710, BID-1608, BID-1174. (POST)
+ /_vti_bin/_vti_aut/author.dll?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=f+ /_vti_bin/_vti_aut/author.exe?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=f+ /_vti_inf.html - FrontPage may be installed. (GET)
+ 1825 items checked - 18 items found on remote host
+ End Time: Wed Jul 23 16:18:46 2003 (21 seconds)
---------------------------------------------------------------------------
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10864</id>
<data>
Here is the nikto report:
---------------------------------------------------------------------------
- Nikto 1.30/1.07 - www.cirt.net
+ Target IP: 192.168.4.55
+ Target Hostname: sapweb.xysap.example.net
+ Target Port: 80
+ Start Time: Wed Jul 23 16:15:13 2003
---------------------------------------------------------------------------
- Scan is dependent on "Server" string which can be faked, use -g to override
+ Server: Microsoft-IIS/5.0
+ Allowed HTTP Methods: OPTIONS, TRACE, GET, HEAD, COPY, PROPFIND, SEARCH, LOCK, UNLOCK
+ HTTP method 'PROPFIND' may indicate DAV/WebDAV is installed. This may allow DAV authorized users to consume system memory via large requests or fill disk quotas.
+ HTTP method 'TRACE' may allow client XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details.
+ Microsoft-IIS/5.0 is outdated if server is Win2000 (4.0 is current for NT 4)
+ / - TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACE)
+ / - TRACK option ('TRACE' alias) appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACK)
+ /blahb.ida - Reveals physical path. To fix: Preferences -> Home directory -> Application & check 'Check if file exists' for the ISAPI mappings. MS01-033. (GET)
+ /blahb.idq - Reveals physical path. To fix: Preferences -> Home directory -> Application & check 'Check if file exists' for the ISAPI mappings. MS01-033. (GET)
+ /xxxxxxxxxxabcd.html - The IIS server may be vulnerable to Cross Site Scripting (XSS) in error messages, ensure Q319733 is installed, see MS02-018, CVE-2002-0075, SNS-49, CA-2002-09 (GET)
+ /xxxxx.htw - Server may be vulnerable to a Webhits.dll arbitrary file retrieval. Ensure Q252463i, Q252463a or Q251170 is installed. MS00-006. (GET)
+ /NULL.printer - Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain admin privileges via a long print request that is passed to the extension through IIS 5.0. EEYE-AD20010501, CVE-2001-0241, MS01-023, CA-2001-10, BID 2674 (GET)
+ /scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir - IIS is vulnerable to a double-decode bug, which allows commands to be executed on the system. CAN-2001-0333. BID-2708. (GET)
+ /scripts/samples/search/qfullhit.htw - Server may be vulnerable to a Webhits.dll arbitrary file retrieval. MS00-006. (GET)
+ /scripts/samples/search/qsumrhit.htw - Server may be vulnerable to a Webhits.dll arbitrary file retrieval. MS00-006. (GET)
+ /whatever.htr - Reveals physical path. htr files may also be vulnerable to an off-by-one overflow that allows remote command execution (see MS02-018) (GET)
+ /_vti_bin/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir - IIS is vulnerable to a double-decode bug, which allows commands to be executed on the system. CAN-2001-0333. BID-2708. (GET)
+ /_vti_bin/fpcount.exe - Frontpage counter CGI has been found. FP Server version 97 allows remote users to execute arbitrary system commands, though a vulnerability in this version could not be confirmed. (GET)
+ /_vti_bin/shtml.dll/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611 - Gives info about server settings. CAN-2000-0413, CAN-2000-0709, CAN-2000-0710, BID-1608, BID-1174. (POST)
+ /_vti_bin/shtml.exe - Attackers may be able to crash FrontPage by requesting a DOS device, like shtml.exe/aux.htm -- a DoS was not attempted. CAN-2000-0413, CAN-2000-0709, CAN-2000-0710, BID-1608, BID-1174. (GET)
+ /_vti_bin/shtml.exe/_vti_rpc - FrontPage may be installed. (GET)
+ /_vti_bin/shtml.exe/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611 - Gives info about server settings. CAN-2000-0413, CAN-2000-0709, CAN-2000-0710, BID-1608, BID-1174. (POST)
+ /_vti_bin/_vti_aut/author.dll?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=f+ /_vti_bin/_vti_aut/author.exe?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=f+ /_vti_inf.html - FrontPage may be installed. (GET)
+ 1825 items checked - 18 items found on remote host
+ End Time: Wed Jul 23 16:15:35 2003 (22 seconds)
---------------------------------------------------------------------------
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>11213</id>
<data>
Your webserver supports the TRACE and/or TRACK methods. It has been
shown that servers supporting this method are subject
to cross-site-scripting attacks, dubbed XST for
'Cross-Site-Tracing', when used in conjunction with
various weaknesses in browsers.
An attacker may use this flaw to trick your
legitimate web users to give him their
credentials.
Solution: Disable these methods.
If you are using Apache, add the following lines for each virtual
host in your configuration file :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
If you are using Microsoft IIS, use the URLScan tool to deny HTTP TRACE
requests or to permit only the methods needed to meet site requirements
and policy.
See http://www.whitehatsec.com/press_releases/WH-PR-20030120.pdf
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0035.html
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>11424</id>
<data>
The remote server is running with WebDAV enabled.
WebDAV is an industry standard extension to the HTTP specification.
It adds a capability for authorized users to remotely add and manage
the content of a web server.
If you do not use this extension, you should disable it.
Solution : If you use IIS, refer to Microsoft KB article Q241520
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>11213</id>
<data>
Your webserver supports the TRACE and/or TRACK methods. It has been
shown that servers supporting this method are subject
to cross-site-scripting attacks, dubbed XST for
'Cross-Site-Tracing', when used in conjunction with
various weaknesses in browsers.
An attacker may use this flaw to trick your
legitimate web users to give him their
credentials.
Solution: Disable these methods.
If you are using Apache, add the following lines for each virtual
host in your configuration file :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
If you are using Microsoft IIS, use the URLScan tool to deny HTTP TRACE
requests or to permit only the methods needed to meet site requirements
and policy.
See http://www.whitehatsec.com/press_releases/WH-PR-20030120.pdf
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0035.html
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>11424</id>
<data>
The remote server is running with WebDAV enabled.
WebDAV is an industry standard extension to the HTTP specification.
It adds a capability for authorized users to remotely add and manage
the content of a web server.
If you do not use this extension, you should disable it.
Solution : If you use IIS, refer to Microsoft KB article Q241520
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10695</id>
<data>
The IIS server appears to have the .IDA ISAPI filter mapped.
At least one remote vulnerability has been discovered for the .IDA
(indexing service) filter. This is detailed in Microsoft Advisory
MS01-033, and gives remote SYSTEM level access to the web server.
It is recommended that even if you have patched this vulnerability that
you unmap the .IDA extension, and any other unused ISAPI extensions
if they are not required for the operation of your site.
Solution:
To unmap the .IDA extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .ida from the list.
Risk factor : Medium
CVE : CVE-2001-0500
BID : 2880
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10932</id>
<data>
The IIS server appears to have the .HTR ISAPI filter mapped.
At least one remote vulnerability has been discovered for the .HTR
filter. This is detailed in Microsoft Advisory
MS02-018, and gives remote SYSTEM level access to the web server.
It is recommended that even if you have patched this vulnerability that
you unmap the .HTR extension, and any other unused ISAPI extensions
if they are not required for the operation of your site.
Solution :
To unmap the .HTR extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .htr from the list.
Risk factor : High
CVE : CVE-2002-0071
BID : 4474
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10695</id>
<data>
The IIS server appears to have the .IDA ISAPI filter mapped.
At least one remote vulnerability has been discovered for the .IDA
(indexing service) filter. This is detailed in Microsoft Advisory
MS01-033, and gives remote SYSTEM level access to the web server.
It is recommended that even if you have patched this vulnerability that
you unmap the .IDA extension, and any other unused ISAPI extensions
if they are not required for the operation of your site.
Solution:
To unmap the .IDA extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .ida from the list.
Risk factor : Medium
CVE : CVE-2001-0500
BID : 2880
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10932</id>
<data>
The IIS server appears to have the .HTR ISAPI filter mapped.
At least one remote vulnerability has been discovered for the .HTR
filter. This is detailed in Microsoft Advisory
MS02-018, and gives remote SYSTEM level access to the web server.
It is recommended that even if you have patched this vulnerability that
you unmap the .HTR extension, and any other unused ISAPI extensions
if they are not required for the operation of your site.
Solution :
To unmap the .HTR extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .htr from the list.
Risk factor : High
CVE : CVE-2002-0071
BID : 4474
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10107</id>
<data>
The remote web server type is :
Microsoft-IIS/5.0
Solution : You can use urlscan to change reported server for IIS.
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10107</id>
<data>
The remote web server type is :
Microsoft-IIS/5.0
Solution : You can use urlscan to change reported server for IIS.
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
A web server is running on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11032</id>
<data>
The following directories were discovered:
/_vti_bin, /images
The following directories require authentication:
/printers
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
A web server is running on this port
</data>
</information>
</port>
<port protocol="udp" portid="7938">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port
</data>
</information>
</port>
<port protocol="tcp" portid="7938">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port
</data>
</information>
</port>
<port protocol="tcp" portid="7937">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #390113 version 1 is running on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #390113 version 1 is running on this port
</data>
</information>
</port>
<port protocol="udp" portid="1091">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: bfa951d1-2f0e-11d3-bfd1-00c04fa3490a, version 1
Endpoint: ncadg_ip_udp:192.168.4.55[1091]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: bfa951d1-2f0e-11d3-bfd1-00c04fa3490a, version 1
Endpoint: ncadg_ip_udp:192.168.4.55[1091]
</data>
</information>
</port>
<port protocol="tcp" portid="1079">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1
Endpoint: ncacn_ip_tcp:192.168.4.55[1079]
UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1
Endpoint: ncacn_ip_tcp:192.168.4.55[1079]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1
Endpoint: ncacn_ip_tcp:192.168.4.55[1079]
UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1
Endpoint: ncacn_ip_tcp:192.168.4.55[1079]
</data>
</information>
</port>
<port protocol="udp" portid="1057">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1
Endpoint: ncadg_ip_udp:192.168.4.55[1057]
Annotation: Messenger Service
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1
Endpoint: ncadg_ip_udp:192.168.4.55[1057]
Annotation: Messenger Service
</data>
</information>
</port>
<port protocol="tcp" portid="1046">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.55[1046]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.55[1046]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.55[1046]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.55[1046]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.55[1046]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.55[1046]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.55[1046]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.55[1046]
</data>
</information>
</port>
<port protocol="tcp" portid="111">
<service name="sunrpc" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10223</id>
<data>
The RPC portmapper is running on this port.
An attacker may use it to enumerate your list
of RPC services. We recommend you filter traffic
going to this port.
Risk factor : Low
CVE : CAN-1999-0632, CVE-1999-0189
BID : 205
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10223</id>
<data>
The RPC portmapper is running on this port.
An attacker may use it to enumerate your list
of RPC services. We recommend you filter traffic
going to this port.
Risk factor : Low
CVE : CAN-1999-0632, CVE-1999-0189
BID : 205
</data>
</information>
</port>
<port protocol="tcp" portid="444">
<service name="snpp" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10919</id>
<data>
This port was detected as being open by a port scanner but is now closed.
This service might have been crashed by a port scanner or by a plugin
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10919</id>
<data>
This port was detected as being open by a port scanner but is now closed.
This service might have been crashed by a port scanner or by a plugin
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10662</id>
<data>
The following CGI have been discovered :
Syntax : cginame (arguments [default value])
/StartPage/search.jsp (searchbutton [Search] searchtype [] )
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
A web server is running on this port through SSL
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
A TLSv1 server answered on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10863</id>
<data>
This TLSv1 server does not accept SSLv2 connections.
This TLSv1 server also accepts SSLv3 connections.
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10863</id>
<data>
Here is the SSLv3 server certificate:
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 1196043176 (0x474a2ba8)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=BG, ST=Sofia, L=Sofia, O=InQMy Technologies, OU=Security Team, CN=In-Q-My Demo CA
Validity
Not Before: Dec 31 23:00:00 1999 GMT
Not After : Dec 31 23:00:00 2002 GMT
Subject: C=BG, ST=Sofia, L=Sofia, O=app-server, OU=ssl-enabled-server, CN=localhost
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:b6:85:b3:fa:6b:a5:a2:54:a9:ff:7a:10:b0:63:
41:ed:9e:18:88:d8:4f:a9:cb:9c:a3:95:d8:e7:13:
c0:b6:9a:f8:d6:42:94:c2:80:89:c2:f5:d6:3f:90:
02:a0:52:1e:2f:b7:aa:33:ba:01:d8:86:dd:d5:d7:
4a:03:19:40:1d:94:56:f4:f6:89:ac:b9:7f:db:19:
4b:8f:00:a3:5f:16:46:70:e0:40:83:18:8c:4d:1f:
50:58:df:df:0f:8f:be:3d:a2:51:da:f0:08:0c:16:
2b:e4:73:28:7b:a7:c5:7a:31:4f:b3:5e:0f:19:0f:
2e:24:70:ba:97:e4:28:74:3d
Exponent: 65537 (0x10001)
Signature Algorithm: md5WithRSAEncryption
2c:83:5b:81:fb:84:5f:25:d8:1e:87:74:f6:a8:0c:c4:31:cf:
41:d8:a0:e8:83:b9:bb:b4:96:ca:01:08:aa:20:e4:af:e1:cc:
f6:f4:bf:5d:95:fe:32:7f:12:b5:81:c5:2d:c9:78:e7:48:b4:
e4:fd:58:a4:17:cf:23:f2:59:ae:17:db:c2:a6:b7:c5:ed:02:
38:85:6b:af:98:4f:c0:4a:67:77:96:2c:4b:2d:a2:ff:54:73:
54:92:d9:c6:01:1c:9e:72:17:8d:56:5d:5a:10:01:ba:98:5f:
5f:c4:82:c0:eb:39:50:e0:75:53:86:46:cb:ce:65:88:c7:92:
6e:e7
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
A web server is running on this port through SSL
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
A TLSv1 server answered on this port
</data>
</information>
</port>
<port protocol="udp" portid="161">
<service name="snmp" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10551</id>
<data>
It was possible to obtain the list of network interfaces of the
remote host via SNMP :
. MS TCP Loopback interface
. Compaq Ethernet/Fast Ethernet Adapter/Module
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10551</id>
<data>
It was possible to obtain the list of network interfaces of the
remote host via SNMP :
. MS TCP Loopback interface
. Compaq Ethernet/Fast Ethernet Adapter/Module
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10548</id>
<data>
It was possible to obtain the list of Lanman shares of the
remote host via SNMP :
. saploc
. sapmnt
. D:usr
. D:usr
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10548</id>
<data>
It was possible to obtain the list of Lanman shares of the
remote host via SNMP :
. saploc
. sapmnt
. D:usr
. D:usr
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10547</id>
<data>
It was possible to obtain the list of Lanman services of the
remote host via SNMP :
. Server
. Alerter
. SAPOSCOL
. Surveyor
. Event Log
. Messenger
. Net Logon
. SAPZWA_00
. Telephony
. DNS Client
. DHCP Client
. MSSQLSERVER
. Workstation
. SNMP Service
. Windows Time
. In-Q-My Alone
. Plug and Play
. Print Spooler
. RunAs Service
. Task Scheduler
. Compaq Web Agent
. Computer Browser
. COM+ Event System
. Compaq NIC Agents
. IIS Admin Service
. Protected Storage
. Removable Storage
. Terminal Services
. IPSEC Policy Agent
. SMS Client Service
. Compaq Server Agents
. Logical Disk Manager
. Compaq Storage Agents
. Distributed File System
. License Logging Service
. NetWorker Power Monitor
. Remote Registry Service
. Compaq Foundation Agents
. SMS Remote Control Agent
. Security Accounts Manager
. System Event Notification
. Remote Procedure Call (RPC)
. Compaq Version Control Agent
. Compaq Remote Monitor Service
. NetWorker Remote Exec Service
. TCP/IP NetBIOS Helper Service
. Compaq System Shutdown Service
. Distributed Link Tracking Client
. Remote Access Connection Manager
. World Wide Web Publishing Service
. Windows Management Instrumentation
. Distributed Transaction Coordinator
. Simple Mail Transport Protocol (SMTP)
. Windows Management Instrumentation Driver Extensions
. Compaq Enhanced Integrated Management Display Service
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10547</id>
<data>
It was possible to obtain the list of Lanman services of the
remote host via SNMP :
. Server
. Alerter
. SAPOSCOL
. Surveyor
. Event Log
. Messenger
. Net Logon
. SAPZWA_00
. Telephony
. DNS Client
. DHCP Client
. MSSQLSERVER
. Workstation
. SNMP Service
. Windows Time
. In-Q-My Alone
. Plug and Play
. Print Spooler
. RunAs Service
. Task Scheduler
. Compaq Web Agent
. Computer Browser
. COM+ Event System
. Compaq NIC Agents
. IIS Admin Service
. Protected Storage
. Removable Storage
. Terminal Services
. IPSEC Policy Agent
. SMS Client Service
. Compaq Server Agents
. Logical Disk Manager
. Compaq Storage Agents
. Distributed File System
. License Logging Service
. NetWorker Power Monitor
. Remote Registry Service
. Compaq Foundation Agents
. SMS Remote Control Agent
. Security Accounts Manager
. System Event Notification
. Remote Procedure Call (RPC)
. Compaq Version Control Agent
. Compaq Remote Monitor Service
. NetWorker Remote Exec Service
. TCP/IP NetBIOS Helper Service
. Compaq System Shutdown Service
. Distributed Link Tracking Client
. Remote Access Connection Manager
. World Wide Web Publishing Service
. Windows Management Instrumentation
. Distributed Transaction Coordinator
. Simple Mail Transport Protocol (SMTP)
. Windows Management Instrumentation Driver Extensions
. Compaq Enhanced Integrated Management Display Service
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10546</id>
<data>
It was possible to obtain the list of SMB users of the
remote host via SNMP :
. Guest
. ighodarog
. IUSR_SAPWEB
. IWAM_SAPWEB
. Administrator
. SMSCliSvcAcct&
. TsInternetUser
. SMSCliToknAcct&
An attacker may use this information to set up brute force
attacks or find an unused account.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10800</id>
<data>
Using SNMP, we could determine that the remote operating system is :
Hardware: x86 Family 6 Model 7 Stepping 3 AT/AT COMPATIBLE - Software: Windows 2000 Version 5.0 (Build 2195 Multiprocessor Free)
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10264</id>
<data>
SNMP Agent responded as expected with community name: public
CVE : CAN-1999-0517, CAN-1999-0186, CAN-1999-0254
BID : 177, 7081, 7212, 7317
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10546</id>
<data>
It was possible to obtain the list of SMB users of the
remote host via SNMP :
. Guest
. ighodarog
. IUSR_SAPWEB
. IWAM_SAPWEB
. Administrator
. SMSCliSvcAcct&
. TsInternetUser
. SMSCliToknAcct&
An attacker may use this information to set up brute force
attacks or find an unused account.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10800</id>
<data>
Using SNMP, we could determine that the remote operating system is :
Hardware: x86 Family 6 Model 7 Stepping 3 AT/AT COMPATIBLE - Software: Windows 2000 Version 5.0 (Build 2195 Multiprocessor Free)
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10264</id>
<data>
SNMP Agent responded as expected with community name: public
CVE : CAN-1999-0517, CAN-1999-0186, CAN-1999-0254
BID : 177, 7081, 7212, 7317
</data>
</information>
</port>
<port protocol="tcp" portid="25">
<service name="smtp" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10885</id>
<data>
It is possible to make the remote SMTP server fail
and restart by sending it malformed input.
The service will restart automatically, but all the connections
established at the time of the attack will be dropped.
An attacker may use this flaw to make mail delivery to your site
less efficient.
Solution : http://www.microsoft.com/technet/security/bulletin/MS02-012.asp
Risk factor : Medium
CVE : CVE-2002-0055
BID : 4204
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>11308</id>
<data>
It is possible to authenticate to the remote SMTP service
by logging in as a NULL session.
An attacker may use this flaw to use your SMTP server as a
spam relay.
Solution : http://www.microsoft.com/technet/security/bulletin/MS02-011.asp
Risk factor : Medium
CVE : CVE-2002-0054
BID : 4205
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10885</id>
<data>
It is possible to make the remote SMTP server fail
and restart by sending it malformed input.
The service will restart automatically, but all the connections
established at the time of the attack will be dropped.
An attacker may use this flaw to make mail delivery to your site
less efficient.
Solution : http://www.microsoft.com/technet/security/bulletin/MS02-012.asp
Risk factor : Medium
CVE : CVE-2002-0055
BID : 4204
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11034</id>
<data>
For some reason, we could not send the EICAR test string to this MTA
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>11308</id>
<data>
It is possible to authenticate to the remote SMTP service
by logging in as a NULL session.
An attacker may use this flaw to use your SMTP server as a
spam relay.
Solution : http://www.microsoft.com/technet/security/bulletin/MS02-011.asp
Risk factor : Medium
CVE : CVE-2002-0054
BID : 4205
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11034</id>
<data>
For some reason, we could not send the EICAR test string to this MTA
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11421</id>
<data>
This server could be fingerprinted as being Microsoft ESMTP MAIL Service, Version 5.0.2195
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11421</id>
<data>
This server could be fingerprinted as being Microsoft ESMTP MAIL Service, Version 5.0.2195
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10263</id>
<data>
Remote SMTP server banner :
220 sapweb.xysap.example.net Microsoft ESMTP MAIL Service, Version: 5.0.2195.2966 ready at Wed, 23 Jul 2003 15:42:46 -0400
This is probably: Microsoft Exchange version 5.0.2195.2966 ready at Wed, 23 Jul 2003 15:42:46 -0400
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
An SMTP server is running on this port
Here is its banner :
220 sapweb.xysap.example.net Microsoft ESMTP MAIL Service, Version: 5.0.2195.2966 ready at Wed, 23 Jul 2003 15:41:18 -0400
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10263</id>
<data>
Remote SMTP server banner :
220 sapweb.xysap.example.net Microsoft ESMTP MAIL Service, Version: 5.0.2195.2966 ready at Wed, 23 Jul 2003 15:39:17 -0400
This is probably: Microsoft Exchange version 5.0.2195.2966 ready at Wed, 23 Jul 2003 15:39:17 -0400
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
An SMTP server is running on this port
Here is its banner :
220 sapweb.xysap.example.net Microsoft ESMTP MAIL Service, Version: 5.0.2195.2966 ready at Wed, 23 Jul 2003 15:38:24 -0400
</data>
</information>
</port>
<port protocol="tcp" portid="139">
<service name="netbios-ssn" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10916</id>
<data>
The following local accounts have passwords which never expire :
Administrator
Guest
TsInternetUser
IUSR_SAPWEB
IWAM_SAPWEB
ighodarog
SMSCliSvcAcct&
SMSCliToknAcct&
Password should have a limited lifetime
Solution : disable password non-expiry
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10916</id>
<data>
The following local accounts have passwords which never expire :
Administrator
Guest
TsInternetUser
IUSR_SAPWEB
IWAM_SAPWEB
ighodarog
SMSCliSvcAcct&
SMSCliToknAcct&
Password should have a limited lifetime
Solution : disable password non-expiry
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10397</id>
<data>
Here is the browse list of the remote host :
SAPWEB -
AZHQ_SAPBDC -
AZHQ_SAPPDC -
AZRP_SAPDR -
ZAZSAPA1 -
ZAZSAPA2 -
ZAZSAPA3 -
ZAZSAPD -
ZAZSAPD1 -
ZAZSAPD2 -
ZAZSAPP1 -
ZAZSAPT1 -
ZAZSAPT2 -
This is potentially dangerous as this may help the attack
of a potential hacker by giving him extra targets to check for
Solution : filter incoming traffic to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10397</id>
<data>
Here is the browse list of the remote host :
SAPWEB -
AZHQ_SAPBDC -
AZHQ_SAPPDC -
AZRP_SAPDR -
ZAZSAPA1 -
ZAZSAPA2 -
ZAZSAPA3 -
ZAZSAPD -
ZAZSAPD1 -
ZAZSAPD2 -
ZAZSAPP1 -
ZAZSAPT1 -
ZAZSAPT2 -
This is potentially dangerous as this may help the attack
of a potential hacker by giving him extra targets to check for
Solution : filter incoming traffic to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10899</id>
<data>
The following accounts have never logged in :
Guest
Unused accounts are very helpful to hacker
Solution : suppress these accounts
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10899</id>
<data>
The following accounts have never logged in :
Guest
Unused accounts are very helpful to hacker
Solution : suppress these accounts
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10915</id>
<data>
The following local accounts have never logged in :
Guest
TsInternetUser
Unused accounts are very helpful to hacker
Solution : suppress these accounts
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10914</id>
<data>
The following local accounts have never changed their password :
TsInternetUser
IUSR_SAPWEB
IWAM_SAPWEB
ighodarog
To minimize the risk of break-in, users should
change their password regularly
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10915</id>
<data>
The following local accounts have never logged in :
Guest
TsInternetUser
Unused accounts are very helpful to hacker
Solution : suppress these accounts
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10914</id>
<data>
The following local accounts have never changed their password :
TsInternetUser
IUSR_SAPWEB
IWAM_SAPWEB
ighodarog
To minimize the risk of break-in, users should
change their password regularly
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10900</id>
<data>
The following accounts have passwords which never expire :
Administrator
Guest
Password should have a limited lifetime
Solution : disable password non-expiry
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10900</id>
<data>
The following accounts have passwords which never expire :
Administrator
Guest
Password should have a limited lifetime
Solution : disable password non-expiry
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10913</id>
<data>
The following local accounts are disabled :
Guest
To minimize the risk of break-in, permanently disabled accounts
should be deleted
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10860</id>
<data>
The host SID could be used to enumerate the names of the local users
of this host.
(we only enumerated users name whose ID is between 1000 and 2000
for performance reasons)
This gives extra knowledge to an attacker, which
is not a good thing :
- Administrator account name : Administrator (id 500)
- Guest account name : Guest (id 501)
- TsInternetUser (id 1000)
- IUSR_SAPWEB (id 1001)
- IWAM_SAPWEB (id 1002)
- SAP_LocalAdmin (id 1005)
- SAP_ZWA_LocalAdmin (id 1006)
- ighodarog (id 1007)
- SMSCliSvcAcct& (id 1008)
- SMSCliToknAcct& (id 1009)
Risk factor : Medium
Solution : filter incoming connections this port
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10859</id>
<data>
The host SID can be obtained remotely. Its value is :
SAPWEB : 5-21-448539723-789336058-682003330
An attacker can use it to obtain the list of the local users of this host
Solution : filter the ports 137 to 139 and 445
Risk factor : Low
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10913</id>
<data>
The following local accounts are disabled :
Guest
To minimize the risk of break-in, permanently disabled accounts
should be deleted
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10860</id>
<data>
The host SID could be used to enumerate the names of the local users
of this host.
(we only enumerated users name whose ID is between 1000 and 2000
for performance reasons)
This gives extra knowledge to an attacker, which
is not a good thing :
- Administrator account name : Administrator (id 500)
- Guest account name : Guest (id 501)
- TsInternetUser (id 1000)
- IUSR_SAPWEB (id 1001)
- IWAM_SAPWEB (id 1002)
- SAP_LocalAdmin (id 1005)
- SAP_ZWA_LocalAdmin (id 1006)
- ighodarog (id 1007)
- SMSCliSvcAcct& (id 1008)
- SMSCliToknAcct& (id 1009)
Risk factor : Medium
Solution : filter incoming connections this port
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10859</id>
<data>
The host SID can be obtained remotely. Its value is :
SAPWEB : 5-21-448539723-789336058-682003330
An attacker can use it to obtain the list of the local users of this host
Solution : filter the ports 137 to 139 and 445
Risk factor : Low
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10897</id>
<data>
The following accounts are disabled :
Guest
To minimize the risk of break-in, permanently disabled accounts
should be deleted
Risk factor : Low
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10785</id>
<data>
The remote native lan manager is : Windows 2000 LAN Manager
The remote Operating System is : Windows 5.0
The remote SMB Domain Name is : AZSAP
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10897</id>
<data>
The following accounts are disabled :
Guest
To minimize the risk of break-in, permanently disabled accounts
should be deleted
Risk factor : Low
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10785</id>
<data>
The remote native lan manager is : Windows 2000 LAN Manager
The remote Operating System is : Windows 5.0
The remote SMB Domain Name is : AZSAP
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10399</id>
<data>
The domain SID could be used to enumerate the names of the users
of this domain.
(we only enumerated users name whose ID is between 1000 and 2000
for performance reasons)
This gives extra knowledge to an attacker, which
is not a good thing :
- Administrator account name : Administrator (id 500)
- Guest account name : Guest (id 501)
- AZHQ_SAPPDC$ (id 1000)
- Remote Control Operators (id 1001)
- SAP_ZD1_GlobalAdmin (id 1003)
- zd1adm (id 1004)
- SAPServiceZD1 (id 1005)
- ZAZSAPA1$ (id 1006)
- ZAZSAPA3$ (id 1007)
- ZAZSAPA2$ (id 1008)
- caunint (id 1009)
- ZAZSAPP1$ (id 1010)
- SAP_ZT1_GlobalAdmin (id 1012)
- zt1adm (id 1013)
- SAPServiceZT1 (id 1014)
- SAP_ZP1_GlobalAdmin (id 1015)
- zp1adm (id 1016)
- SAPServiceZP1 (id 1017)
- AZI$ (id 1018)
- SAPServiceZU1 (id 1021)
- zu1adm (id 1022)
- ramey (id 1023)
- AZHQ_SAPBDC$ (id 1024)
- transport (id 1025)
- test (id 1027)
- SAP_ZU1_GlobalAdmin (id 1028)
- SAPDR$ (id 1030)
- SAPWEB$ (id 1032)
- SAP_ZWA_GlobalAdmin (id 1036)
- zwaadm (id 1037)
- SAPServiceZWA (id 1038)
- AZRP_SAPDR$ (id 1040)
- SAP_ZDR_GlobalAdmin (id 1041)
- SAPServiceZDR (id 1042)
- zdradm (id 1043)
- TXCTRL$ (id 1044)
- TsInternetUser (id 1046)
- e1tadm (id 1161)
- ZAZSAPD2$ (id 1164)
- ZAZSAPD1$ (id 1165)
- ZAZSAPT2$ (id 1166)
- ZAZSAPT1$ (id 1167)
Risk factor : Medium
Solution : filter incoming connections this port
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10398</id>
<data>
The domain SID can be obtained remotely. Its value is :
AZSAP : 5-21-2072122820-1326648136-612134452
An attacker can use it to obtain the list of the local users of this host
Solution : filter the ports 137 to 139 and 445
Risk factor : Low
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10394</id>
<data>
. It was possible to log into the remote host using a NULL session.
The concept of a NULL session is to provide a null username and
a null password, which grants the user the 'guest' access
To prevent null sessions, see MS KB Article Q143474 (NT 4.0) and
Q246261 (Windows 2000).
Note that this won't completely disable null sessions, but will
prevent them from connecting to IPC$
Please see http://msgs.securepoint.com/cgi-bin/get/nessus-0204/50/1.html
. All the smb tests will be done as ''/'' in domain AZSAP
CVE : CAN-1999-0504, CAN-1999-0506, CVE-2000-0222
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10399</id>
<data>
The domain SID could be used to enumerate the names of the users
of this domain.
(we only enumerated users name whose ID is between 1000 and 2000
for performance reasons)
This gives extra knowledge to an attacker, which
is not a good thing :
- Administrator account name : Administrator (id 500)
- Guest account name : Guest (id 501)
- AZHQ_SAPPDC$ (id 1000)
- Remote Control Operators (id 1001)
- SAP_ZD1_GlobalAdmin (id 1003)
- zd1adm (id 1004)
- SAPServiceZD1 (id 1005)
- ZAZSAPA1$ (id 1006)
- ZAZSAPA3$ (id 1007)
- ZAZSAPA2$ (id 1008)
- caunint (id 1009)
- ZAZSAPP1$ (id 1010)
- SAP_ZT1_GlobalAdmin (id 1012)
- zt1adm (id 1013)
- SAPServiceZT1 (id 1014)
- SAP_ZP1_GlobalAdmin (id 1015)
- zp1adm (id 1016)
- SAPServiceZP1 (id 1017)
- AZI$ (id 1018)
- SAPServiceZU1 (id 1021)
- zu1adm (id 1022)
- ramey (id 1023)
- AZHQ_SAPBDC$ (id 1024)
- transport (id 1025)
- test (id 1027)
- SAP_ZU1_GlobalAdmin (id 1028)
- SAPDR$ (id 1030)
- SAPWEB$ (id 1032)
- SAP_ZWA_GlobalAdmin (id 1036)
- zwaadm (id 1037)
- SAPServiceZWA (id 1038)
- AZRP_SAPDR$ (id 1040)
- SAP_ZDR_GlobalAdmin (id 1041)
- SAPServiceZDR (id 1042)
- zdradm (id 1043)
- TXCTRL$ (id 1044)
- TsInternetUser (id 1046)
- e1tadm (id 1161)
- ZAZSAPD2$ (id 1164)
- ZAZSAPD1$ (id 1165)
- ZAZSAPT2$ (id 1166)
- ZAZSAPT1$ (id 1167)
Risk factor : Medium
Solution : filter incoming connections this port
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10398</id>
<data>
The domain SID can be obtained remotely. Its value is :
AZSAP : 5-21-2072122820-1326648136-612134452
An attacker can use it to obtain the list of the local users of this host
Solution : filter the ports 137 to 139 and 445
Risk factor : Low
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10394</id>
<data>
. It was possible to log into the remote host using a NULL session.
The concept of a NULL session is to provide a null username and
a null password, which grants the user the 'guest' access
To prevent null sessions, see MS KB Article Q143474 (NT 4.0) and
Q246261 (Windows 2000).
Note that this won't completely disable null sessions, but will
prevent them from connecting to IPC$
Please see http://msgs.securepoint.com/cgi-bin/get/nessus-0204/50/1.html
. All the smb tests will be done as ''/'' in domain AZSAP
CVE : CAN-1999-0504, CAN-1999-0506, CVE-2000-0222
</data>
</information>
</port>
<port protocol="udp" portid="137">
<service name="netbios-ns" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10150</id>
<data>
. The following 9 NetBIOS names have been gathered :
SAPWEB
AZSAP
SAPWEB
SAPWEB
AZSAP
INet~Services
IS~SAPWEB
AZSAP
__MSBROWSE__
. The remote host has the following MAC address on its adapter :
0x00 0x50 0x8b 0x6b 0x6c 0x65
If you do not want to allow everyone to find the NetBios name
of your computer, you should filter incoming traffic to this port.
Risk factor : Medium
CVE : CAN-1999-0621
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10150</id>
<data>
. The following 9 NetBIOS names have been gathered :
SAPWEB
AZSAP
SAPWEB
SAPWEB
AZSAP
INet~Services
IS~SAPWEB
AZSAP
__MSBROWSE__
. The remote host has the following MAC address on its adapter :
0x00 0x50 0x8b 0x6b 0x6c 0x65
If you do not want to allow everyone to find the NetBios name
of your computer, you should filter incoming traffic to this port.
Risk factor : Medium
CVE : CAN-1999-0621
</data>
</information>
</port>
<port protocol="tcp" portid="3389">
<service name="ms-term-serv" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10940</id>
<data>
The Terminal Services are enabled on the remote host.
Terminal Services allow a Windows user to remotely obtain
a graphical login (and therefore act as a local user on the
remote host).
If an attacker gains a valid login and password, he may
be able to use this service to gain further access
on the remote host.
Note that RDP (the Remote Desktop Protocol) is vulnerable
to Man-in-the-middle attacks, making it easy for attackers to
steal the credentials of legitimates users by impersonating the
Windows server.
Solution : Disable the Terminal Services if you do not use them, and
do not allow this service to run across the internet
Risk factor : Medium
BID : 7258
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10940</id>
<data>
The Terminal Services are enabled on the remote host.
Terminal Services allow a Windows user to remotely obtain
a graphical login (and therefore act as a local user on the
remote host).
If an attacker gains a valid login and password, he may
be able to use this service to gain further access
on the remote host.
Note that RDP (the Remote Desktop Protocol) is vulnerable
to Man-in-the-middle attacks, making it easy for attackers to
steal the credentials of legitimates users by impersonating the
Windows server.
Solution : Disable the Terminal Services if you do not use them, and
do not allow this service to run across the internet
Risk factor : Medium
BID : 7258
</data>
</information>
</port>
<port protocol="tcp" portid="1433">
<service name="ms-sql-s" method="nessus" conf="3" />
<information>
<severity>Security Hole</severity>
<id>11067</id>
<data>
The remote MS SQL server is vulnerable to the Hello overflow.
An attacker may use this flaw to execute commands against
the remote host as LOCAL/SYSTEM, as well as read your database content.
Solution : Install Microsoft Patch Q316333 at
http://support.microsoft.com/default.aspx?scid=kb
en-us
Q316333&sd=tech
or disable the Microsoft SQL Server service or use a firewall to protect the
MS SQL port (1433).
Risk factor : High
CVE : CAN-2002-1123
BID : 5411
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>11067</id>
<data>
The remote MS SQL server is vulnerable to the Hello overflow.
An attacker may use this flaw to execute commands against
the remote host as LOCAL/SYSTEM, as well as read your database content.
Solution : Install Microsoft Patch Q316333 at
http://support.microsoft.com/default.aspx?scid=kb
en-us
Q316333&sd=tech
or disable the Microsoft SQL Server service or use a firewall to protect the
MS SQL port (1433).
Risk factor : High
CVE : CAN-2002-1123
BID : 5411
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10144</id>
<data>
Microsoft SQL server is running on this port.
You should never let any unauthorized users establish
connections to this service.
Solution: Block this port from outside communication
Risk factor : Medium
CVE : CAN-1999-0652
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10144</id>
<data>
Microsoft SQL server is running on this port.
You should never let any unauthorized users establish
connections to this service.
Solution: Block this port from outside communication
Risk factor : Medium
CVE : CAN-1999-0652
</data>
</information>
</port>
<port protocol="udp" portid="1434">
<service name="ms-sql-m" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10674</id>
<data>
Here is the reply to a MS SQL 'ping' request :
ServerName
SAPWEB
InstanceName
MSSQLSERVER
IsClustered
No
Version
8.00.194
tcp
1433
np
\\SAPWEB\pipe\sql\query
*** Note that the version number might be inaccurate, as Microsoft
*** decided to not increase it with new releases of its software
It is suggested you filter incoming traffic to this port
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>11214</id>
<data>
The remote host MS SQL server is vulnerable to several overflows which could
be exploited by an attacker to gain SYSTEM access on that host.
Note that a worm (sapphire) is exploiting this vulnerability in the wild.
Solution : http://www.microsoft.com/technet/security/bulletin/ms02-061.asp
Risk factor : High
CVE : CAN-2002-1137, CAN-2002-1138, CAN-2002-0649, CVE-2002-0650, CAN-2002-1145, CAN-2002-0644, CAN-2002-0645, CAN-2002-0721
BID : 5310, 5311
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10674</id>
<data>
Here is the reply to a MS SQL 'ping' request :
ServerName
SAPWEB
InstanceName
MSSQLSERVER
IsClustered
No
Version
8.00.194
tcp
1433
np
\\SAPWEB\pipe\sql\query
*** Note that the version number might be inaccurate, as Microsoft
*** decided to not increase it with new releases of its software
It is suggested you filter incoming traffic to this port
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>11214</id>
<data>
The remote host MS SQL server is vulnerable to several overflows which could
be exploited by an attacker to gain SYSTEM access on that host.
Note that a worm (sapphire) is exploiting this vulnerability in the wild.
Solution : http://www.microsoft.com/technet/security/bulletin/ms02-061.asp
Risk factor : High
CVE : CAN-2002-1137, CAN-2002-1138, CAN-2002-0649, CVE-2002-0650, CAN-2002-1145, CAN-2002-0644, CAN-2002-0645, CAN-2002-0721
BID : 5310, 5311
</data>
</information>
</port>
<port protocol="tcp" portid="445">
<service name="microsoft-ds" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>11011</id>
<data>
A CIFS server is running on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11011</id>
<data>
A CIFS server is running on this port
</data>
</information>
</port>
<port protocol="tcp" portid="135">
<service name="loc-srv" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10736</id>
<data>
DCE services running on the remote can be enumerated
by connecting on port 135 and doing the appropriate
queries.
An attacker may use this fact to gain more knowledge
about the remote host.
Solution : filter incoming traffic to this port.
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10736</id>
<data>
DCE services running on the remote can be enumerated
by connecting on port 135 and doing the appropriate
queries.
An attacker may use this fact to gain more knowledge
about the remote host.
Solution : filter incoming traffic to this port.
Risk factor : Low
</data>
</information>
</port>
<port protocol="tcp" portid="443">
<service name="https" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
An unknown service is running on this port.
It is usually reserved for HTTPS
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
An unknown service is running on this port.
It is usually reserved for HTTPS
</data>
</information>
</port>
<port protocol="tcp" portid="81">
<service name="hosts2-ns" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10919</id>
<data>
This port was detected as being open by a port scanner but is now closed.
This service might have been crashed by a port scanner or by a plugin
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10919</id>
<data>
This port was detected as being open by a port scanner but is now closed.
This service might have been crashed by a port scanner or by a plugin
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10662</id>
<data>
The following CGI have been discovered :
Syntax : cginame (arguments [default value])
/StartPage/search.jsp (searchbutton [Search] searchtype [] )
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
A web server is running on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
A web server is running on this port
</data>
</information>
</port>
<port protocol="udp">
<service name="general/udp" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10287</id>
<data>
For your information, here is the traceroute to 192.168.4.55 :
192.168.4.55
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10287</id>
<data>
For your information, here is the traceroute to 192.168.4.55 :
192.168.4.55
</data>
</information>
</port>
<port protocol="tcp">
<service name="general/tcp" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>11618</id>
<data>
The remote host does not discard TCP SYN packets which
have the FIN flag set.
Depending on the kind of firewall you are using, an
attacker may use this flaw to bypass its rules.
See also : http://archives.neohapsis.com/archives/bugtraq/2002-10/0266.html
http://www.kb.cert.org/vuls/id/464113
Solution : Contact your vendor for a patch
Risk factor : Medium
BID : 7487
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>11618</id>
<data>
The remote host does not discard TCP SYN packets which
have the FIN flag set.
Depending on the kind of firewall you are using, an
attacker may use this flaw to bypass its rules.
See also : http://archives.neohapsis.com/archives/bugtraq/2002-10/0266.html
http://www.kb.cert.org/vuls/id/464113
Solution : Contact your vendor for a patch
Risk factor : Medium
BID : 7487
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10201</id>
<data>
The remote host uses non-random IP IDs, that is, it is
possible to predict the next value of the ip_id field of
the ip packets sent by this host.
An attacker may use this feature to determine if the remote
host sent a packet in reply to another request. This may be
used for portscanning and other things.
Solution : Contact your vendor for a patch
Risk factor : Low
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11268</id>
<data>
Remote OS guess : Windows Millennium Edition (Me), Win 2000, or WinXP
CVE : CAN-1999-0454
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10201</id>
<data>
The remote host uses non-random IP IDs, that is, it is
possible to predict the next value of the ip_id field of
the ip packets sent by this host.
An attacker may use this feature to determine if the remote
host sent a packet in reply to another request. This may be
used for portscanning and other things.
Solution : Contact your vendor for a patch
Risk factor : Low
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11268</id>
<data>
Remote OS guess : Windows Millennium Edition (Me), Win 2000, or WinXP
CVE : CAN-1999-0454
</data>
</information>
</port>
<port protocol="icmp">
<service name="general/icmp" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10114</id>
<data>
The remote host answers to an ICMP timestamp request. This allows an attacker
to know the date which is set on your machine.
This may help him to defeat all your time based authentication protocols.
Solution : filter out the ICMP timestamp requests (13), and the outgoing ICMP
timestamp replies (14).
Risk factor : Low
CVE : CAN-1999-0524
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10114</id>
<data>
The remote host answers to an ICMP timestamp request. This allows an attacker
to know the date which is set on your machine.
This may help him to defeat all your time based authentication protocols.
Solution : filter out the ICMP timestamp requests (13), and the outgoing ICMP
timestamp replies (14).
Risk factor : Low
CVE : CAN-1999-0524
</data>
</information>
</port>
<port protocol="tcp" portid="551">
<service name="cybercash" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10919</id>
<data>
This port was detected as being open by a port scanner but is now closed.
This service might have been crashed by a port scanner or by a plugin
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10919</id>
<data>
This port was detected as being open by a port scanner but is now closed.
This service might have been crashed by a port scanner or by a plugin
</data>
</information>
</port>
<port protocol="tcp" portid="2301">
<service name="compaqdiag" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10746</id>
<data>
Remote Compaq HTTP server version is: 4.1
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10746</id>
<data>
Remote Compaq HTTP server version is: 4.1
</data>
</information>
</port>
<port protocol="tcp" portid="1084">
<service name="ansoft-lm-2" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 82ad4280-036b-11cf-972c-00aa006887b0, version 2
Endpoint: ncacn_ip_tcp:192.168.4.55[1084]
UUID: 8cfb5d70-31a4-11cf-a7d8-00805f48a135, version 3
Endpoint: ncacn_ip_tcp:192.168.4.55[1084]
UUID: bfa951d1-2f0e-11d3-bfd1-00c04fa3490a, version 1
Endpoint: ncacn_ip_tcp:192.168.4.55[1084]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 82ad4280-036b-11cf-972c-00aa006887b0, version 2
Endpoint: ncacn_ip_tcp:192.168.4.55[1084]
UUID: 8cfb5d70-31a4-11cf-a7d8-00805f48a135, version 3
Endpoint: ncacn_ip_tcp:192.168.4.55[1084]
UUID: bfa951d1-2f0e-11d3-bfd1-00c04fa3490a, version 1
Endpoint: ncacn_ip_tcp:192.168.4.55[1084]
</data>
</information>
</port>
</ports>
</result>
<result>
<host name="192.168.4.54" ip="192.168.4.54"/>
<date>
<error txt="No scan dates."/>
</date>
<ports>
<port protocol="tcp" portid="6003">
<service name="x11-3" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10407</id>
<data>
This X server does *not* allow any client to connect to it
however it is recommended that you filter incoming connections
to this port as attacker may send garbage data and slow down
your X session or even kill the server.
Here is the server version : 0.0
Here is the message we received : 8
Solution : filter incoming connections to ports 6000-6009
Risk factor : Low
CVE : CVE-1999-0526
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10407</id>
<data>
This X server does *not* allow any client to connect to it
however it is recommended that you filter incoming connections
to this port as attacker may send garbage data and slow down
your X session or even kill the server.
Here is the server version : 0.0
Here is the message we received : t
Solution : filter incoming connections to ports 6000-6009
Risk factor : Low
CVE : CVE-1999-0526
</data>
</information>
</port>
<port protocol="tcp" portid="80">
<service name="www" method="nessus" conf="3" />
<information>
<severity>Security Hole</severity>
<id>11412</id>
<data>
The remote WebDAV server may be vulnerable to a buffer overflow when
it receives a too long request.
An attacker may use this flaw to execute arbitrary code within the
LocalSystem security context.
*** As safe checks are enabled, Nessus did not actually test for this
*** flaw, so this might be a false positive
Solution : See http://www.microsoft.com/technet/security/bulletin/ms03-007.asp
Risk Factor : High
CVE : CAN-2003-0109
BID : 7116
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>11412</id>
<data>
The remote WebDAV server may be vulnerable to a buffer overflow when
it receives a too long request.
An attacker may use this flaw to execute arbitrary code within the
LocalSystem security context.
*** As safe checks are enabled, Nessus did not actually test for this
*** flaw, so this might be a false positive
Solution : See http://www.microsoft.com/technet/security/bulletin/ms03-007.asp
Risk Factor : High
CVE : CAN-2003-0109
BID : 7116
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10661</id>
<data>
IIS 5 has support for the Internet Printing Protocol(IPP), which is
enabled in a default install. The protocol is implemented in IIS5 as an
ISAPI extension. At least one security problem (a buffer overflow)
has been found with that extension in the past, so we recommend
you disable it if you do not use this functionality.
Solution:
To unmap the .printer extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .printer from the list.
Reference : http://online.securityfocus.com/archive/1/181109
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10661</id>
<data>
IIS 5 has support for the Internet Printing Protocol(IPP), which is
enabled in a default install. The protocol is implemented in IIS5 as an
ISAPI extension. At least one security problem (a buffer overflow)
has been found with that extension in the past, so we recommend
you disable it if you do not use this functionality.
Solution:
To unmap the .printer extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .printer from the list.
Reference : http://online.securityfocus.com/archive/1/181109
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>11213</id>
<data>
Your webserver supports the TRACE and/or TRACK methods. It has been
shown that servers supporting this method are subject
to cross-site-scripting attacks, dubbed XST for
'Cross-Site-Tracing', when used in conjunction with
various weaknesses in browsers.
An attacker may use this flaw to trick your
legitimate web users to give him their
credentials.
Solution: Disable these methods.
If you are using Apache, add the following lines for each virtual
host in your configuration file :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
If you are using Microsoft IIS, use the URLScan tool to deny HTTP TRACE
requests or to permit only the methods needed to meet site requirements
and policy.
See http://www.whitehatsec.com/press_releases/WH-PR-20030120.pdf
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0035.html
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>11424</id>
<data>
The remote server is running with WebDAV enabled.
WebDAV is an industry standard extension to the HTTP specification.
It adds a capability for authorized users to remotely add and manage
the content of a web server.
If you do not use this extension, you should disable it.
Solution : If you use IIS, refer to Microsoft KB article Q241520
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10864</id>
<data>
Here is the nikto report:
---------------------------------------------------------------------------
- Nikto 1.30/1.07 - www.cirt.net
+ Target IP: 192.168.4.54
+ Target Hostname: xyhq_domctrl1.example.net
+ Target Port: 80
+ Start Time: Wed Jul 23 15:51:57 2003
---------------------------------------------------------------------------
- Scan is dependent on "Server" string which can be faked, use -g to override
+ Server: Microsoft-IIS/5.0
+ Allowed HTTP Methods: OPTIONS, TRACE, GET, HEAD, COPY, PROPFIND, SEARCH, LOCK, UNLOCK
+ HTTP method 'PROPFIND' may indicate DAV/WebDAV is installed. This may allow DAV authorized users to consume system memory via large requests or fill disk quotas.
+ HTTP method 'TRACE' may allow client XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details.
+ Microsoft-IIS/5.0 is outdated if server is Win2000 (4.0 is current for NT 4)
+ / - TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACE)
+ / - TRACK option ('TRACE' alias) appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACK)
+ /blahb.ida - Reveals physical path. To fix: Preferences -> Home directory -> Application & check 'Check if file exists' for the ISAPI mappings. MS01-033. (GET)
+ /blahb.idq - Reveals physical path. To fix: Preferences -> Home directory -> Application & check 'Check if file exists' for the ISAPI mappings. MS01-033. (GET)
+ /xxxxxxxxxxabcd.html - The IIS server may be vulnerable to Cross Site Scripting (XSS) in error messages, ensure Q319733 is installed, see MS02-018, CVE-2002-0075, SNS-49, CA-2002-09 (GET)
+ /NULL.printer - Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain admin privileges via a long print request that is passed to the extension through IIS 5.0. EEYE-AD20010501, CVE-2001-0241, MS01-023, CA-2001-10, BID 2674 (GET)
+ 1825 items checked - 6 items found on remote host
+ End Time: Wed Jul 23 15:52:22 2003 (25 seconds)
---------------------------------------------------------------------------
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>11213</id>
<data>
Your webserver supports the TRACE and/or TRACK methods. It has been
shown that servers supporting this method are subject
to cross-site-scripting attacks, dubbed XST for
'Cross-Site-Tracing', when used in conjunction with
various weaknesses in browsers.
An attacker may use this flaw to trick your
legitimate web users to give him their
credentials.
Solution: Disable these methods.
If you are using Apache, add the following lines for each virtual
host in your configuration file :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
If you are using Microsoft IIS, use the URLScan tool to deny HTTP TRACE
requests or to permit only the methods needed to meet site requirements
and policy.
See http://www.whitehatsec.com/press_releases/WH-PR-20030120.pdf
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0035.html
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>11424</id>
<data>
The remote server is running with WebDAV enabled.
WebDAV is an industry standard extension to the HTTP specification.
It adds a capability for authorized users to remotely add and manage
the content of a web server.
If you do not use this extension, you should disable it.
Solution : If you use IIS, refer to Microsoft KB article Q241520
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10864</id>
<data>
Here is the nikto report:
---------------------------------------------------------------------------
- Nikto 1.30/1.07 - www.cirt.net
+ Target IP: 192.168.4.54
+ Target Hostname: xyhq_domctrl1.example.net
+ Target Port: 80
+ Start Time: Wed Jul 23 15:50:46 2003
---------------------------------------------------------------------------
- Scan is dependent on "Server" string which can be faked, use -g to override
+ Server: Microsoft-IIS/5.0
+ Allowed HTTP Methods: OPTIONS, TRACE, GET, HEAD, COPY, PROPFIND, SEARCH, LOCK, UNLOCK
+ HTTP method 'PROPFIND' may indicate DAV/WebDAV is installed. This may allow DAV authorized users to consume system memory via large requests or fill disk quotas.
+ HTTP method 'TRACE' may allow client XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details.
+ Microsoft-IIS/5.0 is outdated if server is Win2000 (4.0 is current for NT 4)
+ / - TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACE)
+ / - TRACK option ('TRACE' alias) appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACK)
+ /blahb.ida - Reveals physical path. To fix: Preferences -> Home directory -> Application & check 'Check if file exists' for the ISAPI mappings. MS01-033. (GET)
+ /blahb.idq - Reveals physical path. To fix: Preferences -> Home directory -> Application & check 'Check if file exists' for the ISAPI mappings. MS01-033. (GET)
+ /xxxxxxxxxxabcd.html - The IIS server may be vulnerable to Cross Site Scripting (XSS) in error messages, ensure Q319733 is installed, see MS02-018, CVE-2002-0075, SNS-49, CA-2002-09 (GET)
+ /NULL.printer - Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain admin privileges via a long print request that is passed to the extension through IIS 5.0. EEYE-AD20010501, CVE-2001-0241, MS01-023, CA-2001-10, BID 2674 (GET)
+ 1825 items checked - 6 items found on remote host
+ End Time: Wed Jul 23 15:51:07 2003 (21 seconds)
---------------------------------------------------------------------------
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10695</id>
<data>
The IIS server appears to have the .IDA ISAPI filter mapped.
At least one remote vulnerability has been discovered for the .IDA
(indexing service) filter. This is detailed in Microsoft Advisory
MS01-033, and gives remote SYSTEM level access to the web server.
It is recommended that even if you have patched this vulnerability that
you unmap the .IDA extension, and any other unused ISAPI extensions
if they are not required for the operation of your site.
Solution:
To unmap the .IDA extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .ida from the list.
Risk factor : Medium
CVE : CVE-2001-0500
BID : 2880
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10695</id>
<data>
The IIS server appears to have the .IDA ISAPI filter mapped.
At least one remote vulnerability has been discovered for the .IDA
(indexing service) filter. This is detailed in Microsoft Advisory
MS01-033, and gives remote SYSTEM level access to the web server.
It is recommended that even if you have patched this vulnerability that
you unmap the .IDA extension, and any other unused ISAPI extensions
if they are not required for the operation of your site.
Solution:
To unmap the .IDA extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .ida from the list.
Risk factor : Medium
CVE : CVE-2001-0500
BID : 2880
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10107</id>
<data>
The remote web server type is :
Microsoft-IIS/5.0
Solution : You can use urlscan to change reported server for IIS.
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11032</id>
<data>
The following directories require authentication:
/printers
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
A web server is running on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10107</id>
<data>
The remote web server type is :
Microsoft-IIS/5.0
Solution : You can use urlscan to change reported server for IIS.
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11032</id>
<data>
The following directories require authentication:
/printers
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
A web server is running on this port
</data>
</information>
</port>
<port protocol="udp" portid="7938">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port
</data>
</information>
</port>
<port protocol="tcp" portid="7938">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port
</data>
</information>
</port>
<port protocol="tcp" portid="7937">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #390113 version 1 is running on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #390113 version 1 is running on this port
</data>
</information>
</port>
<port protocol="tcp" portid="2107">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: fdb3a030-065f-11d1-bb9b-00a024ea5525, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[2107]
UUID: 76d12b80-3467-11d3-91ff-0090272f9ea3, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[2107]
UUID: 1088a980-eae5-11d0-8d9b-00a02453c337, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[2107]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: fdb3a030-065f-11d1-bb9b-00a024ea5525, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[2107]
UUID: 76d12b80-3467-11d3-91ff-0090272f9ea3, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[2107]
UUID: 1088a980-eae5-11d0-8d9b-00a02453c337, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[2107]
</data>
</information>
</port>
<port protocol="tcp" portid="2103">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: fdb3a030-065f-11d1-bb9b-00a024ea5525, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[2103]
UUID: 76d12b80-3467-11d3-91ff-0090272f9ea3, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[2103]
UUID: 1088a980-eae5-11d0-8d9b-00a02453c337, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[2103]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: fdb3a030-065f-11d1-bb9b-00a024ea5525, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[2103]
UUID: 76d12b80-3467-11d3-91ff-0090272f9ea3, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[2103]
UUID: 1088a980-eae5-11d0-8d9b-00a02453c337, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[2103]
</data>
</information>
</port>
<port protocol="udp" portid="1255">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: bfa951d1-2f0e-11d3-bfd1-00c04fa3490a, version 1
Endpoint: ncadg_ip_udp:192.168.4.54[1255]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: bfa951d1-2f0e-11d3-bfd1-00c04fa3490a, version 1
Endpoint: ncadg_ip_udp:192.168.4.54[1255]
</data>
</information>
</port>
<port protocol="tcp" portid="1249">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 91ae6020-9e3c-11cf-8d7c-00aa00c091be, version 0
Endpoint: ncacn_ip_tcp:192.168.4.54[1249]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 91ae6020-9e3c-11cf-8d7c-00aa00c091be, version 0
Endpoint: ncacn_ip_tcp:192.168.4.54[1249]
</data>
</information>
</port>
<port protocol="tcp" portid="1213">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 50abc2a4-574d-40b3-9d66-ee4fd5fba076, version 5
Endpoint: ncacn_ip_tcp:192.168.4.54[1213]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 50abc2a4-574d-40b3-9d66-ee4fd5fba076, version 5
Endpoint: ncacn_ip_tcp:192.168.4.54[1213]
</data>
</information>
</port>
<port protocol="tcp" portid="1200">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 77df7a80-f298-11d0-8358-00a024c480a8, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[1200]
UUID: 708cca10-9569-11d1-b2a5-0060977d8118, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[1200]
UUID: fdb3a030-065f-11d1-bb9b-00a024ea5525, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[1200]
UUID: 76d12b80-3467-11d3-91ff-0090272f9ea3, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[1200]
UUID: 1088a980-eae5-11d0-8d9b-00a02453c337, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[1200]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 77df7a80-f298-11d0-8358-00a024c480a8, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[1200]
UUID: 708cca10-9569-11d1-b2a5-0060977d8118, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[1200]
UUID: fdb3a030-065f-11d1-bb9b-00a024ea5525, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[1200]
UUID: 76d12b80-3467-11d3-91ff-0090272f9ea3, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[1200]
UUID: 1088a980-eae5-11d0-8d9b-00a02453c337, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[1200]
</data>
</information>
</port>
<port protocol="tcp" portid="1187">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 82ad4280-036b-11cf-972c-00aa006887b0, version 2
Endpoint: ncacn_ip_tcp:192.168.4.54[1187]
UUID: 8cfb5d70-31a4-11cf-a7d8-00805f48a135, version 3
Endpoint: ncacn_ip_tcp:192.168.4.54[1187]
UUID: bfa951d1-2f0e-11d3-bfd1-00c04fa3490a, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[1187]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 82ad4280-036b-11cf-972c-00aa006887b0, version 2
Endpoint: ncacn_ip_tcp:192.168.4.54[1187]
UUID: 8cfb5d70-31a4-11cf-a7d8-00805f48a135, version 3
Endpoint: ncacn_ip_tcp:192.168.4.54[1187]
UUID: bfa951d1-2f0e-11d3-bfd1-00c04fa3490a, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[1187]
</data>
</information>
</port>
<port protocol="tcp" portid="1179">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 45f52c28-7f9f-101a-b52b-08002b2efabe, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[1179]
UUID: 811109bf-a4e1-11d1-ab54-00a0c91e9b45, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[1179]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 45f52c28-7f9f-101a-b52b-08002b2efabe, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[1179]
UUID: 811109bf-a4e1-11d1-ab54-00a0c91e9b45, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[1179]
</data>
</information>
</port>
<port protocol="tcp" portid="1114">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 6bffd098-a112-3610-9833-46c3f874532d, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[1114]
UUID: 5b821720-f63b-11d0-aad2-00c04fc324db, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[1114]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 6bffd098-a112-3610-9833-46c3f874532d, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[1114]
UUID: 5b821720-f63b-11d0-aad2-00c04fc324db, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[1114]
</data>
</information>
</port>
<port protocol="tcp" portid="1111">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 4da1c422-943d-11d1-acae-00c04fc2aa3f, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[1111]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 4da1c422-943d-11d1-acae-00c04fc2aa3f, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[1111]
</data>
</information>
</port>
<port protocol="tcp" portid="1108">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[1108]
UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[1108]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[1108]
UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[1108]
</data>
</information>
</port>
<port protocol="tcp" portid="1107">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: f5cc59b4-4264-101a-8c59-08002b2f8426, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[1107]
Annotation: NtFrs Service
UUID: d049b186-814f-11d1-9a3c-00c04fc9b232, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[1107]
Annotation: NtFrs API
UUID: a00c021c-2be2-11d2-b678-0000f87a8f8e, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[1107]
Annotation: PERFMON SERVICE
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: f5cc59b4-4264-101a-8c59-08002b2f8426, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[1107]
Annotation: NtFrs Service
UUID: d049b186-814f-11d1-9a3c-00c04fc9b232, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[1107]
Annotation: NtFrs API
UUID: a00c021c-2be2-11d2-b678-0000f87a8f8e, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[1107]
Annotation: PERFMON SERVICE
</data>
</information>
</port>
<port protocol="udp" portid="1106">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1
Endpoint: ncadg_ip_udp:192.168.4.54[1106]
Annotation: Messenger Service
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1
Endpoint: ncadg_ip_udp:192.168.4.54[1106]
Annotation: Messenger Service
</data>
</information>
</port>
<port protocol="tcp" portid="1099">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 130ceefb-e466-11d1-b78b-00c04fa32883, version 2
Endpoint: ncacn_ip_tcp:192.168.4.54[1099]
Annotation: NTDS ISM IP Transport
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 130ceefb-e466-11d1-b78b-00c04fa32883, version 2
Endpoint: ncacn_ip_tcp:192.168.4.54[1099]
Annotation: NTDS ISM IP Transport
</data>
</information>
</port>
<port protocol="tcp" portid="111">
<service name="sunrpc" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10223</id>
<data>
The RPC portmapper is running on this port.
An attacker may use it to enumerate your list
of RPC services. We recommend you filter traffic
going to this port.
Risk factor : Low
CVE : CAN-1999-0632, CVE-1999-0189
BID : 205
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10223</id>
<data>
The RPC portmapper is running on this port.
An attacker may use it to enumerate your list
of RPC services. We recommend you filter traffic
going to this port.
Risk factor : Low
CVE : CAN-1999-0632, CVE-1999-0189
BID : 205
</data>
</information>
</port>
<port protocol="udp" portid="161">
<service name="snmp" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10551</id>
<data>
It was possible to obtain the list of network interfaces of the
remote host via SNMP :
. MS TCP Loopback interface
. Intel(R) PRO/1000 XT Network Connection
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10551</id>
<data>
It was possible to obtain the list of network interfaces of the
remote host via SNMP :
. MS TCP Loopback interface
. Intel(R) PRO/1000 XT Network Connection
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10548</id>
<data>
It was possible to obtain the list of Lanman shares of the
remote host via SNMP :
. SYSVOL
. NETLOGON
. SMSLOGON
. CertEnroll
. C:WIN
. C:WINNT
. C:SMSLO
. C:WINNTS
. Logon
. Logon se
. SMS NT l
. Certificat
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10548</id>
<data>
It was possible to obtain the list of Lanman shares of the
remote host via SNMP :
. SYSVOL
. NETLOGON
. SMSLOGON
. CertEnroll
. C:WIN
. C:WINNT
. C:SMSLO
. C:WINNTS
. Logon
. Logon se
. SMS NT l
. Certificat
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10547</id>
<data>
It was possible to obtain the list of Lanman services of the
remote host via SNMP :
. Server
. Alerter
. DefWatch
. mr2kserv
. Event Log
. Messenger
. Net Logon
. Telephony
. DNS Client
. DNS Server
. DHCP Client
. DHCP Server
. Workstation
. SNMP Service
. Windows Time
. Plug and Play
. Print Spooler
. RunAs Service
. Task Scheduler
. Message Queuing
. Computer Browser
. Ati HotKey Poller
. Automatic Updates
. COM+ Event System
. IIS Admin Service
. Protected Storage
. Removable Storage
. Terminal Services
. Windows Installer
. IPSEC Policy Agent
. Intersite Messaging
. KiXtart RPC Service
. Network Connections
. Certificate Services
. Server Administrator
. LSI RPC Proxy Service
. DRAC AddressBook Server
. Disk Management Service
. Distributed File System
. License Logging Service
. NetWorker Power Monitor
. Norton AntiVirus Client
. Remote Registry Service
. File Replication Service
. SMS Remote Control Agent
. Security Accounts Manager
. System Event Notification
. Remote Procedure Call (RPC)
. Dell OpenManage Server Agent
. NetWorker Remote Exec Service
. TCP/IP NetBIOS Helper Service
. Internet Authentication Service
. NT LM Security Support Provider
. Distributed Link Tracking Client
. Distributed Link Tracking Server
. Kerberos Key Distribution Center
. Remote Access Connection Manager
. World Wide Web Publishing Service
. Windows Management Instrumentation
. Distributed Transaction Coordinator
. Remote Procedure Call (RPC) Locator
. Windows Internet Name Service (WINS)
. Simple Mail Transport Protocol (SMTP)
. Dell OpenManage Server Agent Event Monitor
. Windows Management Instrumentation Driver Extensions
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10547</id>
<data>
It was possible to obtain the list of Lanman services of the
remote host via SNMP :
. Server
. Alerter
. DefWatch
. mr2kserv
. Event Log
. Messenger
. Net Logon
. Telephony
. DNS Client
. DNS Server
. DHCP Client
. DHCP Server
. Workstation
. SNMP Service
. Windows Time
. Plug and Play
. Print Spooler
. RunAs Service
. Task Scheduler
. Message Queuing
. Computer Browser
. Ati HotKey Poller
. Automatic Updates
. COM+ Event System
. IIS Admin Service
. Protected Storage
. Removable Storage
. Terminal Services
. Windows Installer
. IPSEC Policy Agent
. Intersite Messaging
. KiXtart RPC Service
. Network Connections
. Certificate Services
. Server Administrator
. LSI RPC Proxy Service
. DRAC AddressBook Server
. Disk Management Service
. Distributed File System
. License Logging Service
. NetWorker Power Monitor
. Norton AntiVirus Client
. Remote Registry Service
. File Replication Service
. SMS Remote Control Agent
. Security Accounts Manager
. System Event Notification
. Remote Procedure Call (RPC)
. Dell OpenManage Server Agent
. NetWorker Remote Exec Service
. TCP/IP NetBIOS Helper Service
. Internet Authentication Service
. NT LM Security Support Provider
. Distributed Link Tracking Client
. Distributed Link Tracking Server
. Kerberos Key Distribution Center
. Remote Access Connection Manager
. World Wide Web Publishing Service
. Windows Management Instrumentation
. Distributed Transaction Coordinator
. Remote Procedure Call (RPC) Locator
. Windows Internet Name Service (WINS)
. Simple Mail Transport Protocol (SMTP)
. Dell OpenManage Server Agent Event Monitor
. Windows Management Instrumentation Driver Extensions
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10546</id>
<data>
It was possible to obtain the list of SMB users of the
remote host via SNMP :
. EA
. Li
. rb
An attacker may use this information to set up brute force
attacks or find an unused account.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10800</id>
<data>
Using SNMP, we could determine that the remote operating system is :
Hardware: x86 Family 6 Model 11 Stepping 1 AT/AT COMPATIBLE - Software: Windows 2000 Version 5.0 (Build 2195 Uniprocessor Free)
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10264</id>
<data>
SNMP Agent responded as expected with community name: public
CVE : CAN-1999-0517, CAN-1999-0186, CAN-1999-0254
BID : 177, 7081, 7212, 7317
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10546</id>
<data>
It was possible to obtain the list of SMB users of the
remote host via SNMP :
. EA
. Li
. rb
An attacker may use this information to set up brute force
attacks or find an unused account.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10800</id>
<data>
Using SNMP, we could determine that the remote operating system is :
Hardware: x86 Family 6 Model 11 Stepping 1 AT/AT COMPATIBLE - Software: Windows 2000 Version 5.0 (Build 2195 Uniprocessor Free)
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10264</id>
<data>
SNMP Agent responded as expected with community name: public
CVE : CAN-1999-0517, CAN-1999-0186, CAN-1999-0254
BID : 177, 7081, 7212, 7317
</data>
</information>
</port>
<port protocol="tcp" portid="25">
<service name="smtp" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>11421</id>
<data>
This server could be fingerprinted as being Microsoft ESMTP MAIL Service, Version 5.0.2195
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11421</id>
<data>
This server could be fingerprinted as being Microsoft ESMTP MAIL Service, Version 5.0.2195
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10262</id>
<data>
The remote SMTP server seems to allow the relaying. This means that
it allows spammers to use your mail server to send their mails to
the world, thus wasting your network bandwidth.
Risk factor : Low/Medium
Solution : configure your SMTP server so that it can't be used as a relay
any more.
CVE : CAN-1999-0512
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10262</id>
<data>
The remote SMTP server seems to allow the relaying. This means that
it allows spammers to use your mail server to send their mails to
the world, thus wasting your network bandwidth.
Risk factor : Low/Medium
Solution : configure your SMTP server so that it can't be used as a relay
any more.
CVE : CAN-1999-0512
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10263</id>
<data>
Remote SMTP server banner :
220 xyhq_domctrl1.example.net Microsoft ESMTP MAIL Service, Version: 5.0.2195.5329 ready at Wed, 23 Jul 2003 15:38:16 -0400
This is probably: Microsoft Exchange version 5.0.2195.5329 ready at Wed, 23 Jul 2003 15:38:16 -0400
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
An SMTP server is running on this port
Here is its banner :
220 xyhq_domctrl1.example.net Microsoft ESMTP MAIL Service, Version: 5.0.2195.5329 ready at Wed, 23 Jul 2003 15:37:38 -0400
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10263</id>
<data>
Remote SMTP server banner :
220 xyhq_domctrl1.example.net Microsoft ESMTP MAIL Service, Version: 5.0.2195.5329 ready at Wed, 23 Jul 2003 15:37:22 -0400
This is probably: Microsoft Exchange version 5.0.2195.5329 ready at Wed, 23 Jul 2003 15:37:22 -0400
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
An SMTP server is running on this port
Here is its banner :
220 xyhq_domctrl1.example.net Microsoft ESMTP MAIL Service, Version: 5.0.2195.5329 ready at Wed, 23 Jul 2003 15:35:52 -0400
</data>
</information>
</port>
<port protocol="tcp" portid="2101">
<service name="rtcm-sc104" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 77df7a80-f298-11d0-8358-00a024c480a8, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[2101]
UUID: 708cca10-9569-11d1-b2a5-0060977d8118, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[2101]
UUID: fdb3a030-065f-11d1-bb9b-00a024ea5525, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[2101]
UUID: 76d12b80-3467-11d3-91ff-0090272f9ea3, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[2101]
UUID: 1088a980-eae5-11d0-8d9b-00a02453c337, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[2101]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 77df7a80-f298-11d0-8358-00a024c480a8, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[2101]
UUID: 708cca10-9569-11d1-b2a5-0060977d8118, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[2101]
UUID: fdb3a030-065f-11d1-bb9b-00a024ea5525, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[2101]
UUID: 76d12b80-3467-11d3-91ff-0090272f9ea3, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[2101]
UUID: 1088a980-eae5-11d0-8d9b-00a02453c337, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[2101]
</data>
</information>
</port>
<port protocol="udp" portid="123">
<service name="ntp" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10647</id>
<data>
An NTP server is running on the remote host. Make sure that
you are running the latest version of your NTP server,
has some versions have been found out to be vulnerable to
buffer overflows.
*** Nessus reports this vulnerability using only
*** information that was gathered. Use caution
*** when testing without safe checks enabled.
If you happen to be vulnerable : upgrade
Solution : Upgrade
Risk factor : High
CVE : CVE-2001-0414
BID : 2540
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10647</id>
<data>
An NTP server is running on the remote host. Make sure that
you are running the latest version of your NTP server,
has some versions have been found out to be vulnerable to
buffer overflows.
*** Nessus reports this vulnerability using only
*** information that was gathered. Use caution
*** when testing without safe checks enabled.
If you happen to be vulnerable : upgrade
Solution : Upgrade
Risk factor : High
CVE : CVE-2001-0414
BID : 2540
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10884</id>
<data>
It is possible to determine a lot of information about the remote host
by querying the NTP variables - these include OS descriptor, and
time settings.
Theoretically one could work out the NTP peer relationships and track back
network settings from this.
Quickfix: Set NTP to restrict default access to ignore all info packets:
restrict default ignore
Risk factor : Low
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10884</id>
<data>
It is possible to determine a lot of information about the remote host
by querying the NTP variables - these include OS descriptor, and
time settings.
Theoretically one could work out the NTP peer relationships and track back
network settings from this.
Quickfix: Set NTP to restrict default access to ignore all info packets:
restrict default ignore
Risk factor : Low
</data>
</information>
</port>
<port protocol="tcp" portid="139">
<service name="netbios-ssn" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10397</id>
<data>
Here is the browse list of the remote host :
WARNING - LARGE BROWSE LIST.
Only the first 165 names enumerated
1AZ2015 -
MS5515 -
This is potentially dangerous as this may help the attack
of a potential hacker by giving him extra targets to check for
Solution : filter incoming traffic to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10397</id>
<data>
Here is the browse list of the remote host :
WARNING - LARGE BROWSE LIST.
Only the first 165 names enumerated
1AZ2015 -
MS5515 -
This is potentially dangerous as this may help the attack
of a potential hacker by giving him extra targets to check for
Solution : filter incoming traffic to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10859</id>
<data>
The host SID can be obtained remotely. Its value is :
AZI : 5-21-2088395314-1630698216-891584314
An attacker can use it to obtain the list of the local users of this host
Solution : filter the ports 137 to 139 and 445
Risk factor : Low
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10859</id>
<data>
The host SID can be obtained remotely. Its value is :
AZI : 5-21-2088395314-1630698216-891584314
An attacker can use it to obtain the list of the local users of this host
Solution : filter the ports 137 to 139 and 445
Risk factor : Low
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10785</id>
<data>
The remote native lan manager is : Windows 2000 LAN Manager
The remote Operating System is : Windows 5.0
The remote SMB Domain Name is : AZI
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10785</id>
<data>
The remote native lan manager is : Windows 2000 LAN Manager
The remote Operating System is : Windows 5.0
The remote SMB Domain Name is : AZI
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10399</id>
<data>
The domain SID could be used to enumerate the names of the users
of this domain.
(we only enumerated users name whose ID is between 1000 and 2000
for performance reasons)
This gives extra knowledge to an attacker, which
is not a good thing :
- Administrator account name : Administrator (id 500)
- Guest account name : Guest (id 501)
- RP7646$ (id 1996)
Risk factor : Medium
Solution : filter incoming connections this port
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10398</id>
<data>
The domain SID can be obtained remotely. Its value is :
AZI : 5-21-2088395314-1630698216-891584314
An attacker can use it to obtain the list of the local users of this host
Solution : filter the ports 137 to 139 and 445
Risk factor : Low
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10394</id>
<data>
. It was possible to log into the remote host using a NULL session.
The concept of a NULL session is to provide a null username and
a null password, which grants the user the 'guest' access
To prevent null sessions, see MS KB Article Q143474 (NT 4.0) and
Q246261 (Windows 2000).
Note that this won't completely disable null sessions, but will
prevent them from connecting to IPC$
Please see http://msgs.securepoint.com/cgi-bin/get/nessus-0204/50/1.html
. All the smb tests will be done as ''/'' in domain AZI
CVE : CAN-1999-0504, CAN-1999-0506, CVE-2000-0222
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10399</id>
<data>
The domain SID could be used to enumerate the names of the users
of this domain.
(we only enumerated users name whose ID is between 1000 and 2000
for performance reasons)
This gives extra knowledge to an attacker, which
is not a good thing :
- Administrator account name : Administrator (id 500)
- Guest account name : Guest (id 501)
- IT (id 1986)
Risk factor : Medium
Solution : filter incoming connections this port
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10398</id>
<data>
The domain SID can be obtained remotely. Its value is :
AZI : 5-21-2088395314-1630698216-891584314
An attacker can use it to obtain the list of the local users of this host
Solution : filter the ports 137 to 139 and 445
Risk factor : Low
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10394</id>
<data>
. It was possible to log into the remote host using a NULL session.
The concept of a NULL session is to provide a null username and
a null password, which grants the user the 'guest' access
To prevent null sessions, see MS KB Article Q143474 (NT 4.0) and
Q246261 (Windows 2000).
Note that this won't completely disable null sessions, but will
prevent them from connecting to IPC$
Please see http://msgs.securepoint.com/cgi-bin/get/nessus-0204/50/1.html
. All the smb tests will be done as ''/'' in domain AZI
CVE : CAN-1999-0504, CAN-1999-0506, CVE-2000-0222
</data>
</information>
</port>
<port protocol="udp" portid="137">
<service name="netbios-ns" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10150</id>
<data>
. The following 9 NetBIOS names have been gathered :
AZHQ_DOMCTRL1
AZHQ_DOMCTRL1
AZI
AZI
AZI
AZHQ_DOMCTRL1
INet~Services
IS~AZHQ_DOMCTRL
ODIN
. The remote host has the following MAC address on its adapter :
0x00 0x06 0x5b 0xec 0x8a 0x18
If you do not want to allow everyone to find the NetBios name
of your computer, you should filter incoming traffic to this port.
Risk factor : Medium
CVE : CAN-1999-0621
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10150</id>
<data>
. The following 9 NetBIOS names have been gathered :
AZHQ_DOMCTRL1
AZHQ_DOMCTRL1
AZI
AZI
AZI
AZHQ_DOMCTRL1
INet~Services
IS~AZHQ_DOMCTRL
ODIN
. The remote host has the following MAC address on its adapter :
0x00 0x06 0x5b 0xec 0x8a 0x18
If you do not want to allow everyone to find the NetBios name
of your computer, you should filter incoming traffic to this port.
Risk factor : Medium
CVE : CAN-1999-0621
</data>
</information>
</port>
<port protocol="tcp" portid="42">
<service name="nameserver" method="nessus" conf="3" />
</port>
<port protocol="tcp" portid="3389">
<service name="ms-term-serv" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10940</id>
<data>
The Terminal Services are enabled on the remote host.
Terminal Services allow a Windows user to remotely obtain
a graphical login (and therefore act as a local user on the
remote host).
If an attacker gains a valid login and password, he may
be able to use this service to gain further access
on the remote host.
Note that RDP (the Remote Desktop Protocol) is vulnerable
to Man-in-the-middle attacks, making it easy for attackers to
steal the credentials of legitimates users by impersonating the
Windows server.
Solution : Disable the Terminal Services if you do not use them, and
do not allow this service to run across the internet
Risk factor : Medium
BID : 7258
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10940</id>
<data>
The Terminal Services are enabled on the remote host.
Terminal Services allow a Windows user to remotely obtain
a graphical login (and therefore act as a local user on the
remote host).
If an attacker gains a valid login and password, he may
be able to use this service to gain further access
on the remote host.
Note that RDP (the Remote Desktop Protocol) is vulnerable
to Man-in-the-middle attacks, making it easy for attackers to
steal the credentials of legitimates users by impersonating the
Windows server.
Solution : Disable the Terminal Services if you do not use them, and
do not allow this service to run across the internet
Risk factor : Medium
BID : 7258
</data>
</information>
</port>
<port protocol="udp" portid="1028">
<service name="ms-lsa" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4
Endpoint: ncadg_ip_udp:192.168.4.54[1028]
Annotation: MS NT Directory DRS Interface
UUID: f5cc5a7c-4264-101a-8c59-08002b2f8426, version 21
Endpoint: ncadg_ip_udp:192.168.4.54[1028]
Annotation: MS NT Directory XDS Interface
UUID: f5cc5a18-4264-101a-8c59-08002b2f8426, version 56
Endpoint: ncadg_ip_udp:192.168.4.54[1028]
Annotation: MS NT Directory NSP Interface
UUID: 12345678-1234-abcd-ef00-01234567cffb, version 1
Endpoint: ncadg_ip_udp:192.168.4.54[1028]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4
Endpoint: ncadg_ip_udp:192.168.4.54[1028]
Annotation: MS NT Directory DRS Interface
UUID: f5cc5a7c-4264-101a-8c59-08002b2f8426, version 21
Endpoint: ncadg_ip_udp:192.168.4.54[1028]
Annotation: MS NT Directory XDS Interface
UUID: f5cc5a18-4264-101a-8c59-08002b2f8426, version 56
Endpoint: ncadg_ip_udp:192.168.4.54[1028]
Annotation: MS NT Directory NSP Interface
UUID: 12345678-1234-abcd-ef00-01234567cffb, version 1
Endpoint: ncadg_ip_udp:192.168.4.54[1028]
</data>
</information>
</port>
<port protocol="tcp" portid="445">
<service name="microsoft-ds" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>11011</id>
<data>
A CIFS server is running on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11011</id>
<data>
A CIFS server is running on this port
</data>
</information>
</port>
<port protocol="tcp" portid="135">
<service name="loc-srv" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10736</id>
<data>
DCE services running on the remote can be enumerated
by connecting on port 135 and doing the appropriate
queries.
An attacker may use this fact to gain more knowledge
about the remote host.
Solution : filter incoming traffic to this port.
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10736</id>
<data>
DCE services running on the remote can be enumerated
by connecting on port 135 and doing the appropriate
queries.
An attacker may use this fact to gain more knowledge
about the remote host.
Solution : filter incoming traffic to this port.
Risk factor : Low
</data>
</information>
</port>
<port protocol="tcp" portid="636">
<service name="ldaps" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10863</id>
<data>
This TLSv1 server also accepts SSLv2 connections.
This TLSv1 server also accepts SSLv3 connections.
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10863</id>
<data>
The SSLv2 server offers 4 strong ciphers, but also
0 medium strength and 2 weak "export class" ciphers.
The weak/medium ciphers may be chosen by an export-grade
or badly configured client software. They only offer a
limited protection against a brute force attack
Solution: disable those ciphers and upgrade your client
software if necessary
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10863</id>
<data>
Here is the list of available SSLv2 ciphers:
RC4-MD5
EXP-RC4-MD5
RC2-CBC-MD5
EXP-RC2-CBC-MD5
DES-CBC-MD5
DES-CBC3-MD5
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10863</id>
<data>
Here is the SSLv2 server certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5e:6d:db:ef:00:00:00:00:00:11
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=AZ, L=Louisville, O=AZLP, CN=\x00z\x00c\x00h\x00q\x00_\x00d\x00o\x00m\x00c\x00t\x00r\x00l\x001
Validity
Not Before: Apr 5 03:38:01 2003 GMT
Not After : Aug 3 00:51:10 2004 GMT
Subject: CN=\x00z\x00c\x00h\x00q\x00_\x00d\x00o\x00m\x00c\x00t\x00r\x00l\x001\x00.\x00z\x00e\x00o\x00n\x00c\x00h\x00e\x00m\x00i\x00c\x00a\x00l\x00s\x00.\x00n\x00e\x00t
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:cd:de:b8:77:cb:53:6c:41:94:7b:a3:b3:c0:85:
19:0c:ee:76:ba:f4:cb:92:9f:53:96:64:b4:df:de:
1a:62:c8:11:1e:e6:79:f1:08:6a:d3:ea:75:b9:ef:
17:70:f0:f8:b8:ac:fb:26:10:2d:24:fc:45:63:c9:
df:f9:f1:c3:0e:2a:68:b9:82:08:7c:28:2c:ca:ca:
61:15:94:1d:0c:53:2f:83:fb:02:09:aa:17:38:b9:
2c:41:b3:f8:1d:53:e0:1e:39:91:cd:7e:41:80:6a:
6f:53:fa:59:86:0f:8f:76:2d:fa:0b:78:05:da:35:
37:96:99:a8:79:bd:53:5e:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Client Authentication, TLS Web Server Authentication
1.3.6.1.4.1.311.20.2:
. .D.o.m.a.i.n.C.o.n.t.r.o.l.l.e.r
X509v3 Subject Key Identifier:
11:0B:87:42:02:4D:53:C6:62:3B:D2:60:88:65:27:21:F3:4F:B6:3D
X509v3 Authority Key Identifier:
keyid:03:22:20:A3:0E:96:9C:A3:C9:2F:02:62:2B:63:8A:0E:D6:26:26:1D
DirName:/C=US/ST=AZ/L=Louisville/O=AZLP/CN=\x00z\x00c\x00h\x00q\x00_\x00d\x00o\x00m\x00c\x00t\x00r\x00l\x001
serial:61:C7:CC:6F:2E:7F:9C:93:48:52:DB:4C:91:CA:4A:69
X509v3 CRL Distribution Points:
URI:ldap:///CN=xyhq_domctrl1,CN=xyhq_domctrl1,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=example,DC=net?certificateRevocationList?base?objectclass=cRLDistributionPoint
URI:http://xyhq_domctrl1.example.net/CertEnroll/xyhq_domctrl1.crl
Authority Information Access:
CA Issuers - URI:ldap:///CN=xyhq_domctrl1,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=example,DC=net?cACertificate?base?objectclass=certificationAuthority
CA Issuers - URI:http://xyhq_domctrl1.example.net/CertEnroll/xyhq_domctrl1.example.net_xyhq_domctrl1.crt
X509v3 Subject Alternative Name:
othername:<unsupported>, DNS:xyhq_domctrl1.example.net
Signature Algorithm: sha1WithRSAEncryption
33:4b:35:a7:c0:13:af:92:63:60:0d:67:0a:8a:eb:8b:16:75:
3b:18:44:ba:e1:e1:b8:a6:62:6b:3e:b7:10:02:90:d2:53:3e:
d2:ab:e0:92:c0:f6:f9:a0:97:01:2e:55:10:09:76:d0:db:93:
7e:67:45:41:69:0e:db:48:a7:91
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
A TLSv1 server answered on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10863</id>
<data>
This TLSv1 server also accepts SSLv2 connections.
This TLSv1 server also accepts SSLv3 connections.
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10863</id>
<data>
The SSLv2 server offers 4 strong ciphers, but also
0 medium strength and 2 weak "export class" ciphers.
The weak/medium ciphers may be chosen by an export-grade
or badly configured client software. They only offer a
limited protection against a brute force attack
Solution: disable those ciphers and upgrade your client
software if necessary
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10863</id>
<data>
Here is the list of available SSLv2 ciphers:
RC4-MD5
EXP-RC4-MD5
RC2-CBC-MD5
EXP-RC2-CBC-MD5
DES-CBC-MD5
DES-CBC3-MD5
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10863</id>
<data>
Here is the SSLv2 server certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5e:6d:db:ef:00:00:00:00:00:11
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=AZ, L=Louisville, O=AZLP, CN=\x00z\x00c\x00h\x00q\x00_\x00d\x00o\x00m\x00c\x00t\x00r\x00l\x001
Validity
Not Before: Apr 5 03:38:01 2003 GMT
Not After : Aug 3 00:51:10 2004 GMT
Subject: CN=\x00z\x00c\x00h\x00q\x00_\x00d\x00o\x00m\x00c\x00t\x00r\x00l\x001\x00.\x00z\x00e\x00o\x00n\x00c\x00h\x00e\x00m\x00i\x00c\x00a\x00l\x00s\x00.\x00n\x00e\x00t
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:cd:de:b8:77:cb:53:6c:41:94:7b:a3:b3:c0:85:
19:0c:ee:76:ba:f4:cb:92:9f:53:96:64:b4:df:de:
1a:62:c8:11:1e:e6:79:f1:08:6a:d3:ea:75:b9:ef:
17:70:f0:f8:b8:ac:fb:26:10:2d:24:fc:45:63:c9:
df:f9:f1:c3:0e:2a:68:b9:82:08:7c:28:2c:ca:ca:
61:15:94:1d:0c:53:2f:83:fb:02:09:aa:17:38:b9:
2c:41:b3:f8:1d:53:e0:1e:39:91:cd:7e:41:80:6a:
6f:53:fa:59:86:0f:8f:76:2d:fa:0b:78:05:da:35:
37:96:99:a8:79:bd:53:5e:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Client Authentication, TLS Web Server Authentication
1.3.6.1.4.1.311.20.2:
. .D.o.m.a.i.n.C.o.n.t.r.o.l.l.e.r
X509v3 Subject Key Identifier:
11:0B:87:42:02:4D:53:C6:62:3B:D2:60:88:65:27:21:F3:4F:B6:3D
X509v3 Authority Key Identifier:
keyid:03:22:20:A3:0E:96:9C:A3:C9:2F:02:62:2B:63:8A:0E:D6:26:26:1D
DirName:/C=US/ST=AZ/L=Louisville/O=AZLP/CN=\x00z\x00c\x00h\x00q\x00_\x00d\x00o\x00m\x00c\x00t\x00r\x00l\x001
serial:61:C7:CC:6F:2E:7F:9C:93:48:52:DB:4C:91:CA:4A:69
X509v3 CRL Distribution Points:
URI:ldap:///CN=xyhq_domctrl1,CN=xyhq_domctrl1,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=example,DC=net?certificateRevocationList?base?objectclass=cRLDistributionPoint
URI:http://xyhq_domctrl1.example.net/CertEnroll/xyhq_domctrl1.crl
Authority Information Access:
CA Issuers - URI:ldap:///CN=xyhq_domctrl1,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=example,DC=net?cACertificate?base?objectclass=certificationAuthority
CA Issuers - URI:http://xyhq_domctrl1.example.net/CertEnroll/xyhq_domctrl1.example.net_xyhq_domctrl1.crt
X509v3 Subject Alternative Name:
othername:<unsupported>, DNS:xyhq_domctrl1.example.net
Signature Algorithm: sha1WithRSAEncryption
33:4b:35:a7:c0:13:af:92:63:60:0d:67:0a:8a:eb:8b:16:75:
3b:18:44:ba:e1:e1:b8:a6:62:6b:3e:b7:10:02:90:d2:53:3e:
d2:ab:e0:92:c0:f6:f9:a0:97:01:2e:55:10:09:76:d0:db:93:
7e:67:45:41:69:0e:db:48:a7:91
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
A TLSv1 server answered on this port
</data>
</information>
</port>
<port protocol="tcp" portid="389">
<service name="ldap" method="nessus" conf="3" />
</port>
<port protocol="tcp" portid="464">
<service name="kpasswd5" method="nessus" conf="3" />
</port>
<port protocol="tcp" portid="88">
<service name="kerberos" method="nessus" conf="3" />
</port>
<port protocol="tcp" portid="1068">
<service name="instl_bootc" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[1068]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[1068]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[1068]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[1068]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[1068]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[1068]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[1068]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[1068]
</data>
</information>
</port>
<port protocol="tcp" portid="1030">
<service name="iad1" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4
Endpoint: ncacn_http:192.168.4.54[1030]
Annotation: MS NT Directory DRS Interface
UUID: f5cc5a7c-4264-101a-8c59-08002b2f8426, version 21
Endpoint: ncacn_http:192.168.4.54[1030]
Annotation: MS NT Directory XDS Interface
UUID: f5cc5a18-4264-101a-8c59-08002b2f8426, version 56
Endpoint: ncacn_http:192.168.4.54[1030]
Annotation: MS NT Directory NSP Interface
UUID: 12345678-1234-abcd-ef00-01234567cffb, version 1
Endpoint: ncacn_http:192.168.4.54[1030]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4
Endpoint: ncacn_http:192.168.4.54[1030]
Annotation: MS NT Directory DRS Interface
UUID: f5cc5a7c-4264-101a-8c59-08002b2f8426, version 21
Endpoint: ncacn_http:192.168.4.54[1030]
Annotation: MS NT Directory XDS Interface
UUID: f5cc5a18-4264-101a-8c59-08002b2f8426, version 56
Endpoint: ncacn_http:192.168.4.54[1030]
Annotation: MS NT Directory NSP Interface
UUID: 12345678-1234-abcd-ef00-01234567cffb, version 1
Endpoint: ncacn_http:192.168.4.54[1030]
</data>
</information>
</port>
<port protocol="tcp" portid="443">
<service name="https" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
An unknown service is running on this port.
It is usually reserved for HTTPS
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
An unknown service is running on this port.
It is usually reserved for HTTPS
</data>
</information>
</port>
<port protocol="tcp" portid="593">
<service name="http-rpc-epmap" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10763</id>
<data>
This detects the http-rpc-epmap service by connecting
to the port 593 and processing the buffer received.
This endpoint mapper provides CIS (COM+ Internet Services)
parameters like port 135 (epmap) for RPC.
Solution:
Deny incoming traffic from the Internet to TCP port 593
as it may become a security threat in the future, if a
vulnerability is discovered.
For more information about CIS:
http://msdn.microsoft.com/library/en-us/dndcom/html/cis.asp
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10763</id>
<data>
This detects the http-rpc-epmap service by connecting
to the port 593 and processing the buffer received.
This endpoint mapper provides CIS (COM+ Internet Services)
parameters like port 135 (epmap) for RPC.
Solution:
Deny incoming traffic from the Internet to TCP port 593
as it may become a security threat in the future, if a
vulnerability is discovered.
For more information about CIS:
http://msdn.microsoft.com/library/en-us/dndcom/html/cis.asp
Risk factor : Low
</data>
</information>
</port>
<port protocol="udp">
<service name="general/udp" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10287</id>
<data>
For your information, here is the traceroute to 192.168.4.54 :
192.168.4.54
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10287</id>
<data>
For your information, here is the traceroute to 192.168.4.54 :
192.168.4.54
</data>
</information>
</port>
<port protocol="tcp">
<service name="general/tcp" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>11618</id>
<data>
The remote host does not discard TCP SYN packets which
have the FIN flag set.
Depending on the kind of firewall you are using, an
attacker may use this flaw to bypass its rules.
See also : http://archives.neohapsis.com/archives/bugtraq/2002-10/0266.html
http://www.kb.cert.org/vuls/id/464113
Solution : Contact your vendor for a patch
Risk factor : Medium
BID : 7487
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>11618</id>
<data>
The remote host does not discard TCP SYN packets which
have the FIN flag set.
Depending on the kind of firewall you are using, an
attacker may use this flaw to bypass its rules.
See also : http://archives.neohapsis.com/archives/bugtraq/2002-10/0266.html
http://www.kb.cert.org/vuls/id/464113
Solution : Contact your vendor for a patch
Risk factor : Medium
BID : 7487
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10201</id>
<data>
The remote host uses non-random IP IDs, that is, it is
possible to predict the next value of the ip_id field of
the ip packets sent by this host.
An attacker may use this feature to determine if the remote
host sent a packet in reply to another request. This may be
used for portscanning and other things.
Solution : Contact your vendor for a patch
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10201</id>
<data>
The remote host uses non-random IP IDs, that is, it is
possible to predict the next value of the ip_id field of
the ip packets sent by this host.
An attacker may use this feature to determine if the remote
host sent a packet in reply to another request. This may be
used for portscanning and other things.
Solution : Contact your vendor for a patch
Risk factor : Low
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11268</id>
<data>
Remote OS guess : Windows Millennium Edition (Me), Win 2000, or WinXP
CVE : CAN-1999-0454
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11268</id>
<data>
Remote OS guess : Windows Millennium Edition (Me), Win 2000, or WinXP
CVE : CAN-1999-0454
</data>
</information>
</port>
<port protocol="icmp">
<service name="general/icmp" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10114</id>
<data>
The remote host answers to an ICMP timestamp request. This allows an attacker
to know the date which is set on your machine.
This may help him to defeat all your time based authentication protocols.
Solution : filter out the ICMP timestamp requests (13), and the outgoing ICMP
timestamp replies (14).
Risk factor : Low
CVE : CAN-1999-0524
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10114</id>
<data>
The remote host answers to an ICMP timestamp request. This allows an attacker
to know the date which is set on your machine.
This may help him to defeat all your time based authentication protocols.
Solution : filter out the ICMP timestamp requests (13), and the outgoing ICMP
timestamp replies (14).
Risk factor : Low
CVE : CAN-1999-0524
</data>
</information>
</port>
<port protocol="tcp" portid="2105">
<service name="eklogin" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: fdb3a030-065f-11d1-bb9b-00a024ea5525, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[2105]
UUID: 76d12b80-3467-11d3-91ff-0090272f9ea3, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[2105]
UUID: 1088a980-eae5-11d0-8d9b-00a02453c337, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[2105]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: fdb3a030-065f-11d1-bb9b-00a024ea5525, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[2105]
UUID: 76d12b80-3467-11d3-91ff-0090272f9ea3, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[2105]
UUID: 1088a980-eae5-11d0-8d9b-00a02453c337, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[2105]
</data>
</information>
</port>
<port protocol="udp" portid="53">
<service name="domain" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>11002</id>
<data>
A DNS server is running on this port. If you
do not use it, disable it.
Risk factor : Low
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11002</id>
<data>
A DNS server is running on this port. If you
do not use it, disable it.
Risk factor : Low
</data>
</information>
</port>
<port protocol="tcp" portid="53">
<service name="domain" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10539</id>
<data>
The remote name server allows recursive queries to be performed
by the host running nessusd.
If this is your internal nameserver, then forget this warning.
If you are probing a remote nameserver, then it allows anyone
to use it to resolve third parties names (such as www.nessus.org).
This allows hackers to do cache poisoning attacks against this
nameserver.
See also : http://www.cert.org/advisories/CA-1997-22.html
Solution : Restrict recursive queries to the hosts that should
use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction
'allow-recursion' in the 'options' section of your named.conf
If you are using another name server, consult its documentation.
Risk factor : Serious
CVE : CVE-1999-0024
BID : 678
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11002</id>
<data>
A DNS server is running on this port. If you
do not use it, disable it.
Risk factor : Low
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11002</id>
<data>
A DNS server is running on this port. If you
do not use it, disable it.
Risk factor : Low
</data>
</information>
</port>
<port protocol="udp" portid="67">
<service name="bootps" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10663</id>
<data>
Here is the information we could gather from the remote DHCP
server. This allows an attacker on your local network to gain
information about it easily :
Master DHCP server of this network : 192.168.4.54
IP address the DHCP server would attribute us : 192.168.4.226
netmask = 255.255.254.0
DHCP server(s) identifier = 192.168.4.54
router = 192.168.4.2
time server(s) = 192.168.4.57
domain name server(s) = 192.168.4.54 , 192.168.4.57
Netbios Name server(s) = 192.168.4.54 , 192.168.4.44
Solution : remove the options that are not in use in your DHCP server
Risk factor : Low
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10663</id>
<data>
Here is the information we could gather from the remote DHCP
server. This allows an attacker on your local network to gain
information about it easily :
Master DHCP server of this network : 192.168.4.54
IP address the DHCP server would attribute us : 192.168.4.226
netmask = 255.255.254.0
DHCP server(s) identifier = 192.168.4.54
router = 192.168.4.2
time server(s) = 192.168.4.57
domain name server(s) = 192.168.4.54 , 192.168.4.57
Netbios Name server(s) = 192.168.4.54 , 192.168.4.44
Solution : remove the options that are not in use in your DHCP server
Risk factor : Low
</data>
</information>
</port>
<port protocol="tcp" portid="1026">
<service name="LSA-or-nterm" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4
Endpoint: ncacn_ip_tcp:192.168.4.54[1026]
Annotation: MS NT Directory DRS Interface
UUID: f5cc5a7c-4264-101a-8c59-08002b2f8426, version 21
Endpoint: ncacn_ip_tcp:192.168.4.54[1026]
Annotation: MS NT Directory XDS Interface
UUID: f5cc5a18-4264-101a-8c59-08002b2f8426, version 56
Endpoint: ncacn_ip_tcp:192.168.4.54[1026]
Annotation: MS NT Directory NSP Interface
UUID: 12345678-1234-abcd-ef00-01234567cffb, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[1026]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4
Endpoint: ncacn_ip_tcp:192.168.4.54[1026]
Annotation: MS NT Directory DRS Interface
UUID: f5cc5a7c-4264-101a-8c59-08002b2f8426, version 21
Endpoint: ncacn_ip_tcp:192.168.4.54[1026]
Annotation: MS NT Directory XDS Interface
UUID: f5cc5a18-4264-101a-8c59-08002b2f8426, version 56
Endpoint: ncacn_ip_tcp:192.168.4.54[1026]
Annotation: MS NT Directory NSP Interface
UUID: 12345678-1234-abcd-ef00-01234567cffb, version 1
Endpoint: ncacn_ip_tcp:192.168.4.54[1026]
</data>
</information>
</port>
</ports>
</result>
<result>
<host name="192.168.4.53" ip="192.168.4.53"/>
<date>
<error txt="No scan dates."/>
</date>
<ports>
<port protocol="tcp" portid="80">
<service name="www" method="nessus" conf="3" />
<information>
<severity>Security Hole</severity>
<id>11412</id>
<data>
The remote WebDAV server may be vulnerable to a buffer overflow when
it receives a too long request.
An attacker may use this flaw to execute arbitrary code within the
LocalSystem security context.
*** As safe checks are enabled, Nessus did not actually test for this
*** flaw, so this might be a false positive
Solution : See http://www.microsoft.com/technet/security/bulletin/ms03-007.asp
Risk Factor : High
CVE : CAN-2003-0109
BID : 7116
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10937</id>
<data>
The IIS server appears to have the .SHTML ISAPI filter mapped.
At least one remote vulnerability has been discovered for the
.SHTML filter. This is detailed in Microsoft Advisory MS02-018
and results in a denial of service access to the web server.
It is recommended that even if you have patched this vulnerability that
you unmap the .SHTML extension, and any other unused ISAPI extensions
if they are not required for the operation of your site.
An attacker may use this flaw to prevent the remote service
from working properly.
*** Nessus reports this vulnerability using only
*** information that was gathered. Use caution
*** when testing without safe checks enabled
Solution: See
http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
and/or unmap the shtml/shtm isapi filters.
To unmap the .shtml extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .shtml/shtm and sht from the list.
Risk factor : Medium
CVE : CAN-1999-1376, CVE-2000-0226, CVE-2002-0072
BID : 4479
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>11412</id>
<data>
The remote WebDAV server may be vulnerable to a buffer overflow when
it receives a too long request.
An attacker may use this flaw to execute arbitrary code within the
LocalSystem security context.
*** As safe checks are enabled, Nessus did not actually test for this
*** flaw, so this might be a false positive
Solution : See http://www.microsoft.com/technet/security/bulletin/ms03-007.asp
Risk Factor : High
CVE : CAN-2003-0109
BID : 7116
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10937</id>
<data>
The IIS server appears to have the .SHTML ISAPI filter mapped.
At least one remote vulnerability has been discovered for the
.SHTML filter. This is detailed in Microsoft Advisory MS02-018
and results in a denial of service access to the web server.
It is recommended that even if you have patched this vulnerability that
you unmap the .SHTML extension, and any other unused ISAPI extensions
if they are not required for the operation of your site.
An attacker may use this flaw to prevent the remote service
from working properly.
*** Nessus reports this vulnerability using only
*** information that was gathered. Use caution
*** when testing without safe checks enabled
Solution: See
http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
and/or unmap the shtml/shtm isapi filters.
To unmap the .shtml extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .shtml/shtm and sht from the list.
Risk factor : Medium
CVE : CAN-1999-1376, CVE-2000-0226, CVE-2002-0072
BID : 4479
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10077</id>
<data>
The remote web server appears to be running with the Frontpage extensions.
You should double check the configuration since a lot of security problems
have been found with FrontPage when the configuration file is not well set up.
Risk factor : High if your configuration file is not well set up
CVE : CAN-2000-0114
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10077</id>
<data>
The remote frontpage server may leak information on the anonymous user
By knowing the name of the anonymous user, more sophisticated attacks may be launched
Check the following data for any potential leaks:
method=open service:3.0.2.1105
<p>status=
<ul>
<li>status=917505
<li>osstatus=0
<li>msg=The user 'IUSR_AZHQ_ARC' is not authorized to execute the 'open service' method.
<li>osmsg=
</ul>
</body>
</html>
1
CVE : CAN-2000-0114
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10077</id>
<data>
The remote web server appears to be running with the Frontpage extensions.
You should double check the configuration since a lot of security problems
have been found with FrontPage when the configuration file is not well set up.
Risk factor : High if your configuration file is not well set up
CVE : CAN-2000-0114
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10077</id>
<data>
The remote frontpage server may leak information on the anonymous user
By knowing the name of the anonymous user, more sophisticated attacks may be launched
Check the following data for any potential leaks:
method=open service:3.0.2.1105
<p>status=
<ul>
<li>status=917505
<li>osstatus=0
<li>msg=The user 'IUSR_AZHQ_ARC' is not authorized to execute the 'open service' method.
<li>osmsg=
</ul>
</body>
</html>
1
CVE : CAN-2000-0114
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>11311</id>
<data>
The remote host has FrontPage Server Extensions (FPSE) installed.
There is a denial of service / buffer overflow condition
in the program 'shtml.exe' which comes with it. However,
no public detail has been given regarding this issue yet,
so it's not possible to remotely determine if you are
vulnerable to this flaw or not.
If you are, an attacker may use it to crash your web server
(FPSE 2000) or execute arbitrary code (FPSE 2002). Please
see the Microsoft Security Bulletin MS02-053 to determine
if you are vulnerable or not.
*** Nessus did not actually check for this flaw, so this
*** might be a false positive
Solution : See http://www.microsoft.com/technet/security/bulletin/ms02-053.asp
Risk factor : High
CVE : CAN-2002-0692
BID : 5804
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>11311</id>
<data>
The remote host has FrontPage Server Extensions (FPSE) installed.
There is a denial of service / buffer overflow condition
in the program 'shtml.exe' which comes with it. However,
no public detail has been given regarding this issue yet,
so it's not possible to remotely determine if you are
vulnerable to this flaw or not.
If you are, an attacker may use it to crash your web server
(FPSE 2000) or execute arbitrary code (FPSE 2002). Please
see the Microsoft Security Bulletin MS02-053 to determine
if you are vulnerable or not.
*** Nessus did not actually check for this flaw, so this
*** might be a false positive
Solution : See http://www.microsoft.com/technet/security/bulletin/ms02-053.asp
Risk factor : High
CVE : CAN-2002-0692
BID : 5804
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>11422</id>
<data>
The remote web server seems to have its default welcome page set.
It probably means that this server is not used at all.
Solution : Disable this service, as you do not use it
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>11422</id>
<data>
The remote web server seems to have its default welcome page set.
It probably means that this server is not used at all.
Solution : Disable this service, as you do not use it
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10661</id>
<data>
IIS 5 has support for the Internet Printing Protocol(IPP), which is
enabled in a default install. The protocol is implemented in IIS5 as an
ISAPI extension. At least one security problem (a buffer overflow)
has been found with that extension in the past, so we recommend
you disable it if you do not use this functionality.
Solution:
To unmap the .printer extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .printer from the list.
Reference : http://online.securityfocus.com/archive/1/181109
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10661</id>
<data>
IIS 5 has support for the Internet Printing Protocol(IPP), which is
enabled in a default install. The protocol is implemented in IIS5 as an
ISAPI extension. At least one security problem (a buffer overflow)
has been found with that extension in the past, so we recommend
you disable it if you do not use this functionality.
Solution:
To unmap the .printer extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .printer from the list.
Reference : http://online.securityfocus.com/archive/1/181109
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>11213</id>
<data>
Your webserver supports the TRACE and/or TRACK methods. It has been
shown that servers supporting this method are subject
to cross-site-scripting attacks, dubbed XST for
'Cross-Site-Tracing', when used in conjunction with
various weaknesses in browsers.
An attacker may use this flaw to trick your
legitimate web users to give him their
credentials.
Solution: Disable these methods.
If you are using Apache, add the following lines for each virtual
host in your configuration file :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
If you are using Microsoft IIS, use the URLScan tool to deny HTTP TRACE
requests or to permit only the methods needed to meet site requirements
and policy.
See http://www.whitehatsec.com/press_releases/WH-PR-20030120.pdf
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0035.html
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10864</id>
<data>
Here is the nikto report:
---------------------------------------------------------------------------
- Nikto 1.30/1.07 - www.cirt.net
+ Target IP: 192.168.4.53
+ Target Hostname: xyhq_arc.example.net
+ Target Port: 80
+ Start Time: Wed Jul 23 15:50:18 2003
---------------------------------------------------------------------------
- Scan is dependent on "Server" string which can be faked, use -g to override
+ Server: Microsoft-IIS/5.0
+ Allowed HTTP Methods: OPTIONS, TRACE, GET, HEAD, COPY, PROPFIND, SEARCH, LOCK, UNLOCK
+ HTTP method 'PROPFIND' may indicate DAV/WebDAV is installed. This may allow DAV authorized users to consume system memory via large requests or fill disk quotas.
+ HTTP method 'TRACE' may allow client XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details.
+ Microsoft-IIS/5.0 is outdated if server is Win2000 (4.0 is current for NT 4)
+ / - TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACE)
+ / - TRACK option ('TRACE' alias) appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACK)
+ /blahb.ida - Reveals physical path. To fix: Preferences -> Home directory -> Application & check 'Check if file exists' for the ISAPI mappings. MS01-033. (GET)
+ /blahb.idq - Reveals physical path. To fix: Preferences -> Home directory -> Application & check 'Check if file exists' for the ISAPI mappings. MS01-033. (GET)
+ /xxxxxxxxxxabcd.html - The IIS server may be vulnerable to Cross Site Scripting (XSS) in error messages, ensure Q319733 is installed, see MS02-018, CVE-2002-0075, SNS-49, CA-2002-09 (GET)
+ /xxxxx.htw - Server may be vulnerable to a Webhits.dll arbitrary file retrieval. Ensure Q252463i, Q252463a or Q251170 is installed. MS00-006. (GET)
+ /NULL.printer - Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain admin privileges via a long print request that is passed to the extension through IIS 5.0. EEYE-AD20010501, CVE-2001-0241, MS01-023, CA-2001-10, BID 2674 (GET)
+ /scripts/samples/search/qfullhit.htw - Server may be vulnerable to a Webhits.dll arbitrary file retrieval. MS00-006. (GET)
+ /scripts/samples/search/qsumrhit.htw - Server may be vulnerable to a Webhits.dll arbitrary file retrieval. MS00-006. (GET)
+ /whatever.htr - Reveals physical path. htr files may also be vulnerable to an off-by-one overflow that allows remote command execution (see MS02-018) (GET)
+ /_vti_bin/fpcount.exe - Frontpage counter CGI has been found. FP Server version 97 allows remote users to execute arbitrary system commands, though a vulnerability in this version could not be confirmed. (GET)
+ /_vti_bin/shtml.dll/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611 - Gives info about server settings. CAN-2000-0413, CAN-2000-0709, CAN-2000-0710, BID-1608, BID-1174. (POST)
+ /_vti_bin/shtml.exe - Attackers may be able to crash FrontPage by requesting a DOS device, like shtml.exe/aux.htm -- a DoS was not attempted. CAN-2000-0413, CAN-2000-0709, CAN-2000-0710, BID-1608, BID-1174. (GET)
+ /_vti_bin/shtml.exe/_vti_rpc - FrontPage may be installed. (GET)
+ /_vti_bin/shtml.exe/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611 - Gives info about server settings. CAN-2000-0413, CAN-2000-0709, CAN-2000-0710, BID-1608, BID-1174. (POST)
+ /_vti_bin/_vti_aut/author.dll?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=f+ /_vti_bin/_vti_aut/author.exe?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=f+ /_vti_inf.html - FrontPage may be installed. (GET)
+ 1825 items checked - 16 items found on remote host
+ End Time: Wed Jul 23 15:50:48 2003 (30 seconds)
---------------------------------------------------------------------------
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>11424</id>
<data>
The remote server is running with WebDAV enabled.
WebDAV is an industry standard extension to the HTTP specification.
It adds a capability for authorized users to remotely add and manage
the content of a web server.
If you do not use this extension, you should disable it.
Solution : If you use IIS, refer to Microsoft KB article Q241520
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>11213</id>
<data>
Your webserver supports the TRACE and/or TRACK methods. It has been
shown that servers supporting this method are subject
to cross-site-scripting attacks, dubbed XST for
'Cross-Site-Tracing', when used in conjunction with
various weaknesses in browsers.
An attacker may use this flaw to trick your
legitimate web users to give him their
credentials.
Solution: Disable these methods.
If you are using Apache, add the following lines for each virtual
host in your configuration file :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
If you are using Microsoft IIS, use the URLScan tool to deny HTTP TRACE
requests or to permit only the methods needed to meet site requirements
and policy.
See http://www.whitehatsec.com/press_releases/WH-PR-20030120.pdf
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0035.html
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10864</id>
<data>
Here is the nikto report:
---------------------------------------------------------------------------
- Nikto 1.30/1.07 - www.cirt.net
+ Target IP: 192.168.4.53
+ Target Hostname: xyhq_arc.example.net
+ Target Port: 80
+ Start Time: Wed Jul 23 15:50:08 2003
---------------------------------------------------------------------------
- Scan is dependent on "Server" string which can be faked, use -g to override
+ Server: Microsoft-IIS/5.0
+ Allowed HTTP Methods: OPTIONS, TRACE, GET, HEAD, COPY, PROPFIND, SEARCH, LOCK, UNLOCK
+ HTTP method 'PROPFIND' may indicate DAV/WebDAV is installed. This may allow DAV authorized users to consume system memory via large requests or fill disk quotas.
+ HTTP method 'TRACE' may allow client XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details.
+ Microsoft-IIS/5.0 is outdated if server is Win2000 (4.0 is current for NT 4)
+ / - TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACE)
+ / - TRACK option ('TRACE' alias) appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACK)
+ /blahb.ida - Reveals physical path. To fix: Preferences -> Home directory -> Application & check 'Check if file exists' for the ISAPI mappings. MS01-033. (GET)
+ /blahb.idq - Reveals physical path. To fix: Preferences -> Home directory -> Application & check 'Check if file exists' for the ISAPI mappings. MS01-033. (GET)
+ /xxxxxxxxxxabcd.html - The IIS server may be vulnerable to Cross Site Scripting (XSS) in error messages, ensure Q319733 is installed, see MS02-018, CVE-2002-0075, SNS-49, CA-2002-09 (GET)
+ /xxxxx.htw - Server may be vulnerable to a Webhits.dll arbitrary file retrieval. Ensure Q252463i, Q252463a or Q251170 is installed. MS00-006. (GET)
+ /NULL.printer - Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain admin privileges via a long print request that is passed to the extension through IIS 5.0. EEYE-AD20010501, CVE-2001-0241, MS01-023, CA-2001-10, BID 2674 (GET)
+ /scripts/samples/search/qfullhit.htw - Server may be vulnerable to a Webhits.dll arbitrary file retrieval. MS00-006. (GET)
+ /scripts/samples/search/qsumrhit.htw - Server may be vulnerable to a Webhits.dll arbitrary file retrieval. MS00-006. (GET)
+ /whatever.htr - Reveals physical path. htr files may also be vulnerable to an off-by-one overflow that allows remote command execution (see MS02-018) (GET)
+ /_vti_bin/fpcount.exe - Frontpage counter CGI has been found. FP Server version 97 allows remote users to execute arbitrary system commands, though a vulnerability in this version could not be confirmed. (GET)
+ /_vti_bin/shtml.dll/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611 - Gives info about server settings. CAN-2000-0413, CAN-2000-0709, CAN-2000-0710, BID-1608, BID-1174. (POST)
+ /_vti_bin/shtml.exe - Attackers may be able to crash FrontPage by requesting a DOS device, like shtml.exe/aux.htm -- a DoS was not attempted. CAN-2000-0413, CAN-2000-0709, CAN-2000-0710, BID-1608, BID-1174. (GET)
+ /_vti_bin/shtml.exe/_vti_rpc - FrontPage may be installed. (GET)
+ /_vti_bin/shtml.exe/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611 - Gives info about server settings. CAN-2000-0413, CAN-2000-0709, CAN-2000-0710, BID-1608, BID-1174. (POST)
+ /_vti_bin/_vti_aut/author.dll?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=f+ /_vti_bin/_vti_aut/author.exe?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=f+ /_vti_inf.html - FrontPage may be installed. (GET)
+ 1825 items checked - 16 items found on remote host
+ End Time: Wed Jul 23 15:50:39 2003 (31 seconds)
---------------------------------------------------------------------------
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>11424</id>
<data>
The remote server is running with WebDAV enabled.
WebDAV is an industry standard extension to the HTTP specification.
It adds a capability for authorized users to remotely add and manage
the content of a web server.
If you do not use this extension, you should disable it.
Solution : If you use IIS, refer to Microsoft KB article Q241520
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10695</id>
<data>
The IIS server appears to have the .IDA ISAPI filter mapped.
At least one remote vulnerability has been discovered for the .IDA
(indexing service) filter. This is detailed in Microsoft Advisory
MS01-033, and gives remote SYSTEM level access to the web server.
It is recommended that even if you have patched this vulnerability that
you unmap the .IDA extension, and any other unused ISAPI extensions
if they are not required for the operation of your site.
Solution:
To unmap the .IDA extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .ida from the list.
Risk factor : Medium
CVE : CVE-2001-0500
BID : 2880
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10695</id>
<data>
The IIS server appears to have the .IDA ISAPI filter mapped.
At least one remote vulnerability has been discovered for the .IDA
(indexing service) filter. This is detailed in Microsoft Advisory
MS01-033, and gives remote SYSTEM level access to the web server.
It is recommended that even if you have patched this vulnerability that
you unmap the .IDA extension, and any other unused ISAPI extensions
if they are not required for the operation of your site.
Solution:
To unmap the .IDA extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .ida from the list.
Risk factor : Medium
CVE : CVE-2001-0500
BID : 2880
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10932</id>
<data>
The IIS server appears to have the .HTR ISAPI filter mapped.
At least one remote vulnerability has been discovered for the .HTR
filter. This is detailed in Microsoft Advisory
MS02-018, and gives remote SYSTEM level access to the web server.
It is recommended that even if you have patched this vulnerability that
you unmap the .HTR extension, and any other unused ISAPI extensions
if they are not required for the operation of your site.
Solution :
To unmap the .HTR extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .htr from the list.
Risk factor : High
CVE : CVE-2002-0071
BID : 4474
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10932</id>
<data>
The IIS server appears to have the .HTR ISAPI filter mapped.
At least one remote vulnerability has been discovered for the .HTR
filter. This is detailed in Microsoft Advisory
MS02-018, and gives remote SYSTEM level access to the web server.
It is recommended that even if you have patched this vulnerability that
you unmap the .HTR extension, and any other unused ISAPI extensions
if they are not required for the operation of your site.
Solution :
To unmap the .HTR extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .htr from the list.
Risk factor : High
CVE : CVE-2002-0071
BID : 4474
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10107</id>
<data>
The remote web server type is :
Microsoft-IIS/5.0
Solution : You can use urlscan to change reported server for IIS.
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10107</id>
<data>
The remote web server type is :
Microsoft-IIS/5.0
Solution : You can use urlscan to change reported server for IIS.
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11032</id>
<data>
The following directories were discovered:
/_vti_bin, /images
The following directories require authentication:
/printers
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11032</id>
<data>
The following directories were discovered:
/_vti_bin, /images
The following directories require authentication:
/printers
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
A web server is running on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
A web server is running on this port
</data>
</information>
</port>
<port protocol="udp" portid="7938">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port
</data>
</information>
</port>
<port protocol="tcp" portid="7938">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port
</data>
</information>
</port>
<port protocol="tcp" portid="7937">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #390113 version 1 is running on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #390113 version 1 is running on this port
</data>
</information>
</port>
<port protocol="udp" portid="1101">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: bfa951d1-2f0e-11d3-bfd1-00c04fa3490a, version 1
Endpoint: ncadg_ip_udp:192.168.4.53[1101]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: bfa951d1-2f0e-11d3-bfd1-00c04fa3490a, version 1
Endpoint: ncadg_ip_udp:192.168.4.53[1101]
</data>
</information>
</port>
<port protocol="tcp" portid="1095">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 82ad4280-036b-11cf-972c-00aa006887b0, version 2
Endpoint: ncacn_ip_tcp:192.168.4.53[1095]
UUID: 8cfb5d70-31a4-11cf-a7d8-00805f48a135, version 3
Endpoint: ncacn_ip_tcp:192.168.4.53[1095]
UUID: bfa951d1-2f0e-11d3-bfd1-00c04fa3490a, version 1
Endpoint: ncacn_ip_tcp:192.168.4.53[1095]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 82ad4280-036b-11cf-972c-00aa006887b0, version 2
Endpoint: ncacn_ip_tcp:192.168.4.53[1095]
UUID: 8cfb5d70-31a4-11cf-a7d8-00805f48a135, version 3
Endpoint: ncacn_ip_tcp:192.168.4.53[1095]
UUID: bfa951d1-2f0e-11d3-bfd1-00c04fa3490a, version 1
Endpoint: ncacn_ip_tcp:192.168.4.53[1095]
</data>
</information>
</port>
<port protocol="udp" portid="1073">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1
Endpoint: ncadg_ip_udp:192.168.4.53[1073]
Annotation: Messenger Service
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1
Endpoint: ncadg_ip_udp:192.168.4.53[1073]
Annotation: Messenger Service
</data>
</information>
</port>
<port protocol="tcp" portid="1063">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1
Endpoint: ncacn_ip_tcp:192.168.4.53[1063]
UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1
Endpoint: ncacn_ip_tcp:192.168.4.53[1063]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1
Endpoint: ncacn_ip_tcp:192.168.4.53[1063]
UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1
Endpoint: ncacn_ip_tcp:192.168.4.53[1063]
</data>
</information>
</port>
<port protocol="tcp" portid="1046">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.53[1046]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.53[1046]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.53[1046]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.53[1046]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.53[1046]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.53[1046]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.53[1046]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.53[1046]
</data>
</information>
</port>
<port protocol="tcp" portid="111">
<service name="sunrpc" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10223</id>
<data>
The RPC portmapper is running on this port.
An attacker may use it to enumerate your list
of RPC services. We recommend you filter traffic
going to this port.
Risk factor : Low
CVE : CAN-1999-0632, CVE-1999-0189
BID : 205
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10223</id>
<data>
The RPC portmapper is running on this port.
An attacker may use it to enumerate your list
of RPC services. We recommend you filter traffic
going to this port.
Risk factor : Low
CVE : CAN-1999-0632, CVE-1999-0189
BID : 205
</data>
</information>
</port>
<port protocol="udp" portid="161">
<service name="snmp" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10551</id>
<data>
It was possible to obtain the list of network interfaces of the
remote host via SNMP :
. MS TCP Loopback interface
. Compaq Ethernet/Fast Ethernet Adapter/Module
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10551</id>
<data>
It was possible to obtain the list of network interfaces of the
remote host via SNMP :
. MS TCP Loopback interface
. Compaq Ethernet/Fast Ethernet Adapter/Module
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10548</id>
<data>
It was possible to obtain the list of Lanman shares of the
remote host via SNMP :
. Easy
. Level2
. D:E
. D:Lev
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10548</id>
<data>
It was possible to obtain the list of Lanman shares of the
remote host via SNMP :
. Easy
. Level2
. D:E
. D:Lev
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10547</id>
<data>
It was possible to obtain the list of Lanman services of the
remote host via SNMP :
. Server
. Alerter
. DefWatch
. OnePoint
. QoS RSVP
. Event Log
. Messenger
. Net Logon
. Telephony
. DNS Client
. DHCP Client
. Workstation
. SNMP Service
. Windows Time
. Plug and Play
. Print Spooler
. RunAs Service
. Task Scheduler
. Compaq Web Agent
. Computer Browser
. Automatic Updates
. COM+ Event System
. Compaq NIC Agents
. IIS Admin Service
. Protected Storage
. IPSEC Policy Agent
. SMS Client Service
. Network Connections
. Compaq Server Agents
. Logical Disk Manager
. Compaq Storage Agents
. Distributed File System
. License Logging Service
. NetWorker Power Monitor
. Norton AntiVirus Client
. Remote Registry Service
. Compaq Foundation Agents
. SMS Remote Control Agent
. Security Accounts Manager
. System Event Notification
. Remote Procedure Call (RPC)
. Compaq Remote Monitor Service
. NetWorker Remote Exec Service
. TCP/IP NetBIOS Helper Service
. Compaq System Shutdown Service
. NT LM Security Support Provider
. Distributed Link Tracking Client
. World Wide Web Publishing Service
. Windows Management Instrumentation
. Distributed Transaction Coordinator
. Remote Procedure Call (RPC) Locator
. Simple Mail Transport Protocol (SMTP)
. Windows Management Instrumentation Driver Extensions
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10547</id>
<data>
It was possible to obtain the list of Lanman services of the
remote host via SNMP :
. Server
. Alerter
. DefWatch
. OnePoint
. QoS RSVP
. Event Log
. Messenger
. Net Logon
. Telephony
. DNS Client
. DHCP Client
. Workstation
. SNMP Service
. Windows Time
. Plug and Play
. Print Spooler
. RunAs Service
. Task Scheduler
. Compaq Web Agent
. Computer Browser
. Automatic Updates
. COM+ Event System
. Compaq NIC Agents
. IIS Admin Service
. Protected Storage
. IPSEC Policy Agent
. SMS Client Service
. Network Connections
. Compaq Server Agents
. Logical Disk Manager
. Compaq Storage Agents
. Distributed File System
. License Logging Service
. NetWorker Power Monitor
. Norton AntiVirus Client
. Remote Registry Service
. Compaq Foundation Agents
. SMS Remote Control Agent
. Security Accounts Manager
. System Event Notification
. Remote Procedure Call (RPC)
. Compaq Remote Monitor Service
. NetWorker Remote Exec Service
. TCP/IP NetBIOS Helper Service
. Compaq System Shutdown Service
. NT LM Security Support Provider
. Distributed Link Tracking Client
. World Wide Web Publishing Service
. Windows Management Instrumentation
. Distributed Transaction Coordinator
. Remote Procedure Call (RPC) Locator
. Simple Mail Transport Protocol (SMTP)
. Windows Management Instrumentation Driver Extensions
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10546</id>
<data>
It was possible to obtain the list of SMB users of the
remote host via SNMP :
. Guest
. easyadm
. Administrator
. IUSR_AZHQ_ARC
. IWAM_AZHQ_ARC
. SMSCliSvcAcct&
. TsInternetUser
. SMSCliToknAcct&
An attacker may use this information to set up brute force
attacks or find an unused account.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10546</id>
<data>
It was possible to obtain the list of SMB users of the
remote host via SNMP :
. Guest
. easyadm
. Administrator
. IUSR_AZHQ_ARC
. IWAM_AZHQ_ARC
. SMSCliSvcAcct&
. TsInternetUser
. SMSCliToknAcct&
An attacker may use this information to set up brute force
attacks or find an unused account.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10800</id>
<data>
Using SNMP, we could determine that the remote operating system is :
Hardware: x86 Family 6 Model 11 Stepping 1 AT/AT COMPATIBLE - Software: Windows 2000 Version 5.0 (Build 2195 Uniprocessor Free)
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10800</id>
<data>
Using SNMP, we could determine that the remote operating system is :
Hardware: x86 Family 6 Model 11 Stepping 1 AT/AT COMPATIBLE - Software: Windows 2000 Version 5.0 (Build 2195 Uniprocessor Free)
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10264</id>
<data>
SNMP Agent responded as expected with community name: public
CVE : CAN-1999-0517, CAN-1999-0186, CAN-1999-0254
BID : 177, 7081, 7212, 7317
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10264</id>
<data>
SNMP Agent responded as expected with community name: public
CVE : CAN-1999-0517, CAN-1999-0186, CAN-1999-0254
BID : 177, 7081, 7212, 7317
</data>
</information>
</port>
<port protocol="tcp" portid="25">
<service name="smtp" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>11034</id>
<data>
For some reason, we could not send the EICAR test string to this MTA
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11034</id>
<data>
For some reason, we could not send the EICAR test string to this MTA
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11421</id>
<data>
This server could be fingerprinted as being Microsoft ESMTP MAIL Service, Version 5.0.2195
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11421</id>
<data>
This server could be fingerprinted as being Microsoft ESMTP MAIL Service, Version 5.0.2195
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10263</id>
<data>
Remote SMTP server banner :
220 xyhq_arc.example.net Microsoft ESMTP MAIL Service, Version: 5.0.2195.4905 ready at Wed, 23 Jul 2003 15:27:49 -0400
This is probably: Microsoft Exchange version 5.0.2195.4905 ready at Wed, 23 Jul 2003 15:27:49 -0400
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10263</id>
<data>
Remote SMTP server banner :
220 xyhq_arc.example.net Microsoft ESMTP MAIL Service, Version: 5.0.2195.4905 ready at Wed, 23 Jul 2003 15:27:30 -0400
This is probably: Microsoft Exchange version 5.0.2195.4905 ready at Wed, 23 Jul 2003 15:27:30 -0400
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
An SMTP server is running on this port
Here is its banner :
220 xyhq_arc.example.net Microsoft ESMTP MAIL Service, Version: 5.0.2195.4905 ready at Wed, 23 Jul 2003 15:26:20 -0400
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
An SMTP server is running on this port
Here is its banner :
220 xyhq_arc.example.net Microsoft ESMTP MAIL Service, Version: 5.0.2195.4905 ready at Wed, 23 Jul 2003 15:26:10 -0400
</data>
</information>
</port>
<port protocol="tcp" portid="139">
<service name="netbios-ssn" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10916</id>
<data>
The following local accounts have passwords which never expire :
Administrator
Guest
TsInternetUser
IUSR_AZHQ_ARC
IWAM_AZHQ_ARC
easyadm
SMSCliSvcAcct&
SMSCliToknAcct&
Password should have a limited lifetime
Solution : disable password non-expiry
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10916</id>
<data>
The following local accounts have passwords which never expire :
Administrator
Guest
TsInternetUser
IUSR_AZHQ_ARC
IWAM_AZHQ_ARC
easyadm
SMSCliSvcAcct&
SMSCliToknAcct&
Password should have a limited lifetime
Solution : disable password non-expiry
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10911</id>
<data>
The following local accounts were disabled automatically by the system:
Administrator
Guest
This probably means that these accounts were subject to brute force attacks
Risk factor : Low
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10911</id>
<data>
The following local accounts were disabled automatically by the system:
Administrator
Guest
This probably means that these accounts were subject to brute force attacks
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10397</id>
<data>
Here is the browse list of the remote host :
WARNING - LARGE BROWSE LIST.
Only the first 165 names enumerated
1AZ2015 -
1AZ2033 -
This is potentially dangerous as this may help the attack
of a potential hacker by giving him extra targets to check for
Solution : filter incoming traffic to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10397</id>
<data>
Here is the browse list of the remote host :
WARNING - LARGE BROWSE LIST.
Only the first 165 names enumerated
1AZ2015 -
This is potentially dangerous as this may help the attack
of a potential hacker by giving him extra targets to check for
Solution : filter incoming traffic to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10899</id>
<data>
The following accounts have never logged in :
Administrator
Guest
Unused accounts are very helpful to hacker
Solution : suppress these accounts
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10899</id>
<data>
The following accounts have never logged in :
Administrator
Guest
Unused accounts are very helpful to hacker
Solution : suppress these accounts
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10895</id>
<data>
The following accounts were disabled automatically by the system:
Administrator
Guest
This probably means that these accounts were subject to brute force attacks
Risk factor : Low
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10895</id>
<data>
The following accounts were disabled automatically by the system:
Administrator
Guest
This probably means that these accounts were subject to brute force attacks
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10898</id>
<data>
The following accounts have never changed their password :
Guest
To minimize the risk of break-in, users should
change their password regularly
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10898</id>
<data>
The following accounts have never changed their password :
Guest
To minimize the risk of break-in, users should
change their password regularly
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10915</id>
<data>
The following local accounts have never logged in :
Administrator
Guest
TsInternetUser
Unused accounts are very helpful to hacker
Solution : suppress these accounts
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10915</id>
<data>
The following local accounts have never logged in :
Administrator
Guest
TsInternetUser
Unused accounts are very helpful to hacker
Solution : suppress these accounts
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10914</id>
<data>
The following local accounts have never changed their password :
Guest
TsInternetUser
IUSR_AZHQ_ARC
IWAM_AZHQ_ARC
easyadm
SMSCliSvcAcct&
SMSCliToknAcct&
To minimize the risk of break-in, users should
change their password regularly
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10914</id>
<data>
The following local accounts have never changed their password :
Guest
TsInternetUser
IUSR_AZHQ_ARC
IWAM_AZHQ_ARC
easyadm
SMSCliSvcAcct&
SMSCliToknAcct&
To minimize the risk of break-in, users should
change their password regularly
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10900</id>
<data>
The following accounts have passwords which never expire :
Administrator
Guest
Password should have a limited lifetime
Solution : disable password non-expiry
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10900</id>
<data>
The following accounts have passwords which never expire :
Administrator
Guest
Password should have a limited lifetime
Solution : disable password non-expiry
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10913</id>
<data>
The following local accounts are disabled :
Guest
To minimize the risk of break-in, permanently disabled accounts
should be deleted
Risk factor : Low
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10913</id>
<data>
The following local accounts are disabled :
Guest
To minimize the risk of break-in, permanently disabled accounts
should be deleted
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10860</id>
<data>
The host SID could be used to enumerate the names of the local users
of this host.
(we only enumerated users name whose ID is between 1000 and 2000
for performance reasons)
This gives extra knowledge to an attacker, which
is not a good thing :
- Administrator account name : Administrator (id 500)
- Guest account name : Guest (id 501)
- TsInternetUser (id 1000)
- IUSR_AZHQ_ARC (id 1001)
- IWAM_AZHQ_ARC (id 1002)
- easyadm (id 1005)
- SMSCliSvcAcct& (id 1006)
- SMSCliToknAcct& (id 1007)
Risk factor : Medium
Solution : filter incoming connections this port
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10859</id>
<data>
The host SID can be obtained remotely. Its value is :
AZHQ_ARC : 5-21-789336058-562591055-839522115
An attacker can use it to obtain the list of the local users of this host
Solution : filter the ports 137 to 139 and 445
Risk factor : Low
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10860</id>
<data>
The host SID could be used to enumerate the names of the local users
of this host.
(we only enumerated users name whose ID is between 1000 and 2000
for performance reasons)
This gives extra knowledge to an attacker, which
is not a good thing :
- Administrator account name : Administrator (id 500)
- Guest account name : Guest (id 501)
- TsInternetUser (id 1000)
- IUSR_AZHQ_ARC (id 1001)
- IWAM_AZHQ_ARC (id 1002)
- easyadm (id 1005)
- SMSCliSvcAcct& (id 1006)
- SMSCliToknAcct& (id 1007)
Risk factor : Medium
Solution : filter incoming connections this port
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10859</id>
<data>
The host SID can be obtained remotely. Its value is :
AZHQ_ARC : 5-21-789336058-562591055-839522115
An attacker can use it to obtain the list of the local users of this host
Solution : filter the ports 137 to 139 and 445
Risk factor : Low
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10897</id>
<data>
The following accounts are disabled :
Guest
To minimize the risk of break-in, permanently disabled accounts
should be deleted
Risk factor : Low
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10785</id>
<data>
The remote native lan manager is : Windows 2000 LAN Manager
The remote Operating System is : Windows 5.0
The remote SMB Domain Name is : AZI
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10897</id>
<data>
The following accounts are disabled :
Guest
To minimize the risk of break-in, permanently disabled accounts
should be deleted
Risk factor : Low
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10785</id>
<data>
The remote native lan manager is : Windows 2000 LAN Manager
The remote Operating System is : Windows 5.0
The remote SMB Domain Name is : AZI
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10399</id>
<data>
The domain SID could be used to enumerate the names of the users
of this domain.
(we only enumerated users name whose ID is between 1000 and 2000
for performance reasons)
This gives extra knowledge to an attacker, which
is not a good thing :
- Administrator account name : Administrator (id 500)
- Guest account name : Guest (id 501)
- RP7646$ (id 1996)
Risk factor : Medium
Solution : filter incoming connections this port
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10399</id>
<data>
The domain SID could be used to enumerate the names of the users
of this domain.
(we only enumerated users name whose ID is between 1000 and 2000
for performance reasons)
This gives extra knowledge to an attacker, which
is not a good thing :
- Administrator account name : Administrator (id 500)
- Guest account name : Guest (id 501)
- RP7646$ (id 1996)
Risk factor : Medium
Solution : filter incoming connections this port
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10398</id>
<data>
The domain SID can be obtained remotely. Its value is :
AZI : 5-21-2088395314-1630698216-891584314
An attacker can use it to obtain the list of the local users of this host
Solution : filter the ports 137 to 139 and 445
Risk factor : Low
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10398</id>
<data>
The domain SID can be obtained remotely. Its value is :
AZI : 5-21-2088395314-1630698216-891584314
An attacker can use it to obtain the list of the local users of this host
Solution : filter the ports 137 to 139 and 445
Risk factor : Low
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10394</id>
<data>
. It was possible to log into the remote host using a NULL session.
The concept of a NULL session is to provide a null username and
a null password, which grants the user the 'guest' access
To prevent null sessions, see MS KB Article Q143474 (NT 4.0) and
Q246261 (Windows 2000).
Note that this won't completely disable null sessions, but will
prevent them from connecting to IPC$
Please see http://msgs.securepoint.com/cgi-bin/get/nessus-0204/50/1.html
. All the smb tests will be done as ''/'' in domain AZI
CVE : CAN-1999-0504, CAN-1999-0506, CVE-2000-0222
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10394</id>
<data>
. It was possible to log into the remote host using a NULL session.
The concept of a NULL session is to provide a null username and
a null password, which grants the user the 'guest' access
To prevent null sessions, see MS KB Article Q143474 (NT 4.0) and
Q246261 (Windows 2000).
Note that this won't completely disable null sessions, but will
prevent them from connecting to IPC$
Please see http://msgs.securepoint.com/cgi-bin/get/nessus-0204/50/1.html
. All the smb tests will be done as ''/'' in domain AZI
CVE : CAN-1999-0504, CAN-1999-0506, CVE-2000-0222
</data>
</information>
</port>
<port protocol="udp" portid="137">
<service name="netbios-ns" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10150</id>
<data>
. The following 9 NetBIOS names have been gathered :
AZHQ_ARC
AZI
AZHQ_ARC
AZHQ_ARC
AZHQ_ARC$
AZI
EASYADM
INet~Services
IS~AZHQ_ARC
. The remote host has the following MAC address on its adapter :
0x00 0x08 0x02 0x10 0x83 0x95
If you do not want to allow everyone to find the NetBios name
of your computer, you should filter incoming traffic to this port.
Risk factor : Medium
CVE : CAN-1999-0621
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10150</id>
<data>
. The following 9 NetBIOS names have been gathered :
AZHQ_ARC
AZI
AZHQ_ARC
AZHQ_ARC
AZHQ_ARC$
AZI
EASYADM
INet~Services
IS~AZHQ_ARC
. The remote host has the following MAC address on its adapter :
0x00 0x08 0x02 0x10 0x83 0x95
If you do not want to allow everyone to find the NetBios name
of your computer, you should filter incoming traffic to this port.
Risk factor : Medium
CVE : CAN-1999-0621
</data>
</information>
</port>
<port protocol="tcp" portid="445">
<service name="microsoft-ds" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>11011</id>
<data>
A CIFS server is running on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11011</id>
<data>
A CIFS server is running on this port
</data>
</information>
</port>
<port protocol="tcp" portid="135">
<service name="loc-srv" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10736</id>
<data>
DCE services running on the remote can be enumerated
by connecting on port 135 and doing the appropriate
queries.
An attacker may use this fact to gain more knowledge
about the remote host.
Solution : filter incoming traffic to this port.
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10736</id>
<data>
DCE services running on the remote can be enumerated
by connecting on port 135 and doing the appropriate
queries.
An attacker may use this fact to gain more knowledge
about the remote host.
Solution : filter incoming traffic to this port.
Risk factor : Low
</data>
</information>
</port>
<port protocol="tcp" portid="443">
<service name="https" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
An unknown service is running on this port.
It is usually reserved for HTTPS
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
An unknown service is running on this port.
It is usually reserved for HTTPS
</data>
</information>
</port>
<port protocol="udp">
<service name="general/udp" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10287</id>
<data>
For your information, here is the traceroute to 192.168.4.53 :
192.168.4.53
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10287</id>
<data>
For your information, here is the traceroute to 192.168.4.53 :
192.168.4.53
</data>
</information>
</port>
<port protocol="tcp">
<service name="general/tcp" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>11618</id>
<data>
The remote host does not discard TCP SYN packets which
have the FIN flag set.
Depending on the kind of firewall you are using, an
attacker may use this flaw to bypass its rules.
See also : http://archives.neohapsis.com/archives/bugtraq/2002-10/0266.html
http://www.kb.cert.org/vuls/id/464113
Solution : Contact your vendor for a patch
Risk factor : Medium
BID : 7487
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>11618</id>
<data>
The remote host does not discard TCP SYN packets which
have the FIN flag set.
Depending on the kind of firewall you are using, an
attacker may use this flaw to bypass its rules.
See also : http://archives.neohapsis.com/archives/bugtraq/2002-10/0266.html
http://www.kb.cert.org/vuls/id/464113
Solution : Contact your vendor for a patch
Risk factor : Medium
BID : 7487
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10201</id>
<data>
The remote host uses non-random IP IDs, that is, it is
possible to predict the next value of the ip_id field of
the ip packets sent by this host.
An attacker may use this feature to determine if the remote
host sent a packet in reply to another request. This may be
used for portscanning and other things.
Solution : Contact your vendor for a patch
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10201</id>
<data>
The remote host uses non-random IP IDs, that is, it is
possible to predict the next value of the ip_id field of
the ip packets sent by this host.
An attacker may use this feature to determine if the remote
host sent a packet in reply to another request. This may be
used for portscanning and other things.
Solution : Contact your vendor for a patch
Risk factor : Low
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11268</id>
<data>
Remote OS guess : Windows Millennium Edition (Me), Win 2000, or WinXP
CVE : CAN-1999-0454
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11268</id>
<data>
Remote OS guess : Windows Millennium Edition (Me), Win 2000, or WinXP
CVE : CAN-1999-0454
</data>
</information>
</port>
<port protocol="icmp">
<service name="general/icmp" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10114</id>
<data>
The remote host answers to an ICMP timestamp request. This allows an attacker
to know the date which is set on your machine.
This may help him to defeat all your time based authentication protocols.
Solution : filter out the ICMP timestamp requests (13), and the outgoing ICMP
timestamp replies (14).
Risk factor : Low
CVE : CAN-1999-0524
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10114</id>
<data>
The remote host answers to an ICMP timestamp request. This allows an attacker
to know the date which is set on your machine.
This may help him to defeat all your time based authentication protocols.
Solution : filter out the ICMP timestamp requests (13), and the outgoing ICMP
timestamp replies (14).
Risk factor : Low
CVE : CAN-1999-0524
</data>
</information>
</port>
<port protocol="tcp" portid="2301">
<service name="compaqdiag" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10746</id>
<data>
Remote Compaq HTTP server version is: 4.1
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10746</id>
<data>
Remote Compaq HTTP server version is: 4.1
</data>
</information>
</port>
<port protocol="tcp" portid="2000">
<service name="callbook" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: b40a4504-9bcf-11d1-888d-00c04fb9bf17, version 3
Endpoint: ncacn_ip_tcp:192.168.4.53[2000]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: b40a4504-9bcf-11d1-888d-00c04fb9bf17, version 3
Endpoint: ncacn_ip_tcp:192.168.4.53[2000]
</data>
</information>
</port>
</ports>
</result>
<result>
<host name="192.168.4.52" ip="192.168.4.52"/>
<date>
<error txt="No scan dates."/>
</date>
<ports>
<port protocol="tcp" portid="80">
<service name="www" method="nessus" conf="3" />
<information>
<severity>Security Hole</severity>
<id>11412</id>
<data>
The remote WebDAV server may be vulnerable to a buffer overflow when
it receives a too long request.
An attacker may use this flaw to execute arbitrary code within the
LocalSystem security context.
*** As safe checks are enabled, Nessus did not actually test for this
*** flaw, so this might be a false positive
Solution : See http://www.microsoft.com/technet/security/bulletin/ms03-007.asp
Risk Factor : High
CVE : CAN-2003-0109
BID : 7116
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>11412</id>
<data>
The remote WebDAV server may be vulnerable to a buffer overflow when
it receives a too long request.
An attacker may use this flaw to execute arbitrary code within the
LocalSystem security context.
*** As safe checks are enabled, Nessus did not actually test for this
*** flaw, so this might be a false positive
Solution : See http://www.microsoft.com/technet/security/bulletin/ms03-007.asp
Risk Factor : High
CVE : CAN-2003-0109
BID : 7116
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10937</id>
<data>
The IIS server appears to have the .SHTML ISAPI filter mapped.
At least one remote vulnerability has been discovered for the
.SHTML filter. This is detailed in Microsoft Advisory MS02-018
and results in a denial of service access to the web server.
It is recommended that even if you have patched this vulnerability that
you unmap the .SHTML extension, and any other unused ISAPI extensions
if they are not required for the operation of your site.
An attacker may use this flaw to prevent the remote service
from working properly.
*** Nessus reports this vulnerability using only
*** information that was gathered. Use caution
*** when testing without safe checks enabled
Solution: See
http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
and/or unmap the shtml/shtm isapi filters.
To unmap the .shtml extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .shtml/shtm and sht from the list.
Risk factor : Medium
CVE : CAN-1999-1376, CVE-2000-0226, CVE-2002-0072
BID : 4479
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10937</id>
<data>
The IIS server appears to have the .SHTML ISAPI filter mapped.
At least one remote vulnerability has been discovered for the
.SHTML filter. This is detailed in Microsoft Advisory MS02-018
and results in a denial of service access to the web server.
It is recommended that even if you have patched this vulnerability that
you unmap the .SHTML extension, and any other unused ISAPI extensions
if they are not required for the operation of your site.
An attacker may use this flaw to prevent the remote service
from working properly.
*** Nessus reports this vulnerability using only
*** information that was gathered. Use caution
*** when testing without safe checks enabled
Solution: See
http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
and/or unmap the shtml/shtm isapi filters.
To unmap the .shtml extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .shtml/shtm and sht from the list.
Risk factor : Medium
CVE : CAN-1999-1376, CVE-2000-0226, CVE-2002-0072
BID : 4479
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10077</id>
<data>
The remote web server appears to be running with the Frontpage extensions.
You should double check the configuration since a lot of security problems
have been found with FrontPage when the configuration file is not well set up.
Risk factor : High if your configuration file is not well set up
CVE : CAN-2000-0114
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10077</id>
<data>
The remote frontpage server may leak information on the anonymous user
By knowing the name of the anonymous user, more sophisticated attacks may be launched
Check the following data for any potential leaks:
method=open service:3.0.2.1105
<p>status=
<ul>
<li>status=917505
<li>osstatus=0
<li>msg=The user 'IUSR_AZHQ_BKUP' is not authorized to execute the 'open service' method.
<li>osmsg=
</ul>
</body>
</html>
1
CVE : CAN-2000-0114
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10077</id>
<data>
The remote web server appears to be running with the Frontpage extensions.
You should double check the configuration since a lot of security problems
have been found with FrontPage when the configuration file is not well set up.
Risk factor : High if your configuration file is not well set up
CVE : CAN-2000-0114
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10077</id>
<data>
The remote frontpage server may leak information on the anonymous user
By knowing the name of the anonymous user, more sophisticated attacks may be launched
Check the following data for any potential leaks:
method=open service:3.0.2.1105
<p>status=
<ul>
<li>status=917505
<li>osstatus=0
<li>msg=The user 'IUSR_AZHQ_BKUP' is not authorized to execute the 'open service' method.
<li>osmsg=
</ul>
</body>
</html>
1
CVE : CAN-2000-0114
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>11311</id>
<data>
The remote host has FrontPage Server Extensions (FPSE) installed.
There is a denial of service / buffer overflow condition
in the program 'shtml.exe' which comes with it. However,
no public detail has been given regarding this issue yet,
so it's not possible to remotely determine if you are
vulnerable to this flaw or not.
If you are, an attacker may use it to crash your web server
(FPSE 2000) or execute arbitrary code (FPSE 2002). Please
see the Microsoft Security Bulletin MS02-053 to determine
if you are vulnerable or not.
*** Nessus did not actually check for this flaw, so this
*** might be a false positive
Solution : See http://www.microsoft.com/technet/security/bulletin/ms02-053.asp
Risk factor : High
CVE : CAN-2002-0692
BID : 5804
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>11311</id>
<data>
The remote host has FrontPage Server Extensions (FPSE) installed.
There is a denial of service / buffer overflow condition
in the program 'shtml.exe' which comes with it. However,
no public detail has been given regarding this issue yet,
so it's not possible to remotely determine if you are
vulnerable to this flaw or not.
If you are, an attacker may use it to crash your web server
(FPSE 2000) or execute arbitrary code (FPSE 2002). Please
see the Microsoft Security Bulletin MS02-053 to determine
if you are vulnerable or not.
*** Nessus did not actually check for this flaw, so this
*** might be a false positive
Solution : See http://www.microsoft.com/technet/security/bulletin/ms02-053.asp
Risk factor : High
CVE : CAN-2002-0692
BID : 5804
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>11422</id>
<data>
The remote web server seems to have its default welcome page set.
It probably means that this server is not used at all.
Solution : Disable this service, as you do not use it
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10661</id>
<data>
IIS 5 has support for the Internet Printing Protocol(IPP), which is
enabled in a default install. The protocol is implemented in IIS5 as an
ISAPI extension. At least one security problem (a buffer overflow)
has been found with that extension in the past, so we recommend
you disable it if you do not use this functionality.
Solution:
To unmap the .printer extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .printer from the list.
Reference : http://online.securityfocus.com/archive/1/181109
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>11422</id>
<data>
The remote web server seems to have its default welcome page set.
It probably means that this server is not used at all.
Solution : Disable this service, as you do not use it
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10661</id>
<data>
IIS 5 has support for the Internet Printing Protocol(IPP), which is
enabled in a default install. The protocol is implemented in IIS5 as an
ISAPI extension. At least one security problem (a buffer overflow)
has been found with that extension in the past, so we recommend
you disable it if you do not use this functionality.
Solution:
To unmap the .printer extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .printer from the list.
Reference : http://online.securityfocus.com/archive/1/181109
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>11213</id>
<data>
Your webserver supports the TRACE and/or TRACK methods. It has been
shown that servers supporting this method are subject
to cross-site-scripting attacks, dubbed XST for
'Cross-Site-Tracing', when used in conjunction with
various weaknesses in browsers.
An attacker may use this flaw to trick your
legitimate web users to give him their
credentials.
Solution: Disable these methods.
If you are using Apache, add the following lines for each virtual
host in your configuration file :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
If you are using Microsoft IIS, use the URLScan tool to deny HTTP TRACE
requests or to permit only the methods needed to meet site requirements
and policy.
See http://www.whitehatsec.com/press_releases/WH-PR-20030120.pdf
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0035.html
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>11424</id>
<data>
The remote server is running with WebDAV enabled.
WebDAV is an industry standard extension to the HTTP specification.
It adds a capability for authorized users to remotely add and manage
the content of a web server.
If you do not use this extension, you should disable it.
Solution : If you use IIS, refer to Microsoft KB article Q241520
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10864</id>
<data>
Here is the nikto report:
---------------------------------------------------------------------------
- Nikto 1.30/1.07 - www.cirt.net
+ Target IP: 192.168.4.52
+ Target Hostname: xyhq_bkup.example.net
+ Target Port: 80
+ Start Time: Wed Jul 23 15:28:04 2003
---------------------------------------------------------------------------
- Scan is dependent on "Server" string which can be faked, use -g to override
+ Server: Microsoft-IIS/5.0
+ Allowed HTTP Methods: OPTIONS, TRACE, GET, HEAD, COPY, PROPFIND, SEARCH, LOCK, UNLOCK
+ HTTP method 'PROPFIND' may indicate DAV/WebDAV is installed. This may allow DAV authorized users to consume system memory via large requests or fill disk quotas.
+ HTTP method 'TRACE' may allow client XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details.
+ Microsoft-IIS/5.0 is outdated if server is Win2000 (4.0 is current for NT 4)
+ / - TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACE)
+ / - TRACK option ('TRACE' alias) appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACK)
+ /blahb.ida - Reveals physical path. To fix: Preferences -> Home directory -> Application & check 'Check if file exists' for the ISAPI mappings. MS01-033. (GET)
+ /blahb.idq - Reveals physical path. To fix: Preferences -> Home directory -> Application & check 'Check if file exists' for the ISAPI mappings. MS01-033. (GET)
+ /xxxxxxxxxxabcd.html - The IIS server may be vulnerable to Cross Site Scripting (XSS) in error messages, ensure Q319733 is installed, see MS02-018, CVE-2002-0075, SNS-49, CA-2002-09 (GET)
+ /xxxxx.htw - Server may be vulnerable to a Webhits.dll arbitrary file retrieval. Ensure Q252463i, Q252463a or Q251170 is installed. MS00-006. (GET)
+ /NULL.printer - Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain admin privileges via a long print request that is passed to the extension through IIS 5.0. EEYE-AD20010501, CVE-2001-0241, MS01-023, CA-2001-10, BID 2674 (GET)
+ /scripts/samples/search/qfullhit.htw - Server may be vulnerable to a Webhits.dll arbitrary file retrieval. MS00-006. (GET)
+ /scripts/samples/search/qsumrhit.htw - Server may be vulnerable to a Webhits.dll arbitrary file retrieval. MS00-006. (GET)
+ /whatever.htr - Reveals physical path. htr files may also be vulnerable to an off-by-one overflow that allows remote command execution (see MS02-018) (GET)
+ /_vti_bin/fpcount.exe - Frontpage counter CGI has been found. FP Server version 97 allows remote users to execute arbitrary system commands, though a vulnerability in this version could not be confirmed. (GET)
+ /_vti_bin/shtml.dll/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611 - Gives info about server settings. CAN-2000-0413, CAN-2000-0709, CAN-2000-0710, BID-1608, BID-1174. (POST)
+ /_vti_bin/shtml.exe - Attackers may be able to crash FrontPage by requesting a DOS device, like shtml.exe/aux.htm -- a DoS was not attempted. CAN-2000-0413, CAN-2000-0709, CAN-2000-0710, BID-1608, BID-1174. (GET)
+ /_vti_bin/shtml.exe/_vti_rpc - FrontPage may be installed. (GET)
+ /_vti_bin/shtml.exe/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611 - Gives info about server settings. CAN-2000-0413, CAN-2000-0709, CAN-2000-0710, BID-1608, BID-1174. (POST)
+ /_vti_bin/_vti_aut/author.dll?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=f+ /_vti_bin/_vti_aut/author.exe?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=f+ /_vti_inf.html - FrontPage may be installed. (GET)
+ 1825 items checked - 16 items found on remote host
+ End Time: Wed Jul 23 15:28:25 2003 (21 seconds)
---------------------------------------------------------------------------
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>11213</id>
<data>
Your webserver supports the TRACE and/or TRACK methods. It has been
shown that servers supporting this method are subject
to cross-site-scripting attacks, dubbed XST for
'Cross-Site-Tracing', when used in conjunction with
various weaknesses in browsers.
An attacker may use this flaw to trick your
legitimate web users to give him their
credentials.
Solution: Disable these methods.
If you are using Apache, add the following lines for each virtual
host in your configuration file :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
If you are using Microsoft IIS, use the URLScan tool to deny HTTP TRACE
requests or to permit only the methods needed to meet site requirements
and policy.
See http://www.whitehatsec.com/press_releases/WH-PR-20030120.pdf
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0035.html
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>11424</id>
<data>
The remote server is running with WebDAV enabled.
WebDAV is an industry standard extension to the HTTP specification.
It adds a capability for authorized users to remotely add and manage
the content of a web server.
If you do not use this extension, you should disable it.
Solution : If you use IIS, refer to Microsoft KB article Q241520
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10864</id>
<data>
Here is the nikto report:
---------------------------------------------------------------------------
- Nikto 1.30/1.07 - www.cirt.net
+ Target IP: 192.168.4.52
+ Target Hostname: xyhq_bkup.example.net
+ Target Port: 80
+ Start Time: Wed Jul 23 15:26:34 2003
---------------------------------------------------------------------------
- Scan is dependent on "Server" string which can be faked, use -g to override
+ Server: Microsoft-IIS/5.0
+ Allowed HTTP Methods: OPTIONS, TRACE, GET, HEAD, COPY, PROPFIND, SEARCH, LOCK, UNLOCK
+ HTTP method 'PROPFIND' may indicate DAV/WebDAV is installed. This may allow DAV authorized users to consume system memory via large requests or fill disk quotas.
+ HTTP method 'TRACE' may allow client XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details.
+ Microsoft-IIS/5.0 is outdated if server is Win2000 (4.0 is current for NT 4)
+ / - TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACE)
+ / - TRACK option ('TRACE' alias) appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACK)
+ /blahb.ida - Reveals physical path. To fix: Preferences -> Home directory -> Application & check 'Check if file exists' for the ISAPI mappings. MS01-033. (GET)
+ /blahb.idq - Reveals physical path. To fix: Preferences -> Home directory -> Application & check 'Check if file exists' for the ISAPI mappings. MS01-033. (GET)
+ /xxxxxxxxxxabcd.html - The IIS server may be vulnerable to Cross Site Scripting (XSS) in error messages, ensure Q319733 is installed, see MS02-018, CVE-2002-0075, SNS-49, CA-2002-09 (GET)
+ /xxxxx.htw - Server may be vulnerable to a Webhits.dll arbitrary file retrieval. Ensure Q252463i, Q252463a or Q251170 is installed. MS00-006. (GET)
+ /NULL.printer - Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain admin privileges via a long print request that is passed to the extension through IIS 5.0. EEYE-AD20010501, CVE-2001-0241, MS01-023, CA-2001-10, BID 2674 (GET)
+ /scripts/samples/search/qfullhit.htw - Server may be vulnerable to a Webhits.dll arbitrary file retrieval. MS00-006. (GET)
+ /scripts/samples/search/qsumrhit.htw - Server may be vulnerable to a Webhits.dll arbitrary file retrieval. MS00-006. (GET)
+ /whatever.htr - Reveals physical path. htr files may also be vulnerable to an off-by-one overflow that allows remote command execution (see MS02-018) (GET)
+ /_vti_bin/fpcount.exe - Frontpage counter CGI has been found. FP Server version 97 allows remote users to execute arbitrary system commands, though a vulnerability in this version could not be confirmed. (GET)
+ /_vti_bin/shtml.dll/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611 - Gives info about server settings. CAN-2000-0413, CAN-2000-0709, CAN-2000-0710, BID-1608, BID-1174. (POST)
+ /_vti_bin/shtml.exe - Attackers may be able to crash FrontPage by requesting a DOS device, like shtml.exe/aux.htm -- a DoS was not attempted. CAN-2000-0413, CAN-2000-0709, CAN-2000-0710, BID-1608, BID-1174. (GET)
+ /_vti_bin/shtml.exe/_vti_rpc - FrontPage may be installed. (GET)
+ /_vti_bin/shtml.exe/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611 - Gives info about server settings. CAN-2000-0413, CAN-2000-0709, CAN-2000-0710, BID-1608, BID-1174. (POST)
+ /_vti_bin/_vti_aut/author.dll?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=f+ /_vti_bin/_vti_aut/author.exe?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=f+ /_vti_inf.html - FrontPage may be installed. (GET)
+ 1825 items checked - 16 items found on remote host
+ End Time: Wed Jul 23 15:26:58 2003 (24 seconds)
---------------------------------------------------------------------------
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10695</id>
<data>
The IIS server appears to have the .IDA ISAPI filter mapped.
At least one remote vulnerability has been discovered for the .IDA
(indexing service) filter. This is detailed in Microsoft Advisory
MS01-033, and gives remote SYSTEM level access to the web server.
It is recommended that even if you have patched this vulnerability that
you unmap the .IDA extension, and any other unused ISAPI extensions
if they are not required for the operation of your site.
Solution:
To unmap the .IDA extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .ida from the list.
Risk factor : Medium
CVE : CVE-2001-0500
BID : 2880
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10932</id>
<data>
The IIS server appears to have the .HTR ISAPI filter mapped.
At least one remote vulnerability has been discovered for the .HTR
filter. This is detailed in Microsoft Advisory
MS02-018, and gives remote SYSTEM level access to the web server.
It is recommended that even if you have patched this vulnerability that
you unmap the .HTR extension, and any other unused ISAPI extensions
if they are not required for the operation of your site.
Solution :
To unmap the .HTR extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .htr from the list.
Risk factor : High
CVE : CVE-2002-0071
BID : 4474
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10695</id>
<data>
The IIS server appears to have the .IDA ISAPI filter mapped.
At least one remote vulnerability has been discovered for the .IDA
(indexing service) filter. This is detailed in Microsoft Advisory
MS01-033, and gives remote SYSTEM level access to the web server.
It is recommended that even if you have patched this vulnerability that
you unmap the .IDA extension, and any other unused ISAPI extensions
if they are not required for the operation of your site.
Solution:
To unmap the .IDA extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .ida from the list.
Risk factor : Medium
CVE : CVE-2001-0500
BID : 2880
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10932</id>
<data>
The IIS server appears to have the .HTR ISAPI filter mapped.
At least one remote vulnerability has been discovered for the .HTR
filter. This is detailed in Microsoft Advisory
MS02-018, and gives remote SYSTEM level access to the web server.
It is recommended that even if you have patched this vulnerability that
you unmap the .HTR extension, and any other unused ISAPI extensions
if they are not required for the operation of your site.
Solution :
To unmap the .HTR extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .htr from the list.
Risk factor : High
CVE : CVE-2002-0071
BID : 4474
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10107</id>
<data>
The remote web server type is :
Microsoft-IIS/5.0
Solution : You can use urlscan to change reported server for IIS.
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11032</id>
<data>
The following directories were discovered:
/_vti_bin, /images
The following directories require authentication:
/printers
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
A web server is running on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10107</id>
<data>
The remote web server type is :
Microsoft-IIS/5.0
Solution : You can use urlscan to change reported server for IIS.
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11032</id>
<data>
The following directories were discovered:
/_vti_bin, /images
The following directories require authentication:
/printers
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
A web server is running on this port
</data>
</information>
</port>
<port protocol="tcp" portid="9742">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #390105 version 6 is running on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #390105 version 6 is running on this port
</data>
</information>
</port>
<port protocol="udp" portid="7938">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port
</data>
</information>
</port>
<port protocol="tcp" portid="7938">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port
</data>
</information>
</port>
<port protocol="tcp" portid="7937">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #390113 version 1 is running on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11111</id>
<data>
RPC program #390113 version 1 is running on this port
</data>
</information>
</port>
<port protocol="udp" portid="1051">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: bfa951d1-2f0e-11d3-bfd1-00c04fa3490a, version 1
Endpoint: ncadg_ip_udp:192.168.4.52[1051]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: bfa951d1-2f0e-11d3-bfd1-00c04fa3490a, version 1
Endpoint: ncadg_ip_udp:192.168.4.52[1051]
</data>
</information>
</port>
<port protocol="tcp" portid="1036">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 82ad4280-036b-11cf-972c-00aa006887b0, version 2
Endpoint: ncacn_ip_tcp:192.168.4.52[1036]
UUID: 8cfb5d70-31a4-11cf-a7d8-00805f48a135, version 3
Endpoint: ncacn_ip_tcp:192.168.4.52[1036]
UUID: bfa951d1-2f0e-11d3-bfd1-00c04fa3490a, version 1
Endpoint: ncacn_ip_tcp:192.168.4.52[1036]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 82ad4280-036b-11cf-972c-00aa006887b0, version 2
Endpoint: ncacn_ip_tcp:192.168.4.52[1036]
UUID: 8cfb5d70-31a4-11cf-a7d8-00805f48a135, version 3
Endpoint: ncacn_ip_tcp:192.168.4.52[1036]
UUID: bfa951d1-2f0e-11d3-bfd1-00c04fa3490a, version 1
Endpoint: ncacn_ip_tcp:192.168.4.52[1036]
</data>
</information>
</port>
<port protocol="udp" portid="1033">
<service name="unknown" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1
Endpoint: ncadg_ip_udp:192.168.4.52[1033]
Annotation: Messenger Service
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1
Endpoint: ncadg_ip_udp:192.168.4.52[1033]
Annotation: Messenger Service
</data>
</information>
</port>
<port protocol="tcp" portid="111">
<service name="sunrpc" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10919</id>
<data>
This port was detected as being open by a port scanner but is now closed.
This service might have been crashed by a port scanner or by a plugin
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10919</id>
<data>
This port was detected as being open by a port scanner but is now closed.
This service might have been crashed by a port scanner or by a plugin
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10223</id>
<data>
The RPC portmapper is running on this port.
An attacker may use it to enumerate your list
of RPC services. We recommend you filter traffic
going to this port.
Risk factor : Low
CVE : CAN-1999-0632, CVE-1999-0189
BID : 205
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10223</id>
<data>
The RPC portmapper is running on this port.
An attacker may use it to enumerate your list
of RPC services. We recommend you filter traffic
going to this port.
Risk factor : Low
CVE : CAN-1999-0632, CVE-1999-0189
BID : 205
</data>
</information>
</port>
<port protocol="udp" portid="161">
<service name="snmp" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10551</id>
<data>
It was possible to obtain the list of network interfaces of the
remote host via SNMP :
. MS TCP Loopback interface
. Intel(R) PRO/1000 XT Network Connection
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10551</id>
<data>
It was possible to obtain the list of network interfaces of the
remote host via SNMP :
. MS TCP Loopback interface
. Intel(R) PRO/1000 XT Network Connection
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10548</id>
<data>
It was possible to obtain the list of Lanman shares of the
remote host via SNMP :
. F
. bkup
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10548</id>
<data>
It was possible to obtain the list of Lanman shares of the
remote host via SNMP :
. F
. bkup
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10547</id>
<data>
It was possible to obtain the list of Lanman services of the
remote host via SNMP :
. Server
. Alerter
. DefWatch
. OnePoint
. mr2kserv
. Diskeeper
. Event Log
. Messenger
. Net Logon
. Telephony
. DHCP Client
. Workstation
. Intel(R) NMS
. SNMP Service
. Windows Time
. Plug and Play
. Print Spooler
. RunAs Service
. Task Scheduler
. Computer Browser
. Automatic Updates
. COM+ Event System
. IIS Admin Service
. Protected Storage
. Removable Storage
. Windows Installer
. IPSEC Policy Agent
. SMS Client Service
. Network Connections
. Server Administrator
. Disk Management Service
. Distributed File System
. License Logging Service
. NetWorker Power Monitor
. Norton AntiVirus Client
. Remote Registry Service
. SMS Remote Control Agent
. Security Accounts Manager
. System Event Notification
. Remote Procedure Call (RPC)
. NetWorker Remote Exec Service
. TCP/IP NetBIOS Helper Service
. NT LM Security Support Provider
. Distributed Link Tracking Client
. World Wide Web Publishing Service
. Windows Management Instrumentation
. Distributed Transaction Coordinator
. Simple Mail Transport Protocol (SMTP)
. Windows Management Instrumentation Driver Extensions
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10547</id>
<data>
It was possible to obtain the list of Lanman services of the
remote host via SNMP :
. Server
. Alerter
. DefWatch
. OnePoint
. mr2kserv
. Diskeeper
. Event Log
. Messenger
. Net Logon
. Telephony
. DHCP Client
. Workstation
. Intel(R) NMS
. SNMP Service
. Windows Time
. Plug and Play
. Print Spooler
. RunAs Service
. Task Scheduler
. Computer Browser
. Automatic Updates
. COM+ Event System
. IIS Admin Service
. Protected Storage
. Removable Storage
. Windows Installer
. IPSEC Policy Agent
. SMS Client Service
. Network Connections
. Server Administrator
. Disk Management Service
. Distributed File System
. License Logging Service
. NetWorker Power Monitor
. Norton AntiVirus Client
. Remote Registry Service
. SMS Remote Control Agent
. Security Accounts Manager
. System Event Notification
. Remote Procedure Call (RPC)
. NetWorker Remote Exec Service
. TCP/IP NetBIOS Helper Service
. NT LM Security Support Provider
. Distributed Link Tracking Client
. World Wide Web Publishing Service
. Windows Management Instrumentation
. Distributed Transaction Coordinator
. Simple Mail Transport Protocol (SMTP)
. Windows Management Instrumentation Driver Extensions
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10546</id>
<data>
It was possible to obtain the list of SMB users of the
remote host via SNMP :
. Guest
. Administrator
. IUSR_AZHQ_BKUP
. IWAM_AZHQ_BKUP
. SMSCliSvcAcct&
. TsInternetUser
. SMSCliToknAcct&
An attacker may use this information to set up brute force
attacks or find an unused account.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10800</id>
<data>
Using SNMP, we could determine that the remote operating system is :
Hardware: x86 Family 6 Model 11 Stepping 1 AT/AT COMPATIBLE - Software: Windows 2000 Version 5.0 (Build 2195 Uniprocessor Free)
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10546</id>
<data>
It was possible to obtain the list of SMB users of the
remote host via SNMP :
. Guest
. Administrator
. IUSR_AZHQ_BKUP
. IWAM_AZHQ_BKUP
. SMSCliSvcAcct&
. TsInternetUser
. SMSCliToknAcct&
An attacker may use this information to set up brute force
attacks or find an unused account.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10800</id>
<data>
Using SNMP, we could determine that the remote operating system is :
Hardware: x86 Family 6 Model 11 Stepping 1 AT/AT COMPATIBLE - Software: Windows 2000 Version 5.0 (Build 2195 Uniprocessor Free)
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10264</id>
<data>
SNMP Agent responded as expected with community name: public
CVE : CAN-1999-0517, CAN-1999-0186, CAN-1999-0254
BID : 177, 7081, 7212, 7317
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10264</id>
<data>
SNMP Agent responded as expected with community name: public
CVE : CAN-1999-0517, CAN-1999-0186, CAN-1999-0254
BID : 177, 7081, 7212, 7317
</data>
</information>
</port>
<port protocol="tcp" portid="25">
<service name="smtp" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>11034</id>
<data>
For some reason, we could not send the EICAR test string to this MTA
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11034</id>
<data>
For some reason, we could not send the EICAR test string to this MTA
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11421</id>
<data>
This server could be fingerprinted as being Microsoft ESMTP MAIL Service, Version 5.0.2195
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11421</id>
<data>
This server could be fingerprinted as being Microsoft ESMTP MAIL Service, Version 5.0.2195
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10263</id>
<data>
Remote SMTP server banner :
220 xyhq_bkup.example.net Microsoft ESMTP MAIL Service, Version: 5.0.2195.5329 ready at Wed, 23 Jul 2003 15:02:10 -0400
This is probably: Microsoft Exchange version 5.0.2195.5329 ready at Wed, 23 Jul 2003 15:02:10 -0400
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
An SMTP server is running on this port
Here is its banner :
220 xyhq_bkup.example.net Microsoft ESMTP MAIL Service, Version: 5.0.2195.5329 ready at Wed, 23 Jul 2003 15:01:07 -0400
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10263</id>
<data>
Remote SMTP server banner :
220 xyhq_bkup.example.net Microsoft ESMTP MAIL Service, Version: 5.0.2195.5329 ready at Wed, 23 Jul 2003 15:00:43 -0400
This is probably: Microsoft Exchange version 5.0.2195.5329 ready at Wed, 23 Jul 2003 15:00:43 -0400
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
An SMTP server is running on this port
Here is its banner :
220 xyhq_bkup.example.net Microsoft ESMTP MAIL Service, Version: 5.0.2195.5329 ready at Wed, 23 Jul 2003 14:59:03 -0400
</data>
</information>
</port>
<port protocol="tcp" portid="139">
<service name="netbios-ssn" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10916</id>
<data>
The following local accounts have passwords which never expire :
Administrator
Guest
TsInternetUser
IUSR_AZHQ_BKUP
IWAM_AZHQ_BKUP
SMSCliSvcAcct&
SMSCliToknAcct&
Password should have a limited lifetime
Solution : disable password non-expiry
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10916</id>
<data>
The following local accounts have passwords which never expire :
Administrator
Guest
TsInternetUser
IUSR_AZHQ_BKUP
IWAM_AZHQ_BKUP
SMSCliSvcAcct&
SMSCliToknAcct&
Password should have a limited lifetime
Solution : disable password non-expiry
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10911</id>
<data>
The following local accounts were disabled automatically by the system:
Administrator
Guest
This probably means that these accounts were subject to brute force attacks
Risk factor : Low
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10911</id>
<data>
The following local accounts were disabled automatically by the system:
Administrator
Guest
This probably means that these accounts were subject to brute force attacks
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10397</id>
<data>
Here is the browse list of the remote host :
WARNING - LARGE BROWSE LIST.
Only the first 165 names enumerated
1AZ2015 -
This is potentially dangerous as this may help the attack
of a potential hacker by giving him extra targets to check for
Solution : filter incoming traffic to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10397</id>
<data>
Here is the browse list of the remote host :
WARNING - LARGE BROWSE LIST.
Only the first 165 names enumerated
1AZ2015 -
MS5514 -
This is potentially dangerous as this may help the attack
of a potential hacker by giving him extra targets to check for
Solution : filter incoming traffic to this port
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10899</id>
<data>
The following accounts have never logged in :
Guest
Unused accounts are very helpful to hacker
Solution : suppress these accounts
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10899</id>
<data>
The following accounts have never logged in :
Guest
Unused accounts are very helpful to hacker
Solution : suppress these accounts
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10895</id>
<data>
The following accounts were disabled automatically by the system:
Administrator
Guest
This probably means that these accounts were subject to brute force attacks
Risk factor : Low
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10895</id>
<data>
The following accounts were disabled automatically by the system:
Administrator
Guest
This probably means that these accounts were subject to brute force attacks
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10898</id>
<data>
The following accounts have never changed their password :
Administrator
Guest
To minimize the risk of break-in, users should
change their password regularly
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10898</id>
<data>
The following accounts have never changed their password :
Administrator
Guest
To minimize the risk of break-in, users should
change their password regularly
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10915</id>
<data>
The following local accounts have never logged in :
Guest
TsInternetUser
Unused accounts are very helpful to hacker
Solution : suppress these accounts
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10915</id>
<data>
The following local accounts have never logged in :
Guest
TsInternetUser
Unused accounts are very helpful to hacker
Solution : suppress these accounts
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10914</id>
<data>
The following local accounts have never changed their password :
Administrator
Guest
TsInternetUser
IUSR_AZHQ_BKUP
IWAM_AZHQ_BKUP
SMSCliSvcAcct&
SMSCliToknAcct&
To minimize the risk of break-in, users should
change their password regularly
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10914</id>
<data>
The following local accounts have never changed their password :
Administrator
Guest
TsInternetUser
IUSR_AZHQ_BKUP
IWAM_AZHQ_BKUP
SMSCliSvcAcct&
SMSCliToknAcct&
To minimize the risk of break-in, users should
change their password regularly
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10900</id>
<data>
The following accounts have passwords which never expire :
Administrator
Guest
Password should have a limited lifetime
Solution : disable password non-expiry
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10900</id>
<data>
The following accounts have passwords which never expire :
Administrator
Guest
Password should have a limited lifetime
Solution : disable password non-expiry
Risk factor : Medium
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10913</id>
<data>
The following local accounts are disabled :
Guest
To minimize the risk of break-in, permanently disabled accounts
should be deleted
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10860</id>
<data>
The host SID could be used to enumerate the names of the local users
of this host.
(we only enumerated users name whose ID is between 1000 and 2000
for performance reasons)
This gives extra knowledge to an attacker, which
is not a good thing :
- Administrator account name : Administrator (id 500)
- Guest account name : Guest (id 501)
- TsInternetUser (id 1000)
- IUSR_AZHQ_BKUP (id 1001)
- IWAM_AZHQ_BKUP (id 1002)
- SMSCliSvcAcct& (id 1003)
- SMSCliToknAcct& (id 1004)
Risk factor : Medium
Solution : filter incoming connections this port
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10859</id>
<data>
The host SID can be obtained remotely. Its value is :
AZHQ_BKUP : 5-21-1417001333-651377827-839522115
An attacker can use it to obtain the list of the local users of this host
Solution : filter the ports 137 to 139 and 445
Risk factor : Low
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10913</id>
<data>
The following local accounts are disabled :
Guest
To minimize the risk of break-in, permanently disabled accounts
should be deleted
Risk factor : Low
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10897</id>
<data>
The following accounts are disabled :
Guest
To minimize the risk of break-in, permanently disabled accounts
should be deleted
Risk factor : Low
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10785</id>
<data>
The remote native lan manager is : Windows 2000 LAN Manager
The remote Operating System is : Windows 5.0
The remote SMB Domain Name is : AZI
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10860</id>
<data>
The host SID could be used to enumerate the names of the local users
of this host.
(we only enumerated users name whose ID is between 1000 and 2000
for performance reasons)
This gives extra knowledge to an attacker, which
is not a good thing :
- Administrator account name : Administrator (id 500)
- Guest account name : Guest (id 501)
- TsInternetUser (id 1000)
- IUSR_AZHQ_BKUP (id 1001)
- IWAM_AZHQ_BKUP (id 1002)
- SMSCliSvcAcct& (id 1003)
- SMSCliToknAcct& (id 1004)
Risk factor : Medium
Solution : filter incoming connections this port
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10859</id>
<data>
The host SID can be obtained remotely. Its value is :
AZHQ_BKUP : 5-21-1417001333-651377827-839522115
An attacker can use it to obtain the list of the local users of this host
Solution : filter the ports 137 to 139 and 445
Risk factor : Low
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10897</id>
<data>
The following accounts are disabled :
Guest
To minimize the risk of break-in, permanently disabled accounts
should be deleted
Risk factor : Low
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10785</id>
<data>
The remote native lan manager is : Windows 2000 LAN Manager
The remote Operating System is : Windows 5.0
The remote SMB Domain Name is : AZI
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10399</id>
<data>
The domain SID could be used to enumerate the names of the users
of this domain.
(we only enumerated users name whose ID is between 1000 and 2000
for performance reasons)
This gives extra knowledge to an attacker, which
is not a good thing :
- Administrator account name : Administrator (id 500)
- Guest account name : Guest (id 501)
- RP7646$ (id 1996)
Risk factor : Medium
Solution : filter incoming connections this port
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10398</id>
<data>
The domain SID can be obtained remotely. Its value is :
AZI : 5-21-2088395314-1630698216-891584314
An attacker can use it to obtain the list of the local users of this host
Solution : filter the ports 137 to 139 and 445
Risk factor : Low
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10399</id>
<data>
The domain SID could be used to enumerate the names of the users
of this domain.
(we only enumerated users name whose ID is between 1000 and 2000
for performance reasons)
This gives extra knowledge to an attacker, which
is not a good thing :
- Administrator account name : Administrator (id 500)
- Guest account name : Guest (id 501)
Risk factor : Medium
Solution : filter incoming connections this port
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10398</id>
<data>
The domain SID can be obtained remotely. Its value is :
AZI : 5-21-2088395314-1630698216-891584314
An attacker can use it to obtain the list of the local users of this host
Solution : filter the ports 137 to 139 and 445
Risk factor : Low
CVE : CVE-2000-1200
BID : 959
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10394</id>
<data>
. It was possible to log into the remote host using a NULL session.
The concept of a NULL session is to provide a null username and
a null password, which grants the user the 'guest' access
To prevent null sessions, see MS KB Article Q143474 (NT 4.0) and
Q246261 (Windows 2000).
Note that this won't completely disable null sessions, but will
prevent them from connecting to IPC$
Please see http://msgs.securepoint.com/cgi-bin/get/nessus-0204/50/1.html
. All the smb tests will be done as ''/'' in domain AZI
CVE : CAN-1999-0504, CAN-1999-0506, CVE-2000-0222
</data>
</information>
<information>
<severity>Security Hole</severity>
<id>10394</id>
<data>
. It was possible to log into the remote host using a NULL session.
The concept of a NULL session is to provide a null username and
a null password, which grants the user the 'guest' access
To prevent null sessions, see MS KB Article Q143474 (NT 4.0) and
Q246261 (Windows 2000).
Note that this won't completely disable null sessions, but will
prevent them from connecting to IPC$
Please see http://msgs.securepoint.com/cgi-bin/get/nessus-0204/50/1.html
. All the smb tests will be done as ''/'' in domain AZI
CVE : CAN-1999-0504, CAN-1999-0506, CVE-2000-0222
</data>
</information>
</port>
<port protocol="udp" portid="137">
<service name="netbios-ns" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10150</id>
<data>
. The following 9 NetBIOS names have been gathered :
AZHQ_BKUP
AZI
AZHQ_BKUP
AZHQ_BKUP
AZHQ_BKUP$
SMSCLISVCACCT&
AZI
INet~Services
IS~AZHQ_BKUP
. The remote host has the following MAC address on its adapter :
0x00 0x06 0x5b 0xec 0xe0 0xaa
If you do not want to allow everyone to find the NetBios name
of your computer, you should filter incoming traffic to this port.
Risk factor : Medium
CVE : CAN-1999-0621
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10150</id>
<data>
. The following 9 NetBIOS names have been gathered :
AZHQ_BKUP
. The remote host has the following MAC address on its adapter :
0x00 0x06 0x5b 0xec 0xe0 0xaa
If you do not want to allow everyone to find the NetBios name
of your computer, you should filter incoming traffic to this port.
Risk factor : Medium
CVE : CAN-1999-0621
</data>
</information>
</port>
<port protocol="tcp" portid="445">
<service name="microsoft-ds" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>11011</id>
<data>
A CIFS server is running on this port
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11011</id>
<data>
A CIFS server is running on this port
</data>
</information>
</port>
<port protocol="tcp" portid="135">
<service name="loc-srv" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10736</id>
<data>
DCE services running on the remote can be enumerated
by connecting on port 135 and doing the appropriate
queries.
An attacker may use this fact to gain more knowledge
about the remote host.
Solution : filter incoming traffic to this port.
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10736</id>
<data>
DCE services running on the remote can be enumerated
by connecting on port 135 and doing the appropriate
queries.
An attacker may use this fact to gain more knowledge
about the remote host.
Solution : filter incoming traffic to this port.
Risk factor : Low
</data>
</information>
</port>
<port protocol="tcp" portid="1032">
<service name="iad3" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1
Endpoint: ncacn_ip_tcp:192.168.4.52[1032]
UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1
Endpoint: ncacn_ip_tcp:192.168.4.52[1032]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1
Endpoint: ncacn_ip_tcp:192.168.4.52[1032]
UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1
Endpoint: ncacn_ip_tcp:192.168.4.52[1032]
</data>
</information>
</port>
<port protocol="tcp" portid="443">
<service name="https" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
An unknown service is running on this port.
It is usually reserved for HTTPS
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10330</id>
<data>
An unknown service is running on this port.
It is usually reserved for HTTPS
</data>
</information>
</port>
<port protocol="udp">
<service name="general/udp" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10287</id>
<data>
For your information, here is the traceroute to 192.168.4.52 :
192.168.4.52
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10287</id>
<data>
For your information, here is the traceroute to 192.168.4.52 :
192.168.4.52
</data>
</information>
</port>
<port protocol="tcp">
<service name="general/tcp" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>11618</id>
<data>
The remote host does not discard TCP SYN packets which
have the FIN flag set.
Depending on the kind of firewall you are using, an
attacker may use this flaw to bypass its rules.
See also : http://archives.neohapsis.com/archives/bugtraq/2002-10/0266.html
http://www.kb.cert.org/vuls/id/464113
Solution : Contact your vendor for a patch
Risk factor : Medium
BID : 7487
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>11618</id>
<data>
The remote host does not discard TCP SYN packets which
have the FIN flag set.
Depending on the kind of firewall you are using, an
attacker may use this flaw to bypass its rules.
See also : http://archives.neohapsis.com/archives/bugtraq/2002-10/0266.html
http://www.kb.cert.org/vuls/id/464113
Solution : Contact your vendor for a patch
Risk factor : Medium
BID : 7487
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10201</id>
<data>
The remote host uses non-random IP IDs, that is, it is
possible to predict the next value of the ip_id field of
the ip packets sent by this host.
An attacker may use this feature to determine if the remote
host sent a packet in reply to another request. This may be
used for portscanning and other things.
Solution : Contact your vendor for a patch
Risk factor : Low
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10201</id>
<data>
The remote host uses non-random IP IDs, that is, it is
possible to predict the next value of the ip_id field of
the ip packets sent by this host.
An attacker may use this feature to determine if the remote
host sent a packet in reply to another request. This may be
used for portscanning and other things.
Solution : Contact your vendor for a patch
Risk factor : Low
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11268</id>
<data>
Remote OS guess : Windows Millennium Edition (Me), Win 2000, or WinXP
CVE : CAN-1999-0454
</data>
</information>
<information>
<severity>Security Note</severity>
<id>11268</id>
<data>
Remote OS guess : Windows Millennium Edition (Me), Win 2000, or WinXP
CVE : CAN-1999-0454
</data>
</information>
</port>
<port protocol="icmp">
<service name="general/icmp" method="nessus" conf="3" />
<information>
<severity>Security Warning</severity>
<id>10114</id>
<data>
The remote host answers to an ICMP timestamp request. This allows an attacker
to know the date which is set on your machine.
This may help him to defeat all your time based authentication protocols.
Solution : filter out the ICMP timestamp requests (13), and the outgoing ICMP
timestamp replies (14).
Risk factor : Low
CVE : CAN-1999-0524
</data>
</information>
<information>
<severity>Security Warning</severity>
<id>10114</id>
<data>
The remote host answers to an ICMP timestamp request. This allows an attacker
to know the date which is set on your machine.
This may help him to defeat all your time based authentication protocols.
Solution : filter out the ICMP timestamp requests (13), and the outgoing ICMP
timestamp replies (14).
Risk factor : Low
CVE : CAN-1999-0524
</data>
</information>
</port>
<port protocol="tcp" portid="1027">
<service name="IIS" method="nessus" conf="3" />
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.52[1027]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.52[1027]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.52[1027]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.52[1027]
</data>
</information>
<information>
<severity>Security Note</severity>
<id>10736</id>
<data>
Here is the list of DCE services running on this port:
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.52[1027]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.52[1027]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.52[1027]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.4.52[1027]
</data>
</information>
</port>
</ports>
</result>
</results>
</report>