Mostrar Mensajes

#1

Dudas y pedidos generales / VB.NET mouse_event move error en destino

Mayo 20, 2018, 02:10:25 AM

Tengo el siguiente problema con mouse_event move:
El mouse se mueve a la esquina de abajo a la derecha de la pantalla en vez de a sus coordenadas correctas.

Declaraciones:

Código: text

Private Declare Function apimouse_event Lib "user32.dll" Alias "mouse_event" (ByVal dwFlags As Int32, ByVal dX As Int32, ByVal dY As Int32, ByVal cButtons As Int32, ByVal dwExtraInfo As IntPtr) As Boolean

<DllImport("user32.dll")>
Private Shared Sub mouse_event(dwFlags As UInteger, dx As UInteger, dy As UInteger, dwData As UInteger, dwExtraInfo As Integer)
End Sub

Pruebas:

Código: text

Private Sub Button1_Click_4(sender As Object, e As EventArgs) Handles Button1.Click
    mouse_event(MouseEventFlags.MOUSEEVENTF_MOVE, Convert.ToUInt32(txtx3.Text), Convert.ToUInt32(txtx4.Text), 0, 0)
End Sub

Private Sub savex_Click(sender As Object, e As EventArgs) Handles savex.Click
    txtx3.Text = x1.Text
    txtx4.Text = x2.Text
End Sub

Private Sub NativeMethods_MouseMove(sender As Object, e As MouseEventArgs) Handles Me.MouseMove
    x1.Text = MousePosition.X.ToString
    x2.Text = MousePosition.Y.ToString
End Sub

Alguna idea? Saludos y gracias!

#2

Dudas y pedidos generales / Re:Diccionarios con crunch

Diciembre 14, 2017, 03:36:19 AM

Muchas gracias la opción que necesitaba era la siguiente:

Código: text

-f .charset.lst lalpha-numeric

#3

Dudas y pedidos generales / [SOLUCIONADO] Diccionarios con crunch

Diciembre 13, 2017, 09:33:29 AM

Hola,
Estoy intentando hacer un diccionario con crunch y no me va bien el siguiente comando:

Código: text

crunch 4 5 -d 2@% -o dictionary.txt

Estoy intentando hacer algo más sencillo lo que viene a ser el comando:

Código: text

crunch 4 5 qwertyuiopasdfghjklzxcvbnm132456789 -d 2@% -o dictionary.txt

Intento no tener que escribir cada una de las letras y números que quiero usar, ya que al final quiero usar todas las lower-case y los números.

También me gustaría limitar la aparición de cada carácter a 2 veces, a parte de que no salgan seguidos, por ejemplo:
Que genere palabras como "isaac" ya que he indicado que hasta 2 carácteres repetidos es OK, pero que por ejemplo "isaaca" no sea generado ya que contiene 3 veces la letra "a".

Saludos y muchas gracias! <3

#4

Dudas y pedidos generales / Problema librerias Visual Studio + Qt

Diciembre 12, 2017, 09:00:04 AM

Buenos días!

Intento compilar un código que usa includes de Qt.
Me da estos errores:
No tienes permitido ver enlaces. Registrate o Entra a tu cuenta

Le he preguntado al programador que ha hecho el código y me dice lo siguiente:

CitarUsing QtCreator you need a .pro ( a project description ) file. This one was made inside VisualStudio so it does not contain any .pro files. Open this project up in VisualStudio ( if applicable ) and change lib, include and linking paths to where your Qt is installed.

Lo que yo entiendo es que tengo que vincular las librerias de Qt indicando el path de Qt.
En mi caso es C:\Qt

Que pasos debería seguir?
He estado mirando por Visual Studio y no lo encuentro...
La verdad es que nunca me he encontrado en esta situación y estoy completamente desorientado...

Espero que me podáis ayudar!
Muchísimas gracias y saludos!! <3

#5

Dudas y pedidos generales / Re:sniffing bettercap

Diciembre 12, 2017, 08:57:08 AM

Aún no he tenido tiempo de probar, pero de verdad que se me hace la boca agua de ver lo que me habéis enviado.
Os digo algo en cuanto pueda probarlo!
Muchísimas gracias! <3

#6

Dudas y pedidos generales / [SOLUCIONADO] sniffing bettercap

Noviembre 23, 2017, 01:30:08 AM

Hola, he estado haciendo unas pruebas y me he dado cuenta de que ya no funciona el bettercap como antes.
Esta vez lo he probado conectando a la web del juego No tienes permitido ver enlaces. Registrate o Entra a tu cuenta
Introduzco user&pass y detecta que hay una conexión a la web No tienes permitido ver enlaces. Registrate o Entra a tu cuenta pero nada más.
También he probado en facebook y gmail, el resultado ha sido el mismo.

He probado con webs http y me saca las password en md5...

Si intento hacer el sslstrip o poner el https-proxy me salta el mensaje en el navegador de que los atacantes pueden ver la información etc..

Hay algún método actualizado? Algun consejo?
Saludos!

#7

Dudas y pedidos generales / Re:Error sintaxis INSERT INTO

Octubre 18, 2017, 04:07:58 PM

Solucionado, el problema es de E-Mail , el "-" da problemas, hay que ponerlo entre []

#8

Dudas y pedidos generales / [SOLUCIONADO] Error sintaxis INSERT INTO

Octubre 18, 2017, 01:31:16 PM

Buenas!

Soy nuevo en VBA y estoy intentando hacer una agenda de contactos, la función de añadir contactos me da problemas....
Conecta correctamente con la base de datos que es una tabla Contactos que dentro tiene las columnas Nombre, Apellidos, etc...
El problema viene cuando lanza el comando, me da error de sintaxis en la instrucción INSERT INTO.
El siguiente textbox me indica Microsoft Jet Database Engine.
El siguiente textbox muestra lo siguiente: No tienes permitido ver enlaces. Registrate o Entra a tu cuenta
Y seguidamente me muestra este error: No tienes permitido ver enlaces. Registrate o Entra a tu cuenta
En los errores he recortado la ultima linea que indicaba mis rutas de acceso a la base de datos, por seguridad y privacidad...
Indica que el error está en la línea 30, que es el .cmd.ExecuteNonQuery()

Código: vbnet

Imports System.Data
Imports System.Data.OleDb
Imports System.Data.SqlClient
 
Public Class Actions
    Private Conection As New OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=Agenda.mdb;")
    Private cmd As New OleDbCommand
 
    'Esto es el proceso de creación de contactos
    Public Shared Sub SubAddContact()
        Dim classActions As New Actions()
        Try
            'Aqui preparamos el comando y acto seguido lo lanzamos dentro de su Try correspondiente.
            With classActions
                .cmd.CommandText = "INSERT INTO Contactos ( Nombre, Apellidos, Dirección, Teléfono, Móvil, E-Mail, Comentarios ) VALUES (?,?,?,?,?,?,?)"
                .cmd.CommandType = CommandType.Text
                .cmd.Connection = .Conection
                'Añadimos los parámetros al comando de inserción
                .cmd.Parameters.Add(New OleDb.OleDbParameter("Nombre", AddContact.TextBoxNombre.Text))
                .cmd.Parameters.Add(New OleDb.OleDbParameter("Apellidos", AddContact.TextBoxApellidos.Text))
                .cmd.Parameters.Add(New OleDb.OleDbParameter("Dirección", AddContact.TextBoxDireccion.Text))
                .cmd.Parameters.Add(New OleDb.OleDbParameter("Teléfono", AddContact.TextBoxTelefono.Text))
                .cmd.Parameters.Add(New OleDb.OleDbParameter("Móvil", AddContact.TextBoxMovil.Text))
                .cmd.Parameters.Add(New OleDb.OleDbParameter("E-Mail", AddContact.TextBoxEmail.Text))
                .cmd.Parameters.Add(New OleDb.OleDbParameter("Comentarios", AddContact.TextBoxComentarios.Text))
                'Abrimos la conexión
                .Conection.Open()
                MessageBox.Show("Se ha establecido conexión con la BDD.")
                'Ejecutamos el comando y almacenamos resultado 
                .cmd.ExecuteNonQuery()
                MessageBox.Show("Contacto creado correctamente!")
                'Cerramos la conexión
                .Conection.Close()
            End With
            MessageBox.Show("Conexión cerrada!")
        Catch ex As Exception
            MessageBox.Show("Error al crear contacto! Igual ya existe?")
            MessageBox.Show(ex.Message)
            MessageBox.Show(ex.Source)
            MessageBox.Show(ex.StackTrace)
            MessageBox.Show(ex.ToString())
            classActions.Conection.Close()
        End Try
    End Sub
End Class

Saludos y mil gracias!

#9

Dudas y pedidos generales / Como ejecutar ShellShock CVE-2014-6271 ?

Agosto 13, 2017, 01:27:39 AM

Buenas, estoy usando un exploit para el CVE-2014-6271, una vez creo una conexión tipo "bind" me dice que estoy conectado a la máquina servidor pero cuando intento ejecutar comandos no me los reconoce... Alguien sabe algo?
Gracias!

Cuando ejecuto un comando sale asi:

Código: html5

HTTP/1.1 400 Bad Request
Date: Sun, 13 Aug 2017 03:57:55 GMT
Server: Apache/2.4.7 (Ubuntu)
Content-Length: 226
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
</body></html>

O directamente introduzco el comando y no da error ni nada salta linea y ya esta pero no se ha ejecutado en mi maquina victima.

#10

Dudas y pedidos generales / acabo de descargar un keylogger de la deep web, eseguro abrirlo en mi pc

Abril 28, 2017, 05:04:59 PM

No tienes permitido ver enlaces. Registrate o Entra a tu cuenta
Alguien me podría ayudar, como puedo iniciar el keylogger, es que no tenia descripción

Es como ver un gatito rodeado de leones
Yo sé que el lado oscuro té atrae, se fuerte joven Padawan!

#11

Dudas y pedidos generales / Re:Juego del ahorcado! C

Abril 28, 2017, 05:01:24 PM

No tienes permitido ver enlaces. Registrate o Entra a tu cuenta
Claro que funciona, el problema esta en tus métodos, si los pones tal vez veríamos el error

Disculpa he tenido problemas para conectar estos días y no me había dado cuenta que había subido el código muy incompleto, por otro lado había contestado pero no ha llegado el mensaje y me acabo de dar cuenta. En el mensaje que no llego te decía que tenías razón y comentaba que me había olvidado de vaciar el buffer de entrada y de ahí el error. También en una función estaba utilizando %s en vez de %c para 1 solo carácter y eso me daba error.
De ahí me sale la siguiente duda: me han comentado que el límite para char es de 255 si no recuerdo mal, entonces como hago si quiero sacar por pantalla el símbolo €?
Estaba haciendo un %c y poniendo su valor ansi pero me saltaba overflow al compilar.
Saludos y gracias!

#12

Dudas y pedidos generales / Re:Comprobación de archivo probablemente malicioso

Abril 27, 2017, 09:59:07 PM

Buenas

sabéis si malwarebytes analiza el registro en busca de entradas sospechosas? Si no es así, hay algún programa BUENO para ello?
Muchas gracias ❤️❤️❤️

Enviado desde mi iPhone utilizando Tapatalk

#13

Dudas y pedidos generales / [SOLUCIONADO] Aviones

Abril 27, 2017, 09:45:58 PM

No tienes permitido ver enlaces. Registrate o Entra a tu cuenta
EsA es buena jajaj

Enviado desde mi iPhone utilizando Tapatalk

No sé si mi firma te lo dice todo, pero si no es así, la libertad es algo único, que si se tiene algo de cerebro no se arriesgaría por nada del mundo, y mucho menos unos billetes. Si un trozo de papel vale más que tu libertad, tú sabrás, si de verdad quieres poder utilizar tus conocimientos (que viendo lo que dices debe ser int conocimiento = 0;) pásate al lado de La Luz, te aseguro que hay mucha más adrenalina cazando a los malos...
saludos y de verdad piensa bien las cosas y más si las vas a publicar.
Espero ayudarte a reflexionar, yo creo que todos en algún momento nos hemos visto algo desorientados en ese sentido igual por falta de conocimiento o por falta de madurez.
Que la fuerza te acompañe ❤️❤️

#14

Dudas y pedidos generales / Re:[SOLUCIONADO] Se puede hackear cualquier red?

Abril 27, 2017, 09:36:20 PM

Buenas

, no sé si me voy a salir demasiado del topic pero bueno ahí va:
Viendo que mencionas varios métodos de ataques en redes, entre ellos Linset, quería debatir sobre eso mismo, Linset, su hermano Fluxion y los muchos idénticos que hay me parecen bastante llamativos, creo que una de las cosas más importantes al hacer pruebas de seguridad, sobretodo viendo que hablas de redes ajenas, sería no llamar la atención... Y también mencionas WPS, es una vía de ataque que a no ser que salga algo nuevo, EN MI OPINIÓN, repito, MI OPINIÓN, tiene los días contados. Siempre habrá el típico newbie o despreocupado que tiene un WPS sin bloqueos, con el pin fácilmente crackeable, pero ahí va el tema que ha mencionado nuestro amigo: merece la pena exprimir la fruta para sacar el zumo? Yo creo que en pocas ocasiones vamos a encontrar un equipo con datos altamente sensibles (por ejemplo un servidor con datos de X personas) tan desprotegidos. Y por otra parte siempre puedes encontrarte un honeypot cuando tiras de ataques tan básicos. A día de hoy disponemos de infinita cantidad de manuales y demás que nos explican cómo atacar y como defender. Hasta mi sobrino de 13 años sabe crackear wifis con reaver y WPS y hacer MITM. Por no decir que los routers se pueden actualizar remotamente por lo que los ISP también (en teoría) se preocupan por la seguridad de sus sistemas.
A que va todo esto? Porque yo ya se que mientras leéis esto estaréis pensando: si bueno no te imaginas la de redes de negocios, servidores, equipos con información sensible, etcétera que hay vulnerables a esos ataques tan simples... o estaréis pensando: que dice este zumbao? si lo se, pero lo que quiero decir es que centrarse en esas técnicas es perder el tiempo.
Porque? Muy fácil:
La tecnología avanza y además en cada red/equipo puede ser diferente, lo mejor es ir aprendiendo como dice el amigo linuxmeister desde lo básico hasta lo avanzado, probando todas las herramientas que puedas y lo más importante: viendo que hacen. No se aprende nada por saber lanzar un ataque reaver, se empieza a aprender cuando por ejemplo te das cuenta que si pruebas ataque reaver con intervalo de 61 segundos (por ejemplo), ya es un cambio, ya es algo que descubres, ya entiendes que hay sistemas con bloqueos cada X intentos y durante X segundos/minutos/... y así con todas las herramientas que tengas a tu disposición.
Y por lo que te digo está bien toquetear y que buscar en herramientas automáticas (siempre con cabeza), eso te puede ayudar a entender el funcionamiento de muchas cosas y a sacar ideas de otros proyectos. Pero siempre has de ir un paso más allá. Luego también habrá gente que no le interesa tanta información porque igual ya se han especializado en otra cosa y están en seguridad informática de paso o por necesidad del momento y no tienen porque ser script kiddies. Yo empecé siendo script kiddie + niño rata y a día de hoy me considero script kiddie aún, pero me intereso por todo, aunque no entienda ni el título del post lo leo igual, y eso en mi opinión, a la gente como yo y a mí nos convierte en hackers. Simplemente porque el hacker es el que se entusiasma por la tecnología y busca ir un paso adelante. Y para acabar, el hacker siempre aprende, está absorbiendo conocimientos constantemente. Lo que quiero decir es: se hacker y todo vendrá solo.
PD: Tampoco te lo digo a ti directamente La-Bestia, ya he dicho que igual hasta se salía del topic está respuesta, pero seguro que hay gente que ha entrado en este post y le interesa ya que el tema tampoco se desvía demasiado.

Enviado desde mi iPhone utilizando Tapatalk

#15

Debates, Reviews y Opiniones / Re:Hackers ¿Somos los buenos? ¿los malos?

Abril 26, 2017, 06:16:38 PM

No tienes permitido ver enlaces. Registrate o Entra a tu cuenta
Buenos días a todos,
Escribo esto, porque desde hace algún tiempo, me he dado cuenta de que mucha gente justifica sus acciones; dando mil vueltas al asunto, hasta que por fin encuentran un enfoque menos malo.

Por mi parte, no estoy de acuerdo y dado que no tengo toda la verdad. Quiero conocer vuestra opinión. En este caso me centrare en el hacking. Así que quiero conocer vuestra opinión (siempre es útil y bueno conocer otros puntos de vista).

Como yo lo veo, ser hacker no implica nada malo, (siempre que lo entendamos como experto o aficionado a la seguridad Informática) ahora bien, SOLO si utiliza sus conocimientos con el consentimiento de la víctima. En cambio, el otro ámbito (mucho más divertido ) es entrar en páginas web, servidores, aplicaciones, etc. Sin que nadie se entere y con la adrenalina por si te pillan. Esta parte considero que no está bien, alguien que normalmente ni conocemos y que no ha pedido a nadie que pruebe su seguridad; está siendo vulnerado y estamos entrando en sus archivos privados.

Mucha gente se justifica diciendo que les dejamos mensajes corrigiendo los errores que tienen o que realmente no dañamos nada, sino que simplemente entramos por ver si podemos y después te vas sin entrar en archivos privados ni modificar nada. Pero como yo lo veo, nadie nos ha pedido que lo hagamos e ignoramos las opiniones del propietario.

Por ello, mi opinión del hack en sitios sin permisos es:
Que en el sentido estricto de la palabra somos los malos. Si, quizás no somos terroristas ni hacemos daño físico a nadie, pero, hacemos que la gente a la que entramos se sienta insegura, aun así, al menos yo, soy un egoísta pues aun sabiendo que está mal, continuo haciéndolo y seguramente seguiré mucho mas.

Así que decidme chic@s ¿vosotros que opináis? ¿Somos los malos? ¿Los buenos? ¿Que pensáis de lo que hacemos?

Black hat, red hat y white hat.
Así de fácil.

Enviado desde mi iPhone utilizando Tapatalk

#16

Dudas y pedidos generales / Juego del ahorcado! C

Abril 21, 2017, 01:33:15 PM

Hola! Estoy haciendo el trabajo final de Introducción a la programación en C, me piden hacer el juego del ahorcado.
Me sale un problema, que no caigo en que puedo estar fallando, simplemente hago un gets() para almacenar una cadena de caracteres y se salta la fase de entrada de datos. No me permite darle la cadena de datos, se salta completamente esa parte.
Hay algo que hago mal y no me estoy dando cuenta, y debe ser algo muy muy básico.
He probado hacer el gets con la variable string y con la variable palabra, no me ha funcionado ninguna.

Pido por favor que no me adelanten más de lo que pido, quiero hacer el trabajo yo aprendiendo, solo quiero consultar y aclarar las dudas puntuales, porque hay gente con buena voluntad que igual quiere decirme más cosas de la cuenta y eso no me ayudaría a aprender.
Saludos y muchas gracias!

Código: text

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#define MIN 4 // longitud minima palabra
#define MAX 8 // longitud maxima palabra
#define OPORTUNIDADES 7 // nr de oportunidades por partida

int jugadores[30][2]; // jugadores[x][y] nr de jugador y puntos del jugador
int njugadores; // nr de jugadores que participan
char palabra;
char string[8];
void playstring();
void banner();
int bienvenida();

int main()
{
	banner(); // muestra un bonito dibujo del juego
	system("cls");
	system("color EC");
	bienvenida(); // da la bienvenida al juego y almacena el numero de jugadores
	printf("Indique una palabra de 4-8 letras:\n");
	gets(string);
	//strcpy(string,palabra);
	//playstring();
}

#17

Dudas y pedidos generales / Re:metasploit cisco_ios_auth_bypass

Abril 16, 2017, 01:19:37 PM

Muchas gracias! @No tienes permitido ver enlaces. Registrate o Entra a tu cuenta

Agradezco cualquier otra aportación, cualquier material que os haya resultado útil, por ejemplo con mutillidae he aprendido bastante, todo lo que me aportéis que me permita adquirir conocimientos estaré muy agradecido!
Así que todo el que me pueda dar "deberes" para practicar o ver tutoriales o lo que creas de utilidad, sobretodo lo que penséis que ha sido útil para vosotros me interesa.

Gracias y saludos!

#18

Dudas y pedidos generales / Re:metasploit cisco_ios_auth_bypass

Abril 16, 2017, 10:32:48 AM

Hola, primero muchas gracias!
Luego, tengo un grado medio donde he estado 2 años trabajando con esos conceptos que salen en ese post, no hay nada nuevo ahí.
Pero igualmente, te agradezco la información.

Me gustaría más ayuda en técnicas hacking, en el grado medio no te enseñan a usar metasploit y cosas de estas, como lo hago a modo autodidacta, pues he pensado en venir aquí a por conocimiento! Yo ya se que es php, ya se que es MySQL, se administrar servidores, pero no romperlos.
Gracias igualmente!

#19

Dudas y pedidos generales / Re:metasploit cisco_ios_auth_bypass

Abril 16, 2017, 06:58:00 AM

No al 100%, pero si he identificado que el router es de CISCO y el nikto me ha identificado este exploit para este target.

Soy bastante novato en seguridad informática, pero tengo muchas ganas de aprender.
Agradezco cualquier información útil / guía / comentario.

Nikto scan:

Código: text

- Nikto v2.1.6/2.1.5

+ Target Port: 80
+ GET Cookie PHPSESSID created without the httponly flag
+ GET Retrieved x-powered-by header: PHP/5.5.9-1ubuntu4.14
+ GET The anti-clickjacking X-Frame-Options header is not present.
+ GET The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ GET The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ GET lines
+ OSVDB-44056: GET /sips/sipssys/users/a/admin/user: SIPS v0.2.2 allows user account info (including password) to be retrieved remotely.
+ GET /CVS/Entries: CVS Entries file may contain directory listing information.
+ GET /catalog.nsf: A list of server databases can be retrieved, as well as a list of ACLs.
+ GET /cersvr.nsf: Server certificate data can be accessed remotely.
+ GET /domlog.nsf: The domain server logs can be accessed remotely.
+ GET /events4.nsf: The events log can be accessed remotely.
+ GET /log.nsf: The server log is remotely accessible.
+ GET /names.nsf: User names and groups can be accessed remotely (possibly password hashes as well)
+ OSVDB-31150: GET /LOGIN.PWD: MIPCD password file (passwords are not encrypted). MIPDCD should not have the web interface enabled.
+ OSVDB-31150: GET /USER/CONFIG.AP: MIPCD configuration information. MIPCD should not have the web interface enabled.
+ GET /admin-serv/config/admpw: This file contains the encrypted Netscape admin password. It should not be accessible via the web.
+ GET /cgi-bin/cgi_process: WASD reveals a lot of system information in this script. It should be removed.
+ GET /ht_root/wwwroot/-/local/httpd$map.conf: WASD reveals the http configuration file. Upgrade to a later version and secure according to the documents on the WASD web site.
+ GET /local/httpd$map.conf: WASD reveals the http configuration file. Upgrade to a later version and secure according to the documents on the WASD web site.
+ GET /tree: WASD Server reveals the entire web root structure and files via this URL. Upgrade to a later version and secure according to the documents on the WASD web site.
+ GET /852566C90012664F: This database can be read using the replica ID without authentication.
+ GET /hidden.nsf: This database can be read without authentication. Common database name.
+ GET /mail.box: The mail database can be read without authentication.
+ GET /setup.nsf: The server can be configured remotely, or current setup can be downloaded.
+ GET /statrep.nsf: Any reports generated by the admins can be retrieved.
+ GET /webadmin.nsf: The server admin database can be accessed remotely.
+ GET /examples/servlet/AUX: Apache Tomcat versions below 4.1 may be vulnerable to DoS by repeatedly requesting this file.
+ GET /Config1.htm: This may be a D-Link. Some devices have a DoS condition if an oversized POST request is sent. This DoS was not tested. See http://www.phenoelit.de/stuff/dp-300.txt for info.
+ GET /contents/extensions/asp/1: The IIS system may be vulnerable to a DOS, see MS02-018 for details.
+ GET /WebAdmin.dll?View=Logon: Some versions of WebAdmin are vulnerable to a remote DoS (not tested). See http://www.ngssoftware.com.
+ GET /cgi-win/cgitest.exe: This CGI may allow the server to be crashed remotely, see http://www.securityoffice.net/ for details.  Remove this default CGI.
+ GET /cgi-shl/win-c-sample.exe: win-c-sample.exe has a buffer overflow
+ GET /.nsf/../winnt/win.ini: This win.ini file can be downloaded.
+ GET /................../config.sys: PWS allows files to be read by prepending multiple '.' characters.  At worst, IIS, not PWS, should be used.
+ GET /..\..\..\..\..\..\temp\temp.class: Cisco ACS 2.6.x and 3.0.1 (build 40) allows authenticated remote users to retrieve any file from the system. Upgrade to the latest version.
+ OSVDB-728: GET /admentor/adminadmin.asp: Version 2.11 of AdMentor is vulnerable to SQL injection during login, in the style of: ' or =
+ OSVDB-10107: GET /author.asp: May be FactoSystem CMS, which could include SQL injection problems that could not be tested remotely.
+ OSVDB-4598: GET /members.asp?SF=%22;}alert(223344);function%20x(){v%20=%22: Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). CA-2000-02.
+ OSVDB-4015: GET /jigsaw/: Jigsaw server may be installed. Versions lower than 2.2.1 are vulnerable to Cross Site Scripting (XSS) in the error page.
+ OSVDB-2754: GET /guestbook/?number=5&lng=%3Cscript%3Ealert(document.domain);%3C/script%3E: MPM Guestbook 1.2 and previous are vulnreable to XSS attacks.
+ OSVDB-2946: GET /forum_members.asp?find=%22;}alert(9823);function%20x(){v%20=%22: Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). CA-2000-02.
+ GET /cfdocs/expeval/sendmail.cfm: Can be used to send email; go to the page and fill in the form
+ OSVDB-22: GET /cgi-bin/bigconf.cgi: BigIP Configuration CGI
+ GET /ammerum/: Ammerum pre 0.6-1 had several security issues.
+ GET /ariadne/: Ariadne pre 2.1.2 has several vulnerabilities. The default login/pass to the admin page is admin/muze.
+ GET /ext.dll?MfcIsapiCommand=LoadPage&page=admin.hts%20&a0=add&a1=root&a2=%5C: This check (A) sets up the next bad blue test (B) for possible exploit. See http://www.badblue.com/down.htm
+ OSVDB-59412: GET /db/users.dat: upb PB allows the user database to be retrieved remotely.
+ GET /Admin_files/order.log: Selena Sol's WebStore 1.0 exposes order information, http://www.extropia.com/, http://www.mindsec.com/advisories/post2.txt.
+ GET /admin/cplogfile.log: DevBB 1.0 final (http://www.mybboard.com) log file is readable remotely. Upgrade to the latest version.
+ GET /cfdocs/snippets/fileexists.cfm: Can be used to verify the existance of files (on the same drive info as the web tree/file)
+ GET /cgi-bin/MachineInfo: Gives out information on the machine (IRIX), including hostname
+ OSVDB-59646: GET /chat/!nicks.txt: WF-Chat 1.0 Beta allows retrieval of user information.
+ OSVDB-59645: GET /chat/!pwds.txt: WF-Chat 1.0 Beta allows retrieval of user information.
+ OSVDB-53304: GET /chat/data/usr: SimpleChat! 1.3 allows retrieval of user information.
+ GET /config/: Configuration information may be available remotely.
+ GET /cplogfile.log: XMB Magic Lantern forum 1.6b final (http://www.xmbforum.com) log file is readable remotely. Upgrade to the latest version.
+ GET /examples/jsp/snp/anything.snp: Tomcat servlet gives lots of host information.
+ GET /cfdocs/snippets/evaluate.cfm: Can enter CF code to be evaluated, or create denial of service see www.allaire.com/security/ technical papers and advisories for info
+ GET /cfide/Administrator/startstop.html: Can start/stop the server
+ OSVDB-10598: GET /cd-cgi/sscd_suncourier.pl: Sunsolve CD script may allow users to execute arbitrary commands. The script was confirmed to exist, but the test was not done.
+ GET /cgi-bin/handler: Comes with IRIX 5.3 - 6.4; allows to run arbitrary commands
+ OSVDB-235: GET /cgi-bin/webdist.cgi: Comes with IRIX 5.0 - 6.3; allows to run arbitrary commands
+ OSVDB-55: GET /ews/ews/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands. BID-2665.
+ GET /admin.php4?reg_login=1: Mon Album from http://www.3dsrc.com version 0.6.2d allows remote admin access. This should be protected.
+ OSVDB-3233: GET /admin/admin_phpinfo.php4: Mon Album from http://www.3dsrc.com version 0.6.2d allows remote admin access. This should be protected.
+ OSVDB-5088: GET /accounts/getuserdesc.asp: Hosting Controller 2002 administration page is available. This should be protected.
+ GET /sqldump.sql: Database SQL?
+ GET /structure.sql: Database SQL?
+ GET /servlet/SessionManager: IBM WebSphere reconfigure servlet (user=servlet, password=manager). All default code should be removed from servers.
+ GET /ip.txt: This may be User Online from http://www.elpar.net version 2.0, which has a remotely accessible log file.
+ GET /level/42/exec/show%20conf: Retrieved Cisco configuration file.
+ GET /livehelp/: LiveHelp may reveal system information.
+ GET /LiveHelp/: LiveHelp may reveal system information.
+ OSVDB-59536: GET /logicworks.ini: web-erp 0.1.4 and earlier allow .ini files to be read remotely.
+ GET /logs/str_err.log: Bmedia error log, contains invalid login attempts which include the invalid usernames and passwords entered (could just be typos & be very close to the right entries).
+ OSVDB-6465: GET /mall_log_files/order.log: EZMall2000 exposes order information, http://www.ezmall2000.com/, see http://www.mindsec.com/advisories/post2.txt for details.
+ OSVDB-3204: GET /megabook/files/20/setup.db: Megabook guestbook configuration available remotely.
+ OSVDB-6161: GET /officescan/hotdownload/ofscan.ini: OfficeScan from Trend Micro allows anyone to read the ofscan.ini file, which may contain passwords.
+ GET /order/order_log_v12.dat: Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt
+ GET /order/order_log.dat: Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt
+ GET /orders/order_log_v12.dat: Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt
+ GET /Orders/order_log_v12.dat: Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt
+ GET /orders/order_log.dat: Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt
+ GET /Orders/order_log.dat: Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt
+ GET /session/admnlogin: SessionServlet Output, has session cookie info.
+ OSVDB-613: GET /SiteScope/htdocs/SiteScope.html: The SiteScope install may allow remote users to get sensitive information about the hosts being monitored.
+ GET /servlet/allaire.jrun.ssi.SSIFilter: Allaire ColdFusion allows JSP source viewed through a vulnerable SSI call, see MPSB01-12 http://www.macromedia.com/devnet/security/security_zone/mpsb01-12.html.
+ GET /isapi/count.pl?: AN HTTPd default script may allow writing over arbitrary files with a new content of '1', which could allow a trivial DoS. Append /../../../../../ctr.dll to replace this file's contents, for example.
+ GET /krysalis/: Krysalis pre 1.0.3 may allow remote users to read arbitrary files outside docroot
+ OSVDB-113: GET /ncl_items.html: This may allow attackers to reconfigure your Tektronix printer.
+ OSVDB-551: GET /ncl_items.shtml?SUBJECT=1: This may allow attackers to reconfigure your Tektronix printer.
+ GET /photo/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more.
+ GET /photodata/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more.
+ OSVDB-5374: GET /pub/english.cgi?op=rmail: BSCW self-registration may be enabled. This could allow untrusted users semi-trusted access to the software. 3.x version (and probably some 4.x) allow arbitrary commands to be executed remotely.
+ OSVDB-240: GET /scripts/wsisa.dll/WService=anything?WSMadmin: Allows Webspeed to be remotely administered. Edit unbroker.properties and set AllowMsngrCmds to 0.
+ OSVDB-3092: GET /SetSecurity.shm: Cisco System's My Access for Wireless. This resource should be password protected.
+ OSVDB-3126: GET /submit?setoption=q&option=allowed_ips&value=255.255.255.255: MLdonkey 2.x allows administrative interface access to be access from any IP. This is typically only found on port 4080.
+ OSVDB-3092: GET /shopadmin.asp: VP-ASP shopping cart admin may be available via the web. Default ID/PW are vpasp/vpasp and admin/admin.
+ OSVDB-3092: GET /_vti_txt/_vti_cnf/: FrontPage directory found.
+ OSVDB-3092: GET /_vti_txt/: FrontPage directory found.
+ OSVDB-3092: GET /_vti_pvt/deptodoc.btr: FrontPage file found. This may contain useful information.
+ OSVDB-3092: GET /_vti_pvt/doctodep.btr: FrontPage file found. This may contain useful information.
+ OSVDB-3092: GET /_vti_pvt/services.org: FrontPage file found. This may contain useful information.
+ OSVDB-28260: POST /_vti_bin/shtml.dll/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611: Gives info about server settings. CVE-2000-0413, CVE-2000-0709, CVE-2000-0710, BID-1608, BID-1174.
+ OSVDB-28260: POST /_vti_bin/shtml.exe/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611: Gives info about server settings.
+ OSVDB-3092: POST /_vti_bin/_vti_aut/author.dll?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=false: We seem to have authoring access to the FrontPage web.
+ OSVDB-3092: POST /_vti_bin/_vti_aut/author.exe?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=false: We seem to have authoring access to the FrontPage web.
+ OSVDB-3092: GET /_vti_bin/_vti_aut/dvwssr.dll: This dll allows anyone with authoring privs to change other users file, and may contain a buffer overflow for unauthenticated users. See also : http://www.wiretrip.net/rfp/p/doc.asp?id=45&iface=1. MS00-025.
+ OSVDB-3092: GET /_vti_bin/_vti_aut/fp30reg.dll: Some versions of the FrontPage fp30reg.dll are vulnerable to a buffer overflow. See http://www.microsoft.com/technet/security/bulletin/ms03-051.asp for details.
+ OSVDB-473: GET /_vti_pvt/access.cnf: Contains HTTP server-specific access control information. Remove or ACL if FrontPage is not being used.
+ OSVDB-473: GET /_vti_pvt/service.cnf: Contains meta-information about the web server Remove or ACL if FrontPage is not being used.
+ OSVDB-473: GET /_vti_pvt/services.cnf: Contains the list of subwebs. Remove or ACL if FrontPage is not being used. May reveal server version if Admin has changed it.
+ OSVDB-473: GET /_vti_pvt/svacl.cnf: File used to store whether subwebs have unique permissions settings and any IP address restrictions.  Can be used to discover information about subwebs, remove or ACL if FrontPage is not being used.
+ OSVDB-473: GET /_vti_pvt/writeto.cnf: Contains information about form handler result files. Remove or ACL if FrontPage is not being used.
+ OSVDB-473: GET /_vti_pvt/linkinfo.cnf: IIS file shows http links on and off site. Might show host trust relationships and other machines on network.
+ OSVDB-48: GET /doc/: The /doc/ directory is browsable. This may be /usr/doc.
+ OSVDB-48: GET /doc: The /doc directory is browsable. This may be /usr/doc.
+ OSVDB-250: GET /cgis/wwwboard/wwwboard.cgi: Versions 2.0 Alpha and below have multiple problems. See BID-1795 which could allow over-write of messages. Default ID 'WebAdmin' with pass 'WebBoard'.
+ OSVDB-250: GET /cgis/wwwboard/wwwboard.pl: Versions 2.0 Alpha and below have multiple problems. See BID-1795 which could allow over-write of messages. Default ID 'WebAdmin' with pass 'WebBoard'.
+ OSVDB-376: GET /manager/contextAdmin/contextAdmin.html: Tomcat may be configured to let attackers read arbitrary files. Restrict access to /admin.
+ OSVDB-376: GET /jk-manager/contextAdmin/contextAdmin.html: Tomcat may be configured to let attackers read arbitrary files. Restrict access to /admin.
+ OSVDB-376: GET /jk-status/contextAdmin/contextAdmin.html: Tomcat may be configured to let attackers read arbitrary files. Restrict access to /admin.
+ OSVDB-376: GET /admin/contextAdmin/contextAdmin.html: Tomcat may be configured to let attackers read arbitrary files. Restrict access to /admin.
+ OSVDB-376: GET /host-manager/contextAdmin/contextAdmin.html: Tomcat may be configured to let attackers read arbitrary files. Restrict access to /admin.
+ OSVDB-568: GET /blahb.ida: Reveals physical path. To fix: Preferences -> Home directory -> Application & check 'Check if file exists' for the ISAPI mappings. MS01-033.
+ OSVDB-568: GET /blahb.idq: Reveals physical path. To fix: Preferences -> Home directory -> Application & check 'Check if file exists' for the ISAPI mappings. MS01-033.
+ OSVDB-2117: GET /BACLIENT: IBM Tivoli default file found.
+ OSVDB-578: GET /level/16/exec/-///pwd: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/16/exec/-///show/configuration: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/16: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/16/exec/: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/16/exec//show/access-lists: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/16/level/16/exec//show/configuration: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/16/level/16/exec//show/interfaces: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/16/level/16/exec//show/interfaces/status: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/16/level/16/exec//show/version: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/16/level/16/exec//show/running-config/interface/FastEthernet: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/16/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/17/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/18/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/19/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/20/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/21/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/22/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/23/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/24/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/25/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/26/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/27/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/28/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/29/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/30/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/31/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/32/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/33/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/34/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/35/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/36/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/37/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/38/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/39/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/40/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/41/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/42/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/43/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/44/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/45/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/46/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/47/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/48/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/49/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/50/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/51/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/52/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/53/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/54/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/55/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/56/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/57/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/58/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/59/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/60/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/61/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/62/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/63/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/64/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/65/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/66/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/67/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/68/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/69/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/70/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/71/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/72/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/73/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/74/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/75/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/76/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/77/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/78/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/79/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/80/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/81/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/82/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/83/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/84/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/85/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/86/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/87/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/88/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/89/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/90/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/91/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/92/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/93/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/94/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/95/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/96/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/97/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/98/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: GET /level/99/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-18810: GET /users.lst: LocalWEB2000 users.lst passwords found
+ OSVDB-13405: GET /WS_FTP.LOG: WS_FTP.LOG file was found. It may contain sensitive information.
+ OSVDB-3715: GET /nsn/env.bas: Novell web server shows the server environment and is vulnerable to cross-site scripting
+ OSVDB-3722: GET /lcgi/lcgitest.nlm: Novell web server shows the server environment
+ OSVDB-13404: GET /com/: Novell web server allows directory listing
+ OSVDB-13402: GET /com/novell/: Novell web server allows directory listing
+ OSVDB-13403: GET /com/novell/webaccess: Novell web server allows directory listing
+ OSVDB-4804: GET //admin/admin.shtml: Axis network camera may allow admin bypass by using double-slashes before URLs.
+ OSVDB-4808: GET /axis-cgi/buffer/command.cgi: Axis WebCam 2400 may allow overwriting or creating files on the system. See http://www.websec.org/adv/axis2400.txt.html for details.
+ OSVDB-4806: GET /support/messages: Axis WebCam allows retrieval of messages file (/var/log/messages). See http://www.websec.org/adv/axis2400.txt.html
+ OSVDB-228: GET /upload.cgi+: The upload.cgi allows attackers to upload arbitrary files to the server.
+ OSVDB-561: GET /server-status: This reveals Apache information. Comment out appropriate line in the Apache conf file or restrict access to allowed sources.
+ OSVDB-1264: GET /publisher/: Netscape Enterprise Server with Web Publishing can allow attackers to edit web pages and/or list arbitrary directories via Java applet. CVE-2000-0237.
+ OSVDB-134: GET /cgi-bin/pfdisplay.cgi?../../../../../../etc/passwd: Comes with IRIX 6.2-6.4; allows to run arbitrary commands
+ OSVDB-2: GET /iissamples/exair/search/search.asp: Scripts within the Exair package on IIS 4 can be used for a DoS against the server. CVE-1999-0449. BID-193.
+ OSVDB-2117: GET /cpanel/: Web-based control panel
+ OSVDB-2119: GET /shopping/diag_dbtest.asp: VP-ASP Shopping Cart 5.0 contains multiple SQL injection vulnerabilities. CVE-2003-0560, BID-8159
+ OSVDB-250: GET /wwwboard/passwd.txt: The wwwboard password file is browsable. Change wwwboard to store this file elsewhere, or upgrade to the latest version.
+ OSVDB-2695: GET /photo/: My Photo Gallery pre 3.6 contains multiple vulnerabilities including directory traversal, unspecified vulnerabilities and remote management interface access.
+ OSVDB-2695: GET /photodata/: My Photo Gallery pre 3.6 contains multiple vulnerabilities including directory traversal, unspecified vulnerabilities and remote management interface access.
+ OSVDB-272: GET /msadc/msadcs.dll: See RDS advisory RFP9902, CVE-1999-1011, MS98-004, MS99-025 RFP-9902 BID-29 (http://www.wiretrip.net/rfp/p/doc.asp/i2/d1.htm), CIAC J-054 http://www.ciac.org/ciac/bulletins/j-054.shtml www.securityfocus.com/bid/529
+ OSVDB-2735: GET /musicqueue.cgi: Musicqueue 1.20 is vulnerable to a buffer overflow. Ensure the latest version is installed (exploit not attempted). http://musicqueue.sourceforge.net/
+ OSVDB-275: GET /scripts/tools/newdsn.exe: This can be used to make DSNs, useful in use with an ODBC exploit and the RDS exploit (with msadcs.dll). Also may allow files to be created on the server. BID-1818. CVE-1999-0191. RFP9901 (http://www.wiretrip.net/rfp/p/doc.asp/i2/d3.htm)
+ OSVDB-2813: GET /admin/database/wwForum.mdb: Web Wiz Forums pre 7.5 is vulnerable to Cross-Site Scripting attacks. Default login/pass is Administrator/letmein
+ OSVDB-284: GET /iisadmpwd/aexp2.htr: Gives domain and system name, may allow an attacker to brute force for access. Also will allow an NT4 user to change his password regardless of the 'user cannot change password' security policy. CVE-1999-0407. BID-4236. BID-2110.
+ OSVDB-284: GET /iisadmpwd/aexp2b.htr: Gives domain and system name, may allow an attacker to brute force for access. Also will allow an NT4 user to change his password regardless of the 'user cannot change password' security policy. CVE-1999-0407. BID-4236. BID-2110.
+ OSVDB-284: GET /iisadmpwd/aexp3.htr: Gives domain and system name, may allow an attacker to brute force for access. Also will allow an NT4 user to change his password regardless of the 'user cannot change password' security policy. CVE-1999-0407. BID-4236. BID-2110.
+ OSVDB-284: GET /iisadmpwd/aexp4.htr: Gives domain and system name, may allow an attacker to brute force for access. Also will allow an NT4 user to change his password regardless of the 'user cannot change password' security policy. CVE-1999-0407. BID-4236. BID-2110.
+ OSVDB-284: GET /iisadmpwd/aexp4b.htr: Gives domain and system name, may allow an attacker to brute force for access. Also will allow an NT4 user to change his password regardless of the 'user cannot change password' security policy. CVE-1999-0407. BID-4236. BID-2110.
+ OSVDB-2842: GET //admin/aindex.htm: FlexWATCH firmware 2.2 is vulnerable to authentication bypass by prepending an extra '/'. http://packetstorm.linuxsecurity.com/0310-exploits/FlexWATCH.txt
+ OSVDB-2922: GET /admin/wg_user-info.ml: WebGate Web Eye exposes user names and passwords.
+ OSVDB-294: GET /c32web.exe/ChangeAdminPassword: This CGI may contain a backdoor and may allow attackers to change the Cart32 admin password.
+ OSVDB-2944: GET /showmail.pl: @Mail WebMail 3.52 allows attacker to read arbitrary user's mailbox. Requires knowing valid user name and appending ?Folder=../../[email protected]/mbox/Inbox to the showmail.pl file.
+ OSVDB-2948: GET /reademail.pl: @Mail WebMail 3.52 contains an SQL injection that allows attacker to read any email message for any address registered in the system. Example to append to reademail.pl: ?id=666&folder=qwer'%20or%20EmailDatabase_v.Account='[email protected]&print=1
+ OSVDB-3: GET /iissamples/exair/search/query.asp: Scripts within the Exair package on IIS 4 can be used for a DoS against the server. CVE-1999-0449. BID-193.
+ OSVDB-3092: GET /buddies.blt: Buddy List?
+ OSVDB-3092: GET /buddy.blt: Buddy List?
+ OSVDB-3092: GET /buddylist.blt: Buddy List?
+ OSVDB-3092: GET /sqlnet.log: Oracle log file found.
+ OSVDB-3092: GET /.psql_history: This might be interesting...
+ OSVDB-3092: GET /acceso/: This might be interesting...
+ OSVDB-3092: GET /access-log: This might be interesting...
+ OSVDB-3092: GET /access.log: This might be interesting...
+ OSVDB-3092: GET /access/: This might be interesting...
+ OSVDB-3092: GET /access_log: This might be interesting...
+ OSVDB-3092: GET /acciones/: This might be interesting...
+ OSVDB-3092: GET /account/: This might be interesting...
+ OSVDB-3092: GET /accounting/: This might be interesting...
+ OSVDB-3092: GET /activex/: This might be interesting...
+ OSVDB-3092: GET /adm/: This might be interesting...
+ OSVDB-3092: GET /admin.htm: This might be interesting...
+ OSVDB-3092: GET /admin.html: This might be interesting...
+ OSVDB-3092: GET /admin.php3: This might be interesting...
+ OSVDB-3092: GET /admin.shtml: This might be interesting...
+ OSVDB-3092: GET /admin/: This might be interesting...
+ OSVDB-3092: GET /Administration/: This might be interesting...
+ OSVDB-3092: GET /administration/: This might be interesting...
+ OSVDB-3092: GET /administrator/: This might be interesting...
+ OSVDB-3092: GET /Admin_files/: This might be interesting...
+ OSVDB-3092: GET /advwebadmin/: This might be interesting...probably HostingController, www.hostingcontroller.com
+ OSVDB-3092: GET /Agent/: This might be interesting...
+ OSVDB-3092: GET /Agentes/: This might be interesting...
+ OSVDB-3092: GET /agentes/: This might be interesting...
+ OSVDB-3092: GET /Agents/: This might be interesting...
+ OSVDB-3092: GET /analog/: This might be interesting...
+ OSVDB-3092: GET /apache/: This might be interesting...
+ OSVDB-3092: GET /app/: This might be interesting...
+ OSVDB-3092: GET /applicattion/: This might be interesting...
+ OSVDB-3092: GET /applicattions/: This might be interesting...
+ OSVDB-3092: GET /apps/: This might be interesting...
+ OSVDB-3092: GET /archivar/: This might be interesting...
+ OSVDB-3092: GET /archive/: This might be interesting...
+ OSVDB-3092: GET /archives/: This might be interesting...
+ OSVDB-3092: GET /archivo/: This might be interesting...
+ OSVDB-3092: GET /asp/: This might be interesting...
+ OSVDB-3092: GET /Asp/: This might be interesting...
+ OSVDB-3092: GET /atc/: This might be interesting...
+ OSVDB-3092: GET /auth/: This might be interesting...
+ OSVDB-3092: GET /awebvisit.stat: This might be interesting...
+ OSVDB-3092: GET /ayuda/: This might be interesting...
+ OSVDB-3092: GET /backdoor/: This might be interesting...
+ OSVDB-3092: GET /backup/: This might be interesting...
+ OSVDB-3092: GET /bak/: This might be interesting...
+ OSVDB-3092: GET /banca/: This might be interesting...
+ OSVDB-3092: GET /banco/: This might be interesting...
+ OSVDB-3092: GET /bank/: This might be interesting...
+ OSVDB-3092: GET /bbv/: This might be interesting...
+ OSVDB-3092: GET /bdata/: This might be interesting...
+ OSVDB-3092: GET /bdatos/: This might be interesting...
+ OSVDB-3092: GET /beta/: This might be interesting...
+ OSVDB-3092: GET /bin/: This might be interesting...
+ OSVDB-3092: GET /boot/: This might be interesting...
+ OSVDB-3092: GET /buy/: This might be interesting...
+ OSVDB-3092: GET /buynow/: This might be interesting...
+ OSVDB-3092: GET /c/: This might be interesting...
+ OSVDB-3092: GET /cache-stats/: This might be interesting...
+ OSVDB-3092: GET /caja/: This might be interesting...
+ OSVDB-3092: GET /card/: This might be interesting...
+ OSVDB-3092: GET /cards/: This might be interesting...
+ OSVDB-3092: GET /cart/: This might be interesting...
+ OSVDB-3092: GET /cash/: This might be interesting...
+ OSVDB-3092: GET /ccard/: This might be interesting...
+ OSVDB-3092: GET /ccbill/secure/ccbill.log: This might be interesting... CC Bill log file?
+ OSVDB-3092: GET /cdrom/: This might be interesting...
+ OSVDB-3092: GET /cert/: This might be interesting...
+ OSVDB-3092: GET /certificado/: This might be interesting...
+ OSVDB-3092: GET /certificate: This might be interesting...
+ OSVDB-3092: GET /certificates: This might be interesting...
+ OSVDB-3092: GET /cfdocs/exampleapp/email/application.cfm: This might be interesting...
+ OSVDB-3092: GET /cfdocs/exampleapp/publish/admin/addcontent.cfm: This might be interesting...
+ OSVDB-3092: GET /cfdocs/exampleapp/publish/admin/application.cfm: This might be interesting...
+ OSVDB-3092: GET /cfdocs/examples/httpclient/mainframeset.cfm: This might be interesting...
+ OSVDB-3092: GET /client/: This might be interesting...
+ OSVDB-3092: GET /cliente/: This might be interesting...
+ OSVDB-3092: GET /clientes/: This might be interesting...
+ OSVDB-3092: GET /clients/: This might be interesting...
+ OSVDB-3092: GET /communicator/: This might be interesting...
+ OSVDB-3092: GET /compra/: This might be interesting...
+ OSVDB-3092: GET /compras/: This might be interesting...
+ OSVDB-3092: GET /compressed/: This might be interesting...
+ OSVDB-3092: GET /conecta/: This might be interesting...
+ OSVDB-3092: GET /config/checks.txt: This might be interesting...
+ OSVDB-3092: GET /connect/: This might be interesting...
+ OSVDB-3092: GET /console: This might be interesting...
+ OSVDB-3092: GET /correo/: This might be interesting...
+ OSVDB-3092: GET /crypto/: This might be interesting...
+ OSVDB-3092: GET /css: This might be interesting...
+ OSVDB-3092: GET /cuenta/: This might be interesting...
+ OSVDB-3092: GET /cuentas/: This might be interesting...
+ OSVDB-3092: GET /dan_o.dat: This might be interesting...
+ OSVDB-3092: GET /dat/: This might be interesting...
+ OSVDB-3092: GET /data/: This might be interesting...
+ OSVDB-3092: GET /dato/: This might be interesting...
+ OSVDB-3092: GET /datos/: This might be interesting...
+ OSVDB-3092: GET /db/: This might be interesting...
+ OSVDB-3092: GET /dbase/: This might be interesting...
+ OSVDB-3092: GET /demo/: This might be interesting...
+ OSVDB-3092: GET /demos/: This might be interesting...
+ OSVDB-3092: GET /dev/: This might be interesting...
+ OSVDB-3092: GET /devel/: This might be interesting...
+ OSVDB-3092: GET /development/: This might be interesting...
+ OSVDB-3092: GET /dir/: This might be interesting...
+ OSVDB-3092: GET /directory/: This might be interesting...
+ OSVDB-3092: GET /DMR/: This might be interesting...
+ OSVDB-3092: GET /doc-html/: This might be interesting...
+ OSVDB-3092: GET /down/: This might be interesting...
+ OSVDB-3092: GET /download/: This might be interesting...
+ OSVDB-3092: GET /downloads/: This might be interesting...
+ OSVDB-3092: GET /easylog/easylog.html: This might be interesting...
+ OSVDB-3092: GET /ejemplo/: This might be interesting...
+ OSVDB-3092: GET /ejemplos/: This might be interesting...
+ OSVDB-3092: GET /employees/: This might be interesting...
+ OSVDB-3092: GET /envia/: This might be interesting...
+ OSVDB-3092: GET /enviamail/: This might be interesting...
+ OSVDB-3092: GET /error_log: This might be interesting...
+ OSVDB-3092: GET /excel/: This might be interesting...
+ OSVDB-3092: GET /Excel/: This might be interesting...
+ OSVDB-3092: GET /EXE/: This might be interesting...
+ OSVDB-3092: GET /exe/: This might be interesting...
+ OSVDB-3092: GET /fbsd/: This might be interesting...
+ OSVDB-3092: GET /file/: This might be interesting...
+ OSVDB-3092: GET /fileadmin/: This might be interesting...
+ OSVDB-3092: GET /files/: This might be interesting...
+ OSVDB-3092: GET /forum/: This might be interesting...
+ OSVDB-3092: GET /forums/: This might be interesting...
+ OSVDB-3092: GET /foto/: This might be interesting...
+ OSVDB-3092: GET /fotos/: This might be interesting...
+ OSVDB-3092: GET /fpadmin/: This might be interesting...
+ OSVDB-3092: GET /ftp/: This might be interesting...
+ OSVDB-3092: GET /gfx/: This might be interesting...
+ OSVDB-3092: GET /global/: This might be interesting...
+ OSVDB-3092: GET /graphics/: This might be interesting...
+ OSVDB-3092: GET /guest/: This might be interesting...
+ OSVDB-3092: GET /guestbook/: This might be interesting...
+ OSVDB-3092: GET /guests/: This might be interesting...
+ OSVDB-3092: GET /hidden/: This might be interesting...
+ OSVDB-3092: GET /hitmatic/: This might be interesting...
+ OSVDB-3092: GET /hitmatic/analyse.cgi: This might be interesting...
+ OSVDB-3092: GET /hits.txt: This might be interesting...
+ OSVDB-3092: GET /hit_tracker/: This might be interesting...
+ OSVDB-3092: GET /home/: This might be interesting...
+ OSVDB-3092: GET /homepage/: This might be interesting...
+ OSVDB-3092: GET /htdocs/: This might be interesting...
+ OSVDB-3092: GET /html/: This might be interesting...
+ OSVDB-3092: GET /htpasswd: This might be interesting...
+ OSVDB-3092: GET /HyperStat/stat_what.log: This might be interesting...
+ OSVDB-3092: GET /hyperstat/stat_what.log: This might be interesting...
+ OSVDB-3092: GET /ibill/: This might be interesting...
+ OSVDB-3092: GET /idea/: This might be interesting...
+ OSVDB-3092: GET /ideas/: This might be interesting...
+ OSVDB-3092: GET /imagenes/: This might be interesting...
+ OSVDB-3092: GET /img/: This might be interesting...
+ OSVDB-3092: GET /imgs/: This might be interesting...
+ OSVDB-3092: GET /import/: This might be interesting...
+ OSVDB-3092: GET /impreso/: This might be interesting...
+ OSVDB-3092: GET /includes/: This might be interesting...
+ OSVDB-3092: GET /incoming/: This might be interesting...
+ OSVDB-3092: GET /info/: This might be interesting...
+ OSVDB-3092: GET /informacion/: This might be interesting...
+ OSVDB-3092: GET /information/: This might be interesting...
+ OSVDB-3092: GET /ingresa/: This might be interesting...
+ OSVDB-3092: GET /ingreso/: This might be interesting...
+ OSVDB-3092: GET /install/: This might be interesting...
+ OSVDB-3092: GET /internal/: This might be interesting...
+ OSVDB-3092: GET /intranet/: This might be interesting...
+ OSVDB-3092: GET /invitado/: This might be interesting...
+ OSVDB-3092: GET /invitados/: This might be interesting...
+ OSVDB-3092: GET /java/: This might be interesting...
+ OSVDB-3092: GET /jdbc/: This might be interesting...
+ OSVDB-3092: GET /job/: This might be interesting...
+ OSVDB-3092: GET /jrun/: This might be interesting...
+ OSVDB-3092: GET /js: This might be interesting...
+ OSVDB-3092: GET /lib/: This might be interesting...
+ OSVDB-3092: GET /library/: This might be interesting...
+ OSVDB-3092: GET /libro/: This might be interesting...
+ OSVDB-3092: GET /linux/: This might be interesting...
+ OSVDB-3092: GET /log.htm: This might be interesting...
+ OSVDB-3092: GET /log.html: This might be interesting...
+ OSVDB-3092: GET /log.txt: This might be interesting...
+ OSVDB-3092: GET /logfile: This might be interesting...
+ OSVDB-3092: GET /logfile.htm: This might be interesting...
+ OSVDB-3092: GET /logfile.html: This might be interesting...
+ OSVDB-3092: GET /logfile.txt: This might be interesting...
+ OSVDB-3092: GET /logfile/: This might be interesting...
+ OSVDB-3092: GET /logfiles/: This might be interesting...
+ OSVDB-3092: GET /logger.html: This might be interesting...
+ OSVDB-3092: GET /logger/: This might be interesting...
+ OSVDB-3092: GET /logging/: This might be interesting...
+ OSVDB-3092: GET /login/: This might be interesting...
+ OSVDB-3092: GET /logs.txt: This might be interesting...
+ OSVDB-3092: GET /logs/: This might be interesting...
+ OSVDB-3092: GET /logs/access_log: This might be interesting...
+ OSVDB-3092: GET /logs/error_log: This might be interesting...
+ OSVDB-3092: GET /lost+found/: This might be interesting...
+ OSVDB-3092: GET /mail/: This might be interesting...
+ OSVDB-3092: GET /manage/cgi/cgiproc: This might be interesting...
+ OSVDB-3092: GET /marketing/: This might be interesting...
+ OSVDB-3092: GET /master.password: This might be interesting...
+ OSVDB-3092: GET /mbox: This might be interesting...
+ OSVDB-3092: GET /members/: This might be interesting...
+ OSVDB-3092: GET /message/: This might be interesting...
+ OSVDB-3092: GET /messaging/: This might be interesting...
+ OSVDB-3092: GET /ministats/admin.cgi: This might be interesting...
+ OSVDB-3092: GET /misc/: This might be interesting...
+ OSVDB-3092: GET /mkstats/: This might be interesting...
+ OSVDB-3092: GET /movimientos/: This might be interesting...
+ OSVDB-3092: GET /mp3/: This might be interesting...
+ OSVDB-3092: GET /mqseries/: This might be interesting...
+ OSVDB-3092: GET /msql/: This might be interesting...
+ OSVDB-3092: GET /msword/: This might be interesting...
+ OSVDB-3092: GET /Msword/: This might be interesting...
+ OSVDB-3092: GET /MSword/: This might be interesting...
+ OSVDB-3092: GET /NetDynamic/: This might be interesting...
+ OSVDB-3092: GET /NetDynamics/: This might be interesting...
+ OSVDB-3092: GET /netscape/: This might be interesting...
+ OSVDB-3092: GET /new: This may be interesting...
+ OSVDB-3092: GET /new/: This might be interesting...
+ OSVDB-3092: GET /news: This might be interesting...
+ OSVDB-3092: GET /noticias/: This might be interesting...
+ OSVDB-3092: GET /odbc/: This might be interesting...
+ OSVDB-3092: GET /officescan/cgi/jdkRqNotify.exe: This might be interesting...
+ OSVDB-3092: GET /old/: This might be interesting...
+ OSVDB-3092: GET /oracle: This might be interesting...
+ OSVDB-3092: GET /oradata/: This might be interesting...
+ OSVDB-3092: GET /order/: This might be interesting...
+ OSVDB-3092: GET /orders/: This might be interesting...
+ OSVDB-3092: GET /orders/checks.txt: This might be interesting...
+ OSVDB-3092: GET /orders/mountain.cfg: This might be interesting...
+ OSVDB-3092: GET /orders/orders.log: This might be interesting...
+ OSVDB-3092: GET /orders/orders.txt: This might be interesting...
+ OSVDB-3092: GET /outgoing/: This might be interesting...
+ OSVDB-3092: GET /ows/: This might be interesting... Oracle Web Services?
+ OSVDB-3092: GET /pages/: This might be interesting...
+ OSVDB-3092: GET /Pages/: This might be interesting...
+ OSVDB-3092: GET /passwd: This could be interesting...
+ OSVDB-3092: GET /passwd.adjunct: This could be interesting...
+ OSVDB-3092: GET /passwd.txt: This could be interesting...
+ OSVDB-3092: GET /passwdfile: This might be interesting...
+ OSVDB-3092: GET /password: This could be interesting...
+ OSVDB-3092: GET /passwords.txt: This could be interesting...
+ OSVDB-3092: GET /passwords/: This might be interesting...
+ OSVDB-3092: GET /PDG_Cart/: This might be interesting...
+ OSVDB-3092: GET /people.list: This might be interesting...
+ OSVDB-3092: GET /perl5/: This might be interesting...
+ OSVDB-3092: GET /php/: This might be interesting...
+ OSVDB-3092: GET /pics/: This might be interesting...
+ OSVDB-3092: GET /piranha/secure/passwd.php3: This might be interesting...
+ OSVDB-3092: GET /pix/: This might be interesting...
+ OSVDB-3092: GET /poll: This might be interesting...
+ OSVDB-3092: GET /polls: This might be interesting...
+ OSVDB-3092: GET /porn/: This might be interesting...
+ OSVDB-3092: GET /pr0n/: This might be interesting...
+ OSVDB-3092: GET /privado/: This might be interesting...
+ OSVDB-3092: GET /private/: This might be interesting...
+ OSVDB-3092: GET /prod/: This might be interesting...
+ OSVDB-3092: GET /pron/: This might be interesting...
+ OSVDB-3092: GET /prueba/: This might be interesting...
+ OSVDB-3092: GET /pruebas/: This might be interesting...
+ OSVDB-3092: GET /pub/: This might be interesting...
+ OSVDB-3092: GET /public/: This might be interesting...
+ OSVDB-3092: GET /publica/: This might be interesting...
+ OSVDB-3092: GET /publicar/: This might be interesting...
+ OSVDB-3092: GET /publico/: This might be interesting...
+ OSVDB-3092: GET /purchase/: This might be interesting...
+ OSVDB-3092: GET /purchases/: This might be interesting...
+ OSVDB-3092: GET /pwd.db: This might be interesting...
+ OSVDB-3092: GET /python/: This might be interesting...
+ OSVDB-3092: GET /readme: This might be interesting...
+ OSVDB-3092: GET /README.TXT: This might be interesting...
+ OSVDB-3092: GET /readme.txt: This might be interesting...
+ OSVDB-3092: GET /register/: This might be interesting...
+ OSVDB-3092: GET /registered/: This might be interesting...
+ OSVDB-3092: GET /reports/: This might be interesting...
+ OSVDB-3092: GET /reseller/: This might be interesting...
+ OSVDB-3092: GET /restricted/: This might be interesting...
+ OSVDB-3092: GET /retail/: This might be interesting...
+ OSVDB-3092: GET /reviews/newpro.cgi: This might be interesting...
+ OSVDB-3092: GET /sales/: This might be interesting...
+ OSVDB-3092: GET /sample/: This might be interesting...
+ OSVDB-3092: GET /samples/: This might be interesting...
+ OSVDB-3092: GET /save/: This might be interesting...
+ OSVDB-3092: GET /scr/: This might be interesting...
+ OSVDB-3092: GET /scratch: This might be interesting...
+ OSVDB-3092: GET /scripts/weblog: This might be interesting...
+ OSVDB-3092: GET /search.vts: This might be interesting...
+ OSVDB-3092: GET /search97.vts: This might be interesting...
+ OSVDB-3092: GET /secret/: This might be interesting...
+ OSVDB-3092: GET /sell/: This might be interesting...
+ OSVDB-3092: GET /service/: This might be interesting...
+ OSVDB-3092: GET /servicio/: This might be interesting...
+ OSVDB-3092: GET /servicios/: This might be interesting...
+ OSVDB-3092: GET /setup/: This might be interesting...
+ OSVDB-3092: GET /shop/: This might be interesting...
+ OSVDB-3092: GET /shopper/: This might be interesting...
+ OSVDB-3092: GET /solaris/: This might be interesting...
+ OSVDB-3092: GET /Sources/: This might be interesting... may be YaBB.
+ OSVDB-3092: GET /spwd: This might be interesting...
+ OSVDB-3092: GET /srchadm: This might be interesting...
+ OSVDB-3092: GET /ss.cfg: This might be interesting...
+ OSVDB-3092: GET /staff/: This might be interesting...
+ OSVDB-3092: GET /stat.htm: This might be interesting...
+ OSVDB-3092: GET /stat/: This might be interesting...
+ OSVDB-3092: GET /statistic/: This might be interesting...
+ OSVDB-3092: GET /Statistics/: This might be interesting...
+ OSVDB-3092: GET /statistics/: This might be interesting...
+ OSVDB-3092: GET /stats.htm: This might be interesting...
+ OSVDB-3092: GET /stats.html: This might be interesting...
+ OSVDB-3092: GET /stats.txt: This might be interesting...
+ OSVDB-3092: GET /stats/: This might be interesting...
+ OSVDB-3092: GET /Stats/: This might be interesting...
+ OSVDB-3092: GET /status/: This might be interesting...
+ OSVDB-3092: GET /store/: This might be interesting...
+ OSVDB-3092: GET /StoreDB/: This might be interesting...
+ OSVDB-3092: GET /stylesheet/: This might be interesting...
+ OSVDB-3092: GET /stylesheets/: This might be interesting...
+ OSVDB-3092: GET /subir/: This might be interesting...
+ OSVDB-3092: GET /sun/: This might be interesting...
+ OSVDB-3092: GET /super_stats/access_logs: This might be interesting...
+ OSVDB-3092: GET /super_stats/error_logs: This might be interesting...
+ OSVDB-3092: GET /support/: This might be interesting...
+ OSVDB-3092: GET /swf: This might be interesting... Flash files?
+ OSVDB-3092: GET /sys/: This might be interesting...
+ OSVDB-3092: GET /system/: This might be interesting...
+ OSVDB-3092: GET /tar/: This might be interesting...
+ OSVDB-3092: GET /tarjetas/: This might be interesting...
+ OSVDB-3092: GET /temp/: This might be interesting...
+ OSVDB-3092: GET /template/: This may be interesting as the directory may hold sensitive files or reveal system information.
+ OSVDB-3092: GET /temporal/: This might be interesting...
+ OSVDB-3092: GET /test.htm: This might be interesting...
+ OSVDB-3092: GET /test.html: This might be interesting...
+ OSVDB-3092: GET /test.txt: This might be interesting...
+ OSVDB-3092: GET /test/: This might be interesting...
+ OSVDB-3092: GET /testing/: This might be interesting...
+ OSVDB-3092: GET /tests/: This might be interesting...
+ OSVDB-3092: GET /tmp/: This might be interesting...
+ OSVDB-3092: GET /tools/: This might be interesting...
+ OSVDB-3092: GET /tpv/: This might be interesting...
+ OSVDB-3092: GET /trabajo/: This might be interesting...
+ OSVDB-3092: GET /trafficlog/: This might be interesting...
+ OSVDB-3092: GET /transito/: This might be interesting...
+ OSVDB-3092: GET /tree/: This might be interesting...
+ OSVDB-3092: GET /trees/: This might be interesting...
+ OSVDB-3092: GET /updates/: This might be interesting...
+ OSVDB-3092: GET /user/: This might be interesting...
+ OSVDB-3092: GET /users/: This might be interesting...
+ OSVDB-3092: GET /users/scripts/submit.cgi: This might be interesting...
+ OSVDB-3092: GET /ustats/: This might be interesting...
+ OSVDB-3092: GET /usuario/: This might be interesting...
+ OSVDB-3092: GET /usuarios/: This might be interesting...
+ OSVDB-3092: GET /vfs/: This might be interesting...
+ OSVDB-3092: GET /w3perl/admin: This might be interesting...
+ OSVDB-3092: GET /warez/: This might be interesting...
+ OSVDB-3092: GET /web/: This might be interesting...
+ OSVDB-3092: GET /web800fo/: This might be interesting...
+ OSVDB-3092: GET /webaccess.htm: This might be interesting...
+ OSVDB-3092: GET /webaccess/access-options.txt: This might be interesting...
+ OSVDB-3092: GET /webadmin/: This might be interesting...may be HostingController, www.hostingcontroller.com
+ OSVDB-3092: GET /webboard/: This might be interesting...
+ OSVDB-3092: GET /webcart-lite/: This might be interesting...
+ OSVDB-3092: GET /webcart/: This might be interesting...
+ OSVDB-3092: GET /webdata/: This might be interesting...
+ OSVDB-3092: GET /weblog/: This might be interesting...
+ OSVDB-3092: GET /weblogs/: This might be interesting...
+ OSVDB-3092: GET /webmaster_logs/: This might be interesting...
+ OSVDB-3092: GET /WebShop/: This might be interesting...
+ OSVDB-3092: GET /WebShop/logs/cc.txt: This might be interesting...
+ OSVDB-3092: GET /WebShop/templates/cc.txt: This might be interesting...
+ OSVDB-3092: GET /website/: This might be interesting...
+ OSVDB-3092: GET /webstats/: This might be interesting...
+ OSVDB-3092: GET /WebTrend/: This might be interesting...
+ OSVDB-3092: GET /Web_store/: This might be interesting...
+ OSVDB-3092: GET /windows/: This might be interesting...
+ OSVDB-3092: GET /word/: This might be interesting...
+ OSVDB-3092: GET /work/: This might be interesting...
+ OSVDB-3092: GET /wstats/: This might be interesting...
+ OSVDB-3092: GET /wusage/: This might be interesting...
+ OSVDB-3092: GET /www-sql/: This might be interesting...
+ OSVDB-3092: GET /www/: This might be interesting...
+ OSVDB-3092: GET /wwwboard/wwwboard.cgi: This might be interesting...
+ OSVDB-3092: GET /wwwboard/wwwboard.pl: This might be interesting...
+ OSVDB-3092: GET /wwwjoin/: This might be interesting...
+ OSVDB-3092: GET /wwwlog/: This might be interesting...
+ OSVDB-3092: GET /wwwstats.html: This might be interesting...
+ OSVDB-3092: GET /wwwstats/: This might be interesting...
+ OSVDB-3092: GET /wwwthreads/3tvars.pm: This might be interesting...
+ OSVDB-3092: GET /wwwthreads/w3tvars.pm: This might be interesting...
+ OSVDB-3092: GET /zipfiles/: This might be interesting...
+ OSVDB-13483: GET /adsamples/config/site.csc: Contains SQL username/password
+ OSVDB-3092: GET /advworks/equipment/catalog_type.asp: This might be interesting...
+ OSVDB-3092: GET /carbo.dll: This might be interesting...
+ OSVDB-17670: GET /clocktower/: Site Server sample files.  This might be interesting...
+ OSVDB-17670: GET /market/: Site Server sample files.  This might be interesting.
+ OSVDB-17670: GET /mspress30/: Site Server sample files.  This might be interesting...
+ OSVDB-3092: GET /sam: This might be interesting...
+ OSVDB-3092: GET /sam.bin: This might be interesting...
+ OSVDB-3092: GET /sam._: This might be interesting...
+ OSVDB-3092: GET /samples/search/queryhit.htm: This might be interesting...
+ OSVDB-3092: GET /scripts/counter.exe: This might be interesting...
+ OSVDB-17669: GET /scripts/cphost.dll: cphost.dll may have a DoS and a traversal issue.
+ OSVDB-3092: GET /scripts/fpadmcgi.exe: This might be interesting...
+ OSVDB-3092: GET /scripts/postinfo.asp: This might be interesting...
+ OSVDB-3092: GET /scripts/samples/ctguestb.idc: This might be interesting...
+ OSVDB-3092: GET /scripts/samples/search/webhits.exe: This might be interesting...
+ OSVDB-3092: GET /site/iissamples/: This might be interesting...
+ OSVDB-17670: GET /vc30/: Site Server sample files.  This might be interesting...
+ OSVDB-3092: GET /_mem_bin/: This might be interesting - User Login
+ OSVDB-3092: GET /_mem_bin/FormsLogin.asp: This might be interesting - User Login
+ OSVDB-3092: GET /perl/files.pl: This might be interesting...
+ OSVDB-3092: GET /perl5/files.pl: This might be interesting...
+ OSVDB-3092: GET /scripts/convert.bas: This might be interesting...
+ OSVDB-3092: GET /owa_util%2esignature: Unknown, may be interesting
+ OSVDB-3233: GET /cgi-dos/args.bat: Default FrontPage CGI found.
+ OSVDB-3092: GET /custdata/: This may be COWS (CGI Online Worldweb Shopping), and may be interesting...
+ OSVDB-3092: GET /hostingcontroller/: This might be interesting...probably HostingController, www.hostingcontroller.com
+ OSVDB-3092: GET /data.sql: Database SQL?
+ OSVDB-3092: GET /databases/: Databases? Really??
+ OSVDB-3092: GET /databse.sql: Database SQL?
+ OSVDB-3092: GET /db.sql: Database SQL?
+ OSVDB-3092: GET /img-sys/: Default image directory should not allow directory listing.
+ OSVDB-3092: GET /java-sys/: Default Java directory should not allow directory listing.
+ OSVDB-3092: GET /javadoc/: Documentation...?
+ OSVDB-3092: GET /log/: Ahh...log information...fun!
+ OSVDB-3092: GET /manager/: May be a web server or site manager.
+ OSVDB-3092: GET /manual/: Web server manual found.
+ OSVDB-3092: GET /exchange/: This may be interesting (Outlook exchange OWA server?)...
+ OSVDB-3092: GET /account.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /accounts.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /admin.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /admin4.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /admin5.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /agentrunner.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /alog.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /archive/a_domlog.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /archive/l_domlog.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /a_domlog.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /billing.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /bookmark.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /books.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /busytime.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /calendar.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /certa.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /certlog.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /certsrv.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /chatlog.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /clbusy.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /cldbdir.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /clusta4.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /collect4.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /cpa.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /customerdata.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /da.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /database.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /db.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /dclf.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /DEASAppDesign.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /DEASLog.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /DEASLog01.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /DEASLog02.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /DEASLog03.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /DEASLog04.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /DEASLog05.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /decsadm.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /decsdoc.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /decslog.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /DEESAdmin.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /default.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /dirassist.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /doladmin.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /dols_help.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /domadmin.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /domcfg.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /event.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /events.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /events5.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /group.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /groups.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /help5_admin.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /help5_client.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /help5_designer.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /homepage.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /iNotes/Forms5.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /iNotes/Forms5.nsf/$DefaultNav: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /jotter.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /kbccv11.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /kbnv11.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /kbssvv11.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /lcon.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /ldap.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /leiadm.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /leilog.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /leivlt.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /log4a.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /lsxlc.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /l_domlog.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /mab.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /mail/adminisist.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /mail1.box: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /mail10.box: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /mail2.box: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /mail3.box: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /mail4.box: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /mail5.box: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /mail6.box: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /mail7.box: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /mail8.box: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /mail9.box: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /mailw46.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /msdwda.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /mtatbls.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /mtdata/mtstore.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /mtstore.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /nntp/nd000000.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /nntp/nd000001.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /nntp/nd000002.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /nntp/nd000003.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /nntp/nd000004.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /nntppost.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /notes.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /ntsync4.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /ntsync45.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /perweb.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /private.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /public.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /qpadmin.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /quickplace/quickplace/main.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /quickstart/qstart50.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /quickstart/wwsample.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /readme.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /reports.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /sample/faqw46: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /sample/framew46: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /sample/pagesw46: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /sample/siregw46: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /sample/site1w4646: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /sample/site2w4646: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /sample/site3w4646: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /schema50.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /secret.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /setupweb.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /smbcfg.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /smconf.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /smency.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /smmsg.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /smquar.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /smsolar.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /smtime.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /smtp.box: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /smtp.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /smtpibwq.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /smtpobwq.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /smtptbls.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /smvlog.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /software.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /srvnam.htm: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /statmail.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /stauths.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /stautht.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /stconf.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /stconfig.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /stdnaset.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /stdomino.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /stlog.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /streg.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /stsrc.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /test.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /today.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /userreg.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /users.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /vpuserinfo.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /web.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /webuser.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /welcome.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /wksinst.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3093: GET /finance.xls: Finance spreadsheet?
+ OSVDB-3093: GET /finances.xls: Finance spreadsheet?
+ OSVDB-3093: GET /abonnement.asp: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /acartpath/signin.asp?|-|0|404_Object_Not_Found: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /add_acl: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /admin/cfg/configscreen.inc.php+: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /admin/cfg/configsite.inc.php+: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /admin/cfg/configsql.inc.php+: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /admin/cfg/configtache.inc.php+: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /admin/exec.php3: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /admin/modules/cache.php+: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /admin/objects.inc.php4: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /admin/settings.inc.php+: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /adv/gm001-mc/: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /approval/ts_app.htm: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /archive.asp: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /archive_forum.asp: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /bandwidth/index.cgi: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /basilix.php3: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /bin/common/user_update_passwd.pl: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /biztalktracking/RawCustomSearchField.asp?|-|0|404_Object_Not_Found: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /biztalktracking/rawdocdata.asp?|-|0|404_Object_Not_Found: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /board/philboard_admin.asp+: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /bugtest+/+: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /ccbill/whereami.cgi: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /communique.asp: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /config/html/cnf_gi.htm: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /cp/rac/nsManager.cgi: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /csPassword.cgi?command=remove%20: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /Data/settings.xml+: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /database/metacart.mdb+: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /dbabble: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /docs/NED: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /do_map: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /do_subscribe: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /emumail.cgi?type=.%00: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /etc/shadow+: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /ez2000/ezadmin.cgi: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /ez2000/ezboard.cgi: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /ez2000/ezman.cgi: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /filemanager/index.php3: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /foro/YaBB.pl: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /forum_arc.asp?n=268: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /forum_professionnel.asp?n=100: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /functions.inc.php+: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-10447: GET /get_od_toc.pl?Profile=: WebTrends get_od_toc.pl may be vulnerable to a path disclosure error if this file is reloaded multiple times.
+ OSVDB-3093: GET /globals.php3: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /globals.pl: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-6656: GET /Gozila.cgi: Linksys BEF Series routers are vulnerable to multiple DoS attacks in Gozila.cgi.
+ OSVDB-3093: GET /homebet/homebet.dll?form=menu&amp;option=menu-signin: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /idealbb/error.asp?|-|0|404_Object_Not_Found: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /iisprotect/admin/SiteAdmin.ASP?|-|0|404_Object_Not_Found: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /includes/footer.php3: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /includes/header.php3: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /infos/contact/index.asp: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /infos/faq/index.asp: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /infos/gen/index.asp: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /infos/services/index.asp: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /instaboard/index.cfm: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /invitefriends.php3: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /jsptest.jsp+: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /ldap.search.php3?ldap_serv=nonsense%20: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /login.php3?reason=chpass2%20: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /mail/include.html: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /mail/settings.html: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /manage/login.asp+: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /members/ID.pm: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /members/ID.xbb: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /modules/Downloads/voteinclude.php+: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /modules/WebChat/in.php+: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /modules/Your_Account/navbar.php+: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /moregroupware/modules/webmail2/inc/: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /msadc/Samples/SELECTOR/showcode.asp?|-|0|404_Object_Not_Found: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /myguestBk/add1.asp?|-|0|404_Object_Not_Found: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /myguestBk/admin/delEnt.asp?id=NEWSNUMBER|-|0|404_Object_Not_Found: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /myguestBk/admin/index.asp?|-|0|404_Object_Not_Found: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /netget?sid=Safety&amp;msg=2002&amp;file=Safety: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /OpenTopic: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /options.inc.php+: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /parse_xml.cgi: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /php/php4ts.dll: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /pks/lookup: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /poppassd.php3+: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /produccart/pdacmin/login.asp?|-|0|404_Object_Not_Found: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /productcart/database/EIPC.mdb: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /productcart/pc/Custva.asp?|-|0|404_Object_Not_Found: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /ProductCart/pc/msg.asp?|-|0|404_Object_Not_Found: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /protected/: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /protected/secret.html+: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /pt_config.inc: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /quikmail/nph-emumail.cgi?type=../%00: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /scripts/tradecli.dll: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /scripts/tradecli.dll?template=nonexistfile?template=..\..\..\..\..\winnt\system32\cmd.exe?/c+dir: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /security/web_access.html: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /servers/link.cgi: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /shop/php_files/site.config.php+: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /Site/biztalkhttpreceive.dll: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /site_searcher.cgi: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /spelling.php3+: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /status.php3: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /sw000.asp?|-|0|404_Object_Not_Found: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /syslog.htm?%20: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /technote/print.cgi: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /texis/websearch/phine: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /uifc/MultFileUploadHandler.php+: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /url.jsp: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /useraction.php3: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /utils/sprc.asp+: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /vars.inc+: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /web_app/WEB-INF/webapp.properties: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /ows-bin/oaskill.exe?abcde.exe: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /ows-bin/oasnetconf.exe?-l%20-s%20BlahBlah: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /database/: Databases? Really??
+ OSVDB-3093: GET /.wwwacl: Contains authorization information
+ OSVDB-3093: GET /.www_acl: Contains authorization information
+ OSVDB-3093: GET /.htpasswd: Contains authorization information
+ OSVDB-3093: GET /.access: Contains authorization information
+ OSVDB-3093: GET /.addressbook: PINE addressbook, may store sensitive e-mail address contact information and notes
+ OSVDB-3093: GET /.bashrc: User home dir was found with a shell rc file. This may reveal file and path information.
+ OSVDB-3093: GET /.bash_history: A user's home directory may be set to the web root, the shell history was retrieved. This should not be accessible via the web.
+ OSVDB-3093: GET /.forward: User home dir was found with a mail forward file. May reveal where the user's mail is being forwarded to.
+ OSVDB-3093: GET /.history: A user's home directory may be set to the web root, the shell history was retrieved. This should not be accessible via the web.
+ OSVDB-3093: GET /.htaccess: Contains configuration and/or authorization information
+ OSVDB-3093: GET /.lynx_cookies: User home dir found with LYNX cookie file. May reveal cookies received from arbitrary web sites.
+ OSVDB-3093: GET /.mysql_history: Database SQL?
+ OSVDB-3093: GET /.passwd: Contains authorization information
+ OSVDB-3093: GET /.pinerc: User home dir found with a PINE rc file. May reveal system information, directories and more.
+ OSVDB-3093: GET /.plan: User home dir with a .plan, a now mostly outdated file for delivering information via the finger protocol 
+ OSVDB-3093: GET /.proclog: User home dir with a Procmail log file. May reveal user mail traffic, directories and more.
+ OSVDB-3093: GET /.procmailrc: User home dir with a Procmail rc file. May reveal subdirectories, mail contacts and more.
+ OSVDB-3093: GET /.profile: User home dir with a shell profile was found. May reveal directory information and system configuration.
+ OSVDB-3093: GET /.rhosts: A user's home directory may be set to the web root, a .rhosts file was retrieved. This should not be accessible via the web.
+ OSVDB-3093: GET /.sh_history: A user's home directory may be set to the web root, the shell history was retrieved. This should not be accessible via the web.
+ OSVDB-3093: GET /.ssh: A user's home directory may be set to the web root, an ssh file was retrieved. This should not be accessible via the web.
+ OSVDB-3093: GET /.ssh/authorized_keys: A user's home directory may be set to the web root, an ssh file was retrieved. This should not be accessible via the web.
+ OSVDB-3093: GET /.ssh/known_hosts: A user's home directory may be set to the web root, an ssh file was retrieved. This should not be accessible via the web.
+ OSVDB-3233: GET /_vti_bin/shtml.exe/_vti_rpc: FrontPage may be installed.
+ OSVDB-3233: GET /jservdocs/: Default Apache JServ docs should be removed.
+ OSVDB-3233: GET /tomcat-docs/index.html: Default Apache Tomcat documentation found.
+ OSVDB-3233: GET /akopia/: Akopia is installed.
+ OSVDB-3233: GET /ojspdemos/basic/hellouser/hellouser.jsp: Oracle 9i default JSP page found, may be vulnerable to XSS in any field.
+ OSVDB-3233: GET /ojspdemos/basic/simple/usebean.jsp: Oracle 9i default JSP page found, may be vulnerable to XSS in any field.
+ OSVDB-3233: GET /ojspdemos/basic/simple/welcomeuser.jsp: Oracle 9i default JSP page found, may be vulnerable to XSS in any field.
+ OSVDB-3233: GET /servlet/Counter: JRun default servlet found. All default code should be removed from servers.
+ OSVDB-3233: GET /servlet/DateServlet: JRun default servlet found. All default code should be removed from servers.
+ OSVDB-3233: GET /servlet/FingerServlet: JRun default servlet found. All default code should be removed from servers.
+ OSVDB-3233: GET /servlet/HelloWorldServlet: JRun default servlet found. All default code should be removed from servers.
+ OSVDB-3233: GET /servlet/SessionServlet: JRun or Netware WebSphere default servlet found. All default code should be removed from servers.
+ OSVDB-3233: GET /servlet/SimpleServlet: JRun default servlet found (possibly Websphere). All default code should be removed from servers.
+ OSVDB-3233: GET /servlet/SnoopServlet: JRun, Netware Java Servlet Gateway, or WebSphere default servlet found. All default code should be removed from servers.
+ OSVDB-3233: GET /admcgi/contents.htm: Default FrontPage CGI found.
+ OSVDB-3233: GET /admcgi/scripts/Fpadmcgi.exe: Default FrontPage CGI found.
+ OSVDB-3233: GET /admisapi/fpadmin.htm: Default FrontPage file found.
+ OSVDB-3233: GET /bin/admin.pl: Default FrontPage CGI found.
+ OSVDB-3233: GET /bin/cfgwiz.exe: Default FrontPage CGI found.
+ OSVDB-3233: GET /bin/CGImail.exe: Default FrontPage CGI found.
+ OSVDB-3233: GET /bin/contents.htm: Default FrontPage CGI found.
+ OSVDB-3233: GET /bin/fpadmin.htm: Default FrontPage CGI found.
+ OSVDB-3233: GET /bin/fpremadm.exe: Default FrontPage CGI found.
+ OSVDB-3233: GET /bin/fpsrvadm.exe: Default FrontPage CGI found.
+ OSVDB-3233: GET /cgi-bin/admin.pl: Default FrontPage CGI found.
+ OSVDB-3233: GET /cgi-bin/cfgwiz.exe: Default FrontPage CGI found.
+ OSVDB-3233: GET /cgi-bin/CGImail.exe: Default FrontPage CGI found.
+ OSVDB-3233: GET /cgi-bin/contents.htm: Default FrontPage CGI found.
+ OSVDB-3233: GET /cgi-bin/fpadmin.htm: Default FrontPage CGI found.
+ OSVDB-3233: GET /cgi-bin/fpremadm.exe: Default FrontPage CGI found.
+ OSVDB-3233: GET /cgi-bin/fpsrvadm.exe: Default FrontPage CGI found.
+ OSVDB-3233: GET /scripts/admin.pl: Default FrontPage CGI found.
+ OSVDB-3233: GET /scripts/cfgwiz.exe: Default FrontPage CGI found.
+ OSVDB-3233: GET /scripts/CGImail.exe: Default FrontPage CGI found.
+ OSVDB-3233: GET /scripts/contents.htm: Default FrontPage CGI found.
+ OSVDB-3233: GET /scripts/fpadmin.htm: Default FrontPage CGI found.
+ OSVDB-3233: GET /scripts/fpcount.exe: Default FrontPage CGI found.
+ OSVDB-3233: GET /scripts/fpremadm.exe: Default FrontPage CGI found.
+ OSVDB-3233: GET /scripts/fpsrvadm.exe: Default FrontPage CGI found.
+ OSVDB-3233: GET /_private/: FrontPage directory found.
+ OSVDB-3233: GET /_private/orders.htm: Default FrontPage file found.
+ OSVDB-3233: GET /_private/orders.txt: Default FrontPage file found.
+ OSVDB-3233: GET /_private/register.htm: Default FrontPage file found.
+ OSVDB-3233: GET /_private/register.txt: Default FrontPage file found.
+ OSVDB-3233: GET /_private/registrations.txt: Default FrontPage file found.
+ OSVDB-3233: GET /_private/_vti_cnf/: FrontPage directory found.
+ OSVDB-3233: GET /_vti_bin/: FrontPage directory found.
+ OSVDB-3233: GET /_vti_bin/admin.pl: Default FrontPage CGI found.
+ OSVDB-3233: GET /_vti_bin/cfgwiz.exe: Default FrontPage CGI found.
+ OSVDB-3233: GET /_vti_bin/CGImail.exe: Default FrontPage CGI found.
+ OSVDB-3233: GET /_vti_bin/contents.htm: Default FrontPage CGI found.
+ OSVDB-3233: GET /_vti_bin/fpadmin.htm: Default FrontPage CGI found.
+ OSVDB-3233: GET /_vti_bin/fpremadm.exe: Default FrontPage CGI found.
+ OSVDB-3233: GET /_vti_bin/fpsrvadm.exe: Default FrontPage CGI found.
+ OSVDB-3233: GET /_vti_bin/_vti_cnf/: FrontPage directory found.
+ OSVDB-3233: GET /_vti_cnf/_vti_cnf/: FrontPage directory found.
+ OSVDB-3233: GET /_vti_log/_vti_cnf/: FrontPage directory found.
+ OSVDB-3233: GET /_vti_pvt/administrators.pwd: Default FrontPage file found, may be a password file.
+ OSVDB-3233: GET /_vti_pvt/authors.pwd: Default FrontPage file found, may be a password file.
+ OSVDB-3233: GET /_vti_pvt/service.pwd: Default FrontPage file found, may be a password file.
+ OSVDB-3233: GET /_vti_pvt/users.pwd: Default FrontPage file found, may be a password file.
+ OSVDB-3233: GET /help/contents.htm: Default Netscape manual found. All default pages should be removed.
+ OSVDB-3233: GET /help/home.html: Default Netscape manual found. All default pages should be removed.
+ OSVDB-3233: GET /manual/ag/esperfrm.htm: Default Netscape manual found. All default pages should be removed.
+ OSVDB-3233: GET /nethome/: Netscape Enterprise Server default doc/manual directory. Reveals server path at bottom of page.
+ OSVDB-3233: GET /com/novell/gwmonitor/help/en/default.htm: Netware gateway monitor access documentation found. All default documentation should be removed from web servers.
+ OSVDB-3233: GET /com/novell/webaccess/help/en/default.htm: Netware web access documentation found. All default documentation should be removed from web servers.
+ OSVDB-3233: GET /com/novell/webpublisher/help/en/default.htm: Netware web publisher documentation found. All default documentation should be removed from web servers.
+ OSVDB-3233: GET /servlet/AdminServlet: Netware Web Search Server (adminservlet) found. All default code should be removed from web servers.
+ OSVDB-3233: GET /servlet/gwmonitor: Netware Gateway monitor found. All default code should be removed from web servers.
+ OSVDB-3233: GET /servlet/PrintServlet: Novell Netware default servlet found. All default code should be removed from the system.
+ OSVDB-3233: GET /servlet/SearchServlet: Novell Netware default servlet found. All default code should be removed from the system.
+ OSVDB-3233: GET /servlet/ServletManager: Netware Java Servlet Gateway found. Default user ID is servlet, default password is manager. All default code should be removed from Internet servers.
+ OSVDB-3233: GET /servlet/sq1cdsn: Novell Netware default servlet found. All default code should be removed from the system.
+ OSVDB-3233: GET /servlet/sqlcdsn: Netware SQL connector found. All default code should be removed from web servers.
+ OSVDB-3233: GET /servlet/webacc: Netware Enterprise and/or GroupWise web access found. All default code should be removed from Internet servers.
+ OSVDB-3233: GET /servlet/webpub: Netware Web Publisher found. All default code should be removed from web servers.
+ OSVDB-3233: GET /WebSphereSamples: Netware Webshere sample applications found. All default code should be removed from web servers.
+ OSVDB-3233: GET /doc/domguide.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /doc/dspug.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /doc/help4.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /doc/helpadmin.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /doc/helplt4.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /doc/internet.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /doc/javapg.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /doc/lccon.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /doc/migrate.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /doc/npn_admn.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /doc/npn_rn.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /doc/readmec.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /doc/readmes.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /doc/smhelp.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /doc/srvinst.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /domguide.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /dspug.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /help/domguide.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /help/dspug.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /help/help4.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /help/helpadmin.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /help/helplt4.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /help/internet.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /help/javapg.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /help/lccon.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /help/migrate.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /help/npn_admn.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /help/npn_rn.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /help/readmec.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /help/readmes.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /help/smhelp.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /help/srvinst.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /help4.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /helpadmin.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /helplt4.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /internet.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /javapg.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /lccon.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /migrate.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /npn_admn.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /npn_rn.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /readmec.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /readmes.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /smhelp.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /srvinst.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: GET /index.html.ca: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
+ OSVDB-3233: GET /index.html.cz.iso8859-2: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
+ OSVDB-3233: GET /index.html.de: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
+ OSVDB-3233: GET /index.html.dk: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
+ OSVDB-3233: GET /index.html.ee: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
+ OSVDB-3233: GET /index.html.el: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
+ OSVDB-3233: GET /index.html.en: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
+ OSVDB-3233: GET /index.html.es: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
+ OSVDB-3233: GET /index.html.et: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
+ OSVDB-3233: GET /index.html.fr: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
+ OSVDB-3233: GET /index.html.he.iso8859-8: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
+ OSVDB-3233: GET /index.html.hr.iso8859-2: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
+ OSVDB-3233: GET /index.html.it: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
+ OSVDB-3233: GET /index.html.ja.iso2022-jp: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
+ OSVDB-3233: GET /index.html.kr.iso2022-kr: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
+ OSVDB-3233: GET /index.html.ltz.utf8: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
+ OSVDB-3233: GET /index.html.lu.utf8: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
+ OSVDB-3233: GET /index.html.nl: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
+ OSVDB-3233: GET /index.html.nn: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
+ OSVDB-3233: GET /index.html.no: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
+ OSVDB-3233: GET /index.html.po.iso8859-2: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
+ OSVDB-3233: GET /index.html.pt: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
+ OSVDB-3233: GET /index.html.pt-br: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
+ OSVDB-3233: GET /index.html.ru.cp-1251: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
+ OSVDB-3233: GET /index.html.ru.cp866: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
+ OSVDB-3233: GET /index.html.ru.iso-ru: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
+ OSVDB-3233: GET /index.html.ru.koi8-r: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
+ OSVDB-3233: GET /index.html.ru.utf8: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
+ OSVDB-3233: GET /index.html.se: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
+ OSVDB-3233: GET /index.html.tw: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
+ OSVDB-3233: GET /index.html.tw.Big5: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
+ OSVDB-3233: GET /index.html.var: Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.
+ OSVDB-3233: GET /iissamples/sdk/asp/docs/codebrw2.asp: This is a default IIS script/file that should be removed. CVE-1999-0739. MS99-013.
+ OSVDB-3233: GET /iissamples/sdk/asp/docs/codebrws.asp: This is a default IIS script/file that should be removed. CVE-1999-0739. MS99-013.
+ OSVDB-3233: GET /iissamples/sdk/asp/docs/Winmsdp.exe: This is a default IIS script/file that should be removed. CVE-1999-0738. MS99-013.
+ OSVDB-3233: GET /a/: May be Kebi Web Mail administration menu.
+ OSVDB-3233: GET /basilix/: BasiliX webmail application. Default mysql database name is 'BASILIX' with password 'bsxpass'
+ OSVDB-3233: GET /interchange/: Interchange chat is installed. Look for a high-numbered port like 20xx to find it running.
+ OSVDB-3284: GET /iissamples/sdk/asp/docs/Winmsdp.exe?Source=/IISSAMPLES/%c0%ae%c0%ae/default.asp: IIS may be vulnerable to source code viewing via the example Winmsdp.exe file. Remove all default files from the web root. CVE-1999-0738. MS99-013.
+ OSVDB-3286: GET /conspass.chl+: Abyss allows hidden/protected files to be served if a + is added to the request. CVE-2002-1081
+ OSVDB-3286: GET /consport.chl+: Abyss allows hidden/protected files to be served if a + is added to the request. CVE-2002-1081
+ OSVDB-3286: GET /general.chl+: Abyss allows hidden/protected files to be served if a + is added to the request. CVE-2002-1081
+ OSVDB-3286: GET /srvstatus.chl+: Abyss allows hidden/protected files to be served if a + is added to the request. CVE-2002-1081
+ OSVDB-3396: GET /mlog.html: Remote file read vulnerability 1999-0068
+ OSVDB-3396: GET /mlog.phtml: Remote file read vulnerability 1999-0068
+ OSVDB-3396: GET /php/mlog.html: Remote file read vulnerability 1999-0346
+ OSVDB-3396: GET /php/mlog.phtml: Remote file read vulnerability 1999-0346
+ OSVDB-3411: GET /soapConfig.xml: Oracle 9iAS configuration file found - see bugtraq #4290.
+ OSVDB-3423: GET /XSQLConfig.xml: Oracle 9iAS configuration file found - see bugtraq #4290.
+ OSVDB-3489: GET /surf/scwebusers: SurfControl SuperScout Web Reports Server user and password file is available. CVE-2002-0705.
+ OSVDB-3501: GET /_private/form_results.htm: This file may contain information submitted by other web users via forms. CVE-1999-1052.
+ OSVDB-3501: GET /_private/form_results.html: This file may contain information submitted by other web users via forms. CVE-1999-1052.
+ OSVDB-3501: GET /_private/form_results.txt: This file may contain information submitted by other web users via forms. CVE-1999-1052.
+ OSVDB-3512: GET /scripts/tools/getdrvrs.exe: MS Jet database engine can be used to make DSNs, useful with an ODBC exploit and the RDS exploit (with msadcs.dll) which mail allow command execution. RFP9901 (http://www.wiretrip.net/rfp/p/doc.asp/i2/d3.htm).
+ OSVDB-379: GET /site/eg/source.asp: This ASP (installed with Apache::ASP) allows attackers to upload files to the server. Upgrade to 1.95 or higher. CVE-2000-0628.
+ OSVDB-4: GET /iissamples/exair/search/advsearch.asp: Scripts within the Exair package on IIS 4 can be used for a DoS against the server. CVE-1999-0449. BID-193.
+ OSVDB-4013: GET /isqlplus: Oracle iSQL*Plus is installed. This may be vulnerable to a buffer overflow in the user ID field. http://www.ngssoftware.com/advisories/ora-isqlplus.txt
+ OSVDB-4161: GET /data/member_log.txt: Teekai's forum full 1.2 member's log can be retrieved remotely.
+ OSVDB-4161: GET /data/userlog/log.txt: Teekai's Tracking Online 1.0 log can be retrieved remotely.
+ OSVDB-4171: GET /ASP/cart/database/metacart.mdb: MetaCart2 is an ASP shopping cart. The database of customers is available via the web.
+ OSVDB-4171: GET /database/metacart.mdb: MetaCart2 is an ASP shopping cart. The database of customers is available via the web.
+ OSVDB-4171: GET /mcartfree/database/metacart.mdb: MetaCart2 is an ASP shopping cart. The database of customers is available via the web.
+ OSVDB-4171: GET /metacart/database/metacart.mdb: MetaCart2 is an ASP shopping cart. The database of customers is available via the web.
+ OSVDB-4171: GET /shop/database/metacart.mdb: MetaCart2 is an ASP shopping cart. The database of customers is available via the web.
+ OSVDB-4171: GET /shoponline/fpdb/shop.mdb: MetaCart2 is an ASP shopping cart. The database of customers is available via the web.
+ OSVDB-4171: GET /shopping/database/metacart.mdb: MetaCart2 is an ASP shopping cart. The database of customers is available via the web.
+ OSVDB-4237: GET /ban.bak: Bannermatic versions 1-3 reveal sensitive information from unprotected files. These files should be protected.
+ OSVDB-4237: GET /ban.dat: Bannermatic versions 1-3 reveal sensitive information from unprotected files. These files should be protected.
+ OSVDB-4237: GET /ban.log: Bannermatic versions 1-3 reveal sensitive information from unprotected files. These files should be protected.
+ OSVDB-4237: GET /banmat.pwd: Bannermatic versions 1-3 reveal sensitive information from unprotected files. These files should be protected.
+ OSVDB-4238: GET /admin/adminproc.asp: Xpede administration page may be available. The /admin directory should be protected.
+ OSVDB-4239: GET /admin/datasource.asp: Xpede page reveals SQL account name. The /admin directory should be protected.
+ OSVDB-4240: GET /utils/sprc.asp: Xpede page may allow SQL injection.
+ OSVDB-4314: GET /texis.exe/?-dump: Texis installation may reveal sensitive information.
+ OSVDB-4314: GET /texis.exe/?-version: Texis installation may reveal sensitive information.
+ OSVDB-4360: GET /acart2_0/acart2_0.mdb: Alan Ward A-Cart 2.0 allows remote user to read customer database file which may contain usernames, passwords, credit cards and more.
+ OSVDB-4361: GET /acart2_0/admin/category.asp: Alan Ward A-Cart 2.0 is vulnerable to an XSS attack which may cause the administrator to delete database information.
+ OSVDB-474: GET /Sites/Knowledge/Membership/Inspired/ViewCode.asp: The default ViewCode.asp can allow an attacker to read any file on the machine. CVE-1999-0737. MS99-013.
+ OSVDB-474: GET /Sites/Knowledge/Membership/Inspiredtutorial/ViewCode.asp: The default ViewCode.asp can allow an attacker to read any file on the machine. CVE-1999-0737. MS99-013.
+ OSVDB-474: GET /Sites/Samples/Knowledge/Membership/Inspired/ViewCode.asp: The default ViewCode.asp can allow an attacker to read any file on the machine. CVE-1999-0737. MS99-013.
+ OSVDB-474: GET /Sites/Samples/Knowledge/Membership/Inspiredtutorial/ViewCode.asp: The default ViewCode.asp can allow an attacker to read any file on the machine. CVE-1999-0737. MS99-013.
+ OSVDB-474: GET /Sites/Samples/Knowledge/Push/ViewCode.asp: The default ViewCode.asp can allow an attacker to read any file on the machine. CVE-1999-0737. MS99-013.
+ OSVDB-474: GET /Sites/Samples/Knowledge/Search/ViewCode.asp: The default ViewCode.asp can allow an attacker to read any file on the machine. CVE-1999-0737. MS99-013.
+ OSVDB-474: GET /SiteServer/Publishing/ViewCode.asp: The default ViewCode.asp can allow an attacker to read any file on the machine. CVE-1999-0737. MS99-013.
+ OSVDB-17671: GET /siteserver/publishing/viewcode.asp?source=/default.asp: May be able to view source code using Site Server vulnerability.
+ OSVDB-4908: GET /securelogin/1,2345,A,00.html: Vignette Story Server v4.1, 6, may disclose sensitive information via a buffer overflow.
+ OSVDB-5092: GET /config.inc: DotBr 0.1 configuration file includes usernames and passwords.
+ OSVDB-5095: GET /sysuser/docmgr/ieedit.stm?url=../: Sambar default file may allow directory listings.
+ OSVDB-5096: GET /sysuser/docmgr/iecreate.stm?template=../: Sambar default file may allow directory listings.
+ OSVDB-539: GET /catinfo: May be vulnerable to a buffer overflow. Request '/catinfo?' and add on 2048 of garbage to test.
+ OSVDB-5407: GET /soap/servlet/soaprouter: Oracle 9iAS SOAP components allow anonymous users to deploy applications by default.
+ OSVDB-5523: GET /MWS/HandleSearch.html?searchTarget=test&B1=Submit: MyWebServer 1.0.2 may be vulnerable to a buffer overflow (untested). Upgrade to a later version if 990b of searched data crashes the server.
+ OSVDB-562: GET /server-info: This gives a lot of Apache information. Comment out appropriate line in httpd.conf or restrict access to allowed hosts.
+ OSVDB-5709: GET /.nsconfig: Contains authorization information
+ OSVDB-596: GET /dc/auth_data/auth_user_file.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
+ OSVDB-596: GET /dc/orders/orders.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
+ OSVDB-596: GET /dcshop/auth_data/auth_user_file.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
+ OSVDB-596: GET /dcshop/orders/orders.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
+ OSVDB-6666: GET /cgi-bin/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools GoAhead WebServer hpnst.exe may be vulnerable to a DoS.
+ OSVDB-6670: GET /applist.asp: Citrix server may allow remote users to view applications installed without authenticating.
+ OSVDB-6671: GET /launch.asp?NFuse_Application=LookOut&NFuse_MIMEExtension=.ica: Citrix server may reveal sensitive information by accessing the 'advanced' tab on hte login screen.
+ OSVDB-6672: GET /_layouts/alllibs.htm: Microsoft SharePoint Portal and Team Services vulnerable to NT or NTLM authentication bypass on Win2000 SP4 using IE 6.x. Bugtraq 03-11-19 post by [email protected]
+ OSVDB-6672: GET /_layouts/settings.htm: Microsoft SharePoint Portal and Team Services vulnerable to NT or NTLM authentication bypass on Win2000 SP4 using IE 6.x. Bugtraq 03-11-19 post by [email protected]
+ OSVDB-6672: GET /_layouts/userinfo.htm: Microsoft SharePoint Portal and Team Services vulnerable to NT or NTLM authentication bypass on Win2000 SP4 using IE 6.x. Bugtraq 03-11-19 post by [email protected]
+ OSVDB-670: GET /stronghold-info: Redhat Stronghold from versions 2.3 up to 3.0 discloses sensitive information. This gives information on configuration. CVE-2001-0868.
+ OSVDB-670: GET /stronghold-status: Redhat Stronghold from versions 2.3 up to 3.0 discloses sensitive information. CVE-2001-0868.
+ OSVDB-7: GET /iissamples/exair/howitworks/Code.asp: Scripts within the Exair package on IIS 4 can be used for a DoS against the server. CVE-1999-0449. BID-193.
+ OSVDB-7: GET /iissamples/exair/howitworks/Codebrw1.asp: This is a default IIS script/file which should be  removed, it may allow a DoS against the server. CVE-1999-0738. MS99-013. CVE-1999-0449. BID-193.
+ OSVDB-707: GET /globals.jsa: Oracle globals.jsa file
+ OSVDB-721: GET /..%252f..%252f..%252f..%252f..%252f../windows/repair/sam: BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information.
+ OSVDB-721: GET /..%252f..%252f..%252f..%252f..%252f../winnt/repair/sam: BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information.
+ OSVDB-721: GET /..%252f..%252f..%252f..%252f..%252f../winnt/repair/sam._: BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information.
+ OSVDB-721: GET /..%255c..%255c..%255c..%255c..%255c../windows/repair/sam: BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information.
+ OSVDB-721: GET /..%255c..%255c..%255c..%255c..%255c../winnt/repair/sam: BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information.
+ OSVDB-721: GET /..%255c..%255c..%255c..%255c..%255c../winnt/repair/sam._: BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information.
+ OSVDB-789: GET /iissamples/sdk/asp/docs/CodeBrws.asp?Source=/IISSAMPLES/%c0%ae%c0%ae/default.asp: IIS may be vulnerable to source code viewing via the example CodeBrws.asp file. Remove all default files from the web root. CVE-1999-0739. MS99-013.
+ OSVDB-3092: GET /README: README file found.
+ OSVDB-3233: GET /j2ee/: j2ee directory found--possibly an Oracle app server directory.
+ OSVDB-3233: GET /WebCacheDemo.html: Oracle WebCache Demo
+ OSVDB-32333: GET /webcache/: Oracle WebCache Demo
+ OSVDB-3233: GET /webcache/webcache.xml: Oracle WebCache Demo
+ OSVDB-3233: GET /bmp/: SQLJ Demo Application
+ OSVDB-3233: GET /bmp/global-web-application.xml: SQLJ Demo Application
+ OSVDB-3233: GET /bmp/JSPClient.java: SQLJ Demo Application
+ OSVDB-3233: GET /bmp/mime.types: SQLJ Demo Application
+ OSVDB-3233: GET /bmp/README.txt: SQLJ Demo Application
+ OSVDB-3233: GET /bmp/sqljdemo.jsp: SQLJ Demo Application
+ OSVDB-3233: GET /bmp/setconn.jsp: SQLJ Demo Application
+ OSVDB-3233: GET /ptg_upgrade_pkg.log: Oracle log files.
+ OSVDB-3233: GET /OA_HTML/oam/weboam.log: Oracle log files.
+ OSVDB-3233: GET /webapp/admin/_pages/_bc4jadmin/: Oracle JSP files
+ OSVDB-3233: GET /_pages/_webapp/_admin/_showpooldetails.java: Oracle JSP files
+ OSVDB-3233: GET /_pages/_webapp/_admin/_showjavartdetails.java: Oracle JSP file
+ OSVDB-3233: GET /_pages/_demo/: Oracle JSP file
+ OSVDB-3233: GET /_pages/_webapp/_jsp/: Oracle JSP file.
+ OSVDB-3233: GET /_pages/_demo/_sql/: Oracle JSP file.
+ OSVDB-3233: GET /OA_HTML/_pages/: Oracle JSP file.
+ OSVDB-3233: GET /OA_HTML/webtools/doc/index.html: Cabo DHTML Components Help Page
+ OSVDB-18114: GET /reports/rwservlet?server=repserv+report=/tmp/hacker.rdf+destype=cache+desformat=PDF:  Oracle Reports rwservlet report Variable Arbitrary Report Executable Execution
+ OSVDB-3233: GET /apex/: Oracle Application Express login screen.
+ OSVDB-3233: GET /OA_JAVA/: Oracle Applications Portal Page
+ OSVDB-3233: GET /OA_HTML/: Oracle Applications Portal Page
+ OSVDB-3233: GET /aplogon.html: Oracle Applications Portal Page
+ OSVDB-3233: GET /appdet.html: Oracle Applications Portal Pages
+ OSVDB-3233: GET /servlets/weboam/oam/oamLogin: Oracle Application Manager
+ OSVDB-3233: GET /OA_HTML/PTB/mwa_readme.htm: Oracle Mobile Applications Industrial Server administration and configuration inerface
+ OSVDB-3233: GET /reports/rwservlet: Oracle Reports
+ OSVDB-3233: GET /reports/rwservlet/showenv: Oracle Reports
+ OSVDB-3233: GET /reports/rwservlet/showmap: Oracle Reports
+ OSVDB-3233: GET /reports/rwservlet/showjobs: Oracle Reports
+ OSVDB-3233: GET /reports/rwservlet/getjobid7?server=myrep: Oracle Reports
+ OSVDB-3233: GET /reports/rwservlet/getjobid4?server=myrep: Oracle Reports
+ OSVDB-3233: GET /reports/rwservlet/showmap?server=myserver: Oracle Reports
+ OSVDB-3093: GET /pls/portal/owa_util.cellsprint?p_theQuery=select: Direct access to Oracle packages could have an unkown impact.
+ OSVDB-3093: GET /pls/portal/owa_util.listprint?p_theQuery=select: Access to Oracle pages could have an unknown impact.
+ OSVDB-3093: GET /pls/portal/owa_util.show_query_columns?ctable=sys.dba_users: Access to Oracle pages could have an unknown impact.
+ OSVDB-3093: GET /pls/portal/owa_util.showsource?cname=owa_util: Access to Oracle pages could have an unknown impact.
+ OSVDB-3093: GET /pls/portal/owa_util.cellsprint?p_theQuery=select+*+from+sys.dba_users: Access to Oracle pages could have an unknown impact.					
+ OSVDB-3093: GET /pls/portal/owa_util.signature: Access to Oracle pages could have an unknown impact.					
+ OSVDB-3093: GET /pls/portal/HTP.PRINT: Access to Oracle pages could have an unknown impact.					
+ OSVDB-3093: GET /pls/portal/CXTSYS.DRILOAD.VALIDATE_STMT: Access to Oracle pages could have an unknown impact.					
+ OSVDB-3093: GET /pls/portal/PORTAL_DEMO.ORG_CHART.SHOW: Access to Oracle pages could have an unknown impact.					
+ OSVDB-3093: GET /pls/portal/PORTAL.wwv_form.genpopuplist: Access to Oracle pages cold have an unknown impact.					
+ OSVDB-3093: GET /pls/portal/PORTAL.wwv_ui_lovf.show: Access to Oracle pages could have an unknown impact.					
+ OSVDB-3093: GET /pls/portal/PORTAL.wwa_app_module.link: Access to Oracle pages could have an unknown impact.					
+ OSVDB-3093: GET /pls/portal/PORTAL.wwv_dynxml_generator.show: Access to Oracle pages could have an unknown impact.					
+ OSVDB-3093: GET /pls/portal/PORTAL.home: Access to Oracle pages could have an unknown impact.					
+ OSVDB-3093: GET /pls/portal/PORTAL.wwv_setting.render_css: Access to Oracle pages could have an unknown impact.					
+ OSVDB-3093: GET /pls/portal/PORTAL.wwv_main.render_warning_screen?p_oldurl=inTellectPRO&p_newurl=inTellectPRO: Access to Oracle pages could have an unknown impact.					
+ OSVDB-3093: GET /pls/portal/SELECT: Access to Oracle pages could have an unknown impact.					
+ OSVDB-3093: GET /pls/portal/null: Access to Oracle pages could have an unknown impact.					
+ OSVDB-3093: GET /OA_MEDIA/: Oracle Applications portal pages found.
+ OSVDB-3093: GET /OA_HTML/META-INF/: Oracle Applications portal pages found.
+ OSVDB-3093: GET /OA_HTML/jsp/por/services/login.jsp: Oracle Applications portal pages found.
+ OSVDB-3093: GET /OA_HTML/PTB/ICXINDEXBASECASE.htm: Oracle Applications portal pages found.
+ OSVDB-3093: GET /OA_HTML/PTB/ECXOTAPing.htm: Oracle Applications portal pages found.
+ OSVDB-3093: GET /OA_HTML/PTB/xml_sample1.htm: Oracle Applications portal pages found.
+ OSVDB-3093: GET /OA_HTML/jsp/wf/WFReassign.jsp: Oracle Applications portal pages found.
+ OSVDB-3093: GET /OA_JAVA/Oracle/: Oracle Applications portal pages found.
+ OSVDB-3093: GET /OA_JAVA/servlet.zip: Oracle Applications portal pages found.
+ OSVDB-3093: GET /OA_JAVA/oracle/forms/registry/Registry.dat: Oracle Applications portal pages found.
+ OSVDB-3233: GET /OA_HTML/jsp/: Oracle Applications portal page found
+ OSVDB-3233: GET /OA_HTML/jsp/fnd/fndversion.jsp: Oracle Applications help page found.
+ OSVDB-3233: GET /OA_HTML/jsp/fnd/fndhelp.jsp?dbc=/u01/oracle/prodappl/fnd/11.5.0/secure/dbprod2_prod.dbc: Oracle Applications help page found.					
+ OSVDB-3233: GET /OA_HTML/jsp/fnd/fndhelputil.jsp: Oracle Applications help page found.
+ OSVDB-3092: GET /cehttp/trace: Sterling Commerce Connect Direct trace log file may contain user ID information.
+ OSVDB-3092: GET /cehttp/property/: Sterling Commerce Connect Direct configuration files.
+ OSVDB-3233: GET /doc/icodUserGuide.pdf: Instant Capacity on Demand (iCOD) Userís Guide.
+ OSVDB-3233: GET /doc/planning_SuperDome_configs.pdf: Planning HP SuperDome Configurations
+ OSVDB-3233: GET /doc/vxvm/pitc_ag.pdf: VERITAS FlashSnapTM Point-In-Time Copy Solutions documentation.
+ OSVDB-3233: GET /doc/Judy/Judy_tech_book.pdf: HP Judy documentation found.
+ OSVDB-3233: GET /doc/vxvm/vxvm_ag.pdf: Veritas Volume Manager documentation.
+ OSVDB-3233: GET /doc/vxvm/vxvm_hwnotes.pdf: Veritas Volume Manager documentation.
+ OSVDB-3233: GET /doc/vxvm/vxvm_ig.pdf: Veritas Volume Manager documentation.
+ OSVDB-3233: GET /doc/vxvm/vxvm_mig.pdf: Veritas Volume Manager documentation.
+ OSVDB-3233: GET /doc/vxvm/vxvm_tshoot.pdf: Veritas Volume Manager documentation.
+ OSVDB-3233: GET /doc/vxvm/vxvm_notes.pdf: Veritas Volume Manager documentation.
+ OSVDB-3233: GET /doc/vxvm/vxvm_ug.pdf: Veritas Volume Manager documentation.
+ OSVDB-3092: GET /staging/: This may be interesting...
+ OSVDB-3092: GET /_archive/: Archive found.
+ OSVDB-3092: GET /INSTALL.txt: Default file found.
+ OSVDB-3092: GET /UPGRADE.txt: Default file found.
+ OSVDB-3092: GET /LICENSE.txt: License file found may identify site software.
+ OSVDB-3092: GET /CHANGELOG.txt: A changelog was found.
+ OSVDB-3092: GET /sitemap.gz: The sitemap.gz file, used for Google indexing, contains an xml representation of the web site's structure.
+ OSVDB-3092: GET /content/sitemap.gz: The sitemap.gz file, used for Google indexing, contains an xml representation of the web site\'s structure.
+ GET /webservices/IlaWebServices: Host has the Oracle iLearning environment installed.
+ GET /phone/: This may be interesting...
+ OSVDB-3092: GET /Admin/: This might be interesting...
+ OSVDB-3092: GET /af/: This might be interesting... potential country code (Afghanistan)
+ OSVDB-3092: GET /ax/: This might be interesting... potential country code (Aland Islands)
+ OSVDB-3092: GET /al/: This might be interesting... potential country code (Albania)
+ OSVDB-3092: GET /dz/: This might be interesting... potential country code (Algeria)
+ OSVDB-3092: GET /as/: This might be interesting... potential country code (American Samoa)
+ OSVDB-3092: GET /ad/: This might be interesting... potential country code (Andorra)
+ OSVDB-3092: GET /ao/: This might be interesting... potential country code (Angola)
+ OSVDB-3092: GET /ai/: This might be interesting... potential country code (Anguilla)
+ OSVDB-3092: GET /aq/: This might be interesting... potential country code (Antarctica)
+ OSVDB-3092: GET /ag/: This might be interesting... potential country code (Antigua And Barbuda)
+ OSVDB-3092: GET /ar/: This might be interesting... potential country code (Argentina)
+ OSVDB-3092: GET /am/: This might be interesting... potential country code (Armenia)
+ OSVDB-3092: GET /aw/: This might be interesting... potential country code (Aruba)
+ OSVDB-3092: GET /au/: This might be interesting... potential country code (Australia)
+ OSVDB-3092: GET /at/: This might be interesting... potential country code (Austria)
+ OSVDB-3092: GET /az/: This might be interesting... potential country code (Azerbaijan)
+ OSVDB-3092: GET /bs/: This might be interesting... potential country code (Bahamas)
+ OSVDB-3092: GET /bh/: This might be interesting... potential country code (Bahrain)
+ OSVDB-3092: GET /bd/: This might be interesting... potential country code (Bangladesh)
+ OSVDB-3092: GET /bb/: This might be interesting... potential country code (Barbados)
+ OSVDB-3092: GET /by/: This might be interesting... potential country code (Belarus)
+ OSVDB-3092: GET /be/: This might be interesting... potential country code (Belgium)
+ OSVDB-3092: GET /bz/: This might be interesting... potential country code (Belize)
+ OSVDB-3092: GET /bj/: This might be interesting... potential country code (Benin)
+ OSVDB-3092: GET /bm/: This might be interesting... potential country code (Bermuda)
+ OSVDB-3092: GET /bt/: This might be interesting... potential country code (Bhutan)
+ OSVDB-3092: GET /bo/: This might be interesting... potential country code (Bolivia)
+ OSVDB-3092: GET /ba/: This might be interesting... potential country code (Bosnia And Herzegovina)
+ OSVDB-3092: GET /bw/: This might be interesting... potential country code (Botswana)
+ OSVDB-3092: GET /bv/: This might be interesting... potential country code (Bouvet Island)
+ OSVDB-3092: GET /br/: This might be interesting... potential country code (Brazil)
+ OSVDB-3092: GET /io/: This might be interesting... potential country code (British Indian Ocean Territory)
+ OSVDB-3092: GET /bn/: This might be interesting... potential country code (Brunei Darussalam)
+ OSVDB-3092: GET /bg/: This might be interesting... potential country code (Bulgaria)
+ OSVDB-3092: GET /bf/: This might be interesting... potential country code (Burkina Faso)
+ OSVDB-3092: GET /bi/: This might be interesting... potential country code (Burundi)
+ OSVDB-3092: GET /kh/: This might be interesting... potential country code (Cambodia)
+ OSVDB-3092: GET /cm/: This might be interesting... potential country code (Cameroon)
+ OSVDB-3092: GET /ca/: This might be interesting... potential country code (Canada)
+ OSVDB-3092: GET /cv/: This might be interesting... potential country code (Cape Verde)
+ OSVDB-3092: GET /ky/: This might be interesting... potential country code (Cayman Islands)
+ OSVDB-3092: GET /cf/: This might be interesting... potential country code (Central African Republic)
+ OSVDB-3092: GET /td/: This might be interesting... potential country code (Chad)
+ OSVDB-3092: GET /cn/: This might be interesting... potential country code (China)
+ OSVDB-3092: GET /cx/: This might be interesting... potential country code (Christmas Island)
+ OSVDB-3092: GET /cc/: This might be interesting... potential country code (Cocos (keeling) Islands)
+ OSVDB-3092: GET /co/: This might be interesting... potential country code (Colombia)
+ OSVDB-3092: GET /km/: This might be interesting... potential country code (Comoros)
+ OSVDB-3092: GET /cg/: This might be interesting... potential country code (Congo)
+ OSVDB-3092: GET /cd/: This might be interesting... potential country code (The Democratic Republic Of The Congo)
+ OSVDB-3092: GET /ck/: This might be interesting... potential country code (Cook Islands)
+ OSVDB-3092: GET /cr/: This might be interesting... potential country code (Costa Rica)
+ OSVDB-3092: GET /ci/: This might be interesting... potential country code (CÔte D'ivoire)
+ OSVDB-3092: GET /hr/: This might be interesting... potential country code (Croatia)
+ OSVDB-3092: GET /cu/: This might be interesting... potential country code (Cuba)
+ OSVDB-3092: GET /cy/: This might be interesting... potential country code (Cyprus)
+ OSVDB-3092: GET /cz/: This might be interesting... potential country code (Czech Republic)
+ OSVDB-3092: GET /dk/: This might be interesting... potential country code (Denmark)
+ OSVDB-3092: GET /dj/: This might be interesting... potential country code (Djibouti)
+ OSVDB-3092: GET /dm/: This might be interesting... potential country code (Dominica)
+ OSVDB-3092: GET /do/: This might be interesting... potential country code (Dominican Republic)
+ OSVDB-3092: GET /ec/: This might be interesting... potential country code (Ecuador)
+ OSVDB-3092: GET /eg/: This might be interesting... potential country code (Egypt)
+ OSVDB-3092: GET /sv/: This might be interesting... potential country code (El Salvador)
+ OSVDB-3092: GET /gq/: This might be interesting... potential country code (Equatorial Guinea)
+ OSVDB-3092: GET /er/: This might be interesting... potential country code (Eritrea)
+ OSVDB-3092: GET /ee/: This might be interesting... potential country code (Estonia)
+ OSVDB-3092: GET /et/: This might be interesting... potential country code (Ethiopia)
+ OSVDB-3092: GET /fk/: This might be interesting... potential country code (Falkland Islands (malvinas))
+ OSVDB-3092: GET /fo/: This might be interesting... potential country code (Faroe Islands)
+ OSVDB-3092: GET /fj/: This might be interesting... potential country code (Fiji)
+ OSVDB-3092: GET /fi/: This might be interesting... potential country code (Finland)
+ OSVDB-3092: GET /fr/: This might be interesting... potential country code (France)
+ OSVDB-3092: GET /gf/: This might be interesting... potential country code (French Guiana)
+ OSVDB-3092: GET /pf/: This might be interesting... potential country code (French Polynesia)
+ OSVDB-3092: GET /tf/: This might be interesting... potential country code (French Southern Territories)
+ OSVDB-3092: GET /ga/: This might be interesting... potential country code (Gabon)
+ OSVDB-3092: GET /gm/: This might be interesting... potential country code (Gambia)
+ OSVDB-3092: GET /ge/: This might be interesting... potential country code (Georgia)
+ OSVDB-3092: GET /de/: This might be interesting... potential country code (Germany)
+ OSVDB-3092: GET /gh/: This might be interesting... potential country code (Ghana)
+ OSVDB-3092: GET /gi/: This might be interesting... potential country code (Gibraltar)
+ OSVDB-3092: GET /gr/: This might be interesting... potential country code (Greece)
+ OSVDB-3092: GET /gl/: This might be interesting... potential country code (Greenland)
+ OSVDB-3092: GET /gd/: This might be interesting... potential country code (Grenada)
+ OSVDB-3092: GET /gp/: This might be interesting... potential country code (Guadeloupe)
+ OSVDB-3092: GET /gu/: This might be interesting... potential country code (Guam)
+ OSVDB-3092: GET /gt/: This might be interesting... potential country code (Guatemala)
+ OSVDB-3092: GET /gg/: This might be interesting... potential country code (Guernsey)
+ OSVDB-3092: GET /gn/: This might be interesting... potential country code (Guinea)
+ OSVDB-3092: GET /gw/: This might be interesting... potential country code (Guinea-bissau)
+ OSVDB-3092: GET /gy/: This might be interesting... potential country code (Guyana)
+ OSVDB-3092: GET /ht/: This might be interesting... potential country code (Haiti)
+ OSVDB-3092: GET /hm/: This might be interesting... potential country code (Heard Island And Mcdonald Islands)
+ OSVDB-3092: GET /va/: This might be interesting... potential country code (Holy See (vatican City State))
+ OSVDB-3092: GET /hn/: This might be interesting... potential country code (Honduras)
+ OSVDB-3092: GET /hk/: This might be interesting... potential country code (Hong Kong)
+ OSVDB-3092: GET /hu/: This might be interesting... potential country code (Hungary)
+ OSVDB-3092: GET /is/: This might be interesting... potential country code (Iceland)
+ OSVDB-3092: GET /in/: This might be interesting... potential country code (India)
+ OSVDB-3092: GET /id/: This might be interesting... potential country code (Indonesia)
+ OSVDB-3092: GET /ir/: This might be interesting... potential country code (Islamic Republic Of Iran)
+ OSVDB-3092: GET /iq/: This might be interesting... potential country code (Iraq)
+ OSVDB-3092: GET /ie/: This might be interesting... potential country code (Ireland)
+ OSVDB-3092: GET /im/: This might be interesting... potential country code (Isle Of Man)
+ OSVDB-3092: GET /il/: This might be interesting... potential country code (Israel)
+ OSVDB-3092: GET /it/: This might be interesting... potential country code (Italy)
+ OSVDB-3092: GET /jm/: This might be interesting... potential country code (Jamaica)
+ OSVDB-3092: GET /jp/: This might be interesting... potential country code (Japan)
+ OSVDB-3092: GET /je/: This might be interesting... potential country code (Jersey)
+ OSVDB-3092: GET /jo/: This might be interesting... potential country code (Jordan)
+ OSVDB-3092: GET /kz/: This might be interesting... potential country code (Kazakhstan)
+ OSVDB-3092: GET /ke/: This might be interesting... potential country code (Kenya)
+ OSVDB-3092: GET /ki/: This might be interesting... potential country code (Kiribati)
+ OSVDB-3092: GET /kp/: This might be interesting... potential country code (Democratic People's Republic Of Korea)
+ OSVDB-3092: GET /kr/: This might be interesting... potential country code (Republic Of Korea)
+ OSVDB-3092: GET /kw/: This might be interesting... potential country code (Kuwait)
+ OSVDB-3092: GET /kg/: This might be interesting... potential country code (Kyrgyzstan)
+ OSVDB-3092: GET /la/: This might be interesting... potential country code (Lao People's Democratic Republic)
+ OSVDB-3092: GET /lv/: This might be interesting... potential country code (Latvia)
+ OSVDB-3092: GET /lb/: This might be interesting... potential country code (Lebanon)
+ OSVDB-3092: GET /ls/: This might be interesting... potential country code (Lesotho)
+ OSVDB-3092: GET /lr/: This might be interesting... potential country code (Liberia)
+ OSVDB-3092: GET /ly/: This might be interesting... potential country code (Libyan Arab Jamahiriya)
+ OSVDB-3092: GET /li/: This might be interesting... potential country code (Liechtenstein)
+ OSVDB-3092: GET /lt/: This might be interesting... potential country code (Lithuania)
+ OSVDB-3092: GET /lu/: This might be interesting... potential country code (Luxembourg)
+ OSVDB-3092: GET /mo/: This might be interesting... potential country code (Macao)
+ OSVDB-3092: GET /mk/: This might be interesting... potential country code (Macedonia)
+ OSVDB-3092: GET /mg/: This might be interesting... potential country code (Madagascar)
+ OSVDB-3092: GET /mw/: This might be interesting... potential country code (Malawi)
+ OSVDB-3092: GET /my/: This might be interesting... potential country code (Malaysia)
+ OSVDB-3092: GET /mv/: This might be interesting... potential country code (Maldives)
+ OSVDB-3092: GET /ml/: This might be interesting... potential country code (Mali)
+ OSVDB-3092: GET /mt/: This might be interesting... potential country code (Malta)
+ OSVDB-3092: GET /mh/: This might be interesting... potential country code (Marshall Islands)
+ OSVDB-3092: GET /mq/: This might be interesting... potential country code (Martinique)
+ OSVDB-3092: GET /mr/: This might be interesting... potential country code (Mauritania)
+ OSVDB-3092: GET /mu/: This might be interesting... potential country code (Mauritius)
+ OSVDB-3092: GET /yt/: This might be interesting... potential country code (Mayotte)
+ OSVDB-3092: GET /mx/: This might be interesting... potential country code (Mexico)
+ OSVDB-3092: GET /fm/: This might be interesting... potential country code (Federated States Of Micronesia)
+ OSVDB-3092: GET /md/: This might be interesting... potential country code (Republic Of Moldova)
+ OSVDB-3092: GET /mc/: This might be interesting... potential country code (Monaco)
+ OSVDB-3092: GET /mn/: This might be interesting... potential country code (Mongolia)
+ OSVDB-3092: GET /me/: This might be interesting... potential country code (Montenegro)
+ OSVDB-3092: GET /ms/: This might be interesting... potential country code (Montserrat)
+ OSVDB-3092: GET /ma/: This might be interesting... potential country code (Morocco)
+ OSVDB-3092: GET /mz/: This might be interesting... potential country code (Mozambique)
+ OSVDB-3092: GET /mm/: This might be interesting... potential country code (Myanmar)
+ OSVDB-3092: GET /na/: This might be interesting... potential country code (Namibia)
+ OSVDB-3092: GET /nr/: This might be interesting... potential country code (Nauru)
+ OSVDB-3092: GET /np/: This might be interesting... potential country code (Nepal)
+ OSVDB-3092: GET /nl/: This might be interesting... potential country code (Netherlands)
+ OSVDB-3092: GET /an/: This might be interesting... potential country code (Netherlands Antilles)
+ OSVDB-3092: GET /nc/: This might be interesting... potential country code (New Caledonia)
+ OSVDB-3092: GET /nz/: This might be interesting... potential country code (New Zealand)
+ OSVDB-3092: GET /ni/: This might be interesting... potential country code (Nicaragua)
+ OSVDB-3092: GET /ne/: This might be interesting... potential country code (Niger)
+ OSVDB-3092: GET /ng/: This might be interesting... potential country code (Nigeria)
+ OSVDB-3092: GET /nu/: This might be interesting... potential country code (Niue)
+ OSVDB-3092: GET /nf/: This might be interesting... potential country code (Norfolk Island)
+ OSVDB-3092: GET /mp/: This might be interesting... potential country code (Northern Mariana Islands)
+ OSVDB-3092: GET /no/: This might be interesting... potential country code (Norway)
+ OSVDB-3092: GET /om/: This might be interesting... potential country code (Oman)
+ OSVDB-3092: GET /pk/: This might be interesting... potential country code (Pakistan)
+ OSVDB-3092: GET /pw/: This might be interesting... potential country code (Palau)
+ OSVDB-3092: GET /ps/: This might be interesting... potential country code (Palestinian Territory)
+ OSVDB-3092: GET /pa/: This might be interesting... potential country code (Panama)
+ OSVDB-3092: GET /pg/: This might be interesting... potential country code (Papua New Guinea)
+ OSVDB-3092: GET /py/: This might be interesting... potential country code (Paraguay)
+ OSVDB-3092: GET /pe/: This might be interesting... potential country code (Peru)
+ OSVDB-3092: GET /ph/: This might be interesting... potential country code (Philippines)
+ OSVDB-3092: GET /pn/: This might be interesting... potential country code (Pitcairn)
+ OSVDB-3092: GET /pl/: This might be interesting... potential country code (Poland)
+ OSVDB-3092: GET /pt/: This might be interesting... potential country code (Portugal)
+ OSVDB-3092: GET /pr/: This might be interesting... potential country code (Puerto Rico)
+ OSVDB-3092: GET /qa/: This might be interesting... potential country code (Qatar)
+ OSVDB-3092: GET /re/: This might be interesting... potential country code (RÉunion)
+ OSVDB-3092: GET /ro/: This might be interesting... potential country code (Romania)
+ OSVDB-3092: GET /ru/: This might be interesting... potential country code (Russian Federation)
+ OSVDB-3092: GET /rw/: This might be interesting... potential country code (Rwanda)
+ OSVDB-3092: GET /bl/: This might be interesting... potential country code (Saint BarthÉlemy)
+ OSVDB-3092: GET /sh/: This might be interesting... potential country code (Saint Helena)
+ OSVDB-3092: GET /kn/: This might be interesting... potential country code (Saint Kitts And Nevis)
+ OSVDB-3092: GET /lc/: This might be interesting... potential country code (Saint Lucia)
+ OSVDB-3092: GET /mf/: This might be interesting... potential country code (Saint Martin)
+ OSVDB-3092: GET /pm/: This might be interesting... potential country code (Saint Pierre And Miquelon)
+ OSVDB-3092: GET /vc/: This might be interesting... potential country code (Saint Vincent And The Grenadines)
+ OSVDB-3092: GET /ws/: This might be interesting... potential country code (Samoa)
+ OSVDB-3092: GET /sm/: This might be interesting... potential country code (San Marino)
+ OSVDB-3092: GET /st/: This might be interesting... potential country code (Sao Tome And Principe)
+ OSVDB-3092: GET /sa/: This might be interesting... potential country code (Saudi Arabia)
+ OSVDB-3092: GET /sn/: This might be interesting... potential country code (Senegal)
+ OSVDB-3092: GET /rs/: This might be interesting... potential country code (Serbia)
+ OSVDB-3092: GET /sc/: This might be interesting... potential country code (Seychelles)
+ OSVDB-3092: GET /sl/: This might be interesting... potential country code (Sierra Leone)
+ OSVDB-3092: GET /sg/: This might be interesting... potential country code (Singapore)
+ OSVDB-3092: GET /sk/: This might be interesting... potential country code (Slovakia)
+ OSVDB-3092: GET /si/: This might be interesting... potential country code (Slovenia)
+ OSVDB-3092: GET /sb/: This might be interesting... potential country code (Solomon Islands)
+ OSVDB-3092: GET /so/: This might be interesting... potential country code (Somalia)
+ OSVDB-3092: GET /za/: This might be interesting... potential country code (South Africa)
+ OSVDB-3092: GET /gs/: This might be interesting... potential country code (South Georgia And The South Sandwich Islands)
+ OSVDB-3092: GET /es/: This might be interesting... potential country code (Spain)
+ OSVDB-3092: GET /lk/: This might be interesting... potential country code (Sri Lanka)
+ OSVDB-3092: GET /sd/: This might be interesting... potential country code (Sudan)
+ OSVDB-3092: GET /sr/: This might be interesting... potential country code (Suriname)
+ OSVDB-3092: GET /sj/: This might be interesting... potential country code (Svalbard And Jan Mayen)
+ OSVDB-3092: GET /sz/: This might be interesting... potential country code (Swaziland)
+ OSVDB-3092: GET /se/: This might be interesting... potential country code (Sweden)
+ OSVDB-3092: GET /ch/: This might be interesting... potential country code (Switzerland)
+ OSVDB-3092: GET /sy/: This might be interesting... potential country code (Syrian Arab Republic)
+ OSVDB-3092: GET /tw/: This might be interesting... potential country code (Taiwan)
+ OSVDB-3092: GET /tj/: This might be interesting... potential country code (Tajikistan)
+ OSVDB-3092: GET /tz/: This might be interesting... potential country code (United Republic Of Tanzania)
+ OSVDB-3092: GET /th/: This might be interesting... potential country code (Thailand)
+ OSVDB-3092: GET /tl/: This might be interesting... potential country code (Timor-leste)
+ OSVDB-3092: GET /tg/: This might be interesting... potential country code (Togo)
+ OSVDB-3092: GET /tk/: This might be interesting... potential country code (Tokelau)
+ OSVDB-3092: GET /to/: This might be interesting... potential country code (Tonga)
+ OSVDB-3092: GET /tt/: This might be interesting... potential country code (Trinidad And Tobago)
+ OSVDB-3092: GET /tn/: This might be interesting... potential country code (Tunisia)
+ OSVDB-3092: GET /tr/: This might be interesting... potential country code (Turkey)
+ OSVDB-3092: GET /tm/: This might be interesting... potential country code (Turkmenistan)
+ OSVDB-3092: GET /tv/: This might be interesting... potential country code (Tuvalu)
+ OSVDB-3092: GET /ug/: This might be interesting... potential country code (Uganda)
+ OSVDB-3092: GET /ua/: This might be interesting... potential country code (Ukraine)
+ OSVDB-3092: GET /ae/: This might be interesting... potential country code (United Arab Emirates)
+ OSVDB-3092: GET /gb/: This might be interesting... potential country code (United Kingdom)
+ OSVDB-3092: GET /um/: This might be interesting... potential country code (United States Minor Outlying Islands)
+ OSVDB-3092: GET /uy/: This might be interesting... potential country code (Uruguay)
+ OSVDB-3092: GET /uz/: This might be interesting... potential country code (Uzbekistan)
+ OSVDB-3092: GET /vu/: This might be interesting... potential country code (Vanuatu)
+ OSVDB-3092: GET /ve/: This might be interesting... potential country code (Venezuela)
+ OSVDB-3092: GET /vn/: This might be interesting... potential country code (Viet Nam)
+ OSVDB-3092: GET /vg/: This might be interesting... potential country code (British Virgin Islands)
+ OSVDB-3092: GET /vi/: This might be interesting... potential country code (U.S. Virgin Islands)
+ OSVDB-3092: GET /wf/: This might be interesting... potential country code (Wallis And Futuna)
+ OSVDB-3092: GET /eh/: This might be interesting... potential country code (Western Sahara)
+ OSVDB-3092: GET /ye/: This might be interesting... potential country code (Yemen)
+ OSVDB-3092: GET /zm/: This might be interesting... potential country code (Zambia)
+ OSVDB-3092: GET /zw/: This might be interesting... potential country code (Zimbabwe)
+ OSVDB-3092: GET /www/2: This might be interesting...
+ OSVDB-3093: GET /includes/sendmail.inc: Include files (.inc) should not be served in plain text.
+ OSVDB-3092: GET /license.txt: License file found may identify site software.
+ OSVDB-3092: GET /install.txt: Install file found may identify site software.
+ OSVDB-3092: GET /LICENSE.TXT: License file found may identify site software.
+ OSVDB-3092: GET /INSTALL.TXT: Install file found may identify site software.
+ GET /config/config.txt: Configuration file found.
+ GET /config/readme.txt: Readme file found.
+ GET /data/readme.txt: Readme file found.
+ GET /log/readme.txt: Readme file found.
+ GET /logs/readme.txt: Readme file found.
+ GET /uploads/readme.txt: Readme file found.
+ GET /admin.asp: Admin login page/section found.
+ GET /admin/account.asp: Admin login page/section found.
+ GET /admin/account.html: Admin login page/section found.
+ GET /admin/controlpanel.asp: Admin login page/section found.
+ GET /admin/controlpanel.html: Admin login page/section found.
+ GET /admin/cp.asp: Admin login page/section found.
+ GET /admin/cp.html: Admin login page/section found.
+ GET /admin/home.asp: Admin login page/section found.
+ GET /admin/index.asp: Admin login page/section found.
+ GET /admin/index.html: Admin login page/section found.
+ GET /admin/login.asp: Admin login page/section found.
+ GET /admin/login.html: Admin login page/section found.
+ GET /admin1.asp: Admin login page/section found.
+ GET /admin1.html: Admin login page/section found.
+ GET /admin1/: Admin login page/section found.
+ GET /admin2.asp: Admin login page/section found.
+ GET /admin2.html: Admin login page/section found.
+ GET /admin4_account/: Admin login page/section found.
+ GET /admin4_colon/: Admin login page/section found.
+ GET /admincontrol.asp: Admin login page/section found.
+ GET /admincontrol.html: Admin login page/section found.
+ GET /administer/: Admin login page/section found.
+ GET /administr8.asp: Admin login page/section found.
+ GET /administr8.html: Admin login page/section found.
+ GET /administr8/: Admin login page/section found.
+ GET /administracao/: Admin login page/section found.
+ GET /administraçao/: Admin login page/section found.
+ GET /administracion/: Admin login page/section found.
+ GET /administrateur/: Admin login page/section found.
+ GET /administratie/: Admin login page/section found.
+ GET /administration.html: Admin login page/section found.
+ GET /administration/: Admin login page/section found.
+ GET /administrator.asp: Admin login page/section found.
+ GET /administrator.html: Admin login page/section found.
+ GET /administrator/account.asp: Admin login page/section found.
+ GET /administrator/account.html: Admin login page/section found.
+ GET /administrator/index.asp: Admin login page/section found.
+ GET /administrator/index.html: Admin login page/section found.
+ GET /administrator/login.asp: Admin login page/section found.
+ GET /administrator/login.html: Admin login page/section found.
+ GET /administratoraccounts/: Admin login page/section found.
+ GET /administrators/: Admin login page/section found.
+ GET /administrivia/: Admin login page/section found.
+ GET /adminisztrátora/: Admin login page/section found.
+ GET /adminpanel.asp: Admin login page/section found.
+ GET /adminpanel.html: Admin login page/section found.
+ GET /adminpro/: Admin login page/section found.
+ GET /admins.asp: Admin login page/section found.
+ GET /admins.html: Admin login page/section found.
+ GET /admins/: Admin login page/section found.
+ GET /AdminTools/: Admin login page/section found.
+ GET /amministratore/: Admin login page/section found.
+ GET /autologin/: Admin login page/section found.
+ GET /banneradmin/: Admin login page/section found.
+ GET /bbadmin/: Admin login page/section found.
+ GET /beheerder/: Admin login page/section found.
+ GET /bigadmin/: Admin login page/section found.
+ GET /blogindex/: Admin login page/section found.
+ GET /cadmins/: Admin login page/section found.
+ GET /ccms/: Admin login page/section found.
+ GET /ccp14admin/: Admin login page/section found.
+ GET /cmsadmin/: Admin login page/section found.
+ GET /configuration/: Admin login page/section found.
+ GET /configure/: Admin login page/section found.
+ GET /controlpanel.asp: Admin login page/section found.
+ GET /controlpanel.html: Admin login page/section found.
+ GET /controlpanel/: Admin login page/section found.
+ GET /cp.asp: Admin login page/section found.
+ GET /cp.html: Admin login page/section found.
+ GET /cpanel_file/: Admin login page/section found.
+ GET /customer_login/: Admin login page/section found.
+ GET /database_administration/: Admin login page/section found.
+ GET /Database_Administration/: Admin login page/section found.
+ GET /dir-login/: Admin login page/section found.
+ GET /directadmin/: Admin login page/section found.
+ GET /ezsqliteadmin/: Admin login page/section found.
+ GET /fileadmin.asp: Admin login page/section found.
+ GET /fileadmin.html: Admin login page/section found.
+ GET /formslogin/: Admin login page/section found.
+ GET /globes_admin/: Admin login page/section found.
+ GET /hpwebjetadmin/: Admin login page/section found.
+ GET /Indy_admin/: Admin login page/section found.
+ GET /irc-macadmin/: Admin login page/section found.
+ GET /LiveUser_Admin/: Admin login page/section found.
+ GET /login_db/: Admin login page/section found.
+ GET /login-redirect/: Admin login page/section found.
+ GET /login-us/: Admin login page/section found.
+ GET /login.asp: Admin login page/section found.
+ GET /login.html: Admin login page/section found.
+ GET /login1/: Admin login page/section found.
+ GET /loginflat/: Admin login page/section found.
+ GET /logo_sysadmin/: Admin login page/section found.
+ GET /Lotus_Domino_Admin/: Admin login page/section found.
+ GET /macadmin/: Admin login page/section found.
+ GET /maintenance/: Admin login page/section found.
+ GET /manuallogin/: Admin login page/section found.
+ GET /memlogin/: Admin login page/section found.
+ GET /meta_login/: Admin login page/section found.
+ GET /modelsearch/login.asp: Admin login page/section found.
+ GET /moderator.asp: Admin login page/section found.
+ GET /moderator.html: Admin login page/section found.
+ GET /moderator/: Admin login page/section found.
+ GET /moderator/admin.asp: Admin login page/section found.
+ GET /moderator/admin.html: Admin login page/section found.
+ GET /moderator/login.asp: Admin login page/section found.
+ GET /moderator/login.html: Admin login page/section found.
+ GET /myadmin/: Admin login page/section found.
+ GET /navSiteAdmin/: Admin login page/section found.
+ GET /newsadmin/: Admin login page/section found.
+ GET /openvpnadmin/: Admin login page/section found.
+ GET /painel/: Admin login page/section found.
+ GET /panel/: Admin login page/section found.
+ GET /pgadmin/: Admin login page/section found.
+ GET /phpldapadmin/: Admin login page/section found.
+ GET /phppgadmin/: Admin login page/section found.
+ GET /phpSQLiteAdmin/: Admin login page/section found.
+ GET /platz_login/: Admin login page/section found.
+ GET /power_user/: Admin login page/section found.
+ GET /project-admins/: Admin login page/section found.
+ GET /pureadmin/: Admin login page/section found.
+ GET /radmind-1/: Admin login page/section found.
+ GET /radmind/: Admin login page/section found.
+ GET /rcLogin/: Admin login page/section found.
+ GET /server_admin_small/: Admin login page/section found.
+ GET /Server.asp: Admin login page/section found.
+ GET /Server.html: Admin login page/section found.
+ GET /ServerAdministrator/: Admin login page/section found.
+ GET /showlogin/: Admin login page/section found.
+ GET /simpleLogin/: Admin login page/section found.
+ GET /smblogin/: Admin login page/section found.
+ GET /sql-admin/: Admin login page/section found.
+ GET /ss_vms_admin_sm/: Admin login page/section found.
+ GET /sshadmin/: Admin login page/section found.
+ GET /staradmin/: Admin login page/section found.
+ GET /sub-login/: Admin login page/section found.
+ GET /Super-Admin/: Admin login page/section found.
+ GET /support_login/: Admin login page/section found.
+ GET /sys-admin/: Admin login page/section found.
+ GET /sysadmin.asp: Admin login page/section found.
+ GET /sysadmin.html: Admin login page/section found.
+ GET /sysadmin/: Admin login page/section found.
+ GET /SysAdmin/: Admin login page/section found.
+ GET /SysAdmin2/: Admin login page/section found.
+ GET /sysadmins/: Admin login page/section found.
+ GET /system_administration/: Admin login page/section found.
+ GET /system-administration/: Admin login page/section found.
+ GET /ur-admin.asp: Admin login page/section found.
+ GET /ur-admin.html: Admin login page/section found.
+ GET /ur-admin/: Admin login page/section found.
+ GET /useradmin/: Admin login page/section found.
+ GET /UserLogin/: Admin login page/section found.
+ GET /utility_login/: Admin login page/section found.
+ GET /v2/painel/: Admin login page/section found.
+ GET /vadmind/: Admin login page/section found.
+ GET /vmailadmin/: Admin login page/section found.
+ GET /webadmin.asp: Admin login page/section found.
+ GET /webadmin.html: Admin login page/section found.
+ GET /webmaster/: Admin login page/section found.
+ GET /websvn/: Admin login page/section found.
+ GET /wizmysqladmin/: Admin login page/section found.
+ GET /wp-admin/: Admin login page/section found.
+ GET /wp-login/: Admin login page/section found.
+ GET /xlogin/: Admin login page/section found.
+ GET /yonetici.asp: Admin login page/section found.
+ GET /yonetici.html: Admin login page/section found.
+ GET /yonetim.asp: Admin login page/section found.
+ GET /yonetim.html: Admin login page/section found.
+ OSVDB-3092: GET /test.asp: This might be interesting...
+ OSVDB-3092: GET /test.aspx: This might be interesting...
+ GET /maintenance.asp: This might be interesting...
+ GET /maintenance.aspx: This might be interesting...
+ GET /maint/: This might be interesting...
+ GET /maint.asp: This might be interesting...
+ GET /maint.aspx: This might be interesting...
+ GET /jk-status: mod_jk status page is visible.
+ GET /balancer-manager: mod_proxy_balancer management page is visible.
+ GET /servlets-examples/: Tomcat servlets examples are visible.
+ GET /admin-console: JBoss admin console is visible.
+ OSVDB-3092: GET /messages/: This might be interesting...
+ OSVDB-3092: GET /cms/: This might be interesting...
+ OSVDB-3092: GET /helpdesk/: This might be interesting...
+ GET /3rdparty/phpMyAdmin/: phpMyAdmin directory found
+ GET /phpMyAdmin/: phpMyAdmin directory found
+ GET /3rdparty/phpmyadmin/: phpMyAdmin directory found
+ GET /phpmyadmin/: phpMyAdmin directory found
+ GET /pma/: phpMyAdmin directory found
+ GET /spin/main.csp: CA iTechnology SPIN interface found
+ GET /openadmin/: Informix OpenAdmin tool administration login
+ OSVDB-3092: GET /.svn/entries: Subversion Entries file may contain directory listing information.
+ OSVDB-3092: GET /.git/index: Git Index file may contain directory listing information.
+ OSVDB-3092: GET /.hg/dirstate: Mercurial DirState file may contain directory listing information.
+ OSVDB-3092: GET /test.jsp: This might be interesting...
+ OSVDB-3092: GET /bookmarks.nsfdeslo: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /deslog.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /docdomguide.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /docdspug.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /dochelp4.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /dochelpadmin.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /dochelplt4.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /docinternet.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /docjavapg.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /doclccon.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /docmigrate.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /docnpn_admn.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /docnpn_rn.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /docreadmec.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /docreadmes.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /docsmhelp.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /docsrvinst.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /helpdomguide.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /helpdspug.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /helphelp4.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /helphelpadmin.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /helphelplt4.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /helpinternet.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /helpjavapg.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /helplccon.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /helpmigrate.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /helpnpn_admn.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /helpnpn_rn.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /helpreadmec.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /helpreadmes.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /helpsmhelp.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /helpsrvinst.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /iNotesForms5.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /quickplacequickplacemain.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /quickstartqstart50.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /quickstartwwsample.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: GET /samplesiregw46.nsf: This database can be read without authentication, which may reveal sensitive information.
+ GET /mobileadmin/db/MobileAdminDB.sqlite: RoveIT Mobile Admin internal database is available for download
+ GET /notes.txt: This might be interesting...
+ GET /adfs/ls/?wa=wsignout1.0: Active Directory Federation Services sign out page found.
+ GET /adfs/ls/?wa=wsignin1.0&wtrealm=http://www.cirt.net/: Active Directory Federation Services sign in page found.
+ GET /manager/html: Tomcat Manager / Host Manager interface found (pass protected)
+ GET /jk-manager/html: Tomcat Manager / Host Manager interface found (pass protected)
+ GET /jk-status/html: Tomcat Manager / Host Manager interface found (pass protected)
+ GET /admin/html: Tomcat Manager / Host Manager interface found (pass protected)
+ GET /host-manager/html: Tomcat Manager / Host Manager interface found (pass protected)
+ OSVDB-96181: GET /adfs/services/proxytrustpolicystoretransfer: Active Directory Federation Services page found.
+ OSVDB-96181: GET /adfs/fs/federationserverservice.asmx: Active Directory Federation Services page found.
+ OSVDB-96181: GET /adfs/services/trust/samlprotocol/proxytrust: Active Directory Federation Services page found.
+ OSVDB-96181: GET /adfs/services/trust/mexsoap: Active Directory Federation Services page found.
+ OSVDB-96181: GET /adfs/services/trust/proxymexhttpget/: Active Directory Federation Services page found.
+ OSVDB-96181: GET /adfs/services/trust/proxymex: Active Directory Federation Services page found.
+ OSVDB-96181: GET /adfs/services/trust/2005/windowstransport: Active Directory Federation Services page found.
+ OSVDB-96181: GET /adfs/services/trust/2005/certificatemixed: Active Directory Federation Services page found.
+ OSVDB-96181: GET /adfs/services/trust/2005/certificatetransport: Active Directory Federation Services page found.
+ OSVDB-96181: GET /adfs/services/trust/2005/usernamemixed: Active Directory Federation Services page found.
+ OSVDB-96181: GET /adfs/services/trust/2005/kerberosmixed: Active Directory Federation Services page found.
+ OSVDB-96181: GET /adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256: Active Directory Federation Services page found.
+ OSVDB-96181: GET /adfs/services/trust/2005/issuedtokenmixedsymmetricbasic256: Active Directory Federation Services page found.
+ OSVDB-96181: GET /adfs/services/trust/13/kerberosmixed: Active Directory Federation Services page found.
+ OSVDB-96181: GET /adfs/services/trust/13/certificatemixed: Active Directory Federation Services page found.
+ OSVDB-96181: GET /adfs/services/trust/13/usernamemixed: Active Directory Federation Services page found.
+ OSVDB-96181: GET /adfs/services/trust/13/issuedtokenmixedasymmetricbasic256: Active Directory Federation Services page found.
+ OSVDB-96181: GET /adfs/services/trust/13/issuedtokenmixedsymmetricbasic256: Active Directory Federation Services page found.
+ OSVDB-96181: GET /adfs/services/trusttcp/windows: Active Directory Federation Services page found.
+ OSVDB-96181: GET /adfs/services/trust/proxytrust: Active Directory Federation Services page found.
+ OSVDB-96181: GET /adfs/services/trust/proxytrust13: Active Directory Federation Services page found.
+ OSVDB-96181: GET /adfs/services/trust/proxytrustprovisionusername: Active Directory Federation Services page found.
+ OSVDB-96181: GET /adfs/services/trust/proxytrustprovisionissuedtoken: Active Directory Federation Services page found.
+ OSVDB-96181: GET /FederationMetadata/2007-06/: Active Directory Federation Services page found.
+ OSVDB-96181: GET /Federationmetadata/2007-06/FederationMetadata.xml: Active Directory Federation Services page found.
+ OSVDB-96181: GET /adfs/ls/IdpInitiatedSignon.aspx: Active Directory Federation Services page found.
+ GET /console/: Application console found
+ GET /wsman/: Windows Remote Management is enabled
+ GET /fantastico_fileslist.txt: fantastico_fileslist.txt file found. This file contains a list of all the files from the current directory.
+ GET /webservices/: Webservices found
+ GET /atg/bcc: Oracle ATG Business Control Center
+ GET /dyn/admin/: Admin page found; possibly Oracle ATG
+ GET /crx: Adobe CQ CRX Console
+ GET /system/console/configMgr: OSGi Apache Felix console
+ GET /system/console/bundles: OSGi Apache Felix console
+ GET /system/console: OSGi Apache Felix console
+ GET /repository/: CRX WebDAV upload
+ GET /cqresource/: CRX WebDAV upload
+ GET /etc/cloudservices: Adobe Experience Manager Cloud Service Information
+ GET /etc/reports: Adobe Experience Manager Reports
+ OSVDB-3092: GET /dumpinfo: National Instruments Service Locator
+ GET /manage/Logs/: Covertix SmartCipher Console Login and Web Service Log directory detected
+ GET /rsa: Encryption key exposed
+ GET /rsa.old: Encryption key exposed
+ GET /dsa: Encryption key exposed
+ GET /dsa.old: Encryption key exposed
+ GET /id_rsa: Encryption key exposed
+ GET /id_rsa.old: Encryption key exposed
+ GET /id_dsa: Encryption key exposed
+ GET /id_dsa.old: Encryption key exposed
+ GET /identity: Encryption key exposed
+ GET /key: Encryption key exposed
+ GET /key.priv: Encryption key exposed
+ GET /encrypt.aspx: This might be interesting...
+ GET /decrypt.aspx: This might be interesting...
+ GET /encrypt.asp: This might be interesting...
+ GET /decrypt.asp: This might be interesting...
+ GET /encrypt.jsp: This might be interesting...
+ GET /decrypt.jsp: This might be interesting...
+ GET /encrypt: This might be interesting...
+ GET /decrypt: This might be interesting...
+ OSVDB-3093: GET /includes/db.inc: Include files (.inc) should not be served in plain text.
+ GET /CHANGELOG.txt: Version number implies that there is a SQL Injection in Drupal 7, can be used for authentication bypass (Drupageddon: see https://www.sektioneins.de/advisories/advisory-012014-drupal-pre-auth-sql-injection-vulnerability.html).
+ GET /debug.jsp: Possible debug directory/program found.
+ GET /debug.asp: Possible debug directory/program found.
+ GET /debug/: Possible debug directory/program found.
+ OSVDB-637: GET /~ftp/: Allowed to browse ftp user's home directory.
+ GET /_vti_bin/owssvr.dll: FrontPage/Sharepointfile available.
+ GET /_vti_bin/_vti_adm/admin.exe: FrontPage/Sharepointfile available.
+ GET /_vti_bin/_vti_aut/author.exe: FrontPage/Sharepointfile available.
+ GET /_vti_bin/_vti_aut/WS_FTP.log: FrontPage/Sharepointfile available.
+ GET /_vti_bin/_vti_aut/ws_ftp.log: FrontPage/Sharepointfile available.
+ GET /_vti_bin/_vti_aut/author.dll: FrontPage/Sharepointfile available.
+ GET /_layouts/addrole.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/AdminRecycleBin.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/AreaNavigationSettings.aspx: FrontPage/Sharepointfile available.
+ GET /_Layouts/AreaTemplateSettings.aspx: FrontPage/Sharepointfile available.
+ GET /_Layouts/AreaWelcomePage.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/bpcf.aspx: FrontPage/Sharepointfile available.
+ GET /_Layouts/ChangeSiteMasterPage.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/create.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/editgrp.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/editprms.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/help.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/images/: FrontPage/Sharepointfile available.
+ GET /_layouts/listedit.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/ManageFeatures.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/mcontent.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/mngctype.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/mngfield.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/mngsiteadmin.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/mngsubwebs.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/mngsubwebs.aspx?view=sites: FrontPage/Sharepointfile available.
+ GET /_layouts/mobile/mbllists.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/MyInfo.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/MyPage.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/MyTasks.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/navoptions.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/NewDwp.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/newgrp.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/newsbweb.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/PageSettings.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/people.aspx?MembershipGroupId=0: FrontPage/Sharepointfile available.
+ GET /_layouts/permsetup.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/picker.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/policy.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/policyconfig.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/policycts.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/Policylist.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/prjsetng.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/quiklnch.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/recyclebin.aspx: FrontPage/Sharepointfile available.
+ GET /_Layouts/RedirectPage.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/role.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/settings.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/SiteDirectorySettings.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/sitemanager.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/SiteManager.aspx?lro=all: FrontPage/Sharepointfile available.
+ GET /_layouts/spcf.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/storman.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/themeweb.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/topnav.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/user.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/userdisp.aspx?ID=1: FrontPage/Sharepointfile available.
+ GET /_layouts/useredit.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/useredit.aspx?ID=1: FrontPage/Sharepointfile available.
+ GET /_layouts/viewlsts.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/vsubwebs.aspx: FrontPage/Sharepointfile available.
+ GET /_layouts/WPPrevw.aspx?ID=247: FrontPage/Sharepointfile available.
+ GET /_layouts/wrkmng.aspx: FrontPage/Sharepointfile available.
+ GET /Forms/DispForm.aspx: FrontPage/Sharepointfile available.
+ GET /Forms/DispForm.aspx?ID=1: FrontPage/Sharepointfile available.
+ GET /Forms/EditForm.aspx: FrontPage/Sharepointfile available.
+ GET /Forms/EditForm.aspx?ID=1: FrontPage/Sharepointfile available.
+ GET /Forms/Forms/AllItems.aspx: FrontPage/Sharepointfile available.
+ GET /Forms/MyItems.aspx: FrontPage/Sharepointfile available.
+ GET /Forms/NewForm.aspx: FrontPage/Sharepointfile available.
+ GET /Pages/default.aspx: FrontPage/Sharepointfile available.
+ GET /Pages/Forms/AllItems.aspx: FrontPage/Sharepointfile available.
+ GET /_catalogs/masterpage/Forms/AllItems.aspx: FrontPage/Sharepointfile available.
+ GET /_catalogs/wp/Forms/AllItems.aspx: FrontPage/Sharepointfile available.
+ GET /_catalogs/wt/Forms/Common.aspx: FrontPage/Sharepointfile available.
+ GET /_vti_pvt/service.grp: FrontPage/Sharepointfile available.
+ GET /_vti_pvt/botsinf.cnf: FrontPage/Sharepointfile available.
+ GET /_vti_pvt/structure.cnf: FrontPage/Sharepointfile available.
+ GET /_vti_pvt/uniqperm.cnf: FrontPage/Sharepointfile available.
+ GET /server-manager/: Mitel Audio and Web Conferencing server manager identified.
+ GET /wp-content/plugins/gravityforms/change_log.txt: Gravity forms is installed. Based on the version number in the changelog, it is vulnerable to an authenticated SQL injection. https://wpvulndb.com/vulnerabilities/7849
+ GET /manager/status: Tomcat Server Status interface found (pass protected)
+ GET /jk-manager/status: Tomcat Server Status interface found (pass protected)
+ GET /jk-status/status: Tomcat Server Status interface found (pass protected)
+ GET /admin/status: Tomcat Server Status interface found (pass protected)
+ GET /host-manager/status: Tomcat Server Status interface found (pass protected)
+ GET /server-status: Apache server-status interface found (pass protected)
+ GET /server-info: Apache server-info interface found (pass protected)

#20

Dudas y pedidos generales / [SOLUCIONADO] metasploit cisco_ios_auth_bypass

Abril 15, 2017, 06:43:18 PM

Hola, estoy intentando usar este exploit: auxiliary/scanner/http/cisco_ios_auth_bypass
El módulo me pide una action y no sé que poner.
He estado buscando y no encuentro información sobre como realizar este ataque.
Si alguien me puede orientar por favor?
De momento estoy en esta fase:

msf auxiliary(cisco_ios_auth_bypass) > exploit

Scanned 1 of 1 hosts (100% complete)
Auxiliary module execution completed
msf auxiliary(cisco_ios_auth_bypass) >

Muchas gracias!