Reporte Metaexploitabe2 Con OpenVAS
Uploaded by
lara_leopoldoReporte Metaexploitabe2 Con OpenVAS
Uploaded by
lara_leopoldoScan Report
March 3, 2015
Summary
This document reports on the results of an automatic security scan. The scan started at
Tue Mar 3 21:47:59 2015 UTC and ended at Tue Mar 3 22:11:49 2015 UTC. The report first
summarises the results found. Then, for each host, the report describes every issue found.
Please consider the advice given in each description, in order to rectify the issue.
Contents
1 Result Overview
2 Results per Host
2.1 192.168.233.133 . . . . . .
2.1.1 High 6000/tcp . .
2.1.2 High 2121/tcp . .
2.1.3 High 21/tcp . . . .
2.1.4 High 2049/udp . .
2.1.5 High 3632/tcp . .
2.1.6 High 3306/tcp . .
2.1.7 High 5432/tcp . .
2.1.8 High 22/tcp . . . .
2.1.9 High 80/tcp . . . .
2.1.10 High 6667/tcp . .
2.1.11 High 6200/tcp . .
2.1.12 Medium 2121/tcp
2.1.13 Medium 21/tcp . .
2.1.14 Medium 3306/tcp
2.1.15 Medium 5432/tcp
2.1.16 Medium 80/tcp . .
2.1.17 Medium 25/tcp . .
2.1.18 Medium 53/tcp . .
2.1.19 Medium 512/tcp .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
1
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
2
2
3
4
6
10
10
12
15
17
18
21
22
23
26
28
38
46
48
51
52
CONTENTS
2.1.20 Low 3306/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
52
2.1.21 Low 5432/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
54
2.1.22 Low general/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
56
2.1.23 Low 139/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
57
2.1.24 Log 2121/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
58
2.1.25 Log 21/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.1.26 Log 3306/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
59
60
2.1.27 Log 5432/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
62
2.1.28 Log 22/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
65
2.1.29 Log 80/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
67
2.1.30 Log 6667/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
84
2.1.31 Log 25/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
84
2.1.32 Log 53/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
86
2.1.33 Log general/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
87
2.1.34 Log 139/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
90
2.1.35 Log general/icmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
90
2.1.36 Log general/CPE-T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
91
2.1.37 Log 8787/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
92
2.1.38 Log 8009/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
92
2.1.39 Log 5900/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
93
2.1.40 Log 53/udp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
94
2.1.41 Log 514/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
94
2.1.42 Log 513/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
95
2.1.43 Log 445/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
95
2.1.44 Log 23/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
97
2.1.45 Log 1524/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
99
2.1.46 Log 137/udp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
2.1.47 Log 111/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
2.1.48 Log 1099/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
RESULTS PER HOST
Result Overview
Host
192.168.233.133
METASPLOITABLE
Total: 1
High
20
Medium
27
Low
5
Log
54
False Positive
0
20
27
54
Vendor security updates are not trusted.
Overrides are on. When a result has an override, this report uses the threat of the override.
Notes are included in the report.
This report might not show details of all issues that were found.
It only lists hosts that produced issues.
Issues with the threat level Debug are not shown.
This report contains all 106 results selected by the filtering described above. Before filtering
there were 106 results.
2
2.1
Results per Host
192.168.233.133
Host scan start
Host scan end
Tue Mar 3 21:48:03 2015 UTC
Tue Mar 3 22:11:21 2015 UTC
Service (Port)
6000/tcp
2121/tcp
21/tcp
2049/udp
3632/tcp
3306/tcp
5432/tcp
22/tcp
80/tcp
6667/tcp
6200/tcp
2121/tcp
21/tcp
3306/tcp
5432/tcp
80/tcp
25/tcp
53/tcp
512/tcp
. . . (continues) . . .
Threat Level
High
High
High
High
High
High
High
High
High
High
High
Medium
Medium
Medium
Medium
Medium
Medium
Medium
Medium
RESULTS PER HOST
4
. . . (continued) . . .
Service (Port)
Threat Level
3306/tcp
Low
5432/tcp
Low
general/tcp
Low
139/tcp
Low
2121/tcp
Log
21/tcp
Log
3306/tcp
Log
5432/tcp
Log
22/tcp
Log
80/tcp
Log
6667/tcp
Log
25/tcp
Log
53/tcp
Log
general/tcp
Log
139/tcp
Log
general/icmp
Log
general/CPE-T Log
8787/tcp
Log
8009/tcp
Log
5900/tcp
Log
53/udp
Log
514/tcp
Log
513/tcp
Log
445/tcp
Log
23/tcp
Log
1524/tcp
Log
137/udp
Log
111/tcp
Log
1099/tcp
Log
2.1.1
High 6000/tcp
High (CVSS: 10.0)
NVT: X Server
Summary
This plugin detects X Window servers.
X11 is a client - server protocol. Basically, the server is in charge of the
screen, and the clients connect to it and send several requests like drawing
a window or a menu, and the server sends events back to the clients, such as
mouse clicks, key strokes, and so on...
An improperly configured X server will accept connections from clients from
anywhere. This allows an attacker to make a client connect to the X server to
record the keystrokes of the user, which may contain sensitive information,
. . . continues on next page . . .
RESULTS PER HOST
. . . continued from previous page . . .
such as account passwords.
This can be prevented by using xauth, MIT cookies, or preventing
the X server from listening on TCP (a Unix sock is used for local
connections)
OID of test routine: 1.3.6.1.4.1.25623.1.0.10407
Vulnerability Detection Result
This X server does *not* allow any client to connect to it
however it is recommended that you filter incoming connections
to this port as attacker may send garbage data and slow down
your X session or even kill the server.
Here is the server version : 11.0
Here is the message we received : Client is not authorized
Solution: filter incoming connections to ports 6000-6009
Vulnerability Detection Method
Details:X Server
OID:1.3.6.1.4.1.25623.1.0.10407
Version used: $Revision: 41 $
References
CVE: CVE-1999-0526
[ return to 192.168.233.133 ]
2.1.2
High 2121/tcp
High (CVSS: 10.0)
NVT: ProFTPD Multiple Remote Vulnerabilities
Summary
The host is running ProFTPD and is prone to multiple vulnerabilities.
OID of test routine: 1.3.6.1.4.1.25623.1.0.801639
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
. . . continues on next page . . .
RESULTS PER HOST
6
. . . continued from previous page . . .
Impact
Successful exploitation may allow execution of arbitrary code or cause a
denial-of-service.
Impact Level: Application
Solution
Upgrade to ProFTPD version 1.3.3c or later,
For updates refer to http://www.proftpd.org/
Vulnerability Insight
- An input validation error within the mod_site_misc module can be exploited
to create and delete directories, create symlinks, and change the time of
files located outside a writable directory.
- A logic error within the pr_netio_telnet_gets() function in src/netio.c
when processing user input containing the Telnet IAC escape sequence can be
exploited to cause a stack-based buffer overflow by sending specially
crafted input to the FTP or FTPS service.
Vulnerability Detection Method
Details:ProFTPD Multiple Remote Vulnerabilities
OID:1.3.6.1.4.1.25623.1.0.801639
Version used: $Revision: 971 $
References
CVE: CVE-2010-3867, CVE-2010-4221
BID:44562
Other:
URL:http://secunia.com/advisories/42052
URL:http://bugs.proftpd.org/show_bug.cgi?id=3519
URL:http://bugs.proftpd.org/show_bug.cgi?id=3521
URL:http://www.zerodayinitiative.com/advisories/ZDI-10-229/
High (CVSS: 7.5)
NVT: ProFTPD Server SQL Injection Vulnerability
Summary
This host is running ProFTPD Server and is prone to remote
SQL Injection vulnerability.
OID of test routine: 1.3.6.1.4.1.25623.1.0.900507
. . . continues on next page . . .
RESULTS PER HOST
7
. . . continued from previous page . . .
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Impact
Successful exploitation will allow remote attackers to execute arbitrary
SQL commands, thus gaining access to random user accounts.
Solution
Upgrade to the latest version 1.3.2rc3,
http://www.proftpd.org/
Vulnerability Insight
This flaw occurs because the server performs improper input sanitising,
- when a %(percent) character is passed in the username, a single quote
() gets introduced during variable substitution by mod_sql and this
eventually allows for an SQL injection during login.
- when NLS support is enabled, a flaw in variable substition feature in
mod_sql_mysql and mod_sql_postgres may allow an attacker to bypass
SQL injection protection mechanisms via invalid, encoded multibyte
characters.
Vulnerability Detection Method
Details:ProFTPD Server SQL Injection Vulnerability
OID:1.3.6.1.4.1.25623.1.0.900507
Version used: $Revision: 15 $
References
CVE: CVE-2009-0542, CVE-2009-0543
BID:33722
Other:
URL:http://www.milw0rm.com/exploits/8037
URL:http://www.securityfocus.com/archive/1/archive/1/500833/100/0/threaded
URL:http://www.securityfocus.com/archive/1/archive/1/500851/100/0/threaded
[ return to 192.168.233.133 ]
2.1.3
High 21/tcp
RESULTS PER HOST
High (CVSS: 10.0)
NVT: ProFTPD Multiple Remote Vulnerabilities
Summary
The host is running ProFTPD and is prone to multiple vulnerabilities.
OID of test routine: 1.3.6.1.4.1.25623.1.0.801639
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Impact
Successful exploitation may allow execution of arbitrary code or cause a
denial-of-service.
Impact Level: Application
Solution
Upgrade to ProFTPD version 1.3.3c or later,
For updates refer to http://www.proftpd.org/
Vulnerability Insight
- An input validation error within the mod_site_misc module can be exploited
to create and delete directories, create symlinks, and change the time of
files located outside a writable directory.
- A logic error within the pr_netio_telnet_gets() function in src/netio.c
when processing user input containing the Telnet IAC escape sequence can be
exploited to cause a stack-based buffer overflow by sending specially
crafted input to the FTP or FTPS service.
Vulnerability Detection Method
Details:ProFTPD Multiple Remote Vulnerabilities
OID:1.3.6.1.4.1.25623.1.0.801639
Version used: $Revision: 971 $
References
CVE: CVE-2010-3867, CVE-2010-4221
BID:44562
Other:
URL:http://secunia.com/advisories/42052
URL:http://bugs.proftpd.org/show_bug.cgi?id=3519
. . . continues on next page . . .
RESULTS PER HOST
. . . continued from previous page . . .
URL:http://bugs.proftpd.org/show_bug.cgi?id=3521
URL:http://www.zerodayinitiative.com/advisories/ZDI-10-229/
High (CVSS: 7.5)
NVT: vsftpd Compromised Source Packages Backdoor Vulnerability
Summary
vsftpd is prone to a backdoor vulnerability.
Attackers can exploit this issue to execute arbitrary commands in the
context of the application. Successful attacks will compromise the
affected application.
The vsftpd 2.3.4 source package is affected.
OID of test routine: 1.3.6.1.4.1.25623.1.0.103185
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Solution
The repaired package can be downloaded from
https://security.appspot.com/vsftpd.html. Please validate the package
with its signature.
Vulnerability Detection Method
Details:vsftpd Compromised Source Packages Backdoor Vulnerability
OID:1.3.6.1.4.1.25623.1.0.103185
Version used: $Revision: 13 $
References
BID:48539
Other:
URL:http://www.securityfocus.com/bid/48539
URL:http://scarybeastsecurity.blogspot.com/2011/07/alert-vsftpd-download-back
,doored.html
URL:https://security.appspot.com/vsftpd.html
URL:http://vsftpd.beasts.org/
. . . continues on next page . . .
RESULTS PER HOST
10
. . . continued from previous page . . .
High (CVSS: 7.5)
NVT: ProFTPD Server SQL Injection Vulnerability
Summary
This host is running ProFTPD Server and is prone to remote
SQL Injection vulnerability.
OID of test routine: 1.3.6.1.4.1.25623.1.0.900507
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Impact
Successful exploitation will allow remote attackers to execute arbitrary
SQL commands, thus gaining access to random user accounts.
Solution
Upgrade to the latest version 1.3.2rc3,
http://www.proftpd.org/
Vulnerability Insight
This flaw occurs because the server performs improper input sanitising,
- when a %(percent) character is passed in the username, a single quote
() gets introduced during variable substitution by mod_sql and this
eventually allows for an SQL injection during login.
- when NLS support is enabled, a flaw in variable substition feature in
mod_sql_mysql and mod_sql_postgres may allow an attacker to bypass
SQL injection protection mechanisms via invalid, encoded multibyte
characters.
Vulnerability Detection Method
Details:ProFTPD Server SQL Injection Vulnerability
OID:1.3.6.1.4.1.25623.1.0.900507
Version used: $Revision: 15 $
References
CVE: CVE-2009-0542, CVE-2009-0543
BID:33722
. . . continues on next page . . .
RESULTS PER HOST
11
. . . continued from previous page . . .
Other:
URL:http://www.milw0rm.com/exploits/8037
URL:http://www.securityfocus.com/archive/1/archive/1/500833/100/0/threaded
URL:http://www.securityfocus.com/archive/1/archive/1/500851/100/0/threaded
[ return to 192.168.233.133 ]
2.1.4
High 2049/udp
High (CVSS: 10.0)
NVT: NFS export
Summary
This plugin lists NFS exported shares, and warns if some of
them are readable.
It also warns if the remote NFS server is superfluous.
Tested on Ubuntu/Debian mountd
OID of test routine: 1.3.6.1.4.1.25623.1.0.102014
Vulnerability Detection Result
Here is the export list of 192.168.233.133 :
/ *
Please check the permissions of this exports.
Vulnerability Detection Method
Details:NFS export
OID:1.3.6.1.4.1.25623.1.0.102014
Version used: $Revision: 43 $
References
CVE: CVE-1999-0554, CVE-1999-0548
[ return to 192.168.233.133 ]
2.1.5
High 3632/tcp
High (CVSS: 9.3)
NVT: distcc Remote Code Execution Vulnerability
. . . continues on next page . . .
RESULTS PER HOST
12
. . . continued from previous page . . .
Summary
distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict
access to the server port, allows remote attackers to execute arbitrary
commands via compilation jobs, which are executed by the server without
authorization checks.
OID of test routine: 1.3.6.1.4.1.25623.1.0.103553
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Solution
Vendor updates are available. Please see the references for more
information.
Vulnerability Detection Method
Details:distcc Remote Code Execution Vulnerability
OID:1.3.6.1.4.1.25623.1.0.103553
Version used: $Revision: 12 $
References
CVE: CVE-2004-2687
Other:
URL:http://distcc.samba.org/security.html
URL:http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2687
URL:http://www.osvdb.org/13378
URL:http://archives.neohapsis.com/archives/bugtraq/2005-03/0183.html
High (CVSS: 8.5)
NVT: DistCC Detection
Summary
distcc is a program to distribute builds of C, C++, Objective C or
Objective C++ code across several machines on a network.
distcc should always generate the same results as a local build, is simple
to install and use, and is often two or more times faster than a local compile.
distcc by default trusts its clients completely that in turn could
allow a malicious client to execute arbitrary commands on the server.
For more information about DistCCs security see:
http://distcc.samba.org/security.html
. . . continues on next page . . .
RESULTS PER HOST
13
. . . continued from previous page . . .
OID of test routine: 1.3.6.1.4.1.25623.1.0.12638
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Vulnerability Detection Method
Details:DistCC Detection
OID:1.3.6.1.4.1.25623.1.0.12638
Version used: $Revision: 17 $
[ return to 192.168.233.133 ]
2.1.6
High 3306/tcp
High (CVSS: 9.3)
NVT: MySQL 5.x Unspecified Buffer Overflow Vulnerability
Product detection result
cpe:/a:mysql:mysql:5.0.51a
Detected by MySQL/MariaDB Detection (OID: 1.3.6.1.4.1.25623.1.0.100152)
Summary
MySQL is prone to a buffer-overflow vulnerability because if fails to
perform adequate boundary checks on user-supplied data.
An attacker can leverage this issue to execute arbitrary code within
the context of the vulnerable application. Failed exploit attempts
will result in a denial-of-service condition.
This issue affects MySQL 5.x
other versions may also be vulnerable.
OID of test routine: 1.3.6.1.4.1.25623.1.0.100271
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Vulnerability Detection Method
Details:MySQL 5.x Unspecified Buffer Overflow Vulnerability
. . . continues on next page . . .
RESULTS PER HOST
14
. . . continued from previous page . . .
OID:1.3.6.1.4.1.25623.1.0.100271
Version used: $Revision: 1046 $
Product Detection Result Product: cpe:/a:mysql:mysql:5.0.51a
Method: MySQL/MariaDB Detection
OID: 1.3.6.1.4.1.25623.1.0.100152
References
BID:36242
Other:
URL:http://www.securityfocus.com/bid/36242
URL:http://www.mysql.com/
URL:http://intevydis.com/company.shtml
High (CVSS: 8.5)
NVT: MySQL sql parse.cc Multiple Format String Vulnerabilities
Product detection result
cpe:/a:mysql:mysql:5.0.51a
Detected by MySQL/MariaDB Detection (OID: 1.3.6.1.4.1.25623.1.0.100152)
Summary
The host is running MySQL and is prone to Multiple Format String
vulnerabilities.
OID of test routine: 1.3.6.1.4.1.25623.1.0.800842
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Impact
Successful exploitation could allow remote authenticated users to cause a Denial
of Service and possibly have unspecified other attacks.
Impact Level: Application
Solution
Upgrade to MySQL version 5.1.36 or later
http://dev.mysql.com/downloads
. . . continues on next page . . .
RESULTS PER HOST
15
. . . continued from previous page . . .
Vulnerability Insight
The flaws are due to error in the dispatch_command function in sql_parse.cc
in libmysqld/ which can caused via format string specifiers in a database name
in a COM_CREATE_DB or COM_DROP_DB request.
Vulnerability Detection Method
Details:MySQL sql_parse.cc Multiple Format String Vulnerabilities
OID:1.3.6.1.4.1.25623.1.0.800842
Version used: $Revision: 1046 $
Product Detection Result Product: cpe:/a:mysql:mysql:5.0.51a
Method: MySQL/MariaDB Detection
OID: 1.3.6.1.4.1.25623.1.0.100152
References
CVE: CVE-2009-2446
BID:35609
Other:
URL:http://www.osvdb.org/55734
URL:http://secunia.com/advisories/35767
URL:http://xforce.iss.net/xforce/xfdb/51614
URL:http://www.securityfocus.com/archive/1/archive/1/504799/100/0/threaded
High (CVSS: 7.5)
NVT: MySQL 5.0.51a Unspecified Remote Code Execution Vulnerability
Product detection result
cpe:/a:mysql:mysql:5.0.51a
Detected by MySQL/MariaDB Detection (OID: 1.3.6.1.4.1.25623.1.0.100152)
Summary
MySQL 5.0.51a is prone to an unspecified remote code-execution
vulnerability.
Very few technical details are currently available.
An attacker can leverage this issue to execute arbitrary code within
the context of the vulnerable application. Failed exploit attempts
will result in a denial-of-service condition.
This issue affects MySQL 5.0.51a
other versions may also be
vulnerable.
. . . continues on next page . . .
RESULTS PER HOST
16
. . . continued from previous page . . .
OID of test routine: 1.3.6.1.4.1.25623.1.0.100436
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Vulnerability Detection Method
Details:MySQL 5.0.51a Unspecified Remote Code Execution Vulnerability
OID:1.3.6.1.4.1.25623.1.0.100436
Version used: $Revision: 1046 $
Product Detection Result Product: cpe:/a:mysql:mysql:5.0.51a
Method: MySQL/MariaDB Detection
OID: 1.3.6.1.4.1.25623.1.0.100152
References
CVE: CVE-2009-4484
BID:37640
Other:
URL:http://www.securityfocus.com/bid/37640
URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html
URL:http://www.mysql.com/
URL:http://intevydis.com/mysql_demo.html
[ return to 192.168.233.133 ]
2.1.7
High 5432/tcp
High (CVSS: 9.0)
NVT: PostgreSQL weak password
Product detection result
cpe:/a:postgresql:postgresql:8.3.1
Detected by PostgreSQL Detection (OID: 1.3.6.1.4.1.25623.1.0.100151)
Summary
It was possible to login into the remote PostgreSQL as user postgres using weak
,credentials.
. . . continues on next page . . .
RESULTS PER HOST
17
. . . continued from previous page . . .
OID of test routine: 1.3.6.1.4.1.25623.1.0.103552
Vulnerability Detection Result
Summary:
It was possible to login into the remote PostgreSQL as user postgres using weak
, credentials.
Solution:
Change the password as soon as possible.
It was possible to login as user postgres with password \"postgres\".
Solution
Change the password as soon as possible.
Vulnerability Detection Method
Details:PostgreSQL weak password
OID:1.3.6.1.4.1.25623.1.0.103552
Version used: $Revision: 12 $
Product Detection Result Product: cpe:/a:postgresql:postgresql:8.3.1
Method: PostgreSQL Detection
OID: 1.3.6.1.4.1.25623.1.0.100151
High (CVSS: 8.5)
NVT: PostgreSQL Multiple Security Vulnerabilities
Product detection result
cpe:/a:postgresql:postgresql:8.3.1
Detected by PostgreSQL Detection (OID: 1.3.6.1.4.1.25623.1.0.100151)
Summary
PostgreSQL is prone to multiple security vulnerabilities.
Attackers can exploit these issues to bypass certain security
restrictions and execute arbitrary Perl or Tcl code.
These issues affect versions prior to the following PostgreSQL
versions:
8.4.4
8.3.11
8.2.17
. . . continues on next page . . .
RESULTS PER HOST
18
. . . continued from previous page . . .
8.1.21
8.0.25
7.4.29
OID of test routine: 1.3.6.1.4.1.25623.1.0.100645
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Solution
Updates are available. Please see the references for more information.
Vulnerability Detection Method
Details:PostgreSQL Multiple Security Vulnerabilities
OID:1.3.6.1.4.1.25623.1.0.100645
Version used: $Revision: 14 $
Product Detection Result Product: cpe:/a:postgresql:postgresql:8.3.1
Method: PostgreSQL Detection
OID: 1.3.6.1.4.1.25623.1.0.100151
References
CVE: CVE-2010-1169, CVE-2010-1170, CVE-2010-1447
BID:40215
Other:
URL:http://www.securityfocus.com/bid/40215
URL:http://www.postgresql.org/about/news.1203
URL:http://www.postgresql.org/
URL:http://www.postgresql.org/support/security
[ return to 192.168.233.133 ]
2.1.8
High 22/tcp
High (CVSS: 9.0)
NVT: SSH Brute Force Logins with default Credentials
Summary
. . . continues on next page . . .
RESULTS PER HOST
19
. . . continued from previous page . . .
A number of known default credentials is tried for log in via SSH protocol.
OID of test routine: 1.3.6.1.4.1.25623.1.0.103239
Vulnerability Detection Result
It was possible to login with the following credentials <User>:<Password>
user:user
Solution
Change the password as soon as possible.
Vulnerability Detection Method
Details:SSH Brute Force Logins with default Credentials
OID:1.3.6.1.4.1.25623.1.0.103239
Version used: $Revision: 1034 $
[ return to 192.168.233.133 ]
2.1.9
High 80/tcp
High (CVSS: 7.5)
NVT: TikiWiki Versions Prior to 4.2 Multiple Unspecified Vulnerabilities
Product detection result
cpe:/a:tikiwiki:tikiwiki:1.9.5
Detected by TikiWiki Version Detection (OID: 1.3.6.1.4.1.25623.1.0.901001)
Summary
TikiWiki is prone to multiple unspecified vulnerabilities, including:
- An unspecified SQL-injection vulnerability
- An unspecified authentication-bypass vulnerability
- An unspecified vulnerability
Exploiting these issues could allow an attacker to compromise the
application, access or modify data, exploit latent vulnerabilities in
the underlying database, and gain unauthorized access to the affected
application. Other attacks are also possible.
Versions prior to TikiWiki 4.2 are vulnerable.
OID of test routine: 1.3.6.1.4.1.25623.1.0.100537
. . . continues on next page . . .
RESULTS PER HOST
20
. . . continued from previous page . . .
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Solution
The vendor has released an advisory and fixes. Please see the
references for details.
Vulnerability Detection Method
Details:TikiWiki Versions Prior to 4.2 Multiple Unspecified Vulnerabilities
OID:1.3.6.1.4.1.25623.1.0.100537
Version used: $Revision: 14 $
Product Detection Result Product: cpe:/a:tikiwiki:tikiwiki:1.9.5
Method: TikiWiki Version Detection
OID: 1.3.6.1.4.1.25623.1.0.901001
References
CVE: CVE-2010-1135, CVE-2010-1134, CVE-2010-1133, CVE-2010-1136
BID:38608
Other:
URL:http://www.securityfocus.com/bid/38608
URL:http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision
,=24734
URL:http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision
,=25046
URL:http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision
,=25424
URL:http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision
,=25435
URL:http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases
URL:http://info.tikiwiki.org/tiki-index.php?page=homepage
High (CVSS: 7.5)
NVT: PHP-CGI-based setups vulnerability when parsing query string parameters from php files.
Summary
When PHP is used in a CGI-based setup (such as Apaches mod_cgid), the
php-cgi receives a processed query string parameter as command line
arguments which allows command-line switches, such as -s, -d or -c to be
. . . continues on next page . . .
RESULTS PER HOST
21
. . . continued from previous page . . .
passed to the php-cgi binary, which can be exploited to disclose source
code and obtain arbitrary code execution.
An example of the -s command, allowing an attacker to view the source code
of index.php is below:
http://localhost/index.php?-s
OID of test routine: 1.3.6.1.4.1.25623.1.0.103482
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Vulnerability Detection Method
Details:PHP-CGI-based setups vulnerability when parsing query string parameters from ph.
,..
OID:1.3.6.1.4.1.25623.1.0.103482
Version used: $Revision: 117 $
References
CVE: CVE-2012-1823, CVE-2012-2311, CVE-2012-2336, CVE-2012-2335
BID:53388
Other:
URL:http://www.h-online.com/open/news/item/Critical-open-hole-in-PHP-creates-r
,isks-Update-1567532.html
URL:http://www.kb.cert.org/vuls/id/520827
URL:http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
URL:https://bugs.php.net/bug.php?id=61910
URL:http://www.php.net/manual/en/security.cgi-bin.php
High (CVSS: 7.5)
NVT: phpinfo() output accessible
Summary
Many PHP installation tutorials instruct the user to create
a file called phpinfo.php. This file is often times left in
the root directory after completion.
Some of the information that can be garnered from this file
includes: The username of the user who installed php, if they
are a SUDO user, the IP address of the host, the web server
version, The system version(unix / linux), and the root
directory of the web server.
. . . continues on next page . . .
RESULTS PER HOST
22
. . . continued from previous page . . .
OID of test routine: 1.3.6.1.4.1.25623.1.0.11229
Vulnerability Detection Result
The following files are calling the function phpinfo() which
disclose potentially sensitive information to the remote attacker :
/phpinfo.php
Solution: Delete them or restrict access to them
Solution
remove it
Vulnerability Detection Method
Details:phpinfo() output accessible
OID:1.3.6.1.4.1.25623.1.0.11229
Version used: $Revision: 966 $
[ return to 192.168.233.133 ]
2.1.10
High 6667/tcp
High (CVSS: 7.5)
NVT: Check for Backdoor in unrealircd
Summary
Detection of backdoor in unrealircd.
OID of test routine: 1.3.6.1.4.1.25623.1.0.80111
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Solution
Install latest version of unrealircd and check signatures of software
youre installing.
Vulnerability Insight
Remote attackers can exploit this issue to execute arbitrary system
. . . continues on next page . . .
RESULTS PER HOST
23
. . . continued from previous page . . .
commands within the context of the affected application.
The issue affects Unreal 3.2.8.1 for Linux. Reportedly package
Unreal3.2.8.1.tar.gz downloaded in November 2009 and later is
affected. The MD5 sum of the affected file is
752e46f2d873c1679fa99de3f52a274d. Files with MD5 sum of
7b741e94e867c0a7370553fd01506c66 are not affected.
Vulnerability Detection Method
Details:Check for Backdoor in unrealircd
OID:1.3.6.1.4.1.25623.1.0.80111
Version used: $Revision: 14 $
References
CVE: CVE-2010-2075
BID:40820
Other:
URL:http://www.unrealircd.com/txt/unrealsecadvisory.20100612.txt
URL:http://seclists.org/fulldisclosure/2010/Jun/277
URL:http://www.securityfocus.com/bid/40820
[ return to 192.168.233.133 ]
2.1.11
High 6200/tcp
High (CVSS: 7.5)
NVT: vsftpd Compromised Source Packages Backdoor Vulnerability
Summary
vsftpd is prone to a backdoor vulnerability.
Attackers can exploit this issue to execute arbitrary commands in the
context of the application. Successful attacks will compromise the
affected application.
The vsftpd 2.3.4 source package is affected.
OID of test routine: 1.3.6.1.4.1.25623.1.0.103185
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Solution
. . . continues on next page . . .
RESULTS PER HOST
24
. . . continued from previous page . . .
The repaired package can be downloaded from
https://security.appspot.com/vsftpd.html. Please validate the package
with its signature.
Vulnerability Detection Method
Details:vsftpd Compromised Source Packages Backdoor Vulnerability
OID:1.3.6.1.4.1.25623.1.0.103185
Version used: $Revision: 13 $
References
BID:48539
Other:
URL:http://www.securityfocus.com/bid/48539
URL:http://scarybeastsecurity.blogspot.com/2011/07/alert-vsftpd-download-back
,doored.html
URL:https://security.appspot.com/vsftpd.html
URL:http://vsftpd.beasts.org/
[ return to 192.168.233.133 ]
2.1.12
Medium 2121/tcp
Medium (CVSS: 6.8)
NVT: ProFTPD Long Command Handling Security Vulnerability
Summary
The host is running ProFTPD Server, which is prone to cross-site
request forgery vulnerability.
OID of test routine: 1.3.6.1.4.1.25623.1.0.900133
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Impact
This can be exploited to execute arbitrary FTP commands on another
users session privileges.
Impact Level : Application
. . . continues on next page . . .
RESULTS PER HOST
25
. . . continued from previous page . . .
Solution
Fixed is available in the SVN repository,
http://www.proftpd.org/cvs.html
*****
NOTE : Ignore this warning, if above mentioned fix is applied already.
*****
Vulnerability Insight
The flaw exists due to the application truncating an overly long FTP command,
and improperly interpreting the remainder string as a new FTP command.
Vulnerability Detection Method
Details:ProFTPD Long Command Handling Security Vulnerability
OID:1.3.6.1.4.1.25623.1.0.900133
Version used: $Revision: 16 $
References
CVE: CVE-2008-4242
BID:31289
Other:
URL:http://secunia.com/advisories/31930/
URL:http://bugs.proftpd.org/show_bug.cgi?id=3115
Medium (CVSS: 5.8)
NVT: ProFTPD mod tls Module NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
Summary
ProFTPD is prone to a security-bypass vulnerability because the
application fails to properly validate the domain name in a signed CA
certificate, allowing attackers to substitute malicious SSL
certificates for trusted ones.
Successful exploits allows attackers to perform man-in-themiddle attacks or impersonate trusted servers, which will aid in
further attacks.
Versions prior to ProFTPD 1.3.2b and 1.3.3 to 1.3.3.rc1 are vulnerable.
OID of test routine: 1.3.6.1.4.1.25623.1.0.100316
Vulnerability Detection Result
. . . continues on next page . . .
RESULTS PER HOST
26
. . . continued from previous page . . .
Vulnerability was detected according to the Vulnerability Detection Method.
Solution
Updates are available. Please see the references for details.
Vulnerability Detection Method
Details:ProFTPD mod_tls Module NULL Character CA SSL Certificate Validation Security By.
,..
OID:1.3.6.1.4.1.25623.1.0.100316
Version used: $Revision: 15 $
References
CVE: CVE-2009-3639
BID:36804
Other:
URL:http://www.securityfocus.com/bid/36804
URL:http://bugs.proftpd.org/show_bug.cgi?id=3275
URL:http://www.proftpd.org
Medium (CVSS: 4.0)
NVT: ProFTPD Denial of Service Vulnerability
Summary
The host is running ProFTPD and is prone to denial of service
vulnerability.
OID of test routine: 1.3.6.1.4.1.25623.1.0.801640
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Impact
Successful exploitation will allow attackers to cause a denial of service.
Impact Level: Application
Solution
Upgrade to ProFTPD version 1.3.2rc3 or later,
For updates refer to http://www.proftpd.org/
. . . continues on next page . . .
RESULTS PER HOST
27
. . . continued from previous page . . .
Vulnerability Insight
The flaw is due to an error in pr_data_xfer() function which allows
remote authenticated users to cause a denial of service (CPU consumption)
via an ABOR command during a data transfer.
Vulnerability Detection Method
Details:ProFTPD Denial of Service Vulnerability
OID:1.3.6.1.4.1.25623.1.0.801640
Version used: $Revision: 971 $
References
CVE: CVE-2008-7265
Other:
URL:http://bugs.proftpd.org/show_bug.cgi?id=3131
[ return to 192.168.233.133 ]
2.1.13
Medium 21/tcp
Medium (CVSS: 5.8)
NVT: ProFTPD mod tls Module NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
Summary
ProFTPD is prone to a security-bypass vulnerability because the
application fails to properly validate the domain name in a signed CA
certificate, allowing attackers to substitute malicious SSL
certificates for trusted ones.
Successful exploits allows attackers to perform man-in-themiddle attacks or impersonate trusted servers, which will aid in
further attacks.
Versions prior to ProFTPD 1.3.2b and 1.3.3 to 1.3.3.rc1 are vulnerable.
OID of test routine: 1.3.6.1.4.1.25623.1.0.100316
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
. . . continues on next page . . .
RESULTS PER HOST
28
. . . continued from previous page . . .
Solution
Updates are available. Please see the references for details.
Vulnerability Detection Method
Details:ProFTPD mod_tls Module NULL Character CA SSL Certificate Validation Security By.
,..
OID:1.3.6.1.4.1.25623.1.0.100316
Version used: $Revision: 15 $
References
CVE: CVE-2009-3639
BID:36804
Other:
URL:http://www.securityfocus.com/bid/36804
URL:http://bugs.proftpd.org/show_bug.cgi?id=3275
URL:http://www.proftpd.org
Medium (CVSS: 4.0)
NVT: ProFTPD Denial of Service Vulnerability
Summary
The host is running ProFTPD and is prone to denial of service
vulnerability.
OID of test routine: 1.3.6.1.4.1.25623.1.0.801640
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Impact
Successful exploitation will allow attackers to cause a denial of service.
Impact Level: Application
Solution
Upgrade to ProFTPD version 1.3.2rc3 or later,
For updates refer to http://www.proftpd.org/
Vulnerability Insight
. . . continues on next page . . .
RESULTS PER HOST
29
. . . continued from previous page . . .
The flaw is due to an error in pr_data_xfer() function which allows
remote authenticated users to cause a denial of service (CPU consumption)
via an ABOR command during a data transfer.
Vulnerability Detection Method
Details:ProFTPD Denial of Service Vulnerability
OID:1.3.6.1.4.1.25623.1.0.801640
Version used: $Revision: 971 $
References
CVE: CVE-2008-7265
Other:
URL:http://bugs.proftpd.org/show_bug.cgi?id=3131
[ return to 192.168.233.133 ]
2.1.14
Medium 3306/tcp
Medium (CVSS: 6.8)
NVT: MySQL Denial Of Service and Spoofing Vulnerabilities
Product detection result
cpe:/a:mysql:mysql:5.0.51a
Detected by MySQL/MariaDB Detection (OID: 1.3.6.1.4.1.25623.1.0.100152)
Summary
The host is running MySQL and is prone to Denial Of Service
and Spoofing Vulnerabilities
OID of test routine: 1.3.6.1.4.1.25623.1.0.801064
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Impact
Successful exploitation could allow users to cause a Denial of Service and
man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via
a crafted certificate.
Impact Level: Application
. . . continues on next page . . .
RESULTS PER HOST
30
. . . continued from previous page . . .
Solution
Upgrade to MySQL version 5.0.88 or 5.1.41
For updates refer to http://dev.mysql.com/downloads
Vulnerability Insight
The flaws are due to:
- mysqld does not properly handle errors during execution of certain SELECT
statements with subqueries, and does not preserve certain null_value flags
during execution of statements that use the GeomFromWKB() function.
- An error in vio_verify_callback() function in viosslfactories.c, when
OpenSSL is used, accepts a value of zero for the depth of X.509 certificates
,.
Vulnerability Detection Method
Details:MySQL Denial Of Service and Spoofing Vulnerabilities
OID:1.3.6.1.4.1.25623.1.0.801064
Version used: $Revision: 15 $
Product Detection Result Product: cpe:/a:mysql:mysql:5.0.51a
Method: MySQL/MariaDB Detection
OID: 1.3.6.1.4.1.25623.1.0.100152
References
CVE: CVE-2009-4019, CVE-2009-4028
Other:
URL:http://bugs.mysql.com/47780
URL:http://bugs.mysql.com/47320
URL:http://marc.info/?l=oss-security&m=125881733826437&w=2
URL:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html
Medium (CVSS: 6.5)
NVT: MySQL Multiple Vulnerabilities
Product detection result
cpe:/a:mysql:mysql:5.0.51a
Detected by MySQL/MariaDB Detection (OID: 1.3.6.1.4.1.25623.1.0.100152)
Summary
The host is running MySQL and is prone to multiple vulnerabilities.
. . . continues on next page . . .
RESULTS PER HOST
31
. . . continued from previous page . . .
OID of test routine: 1.3.6.1.4.1.25623.1.0.801355
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Impact
Successful exploitation could allow users to cause a denial of service and
to execute arbitrary code.
Impact Level: Application
Solution
Upgrade to MySQL version 5.0.91 or 5.1.47,
For updates refer to http://dev.mysql.com/downloads
Vulnerability Insight
The flaws are due to:
- An error in my_net_skip_rest() function in sql/net_serv.cc when handling
a large number of packets that exceed the maximum length, which allows remot
,e
attackers to cause a denial of service (CPU and bandwidth consumption).
- buffer overflow when handling COM_FIELD_LIST command with a long
table name, allows remote authenticated users to execute arbitrary code.
- directory traversal vulnerability when handling a .. (dot dot) in a
table name, which allows remote authenticated users to bypass intended
table grants to read field definitions of arbitrary tables.
Vulnerability Detection Method
Details:MySQL Multiple Vulnerabilities
OID:1.3.6.1.4.1.25623.1.0.801355
Version used: $Revision: 1046 $
Product Detection Result Product: cpe:/a:mysql:mysql:5.0.51a
Method: MySQL/MariaDB Detection
OID: 1.3.6.1.4.1.25623.1.0.100152
References
. . . continues on next page . . .
RESULTS PER HOST
32
. . . continued from previous page . . .
CVE: CVE-2010-1848, CVE-2010-1849, CVE-2010-1850
Other:
URL:http://securitytracker.com/alerts/2010/May/1024031.html
URL:http://securitytracker.com/alerts/2010/May/1024033.html
URL:http://securitytracker.com/alerts/2010/May/1024032.html
URL:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html
URL:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html
Medium (CVSS: 6.0)
NVT: MySQL Authenticated Access Restrictions Bypass Vulnerability (Linux)
Product detection result
cpe:/a:mysql:mysql:5.0.51a
Detected by MySQL/MariaDB Detection (OID: 1.3.6.1.4.1.25623.1.0.100152)
Summary
The host is running MySQL and is prone to Access Restrictions Bypass
Vulnerability
OID of test routine: 1.3.6.1.4.1.25623.1.0.801065
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Impact
Successful exploitation could allow users to bypass intended access restrictions
by calling CREATE TABLE with DATA DIRECTORY or INDEX DIRECTORY argument refer
,ring
to a subdirectory.
Impact Level: Application
Solution
Upgrade to MySQL version 5.0.88 or 5.1.41 or 6.0.9-alpha
For updates refer to http://dev.mysql.com/downloads
Vulnerability Insight
The flaw is due to an error in sql/sql_table.cc, when the data home directory
contains a symlink to a different filesystem.
. . . continues on next page . . .
RESULTS PER HOST
33
. . . continued from previous page . . .
Vulnerability Detection Method
Details:MySQL Authenticated Access Restrictions Bypass Vulnerability (Linux)
OID:1.3.6.1.4.1.25623.1.0.801065
Version used: $Revision: 1046 $
Product Detection Result Product: cpe:/a:mysql:mysql:5.0.51a
Method: MySQL/MariaDB Detection
OID: 1.3.6.1.4.1.25623.1.0.100152
References
CVE: CVE-2008-7247
Other:
URL:http://lists.mysql.com/commits/59711
URL:http://bugs.mysql.com/bug.php?id=39277
URL:http://marc.info/?l=oss-security&m=125908040022018&w=2
Medium (CVSS: 4.6)
NVT: MySQL MyISAM Table Privileges Secuity Bypass Vulnerability
Product detection result
cpe:/a:mysql:mysql:5.0.51a
Detected by MySQL/MariaDB Detection (OID: 1.3.6.1.4.1.25623.1.0.100152)
Summary
According to its version number, the remote version of MySQL is
prone to a security-bypass vulnerability.
An attacker can exploit this issue to gain access to table files created by
other users, bypassing certain security restrictions.
NOTE 1: This issue was also assigned CVE-2008-4097 because
CVE-2008-2079 was incompletely fixed, allowing symlink attacks.
NOTE 2: CVE-2008-4098 was assigned because fixes for the vector
described in CVE-2008-4097 can also be bypassed.
This issue affects versions prior to MySQL 4 (prior to 4.1.24) and
MySQL 5 (prior to 5.0.60).
OID of test routine: 1.3.6.1.4.1.25623.1.0.100156
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
. . . continues on next page . . .
RESULTS PER HOST
34
. . . continued from previous page . . .
Solution
Updates are available. Update to newer Version.
Vulnerability Detection Method
Details:MySQL MyISAM Table Privileges Secuity Bypass Vulnerability
OID:1.3.6.1.4.1.25623.1.0.100156
Version used: $Revision: 1046 $
Product Detection Result Product: cpe:/a:mysql:mysql:5.0.51a
Method: MySQL/MariaDB Detection
OID: 1.3.6.1.4.1.25623.1.0.100152
References
CVE: CVE-2008-2079, CVE-2008-4097, CVE-2008-4098
BID:29106
Other:
URL:http://www.securityfocus.com/bid/29106
Medium (CVSS: 4.4)
NVT: MySQL multiple Vulnerabilities
Product detection result
cpe:/a:mysql:mysql:5.0.51a
Detected by MySQL/MariaDB Detection (OID: 1.3.6.1.4.1.25623.1.0.100152)
Summary
MySQL is prone to a security-bypass vulnerability and to to a local
privilege-escalation vulnerability.
An attacker can exploit the security-bypass issue to bypass certain
security restrictions and obtain sensitive information that may lead
to further attacks.
Local attackers can exploit the local privilege-escalation issue to
gain elevated privileges on the affected computer.
Versions prior to MySQL 5.1.41 are vulnerable.
OID of test routine: 1.3.6.1.4.1.25623.1.0.100356
. . . continues on next page . . .
RESULTS PER HOST
35
. . . continued from previous page . . .
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Solution
Updates are available. Please see the references for details.
Vulnerability Detection Method
Details:MySQL multiple Vulnerabilities
OID:1.3.6.1.4.1.25623.1.0.100356
Version used: $Revision: 1046 $
Product Detection Result Product: cpe:/a:mysql:mysql:5.0.51a
Method: MySQL/MariaDB Detection
OID: 1.3.6.1.4.1.25623.1.0.100152
References
CVE: CVE-2009-4030
BID:37075
Other:
URL:http://www.securityfocus.com/bid/37076
URL:http://www.securityfocus.com/bid/37075
URL:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html
URL:http://www.mysql.com/
Medium (CVSS: 4.0)
NVT: Oracle MySQL TEMPORARY InnoDB Tables Denial Of Service Vulnerability
Product detection result
cpe:/a:mysql:mysql:5.0.51a
Detected by MySQL/MariaDB Detection (OID: 1.3.6.1.4.1.25623.1.0.100152)
Summary
MySQL is prone to a denial-of-service vulnerability.
An attacker can exploit these issues to crash the database, denying
access to legitimate users.
This issues affect versions prior to MySQL 5.1.49.
OID of test routine: 1.3.6.1.4.1.25623.1.0.100763
. . . continues on next page . . .
RESULTS PER HOST
36
. . . continued from previous page . . .
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Solution
Updates are available. Please see the references for more information.
Vulnerability Detection Method
Details:Oracle MySQL TEMPORARY InnoDB Tables Denial Of Service Vulnerability
OID:1.3.6.1.4.1.25623.1.0.100763
Version used: $Revision: 1046 $
Product Detection Result Product: cpe:/a:mysql:mysql:5.0.51a
Method: MySQL/MariaDB Detection
OID: 1.3.6.1.4.1.25623.1.0.100152
References
CVE: CVE-2010-3680
BID:42598
Other:
URL:https://www.securityfocus.com/bid/42598
URL:http://bugs.mysql.com/bug.php?id=54044
URL:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html
URL:http://www.mysql.com/
Medium (CVSS: 4.0)
NVT: Oracle MySQL Prior to 5.1.49 Multiple Denial Of Service Vulnerabilities
Product detection result
cpe:/a:mysql:mysql:5.0.51a
Detected by MySQL/MariaDB Detection (OID: 1.3.6.1.4.1.25623.1.0.100152)
Summary
MySQL is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to crash the database, denying
access to legitimate users.
This issue affects versions prior to MySQL 5.1.49.
OID of test routine: 1.3.6.1.4.1.25623.1.0.100785
. . . continues on next page . . .
RESULTS PER HOST
37
. . . continued from previous page . . .
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Solution
Updates are available. Please see the references for more information.
Vulnerability Detection Method
Details:Oracle MySQL Prior to 5.1.49 Multiple Denial Of Service Vulnerabilities
OID:1.3.6.1.4.1.25623.1.0.100785
Version used: $Revision: 1046 $
Product Detection Result Product: cpe:/a:mysql:mysql:5.0.51a
Method: MySQL/MariaDB Detection
OID: 1.3.6.1.4.1.25623.1.0.100152
References
CVE: CVE-2010-3677
BID:42646, 42633, 42643, 42598, 42596, 42638, 42599, 42625
Other:
URL:https://www.securityfocus.com/bid/42646
URL:https://www.securityfocus.com/bid/42633
URL:https://www.securityfocus.com/bid/42643
URL:https://www.securityfocus.com/bid/42598
URL:https://www.securityfocus.com/bid/42596
URL:https://www.securityfocus.com/bid/42638
URL:https://www.securityfocus.com/bid/42599
URL:https://www.securityfocus.com/bid/42625
URL:http://bugs.mysql.com/bug.php?id=54575
URL:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html
URL:http://www.mysql.com/
Medium (CVSS: 4.0)
NVT: MySQL Empty Bit-String Literal Denial of Service Vulnerability
Product detection result
cpe:/a:mysql:mysql:5.0.51a
Detected by MySQL/MariaDB Detection (OID: 1.3.6.1.4.1.25623.1.0.100152)
. . . continues on next page . . .
RESULTS PER HOST
38
. . . continued from previous page . . .
Summary
This host is running MySQL, which is prone to Denial of Service
Vulnerability.
OID of test routine: 1.3.6.1.4.1.25623.1.0.900221
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Impact
Successful exploitation by remote attackers could cause denying
access to legitimate users.
Impact Level : Application
Solution
Update to version 5.0.66 or 5.1.26 or 6.0.6 or later.
http://dev.mysql.com/downloads/
Vulnerability Insight
Issue is due to error while processing an empty bit string literal via
a specially crafted SQL statement.
Vulnerability Detection Method
Details:MySQL Empty Bit-String Literal Denial of Service Vulnerability
OID:1.3.6.1.4.1.25623.1.0.900221
Version used: $Revision: 1046 $
Product Detection Result Product: cpe:/a:mysql:mysql:5.0.51a
Method: MySQL/MariaDB Detection
OID: 1.3.6.1.4.1.25623.1.0.100152
References
CVE: CVE-2008-3963
BID:31081
Other:
URL:http://secunia.com/advisories/31769/
. . . continues on next page . . .
RESULTS PER HOST
39
. . . continued from previous page . . .
URL:http://bugs.mysql.com/bug.php?id=35658
URL:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html
[ return to 192.168.233.133 ]
2.1.15
Medium 5432/tcp
Medium (CVSS: 6.8)
NVT: PostgreSQL Multiple Security Vulnerabilities
Product detection result
cpe:/a:postgresql:postgresql:8.3.1
Detected by PostgreSQL Detection (OID: 1.3.6.1.4.1.25623.1.0.100151)
Summary
PostgreSQL is prone to multiple security vulnerabilities, including a
denial-of-service issue, a privilege-escalation issue, and an authenticationbypass issue.
Attackers can exploit these issues to shut down affected servers,
perform certain actions with elevated privileges, and bypass
authentication mechanisms to perform unauthorized actions. Other
attacks may also be possible.
OID of test routine: 1.3.6.1.4.1.25623.1.0.100273
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Solution
Updates are available. Please see the references for more information.
Vulnerability Detection Method
Details:PostgreSQL Multiple Security Vulnerabilities
OID:1.3.6.1.4.1.25623.1.0.100273
Version used: $Revision: 15 $
Product Detection Result Product: cpe:/a:postgresql:postgresql:8.3.1
Method: PostgreSQL Detection
. . . continues on next page . . .
RESULTS PER HOST
40
. . . continued from previous page . . .
OID: 1.3.6.1.4.1.25623.1.0.100151
References
CVE: CVE-2009-3229, CVE-2009-3230, CVE-2009-3231
BID:36314
Other:
URL:http://www.securityfocus.com/bid/36314
URL:https://bugzilla.redhat.com/show_bug.cgi?id=522085#c1
URL:http://www.postgresql.org/
URL:http://www.postgresql.org/support/security
URL:http://permalink.gmane.org/gmane.comp.security.oss.general/2088
Medium (CVSS: 6.8)
NVT: OpenSSL CCS Man in the Middle Security Bypass Vulnerability (STARTTLS Check)
Summary
OpenSSL is prone to security-bypass vulnerability.
OID of test routine: 1.3.6.1.4.1.25623.1.0.105043
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Impact
Successfully exploiting this issue may allow attackers to obtain
sensitive information by conducting a man-in-the-middle attack. This
may lead to other attacks.
Solution
Updates are available.
Vulnerability Insight
OpenSSL does not properly restrict processing of ChangeCipherSpec
messages, which allows man-in-the-middle attackers to trigger use of a
zero-length master key in certain OpenSSL-to-OpenSSL communications, and
consequently hijack sessions or obtain sensitive information, via a crafted
TLS handshake, aka the CCS Injection vulnerability.
Vulnerability Detection Method
. . . continues on next page . . .
RESULTS PER HOST
41
. . . continued from previous page . . .
Send two SSL ChangeCipherSpec request and check the response.
Details:OpenSSL CCS Man in the Middle Security Bypass Vulnerability (STARTTLS Check)
OID:1.3.6.1.4.1.25623.1.0.105043
Version used: $Revision: 494 $
References
CVE: CVE-2014-0224
BID:67899
Other:
URL:http://www.securityfocus.com/bid/67899
URL:http://openssl.org/
Medium (CVSS: 6.5)
NVT: PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
Product detection result
cpe:/a:postgresql:postgresql:8.3.1
Detected by PostgreSQL Detection (OID: 1.3.6.1.4.1.25623.1.0.100151)
Summary
PostgreSQL is prone to a security-bypass vulnerability because the
application fails to properly validate the domain name in a signed CA
certificate, allowing attackers to substitute malicious SSL
certificates for trusted ones.
Successfully exploiting this issue allows attackers to perform man-in-themiddle attacks or impersonate trusted servers, which will aid in
further attacks.
PostgreSQL is also prone to a local privilege-escalation vulnerability.
Exploiting this issue allows local attackers to gain elevated
privileges.
PostgreSQL versions prior to 8.4.2, 8.3.9, 8.2.15, 8.1.19, 8.0.23, and
7.4.27 are vulnerable to this issue.
OID of test routine: 1.3.6.1.4.1.25623.1.0.100400
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Solution
Updates are available. Please see the references for more information.
. . . continues on next page . . .
RESULTS PER HOST
42
. . . continued from previous page . . .
Vulnerability Detection Method
Details:PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnera.
,..
OID:1.3.6.1.4.1.25623.1.0.100400
Version used: $Revision: 15 $
Product Detection Result Product: cpe:/a:postgresql:postgresql:8.3.1
Method: PostgreSQL Detection
OID: 1.3.6.1.4.1.25623.1.0.100151
References
CVE: CVE-2009-4034, CVE-2009-4136
BID:37334, 37333
Other:
URL:http://www.securityfocus.com/bid/37334
URL:http://www.securityfocus.com/bid/37333
URL:http://www.postgresql.org
URL:http://www.postgresql.org/support/security
URL:http://www.postgresql.org/about/news.1170
Medium (CVSS: 6.5)
NVT: PostgreSQL bitsubstr Buffer Overflow Vulnerability
Product detection result
cpe:/a:postgresql:postgresql:8.3.1
Detected by PostgreSQL Detection (OID: 1.3.6.1.4.1.25623.1.0.100151)
Summary
PostgreSQL is prone to a buffer-overflow vulnerability because the
application fails to perform adequate boundary checks on usersupplied data.
Attackers can exploit this issue to execute arbitrary code with
elevated privileges or crash the affected application.
PostgreSQL version 8.0.x, 8.1.x, 8.3.x is vulnerable
other versions may also be affected.
OID of test routine: 1.3.6.1.4.1.25623.1.0.100470
. . . continues on next page . . .
RESULTS PER HOST
43
. . . continued from previous page . . .
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Vulnerability Detection Method
Details:PostgreSQL bitsubstr Buffer Overflow Vulnerability
OID:1.3.6.1.4.1.25623.1.0.100470
Version used: $Revision: 14 $
Product Detection Result Product: cpe:/a:postgresql:postgresql:8.3.1
Method: PostgreSQL Detection
OID: 1.3.6.1.4.1.25623.1.0.100151
References
CVE: CVE-2010-0442
BID:37973
Other:
URL:http://www.postgresql.org/
URL:http://www.securityfocus.com/bid/37973
URL:http://xforce.iss.net/xforce/xfdb/55902
URL:http://intevydis.blogspot.com/2010/01/postgresql-8023-bitsubstr-overflow.
,html
Medium (CVSS: 6.5)
NVT: PostgreSQL intarray Module gettoken() Buffer Overflow Vulnerability
Product detection result
cpe:/a:postgresql:postgresql:8.3.1
Detected by PostgreSQL Detection (OID: 1.3.6.1.4.1.25623.1.0.100151)
Summary
PostgreSQL is prone to a buffer-overflow vulnerability because
the application fails to perform adequate boundary checks on
user-supplied data. The issue affects the intarray module.
An authenticated attacker can leverage this issue to execute arbitrary
code within the context of the vulnerable application. Failed exploit
attempts will result in a denial-of-service condition.
The issue affect versions prior to 8.2.20, 8.3.14, 8.4.7, and 9.0.3.
OID of test routine: 1.3.6.1.4.1.25623.1.0.103054
. . . continues on next page . . .
RESULTS PER HOST
44
. . . continued from previous page . . .
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Solution
Updates are available. Please see the references for more information.
Vulnerability Detection Method
Details:PostgreSQL intarray Module gettoken() Buffer Overflow Vulnerability
OID:1.3.6.1.4.1.25623.1.0.103054
Version used: $Revision: 13 $
Product Detection Result Product: cpe:/a:postgresql:postgresql:8.3.1
Method: PostgreSQL Detection
OID: 1.3.6.1.4.1.25623.1.0.100151
References
CVE: CVE-2010-4015
BID:46084
Other:
URL:https://www.securityfocus.com/bid/46084
URL:http://www.postgresql.org/
URL:http://www.postgresql.org/about/news.1289
Medium (CVSS: 6.0)
NVT: PostgreSQL PL/Perl and PL/Tcl Local Privilege Escalation Vulnerability
Product detection result
cpe:/a:postgresql:postgresql:8.3.1
Detected by PostgreSQL Detection (OID: 1.3.6.1.4.1.25623.1.0.100151)
Summary
PostgreSQL is prone to a local privilege-escalation vulnerability.
Exploiting this issue allows local attackers to gain elevated
privileges and execute arbitrary commands with the privileges of
the victim.
Versions prior to PostgreSQL 9.0.1 are vulnerable.
OID of test routine: 1.3.6.1.4.1.25623.1.0.100843
. . . continues on next page . . .
RESULTS PER HOST
45
. . . continued from previous page . . .
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Solution
Updates are available. Please see the references for more information.
Vulnerability Detection Method
Details:PostgreSQL PL/Perl and PL/Tcl Local Privilege Escalation Vulnerability
OID:1.3.6.1.4.1.25623.1.0.100843
Version used: $Revision: 14 $
Product Detection Result Product: cpe:/a:postgresql:postgresql:8.3.1
Method: PostgreSQL Detection
OID: 1.3.6.1.4.1.25623.1.0.100151
References
CVE: CVE-2010-3433
BID:43747
Other:
URL:https://www.securityfocus.com/bid/43747
URL:http://www.postgresql.org/docs/9.0/static/release-9-0-1.html
URL:http://www.postgresql.org
URL:http://www.postgresql.org/support/security
Medium (CVSS: 5.5)
NVT: PostgreSQL RESET ALL Unauthorized Access Vulnerability
Product detection result
cpe:/a:postgresql:postgresql:8.3.1
Detected by PostgreSQL Detection (OID: 1.3.6.1.4.1.25623.1.0.100151)
Summary
PostgreSQL is prone to an unauthorized-access vulnerability.
Attackers can exploit this issue to reset special parameter
settings only a root user should be able to modify. This may aid in
further attacks.
This issue affects versions prior to the following PostgreSQL
versions:
. . . continues on next page . . .
RESULTS PER HOST
46
. . . continued from previous page . . .
7.4.29,
8.0.25
8.1.21,
8.2.17
8.3.11
8.4.4
OID of test routine: 1.3.6.1.4.1.25623.1.0.100648
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Solution
Updates are available. Please see the references for more information.
Vulnerability Detection Method
Details:PostgreSQL RESET ALL Unauthorized Access Vulnerability
OID:1.3.6.1.4.1.25623.1.0.100648
Version used: $Revision: 14 $
Product Detection Result Product: cpe:/a:postgresql:postgresql:8.3.1
Method: PostgreSQL Detection
OID: 1.3.6.1.4.1.25623.1.0.100151
References
CVE: CVE-2010-1975
BID:40304
Other:
URL:http://www.securityfocus.com/bid/40304
URL:http://www.postgresql.org/docs/current/static/release-8-4-4.html
URL:http://www.postgresql.org/docs/current/static/release-8-2-17.html
URL:http://www.postgresql.org/docs/current/static/release-8-1-21.html
URL:http://www.postgresql.org/docs/current/static/release-8-3-11.html
URL:http://www.postgresql.org/
URL:http://www.postgresql.org/docs/current/static/release-8-0-25.html
URL:http://www.postgresql.org/docs/current/static/release-7-4-29.html
RESULTS PER HOST
Medium (CVSS: 4.0)
NVT: PostgreSQL Conversion Encoding Remote Denial of Service Vulnerability
Product detection result
cpe:/a:postgresql:postgresql:8.3.1
Detected by PostgreSQL Detection (OID: 1.3.6.1.4.1.25623.1.0.100151)
Summary
PostgreSQL is prone to a remote denial-of-service vulnerability.
Exploiting this issue may allow attackers to terminate connections
to the PostgreSQL server, denying service to legitimate users.
OID of test routine: 1.3.6.1.4.1.25623.1.0.100157
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Solution
Updates are available. Update to newer Version.
Vulnerability Detection Method
Details:PostgreSQL Conversion Encoding Remote Denial of Service Vulnerability
OID:1.3.6.1.4.1.25623.1.0.100157
Version used: $Revision: 15 $
Product Detection Result Product: cpe:/a:postgresql:postgresql:8.3.1
Method: PostgreSQL Detection
OID: 1.3.6.1.4.1.25623.1.0.100151
References
CVE: CVE-2009-0922
BID:34090
Other:
URL:http://www.securityfocus.com/bid/34090
URL:http://www.postgresql.org/
[ return to 192.168.233.133 ]
2.1.16
Medium 80/tcp
47
RESULTS PER HOST
48
Medium (CVSS: 5.0)
NVT: /doc directory browsable ?
Summary
The /doc directory is browsable.
/doc shows the content of the /usr/doc directory and therefore it shows which pr
,ograms and - important! - the version of the installed programs.
OID of test routine: 1.3.6.1.4.1.25623.1.0.10056
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Solution
Use access restrictions for the /doc directory.
If you use Apache you might use this in your access.conf:
<Directory /usr/doc>
AllowOverride None
order deny,allow
deny from all
allow from localhost
</Directory>
Vulnerability Detection Method
Details:/doc directory browsable ?
OID:1.3.6.1.4.1.25623.1.0.10056
Version used: $Revision: 17 $
References
CVE: CVE-1999-0678
BID:318
Medium (CVSS: 4.3)
NVT: Apache HTTP Server httpOnly Cookie Information Disclosure Vulnerability
Summary
This host is running Apache HTTP Server and is prone to cookie
information disclosure vulnerability.
OID of test routine: 1.3.6.1.4.1.25623.1.0.902830
. . . continues on next page . . .
RESULTS PER HOST
49
. . . continued from previous page . . .
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Impact
Successful exploitation will allow attackers to obtain sensitive information
that may aid in further attacks.
Impact Level: Application
Solution
Upgrade to Apache HTTP Server version 2.2.22 or later,
For updates refer to http://httpd.apache.org/
Vulnerability Insight
The flaw is due to an error within the default error response for
status code 400 when no custom ErrorDocument is configured, which can be
exploited to expose httpOnly cookies.
Vulnerability Detection Method
Details:Apache HTTP Server httpOnly Cookie Information Disclosure Vulnerability
OID:1.3.6.1.4.1.25623.1.0.902830
Version used: $Revision: 347 $
References
CVE: CVE-2012-0053
BID:51706
Other:
URL:http://osvdb.org/78556
URL:http://secunia.com/advisories/47779
URL:http://www.exploit-db.com/exploits/18442
URL:http://rhn.redhat.com/errata/RHSA-2012-0128.html
URL:http://httpd.apache.org/security/vulnerabilities_22.html
URL:http://svn.apache.org/viewvc?view=revision&revision=1235454
URL:http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.htm
,l
[ return to 192.168.233.133 ]
2.1.17
Medium 25/tcp
RESULTS PER HOST
50
Medium (CVSS: 6.8)
NVT: Multiple Vendors STARTTLS Implementation Plaintext Arbitrary Command Injection
Vulnerability
Summary
Multiple vendors implementations of STARTTLS are prone to a
vulnerability that lets attackers inject arbitrary commands.
OID of test routine: 1.3.6.1.4.1.25623.1.0.103935
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Impact
An attacker can exploit this issue to execute arbitrary commands in
the context of the user running the application. Successful exploits
can allow attackers to obtain email usernames and passwords.
Solution
Updates are available.
Vulnerability Detection Method
Send a special crafted STARTTLS request and check the response.
Details:Multiple Vendors STARTTLS Implementation Plaintext Arbitrary Command Injection .
,..
OID:1.3.6.1.4.1.25623.1.0.103935
Version used: $Revision: 369 $
References
CVE: CVE-2011-0411, CVE-2011-1430, CVE-2011-1431, CVE-2011-1432, CVE-2011-1575,
,CVE-2011-1926, CVE-2011-2165
BID:46767
Other:
URL:http://www.securityfocus.com/bid/46767
URL:http://kolab.org/pipermail/kolab-announce/2011/000101.html
URL:http://bugzilla.cyrusimap.org/show_bug.cgi?id=3424
URL:http://cyrusimap.org/mediawiki/index.php/Bugs_Resolved_in_2.4.7
URL:http://www.kb.cert.org/vuls/id/MAPG-8D9M4P
URL:http://files.kolab.org/server/release/kolab-server-2.3.2/sources/release,notes.txt
URL:http://www.postfix.org/CVE-2011-0411.html
. . . continues on next page . . .
RESULTS PER HOST
51
. . . continued from previous page . . .
URL:http://www.pureftpd.org/project/pure-ftpd/news
URL:http://www.watchguard.com/support/release-notes/xcs/9/en-US/EN_ReleaseNot
,es_XCS_9_1_1/EN_ReleaseNotes_WG_XCS_9_1_TLS_Hotfix.pdf
URL:http://www.spamdyke.org/documentation/Changelog.txt
URL:http://datatracker.ietf.org/doc/draft-josefsson-kerberos5-starttls/?inclu
,de_text=1
URL:http://www.securityfocus.com/archive/1/516901
URL:http://support.avaya.com/css/P8/documents/100134676
URL:http://support.avaya.com/css/P8/documents/100141041
URL:http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
URL:http://inoa.net/qmail-tls/vu555316.patch
URL:http://www.kb.cert.org/vuls/id/555316
Medium (CVSS: 5.0)
NVT: Check if Mailserver answer to VRFY and EXPN requests
Summary
The Mailserver on this host answers to VRFY and/or EXPN requests.
VRFY and EXPN ask the server for information about an address. They are
inherently unusable through firewalls, gateways, mail exchangers for part-time
hosts, etc. OpenVAS suggests that, if you really want to publish this type of
information, you use a mechanism that legitimate users actually know about,
such as Finger or HTTP.
OID of test routine: 1.3.6.1.4.1.25623.1.0.100072
Vulnerability Detection Result
VRFY root produces the following answer: 252 2.0.0 root
Solution
Disable VRFY and/or EXPN on your Mailserver.
For postfix add disable_vrfy_command=yes in main.cf.
For Sendmail add the option O PrivacyOptions=goaway.
Vulnerability Detection Method
Details:Check if Mailserver answer to VRFY and EXPN requests
OID:1.3.6.1.4.1.25623.1.0.100072
Version used: $Revision: 806 $
References
Other:
. . . continues on next page . . .
RESULTS PER HOST
52
. . . continued from previous page . . .
URL:http://cr.yp.to/smtp/vrfy.html
[ return to 192.168.233.133 ]
2.1.18
Medium 53/tcp
Medium (CVSS: 5.0)
NVT: Determine which version of BIND name daemon is running
Summary
BIND NAMED is an open-source DNS server from ISC.org. Many proprietary
DNS servers are based on BIND source code.
The BIND based NAMED servers (or DNS servers) allow remote users
to query for version and type information. The query of the CHAOS
TXT record version.bind, will typically prompt the server to send
the information back to the querying source.
OID of test routine: 1.3.6.1.4.1.25623.1.0.10028
Vulnerability Detection Result
BIND NAMED is an open-source DNS server from ISC.org.
Many proprietary DNS servers are based on BIND source code.
The BIND based NAMED servers (or DNS servers) allow remote users
to query for version and type information. The query of the CHAOS
TXT record version.bind, will typically prompt the server to send
the information back to the querying source.
The remote bind version is : 9.4.2
Solution :
Using the version directive in the options section will block
the version.bind query, but it will not log such attempts.
Solution
Using the version directive in the options section will block
the version.bind query, but it will not log such attempts.
Vulnerability Detection Method
Details:Determine which version of BIND name daemon is running
OID:1.3.6.1.4.1.25623.1.0.10028
Version used: $Revision: 41 $
[ return to 192.168.233.133 ]
RESULTS PER HOST
2.1.19
Medium 512/tcp
Medium (CVSS: 5.0)
NVT: Check for rexecd Service
Summary
Rexecd Service is running at this Host.
Rexecd (Remote Process Execution) has the same kind of functionality
that rsh has : you can execute shell commands on a remote computer.
The main difference is that rexecd authenticate by reading the
username and password *unencrypted* from the socket.
OID of test routine: 1.3.6.1.4.1.25623.1.0.100111
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Solution
Disable rexec Service.
Vulnerability Detection Method
Details:Check for rexecd Service
OID:1.3.6.1.4.1.25623.1.0.100111
Version used: $Revision: 15 $
[ return to 192.168.233.133 ]
2.1.20
Low 3306/tcp
Low (CVSS: 3.5)
NVT: MySQL ALTER DATABASE Remote Denial Of Service Vulnerability
Product detection result
cpe:/a:mysql:mysql:5.0.51a
Detected by MySQL/MariaDB Detection (OID: 1.3.6.1.4.1.25623.1.0.100152)
Summary
The host is running MySQL and is prone to Denial Of Service
vulnerability.
. . . continues on next page . . .
53
RESULTS PER HOST
54
. . . continued from previous page . . .
OID of test routine: 1.3.6.1.4.1.25623.1.0.801380
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Impact
Successful exploitation could allow an attacker to cause a Denial of Service.
Impact Level: Application
Solution
Upgrade to MySQL version 5.1.48
For updates refer to http://dev.mysql.com/downloads
Vulnerability Insight
The flaw is due to an error when processing the ALTER DATABASE statement and
can be exploited to corrupt the MySQL data directory using the #mysql50#
prefix followed by a . or ...
NOTE: Successful exploitation requires ALTER privileges on a database.
Vulnerability Detection Method
Details:MySQL ALTER DATABASE Remote Denial Of Service Vulnerability
OID:1.3.6.1.4.1.25623.1.0.801380
Version used: $Revision: 1046 $
Product Detection Result Product: cpe:/a:mysql:mysql:5.0.51a
Method: MySQL/MariaDB Detection
OID: 1.3.6.1.4.1.25623.1.0.100152
References
CVE: CVE-2010-2008
BID:41198
Other:
URL:http://secunia.com/advisories/40333
URL:http://bugs.mysql.com/bug.php?id=53804
URL:http://securitytracker.com/alerts/2010/Jun/1024160.html
URL:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html
[ return to 192.168.233.133 ]
RESULTS PER HOST
2.1.21
55
Low 5432/tcp
Low (CVSS: 3.5)
NVT: PostgreSQL Hash Table Integer Overflow Vulnerability
Product detection result
cpe:/a:postgresql:postgresql:8.3.1
Detected by PostgreSQL Detection (OID: 1.3.6.1.4.1.25623.1.0.100151)
Summary
The host is running PostgreSQL and is prone to integer overflow
vulnerability.
OID of test routine: 1.3.6.1.4.1.25623.1.0.902139
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Impact
Successful exploitation could allow execution of specially-crafted sql query
which once processed would lead to denial of service (postgresql daemon crash)
,.
Impact Level: Application
Solution
Apply the patch,
http://git.postgresql.org/gitweb?p=postgresql.git
a=commitdiff
h=64b057e6823655fb6c5d1f24a28f236b94dd6c54
******
NOTE: Please ignore this warning if the patch is applied.
******
Vulnerability Insight
The flaw is due to an integer overflow error in src/backend/executor/nodeHash.c
,,
when used to calculate size for the hashtable for joined relations.
Vulnerability Detection Method
Details:PostgreSQL Hash Table Integer Overflow Vulnerability
. . . continues on next page . . .
RESULTS PER HOST
56
. . . continued from previous page . . .
OID:1.3.6.1.4.1.25623.1.0.902139
Version used: $Revision: 14 $
Product Detection Result Product: cpe:/a:postgresql:postgresql:8.3.1
Method: PostgreSQL Detection
OID: 1.3.6.1.4.1.25623.1.0.100151
References
CVE: CVE-2010-0733
Other:
URL:https://bugzilla.redhat.com/show_bug.cgi?id=546621
URL:http://www.openwall.com/lists/oss-security/2010/03/16/10
URL:http://archives.postgresql.org/pgsql-bugs/2009-10/msg00310.php
URL:http://archives.postgresql.org/pgsql-bugs/2009-10/msg00289.php
URL:http://archives.postgresql.org/pgsql-bugs/2009-10/msg00287.php
URL:http://archives.postgresql.org/pgsql-bugs/2009-10/msg00277.php
Low (CVSS: 2.1)
NVT: PostgreSQL Low Cost Function Information Disclosure Vulnerability
Product detection result
cpe:/a:postgresql:postgresql:8.3.1
Detected by PostgreSQL Detection (OID: 1.3.6.1.4.1.25623.1.0.100151)
Summary
PostgreSQL is prone to an information-disclosure vulnerability.
Local attackers can exploit this issue to obtain sensitive
information that may lead to further attacks.
PostgreSQL 8.3.6 is vulnerable
other versions may also be affected.
OID of test routine: 1.3.6.1.4.1.25623.1.0.100158
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Vulnerability Detection Method
Details:PostgreSQL Low Cost Function Information Disclosure Vulnerability
OID:1.3.6.1.4.1.25623.1.0.100158
. . . continues on next page . . .
RESULTS PER HOST
57
. . . continued from previous page . . .
Version used: $Revision: 15 $
Product Detection Result Product: cpe:/a:postgresql:postgresql:8.3.1
Method: PostgreSQL Detection
OID: 1.3.6.1.4.1.25623.1.0.100151
References
BID:34069
Other:
URL:http://www.securityfocus.com/bid/34069
URL:http://www.postgresql.org/
[ return to 192.168.233.133 ]
2.1.22
Low general/tcp
Low (CVSS: 2.6)
NVT: TCP timestamps
Summary
The remote host implements TCP timestamps and therefore allows to compute
the uptime.
OID of test routine: 1.3.6.1.4.1.25623.1.0.80091
Vulnerability Detection Result
It was detected that the host implements RFC1323.
The following timestamps were retrieved with a delay of 1 seconds in-between:
Paket 1: -23434
Paket 2: -23334
Impact
A side effect of this feature is that the uptime of the remote
host can sometimes be computed.
Solution
To disable TCP timestamps on linux add the line net.ipv4.tcp_timestamps = 0 to
/etc/sysctl.conf. Execute sysctl -p to apply the settings at runtime.
. . . continues on next page . . .
RESULTS PER HOST
58
. . . continued from previous page . . .
To disable TCP timestamps on Windows execute netsh int tcp set global timestamp
,s=disabled
Starting with Windows Server 2008 and Vista, the timestamp can not be completely
, disabled.
The default behavior of the TCP/IP stack on this Systems is, to not use the
Timestamp options when initiating TCP connections, but use them if the TCP peer
that is initiating communication includes them in their synchronize (SYN) segmen
,t.
See also: http://www.microsoft.com/en-us/download/details.aspx?id=9152
Vulnerability Insight
The remote host implements TCP timestamps, as defined by RFC1323.
Vulnerability Detection Method
Special IP packets are forged and sent with a little delay in between to the
target IP. The responses are searched for a timestamps. If found, the
timestamps are reported.
Details:TCP timestamps
OID:1.3.6.1.4.1.25623.1.0.80091
Version used: $Revision: 787 $
References
Other:
URL:http://www.ietf.org/rfc/rfc1323.txt
[ return to 192.168.233.133 ]
2.1.23
Low 139/tcp
Low (CVSS: 2.1)
NVT: Samba client/mount.cifs.c Remote Denial of Service Vulnerability
Summary
Samba is prone to a remote denial-of-service vulnerability.
A remote attacker can exploit this issue to crash the affected
application, denying service to legitimate users.
Samba 3.4.5 and earlier are vulnerable.
OID of test routine: 1.3.6.1.4.1.25623.1.0.100499
. . . continues on next page . . .
RESULTS PER HOST
59
. . . continued from previous page . . .
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Vulnerability Detection Method
Details:Samba client/mount.cifs.c Remote Denial of Service Vulnerability
OID:1.3.6.1.4.1.25623.1.0.100499
Version used: $Revision: 14 $
References
CVE: CVE-2010-0547
BID:38326
Other:
URL:http://www.securityfocus.com/bid/38326
URL:http://git.samba.org/?p=samba.git;a=commit;h=a065c177dfc8f968775593ba00df
,fafeebb2e054
URL:http://us1.samba.org/samba/
[ return to 192.168.233.133 ]
2.1.24
Log 2121/tcp
Log (CVSS: 0.0)
NVT: FTP Banner Detection
Summary
This Plugin detects the FTP Server Banner
OID of test routine: 1.3.6.1.4.1.25623.1.0.10092
Vulnerability Detection Result
Remote FTP server banner :
220 ProFTPD 1.3.1 Server (Debian) [::ffff:192.168.233.133]
Log Method
Details:FTP Banner Detection
OID:1.3.6.1.4.1.25623.1.0.10092
Version used: $Revision: 563 $
RESULTS PER HOST
Log (CVSS: 0.0)
NVT: Services
Summary
This plugin attempts to guess which
service is running on the remote ports. For instance,
it searches for a web server which could listen on
another port than 80 and set the results in the plugins
knowledge base.
OID of test routine: 1.3.6.1.4.1.25623.1.0.10330
Vulnerability Detection Result
An FTP server is running on this port.
Here is its banner :
220 ProFTPD 1.3.1 Server (Debian) [::ffff:192.168.233.133]
Log Method
Details:Services
OID:1.3.6.1.4.1.25623.1.0.10330
Version used: $Revision: 69 $
[ return to 192.168.233.133 ]
2.1.25
Log 21/tcp
Log (CVSS: 0.0)
NVT: FTP Banner Detection
Summary
This Plugin detects the FTP Server Banner
OID of test routine: 1.3.6.1.4.1.25623.1.0.10092
Vulnerability Detection Result
Remote FTP server banner :
220 (vsFTPd 2.3.4)
Log Method
. . . continues on next page . . .
60
RESULTS PER HOST
61
. . . continued from previous page . . .
Details:FTP Banner Detection
OID:1.3.6.1.4.1.25623.1.0.10092
Version used: $Revision: 563 $
Log (CVSS: 0.0)
NVT: Services
Summary
This plugin attempts to guess which
service is running on the remote ports. For instance,
it searches for a web server which could listen on
another port than 80 and set the results in the plugins
knowledge base.
OID of test routine: 1.3.6.1.4.1.25623.1.0.10330
Vulnerability Detection Result
An FTP server is running on this port.
Here is its banner :
220 (vsFTPd 2.3.4)
Log Method
Details:Services
OID:1.3.6.1.4.1.25623.1.0.10330
Version used: $Revision: 69 $
[ return to 192.168.233.133 ]
2.1.26
Log 3306/tcp
Log (CVSS: 0.0)
NVT: MySQL/MariaDB Detection
Summary
Detection of installed version of MySQL/MariaDB.
Detect a running MySQL/MariaDB by getting the banner, Extract the version
from the banner and store the information in KB
OID of test routine: 1.3.6.1.4.1.25623.1.0.100152
. . . continues on next page . . .
RESULTS PER HOST
62
. . . continued from previous page . . .
Vulnerability Detection Result
Detected MySQL
Version: 5.0.51a-3ubuntu5
Location: 3306/tcp
CPE: cpe:/a:mysql:mysql:5.0.51a
Concluded from version identification result:
5.0.51a-3ubuntu5
gmph;,jS ,\252\b\002
@%6$M7l=(P;t
Log Method
Details:MySQL/MariaDB Detection
OID:1.3.6.1.4.1.25623.1.0.100152
Version used: $Revision: 1046 $
Log (CVSS: 0.0)
NVT: Services
Summary
This plugin attempts to guess which
service is running on the remote ports. For instance,
it searches for a web server which could listen on
another port than 80 and set the results in the plugins
knowledge base.
OID of test routine: 1.3.6.1.4.1.25623.1.0.10330
Vulnerability Detection Result
An unknown service is running on this port.
It is usually reserved for MySQL
Log Method
Details:Services
OID:1.3.6.1.4.1.25623.1.0.10330
Version used: $Revision: 69 $
Log (CVSS: 0.0)
NVT: Database Open Access Vulnerability
. . . continues on next page . . .
RESULTS PER HOST
63
. . . continued from previous page . . .
Summary
The host is running a Database server and is prone to information
disclosure vulnerability.
OID of test routine: 1.3.6.1.4.1.25623.1.0.902799
Vulnerability Detection Result
MySQL can be accessed by remote attackers
Impact
Successful exploitation could allow an attacker to obtain the sensitive
information of the database.
Impact Level: Application
Vulnerability Insight
Do not restricting direct access of databases to the remote systems.
Log Method
Details:Database Open Access Vulnerability
OID:1.3.6.1.4.1.25623.1.0.902799
Version used: $Revision: 12 $
References
Other:
URL:https://www.pcisecuritystandards.org/security_standards/index.php?id=pci_d
,ss_v1-2.pdf
[ return to 192.168.233.133 ]
2.1.27
Log 5432/tcp
Log (CVSS: 0.0)
NVT: PostgreSQL Detection
Summary
Detection of PostgreSQL, a open source object-relational
database system (http://www.postgresql.org).
The script sends a connection request to the server (user:postgres, DB:postgres)
. . . continues on next page . . .
RESULTS PER HOST
64
. . . continued from previous page . . .
and attempts to extract the version number from the reply.
OID of test routine: 1.3.6.1.4.1.25623.1.0.100151
Vulnerability Detection Result
Detected PostgreSQL
Version: 8.3.1
Location: 5432/tcp
CPE: cpe:/a:postgresql:postgresql:8.3.1
Concluded from version identification result:
T versionDg]PostgreSQL 8.3.1 on i486-pc-linux-gnu, compiled by GCC cc (GCC) 4.2.
,3 (Ubuntu 4.2.3-2ubuntu4)CSELECTZI
Log Method
Details:PostgreSQL Detection
OID:1.3.6.1.4.1.25623.1.0.100151
Version used: $Revision: 43 $
Log (CVSS: 0.0)
NVT: Services
Summary
This plugin attempts to guess which
service is running on the remote ports. For instance,
it searches for a web server which could listen on
another port than 80 and set the results in the plugins
knowledge base.
OID of test routine: 1.3.6.1.4.1.25623.1.0.10330
Vulnerability Detection Result
An unknown service is running on this port.
It is usually reserved for Postgres
Log Method
Details:Services
OID:1.3.6.1.4.1.25623.1.0.10330
Version used: $Revision: 69 $
RESULTS PER HOST
Log (CVSS: 0.0)
NVT: Postgres TLS Detection
Summary
The remote Postgres Server supports TLS.
OID of test routine: 1.3.6.1.4.1.25623.1.0.105013
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Log Method
Details:Postgres TLS Detection
OID:1.3.6.1.4.1.25623.1.0.105013
Version used: $Revision: 702 $
Log (CVSS: 0.0)
NVT: Database Open Access Vulnerability
Summary
The host is running a Database server and is prone to information
disclosure vulnerability.
OID of test routine: 1.3.6.1.4.1.25623.1.0.902799
Vulnerability Detection Result
Postgresql database can be accessed by remote attackers
Impact
Successful exploitation could allow an attacker to obtain the sensitive
information of the database.
Impact Level: Application
Vulnerability Insight
Do not restricting direct access of databases to the remote systems.
Log Method
. . . continues on next page . . .
65
RESULTS PER HOST
66
. . . continued from previous page . . .
Details:Database Open Access Vulnerability
OID:1.3.6.1.4.1.25623.1.0.902799
Version used: $Revision: 12 $
References
Other:
URL:https://www.pcisecuritystandards.org/security_standards/index.php?id=pci_d
,ss_v1-2.pdf
[ return to 192.168.233.133 ]
2.1.28
Log 22/tcp
Log (CVSS: 0.0)
NVT: SSH Protocol Versions Supported
Summary
Identification of SSH protocol versions supported by the remote
SSH Server. Also reads the corresponding fingerprints from the service.
The following versions are tried: 1.33, 1.5, 1.99 and 2.0
OID of test routine: 1.3.6.1.4.1.25623.1.0.100259
Vulnerability Detection Result
The remote SSH Server supports the following SSH Protocol Versions:
1.99
2.0
Log Method
Details:SSH Protocol Versions Supported
OID:1.3.6.1.4.1.25623.1.0.100259
Version used: $Revision: 43 $
Log (CVSS: 0.0)
NVT: SSH Server type and version
Summary
This detects the SSH Servers type and version by connecting to the server
and processing the buffer received.
This information gives potential attackers additional information about the
. . . continues on next page . . .
RESULTS PER HOST
67
. . . continued from previous page . . .
system they are attacking. Versions and Types should be omitted
where possible.
OID of test routine: 1.3.6.1.4.1.25623.1.0.10267
Vulnerability Detection Result
Detected SSH server version: SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1
Remote SSH supported authentication: password,publickey
Remote SSH banner:
(not available)
CPE: cpe:/a:openbsd:openssh:4.7p1
Concluded from remote connection attempt with credentials:
Login: OpenVAS
Password: OpenVAS
Solution
Apply filtering to disallow access to this port from untrusted hosts
Log Method
Details:SSH Server type and version
OID:1.3.6.1.4.1.25623.1.0.10267
Version used: $Revision: 971 $
Log (CVSS: 0.0)
NVT: Services
Summary
This plugin attempts to guess which
service is running on the remote ports. For instance,
it searches for a web server which could listen on
another port than 80 and set the results in the plugins
knowledge base.
OID of test routine: 1.3.6.1.4.1.25623.1.0.10330
Vulnerability Detection Result
An ssh server is running on this port
. . . continues on next page . . .
RESULTS PER HOST
68
. . . continued from previous page . . .
Log Method
Details:Services
OID:1.3.6.1.4.1.25623.1.0.10330
Version used: $Revision: 69 $
[ return to 192.168.233.133 ]
2.1.29
Log 80/tcp
Log (CVSS: 0.0)
NVT: HTTP Server type and version
Summary
This detects the HTTP Servers type and version.
OID of test routine: 1.3.6.1.4.1.25623.1.0.10107
Vulnerability Detection Result
The remote web server type is :
Apache/2.2.8 (Ubuntu) DAV/2
Solution : You can set the directive ServerTokens Prod to limit
the information emanating from the server in its response headers.
Solution
Configure your server to use an alternate name like
Wintendo httpD w/Dotmatrix display
Be sure to remove common logos like apache_pb.gif.
With Apache, you can set the directive ServerTokens Prod to limit
the information emanating from the server in its response headers.
Log Method
Details:HTTP Server type and version
OID:1.3.6.1.4.1.25623.1.0.10107
Version used: $Revision: 229 $
Log (CVSS: 0.0)
NVT: DIRB (NASL wrapper)
Summary
. . . continues on next page . . .
RESULTS PER HOST
69
. . . continued from previous page . . .
This script uses DIRB to find directories and files on web
applications via brute forcing.
OID of test routine: 1.3.6.1.4.1.25623.1.0.103079
Vulnerability Detection Result
This are the directories/files found with brute force:
http://192.168.233.133:80/
http://192.168.233.133:80/cgi-bin/
http://192.168.233.133:80/dav/
http://192.168.233.133:80/doc/
http://192.168.233.133:80/icons/
http://192.168.233.133:80/index
http://192.168.233.133:80/index.php
http://192.168.233.133:80/index/
http://192.168.233.133:80/phpMyAdmin/
http://192.168.233.133:80/test/
http://192.168.233.133:80/phpMyAdmin/docs
http://192.168.233.133:80/phpMyAdmin/error
http://192.168.233.133:80/phpMyAdmin/error.php
http://192.168.233.133:80/phpMyAdmin/error/
http://192.168.233.133:80/phpMyAdmin/export
http://192.168.233.133:80/phpMyAdmin/export.php
http://192.168.233.133:80/phpMyAdmin/export/
http://192.168.233.133:80/phpMyAdmin/import
http://192.168.233.133:80/phpMyAdmin/import.php
http://192.168.233.133:80/phpMyAdmin/import/
http://192.168.233.133:80/phpMyAdmin/index
http://192.168.233.133:80/phpMyAdmin/index.php
http://192.168.233.133:80/phpMyAdmin/index/
http://192.168.233.133:80/phpMyAdmin/js/
http://192.168.233.133:80/phpMyAdmin/libraries/
http://192.168.233.133:80/phpMyAdmin/main
http://192.168.233.133:80/phpMyAdmin/main.php
http://192.168.233.133:80/phpMyAdmin/main/
http://192.168.233.133:80/phpMyAdmin/navigation
http://192.168.233.133:80/phpMyAdmin/navigation.php
http://192.168.233.133:80/phpMyAdmin/navigation/
http://192.168.233.133:80/phpMyAdmin/phpmyadmin
http://192.168.233.133:80/phpMyAdmin/phpmyadmin/
http://192.168.233.133:80/phpMyAdmin/print
http://192.168.233.133:80/phpMyAdmin/readme
http://192.168.233.133:80/phpMyAdmin/readme.php
http://192.168.233.133:80/phpMyAdmin/readme/
. . . continues on next page . . .
RESULTS PER HOST
70
. . . continued from previous page . . .
http://192.168.233.133:80/phpMyAdmin/scripts/
http://192.168.233.133:80/phpMyAdmin/setup/
http://192.168.233.133:80/phpMyAdmin/sql
http://192.168.233.133:80/phpMyAdmin/sql.php
http://192.168.233.133:80/phpMyAdmin/sql/
http://192.168.233.133:80/phpMyAdmin/test/
http://192.168.233.133:80/phpMyAdmin/webapp
http://192.168.233.133:80/phpMyAdmin/webapp.php
http://192.168.233.133:80/phpMyAdmin/webapp/
http://192.168.233.133:80/phpMyAdmin/setup/config
http://192.168.233.133:80/phpMyAdmin/setup/config.php
http://192.168.233.133:80/phpMyAdmin/setup/config/
http://192.168.233.133:80/phpMyAdmin/setup/index
http://192.168.233.133:80/phpMyAdmin/setup/index.php
http://192.168.233.133:80/phpMyAdmin/setup/index/
http://192.168.233.133:80/phpMyAdmin/setup/lib/
http://192.168.233.133:80/phpMyAdmin/setup/scripts
Log Method
Details:DIRB (NASL wrapper)
OID:1.3.6.1.4.1.25623.1.0.103079
Version used: $Revision: 13 $
Log (CVSS: 0.0)
NVT: Services
Summary
This plugin attempts to guess which
service is running on the remote ports. For instance,
it searches for a web server which could listen on
another port than 80 and set the results in the plugins
knowledge base.
OID of test routine: 1.3.6.1.4.1.25623.1.0.10330
Vulnerability Detection Result
A web server is running on this port
Log Method
Details:Services
OID:1.3.6.1.4.1.25623.1.0.10330
Version used: $Revision: 69 $
RESULTS PER HOST
71
Log (CVSS: 0.0)
NVT: Web mirroring
Summary
This script makes a mirror of the remote web site
and extracts the list of CGIs that are used by the remote
host.
It is suggested you allow a long-enough timeout value for
this test routine and also adjust the setting on
the number of pages to mirror.
OID of test routine: 1.3.6.1.4.1.25623.1.0.10662
Vulnerability Detection Result
The following CGI have been discovered :
Syntax : cginame (arguments [default value])
/twiki/bin/edit/Sandbox/TestTopic3 (topicparent [Sandbox.WebHome] )
/twiki/bin/view/Know/WebChanges (topic [] )
/twiki/bin/edit/Know/WebPreferences (t [1425419424] )
/twiki/bin/edit/TWiki/GoodStyle (t [1425419430] )
/twiki/bin/view/Know/WebTopicList (topic [] skin [print] )
/twiki/bin/edit/Know/WebTopicList (t [1425419437] )
/twiki/bin/view/TWiki/TWikiPreferences (topic [] )
/twiki/bin/rdiff/Sandbox/WebIndex (rev1 [1.2] rev2 [1.1] )
/twiki/bin/view/Sandbox/TestTopic1 (unlock [on] )
/twiki/bin/preview/Sandbox/TestTopic1 (formtemplate [] topicparent [] cmd [] )
/twiki/bin/view/Main/TWikiAdminGroup (topic [] skin [print] rev [1.6] )
/twiki/bin/oops/Main/TWikiAdminGroup (template [oopsmore] param1 [1.7] param2 [1
,.7] )
/twiki/bin/edit/Main/PeterThoeny (t [1425419446] )
/twiki/bin/upload/Main/WebHome (filepath [] filecomment [] filename [] hidefile
,[] createlink [] )
/twiki/bin/oops/Main/LondonOffice (template [oopsmore] param1 [1.3] param2 [1.3]
, )
/twiki/bin/rdiff/Main/WebStatistics (rev1 [1.4] rev2 [1.3] )
/twiki/bin/edit/Main/BookView (topicparent [Main.TWikiVariables] )
/twiki/bin/edit/Main/WebTopicViewTemplate (topicparent [Main.TWikiVariables] )
/twiki/bin/edit/Main/UnlockTopic (topicparent [Main.TWikiVariables] )
/twiki/bin/edit/Main/DontNotify (topicparent [Main.TWikiVariables] )
/twiki/bin/oops/Main/KevinKinnell (param1 [1.2] param2 [1.2] template [oopsmore]
, )
/phpMyAdmin/phpmyadmin.css.php (token [e8c7421a12456f84e628f15d7f60c7e3] js_fram
,e [right] lang [en-utf-8] nocache [2457687151] convcharset [utf-8] )
/mutillidae/index.php (username [anonymous] do [toggle-hints] page [home.php] )
/mutillidae/ (page [add-to-your-blog.php] )
. . . continues on next page . . .
RESULTS PER HOST
72
. . . continued from previous page . . .
/mutillidae/styles/ (C=S;O [A] C=N;O [D] C=M;O [A] C=D;O [A] )
/twiki/bin/edit/Sandbox/TestTopic4 (topicparent [Sandbox.WebHome] )
/twiki/bin/view/Main/WebSearch (topic [] )
/twiki/bin/search/Main/ (showlock [] search [] web [] scope [topic] nosearch []
,reverse [] regex [] order [] nototal [] limit [all] bookview [] nosummary [] c
,asesensitive [] )
/twiki/bin/view/TWiki/TWikiTopics (topic [] )
/twiki/bin/view/TWiki/TWikiVariables (topic [] )
/twiki/bin/view/TWiki/InstantEnhancements (topic [] )
/twiki/bin/view/TWiki/WikiName (topic [] skin [print] rev [1.2] )
/twiki/bin/view/Sandbox/TestTopic2 (unlock [on] )
/twiki/bin/preview/Sandbox/TestTopic2 (formtemplate [] topicparent [] cmd [] )
/twiki/bin/upload/Main/TWikiGroups (filename [] filepath [] filecomment [] creat
,elink [] hidefile [] )
/twiki/bin/view/Main/WebStatistics (topic [] skin [print] rev [1.3] )
/twiki/bin/edit/Main/CoreTeam (topicparent [Main.AndreaSterbini] )
/twiki/bin/view/TWiki/WikiSyntax (topic [] skin [print] rev [1.14] )
/twiki/bin/edit/Sandbox/TestTopic5 (topicparent [Sandbox.WebHome] )
/twiki/bin/edit/Main/WebPreferences (t [1425419420] )
/twiki/bin/view/TWiki/WebChanges (topic [] )
/twiki/bin/view/TWiki/GoodStyle (topic [] skin [print] rev [1.5] )
/twiki/bin/oops/TWiki/DefaultPlugin (template [oopsmore] param1 [1.5] param2 [1.
,5] )
/twiki/bin/view/TWiki/InterwikiPlugin (topic [] )
/twiki/bin/oops/Know/ReadmeFirst (template [oopsmore] param1 [1.6] param2 [1.6]
,)
/twiki/bin/oops/Know/WebStatistics (template [oopsmore] param1 [1.4] param2 [1.4
,] )
/twiki/bin/view/Sandbox/TestTopic3 (unlock [on] )
/twiki/bin/preview/Sandbox/TestTopic3 (formtemplate [] topicparent [] cmd [] )
/twiki/bin/oops/TWiki/WikiCulture (template [oopsmore] param1 [1.8] param2 [1.8]
, )
/twiki/bin/edit/Main/TWikiGuest (t [1425419451] )
/twiki/bin/oops/Main/JohnTalintyre (template [oopsmore] param1 [1.3] param2 [1.3
,] )
/twiki/bin/view/Main/TWikiVariables (topic [] skin [print] rev [1.2] )
/twiki/bin/view/TWiki/WikiWord (topic [] skin [print] rev [1.3] )
/twiki/bin/upload/Main/WebPreferences (filename [] filepath [] filecomment [] cr
,eatelink [] hidefile [] )
/twiki/bin/edit/Sandbox/TestTopic6 (topicparent [Sandbox.WebHome] )
/twiki/bin/edit/Main/SupportGroup (topicparent [Main.TWikiGroups] )
/twiki/bin/view/TWiki/WebTopicList (topic [] )
/twiki/bin/edit/TWiki/TWikiShorthand (t [1425419430] )
/twiki/bin/rdiff/TWiki/TWikiGlossary (rev1 [1.2] rev2 [1.1] )
/twiki/bin/edit/TWiki/WikiStyleWord (topicparent [TWiki.TextFormattingFAQ] )
/twiki/bin/view/TWiki/InterWikis (topic [] )
/twiki/bin/view/TWiki/TWikiAdminCookBook (topic [] )
. . . continues on next page . . .
RESULTS PER HOST
73
. . . continued from previous page . . .
/twiki/bin/edit/Know/WebStatistics (t [1425419438] )
/twiki/bin/view/Sandbox/TestTopic4 (unlock [on] )
/twiki/bin/preview/Sandbox/TestTopic4 (formtemplate [] topicparent [] cmd [] )
/twiki/bin/view/Main/SupportGroup (unlock [on] )
/twiki/bin/preview/Main/SupportGroup (formtemplate [] topicparent [] cmd [] )
/twiki/bin/oops/Main/SanJoseOffice (template [oopsmore] param1 [1.3] param2 [1.3
,] )
/twiki/bin/view/Main/TokyoOffice (topic [] skin [print] rev [1.2] )
/twiki/bin/rdiff/Main/WebNotify (rev1 [1.7] rev2 [1.6] )
/twiki/bin/oops/Main/WebNotify (template [oopsmore] param1 [1.7] param2 [1.7] )
/twiki/bin/rdiff/Main/NobodyGroup (rev1 [1.2] rev2 [1.1] )
/twiki/bin/edit/Main/JohnTalintyre (t [1425419458] )
/twiki/bin/rdiff/Main/AndreaSterbini (rev1 [1.2] rev2 [1.1] )
/twiki/bin/edit/TWiki/WikiSyntax (t [1425419468] )
/twiki/bin/upload/TWiki/WebHome (filepath [] filecomment [] filename [] hidefile
, [] createlink [] )
/twiki/bin/edit/Sandbox/TestTopic7 (topicparent [Sandbox.WebHome] )
/twiki/bin/view/Main/TWikiGroups (topic [] skin [print] rev [1.2] unlock [on] )
/twiki/bin/edit/Main/EngineeringGroup (topicparent [Main.TWikiGroups] )
/twiki/bin/search/Main/SearchResult (search [TWiki%20*Groups%5B%5EA-Za-z%5D] sco
,pe [text] regex [on] )
/twiki/bin/edit/Sandbox/WebChanges (t [1425419425] )
/twiki/bin/edit/TWiki/TWikiSite (t [1425419429] )
/twiki/bin/rdiff/Know/WebStatistics (rev1 [1.4] rev2 [1.3] )
/twiki/bin/view/Sandbox/TestTopic5 (unlock [on] )
/twiki/bin/preview/Sandbox/TestTopic5 (formtemplate [] topicparent [] cmd [] )
/twiki/bin/view/Sandbox/WebTopicList (topic [] skin [print] )
/twiki/bin/oops/Sandbox/WebTopicList (template [oopsmore] param1 [1.1] param2 [1
,.1] )
/twiki/bin/view/Main/CharleytheHorse (topic [] skin [print] rev [r1.1] )
/twiki/bin/oops/Main/CharleytheHorse (param1 [1.1] param2 [1.1] template [oopsmo
,re] )
/twiki/bin/view/Main/EngineeringGroup (unlock [on] )
/twiki/bin/preview/Main/EngineeringGroup (formtemplate [] topicparent [] cmd []
,)
/twiki/bin/rdiff/Main/PeterThoeny (rev1 [1.8] rev2 [1.7] )
/twiki/bin/preview/Main/TWikiGroups (formtemplate [] topicparent [] cmd [] )
/twiki/bin/edit/Main/SanJoseOffice (t [1425419449] )
/twiki/bin/view/Main/TWikiGuest (topic [] skin [print] rev [1.4] )
/twiki/bin/rdiff/Main/JohnTalintyre (rev1 [1.3] rev2 [1.2] )
/twiki/bin/attach/TWiki/FileAttachment (filename [Sample.txt] revInfo [1] )
/twiki/bin/oops/Main/GrantBow (param1 [1.1] param2 [1.1] template [oopsmore] )
/twiki/bin/rdiff/Main/MikeMannix (rev1 [1.5] rev2 [1.4] )
/twiki/bin/edit/Sandbox/TestTopic8 (topicparent [Sandbox.WebHome] )
/twiki/bin/search/Sandbox/SearchResult (search [] scope [text] regex [on] )
/twiki/bin/view/Main/OfficeLocations (topic [] skin [print] rev [1.3] unlock [on
,] )
. . . continues on next page . . .
RESULTS PER HOST
74
. . . continued from previous page . . .
/twiki/bin/oops/Main/OfficeLocations (template [oopsmore] param1 [1.4] param2 [1
,.4] )
/twiki/bin/edit/TWiki/StartingPoints (t [1425419421] )
/twiki/bin/rdiff/TWiki/StartingPoints (rev1 [1.3] rev2 [1.2] )
/twiki/bin/rdiff/Sandbox/WebChanges (rev1 [1.2] rev2 [1.1] )
/phpMyAdmin/themes/original/img/ (C=S;O [A] C=N;O [D] C=M;O [A] C=D;O [A] )
/twiki/bin/view/TWiki/TWikiTutorial (topic [] )
/twiki/bin/edit/TWiki/MeaningfulTitle (topicparent [TWiki.TextFormattingFAQ] )
/twiki/bin/view/Know/WebIndex (topic [] )
/twiki/bin/view/Know/WebStatistics (topic [] skin [print] rev [1.3] )
/twiki/bin/oops/Sandbox/WebIndex (template [oopsmore] param1 [1.2] param2 [1.2]
,)
/twiki/bin/edit/TWiki/WikiName (t [1425419439] )
/twiki/bin/view/Sandbox/TestTopic6 (unlock [on] )
/twiki/bin/preview/Sandbox/TestTopic6 (formtemplate [] topicparent [] cmd [] )
/twiki/bin/view/Sandbox/WebStatistics (topic [] skin [print] rev [1.2] )
/twiki/bin/edit/Sandbox/WebStatistics (t [1425419443] )
/twiki/bin/rdiff/Sandbox/WebStatistics (rev1 [1.3] rev2 [1.2] )
/twiki/bin/oops/Sandbox/WebStatistics (template [oopsmore] param1 [1.3] param2 [
,1.3] )
/twiki/bin/rdiff/Main/SanJoseOffice (rev1 [1.3] rev2 [1.2] )
/twiki/bin/edit/Main/TokyoOffice (t [1425419450] )
/twiki/bin/preview/Main/OfficeLocations (formtemplate [] topicparent [] cmd [] )
/twiki/bin/view/Main/JohnTalintyre (topic [] skin [print] rev [1.2] )
/twiki/bin/edit/Main/TWikiVariables (t [1425419458] )
/twiki/bin/oops/Main/MikeMannix (template [oopsmore] param1 [1.5] param2 [1.5] )
/twiki/bin/view/TWiki/BookView (topic [] skin [print] rev [1.1] )
/twiki/bin/edit/TWiki/WikiReferences (t [1425419467] )
/twiki/bin/rdiff/TWiki/WikiReferences (rev1 [1.2] rev2 [1.1] )
/twiki/bin/view/TWiki/WebHome (topic [] rev [r1.78] )
/twiki/bin/search/TWiki/ (showlock [] search [] web [] nosearch [] scope [topic]
, reverse [] regex [] limit [all] nototal [] order [] nosummary [] bookview []
, casesensitive [] )
/twiki/bin/edit/Main/TWikiGroups (t [1425419416] )
/twiki/bin/view/TWiki/WelcomeGuest (topic [] )
/twiki/bin/view/TWiki/TWikiRegistration (topic [] skin [print] rev [1.7] )
/twiki/bin/edit/TWiki/TWikiRegistration (t [1425419420] )
/twiki/bin/rdiff/TWiki/TWikiRegistration (rev1 [1.8] rev2 [1.7] )
/twiki/bin/oops/TWiki/TWikiRegistration (template [oopsmore] param1 [1.8] param2
, [1.8] )
/twiki/bin/view/Sandbox/WebChanges (topic [] skin [print] )
/twiki/bin/view/TWiki/TWikiSite (topic [] skin [print] )
/twiki/bin/edit/TWiki/NewTopic (topicparent [TWiki.TWikiShorthand] )
/twiki/bin/oops/TWiki/TWikiGlossary (template [oopsmore] param1 [1.2] param2 [1.
,2] )
/twiki/bin/view/TWiki/DefaultPlugin (topic [] skin [print] rev [1.4] )
/twiki/bin/edit/TWiki/WikiOrg (topicparent [TWiki.TWikiAdminCookBook] )
. . . continues on next page . . .
RESULTS PER HOST
75
. . . continued from previous page . . .
/twiki/bin/view/Know/WebNotify (topic [] skin [print] rev [1.6] )
/twiki/bin/view/Sandbox/TestTopic7 (unlock [on] )
/twiki/bin/preview/Sandbox/TestTopic7 (formtemplate [] topicparent [] cmd [] )
/twiki/bin/view/Main/SanJoseOffice (topic [] skin [print] rev [1.2] )
/twiki/bin/edit/TWiki/TWikiFormTemplate (topicparent [Main.WebPreferences] )
/twiki/bin/oops/Main/AndreaSterbini (param1 [1.2] param2 [1.2] template [oopsmor
,e] )
/twiki/bin/edit/TWiki/WikiWord (t [1425419466] )
/twiki/bin/edit/TWiki/StandardColors (t [1425419469] )
/twiki/bin/rdiff/TWiki/StandardColors (rev1 [1.4] rev2 [1.3] )
/twiki/bin/rdiff/TWiki/SiteMap (rev1 [1.2] rev2 [1.1] )
/twiki/bin/view/TWiki/WebTopicEditTemplate (topic [] skin [print] rev [1.4] )
/twiki/bin/edit/TWiki/WebTopicEditTemplate (t [1425419470] )
/twiki/bin/rdiff/TWiki/WebTopicEditTemplate (rev1 [1.5] rev2 [1.4] )
/twiki/bin/oops/TWiki/WebTopicEditTemplate (template [oopsmore] param1 [1.5] par
,am2 [1.5] )
/twiki/bin/upload/TWiki/TWikiRegistration (filename [] filepath [] filecomment [
,] createlink [] hidefile [] )
/twiki/bin/edit/TWiki/WebPreferences (t [1425419422] )
/twiki/bin/rdiff/Know/WebPreferences (rev1 [1.11] rev2 [1.10] )
/twiki/bin/view/Sandbox/TestTopic8 (unlock [on] )
/twiki/bin/preview/Sandbox/TestTopic8 (formtemplate [] topicparent [] cmd [] )
/twiki/bin/view/Main/GrantBow (topic [] skin [print] rev [r1.1] )
/twiki/bin/rdiff/TWiki/WikiSyntax (rev1 [1.15] rev2 [1.14] )
/twiki/bin/edit/TWiki/SiteMap (t [1425419469] )
/dav/ (C=S;O [A] C=N;O [D] C=M;O [A] C=D;O [A] )
/mutillidae/styles/ddsmoothmenu/ (C=S;O [A] C=N;O [D] C=M;O [A] C=D;O [A] )
/twiki/bin/view/TWiki/WebSearch (topic [] )
/twiki/bin/view/Sandbox/WebSearch (topic [] )
/twiki/bin/search/Sandbox/ (showlock [] search [] web [] scope [topic] nosearch
,[] reverse [] regex [] order [] nototal [] limit [all] bookview [] nosummary [
,] casesensitive [] )
/twiki/bin/view/TWiki/TextFormattingRules (topic [] )
/twiki/bin/view/TWiki/TextFormattingFAQ (topic [] )
/twiki/bin/view/Know/ReadmeFirst (topic [] skin [print] rev [1.5] )
/twiki/bin/edit/Main/TWikiRegistration (topicparent [Main.OfficeLocations] )
/twiki/bin/edit/Main/TWikiDocumentation (topicparent [Main.WebStatistics] )
/twiki/bin/oops/Main/NobodyGroup (param1 [1.2] param2 [1.2] template [oopsmore]
,)
/twiki/bin/edit/Main/WebTopicNonWikiTemplate (topicparent [Main.TWikiVariables]
,)
/twiki/bin/edit/Main/MikeMannix (t [1425419464] )
/twiki/bin/edit/TWiki/YearTwoThousand (topicparent [TWiki.WikiWord] )
/twiki/bin/rdiff/Main/WebPreferences (rev1 [1.13] rev2 [1.12] )
/twiki/bin/search/TWiki/SearchResult (search [TWiki%20*Registration%5B%5EA-Za-z%
,5D] scope [text] regex [on] )
/twiki/bin/search/Know/ (search [%54opicClassification.%2ANoDisclosure] web [] s
. . . continues on next page . . .
RESULTS PER HOST
76
. . . continued from previous page . . .
,cope [text] regex [on] bookview [] )
/twiki/bin/edit/TWiki/DefaultPlugin (t [1425419434] )
/twiki/bin/edit/Main/TWikiAdminGroup (t [1425419444] )
/twiki/bin/rdiff/Main/TWikiAdminGroup (rev1 [1.7] rev2 [1.6] )
/twiki/bin/oops/Main/PeterThoeny (template [oopsmore] param1 [1.8] param2 [1.8]
,)
/twiki/bin/rdiff/Main/TokyoOffice (rev1 [1.3] rev2 [1.2] )
/twiki/bin/edit/Main/IncludeTopicsAndWebPages (topicparent [Main.TWikiVariables]
, )
/twiki/bin/edit/Main/TWikiForms (topicparent [Main.TWikiVariables] )
/twiki/bin/edit/Main/FormattedSearch (topicparent [Main.TWikiVariables] )
/twiki/bin/edit/TWiki/BookView (t [1425419465] )
/twiki/bin/edit/TWiki/AVeryLongWikiTopicNameIsAlsoPossible (topicparent [TWiki.W
,ikiWord] )
/twiki/bin/rdiff/Main/TWikiGroups (rev1 [1.3] rev2 [1.2] )
/twiki/bin/oops/Know/WebPreferences (template [oopsmore] param1 [1.11] param2 [1
,.11] )
/twiki/bin/view/TWiki/WebChangesAlert (topic [] skin [print] rev [1.12] )
/twiki/bin/edit/TWiki/WebChangesAlert (t [1425419432] )
/twiki/bin/rdiff/TWiki/WebChangesAlert (rev1 [1.13] rev2 [1.12] )
/twiki/bin/oops/TWiki/WebChangesAlert (template [oopsmore] param1 [1.13] param2
,[1.13] )
/twiki/bin/rename/TWiki/WebChangesAlert (newweb [TWiki] newtopic [WebChangesNoti
,fy] confirm [on] )
/twiki/bin/view/TWiki/TWikiGlossary (topic [] skin [print] rev [1.1] )
/twiki/bin/edit/Know/ReadmeFirst (t [1425419436] )
/twiki/bin/edit/Know/WebNotify (t [1425419437] )
/twiki/bin/view/Main/WebNotify (topic [] skin [print] rev [1.6] )
/twiki/bin/view/Main/AndreaSterbini (topic [] skin [print] rev [1.1] )
/twiki/bin/view/Main/MikeMannix (topic [] skin [print] rev [1.4] )
/twiki/bin/oops/TWiki/WikiNotation (template [oopsmore] param1 [1.3] param2 [1.3
,] )
/twiki/bin/view/Main/TWikiUsers (topic [] rev [r1.15] )
/twiki/bin/view/TWiki/WebIndex (topic [] )
/twiki/bin/view/TWiki/TWikiShorthand (topic [] skin [print] )
/twiki/bin/oops/TWiki/TWikiShorthand (template [oopsmore] param1 [1.1] param2 [1
,.1] )
/twiki/bin/view/TWiki/TWikiFAQ (topic [] )
/twiki/bin/view/Sandbox/WebIndex (topic [] skin [print] rev [1.1] )
/twiki/bin/rdiff/TWiki/WikiName (rev1 [1.3] rev2 [1.2] )
/twiki/bin/oops/TWiki/WikiName (template [oopsmore] param1 [1.3] param2 [1.3] )
/twiki/bin/view/Main/LondonOffice (topic [] skin [print] rev [1.2] )
/twiki/bin/edit/Main/LondonOffice (t [1425419449] )
/twiki/bin/view/Main/KevinKinnell (topic [] skin [print] rev [1.1] )
/twiki/bin/edit/Main/KevinKinnell (t [1425419460] )
/twiki/bin/view/TWiki/RegularExpression (topic [] skin [print] rev [1.2] )
/twiki/bin/edit/TWiki/RegularExpression (t [1425419466] )
. . . continues on next page . . .
RESULTS PER HOST
77
. . . continued from previous page . . .
/twiki/bin/rdiff/TWiki/RegularExpression (rev1 [1.3] rev2 [1.2] )
/twiki/bin/oops/TWiki/RegularExpression (template [oopsmore] param1 [1.3] param2
, [1.3] )
/twiki/bin/view/TWiki/FormattedSearch (topic [] )
/twiki/bin/edit/TWiki/WikiNotation (t [1425419471] )
/twiki/bin/view/TWiki/FileAttachment (topic [] )
/twiki/bin/rdiff/Main/TWikiVariables (rev1 [1.3] rev2 [1.2] )
/twiki/bin/edit/Main/WikiSyntax (topicparent [Main.TWikiVariables] )
/twiki/bin/viewfile/TWiki/FileAttachment (rev [] filename [Sample.txt] )
/twiki/bin/rdiff/TWiki/WikiWord (rev1 [1.4] rev2 [1.3] )
/twiki/bin/oops/TWiki/WikiWord (template [oopsmore] param1 [1.4] param2 [1.4] )
/twiki/bin/oops/TWiki/WikiSyntax (template [oopsmore] param1 [1.15] param2 [1.15
,] )
/twiki/bin/rdiff/TWiki/WikiNotation (rev1 [1.3] rev2 [1.2] )
/twiki/bin/search/Know/SearchResult (search [] scope [text] regex [on] )
/twiki/bin/view/TWiki/StartingPoints (topic [] skin [print] rev [1.2] )
/twiki/bin/oops/TWiki/StartingPoints (template [oopsmore] param1 [1.3] param2 [1
,.3] )
/twiki/bin/rdiff/TWiki/GoodStyle (rev1 [1.6] rev2 [1.5] )
/twiki/bin/edit/TWiki/TWikiGlossary (t [1425419433] )
/twiki/bin/edit/Sandbox/WebIndex (t [1425419439] )
/twiki/bin/edit/Sandbox/WebTopicList (t [1425419442] )
/twiki/bin/edit/Main/CharleytheHorse (t [1425419443] )
/twiki/bin/view/TWiki/WikiCulture (topic [] skin [print] rev [1.7] )
/twiki/bin/edit/TWiki/WikiCulture (t [1425419445] )
/twiki/bin/rdiff/Main/LondonOffice (rev1 [1.3] rev2 [1.2] )
/twiki/bin/view/Main/WebRss (topic [] rev [r1.1] )
/twiki/bin/edit/Main/RegularExpression (topicparent [Main.TWikiVariables] )
/twiki/bin/rdiff/Main/KevinKinnell (rev1 [1.2] rev2 [1.1] )
/twiki/bin/edit/Main/AndreaSterbini (t [1425419461] )
/twiki/bin/view/Main/FileAttachment (topic [] rev [r1.3] )
/twiki/bin/view/TWiki/WikiReferences (topic [] skin [print] rev [1.1] )
/twiki/bin/oops/TWiki/WikiReferences (template [oopsmore] param1 [1.2] param2 [1
,.2] )
/twiki/bin/view/TWiki/WikiNotation (topic [] skin [print] rev [1.2] )
/twiki/bin/edit/Main/OfficeLocations (t [1425419418] )
/twiki/bin/rdiff/Main/OfficeLocations (rev1 [1.4] rev2 [1.3] )
/twiki/bin/view/Main/WebIndex (topic [] )
/twiki/bin/view/Know/WebSearch (topic [] )
/twiki/bin/view/Know/WebPreferences (topic [] skin [print] rev [1.10] )
/mutillidae/images/ (C=S;O [A] C=N;O [D] C=M;O [A] C=D;O [A] )
/twiki/bin/edit/TWiki/TWikiTopic (topicparent [TWiki.TWikiTopics] )
/twiki/bin/oops/TWiki/GoodStyle (template [oopsmore] param1 [1.6] param2 [1.6] )
/twiki/bin/rdiff/Know/ReadmeFirst (rev1 [1.6] rev2 [1.5] )
/twiki/bin/oops/Main/TokyoOffice (template [oopsmore] param1 [1.3] param2 [1.3]
,)
/twiki/bin/upload/Main/OfficeLocations (filename [] filepath [] filecomment [] c
. . . continues on next page . . .
RESULTS PER HOST
78
. . . continued from previous page . . .
,reatelink [] hidefile [] )
/twiki/bin/edit/Main/WebNotify (t [1425419453] )
/twiki/bin/view/Main/NobodyGroup (topic [] skin [print] rev [1.1] )
/twiki/bin/view/TWiki/StandardColors (topic [] skin [print] rev [1.3] )
/twiki/bin/oops/TWiki/StandardColors (template [oopsmore] param1 [1.4] param2 [1
,.4] )
/twiki/bin/view/Main/WebHome (topic [] rev [r1.20] )
/twiki/bin/view/Sandbox/WebHome (topic [] unlock [on] )
/twiki/bin/edit/Sandbox/TestTopic1 (topicparent [Sandbox.WebHome] )
/twiki/bin/oops/Main/TWikiGroups (template [oopsmore] param1 [1.3] param2 [1.3]
,)
/twiki/bin/view/Main/WebChanges (topic [] )
/twiki/bin/edit/Main/WebTopicEditTemplate (topicparent [Main.WebPreferences] )
/twiki/bin/view/TWiki/WebPreferences (topic [] skin [print] )
/twiki/bin/view/TWiki/TWikiForms (topic [] )
/twiki/bin/edit/Sandbox/WebTopicEditTemplate (topicparent [Sandbox.WebPreference
,s] )
/twiki/bin/view/TWiki/TWikiAccessControl (topic [] )
/twiki/bin/rdiff/TWiki/WikiCulture (rev1 [1.8] rev2 [1.7] )
/twiki/bin/view/Main/PeterThoeny (topic [] skin [print] rev [1.7] )
/twiki/bin/rdiff/Main/TWikiGuest (rev1 [1.5] rev2 [1.4] )
/twiki/bin/oops/Main/WebStatistics (param1 [1.4] param2 [1.4] template [oopsmore
,] )
/twiki/bin/oops/Main/TWikiVariables (template [oopsmore] param1 [1.3] param2 [1.
,3] )
/twiki/bin/rdiff/TWiki/BookView (rev1 [1.2] rev2 [1.1] )
/twiki/bin/oops/TWiki/BookView (template [oopsmore] param1 [1.2] param2 [1.2] )
/twiki/bin/view/TWiki/SiteMap (topic [] skin [print] rev [1.1] )
/twiki/bin/view/Main/WebTopicEditTemplate (unlock [on] )
/twiki/bin/preview/Main/WebTopicEditTemplate (formtemplate [] topicparent [] cmd
, [] )
/phpMyAdmin/index.php (phpMyAdmin [b32a0cc87de6288e47cebde3ea0297e00cbb41f8] tok
,en [e8c7421a12456f84e628f15d7f60c7e3] pma_username [] table [] lang [] server
,[1] db [] convcharset [utf-8] pma_password [] )
/twiki/bin/view/Know/WebHome (topic [] )
/twiki/bin/edit/Sandbox/TestTopic2 (topicparent [Sandbox.WebHome] )
/twiki/bin/view/Main/WebPreferences (topic [] skin [print] rev [1.12] )
/twiki/bin/view/Sandbox/WebPreferences (topic [] skin [print] rev [1.9] )
/twiki/bin/edit/Sandbox/WebPreferences (t [1425419426] )
/twiki/bin/rdiff/Sandbox/WebPreferences (rev1 [1.10] rev2 [1.9] )
/twiki/bin/oops/Sandbox/WebPreferences (template [oopsmore] param1 [1.10] param2
, [1.10] )
/twiki/bin/rdiff/TWiki/DefaultPlugin (rev1 [1.5] rev2 [1.4] )
/twiki/bin/rdiff/Know/WebNotify (rev1 [1.7] rev2 [1.6] )
/twiki/bin/oops/Know/WebNotify (template [oopsmore] param1 [1.7] param2 [1.7] )
/twiki/bin/oops/Main/TWikiGuest (template [oopsmore] param1 [1.5] param2 [1.5] )
/twiki/bin/edit/Main/WebStatistics (t [1425419456] )
. . . continues on next page . . .
RESULTS PER HOST
79
. . . continued from previous page . . .
/twiki/bin/edit/Main/NobodyGroup (t [1425419457] )
/twiki/bin/edit/Main/GrantBow (t [1425419463] )
Directory index found at /dav/
Directory index found at /twiki/TWikiDocumentation.html
Directory index found at /phpMyAdmin/themes/original/img/
Directory index found at /mutillidae/styles/
Directory index found at /mutillidae/styles/ddsmoothmenu/
Directory index found at /mutillidae/images/
Log Method
Details:Web mirroring
OID:1.3.6.1.4.1.25623.1.0.10662
Version used: $Revision: 1048 $
Log (CVSS: 0.0)
NVT: Directory Scanner
Summary
This plugin attempts to determine the presence of various
common dirs on the remote web server
OID of test routine: 1.3.6.1.4.1.25623.1.0.11032
Vulnerability Detection Result
The following directories were discovered:
/cgi-bin, /doc, /test, /icons, /phpMyAdmin
While this is not, in and of itself, a bug, you should manually inspect
these directories to ensure that they are in compliance with company
security standards
Log Method
Details:Directory Scanner
OID:1.3.6.1.4.1.25623.1.0.11032
Version used: $Revision: 1048 $
References
Other:
OWASP:OWASP-CM-006
RESULTS PER HOST
80
Log (CVSS: 0.0)
NVT: Nikto (NASL wrapper)
Summary
This plugin uses nikto(1) to find weak CGI scripts
and other known issues regarding web server security.
See the preferences section for configuration options.
OID of test routine: 1.3.6.1.4.1.25623.1.0.14260
Vulnerability Detection Result
Here is the Nikto report:
- Nikto v2.1.6
--------------------------------------------------------------------------+ Target IP:
192.168.233.133
+ Target Hostname:
192.168.233.133
+ Target Port:
80
+ Start Time:
2015-03-03 21:51:26 (GMT0)
--------------------------------------------------------------------------+ Server: Apache/2.2.8 (Ubuntu) DAV/2
+ Retrieved x-powered-by header: PHP/5.2.4-2ubuntu5.10
+ The anti-clickjacking X-Frame-Options header is not present.
+ Apache/2.2.8 appears to be outdated (current is at least Apache/2.4.7). Apache
, 2.0.65 (final release) and 2.2.26 are also current.
+ Uncommon header tcn found, with contents: list
+ Apache mod_negotiation is enabled with MultiViews, which allows attackers to e
,asily brute force file names. See http://www.wisec.it/sectou.php?id=4698ebdc59
,d15. The following alternatives for index were found: index.php
+ Web Server returns a valid response with junk HTTP methods, this may cause fal
,se positives.
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to X
,ST
+ OSVDB-3233: /phpinfo.php: Contains PHP configuration information
+ OSVDB-3268: /doc/: Directory indexing found.
+ OSVDB-48: /doc/: The /doc/ directory is browsable. This may be /usr/doc.
+ OSVDB-12184: /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potential
,ly sensitive information via certain HTTP requests that contain specific QUERY
, strings.
+ OSVDB-12184: /?=PHPE9568F36-D428-11d2-A769-00AA001ACF42: PHP reveals potential
,ly sensitive information via certain HTTP requests that contain specific QUERY
, strings.
+ OSVDB-12184: /?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potential
,ly sensitive information via certain HTTP requests that contain specific QUERY
, strings.
+ OSVDB-12184: /?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potential
. . . continues on next page . . .
RESULTS PER HOST
81
. . . continued from previous page . . .
,ly sensitive information via certain HTTP requests that contain specific QUERY
, strings.
+ OSVDB-3092: /phpMyAdmin/changelog.php: phpMyAdmin is for managing MySQL databa
,ses, and should be protected or limited to authorized hosts.
+ OSVDB-3092: /phpMyAdmin/: phpMyAdmin is for managing MySQL databases, and shou
,ld be protected or limited to authorized hosts.
+ OSVDB-3268: /test/: Directory indexing found.
+ OSVDB-3092: /test/: This might be interesting...
+ OSVDB-3268: /icons/: Directory indexing found.
+ Server leaks inodes via ETags, header found with file /icons/README, inode: 41
,2190, size: 5108, mtime: Tue Aug 28 10:48:10 2007
+ OSVDB-3233: /icons/README: Apache default file found.
+ /phpMyAdmin/: phpMyAdmin directory found
+ 7356 requests: 0 error(s) and 22 item(s) reported on remote host
+ End Time:
2015-03-03 21:52:05 (GMT0) (39 seconds)
--------------------------------------------------------------------------+ 1 host(s) tested
Log Method
Details:Nikto (NASL wrapper)
OID:1.3.6.1.4.1.25623.1.0.14260
Version used: $Revision: 995 $
Log (CVSS: 0.0)
NVT: PHP Version Detection
Summary
Detection of installed version of PHP.
This script sends HTTP GET request and try to get the version from the
responce, and sets the result in KB.
OID of test routine: 1.3.6.1.4.1.25623.1.0.800109
Vulnerability Detection Result
Detected PHP
Version: 5.2.4
Location: tcp/80
CPE: cpe:/a:php:php:5.2.4
Concluded from version identification result:
X-Powered-By: PHP/5.2.4-2ubuntu5.10
Log Method
. . . continues on next page . . .
RESULTS PER HOST
82
. . . continued from previous page . . .
Details:PHP Version Detection
OID:1.3.6.1.4.1.25623.1.0.800109
Version used: $Revision: 1030 $
Log (CVSS: 0.0)
NVT: TWiki Version Detection
Summary
Detection of installed version of
TWiki.
This script sends HTTP GET request and try to get the version from the
response, and sets the result in KB.
OID of test routine: 1.3.6.1.4.1.25623.1.0.800399
Vulnerability Detection Result
Detected TWiki
Version: unknown
Location: /twiki
CPE: cpe:/a:twiki:twiki
Concluded from version identification result:
unknown under /twiki
Log Method
Details:TWiki Version Detection
OID:1.3.6.1.4.1.25623.1.0.800399
Version used: $Revision: 904 $
Log (CVSS: 0.0)
NVT: phpMyAdmin Detection
Summary
Detection of phpMyAdmin.
The script sends a connection request to the server and attempts to
extract the version number from the reply.
OID of test routine: 1.3.6.1.4.1.25623.1.0.900129
. . . continues on next page . . .
RESULTS PER HOST
83
. . . continued from previous page . . .
Vulnerability Detection Result
Detected phpMyAdmin
Version: 3.1.1
Location: /phpMyAdmin
CPE: cpe:/a:phpmyadmin:phpmyadmin:3.1.1
Concluded from version identification result:
3.1.1
(Not protected by Username/Password)
Log Method
Details:phpMyAdmin Detection
OID:1.3.6.1.4.1.25623.1.0.900129
Version used: $Revision: 895 $
Log (CVSS: 0.0)
NVT: phpMyAdmin Detection
Summary
Detection of phpMyAdmin.
The script sends a connection request to the server and attempts to
extract the version number from the reply.
OID of test routine: 1.3.6.1.4.1.25623.1.0.900129
Vulnerability Detection Result
Detected phpMyAdmin
Version: 3.1.1
Location: /phpMyAdmin
CPE: cpe:/a:phpmyadmin:phpmyadmin:3.1.1
Concluded from version identification result:
3.1.1
(Not protected by Username/Password)
Log Method
Details:phpMyAdmin Detection
OID:1.3.6.1.4.1.25623.1.0.900129
Version used: $Revision: 895 $
. . . continues on next page . . .
RESULTS PER HOST
84
. . . continued from previous page . . .
Log (CVSS: 0.0)
NVT: Apache Web ServerVersion Detection
Summary
Detection of installed version of Apache Web Server
The script detects the version of Apache HTTP Server on remote host
and sets the KB.
OID of test routine: 1.3.6.1.4.1.25623.1.0.900498
Vulnerability Detection Result
Detected Apache
Version: 2.2.8
Location: 80/tcp
CPE: cpe:/a:apache:http_server:2.2.8
Concluded from version identification result:
Server: Apache/2.2.8
Log Method
Details:Apache Web ServerVersion Detection
OID:1.3.6.1.4.1.25623.1.0.900498
Version used: $Revision: 1030 $
Log (CVSS: 0.0)
NVT: TikiWiki Version Detection
Summary
Detection of TikiWiki, a open source web application
is a wiki-based CMS (http://tiki.org/tiki-index.php).
The script sends a connection request to the web server and attempts to
extract the version number from the reply.
OID of test routine: 1.3.6.1.4.1.25623.1.0.901001
Vulnerability Detection Result
Detected TikiWiki version: 1.9.5 under /tikiwiki
Location: /tikiwiki
CPE: cpe:/a:tikiwiki:tikiwiki:1.9.5
Concluded from version identification result:
. . . continues on next page . . .
RESULTS PER HOST
85
. . . continued from previous page . . .
1.9.5
Log Method
Details:TikiWiki Version Detection
OID:1.3.6.1.4.1.25623.1.0.901001
Version used: $Revision: 43 $
[ return to 192.168.233.133 ]
2.1.30
Log 6667/tcp
Log (CVSS: 0.0)
NVT: Identify unknown services with nmap
Summary
This plugin performs service detection by launching nmaps
service probe against ports running unidentified services.
Description :
This plugin is a complement of find_service.nasl. It launches
nmap -sV (probe requests) against ports that are running
unidentified services.
OID of test routine: 1.3.6.1.4.1.25623.1.0.66286
Vulnerability Detection Result
Nmap service detection result for this port: irc
Log Method
Details:Identify unknown services with nmap
OID:1.3.6.1.4.1.25623.1.0.66286
Version used: $Revision: 329 $
[ return to 192.168.233.133 ]
2.1.31
Log 25/tcp
Log (CVSS: 0.0)
NVT: SMTP Server type and version
. . . continues on next page . . .
RESULTS PER HOST
86
. . . continued from previous page . . .
Summary
This detects the SMTP Servers type and version by connecting to
the server and processing the buffer received. This information gives potential
attackers additional information about the system they are attacking. Versions
and Types should be omitted where possible.
OID of test routine: 1.3.6.1.4.1.25623.1.0.10263
Vulnerability Detection Result
Remote SMTP server banner :
220 metasploitable.localdomain ESMTP Postfix (Ubuntu)
This is probably: Postfix
Detected Postfix
Version: unknown
Location: 25/tcp
CPE: cpe:/a:postfix:postfix
Solution
Change the login banner to something generic.
Log Method
Details:SMTP Server type and version
OID:1.3.6.1.4.1.25623.1.0.10263
Version used: $Revision: 339 $
Log (CVSS: 0.0)
NVT: SMTP STARTTLS Detection
Summary
Check if the remote Mailserver supports the STARTTLS command.
OID of test routine: 1.3.6.1.4.1.25623.1.0.103118
Vulnerability Detection Result
The remote Mailserver supports the STARTTLS command.
Log Method
Details:SMTP STARTTLS Detection
. . . continues on next page . . .
RESULTS PER HOST
87
. . . continued from previous page . . .
OID:1.3.6.1.4.1.25623.1.0.103118
Version used: $Revision: 703 $
Log (CVSS: 0.0)
NVT: Services
Summary
This plugin attempts to guess which
service is running on the remote ports. For instance,
it searches for a web server which could listen on
another port than 80 and set the results in the plugins
knowledge base.
OID of test routine: 1.3.6.1.4.1.25623.1.0.10330
Vulnerability Detection Result
An SMTP server is running on this port
Here is its banner :
220 metasploitable.localdomain ESMTP Postfix (Ubuntu)
Log Method
Details:Services
OID:1.3.6.1.4.1.25623.1.0.10330
Version used: $Revision: 69 $
[ return to 192.168.233.133 ]
2.1.32
Log 53/tcp
Log (CVSS: 0.0)
NVT: DNS Server Detection
Summary
A DNS Server is running at this Host.
A Name Server translates domain names into IP addresses. This makes it
possible for a user to access a website by typing in the domain name instead of
the websites actual IP address.
OID of test routine: 1.3.6.1.4.1.25623.1.0.100069
. . . continues on next page . . .
RESULTS PER HOST
88
. . . continued from previous page . . .
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Log Method
Details:DNS Server Detection
OID:1.3.6.1.4.1.25623.1.0.100069
Version used: $Revision: 488 $
[ return to 192.168.233.133 ]
2.1.33
Log general/tcp
Log (CVSS: 0.0)
NVT: OS fingerprinting
Summary
This script performs ICMP based OS fingerprinting (as described by
Ofir Arkin and Fyodor Yarochkin in Phrack #57). It can be used to determine
remote operating system version.
OID of test routine: 1.3.6.1.4.1.25623.1.0.102002
Vulnerability Detection Result
ICMP based OS fingerprint results: (91% confidence)
Linux Kernel
Log Method
Details:OS fingerprinting
OID:1.3.6.1.4.1.25623.1.0.102002
Version used: $Revision: 43 $
References
Other:
URL:http://www.phrack.org/issues.html?issue=57&id=7#article
RESULTS PER HOST
89
Log (CVSS: 0.0)
NVT: Traceroute
Summary
A traceroute from the scanning server to the target system was
conducted. This traceroute is provided primarily for informational
value only. In the vast majority of cases, it does not represent a
vulnerability. However, if the displayed traceroute contains any
private addresses that should not have been publicly visible, then you
have an issue you need to correct.
OID of test routine: 1.3.6.1.4.1.25623.1.0.51662
Vulnerability Detection Result
Here is the route from 192.168.233.131 to 192.168.233.133:
192.168.233.131
192.168.233.133
Solution
Block unwanted packets from escaping your network.
Log Method
Details:Traceroute
OID:1.3.6.1.4.1.25623.1.0.51662
Version used: $Revision: 975 $
Log (CVSS: 0.0)
NVT: Anonymous FTP Checking
Summary
This FTP Server allows anonymous logins.
A host that provides an FTP service may additionally provide Anonymous FTP
access as well. Under this arrangement, users do not strictly need an account
on the host. Instead the user typically enters anonymous or ftp when
prompted for username. Although users are commonly asked to send their email
address as their password, little to no verification is actually performed on
the supplied data.
OID of test routine: 1.3.6.1.4.1.25623.1.0.900600
. . . continues on next page . . .
RESULTS PER HOST
90
. . . continued from previous page . . .
Vulnerability Detection Result
Summary:
This FTP Server allows anonymous logins.
A host that provides an FTP service may additionally provide Anonymous FTP
access as well. Under this arrangement, users do not strictly need an account
on the host. Instead the user typically enters anonymous or ftp when
prompted for username. Although users are commonly asked to send their email
address as their password, little to no verification is actually performed on
the supplied data.
Solution:
If you do not want to share files, you should disable anonymous logins.
Solution
If you do not want to share files, you should disable anonymous logins.
Log Method
Details:Anonymous FTP Checking
OID:1.3.6.1.4.1.25623.1.0.900600
Version used: $Revision: 43 $
References
CVE: CVE-1999-0497
Log (CVSS: 0.0)
NVT: ProFTPD Server Remote Version Detection
Summary
This script detects the installed version of ProFTP Server
and sets the version in KB.
OID of test routine: 1.3.6.1.4.1.25623.1.0.900815
Vulnerability Detection Result
ProFTPD version 1.3.1 was detected on the host
Log Method
Details:ProFTPD Server Remote Version Detection
OID:1.3.6.1.4.1.25623.1.0.900815
Version used: $Revision: 673 $
RESULTS PER HOST
91
[ return to 192.168.233.133 ]
2.1.34
Log 139/tcp
Log (CVSS: 0.0)
NVT: SMB on port 445
Summary
This script detects wether port 445 and 139 are open and
if thet are running SMB servers.
OID of test routine: 1.3.6.1.4.1.25623.1.0.11011
Vulnerability Detection Result
An SMB server is running on this port
Log Method
Details:SMB on port 445
OID:1.3.6.1.4.1.25623.1.0.11011
Version used: $Revision: 41 $
[ return to 192.168.233.133 ]
2.1.35
Log general/icmp
Log (CVSS: 0.0)
NVT: ICMP Timestamp Detection
Summary
The remote host responded to an ICMP timestamp request. The Timestamp Reply is
an ICMP message which replies to a Timestamp message. It consists of the
originating timestamp sent by the sender of the Timestamp as well as a receive
timestamp and a transmit timestamp. This information could theoretically be used
to exploit weak time-based random number generators in other services.
OID of test routine: 1.3.6.1.4.1.25623.1.0.103190
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
. . . continues on next page . . .
RESULTS PER HOST
92
. . . continued from previous page . . .
Log Method
Details:ICMP Timestamp Detection
OID:1.3.6.1.4.1.25623.1.0.103190
Version used: $Revision: 13 $
References
CVE: CVE-1999-0524
Other:
URL:http://www.ietf.org/rfc/rfc0792.txt
[ return to 192.168.233.133 ]
2.1.36
Log general/CPE-T
Log (CVSS: 0.0)
NVT: CPE Inventory
Summary
This routine uses information collected by other routines about
CPE identities (http://cpe.mitre.org/) of operating systems, services and
applications detected during the scan.
OID of test routine: 1.3.6.1.4.1.25623.1.0.810002
Vulnerability Detection Result
192.168.233.133|cpe:/a:postfix:postfix
192.168.233.133|cpe:/a:samba:samba:3.0.20
192.168.233.133|cpe:/a:twiki:twiki
192.168.233.133|cpe:/a:x.org:x11:11.0
192.168.233.133|cpe:/a:phpmyadmin:phpmyadmin:3.1.1
192.168.233.133|cpe:/a:tikiwiki:tikiwiki:1.9.5
192.168.233.133|cpe:/a:mysql:mysql:5.0.51a
192.168.233.133|cpe:/a:postgresql:postgresql:8.3.1
192.168.233.133|cpe:/a:proftpd:proftpd:1.3.1
192.168.233.133|cpe:/a:apache:http_server:2.2.8
192.168.233.133|cpe:/a:php:php:5.2.4
192.168.233.133|cpe:/a:openbsd:openssh:4.7p1
192.168.233.133|cpe:/o:canonical:ubuntu_linux
. . . continues on next page . . .
RESULTS PER HOST
93
. . . continued from previous page . . .
Log Method
Details:CPE Inventory
OID:1.3.6.1.4.1.25623.1.0.810002
Version used: $Revision: 314 $
[ return to 192.168.233.133 ]
2.1.37
Log 8787/tcp
Log (CVSS: 0.0)
NVT: Identify unknown services with nmap
Summary
This plugin performs service detection by launching nmaps
service probe against ports running unidentified services.
Description :
This plugin is a complement of find_service.nasl. It launches
nmap -sV (probe requests) against ports that are running
unidentified services.
OID of test routine: 1.3.6.1.4.1.25623.1.0.66286
Vulnerability Detection Result
Nmap service detection result for this port: drb
Log Method
Details:Identify unknown services with nmap
OID:1.3.6.1.4.1.25623.1.0.66286
Version used: $Revision: 329 $
[ return to 192.168.233.133 ]
2.1.38
Log 8009/tcp
Log (CVSS: 0.0)
NVT: Identify unknown services with nmap
Summary
This plugin performs service detection by launching nmaps
. . . continues on next page . . .
RESULTS PER HOST
94
. . . continued from previous page . . .
service probe against ports running unidentified services.
Description :
This plugin is a complement of find_service.nasl. It launches
nmap -sV (probe requests) against ports that are running
unidentified services.
OID of test routine: 1.3.6.1.4.1.25623.1.0.66286
Vulnerability Detection Result
Nmap service detection result for this port: ajp13
Log Method
Details:Identify unknown services with nmap
OID:1.3.6.1.4.1.25623.1.0.66286
Version used: $Revision: 329 $
[ return to 192.168.233.133 ]
2.1.39
Log 5900/tcp
Log (CVSS: 5.0)
NVT: VNC security types
Summary
This script checks the remote VNC protocol version
and the available security types.
OID of test routine: 1.3.6.1.4.1.25623.1.0.19288
Vulnerability Detection Result
The remote VNC server chose security type #2 (VNC authentication)
Vulnerability Detection Method
Details:VNC security types
OID:1.3.6.1.4.1.25623.1.0.19288
Version used: $Revision: 998 $
[ return to 192.168.233.133 ]
RESULTS PER HOST
2.1.40
95
Log 53/udp
Log (CVSS: 0.0)
NVT: DNS Server Detection
Summary
A DNS Server is running at this Host.
A Name Server translates domain names into IP addresses. This makes it
possible for a user to access a website by typing in the domain name instead of
the websites actual IP address.
OID of test routine: 1.3.6.1.4.1.25623.1.0.100069
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Log Method
Details:DNS Server Detection
OID:1.3.6.1.4.1.25623.1.0.100069
Version used: $Revision: 488 $
[ return to 192.168.233.133 ]
2.1.41
Log 514/tcp
Log (CVSS: 0.0)
NVT: Identify unknown services with nmap
Summary
This plugin performs service detection by launching nmaps
service probe against ports running unidentified services.
Description :
This plugin is a complement of find_service.nasl. It launches
nmap -sV (probe requests) against ports that are running
unidentified services.
OID of test routine: 1.3.6.1.4.1.25623.1.0.66286
Vulnerability Detection Result
. . . continues on next page . . .
RESULTS PER HOST
96
. . . continued from previous page . . .
Nmap service detection result for this port: tcpwrapped
Log Method
Details:Identify unknown services with nmap
OID:1.3.6.1.4.1.25623.1.0.66286
Version used: $Revision: 329 $
[ return to 192.168.233.133 ]
2.1.42
Log 513/tcp
Log (CVSS: 0.0)
NVT: Identify unknown services with nmap
Summary
This plugin performs service detection by launching nmaps
service probe against ports running unidentified services.
Description :
This plugin is a complement of find_service.nasl. It launches
nmap -sV (probe requests) against ports that are running
unidentified services.
OID of test routine: 1.3.6.1.4.1.25623.1.0.66286
Vulnerability Detection Result
Nmap service detection result for this port: login
This is a guess. A confident identification of the service was not possible.
Log Method
Details:Identify unknown services with nmap
OID:1.3.6.1.4.1.25623.1.0.66286
Version used: $Revision: 329 $
[ return to 192.168.233.133 ]
2.1.43
Log 445/tcp
Log (CVSS: 0.0)
NVT: SMB NativeLanMan
. . . continues on next page . . .
RESULTS PER HOST
97
. . . continued from previous page . . .
Summary
It is possible to extract OS, domain and SMB server information
from the Session Setup AndX Response packet which is generated
during NTLM authentication.
OID of test routine: 1.3.6.1.4.1.25623.1.0.102011
Vulnerability Detection Result
Summary:
It is possible to extract OS, domain and SMB server information
from the Session Setup AndX Response packet which is generated
during NTLM authentication.Detected SMB workgroup: WORKGROUP
Detected SMB server: Samba 3.0.20-Debian
Detected OS: Unix
Log Method
Details:SMB NativeLanMan
OID:1.3.6.1.4.1.25623.1.0.102011
Version used: $Revision: 43 $
Log (CVSS: 0.0)
NVT: SMB log in
Summary
This script attempts to logon into the remote host using
login/password credentials.
OID of test routine: 1.3.6.1.4.1.25623.1.0.10394
Vulnerability Detection Result
It was possible to log into the remote host using the SMB protocol.
Log Method
Details:SMB log in
OID:1.3.6.1.4.1.25623.1.0.10394
Version used: $Revision: 1032 $
RESULTS PER HOST
98
Log (CVSS: 0.0)
NVT: SMB on port 445
Summary
This script detects wether port 445 and 139 are open and
if thet are running SMB servers.
OID of test routine: 1.3.6.1.4.1.25623.1.0.11011
Vulnerability Detection Result
A CIFS server is running on this port
Log Method
Details:SMB on port 445
OID:1.3.6.1.4.1.25623.1.0.11011
Version used: $Revision: 41 $
[ return to 192.168.233.133 ]
2.1.44
Log 23/tcp
Log (CVSS: 0.0)
NVT: Check for Telnet Server
Summary
A telnet Server is running at this host.
Experts in computer security, such as SANS Institute, and the members of the
comp.os.linux.security newsgroup recommend that the use of Telnet for remote
logins should be discontinued under all normal circumstances, for the followi
,ng
reasons:
* Telnet, by default, does not encrypt any data sent over the connection
(including passwords), and so it is often practical to eavesdrop on the
communications and use the password later for malicious purposes
anybody who
has access to a router, switch, hub or gateway located on the network betwe
,en
the two hosts where Telnet is being used can intercept the packets passing
,by
and obtain login and password information (and whatever else is typed) with
, any
of several common utilities like tcpdump and Wireshark.
. . . continues on next page . . .
RESULTS PER HOST
99
. . . continued from previous page . . .
* Most implementations of Telnet have no authentication that would ensure
communication is carried out between the two desired hosts and not intercep
,ted
in the middle.
* Commonly used Telnet daemons have several vulnerabilities discovered over
the years.
OID of test routine: 1.3.6.1.4.1.25623.1.0.100074
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Log Method
Details:Check for Telnet Server
OID:1.3.6.1.4.1.25623.1.0.100074
Version used: $Revision: 43 $
Log (CVSS: 0.0)
NVT: Detect Server type and version via Telnet
Summary
This detects the Telnet Servers type and version by connecting to the server
and processing the buffer received.
This information gives potential attackers additional information about the
system they are attacking. Versions and Types should be omitted
where possible.
OID of test routine: 1.3.6.1.4.1.25623.1.0.10281
Vulnerability Detection Result
Remote telnet banner :
_
_
_ _
_
_
____
_ __ ___
___| |_ __ _ ___ _ __ | | ___ (_) |_ __ _| |__ | | ___|___ \\
| _ _ \\ / _ \\ __/ _ / __| _ \\| |/ _ \\| | __/ _ | _ \\| |/ _ \\ __) |
| | | | | | __/ || (_| \\__ \\ |_) | | (_) | | || (_| | |_) | | __// __/
|_| |_| |_|\\___|\\__\\__,_|___/ .__/|_|\\___/|_|\\__\\__,_|_.__/|_|\\___|_____|
|_|
Warning: Never expose this VM to an untrusted network!
Contact: msfdev[at]metasploit.com
Login with msfadmin/msfadmin to get started
. . . continues on next page . . .
RESULTS PER HOST
100
. . . continued from previous page . . .
metasploitable login:
Solution
Change the login banner to something generic.
Log Method
Details:Detect Server type and version via Telnet
OID:1.3.6.1.4.1.25623.1.0.10281
Version used: $Revision: 464 $
Log (CVSS: 0.0)
NVT: Services
Summary
This plugin attempts to guess which
service is running on the remote ports. For instance,
it searches for a web server which could listen on
another port than 80 and set the results in the plugins
knowledge base.
OID of test routine: 1.3.6.1.4.1.25623.1.0.10330
Vulnerability Detection Result
A telnet server seems to be running on this port
Log Method
Details:Services
OID:1.3.6.1.4.1.25623.1.0.10330
Version used: $Revision: 69 $
[ return to 192.168.233.133 ]
2.1.45
Log 1524/tcp
Log (CVSS: 0.0)
NVT: Identify unknown services with nmap
Summary
This plugin performs service detection by launching nmaps
. . . continues on next page . . .
RESULTS PER HOST
101
. . . continued from previous page . . .
service probe against ports running unidentified services.
Description :
This plugin is a complement of find_service.nasl. It launches
nmap -sV (probe requests) against ports that are running
unidentified services.
OID of test routine: 1.3.6.1.4.1.25623.1.0.66286
Vulnerability Detection Result
Nmap service detection result for this port: shell
Log Method
Details:Identify unknown services with nmap
OID:1.3.6.1.4.1.25623.1.0.66286
Version used: $Revision: 329 $
[ return to 192.168.233.133 ]
2.1.46
Log 137/udp
Log (CVSS: 0.0)
NVT: Using NetBIOS to retrieve information from a Windows host
Summary
The NetBIOS port is open (UDP:137). A remote attacker may use this to gain
access to sensitive information such as computer name, workgroup/domain
name, currently logged on user name, etc.
OID of test routine: 1.3.6.1.4.1.25623.1.0.10150
Vulnerability Detection Result
The following 5 NetBIOS names have been gathered :
METASPLOITABLE = This is the computer name registered for workstation services
, by a WINS client.
METASPLOITABLE = This is the current logged in user registered for this workst
,ation.
METASPLOITABLE = Computer name
WORKGROUP
= Workgroup / Domain name
WORKGROUP
= Workgroup / Domain name (part of the Browser elections)
. . . continues on next page . . .
RESULTS PER HOST
102
. . . continued from previous page . . .
. This SMB server seems to be a SAMBA server (this is not a security
risk, this is for your information). This can be told because this server
claims to have a null MAC address
If you do not want to allow everyone to find the NetBios name
of your computer, you should filter incoming traffic to this port.
Solution
Block those ports from outside communication
Log Method
Details:Using NetBIOS to retrieve information from a Windows host
OID:1.3.6.1.4.1.25623.1.0.10150
Version used: $Revision: 41 $
[ return to 192.168.233.133 ]
2.1.47
Log 111/tcp
Log (CVSS: 0.0)
NVT: rpcinfo -p
Summary
This script calls the DUMP RPC on the port mapper, to obtain the
list of all registered programs.
OID of test routine: 1.3.6.1.4.1.25623.1.0.11111
Vulnerability Detection Result
These are the registered RPC programs:\
\
RPC program #100000 version 2 portmapper (portmap sunrpc rpcbind) on port 111/
,TCP
RPC program #100003 version 2 nfs (nfsprog) on port 2049/TCP
RPC program #100003 version 3 nfs (nfsprog) on port 2049/TCP
RPC program #100003 version 4 nfs (nfsprog) on port 2049/TCP
RPC program #100024 version 1 status on port 42478/TCP
RPC program #100021 version 1 nlockmgr on port 58736/TCP
RPC program #100021 version 3 nlockmgr on port 58736/TCP
RPC program #100021 version 4 nlockmgr on port 58736/TCP
RPC program #100005 version 1 mountd (mount showmount) on port 59565/TCP
RPC program #100005 version 2 mountd (mount showmount) on port 59565/TCP
. . . continues on next page . . .
RESULTS PER HOST
RPC program
RPC program
,UDP
RPC program
RPC program
RPC program
RPC program
RPC program
RPC program
RPC program
RPC program
RPC program
RPC program
103
. . . continued from previous page . . .
#100005 version 3 mountd (mount showmount) on port 59565/TCP
#100000 version 2 portmapper (portmap sunrpc rpcbind) on port 111/
#100003
#100003
#100003
#100005
#100005
#100005
#100024
#100021
#100021
#100021
version
version
version
version
version
version
version
version
version
version
2
3
4
1
2
3
1
1
3
4
nfs (nfsprog) on port 2049/UDP
nfs (nfsprog) on port 2049/UDP
nfs (nfsprog) on port 2049/UDP
mountd (mount showmount) on port 33486/UDP
mountd (mount showmount) on port 33486/UDP
mountd (mount showmount) on port 33486/UDP
status on port 35989/UDP
nlockmgr on port 45028/UDP
nlockmgr on port 45028/UDP
nlockmgr on port 45028/UDP
Log Method
Details:rpcinfo -p
OID:1.3.6.1.4.1.25623.1.0.11111
Version used: $Revision: 41 $
[ return to 192.168.233.133 ]
2.1.48
Log 1099/tcp
Log (CVSS: 0.0)
NVT: Identify unknown services with nmap
Summary
This plugin performs service detection by launching nmaps
service probe against ports running unidentified services.
Description :
This plugin is a complement of find_service.nasl. It launches
nmap -sV (probe requests) against ports that are running
unidentified services.
OID of test routine: 1.3.6.1.4.1.25623.1.0.66286
Vulnerability Detection Result
Nmap service detection result for this port: rmiregistry
Log Method
Details:Identify unknown services with nmap
. . . continues on next page . . .
RESULTS PER HOST
104
. . . continued from previous page . . .
OID:1.3.6.1.4.1.25623.1.0.66286
Version used: $Revision: 329 $
[ return to 192.168.233.133 ]
This file was automatically generated.
You might also like
- Daikin LXE10E-A - Service Manual (TR 01-09B) PDFNo ratings yetDaikin LXE10E-A - Service Manual (TR 01-09B) PDF238 pages
- SKyWAN Operation Manual 5 72 Revision CNo ratings yetSKyWAN Operation Manual 5 72 Revision C394 pages
- Instruction Manual 847 Portable Enraf Terminal PDF100% (1)Instruction Manual 847 Portable Enraf Terminal PDF24 pages
- Kloenh 8 - Channel - R5 - Pump-Users-ManualNo ratings yetKloenh 8 - Channel - R5 - Pump-Users-Manual119 pages
- Metasploit Greenbone Full Scan Report 6.9No ratings yetMetasploit Greenbone Full Scan Report 6.988 pages
- Operating and Installation Instructions Electronic Control Box Type: 2300No ratings yetOperating and Installation Instructions Electronic Control Box Type: 230048 pages
- ST62T53C/T60C/T63C ST62E60C: 8-Bit Otp/Eprom Mcus With A/D Converter, Safe Reset, Auto-Reload Timer, Eeprom and SpiNo ratings yetST62T53C/T60C/T63C ST62E60C: 8-Bit Otp/Eprom Mcus With A/D Converter, Safe Reset, Auto-Reload Timer, Eeprom and Spi84 pages
- Administration Manual OpenStage OpenScape VoiceNo ratings yetAdministration Manual OpenStage OpenScape Voice378 pages
- Hardware User'S Manual Versapump 6 Syringe Dispenser Module: For TheNo ratings yetHardware User'S Manual Versapump 6 Syringe Dispenser Module: For The119 pages
- Facsimile Ricoh (BETA) Fieldservice Manual: (Europe) (Asia)No ratings yetFacsimile Ricoh (BETA) Fieldservice Manual: (Europe) (Asia)177 pages
- Honeywell Enraf SVP Controller Operation ManualNo ratings yetHoneywell Enraf SVP Controller Operation Manual78 pages
- MC68HC11D3 Technical Data: Freescale Semiconductor, IncNo ratings yetMC68HC11D3 Technical Data: Freescale Semiconductor, Inc124 pages
- LIS302DL: MEMS Motion Sensor 3-Axis - 2g/ 8g Smart Digital Output "Piccolo" AccelerometerNo ratings yetLIS302DL: MEMS Motion Sensor 3-Axis - 2g/ 8g Smart Digital Output "Piccolo" Accelerometer42 pages
- MCE HMC 1000 Control Programable Manual InglesNo ratings yetMCE HMC 1000 Control Programable Manual Ingles180 pages
- Wireless Communications over MIMO Channels: Applications to CDMA and Multiple Antenna SystemsFrom EverandWireless Communications over MIMO Channels: Applications to CDMA and Multiple Antenna SystemsNo ratings yet
- Space/Terrestrial Mobile Networks: Internet Access and QoS SupportFrom EverandSpace/Terrestrial Mobile Networks: Internet Access and QoS SupportNo ratings yet
- Comparing CMSS: Open Source Content Management SystemsNo ratings yetComparing CMSS: Open Source Content Management Systems7 pages
- Video Spin Blaster Pro: - Training ManualNo ratings yetVideo Spin Blaster Pro: - Training Manual7 pages
- System Programming and Operating System by System Programming and Operating System by Dhamdhere PDF Dhamdhere PDFNo ratings yetSystem Programming and Operating System by System Programming and Operating System by Dhamdhere PDF Dhamdhere PDF3 pages
- Bsit 5P B.Sc. (IT) 5 Semester Practical Question Paper Set: Subject: Graphics & Multimedia and Web ProgrammingNo ratings yetBsit 5P B.Sc. (IT) 5 Semester Practical Question Paper Set: Subject: Graphics & Multimedia and Web Programming4 pages
- Brac LMC - Seriul Coloni - Site ID - RAJ 045, Office Code - 8980 - No-02No ratings yetBrac LMC - Seriul Coloni - Site ID - RAJ 045, Office Code - 8980 - No-021 page
- Kubernetes On Azure Solution Booklet - Oct 2019No ratings yetKubernetes On Azure Solution Booklet - Oct 201976 pages
- RF Unit and Topology Management SRAN8 0 Draft B PDFNo ratings yetRF Unit and Topology Management SRAN8 0 Draft B PDF91 pages
- Links Da Deepweb: Treinamento It Security SpecialistNo ratings yetLinks Da Deepweb: Treinamento It Security Specialist2 pages
- Lecture5 (Share Memory" According To Connection)No ratings yetLecture5 (Share Memory" According To Connection)9 pages
- Learnings eNB Integration and RF Idea LTE LaunchNo ratings yetLearnings eNB Integration and RF Idea LTE Launch9 pages
- THE LTSPICE XVII SIMULATOR: Commands and ApplicationsFrom EverandTHE LTSPICE XVII SIMULATOR: Commands and Applications
- Instruction Manual 847 Portable Enraf Terminal PDFInstruction Manual 847 Portable Enraf Terminal PDF
- Operating and Installation Instructions Electronic Control Box Type: 2300Operating and Installation Instructions Electronic Control Box Type: 2300
- ST62T53C/T60C/T63C ST62E60C: 8-Bit Otp/Eprom Mcus With A/D Converter, Safe Reset, Auto-Reload Timer, Eeprom and SpiST62T53C/T60C/T63C ST62E60C: 8-Bit Otp/Eprom Mcus With A/D Converter, Safe Reset, Auto-Reload Timer, Eeprom and Spi
- Hardware User'S Manual Versapump 6 Syringe Dispenser Module: For TheHardware User'S Manual Versapump 6 Syringe Dispenser Module: For The
- Facsimile Ricoh (BETA) Fieldservice Manual: (Europe) (Asia)Facsimile Ricoh (BETA) Fieldservice Manual: (Europe) (Asia)
- MC68HC11D3 Technical Data: Freescale Semiconductor, IncMC68HC11D3 Technical Data: Freescale Semiconductor, Inc
- LIS302DL: MEMS Motion Sensor 3-Axis - 2g/ 8g Smart Digital Output "Piccolo" AccelerometerLIS302DL: MEMS Motion Sensor 3-Axis - 2g/ 8g Smart Digital Output "Piccolo" Accelerometer
- Lightwave Technology: Telecommunication SystemsFrom EverandLightwave Technology: Telecommunication Systems
- Wireless Communications over MIMO Channels: Applications to CDMA and Multiple Antenna SystemsFrom EverandWireless Communications over MIMO Channels: Applications to CDMA and Multiple Antenna Systems
- Next Generation SDH/SONET: Evolution or Revolution?From EverandNext Generation SDH/SONET: Evolution or Revolution?
- OFDM-Based Broadband Wireless Networks: Design and OptimizationFrom EverandOFDM-Based Broadband Wireless Networks: Design and Optimization
- Space/Terrestrial Mobile Networks: Internet Access and QoS SupportFrom EverandSpace/Terrestrial Mobile Networks: Internet Access and QoS Support
- Comparing CMSS: Open Source Content Management SystemsComparing CMSS: Open Source Content Management Systems
- System Programming and Operating System by System Programming and Operating System by Dhamdhere PDF Dhamdhere PDFSystem Programming and Operating System by System Programming and Operating System by Dhamdhere PDF Dhamdhere PDF
- Bsit 5P B.Sc. (IT) 5 Semester Practical Question Paper Set: Subject: Graphics & Multimedia and Web ProgrammingBsit 5P B.Sc. (IT) 5 Semester Practical Question Paper Set: Subject: Graphics & Multimedia and Web Programming
- Brac LMC - Seriul Coloni - Site ID - RAJ 045, Office Code - 8980 - No-02Brac LMC - Seriul Coloni - Site ID - RAJ 045, Office Code - 8980 - No-02
- RF Unit and Topology Management SRAN8 0 Draft B PDFRF Unit and Topology Management SRAN8 0 Draft B PDF
- Links Da Deepweb: Treinamento It Security SpecialistLinks Da Deepweb: Treinamento It Security Specialist