| Date: | Sunday, March 10, 2002 16:21:01 |
| User Name: | xxxxxxxxxxxxxxxxx |
| Company: | xxxxxxxxx |
| Session ID: | 112 |
| Session Name: | Test 1 |
| Current Job ID: | 131 |
| Current Job Date: | March 10, 2002 4:19:31 PM |
| Testcase name |
| '+' character accepted as UNIX login name |
| 'Attack FTP' Backdoor Found |
| .reg Association Unprotected |
| .reg Files Associated With Regedit.exe |
| AAA failure in CISCO IOS 11.3 |
| ACC's Tigris Access Terminal Vulnerability |
| Acme thttpd Arbitrary World-Readable File Disclosure Vulnerability |
| Active SNMP Agent |
| Active trinoo Master or Daemon |
| ActivePerl perlIS.dll Buffer Overflow Vulnerability |
| Address Translation Table Available via SNMP |
| aglimpse Script detected |
| Akopia Interchange Sample Files Vulnerability |
| Alcatel Speed Touch Pro ADSL Insecure Embedded TFTP Server Vulnerability |
| Alchemy Eye Remote Command Execution Vulnerability |
| Alex Heiphetz Group EZShopper Directory Disclosure Vulnerability |
| Alibaba 2.0 Multiple CGI Vulnerabilties |
| Alibaba 2.0 Web Server Exposes File System |
| Allaire ColdFusion 4.0x CFCACHE Vulnerability |
| Allaire ColdFusion Path Disclosure Vulnerability |
| Allaire ColdFusion Sample Directory Listing |
| Allaire JRun 2.3.x Sample Files Vulnerability |
| Alt-N MDaemon 'Lock Server' Bypass Vulnerability |
| Alt-N MDaemon 3.1.1 DoS Vulnerability |
| Alt-N MDaemon 3.5.4 DoS Vulnerability |
| Alt-N MDaemon Session ID Hijacking Vulnerability |
| Alternate Security Provider Is Used For NT Logons |
| amd Buffer Overflow |
| Anonymous FTP Allowed |
| Anonymous FTP Connection Reveals Real Passwd File |
| Anonymous FTP Connection Shows Unpassworded Account |
| Anonymous Remote Registry Access |
| AnyForm CGI allowing remote commands execution vulnerability |
| AOL Instant Messenger 4.7 Denial of Service Vulnerabilities |
| AOL Instant Messenger Remote Buffer Overflow |
| AOLserver Directory Traversal Vulnerability |
| Apache - HTTP Server is Outdated |
| Apache AuthPG Remote SQL Query Manipulation Vulnerability |
| Apache HTTP Server Root Directory Access Vulnerability |
| Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability |
| Apache Split-Logfile File Appending Vulnerability |
| Apache Tomcat 3.1 Path Disclosure Vulnerability |
| Apache Tomcat Snoop Servlet Information Disclosure Vulnerability |
| Apache Web Server with Php 3 File Disclosure Vulnerability |
| Apache Win32 PHP.EXE Remote File Disclosure Vulnerability |
| ASP :$DATA disclosing system information vulnerability |
| ASP ::$DATA issue source code disclosure vulnerability |
| ASP Appended Dot Vulnerability |
| ASP Source Code Retrieved With Unicode Extension |
| AT&T VNC Service Available |
| AT&T WinVNC Remote Desktop Default Configuration Vulnerability |
| Atmel SNMP Community String Vulnerability |
| Atrium Software Mercur Mail Server 3.2 Directory Traversal Vulnerability |
| Attack in RPC Applications |
| auth/tcp (ident protocol) Service Enabled Vulnerability |
| Back Orifice 2000 Backdoor Program Vulnerability |
| Back Orifice Backdoor Program Vulnerability |
| Backdoor Passwords in 3com Switches |
| Backdoor program Remote Windows Shutdown (RWS) |
| Bad Protections on LSA Key |
| Bad Protections on Winlogon Key |
| BadBlue Source Code Disclosure Vulnerability |
| BadBlue Source Directory Listing Vulnerability |
| Bajie Webserver Absolute Path Disclosure Vulnerability |
| Bajie Webserver File Reading Vulnerability |
| BAK Files Disclose Content of ASP Source |
| Bardon Data Systems WinU Weak Encrypted Password Vulnerability |
| Bay Networks "user" Account |
| BB4 Big Brother CGI File Creation Vulnerability |
| BDIR.HTR Shows Directory Structure of Web Server |
| BEA Systems WebLogic Server Directory Listing Vulnerability |
| BEA WebLogic Source Code Disclosure Vulnerability via "/file/" |
| BIND Version Query Allowed Vulnerability |
| Bootparamd Service Present |
| Broker FTP Directory Traversal Vulnerability |
| BRS WebWeaver Directory Traversal Vulnerability |
| BRS WebWeaver FTP Root Path Disclosure Vulnerability |
| BSCW Insecure Default Installation Vulnerability |
| BSCW/Python Full Path Disclosure Through IIS Vulnerability |
| Buffer Overflow in MDaemon WebConfig Service |
| Buffer Overflow in MDaemon WorldClient Standard Service |
| Bugs Backdoor Found |
| Bugzilla Sensitive Information Disclosure Vulnerability |
| Cache Corruption on Microsoft DNS Servers |
| cachemgr.cgi Installed in cgi-bin |
| campas CGI security hole |
| Carey Internets Services Commerce.cgi Directory Traversal Vulnerability |
| Catalyst Remote Supervisor Module Reload Vulnerability |
| Caucho Technology Resin 1.2 JSP Source Disclosure Vulnerability |
| Caucho Technology Resin JavaBean Disclosure Vulnerability |
| cc_whois.cgi Remote Command Execution |
| CERN httpd Server multiple vulnerabilities |
| Cfingerd Outdated Version Vulnerability |
| Cfingerd User Enumeration Via Search Vulnerability |
| CGI Script Center Auction Weaver Directory Traversal Vulnerability |
| CGI Script Center Subscribe Me LITE Administrative Password Alteration Vulnerability |
| Cgi-bin Directory Listing vulnerability |
| chargen/tcp Service is Running |
| chargen/udp Service is Running |
| Charles Clark Meteor FTP Directory Traversal Vulnerability |
| Checkpoint Firewall-1 Valid Username Vulnerability |
| Checkpoint SecureRemote detection |
| Chili!Soft ASP Sample Scripts Directory Traversal Vulnerability |
| CISCO Device Identification Vulnerability |
| Cisco IOS HTTP Configuration Arbitrary Administrative Access Vulnerability |
| CISCO IOS Software Outdated |
| Cisco PIX Firewall Manager Exposes Files |
| Cisco Router Password Not Set Vulnerability |
| CISCO TFTPD Server 1.1 Directory Traversal Vulnerability |
| CiscoSecure ACS Remote Admin Vulnerability |
| Cobalt RaQ .bash_history Exposed |
| Cognos Powerplay Web Edition CGI Parameters Vulnerability |
| Cold Fusion - Debug Mode Vulnerability |
| Cold Fusion - Fileexists.cfm Sample Available Vulnerability |
| Cold Fusion Syntax Checker Vulnerability |
| ColdFusion Server DoS Attacks |
| ColdFusion Server Expression Evaluator Remote execution vulnerability |
| Command Interpreter Found in Cgi-bin |
| CommuniGate Pro Arbitrary File Read Vulnerability |
| Compaq Management Agent Web Directory Traversal |
| Computer Associates eTrust Intrusion Detection System Weak Encryption Vulnerability |
| Comsat Flooding Vulnerability |
| Count.cgi Buffer Overflow Vulnerability |
| count.cgi unauthorized GIF File access vulnerability |
| Dangerous Sendmail Aliases |
| Dansie Shopping Cart Installed |
| Datawizard FtpXQ Directory Traversal Vulnerability |
| DataWizard FtpXQ Privileged Default Account Permissions Vulnerability |
| daytime/tcp Service is Running |
| daytime/udp Service is Running |
| DCOM Enabled |
| Deerfield WorldClient 2.1 Directory Traversal Vulnerability |
| Default Login Name Obtained from Registry Database |
| Default Sun Java Web Server Servlet Vulnerability |
| DeleGate Cross-Site Scripting Vulnerability |
| Delta Trojan/Backdoor Active |
| discard/tcp Service is Running |
| discard/udp Service is Running |
| DNS Inverse Query Supported |
| DNS Server Enabled |
| DNS Zone Transfer |
| Domino Database Security |
| Doubledot Bug in FrontPage Personal Web Server |
| Drummon Miles A1Stats Directory Traversal Vulnerability |
| Dumpenv CGI System Disclosure Vulnerability |
| echo/tcp Service is Running |
| echo/udp Service is running |
| EFTP CWD Directory Traversal Vulnerability |
| EFTP DirectoryTraversal Vulnerability |
| EFTP File Existence Vulnerability |
| Eserv 2.50 Web Interface Server Directory Traversal Vulnerability |
| EServ Password-Protected File Access Vulnerability |
| EvilFTP Trojan Horse |
| EWS Remote Command Execution |
| Exchange NNTP DoS |
| Exchange SMTP DoS |
| Exploitable Buffer overflow in the InterAccess telnet server TelnetD |
| Extent RBS ISP Directory Traversal Vulnerability |
| Extropia WebBanner Input Validation Vulnerability |
| EZShopper loadpage.cgi Execution Vulnerability |
| FAQManager.CGI NULL Character Arbitrary File Disclosure Vulnerability |
| Fastream FTP++ Absolute Path Disclosure Vulnerability |
| Fastream FTP++ Denial of Service Vulnerability |
| FastTrack Web Server allows Directory Listing |
| Faxsurvey Remote Command Execution |
| File Access Vulnerability with MS Frontpage Server Extensions |
| Finger CGI Hole |
| Finger Information Disclosure |
| Fingerd Enabled |
| Firewall - 1 SNMP Open Access |
| Floosietek FTGate Mail Server Vulnerability |
| FormMail CGI Vulnerability |
| Fortech Proxy+ 2.30 Remote Administration Vulnerability |
| Fortech Proxy+ Telnet Gateway Vulnerability |
| Francisco Burzi PHP-Nuke Administrative Privileges Vulnerability |
| Free Online Dictionary of Computing Remote File Viewing Vulnerability |
| Free Peers BearShare Directory Traversal Vulnerability |
| Free Peers BearShare Directory Traversal Vulnerability |
| FreeBSD SSH Port Misconfiguration Vulnerability |
| FSP Daemon Running Vulnerability |
| FTGATE Interface Security holes |
| FTP Banner Exposure |
| FTP Bounce Attack |
| FTP CWD ~root Vulnerability |
| FTP NT GUEST Account Vulnerability |
| FTP Ports Under PASV Commands Are Opened In Sequential Order |
| FTP's Real Home Directory Found |
| FTPd RNFR Issue |
| ftpd signal processing |
| FTPd Unprotected |
| FTPd Writeable Directories |
| Getadmin Exploit |
| Getdrvrs.exe Reveals Information |
| GoAhead WebServer Directory Traversal Vulnerability |
| GoodTech FTP Server Denial of Service |
| Gopher daemon is running |
| Guestbook CGI Program could lead to Remote Command Execution |
| Guido Frassetto SEDUM HTTP Server Directory Traversal Vulnerability |
| Guild FTPD File Existence Disclosure Vulnerability |
| GuildFTPD Directory Traversal Vulnerability |
| GuildFTPD Plaintext Password Storage Vulnerability |
| Heat-On HSWeb Web Server Path Disclosure Vulnerability |
| HidePak Backdoor Found Vulnerability |
| Hidesource Backdoor Found |
| HKEY_CLASSES_ROOT Writeable by Non-administrators |
| HKEY_LOCAL_MACHINE Writeable by Non Administrators |
| HKEY_USERS Hive Writeable by Non Administrators |
| HP LaserJet can be configured remotely |
| HP LaserJet Opened Port 9099 |
| HP LaserJet Opened Port 9100 |
| ht://dig Arbitrary File Disclosure Vulnerability |
| htmlscript CGI remote files read access vulnerability |
| HTTP Available Banner Exposure |