MAX PRESENCE,TP3106,TP3206 Security Vulnerabilities
Sojourn Search Engine sojourn.cgi cat Parameter Traversal Arbitrary File Access
The 'sojourn.cgi' CGI is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the http daemon (usually root or...
6.6AI Score
0.036EPSS
SGI InfoSearch infosrch.cgi fname Parameter Arbitrary Command Execution
The remote web server is hosting the 'infosrch.cgi' script. The installed version of this script fails to properly sanitize user- supplied input to the 'fname' variable. An attacker, exploiting this flaw, could execute arbitrary commands on the remote host subject to the privileges of the web...
7.3AI Score
0.031EPSS
The remote host is running LinuxConf, a web-based administration tool for Linux. It is suggested to not allow anyone to connect to this...
-0.3AI Score
Sambar Server Multiple Script Arbitrary Code Execution
At least one of these CGI scripts is installed : hello.bat echo.bat They allow any attacker to execute commands with the privileges of the web server...
7.1AI Score
0.012EPSS
The remote host appears to be running CDK, a backdoor that can be used to control your system. This suggests the host has been been compromised. A remote attacker can control the system by connecting to this port and sending the password...
0.2AI Score
Cobalt siteUserMod.cgi Arbitrary Password Modification
The Cobalt 'siteUserMod' CGI appears to be installed on the remote web server. Older versions of this CGI may allow a user with Site Administrator access to change the password of users on the system, such as Site Administrator or regular users, or the admin (root) user. Note that Nessus has only.....
6.7AI Score
0.0004EPSS
PlusMail plusmail CGI Arbitrary Command Execution
The 'plusmail' CGI is installed. Some versions of this CGI have a well known security flaw that lets an attacker read arbitrary file with the privileges of the HTTP...
6.6AI Score
0.055EPSS
WinSATAN is installed. This backdoor allows anyone to partially take control of the remote system. An attacker may use it to steal your password or prevent your system from working...
0.1AI Score
Lincoln D. Stein nph-publish.cgi pathname Parameter Traversal Arbitrary File Write
The 'nph-publish.cgi' is installed. This CGI has a well known security flaw that lets an attacker to execute arbitrary commands with the privileges of the HTTP daemon (usually root or...
0.7AI Score
0.003EPSS
Cobalt RaQ2 cgiwrap Multiple Vulnerabilities
The remote host has 'cgiwrap' is installed. If you are running an unpatched Cobalt RaQ, the version of cgiwrap distributed with that system has a known security flaw that lets anyone execute arbitrary commands with the privileges of the http daemon (root or nobody). This flaw exists only on the...
0.5AI Score
0.036EPSS
Symantec pcAnywhere Status Service Detection (UDP)
The remote host is running Symantec pcAnywhere Status server, a service used to discover pcAnywhere servers on a...
-0.1AI Score
TFN (Tribe Flood Network) Trojan Detection
The remote host appears to be running TFN (Tribe Flood Network), which is a Trojan Horse that can be used to control your system or make it attack another network. It is very likely that this host has been...
0.4AI Score
0.006EPSS
Matthew Wright FormMail CGI (formmail.cgi) Arbitrary Mail Relay
The 'formmail.pl' is installed. This CGI has a well known security flaw that lets anyone execute arbitrary commands with the privileges of the HTTP daemon (root or...
0.6AI Score
0.016EPSS
Matt Wright guestbook.pl Arbitrary Command Execution
The 'guestbook.pl' is installed. This CGI has a well known security flaw that lets anyone execute arbitrary commands with the privileges of the HTTP daemon (root or...
0.5AI Score
0.944EPSS
Quote of the Day (QOTD) Service Detection
A server listens for TCP connections on TCP port 17. Once a connection is established a short message is sent out the connection (and any data received is thrown away). The service closes the connection after sending the quote. Another quote of the day service is defined as a datagram based...
-0.8AI Score
0.875EPSS
Chargen UDP Service Remote DoS
When contacted, chargen responds with some random characters (something like all the characters in the alphabet in a row). When contacted via UDP, it will respond with a single UDP packet. When contacted via TCP, it will continue spewing characters until the client closes the connection. The...
-0.1AI Score
0.875EPSS
WWWBoard passwd.txt Authentication Credential Disclosure
The remote host is running WWWBoard, a bulletin board system written by Matt Wright. This board system comes with a password file (passwd.txt) installed next to the file 'wwwboard.html'. An attacker may obtain the contents of this file and decode the password to modify the remote www...
0.1AI Score
0.101EPSS
Tektronix PhaserLink Printer Web Server Direct Request Administrator Access
The file /ncl_items.html or /ncl_subjects.html exist on the remote system. It is very likely that this file will allow an attacker to reconfigure your Tektronix printer. An attacker can use this to prevent the users of your network from working properly by preventing themfrom printing their...
6.5AI Score
0.017EPSS
F5 BIG/ip bigconf.cgi file Parameter Arbitrary File Access
The 'bigconf' CGI is installed. This CGI has a well-known security flaw that allows an attacker to execute arbitrary commands with the privileges of the web...
0.3AI Score
0.008EPSS
Alibaba get32.exe Arbitrary Command Execution
The 'get32.exe' CGI script is installed on this machine. This CGI has a well known security flaw that allows an attacker to execute arbitrary commands on the remote system with the privileges of the HTTP daemon (typically root or...
1.1AI Score
0.003EPSS
Alibaba tst.bat Arbitrary Command Execution
The 'tst.bat' CGI script is installed on this machine. This CGI has a well known security flaw that would allow an attacker to read arbitrary files on the remote...
-0.1AI Score
0.003EPSS
AN-HTTPd Multiple Test CGIs Arbitrary Command Execution
The remote web server is an AN-HTTPD server which contains default CGI scripts. At least one of these CGIs is installed on the remote server : cgi-bin/test.bat cgi-bin/input.bat cgi-bin/input2.bat ssi/envout.bat It is possible to misuse them to make the remote server execute arbitrary...
0.9AI Score
0.022EPSS
-0.1AI Score
The rexecd service is running on the remote host. This service is design to allow users of a network to execute commands remotely. However, rexecd does not provide any good means of authentication, so it may be abused by an attacker to scan a third-party...
6.9AI Score
0.015EPSS
RPC bootparamd Service Information Disclosure (Deprecated)
The bootparamd RPC service is running. It is used by diskless clients to get the necessary information needed to boot properly. If an attacker uses the BOOTPARAMPROC_WHOAMI and provides the correct address of the client, then he will get its NIS domain back from the server. Once the attacker...
-0.1AI Score
Sendmail RCPT TO Command Arbitrary File Overwrite
The remote SMTP server did not complain when issued the command : MAIL FROM: root@this_host RCPT TO: /tmp/nessus_test This probably means that it is possible to send mail directly to files, which is a serious threat, since this allows anyone to overwrite any file on the remote server. ***...
0.2AI Score
The remote host is an NIS (Network Information Service) server. NIS is used to share usernames, passwords, and other sensitive information among the hosts claiming to be within a given NIS domain and passes this information over the network...
-0.3AI Score
Microsoft FrontPage Extensions authors.pwd Information Disclosure
The remote web server appears to be running with Microsoft FrontPage extensions. The file 'authors.pwd', which contains the encrypted passwords of FrontPage authors, can by accessed by anyone. A remote attacker could decrypt these passwords, or possibly overwrite this...
0.2AI Score
The Telnet service is running. This service is dangerous in the sense that it is not ciphered - that is, everyone can sniff the data that passes between the telnet client and the telnet server. This includes logins and...
7AI Score
Sendmail DEBUG/WIZ Remote Command Execution
Your MTA accepts the DEBUG or WIZ command. It may be an old version of Sendmail. This command is dangerous as it allows remote users to execute arbitrary commands as root without the need to log...
0.7AI Score
0.078EPSS
CDE RPC tooltalk Service Multiple Overflows
The tooltalk RPC service is running. A possible implementation fault in the ToolTalk object database server may allow an attacker to execute arbitrary commands as root. *** This warning may be a false positive since the presence of this *** vulnerability is only accurately identified with local...
0.3AI Score
0.044EPSS
Excite for Web Server architext_query.pl Shell Metacharacter Arbitrary Command Execution
Excite for Webservers is installed. This CGI has a well-known security flaw that lets a remote attacker execute arbitrary commands with the privileges of the web server. Versions newer than 1.1. are...
1.1AI Score
0.003EPSS
The alis RPC service is running. If you do not use this service, then you should disable it as it may become a security threat in the future, if a vulnerability is...
-0.1AI Score
The rquotad RPC service is running. If you do not use this service, then disable it as it may become a security threat in the future, if a vulnerability were to be...
AI Score
0.199EPSS
Glimpse HTTP aglimpse Arbitrary Command Execution
The remote web server is running GlipmseHTTP. The installed version suffers from a remote command execution vulnerability in the 'aglimpse' component. Note that we could not actually check for the presence of this vulnerability, and only checked for the existence of the 'aglimpse'...
0.8AI Score
0.013EPSS
RPC etherstatd Service Detection
The etherstatd RPC service is running. If you do not use this service, then you should disable it as it may become a security threat in the future, if a vulnerability is...
AI Score
The 3270 mapper RPC service is running. If you do not use this service, then you should disable it as it may become a security threat in the future, if a vulnerability is...
-0.1AI Score
The remote host is running the rstatd RPC service. This service provides information such as : the CPU usage the system uptime the network...
-0.5AI Score
0.199EPSS
RPC database Service Detection
The database RPC service is running. If you do not use this service, then you should disable it as it may become a security threat in the future, if a vulnerability is...
-0.2AI Score
NetBus 2.x is installed. NetBus is a remote administration tool that can be used for malicious purposes, such as sniffing what the user is typing, its passwords and so on. An attacker may have installed it to control hosts on your network. Furthermore, Netbus authentication may be...
AI Score
-0.2AI Score
-0.5AI Score
-0.2AI Score
-0.1AI Score
-0.2AI Score
-0.2AI Score
-0.1AI Score
-0.3AI Score
-0.4AI Score
-0.3AI Score