-0.2AI Score
-0.3AI Score
Web Server /cgi-bin Shell Access
The remote web server has one of these shells installed in /cgi-bin : ash, bash, csh, ksh, sh, tcsh, zsh Leaving executable shells in the cgi-bin directory of a web server may allow an attacker to execute arbitrary commands on the target machine with the privileges of the HTTP...
1.5AI Score
0.175EPSS
GateCrasher Backdoor Detection
The remote host has the backdoor GateCrasher installed. This backdoor allows anyone to partially take control of the affected system. An attacker may use it to steal information or crash the affected...
0.2AI Score
Microsoft IIS / Site Server showcode.asp source Parameter Traversal Arbitrary File Access
Internet Information Server (IIS) 4.0 ships with a set of sample files to help web developers learn about Active Server Pages (ASP). One of these sample files, 'showcode.asp' (installed in /msadc/Samples/SELECTOR/), is designed to view the source code of the sample applications via a web browser......
-0.4AI Score
0.905EPSS
The NetSphere backdoor is installed on the remote host. By connecting to it, a remote attacker can gain control of the affected...
0.5AI Score
IRIX wrap CGI Traversal Arbitrary Directory Listing
The 'wrap' CGI is installed. This CGI allows anyone to get a listing for any directory with mode +755. Note that not all implementations of 'wrap' are...
0.4AI Score
0.042EPSS
WebGais webgais CGI Arbitrary Command Execution
The 'webgais' CGI is installed. This CGI may let an attacker execute arbitrary commands with the privileges of the http daemon (usually root or...
1.5AI Score
0.06EPSS
Multiple Vendor jj CGI Arbitrary Command Execution
The 'jj' CGI is installed. This CGI has a well-known security flaw that lets a remote attacker execute arbitrary commands with the privileges of the web server. Please note that Nessus only checked for the existence of this CGI, and did not attempt to exploit...
0.6AI Score
0.004EPSS
Multiple Vendor phf CGI Arbitrary Command Execution
The 'phf' CGI is installed. This CGI has a well known security flaw that lets an attacker execute arbitrary commands with the privileges of the http daemon (usually root or...
0.9AI Score
0.296EPSS
Multiple Web Server finger CGI Information Disclosure
The 'finger' CGI is installed. This can be used by a remote attacker to enumerate accounts on the system. Such information is typically valuable in conducting additional, more focused...
-0.4AI Score
Netscape FastTrack get Command Forced Directory Listing
When the remote web server is issued a request with a lower-case 'get', it will return a directory listing even if a default page such as index.html is present. For example : get / HTTP/1.0 will return a listing of the root directory. This allows an attacker to gain valuable...
0.1AI Score
0.001EPSS
Web Server /cgi-bin Perl Interpreter Access
The 'Perl' CGI is installed and can be launched as a CGI. This is equivalent to giving a free shell to an attacker, with the http server privileges (usually root or...
0.6AI Score
0.175EPSS
OmniHTTPd visadmin.exe Malformed URL DoS
It is possible to fill the hard disk of a server running OmniHTTPd by issuing the request : http://omni.server/cgi-bin/visadmin.exe?user=guest This allows an attacker to crash your web server. This script checks for the presence of the faulty CGI, but does not execute...
-0.3AI Score
0.032EPSS
IRIX webdist.cgi Arbitrary Command Execution
The 'webdist.cgi' CGI is installed. This script has a well-known security flaw that lets anyone execute arbitrary commands with the privileges of the web server user...
0.9AI Score
0.046EPSS
NCSA Campas cgi-bin Arbitrary Command Execution
The remote web server appears to be NCSA httpd. This version of the web server comes with a sample CGI script, campas, that fails to properly sanitize user input. This could allow a remote attacker to execute arbitrary commands with the privileges of the web...
1.2AI Score
0.064EPSS
Multiple Vendor view_source CGI Traversal Arbitrary File Access
The 'view_source' CGI is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the http daemon (usually root or...
-0.2AI Score
0.039EPSS
O'Reilly WebSite uploader.exe Arbitrary File Upload
The remote web server contains a CGI script named 'uploader.exe' in '/cgi-win'. Versions of O'Reilly's Website product before 1.1g included a script with this name that allows an attacker to upload arbitrary CGI and then execute...
0.1AI Score
0.005EPSS
Sambar Server dumpenv.pl Information Disclosure
CGI script 'dumpenv.pl' is installed on the remote host. This CGI gives away too much information about the web server configuration, which will help an...
-0.1AI Score
0.002EPSS
IRIX pfdispaly Arbitrary File Access
The 'pfdispaly' CGI is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the http daemon (usually root or...
AI Score
0.005EPSS
Microsoft IIS advsearch.asp Direct Request Remote DoS
The remote instance of IIS includes the sample site 'ExAir'. By calling one of the included Active Server Pages, specifically '/iissamples/exair/search/advsearch.asp', an unauthenticated, remote attacker may be cause the web server to hang for up to 90 seconds (the default script timeout) if the...
0.4AI Score
0.901EPSS
Microsoft IIS search.asp Direct Request DoS
The remote instance of IIS includes the sample site 'ExAir'. By calling one of the included Active Server Pages, specifically '/iissamples/exair/search/search.asp', an unauthenticated, remote attacker may be cause the web server to hang for up to 90 seconds (the default script timeout) if the...
0.7AI Score
0.901EPSS
WebGais websendmail CGI Arbitrary Command Execution
The 'websendmail' program, part of Webgais, appears to be installed on the remote host. This CGI script has a well-known security flaw that lets an attacker execute arbitrary commands with the privileges of the http daemon (usually root or...
0.5AI Score
0.013EPSS
Miva htmlscript Traversal Arbitrary File Access
The 'htmlscript' cgi is installed. This CGI has a well known security flaw that lets anyone read arbitrary files with the privileges of the HTTP daemon (root or...
-0.2AI Score
0.006EPSS
The remote host is running a 'daytime' service. This service is designed to give the local time of the day of this host to whoever connects to this port. The date format issued by this service may sometimes help an attacker to guess the operating system type of this host, or to set up timed...
-0.6AI Score
IRIX handler CGI Arbitrary Command Execution
The 'handler' cgi is installed. This CGI has a well known security flaw that lets anyone execute arbitrary commands with the privileges of the http daemon (root or...
0.5AI Score
0.039EPSS
Multiple Vendor info2www CGI Arbitrary Command Execution
The 'info2www' CGI is installed. This CGI has a well known security flaw that lets an attacker execute arbitrary commands with the privileges of the http daemon (usually root or...
0.9AI Score
0.004EPSS
Microsoft IIS query.asp Direct Request Remote DoS
The remote instance of IIS includes the sample site 'ExAir'. By calling one of the included Active Server Pages, specifically '/iissamples/exair/search/query.asp', an unauthenticated, remote attacker may be cause the web server to hang for up to 90 seconds (the default script timeout) if the...
0.4AI Score
0.901EPSS
Detectoid for WU Client supporting the MUv3 MSI Handler
This detectoid checks for the presence of the minimum version of the Windows Update Client that supports the MUv3 MSI Handler...
3.1AI Score
1.5AI Score
.NET Framework 4.5.1 RTM - MSI
This detectoid will be used to detect for presence of 4.5.1 RTM product on Win 7/Vista/WS08/WS08...
1.7AI Score
7.2AI Score
ESUKeys_Year5&6_Server2K8_2K8R2_12122023
Pre-req to check the presence of year 5 and 6 ESU Keys on Server 2008 and...
7.2AI Score
7.2AI Score
1.9AI Score
2.5AI Score
1.5AI Score
Detectoid to check for presence of the Toshiba Bluetooth stack being installed
Designed by Bluetooth team for the purpose of "Bug #...
2.1AI Score
This detectoid will be used to detect for presence of the .NET Framework 4.5.2 product on WinServer 2K12, Win8.1, Win8.1 RT, and Server 2012 R2. AND Win8...
1.9AI Score
1.5AI Score
1.5AI Score
Symantec driver stack Overflow doublefault
Detect presence of Symantec driver causing stack...
3.4AI Score
This detectoid will be used to detect for presence of 4.x product on Win...
1.8AI Score
2.5AI Score
Detectoid for Windows Update Client supporting MSI Handler
This detectoid checks for the presence of the minimum version of the Windows Update Client that supports the MSI...
3.4AI Score
FESKeys_Year5&6_Server2K8_2K8R2_12122023
Pre-req to check the presence of year 5 and 6 FES Keys on Server 2008 and...
7.2AI Score
This detectoid will be used to detect for presence of 4.x RTM product on Win 7/Vista/WS08/WS08...
1.7AI Score