Appendix E • Nessus Plug-ins 459 Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) CGI abuses /cgi-bin directory browsable ? CGI abuses CVSWeb 1.80 gives a shell to cvs committers CVE-2000-0670 1469 CGI abuses Netauth CVE-2000-0782 1587 CGI abuses DB4Web TCP relay CGI abuses ad.cgi CAN-2001-0025 2103 CGI abuses Sambar /sysadmin directory 2 2255 CGI abuses perlcal CVE-2001-0463 2663 CGI abuses WihPhoto file reading CGI abuses readmsg.php detection CAN-2001-1408 CGI abuses CuteNews code injection CGI abuses php log CVE-2000-0967 1786 CGI abuses Zope ZClass permission mapping bug CVE-2001-0567 CGI abuses Netscape Server ?wp bug CVE-2000-0236 1063 CGI abuses imagemap.exe CVE-1999-0951 739 CGI abuses Synchrologic User account information disclosure CGI abuses phorum’s common.cgi 1985 CGI abuses NetCommerce SQL injection CVE-2001-0319 2350 CGI abuses Snitz Forums 2000 Pass- word Reset and XSS 7381, 7922, 7925 CGI abuses Allaire JRun directory browsing vulnerability 3592 CGI abuses MS Site Server Infor- mation Leak 3998 Howlett_AppE.fm Page 459 Friday, June 25, 2004 1:50 PM 460 Appendix E • Nessus Plug-ins Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) CGI abuses KF Web Server /%00 bug CGI abuses BEA WebLogic Scripts Server scripts Source Disclosure (3) CVE-2000-0683 1517 CGI abuses Pages Pro CD directory traversal CGI abuses paFileDB SQL injection 7183 CGI abuses Post-Nuke information disclosure (2) CGI abuses htdig CVE-1999-0978, CVE-2000-0208 1026 CGI abuses ustorekeeper CAN-2001-0466 2536 CGI abuses ttforum multiple flaws 7543, 7542 CGI abuses Resin traversal CAN-2001-0304 2384 CGI abuses WebCalendar file reading 8237 CGI abuses RDS / MDAC Vulnerabil- ity Content-Type overflow CAN-2002-1142 CGI abuses Zope DocumentTemplate package problem CVE-2000-0483 1354 CGI abuses openwebmail command execution CAN-2002-1385 6425, 6232 CGI abuses counter.exe vulnerability CAN-1999-1030 267 CGI abuses PGPMail.pl detection CAN-2001-0937 CGI abuses Psunami.CGI Command Execution 6607 CGI abuses AnalogX web server traversal CVE-2000-0664 1508 CGI abuses paFileDB command execution 8271 CGI abuses ProductCart SQL Injection 8103, 8105, 8108, 8112 Howlett_AppE.fm Page 460 Friday, June 25, 2004 1:50 PM Appendix E • Nessus Plug-ins 461 Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) CGI abuses SquirrelMail’s Cross Site Scripting CAN-2002-1276, CAN-2002-1341 7019, 6302 CGI abuses technote’s main.cgi CAN-2001-0075 2156 CGI abuses Webfroot shoutbox file inclusion CGI abuses AnalogX web server traversal CVE-2000-0664 1508 CGI abuses Oracle 9iAS web admin CAN-2002-0561 4292 CGI abuses BEA WebLogic Scripts Server scripts Source Disclosure (2) 2527 CGI abuses IIS .HTR ISAPI filter applied CVE-2002-0071 4474 CGI abuses PIX Firewall Manager Directory Traversal CVE-1999-0158 691 CGI abuses MailMaxWeb Path Disclosure CGI abuses Bypass Axis Storpoint CD authentication CVE-2000-0191 1025 CGI abuses DB4Web directory traversal CGI abuses ion-p.exe vulnerability CAN-2002-1559 6091 CGI abuses YaBB SE command execution CAN-2000-1176 7399, 6674, 6663, 6591, 1921 CGI abuses P-Synch multiple issues 7740, 7745, 7747 CGI abuses htgrep CAN-2000-0832 CGI abuses Directory listing through WebDAV CVE-2000-0869 1656 CGI abuses JRun directory traversal 3666 CGI abuses IIS phonebook CVE-2000-1089 2048 Howlett_AppE.fm Page 461 Friday, June 25, 2004 1:50 PM 462 Appendix E • Nessus Plug-ins Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) CGI abuses b2 cafelog code injection CVE-2002-0734 4673, 7738, 7782, 7783, 7786 CGI abuses pagelog.cgi CAN-2000-0940 1864 CGI abuses webdist.cgi CVE-1999-0039 374 CGI abuses SilverStream directory listing CGI abuses Oracle 9iAS default error information disclosure CVE-2001-1372 3341 CGI abuses PHP4 Physical Path Disclosure Vulnerability CAN-2002-0249 4056 CGI abuses Upload cgi CGI abuses wwwboard passwd.txt CVE-1999-0953 649 CGI abuses Philboard philboard_ admin.ASP Authenti- cation Bypass 7739 CGI abuses mmstdod.cgi CVE-2001-0021 2063 CGI abuses php IMAP overflow 6557 CGI abuses Achievo code injection 5552 CGI abuses Oracle XSQL Stylesheet Vulnerability CVE-2001-0126 2295 CGI abuses /iisadmpwd/aexp2.htr CVE-1999-0407, CAN-2002-0421 2110 CGI abuses CVS/Entries CGI abuses Oracle 9iAS SOAP con- figuration file retrieval CAN-2002-0568 4290 CGI abuses AlienForm CGI script CAN-2002-0934 4983 CGI abuses Advanced Poll info.php 7171 CGI abuses MediaHouse Statistic Server Buffer Overflow CVE-1999-0931 734 Howlett_AppE.fm Page 462 Friday, June 25, 2004 1:50 PM Appendix E • Nessus Plug-ins 463 Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) CGI abuses DCP-Portal Path Disclosure CAN-2002-0282 4113 CGI abuses IIS possible DoS using ExAir’s query CVE-1999-0449 193 CGI abuses SIX Webboard’s generate.cgi CAN-2001-1115 3175 CGI abuses IMail account hijack CGI abuses Bugzilla Multiple Flaws CAN-2003-0012, CAN-2003-0013, CAN-2002-1198, CAN-2002-1197, CAN-2002-1196 6501, 6502, 6257, 5844, 5842, 4964 CGI abuses Tomcat’s snoop servlet gives too much information CAN-2000-0760 1532 CGI abuses MiniVend Piped command CVE-2000-0635 1449 CGI abuses phpMyExplorer dir traversal CAN-2001-1168 3266 CGI abuses formmail.pl CVE-1999-0172 2079 CGI abuses Zope Invalid Query Path Disclosure 7999, 8000, 8001 CGI abuses phpPgAdmin arbitrary files reading CAN-2001-0479 2640 CGI abuses php safemode CVE-2001-1246 2954 CGI abuses Oracle 9iAS mod_plsql directory traversal CAN-2001-1217 3727 CGI abuses webwho plus CVE-2000-0010 892 CGI abuses PlusMail vulnerability CAN-2000-0074 2653 CGI abuses p-news Admin Access CGI abuses Dumpenv CAN-1999-1178 Howlett_AppE.fm Page 463 Friday, June 25, 2004 1:50 PM 464 Appendix E • Nessus Plug-ins Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) CGI abuses Alexandria-dev upload spoofing 7223, 7224, 7225 CGI abuses way-board CAN-2001-0214 2370 CGI abuses Web server traversal CGI abuses Oracle 9iAS SOAP Default Configuration Vulnerability CVE-2001-1371 4289 CGI abuses Vignette StoryServer TCL code injection 7683, 7685, 7690, 7691, 7692 CGI abuses Stronghold Swish 4785 CGI abuses IIS 5 .printer ISAPI filter applied CVE-2001-0241 CGI abuses Post-Nuke Rating System Denial Of Service 7702 CGI abuses Allaire JRun Directory Listing CVE-2000-1050 1830 CGI abuses IMP_MIME_Viewer_htm l class XSS vulnerabilities CGI abuses MRTG mrtg.cgi File Disclosure CAN-2002-0232 4017 CGI abuses phf CVE-1999-0067 629 CGI abuses WebStores 2000 browse_item_details.asp SQL injection 7766 CGI abuses Lotus Notes ?OpenServer Information Disclosure CGI abuses php-proxima file reading CGI abuses AN-HTTPd tests CGIs CVE-1999-0947 762 CGI abuses ezPublish Directory Cross Site Scripting 7616 CGI abuses Authentication bypassing in Lotus Domino 4022 Howlett_AppE.fm Page 464 Friday, June 25, 2004 1:50 PM Appendix E • Nessus Plug-ins 465 Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) CGI abuses counter.php file overwrite CGI abuses cgiforum CVE-2000-1171 1963 CGI abuses Unify eWave ServletExec 3.0C file upload CVE-2000-1024 1876 CGI abuses Super-M Son hServer Directory Traversal 7717 CGI abuses Savant original form CGI access CVE-2000-0521 1313 CGI abuses NetTools command execution CVE-2001-0899 CGI abuses BadBlue Directory Traversal Vulnerability 3913 CGI abuses Domino traversal CVE-2001-0009 2173 CGI abuses info2www CVE-1999-0266 1995 CGI abuses Cafe Wordpress SQL injection CGI abuses Post-Nuke information disclosure CGI abuses WebChat XSS 7190 CGI abuses mod_gzip running CGI abuses IIS 5.0 Sample App vulnerable to cross-site scripting attack CGI abuses No 404 check CGI abuses Web-ERP Configuration File Remote Access 6996 CGI abuses php 4.3.0 CAN-2003-0097 CGI abuses axis2400 webcams 6987, 6980 CGI abuses guestbook.pl CAN-1999-1053 776 Howlett_AppE.fm Page 465 Friday, June 25, 2004 1:50 PM 466 Appendix E • Nessus Plug-ins Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) CGI abuses N/X Web Content Man- agement code injection 6500 CGI abuses /perl directory browsable ? CVE-2000-0883 1678 CGI abuses Basit cms Cross Site Scripting Bugs 7139 CGI abuses Sambar webserver page- count hole CVE-2001-1010 3091 CGI abuses Novell Groupwise WebAcc Information Disclosure 3436 CGI abuses phpping code execution CGI abuses icat CAN-1999-1069 2126 CGI abuses Nuked-klan Cross Site Scripting Bugs 6916, 6917 CGI abuses SimpleChat information disclosure 7168 CGI abuses Forum51/Board51/ News51 Users Disclosure 8126, 8127, 8128 CGI abuses OneOrZero SQL injection 7609, 7611 CGI abuses Sambar CGIs path disclosure CGI abuses Master Index directory traversal vulnerability CVE-2000-0924 1772 CGI abuses Spyke Flaws CGI abuses php.cgi CAN-1999-0238 2250 CGI abuses Apache::ASP source.asp CVE-2000-0628 1457 CGI abuses Apache Remote Command Execution via .bat files CVE-2002-0061 4335 CGI abuses IIS Service Pack - 404 Howlett_AppE.fm Page 466 Friday, June 25, 2004 1:50 PM Appendix E • Nessus Plug-ins 467 Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) CGI abuses anacondaclip CGI vulnerability CVE-2001-0593 2512 CGI abuses iXmail arbitrary file upload 8046, 8048 CGI abuses sdbsearch.cgi CVE-2001-1130 CGI abuses iiprotect sql injection 7675 CGI abuses Oracle XSQL Sample Application Vulnerability CGI abuses mod_gzip format string attack CGI abuses WordPress code/sql injection 7785 CGI abuses IMP Session Hijacking Bug CVE-2001-0857 3525 CGI abuses GroupWise Web Interface ‘HELP’ hole CVE-1999-1005, CVE-1999-1006 879 CGI abuses ColdFusion Vulnerability CAN-1999-0455, CAN-1999-0477 115 CGI abuses mod_gzip format string attack CGI abuses msmmask.exe CGI abuses ttawebtop CVE-2001-0805 2890 CGI abuses Tomcat’s /admin is world readable CVE-2000-0672 1548 CGI abuses Htmlscript CVE-1999-0264 2001 CGI abuses VChat information disclosure 7186, 7188 CGI abuses CgiMail.exe vulnerability CVE-2000-0726 1623 CGI abuses GTcatalog code injection 6998 CGI abuses Roxen counter module Howlett_AppE.fm Page 467 Friday, June 25, 2004 1:50 PM 468 Appendix E • Nessus Plug-ins Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) CGI abuses IIS possible DoS using ExAir’s search CVE-1999-0449 193 CGI abuses RedHat 6.0 cachemgr.cgi CVE-1999-0710 2059 CGI abuses IIS IDA/IDQ Path Disclosure CAN-2000-0071 1065 CGI abuses HSWeb document path CAN-2001-0200 2336 CGI abuses PCCS-Mysql User/ Password Exposure CVE-2000-0707 1557 CGI abuses Apache Tomcat DOS Device Name XSS 5194 CGI abuses commerce.cgi CAN-2001-0210 2361 CGI abuses WEB-INF folder accessible 5119 CGI abuses Oracle 9iAS OWA UTIL access CAN-2002-0560 4294 CGI abuses Oracle XSQLServlet XSQLConfig.xml File CAN-2002-0568 4290 CGI abuses cc_guestbook.pl XSS 7237 CGI abuses Apache Directory Listing CVE-2001-0731 3009 CGI abuses websendmail CVE-1999-0196 2077 CGI abuses ShowCode possible CAN-1999-0736 167 CGI abuses smb2www remote command execution CAN-2002-1342 6313 CGI abuses Oracle 9iAS Dynamic Monitoring Services CAN-2002-0563 4293 CGI abuses php 4.2.x malformed POST CAN-2002-0986 5278 CGI abuses Apache Tomcat DOS Device Name XSS 5194 CGI abuses nph-test-cgi CVE-1999-0045 686 Howlett_AppE.fm Page 468 Friday, June 25, 2004 1:50 PM . CAN-2002-1196 6501, 6502, 6257, 5844, 5842, 496 4 CGI abuses Tomcat’s snoop servlet gives too much information CAN-2000-0760 1532 CGI abuses MiniVend Piped command CVE-2000-0635 1 449 CGI abuses phpMyExplorer. Son hServer Directory Traversal 7717 CGI abuses Savant original form CGI access CVE-2000-0521 1313 CGI abuses NetTools command execution CVE-2001-0899 CGI abuses BadBlue Directory Traversal. disclosure CGI abuses Master Index directory traversal vulnerability CVE-2000-0924 1772 CGI abuses Spyke Flaws CGI abuses php.cgi CAN-1999-0238 2250 CGI abuses Apache::ASP source. asp CVE-2000-0628 1457 CGI