Appendix E • Nessus Plug-ins 469 Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) CGI abuses Webnews.exe vulner- ability CVE-2002-0290 4124 CGI abuses Post-Nuke SQL injection 7697 CGI abuses Infinity CGI Exploit Scanner 7910, 7911, 7913 CGI abuses Hidden WWW server name CGI abuses Tomcat 4.x JSP Source Exposure CGI abuses PHP-Nuke copying files security vulnerability (admin.php) CVE-2001-1032 3361 CGI abuses A1Stats Traversal CAN-2001-0561 2705 CGI abuses ColdFusion Debug Mode CGI abuses CWmail.exe vulnerability CAN-2002-0273 4093 CGI abuses PayPal Store Front code injection 8791 CGI abuses osCommerce Cross Site Scripting Bugs 7156, 7151, 7153, 7158, 7155 CGI abuses StellarDocs Path Disclosure 8385 CGI abuses vpopmail.php command execution 7063 CGI abuses Mantis Multiple Flaws CAN-2002-1110, CAN-2002-1111, CAN-2002-1112, CAN-2002-1113, CAN-2002-1114 5563, 5565, 5509, 5504, 5510, 5514, 5515 CGI abuses Xoops XSS 7356 CGI abuses DCP-Portal Cross Site Scripting Bugs 7144, 7141 Howlett_AppE.fm Page 469 Friday, June 25, 2004 1:50 PM 470 Appendix E • Nessus Plug-ins Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) CGI abuses cgiWebupdate.exe vulnerability CAN-2001-1150 3216 CGI abuses Basilix includes download CAN-2001-1044 2198 CGI abuses idq.dll directory traversal CAN-2000-0126 968 CGI abuses fpcount.exe overflow CAN-1999-1376 CGI abuses Codebrws.asp Source Disclosure Vulnerability CAN-1999-0739 CGI abuses Webcart misconfiguration CAN-1999-0610 2281 CGI abuses miniPortail Cookie Admin Access CAN-2003-0272 CGI abuses Justice guestbook 7233, 7234 CGI abuses Hosting Controller vulnerable ASP pages CAN-2002-0466 3808 CGI abuses FAQManager Arbitrary File Reading Vulnerability 3810 CGI abuses Kebi Academy Directory Traversal 7125 CGI abuses phptonuke directory traversal CGI abuses Buffer overflow in WebSitePro webfind.exe CVE-2000-0622 1487 CGI abuses mod_python handle abuse CVE-2002-0185 4656 CGI abuses webgais CVE-1999-0176 2058 CGI abuses GOsa code injection CGI abuses ShopPlus Arbitrary Command Execution CAN-2001-0992 CGI abuses Kietu code injection CGI abuses Pod.Board Forum_ Details.PHP Cross Site Scripting 7933 Howlett_AppE.fm Page 470 Friday, June 25, 2004 1:50 PM Appendix E • Nessus Plug-ins 471 Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) CGI abuses WebAdmin detection CGI abuses php < 4.3.3 8201 CGI abuses textcounter.pl CVE-1999-1479 2265 CGI abuses Carello detection CGI abuses popper_mod CVE-2002-0513, CAN-2002-0513 4412 CGI abuses WebActive world read- able log file CVE-2000-0642 1497 CGI abuses Count.cgi CVE-1999-0021 128 CGI abuses SunSolve CD CGI user input validation CAN-2002-0436 4269 CGI abuses JWalk server traversal 7160 CGI abuses ASP source using %2e trick CAN-1999-0253 1814 CGI abuses TrueGalerie admin access 7427 CGI abuses webcart.cgi 3453 CGI abuses IIS Remote Command Execution CVE-2001-0507, CVE-2001-0333 2708 CGI abuses viralator CAN-2001-0849 CGI abuses Lotus Domino admini- stration databases CAN-2000-0021, CAN-2002-0664 881 CGI abuses bb-hostsvc.sh CVE-2000-0638 1455 CGI abuses ScozBook flaws 7235, 7236 CGI abuses Nuked-Klan function execution 6916, 6917, 6697, 6699, 6700 CGI abuses mod_frontpage installed CAN-2002-0427 4251 CGI abuses IIS XSS via 404 error CVE-2002-0148, CAN-2002-0150 4483 CGI abuses SQL injection in phpBB 7979 Howlett_AppE.fm Page 471 Friday, June 25, 2004 1:50 PM 472 Appendix E • Nessus Plug-ins Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) CGI abuses Bugzilla XSS and insecure temporary filenames 7412 CGI abuses Handler CVE-1999-0148 380 CGI abuses nsiislog.dll DoS CAN-2003-0227, CAN-2003-0349 8035 CGI abuses Web Wiz Site News data- base disclosure CGI abuses pfdispaly CVE-1999-0270 CGI abuses Zope Image updating Method CVE-2000-0062 922 CGI abuses Post-Nuke Multiple XSS 7898, 7901 CGI abuses dcforum CVE-2001-0436 2728 CGI abuses Home Free search.cgi directory traversal CAN-2000-0054 921 CGI abuses ctss.idc check CGI abuses CVSWeb detection CGI abuses Cross-Referencing Linux (lxr) file reading 7062 CGI abuses Oracle 9iAS Jsp Source File Reading CAN-2002-0562 4034 CGI abuses Basilix webmail dummy request vulnerability CAN-2001-1045 2995 CGI abuses mailnews.cgi CAN-2001-0271 2391 CGI abuses Zope installation path disclose 5806 CGI abuses Windmail.exe allows any user to execute arbitrary commands CAN-2000-0242 1073 CGI abuses tst.bat CGI vulnerability CAN-1999-0885 770 Howlett_AppE.fm Page 472 Friday, June 25, 2004 1:50 PM Appendix E • Nessus Plug-ins 473 Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) CGI abuses MacOS X Finder reveals contents of Apache Web directories 3316 CGI abuses Directory Manager’s edit_image.php CVE-2001-1020 3288 CGI abuses mod_ssl wildcard DNS cross site scripting vulnerability CAN-2002-1157 6029 CGI abuses calendar_admin.pl CVE-2000-0432 1215 CGI abuses ezPublish config disclosure 7349, 7347 CGI abuses ImageFolio Default Password CGI abuses Netscape FastTrack ‘get’ CVE-1999-0239 481 CGI abuses StockMan Shopping Cart Path disclosure CGI abuses Power Up Information Disclosure CAN-2001-1138 3304 CGI abuses texi.exe path disclosure CAN-2002-0266 4035 CGI abuses Cold Fusion Administra- tion Page Overflow CVE-2000-0538 1314 CGI abuses spin_client.cgi buffer overrun CGI abuses wwwwais CAN-2001-0223 CGI abuses ServletExec 4.1 ISAPI Physical Path Disclosure CVE-2002-0892 4793 CGI abuses Wordit Logbook 7043 CGI abuses csSearch.cgi CVE-2002-0495 4368 CGI abuses iXmail SQL injection 8047 CGI abuses netscape publishingXpert 2 PSUser problem CVE-2000-1196 Howlett_AppE.fm Page 473 Friday, June 25, 2004 1:50 PM 474 Appendix E • Nessus Plug-ins Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) CGI abuses ClearTrust XSS 7108 CGI abuses zentrack files reading CGI abuses pmachine cross site scripting 7980, 7981 CGI abuses zentrack code injection CGI abuses JBoss source disclosure 7764 CGI abuses Ecartis Username Spoofing CAN-2003-0162 6971 CGI abuses SunONE Application Server source disclosure CGI abuses Various dangerous cgi scripts CAN-1999-1072, CAN-2002-0749, CAN-2001-0135, CAN-2002-0955, CAN-2001-0562, CAN-2002-0346, CVE-2000-0923, CVE-2001-0123 CGI abuses Unprotected SiteScope Service CGI abuses RDS / MDAC Vulnerabil- ity (msadcs.dll) located CVE-1999-1011 529 CGI abuses iPlanet Directory Server traversal CVE-2000-1075 1839 CGI abuses vpasswd.cgi CGI abuses Zope DoS CVE-2000-0483 1354 CGI abuses Check for dangerous IIS default files CAN-1999-0737 CGI abuses Apache Tomcat Trouble- Shooter Servlet Installed 4575 CGI abuses hsx directory traversal CAN-2001-0253 2314 Howlett_AppE.fm Page 474 Friday, June 25, 2004 1:50 PM Appendix E • Nessus Plug-ins 475 Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) CGI abuses ASP/ASA source using Microsoft Translate f: bug CVE-2000-0778 1578 CGI abuses myphpPageTool code injection CGI abuses IIS Global.asa Retrieval CGI abuses Unpassworded iiprotect administrative interface CGI abuses JRun’s viewsource.jsp CVE-2000-0539 1386 CGI abuses ActiveState Perl directory traversal CGI abuses AutomatedShops WebC.cgi installed CGI abuses Mambo Site Server Cookie Validation 6926 CGI abuses ActivePerl perlIS.dll Buffer Overflow CVE-2001-0815 3526 CGI abuses ASP.NET path disclosure CGI abuses Bandmin XSS CAN-2003-0416 7729 CGI abuses IIS possible DoS using ExAir’s advsearch CVE-1999-0449 193 CGI abuses Roxen Server /%00/ bug CVE-2000-0671 1510 CGI abuses Alchemy Eye HTTP Command Execution CAN-2001-0871 3599 CGI abuses myguestbk admin access 7213 CGI abuses Checks for listrec.pl CAN-2001-0997 CGI abuses phpinfo.php CGI abuses TMax Soft Jeus Cross Site Scripting 7969 CGI abuses ROADS’ search.pl CVE-2001-0215 2371 Howlett_AppE.fm Page 475 Friday, June 25, 2004 1:50 PM 476 Appendix E • Nessus Plug-ins Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) CGI abuses ServletExec 4.1 ISAPI File Reading CAN-2002-0893 4795 CGI abuses GeekLog SQL vulns CAN-2002-0962, CVE-2002-0096, CVE-2002-0097 7742, 7744, 6601, 6602, 6603, 6604 CGI abuses Campas CVE-1999-0146 1975 CGI abuses CSNews.cgi vulnerability CVE-2002-0923 4994 CGI abuses zml.cgi Directory Traversal CAN-2001-1209 3759 CGI abuses VirusWall’s catinfo overflow CAN-2001-0432 2579 CGI abuses Macromedia ColdFusion MX Path Disclosure Vulnerability 7443 CGI abuses Invision PowerBoard code injection 6976, 7204 CGI abuses processit CGI abuses ideabox code injection 7488 CGI abuses biztalk server flaws CAN-2003-0117, CAN-2003-0118 7469, 7470 CGI abuses overflow.cgi detection CGI abuses HappyMall Command Execution CAN-2003-0243 CGI abuses Bugzilla Detection CGI abuses phpMyAdmin arbitrary files reading CAN-2001-0478 2642 CGI abuses BLnews code injection 7677 CGI abuses CGIEmail’s CGICso (Send CSO via CGI) Command Execution Vulnerability 6141 Howlett_AppE.fm Page 476 Friday, June 25, 2004 1:50 PM Appendix E • Nessus Plug-ins 477 Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) CGI abuses Savant cgitest.exe buffer overflow CGI abuses OmniHTTPd visadmin exploit CAN-1999-0970 1808 CGI abuses ArGoSoft Mail Server multiple flaws 7608, 7610, 5906, 5395, 5144 CGI abuses Faxsurvey CVE-1999-0262 2056 CGI abuses AN HTTPd count.pl file truncation 7397 CGI abuses BadBlue invalid null byte vulnerability CAN-2002-1021 5226 CGI abuses WebLogic clear-text passwords CGI abuses get32.exe vulnerability CAN-1999-0885 770 CGI abuses IIS ASP.NET Application Trace Enabled CGI abuses Tests for Nimda Worm infected HTML files CGI abuses php4 multiple flaws CAN-2003-0442 8693, 8696 CGI abuses XMB Cross Site Scripting CAN-2002-0316, CAN-2003-0375 4944, 8013 CGI abuses w3-msql overflow CVE-2000-0012 898 CGI abuses Horde and IMP test disclosure CGI abuses EZsite Forum Discloses Passwords to Remote Users CGI abuses directory.php CAN-2002-0434 4278 CGI abuses ping.asp CGI abuses Oracle 9iAS mod_plsql cross site scripting Howlett_AppE.fm Page 477 Friday, June 25, 2004 1:50 PM 478 Appendix E • Nessus Plug-ins Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) CGI abuses readfile.tcl CGI abuses Awol code injection CVE-2001-1048 3387 CGI abuses Web mirroring CGI abuses Mambo Site Server 4.0.10 XSS 7135 CGI abuses phpWebSite multiple flaws CGI abuses OmniPro HTTPd 2.08 scripts source full dis- closure 2788 CGI abuses CGIEmail’s Cross Site Scripting Vulnerability (cgicso) CGI abuses IIS perl.exe problem CAN-1999-0450 194 CGI abuses Instaboard SQL injection 7338 CGI abuses vBulletin’s Calender Command Execution Vulnerability CVE-2001-0475 2474 CGI abuses smb2www installed CGI abuses PHP Rocket Add-in File Traversal CAN-2001-1204 3751 CGI abuses sendtemp.pl CAN-2001-0272 2504 CGI abuses IIS 5.0 Sample App reveals physical path of web root CGI abuses SWC Overflow CGI abuses SilverStream database structure CGI abuses Jakarta Tomcat Path Disclosure CAN-2000-0759 1531 CGI abuses ASP source using %20 trick CAN-2001-1248 2975 Howlett_AppE.fm Page 478 Friday, June 25, 2004 1:50 PM . CAN-2002-1114 5563, 5565, 5509 , 5504 , 5510, 5514, 5515 CGI abuses Xoops XSS 7356 CGI abuses DCP-Portal Cross Site Scripting Bugs 7144, 7141 Howlett_AppE.fm Page 469 Friday, June 25, 2004 1:5 0 PM 470 Appendix. Passwords to Remote Users CGI abuses directory.php CAN-2002-0434 4278 CGI abuses ping.asp CGI abuses Oracle 9iAS mod_plsql cross site scripting Howlett_AppE.fm Page 477 Friday, June 25, 2004 1:5 0. Arbitrary File Reading Vulnerability 3810 CGI abuses Kebi Academy Directory Traversal 7125 CGI abuses phptonuke directory traversal CGI abuses Buffer overflow in WebSitePro webfind.exe CVE-2000-0622