1. Trang chủ
  2. » Công Nghệ Thông Tin

Open Source Security Tools : Practical Guide to Security Applications part 51 potx

10 312 0

Đang tải... (xem toàn văn)

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 10
Dung lượng 106,18 KB

Nội dung

Appendix E • Nessus Plug-ins 479 Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) CGI abuses perl interpreter can be launched as a CGI CAN-1999-0509 CGI abuses lednews XSS 7920 CGI abuses Siteframe Cross Site Scripting Bugs 7140, 7143 CGI abuses newdsn.exe check CVE-1999-0191 1818 CGI abuses ASP source using ::$DATA trick CVE-1999-0278 149 CGI abuses htimage.exe overflow CAN-2000-0256 1117 CGI abuses IIS : Directory listing through WebDAV CVE-2000-0951 1756 CGI abuses Microsoft Frontpage dvwssr.dll backdoor CVE-2000-0260 1109 CGI abuses Unknown CGIs arguments torture CGI abuses mailreader.com directory traversal and arbitrary command execution 6055, 6058, 5393 CGI abuses SQLQHit Directory Structure Disclosure CAN-2001-0986 3339 CGI abuses ColdFusion Path Disclosure CVE-2002-0576 4542 CGI abuses Zeus Admin Interface XSS 7751 CGI abuses wrap CVE-1999-0149 373 CGI abuses ezPublish Cross Site Scripting Bugs CAN-2003-0310 7137, 7138 CGI abuses Vignette StoryServer Information Disclosure CAN-2002-0385 CGI abuses Shells in /cgi-bin CAN-1999-0509 Howlett_AppE.fm Page 479 Friday, June 25, 2004 1:50 PM 480 Appendix E • Nessus Plug-ins Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) CGI abuses E-Shopping Cart Arbitrary Command Execution (WebDiscount) CAN-2001-1014 3340 CGI abuses ndcgi.exe vulnerability CAN-2001-0922 CGI abuses PHP Mail Function Header Spoofing Vulnerability CAN-2002-0985 5562 CGI abuses Rich Media E-Commerce Stores Sensitive Informa- tion Insecurely 4172 CGI abuses Passwordless frontpage installation CGI abuses myServer 0.4.3 Directory Traversal Vulnerability CGI abuses SquirrelMail’s Multiple Flaws 7952 CGI abuses PT News Unauthorized Administrative Access 7394 CGI abuses BroadVision Physical Path Disclosure Vulnerability CAN-2001-0031 2088 CGI abuses FastCGI Echo.exe Cross Site Scripting CGI abuses VsSetCookie.exe vulnerability CAN-2002-0236 3784 CGI abuses /doc/packages directory browsable ? CVE-2000-1016 1707 CGI abuses OfficeScan configuration file disclosure 3438 CGI abuses guestbook.cgi CVE-1999-0237 776 CGI abuses php.cgi buffer overrun CVE-1999-0058 712 CGI abuses /doc directory browsable ? CVE-1999-0678 318 Howlett_AppE.fm Page 480 Friday, June 25, 2004 1:50 PM Appendix E • Nessus Plug-ins 481 Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) CGI abuses PHPAdsNew code injection CVE-2001-1054 3392 CGI abuses myphpnuke code injection CGI abuses Backup CGIs download CGI abuses Lotus Domino XSS CVE-2001-1161 2962 CGI abuses wpoison (nasl version) CGI abuses Microsoft’s Index server reveals ASP source code CVE-2000-0302, CVE-2000-0097 1084 CGI abuses IIS XSS via error 5900 CGI abuses E-Theni code injection 6970 CGI abuses AdMentor Login Flaw CAN-2002-0308 4152 CGI abuses DBMan CGI server infor- mation leakage CVE-2000-0381 1178 CGI abuses Anti Nessus defenses CGI abuses news desk CAN-2001-0231 2172 CGI abuses bb-hist.sh CAN-1999-1462 142 CGI abuses BEA WebLogic Scripts Server scripts Source Disclosure 2527 CGI abuses Sambar /cgi-bin/mailit.pl installed ? CGI abuses webchat code injection 7000 CGI abuses StockMan Shopping Cart Command Execution 7485 CGI abuses PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability 3786 CGI abuses /iisadmin is world readable CAN-1999-1538 189 Howlett_AppE.fm Page 481 Friday, June 25, 2004 1:50 PM 482 Appendix E • Nessus Plug-ins Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) CGI abuses Snitz Forums Cmd execution CGI abuses Oracle 9iAS Java Process Manager CAN-2002-0563 4293 CGI abuses WebSpeed remote configuration CVE-2000-0127 969 CGI abuses mod_survey ENV tags SQL injection 7192 CGI abuses XMB SQL Injection 7406 CGI abuses pmachine code injection 7919 CGI abuses Snapstream PVS web directory traversal CVE-2001-1108 3100 CGI abuses MS Personal Web- Server … CVE-1999-0386 CGI abuses Domino HTTP server exposes the set up of the filesystem CAN-2000-0021 881 CGI abuses http TRACE XSS attack CGI abuses Lotus Domino Banner Information Disclosure Vulnerability CAN-2002-0245 4049 CGI abuses Resin DOS device path disclosure 5252 CGI abuses Sambar default CGI info disclosure 7207, 7208 CGI abuses PHPay Information Disclosure 7313, 7310, 7309 CGI abuses Microsoft IIS UNC Mapped Virtual Host Vulnerability CVE-2000-0246 1081 CGI abuses ncbook/book.cgi CAN-2001-1114 3178 Howlett_AppE.fm Page 482 Friday, June 25, 2004 1:50 PM Appendix E • Nessus Plug-ins 483 Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) CGI abuses WF-Chat User Account Disclosure 7147 CGI abuses ODBC tools check CGI abuses Zeus shows the content of the cgi scripts CVE-2000-0149 977 CGI abuses Excite for WebServers CVE-1999-0279 2248 CGI abuses iPlanet Search Engine File Viewing CAN-2002-1042 5191 CGI abuses Finger cgi CGI abuses Microsoft Frontpage exploits CAN-2000-0114 CISCO CSCdi36962 CISCO CSCdy03429 CVE-2002-0813 5328 CISCO CSCdy38035 CISCO ATA-186 password circumvention / recovery CAN-2002-0769 4711 CISCO CSCdz39284, CSCdz41124 6904 CISCO CSCdw67458 CAN-2002-0012, CAN-2002-0013 4088 CISCO CSCds66191 CVE-2001-0041 2072 CISCO CSCdw19195 CISCO CSCdx17916, CSCdx61997 CISCO CSCdi34061 CVE-1999-0162 CISCO CSCdv48261 CISCO CSCea42030 CAN-2003-0216 CISCO Cisco IOS HTTP Configu- ration Arbitrary Adminis- trative Access CVE-2001-0537 2936 Howlett_AppE.fm Page 483 Friday, June 25, 2004 1:50 PM 484 Appendix E • Nessus Plug-ins Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) CISCO CSCdu81936 CVE-2001-0895 3547 CISCO CSCdu82823 CISCO CSCdx54675 CISCO CSCdt46181 CVE-2001-1183 3022 CISCO GSR ICMP unreachable CVE-2001-0861, CVE-2001-0862, CVE-2001-0863, CVE-2001-0864, CVE-2001-0865, CVE-2001-0866, CVE-2001-0867 3534, 3535, 3536, 3537, 3538, 3539, 3540 CISCO CSCds07326 CVE-2001-0750 2804 CISCO CSCdt62732 CVE-2001-0429 2604 CISCO Multiple SSH vulnerabilities CAN-2001-0572 CISCO CSCdx92043 CAN-2002-1222 6823 CISCO CSCdt93866 CVE-2001-0414 2540 CISCO CSCdx39981 CISCO CSCdv66718 CAN-2002-1092 CISCO CSCdu15622 CAN-2002-1093 CISCO Cisco Aironet Telnet DoS CVE-2002-0545 4461 CISCO CSCdw50657 CISCO CSCdt56514 CISCO cisco 675 http DoS CISCO CISCO IOS Interface blocked by IPv4 Packet CAN-2003-0567 8211 CISCO CSCdea77143, CSCdz15393, CSCdt84906 Howlett_AppE.fm Page 484 Friday, June 25, 2004 1:50 PM Appendix E • Nessus Plug-ins 485 Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) CISCO GSR ACL pub CVE-2000-0700 1541 CISCO Cisco password not set CAN-1999-0508 CISCO CSCdu35577 CISCO CSCdp35794 CVE-2000-0700 1541 CISCO CISCO Secure ACS Management Interface Login Overflow CAN-2003-0210 7413 CISCO CSCdx07754, CSCdx24622, CSCdx24632 CISCO Cisco Catalyst Web Execution CVE-2000-0945 1846 CISCO CSCdu20643 CVE-2002-0339 4191 CISCO CSCdw33027 CVE-2002-1024 5114 CISCO CSCdy26428 CAN-2002-1222 5976 CISCO CSCds04747 CAN-2001-0328 2682 CISCO CSCdt65960 CVE-2001-0757 2874 CISCO CSCdv88230, CSCdw22408 CISCO CSCdv85279, CSCdw59394 CVE-2002-1024 5114 CISCO CSCdz60229, CSCdy87221, CSCdu75477 CAN-2002-1357, CAN-2002-1358, CAN-2002-1359, CAN-2002-1360 6397 CISCO CSCdp58462 6895 Default Unix Accounts Unpassworded backdoor account CVE-1999-0502 Default Unix Accounts Default password (ibmdb2) for db2as CAN-2001-0051 Howlett_AppE.fm Page 485 Friday, June 25, 2004 1:50 PM 486 Appendix E • Nessus Plug-ins Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) Default Unix Accounts Unpassworded hax0r account CVE-1999-0502 Default Unix Accounts Unpassworded jill account CVE-1999-0502 Default Unix Accounts Unpassworded root account CVE-1999-0502 Default Unix Accounts Unpassworded toor account CVE-1999-0502 Default Unix Accounts Unpassworded OutOfBox account CVE-1999-0502 Default Unix Accounts Default password (ibmdb2) for db2fenc1 CAN-2001-0051 Default Unix Accounts Unpassworded date account CVE-1999-0502 Default Unix Accounts Unpassworded sync account CVE-1999-0502 Default Unix Accounts Unpassworded 4Dgifts account CVE-1999-0502 Default Unix Accounts Unpassworded lp account CVE-1999-0502 Default Unix Accounts Unpassworded friday account CVE-1999-0502 Default Unix Accounts Default password (lrkr0x) for gamez CVE-1999-0502 Default Unix Accounts Default password (db2as) for db2as CAN-2001-0051 Default Unix Accounts Default password (wh00t!) for root CVE-1999-0502 Default Unix Accounts Unpassworded EZsetup account CVE-1999-0502 Default Unix Accounts Default password (manager) for system CVE-1999-0502 Default Unix Accounts Default password (D13HH[) for root CVE-1999-0502 Howlett_AppE.fm Page 486 Friday, June 25, 2004 1:50 PM Appendix E • Nessus Plug-ins 487 Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) Default Unix Accounts Default password (D13hh[) for root CVE-1999-0502 Default Unix Accounts Default password (db2fenc1) for db2fenc1 CAN-2001-0051 Default Unix Accounts Default password (satori) for rewt CVE-1999-0502 Default Unix Accounts Unpassworded tutor account CVE-1999-0502 Default Unix Accounts Default password (db2inst1) for db2inst1 CAN-2001-0051 Default Unix Accounts Default password (ibmdb2) for db2inst1 CAN-2001-0051 Default Unix Accounts Unpassworded demos account CVE-1999-0502 Default Unix Accounts Default password (guest) for guest CVE-1999-0502 Default Unix Accounts Default password (wank) for wank CVE-1999-0502 Default Unix Accounts Default password (root) for root CVE-1999-0502 Default Unix Accounts Default password (glftpd) for glftpd CVE-1999-0502 Default Unix Accounts Unpassworded StoogR account CVE-1999-0502 Default Unix Accounts Unpassworded jack account CVE-1999-0502 Default Unix Accounts Unpassworded guest account CVE-1999-0502 Denial of Service Eicon Diehl LAN ISDN modem DoS CAN-1999-1533 665 Denial of Service Netscape Enterprise Server DoS CVE-1999-0752 516 Howlett_AppE.fm Page 487 Friday, June 25, 2004 1:50 PM 488 Appendix E • Nessus Plug-ins Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) Denial of Service SMB null param count DoS CAN-2002-0724 5556 Denial of Service GoodTech ftpd DoS CAN-2001-0188 2270 Denial of Service IIS FrontPage DoS CVE-2001-0096 2144 Denial of Service ping of death Denial of Service DoSable Oracle Web- Cache server CAN-2002-0102 3760 Denial of Service 3com RAS 1500 DoS 7175 Denial of Service jolt2 CVE-2000-0482 1312 Denial of Service mod_jk chunked encoding DoS 6320 Denial of Service Hyperbomb CVE-1999-1336 Denial of Service Linksys Gozila CGI denial of service Denial of Service spank.c Denial of Service Ascend Kill CVE-1999-0060 714 Denial of Service SLMail denial of service CAN-1999-0231 Denial of Service WinLogon.exe DoS CVE-2000-0377 1331 Denial of Service Cisco DoS CVE-1999-0430 705 Denial of Service FTP Windows 98 MS/ DOS device names DOS Denial of Service Marconi ASX DoS CAN-2001-0270 2400 Denial of Service GAMSoft TelSrv 1.4/1.5 Overflow CVE-2000-0665 1478 Denial of Service DB2 DOS CAN-2001-1143 3010 Denial of Service WINS UDP flood denial CVE-1999-0288 298 Denial of Service IIS 5.0 WebDav Memory Leakage 2736 Howlett_AppE.fm Page 488 Friday, June 25, 2004 1:50 PM . 1818 CGI abuses ASP source using :: $DATA trick CVE-1999-0278 149 CGI abuses htimage.exe overflow CAN-2000-0256 1117 CGI abuses IIS : Directory listing through WebDAV CVE-2000-0 951 1756 CGI abuses. abuses Unknown CGIs arguments torture CGI abuses mailreader.com directory traversal and arbitrary command execution 6055, 6058, 5393 CGI abuses SQLQHit Directory Structure Disclosure CAN-2001-0986. June 25, 2004 1:5 0 PM Appendix E • Nessus Plug-ins 483 Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) CGI abuses WF-Chat User Account Disclosure 7147 CGI abuses ODBC tools check CGI

Ngày đăng: 04/07/2014, 13:20

TỪ KHÓA LIÊN QUAN