| id |
Risiko |
Navn |
Sammenfatning |
| 43111 |
other |
HTTP methods per directory |
Test HTTP methods on every directory |
| 43067 |
other |
Web Application Tests Disabled |
Check that CGI or web application tests are enabled |
| 42896 |
other |
Xerver HTTP Response Splitting |
Attempts a XSS attack via HTTP response splitting |
| 42871 |
other |
McAfee Common Management Agent FrameworkService.exe DoS |
Does a remote version check |
| 42821 |
other |
IBM WebSphere Application Server 7.0 < Fix Pack 7 |
Reads the version number from the SOAP port |
| 42799 |
other |
Broken Web Servers |
Report broken web servers |
| 42150 |
other |
NaviCOPA Encoded Space Request Source Code Disclosure |
Tries to read the source of a PHP script |
| 42057 |
other |
Web Server Allows Password Auto-Completion |
Uses the results of webmirror.nasl |
| 42052 |
other |
Apache 2.2 < 2.2.14 Multiple Vulnerabilities |
Checks version in Server response header |
| 41646 |
other |
NaviCOPA ::$DATA Extension Request Source Code Disclosure |
Tries to read the source of a PHP script |
| 41608 |
other |
nginx HTTP Request Multiple Vulnerabilities |
Checks version in Server response header |
| 41058 |
other |
Web Application Firewall Detection |
Looks for WAF error messages(s) |
| 41057 |
other |
IBM WebSphere Application Server < 6.1.0.27 Multiple Vulnerabilities |
Reads the version number from the SOAP port |
| 40823 |
other |
IBM WebSphere Application Server 7.0 < Fix Pack 5 |
Reads the version number from the SOAP port |
| 40807 |
other |
XEROX WorkCentre Web Services Extensible Interface Platform Unauthorized Access (XRX09-003) |
Checks Net Controller Software version of XEROX WorkCentre devices |
| 40665 |
other |
Protected Web Page Detection |
Displays pages that require authentication |
| 40467 |
other |
Apache 2.x < 2.2.12 Multiple Vulnerabilities |
Checks version in Server response header |
| 40353 |
other |
DD-WRT HTTP Daemon Metacharacter Injection Remote Code Execution |
Tries to execute a command |
| 39618 |
other |
Sun Java System Web Server ::$DATA Extension Request JSP Resource Disclosure |
Tries to exploit a source code disclosure vulnerability. |
| 39479 |
other |
Apache Tomcat Cross-Application File Manipulation |
Checks the Tomcat version number |
| 39463 |
other |
HTTP Server Cookies Set |
Displays set cookies |
| 39450 |
other |
IBM WebSphere Application Server < 6.1.0.25 Multiple Vulnerabilities |
Reads the version number from the SOAP port |
| 39446 |
other |
Apache Tomcat Default Error Page Version Detection |
Tries to get a Tomcat version number from a 404 page |
| 39420 |
other |
MikroTik RouterOS with Blank Password (HTTP) |
Tries to log in as admin |
| 39330 |
other |
Sun GlassFish Enterprise < 2.1 Patch 02 Denial of Service |
Checks the Version of Sun GlassFish Enterprise Server |
| 39328 |
other |
Vulture Reverse Proxy Detection |
Identify Vulture login page |
| 39006 |
other |
lighttpd PHP File Trailing Slash Request Source Disclosure |
Sees if appending a / will yield PHP source code |
| 38978 |
other |
IBM WebSphere Application Server < 6.0.2.35 Multiple Vulnerabilities |
Reads the version number from the SOAP port |
| 38808 |
other |
Microsoft IIS WebDAV Unicode Request Directory Security Bypass |
Circumvent IIS 6.0 access control with WebDAV |
| 38790 |
other |
XEROX WorkCentre Web Server Unspecified Command Injection (XRX09-002) |
Checks Net Controller Software version of XEROX WorkCentre devices |
| 38761 |
other |
A-A-S Application Access Server Default Admin Password |
Tries to login with default credentials |
| 38760 |
other |
A-A-S Application Access Server Detection |
Looks at the server's initial banner |
| 38701 |
other |
Sun Glassfish Default Administrator Credentials |
Log on Glassfish with admin/adminadmin |
| 38157 |
other |
Microsoft SharePoint Server Detection |
Detects a SharePoint Server |
| 36161 |
other |
IBM WebSphere Application Server < 6.1.0.23 Multiple Flaws |
Reads the version number from the SOAP port |
| 36133 |
other |
IBM WebSphere Application Server 7.0 < Fix Pack 3 |
Reads the version number from the SOAP port |
| 36132 |
other |
IBM WebSphere Application Server < 6.0.2.33 Multiple Vulnerabilities |
Reads the version number from the SOAP port |
| 36101 |
other |
mod_perl Apache::Status URI XSS |
Tries to inject script code via URI |
| 36100 |
other |
mod_perl Apache::Status Info Disclosure |
Tries to access mod_perl status page |
| 35760 |
other |
eDirectory < 8.8 SP3 FTF3 iMonitor HTTP Accept-Language Header Overflow |
Checks version of eDirectory from an ldap search |
| 35725 |
other |
Novell GroupWise MTA Web Console Accessible |
Tries to access the MTA Web Console |
| 35724 |
other |
TeamSpeak Server Administration Detection |
Identifies TeamSpeak Server Administration |
| 35659 |
other |
IBM WebSphere Application Server 6.1 < Fix Pack 21 Multiple Flaws |
Reads the version number from the SOAP port |
| 35619 |
other |
NaviCOPA < 3.01 6th February 2009 Multiple Vulnerabilities |
Check version in banner |
| 35588 |
other |
NaviCOPA Trailing Dot Source Code Disclosure |
Tries to read source of scripts |
| 35566 |
other |
XEROX WorkCentre Web Server Unspecified Command Injection (XRX09-001) |
Checks Net Controller Software version of XEROX WorkCentre devices |
| 35374 |
other |
Oracle WebLogic Server Plug-in Remote Overflow (1166189) |
Checks the plug-in's build timestamp / change number |
| 35082 |
other |
IBM WebSphere Application Server 7.0 < Fix Pack 1 |
Reads the version number from the SOAP port |
| 35029 |
other |
Dell Remote Access Controller Default Password (calvin) for 'root' Account |
Tries to log into remote DRAC |
| 34970 |
other |
Apache Tomcat Manager Common Administrative Credentials |
Try common passwords for Tomcat |
| 34851 |
other |
Polycom Videoconferencing Unit Detection |
Detect Polycom |
| 34850 |
other |
Web Server Uses Basic Authentication |
Uses the results of webmirror.nasl |
| 34781 |
other |
Oracle WebLogic Server mod_wl Invalid Parameter Remote Overflow (1150354) |
Sends a POST request to get the plug-in's build timestamp |
| 34501 |
other |
IBM WebSphere Application Server < 6.0.2.31 Multiple Vulnerabilities |
Reads the version number from the SOAP port |
| 34489 |
other |
CCProxy < 6.62 HTTP Proxy CONNECT Request Handling Remote Overflow |
Checks CCProxy version or tries to crash the service |
| 34474 |
other |
Broken Web Server Detection |
Checks that the web server is working correctly and quickly |
| 34460 |
other |
Obsolete Web Server Detection |
Look for old HTTPD banners |
| 34433 |
other |
Apache mod_proxy_ftp Directory Component Wildcard Character Globbing XSS |
Checks for mod_proxy_ftp XSS issue |
| 34362 |
other |
Trend Micro OfficeScan Client Traversal Arbitrary File Access |
Exploits a directory traversal issue in Trend Micro OfficeScan Client |
| 34346 |
other |
Blue Coat Reporter Default Password (admin) for 'admin' Account |
Tries to log into Blue Coat Reporter as admin/admin |
| 34334 |
other |
Blue Coat Reporter Detection |
Determines if the web server is from Blue Coat Reporter |
| 34332 |
other |
lighttpd < 1.4.20 Multiple Vulnerabilities |
Checks version in Server response header |
| 34219 |
other |
IBM WebSphere Application Server 6.1 < Fix Pack 19 Multiple Flaws |
Reads the version number from the SOAP port |
| 33932 |
other |
Oracle WebLogic Server mod_wl POST Request Remote Overflow |
Sends a POST request to get the plug-in's build timestamp |
| 33523 |
other |
Network Camera Web Server Detection |
Detect network camera |
| 33477 |
other |
Apache < 2.2.9 Multiple Vulnerabilities (DoS, XSS) |
Checks version in Server response header |
| 33440 |
other |
Sun Java System ASP Server < 4.0.3 Multiple Vulnerabilities |
Tries to bypass authentication and inject a command |
| 33167 |
other |
XEROX WorkCenter Extensible Interface Platform Unspecified Security Bypass (XRX08-006) |
Checks Net Controller Software version of XEROX WorkCentre devices |
| 33139 |
other |
WS-Management Server Detection |
Sends an Identify request |
| 33127 |
other |
IBM WebSphere Application Server < 6.1.0.17 Multiple Vulnerabilities |
Reads the version number from the SOAP port |
| 32433 |
other |
IBM Lotus Domino < 8.0.1 / 7.0.3 FP1 Multiple Vulnerabilities |
Checks version of Lotus Domino |
| 31786 |
other |
Apache mod_jk2 Host Header Multiple Fields Remote Overflow |
Checks version of mod_jk2 |
| 31738 |
other |
Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation |
Checks version in Server response header |
| 31732 |
other |
McAfee Common Management Agent 3.6.0 UDP Packet Handling Format String |
Checks version of McAfee CMA |
| 31659 |
other |
Apache < 2.2.3 mod_rewrite LDAP Protocol URL Handling Overflow |
Checks for version of Apache |
| 31657 |
other |
Web Server Uses Non Random Session IDs |
Determines if the remote site sets a random session ID |
| 31656 |
other |
Apache < 2.0.55 Multiple DoS |
Checks for version of Apache |
| 31655 |
other |
Apache < 2.0.59 mod_rewrite LDAP Protocol URL Handling Overflow |
Checks for version of Apache |
| 31654 |
other |
Apache < 1.3.37 mod_rewrite LDAP Protocol URL Handling Overflow |
Checks for version of Apache |
| 31648 |
other |
Microsoft IIS webhits.dll Hit-Highlighting Authentication Bypass |
Uses the results of webmirror.nasl |
| 31647 |
other |
Apache mod_imap Image Map Referer XSS |
Uses the results of webmirror.nasl |
| 31463 |
other |
IBM WebSphere Application Server < 6.1.0.15 Multiple Vulnerabilities |
Reads the version number from the SOAP port |
| 31423 |
other |
Sun Java Web Console < 3.0.5 Remote File Enumeration |
Retrieves version info |
| 31408 |
other |
Apache < 1.3.41 Multiple Vulnerabilities (DoS, XSS) |
Checks version in Server response header |
| 31407 |
other |
Apache < 2.0.63 Multiple XSS Vulnerabilities |
Checks version in Server response header |
| 31345 |
other |
MiniWebsvr GET Request Traversal Arbitrary File Access |
Tries to retrieve a local file |
| 31118 |
other |
Apache < 2.2.8 Multiple Vulnerabilities (XSS, DoS) |
Checks version in Server response header |
| 31052 |
other |
IBM Tivoli Provisioning Manager OS Deployment < 5.1.0.3 Interim Fix 3 HTTP Server Logging Functionality Remote Overflow |
Gets IBM TPM for OS Deployment Server version |
| 30215 |
other |
F5 BIG-IP Web Management Interface Detection |
Detects F5 BIG-IP web management interface |
| 29697 |
other |
ipMonitor Encoded Traversal Arbitrary File Access |
ipMonitor Directory Traversal |
| 29224 |
other |
NetScaler Unencrypted Web Management Interface |
Detects an unencrypted NetScaler web management interface |
| 29223 |
other |
NetScaler Web Management Successful Authentication |
Logs into NetScaler web management interface |
| 29222 |
other |
NetScaler Web Management Interface Detection |
Detects NetScaler web management interface |
| 29221 |
other |
NetScaler Web Management Interface IP Address Cookie Information Disclosure |
Reports NetScaler web cookie information |
| 29220 |
other |
NetScaler Web Management Interface Cookie Credentials Encryption Weakness |
Tests NetScaler web management cookie encryption |
| 28333 |
other |
Ruby on Rails Multiple Method Session Fixation |
Tries to pass a session cookie via URL |
| 26194 |
other |
Web Server Uses Plain Text Authentication Forms |
Uses the results of webmirror.nasl |
| 26187 |
other |
IBM Tivoli Storage Manager Client Multiple Vulnerabilities (swg21268775) |
Checks version of TSM Client from HTTP banner |
| 26058 |
other |
lighttpd Status Module Remote Information Disclosure |
Sends requests for status urls |
| 26057 |
other |
lighttpd mod_fastcgi HTTP Request Header Remote Overflow |
Sends a long header to lighttpd |
| 26023 |
other |
Apache < 2.2.6 Multiple Vulnerabilities (DoS, XSS, Info Disc) |
Checks version in Server response header |
| 25241 |
other |
Resin for Windows \WEB-INF Traversal Arbitrary File Access |
Tries to get a directory listing of web-apps\ROOT\WEB-INF |
| 25149 |
other |
IBM Tivoli Provisioning Manager OS Deployment Multiple Stack Overflows |
Gets IBM TPM for OS Deployment Server version |
| 25082 |
other |
Sun Java Web Console LibWebconsole_Services.SO Remote Format String |
Checks Sun Java Web Console Version |
| 25005 |
other |
IBM Tivoli Provisioning Manager OS Deployment Multiple Unspecified Input Validation Vulnerabilities |
Gets IBM TPM for OS Deployment Server version |
| 24260 |
other |
HyperText Transfer Protocol (HTTP) Information |
Determines the version of HTTP spoken by the remote host |
| 24244 |
other |
Microsoft .NET Custom Errors Not Set |
Checks for the error message of the .NET framework |
| 24243 |
other |
Microsoft .NET Version Information Disclosure |
Checks for the version of the .NET framework |
| 24242 |
other |
Microsoft .NET Handlers Enumeration |
Checks for the version of the .NET framework |
| 24004 |
other |
WebDAV Directory Enumeration |
Determines which directories are DAV enabled |
| 23636 |
other |
Easy File Sharing Web Server Crafted Request ADS Arbitrary File Access |
Tries to read a local file via EFS |
| 22494 |
other |
ePolicy Orchestrator HTTP /spipe/pkg/ Source Header Remote Overflow |
Determines the version of ePO |
| 21606 |
other |
Resin for Windows Encoded URI Traversal Arbitrary File Access |
Tries to retrieve boot.ini using Resin |
| 21155 |
other |
lighttpd on Windows Crafted Filename Request Script Source Disclosure |
Checks version of lighttpd |
| 21039 |
other |
Easy File Sharing Web Server Multiple Remote Vulnerabilities (FS, XSS, Upload) |
Sends a format string to EFS web server |
| 21015 |
other |
RaidenHTTPD Crafted Request Script Source Disclosure |
Checks version of RaidenHTTPD |
| 20747 |
other |
Novell Open Enterprise Server Remote Manager (novell-nrm) POST Request Content-Length Overflow |
Checks for Novel Remort Manager HTTP Heap Overflow |
| 20386 |
other |
Apache mod_ssl ssl_hook_Access Error Handling DoS |
Checks for error document denial of service vulnerability in Apache mod_ssl |
| 20228 |
other |
Google Search Appliance Detection |
Detects a Google Appliance |
| 20108 |
other |
Web Server / Application favicon.ico Vendor Fingerprinting |
Attempt to fingerprint web server with favicon.ico |
| 20097 |
other |
WindWeb <= 2.0 Malformed GET Request Remote DoS |
Checks for denial of service vulnerability in WindWeb <= 2.0 |
| 20089 |
other |
F5 BIG-IP Cookie Information Disclosure |
Check F5 BIG-IP(R) Cookie for information disclosure |
| 20062 |
other |
Xerver < 4.20 Multiple Vulnerabilities |
Checks for multiple vulnerabilities in Xerver < 4.20 |
| 19940 |
other |
Polipo < 0.9.9 Unspecified Traversal Arbitrary File Access |
Checks for local web root restriction bypass vulnerability in Polipo |
| 19697 |
other |
Sun Java System Web Proxy Server Multiple Unspecified Remote DoS |
Checks for unspecified remote denial of service vulnerability in Sun Java System Web Proxy Server |
| 19689 |
other |
Embedded Web Server Detection |
This scripts detects wether the remote host is an embedded web server |
| 19552 |
other |
ePolicy Orchestrator Symlink Arbitrary Privileged File Access |
Checks for local information disclosure vulnerability in ePolicy Orchestrator |
| 19309 |
other |
IBM Lotus Domino HTML Hidden Field Encrypted Password Disclosure |
Checks for information disclosure vulnerabilities in Lotus Domino Server |
| 18534 |
other |
Intrusion.com SecureNet Sensor Detection |
Checks for Intrusion.com SecureNet sensor console |
| 18533 |
other |
Intrusion.com SecureNet Provider Detection |
Checks for Intrusion.com SecureNet provider console |
| 18522 |
other |
Yaws Web Server .yaws Script Null Byte Request Source Code Disclosure |
Downloads the source of .yaws scripts |
| 18424 |
other |
MiniShare Webserver HTTP GET Request Remote Overflow |
MiniShare webserver buffer overflows |
| 18368 |
other |
Ipswitch IMail Web Calendaring Server GET Request Traversal Arbitrary File Access |
Ipswitch Imail WebCalendar Directory Traversal Vulnerability |
| 18366 |
other |
Web Server GET Request Saturation Remote DoS |
Several GET requests in a row temporarily shut down the web server |
| 18365 |
other |
BEA WebLogic <= 8.1 SP4 Multiple Vulnerabilities (XSS, DoS, ID, more) |
Checks for multiple vulnerabilities in BEA WebLogic <= 8.1 SP4 |
| 18268 |
other |
XEROX MicroServer Web Server Directory Navigation Crafted URL DoS (XRX05-004) |
Checks for web server remote denial of service vulnerability in XEROX MicroServer |
| 18261 |
other |
Apache Banner Linux Distribution Disclosure |
Guesses the remote distribution version |
| 18258 |
other |
XEROX Document Centre Web Server Unspecified Unauthorised Access |
Checks for authentication bypass vulnerability in XEROX MicroServer |
| 18249 |
other |
ShowOff! Digital Media Software <= 1.5.4 Multiple Remote Vulnerabilities |
Checks for multiple remote vulnerabilities in ShowOff! Digital Media Software <= 1.5.4 |
| 18220 |
other |
GeoHttpServer Unauthorized Image Access Vulnerability |
Checks for unauthorized image access vulnerability in GeoHttpServer |
| 18176 |
other |
Yawcam Web Server Traversal Arbitrary File Access |
Checks for directory traversal in Yawcam |
| 18114 |
other |
Sun Java System Web Proxy Server Unspecified Remote Overflow |
Checks for version of SunOne Web Proxy |
| 18033 |
other |
PHP < 4.3.11 / 5.0.3 Multiple Unspecified Vulnerabilities |
Checks for version of PHP |
| 17997 |
other |
Compaq WBEM HTTP Server Remote Overflow |
Compaq WBEM Server Version Check |
| 17991 |
other |
IBM Lotus Domino Web Service NLSCCSTR.DLL Malformed GET Request Overflow DoS |
Checks for remote denial of service vulnerability in Lotus Domino Server Web Service |
| 17348 |
other |
Jetty < 4.2.19 HTTP Server HttpRequest.java Content-Length Handling Remote Overflow DoS |
Checks for the version of Jetty |
| 17322 |
other |
Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS |
Checks for remote malformed request denial of service vulnerability in Apache Tomcat |
| 17243 |
other |
RaidenHTTPD < 1.1.34 Multiple Remote Vulnerabilities |
RaidenHTTPD check |
| 17241 |
other |
BadBlue ext.dll mfcisapicommand Parameter Remote Overflow |
Detects MFCISAPICommand remote buffer overflow vulnerability in BadBlue |
| 17231 |
other |
CERN httpd CGI Name Handling Remote Overflow |
Ask for a too long CGI name containing a dot |
| 17230 |
other |
CERN httpd Double Slash Protected Webpage Bypass |
Determines if web access control can be circumvented |
| 17154 |
other |
HTTP Proxy CONNECT Loop DoS |
Connects back to the web proxy through itself |
| 17150 |
other |
OpenVMS WASD HTTP Server Multiple Vulnerabilities |
Checks for the version of the remote HTTP Server |
| 16475 |
other |
lighttpd Null Byte Request CGI Script Source Code Disclosure |
Checks for version of Sami HTTP server |
| 16468 |
other |
Sami HTTP Server Multiple Remote Vulnerabilities |
Checks for version of Sami HTTP server |
| 16313 |
other |
RaidenHTTPD Crafted Request Arbitrary File Access |
RaidenHTTPD directory traversal |
| 16277 |
other |
WebWasher Classic Server Mode Arbitrary Proxy CONNECT Request |
Checks for the presence of WebWasher Proxy |
| 15973 |
other |
PHP < 4.3.10 / 5.0.3 Multiple Vulnerabilities |
Checks for version of PHP |
| 15934 |
other |
OpenText FirstClass HTTP Daemon /Search Large Request Remote DoS |
Checks for FirstClass |
| 15927 |
other |
Apache on Mac OS X HFS+ Arbitrary File Source Disclosure |
downloads the source of a remote script |
| 15774 |
other |
CCProxy Logging Compoent HTTP GET Request Remote Overflow |
Does a version check |
| 15764 |
other |
Fastream NETFile FTP/Web Server HEAD Request Saturation DoS |
Checks version of FastStream NetFile |
| 15713 |
other |
04WebServer Multiple Vulnerabilities (XSS, DoS, more) |
Checks for version of 04WebServer |
| 15642 |
other |
HTTP Header Value Remote Format String |
Sends an HTTP request with %s inside an HTTP header |
| 15641 |
other |
HTTP Header Name Remote Format String |
Sends an HTTP request with %s in an HTTP header name |
| 15640 |
other |
HTTP URI Handling Format String |
Sends an HTTP request with %s as an URI |
| 15625 |
other |
Caudium Web Server Malformed URI Remote DoS |
Checks for version of Caudium |
| 15622 |
other |
Cherokee Web Server Port Bind Privilege Drop Weakness |
Checks for version of Cherokee |
| 15621 |
other |
Cherokee Web Server URI Traversal Arbitrary File Access |
Checks for version of Cherokee |
| 15620 |
other |
Cherokee Web Server Malformed POST Request Remote DoS |
Checks for version of Cherokee |
| 15617 |
other |
Cherokee Web Server auth_pam Authentication Format String |
Checks for version of Cherokee |
| 15588 |
other |
Web Server SSL Port HTTP Traffic Detection |
Web server complains that we are talking plain HTTP on HTTPS port |
| 15563 |
other |
Abyss Web Server MS-DOS Device Name DoS |
Try to pass an MS-DOS device name to crash the remote web server |
| 15555 |
other |
Apache mod_proxy Content-Length Overflow |
Checks for version of Apache |
| 15554 |
other |
Apache mod_include get_tag() Function Local Overflow |
Checks for version of Apache |
| 15553 |
other |
OmniHTTPd Pro Long POST Request DoS |
Test OmniHTTPd pro long POST DoS |
| 15436 |
other |
PHP php_variables.c Multiple Variable Open Bracket Memory Disclosure |
Checks for version of PHP |
| 15421 |
other |
NetworkActiv Web Server Encoded URL Request Remote DoS |
Checks for version of NetworkActive Web Server |
| 15400 |
other |
Icecast Crafted URI Remote DoS |
Check icecast version |
| 15399 |
other |
Icecast Multiple Unspecified Remote Overflows |
Check icecast version |
| 15398 |
other |
Icecast / libshout Multiple Remote Overflows |
Check icecast version |
| 15397 |
other |
Icecast HTTP Basic Authorization Remote Overflow DoS |
Check icecast version |
| 14843 |
other |
Icecast HTTP Header Processing Remote Overflow |
Checks Icecast version |
| 14838 |
other |
MyServer HTTP POST Request Remote Overflow DoS |
Test POST DoS on MyServer |
| 14810 |
other |
JRun Multiple Vulnerabilities (OF, XSS, ID, Hijacking) |
downloads the source of CFM scripts |
| 14803 |
other |
Apache <= 2.0.51 Satisfy Directive Access Control Bypass |
Checks for version of Apache |
| 14771 |
other |
Apache <= 1.3.33 htpasswd Local Overflow |
Checks for Apache <= 1.3.33 |
| 14770 |
other |
PHP rfc1867.c $_FILES Array Crafted MIME Header Arbitrary File Upload |
Checks for version of PHP |
| 14748 |
other |
Apache < 2.0.51 Multiple Vulnerabilities (OF, DoS) |
Checks version of Apache |
| 14375 |
other |
Easy File Sharing Web Server disk_c Virtual Folder Request Arbitrary File Access |
Checks /disk_c |
| 14350 |
other |
BadBlue Connection Saturation Remote DoS |
Get the version of the remote badblue server |
| 14279 |
other |
Kerio MailServer < 6.0.1 Embedded HTTP Server Unspecified Issue |
Checks for Kerio MailServer < 6.0.1 |
| 14229 |
other |
thttpd 2.0.7 Directory Traversal (Windows) |
thttpd traversal - try to read c:\boot.ini |
| 14196 |
other |
4D WebStar Arbitrary Multiple Vulnerabilities |
Checks for 4D WebStar |
| 14177 |
other |
Apache < 1.3.31 mod_access IP Address Netmask Rule Bypass |
Checks for Apache version |
| 13660 |
other |
Samba SWAT HTTP Basic Auth base64 Overflow |
SWAT overflow |
| 13651 |
other |
Apache mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String |
Checks for version of mod_ssl |
| 12293 |
other |
Apache < 2.0.50 Multiple Remote DoS |
Checks for version of Apache |
| 12280 |
other |
Apache < 1.3.31 / 2.0.49 Socket Connection Blocking Race Condition DoS |
Checks for version of Apache |
| 12255 |
other |
mod_ssl ssl_util_uuencode_binary Remote Overflow |
Checks for version of mod_ssl |
| 12249 |
other |
IBM Lotus Domino ?ReadDesign Request Design Element Disclosure |
ReadDesign checker |
| 12248 |
other |
IBM Lotus Domino Server Crafted .nsf Request Traversal Arbitrary File Access |
notes.ini checker |
| 12239 |
other |
Apache < 1.3.31 / 2.0.49 Log Entry Terminal Escape Sequence Injection |
Checks for Apache Error Log Escape Sequence Injection Vulnerability |
| 12229 |
other |
Microsoft IIS Cookie information disclosure |
Microsoft IIS Cookie information disclosure |
| 12225 |
other |
Web Server Reverse Proxy Detection |
Web Server reverse proxy bug |
| 12224 |
other |
Web Server Load Balancer Detection |
Web Server load balancer detection |
| 12201 |
other |
Web Server HTTP Basic Authorization Header Remote Overflow DoS |
Attempts to overflow the basic authentication buffer |
| 12200 |
other |
Web Server Incomplete Basic Authentication DoS |
Basic authentication without password chokes the web server |
| 12113 |
other |
Web Server PROPFIND Method Internal IP Disclosure |
Checks for private IP addresses in PROPFIND response |
| 12110 |
other |
OpenSSL < 0.9.6m / 0.9.7d Multiple Remote DoS |
Checks for version of OpenSSL |
| 12100 |
other |
Apache mod_ssl Plain HTTP Request DoS |
Checks for version of Apache |
| 12085 |
other |
Apache Tomcat servlet/JSP container default files |
Checks for Apache Tomcat default files |
| 12073 |
other |
Sami HTTP Server 1.0.4 GET Request Remote Overflow |
Checks for version of Sami HTTP server |
| 12071 |
other |
Jigsaw < 2.2.4 Unspecified URI Parsing Vulnerability |
Checks for version of Jigsaw |
| 12046 |
other |
Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery |
Checks for version of Apache-SSL |
| 12007 |
other |
APSIS Pound Load Balancer Format String Overflow |
APSIS Pound Load Balancer Format String Overflow |
| 11985 |
other |
Zope < 2.6.3 Multiple Vulnerabilities |
Checks Zope version |
| 11980 |
other |
Compaq Web-Based Management Agent Remote Overflow DoS |
crashes Compaq Web Management Agent |
| 11937 |
other |
mod_python < 2.7.9 / 3.0.4 Malformed Query String DoS |
Checks for version of Python |
| 11934 |
other |
Xitami Malformed POST Request Infinite Loop Remote DoS |
Xitami malformed header POST request denial of service |
| 11930 |
other |
Resin Status Page Information Disclosure |
Requests Caucho status |
| 11927 |
other |
TelCondex Simple Webserver Buffer Overflow |
Checks for TelCondex Buffer Overflow |
| 11924 |
other |
Monkey HTTP Daemon (monkeyd) Post_Method Function Crafted Content-Length Header DoS |
POST with empty Content-Length line kills Monkey Web server |
| 11923 |
other |
Microsoft FrontPage Server Extensions (fp30reg.dll) Debug Function Remote Overflow (MS03-051 / 813360) |
IIS FrontPage MS03-051 |
| 11919 |
other |
HMAP Web Server Fingerprinting |
Fingerprints the web server |
| 11915 |
other |
Apache < 1.3.29 Multiple Modules Local Overflow |
Checks for version of Apache |
| 11909 |
other |
Apache Double Slash GET Request Forced Directory Listing |
sends a GET // HTTP/1.0 |
| 11894 |
other |
TinyWeb cgi-bin Crafted HTTP GET Request DoS |
Checks for version of TinyWeb |
| 11892 |
other |
Citrix NFuse Server launch.asp Arbitrary Server/Port Redirect |
Citrix Redirection detection |
| 11879 |
other |
Compaq Web-enabled Management Software Default Account |
Detect Predictable Compaq Web-based Management / HP System Management Agent Administrator Passwords |
| 11874 |
other |
Microsoft IIS 404 Response Service Pack Signature |
IIS Service Pack Check |
| 11871 |
other |
Microsoft IIS Authentication Method Enumeration |
Find IIS authentication scheme |
| 11856 |
other |
iPlanet Web Server Enterprise Edition URL-encoded Host: Information Disclosure |
Check for vulnerable version of iPlanet Webserver |
| 11853 |
other |
Apache < 2.0.48 Multiple Vulnerabilities (OF, Info Disc.) |
Checks for version of Apache |
| 11851 |
other |
MyServer 0.4.3 / 0.7 Crafted Traversal Arbitrary File Access |
Attempts to retrieve the path '/././..' |
| 11850 |
other |
PHP < 4.3.3 Multiple Vulnerabilities |
Checks for version of PHP |
| 11825 |
other |
Polycom ViaVideo Web Server Incomplete HTTP Connection Saturation Remote DoS |
Several incomplete HTTP requests lock the server |
| 11812 |
other |
ePolicy Orchestrator Multiple Remote Vulnerabilities (OF, FS) |
ePolicy Orchestrator vulnerable to several issues |
| 11809 |
other |
mod_mylo for Apache mylo_log Logging Function HTTP GET Overflow |
Checks for version of mod_mylo |
| 11807 |
other |
PHP < 4.3.3 php_check_safe_mode_include_dir Function Safemode Bypass |
Checks for version of PHP |
| 11801 |
other |
HTTP Method Remote Format String |
Sends an HTTP request with %s as a method |
| 11793 |
other |
Apache < 1.3.28 Multiple Vulnerabilities (DoS, ID) |
Checks for version of Apache |
| 11788 |
other |
Apache < 2.0.47 Multiple Vulnerabilities (DoS, Encryption) |
Checks version of Apache |
| 11784 |
other |
Abyss Web Server GET Request Multiple Vulnerabilities |
Tests the version of the remote Abyss server. |
| 11778 |
other |
Web Server Potentially Hosting Copyrighted Material |
Looks for *.(mp3,avi,asf,mpg,wav,ogg) |
| 11770 |
other |
MyServer <= 0.4.2 Multiple Remote DoS |
Checks for the presence of MyServer |
| 11769 |
other |
Zope Invalid Query Path Disclosure |
Checks for Zope Examples directory |
| 11752 |
other |
Proxomitron GET Request Overflow Remote DoS |
Checks for the presence of proxomitron |
| 11734 |
other |
ArGoSoft Mail Server HTTP Daemon GET Request Saturation DoS |
Bad HTTP request |
| 11715 |
other |
Avirt Multiple Product HTTP Proxy Overflow |
Too long HTTP header kills the HTTP proxy server |
| 11714 |
other |
Nonexistent Page (404) Physical Path Disclosure |
Tests for a Generic Path Disclosure Vulnerability |
| 11699 |
other |
URLScan for IIS Detection |
Detects the presence of URLScan |
| 11695 |
other |
Pi3Web Malformed GET Request Remote Overflow |
Tests for a DoS in Pi3Web |
| 11686 |
other |
mod_gzip Debug Mode mod_gzip_printf Remote Format String |
mod_gzip detection |
| 11685 |
other |
mod_gzip Detection |
mod_gzip detection |
| 11665 |
other |
Apache < 2.0.46 Multiple DoS |
Checks for version of Apache |
| 11664 |
other |
Microsoft Media Services ISAPI nsiislog.dll Multiple Overflows |
Determines the presence of nsiislog.dll |
| 11656 |
other |
Eserv Web Server /? Request Forced Directory Listing |
GET /? |
| 11645 |
other |
WsMp3 Daemon (WsMp3d) HTTP Traversal Arbitrary File Execution/Access |
Attempts to execute /bin/id |
| 11641 |
other |
BadBlue ISAPI Extension ext.dll LoadPage Parameter Arbitrary File Access |
Get the version of the remote BadBlue server |
| 11634 |
other |
Proxy Web Server XSS |
Determine if the remote proxy is vulnerable to Cross Site Scripting vulnerability |
| 11628 |
other |
WebLogic SSL Certificate Chain User Spoofing |
Checks the version of WebLogic |
| 11609 |
other |
mod_survey For Apache ENV Tags SQL Injection |
mod_survey SQL injection |
| 11607 |
other |
Apache < 2.0.46 on OS/2 filestat.c Device Name Request DoS |
Checks for version of Apache |
| 11606 |
other |
WebLogic Crafted GET Request Hostname Disclosure |
Make a request like GET . \r\n\r\n |
| 11592 |
other |
12Planet Chat Server Error Message Path Disclosure |
Checks for 12Planet Chat Server path disclosure |
| 11591 |
other |
12Planet Chat Server Administration Authentication ClearText Credential Disclosure |
Checks for the data encapsulation of 12Planet Chat Server |
| 11585 |
other |
Sambar Server Cleartext Password Transmission |
Makes sure that Sambar runs on top of SSL |
| 11576 |
other |
thttpd Host Header Traversal Arbitrary File Access |
thttpd flaw |
| 11560 |
other |
MDG Web Server 4D GET Request Remote Overflow |
Crashes 4D WS |
| 11556 |
other |
CiscoSecure ACS for Windows CSAdmin Login Overflow DoS |
CISCO Secure ACS Management Interface Login Overflow |
| 11554 |
other |
BadBlue ISAPI Extension .hts Crafted File Extension Request Authentication Bypass |
Get the version of the remote BadBlue server |
| 11552 |
other |
mod_ntlm for Apache Multiple Remote Vulnerabilities |
mod_ntlm overflow / format string |
| 11546 |
other |
Xeneo Web Server %A Request Remote DoS |
Crashes Xeneo web server with /%A or /% |
| 11545 |
other |
Xeneo Web Server 2.2.9.0 GET Request Remote Overflow DoS |
Xeneo Web Server 2.2.9.0 DoS |
| 11544 |
other |
Monkey HTTP Daemon (monkeyd) PostMethod() Function Remote Overflow |
MonkeyWeb overflow with POST data |
| 11543 |
other |
mod_access_referer 1.0.2 for Apache Malformed Referer DoS |
Apache module mod_access_referer 1.0.2 contains a NULL pointer dereference vulnerability |
| 11521 |
other |
Abyss Web Server Malformed GET Request Remote DoS |
Empty HTTP request headers crash the remote web server |
| 11519 |
other |
Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS |
Checks for version of mod_jk |
| 11507 |
other |
Apache < 2.0.45 Multiple Vulnerabilities (DoS, File Write) |
Checks for version of Apache |
| 11504 |
other |
MultiTech Proxy Server Default Null Password |
Attempts to log into the remote web server |
| 11493 |
other |
Sambar Server Default Accounts |
Tests for default accounts |
| 11481 |
other |
mod_auth_any for Apache Metacharacter Remote Command Execution |
Attempts to log into the remote web server |
| 11474 |
other |
NETGEAR ProSafe VPN Firewall Web Server Malformed Basic Authorization Header Remote DoS |
Attempts to crash the firewall via a long Basic Authorization string. |
| 11468 |
other |
PHP socket_iovec_alloc() Function Overflow |
Checks for version of PHP |
| 11455 |
other |
Microsoft FrontPage Unpassworded Installation |
Determines if the remote web server is password protected |
| 11443 |
other |
MS00-019: Microsoft IIS ISAPI Virtual Directory UNC Mapping ASP Source Disclosure (uncredentialed check) |
Checks IIS for .ASP/.HTR backslash vulnerability. |
| 11424 |
other |
WebDAV Detection |
Checks the presence of WebDAV |
| 11422 |
other |
Web Server Unconfigured - Default Install Page Present |
Determines if the remote web server has been configured |
| 11412 |
other |
Microsoft IIS WebDAV ntdll.dll Remote Overflow (MS03-007) |
WebDAV buffer overflow |
| 11409 |
other |
ePolicy Orchestrator HTTP GET Request Remote Format String |
ePolicy Orchestrator vulnerable to format string |
| 11408 |
other |
Apache < 2.0.43 Multiple Vulnerabilities (Log Injection, Source Disc.) |
Checks for version of Apache |
| 11403 |
other |
iPlanet Application Server Prefix Remote Overflow |
Determines if Sun ONE AS SP1 is applied |
| 11386 |
other |
IBM Lotus Domino 6.0 Multiple Vulnerabilities |
Checks for the version of the remote Domino Server |
| 11344 |
other |
IBM Lotus Domino Directory Traversal Arbitrary File Access |
\..\..\file.txt |
| 11313 |
other |
Microsoft Content Management Server (MCMS) 2001 Multiple Remote Vulnerabilities |
Checks for the presence of MCMS |
| 11311 |
other |
MS02-053: Microsoft FrontPage Extensions shtml.exe Remote Overflow (uncredentialed check) |
Checks for the presence of shtml.exe |
| 11303 |
other |
mod_frontpage for Apache fpexec Remote Overflow |
Checks for the presence of mod_frontpage |
| 11267 |
other |
OpenSSL < 0.9.6j / 0.9.7b Multiple Vulnerabilities |
Checks for version of OpenSSL |
| 11239 |
other |
Web Server Crafted Request Vendor/Version Information Disclosure |
Tries to discover the web server name |
| 11238 |
other |
Anti-Nessus Defense Detection |
Detects anti Nessus features |
| 11237 |
other |
PHP < 4.3.1 CGI Module Force Redirect Settings Bypass Arbitrary File Access |
Checks for version of PHP |
| 11235 |
other |
Web Server HTTP OPTIONS Method URL Handling Remote Overflow |
Web server OPTIONS buffer overflow |
| 11234 |
other |
Zope Malformed XML RPC Request Path Disclosure |
Checks for Zope installation directory |
| 11220 |
other |
Netscape / iPlanet .perf Remote Information Disclosure |
Makes a request like http://www.example.com/.perf |
| 11218 |
other |
Apache httpd / Tomcat '/server-status' Information Disclosure |
Makes a request like http://www.example.com/server-status |
| 11213 |
other |
HTTP TRACE / TRACK Methods Allowed |
Test for TRACE / TRACK Methods |
| 11210 |
other |
Apache < 2.0.44 Illegal Character Default Script Mapping Bypass |
Requests /< and gets the output |
| 11209 |
other |
Apache < 2.0.44 DOS Device Name Multiple Remote Vulnerabilities (Code Exec, DoS) |
Checks for version of Apache |
| 11204 |
other |
Apache Tomcat Default Accounts |
Apache Tomcat Default Accounts |
| 11202 |
other |
Enhydra Multiserver Default Password |
Enhydra Multiserver Default Admin Password |
| 11183 |
other |
Null httpd Content-Length Header Handling Remote Overflow |
NullLogic Null HTTP Server Negative Content-Length Heap Overflow |
| 11181 |
other |
IBM WebSphere HTTP Request Header Remote Overflow |
Too long HTTP header kills WebSphere |
| 11174 |
other |
Savant Web Server Malformed Content-Length DoS |
Savant web server crashes if Content-Length is negative |
| 11171 |
other |
SWS Web Server Unfinished Line Remote DoS |
SWS web server crashes when unfinished line is sent |
| 11167 |
other |
WebServer 4 Everyone Host Field Header Buffer Overflow |
Webserver4everyone too long URL with Host field set |
| 11166 |
other |
KeyFocus (KF) Web Server Null Byte Request Restricted File / Directory Access |
Make a request like http://www.example.com/%00 |
| 11162 |
other |
IBM WebSphere Edge Caching Proxy DoS |
Crashes the remote proxy |
| 11161 |
other |
Microsoft Data Access Components RDS Data Stub Remote Overflow |
Determines the presence of msadcs.dll |
| 11155 |
other |
LiteServe HTTP Service Malformed URL Decoding Remote DoS |
Sending a long string of % kills LiteServe |
| 11150 |
other |
Apache Tomcat MS-DOS Device Name Request DoS |
Kills Apache Tomcat by reading 1000+ times a MS/DOS device through the servlet engine |
| 11141 |
other |
SMC 2652W AP Malformed HTTP Request Remote DoS |
Crash SMC Access Point |
| 11140 |
other |
Web Server UDDI Detection |
Find UDDI |
| 11137 |
other |
Apache < 1.3.27 Multiple Vulnerabilities (DoS, XSS) |
Checks for version of Apache |
| 11130 |
other |
BrowseGate HTTP MIME Headers Remote Overflow |
Too long HTTP headers kill BrowseGate |
| 11129 |
other |
Web Server HTTP 1.1 Header Remote Overflow |
Too long HTTP 1.1 header kills the web server |
| 11127 |
other |
Web Server HTTP 1.0 Header Remote Overflow |
Too long HTTP 1.0 header kills the web server |
| 11099 |
other |
Pi3Web < 2.0.1 CGI Handler Long Parameter Handling Overflow |
Tests for a DoS in Pi3Web |
| 11092 |
other |
Apache <= 2.0.39 Win32 Crafted Traversal Arbitrary File Access |
Apache 2.0.39 Win32 directory traversal |
| 11089 |
other |
IBM Tivoli SecureWay WebSEAL Proxy Policy Director Encoded URL DoS |
Request ending with %2E kills WebSeal |
| 11085 |
other |
Personal Web Sharing Long HTTP Request DoS |
Too long request kills PWS |
| 11084 |
other |
Web Server HTTP Header Memory Exhaustion DoS |
Infinite HTTP request kills the web server |
| 11078 |
other |
Web Server HTTP Header Handling Remote Overflow |
Attempts to overflow the HTTP header buffer |
| 11077 |
other |
Web Server HTTP Cookie Header Remote Overflow |
Tries to overflow the cookie buffer |
| 11075 |
other |
Sun AnswerBook2 Web Server dwhttpd GET Request Remote Format String |
DynaWeb server vulnerable to format string |
| 11071 |
other |
Multiple Web Server Encoded Space (%20) Request ASP Source Disclosure |
Downloads the source of ASP scripts |
| 11069 |
other |
Web Server HTTP User-Agent Header Handling Remote Overflow |
Tries to crash the web server with a long user-agent |
| 11068 |
other |
iPlanet Chunked Encoding Processing Remote Overflow |
Checks for the behavior of iPlanet |
| 11065 |
other |
Web Server HTTP Method Handling Remote Overflow |
Tries to crash the web server with a long HTTP method |
| 11064 |
other |
BadBlue Hex-encoded Null Byte Request Arbitrary File Access |
Read BadBlue protected configuration file |
| 11063 |
other |
LabVIEW Web Server HTTP Get Newline DoS |
Kills the LabView web server |
| 11062 |
other |
BadBlue Malformed GET Request Remote DoS |
Invalid GET kills the BadBlue web server |
| 11061 |
other |
Web Server HTTP GET Request Version Number Handling Remote Overflow |
Tries to crash the web server with a long HTTP version |
| 11048 |
other |
Resin MS-DOS Device Request Path Disclosure |
Tests for Resin path disclosure vulnerability |
| 11047 |
other |
Jigsaw Webserver MS/DOS Device Request Remote DoS |
Jigsaw DOS dev DoS |
| 11043 |
other |
iPlanet Search Engine search CGI Arbitrary File Access |
Attempts to read an arbitrary file using a feature in iPlanet |
| 11040 |
other |
HTTP Reverse Proxy Detection |
Look for an HTTP proxy on the way |
| 11039 |
other |
Apache mod_ssl ssl_compat_directive Function Overflow |
Checks for version of mod_ssl |
| 11035 |
other |
AnalogX SimpleServer:WWW Buffer Overflow |
Crashes SimpleServer:WWW |
| 11032 |
other |
Web Server Directory Enumeration |
Web Directory Scanner |
| 11030 |
other |
Apache Chunked Encoding Remote Overflow |
Checks for version or behavior of Apache |
| 11028 |
other |
Microsoft IIS .HTR Filter Multiple Overflows (MS02-028) |
Tests for IIS .htr ISAPI filter |
| 11015 |
other |
Xerver Web Server < 2.20 Crafted C:/ Request Remote DoS |
Xerver DoS |
| 11009 |
other |
IBM Lotus Domino Banner Nonexistent .pl File Request Path Disclosure |
Tests for Lotus Physical Path Disclosure Vulnerability |
| 11008 |
other |
PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure |
Tests for PHP4 Physical Path Disclosure Vulnerability |
| 11005 |
other |
LocalWeb2000 2.1.0 Multiple Remote Vulnerabilities |
Checks for LocalWeb2000 |
| 10967 |
other |
Shambala Web Server Malformed HTTP GET Request DoS |
Kills a Shambala web server |
| 10963 |
other |
Compaq Web-enabled Management Software HTTP Server Arbitrary Traffic Proxy |
Compaq Web Based Management Agent Proxy Vulnerability |
| 10962 |
other |
Cabletron WebView Administrative Access |
Cabletron WebView Administrative Access |
| 10956 |
other |
Microsoft IIS / Site Server codebrws.asp Arbitrary Source Disclosure |
Tests for presence of Codebrws.asp |
| 10953 |
other |
IBM Lotus Domino Crafted .nsf Request Authentication Bypass |
Checks if Lotus Domino databases can be accessed by bypassing the required authentication |
| 10947 |
other |
mod_python < 2.7.8 Module Importing Privilege Function Execution |
Checks for version of Python |
| 10938 |
other |
Apache on Windows < 1.3.24 / 2.0.34 DOS Batch File Arbitrary Command Execution |
Tests for presence of Apache Command execution via .bat vulnerability |
| 10937 |
other |
Microsoft IIS Multiple Remote DoS (MS02-018 / Q319733) |
Tests for a DoS in IIS |
| 10935 |
other |
Microsoft IIS ASP ISAPI Filter Multiple Overflows |
Tests for a remote buffer overflow in IIS |
| 10932 |
other |
Microsoft IIS .HTR ISAPI Filter Enabled |
Tests for IIS .htr ISAPI filter |
| 10930 |
other |
Multiple Web Server on Windows MS/DOS Device Request Remote DOS |
Crashes Windows 98 |
| 10918 |
other |
Apache-SSL < 1.3.23+1.46 i2d_SSL_SESSION Function SSL Client Certificate Overflow |
Checks for version of Apache-SSL |
| 10888 |
other |
Apache mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow |
Checks for version of mod_ssl |
| 10867 |
other |
PHP mime_split Function POST Request Overflow |
Checks for version of PHP |
| 10846 |
other |
SilverStream Directory Listing |
Checks if SilverStream directory listings are disabled. |
| 10777 |
other |
Zope < 2.3.3 ZClass Permission Mapping Modification Local Privilege Escalation |
Checks Zope version |
| 10766 |
other |
Apache UserDir Directive Username Enumeration |
Checks for the error codes returned by Apache when requesting a nonexistent user name |
| 10759 |
other |
Web Server HTTP Header Internal IP Disclosure |
Checks for private IP addresses in HTTP headers |
| 10756 |
other |
Apple Mac OS X Find-By-Content .DS_Store Web Directory Listing |
Reads /.DS_Store or /.FBCIndex |
| 10752 |
other |
Apache Auth Module SQL Injection |
Checks for vulnerable Apache Auth modules |
| 10746 |
other |
Compaq Web Management Server Detection |
Determines of the remote web server is Compaq Web Management |
| 10744 |
other |
VisualRoute Web Server Detection |
Extracts the banner of the remote visual route server |
| 10705 |
other |
SimpleServer:WWW Encoded Traversal Arbitrary Command Execution |
Check the remote execution vulnerability in SimpleServer |
| 10704 |
other |
Apache Multiviews Feature Arbitrary Directory Listing |
Checks to see if Apache will provide a directory listing |
| 10702 |
other |
Zope ZClass Modification Local DoS |
Checks for Zope |
| 10701 |
other |
PHP Safe Mode mail Function 5th Parameter Arbitrary Command Execution |
Checks for version of PHP |
| 10699 |
other |
MS01-035: Microsoft IIS FrontPage fp30reg.dll Remote Overflow (uncredentialed check) |
Attempts to overflow the fp30reg.dll dll |
| 10698 |
other |
WebLogic Encoded Request Forced Directory Listing |
Make a request like http://www.example.com/%00/ |
| 10697 |
other |
WebLogic Server Double Dot GET Request Remote Overflow |
WebLogic Server DoS |
| 10695 |
other |
Microsoft IIS .IDA ISAPI Filter Enabled |
Tests for IIS .ida ISAPI filter |
| 10691 |
other |
Netscape Enterprise Web Publishing INDEX Command Arbitrary Directory Listing |
INDEX / HTTP/1.1 Information Disclosure |
| 10689 |
other |
Netscape Enterprise Server Long Traversal Request Remote DoS |
Attempt to crash the service by sending a long traversal string. |
| 10687 |
other |
Web Server HTTP POST Method Handling Remote Overflow |
Web server buffer overflow |
| 10685 |
other |
Microsoft IIS ISAPI Filter Multiple Vulnerabilities (MS01-044) |
Tests for a remote buffer overflow in IIS |
| 10683 |
other |
iPlanet Certificate Management Traversal Arbitrary File Access |
\..\..\file.txt |
| 10680 |
other |
Microsoft IIS Source Fragment Disclosure |
Test Microsoft IIS Source Fragment Disclosure |
| 10678 |
other |
Apache mod_info /server-info Information Disclosure |
Requests /server-info |
| 10677 |
other |
Apache mod_status /server-status Information Disclosure |
Requests /server-status |
| 10671 |
other |
MS01-026 / MS01-044: Microsoft IIS Remote Command Execution (uncredentialed check) |
Determines if arbitrary commands can be executed |
| 10667 |
other |
Microsoft IIS 5.0 WebDAV Malformed PROPFIND Request Remote DoS |
Attempts to crash the Microsoft IIS server |
| 10662 |
other |
Web mirroring |
Performs a quick web mirror |
| 10661 |
other |
Microsoft IIS 5 .printer ISAPI Filter Enabled |
Tests for IIS5 .printer ISAPI filter |
| 10657 |
other |
Microsoft IIS 5.0 Malformed HTTP Printer Request Header Remote Buffer Overflow |
Makes sure that MS01-023 is installed on the remote host |
| 10656 |
other |
Resin Traversal Arbitrary File Access |
request \..\..\file.txt |
| 10637 |
other |
SEDUM HTTP Server Long HTTP Request Overflow DoS |
Crashes the remote web server |
| 10636 |
other |
Orange Web Server Malformed HTTP Request Remote DoS |
Crashes the remote web server |
| 10633 |
other |
Savant Web Server Multiple Percent Request Remote DoS |
Crashes the remote web server |
| 10631 |
other |
Microsoft IIS WebDAV Malformed PROPFIND Request Remote DoS |
Performs a denial of service against IIS |
| 10629 |
other |
IBM Lotus Domino Administration Databases Anonymous Access |
Checks if Lotus Domino administration databases can be anonymously accessed |
| 10628 |
other |
PHP < 4.0.4 IMAP Module imap_open() Function Overflow |
Checks for version of PHP |
| 10618 |
other |
Pi3Web tstisap.dll Long URL Overflow |
Checks for the presence of /isapi/tstisapi.dll |
| 10600 |
other |
Icecast utils.c fd_write Function Format String |
Icecast format string |
| 10589 |
other |
iPlanet Directory Server Traversal Arbitrary File Access |
/\../\../\file.txt |
| 10585 |
other |
Microsoft IIS Frontpage Server Extensions (FPSE) Malformed Form DoS |
Attempts to crash the Microsoft IIS server |
| 10582 |
other |
HTTP Protocol Version Detection |
HTTP version |
| 10578 |
other |
oops WWW Proxy Server Reverse DNS Response Overflow |
Overflows oops |
| 10577 |
other |
Microsoft IIS bdir.htr Arbitrary Directory Listing |
Check for existence of bdir.htr |
| 10576 |
other |
Microsoft IIS / Site Server viewcode.asp Arbitrary File Access |
Check for existence of viewcode.asp |
| 10575 |
other |
Microsoft IIS Multiple .cnf File Information Disclosure |
Check for existence of world-readable .cnf files |
| 10573 |
other |
Microsoft IIS 5.0 ServerVariables_Jscript.asp Path Disclosure |
IIS 5.0 Sample App reveals physical path of web root |
| 10569 |
other |
Zope Image and File Update Data Protection Bypass |
Checks for Zope |
| 10538 |
other |
iPlanet Web Server shtml File Handling Remote Overflow |
Web server buffer overflow |
| 10537 |
other |
Microsoft IIS Unicode Remote Command Execution |
Determines if arbitrary commands can be executed thanks to IIS |
| 10527 |
other |
Boa Web Server Traversal Arbtirary File Access/Execution |
Boa file retrieval |
| 10526 |
other |
Microsoft IIS WebDAV SEARCH Method Arbitrary Directory Forced Listing |
Checks the presence of the Index Server service |
| 10515 |
other |
Web Server HTTP Authorization Header Remote Overflow |
Web server authorization buffer overflow |
| 10513 |
other |
PHP File Upload Capability Hidden Form Field Modification Arbitrary File Access |
Checks for version of PHP |
| 10511 |
other |
mod_perl for Apache HTTP Server /perl/ Directory Listing |
Is /perl browsable ? |
| 10505 |
other |
Apache WebDAV Module PROPFIND Arbitrary Directory Listing |
Checks the presence of WebDAV |
| 10503 |
other |
Apache on SuSE Linux cgi-bin-sdb Request Script Source Disclosure |
Checks for the presence of /cgi-bin-sdb/ |
| 10498 |
other |
Web Server HTTP Dangerous Method Detection |
Verifies the access rights to the web server (PUT, DELETE) |
| 10497 |
other |
Microsoft FrontPage Extensions MS-DOS Device Request DoS |
Disables Microsoft Frontpage extensions |
| 10496 |
other |
Imail Host: Header Field Handling Remote Overflow |
Web server buffer overflow |
| 10492 |
other |
MS00-006: Microsoft IIS IDA/IDQ Multiple Vulnerabilities (uncredentialed check) |
Determines IIS IDA/IDQ Path Reveal vulnerability |
| 10489 |
other |
AnalogX SimpleServer:WWW Encoded Traversal Arbitrary File Access |
Attempts a Directory Traversal |
| 10484 |
other |
Multiple Web Server ~nobody/ Request Arbitrary File Access |
Checks for the presence of /~nobody/etc/passwd |
| 10480 |
other |
Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation |
Checks for the presence of /site/eg/source.asp |
| 10479 |
other |
Roxen Web Server /%00/ Encoded Request Forced Directory Listing |
Make a request like http://www.example.com/%00/ |
| 10477 |
other |
Apache Tomcat contextAdmin Arbitrary File Access |
Checks for the presence of /admin |
| 10468 |
other |
Netscape Administration Server /admin-serv/config/admpw Admin Password Disclosure |
Attempts to read the Netscape configuration file admpw. |
| 10447 |
other |
Zope < 2.1.7 DocumentTemplate Unauthorized DTML Entity Modification |
Checks for Zope |
| 10445 |
other |
AnalogX SimpleServer:WWW /cgi-bin/ Long GET Request DoS |
Crash the remote HTTP service |
| 10440 |
other |
Apache for Windows Multiple Forward Slash Directory Listing |
Send multiple /'s to Windows Apache Server |
| 10406 |
other |
Microsoft IIS Malformed File Extension URL DoS |
Performs a denial of service against IIS |
| 10405 |
other |
Microsoft IIS FrontPage Server Extensions (FPSE) shtml.exe Path Disclosure |
Retrieve the real path using shtml.exe |
| 10386 |
other |
Web Server No 404 Error Code Check |
Checks if the remote webserver issues 404 errors |
| 10372 |
other |
Microsoft IIS repost.asp File Upload |
Determines whether /scripts/repost.asp is present |
| 10371 |
other |
Microsoft IIS /iisadmpwd/aexp2.htr Password Policy Bypass |
Determines whether /iisadmpwd/aexp2.htr is present |
| 10369 |
other |
Microsoft FrontPage dvwssr.dll Multiple Vulnerabilities |
Checks for the presence of /_vti_bin/_vti_aut/dvwssr.dll |
| 10366 |
other |
AnalogX SimpleServer:WWW Short GET /cgi-bin Remote DoS |
Crash the remote HTTP service |
| 10358 |
other |
Microsoft IIS /iisadmin Unrestricted Access |
Checks for the presence of /iisadmin |
| 10357 |
other |
Microsoft IIS MDAC RDS (msadcs.dll) Arbitrary Remote Command Execution |
Determines the presence of msadcs.dll |
| 10356 |
other |
Microsoft IIS WebHits null.htw .asp Source Disclosure |
Checks for a problem in webhits.dll |
| 10352 |
other |
Netscape Server ?wp-* Publishing Tags Forced Directory Listing |
Make a request like http://www.example.com/?wp-cs-dump |
| 10327 |
other |
Zeus Web Server Null Byte Request CGI Source Disclosure |
Checks for Zeus |
| 10322 |
other |
Xitami Web Server Administration Port Remote Overflow |
Xitami buffer overflow |
| 10320 |
other |
Web Server Long URL Handling Remote Overflow DoS |
Web server buffer overflow |
| 10302 |
other |
Web Server robots.txt Information Disclosure |
Checks for a web server's robots.txt |
| 10297 |
other |
Web Server Directory Traversal Arbitrary File Access |
Tries to retrieve file outside document directory |
| 10286 |
other |
thttpd Double Slash Request Arbitrary File Access |
check thttpd for /etc/passwd |
| 10285 |
other |
thttpd 2.04 If-Modified-Since Header Remote Buffer Overflow |
thttpd buffer overflow |
| 10160 |
other |
Nortel Contivity HTTP Server cgiproc Special Character DoS |
Crashes the remote host |
| 10156 |
other |
Netscape FastTrack get Command Forced Directory Listing |
'get / ' gives a directory listing |
| 10155 |
other |
Netscape Enterprise Server SSL Handshake DoS |
Crashes the remote SSL server |
| 10154 |
other |
Netscape Enterprise Server Accept Header Remote Overflow |
Attmept overflow with large Accept value. |
| 10153 |
other |
Netscape Server ?PageServices Request Forced Directory Listing |
Make a request like http://www.example.com/?PageServices |
| 10149 |
other |
Sun NetBeans Java IDE HTTP Server IP Restriction Bypass Arbitrary File/Directory Access |
determines whether the remote root directory is browsable |
| 10141 |
other |
MetaInfo Web Server Traversal Arbitrary Command Execution |
Read everything using '../' in the URL |
| 10139 |
other |
MDaemon WorldClient HTTP Server URL Overflow DoS |
Crashes the remote service |
| 10138 |
other |
MDaemon WebConfig HTTP Server URL Overflow DoS |
Crashes the remote service |
| 10121 |
other |
Microsoft IIS /scripts Directory Browsable |
Is /scripts/ listable ? |
| 10120 |
other |
Microsoft IIS perl.exe HTTP Path Disclosure |
Attempts to find the location of the remote web root |
| 10119 |
other |
Microsoft IIS Malformed HTTP Request Header Remote DoS |
Performs a denial of service against IIS |
| 10117 |
other |
Microsoft IIS Traversal GET Request Remote DoS |
Performs a denial of service against IIS |
| 10116 |
other |
Microsoft IIS ISM.DLL HTR Request Remote Overflow |
IIS buffer overflow |
| 10110 |
other |
iChat Server Traversal Arbitrary File Access |
Determines if iChat is vulnerable to a stupid bug |
| 10107 |
other |
HTTP Server type and version |
HTTP Server type and version |
| 10097 |
other |
Novell GroupWise Enhancement Pack Java Server URL Handling Overflow DoS |
Groupwise buffer overflow |
| 10091 |
other |
FTPGate Web Proxy Traversal Arbitrary File Access |
\..\..\file.txt |
| 10078 |
other |
Microsoft FrontPage Extensions authors.pwd Information Disclosure |
Checks for the presence of Microsoft FrontPage extensions |
| 10077 |
other |
Microsoft FrontPage Extensions Check |
Checks for the presence of Microsoft FrontPage extensions |
| 10063 |
other |
Eserv GET Request Traversal Arbitrary File Access |
\..\..\file.txt |
| 10059 |
other |
IBM Lotus Domino HTTP /cgi-bin Relative URL Request DoS |
Crashes the Domino HTTP server |
| 10058 |
other |
IBM Lotus Domino HTTP Server Filesystem Setup Disclosure |
obtains absolute path to cgi-bin |
| 10057 |
other |
IBM Lotus Domino ?open Forced Directory Listing |
Checks for the domino ?open feature |
| 10048 |
other |
CommuniGate Pro HTTP Configuration Port Remote Overflow |
Crashes the remote service |
| 10037 |
other |
CERN httpd Virtual Web Path Disclosure |
Attempts to find the location of the remote web root |
| 10012 |
other |
Alibaba Web Server 2.0 HTTP Request Overflow DoS |
Alibaba buffer overflow |