Fork me on GitHub












вторник, 19 март 2019 г.

Apache2-running-non-root



Code

Running of Apache2 like a user and root

сряда, 13 март 2019 г.

Facebook structure_intentional uncertainty




+ Server: No banner retrieved
+ X-XSS-Protection header has been set to disable XSS Protection. There is unlikely to be a good reason for this.
+ Uncommon header 'x-fb-debug' found, with contents: SA17Z/1jGOMUff7U39k20M0c/6sSZAD/Jvv00FPyIR603jOZAx91mrwQ5WVjhkAOm0FI683ditjc0KXc2o+5DQ==
+ Entry '/album.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/checkpoint/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/contact_importer/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/file_download.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/live/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/moments_app/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/p.php' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/photos.php' in robots.txt returned a non-forbidden or redirect HTTP code (301)
+ Entry '/sharer/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/album.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/checkpoint/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/contact_importer/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/file_download.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/live/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/moments_app/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/p.php' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/photos.php' in robots.txt returned a non-forbidden or redirect HTTP code (301)
+ Entry '/sharer/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/album.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/checkpoint/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/contact_importer/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/file_download.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/live/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/moments_app/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/p.php' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/photos.php' in robots.txt returned a non-forbidden or redirect HTTP code (301)
+ Entry '/sharer/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/album.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/checkpoint/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/contact_importer/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/file_download.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/live/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/moments_app/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/p.php' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/photos.php' in robots.txt returned a non-forbidden or redirect HTTP code (301)
+ Entry '/sharer/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/album.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/checkpoint/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/contact_importer/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/file_download.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/live/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/moments_app/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/p.php' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/photos.php' in robots.txt returned a non-forbidden or redirect HTTP code (301)
+ Entry '/sharer/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/album.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/checkpoint/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/contact_importer/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/file_download.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/live/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/moments_app/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/p.php' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/photos.php' in robots.txt returned a non-forbidden or redirect HTTP code (301)
+ Entry '/sharer/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/album.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/checkpoint/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/contact_importer/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/file_download.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/live/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/moments_app/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/p.php' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/photos.php' in robots.txt returned a non-forbidden or redirect HTTP code (301)
+ Entry '/sharer/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/album.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/checkpoint/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/contact_importer/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/file_download.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/live/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/moments_app/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/p.php' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/photos.php' in robots.txt returned a non-forbidden or redirect HTTP code (301)
+ Entry '/sharer/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/album.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/checkpoint/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/contact_importer/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/file_download.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/live/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/moments_app/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/p.php' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/photos.php' in robots.txt returned a non-forbidden or redirect HTTP code (301)
+ Entry '/sharer/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/album.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/checkpoint/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/contact_importer/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/file_download.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/live/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/moments_app/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/p.php' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/photos.php' in robots.txt returned a non-forbidden or redirect HTTP code (301)
+ Entry '/sharer/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/album.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/checkpoint/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/contact_importer/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/file_download.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/live/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/moments_app/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/p.php' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/photos.php' in robots.txt returned a non-forbidden or redirect HTTP code (301)
+ Entry '/sharer/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/album.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/checkpoint/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/contact_importer/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/file_download.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/live/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/moments_app/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/p.php' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/photos.php' in robots.txt returned a non-forbidden or redirect HTTP code (301)
+ Entry '/sharer/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/album.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/checkpoint/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/contact_importer/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/file_download.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/live/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/moments_app/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/p.php' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/photos.php' in robots.txt returned a non-forbidden or redirect HTTP code (301)
+ Entry '/sharer/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/album.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/checkpoint/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/contact_importer/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/file_download.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/live/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/moments_app/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/p.php' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/photos.php' in robots.txt returned a non-forbidden or redirect HTTP code (301)
+ Entry '/sharer/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/ajax/pagelet/generic.php/PagePostsSectionPagelet' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/safetycheck/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/ajax/pagelet/generic.php/PagePostsSectionPagelet' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/safetycheck/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/ajax/pagelet/generic.php/PagePostsSectionPagelet' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/safetycheck/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/ajax/pagelet/generic.php/PagePostsSectionPagelet' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/safetycheck/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/about/privacy/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/ajax/pagelet/generic.php/PagePostsSectionPagelet' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/full_data_use_policy/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/legal/terms/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/policy.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/safetycheck/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/ajax/pagelet/generic.php/PagePostsSectionPagelet' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/safetycheck/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/ajax/pagelet/generic.php/PagePostsSectionPagelet' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/safetycheck/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/ajax/pagelet/generic.php/PagePostsSectionPagelet' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/safetycheck/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/ajax/pagelet/generic.php/PagePostsSectionPagelet' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/safetycheck/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/ajax/pagelet/generic.php/PagePostsSectionPagelet' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/safetycheck/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/ajax/pagelet/generic.php/PagePostsSectionPagelet' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/safetycheck/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/ajax/pagelet/generic.php/PagePostsSectionPagelet' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/safetycheck/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ Entry '/ajax/pagelet/generic.php/PagePostsSectionPagelet' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/safetycheck/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
+ "robots.txt" contains 243 entries which should be manually viewed.
+ Server is using a wildcard certificate: *.facebook.com
+ Uncommon header 'timing-allow-origin' found, with contents: *
+ The Content-Encoding header is set to "deflate" this may mean that the server is vulnerable to the BREACH attack.
+ Server banner has changed from '' to 'proxygen-bolt' which may suggest a WAF, load balancer or proxy is in place
+ Multiple index files found: /default.aspx, /index.php, /index.php3, /index.jhtml
+ /help/: Help directory should not be accessible
+ /blah_badfile.shtml: Allaire ColdFusion allows JSP source viewed through a vulnerable SSI call.
+ /view_source.jsp: Resin 2.1.2 view_source.jsp allows any file on the system to be viewed by using \..\ directory traversal. This script may be vulnerable.
+ /shopa_sessionlist.asp: VP-ASP shopping cart test application is available from the web. This page may give the location of .mdb files which may also be available.
+ /ws_ftp.ini: Can contain saved passwords for FTP sites
+ /WS_FTP.ini: Can contain saved passwords for FTP sites
+ OSVDB-6196: /servlets/SchedulerTransfer: PeopleSoft SchedulerTransfer servlet found, which may allow remote command execution. See http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21999
+ /_cti_pvt/: FrontPage directory found.
+ /smg_Smxcfg30.exe?vcc=3560121183d3: This may be a Trend Micro Officescan 'backdoor'.
+ /mail.box: The mail database can be read without authentication.
+ OSVDB-2946: /forum_members.asp?find=%22;}alert(9823);function%20x(){v%20=%22: Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-113: /ncl_items.html: This may allow attackers to reconfigure your Tektronix printer.
+ OSVDB-551: /ncl_items.shtml?SUBJECT=1: This may allow attackers to reconfigure your Tektronix printer.
+ OSVDB-3092: /_vti_txt/: FrontPage directory found.
+ OSVDB-1210: /scripts/samples/search/qfullhit.htw: Server may be vulnerable to a Webhits.dll arbitrary file retrieval. http://www.microsoft.com/technet/security/bulletin/MS00-006.asp.
+ OSVDB-1210: /scripts/samples/search/qsumrhit.htw: Server may be vulnerable to a Webhits.dll arbitrary file retrieval. http://www.microsoft.com/technet/security/bulletin/MS00-006.asp.
+ OSVDB-1210: /sD7lw.htw: Server may be vulnerable to a Webhits.dll arbitrary file retrieval. Ensure Q252463i, Q252463a or Q251170 is installed. http://www.microsoft.com/technet/security/bulletin/MS00-006.asp.
+ OSVDB-13405: /WS_FTP.LOG: WS_FTP.LOG file was found. It may contain sensitive information.
+ OSVDB-10944: /cgi-sys/: CGI Directory found
+ OSVDB-10944: /htbin/: CGI Directory found
+ OSVDB-8193: /index.php?module=ew_filemanager&type=admin&func=manager&pathext=../../../etc: EW FileManager for PostNuke allows arbitrary file retrieval.
+ OSVDB-3092: /.psql_history: This might be interesting...
+ OSVDB-3092: /access-log: This might be interesting...
+ OSVDB-3092: /access.log: This might be interesting...
+ OSVDB-3092: /access_log: This might be interesting...
+ OSVDB-3092: /Admin_files/: This might be interesting...
+ OSVDB-3092: /ccard/: This might be interesting...
+ OSVDB-3092: /dan_o.dat: This might be interesting...
+ OSVDB-3092: /error_log: This might be interesting...
+ OSVDB-3092: /fpadmin/: This might be interesting...
+ OSVDB-3092: /hit_tracker/: This might be interesting...
+ OSVDB-3092: /htpasswd: This might be interesting...
+ OSVDB-3092: /imagenes/: This might be interesting...
+ OSVDB-3092: /informacion/: This might be interesting...
+ OSVDB-3092: /login/: This might be interesting...
+ OSVDB-3092: /noticias/: This might be interesting...
+ OSVDB-3092: /outgoing/: This might be interesting...
+ OSVDB-3092: /PDG_Cart/: This might be interesting...
+ OSVDB-3092: /php/: This might be interesting...
+ OSVDB-3092: /prueba/: This might be interesting...
+ OSVDB-3092: /retail/: This might be interesting...
+ OSVDB-3092: /shopper/: This might be interesting...
+ OSVDB-3092: /ss.cfg: This might be interesting...
+ OSVDB-3092: /stylesheet/: This might be interesting...
+ OSVDB-3092: /stylesheets/: This might be interesting...
+ OSVDB-3092: /system/: This might be interesting...
+ OSVDB-3092: /template/: This may be interesting as the directory may hold sensitive files or reveal system information.
+ OSVDB-3092: /testing/: This might be interesting...
+ OSVDB-3092: /updates/: This might be interesting...
+ OSVDB-3092: /webadmin/: This might be interesting...may be HostingController, www.hostingcontroller.com
+ OSVDB-3092: /weblogs/: This might be interesting...
+ OSVDB-3092: /webmaster_logs/: This might be interesting...
+ OSVDB-3092: /Web_store/: This might be interesting...
+ OSVDB-3092: /sam._: This might be interesting...
+ OSVDB-3092: /_mem_bin/: This might be interesting - User Login
+ OSVDB-3092: /owa_util%2esignature: Unknown, may be interesting
+ OSVDB-3092: /a_domlog.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: /dols_help.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: /help5_admin.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: /help5_client.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: /help5_designer.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: /l_domlog.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3093: /add_acl: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: /aff_news.php: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: /archive_forum.asp: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: /bigsam_guestbook.php?displayBegin=9999...9999: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: /checkout_payment.php: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: /docs/NED: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: /do_map: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: /do_subscribe: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: /emml_email_func.php: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: /forum_arc.asp?n=268: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: /forum_professionnel.asp?n=100: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-10447: /get_od_toc.pl?Profile=: WebTrends get_od_toc.pl may be vulnerable to a path disclosure error if this file is reloaded multiple times.
+ OSVDB-3093: /ixmail_netattach.php: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: /netget?sid=Safety&msg=2002&file=Safety: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: /parse_xml.cgi: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: /product_info.php: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: /protected/: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: /pt_config.inc: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: /site_searcher.cgi: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: /x_stat_admin.php: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: /_head.php: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: /.www_acl: Contains authorization information
+ OSVDB-3093: /.addressbook: PINE addressbook, may store sensitive e-mail address contact information and notes
+ OSVDB-3093: /.bash_history: A user's home directory may be set to the web root, the shell history was retrieved. This should not be accessible via the web.
+ OSVDB-3093: /.lynx_cookies: User home dir found with LYNX cookie file. May reveal cookies received from arbitrary web sites.
+ OSVDB-3093: /.mysql_history: Database SQL?
+ OSVDB-3093: /.sh_history: A user's home directory may be set to the web root, the shell history was retrieved. This should not be accessible via the web.
+ OSVDB-3233: /_private/: FrontPage directory found.
+ OSVDB-3233: /_vti_bin/: FrontPage directory found.
+ OSVDB-3233: /npn_admn.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: /npn_rn.nsf: This documentation database can be read without authentication. All default files should be removed.
+ OSVDB-3233: /netbasic/websinfo.bas: Novell Netware 5.1 contains Novonyx default files which reveal system information. All default files should be removed.
+ OSVDB-5092: /config.inc: DotBr 0.1 configuration file includes usernames and passwords.
+ OSVDB-9624: /pass_done.php: PY-Membres 4.2 may allow users to execute a query which generates a list of usernames and passwords.
+ OSVDB-3233: /ptg_upgrade_pkg.log: Oracle log files.
+ OSVDB-3233: /OA_JAVA/: Oracle Applications Portal Page
+ OSVDB-3233: /OA_HTML/: Oracle Applications Portal Page
+ OSVDB-3093: /OA_MEDIA/: Oracle Applications portal pages found.
+ OSVDB-3092: /_archive/: Archive found.
+ OSVDB-3092: /aw/: This might be interesting... potential country code (Aruba)
+ OSVDB-3092: /dj/: This might be interesting... potential country code (Djibouti)
+ OSVDB-3092: /jo/: This might be interesting... potential country code (Jordan)
+ OSVDB-3092: /mr/: This might be interesting... potential country code (Mauritania)
+ OSVDB-3092: /pr/: This might be interesting... potential country code (Puerto Rico)
+ OSVDB-3092: /tr/: This might be interesting... potential country code (Turkey)
+ Uncommon header 'x-fb-content-md5' found, with contents: 54f712f0e6a28e86b7331132add99723
+ /wp-app.log: Wordpress' wp-app.log may leak application/system details.
+ /admin4_account/: Admin login page/section found.
+ /admin4_colon/: Admin login page/section found.
+ /adminpro/: Admin login page/section found.
+ /AdminTools/: Admin login page/section found.
+ /cp.asp: Admin login page/section found.
+ /cpanel_file/: Admin login page/section found.
+ /customer_login/: Admin login page/section found.
+ /database_administration/: Admin login page/section found.
+ /Database_Administration/: Admin login page/section found.
+ /globes_admin/: Admin login page/section found.
+ /Indy_admin/: Admin login page/section found.
+ /LiveUser_Admin/: Admin login page/section found.
+ /login_db/: Admin login page/section found.
+ /login.php: Admin login page/section found.
+ /logo_sysadmin/: Admin login page/section found.
+ /Lotus_Domino_Admin/: Admin login page/section found.
+ /macadmin/: Admin login page/section found.
+ /meta_login/: Admin login page/section found.
+ /platz_login/: Admin login page/section found.
+ /power_user/: Admin login page/section found.
+ /server_admin_small/: Admin login page/section found.
+ /ss_vms_admin_sm/: Admin login page/section found.
+ /support_login/: Admin login page/section found.
+ /system_administration/: Admin login page/section found.
+ /utility_login/: Admin login page/section found.
+ OSVDB-3092: /test.jsp: This might be interesting...
+ OSVDB-3092: /docnpn_admn.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: /docnpn_rn.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: /helpnpn_admn.nsf: This database can be read without authentication, which may reveal sensitive information.
+ OSVDB-3092: /helpnpn_rn.nsf: This database can be read without authentication, which may reveal sensitive information.
+ /wp-content/plugins/portable-phpmyadmin/wp-pma-mod/db_sql.php: phpMyAdmin (portable) found which may allow DB access.
+ /fantastico_fileslist.txt: fantastico_fileslist.txt file found. This file contains a list of all the files from the current directory.
+ /system/console: OSGi Apache Felix console
+ Uncommon header 'x-fb-serverinfo' found, with contents: 6176,0,C3,100,10000
+ Uncommon header 'x-fb-svn-revision' found, with contents: 4844449
+ /id_rsa: Encryption key exposed
+ /id_rsa.old: Encryption key exposed
+ /id_dsa: Encryption key exposed
+ /id_dsa.old: Encryption key exposed
+ /encrypt: This might be interesting...
+ /server-manager/: Mitel Audio and Web Conferencing server manager identified.
+ 15058 requests: 0 error(s) and 313 item(s) reported on remote host


Reference: http://cve.mitre.org/data/refs/refmap/source-OSVDB.html
Download:

понеделник, 25 февруари 2019 г.