Pastebin launched a little side project called HostCabi.net, check it out ;-)Don't like ads? PRO users don't see any ads ;-)
Public Pastes

Petsex.com FULL SCAN. #OpOutrageBeastiality

By: Forever_way on Sep 24th, 2012  |  syntax: None  |  size: 96.28 KB  |  hits: 2,324  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. Greetings!
  2.  
  3. In the following list below, I did a scan on Petsex.com. I believe it has found MANY vulnerabilities, but that's for you to decide. The network is protected by cloudflare, so it seems it won't let me see a file I have been going to, but it really displays it. I also included the reverse IP check and Whois info.
  4.  
  5. Scan:
  6.  
  7.  
  8. ---------------------------------------------------------------------------
  9. + Target IP:          173.245.61.114
  10. + Target Hostname:    cf-173-245-61-114.cloudflare.com
  11. + Target Port:        80
  12. + Start Time:         2012-09-25 17:30:11
  13. ---------------------------------------------------------------------------
  14. + Server: cloudflare-nginx
  15. + No CGI Directories found (use '-C all' to force check all possible dirs)
  16. + robots.txt retrieved but it does not contain any 'disallow' entries (which is odd).
  17.  
  18.  
  19. + /kboard/: KBoard Forum 0.3.0 and prior have a security problem in forum_edit_post.php, forum_post.php and forum_reply.php
  20. + /lists/admin/: PHPList pre 2.6.4 contains a number of vulnerabilities including remote administrative access, harvesting user info and more. Default login to admin interface is admin/phplist
  21. + /splashAdmin.php: Cobalt Qube 3 admin is running. This may have multiple security problems as described by www.scan-associates.net. These could not be tested remotely.
  22. + /ssdefs/: Siteseed pre 1.4.2 has 'major' security problems.
  23. + /sshome/: Siteseed pre 1.4.2 has 'major' security problems.
  24. + /tiki/: Tiki 1.7.2 and previous allowed restricted Wiki pages to be viewed via a 'URL trick'. Default login/pass could be admin/admin
  25. + /tiki/tiki-install.php: Tiki 1.7.2 and previous allowed restricted Wiki pages to be viewed via a 'URL trick'. Default login/pass could be admin/admin
  26. + /scripts/samples/details.idc: See RFP 9901; www.wiretrip.net
  27. + OSVDB-396: /_vti_bin/shtml.exe: Attackers may be able to crash FrontPage by requesting a DOS device, like shtml.exe/aux.htm -- a DoS was not attempted.
  28. + OSVDB-637: /~root/: Allowed to browse root's home directory.
  29. + /cgi-bin/wrap: comes with IRIX 6.2; allows to view directories
  30. + /forums//admin/config.php: PHP Config file may contain database IDs and passwords.
  31. + /forums//adm/config.php: PHP Config file may contain database IDs and passwords.
  32. + /forums//administrator/config.php: PHP Config file may contain database IDs and passwords.
  33. + /forums/config.php: PHP Config file may contain database IDs and passwords.
  34. + /guestbook/guestbookdat: PHP-Gastebuch 1.60 Beta reveals sensitive information about its configuration.
  35. + /guestbook/pwd: PHP-Gastebuch 1.60 Beta reveals the md5 hash of the admin password.
  36. + /help/: Help directory should not be accessible
  37. + OSVDB-2411: /hola/admin/cms/htmltags.php?datei=./sec/data.php: hola-cms-1.2.9-10 may reveal the administrator ID and password.
  38. + OSVDB-8103: /global.inc: PHP-Survey's include file should not be available via the web. Configure the web server to ignore .inc files or change this to global.inc.php
  39. + OSVDB-59620: /inc/common.load.php: Bookmark4U v1.8.3 include files are not protected and may contain remote source injection by using the 'prefix' variable.
  40. + OSVDB-59619: /inc/config.php: Bookmark4U v1.8.3 include files are not protected and may contain remote source injection by using the 'prefix' variable.
  41. + OSVDB-59618: /inc/dbase.php: Bookmark4U v1.8.3 include files are not protected and may contain remote source injection by using the 'prefix' variable.
  42. + OSVDB-2703: /geeklog/users.php: Geeklog prior to 1.3.8-1sr2 contains a SQL injection vulnerability that lets a remote attacker reset admin password.
  43. + OSVDB-8204: /gb/index.php?login=true: gBook may allow admin login by setting the value 'login' equal to 'true'.
  44. + /guestbook/admin.php: Guestbook admin page available without authentication.
  45. + /getaccess: This may be an indication that the server is running getAccess for SSO
  46. + /cfdocs/expeval/openfile.cfm: Can use to expose the system/server path.
  47. + /tsweb/: Microsoft TSAC found. http://www.dslwebserver.com/main/fr_index.html?/main/sbs-Terminal-Services-Advanced-Client-Configuration.html
  48. + /vgn/performance/TMT: Vignette CMS admin/maintenance script available.
  49. + /vgn/performance/TMT/Report: Vignette CMS admin/maintenance script available.
  50. + /vgn/performance/TMT/Report/XML: Vignette CMS admin/maintenance script available.
  51. + /vgn/performance/TMT/reset: Vignette CMS admin/maintenance script available.
  52. + /vgn/ppstats: Vignette CMS admin/maintenance script available.
  53. + /vgn/previewer: Vignette CMS admin/maintenance script available.
  54. + /vgn/record/previewer: Vignette CMS admin/maintenance script available.
  55. + /vgn/stylepreviewer: Vignette CMS admin/maintenance script available.
  56. + /vgn/vr/Deleting: Vignette CMS admin/maintenance script available.
  57. + /vgn/vr/Editing: Vignette CMS admin/maintenance script available.
  58. + /vgn/vr/Saving: Vignette CMS admin/maintenance script available.
  59. + /vgn/vr/Select: Vignette CMS admin/maintenance script available.
  60. + /scripts/iisadmin/bdir.htr: This default script shows host info, may allow file browsing and buffer a overrun in the Chunked Encoding data transfer mechanism, request /scripts/iisadmin/bdir.htr??c:\<dirs> . http://www.microsoft.com/technet/security/bulletin/MS02-028.asp. http://www.cert.org/advisories/CA-2002-09.html.
  61. + /scripts/iisadmin/ism.dll: Allows you to mount a brute force attack on passwords
  62. + /scripts/tools/ctss.idc: This CGI allows remote users to view and modify SQL DB contents, server paths, docroot and more.
  63. + /bigconf.cgi: BigIP Configuration CGI
  64. + /blah_badfile.shtml: Allaire ColdFusion allows JSP source viewed through a vulnerable SSI call.
  65. + OSVDB-4910: /vgn/style: Vignette server may reveal system information through this file.
  66. + OSVDB-17653: /SiteServer/Admin/commerce/foundation/domain.asp: Displays known domains of which that server is involved.
  67. + OSVDB-17654: /SiteServer/Admin/commerce/foundation/driver.asp: Displays a list of installed ODBC drivers.
  68. + OSVDB-17655: /SiteServer/Admin/commerce/foundation/DSN.asp: Displays all DSNs configured for selected ODBC drivers.
  69. + OSVDB-17652: /SiteServer/admin/findvserver.asp: Gives a list of installed Site Server components.
  70. + /SiteServer/Admin/knowledge/dsmgr/default.asp: Used to view current search catalog configurations
  71. + /basilix/mbox-list.php3: BasiliX webmail application prior to 1.1.1 contains a XSS issue in 'message list' function/page
  72. + /basilix/message-read.php3: BasiliX webmail application prior to 1.1.1 contains a XSS issue in 'read message' function/page
  73. + /clusterframe.jsp: Macromedia JRun 4 build 61650 remote administration interface is vulnerable to several XSS attacks.
  74. + /IlohaMail/blank.html: IlohaMail 0.8.10 contains a XSS vulnerability. Previous versions contain other non-descript vulnerabilities.
  75. + /bb-dnbd/faxsurvey: This may allow arbitrary command execution.
  76. + /cartcart.cgi: If this is Dansie Shopping Cart 3.0.8 or earlier, it contains a backdoor to allow attackers to execute arbitrary commands.
  77. + OSVDB-6591: /scripts/Carello/Carello.dll: Carello 1.3 may allow commands to be executed on the server by replacing hidden form elements. This could not be tested by Nikto.
  78. + /scripts/tools/dsnform.exe: Allows creation of ODBC Data Source
  79. + /scripts/tools/dsnform: Allows creation of ODBC Data Source
  80. + OSVDB-17656: /SiteServer/Admin/knowledge/dsmgr/users/GroupManager.asp: Used to create, modify, and potentially delete LDAP users and groups.
  81. + OSVDB-17657: /SiteServer/Admin/knowledge/dsmgr/users/UserManager.asp: Used to create, modify, and potentially delete LDAP users and groups.
  82. + /prd.i/pgen/: Has MS Merchant Server 1.0
  83. + /readme.eml: Remote server may be infected with the Nimda virus.
  84. + /scripts/httpodbc.dll: Possible IIS backdoor found.
  85. + /scripts/proxy/w3proxy.dll: MSProxy v1.0 installed
  86. + /SiteServer/admin/: Site Server components admin. Default account may be 'LDAP_Anonymous', pass is 'LdapPassword_1'. see http://www.wiretrip.net/rfp/p/doc.asp/i1/d69.htm
  87. + /siteseed/: Siteseed pre 1.4.2 has 'major' security problems.
  88. + /pccsmysqladm/incs/dbconnect.inc: This file should not be accessible, as it contains database connectivity information. Upgrade to version 1.2.5 or higher.
  89. + /iisadmin/: Access to /iisadmin should be restricted to localhost or allowed hosts only.
  90. + /PDG_Cart/oder.log: Shopping cart software log
  91. + /ows/restricted%2eshow: OWS may allow restricted files to be viewed by replacing a character with its encoded equivalent.
  92. + /WEB-INF./web.xml: Multiple implementations of j2ee servlet containers allow files to be retrieved from WEB-INF by appending a '.' to the directory name. Products include Sybase EA Service, Oracle Containers, Orion, JRun, HPAS, Pramati and others. See http://www.westpoint.l
  93. + /view_source.jsp: Resin 2.1.2 view_source.jsp allows any file on the system to be viewed by using \..\ directory traversal. This script may be vulnerable.
  94. + /w-agora/: w-agora pre 4.1.4 may allow a remote user to execute arbitrary PHP scripts via URL includes in include/*.php and user/*.php files. Default account is 'admin' but password set during install.
  95. + OSVDB-42680: /vider.php3: MySimpleNews may allow deleting of news items without authentication.
  96. + OSVDB-6181: /officescan/cgi/cgiChkMasterPwd.exe: Trend Micro Officescan allows you to skip the login page and access some CGI programs directly.
  97. + /pbserver/pbserver.dll: This may contain a buffer overflow. http://www.microsoft.com/technet/security/bulletin/http://www.microsoft.com/technet/security/bulletin/ms00-094.asp.asp
  98. + /administrator/gallery/uploadimage.php: Mambo PHP Portal/Server 4.0.12 BETA and below may allow upload of any file type simply putting '.jpg' before the real file extension.
  99. + /pafiledb/includes/team/file.php: paFileDB 3.1 and below may allow file upload without authentication.
  100. + /phpEventCalendar/file_upload.php: phpEventCalendar 1.1 and prior are vulnerable to file upload bug.
  101. + /servlet/com.unify.servletexec.UploadServlet: This servlet allows attackers to upload files to the server.
  102. + /scripts/cpshost.dll: Posting acceptor possibly allows you to upload files
  103. + /upload.asp: An ASP page that allows attackers to upload files to server
  104. + /uploadn.asp: An ASP page that allows attackers to upload files to server
  105. + /uploadx.asp: An ASP page that allows attackers to upload files to server
  106. + /wa.exe: An ASP page that allows attackers to upload files to server
  107. + /basilix/compose-attach.php3: BasiliX webmail application prior to 1.1.1 contains a non-descript security vulnerability in compose-attach.php3 related to attachment uploads
  108. + /server/: If port 8000, Macromedia JRun 4 build 61650 remote administration interface is vulnerable to several XSS attacks.
  109. + /vgn/ac/data: Vignette CMS admin/maintenance script available.
  110. + /vgn/ac/delete: Vignette CMS admin/maintenance script available.
  111. + /vgn/ac/edit: Vignette CMS admin/maintenance script available.
  112. + /vgn/ac/esave: Vignette CMS admin/maintenance script available.
  113. + /vgn/ac/fsave: Vignette CMS admin/maintenance script available.
  114. + /vgn/ac/index: Vignette CMS admin/maintenance script available.
  115. + /vgn/asp/MetaDataUpdate: Vignette CMS admin/maintenance script available.
  116. + /vgn/asp/previewer: Vignette CMS admin/maintenance script available.
  117. + /vgn/asp/status: Vignette CMS admin/maintenance script available.
  118. + /vgn/asp/style: Vignette CMS admin/maintenance script available.
  119. + /vgn/errors: Vignette CMS admin/maintenance script available.
  120. + /vgn/jsp/controller: Vignette CMS admin/maintenance script available.
  121. + /vgn/jsp/errorpage: Vignette CMS admin/maintenance script available.
  122. + /vgn/jsp/initialize: Vignette CMS admin/maintenance script available.
  123. + /vgn/jsp/jspstatus: Vignette CMS admin/maintenance script available.
  124. + /vgn/jsp/jspstatus56: Vignette CMS admin/maintenance script available.
  125. + /vgn/jsp/metadataupdate: Vignette CMS admin/maintenance script available.
  126. + /vgn/jsp/previewer: Vignette CMS admin/maintenance script available.
  127. + /vgn/jsp/style: Vignette CMS admin/maintenance script available.
  128. + /vgn/legacy/edit: Vignette CMS admin/maintenance script available.
  129. + /vgn/login: Vignette server may allow user enumeration based on the login attempts to this file.
  130. + OSVDB-35707: /forum/admin/wwforum.mdb: Web Wiz Forums password database found.
  131. + /fpdb/shop.mdb: MetaCart2 is an ASP shopping cart. The database of customers is available via the web.
  132. + OSVDB-52975: /guestbook/admin/o12guest.mdb: Ocean12 ASP Guestbook Manager allows download of SQL database which contains admin password.
  133. + OSVDB-15971: /midicart.mdb: MIDICART database is available for browsing. This should not be allowed via the web server.
  134. + OSVDB-15971: /MIDICART/midicart.mdb: MIDICART database is available for browsing. This should not be allowed via the web server.
  135. + OSVDB-41850: /mpcsoftweb_guestbook/database/mpcsoftweb_guestdata.mdb: MPCSoftWeb Guest Book passwords retrieved.
  136. + /news/news.mdb: Web Wiz Site News release v3.06 admin password database is available and unencrypted.
  137. + OSVDB-53413: /shopping300.mdb: VP-ASP shopping cart application allows .mdb files (which may include customer data) to be downloaded via the web. These should not be available.
  138. + OSVDB-53413: /shopping400.mdb: VP-ASP shopping cart application allows .mdb files (which may include customer data) to be downloaded via the web. These should not be available.
  139. + OSVDB-15971: /shoppingdirectory/midicart.mdb: MIDICART database is available for browsing. This should not be allowed via the web server.
  140. + OSVDB-4398: /database/db2000.mdb: Max Web Portal database is available remotely. It should be moved from the default location to a directory outside the web root.
  141. + /admin/config.php: PHP Config file may contain database IDs and passwords.
  142. + /adm/config.php: PHP Config file may contain database IDs and passwords.
  143. + /administrator/config.php: PHP Config file may contain database IDs and passwords.
  144. + /contents.php?new_language=elvish&mode=select: Requesting a file with an invalid language selection from DC Portal may reveal the system path.
  145. + OSVDB-6467: /pw/storemgr.pw: Encrypted ID/Pass for Mercantec's SoftCart, http://www.mercantec.com/, see http://www.mindsec.com/advisories/post2.txt for more information.
  146. + /servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter: Allaire ColdFusion allows JSP source viewed through a vulnerable SSI call.
  147. + /shopa_sessionlist.asp: VP-ASP shopping cart test application is available from the web. This page may give the location of .mdb files which may also be available.
  148. + OSVDB-53303: /simplebbs/users/users.php: Simple BBS 1.0.6 allows user information and passwords to be viewed remotely.
  149. + /typo3conf/: This may contain sensitive Typo3 files.
  150. + /typo3conf/database.sql: Typo3 SQL file found.
  151. + /typo3conf/localconf.php: Typo3 config file found.
  152. + OSVDB-53386: /vchat/msg.txt: VChat allows user information to be retrieved.
  153. + OSVDB-4907: /vgn/license: Vignette server license file found.
  154. + /webcart-lite/config/import.txt: This may allow attackers to read credit card data. Reconfigure to make this file not accessible via the web.
  155. + /webcart-lite/orders/import.txt: This may allow attackers to read credit card data. Reconfigure to make this file not accessible via the web.
  156. + /webcart/carts/: This may allow attackers to read credit card data. Reconfigure to make this dir not accessible via the web.
  157. + /webcart/config/: This may allow attackers to read credit card data. Reconfigure to make this dir not accessible via the web.
  158. + /webcart/config/clients.txt: This may allow attackers to read credit card data. Reconfigure to make this file not accessible via the web.
  159. + /webcart/orders/: This may allow attackers to read credit card data. Reconfigure to make this dir not accessible via the web.
  160. + /webcart/orders/import.txt: This may allow attackers to read credit card data. Reconfigure to make this file not accessible via the web.
  161. + /ws_ftp.ini: Can contain saved passwords for FTP sites
  162. + /WS_FTP.ini: Can contain saved passwords for FTP sites
  163. + /_mem_bin/auoconfig.asp: Displays the default AUO (LDAP) schema, including host and port.
  164. + OSVDB-17659: /SiteServer/Admin/knowledge/persmbr/vs.asp: Expose various LDAP service and backend configuration parameters
  165. + OSVDB-17661: /SiteServer/Admin/knowledge/persmbr/VsLsLpRd.asp: Expose various LDAP service and backend configuration parameters
  166. + OSVDB-17662: /SiteServer/Admin/knowledge/persmbr/VsPrAuoEd.asp: Expose various LDAP service and backend configuration parameters
  167. + OSVDB-17660: /SiteServer/Admin/knowledge/persmbr/VsTmPr.asp: Expose various LDAP service and backend configuration parameters
  168. + /tvcs/getservers.exe?action=selects1: Following steps 2-4 of this page may reveal a zip file that contains passwords and system details.
  169. + /whatever.htr: May reveal physical path. htr files may also be vulnerable to an off-by-one overflow that allows remote command execution (see http://www.microsoft.com/technet/security/bulletin/MS02-018.asp)
  170. + /nsn/fdir.bas:ShowVolume: You can use ShowVolume and ShowDirectory directly on the Novell server (NW5.1) to view the filesystem without having to log in
  171. + /nsn/fdir.bas: You can use fdir to ShowVolume and ShowDirectory.
  172. + /forum/admin/database/wwForum.mdb: Web Wiz Forums pre 7.5 is vulnerable to Cross-Site Scripting attacks. Default login/pass is Administrator/letmein
  173. + /webmail/blank.html: IlohaMail 0.8.10 contains an XSS vulnerability. Previous versions contain other non-descript vulnerabilities.
  174. + /jamdb/: JamDB pre 0.9.2 mp3.php and image.php can allow user to read arbitrary file out of docroot.
  175. + OSVDB-1201: /cgi/cgiproc?: It may be possible to crash Nortel Contivity VxWorks by requesting '/cgi/cgiproc?$' (not attempted!). Upgrade to version 2.60 or later.
  176. + OSVDB-6196: /servlet/SchedulerTransfer: PeopleSoft SchedulerTransfer servlet found, which may allow remote command execution. See http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21999
  177. + /servlet/sunexamples.BBoardServlet: This default servlet lets attackers execute arbitrary commands.
  178. + OSVDB-6196: /servlets/SchedulerTransfer: PeopleSoft SchedulerTransfer servlet found, which may allow remote command execution. See http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21999
  179. + /perl/-e%20print%20Hello: The Perl interpreter on the Novell system may allow any command to be executed. See http://www.securityfocus.com/bid/5520. Installing Perl 5.6 might fix this issue.
  180. + /vgn/legacy/save: Vignette Legacy Tool may be unprotected. To access this resource, set a cookie called 'vgn_creds' with any value.
  181. + /IDSWebApp/IDSjsp/Login.jsp: Tivoli Directory Server Web Administration.
  182. + OSVDB-6466: /quikstore.cfg: Shopping cart config file, http://www.quikstore.com/, http://www.mindsec.com/advisories/post2.txt
  183. + /quikstore.cgi: A shopping cart.
  184. + /securecontrolpanel/: Web Server Control Panel
  185. + /siteminder: This may be an indication that the server is running Siteminder for SSO
  186. + /webmail/: Web based mail package installed.
  187. + /_cti_pvt/: FrontPage directory found.
  188. + /smg_Smxcfg30.exe?vcc=3560121183d3: This may be a Trend Micro Officescan 'backdoor'.
  189. + /nsn/..%5Cutil/attrib.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  190. + /nsn/..%5Cutil/chkvol.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  191. + /nsn/..%5Cutil/copy.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  192. + /nsn/..%5Cutil/del.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  193. + /nsn/..%5Cutil/dir.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  194. + /nsn/..%5Cutil/dsbrowse.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  195. + /nsn/..%5Cutil/glist.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  196. + /nsn/..%5Cutil/lancard.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  197. + /nsn/..%5Cutil/md.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  198. + /nsn/..%5Cutil/rd.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  199. + /nsn/..%5Cutil/ren.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  200. + /nsn/..%5Cutil/send.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  201. + /nsn/..%5Cutil/set.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  202. + /nsn/..%5Cutil/slist.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  203. + /nsn/..%5Cutil/type.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  204. + /nsn/..%5Cutil/userlist.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  205. + /nsn/..%5Cweb/env.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  206. + /nsn/..%5Cweb/fdir.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  207. + /nsn/..%5Cwebdemo/env.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  208. + /nsn/..%5Cwebdemo/fdir.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server
  209. + /upd/: WASD Server can allow directory listings by requesting /upd/directory/. Upgrade to a later version and secure according to the documents on the WASD web site.
  210. + /CVS/Entries: CVS Entries file may contain directory listing information.
  211. + OSVDB-8450: /phpmyadmin/db_details_importdocsql.php?submit_show=true&do=import&docpath=../: phpMyAdmin allows directory listings remotely. Upgrade to version 2.5.3 or higher. http://www.securityfocus.com/bid/7963.
  212. + OSVDB-8450: /db_details_importdocsql.php?submit_show=true&do=import&docpath=../: phpMyAdmin allows directory listings remotely. Upgrade to version 2.5.3 or higher. http://www.securityfocus.com/bid/7963.
  213. + OSVDB-8450: /3rdparty/phpMyAdmin/db_details_importdocsql.php?submit_show=true&do=import&docpath=../: phpMyAdmin allows directory listings remotely. Upgrade to version 2.5.3 or higher. http://www.securityfocus.com/bid/7963.
  214. + OSVDB-8450: /phpMyAdmin/db_details_importdocsql.php?submit_show=true&do=import&docpath=../: phpMyAdmin allows directory listings remotely. Upgrade to version 2.5.3 or higher. http://www.securityfocus.com/bid/7963.
  215. + OSVDB-8450: /3rdparty/phpmyadmin/db_details_importdocsql.php?submit_show=true&do=import&docpath=../: phpMyAdmin allows directory listings remotely. Upgrade to version 2.5.3 or higher. http://www.securityfocus.com/bid/7963.
  216. + OSVDB-8450: /phpmyadmindb_details_importdocsql.php?submit_show=true&do=import&docpath=../: phpMyAdmin allows directory listings remotely. Upgrade to version 2.5.3 or higher. http://www.securityfocus.com/bid/7963.
  217. + OSVDB-8450: /pmadb_details_importdocsql.php?submit_show=true&do=import&docpath=../: phpMyAdmin allows directory listings remotely. Upgrade to version 2.5.3 or higher. http://www.securityfocus.com/bid/7963.
  218. + /catalog.nsf: A list of server databases can be retrieved, as well as a list of ACLs.
  219. + /cersvr.nsf: Server certificate data can be accessed remotely.
  220. + /domlog.nsf: The domain server logs can be accessed remotely.
  221. + /events4.nsf: The events log can be accessed remotely.
  222. + /log.nsf: The server log is remotely accessible.
  223. + /names.nsf: User names and groups can be accessed remotely (possibly password hashes as well)
  224. + OSVDB-31150: /LOGIN.PWD: MIPCD password file (passwords are not encrypted). MIPDCD should not have the web interface enabled.
  225. + OSVDB-31150: /USER/CONFIG.AP: MIPCD configuration information. MIPCD should not have the web interface enabled.
  226. + /admin-serv/config/admpw: This file contains the encrypted Netscape admin password. It should not be accessible via the web.
  227. + /cgi-bin/cgi_process: WASD reveals a lot of system information in this script. It should be removed.
  228. + /ht_root/wwwroot/-/local/httpd$map.conf: WASD reveals the http configuration file. Upgrade to a later version and secure according to the documents on the WASD web site.
  229. + /local/httpd$map.conf: WASD reveals the http configuration file. Upgrade to a later version and secure according to the documents on the WASD web site.
  230. + /tree: WASD Server reveals the entire web root structure and files via this URL. Upgrade to a later version and secure according to the documents on the WASD web site.
  231. + /852566C90012664F: This database can be read using the replica ID without authentication.
  232. + /hidden.nsf: This database can be read without authentication. Common database name.
  233. + /mail.box: The mail database can be read without authentication.
  234. + /setup.nsf: The server can be configured remotely, or current setup can be downloaded.
  235. + /statrep.nsf: Any reports generated by the admins can be retrieved.
  236. + /webadmin.nsf: The server admin database can be accessed remotely.
  237. + /examples/servlet/AUX: Apache Tomcat versions below 4.1 may be vulnerable to DoS by repeatedly requesting this file.
  238. + /Config1.htm: This may be a D-Link. Some devices have a DoS condition if an oversized POST request is sent. This DoS was not tested. See http://www.phenoelit.de/stuff/dp-300.txt for info.
  239. + /contents/extensions/asp/1: The IIS system may be vulnerable to a DOS, see http://www.microsoft.com/technet/security/bulletin/MS02-018.asp for details.
  240. + /WebAdmin.dll?View=Logon: Some versions of WebAdmin are vulnerable to a remote DoS (not tested). See http://www.ngssoftware.com.
  241. + /cgi-win/cgitest.exe: This CGI may allow the server to be crashed remotely, see http://www.securityoffice.net/ for details.  Remove this default CGI.
  242. + /cgi-shl/win-c-sample.exe: win-c-sample.exe has a buffer overflow
  243. + /.nsf/../winnt/win.ini: This win.ini file can be downloaded.
  244. + /................../config.sys: PWS allows files to be read by prepending multiple '.' characters.  At worst, IIS, not PWS, should be used.
  245. + ///etc/hosts: The server install allows reading of any system file by adding an extra '/' to the URL.
  246. + /contents/extensions/asp/1: The IIS system may be vulnerable to a DOS, see http://www.microsoft.com/technet/security/bulletin/MS02-018.asp for details.
  247. + /WebAdmin.dll?View=Logon: Some versions of WebAdmin are vulnerable to a remote DoS (not tested). See http://www.ngssoftware.com.
  248. + /cgi-win/cgitest.exe: This CGI may allow the server to be crashed remotely, see http://www.securityoffice.net/ for details.  Remove this default CGI.
  249. + /cgi-shl/win-c-sample.exe: win-c-sample.exe has a buffer overflow
  250. + /.nsf/../winnt/win.ini: This win.ini file can be downloaded.
  251. + /................../config.sys: PWS allows files to be read by prepending multiple '.' characters.  At worst, IIS, not PWS, should be used.
  252. + ///etc/hosts: The server install allows reading of any system file by adding an extra '/' to the URL.
  253. + /nph-showlogs.pl?files=../../../../../../../../etc/&filter=.*&submit=Go&linecnt=500&refresh=0: nCUBE Server Manage 1.0 allows directory listings of any location on the remote system.
  254. + OSVDB-2829: /phpwebfilemgr/index.php?f=../../../../../../../../../etc: phpWebFileManager v2.0.0 and prior are vulnerable to a directory traversal bug.
  255. + /..\..\..\..\..\..\temp\temp.class: Cisco ACS 2.6.x and 3.0.1 (build 40) allows authenticated remote users to retrieve any file from the system. Upgrade to the latest version.
  256. + OSVDB-728: /admentor/adminadmin.asp: Version 2.11 of AdMentor is vulnerable to SQL injection during login, in the style of: ' or =
  257. + OSVDB-10107: /author.asp: May be FactoSystem CMS, which could include SQL injection problems that could not be tested remotely.
  258. + OSVDB-2767: /openautoclassifieds/friendmail.php?listing=<script>alert(document.domain);</script>: OpenAutoClassifieds 1.0 is vulnerable to a XSS attack
  259. + /modules.php?letter=%22%3E%3Cimg%20src=javascript:alert(document.cookie);%3E&op=modload&name=Members_List&file=index: Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
  260. + OSVDB-4015: /jigsaw/: Jigsaw server may be installed. Versions lower than 2.2.1 are vulnerable to Cross Site Scripting (XSS) in the error page.
  261. + OSVDB-2754: /guestbook/?number=5&lng=%3Cscript%3Ealert(document.domain);%3C/script%3E: MPM Guestbook 1.2 and previous are vulnreable to XSS attacks.
  262. + /anthill/login.php: Anthill bug tracking system may be installed. Versions lower than 0.1.6.1 allow XSS/HTML injection and may allow users to bypass login requirements. http://anthill.vmlinuz.ca/ and http://www.cert.org/advisories/CA-2000-02.html
  263. + /cfdocs/expeval/sendmail.cfm: Can be used to send email; go to the page and fill in the form
  264. + OSVDB-22: /cgi-bin/bigconf.cgi: BigIP Configuration CGI
  265. + /ammerum/: Ammerum pre 0.6-1 had several security issues.
  266. + /ariadne/: Ariadne pre 2.1.2 has several vulnerabilities. The default login/pass to the admin page is admin/muze.
  267. + /cbms/cbmsfoot.php: CBMS Billing Management has had many vulnerabilities in versions 0.7.1 and below. None could be confirmed here, but they should be manually checked if possible. http://freshmeat.net/projects/cbms/
  268. + /cbms/changepass.php: CBMS Billing Management has had many vulnerabilities in versions 0.7.1 and below. None could be confirmed here, but they should be manually checked if possible. http://freshmeat.net/projects/cbms/
  269. + /cbms/editclient.php: CBMS Billing Management has had many vulnerabilities in versions 0.7.1 and below. None could be confirmed here, but they should be manually checked if possible. http://freshmeat.net/projects/cbms/
  270. + /cbms/passgen.php: CBMS Billing Management has had many vulnerabilities in versions 0.7.1 and below. None could be confirmed here, but they should be manually checked if possible. http://freshmeat.net/projects/cbms/
  271. + /cbms/realinv.php: CBMS Billing Management has had many vulnerabilities in versions 0.7.1 and below. None could be confirmed here, but they should be manually checked if possible. http://freshmeat.net/projects/cbms/
  272. + /cbms/usersetup.php: CBMS Billing Management has had many vulnerabilities in versions 0.7.1 and below. None could be confirmed here, but they should be manually checked if possible. http://freshmeat.net/projects/cbms/
  273. + /ext.dll?MfcIsapiCommand=LoadPage&page=admin.hts%20&a0=add&a1=root&a2=%5C: This check (A) sets up the next bad blue test (B) for possible exploit. See http://www.badblue.com/down.htm
  274. + OSVDB-59412: /db/users.dat: upb PB allows the user database to be retrieved remotely.
  275. + /Admin_files/order.log: Selena Sol's WebStore 1.0 exposes order information, http://www.extropia.com/, http://www.mindsec.com/advisories/post2.txt.
  276. + /admin/cplogfile.log: DevBB 1.0 final (http://www.mybboard.com) log file is readable remotely. Upgrade to the latest version.
  277. + /admin/system_footer.php: myphpnuke version 1.8.8_final_7 reveals detailed system information.
  278. + /cfdocs/snippets/fileexists.cfm: Can be used to verify the existance of files (on the same drive info as the web tree/file)
  279. + /cgi-bin/MachineInfo: Gives out information on the machine (IRIX), including hostname
  280. + OSVDB-59646: /chat/!nicks.txt: WF-Chat 1.0 Beta allows retrieval of user information.
  281. + OSVDB-59645: /chat/!pwds.txt: WF-Chat 1.0 Beta allows retrieval of user information.
  282. + OSVDB-53304: /chat/data/usr: SimpleChat! 1.3 allows retrieval of user information.
  283. + /config.php: PHP Config file may contain database IDs and passwords.
  284. + /config/: Configuration information may be available remotely.
  285. + /cplogfile.log: XMB Magic Lantern forum 1.6b final (http://www.xmbforum.com) log file is readable remotely. Upgrade to the latest version.
  286. + /examples/jsp/snp/anything.snp: Tomcat servlet gives lots of host information.
  287. + /cfdocs/snippets/evaluate.cfm: Can enter CF code to be evaluated, or create denial of service see www.allaire.com/security/ technical papers and advisories for info
  288. + /cfide/Administrator/startstop.html: Can start/stop the server
  289. + OSVDB-10598: /cd-cgi/sscd_suncourier.pl: Sunsolve CD script may allow users to execute arbitrary commands. The script was confirmed to exist, but the test was not done.
  290. + /cgi-bin/handler: Comes with IRIX 5.3 - 6.4; allows to run arbitrary commands
  291. + OSVDB-235: /cgi-bin/webdist.cgi: Comes with IRIX 5.0 - 6.3; allows to run arbitrary commands
  292. + OSVDB-55: /ews/ews/architext_query.pl: Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands. http://www.securityfocus.com/bid/2665.
  293. + OSVDB-5280: /instantwebmail/message.php: Instant Web Mail (http://understroem.kdc/instantwebmail/) is installed. Versions 0.59 and lower can allow remote users to embed POP3 commands in URLs contained in email.
  294. + OSVDB-29786: /admin.php?en_log_id=0&action=config: EasyNews from http://www.webrc.ca version 4.3 allows remote admin access. This PHP file should be protected.
  295. + OSVDB-29786: /admin.php?en_log_id=0&action=users: EasyNews from http://www.webrc.ca version 4.3 allows remote admin access. This PHP file should be protected.
  296. + /admin.php4?reg_login=1: Mon Album from http://www.3dsrc.com version 0.6.2d allows remote admin access. This should be protected.
  297. + OSVDB-3233: /admin/admin_phpinfo.php4: Mon Album from http://www.3dsrc.com version 0.6.2d allows remote admin access. This should be protected.
  298. + OSVDB-5034: /admin/login.php?action=insert&username=test&password=test: phpAuction may allow user admin accounts to be inserted without proper authentication. Attempt to log in with user 'test' password 'test' to verify.
  299. + OSVDB-5178: /dostuff.php?action=modify_user: Blahz-DNS allows unauthorized users to edit user information. Upgrade to version 0.25 or higher. http://blahzdns.sourceforge.net/
  300. + OSVDB-5088: /accounts/getuserdesc.asp: Hosting Controller 2002 administration page is available. This should be protected.
  301. + OSVDB-35876: /agentadmin.php: Immobilier agentadmin.php contains multiple SQL injection vulnerabilities.
  302. + /sqldump.sql: Database SQL?
  303. + /structure.sql: Database SQL?
  304. + /servlet/SessionManager: IBM WebSphere reconfigure servlet (user=servlet, password=manager). All default code should be removed from servers.
  305. + /ip.txt: This may be User Online from http://www.elpar.net version 2.0, which has a remotely accessible log file.
  306. + /level/42/exec/show%20conf: Retrieved Cisco configuration file.
  307. + /livehelp/: LiveHelp may reveal system information.
  308. + /LiveHelp/: LiveHelp may reveal system information.
  309. + OSVDB-59536: /logicworks.ini: web-erp 0.1.4 and earlier allow .ini files to be read remotely.
  310. + /logs/str_err.log: Bmedia error log, contains invalid login attempts which include the invalid usernames and passwords entered (could just be typos & be very close to the right entries).
  311. + OSVDB-6465: /mall_log_files/order.log: EZMall2000 exposes order information, http://www.ezmall2000.com/, see http://www.mindsec.com/advisories/post2.txt for details.
  312. + OSVDB-3204: /megabook/files/20/setup.db: Megabook guestbook configuration available remotely.
  313. + OSVDB-6161: /officescan/hotdownload/ofscan.ini: OfficeScan from Trend Micro allows anyone to read the ofscan.ini file, which may contain passwords.
  314. + /order/order_log_v12.dat: Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt
  315. + /order/order_log.dat: Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt
  316. + /orders/order_log_v12.dat: Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt
  317. + /Orders/order_log_v12.dat: Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt
  318. + /orders/order_log.dat: Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt
  319. + /Orders/order_log.dat: Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt
  320. + /pmlite.php: A Xoops CMS script was found. Version RC3 and below allows all users to view all messages (untested). See http://www.phpsecure.org/?zone=pComment&d=101 for details.
  321. + /session/admnlogin: SessionServlet Output, has session cookie info.
  322. + OSVDB-613: /SiteScope/htdocs/SiteScope.html: The SiteScope install may allow remote users to get sensitive information about the hosts being monitored.
  323. + /servlet/allaire.jrun.ssi.SSIFilter: Allaire ColdFusion allows JSP source viewed through a vulnerable SSI call, see MPSB01-12 http://www.macromedia.com/devnet/security/security_zone/mpsb01-12.html.
  324. + OSVDB-2881: /pp.php?action=login: Pieterpost 0.10.6 allows anyone to access the 'virtual' account which can be used to relay/send e-mail.
  325. + /isapi/count.pl?: AN HTTPd default script may allow writing over arbitrary files with a new content of '1', which could allow a trivial DoS. Append /../../../../../ctr.dll to replace this file's contents, for example.
  326. + /krysalis/: Krysalis pre 1.0.3 may allow remote users to read arbitrary files outside docroot
  327. + /logjam/showhits.php: Logjam may possibly allow remote command execution via showhits.php page.
  328. + /manual.php: Does not filter input before passing to shell command. Try 'ls -l' as the man page entry.
  329. + OSVDB-14329: /smssend.php: PhpSmssend may allow system calls if a ' is passed to it. http://zekiller.skytech.org/smssend.php
  330. + OSVDB-113: /ncl_items.html: This may allow attackers to reconfigure your Tektronix printer.
  331. + OSVDB-551: /ncl_items.shtml?SUBJECT=1: This may allow attackers to reconfigure your Tektronix printer.
  332. + /photo/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more.
  333. + /photodata/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more.
  334. + OSVDB-5374: /pub/english.cgi?op=rmail: BSCW self-registration may be enabled. This could allow untrusted users semi-trusted access to the software. 3.x version (and probably some 4.x) allow arbitrary commands to be executed remotely.
  335. + /pvote/ch_info.php?newpass=password&confirm=password%20: PVote administration page is available. Versions 1.5b and lower do not require authentication to reset the administration password.
  336. + OSVDB-240: /scripts/wsisa.dll/WService=anything?WSMadmin: Allows Webspeed to be remotely administered. Edit unbroker.properties and set AllowMsngrCmds to 0.
  337. + OSVDB-3092: /SetSecurity.shm: Cisco System's My Access for Wireless. This resource should be password protected.
  338. + OSVDB-3126: /submit?setoption=q&option=allowed_ips&value=255.255.255.255: MLdonkey 2.x allows administrative interface access to be access from any IP. This is typically only found on port 4080.
  339. + OSVDB-2225: /thebox/admin.php?act=write&username=admin&password=admin&aduser=admin&adpass=admin: paBox 1.6 may allow remote users to set the admin password. If successful, the 'admin' password is now 'admin'.
  340. + OSVDB-3092: /shopadmin.asp: VP-ASP shopping cart admin may be available via the web. Default ID/PW are vpasp/vpasp and admin/admin.
  341.  
  342.  
  343. + OSVDB-3299: /vbulletincalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22: Vbulletin allows remote command execution. See http://www.securiteam.com/securitynews/5IP0B203PI.html
  344. + OSVDB-3396: /mlog.html: Remote file read vulnerability 1999-0068
  345. + OSVDB-3396: /mlog.phtml: Remote file read vulnerability 1999-0068
  346. + OSVDB-3396: /php/mlog.html: Remote file read vulnerability 1999-0346
  347. + OSVDB-3396: /php/mlog.phtml: Remote file read vulnerability 1999-0346
  348. + OSVDB-3411: /soapConfig.xml: Oracle 9iAS configuration file found - see bugtraq #4290.
  349. + OSVDB-3423: /XSQLConfig.xml: Oracle 9iAS configuration file found - see bugtraq #4290.
  350. + OSVDB-3489: /surf/scwebusers: SurfControl SuperScout Web Reports Server user and password file is available. CVE-2002-0705.
  351. + OSVDB-3501: /_private/form_results.htm: This file may contain information submitted by other web users via forms. CVE-1999-1052.
  352. + OSVDB-3501: /_private/form_results.html: This file may contain information submitted by other web users via forms. CVE-1999-1052.
  353. + OSVDB-3501: /_private/form_results.txt: This file may contain information submitted by other web users via forms. CVE-1999-1052.
  354. + OSVDB-3512: /scripts/tools/getdrvrs.exe: MS Jet database engine can be used to make DSNs, useful with an ODBC exploit and the RDS exploit (with msadcs.dll) which mail allow command execution. RFP9901 (http://www.wiretrip.net/rfp/p/doc.asp/i2/d3.htm).
  355. + OSVDB-3591: /project/index.php?m=projects&user_cookie=1: dotProject 0.2.1.5 may allow admin login bypass by adding the user_cookie=1 to the URL.
  356. + OSVDB-379: /site/eg/source.asp: This ASP (installed with Apache::ASP) allows attackers to upload files to the server. Upgrade to 1.95 or higher. CVE-2000-0628.
  357. + OSVDB-4: /iissamples/exair/search/advsearch.asp: Scripts within the Exair package on IIS 4 can be used for a DoS against the server. CVE-1999-0449. BID-193.
  358. + OSVDB-4013: /isqlplus: Oracle iSQL*Plus is installed. This may be vulnerable to a buffer overflow in the user ID field. http://www.ngssoftware.com/advisories/ora-isqlplus.txt
  359. + OSVDB-4161: /data/member_log.txt: Teekai's forum full 1.2 member's log can be retrieved remotely.
  360. + OSVDB-4161: /data/userlog/log.txt: Teekai's Tracking Online 1.0 log can be retrieved remotely.
  361. + OSVDB-4161: /userlog.php: Teekai's Tracking Online 1.0 log can be retrieved remotely.
  362. + OSVDB-4171: /ASP/cart/database/metacart.mdb: MetaCart2 is an ASP shopping cart. The database of customers is available via the web.
  363. + OSVDB-4171: /database/metacart.mdb: MetaCart2 is an ASP shopping cart. The database of customers is available via the web.
  364. + OSVDB-4171: /mcartfree/database/metacart.mdb: MetaCart2 is an ASP shopping cart. The database of customers is available via the web.
  365. + OSVDB-4171: /metacart/database/metacart.mdb: MetaCart2 is an ASP shopping cart. The database of customers is available via the web.
  366. + OSVDB-4171: /shop/database/metacart.mdb: MetaCart2 is an ASP shopping cart. The database of customers is available via the web.
  367. + OSVDB-4171: /shoponline/fpdb/shop.mdb: MetaCart2 is an ASP shopping cart. The database of customers is available via the web.
  368. + OSVDB-4171: /shopping/database/metacart.mdb: MetaCart2 is an ASP shopping cart. The database of customers is available via the web.
  369. + OSVDB-4237: /ban.bak: Bannermatic versions 1-3 reveal sensitive information from unprotected files. These files should be protected.
  370. + OSVDB-4237: /ban.dat: Bannermatic versions 1-3 reveal sensitive information from unprotected files. These files should be protected.
  371. + OSVDB-4237: /ban.log: Bannermatic versions 1-3 reveal sensitive information from unprotected files. These files should be protected.
  372. + OSVDB-4237: /banmat.pwd: Bannermatic versions 1-3 reveal sensitive information from unprotected files. These files should be protected.
  373. + OSVDB-4238: /admin/adminproc.asp: Xpede administration page may be available. The /admin directory should be protected.
  374. + OSVDB-4239: /admin/datasource.asp: Xpede page reveals SQL account name. The /admin directory should be protected.
  375. + OSVDB-4240: /utils/sprc.asp: Xpede page may allow SQL injection.
  376. + OSVDB-4314: /texis.exe/?-dump: Texis installation may reveal sensitive information.
  377. + OSVDB-4314: /texis.exe/?-version: Texis installation may reveal sensitive information.
  378. + OSVDB-4360: /acart2_0/acart2_0.mdb: Alan Ward A-Cart 2.0 allows remote user to read customer database file which may contain usernames, passwords, credit cards and more.
  379. + OSVDB-4361: /acart2_0/admin/category.asp: Alan Ward A-Cart 2.0 is vulnerable to an XSS attack which may cause the administrator to delete database information.
  380. + OSVDB-474: /Sites/Knowledge/Membership/Inspired/ViewCode.asp: The default ViewCode.asp can allow an attacker to read any file on the machine. CVE-1999-0737. http://www.microsoft.com/technet/security/bulletin/MS99-013.asp.
  381. + OSVDB-474: /Sites/Knowledge/Membership/Inspiredtutorial/ViewCode.asp: The default ViewCode.asp can allow an attacker to read any file on the machine. CVE-1999-0737. http://www.microsoft.com/technet/security/bulletin/MS99-013.asp.
  382. + OSVDB-474: /Sites/Samples/Knowledge/Membership/Inspired/ViewCode.asp: The default ViewCode.asp can allow an attacker to read any file on the machine. CVE-1999-0737. http://www.microsoft.com/technet/security/bulletin/MS99-013.asp.
  383. + OSVDB-474: /Sites/Samples/Knowledge/Membership/Inspiredtutorial/ViewCode.asp: The default ViewCode.asp can allow an attacker to read any file on the machine. CVE-1999-0737. http://www.microsoft.com/technet/security/bulletin/MS99-013.asp.
  384. + OSVDB-474: /Sites/Samples/Knowledge/Push/ViewCode.asp: The default ViewCode.asp can allow an attacker to read any file on the machine. CVE-1999-0737. http://www.microsoft.com/technet/security/bulletin/MS99-013.asp.
  385. + OSVDB-474: /Sites/Samples/Knowledge/Search/ViewCode.asp: The default ViewCode.asp can allow an attacker to read any file on the machine. CVE-1999-0737. http://www.microsoft.com/technet/security/bulletin/MS99-013.asp.
  386. + OSVDB-474: /SiteServer/Publishing/ViewCode.asp: The default ViewCode.asp can allow an attacker to read any file on the machine. CVE-1999-0737. http://www.microsoft.com/technet/security/bulletin/MS99-013.asp.
  387. + OSVDB-17671: /siteserver/publishing/viewcode.asp?source=/default.asp: May be able to view source code using Site Server vulnerability.
  388. + OSVDB-4908: /securelogin/1,2345,A,00.html: Vignette Story Server v4.1, 6, may disclose sensitive information via a buffer overflow.
  389. + OSVDB-5092: /config.inc: DotBr 0.1 configuration file includes usernames and passwords.
  390. + OSVDB-5095: /sysuser/docmgr/ieedit.stm?url=../: Sambar default file may allow directory listings.
  391. + OSVDB-5096: /sysuser/docmgr/iecreate.stm?template=../: Sambar default file may allow directory listings.
  392. + OSVDB-539: /catinfo: May be vulnerable to a buffer overflow. Request '/catinfo?' and add on 2048 of garbage to test.
  393. + OSVDB-5407: /soap/servlet/soaprouter: Oracle 9iAS SOAP components allow anonymous users to deploy applications by default.
  394. + OSVDB-5523: /MWS/HandleSearch.html?searchTarget=test&B1=Submit: MyWebServer 1.0.2 may be vulnerable to a buffer overflow (untested). Upgrade to a later version if 990b of searched data crashes the server.
  395. + OSVDB-562: /server-info: This gives a lot of Apache information. Comment out appropriate line in httpd.conf or restrict access to allowed hosts.
  396. + OSVDB-5709: /.nsconfig: Contains authorization information
  397. + OSVDB-596: /dc/auth_data/auth_user_file.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
  398. + OSVDB-596: /dc/orders/orders.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
  399. + OSVDB-596: /dcshop/auth_data/auth_user_file.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
  400. + OSVDB-596: /dcshop/orders/orders.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
  401. + OSVDB-6666: /cgi-bin/hpnst.exe?c=p+i=SrvSystemInfo.html: HP Instant TopTools GoAhead WebServer hpnst.exe may be vulnerable to a DoS.
  402. + OSVDB-6670: /applist.asp: Citrix server may allow remote users to view applications installed without authenticating.
  403. + OSVDB-6671: /launch.asp?NFuse_Application=LookOut&NFuse_MIMEExtension=.ica: Citrix server may reveal sensitive information by accessing the 'advanced' tab on hte login screen.
  404. + OSVDB-6672: /_layouts/alllibs.htm: Microsoft SharePoint Portal and Team Services vulnerable to NT or NTLM authentication bypass on Win2000 SP4 using IE 6.x. Bugtraq 03-11-19 post by [email protected]
  405. + OSVDB-6672: /_layouts/settings.htm: Microsoft SharePoint Portal and Team Services vulnerable to NT or NTLM authentication bypass on Win2000 SP4 using IE 6.x. Bugtraq 03-11-19 post by [email protected]
  406. + OSVDB-6672: /_layouts/userinfo.htm: Microsoft SharePoint Portal and Team Services vulnerable to NT or NTLM authentication bypass on Win2000 SP4 using IE 6.x. Bugtraq 03-11-19 post by [email protected]
  407. + OSVDB-670: /stronghold-info: Redhat Stronghold from versions 2.3 up to 3.0 discloses sensitive information. This gives information on configuration. CVE-2001-0868.
  408. + OSVDB-670: /stronghold-status: Redhat Stronghold from versions 2.3 up to 3.0 discloses sensitive information. CVE-2001-0868.
  409. + OSVDB-7: /iissamples/exair/howitworks/Code.asp: Scripts within the Exair package on IIS 4 can be used for a DoS against the server. CVE-1999-0449. BID-193.
  410. + OSVDB-7: /iissamples/exair/howitworks/Codebrw1.asp: This is a default IIS script/file which should be  removed, it may allow a DoS against the server. CVE-1999-0738. http://www.microsoft.com/technet/security/bulletin/MS99-013.asp. CVE-1999-0449. BID-193.
  411. + OSVDB-707: /globals.jsa: Oracle globals.jsa file
  412. + OSVDB-721: /..%252f..%252f..%252f..%252f..%252f../windows/repair/sam: BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information.
  413. + OSVDB-721: /..%252f..%252f..%252f..%252f..%252f../winnt/repair/sam: BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information.
  414. + OSVDB-721: /..%252f..%252f..%252f..%252f..%252f../winnt/repair/sam._: BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information.
  415. + OSVDB-721: /..%255c..%255c..%255c..%255c..%255c../windows/repair/sam: BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information.
  416. + OSVDB-721: /..%255c..%255c..%255c..%255c..%255c../winnt/repair/sam: BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information.
  417. + OSVDB-721: /..%255c..%255c..%255c..%255c..%255c../winnt/repair/sam._: BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information.
  418. + OSVDB-724: /ans.pl?p=../../../../../usr/bin/id|&blah: Avenger's News System allows commands to be issued remotely.  http://ans.gq.nu/ default admin string 'admin:aaLR8vE.jjhss:[email protected]', password file location 'ans_data/ans.passwd'
  419. + OSVDB-724: /ans/ans.pl?p=../../../../../usr/bin/id|&blah: Avenger's News System allows commands to be issued remotely.
  420. + OSVDB-789: /iissamples/sdk/asp/docs/CodeBrws.asp?Source=/IISSAMPLES/%c0%ae%c0%ae/default.asp: IIS may be vulnerable to source code viewing via the example CodeBrws.asp file. Remove all default files from the web root. CVE-1999-0739. http://www.microsoft.com/technet/security/bulletin/MS99-013.asp.
  421. + OSVDB-9624: /pass_done.php: PY-Membres 4.2 may allow users to execute a query which generates a list of usernames and passwords.
  422. + OSVDB-9624: /admin/admin.php?adminpy=1: PY-Membres 4.2 may allow administrator access.
  423. + OSVDB-3092: /README: README file found.
  424. + OSVDB-3233: /j2ee/: j2ee directory found--possibly an Oracle app server directory.
  425. + OSVDB-3233: /WebCacheDemo.html: Oracle WebCache Demo
  426. + OSVDB-32333: /webcache/: Oracle WebCache Demo
  427. + OSVDB-3233: /webcache/webcache.xml: Oracle WebCache Demo
  428. + OSVDB-3233: /bmp/: SQLJ Demo Application
  429. + OSVDB-3233: /bmp/global-web-application.xml: SQLJ Demo Application
  430. + OSVDB-3233: /bmp/JSPClient.java: SQLJ Demo Application
  431. + OSVDB-3233: /bmp/mime.types: SQLJ Demo Application
  432. + OSVDB-3233: /bmp/README.txt: SQLJ Demo Application
  433. + OSVDB-3233: /bmp/sqljdemo.jsp: SQLJ Demo Application
  434. + OSVDB-3233: /bmp/setconn.jsp: SQLJ Demo Application
  435. + OSVDB-3233: /ptg_upgrade_pkg.log: Oracle log files.
  436. + OSVDB-3233: /OA_HTML/oam/weboam.log: Oracle log files.
  437. + OSVDB-3233: /webapp/admin/_pages/_bc4jadmin/: Oracle JSP files
  438. + OSVDB-3233: /_pages/_webapp/_admin/_showpooldetails.java: Oracle JSP files
  439. + OSVDB-3233: /_pages/_webapp/_admin/_showjavartdetails.java: Oracle JSP file
  440. + OSVDB-3233: /_pages/_demo/: Oracle JSP file
  441. + OSVDB-3233: /_pages/_webapp/_jsp/: Oracle JSP file.
  442. + OSVDB-3233: /_pages/_demo/_sql/: Oracle JSP file.
  443. + OSVDB-3233: //OA_HTML/_pages/: Oracle JSP file.
  444. + OSVDB-3233: /OA_HTML/webtools/doc/index.html: Cabo DHTML Components Help Page
  445. + OSVDB-18114: /reports/rwservlet?server=repserv+report=/tmp/hacker.rdf+destype=cache+desformat=PDF:  Oracle Reports rwservlet report Variable Arbitrary Report Executable Execution
  446. + OSVDB-3233: /apex/: Oracle Application Express login screen.
  447. + OSVDB-3233: /OA_JAVA/: Oracle Applications Portal Page
  448. + OSVDB-3233: /OA_HTML/: Oracle Applications Portal Page
  449. + OSVDB-3233: /aplogon.html: Oracle Applications Portal Page
  450. + OSVDB-3233: /appdet.html: Oracle Applications Portal Pages
  451. + OSVDB-3233: /servlets/weboam/oam/oamLogin: Oracle Application Manager
  452. + OSVDB-3233: /OA_HTML/PTB/mwa_readme.htm: Oracle Mobile Applications Industrial Server administration and configuration inerface
  453. + OSVDB-3233: /reports/rwservlet: Oracle Reports
  454. + OSVDB-3233: /reports/rwservlet/showenv: Oracle Reports
  455. + OSVDB-3233: /reports/rwservlet/showmap: Oracle Reports
  456. + OSVDB-3233: /reports/rwservlet/showjobs: Oracle Reports
  457. + OSVDB-3233: /reports/rwservlet/getjobid7?server=myrep: Oracle Reports
  458. + OSVDB-3233: /reports/rwservlet/getjobid4?server=myrep: Oracle Reports
  459. + OSVDB-3233: /reports/rwservlet/showmap?server=myserver: Oracle Reports
  460. + OSVDB-3093: /pls/portal/owa_util.cellsprint?p_theQuery=select: Direct access to Oracle packages could have an unkown impact.
  461. + OSVDB-3093: /pls/portal/owa_util.listprint?p_theQuery=select: Access to Oracle pages could have an unknown impact.
  462. + OSVDB-3093: /pls/portal/owa_util.show_query_columns?ctable=sys.dba_users: Access to Oracle pages could have an unknown impact.
  463. + OSVDB-3093: /pls/portal/owa_util.showsource?cname=owa_util: Access to Oracle pages could have an unknown impact.
  464. + OSVDB-3093: /pls/portal/owa_util.cellsprint?p_theQuery=select+*+from+sys.dba_users: Access to Oracle pages could have an unknown impact.                     
  465. + OSVDB-3093: /pls/portal/owa_util.signature: Access to Oracle pages could have an unknown impact.                                     
  466. + OSVDB-3093: /pls/portal/HTP.PRINT: Access to Oracle pages could have an unknown impact.                                      
  467. + OSVDB-3093: /pls/portal/CXTSYS.DRILOAD.VALIDATE_STMT: Access to Oracle pages could have an unknown impact.                                   
  468. + OSVDB-3093: /pls/portal/PORTAL_DEMO.ORG_CHART.SHOW: Access to Oracle pages could have an unknown impact.                                     
  469. + OSVDB-3093: /pls/portal/PORTAL.wwv_form.genpopuplist: Access to Oracle pages cold have an unknown impact.                                    
  470. + OSVDB-3093: /pls/portal/PORTAL.wwv_ui_lovf.show: Access to Oracle pages could have an unknown impact.                                
  471. + OSVDB-3093: /pls/portal/PORTAL.wwa_app_module.link: Access to Oracle pages could have an unknown impact.                                     
  472. + OSVDB-3093: /pls/portal/PORTAL.wwv_dynxml_generator.show: Access to Oracle pages could have an unknown impact.                                       
  473. + OSVDB-3093: /pls/portal/PORTAL.home: Access to Oracle pages could have an unknown impact.                                    
  474. + OSVDB-3093: /pls/portal/PORTAL.wwv_setting.render_css: Access to Oracle pages could have an unknown impact.                                  
  475. + OSVDB-3093: /pls/portal/PORTAL.wwv_main.render_warning_screen?p_oldurl=inTellectPRO&p_newurl=inTellectPRO: Access to Oracle pages could have an unknown impact.                                      
  476. + OSVDB-3093: /pls/portal/SELECT: Access to Oracle pages could have an unknown impact.                                 
  477. + OSVDB-3093: /pls/portal/null: Access to Oracle pages could have an unknown impact.                                   
  478. + OSVDB-3093: /OA_MEDIA/: Oracle Applications portal pages found.
  479. + OSVDB-3093: /OA_HTML/META-INF/: Oracle Applications portal pages found.
  480. + OSVDB-3093: /OA_HTML/jsp/por/services/login.jsp: Oracle Applications portal pages found.
  481. + OSVDB-3093: /OA_HTML/PTB/ICXINDEXBASECASE.htm: Oracle Applications portal pages found.
  482. + OSVDB-3093: /OA_HTML/PTB/ECXOTAPing.htm: Oracle Applications portal pages found.
  483. + OSVDB-3093: /OA_HTML/PTB/xml_sample1.htm: Oracle Applications portal pages found.
  484. + OSVDB-3093: /OA_HTML/jsp/wf/WFReassign.jsp: Oracle Applications portal pages found.
  485. + OSVDB-3093: /OA_JAVA/Oracle/: Oracle Applications portal pages found.
  486. + OSVDB-3093: /OA_JAVA/servlet.zip: Oracle Applications portal pages found.
  487. + OSVDB-3093: /OA_JAVA/oracle/forms/registry/Registry.dat: Oracle Applications portal pages found.
  488. + OSVDB-3093: /OA_HTML/oam/: Oracle Applications portal pages found.
  489. + OSVDB-3233: /OA_HTML/jsp/: Oracle Applications portal page found
  490. + OSVDB-3233: /OA_HTML/jsp/fnd/fndversion.jsp: Oracle Applications help page found.
  491. + OSVDB-3233: /OA_HTML/jsp/fnd/fndhelp.jsp?dbc=/u01/oracle/prodappl/fnd/11.5.0/secure/dbprod2_prod.dbc: Oracle Applications help page found.                   
  492. + OSVDB-3233: /OA_HTML/jsp/fnd/fndhelputil.jsp: Oracle Applications help page found.
  493. + OSVDB-3092: /install/install.php: Install file found.
  494. + OSVDB-3092: /cehttp/trace: Sterling Commerce Connect Direct trace log file may contain user ID information.
  495. + OSVDB-3092: /cehttp/property/: Sterling Commerce Connect Direct configuration files.
  496. + OSVDB-3233: /nps/iManager.html: Novell iManager found.
  497. + OSVDB-3233: /nps/version.jsp: Novell iManager version found.
  498. + OSVDB-3233: /nps/servlet/webacc?taskId=dev.Empty&merge=fw.About: Novell iManager version found.
  499. + OSVDB-3233: /doc/icodUserGuide.pdf: Instant Capacity on Demand (iCOD) Userís Guide.
  500. + OSVDB-3233: /doc/planning_SuperDome_configs.pdf: Planning HP SuperDome Configurations
  501. + OSVDB-3233: /doc/vxvm/pitc_ag.pdf: VERITAS FlashSnapTM Point-In-Time Copy Solutions documentation.
  502. + OSVDB-3233: /doc/Judy/Judy_tech_book.pdf: HP Judy documentation found.
  503. + OSVDB-3233: /doc/vxvm/vxvm_ag.pdf: Veritas Volume Manager documentation.
  504. + OSVDB-3233: /doc/vxvm/vxvm_hwnotes.pdf: Veritas Volume Manager documentation.
  505. + OSVDB-3233: /doc/vxvm/vxvm_ig.pdf: Veritas Volume Manager documentation.
  506. + OSVDB-3233: /doc/vxvm/vxvm_mig.pdf: Veritas Volume Manager documentation.
  507. + OSVDB-3233: /doc/vxvm/vxvm_tshoot.pdf: Veritas Volume Manager documentation.
  508. + OSVDB-3233: /doc/vxvm/vxvm_notes.pdf: Veritas Volume Manager documentation.
  509. + OSVDB-3233: /doc/vxvm/vxvm_ug.pdf: Veritas Volume Manager documentation.
  510. + OSVDB-3092: /staging/: This may be interesting...
  511. + OSVDB-3092: /_archive/: Archive found.
  512. + OSVDB-3092: /INSTALL.txt: Default file found.
  513. + OSVDB-3092: /UPGRADE.txt: Default file found.
  514. + OSVDB-3092: /install.php: install.php file found.
  515. + OSVDB-3092: /LICENSE.txt: License file found may identify site software.
  516. + OSVDB-3092: /upgrade.php: upgrade.php was found.
  517. + OSVDB-3092: /xmlrpc.php: xmlrpc.php was found.
  518. + OSVDB-3092: /CHANGELOG.txt: A changelog was found.
  519. + OSVDB-3092: /sitemap.gz: The sitemap.gz file, used for Google indexing, contains an xml representation of the web site's structure.
  520. + OSVDB-3092: /content/sitemap.gz: The sitemap.gz file, used for Google indexing, contains an xml representation of the web site\'s structure.
  521. + /webservices/IlaWebServices: Host has the Oracle iLearning environment installed.
  522. + /phone/: This may be interesting...
  523. + /aspnet_files/: .NET client side script files indicate .NET may be running. See http://msdn.microsoft.com/en-us/library/aa479045.aspx#aspplusvalid_clientside
  524. + OSVDB-3092: /Admin/: This might be interesting...
  525. + OSVDB-3092: /af/: This might be interesting... potential country code (Afghanistan)
  526. + OSVDB-3092: /ax/: This might be interesting... potential country code (Aland Islands)
  527. + OSVDB-3092: /al/: This might be interesting... potential country code (Albania)
  528. + OSVDB-3092: /dz/: This might be interesting... potential country code (Algeria)
  529. + OSVDB-3092: /as/: This might be interesting... potential country code (American Samoa)
  530. + OSVDB-3092: /ad/: This might be interesting... potential country code (Andorra)
  531. + OSVDB-3092: /ao/: This might be interesting... potential country code (Angola)
  532. + OSVDB-3092: /ai/: This might be interesting... potential country code (Anguilla)
  533. + OSVDB-3092: /aq/: This might be interesting... potential country code (Antarctica)
  534. + OSVDB-3092: /ag/: This might be interesting... potential country code (Antigua And Barbuda)
  535. + OSVDB-3092: /ar/: This might be interesting... potential country code (Argentina)
  536. + OSVDB-3092: /am/: This might be interesting... potential country code (Armenia)
  537. + OSVDB-3092: /aw/: This might be interesting... potential country code (Aruba)
  538. + OSVDB-3092: /au/: This might be interesting... potential country code (Australia)
  539. + OSVDB-3092: /at/: This might be interesting... potential country code (Austria)
  540. + OSVDB-3092: /az/: This might be interesting... potential country code (Azerbaijan)
  541. + OSVDB-3092: /bs/: This might be interesting... potential country code (Bahamas)
  542. + OSVDB-3092: /bh/: This might be interesting... potential country code (Bahrain)
  543. + OSVDB-3092: /bd/: This might be interesting... potential country code (Bangladesh)
  544. + OSVDB-3092: /bb/: This might be interesting... potential country code (Barbados)
  545. + OSVDB-3092: /by/: This might be interesting... potential country code (Belarus)
  546. + OSVDB-3092: /be/: This might be interesting... potential country code (Belgium)
  547. + OSVDB-3092: /bz/: This might be interesting... potential country code (Belize)
  548. + OSVDB-3092: /bj/: This might be interesting... potential country code (Benin)
  549. + OSVDB-3092: /bm/: This might be interesting... potential country code (Bermuda)
  550. + OSVDB-3092: /bt/: This might be interesting... potential country code (Bhutan)
  551. + OSVDB-3092: /bo/: This might be interesting... potential country code (Bolivia)
  552. + OSVDB-3092: /ba/: This might be interesting... potential country code (Bosnia And Herzegovina)
  553. + OSVDB-3092: /bw/: This might be interesting... potential country code (Botswana)
  554. + OSVDB-3092: /bv/: This might be interesting... potential country code (Bouvet Island)
  555. + OSVDB-3092: /br/: This might be interesting... potential country code (Brazil)
  556. + OSVDB-3092: /io/: This might be interesting... potential country code (British Indian Ocean Territory)
  557. + OSVDB-3092: /bn/: This might be interesting... potential country code (Brunei Darussalam)
  558. + OSVDB-3092: /bg/: This might be interesting... potential country code (Bulgaria)
  559. + OSVDB-3092: /bf/: This might be interesting... potential country code (Burkina Faso)
  560. + OSVDB-3092: /bi/: This might be interesting... potential country code (Burundi)
  561. + OSVDB-3092: /kh/: This might be interesting... potential country code (Cambodia)
  562. + OSVDB-3092: /cm/: This might be interesting... potential country code (Cameroon)
  563. + OSVDB-3092: /ca/: This might be interesting... potential country code (Canada)
  564. + OSVDB-3092: /cv/: This might be interesting... potential country code (Cape Verde)
  565. + OSVDB-3092: /ky/: This might be interesting... potential country code (Cayman Islands)
  566. + OSVDB-3092: /cf/: This might be interesting... potential country code (Central African Republic)
  567. + OSVDB-3092: /td/: This might be interesting... potential country code (Chad)
  568. + OSVDB-3092: /cl/: This might be interesting... potential country code (Chile)
  569. + OSVDB-3092: /cn/: This might be interesting... potential country code (China)
  570. + OSVDB-3092: /cx/: This might be interesting... potential country code (Christmas Island)
  571. + OSVDB-3092: /cc/: This might be interesting... potential country code (Cocos (keeling) Islands)
  572. + OSVDB-3092: /co/: This might be interesting... potential country code (Colombia)
  573. + OSVDB-3092: /km/: This might be interesting... potential country code (Comoros)
  574. + OSVDB-3092: /cg/: This might be interesting... potential country code (Congo)
  575. + OSVDB-3092: /cd/: This might be interesting... potential country code (The Democratic Republic Of The Congo)
  576. + OSVDB-3092: /ck/: This might be interesting... potential country code (Cook Islands)
  577. + OSVDB-3092: /cr/: This might be interesting... potential country code (Costa Rica)
  578. + OSVDB-3092: /ci/: This might be interesting... potential country code (CÔte D'ivoire)
  579. + OSVDB-3092: /hr/: This might be interesting... potential country code (Croatia)
  580. + OSVDB-3092: /cu/: This might be interesting... potential country code (Cuba)
  581. + OSVDB-3092: /cy/: This might be interesting... potential country code (Cyprus)
  582. + OSVDB-3092: /cz/: This might be interesting... potential country code (Czech Republic)
  583. + OSVDB-3092: /dk/: This might be interesting... potential country code (Denmark)
  584. + OSVDB-3092: /dj/: This might be interesting... potential country code (Djibouti)
  585. + OSVDB-3092: /dm/: This might be interesting... potential country code (Dominica)
  586. + OSVDB-3092: /do/: This might be interesting... potential country code (Dominican Republic)
  587. + OSVDB-3092: /ec/: This might be interesting... potential country code (Ecuador)
  588. + OSVDB-3092: /eg/: This might be interesting... potential country code (Egypt)
  589. + OSVDB-3092: /sv/: This might be interesting... potential country code (El Salvador)
  590. + OSVDB-3092: /gq/: This might be interesting... potential country code (Equatorial Guinea)
  591. + OSVDB-3092: /er/: This might be interesting... potential country code (Eritrea)
  592. + OSVDB-3092: /ee/: This might be interesting... potential country code (Estonia)
  593. + OSVDB-3092: /et/: This might be interesting... potential country code (Ethiopia)
  594. + OSVDB-3092: /fk/: This might be interesting... potential country code (Falkland Islands (malvinas))
  595. + OSVDB-3092: /fo/: This might be interesting... potential country code (Faroe Islands)
  596. + OSVDB-3092: /fj/: This might be interesting... potential country code (Fiji)
  597. + OSVDB-3092: /fi/: This might be interesting... potential country code (Finland)
  598. + OSVDB-3092: /fr/: This might be interesting... potential country code (France)
  599. + OSVDB-3092: /gf/: This might be interesting... potential country code (French Guiana)
  600. + OSVDB-3092: /pf/: This might be interesting... potential country code (French Polynesia)
  601. + OSVDB-3092: /tf/: This might be interesting... potential country code (French Southern Territories)
  602. + OSVDB-3092: /ga/: This might be interesting... potential country code (Gabon)
  603. + OSVDB-3092: /gm/: This might be interesting... potential country code (Gambia)
  604. + OSVDB-3092: /ge/: This might be interesting... potential country code (Georgia)
  605. + OSVDB-3092: /de/: This might be interesting... potential country code (Germany)
  606. + OSVDB-3092: /gh/: This might be interesting... potential country code (Ghana)
  607. + OSVDB-3092: /gi/: This might be interesting... potential country code (Gibraltar)
  608. + OSVDB-3092: /gr/: This might be interesting... potential country code (Greece)
  609. + OSVDB-3092: /gl/: This might be interesting... potential country code (Greenland)
  610. + OSVDB-3092: /gd/: This might be interesting... potential country code (Grenada)
  611. + OSVDB-3092: /gp/: This might be interesting... potential country code (Guadeloupe)
  612. + OSVDB-3092: /gu/: This might be interesting... potential country code (Guam)
  613. + OSVDB-3092: /gt/: This might be interesting... potential country code (Guatemala)
  614. + OSVDB-3092: /gg/: This might be interesting... potential country code (Guernsey)
  615. + OSVDB-3092: /gn/: This might be interesting... potential country code (Guinea)
  616. + OSVDB-3092: /gw/: This might be interesting... potential country code (Guinea-bissau)
  617. + OSVDB-3092: /gy/: This might be interesting... potential country code (Guyana)
  618. + OSVDB-3092: /ht/: This might be interesting... potential country code (Haiti)
  619. + OSVDB-3092: /hm/: This might be interesting... potential country code (Heard Island And Mcdonald Islands)
  620. + OSVDB-3092: /va/: This might be interesting... potential country code (Holy See (vatican City State))
  621. + OSVDB-3092: /hn/: This might be interesting... potential country code (Honduras)
  622. + OSVDB-3092: /hk/: This might be interesting... potential country code (Hong Kong)
  623. + OSVDB-3092: /hu/: This might be interesting... potential country code (Hungary)
  624. + OSVDB-3092: /is/: This might be interesting... potential country code (Iceland)
  625. + OSVDB-3092: /in/: This might be interesting... potential country code (India)
  626. + OSVDB-3092: /id/: This might be interesting... potential country code (Indonesia)
  627. + OSVDB-3092: /ir/: This might be interesting... potential country code (Islamic Republic Of Iran)
  628. + OSVDB-3092: /iq/: This might be interesting... potential country code (Iraq)
  629. + OSVDB-3092: /ie/: This might be interesting... potential country code (Ireland)
  630. + OSVDB-3092: /im/: This might be interesting... potential country code (Isle Of Man)
  631. + OSVDB-3092: /il/: This might be interesting... potential country code (Israel)
  632. + OSVDB-3092: /it/: This might be interesting... potential country code (Italy)
  633. + OSVDB-3092: /jm/: This might be interesting... potential country code (Jamaica)
  634. + OSVDB-3092: /jp/: This might be interesting... potential country code (Japan)
  635. + OSVDB-3092: /je/: This might be interesting... potential country code (Jersey)
  636. + OSVDB-3092: /jo/: This might be interesting... potential country code (Jordan)
  637. + OSVDB-3092: /kz/: This might be interesting... potential country code (Kazakhstan)
  638. + OSVDB-3092: /ke/: This might be interesting... potential country code (Kenya)
  639. + OSVDB-3092: /ki/: This might be interesting... potential country code (Kiribati)
  640. + OSVDB-3092: /kp/: This might be interesting... potential country code (Democratic People's Republic Of Korea)
  641. + OSVDB-3092: /kr/: This might be interesting... potential country code (Republic Of Korea)
  642. + OSVDB-3092: /kw/: This might be interesting... potential country code (Kuwait)
  643. + OSVDB-3092: /kg/: This might be interesting... potential country code (Kyrgyzstan)
  644. + OSVDB-3092: /la/: This might be interesting... potential country code (Lao People's Democratic Republic)
  645. + OSVDB-3092: /lv/: This might be interesting... potential country code (Latvia)
  646. + OSVDB-3092: /lb/: This might be interesting... potential country code (Lebanon)
  647. + OSVDB-3092: /ls/: This might be interesting... potential country code (Lesotho)
  648. + OSVDB-3092: /lr/: This might be interesting... potential country code (Liberia)
  649. + OSVDB-3092: /ly/: This might be interesting... potential country code (Libyan Arab Jamahiriya)
  650. + OSVDB-3092: /li/: This might be interesting... potential country code (Liechtenstein)
  651. + OSVDB-3092: /lt/: This might be interesting... potential country code (Lithuania)
  652. + OSVDB-3092: /lu/: This might be interesting... potential country code (Luxembourg)
  653. + OSVDB-3092: /mo/: This might be interesting... potential country code (Macao)
  654. + OSVDB-3092: /mk/: This might be interesting... potential country code (Macedonia)
  655. + OSVDB-3092: /mg/: This might be interesting... potential country code (Madagascar)
  656. + OSVDB-3092: /mw/: This might be interesting... potential country code (Malawi)
  657. + OSVDB-3092: /my/: This might be interesting... potential country code (Malaysia)
  658. + OSVDB-3092: /mv/: This might be interesting... potential country code (Maldives)
  659. + OSVDB-3092: /ml/: This might be interesting... potential country code (Mali)
  660. + OSVDB-3092: /mt/: This might be interesting... potential country code (Malta)
  661. + OSVDB-3092: /mh/: This might be interesting... potential country code (Marshall Islands)
  662. + OSVDB-3092: /mq/: This might be interesting... potential country code (Martinique)
  663. + OSVDB-3092: /mr/: This might be interesting... potential country code (Mauritania)
  664. + OSVDB-3092: /mu/: This might be interesting... potential country code (Mauritius)
  665. + OSVDB-3092: /yt/: This might be interesting... potential country code (Mayotte)
  666. + OSVDB-3092: /mx/: This might be interesting... potential country code (Mexico)
  667. + OSVDB-3092: /fm/: This might be interesting... potential country code (Federated States Of Micronesia)
  668. + OSVDB-3092: /md/: This might be interesting... potential country code (Republic Of Moldova)
  669. + OSVDB-3092: /mc/: This might be interesting... potential country code (Monaco)
  670. + OSVDB-3092: /mn/: This might be interesting... potential country code (Mongolia)
  671. + OSVDB-3092: /me/: This might be interesting... potential country code (Montenegro)
  672. + OSVDB-3092: /ms/: This might be interesting... potential country code (Montserrat)
  673. + OSVDB-3092: /ma/: This might be interesting... potential country code (Morocco)
  674. + OSVDB-3092: /mz/: This might be interesting... potential country code (Mozambique)
  675. + OSVDB-3092: /mm/: This might be interesting... potential country code (Myanmar)
  676. + OSVDB-3092: /na/: This might be interesting... potential country code (Namibia)
  677. + OSVDB-3092: /nr/: This might be interesting... potential country code (Nauru)
  678. + OSVDB-3092: /np/: This might be interesting... potential country code (Nepal)
  679. + OSVDB-3092: /nl/: This might be interesting... potential country code (Netherlands)
  680. + OSVDB-3092: /an/: This might be interesting... potential country code (Netherlands Antilles)
  681. + OSVDB-3092: /nc/: This might be interesting... potential country code (New Caledonia)
  682. + OSVDB-3092: /nz/: This might be interesting... potential country code (New Zealand)
  683. + OSVDB-3092: /ni/: This might be interesting... potential country code (Nicaragua)
  684. + OSVDB-3092: /ne/: This might be interesting... potential country code (Niger)
  685. + OSVDB-3092: /ng/: This might be interesting... potential country code (Nigeria)
  686. + OSVDB-3092: /nu/: This might be interesting... potential country code (Niue)
  687. + OSVDB-3092: /nf/: This might be interesting... potential country code (Norfolk Island)
  688. + OSVDB-3092: /mp/: This might be interesting... potential country code (Northern Mariana Islands)
  689. + OSVDB-3092: /no/: This might be interesting... potential country code (Norway)
  690. + OSVDB-3092: /om/: This might be interesting... potential country code (Oman)
  691. + OSVDB-3092: /pk/: This might be interesting... potential country code (Pakistan)
  692. + OSVDB-3092: /pw/: This might be interesting... potential country code (Palau)
  693. + OSVDB-3092: /ps/: This might be interesting... potential country code (Palestinian Territory)
  694. + OSVDB-3092: /pa/: This might be interesting... potential country code (Panama)
  695. + OSVDB-3092: /pg/: This might be interesting... potential country code (Papua New Guinea)
  696. + OSVDB-3092: /py/: This might be interesting... potential country code (Paraguay)
  697. + OSVDB-3092: /pe/: This might be interesting... potential country code (Peru)
  698. + OSVDB-3092: /ph/: This might be interesting... potential country code (Philippines)
  699. + OSVDB-3092: /pn/: This might be interesting... potential country code (Pitcairn)
  700. + OSVDB-3092: /pl/: This might be interesting... potential country code (Poland)
  701. + OSVDB-3092: /pt/: This might be interesting... potential country code (Portugal)
  702. + OSVDB-3092: /pr/: This might be interesting... potential country code (Puerto Rico)
  703. + OSVDB-3092: /qa/: This might be interesting... potential country code (Qatar)
  704. + OSVDB-3092: /re/: This might be interesting... potential country code (RÉunion)
  705. + OSVDB-3092: /ro/: This might be interesting... potential country code (Romania)
  706. + OSVDB-3092: /ru/: This might be interesting... potential country code (Russian Federation)
  707. + OSVDB-3092: /rw/: This might be interesting... potential country code (Rwanda)
  708. + OSVDB-3092: /bl/: This might be interesting... potential country code (Saint BarthÉlemy)
  709. + OSVDB-3092: /sh/: This might be interesting... potential country code (Saint Helena)
  710. + OSVDB-3092: /kn/: This might be interesting... potential country code (Saint Kitts And Nevis)
  711. + OSVDB-3092: /lc/: This might be interesting... potential country code (Saint Lucia)
  712. + OSVDB-3092: /mf/: This might be interesting... potential country code (Saint Martin)
  713. + OSVDB-3092: /pm/: This might be interesting... potential country code (Saint Pierre And Miquelon)
  714. + OSVDB-3092: /vc/: This might be interesting... potential country code (Saint Vincent And The Grenadines)
  715. + OSVDB-3092: /ws/: This might be interesting... potential country code (Samoa)
  716. + OSVDB-3092: /sm/: This might be interesting... potential country code (San Marino)
  717. + OSVDB-3092: /st/: This might be interesting... potential country code (Sao Tome And Principe)
  718. + OSVDB-3092: /sa/: This might be interesting... potential country code (Saudi Arabia)
  719. + OSVDB-3092: /sn/: This might be interesting... potential country code (Senegal)
  720. + OSVDB-3092: /rs/: This might be interesting... potential country code (Serbia)
  721. + OSVDB-3092: /sc/: This might be interesting... potential country code (Seychelles)
  722. + OSVDB-3092: /sl/: This might be interesting... potential country code (Sierra Leone)
  723. + OSVDB-3092: /sg/: This might be interesting... potential country code (Singapore)
  724. + OSVDB-3092: /sk/: This might be interesting... potential country code (Slovakia)
  725. + OSVDB-3092: /si/: This might be interesting... potential country code (Slovenia)
  726. + OSVDB-3092: /sb/: This might be interesting... potential country code (Solomon Islands)
  727. + OSVDB-3092: /so/: This might be interesting... potential country code (Somalia)
  728. + OSVDB-3092: /za/: This might be interesting... potential country code (South Africa)
  729. + OSVDB-3092: /gs/: This might be interesting... potential country code (South Georgia And The South Sandwich Islands)
  730. + OSVDB-3092: /es/: This might be interesting... potential country code (Spain)
  731. + OSVDB-3092: /lk/: This might be interesting... potential country code (Sri Lanka)
  732. + OSVDB-3092: /sd/: This might be interesting... potential country code (Sudan)
  733. + OSVDB-3092: /sr/: This might be interesting... potential country code (Suriname)
  734. + OSVDB-3092: /sj/: This might be interesting... potential country code (Svalbard And Jan Mayen)
  735. + OSVDB-3092: /sz/: This might be interesting... potential country code (Swaziland)
  736. + OSVDB-3092: /se/: This might be interesting... potential country code (Sweden)
  737. + OSVDB-3092: /ch/: This might be interesting... potential country code (Switzerland)
  738. + OSVDB-3092: /sy/: This might be interesting... potential country code (Syrian Arab Republic)
  739. + OSVDB-3092: /tw/: This might be interesting... potential country code (Taiwan)
  740. + OSVDB-3092: /tj/: This might be interesting... potential country code (Tajikistan)
  741. + OSVDB-3092: /tz/: This might be interesting... potential country code (United Republic Of Tanzania)
  742. + OSVDB-3092: /th/: This might be interesting... potential country code (Thailand)
  743. + OSVDB-3092: /tl/: This might be interesting... potential country code (Timor-leste)
  744. + OSVDB-3092: /tg/: This might be interesting... potential country code (Togo)
  745. + OSVDB-3092: /tk/: This might be interesting... potential country code (Tokelau)
  746. + OSVDB-3092: /to/: This might be interesting... potential country code (Tonga)
  747. + OSVDB-3092: /tt/: This might be interesting... potential country code (Trinidad And Tobago)
  748. + OSVDB-3092: /tn/: This might be interesting... potential country code (Tunisia)
  749. + OSVDB-3092: /tr/: This might be interesting... potential country code (Turkey)
  750. + OSVDB-3092: /tm/: This might be interesting... potential country code (Turkmenistan)
  751. + OSVDB-3092: /tc/: This might be interesting... potential country code (Turks And Caicos Islands)
  752. + OSVDB-3092: /tv/: This might be interesting... potential country code (Tuvalu)
  753. + OSVDB-3092: /ug/: This might be interesting... potential country code (Uganda)
  754. + OSVDB-3092: /ua/: This might be interesting... potential country code (Ukraine)
  755. + OSVDB-3092: /ae/: This might be interesting... potential country code (United Arab Emirates)
  756. + OSVDB-3092: /gb/: This might be interesting... potential country code (United Kingdom)
  757. + OSVDB-3092: /us/: This might be interesting... potential country code (United States)
  758. + OSVDB-3092: /um/: This might be interesting... potential country code (United States Minor Outlying Islands)
  759. + OSVDB-3092: /uy/: This might be interesting... potential country code (Uruguay)
  760. + OSVDB-3092: /uz/: This might be interesting... potential country code (Uzbekistan)
  761. + OSVDB-3092: /vu/: This might be interesting... potential country code (Vanuatu)
  762. + OSVDB-3092: /ve/: This might be interesting... potential country code (Venezuela)
  763. + OSVDB-3092: /vn/: This might be interesting... potential country code (Viet Nam)
  764. + OSVDB-3092: /vg/: This might be interesting... potential country code (British Virgin Islands)
  765. + OSVDB-3092: /vi/: This might be interesting... potential country code (U.S. Virgin Islands)
  766. + OSVDB-3092: /wf/: This might be interesting... potential country code (Wallis And Futuna)
  767. + OSVDB-3092: /eh/: This might be interesting... potential country code (Western Sahara)
  768. + OSVDB-3092: /ye/: This might be interesting... potential country code (Yemen)
  769. + OSVDB-3092: /zm/: This might be interesting... potential country code (Zambia)
  770. + OSVDB-3092: /zw/: This might be interesting... potential country code (Zimbabwe)
  771. + OSVDB-3092: /www/2: This might be interesting...
  772. + OSVDB-3093: /includes/db.inc: Include files (.inc) should not be served in plain text.
  773. + OSVDB-3093: /includes/sendmail.inc: Include files (.inc) should not be served in plain text.
  774. + OSVDB-3092: /license.txt: License file found may identify site software.
  775. + OSVDB-3092: /install.txt: Install file found may identify site software.
  776. + OSVDB-3092: /LICENSE.TXT: License file found may identify site software.
  777. + OSVDB-3092: /INSTALL.TXT: Install file found may identify site software.
  778. + /config/config.txt: Configuration file found.
  779. + /config/readme.txt: Readme file found.
  780. + /data/readme.txt: Readme file found.
  781. + /log/readme.txt: Readme file found.
  782. + /logs/readme.txt: Readme file found.
  783. + /uploads/readme.txt: Readme file found.
  784. + /admin1.php: Admin login page found.
  785. + /admin.asp: Admin login page/section found.
  786. + /admin/account.asp: Admin login page/section found.
  787. + /admin/account.html: Admin login page/section found.
  788. + /admin/account.php: Admin login page/section found.
  789. + /admin/controlpanel.asp: Admin login page/section found.
  790. + /admin/controlpanel.html: Admin login page/section found.
  791. + /admin/controlpanel.php: Admin login page/section found.
  792. + /admin/cp.asp: Admin login page/section found.
  793. + /admin/cp.html: Admin login page/section found.
  794. + /admin/cp.php: Admin login page/section found.
  795. + /admin/home.asp: Admin login page/section found.
  796. + /admin/home.php: Admin login page/section found.
  797. + /admin/index.asp: Admin login page/section found.
  798. + /admin/index.html: Admin login page/section found.
  799. + /admin/login.asp: Admin login page/section found.
  800. + /admin/login.html: Admin login page/section found.
  801. + /admin/login.php: Admin login page/section found.
  802. + /admin1.asp: Admin login page/section found.
  803. + /admin1.html: Admin login page/section found.
  804. + /admin1/: Admin login page/section found.
  805. + /admin2.asp: Admin login page/section found.
  806. + /admin2.html: Admin login page/section found.
  807. + /admin2.php: Admin login page/section found.
  808. + /admin4_account/: Admin login page/section found.
  809. + /admin4_colon/: Admin login page/section found.
  810. + /admincontrol.asp: Admin login page/section found.
  811. + /admincontrol.html: Admin login page/section found.
  812. + /admincontrol.php: Admin login page/section found.
  813. + /administer/: Admin login page/section found.
  814. + /administr8.asp: Admin login page/section found.
  815. + /administr8.html: Admin login page/section found.
  816. + /administr8.php: Admin login page/section found.
  817. + /administr8/: Admin login page/section found.
  818. + /administracao.php: Admin login page/section found.
  819. + /administraçao.php: Admin login page/section found.
  820. + /administracao/: Admin login page/section found.
  821. + /administraçao/: Admin login page/section found.
  822. + /administracion.php: Admin login page/section found.
  823. + /administracion/: Admin login page/section found.
  824. + /administrateur.php: Admin login page/section found.
  825. + /administrateur/: Admin login page/section found.
  826. + /administratie/: Admin login page/section found.
  827. + /administration.html: Admin login page/section found.
  828. + /administration.php: Admin login page/section found.
  829. + /administration/: Admin login page/section found.
  830. + /administrator.asp: Admin login page/section found.
  831. + /administrator.html: Admin login page/section found.
  832. + /administrator.php: Admin login page/section found.
  833. + /administrator/account.asp: Admin login page/section found.
  834. + /administrator/account.html: Admin login page/section found.
  835. + /administrator/account.php: Admin login page/section found.
  836. + /administrator/index.asp: Admin login page/section found.
  837. + /administrator/index.html: Admin login page/section found.
  838. + /administrator/index.php: Admin login page/section found.
  839. + /administrator/login.asp: Admin login page/section found.
  840. + /administrator/login.html: Admin login page/section found.
  841. + /administrator/login.php: Admin login page/section found.
  842. + /administratoraccounts/: Admin login page/section found.
  843. + /administrators/: Admin login page/section found.
  844. + /administrivia/: Admin login page/section found.
  845. + /adminisztrátora.php: Admin login page/section found.
  846. + /adminisztrátora/: Admin login page/section found.
  847. + /adminpanel.asp: Admin login page/section found.
  848. + /adminpanel.html: Admin login page/section found.
  849. + /adminpanel.php: Admin login page/section found.
  850. + /adminpro/: Admin login page/section found.
  851. + /admins.asp: Admin login page/section found.
  852. + /admins.html: Admin login page/section found.
  853. + /admins.php: Admin login page/section found.
  854. + /admins/: Admin login page/section found.
  855. + /AdminTools/: Admin login page/section found.
  856. + /amministratore.php: Admin login page/section found.
  857. + /amministratore/: Admin login page/section found.
  858. + /autologin/: Admin login page/section found.
  859. + /banneradmin/: Admin login page/section found.
  860. + /bbadmin/: Admin login page/section found.
  861. + /beheerder.php: Admin login page/section found.
  862. + /beheerder/: Admin login page/section found.
  863. + /bigadmin/: Admin login page/section found.
  864. + /blogindex/: Admin login page/section found.
  865. + /cadmins/: Admin login page/section found.
  866. + /ccms/: Admin login page/section found.
  867. + /ccms/index.php: Admin login page/section found.
  868. + /ccms/login.php: Admin login page/section found.
  869. + /ccp14admin/: Admin login page/section found.
  870. + /cmsadmin/: Admin login page/section found.
  871. + /configuration/: Admin login page/section found.
  872. + /configure/: Admin login page/section found.
  873. + /controlpanel.asp: Admin login page/section found.
  874. + /controlpanel.html: Admin login page/section found.
  875. + /controlpanel.php: Admin login page/section found.
  876. + /controlpanel/: Admin login page/section found.
  877. + /cp.asp: Admin login page/section found.
  878. + /cp.html: Admin login page/section found.
  879. + /cp.php: Admin login page/section found.
  880. + /cpanel_file/: Admin login page/section found.
  881. + /customer_login/: Admin login page/section found.
  882. + /database_administration/: Admin login page/section found.
  883. + /Database_Administration/: Admin login page/section found.
  884. + /dir-login/: Admin login page/section found.
  885. + /directadmin/: Admin login page/section found.
  886. + /ezsqliteadmin/: Admin login page/section found.
  887. + /fileadmin.asp: Admin login page/section found.
  888. + /fileadmin.html: Admin login page/section found.
  889. + /fileadmin.php: Admin login page/section found.
  890. + /formslogin/: Admin login page/section found.
  891. + /globes_admin/: Admin login page/section found.
  892. + /hpwebjetadmin/: Admin login page/section found.
  893. + /Indy_admin/: Admin login page/section found.
  894. + /irc-macadmin/: Admin login page/section found.
  895. + /LiveUser_Admin/: Admin login page/section found.
  896. + /login_db/: Admin login page/section found.
  897. + /login-redirect/: Admin login page/section found.
  898. + /login-us/: Admin login page/section found.
  899. + /login.asp: Admin login page/section found.
  900. + /login.html: Admin login page/section found.
  901. + /login.php: Admin login page/section found.
  902. + /login1/: Admin login page/section found.
  903. + /loginflat/: Admin login page/section found.
  904. + /logo_sysadmin/: Admin login page/section found.
  905. + /Lotus_Domino_Admin/: Admin login page/section found.
  906. + /macadmin/: Admin login page/section found.
  907. + /maintenance/: Admin login page/section found.
  908. + /manuallogin/: Admin login page/section found.
  909. + /memlogin/: Admin login page/section found.
  910. + /meta_login/: Admin login page/section found.
  911. + /modelsearch/login.asp: Admin login page/section found.
  912. + /modelsearch/login.php: Admin login page/section found.
  913. + /moderator.asp: Admin login page/section found.
  914. + /moderator.html: Admin login page/section found.
  915. + /moderator.php: Admin login page/section found.
  916. + /moderator/: Admin login page/section found.
  917. + /moderator/admin.asp: Admin login page/section found.
  918. + /moderator/admin.html: Admin login page/section found.
  919. + /moderator/admin.php: Admin login page/section found.
  920. + /moderator/login.asp: Admin login page/section found.
  921. + /moderator/login.html: Admin login page/section found.
  922. + /moderator/login.php: Admin login page/section found.
  923. + /myadmin/: Admin login page/section found.
  924. + /navSiteAdmin/: Admin login page/section found.
  925. + /newsadmin/: Admin login page/section found.
  926. + /openvpnadmin/: Admin login page/section found.
  927. + /painel/: Admin login page/section found.
  928. + /panel/: Admin login page/section found.
  929. + /pgadmin/: Admin login page/section found.
  930. + /phpldapadmin/: Admin login page/section found.
  931. + /phppgadmin/: Admin login page/section found.
  932. + /phpSQLiteAdmin/: Admin login page/section found.
  933. + /platz_login/: Admin login page/section found.
  934. + /power_user/: Admin login page/section found.
  935. + /project-admins/: Admin login page/section found.
  936. + /pureadmin/: Admin login page/section found.
  937. + /radmind-1/: Admin login page/section found.
  938. + /radmind/: Admin login page/section found.
  939. + /rcLogin/: Admin login page/section found.
  940. + /server_admin_small/: Admin login page/section found.
  941. + /Server.asp: Admin login page/section found.
  942. + /Server.html: Admin login page/section found.
  943. + /Server.php: Admin login page/section found.
  944. + /ServerAdministrator/: Admin login page/section found.
  945. + /showlogin/: Admin login page/section found.
  946. + /simpleLogin/: Admin login page/section found.
  947. + /smblogin/: Admin login page/section found.
  948. + /sql-admin/: Admin login page/section found.
  949. + /ss_vms_admin_sm/: Admin login page/section found.
  950. + /sshadmin/: Admin login page/section found.
  951. + /staradmin/: Admin login page/section found.
  952. + /sub-login/: Admin login page/section found.
  953. + /Super-Admin/: Admin login page/section found.
  954. + /support_login/: Admin login page/section found.
  955. + /sys-admin/: Admin login page/section found.
  956. + /sysadmin.asp: Admin login page/section found.
  957. + /sysadmin.html: Admin login page/section found.
  958. + /sysadmin.php: Admin login page/section found.
  959. + /sysadmin/: Admin login page/section found.
  960. + /SysAdmin/: Admin login page/section found.
  961. + /SysAdmin2/: Admin login page/section found.
  962. + /sysadmins/: Admin login page/section found.
  963. + /system_administration/: Admin login page/section found.
  964. + /system-administration/: Admin login page/section found.
  965. + /ur-admin.asp: Admin login page/section found.
  966. + /ur-admin.html: Admin login page/section found.
  967. + /ur-admin.php: Admin login page/section found.
  968. + /ur-admin/: Admin login page/section found.
  969. + /useradmin/: Admin login page/section found.
  970. + /UserLogin/: Admin login page/section found.
  971. + /utility_login/: Admin login page/section found.
  972. + /v2/painel/: Admin login page/section found.
  973. + /vadmind/: Admin login page/section found.
  974. + /vmailadmin/: Admin login page/section found.
  975. + /webadmin.asp: Admin login page/section found.
  976. + /webadmin.html: Admin login page/section found.
  977. + /webadmin.php: Admin login page/section found.
  978. + /webmaster/: Admin login page/section found.
  979. + /websvn/: Admin login page/section found.
  980. + /wizmysqladmin/: Admin login page/section found.
  981. + /wp-admin/: Admin login page/section found.
  982. + /wp-login/: Admin login page/section found.
  983. + /xlogin/: Admin login page/section found.
  984. + /yonetici.asp: Admin login page/section found.
  985. + /yonetici.html: Admin login page/section found.
  986. + /yonetici.php: Admin login page/section found.
  987. + /yonetim.asp: Admin login page/section found.
  988. + /yonetim.html: Admin login page/section found.
  989. + /yonetim.php: Admin login page/section found.
  990. + OSVDB-3092: /test.asp: This might be interesting...
  991. + OSVDB-3092: /test.aspx: This might be interesting...
  992. + OSVDB-3092: /test.php: This might be interesting...
  993. + /maintenance.asp: This might be interesting...
  994. + /maintenance.aspx: This might be interesting...
  995. + /maint/: This might be interesting...
  996. + /maint.asp: This might be interesting...
  997. + /maint.aspx: This might be interesting...
  998. + /jk-status: mod_jk status page is visible.
  999. + /balancer-manager: mod_proxy_balancer management page is visible.
  1000. + /servlets-examples/: Tomcat servlets examples are visible.
  1001. + /admin-console: JBoss admin console is visible.
  1002. + /help.php: A help file was found.
  1003. + /gif/hp_invent_logo.gif: This device may be an HP printer/scanner and allow retrieval of previously scanned images.
  1004. + /gif/tricolor_ink_guage.gif: This device may be an HP printer/scanner and allow retrieval of previously scanned images.
  1005. + OSVDB-3092: /messages/: This might be interesting...
  1006. + 6448 items checked: 9 error(s) and 2137 item(s) reported on remote host
  1007. + End Time:           2012-09-25 07:34:47 (4368 seconds)
  1008. ---------------------------------------------------------------------------
  1009. + 1 host(s) tested
  1010.  
  1011.  
  1012. Whois Information:
  1013.  
  1014. Registrant:
  1015.  Alegria Enterprises Limited
  1016.  Trust Company Complex,
  1017.  Ajeltake Road
  1018.  PO Box 1405
  1019.  Ajeltake Island,  96960
  1020.  MH
  1021.  
  1022.  Domain name: PETSEX.COM
  1023.  
  1024.  Administrative Contact:
  1025.     Administrator, Domain  
  1026.     Trust Company Complex,
  1027.     Ajeltake Road
  1028.     PO Box 1405
  1029.     Ajeltake Island,  96960
  1030.     MH
  1031.     +44 1624-617-050
  1032.  Technical Contact:
  1033.     Administrator, Domain  
  1034.     Trust Company Complex,
  1035.     Ajeltake Road
  1036.     PO Box 1405
  1037.     Ajeltake Island,  96960
  1038.     MH
  1039.     +44 1624-617-050
  1040.  
  1041.  Registration Service Provider:
  1042.     Netgroup A/S,
  1043.     +45 70252686
  1044.     +45 70252687 (fax)
  1045.     http://www.netgroup.dk
  1046.     This company may be contacted for domain login/passwords,
  1047.     DNS/Nameserver changes, and general domain support questions.
  1048.  
  1049.  Registrar of Record: TUCOWS, INC.
  1050.  Record last updated on 20-Sep-2012.
  1051.  Record expires on 14-Jan-2013.
  1052.  Record created on 15-Jan-1998.
  1053.  
  1054.  Registrar Domain Name Help Center:
  1055.     http://tucowsdomains.com
  1056.  
  1057.  Domain servers in listed order:
  1058.     NS1.OXYGEN.NET  
  1059.     NS2.OXYGEN.NET  
  1060.  
  1061.  Domain status: clientTransferProhibited
  1062.                 clientUpdateProhibited
  1063.  
  1064.  
  1065.  
  1066. Reverse IP:
  1067.  
  1068.  
  1069.  
  1070. he hostname petsex.com resolves to the following IP addresses:
  1071. IPv4 address:199.27.135.40
  1072. Reverse DNS:cf-199-27-135-40.cloudflare.com
  1073. RIR:ARIN
  1074. Country:United States
  1075. City:San Francisco, CA
  1076. RBL Status:Clear
  1077. IPv4 address:173.245.61.114
  1078. Reverse DNS:cf-173-245-61-114.cloudflare.com
  1079. RIR:ARIN
  1080. Country:United States
  1081. City:San Francisco, CA
  1082. RBL Status:Clear
  1083. Whois information on 199.27.135.40:
  1084. #
  1085. # Query terms are ambiguous. The query is assumed to be:
  1086. # "n 199.27.135.40"
  1087. #
  1088. # Use "?" to get help.
  1089. #
  1090. #
  1091. # The following results may also be obtained via:
  1092. # http://whois.arin.net/rest/nets;q=199.27.135.40?showDetails=true&showARIN=false&ext=netref2
  1093. #
  1094. NetRange:199.27.128.0 - 199.27.135.255
  1095. CIDR:199.27.128.0/21
  1096. OriginAS:AS13335
  1097. NetName:CLOUDFLARENET
  1098. NetHandle:NET-199-27-128-0-1
  1099. Parent:NET-199-0-0-0-0
  1100. NetType:Direct Assignment
  1101. RegDate:2010-08-19
  1102. Updated:2012-03-02
  1103. OrgName:CloudFlare, Inc.
  1104. OrgId:CLOUD14
  1105. Address:665 Third Street #207
  1106. City:San Francisco
  1107. StateProv:CA
  1108. PostalCode:94107
  1109. Country:US
  1110. RegDate:2010-07-09
  1111. Updated:2011-11-03
  1112. Comment:http://www.cloudflare.com/
  1113. OrgAbuseHandle:ABUSE2916-ARIN
  1114. OrgAbuseName:Abuse
  1115. OrgAbusePhone:+1-650-319-8930
  1116. OrgAbuseEmail:[email protected]
  1117. OrgNOCHandle:NOC11962-ARIN
  1118. OrgNOCName:NOC
  1119. OrgNOCPhone:+1-650-319-8930
  1120. OrgNOCEmail:[email protected]
  1121. OrgTechHandle:ADMIN2521-ARIN
  1122. OrgTechName:Admin
  1123. OrgTechPhone:+1-650-319-8930
  1124. OrgTechEmail:[email protected]
  1125. RAbuseHandle:ABUSE2916-ARIN
  1126. RAbuseName:Abuse
  1127. RAbusePhone:+1-650-319-8930
  1128. RAbuseEmail:[email protected]
  1129. RNOCHandle:NOC11962-ARIN
  1130. RNOCName:NOC
  1131. RNOCPhone:+1-650-319-8930
  1132. RNOCEmail:[email protected]
  1133. RTechHandle:ADMIN2521-ARIN
  1134. RTechName:Admin
  1135. RTechPhone:+1-650-319-8930
  1136. RTechEmail:[email protected]
  1137. #
  1138. # ARIN WHOIS data and services are subject to the Terms of Use
  1139. # available at: https://www.arin.net/whois_tou.html
  1140. #
create a new version of this paste RAW Paste Data