Misc. Vulnerabilities
Name
Summary
04WebServer Multiple Remote Vulnerabilities
Checks for version of 04WebServer
12Planet Chat Server ClearText Password
Checks for the data encapsulation of 12Planet Chat Server
12Planet Chat Server Path Disclosure
Checks for 12Planet Chat Server path disclosure
3Com Superstack 3 switch with default password
Logs into 3Com Superstack 3 switches with default passwords
4D WebStar Symbolic Link Vulnerability
Checks for 4D FTP Server
AirConnect Default Password
3Com AirConnect AP Default Password
Airport Administrative Port
Connects to port 5009 and says 'Hello'
Airport Administrative Traffic Detection (192/udp)
Sends a message to UDP port 192
Alcatel ADSL modem with firewalling off
Checks Alcatel ADSL modem protection
Allied Telesyn Router/Switch found with default password
Logs into Allied Telesyn routers and switches with default password
Allied Telesyn Router/Switch Web interface found with default password
Logs into Allied Telesyn routers and switches Web interface with default password
AppleShare IP Server status query
connects to port 548/tcp, issues DSIGetStatus
ArGoSoft Mail Server IMAP Server Directory Traversal Vulnerability
Checks for directory traversal vulnerability in ArGoSoft IMAP server
ArGoSoft Mail Server _DUMP Command Information Disclosure Vulnerability
Checks for _DUMP command information disclosure vulnerability in ArGoSoft POP3 server
AttachmateWRQ Reflection for Secure IT Server < 6.0 Build 24 Multiple Vulnerabilities
Checks for multiple vulnerabilities in AttachmateWRQ Reflection for Secure IT Server < 6.0 build 24
AttachmateWRQ Reflection for Secure IT Server SFTP Format String Vulnerability
Checks for format string vulnerability in AttachmateWRQ Reflection for Secure IT Server SFTP subsystem
Avaya P330 Stackable Switch found with default password
Logs into Avaya switches with default password
Aventail ASAP detection
Aventail ASAP Management Console management
Axis Camera Default Password
Detects whether an Axis Network Camera has its default pass set
Bay Networks Accelar 1200 Switch found with default password
Logs into Bay Networks switches with default password
BIND vulnerable to negative cache poison bug
Checks the remote BIND version
BIND vulnerable to ZXFR bug
Checks the remote BIND version
BlackBerry Enterprise Server Detection
Detects BlackBerry Enterprise Server
BNC IRC Server Authentication Bypass Vulnerability
Check BNC authentication bypass
Cabletron Web View Administrative Access
Cabletron Web View Administrative Access
Cayman DSL router one char login
Notifies that the remote cayman router allows one char logins
Check open ports
Check if ports are still open
Checkpoint Secure Platform detection
Checkpoint Secure Platform web console management
Cheops NG without password
Cheops NG agent is running without authentication
Cisco 675 passwordless router
Logs into the remote CISCO router
CiscoWorks Management Console Detection
Checks for CiscoWorks
Citrix published applications
Find Citrix published applications
Clearswift MIMEsweeper manager console detection
Checks for MIMEsweeper manager console
Default password router Pirelli AGE mB
Logs into the router Pirelli AGE mB
Default password router Zyxel
Logs into the router Zyxel
DefaultNav checker
DefaultNav checker
Detect slident and or fake identd
Detect identd servers that return random tokens
Directory Scanner
Directory Scanner
Dovecot Directory Traversal Vulnerability
Tries to list contents of mbox root parent directory in Dovecot
Embedded Web Server Detection
This scripts detects wether the remote host is an embedded web server
EMC Legato Networker Multiple Vulnerabilities
Determines if Legato Networker is vulnerable
Enterasys Dragon Enterprise Reporting detection
Checks for Enterasys Dragon Enterprise Reporting console
eSeSIX Thintune Thin Client Multiple Vulnerabilities
Detect the presence of eSeSIX backdoor
eStara SoftPhone Detection
Detects eStara SoftPhone
eStara SoftPhone SDP Data Attribute Buffer Overflow Vulnerability
Checks version number of eStara SoftPhone
Etherleak
etherleak check
Find if IIS server allows BASIC and/or NTLM authentication
Find IIS authentication scheme
Firewall ECE-bit bypass
Firewall ECE-bit bypass
FlexCast Detection
Checks for FlexCast
Fortinet Fortigate console management detection
Checks for Fortinet Fortigate management console
FortressSSH SSH_MSG_KEXINIT Remote Buffer Overflow Vulnerability
Does a banner check for FortressSSH
Hobbit Monitor config Command Directory Traversal Vulnerability
Tries to read a local file using hobbitd
hp jetdirect vulnerabilities
Uses SNMP to determine if a flaw is present
HP LaserJet direct print
Checks if lpd is useless
HP LaserJet display hack
Changes the printer's display
HylaFAX hfaxd Password Check Vulnerability
Checks for password check vulnerability in HylaFAX hfaxd
HylaFAX Remote Access Control Bypass Vulnerability
Determines if HylaFAX is vulnerable to access control bypass.
IBM AS400 and iSeries POP3 Server Remote Information Disclosure Vulnerability
Checks for remote information disclosure vulnerability in IBM AS400 and iSeries POP3 server
ICECast AVLlib remote buffer overflow
Check icecast version
ICECast crafted URL DoS
Check icecast version
ICECast directory traversal flaw
Check icecast version
ICECast HTTP basic authorization DoS
Check icecast version
ICECast libshout remote buffer overflow
Check icecast version
ICECast remote buffer overflow
Check icecast version
ICECast XSS
check icecast version
icmp leak
icmpleak check
Identd scan
Get UIDs with identd
IgnitionServer Irc operator privilege escalation vulnerability
checks the version of the remote ircd
IMAP Unencrypted Cleartext Logins
Checks if IMAP daemon allows unencrypted cleartext logins
INN buffer overflow
Checks INN version
Intellipeer POP3 server user account enumeration
Checks for a flaw in Intellipeer pop3
Intrusion.com SecureNet provider detection
Checks for Intrusion.com SecureNet provider console
Intrusion.com SecureNet sensor detection
Checks for Intrusion.com SecureNet sensor console
IP protocols scan
Scans IP protocols
IPSwitch IMail SMTP Buffer Overflow
IPSwitch IMail SMTP Buffer Overflow
irix performance copilot
Checks the presence of IRIX copilot
ISS deployment manager detection
Checks for ISS deployment manager web interface
JigSaw < 2.2.4
Checks for version of JigSaw
Kerberos PingPong attack
Checks for the presence of a bad krb server
Lighttpd Remote CGI Script Disclosure Vulnerability
Checks for version of Sami HTTP server
Lime Wire Multiple Remote Unauthorized Access
Checks for remote unauthorized access flaw in Lime Wire
Linksys Router default password
Tests for the linksys default account
Linksys Wireless Internet Camera File Disclosure
Tests for the Linksys CGI Disclosure
List of printers is available through CUPS
Obtains the list of printers on the remote host
Macallan IMAP Server Directory Traversal Vulnerabilities
Checks for a directory traversal vulnerability in Macallan
Mailman Password Retrieval
Checks for Mailman Password Retrieval Vulnerability
MAILsweeper Archive File Filtering Bypass
Checks the remote banner
MDaemon Content Filter Directory Traversal Vulnerability
Checks for content filter directory traversal vulnerability in MDaemon
Motorola Vanguard with No Password
Attempts to log into Vanguards.
NAI Management Agent leaks info
Determines if the remote NAI WebShield SMTP Management trusts us
Netgear ProSafe Router password disclosure
Enumerates user and password via soap
Netopia SNMP password disclosure flaw
Checks to see if the router will disclose the admin password
Netscape /.perf accessible
Makes a request like http://www.example.com/.perf
Netscape Messenging Server User List
Checks the error messages issued by the pop3 server
NetworkActive Web Server Overflow
Checks for version of NetworkActive Web Server
Nortel Baystack switch password test
Logs into the remote Nortel terminal server
Nortel Default Accounts
Logs into the remote switch with a default login/password pair
Nortel Networks passwordless router (user level)
Logs into the remote Nortel Networks (Bay Networks) router
Nortel Networks passwordless router (manager level)
Logs into the remote Nortel Networks (Bay Networks) router
Nortel Web Management Default Username and Password (ro/ro)
Checks for the presence of default username and password
Nortel/Bay Networks default password
Logs into the remote Nortel switch/router
Nortel/Bay Networks/Xylogics Annex default password
Logs into the remote Nortel terminal server
notes.ini checker
notes.ini checker
Open X11 Server
X11 determines if X11 is open
OpenSSH < 4.4 Multiple GSSAPI Vulnerabilities
Checks version number of OpenSSH
OpenSSH GSSAPI Credential Disclosure Vulnerability
Checks for GSSAPI credential disclosure vulnerability in OpenSSH
OpenSSH Reverse DNS Lookup bypass
Checks for the remote SSH version
OpenSSL password interception
Checks for version of OpenSSL
OpenVPN Unprotected Management Interface Vulnerability
Looks for banner of OpenVPN Management Interface
Passwordless Alcatel ADSL Modem
Logs into the remote Alcatel ADSL modem
Passwordless Cayman DSL router
Notifies that the remote cayman router has no password
Passwordless HP LaserJet
Notifies that the remote printer has no password
Passwordless Lexmark Printer
Notifies that the remote printer has no password
Pocsag password
log in using password 'password'
Polipo Local Web Root Restriction Bypass Vulnerability
Checks for local web root restriction bypass vulnerability in Polipo
POP Password Changer Unauthorized Password Change Vulnerability
Determines if POP Password Changer is vulnerable to access control bypass.
POP2 Unencrypted Cleartext Logins
Checks for unencrypted POP2 login capability
POP3 Unencrypted Cleartext Logins
Checks if POP3 daemon allows unencrypted cleartext logins
Portable OpenSSH PAM timing attack
Checks the timing of the remote SSH server
Proxy Web Server Cross Site Scripting
Determine if the remote proxy is vulnerable to Cross Site Scripting vulnerability
Qpopper Insecure File Handling Vulnerabilities
Checks for insecure file handling vulnerabilities in Qpopper
qpopper options buffer overflow
qpopper options buffer overflow
QPopper Username Information Disclosure
QPopper Username Information Disclosure
QuiXplorer Directory Traversal
Tests for the QuiXplorer Directory traversal
ReadDesign checker
ReadDesign checker
RealServer Memory Content Disclosure
dumps the memory of a real g2 server
RealVNC Authentication Bypass Vulnerability
Tries to bypass authentication using RealVNC
Record route
Ping target with Record Route option
RedHat 6.2 inetd
Stalls the remote inetd
Resin /caucho-status accessible
Makes a request like http://www.example.com/caucho-status
Retrospect Client Denial of Service Vulnerability
Checks version of Retrospect client
RIP poisoning
Poison routing tables through RIP
Samba < 3.0.24 Multiple Flaws
Checks the version of Samba
Samba Machine Trust Account Local Information Disclosure Vulnerability
Checks the version of Samba
Sambar Transmits Passwords in PlainText
Makes sure that Sambar runs on top of SSL
Sami HTTP Server v1.0.4
Checks for version of Sami HTTP server
Several GET locks web server
Several GET requests in a row temporarily shut down the web server
ShareMailPro Username Identification
Checks for the pop login error
SheerDNS directory traversal
Determines if the remote DNS server handles malformed names
Shiva Integrator Default Password
Logs into the remote Shiva router
Shiva LanRover Blank Password
Checks for a blank password for the root account.
SIP Express Router Missing To in ACK DoS
SER Missing To in ACK DoS
SIP Express Router Register Buffer Overflow
SER Register Buffer Overflow
SMC2804WBR Default Password
Logs in with default password on SMC2804WBR
SOCKS server detection
Detect & inspect SOCKS4/5 servers
Squid Multiple Flaws
Determines squid version
Squid null character unauthorized access
Determines squid version
Squid Proxy Failed DNS Lookup Random Error Messages
Checks for the usage of a freed pointer
Squid Proxy Set-Cookie Headers Information Disclosure Vulnerability
Checks for Set-Cookie headers information disclosure vulnerability in Squid
SSH Tectia Server Host Authentication Authorization Bypass Vulnerability
Checks for the remote SSH version
SSH Tectia Server SFTP Format String Vulnerability
Checks for format string vulnerability in SSH Tectia Server SFTP subsystem
Sun Java System Web Proxy Server Unspecified Remote Denial Of Service Vulnerability
Checks for unspecified remote denial of service vulnerability in Sun Java System Web Proxy Server
SunOne Web Proxy Unspecified Remote Buffer Overflows
Checks for version of SunOne Web Proxy
sxdesign SIPd Status Server Detection
SIP Status Server Detection
TCP Chorusing
Counts the number of ACKs to a SYN
Tektronix /ncl_items.html
Checks for the presence of /ncl_*.html
TinyWeb 1.9
Checks for version of TinyWeb
Tomcat /status information disclosure
Makes a request like http://www.example.com/server-status
Traceroute
traceroute
Trend Micro IMSS console management detection
Checks for Trend Micro IMSS web console management
Trend Micro IWSS console management detection
Checks for Trend Micro IWSS web console management
Trend Micro TMCM console management detection
Checks for Trend Micro TMCM console management
Unknown services banners
Displays the unknown services banners
Unreal IRCd IP cloaking weakness
checks the version of the remote ircd
URLScan Detection
Detects the presence of URLScan
UW-IMAP CRAM-MD5 Remote Authentication Bypass Vulnerability
Checks the version of UW-IMAP
VMWare Host
Determines if the remote host is VMWare
VNC security types
Identifies the RFB protocol version (VNC) & security types
WebLogic Certificates Spoofing
Checks the version of WebLogic
WebLogic Server hostname disclosure
Make a request like GET . \r\n\r\n
Websense reporting console detection
Checks for Websense reporting console
Webserver 4D Cleartext Passwords
Checks for Webserver 4D
WebShield Appliance detection
Checks for WebShield Appliance console management
WebWasher Classic HTTP CONNECT Unauthorized Access Weakness
Checks for the presence of WebWasher Proxy
WinGate IMAP Server Directory Traversal Vulnerabilities
Tries to create a directory in WinGate's main directory
Xerox DocuCentre / WorkCentre Postscript Directory Traversal Vulnerability
Checks model number / software version of Xerox DocuCentre and WorkCentre devices
Xerox MicroServer Unauthorized Access Vulnerability
Checks for authentication bypass vulnerability in Xerox MicroServer
Xerox MicroServer Web Server Multiple Vulnerabilities
Checks for multiple vulnerabilities in Xerox MicroServer web server
Xerox MicroServer Web Server Remote Denial of Service Vulnerability
Checks for web server remote denial of service vulnerability in Xerox MicroServer
Xerox WorkCentre Multi-Page Document Information Disclosure Vulnerability
Checks for multi-page document information disclosure vulnerability in Xerox WorkCentre devices
Xerox WorkCentre Pro Multiple Remote Vulnerabilities
Checks for multiple remote vulnerabilities in Xerox WorkCentre Pro
Xerox XRX06-001
Checks for multiple ESS / network controller and microServer vulnerabilities in Xerox WorkCentre devices
Xerox XRX06-002
Checks for multiple vulnerabilities in Xerox WorkCentre devices
Xerox XRX06-005
Checks Net Controller Software version of Xerox WorkCentre devices
Xerox XRX06-006
Checks Net Controller Software version of Xerox WorkCentre devices
XTramail control denial
Overflows the remote server
ZyXEL Prestige Router Configuration Reset
Determines if /rpFWUpload.html is world-readable