Web Servers Vulnerabilities
Name
Summary
/iisadmin is world readable
Checks for the presence of /iisadmin
/iisadmpwd/aexp2.htr
Determines whether /iisadmpwd/aexp2.htr is present
/scripts directory browsable
Is /scripts/ listable ?
/scripts/repost.asp
Determines whether /scripts/repost.asp is present
Apache /server-info accessible
Make a request like http://www.example.com/server-info
Apache /server-status accessible
Makes a request like http://www.example.com/server-status
Apache 2.0.39 Win32 directory traversal
Apache 2.0.39 Win32 directory traversal
Apache < 1.3.27
Checks for version of Apache
Apache < 1.3.28
Checks for version of Apache
Apache < 1.3.29
Checks for version of Apache
Apache < 2.0.43
Checks for version of Apache
Apache < 2.0.45
Checks for version of Apache
Apache < 2.0.46
Checks for version of Apache
Apache < 2.0.46 on OS/2
Checks for version of Apache
Apache < 2.0.47
Checks for version of Apache
Apache < 2.0.48
Checks for version of Apache
Apache < 2.0.51
Checks for version of Apache
Apache <= 1.3.33 htpasswd local overflow
Checks for Apache <= 1.3.33
Apache = 2.0.51
Checks for version of Apache
Apache Auth Module SQL Insertion Attack
Checks for vulnerable Apache Auth modules
Apache Connection Blocking Denial of Service
Checks for version of Apache
Apache Directory Listing
Checks to see if Apache will provide a directory listing
Apache Error Log Escape Sequence Injection
Checks for Apache Error Log Escape Sequence Injection Vulnerability
Apache mod_access rule bypass
Checks for Apache mod_access Rule Bypass Vulnerability
Apache mod_include Privilege Escalation
Checks for version of Apache
Apache mod_proxy content-length buffer overflow
Checks for version of Apache
Apache mod_ssl denial of service
Checks for version of Apache
Apache Remote Command Execution via .bat files
Tests for presence of Apache Command Execution via .bat vulnerability
Apache Remote Username Enumeration Vulnerability
Checks for the error codes returned by Apache when requesting a non-existant user name
Apache Tomcat Default Accounts
Apache Tomcat Default Accounts
Apache Tomcat servlet/JSP container default files
Checks for Apache Tomcat default files
Apache-SSL Client Certificate Forging Vulnerability
Checks for version of Apache-SSL
Apache::ASP source.asp
Checks for the presence of /site/eg/source.asp
Authentication bypassing in Lotus Domino
Checks if Lotus Domino databases can be accessed by by-passing the required authentication
BadBlue invalid null byte vulnerability
Read BadBlue protected configuration file
CERN HTTPD access control bypass
Determines if web access control can be circumvented
CERN httpd CGI name heap overflow
Ask for a too long CGI name containing a dot
CERN httpd problem
Attempts to find the location of the remote web root
Check for bdir.htr files
Check for existence of bdir.htr
Check for dangerous IIS default files
Check for existence of viewcode.asp
Check for IIS .cnf file leakage
Check for existence of world-readable .cnf files
Codebrws.asp Source Disclosure Vulnerability
Tests for presence of Codebrws.asp
Compaq Web Management Server
Determines of the remote web server is Compaq Web Management
Cross-Site Scripting in Cherokee Error Pages
Checks for the version of Cherokee
Directory listing through WebDAV
Checks the presence of WebDAV
Domino HTTP server exposes the set up of the filesystem
obtains absolute path to cgi-bin
Domino traversal
\..\..\file.txt
F5 BIP-IP Cookie Persistence
F5 BIP-IP(R) Cookie Persistence
fpcount.exe overflow
Is fpcount.exe installed ?
Frontpage Overflow (MS03-051)
IIS Frontpage MS03-051
GeoHttpServer Unauthorized Image Access Vulnerability
Checks for unauthorized image access vulnerability in GeoHttpServer
Hidden WWW server name
Tries to discover the web server name
htimage.exe overflow
Is htimage.exe vulnerable to a buffer overflow ?
HyperText Transfer Protocol Information
Determines the version of HTTP spoken by the remote host
IIS .HTR ISAPI filter applied
Tests for IIS .htr ISAPI filter
IIS .IDA ISAPI filter applied
Tests for IIS .ida ISAPI filter
IIS 5 .printer ISAPI filter applied
Tests for IIS5 .printer ISAPI filter
IIS 5.0 Sample App reveals physical path of web root
IIS 5.0 Sample App reveals physical path of web root
IIS : Directory listing through WebDAV
Checks the presence of the Index Server service
IIS dangerous sample files
Determines whether IIS samples files are installed
IIS perl.exe problem
Attempts to find the location of the remote web root
IIS Remote Command Execution
Determines if arbitrary commands can be executed
IIS Service Pack - 404
IIS Service Pack Check
IIS Unicode Remote Command Execution
Determines if arbitrary commands can be executed thanks to IIS
IMail account hijack
Checks for version of IMail web interface
iPlanet Directory Server traversal
/\../\../\file.txt
iPlanet Search Engine File Viewing
Attempts to read an arbitrary file using a feature in iPlanet
Ipswitch Imail WebCalendar Directory Traversal Vulnerability
Ipswitch Imail WebCalendar Directory Traversal Vulnerability
JServ Cross Site Scripting
Tests for JServ Cross Site Scripting
Lotus Domino administration databases
Checks if Lotus Domino administration databases can be anonymously accessed
Lotus Domino Banner Information Disclosure Vulnerability
Tests for Lotus Physical Path Disclosure Vulnerability
Lotus Domino Server Information Disclosure Vulnerabilities
Checks for information disclosure vulnerabilities in Lotus Domino Server
Lotus Notes ?OpenServer Information Disclosure
Lotus Notes ?OpenServer Information Disclosure
Malformed Hit-Highlighting Argument Vulnerability
Determines IIS IDA/IDQ Path Reveal vulnerability
Microsoft .NET Custom Errors Not Set
Checks for the error message of the .NET framework
Microsoft .NET Handlers Enumeration
Checks for the version of the .NET framework
Microsoft .NET Version Information Disclosure
Checks for the version of the .NET framework
Microsoft Frontpage 'authors' exploits
Checks for the presence of Microsoft Frontpage extensions
Microsoft Frontpage dvwssr.dll backdoor
Checks for the presence of /_vti_bin/_vti_aut/dvwssr.dll
Microsoft Frontpage exploits
Checks for the presence of Microsoft Frontpage extensions
Microsoft IIS Cookie information disclosure
Microsoft IIS Cookie information disclosure
Microsoft IIS UNC Mapped Virtual Host Vulnerability
Checks IIS for .ASP/.HTR backslash vulnerability.
Microsoft's Index server reveals ASP source code
Checks for a problem in webhits.dll
mod_frontpage installed
Checks for the presence of mod_frontpage
mod_gzip format string attack
mod_gzip detection
mod_gzip running
mod_gzip detection
mod_python handle abuse
Checks for version of Python
mod_python malformed query
Checks for version of Python
mod_ssl off by one
Checks for version of mod_ssl
mod_ssl overflow
Checks for version of mod_ssl
mod_survey ENV tags SQL injection
mod_survey SQL injection
Netscape Administration Server admin password
Reads admpw
Netscape FastTrack 'get'
'get / ' gives a directory listing
Netscape Server ?PageServices bug
Make a request like http://www.example.com/?PageServices
Netscape Server ?wp bug
Make a request like http://www.example.com/?wp-cs-dump
No 404 check
Checks if the remote webserver issues 404 errors
nsiislog.dll DoS
Determines the presence of nsiislog.dll
Passwordless frontpage installation
Determines if the remote web server is password protected
RDS / MDAC Vulnerability (msadcs.dll) located
Determines the presence of msadcs.dll
RDS / MDAC Vulnerability Content-Type overflow
Determines the presence of msadcs.dll
shtml.exe reveals full path
Retrieve the real path using shtml.exe
VisualRoute Web Server Detection
Extracts the banner of the remote visual route server
Web mirroring
Performs a quick web mirror
Web Server reverse proxy bug
Web Server reverse proxy bug
Web server traversal
\..\..\file.txt
WebDAV Directories Enumeration
Determines which directories are DAV enabled
Zope DocumentTemplate package problem
Checks for Zope
Zope DoS
Checks for Zope
Zope Image Updating Method
Checks for Zope
Zope Installation Path Disclosure
Checks for Zope installation directory
Zope Invalid Query Path Disclosure
Checks for Zope Examples directory
Zope Multiple Vulnerabilities
Checks Zope version
Zope ZClass Permission Mapping Bug
Checks Zope version